LYNC SERVER 2010 for the busy admins…
As you all know LYNC Server 2010 has changed quite a lot from OCS 2007.
Here are some of the Questions answered about LYNC 2010.
►Does Lync 2010 conform to standards like SIP, RTP?
Lync architecture is based on Open Standards for Signaling, Media, Remote Access,
Federation etc. Lync also offers interoperability through certified partner solutions
►What interop capabilities does Lync Server 2010 have?
Lync offers rich interop choices for IM, Presence Voice & Video through use of Open Standards,
Qualification Programs like OIP & Industry Forums like UCIF
►Does Lync 2010 support 911/E911?
Lync 2010 natively supports E911 via a new Server role called “Location Information Server”.
LIS automatically gets installed on each Frontend server and does not require any additional
HW. Customers just need to subscribe to a service from an E911 Provider. Currently, Intrado
(911Enable) is only certified E911 Service Provider for Lync 2010.
►Can Lync Server 2010 be virtualized?
Yes, in fact, Lync 2010 Server infra may be deployed in 100% virtual environment even for
voice/video modalities On client side Lync supports IM/Presence and data collaboration in
virtualize desktop and voice may be tethered through USB
►What system management and monitoring capabilities does Lync Server 2010 have?
Lync offers robust system management and monitoring in line with ISO TMN framework of FCAPS
►Can Lync be deployed in HA/redundant configuration?
Lync Server 2010 Enterprise Edition (EE) is a highly available & resilient architecture that
provides protection around SPOF through characteristics like N+1 design, Datacenter & Metro
Resiliency deployment models and Branch Survivability capability.
►What branch survivability features does Lync Server 2010 have?
Lync offers not only telephony survivability but also preserves all point-to-point UC features
like IM, VoIP, and video
►Can Lync be deployed in business continuity or disaster recovery configurations?
Absolutely, Lync Server 2010 EE architecture has built-in redundancy at pool/site level
but it can be deployed in geo-redundant manner for disaster recovery scenarios and in metro
resiliency model for BC scenarios
►What voice specific resiliency features does Lync offer?
Lync Server 2010 offers call preservation through session resiliency. Given its N+1 design
there is no impact to scalability/capacity or features/functionality if a server failure
occurs. In case of branch isolation all telephony features are survived along with P2P UC
capabilities
►Can Lync Server 2010 replace our aging/EoL PBX(s)?
Lync 2010 is enterprise ready voice platform, which has been verified by independent testing
by Miercom labs – 4M calls for 13+ days with 100% success rate. Moreover, many large
businesses have replaced their PBX infrastructure with Lync such as Sprint, LionBridge,
Colombian Nation Police, etc.
►We just invested in new IP PBX, so how can Lync enhance productivity?
Sure, for example looking to offer flexibility of anywhere/boundary-less communications and
collaboration capabilities to your employees without impacting your VPN infrastructure or
want to federate with your business partners to cut on human latency and improve employee
efficiency. Good customer examples here are of AT Kearney and Shell.
►We have dial-tone today, so what value can Lync Server 2010 add?
Lync Server 2010 has built-in audio, video, and web conferencing; and application/ desktop
collaboration capabilities, which can allow you to eliminate costs related to point
conferencing/collaboration solutions. Intel took advantage of this approach.
►Do Lync clients and servers support DiffServ QoS markings?
Yes, out of the box voice is given high priority over all other media types. Microsoft recommends
to mark voice as EF, SIP as CS3, video as AF41, and data-sharing traffic as AF31
►Does Lync have Call Admission Control (CAC)?
Lync Server 2010 has location-aware intelligent CAC solution, which can route voice and video
through separate paths under same SIP session. Lync honors CAC policy even if origination side
is a non-Lync endpoint.
►How does Lync provide security for remote workers if no VPN is required?
Lync Server 2010 uses certificates to encrypt SIP and media traffic end-to-end and it also uses
protocols like ICE, STUN, and TURN to securely traverse Firewalls.
►How does Lync secure server-to-server and client-to-server communications?
All server-to-server and client-to-server communications are encrypted to protected integrity,
confidentiality, and privacy of conversation, which is vital in voice communications systems.
►What voicemail solution(s) does Lync work with?
