Blog Archives
Securely Publishing iPhone with Microsoft Exchange Server 2010: Business Integration and Deployment
Book Review: Securely publishing iPhone with Microsoft Exchange Server 2010: Business Integration and Deployment
By Steve Goodman
Recently, I was requested to write a blog review for a book iPhone with Microsoft Exchange Server 2010: Business Integration and Deployment. This book is written by Steve Goodman, and published by Packt Publisher. Being an Exchange geek, after you read the title of this book, it really influences you, and pushes forward towards seeing the contents of the book, where this book doesnt have only the impressive title, but also have great contents for its readers, Steve laid out the content of the book in a pretty nifty way, where he is first explaining the architecture of the solution, and then he goes step by step to and covers all the areas, which are essential to build a secure enterprise level messaging environment for the corporate business users, and its integration with iOS devices (aka smart-phones) for Microsoft ActiveSync protocol.
Reading Steves write ups have always been interesting for me, as you can also find his blog in my blog-rolls area. You can get to know more about Steves community contribution on his blog.
Have you been tasked with getting iPhones into the hands of your business executives, and need to ensure they can reliably and securely access corporate e-mail? This book will teach you what you need to know about getting Exchange 2010 set up and then help you deploy iPhones in a secure and manageable way. Starting with the basics, you’ll learn about what Apple mobile devices have to offer and how they have evolved into devices suitable for business use. If you’re new to Exchange Server 2010, you’ll learn the basics of Microsoft’s world leading messaging suite, before learning how to plan, install, and configure a highly available Exchange
environment. You will also understand how to configure Office 365 and learn how both can be configured to apply policies to iPhone, iPad, and the iPod Touch. You’ll also learn how to configure advanced features, such as certificate authentication, how to create and deploy configuration profiles for devices, and how to manage your devices once they are in the hands of your users.
After reading this book, you will be confident about introducing Apple mobile devices into your organization.
Now lets go back to the book review, and let me break it in pieces:
Who this book is for:
This book is aimed at system administrators who don’t necessarily know about Exchange Server 2010 or ActiveSync-based mobile devices. A basic level of knowledge around Windows Servers is expected, and knowledge of smartphones and email systems in general will make some topics a little easier. Experienced Exchange Server 2010 administrators will gain most value from chapter five onwards, as these chapters build upon a working Exchange 2010 organization.
This book will walk you through from the basic of the technology towards the building an Exchange Server 2010 Messaging Infrastructure, and then will slowly move ahead with provisioning, integrating and deploying iOS based client devices (smart-phones) and their business collaboration feature management.
I thought it would be nice, if I can provide some information about the contents of the book, below is the list of the core domains, which will be discussed in his book.
Chapter 1, Introduction to iPhone with Exchange Server 2010 introduces the Apple mobile device range and Exchange Server 2010 starting with the fundamentals and explaining the concepts used in later chapters.
Chapter 2, Architecture and Implementation Planning covers planning the architecture that you will need in place for Exchange Server. You’ll learn about the individual Exchange Server roles and how to plan your underlying infrastructure so it not only allows Apple mobile devices to connect, but meets the needs of your company.
Chapter 3, Exchange Server Configuration for iOS Connectivity follows on from the planning in the previous chapter to walk through the process of installing and configuring a highly available Exchange infrastructure that Apple mobile devices, amongst others, can connect to.
Chapter 4, Office 365 Configuration for iOS Connectivity looks at an alternative approach to configuring and running Exchange Server, by using Microsoft’s Office 365. We’ll see how this simplifies the implementation process and still allows us to connect and manage Apple mobile devices.
Chapter 5, Creating and Enforcing Policies explores how Exchange Server allows us to control end-user devices, from restricting the features that can be used on Apple mobile devices to ensuring only allowed devices can connect to your Exchange infrastructure.
Chapter 6, Configuring Certificate Based Authentication in Exchange Server 2010 walks through how to configure and manage a small public key infrastructure aimed at improving the security of your Exchange environment through the use of user
certificates on Apple mobile devices.
Chapter 7, Provisioning iOS Client Devices introduces the iPhone Configuration Utility, the Apple tool specifically aimed at controlling Apple mobile device features and configuration, along with exploring the methods available to deploy profiles to mobile devices.
Chapter 8, Sharing Mailboxes and Calendars covers a variety of methods that allow you to overcome Exchange limitations for access to shared mailboxes from clients other than Outlook and how to configure advanced features in Exchange Server 2010 allowing users to share individual calendars in a way compatible Apple mobile devices.
Chapter 9, iOS Client Device Management the final chapter, explores the ongoing management tasks associated with a mobile device estate along with how to perform common troubleshooting and auditing tasks.
Few links:
Buy your copy of this book at Packt Publishing website.
I hope you enjoyed reading this review, and will find this book interesting.
Cheers!
