Blog Archives
Real Life Exchange 2010 Disaster Recovery
Real Life Exchange 2010 Disaster Recovery
Friends,
Today while I was searching on Internet, for reading more to design Exchange 2010 Disaster Recovery Methodologies, this is what I got, and I found it will be quire helpful for everyone, because this got tested and carried out for one Real World Exchange 2010 Disaster Recovery Scenario:
Method goes as follows:
1 | Find some live mailbox servers that had the spare capacity to mount 22 databases. Split the list of databases to be mounted among them.
2 | For each mailbox server, copy over the database and log directories so we had the data to use.
3 | Perform a soft recovery with eseutil /r on each database/log set to commit any uncommitted log files and ensure we could actually mount the data later in the process.
4 | Create the new mailbox databases: new-mailboxdatabase -name <name> -server <server> -EdbFilePath <path to recovery folder, e.g. c:\RecoverDBs\RecoverDB1\<name of original edb>.edb> -LogFilePath <path to logs, e.g. c:\RecoverDBs\RecoverLogs1>
Pro Tip: Use a new name for the database. If the old database was named DAG1-DB001, you might use DAG1-RecoveryDB001.
5 | Set the newly created databases to allow file restore: set-mailboxdatabase <db name> -AllowFileRestore:$true
6 | Copy in the database, logs and catalog data to the correct folders (those specified in step 4)
7 | Mount the databases one at a time: mount-database <DatabaseName>
8 | Once the database is mounted we can now re-home all the users with mail data there: get-mailbox -database <OriginalDatabaseName> | ?{$_.ObjectClass -NotMatch ‘(SystemAttendantMailbox|ExOldDbSystemMailbox)’} | set-mailbox -database <RecoveryDatabaseName>
9 | If you’re running with multiple copies then keep in mind that you’ve only got one live copy of the new database. You can either add a copy of the new database or do what we did and move them to databases on your new DAG that (hopefully) has multiple copies already. If you choose to go the route of moving them to existing healthy databases the command is: get-mailbox -database <RecoveryDatabaseName> | new-moverequest -TargetDatabase <HealthyDatabaseName>
Comments and/or questions are welcome in the comments. I just wrote this from memory so if I missed anything along the way please let me know.
Source:
http://jeremyphillips.org/2010/01/real-life-exchange-2010-disaster-recovery/
Zahir Hussain Shah
Allowing Photo Copier and Scanners to send emails using Exchange 2010, Configure Relaying in Exchange 2010
Hi Folks,
Just before couple of days ago, I got one request from my customer that they have photocopier and scanners machine, which synchs with AD, and on these Photo Copier / Scanner machines, they have to configure SMTP SERVER for sending notification and scanned images to users, but after creating a USER / MAILBOX in Exchange 2010, whenever they try to send a test email from these Photo Copier / Scanner machine or WEB CONSOLE, it gets failed.
So finally, when I looked into the Exchange to enable these machines to take advantage, and relay the customer’s Exchange 2010 for sending these Images and notification to users, so I found the below workaround for fixing this problem:
Environment details:
2 Server boxes for CAS / HUB Roles installed
2 Server boxes for Mailbox Role Installed
NBL Cluster configured on CAS Servers
CAS ARRAY FQDN: CASNLB.ABC.COM
Solution:
1) Open Exchange 2010 Management Console on CAS 1
2) Expend the SERVER CONFIGURATION working pane
3) Select HUB TRANSPORT and create a RECEIVE CONNECTOR
4) Select Receive Connector type as CUSTOM
5) Give the name of Receive Connector
6) In the Receive Emails from the remote host, you can add the IP ADDRESS or RANGE of a PHOTOCOPIER / SCANNER, to whom you want to allow for relaying using Exchange.
7) Finish
Now we will customize the properties of a receive connector:
In the below image you can see that in the “Receive mail from remote servers” section, you can add all those application and devices, to whom you want to use Exchange for relaying.
NOTE: In the authentication tab, you should uptick the TLS Authentication, and on the PERMISSION tab, you should TICK Anonymous permission for accessing this connector.