Lync Server 2010 has tight integration with Exchange UM to provide rich user-experience:
Outlook Voice Access (Speech Enabled Menu) or DTMF Menu
Speech Enabled Voicemail User Interface
Speech Enabled Email
Speech Enabled Calendar
Speech Enabled Access for Corp Directory
Speech Enabled Access for Personal Contacts
►What ad-hoc and schedules audio conferencing capabilities Lync has?
Lync 2010 Server has native conferencing capabilities for audio, video, and web. Each Lync 2010
FE server has capability to host 250 simultaneous conferencing participants. Lync 2010 uses
Exchange calendaring for conference scheduling
►Does Lync 2010 IP phones support DHCP, DNS, and dynamic VLAN assignment?
Yes, Lync 2010 Phone Edition support DHCP, DNS, and VLANs. VLAN assignment could be through
LLDP-MED or through DHCP option
►What advance telephony features and functions are supported other than basic ones?
Lync IP phones have rich presence, photo-enabled contact cards, corp directory search, calendar
access, single click-to-join conferences, multi-language support, USB thethering, etc
►Can Lync 2010 client be deployed in virtual/Citrix environment?
Yes, Lync 2010 can be deployed in virtual desktop environment for UC workloads like IM/chat,
Presence, and data-sharing. For telephony Microsoft recommends to use USB tethering capability
of Lync 2010.
►Does Lync have mobile clients for smartphones?
At 2011 Orlando EnterpriseConnect, Microsoft announced Lync clients for all major mobile
platforms like Android, iPhone, Nokia, Blackberry, and Windows Phone 7.
►What features will be supported?
First wave of smartphone clients shall support following features by end of 2011: IM/Presence,
directory lookup, single number reach, call-via-work, click-2-conf.
Why DAG is better than CCR and other exchange 2007 high availability features ??
Since Exchange 2010 was released during the winter of 2009, its high availability feature ie; DAG is the most talked feature.
The DAG differs from Exchange Server 2007 SP1 in the following ways:
►With CCR, there can be only two highly available copies of the database within
the cluster; within the DAG there can be up to 16 copies of each database.
►With SCR, the activation process required administrative intervention; within a DAG,
failover between individual database copies can happen automatically.
►With SCC, a single shared copy of the database consumes less storage but provides
no redundancy. Exchange Server 2010 has no configuration that replaces this
functionality, although some third-party solutions may be able to provide similar
functionality by using the Third Party Replication API.
►With LCR, a single-server configuration allows two copies of a database to reside
on different storage connected to the same server. No configuration in Exchange
Server 2010 replaces this functionality.
A DAG also has the following characteristics:
►Requires the Windows failover clustering feature and uses an Enterprise version of
Windows server (Windows Server 2008 or Windows Server 2008 R2), although the
installation and configuration tasks occur with the Exchange Server management tools.
Exchange Server does not use Windows failover clustering to handle database failover.
Instead, it uses Active Manager to manage the failover process.
Members must have the same operating system.
►You can add up to 16 servers to a single DAG and create up to 16 copies of a database.
Up to 100 databases can be mounted as either a passive or active copy of the database
on each server in the DAG.
►A DAG can be created after you install the Mailbox server. If a Mailbox server is hosting
active mailbox databases, it can be added to a DAG later, it if meets the requirements.
n Allows you to move a single database between servers in the DAG without affecting
other databases. Failover occurs per mailbox database, not for an entire server.
n Allows up to 16 copies of a single database on separate servers. A server can only host
one copy of each database.
►Requires the database and transaction log copies for each database to be stored
in the same path on all servers. For example, if you store Mailbox Database 1 in D:\DB\
Mailbox Database 1\ on Dallas-MB01A, you must also store it in D:\DB\Mailbox
Database 1\ on all other servers that host copies of Mailbox Database 1.
►Defines the boundary for replication, failovers, and switchovers—only servers in the
DAG can host database copies. You cannot replicate database copies to Mailbox
servers that are not in the same DAG.
►Does not require that all databases have the same number of copies. In a 16-node
DAG, one database can have 16 copies, whereas other databases are neither redundant
nor have varying number of copies.
The above points make DAG one of the mine personal favourite features on Exchange 2010..
Hope this info helps….
Lagged Copies and Planning for it.
If you use multiple database copies and Single Item Recovery, only the extremely rare
catastrophic store logical corruption case remains unaddressed. In the following scenarios
lagged database copies can be used to recover data:
►Recovering a deleted item from within 14 days outside the retention period
►Recovering to a point in time because of virus outbreak
►You should deploy lagged copies to mitigate a specific risk and lagged copies are usually not
needed if you are also deploying a third-party backup solution.