Troubleshooting Exchange Database Log truncation problem | Microsoft Exchange Search Indexing Service which was not allowing the Replication Service to truncate logs | Netbackup (VSS) Ful Backup is not clearing Exchange Database Logs | Exchange DB Logs
Author: Zahir Hussain Shah | MVP Exchange Server, CISSP
Step by Step Guide for Troubleshooting Microsoft Exchange Server 2010 Mailbox Database Transaction Logs Truncation Problem, where a VSS backup tool (Symantec Veritas Netbackup) is failed to truncate the Exchange Mailbox Database Logs after the successful Backup
Recently, I gone through a troubleshooting session, where Exchange Server 2010 Mailbox Databases Transaction Logs were not able truncated after the successful VSS Full Backup, in this scenario, we were seeing Symantec Veritas NetBackup 7.x was not able to purged the logs after the successful backup, or you can say that with the scheduled backup policy, NetBackup client agent APIs were not able to communicate properly with MSExchange for purging the logs, and which resulted in increase of Exchange Mailbox Database LUN sizes.
Problem:
Microsoft Exchange Server 2010 Mailbox Transaction Logs truncated issue due to NetBackup Full Mailbox Database backup failed to purged the logs / Microsoft Exchange Search Indexing Service which was not allowing the Replication Service to truncate logs.
Cause:
NetBackup client agent APIs were not able to communicate properly with MSExchange for purging the logs, and which resulted in increase of Exchange Mailbox Database LUN sizes.
Solutions:
In the solution area of this blog post, I will guide you the various options available to you for fixing this problem, but we will hit first those, which contains less administrative over-head from the MSExchange Admin side, and we will try to get the issue resolved from the NetBackup side, because as it sounds from the title of the blog, which says that NetBackup is failed to purge the Exchange Mailbox Transaction Logs. Poor you Exchange Server 
1) Re-installing Symantec Veritas NetBackup Client Agent software on all the Microsoft Exchange Server Nodes, including CAS and Mailbox Nodes.
Note: Why I mentioned this option first, is because in my case, we tried this option, and it fixed the problem and automatically purged the logs.
2) Make sure that your NetBackup services on both Exchange CAS and Mailbox Servers are running with a proper Domain Account, which has appropriate rights on your Exchange Mailbox Store (database), and try to see that the Services can restart with this domain user account.
Note: In our case, I saw that after we reinstalled the NetBackup agent all the nodes, Netbackup services were not able to start up, because of the problem with Log on failure error, so you setup it correct, and make sure everything looks like hunky-dorry.
Note: After you performed the both options, try to execute the full backup of any of the smallest Exchange Mailbox Database, and see whether Netbackup is able to purge the logs or not, if it fails again to purge the logs, and you dont have enough space available in the Mailbox Database LUNs, so you can perform the below step to make the necessary disk space available in the LUN to mount the database again, and fix the log purging issue for Netbackup.
3) If your NetBackup administrator informed you that NetBackup is not able to purge the logs, due to the Microsoft Exchange Search Indexing Service which was not allowing the Replication Service to truncate logs, so in this case, you can perform the step 3, which will clear this point, and if this fixes your problem, then you are all good, if it doesnt then, we will move forward on the road to fix this problem.
Okay, so in this step 3, we will perform the below steps:
Dismount the Microsoft Exchange Mailbox Database, which is failed to be purged for logs by NetBackup.
Stop Microsoft Information Store Service on this passive Mailbox Database Node first.
Go to the Mailbox Database folder, and then delete the CatalogData folder.
Start the Microsoft Information Store Service.
Mount the Database.
Note: Catalog data building will take time depends on the size of the database.
Mailbox Database Catalog Folder:
Upon the completion of the Mailbox Catalog building, then once again you can take the Full backup of the Database, and we will see whether it is able to purge the logs or not, if it is still failing to purge the logs, and you dont have much time left for NetBackup to purge the logs, and database is in dismounted state due to the free disk space availability, you can perform the 4th step here:
4) This time in the 4th step of this solution, where we saw that all the above steps were not able to fix the problem, and sometimes due to the courted and missing Exchange Mailbox logs, NetBackup or any VSS backup tool fails to purge the logs, so in this case, we will perform this step as follows:
Dismount the Exchange Mailbox Database.
Move the Exchange Mailbox Database Transaction logs to a different directory.
Mount the Exchange Mailbox Database.
With the above step performed, when you will mount the database again, Exchange Server will start creating logs in the sequence, and then there will be no problem for the disk free space availability, because then moment you will mount the database again, Exchange will automatically purge all the logs, and then there will be only new logs.
Okay so now we have free space in the disk to mount the database, and let the user to connect with Exchange Server, and ask your Netbackup admin to take the full backup of the Exchange Database, and now this time it should work, if your NetBackup admin and the tool both are happy, if there is still problem for purging the logs automatically with full NetBackup backup, then you better create a support session with Symantec Support, and tell them that you have done everything from the Exchange side, and nothing is there to be blamed on Exchange. :$
I hope with this step by step guide to fix your Microsoft Exchange Mailbox Database Transaction Logs purging problem, you enjoyed reading the article, and gained knowledge to keep your Exchange logs truncated wherever is needed.
Cheers!