After customizing the connector for removing TLS authentication and giving the permission for Anonymous access, you are ready to use this connector for allowing Relaying through your Exchange 2010 Organization, and as I mentioned in the beginning of this article that in our environment we have TWO CAS / HUB, so repeat the same steps to create the replica connector on the another HUB TRANSPORT SERVER.
Thanks for your visiting, and take a interest to read this article.
Zahir Hussain Shah
How to Securely Deploy iPhones with Exchange ActiveSync in the Enterprise
“This is dedicated to my all Exchange folks, who are just fade up with BES”
How to Securely Deploy iPhones with Exchange ActiveSync in the EnterpriseToday I found a wonderful article regarding the Exchange ActiveShync Deployment for iPhone, and guys trust me, this can replace the BES from your organization, and can give the most robust Messaging and Collaboration experience to your companies end-users.
And a special thanks to “Jeff Guillet”, for creating such a great guide to help all of us.
Click on the below link to see the step by step guide for Exchange ActiveSync Deployment for iPhones:
http://www.expta.com/2010/02/how-to-securely-deploy-iphones-with.html
Zahir
CAS Sizing
Hi Friends,
While today reading my RSS feeds in the Outlook, I saw one wonderful article, regarding the CAS sizing, and since its common between us that Microsoft has never shared such tool or information for the sizing of Exchange Client Access Server, so after had look on this information, I felt to share it with you guys.
Here you go…
As you can see above that the Exchange ActiveSync is one of the resource hungry process on the CAS, so if you are planning to provide Outlook along with ActiveSynch access to your corporate users, then you have to consider the more CPU aid to your CAS.
I hope this would be helpful for lots of people, who are in the process to plan out their Exchange 2010 environment
Zahir Hussain Shah
Exchange 2010 – Roll up 4 “AVAILABLE”
Dear Folks,
Microsoft Exchange Team has released the Exchange 2010 Roll up 4.
Major fixes:
- KB 980852 The RpcClientAccess process on an Exchange Server 2010 server crashes when you access a mailbox by using a MAPI application
- KB 979801 An error message is generated in Exchange Server 2010 when you use Exchange Troubleshooting Assistant
- KB 980364 The Exchange Transport service on an Exchange Server 2010 server crashes when a certain message is processed
- KB 980353 A MAPI application that is used to access Exchange Server 2010 mailboxes crashes when the application accesses an address book
- KB 979790 An IMAP4 client crashes when accessing an Exchange Server 2010 mailbox
We corrected a few replication issues some of you encountered.
- KB 980149 The Add-MailboxDatabaseCopy command fails when it is used to add a database copy to a Database Availability Group in an Exchange Server 2010 environment
- KB 981961 Event ID 4033 is logged and the Free/Busy replication from an Exchange Server 2003 server to an Exchange Server 2010 server fails
- KB 979921 You cannot replicate a public folder from one Microsoft Exchange Server 2010 server to another, and Event ID 3079 is logged on the target server
Zahir Hussain Shah
Configuring Exchange 2010 for BlackBerry Enterprise Server (BES)
RESOLVED: OpenMsgStore failed (8004011d) error in Exchange 2010
If you followed the official BES 5.0.1 install guide you would have issued the following two commands:
New-ThrottlingPolicy BESPolicy
Set-Mailbox “BESAdmin” -ThrottlingPolicy BESPolicy
These two commands would have created a new policy and added BESadmin with all the default settings (RCAMaxConcurrency = 20) which will cause the “OpenMsgStore failed (8004011d)” error to occur once multiple users are added to the BES.
