• NASA has a really nifty hands-on simulation of how their space communications network works. I can't wait to show it to the kids, who will dig both the 3D graphics and the music.
• Allegedly, more people use Facebook than watch Fox News. I am not sure what this says about the future of television news: should we expect to see FarmVille-themed programming? quizzes? "Like" buttons?
• I'm not looking forward to the coming deluge of political ads in California for the governor's and Senate races. Thankfully I don't watch much TV.
• OCS 2010 will make heavy use of PowerShell. Hallelujah.
• This weekend I have the rest of my Scout outdoor leader training. Among other things, I'll have to identify native plants, pitch a tent, and cook in a Dutch oven. At least I know how to do one of those things already.
• Next week when Arlene's gone my plan is to make let each of the boys cook dinner, by themselves, one night. That's going to be interesting.

In brief, the CRA's job is to ensure that calendar data items stay consistent across the organizer and attendees' mailboxes. This is a hard job given how many different clients may be in use, and how many of them (I'm looking at you, Apple) have problems handling some kinds of Exchange calendar events. Elie's article explains things quite well, so I have nothing more to add than a delighted fist-pump that this feature even exists.

• I'm not dyslexic, but I might as well be when it comes to tying knots. I tend to interchangeably use my right and left hands, and that meant that it took me about five times longer to learn how to tie some of the stupid things. I'll be practicing this week.
• The Chesebrough Scout reservation is a beautiful facility, but it doesn't have any AT&T coverage (or, at least, not much).
• A cardboard box, cut properly, makes a dandy split for lower-arm breaks or ankle injuries.
• Black electrical tape is better than duct tape or masking tape for securing slings, splints, etc. It's just sticky enough, and it stretches more than the other types, but not so much as to be useless.
• When traveling in bear country, use unscented sunscreen to keep from becoming a bear magnet. You should also plan on wearing special clothes just for sleeping—if you sleep in your day clothes, they'll have food scents on them, and bears love a good food scent.
• The best way to test the fit of your hiking boots is to walk downhill. (More boot fitting tips here.)
• The Scouts' "Leave No Trace" program is surprisingly comprehensive; its principles include only camping and traveling on durable surfaces, minimizing campfire use, and attempting to avoid disturbing wildlife.
• Your kitchen is probably a pit of filth, even if you've just cleaned it. (The food safety/prep class was a real eye-opener. Good thing it was delivered right before lunch!)

The second half of the training takes place Friday night and Saturday; we'll be pitching tents, camping and cooking outdoors, and all that good stuff. Should be big fun.

Register here, and I'll see you there!

In order to build a stand-alone classroom, we decided to drive them with a Mac mini server running the server version of OS X. This has caused me no end of amusement, frustration, and bemusement, so naturally I thought I'd write about it from the perspective of an experienced Windows admin.

Summary: OS X Server gives you a lot of functionality out of the box, but much of it is feature-poor compared to Windows, or buggy enough to make it useless. Documentation is scanty, and Apple's support resources are poor compared to Microsoft's.

Installation is simple, with no worries about drivers or any of the other niggling little hassles attendant on installing Windows Server. OS X asks for an install key code, but it doesn't validate it with a central server or phone home for activation.

The default installation ships with a large number of services, including DNS, DHCP, netboot, mail, iChat, calendaring, SMB and AFP file sharing, and web publishing. You have to enable and configure each of these services separately through the Server Admin application. I'll go out on a limb and say that this is roughly the equivalent of the ubiquitous Microsoft Management Console, except that the MMC has an open plug-in architecture that means any vendor can write snap-ins for it. The Server Manager interface is straightforward: servers and services appear in a tree on the left, and details of the selected services appear in a tabbed view on the right. Service status is shown with a small icon next to the service name, and there are controls at the bottom of the window for adding, starting, and stopping services.

Setting up the server with the services I wanted (AFP, netboot, Open Directory, WWW, and Software Update) was a breeze... until I wanted to change the DNS name of the machine. I tried without success to do this; the changeip -checkhostname command reported that my hostname was correct, but it remained stubbornly wrong according to the clients, which could no longer find the original server and refused to try finding the new name. I eventually decided to demote the server from an Open Directory master to standalone and back again-- the equivalent of decomissioning a Windows DC and then re-running dcpromo.