Learning PowerShell | Microsoft Script Explorer | PowerShell Help | Exchange PowerShell Guide | Active Directory Scripts | Windows 7 PowerShell | SharePoint PowerShell | System Center PowerShell | SQL Server PowerShell
Author: Zahir Hussain Shah | MVP Exchange Server, CISSP
Learning PowerShell has never been so easy and fast… Try Microsoft Script Explorer for Windows PowerShell (pre-release)…
This is going to be my AWESOME post, where I will be sharing with you about a new learning and operations optimizing release by Microsoft, it is Microsoft Script Explorer for Windows PowerShell, the current version is pre-release, and it provides a handy way to search for PowerShell resources for the different Microsoft products, e.g. Exchange Server, Active Directory, and etc, it provides pre-cooked material, like Scripts, and cooking recipes, like How-to Guides for various TechNet library resources.
Download it now, and you can install this on your PC (Windows XP / Windows 7) or directly on the Server, on Windows 7 it requires .NetFrameWork 4.0, which you can download from here.
After some initial working with Microsoft Script Explorer for Windows PowerShell, it really found it as a good training and learning resource, where it provides you a easy way to get to the whole world of PowerShell and Scripts, and on the other end, it provides you a way to script most of your operations task, and get things done in a more automated fashion.
So get set go, and get your PowerShell Explorer today!, for more information about MSE, check out this link
Let me also share some of the snapshot of the MSE here…
I hope you will enjoy reading this post
Cheers!
Clear Submission Queue on Microsoft Exchange Server 2007 / 2010 | Remove message from queue on Hub Transport Server | Delete ambigous messages from submission queue | Emails are stuck in the Exchange Server queue | Troubleshooting Exchange Queue
Author: Zahir Hussain Shah | MVP Exchange Server, CISSP
Troubleshooting Microsoft Exchange HUB Transport Server (Transport Queues)
Often due to loss of Internet connectivity and DNS name resolution issues, we run into a situation, where we see a big count of e-mails get stuck at Exchange HUB Transport Server queue, usually these e-mails get stuck at your smart-host connector, which is the next-hop for your e-mails, but sometimes, due to some conflicts and other issues, we see e-mails get stuck in the Exchange Hub Transport Server for different queues, instead of the one, which is bound with your smart-host, for an example, lets say if you are using FOPE (Microsoft Forefront Online Protection for Exchange Online Service), then in this case, you will see emails getting stuck at mail.global.frontbridge.com (SmartHostConnectorDelivery).
Okay, we said something about the queues, now let me drive your attention towards the goal of this blog post, where I will guide you the basic troubleshooting for your Exchange Hub Transport Server and its queue.
Here are few of the common issues with Microsoft Exchange Hub Transport Server and its queues:
Problem:
1) E-mails get stuck at the SmartHostConnectorDelivery for out-bound e-mail delivery
2) Last Error: A matching connector cannot be found to route the external recipient
3) Last Error: 420 4.2.0 RESOLVER.ADR.Ambiguous; ambiguous address / Large number of messages get stuck at submission queue
Resolution:
E-mails get stuck at the SmartHostConnectorDelivery for out-bound e-mail delivery Issue:
For this type of problem, usually the cause is the loss of connectivity with Internet or with the HUB Site, which is responsible for routing e-mails to the appropriate destination (commonly to the Internet), and sometimes, it happens due to the bad DNS cache, which does not allow you to connect with the Smart-Host for the email delivery, and also the authentication which plays a vital part for allowing your HUB Transport Server to connect with remote-smart-host for delivering e-mails.
You can use the below solutions to fix this type of issues with e-mail delivery:
–>> Fix the IP connectivity issues for Internet / remote smart-host.
–>> Clear the DNS cache on DNS Servers and Exchange Hub Transport Servers (IPconfig /flushdns).
–>> Based on your remote-smart-host authentication requirements, set the appropriate authentication providers on your Send-Connector.
Last Error: A matching connector cannot be found to route the external recipient:
As it sounds with its name that the corresponding or matching send-connector is missing from Exchange HUB Transport Configuration, and for fixing this problem, you can create a send connector for the similar SMTP Address Space, but if you want to create a single SMTP connector for all type of domains, then make sure that you create *, a wild-card based SMTP connector, so all emails for any destination will be routed through this send-connector:
Last Error: 420 4.2.0 RESOLVER.ADR.Ambiguous; ambiguous address / Large number of messages get stuck at Submission Queue
This type of situation happens, when you perform some type of activity, which in result conflict the LegacyExchangeDN attribute on Exchange Server, (for reading more about legacyExchangeDN, read the below links), in this case, Exchange Server cannot decide where to send email for the particular legacyExchagneDN value, where the same value being used for either two different Mail-Enabled Users (Mailboxes) or between Mail-Enabled User (Mailbox) and Mail-Enabled Contact, in this situation, this emails will always stay at the Exchange Submission Queue, and you will constantly will receive the below errors in the Exchange Hub Transport Server event viewer:
Messages stuck at Submission Queue on Exchange Hub Transport Server:
Question: Okay, since these are ambiguous messages, which got created when there is a conflict of LegacyExchangeDN, now I have fixed it, so how can I remove these messages, because they are logging the above shown error log in me Exchange Hub Transport Servers event viewer?, well unfortunately, there is no way to delete messages from Exchange Management Console in both Exchange 2007 / 2010, and recently, while working for one case with Microsoft Support for Exchange Team, where I asked them can I delete these messages, so they told me the ONLY way to delete these ambiguous message from Exchange HUB Submission Queue, you have to Stop the Microsoft Exchange Transport Service, on Exchange Hub Transport Server, where the messages are stuck in the submission queue, and then rename the C:Program FilesMicrosoftExchange ServerV14TransportRolesdata” data folder to Data_OLD, and then start the “Transport Service”, which will recreate the “Data” folder, with fresh database for queue and other required files and folders, so this way you can delete these messages, and which sounded quite annoyed to me, that renaming these type of folders, is not a good idea, so I started looking for a solution, where I can delete these messages from Exchange Management Shell.