To correct this error please enter the commands below into the Exchange Management Shell:
1. Change the RCAMaxConcurrency setting to unlimited (default is 20) using the following command:
Get-ThrottlingPolicy | where {$_.IsDefault -eq $true} | Set-ThrottlingPolicy -RCAMaxConcurrency $null
2. Display a list of your Throttling Policies using the following command:
Get-ThrottlingPolicy
3. From the “Get-ThrottlingPolicy” output locate and copy the “DefaultThrottlingPolicy” name.
Example: “DefaultThrottlingPolicy_a1f84187-7a42-4ece-9276-06c704be21e7“
4. Now enter the command below but paste in your DefaultThrottlingPolicy name.
Set-Mailbox “BESAdmin” -ThrottlingPolicy <Default Policy Name>
Example: Set-Mailbox “BESAdmin” DefaultThrottlingPolicy_a1f84187-7a42-4ece-9276-06c704
5. Now we need to remove the BESPolicy that isn’t required by issuing the command below:
Remove-ThrottlingPolicy BESPolicy
Installing BlackBerry Enterprise Server 5 for Exchange 2010
Install BES 5.0.1 MR1 or higher in an Exchange 2010 Environment
Note: In an Exchange 2010 environment BlackBerry Enterprise Server should NOT be installed on the mail server. Also before installing BES you MUST have public folders enabled and have an Offline Address book configured in Exchange 2010.
STEP 1
On the server you have selected to load BlackBerry Enterprise Server download and install “Microsoft Exchange Server MAPI Client and Collaboration Data Objects 1.2.1” (Exchange 2010 requires version 6.5.8147 or higher) which is available from the Microsoft Download site (a.k.a ExchangeMapiCdo.EXE). This will install the CDO and MAPI DLLs which is a prerequisite for BES to operate correctly. This replaces the previous requirement to have Exchange System Manager installed in Exchange 2000 or 2003 environments. The current download link is as follows: Download details: Microsoft Exchange Server MAPI Client and Collaboration Data Objects 1.2.1
STEP 2
Log onto your Exchange Server using an account which has permissions to create an new account. Open the Exchange Management Console and create a new account and mailbox for a user called BESadmin.
STEP 3
From the Exchange 2010 server open the “Exchange Management Shell” which can be found in the Exchange program group. From EMS run the following two scripts to set the delegate control and required permissions:
Add-RoleGroupMember “View-Only Organization Management” -Member “BESAdmin”
Get-MailboxDatabase | Add-ADPermission -User “BESAdmin” -AccessRights ExtendedRight -ExtendedRights Receive-As, ms-Exch-Store-Admin
STEP 4
Now you need to set the Send AS permissions using the command below:
Add-ADPermission -InheritedObjectType User -InheritanceType Descendents -ExtendedRights Send-As -User “BESAdmin” -Identity CN=Users,DC=<domain_1>,DC=<domain_2>,DC=<domain_3> ”
Example:
Add-ADPermission -InheritedObjectType User -InheritanceType Descendents -ExtendedRights Send-As -User “BESAdmin” -Identity “CN=Users,DC=bbforums,DC=local”
Note: It is common for this command to fail and you will receive the error below. If this error appears please refer to the workaround provide that is listed under the error code below.
Active Directory operation failed on Domain ***Controllor Name***. This error is not retriable. Additional information: Access is
denied.
Active directory response: 00000005: SecErr: DSID-031521D0, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
+ CategoryInfo : WriteError: (0:Int32) [Add-ADPermission], ADOperationException
+ FullyQualifiedErrorId : DA172DD1,Microsoft.Exchange.Management.RecipientTa sks.AddADPermission
Workaround 1
Assign Send As permissions to all users via Active Directory
1. Open Active Directory.
2. Select the “View” menu and ensure “Advanced Features” is checked.
3. Right mouse click on your domain name and select Properties
4. Select the Security tab
5. Press the Advanced button at the bottom on the security tab
6. Select “Add” and enter your Blackberry Service Account name (e.g. BESadmin) and select OK
7. When the permissions screen appears change “Apply onto:” to “User Objects” (or “Descendant User Objects” on Server 2008)
8. In the permissions box scroll down and check the Allow box beside “Send As” and press OK
9. Press Apply and OK to exit
Workaround 2
Individually assign Send As permissions to a user via the Exchange Management Shell:
Add-ADPermission “BES User Mailbox Name” -User “Domain\BESadmin” -Extendedrights “Send As”
Example: Add-ADPermission “Gary Cutri” -User “Domain\BESadmin” -Extendedrights “Send As”
STEP 5
We need to turn off client throttling in Microsoft Exchange 2010 as it enforces bandwidth limits which will affect the BlackBerry Server. To do this run the command from the Exchange Management Shell.
