Showing posts with label Exchange 2013. Show all posts

Thursday, 29 June 2017

Exchange Updates–June 2017

The Exchange Team have released the June 2017 quarterly updates for Exchange 2013 and 2016. These Cumulative Updates will require .NET Framework 4.6.2 installed prior to upgrade; .NET Framework 4.7 is still being validated by the Exchange Team and should not be installed until validation is completed.

Updated functionality in Exchange 2016 Cumulative Update 6:

Sent Items Behaviour Control, This feature enables mailbox delegates who have Send As or Send on behalf of permissions of a mailbox to save a copy of the item in the delegators Sent Items

Note: This feature is targeted to Exchange Server 2016 only and will not be included in Exchange Server 2013. Exchange Server 2013 already has its own implementation of Sent Items Behaviour Control which is different to the version released in this Cumulative Update.
Original Folder Item Recovery, This feature enables deleted items to be restored to their original folder; This feature does require LAPEID MAPI property on the deleted item, which has been stamping items since Exchange 2016 CU1, this means that as soon as CU6 is installed this feature will work.

Note: This feature is targeted to Exchange Server 2016 only and will not be included in Exchange Server 2013.

Release Details:

KB articles that describe the fixes in each release are available as follows:

Exchange Server 2016 Cumulative Update 6 (KB4012108), Download, UM Lang Packs
Exchange Server 2013 Cumulative Update 17 (KB4012114), Download, UM Lang Packs

Exchange Server 2016 Cumulative Update 6 does include new updates to Active Directory Schema. If upgrading from an older Exchange version or installing a new server, Active Directory updates may still be required. These updates will apply automatically during setup if the logged on user has the required permissions. If the Exchange Administrator lacks permissions to update Active Directory Schema, a Schema Admin must execute SETUP /PrepareSchema prior to the first Exchange Server installation or upgrade. The Exchange Administrator should execute SETUP /PrepareAD to ensure RBAC roles are current.

Exchange Server 2013 Cumulative Update 17 does not include updates to Active Directory, but may add additional RBAC definitions to your existing configuration. PrepareAD should be executed prior to upgrading any servers to Cumulative Update 16. PrepareAD will run automatically during the first server upgrade if Exchange Setup detects this is required and the logged on user has sufficient permission.

Exchange Online Hybrid Customers:

Reminder: Customers in hybrid deployments where Exchange is deployed on-premises and in the cloud, or who are using Exchange Online Archiving (EOA) with their on-premises Exchange deployment are required to deploy the most current (e.g., 2013 CU17, 2016 CU6) or the prior (e.g., 2013 CU16, 2016 CU5) Cumulative Update release.

Sunday, 18 June 2017

.NET Framework 4.7 and Exchange Server

.NET Framework has been released and is available via Windows Update. Support for this version of .NET Framework has not been confirmed by the Exchange Team. It’s important to have the correct version of .NET Framework installed that is supported by the version of Exchange installed:

Temporary Block

.NET Framework 4.7 can be blocked from installation by adding a registry key to your Exchange servers, follow the instructions in the Microsoft KB – Link

Key:

HKLM:\Software\Microsoft\NET Framework Setup\NDP\WU\

DWORD:

BlockNetFramework47

Value:

1 (REG_DWORD)

Note Organizations do not have to modify the registry in environments that are managed through an update management solution, such as Microsoft WSUS or System Center Configuration Manager. Organizations can use these products to fully manage the deployment of updates that are released through Windows Update or Microsoft Update. The procedure that's discussed in this article is necessary only for computers that directly connect to and receive updates from Windows Update.

Reporting:

You can find a script on the TechNet Gallery Link to help check version installed and confirm if the block is in place

Pre registry change:

Post registry change:


Reference Links:

Exchange Team Blog – Link
Exchange Support Matrix – Link (Note – .NET Framework 4.7 has not been added yet)
.NET Framework Block – Link
.NET Framework report – Link

Disclaimer: All scripts and other PowerShell references on this blog are offered "as is" with no warranty. While these scripts are tested and working in my test environment, it is recommended that you test these scripts in your own test environment before using in any production environment.