When planning for lagged database copies, you should carefully consider the implications
this brings to your storage planning. Every lagged database needs sufficient disk space for
holding the database as well as the log files for the configured time.
For example, at an large Org 14 days of logs for one database result in about 60,000
log files or 60 GB of data. The log storage design for the lagged database copy needs to
accommodate this. In addition to the space requirements, consider the following criteria
when deciding the replay lag time:
►How long does it take you to identify a logical database corruption? This should
include non-working days such as weekends. So if you configure a replay lag time
of two days, you might not be able to identify the problem when it happens on
a weekend and you’re back on Monday.
►Consider the maximum time where a replay lag time makes sense. Fourteen days is the
maximum time possible, but do you really need the full 14 days? In most cases, 7 days
should be sufficient to identify a corruption and be able to recover using the lagged
database copy.
►Don’t underestimate the space requirements needed the longer the replay lag time is
defined. In the previous Microsoft example you needed to reserve 60 GB for 14 days;
thus 7 days would save you 30 GB per database of storage that you need to have
available.
►The duration of replaying the log files is also worth considering. You should plan a test
to replay all log files; this might take a considerable amount of time. Replaying 14 days
of logs might require several hours before the database is up to date.
Besides the replay lag time considerations and the storage design, you should plan the
following considerations carefully:
►How many lagged database copies do you need? Normally one lagged copy should
be sufficient, but maybe you want more copies because of your disaster-recovery
requirements.
If lagged database copies are a critical piece of your disaster-recovery
strategy, you will probably want to put them on a RAID system or have multiple
copies of them.
►Where should you store the lagged database copies—at a server at the same site or
offsite? This decision has a direct impact on the time you need to recover the lagged
database copy because you need to consider available bandwidth when storing them
offsite.
►On what Exchange server should you place the lagged database copies? You have the
option to place them on the same server where your active database copies are stored,
or you can use a single server just for all lagged database copies, such as a dedicated
public folder server.
►Lagged database copies always should be activation-disabled and have the highest
activation preference number available. This is required to prevent automatic
activation by mistake or resulting from a system failure.
Deploying Lagged Database Copies
You configure a lagged database copy using the EMS by following these steps:
1. Create a database copy to the target server where you want to store the lagged
database copy.
2. Configure the ReplayLagTime of the database. The following cmdlet configures
a lag time of 7 days to the database DAG01-mumbai-01 located on Mumbai-MB01:
Set-MailboxDatabaseCopy –id DAG01-Mumbai-01\Mumbai-MB01 –ReplayLagTime 7.0:0:0.
3. Block auto activation of this database to make sure it is not activated by mistake. You
use the following cmdlet to perform this task: Suspend-MailboxDatabaseCopy
<database\server> -ActivationOnly -Confirm:$false.
4. If you use a dedicated Exchange server that hosts all lagged database copies, you can
block automatic activation of databases also on the server level by using the following
cmdlet: Set-MailboxServer <mailbox server> –DatabaseCopyAutoActivationPolicy
Blocked.
When the lagged database copy is configured, you will see that the replay queue length of
the lagged database will increase.
To verify that all logged database copies are not automatically activated, use the
Get-MailboxDatabaseCopyStatus –Server <name> | ft Name, Act* cmdlet and make sure
that the ActivationSuspended property is set to true.
How to use lagged Dbs to recover Data:
Using a lagged database copy to get to a specific point in time is rather difficult because you
have to know the exact time frame in which something occurred. In addition, no tools are
available to tell you which log file contains exactly what database change. Thus you have to
estimate which log files need to be replayed so that you get the database to the point in time
that you require. You must simply guess when you grab the database and logs files and then
replay the logs manually before you can recover data from a recovery database.
Recovering a lagged database to a specific point in time is a manual process, so follow
these steps to receive the data you’re looking for:
1. Suspend replication to the lagged database copy by using the Suspend-
MailboxDatabaseCopy <database>\<server> cmdlet.
You should now decide whether you want to back up or copy the database and
log files to a different location so that you have them available if you don’t get to the
right point in time. You alternatively can create a VSS snapshot using the VSSAdmin
CREATE SHADOW /For=<Volume that includes database> command.