Good idea in theory. In practice, the conversion process threw tons of errors, none of which were documented anywhere. (Does "-14893" mean anything to you? Me neither.) The solution: pave the box and start over.

Normally I would have been throwing fits about this, but the installation process was fast and smooth enough that I didn't mind; I had plenty of other work to occupy me in the meantime. After the reinstall, I gave the server the correct new name, converted it to an Open Directory master, and was off to the races.

In the meantime, some other people had been unpacking and setting up the clients. Now it was time to join them to the Open Directory server. This is like joining a domain in Windows, except that it isn't much like that at all. Joining a client to OpenDir is more like telling it "hey, look here for account data." There's no machine account or object in the sense we think of them in Windows unless you manually create one. When you first boot a virgin Mac OS X client, if it sees an OpenDir server it will offer you the opportunity to connect to it. Once that's done you can use OpenDir accounts for logon. If not, you can manually join it at any time from the Login Items pane in the Accounts preferences item.

One of the big reasons we wanted to use OS X Server is so we could push policies to the client machines. Apple calls these preferences, and they can be applied to individual user accounts, user groups, computers, or computer groups. There are all sorts of policies; the ones we were interested in were for controlling logon, access to removable media, and a few other related things. Setting up policies is trivial: find the scope you want the policy to apply to, click the appropriate icon (helpfully, these match the icons used in the System Preferences app), and choose which settings to enforce.

In our case, we wanted policies to be applied to computers. Registering a computer requires you to look up the computer's unique ID and its MAC address, then enter both of these when you create the computer object. At that point you can assign policies to individual computers or computer groups. It was never clear to me when policies were actually applied: some seemed to take effect immediately, others only after a reboot of the client. (No doubt it's documented somewhere and I just haven't found it yet.)

The policies themselves are a mix of the obvious ("don't allow users to mount USB devices") and the Apple-only (disable Front Row, for example, or force the use of Mac OS X parental controls.) However, there are only a few settings compared to the huge number available in Windows. However, there's an escape hatch: you can modify the contents of any preference plist file, so even options that can't normally be changed through the GUI on a local machine can be managed. This is a handy feature.

Unlike Windows group policy there's no way to push or publish applications to the clients. For this, you need Apple Remote Desktop, for which no precise equivalent exists in the Windows world. It is a combination of a management and inventory tool, a remote shell, and a desktop support application. You can use it to push files, remotely install applications, run arbitrary shell commands, and watch or control a user's desktop. In our application, we use it to push a bootstrap installer, run it, and take care of some assorted housekeeping. It also has a neat-o mode that lets you observe multiple clients at once in a grid display. This is extremely useful for our environment, because it lets us see a classroom full of client desktops at once.

It's easy to use ARD for a building-block approach: test a command on one machine, save it for later, run it on multiple machines when needed, and then string it together with other actions into a single set of actions. This made bootstrap setup of our clients much, much easier.

Next: time sync. OS X Server has an NTP service, and it's easy to turn on and run. You cannot, however, easily instruct clients to use it. You have to push an update to /etc/ntp.conf onto every machine. That's a pain. Apple Remote Desktop to the rescue, again.

Now, for the complaints, in no particular order.

The Software Update service is balky and buggy. Essentially it's a custom CGI that runs on the built-in Apache installation. You can pull updates from Apple, choose which ones you want clients to get, and then allow clients to pull them. Great idea in theory, but it just doesn't work well. Some clients see the right updates, and some don't. The interface for choosing which updates you want to pull in the first place doesn't let you select or deselect updates until after you've downloaded them, which means you have to wait for your server to sync before you can choose which updates you'd like. I spent about an hour trying to figure out why none of the clients could pull updates, only to learn that the path suggested in the setup dialog is wrong.

Logging is a mess. There are about two bajillion log files, each in a different location, each with different formats. The system console log can be searched, as can the individual component logs shown in Server Manager. However, the event management tools in Windows are easier to use and more complete. The bigger issue is that Windows event log messages are usually quite detailed. Microsoft's gotten pretty good at writing meaningful event log entries over the years. Apple, not so much.