And a good thing that when I looked at the possibility for deleting these messages from EMS, so I found that it is pretty straight forward and easy, so lets see how you can delete them from Exchange Management Shell in both Exchange 2007 / Exchange 2010:
| [PS] C:Windowssystem32>Get-Queue -id Submission | Get-Message | Remove-Message -WithNDR $false |
Where in the above CMDLet WithNDR $false is telling the Exchange Server that dont send NDR to the original senders of the email, so you can scilently remove these messages from your Exchange without letting your end-users know.
In addition to the above CMDLet, you can use the same CMDLet for other queues, which are getting generate in your Exchange Hub Transport Server, for knowing about the Exchange Hub Transport Queue, you can run the below CMDLet:
| [PS] C:Windowssystem32>Get-Queue
Identity DeliveryType Status MessageCount NextHopDomain——– ———— —— ———— ————-Server_Name\Submission Undefined Ready 0 Submission Server_Name \Unreachable Unreachable Ready 1 Unreachable Domain |
To know more about LegacyExchangeDN, see the below links:
Update legacyExchagneDN attribute for Mail-Enabled Contacts
GAL Sync issues for LegacyExchangeDN
This blog post will enable you to manage and troubleshoot your Exchange Hub Transport Server and it’s queue efficiently.
Cheers!
GAL Sync issues for Mail-Enabled Contacts | LegacyExchangeDN missing from contact | IMCEAEX-_O=NT5_ou | The e-mail address you entered couldn’t be found | ADModify | Update Mail Contacts for LegacyExchangeDN | Problem udpating Mail Contacts
Author: Zahir Hussain Shah | MVP Exchange, CISSP
GAL Synchronization issues for Mail-Enabled Contacts using MIIS 2003 (Legacy IDM Solutions) with Windows Server 2008 Active Directory and Exchange Server 2010, and Troubleshooting the legacyExchangeDN attribute missing problems for Mail-Enabled Contacts
In this article, I will explain couple of important elements of GAL synchronization between different Active Directory forests, where one of the company is either importing or exporting Mail Enabled Contacts into their Active Directory, and then later creating Address List in Exchange Server for giving a handy way for their end-users for selecting different personnel from each company for making their life easier and their own life (Administrators) miserable.
I will divide this blog post into several pieces, so I can better explain the each relevant area of this solution in a more detailed manner.
Lets discuss the below:
- Different Solutions available for GAL Sync
- Known-Compatibility issues between different elements of GAL Synchronization process
- Mysteries of LegacyExchangeDN
- ADModify Tool A way to modify bulk-number of Active Directory objects in a more robust and efficient manner
- Some of the common Microsoft Outlook issues for OAB and Address Book
Different Solutions available for GAL Sync
In past, I posted a blog post about Microsoft Exchange GAL Sync between two different Active Directory Forest, which is a free-tool available in the market to sync the Exchange Address Book between two companies, but in this blog post I will be concentrating on Microsoft Solutions for GAL Sync between companies, so lets discuss Microsoft solutions for GAL Sync, Microsoft provided GAL Sync solution with first MIIS (Microsoft Identity Integration Services 2003) then we moved on with ILM 2007 (Microsoft Identity Life-cycle Manager 2007), and in the last we got Microsoft Forefront Identity Manager 2010, as of now writing this article, FIM 2010 is the latest product, which also got its R2 after its RTM version.
Known-Compatibility issues between different elements of GAL Synchronization process
Here now lets talk about MIIS first, with whom I ran into a problem recently, where I saw the root company as HUB importing information about Mail Enabled Users (mailboxes) from the source company, and then exporting all these Mail-Enabled Users (Mailboxes) information to destination company as Mail-Enabled Contacts in their Active Directory, where the destination company has created different Address List for each company with the Recipient-Filter for each company.
Problem with MIIS 2003:
When the root company exports the contacts to the Windows Server 2008 Active Directory, so then the LegacyExchangeDN attribute cannot be populated for these Mail-Enabled Contacts, which is by design, LegacyExchangeDN is/was stamped by the Exchange Recipient Update Services (RUS) which went away in Microsoft Exchange 2007 and is still not present in Microsoft Exchange 2010. In doing so MIIS 2003 would create the mail-enabled contact object, but the mail-settings that were updated by the RUS no longer occurred.