2. Use Explorer to delete or move all log files that are newer from the log file’s time
stamp than the time you decided to go back. For example, if you have 14 days of log
files available, and you want to replay the log files to get back 10 days, you only need
to commit those log files to the 14-days-old database, that are 10 days and older. In
order to achieve this, you need to delete or move all log files that have a time stamp
newer than 10 days, like day 9 or newer.
3. Delete the .chk file for the database and note its filename. It should normally be
something like E00.chk.
4. Run the Eseutil.exe /r E00 /a command but replace E00 with the filename of the .chk
file. Depending on the number of log files that need to replayed, this might take several
hours. A rule of thumb is that on normal 7.2K JBOD 3.5-inch disks, you can assume that
you’ll replay approximately 7.2 GB of transactional log files per hour. The exact value, of
course, depends on your local factors such as storage performance or CPU.
If you want to measure how long replaying the log files to the database takes,
you can use the tool JetStress 2010, which includes a Recovery Performance measure
option for this exact situation.
5. When Eseutil is finished, the database is in clean shutdown state. You can now decide
how to continue:
a. You can create a recovery database using this database, mount it, and recover thedata
b. You can replace the corrupt database files with the lagged database files and
mount the database.
As you can see, several steps are involved here and the process is time-consuming because
of the large number of logs that must be replayed. The process is not difficult, but is not
something you want to be doing on a daily/weekly basis because of the operational time
required. Lagged copies were not designed for the deleted item recovery case—they were
designed for the once-in-a-great-while scenario where multiple database copies within a DAG
combined with retention hold is not enough protection in a backup-less environment.
Continuous Replication-Block Mode.
Continuous replication is a feature added in Exchange 2010 SP1.
►In really simple words, In block mode the transaction is shipped as it is written
into memory unlike the file mode when a entire log is shipped after
been written and closed. Isn’t this a greate feature to add, i was just wondering
why did it take so much time for the exchange product team to add thsi feature.
►Continuous replication–block mode reduces the exposure of data loss on failover by
replicating all logs writes to the passive database copies in parallel to writing
them locally. In other words, block mode replicates the transactions to the database
copies as they are being written to the active local transaction log files.
Now what are the settings to be configured to make this work:
►Nothing 
Enabling and disabling block mode is done automatically by the log copy process
by database. Block mode will automatically become active when continuous replication file mode
is up-to-date with the database copies.
►The replication transport is the same when granular replication is enabled or disabled. The benefit
of block mode is that it can dramatically reduce the latency between the active copy and the passive
copy while also reducing the possibility of data loss during a failover and the time it takes to
perform a switchover.
Initial Seeding on an Clustered Exchange Database….
Before transaction log shipping process can start, the database copy must first be
seeded. Seeding is the process of creating a consistent database copy on a DAG member to
act as a baseline that will be updated through continuous replication of the transaction log
files.
This can be accomplished using the following methods:
1.Automatic seeding Automatic seeding occurs during the creation of a new
database.
2.Manually copying the offline database This method involves dismounting the
database and copying the database file to the target server. If you do this, service will
be interrupted while the database is dismounted.
3.Using the Update-MailboxDatabaseCopy cmdlet You can use the Update-MailboxDatabaseCopy
cmdlet in the EMS to seed a database copy.
4.Using the Update Database Copy Wizard can use the Update Database Copy Wizard within the EMC to seed a database copy.
Microsoft solutions Framework and its Phases
Just wanted to walk you guys through the different phases a Project goes through when delivered under MSF.
It’s basically divided into 5 phases:
1. Envisioning
2.Planning
3.Building
4.Stabalizing
5.Deploying
Envisioning
This is the phase in which a project team is assembled. It defines the vision and scope of a
solution that will meet the customer’s goals.The team then organizes the project and delivers
an approved vision/scope document. The Product Management and Program Management roles
take the lead during this phase.
Planning
The conceptual, logical, and physical design processes and functional specification are developed. Program
Management creates project plans addressing development, communication, and other tasks, and each role
provides input to create the master project schedule. Program Management takes the lead during this phase.
Building:
The team builds and tests the solution. The Development role takes the lead during this phase.
Stabilizing:
The team pilots the solution in preparation for production release.
The Development role takes the lead during this phase.
Deploying:
The team deploys the solution to all sites and ensures that it is stable and usable.