Bugs! I mentioned the problem I had with OpenDir master-ism earlier. I didn't run across any show-stopping bugs, but there are still a fair number of rough edges. In fairness, some of these were probably due to me bumbling around.

Documentation: it's a set of PDF files. I much prefer Microsoft-style layouts that have an easily accessible table of contents in one pane and the content in another. My preferences aside, the docs are nowhere near as detailed as Microsoft's. You would be hard pressed to deploy Mac OS X Server in an enterprise without an awful lot of around-the-campfire knowledge passed down from greybeards, because the docs don't include many of the things you'd want to know before basing your business networks on OS X.

Having said that, I found the Mac Enterprise mailing list to be extremely helpful, though I wasn't always sure what they were talking about. They were able to efficiently answer the few questions I asked, not at all unlike the golden days of mailing lists for Exchange. From reading the list I learned about two very cool system management technologies I plan to make use of: Puppet (a cross-platform scripting language for system management) and Sikuli, which is hard to describe except to say that it's a screenshot-based scripting environment.

Thus far everyone is happy: the client Macs work, they're being managed the way we want them, and life is good. As I learn more about how to make OS X Server do cool tricks, I'll try to post them here.

3/16/2010 11:00:00 AM - TechNet Webcast: Microsoft Exchange Server 2010 Unified Messaging (Level 300)
Unified messaging in Microsoft Exchange Server 2007 made it possible to connect with a telephone system and put voice mail into an Outlook inbox. In this webcast, we demonstrate how deeper use of speech recognition in Microsoft Exchange Server 2010 unified messaging makes "anywhere access" to information even easier. We also discuss other new features, product architecture, and upgrading from Exchange Server 2007.

Register here, and I'll see you there!

This year, we took advantage of the off week to give my mom a Christmas present: we took her on a four-day Disney cruise, followed by three days at Walt Disney World, with four of her five grandsons. (The fifth is only 17 months old, so he wasn't really invited.) Ski week was the perfect time for us to combine the two, so we started making plans just after Thanksgiving and had everything squared away by early January. This was no small feat, given that we had to coordinate travel and activities for people from California, Vermont, and Louisiana.

Logistics I started by contacting Vacations to Go, the cruise agency we used for our previous Princess cruise. They do an excellent job of handholding, which in this case was warranted by the complexity of our plan. Their agents are all home-based, and the one we drew (Judy Hastings) did a terrific job. They're like Amazon in that you get mostly-automated communications from them at major milestones, telling you what to do (or what's ben done.) We reserved category 12 staterooms, the least expensive (and least fancy) kind-- but more on that in a minute.

Disney offers web-based booking for all the shore activities. We used their booking system for a couple of activities and found others by using the web. Our particular cruise stopped for a day in Nassau, a day at Disney's Castaway Cay, and spent the final day at sea.

For air travel, we were pretty much stuck. We wanted to leave the 13th, so we'd have a day of buffer in case of travel delays. Julie and Mom both had much shorter travel legs than we did, so to maximize our time with them we wanted early flights. That left us stuck with US Airways, which I hadn't flown in at least 12 years. Service was perfunctory; everything except soda costs extra (want a blanket? that'll be $7), and we spent an extra hour in Phoenix because one of our FMS computers needed replacement. The fare was outrageous, but at least we got the times and dates we wanted. Enough said about that.

When we arrived, we took the shuttle to the Embassy Suites near MCO. This enabled us to gather and have a little together time before heading to the ship the next morning. We had considered staying at the Hyatt at MCO itself, which would have made the process of getting to the ship a little simpler. However, they were full. Oops. The Embassy Suites was plenty nice for a one-night stay, and we all love their breakfasts.

The next morning, Tiffany Town Cars picked us up exactly on schedule and drove us from Orlando to Port Canaveral. They came recommended on one of the Disney-themed forums I'd been haunting. For $125 for a party of 8, it was a pretty good deal. Disney offers transport too ($35/person each way), but only from MCO to the port.

When we arrived at the port, things were in a bit of a rumpus. The Disney Magic was late in arriving due to high seas during its prior-day stop at Castaway Cay. Our area was filled with frazzled people who had just gotten off the Magic, plus frazzled people who wanted to get on it but didn't realize they were in the wrong place. We arrived at about 9:30 am. Disney usually opens the terminal for arrivals at about 10am, so we didn't have too long to wait-- it just seemed like a long time because of the unseasonably cold weather.