Sunday, 5 June 2016

Mailbox Migration to Exchange Online, Strange error…

Recently I tried to do some mailbox migration tests between my on-premises Exchange infrastructure and Exchange Online in Office 365. The mailbox move/migration should be the simple part on any migration project as you spend all the time ensuring the other parts of the solution are correct. However I queued a new move request recently as I needed a new mailbox in Exchange Online to test some settings in SharePoint Online… The move started, but it failed with the following:

After a number of checks and trying the migrations again still with no joy, I thought I’d remove the user/object from Office 365. Prior to removing the object I connected to Exchange Online via PowerShell and ran:

Get-MailUser –Identity “Affected user email” | FL *GUID*, Ident*

I then moved the users AD Object in my local Active Directory to an OU that was not being synchronised to Azure AD, and performed a full sync. Once the sync had completed I confirmed the user object was no longer in Azure AD, then moved the AD Object back to synchronised OU and perform another sync. After the sync had completed I re-ran the previous PowerShell cmdlet:

So by performing these actions I can see that I managed to get a new object GUID for the this mail user. I then performed a new mailbox migration to Exchange Online which completed successfully.

I will add that my home lab does get a load of abuse, where I test different exchange scenarios, but I do this so I know how to fix issues etc. its very possible I caused this error within my lab when I was doing previous disaster recovery tests. So there is a very good chance that you may never see this error.

I know that this process can be very long especially if your Directory Synchronisation has a lot of objects, so I’ll continue to look if there is another way to resolve this.

Sunday, 25 October 2015

Exchange 2013 Cumulative Update

The latest Exchange 2013 Cumulative Update (CU) 10 was released on 15th September 2015. There was no schema changes compared to CU9 , in fact the last schema change was in CU7.

Download the CU10 Download Link, and extract the setup files to local on the Exchange Server. To upgrade the Schema, Configuration and Domain this can be done from a 64-Bit Domain Controller or from an Exchange Server with the Remote Tools Administration Pack feature installed. To install this feature:

Open Windows PowerShell (Run as Administrator)
Install the Remote Tools Administration Pack using the following command

Install-WindowsFeature RSAT-ADDS

To upgrade the Schema, Configuration and Domain(s) open a command window (Run as Administrator) and run the following commands:

Setup.exe /PrepareSchema /IAcceptExchangeServerLicenseTerms
Setup.exe /PrepareAD /IAcceptExchangeServerLicenseTerms
Setup.exe /PrepareDomain /IAcceptExchangeServerLicenseTerms

If you you have multiple domains to in the Active Directory Forest you can use the /PrepareAllDomains.

Note: To prepare The Schema the service account used must be a member of Schema Admins and Enterprise Admins, To update the Configuration and Domain(s) the service account used must be a member of Enterprise Admins.

Reference: TechNet Prepare Active Directory and Domains

PrepareSchema, PrepareAD, PrepareDomain

Unattended Installation

Once the Schema, Configuration and Domain has been updated, allow time for this to replicate to all Domain Controllers in the forest, The easiest way to upgrade a Exchange 2013 server is with an Unattended Installation. Open a command window (Run as Administrator) and run the following command:

Setup.com /Mode:Upgrade /IAcceptExchangeServerLicenseTerms

The setup will check the environment to ensure that it’s ready to install, any warnings will be displayed, for instance my installation warned that I didn’t have a send connector for ‘*’, this is because my lab sits behind a dynamic IP address and I can’t send external SMTP.

Note: This upgrade was on a standalone Exchange server that was not a member of a Database Availability Group(DAG), If a server is a member of a DAG it needs to removed/suspended from the load balanced environment and put into maintenance mode, I’ll get this posted on another day.

Friday, 6 March 2015

Road to MCSE Messaging complete…

Back in August 2013 I set myself a goal to complete my MCSE Messaging exams, this meant I needed to pass three exams… but in reality it was really six in my opinion.

My exam path was 70-417 (Upgrading Your Skills to MCSA Windows Server 2012), I was able to sit the upgrade as I already had MCITP: Messaging 2010, this is also the reason I believe it was six exams, because 70-417 is three exams in one covering content from 70-410, 70-411 and 70-412. I passed this in April 2014. Passing this exam gave me a MCSA: Server 2012

Next up was 70-341 (Core Solutions of Microsoft Exchange Server 2013), annoyingly it took two attempts, I think I took the first attempt to early and it knocked me for six, and wasn’t looking forward to retaking. However I took again and passed in December 2014.

Last up 70-342 (Advanced Solutions of Microsoft Exchange Server 2013), which I passed yesterday!!! and now have my MCSE: Messaging.