MIIS 2003 came out long before either Microsoft Exchange 2007 or Microsoft Exchange 2010. ILM 2007 was already out. What this means, is that if you are using MIIS 2003 to execute your GalSync solution to a Microsoft Exchange 2007 / 2010 Server, you will need to run an Exchange PowerShell CMDLET on the Microsoft Exchange Server after each Export. You can find more information on this process on our Microsoft Knowledge Base. If you are exporting to Microsoft Exchange 2010, then you could end up with Forest Level Mail-Enabled Contacts which are Read-Only.
Mysteries of LegacyExchangeDN
The use of X.500 addresses goes back to before Exchange 2000, when previous versions of Exchange maintained their own LDAP directory. Since Exchange 2000 the mailboxs X.500 address has been stored in thelegacyExchangeDN attribute in Active Directory. The legacyExchangeDN value is set when a mailbox is created, and includes the name of the Exchange administrative group where the mailbox belongs. LegacyExchangeDNvalues typically look like this:
/o=Organisation/ou=Administrative Group/cn= Recipients/cn=Username
Because the legacyExchangeDN value includes the administrative group name changes to admin group names will influence legacyExchangeDN values. For example when you upgrade from Exchange 2003 to Exchange 2007 your user-defined admin groups are replaced by a single admin group named Exchange Administrative Group (FYDIBOHF23SPDLT) existing mailboxes are unaffected, but mailboxes created after the upgrade will use the new admin group name in their legacyExchangeDN values. (Incidentally, if youve ever wondered why the Exchange 2007 admin group has this name, or what it means, its the text EXCHANGE12ROCKS, with all the characters shifted to the right by one!)
The current X.500 address of a mailbox can be retrieved from Active Directory using a tool such as ADSIEdit, or LDP.exe, or by using the Exchange Management Shell:
[PS] C:>Get-Mailbox juser | fl LegacyExchangeDN
LegacyExchangeDN : /o=Example/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=juser
Note: For more information on LegacyExchagneDN attribute, visit this link from Ben Lye blog post.
Lets as we mentioned above that if the contacts were created by MIIS 2003 or any legacy version of Identity Management software, which has known compatibility issues with Exchange 2010 and Active Directory 2008, so LegacyExchagneDN attribute of a Mail-Enabled Contact will not be populated by design, so in this case, after you get all the contacts created by IDM software, and the LegacyExchangeDN Attribute is missing, your Microsoft Outlook client will not be able to send emails to these contacts, and when you will try to send emails to these contacts, while selecting them from the Address Book, immediately you will receive the below NDR from Exchange Server:
Note: If you will try to send email to these contacts on their email address from MSOutlook or send via OWA to these contacts, you can send email, but when you will select the contacts from the Address Book and will send email, you will get the same below NDR.
| Delivery has failed to these recipients or groups:Zahir Hussain Shah The e-mail address you entered couldn’t be found. Please check the recipient’s e-mail address and try to resend the message. If the problem continues, please contact your helpdesk.Diagnostic information for administrators: Generating server: ExchCAS1.domain.com IMCEAEX-_O=NT5_ou=409d472dcfe32f40bf55a8b4c80c34c6_cn=d85422fc3278e64494d1075bdbfb63c8@ndc.ae Original message headers: Received: from ExchMBX1.domain.com ([169.24.2.175]) by ExchCAS1.domain.com |
So now as we saw that the LegacyExchangeDN attribute of a Mail-Enabled Contact is necessary, and therefore now, we will discuss the various possible solutions to get this attribute populated, so our Microsoft Outlook users can send emails to these contacts, by selecting them from Address Book.
Below solutions can be used to populate the LegacyExchangeDN attribute for the Mail-Enabled Contacts:
1) [PS] C:Windowssystem32>Get-MailContact | Set-MailContact
2) [PS] C:Windowssystem32>Get-Recipient | Update-Recipient
3) If you have corrupted contacts, so you will probably receive warning, while running the above commands, so in this case, you can run the below command, while by-passing the warnings:
[PS] C:Windowssystem32>Get-MailContact -ResultSize unlimited | % {Write-host processing $_Set-MailContact identity $_ Verbose erroraction continue}
[PS] C:Windowssystem32>Get-Recipient -ResultSize unlimited | % {Write-host processing $_update-recipient identity $_ Verbose erroraction continue}
4) ADModify:
ADModify.NET is a tool primarily utilized by Exchange and Active Directory administrators to facilitate bulk user attribute modifications. See this link for launch details. You can use ADModify for populating / setting legacyExchangeDN attribute for bulk-number of Mail-Enabled Contacts located in a single OU or separated across the Active Directory OUs, you can download the ADModify tool from here. Im also pasting a snapshot of ADModify that how it looks, and before you modify the contacts using ADModify, please see the below guidance for LegacyExchangeDN and ADModify:
LegacyExchangeDN attribute structure:
Lets take an example, I will create a Mail-Enabled Contact with the Display Name of Zahir Hussain Shah, and where I will put the alias as zhshah, and the external email address is set to zhshah, so by default Exchange 2010 Server generates the legacyExchangeDN value as /o=NDCIST/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=Zahir Hussain Shah326.