Responsibility then shifts to operations and support teams.
The Release Management role takes the lead during this phase.
A Brief Overview of SCVMM and its Components
1 SCVMM Server
• The SCVMM server is the hub of a SCVMM deployment, through which all the other SCVMM components interact and communicate.
• The SCVMM server runs the SCVMM service, which runs commands, transfers files, and controls communications with other SCVMM components and with all machine hosts and SCVMM library servers. These are collectively referred to as managed computers. The SCVMM service is run through the SCVMM agents that are installed on the managed computers.
• The SCVMM server also connects to a Microsoft SQL Server® 2005 database that stores all the SCVMM configuration information.
By default, the SCVMM server is also a library server, which can be used to store file-based resources such as virtual hard disks, virtual floppy disks, templates, PowerShell™ scripts, unattended answer files and ISO images.
1.2 SCVMM Administration Console
The SCVMM Administrator Console is used to:
• Create, deploy, and manage virtual machines and templates
• Monitor and manage hosts (Windows Server 2008/2008 R2 Hyper-V, Virtual Server 2005 and VMware Virtual Center managed ESX servers) and library servers
• Manage library objects and jobs
• Manage global configuration settings
The SCVMM console is installed after the SCVMM server. It can be installed on the same computer as the SCVMM server or on a different computer.
1.3 SCVMM Self-Service Portal
• The SCVMM Self-Service Portal is an optional Web-based component that can be installed and configured to enable end users to create and manage their own virtual machines within a controlled environment.
• The SCVMM administrator defines self-service roles that determine which templates users can use to create virtual machines, how many virtual machines they can deploy, which hosts their virtual machines can run on, and which actions they can take on their virtual machines
1.4 Virtual Machine Host
• A virtual machine host is a physical computer that hosts one or more virtual machines. Hosts are added to SCVMM by using the Add Hosts Wizard in the SCVMM Administrator Console. When a host is added to SCVMM, SCVMM agent is automatically installed on the host system. The SCVMM Agent manages virtual machines on virtual machine hosts and allows hosts and library servers to communicate with and transfer files to or from the SCVMM server.
• If a virtual machine host is on a perimeter network or is not joined to a trusted domain, the agent must be manually installed on the host before it can be added to SCVMM.
1.5 Host Groups
•Virtual machine hosts can be organized into groups, which provide ease of monitoring and management of hosts and virtual machines.
•A host group’s most basic function is to act as a container to group hosts and virtual machines in a meaningful way. Host groups can be used to:
•Set aside resources on the hosts for the use of the host operating system.
•Designate hosts that are used for self-service.
•Designate which hosts are connected to a storage area network (SAN). (This is a best practice.)
•Enable the automatic placement of virtual machines on the best host in a group of hosts.
1.6 Group Isolation
• A host group can be used to isolate a host or collection of hosts. If, for example, a host has virtual guests that host mission-critical applications, that host can be isolated by placing it in its own host group. In this manner, the administrator can be sure that only appropriate users are delegated permissions and that host reserve resources are maximized for availability.
1.7 SCVMM Library Server
• Each SCVMM library server contains a catalog of resources that can be used to create and configure virtual machines in SCVMM. The library contains files that are stored on library shares, and it can contain file-based resources such as virtual hard disks, virtual floppy disks, ISO images, and scripts.
• In addition, the library server can contain virtual machine templates, hardware profiles, and guest operating-system profiles, which can be used to create virtual machines and store virtual machines that are not in use.
Restrict Plug and Play device installation and prevent removable storage access
With the release of Windows Vista and Windows 2008 you can control installation of device installation from Group Policy. You can control installation of devices, removable devices, removable device access permissions and authorized device installation features in GPO.
Device installation and removable device settings can be controlled in GPO under:
Computer Configuration –> Administrative Templates –> System –>Device Installation
Computer Configuration –> Administrative Templates –> System –> Device Installation –>Device Installation Restrictions
Computer Configuration –> Administrative Templates –> System –> Driver Installation
Computer Configuration –> Administrative Templates à System –> Removable Storage Access sections.