Back in August I said to myself I want to complete this in a year… well six months late, but I still got there, in that time I did have a skiing accident which didn’t help, so was more focused on me than my study, so I going to say I still meet my target ;-)

Here is some of the tools I used during my study

Books:
Server 2012

Installing and Configuring Windows Server 2012 – Link (Now updated for R2)
Inside Out Windows Server 2012 – Link (Now updated for R2)
Exam Ref 70-417 Upgrading from Windows Server 2008 to Windows Server 2012 R2 (MCSA) - Link

Exchange 2013
Inside Out Microsoft Exchange Server 2013: Mailbox and High Availability – Link
Inside Out Microsoft Exchange Server 2013: Connectivity, Clients, and UM – Link
Exam Ref 70-342 Advanced Solutions of Microsoft Exchange Server 2013 (MCSE) – Link
Mastering Microsoft Exchange Server 2013 - Link
Microsoft Exchange Server 2013 High Availability - Link

Videos:
Microsoft Virtual Academy – Link
Channel 9 - Link

Finally a big thanks to friends and colleagues (You know who you are…) that have put up with all my stupid questions during various stages of my study and exams.

I know I’ve just finished but next goal is MCSA: Office 365… where to start…

Friday, 20 February 2015

Deploying Address Book Policies

This blog will cover deploying Address Book Policies (hereafter ABP) in Exchange 2013. This post will cover both from an Admin point-of-view, and a User point-of-view. In my home lab and to help illustrate how the ABP works we’ll take two of world’s favourite cartoon families “The Simpsons” and “the Griffins”.

The Basics

Each ABP must contain at least one on the following:

Address List (AL)
Offline Address Book (OAB)
Global Address List (GAL)
Room Address List (RAL)

Plan, Plan, Plan…

Its important that you plan your deployment of ABP, as there are a number of different elements that can cause the ABP not to function how you envision.

Address Book Policy Routing agent… (Optional)

The ABP routing agent allows complete separation of users based on there ABP; From TechNet: - https://technet.microsoft.com/en-us/library/jj657455(v=exchg.150).aspx

If you’re using ABPs, and you don’t want users in separate virtual organizations to view each other’s potentially private information, you can turn on the Address Book Policy Routing agent. The Address Book Policy Routing agent is a Transport agent that runs on the Mailbox server that controls how recipients are resolved in the organization. When the Address Book Policy Routing Agent is installed and configured, users that are assigned different GALs appear as external recipients in that they can’t view external recipients’ contact cards.

What this means to the a user, is displayed in the following screenshots:
Without the routing agent configured

Using an Outlook client you can see the “Display Name” has resolved when the SMTP has entered, and when you right click and select “Open Outlook Properties” it will display the information from Active Directory. In OWA the experience is a little different

You can see the SMTP name has resolved to be the “Display Name” but no additional details are shown in the contact.

With the routing agent configured

Using an Outlook client you can see the “Display Name” has not resolved when the SMTP has been entered, and when you right click and select “Open Outlook Properties” it will display the SMTP details. in OWA the experience is a little different

You can see the SMTP name has not resolved, however the User image still appears.

NOTE: The OWA experience may just be in my lab environment, I couldn’t get this to change, and will do further troubleshooting and update accordingly.

How to install the ABP Routing agent

Run the following commands to install the ABP Routing agent:

Open Exchange Management Shell (EMS) as Administrator
Run the following command to install the agent

Install-TransportAgent -Name "ABP Routing Agent" -TransportAgentFactory "Microsoft.Exchange.Transport.Agent.AddressBookPolicyRoutingAgent.AddressBookPolicyRoutingAgentFactory" -AssemblyPath $env:ExchangeInstallPath\TransportRoles\agents\AddressBookPolicyRoutingAgent\Microsoft.Exchange.Transport.Agent.AddressBookPolicyRoutingAgent.dll
Run the following command to enable the transport agent

Enable-TransportAgent "ABP Routing Agent"
The transport service needs to be restarted

Restart-Service MSExchangeTransport
Run the following command to enable the ABP Routing agent

Set-TransportConfig -AddressBookPolicyRoutingEnabled $true

Divide your Organisation

This is where you separate for Exchange objects into groups, this maybe separate companies, departments, or regions. From TechNet:- https://technet.microsoft.com/en-us/library/jj657455(v=exchg.150).aspx

You'll need to develop a way to divide your organizations. We recommend using the CustomAttribute1-15 property on the mailboxes, contacts, and groups instead of the pre-canned conditional attributes such as Company, Department, or StateOrProvince to divide the virtual organizations for the following reasons: Not all recipient types of objects have precanned conditional attributes in Active Directory. For example, Distribution Group and Dynamic Distribution Group do not support company, department, or state attributes.