Get-ThrottlingPolicy | where {$_.IsDefault -eq $true} | Set-ThrottlingPolicy -RCAMaxConcurrency $null
STEP 6
Now we need to increase the maximum number of connections Exchange 2010 allows to the Address Book service. By default this is set to 50 and to increase this navigate to “\Program Files\Microsoft\Exchange Server\V14\Bin” and open the microsoft.exchange.addressbook.service.exe.config file with Notepad. Now change the MaxSessionsPerUser entry to 100000 and then save the file and restart the Address Book service.
Note: By default you may not have permission to edit this file so edit the permissions > add the administration account you are using > grant this account access to edit the file.
STEP 7 – (OPTIONAL STEP)
You have the ability to allow the BES to use Exchange Web Services to manage calendars on the devices, in order to utilize this service you need to configure a management role by running the following command from the
Exchange Management Shell:
New-ManagementRoleAssignment -Name “BES Admin EWS” -Role ApplicationImpersonation -User “BESAdmin”
STEP 8
Make BESadmin a local Administrator of the server where you will be installing the BES software. This is done by right mouse clicking My Computer and selecting “Manage”. From Computer Management expand “Local Users & Groups” and select Groups (or in Server 2008 right click Computer > From Server Manager expand Configuration and select “Local Users & Groups” > Select Groups). From Groups double click “Administrators” and add BESadmin.
STEP 9
On the BES server go to “Administrative Tools” and open “Local Security Policy” and then expand the “Local Policies” and “User Right Assignment”. You need to add BESadmin to “Log on Locally” and “Log on as Service”.
STEP 10
Log onto the server where you will be installing the BES using the BESadmin account. Extract the install files and run the setup file. When making your selection please note that the Monitoring service should be installed on a separate machine and the MDS Integration Service is only required for application development (note: the standard MDS service is installed by default). During the install you will be prompted to reboot, please ensure after the restart you logon as BESadmin again as the installation will continue. During the final part of the installation when you enter your SRP ID, Auth Key and CAL please ensure you select the verify option as apart from validating the info it confirms that Port 3101 is opened correctly.
Note: If you are installing BES onto server with existing services that use port 443 during the BES install change the HTTPS Service Port to a port that does not conflict with any other applications e.g. 643 or 3443. For further information on issues that prevent access to BAS please refer to the link below:
The Unofficial BlackBerry Support Forum – Threads Tagged with bas
STEP 11
Once the installation is completed and the service have started log onto the Blackberry Administration Service. Please note that the BAS-AS services needs to reach approximately 385MB of memory usage (you can check this via task manager) before it can be accessed.
Note: If you are unable to logon to the BAS using Active Directory credentials please run the attached “AddBASAuthentication.sql” script below as this will create a local “BlackBerry Administration Service” account with the username: admin and the password: blackberry.
STEP 12
In order to get you up to speed on adding users and performing activations please refer to the video tutorial below:
Tutorial – BlackBerry Administration Service
Extra Details:
Send As Permissions
Unlisted message error or Desktop email program unable to submit message
Allow Cross-Site POP3 and IMAP4 Client Connectivity
Applies to: Exchange Server 2010 Topic Last Modified: 2009-05-19
You can allow your POP3 and IMAP4 clients to connect to their mailbox from one site in your organization when their mailbox is located in a different site in your organization. This setting is not enabled by default. This feature can only be performed by using the Exchange Management Shell.
Looking for other management tasks related to <blah>? Check out <link to managing topic>.
Use the Shell to enable or disable cross-site POP3 or IMAP4 client connectivity
<Insert Permissions>
This example enables cross-site IMAP4 connectivity:
Set-IMAPSettings -AllowCrossSiteSessions
This example enables cross-site POP3 connectivity:
Set-POPSettings -AllowCrossSiteSessions
Restart the IMAP4 service or the POP3 service. You must restart the service you are using to start the process of replicating this settings change to all of your domain controllers.
Zahir Hussain Shah