The check-in process was smooth, as you'd expect. We showed our passports to the nice trainee behind the counter, turned in our cruise contracts, got our pictures taken for our "Key to the World" cards, and settled down to wait for boarding to begin. Arlene spent nearly 90 minutes in line to register Matt and Charlie for the kids' activities aboard, but some kind of computer problem kept registration from working until later when we were aboard.

All aboard! Protip: get on the ship as early as possible on your departure day. You can swim, play on the sports courts, eat, and explore (all of which we did... well, except for the swimming; it was about 50* and windy.) We boarded as soon as they'd let us and went to Parrot Cay, one of the four onboard restaurants, for lunch. (There are also several places to get fast food, but I don't count those as restaurants.)

The lunch buffet was a solid "OK"-- I thought the quality and range of choices were better on Princess, but this was by no means bad stuff. Arlene got a piece of truly vile gluten-free cheesecake-- we're not sure, but we think it might have been made lactose-, sugar-, and gluten-free, meaning it was probably made with goat's milk and Windex.

We spent time ranging around the ship and discovered our staterooms a little after 1:30p, the time when Disney releases them from housekeeping. Despite their small size, the rooms we had were nicely appointed with a queen bed, a fold-out futon-style sofa, a (very) small desk, and a 27" flatscreen TV showing unlimited Disney programming. (Boo hiss: no Olympics, as they're carried this year on rival network NBC.) Our bags arrived later, as did some terrific cruise gift baskets that Julie had ordered for us.

Our first night's dinner was at Animator's Palette. You can probably guess the décor theme; if not, this might help. Our dinner was superb, and our table staff (Faisal and Kevin) did a great job of taking care of us. On Disney, you dine in a different restaurant each night, but you keep the same table staff. We filled a table for eight all by ourselves. The ship had several kinds of gluten-free bread for Arlene (though they would always bring her at least three pieces of it at each meal, more than she could eat), and they were always able to adapt entrées for her without any difficulty.

There are lots of odd angles in this particular restaurant, which I think contributed to Matt and Tom both complaining of seasickness during dinner. They ended up going to bed semi-early while the rest of us went to see the "Golden Mickeys" musical. As you would expect, this was superbly produced and performed, and those of us who saw it loved it. We put some anti-nausea wristbands on the kids and that (along with a good night's sleep) helped a lot. The two anti-nausea drugs they sell aboard ship aren't safe for asthma sufferers, so keep that in mind if you're going to sea.

Nassau We got into Nassau about 9am and promptly split up: Mom, David, Tom and I hit the port while Julie, Charlie, Matt, and Arlene went on a dolphin visit. I'll leave it to Arlene to describe that (and show off the tons of pictures she took). As for the port: meh. It was pleasant to walk around in the sun, but other than that it was pretty bland. Mom and Tom went off to their snorkeling outing, so David and I had time for a quick lunch together before our own snorkel trip. Mom and Tom got the better end of the deal; their expedition went to an area with a crashed Cessna, and they baited the water to attract fish instead of selling little baggies of fish food. I took a ton of pictures and video using the underwater camera case that Julie and Paul gave me for Christmas, but the results were a bit disappointing (I'll upload them once I have more bandwidth than this airport offers); the camera's autofocus system had a hard time coping with fast-moving fish.

Everyone made it back to the ship with stories to tell, so we had a lively dinner at Parrot Cay. This dinner featured their "island menu", which was uniformly excellent. Everyone loved everything, which might be a first. Either we were all unusually hungry or the food was unusually good.

Castaway Cay The next morning we arrived early at Castaway Cay. The weather was poor: 25-30 kt winds, rain, and low clouds. Disney cancelled most of the shore-based activities; Julie and I had Jet Ski time booked, and Arlene and Charlie were headed for the glass-bottomed boat tour. Too bad! The weather did eventually improve, and we were able to spend some time on the actual beach in the sun. Stingrays cruise very close in to shore, which was fun for the kids. There's also a simulated fossil dig located in and around a real whale skeleton; this was very popular with Matt and Charlie. David spent the whole day with a pack of teens in a structured group activity and delighted in being away from his family (OK, maybe not, but he did have lots of fun!)