Not all precanned conditional attributes are exposed in cmdlets for some recipients. For example, the Company, department, and StateOrProvince parameters are not available on the exposed in cmdlets for mail users, contacts, distribution groups, and mail-enabled public folders.
Multiple cmdlets are required to segregate recipient when you use the pre-canned conditional attribute. For example, you need to run Set-User to tag Company, Department, StateOrProvince for a UserMailbox after you run New-Mailbox or Set-Mailbox cmdlets.
The CustomAttributeX parameters are all exposed in the Set-* cmdlet for each recipient type, we can complete all segregation for that type via single Set- cmdlet
CustomAttributeX attributes are explicitly reserved for customization of an organization and are entirely under the control of the organization administrators.

Note: From experience and working on a number of different environments I find that “CustomAttribute 1-15” are normally the best fit, however it’s worth noting that these attributes are also commonly used in Email Address Policies, so it’s worth checking if these attributes are not being used for another purpose.

Create Address Lists, Global Address Lists, and Offline Address Lists

At the start of the post I said that each ABP requires at least one AL, GAL, OAB, and RAL. Here I find that a good naming convention helps with any design, however I’ll also highlight a couple areas that I find them to be an issue and how to address them.
For this demonstration I’m keeping it fairly simple and just separating the two groups of users “The Simpsons” and “Family Guy”, for this reason I’ve used the “Company” fields in the following PowerShell, as explained earlier this may not be the best fit. Some of the following processes can be created in the Exchange Admin Console (EAC) I’ll indicate where you can’t use the EAC.

Address Lists

I’ve formatted the name of the address list “AL_The Company_Object”, obviously the middle section may change based on separation, this gives me:

AL_The Simpsons_All User
AL_Family Guy_All Users
AL_The Simpsons_All Rooms
AL_Family Guy_All Rooms

To create the these AL’s run the following commands into EMS:

New-AddressList -Name 'AL_The Simpsons_All Users' -ConditionalCompany @('The Simpsons') -IncludedRecipients 'MailboxUsers'
New-AddressList -Name 'AL_Family Guy_All Users' -ConditionalCompany @('Family Guy') -IncludedRecipients 'MailboxUsers'

You will also need a RAL, these are just AL’s with a RecipientType filter applied to the list (This type of filter cannot be applied in the EAC), To create the these AL’s run the following commands into EMS:

New-AddressList -Name 'AL_The Simpsons_All Rooms' -RecipientFilter {(RecipientDisplayType -eq 'ConferenceRoomMailbox') -and (Company -eq 'The Simpsons')}
New-AddressList -Name 'AL_Family Guy_All Rooms' -RecipientFilter {(RecipientDisplayType -eq 'ConferenceRoomMailbox') -and (Company -eq 'Family Guy')}

If you don’t use “Room Mailboxes” in your organisation you can use the default Room AL or create a blank AL that will not be populated with any objects:

New-AddressList -Name AL_BlankRoom -RecipientFilter {(Alias -ne $null) -and (RecipientDisplayType -eq 'ConferenceRoomMailbox')}

This creates the necessary AL’s and RAL’s for each ABP; but I would just highlight a functionality point here, this is not a Exchange Admin point, but from the User’s point of view and how I address this. By running the previous commands you get the following the EAC:

However the user will see the name used during creation of the AL

This can easily be updated, but this is where the EAC is not always great, the EAC will display the “DisplayName” and not the “Name”, so when you update the lists to be “All Users” etc you get this:

However EMS gives you this:

This also however does mean you get happy users ;-)

Global Address Lists

I’ve formatted these similar to the AL’s; “GAL_The Company”, obviously you may need to extend based on separation, this gives me:

GAL_The Simpsons
GAL_Family Guy

NOTE: New GAL’s cannot be created in the EAC, these need to be created in the EMS:

New-GlobalAddressList -Name "GAL_The Simpsons" -IncludedRecipients MailboxUsers -ConditionalCompany "The Simpsons"
New-GlobalAddressList -Name "GAL_Family Guy" -IncludedRecipients MailboxUsers -ConditionalCompany "Family Guy"

Offline Address Books

The last part before creating the ABP, is to create an OAB; I’ve formatted these the same as the GAL’s; “OAB_The Company”, obviously you may need to extend based on separation, this gives me:

GAL_The Simpsons
GAL_Family Guy

NOTE: New OAB’s cannot be created in the EAC, these need to be created in the EMS:

New-OfflineAddressBook -Name "OAB_The Simpsons" -AddressLists '\AL_The Simpsons_All Users'
New-OfflineAddressBook -Name "OAB_Family Guy" -AddressLists '\AL_Family Guy_All Users'

Address Book Policies

The final part is to put all the above together to create an ABP; ABP’s cannot be created in the EAC, these need to be created in the EMS:

New-AddressBookPolicy -Name "The Simpsons" -GlobalAddressList "\GAL_The Simpsons" -AddressLists '\AL_The Simpsons_All Users' -OfflineAddressBook '\OAB_The Simpsons' -RoomList '\AL_The Simpsons_All Rooms'
New-AddressBookPolicy -Name "Family Guy" -GlobalAddressList "\GAL_Family Guy" -AddressLists '\AL_Family Guy_All Users' -OfflineAddressBook '\OAB_Family Guy' -RoomList '\AL_Family Guy_All Rooms'

Assign the ABPs to the Mailboxes

This is where I eat my words about “Plan, Plan, Plan…” throughout this blog I’ve filtered the list based on “Company” however to then apply a ABP to a mailbox with the filter of “Company” you can’t use the Get-Mailbox Cmdlet. You can use another common filter i.e.:

Get-Mailbox -resultsize unlimited | where {$_.CustomAttribute15 -eq "Family Guy"} | Set-Mailbox -AddressBookPolicy "Family Guy"

You can of course use the EAC and filter by the company, which will use the Get-Recipent filter, and then apply the ABP to your mailboxes.

I hope this helps someone in the future and saves them some time.

Reference Links:

Address book policies:- https://technet.microsoft.com/en-us/library/hh529948(v=exchg.150).aspx
Scenario: Deploying address book policies:- https://technet.microsoft.com/en-us/library/jj657455(v=exchg.150).aspx
Address book policy procedures:- https://technet.microsoft.com/en-us/library/hh529916(v=exchg.150).aspx

Wednesday, 26 November 2014

On-Premises Legacy Public Folder

There are some new recommendations around Legacy Public Folder configuration in Exchange 2013. These settings were introduced in Exchange 2013 Cumulative Update (CU) 5.

The recommendation is to make these configuration changes prior to installing CU7 (When it's released…), the recommendation may impact your update depending on legacy version of Exchange see flow diagram below.

Quick guide steps are:

Legacy Version of Exchange
- If Exchange 2007
  - Add new Mailbox Database on same server as Public Folder Database
- If Exchange 2010
  - Ensure server hosting Public Folder database has the Client Access Role installed
  - Add new Mailbox Database on same server as Public Folder Database
Create a new "Proxy Mailbox" on the database created
Update Exchange 2013 configuration
- Set-OrganizationConfig -PublicFoldersEnabled Remote
- Set-OrganizationConfig -RemotePublicFolderMailboxes "ProxyMailbox1","ProxyMailbox2","ProxyMailbox3"

Source:-
http://blogs.technet.com/b/exchange/archive/2014/11/07/on-premises-legacy-public-folder-coexistence-for-exchange-2013-cumulative-update-7-and-beyond.aspx
http://technet.microsoft.com/en-us/library/dn249373(v=exchg.150).aspx

Sunday, 16 November 2014

Exchange 2013 Upgrade in a Child Domain

Recently working on an Exchange 2013 upgrade project where the forest had both a Root and Child domain, I came across a couple of points that I thought would be worth noting for future reference.

On Exchange projects you make the necessary Request for Change (RFC), to enable the upgrade of the Active Directory (AD) Forest and Domains, and the installation of Exchange 2013. Sometimes I come across where the client wants to prepare the AD Forest and Domains separate from the Exchange installation, to allow for the schema upgrade to replicate. In these scenarios you find that the groups "Schema Admins", "Enterprise Admins" and "Domain Admins" are more tightly controlled (As they should be…) not to allow inappropriate or temporary accounts in these groups just for installation.