Note: While appending legacyExchagneDN value for all the Mail-Enabled Contacts, what you should consider and take care before you perform changes using ADModify:
I have seen situation, where the ADModify used to append the legacyExchangeDN for thousands of Mail-Enabled contacts, and kept the custom value for adding the legacyExchangeDN value as /o=OrganizationName/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=%’mailnickname’, which turned as biggest disaster, among the local Exchange Mailboxes and Mail-Enabled Contacts, and conflicted the legacyExchangeDN value between these two objects, where the legacyExchangeDN value for Mailboxes has become same (conflicted) as legacyExchagneDN value for Mail-Enabled Contacts.
Best Practice: So when you run ADModify for adding / changing legacyExchangeDN value for bulk-number of Mail Contacts, using CUSTOM attribute, always use displayName attribute to fill the legacyExchangeDN value, instead of mailNickname attribute, because it may conflict the with your Exchange Server mailboxes, and may create the below problems:
Possible issues, when the legacyExchangeDN value become same as Exchange Server Mailboxes legacyExchagneDN value:
Microsoft Outlook users will not be able to open Microsoft Outlook, and keep present Windows Security box for entering password.
Since the legacyExchagneDN value has become same for Mailboxes and Mail-Contacts, so when someone from your Exchange (user) will send an e-mail to another mailbox on your Exchange Server, it may happen that the same email will be delivered to another Mail-Contact in your group company or your partner, for which you have the conflicted legacyExchangeDN mail-contact.
Recommendation: You may use this value for ADModify while updating / changing legacyExchangeDN value for all contacts or users using Custom Attribute:
/o=OrganizationName/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=%’displayName’
How ADModify looks like, when you update / change custom Active Directory User / Contact / Computer attribute:  |
Some of the common Microsoft Outlook issues for OAB and Address Book
After you update the legacyExchangeDN for all the Mail-Enabled Contacts, users, may not be able to see the changes, and due to the cached contacts, which have been changed after you updated the legacyExchangeDN for these contacts, so you may probably see the below Microsoft Outlook OAB and Address Book related issues:
- Outlook Tool Tip Error: This e-mail message cannot be delivered to email because the e-mail address i no longer valid, because the cached contact has been corrupted and no longer valid due to the changes we made using ADModify, so in this case, the solution is to Clear the Auto-Complete for the user:
Note: After making the above changes for adding legacyExchangeDN try to execute Active Directory Replication, and download the address book for full changes.
Applies to: Exchange 2003, Exchange 2007, Exchange 2010, Windows Server 2003-Active Directory, Windows Server 2008-Active Directory.
I hope this long article, but combining multiple solutions, will help you to fix your GAL Sync and Address Book issues for Mail-Enabled Contacts.
Cheers!
How to Configure Windows NLB for Windows Server 2008 R2 based VM, running on Hyper-V 2008 R2 for Exchange 2010 CAS Array
Million $ Solution, now 100% Free! 
Following are the steps, which you need to take for configuring NLB on Windows Server 2008 R2 for Exchange 2010 CAS Array implementation:
1) Configuring CAS VMs Virtual Network Card Configuring using Hyper-V 2008 R2 Management Console:
a. Go to the settings of the CAS VMs and remove the symmetric Network Cards and Add the Legacy LAN Cards into the VM for both Public and Private communication of VM.
b. Enabled IP Spoofing on both LAN cards in the CAS Servers.
Do the same above specified settings for both CAS nodes.
2) Install and Configure Windows NLB on CAS nodes:
a. Install the NLB Feature from either Server Management console or from the Windows PowerShell.
b. From the first CAS node open the NLB Management Console
c. Create a new Cluster from NLB Mgmt Console
d. Put the CAS1 name and connect NLB console to CAS1
e. Select the interface
f. Provide the NLB IP Address and FQDN
g. Configure the Port Ranges, either you can go with all ports or as per your desire configure (SMTP, POP, IMAP, IIS, IIS 443)
h. Finished
Once you click finished for the first CAS node NLB configuration, after few minutes, you will see that the node has successfully converged and NLB Cluster with first node has successfully added.
i. Adding the second node in the cluster use the first node and add the second node, after few same steps, the second node will be added to cluster and you are done with NLB configuration for your Exchange 2010 CAS Array! J
Tips:
After configuring NLB Cluster, create your Exchange CAS Array, and then create your Mailbox Databases, because if you create Mailbox Databases, which later on you will make then highly available using DAG copies, so if you use the reverse order, you create your Mailbox Databases first and then create CAS Array, so later on you have to go and set the RPCClientAccessServer settings for each database.
I hope you enjoyed reading this article and for lots of you who are fighting with Hyper-V for your NLB Implementation can take advantage of this article.