Lunch was a barbecue buffet that was pretty good. We spent time doing nothing much in particular; although we would have all preferred to be able to enjoy our scheduled activities, having a day off wasn't so bad either! We sailed early, about 5pm, to get ready for the "Pirates IN the Caribbean" theme of the evening. Mom had laid on pirate clothes for all of us, so I was sporting a do rag, an earring, and an eyepatch when we went to dinner, which was again excellent.

A day at sea The weather was nicer on our last day than it had been on the preceding days, so we all got some sun, and the kids got to swim. Apart from that, it was a low-stress day, capped off by a French dinner at Triton's, the poshest of the onboard restaurants. Arlene had duck; several of us had an excellent duck confit appetizer, and David and Tom both had (and loved!) escargot. I was really pleased by how well we all did at trying new foods, something that's easy when you know the wait staff will just bring you something else if you dislike whatever you ordered. (Kids: don't try that it home. It won't work.)

A side note on kids' programs Our day at sea good segue for me to talk about the onboard programs. We had kids aged 5, 8, 11, and 15, so we covered all the bases except the nursery. The 5- and 8-year-olds spent time in the Oceaneer Lab and Oceaneer Club, a big open space located on deck 5. Each kid gets a wristband with a small RFID tag, and each parent gets a pager. That way it's easy for each party to keep track of, or contact, the other. The Oceaneer activities tended to be science-themed. Matt made Flubber, researched sharks, and so on. Charlie's program was more activity-themed, and Tom's (aptly named the "Out and About" club) was a nice mix. For example, one day they played dodgeball, then had a big trivia contest, then made their own pizzas for lunch.

David spent as much time as we'd let him in "Aloft", the teen club on deck 11. Here the main attraction was the presence of other teens, plus lots and lots of food and games.

There was enough adult supervision for all of the programs that we felt comfortable letting the kids spend time there, and they enjoyed it immensely. This made it possible for us to have quiet adult time when we needed it. This is one of the major distinctions that Disney offers, and they deliver exactly what they promised. The kids clamored for more time in the programs, and we were happy to be able to mix that in with our other family activities.

Debarkation Disney wants the ship unloaded as fast as possible, so you pack your luggage and put it out in the hall the night before you arrive and they put it ashore for you. This worked quite well for us because we'd done it before, but in the morning I heard other families complaining about things they'd forgotten or mispacked. We had a sit-down breakfast at Triton's, then a few minutes later we were off the ship, through customs, and ready to take the bus to Walt Disney World… but more on that another time.

Table scraps A few miscellaneous notes and observations:

• There's cell phone connectivity aboard, but it's crazy expensive. Don't plan on roaming in the Bahamas, either: $2.99/minute for voice and an extortionate $19.99/Mb for data. (The shipboard rates are lower but I was too afraid to turn on my phone to find out what they were.)
• Shipboard Internet service is slow and high-latency. Disney blocks outbound VPN connections, too. At least it's expensive! I bought a 100-minute block for $40 and used about 75% of it checking mail and dispatching work on Wednesday, so that means I went two whole days without e-mail. Sigh.
• Attention Anita: unlike Princess, Disney ships have ice cream from 0800-2300.
• Julie recommended packing a power strip of some kind because each stateroom has only two outlets. I grabbed two of these and they were splendid-- just what we needed.
• Don't bother taking your own snacks aboard. You'll have plenty to eat.
• I think the four adults, combined, read maybe 50 pages during the entire voyage. There were just too many other things to do to spend time reading.
• Our stateroom was on deck 2, just below the dance club. We never heard a thing; the interior soundproofing is excellent, although you can hear hallway noise. We could also hear the ship's thrusters loud and clear because we were so far forward. However, Disney doesn't schedule port arrivals at 0700 like Princess does, so no one's sleep was disturbed.
• Don't let the small square footage of the cheapest staterooms fool you-- it was fine for three people.
• The Disney cruise message boards talk about upgrades a lot. In theory, you can buy them before you board; you can ask for them at check-in, or you can attempt to buy one after setting sail. In reality, at most time periods Disney sells out. The purser told us that the only time they've recently had cabins available for upgrades was during the recent East Coast snowstorms.