The necessary Exchange binary files and commands for the Schema and Domain extension were passed to the AD team.

Setup.exe /PrepareSchema /IAcceptExchangeServerLicenseTerms

Setup.exe /PrepareAD /IAcceptExchangeServerLicenseTerms

Setup.exe /PrepareAllDomains /IAcceptExchangeServerLicenseTerms

Note: /PrepareAllDomains was used due to there being a root and child domain

These commands prepared the Schema and Domains for Exchange 2013 installation, as these commands were run by another team and wasn't visible to myself I double checked the Schema objects.

$RootDSE = ([ADSI]"").distinguishedName
$ForestRangeUpper = ([ADSI]"LDAP://CN=ms-Exch-Schema-Version-Pt,CN=Schema,CN=Configuration,$RootDSE").rangeUpper
$ForestObjectVersion = ([ADSI]"LDAP://cn=<ExhangeOrg>,cn=Microsoft Exchange,cn=Services,cn=Configuration,$RootDSE").objectVersion
$DomainObjectVersion = ([ADSI]"LDAP://CN=Microsoft Exchange System Objects,$RootDSE").objectVersion
$DisplayVersions = @()
$DisplayVersions += "Exchange Forest (rangeUpper) = " + "$ForestRangeUpper"
$DisplayVersions += "Exchange Forest (ObjectVersion) = " + "$ForestObjectVersion"
$DisplayVersions += "Domain (ObjectVersion) = " + "$DomainObjectVersion"
$DisplayVersions

Note: You need to add the "Exchange Organisation" name on the '$ForestObjectVersion' line, this will return three numbers on the Root Domain and only the '$DomainObjectVersion' on the Child Domain.

Forest:

Child Domain:

Exchange 2013 Schema and Domain Versions:

Exchange	Forest (rangeUpper)	Forest (objectVersion)	Domain (objectVersion)
2013 RTM	15137	15449	13236
2013 CU1	15254	15614	13236
2013 CU2	15281	15688	13236
2013 CU3	15283	15763	13236
2013 SP1	15292	15844	13236
2013 CU5	15300	15870	13236
2013 CU6	15303	15965	13236

This confirmed the Schema and Domains had successfully been prepared. The next stage was to install the first Exchange 2013 server into the infrastructure, I misinterpreted the requirements to install the first Exchange 2013 server…

From TechNet (Exchange 2013): - http://technet.microsoft.com/en-us/library/bb124778(v=exchg.150).aspx

You must ensure the account you use is delegated membership in the Schema Admins group if you haven't previously prepared the Active Directory schema. If you're installing the first Exchange 2013 server in the organization, the account you use must have membership in the Enterprise Admins group. If you've already prepared the schema and aren't installing the first Exchange 2013 server in the organization, the account you use must be a member of the Exchange 2013 Organization Management role group.

From TechNet (Exchange 2010):- http://technet.microsoft.com/en-us/library/bb124778(v=exchg.141).aspx

If you're installing the first Exchange 2010 server in the organization, and the Active Directory preparation steps have not been performed, the account you use must have membership in the Enterprise Administrators group. If you haven't previously prepared the Active Directory schema, the account must also be a member of the Schema Admins group. For more information about preparing Active Directory for Exchange 2010, see Prepare Active Directory and Domains. If you have already performed the schema and Active Directory preparation steps, the account you use must be a member of the Delegated Setup management role group or the Organization Management role group.

I was a member of the Child Domains "Domain Admins" and a member of "Organization Management" and stated to install the first Exchange 2013 server, strangely enough as much as the setup process has improved over the years and warning when a step or prerequisite has been missed, or not in the correct groups etc. The setup did not pick up that I wasn't a member of "Enterprise Admin" and that this was the first Exchange 2013 server being installed. If this was Exchange 2010 installation all would have be ok, but as this was an Exchange 2013 installation there is the extra requirement of "If you're installing the first Exchange 2013 server in the organization, the account you use must have membership in the Enterprise Admins group". Needless to say the Exchange 2013 installed failed at (Step 8 I think) the reason being I was not a member of "Enterprise Admins".

My account was added to the "Enterprise Admins" group and setup was rerun to complete the installation of the server.