Cheers!
Zahir Hussain Shah
Infrastructure Practice Consultant – Unified Communications
MCSE, MCTS, MCTIP Enterprise Administrator, CCNA, ITIL
Blog: http://zahirshahblog.com | LinkedIn | Twitter
DISCLAIMER: The information in this e-mail is confidential. The contents may not be disclosed or used by anyone other than the addressee(s). If you are not the intended recipient(s), any use, disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it is prohibited and may be unlawful. If you have received this communication in error, please notify us by e-mail, or telephone or e-mail and then delete the e-mail and all attachments and any copies thereof.
admin.
Exchange 2010 SP1 setup hotfixes links problem – Download Exchange 2010 SP1 hotfixes
While installing Exchange 2010 SP1, setup readiness checker will show you the required missing hot fixes, and will also provide you the links to download these missing hot fixes, but at the moment when you will try to open those links, provided by the Exchange 2010 SP1 setup, will show you the errors on MS site.
Solution:
While today I was finding these hot fixes (all from one location), so I found a good article of Rajith, where he uploaded all the bunch of required hot fixes on his SkyDrive, so I thought to share it with you for saving your time and efforts.
Download the hot fixes from the below “Download Here” link.
Cheers!
Zahir Hussain Shah
DISCLAIMER: The information in this e-mail is confidential. The contents may not be disclosed or used by anyone other than the addressee(s). If you are not the intended recipient(s), any use, disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it is prohibited and may be unlawful. If you have received this communication in error, please notify us by e-mail, or telephone or e-mail and then delete the e-mail and all attachments and any copies thereof.
admin.
What is the Real Effect of Removing Single Instance Storage in Exchange Server 2010
While today reading my blog rolls, I found a very good article about the removal of Single Instance Storage from Exchange 2010, which I also a very important element for my organization to plan our Exchange 2007 Transition / Upgrade to Exchange 2010, so I found it to be as interesting topic, and sharing you from ExchangeServerPro.
Here you go…
What is the Real Effect of Removing Single Instance Storage in Exchange Server 2010
When Exchange Server 2010 was released a lot was made of the decision by Microsoft to remove Single Instance Storage (SIS) from the Exchange database engine.
Plenty of articles have been written about this so I won’t revisit the issue in much detail, except to summarise with these points:
- Disk storage technology has basically plateaued in speed capabilities (ie, disks aren’t getting faster)
- Disk storage technology is a lot cheaper in high capacity, lower performance types (eg SATA II, SAS)
- The previous Exchange database engine used a schema that permitted SIS but did not permit further optimization of performance (specifically, allowing sequential reads)
- Removing SIS and redesigning the database schema to permit sequential reads resulted in massive performance improvements (as much as 70% less disk IO for typical behaviour)
Does This Mean More Exchange Storage?
The major concern from Exchange Server customers was the impact this would have on their Exchange storage requirements. If SIS is removed, does that mean more disk and tape storage is going to be required? Especially as more and more organizations are already moving to larger mailboxes?
Furthermore, is that increase going to be exponential because of the increasing popularity of disk duplication (eg SAN mirroring) and the nature of Exchange Server 2010 Database Availability Groups (multiple database copies across many servers)?
Short answer, yes. All of those storage requirements are likely to increase when your organization moves to Exchange Server 2010.
How Much More Storage is Needed?
In real world migrations I have seen mailbox databases grow by between 20% and 50% just from moving all of the mailboxes from an Exchange 2003 or 2007 server to Exchange Server 2010.
Similarly, growth of email storage over time also increases by similar factors.
So with that in mind, how can an organization mitigate the risk of storage costs getting out of control when they move to Exchange Server 2010?
Reducing Storage Costs for Exchange Server 2010
Firstly, take advantage of the Exchange Server 2010 database performance improvements by deploying Exchange 2010 on lower cost storage (eg SATA II or SAS instead of 15k SCSI). Some customers are tempted to use “what we’ve already got” and deploy on their existing high performance SAN, when in reality a smarter move would be to provision the Exchange 2010 mailbox servers with lower cost, lower speed direct-attached storage (DAS) for storing mailbox databases.
Secondly, don’t duplicate Exchange 2010 data unnecessarily. If you have deployed an Exchange 2010 DAG, don’t also utilize SAN mirroring for mailbox database storage. Let the Exchange 2010 application-layer replication handle it for you (Exchange 2010 SP1 introduced block-level replication to resolve one of the remaining criticisms of the Exchange 2010 asynchronous file-level replication).
Finally, look to alternative methods of de-duplicating Exchange mailbox data in organizations utilizing large mailboxes. For example, many backup applications are now including data de-dupe capabilities, as do enterprise-grade email archiving solutions.
Zahir Hussain Shah
Infrastructure Practice Consultant – Unified Communications
MCSE, MCTS, MCTIP Enterprise Administrator, CCNA, ITIL
Blog: http://zahirshahblog.com | LinkedIn | Twitter
How To Configure Exchange 2010 Disaster Recovery Site Using DAG
Exchange 2010 feature called Database Availability Group (DAG) is the new High Availability feature of Exchange 2010.