Bottom line: a great trip, one we would definitely consider doing again.

Too bad; you can't.

Well, OK. Let me elaborate: you can change the maximum length used when you use a transcription partner. (Wait, what? You didn't know that you can outsource transcription? Yep. I'll write more about that later.)

However, there's no supported way to change the length threshold for messages transcribed on your own system. There's a good reason for this, though.

All speech recognition systems rely on statistical models to help them "understand" what the speaker's saying. These models help the speech engine predict what sounds are likely to come next given what's being said right now, and improved models are a big part of why speaker-independent continuous speech recognition has finally reached the point of actually being useful.

There's a problem with this approach, though: messages that don't match the model are really, really hard to recognize. When a speaker says "My phone number is four", if the next phrase is "syzygy exploding potato" it's going to be hard for the model to keep up since it's expecting a few more numbers, not random crapola. The more the message diverges from the model's expectation, the worse accuracy gets.

This ties into long messages how? Glad you asked. The longer a message is, the more likely it is to be a specialized message-- in other words, one that doesn't match the model well. Consider the difference between a short message (say, "Hi, honey, it's me. Don't forget to pick up some milk on the way home.") and a speaker reading this blog post to your Exchange UM server!

To avoid this situation, Exchange won't transcribe any message longer than about 75 seconds. That's not a big deal, given that something like 99% of all voice mail messages are shorter than 75 seconds, but it's still a bit of a hassle if you need transcription for longer messages. Of course, then you could always use a transcription service, about which more later.

One feature you may have missed is that the Exchange Management Console can be used to manage any Exchange organization, not just the one associated with the domain you're logged into. This comes in especially handy if you're using Exchange Online, or if you need to manage more than one Exchange organization from the same machine.

Turns out, though, that you can only install the Exchange 2010 management tools if your machine is joined to a domain. It doesn't matter which domain; any one will do.

This seems odd at first glance. After all, lots of other management applications allow single-seat management across Windows domains. In fact, the Exchange 2010 control panel (ECP) does this. There actually is a good reason for the restriction, though. The Exchange 2010 EMC uses Kerberos to authenticate and encrypt the data channel used for remote PowerShell. This is simpler to deploy and manage than dealing with yet another set of SSL certificates for HTTPS... but the use of Kerb requires that the management workstation be joined to a domain. There you have it.

In Exchange 2007, you could use tab completion to figure out which cmdlets existed for a given task. Need to do something with public folders, but not sure what cmdlets are there? Just type "get-pu" and hit Tab, and voila! you start seeing public folder-related commands.

Exchange 2010 breaks this!

The reason is simple: tab completion doesn't work in remote PowerShell. Every time you launch EMS, you're making a remote PS connection, even on the same machine. Therefore: no tab completion for you.

Worse, the get-help cmdlet won't accept wildcards any longer. The same issue is to blame.

There's a partial workaround for this issue, which is to use get-command (or just "gcm") instead of get-help. gcm will give you the list of cmdlets, and then you can use get-help to get help on an individual cmdlet.

I don't think this is a great situation. In fact, it stinks. I learned PowerShell in large measure by trying to tab-complete various things to figure out what existed, and as I'm now trying to train a few other folks on basic PowerShell, the lack of this feature is a big pain in the butt.

However, complaining to the Exchange team won't help much because this is a PowerShell issue. So, if you find this bug annoying, you can let the PowerShell team know on their blog (or here; I'll forward a link to them). Maybe this will be fixed in a future release... hopefully not a far-future one.

So, for MVP-Devin's blog post, go here instead. Update your blog list while you're at it.

A Cajun who died went to hell. The devil assigned him the usual punishment...put him in the mass pit where the heat was melting others. The devil came back sometime later surprised to find the Cajun just sitting around not even misting much less sweating. "How come you're not so much as sweating here where everyone else is screaming for relief from the heat?"

The Cajun laughed and said "Man I was raised in the bayous of Sout Looziana.. Dis ain't nothin' but May in Morgan City to me!"