Following options should be set:
Computer Configuration –> Administrative Templates –> System –>Device Installation:
1. Turn Off “Found New Hardware” balloons during device installation –> Enabled
2. Allow remote access to the Plug and Play interface –> Disabled
Computer Configuration –> Administrative Templates –> System –> Device Installation –> Device Installation Restrictions:
1. Allow Administrators to override Device Installation Restriction policies –> Enabled
2. Prevent installation of Removable devices –> Enabled
3. Prevent installation of devices not described by other policy settings –> Enabled
Note: Disables all device installations.
Computer Configuration –> Administrative Templates –> System –> Driver Installation:
1. Allow non-administrators to install drivers for these setup device classes –> Disabled
2. Turn off Windows Update device driver search prompt –> Enabled
Computer Configuration –> Administrative Templates –> System –> Removable Storage Access
1. All Removable Storage classes: Deny all access –> Enabled
Note: You can give specific installation rights based on setup device class and Hardware ID. (See Step-By-Step Guide to Controlling Device Installation Using Group Policy)
The curious Exchange Dismount case
Every Exchange Administrator who has worked on Exchange 2003 will remember the event 9175.
Just to recall the event 9175 was logged “usually” when the Exchange store was dismounted Or when the Exchange Information Store/System Attendant service was not running
The Event had a description stating “The MAPI call open message store failed”.
Then the normal troubleshooting steps were taken by an exchange admin to mount the Database or start/troubleshoot the services And if it failed would use the Eseutil tool to troubleshoot the Database further.
But in Exchange 2007 you no longer get the event 9175 if the Database is not mounted.
In E2K7 the event 4001 is logged if the Database HOSTING THE SYSTEM ATTENDENT MAILBOX is dismounted OR when the Exchange Info/System Attendant Service fails to start and the internal exchange componenets
will be unable to log on to the System Attendent Mailbox.
The Event Description is “A transient failure has occurred. Cannot open the mailbox Microsoft System Attendant”.
The event is rightly logged if the Database is dismounted or the service is failing to start because the Exchange Components wont be able to access the System Attendent Mailbox if there is no access to the database.
But what happens if the event 4001 is logged even when the Database is mounted?????
I had to face a similar issue recently when one of our clients we facing this rather weird error and were repeatedly Alerted for Database dismount even when the exchange services were running and the Database was also mounted but still the event 4001 was logged.
I had a hard look on the Description of the event 4001 and found a unusual line in it
Microsoft.Mapi.MapiExeptionWrongServer
Then I used my skill on Exchange 2003 in which the event 9175 was logged when the HomeMDB attribute was Pointing to another server for the System Attendant Mailbox.
I quickly referred to my notes the followed the steps mentioned below and viola the error 4001 ceased and was no longer logged.
- Using ADSIEdit, browse to the location – Configuration – Microsoft Exchange – - Administrative Groups – - Servers – – Information Store -, on the right side you’ll see a list of mailbox stores, click on any one of them and copy the value of ‘Distinguished Name’ attribute
- Using ADSIEdit, browse to the location – Configuration – Microsoft Exchange – - Administrative Groups – - Servers – – Microsoft System Attendant, right click here and find the attribute ‘homeMDB’, paste the value that you copied earlier (From ‘Distinsguished Name’) here
- Restart ‘Microsoft Exchange System Attendant’ service
Wait for a while, in my case the event 4001 was logged once per hour but may be different in your case.
TIPS:
►You have only one System Attendant Mailbox throughout the Exchange server.
►By default System Attendant mailbox is created in the first database configured on the server during installation of exchange.
►No user account associated with It.
Problems faced by Windows XP SP3 Users
Few of the problems are listed below:
http://support.microsoft.com/kb/953356/en-us
In reality, the ctfmon.exe file in your Windows\System32 folder is a Microsoft system file that enables alternative input methods such as speech, tablet, or on-screen keyboard.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Policies \ Microsoft \ Windows \ WindowsUpdate
If you later decide you want Automatic Updates to offer you Service Pack 3, simply select the DoNotAllowSP key and press Delete (or click Edit, Delete).
If you’re concerned about editing the Registry (which involves risks of its own), the Service Pack Blocker can also undo the block:
Step 1. Choose Start, Run. Type cmd and press Enter.Step 2. At the command prompt, either type the path to the SPBlockingTool.exe file, or drag the file into the command prompt window and let Windows do the typing for you.Step 3. At the end of this command, type a space followed by /U and press Enter.Once again, you’ll see the “Action successfully completed” message and Windows Automatic Update will no longer be blocked from installing the service pack on your system.