DRP Design
In both the production site and the Disaster Recovery site we need a server with Windows Enterprise edition since DAG relies on Microsoft Failover Clustering which is only available in the Enterprise edition. Both sites need a Domain Controller and a GC role. The DR site will be in a different Active directory Site so that users want log in to it
Installing
Installing Standard installation of Exchange 2010 edition on Windows 2008 R2 Enterprise that includes HAB,CAS,Mailbox – Roles. configuring all the basic configuration simillar on both servers and testing sending and reciving mail.
Creating a DAG.
In the Exchange Management Console
- Expand Organization Configuration.
- Click Mailbox.
- In the middle pane, click the Database Availability Group tab.
- In the right control pane click "New Database Availability Group".
The Create a DAG wizard starts.
Enter a name for your DAG. If you have a server with a HUB role but no mailbox role, then the wizard will select the HUB server and create the witness directory for you. If you don’t have an available HUB server, then you must manually specify the ‘Witness Server’ and a ‘Witness Directory’.
For macking sure that we want have permission problams with the Witness share directory add the ‘Exchange Trusted subsystem’ group to the witness server local administrators group. This is also necessary becasue in order to create a DAG you must also create a computer account in Active Directory. You might need to delegate ‘Exchange Trusted subsystem’ group to create and manage the computer account in Active Directory.
EMS Command for creating the DAG
We can also create the DAG with a Power Shall command instead of the GUI process -
New-DatabaseAvailabilityGroup -Name E10DAG -WitnessDirectory C:DAG1 -WitnessServer FQDNofaServerinPrimarySite -DatabaseAvailabilityGroupIpAddresses 192.168.15.233,192.168.25.233 -Verbose
| with the Wizard you cannot set a fixed IP on your DAG. Instead, it will use DHCP to assign an IP. This is important to consider since it is recommended that you have an IP in every subnet that contains DAG members. |
The next step is to add your Exchange mailbox servers to your DAG
Right Click ‘Manage Database Availability Group Membership’ and then add the mailbox servers to it.
the Failover Cluster role will be installed on the servers you added to your DAG.
EMS Command For adding an Exchange server to DAG
Add-DatabaseAvailabilityGroupServer -Identity E10DAG -MailboxServer FQDNofMailboxServer -Verbose
The next step is to add databases to your DAG members in order to enable replication.
- Return to Exchange Management Console and expand Organization Configuration.
- Click Mailbox. In the middle pane, click the Database Management tab.
- In the lower pane, right-click the database you wish to replicate within the DAG.
- Choose Add Mailbox Database Copy.
- When the wizard launches, browse for the server in the DAG to which you want to replicate the mailbox database. Pick a Replay lag time and a truncation lag time.
EMS Command For adding a Database to replication
Add-MailboxDatabaseCopy -Identity ‘Mailbox Database 2010A’ -MailboxServer FQDNofServerInDRSite -ActivationPreference 2
| This step can potentially take a long time since the database is seeded to the DR site,the amount of time it takes depends on the database size and available bandwidth.
Set the ActivationPreference on all the Databases to 1 on the server in the production site; then, set the database copy on the server in the Disaster Recovery site to ‘suspended’ for activation. |
Now we must set some parameters on the mailbox database so that it is not automatically activated.
EMS Command
Suspend-MailboxDatabaseCopy -Identity ‘Mailbox Database 2010AFQDNofServerInDRSite’ -ActivationOnly -Verbose
Configuring Replay Lag Time
Configuring Replay Lag time is something that you should seriously consider doing. Lag time is how long the passive copy will wait until the transaction log is replayed into the database. Replication is still happening as fast as possible.
EMS command
Set-MailboxDatabaseCopy -Identity ‘mailbox database 2010AFQDNofServerInDRSite’ -ReplayLagTime 0.1:0:0 -Verbose
There is also another paratemeter that you might want to use–the Truncation Lag Time.
EMS command
Set-MailboxDatabaseCopy -Identity ‘mailbox database 1976375852FQDNofServerInDRSite’ -TruncationLagTime 0.1:0:0
| Please note: 0.1:0:0 means 1 hour |
How long you set the ReplayLagTime and TruncationLogTime for depends on two things
- How long it takes you to notice a corruption on the production site.
- How long it takes to replay all transaction log files if you activate the DR site.
Creating the CASArray
New-ClientAccessArray -Name CASArray-HQ -Fqdn FQDNofYourDesiredEndpoint -Site ADsiteInPrimaryDatacenter
Now configure all your databases to have the CASArray-HQ object as the RPCClientAccessServer. This will ensure that Outlook conencts to CASArray FQDN instead of the actual server name.
Get-MailboxDatabase | Set-MailboxDatabase -RpcClientAccessServer CASArray-HQ
You must also create a record in DNS with FQDNofYourDesiredEndpoint with an IP of your Exchange server in the primary datacenter. Set the TTL to a low value, such as 5 minutes, to make the switchover go faster to the Disaster Recover sit