The devil decided to really put the Cajun through it. He put him in a sealed off cave in the pit with open blazes and four extra furnaces blasting. When he came back days later the Cajun was sitting pretty had barely begun to bead up with sweat. The devil was outraged."How is this possible!? You should be melted to a shrieking puddle in these conditions!"

The Cajun laughed even harder than before. "Hey man! I done tole you I was raised in Sout Looziana. You tink dis is heat?! Dis ain't nothin' but August in Cow Island !"

So the devil thought "All right, a little reverse ought to do the trick." He put the Cajun into a corner of hell where no heat ever reached. It was freezing and to add to the Cajun's misery he added massive icebergs and blasting frozen air. When he returned the Cajun was shivering ice hung from every part of him but he was grinning like it was Christmas. Exasperated, the devil asked "HOW!? How is it possible?! You're impervious to heat and here you sit in conditions you can't be used to...freezing cold and yet you're happier than if you were in heaven. WHY?!"

The Cajun kept grinning and replied "Don't dis mean de Saints won da Super Bowl?"

First, E.J. Dyksen has a good post on general MailTips troubleshooting on the Exchange team blog. Go read it. (Don't worry; I'll wait for you to come back.)

Back already? Great. Now let's get to it.

Group Metrics creation is on by default; it's controlled by the organizational GroupMetricsGenerationEnabled setting. Every mailbox server that generates an OAB will also generate Group Metric data for the entire organization. Other mailbox servers will not generate any GM data, unless and until you enable them to do so.

Clients ask the CAS for Group Metric data. A given CAS server will assemble a list of Group Metrics servers, then use AD sites and site link definitions to find the "best" server for getting a copy of the Group Metrics data. The list contains servers that generate OABs for that CAS, plus mailbox servers that are explicitly enabled for Group Metrics generation. (Note that this means that CAS servers that don't host any OABs also won't host any Group Metrics data.)

When does all this happen? By default, Group Metric generation happens at midnight, plus or minus three hours. You can change that time using the GroupMetricsGenerationTime parameter, in which case the +/- 3-hour offset doesn't apply. Also, after you change the time, you'll notice that the next Group Metrics generation follows the old schedule, then the new schedule kicks in.

There's no way to force regeneration from the UI, although you can stop and restart the Microsoft Exchange Service Host service on any server to force an update. However, updating the Group Metrics data won't force the CAS servers to pull the new update; for that, you have to restart the Microsoft Exchange File Distribution service.

First is Outlook 2010, which I've been running for some time. Overall I like it a lot; it performs well, it supports multiple Exchange accounts, and it has lots of grace notes (like the configurable "Quick Steps" feature) that make using it both easier and more pleasant than earlier versions.

Second is the newest release (3.1) of the Facebook client for the iPhone. It has the option to automatically sync Facebook data (including profile links and pictures) for contacts it finds in your iPhone address book.

Put these two together, and what do you get? Pictures of people you don't really know showing up in Outlook, like this:

Yes, that's right: any time I exchange mail with someone whose e-mail address is registered with Facebook, I get their picture! In this case, a college student bought a book I had listed on Amazon, and she was writing to ask whether I'd shipped it or not. Imagine my surprise to see a picture of her and her two BFFs (at least that's who I assume the other two girls are.)

What's making that happen? Outlook 2010 has a feature called "Suggested Contacts" that automatically adds the e-mail addresses of people you correspond with to a new "Suggested Contacts" folder. This replaces the old .nk2 file that earlier versions used for nickname autocompletion. Unfortunately, Suggested Contacts appears to most applications (well, the ones that aren't Outlook 2010) as a regular Contacts folder. On the iPhone (and in Mail.app) that means that people you've exchanged e-mail with show up in your contact list until you manually purge them.

The Facebook app on the iPhone is trying to be helpful, so it looks for people in your address book—which now includes the contents of Suggested Contacts—and downloads their pictures. Ta da! Instant confusion.

The contact-picture feature is one of my favorite Outlook 2010 enhancements, so I'm not going to turn it off. Likewise, having up-to-date pictures of my actual Facebook friends is a neat feature, so i"m leaving it on as well. For now, that means that I'm stuck occasionally seeing pictures of people I don't know—part of the price for being an early adopter, I guess.