Exchange RBAC Groups and Arbitration Mailboxes…

Just to finish a quick note about the Roll Based Access Control groups (RBAC), these groups are used to help manage Exchange. In a Root and Child Domain deployment, these groups will be in the Root Domain in the AD forest. The Arbitration and Discovery mailboxes will also be in the Root domain even if the Exchange servers are only installed in the child domain. As discovered when I wanted to move these too highly available mailbox. When I ran the follow command:

Get-Mailbox –Arbitration

The Exchange Management Shell (EMS) returns no mailboxes??? We all know they are there, so why are they not showing in the EMS? The reason is by default is the EMS session will have an AD scope set to the domain you're logged into. To change the AD scope run the follow command:

Set-ADServerSettings –ViewEntireForest:$true

And then retry the previous command again:

Get-Mailbox –Arbitration

I hope this helps someone in the future and saves them some time.

Disclaimer: All scripts and other PowerShell references on this blog are offered "as is" with no warranty. While these scripts are tested and working in my test environment, it is recommended that you test these scripts in your own test environment before using in any production environment.

Sunday, 7 September 2014

Exchange 2013/2010/2007 Updates…

This is delayed post as I've been offline due to operation on my knee. On the 26^th August 2014 The Exchange Team announced updated to Exchange 2013, 2010 and 2007.

Exchange 2013 CU6 - Article Knowledge Base
Exchange 2010 SP3 RU7 - Article Knowledge Base
Exchange 2007 SP3 RU14 - Article Knowledge Base

Exchange 2007 SP3 RU14:

This update includes new daylight saving time (DST) updates for Exchange Server 2007 SP3.

Exchange 2010 SP3 RU7:

Update Rollup 7 for Exchange Server 2010 SP3 resolves the issues that are described in the following Microsoft Knowledge Base (KB) articles:

2983261 "HTTP 400 - Bad Request" error when you open a shared mailbox in Outlook Web App in an Exchange Server 2010 environment
2982873 Outlook Web App logon times out in an Exchange Server 2010 environment
2980300 Event 4999 is logged when the World Wide Web publishing service crashes after you install Exchange Server 2010 SP3
2979253 Email messages that contain invalid control characters cannot be retrieved by an EWS-based application
2978645 S/MIME option disappears when you use Outlook Web App in Internet Explorer 11 in an Exchange Server 2010 environment
2977410 Email attachments are not visible in Outlook or other MAPI clients in an Exchange Server 2010 environment
2976887 eDiscovery search fails if an on-premises Exchange Server 2010 mailbox has an Exchange Online archive mailbox
2976322 Assistant stops processing new requests when Events in Queue value exceeds 500 in Exchange Server 2010
2975988 S/MIME certificates with EKU Any Purpose (2.5.29.37.0) are not included in OAB in Exchange Server 2010
2966923 Domain controller is overloaded after you change Active Directory configurations in Exchange Server 2010

Exchange 2013 CU6:

This update resolves the issues that are described in the following Microsoft Knowledge Base (KB) articles:

2991934 Duplicate mailbox folders after migration to Exchange Server 2013
2988229 Hybrid Configuration wizard error "Subtask CheckPrereqs execution failed" for Exchange Server 2013
2986779 EMS takes a long time to execute the first command in an Exchange Server 2013 Cumulative Update 5 environment
2983512 RPC Client Access service crashes on an on-premises Mailbox server in an Exchange Server 2013 hybrid environment
2983426 AutodiscoverSelfTestProbe fails when external URL is not set for EWS virtual directory in Exchange Server 2013
2983423 AutodiscoverSelfTestProbe fails when external URL is not set for ECP virtual directory in Exchange Server 2013
2983422 The ServerWideOffline component is set to Inactive after Exchange Server 2013 prerequisite check fails
2983207 "532 5.3.2" NDR when you send an email message to a hidden mailbox in an Exchange Server 2013 environment
2983066 Removed Default or Anonymous permission for Outlook folders cannot be restored in an Exchange Server 2013 environment
2982769 "Topology service cannot find the OWA service" when you perform an eDiscovery search in Exchange Server 2013
2982763 Mail-enabled public folder accepts email messages from unauthorized users in an Exchange Server 2013 environment
2982762 OAB generation arbitration mailbox can be removed or disabled in an Exchange Server 2013 environment
2982760 The Enter key submits duplicate sign-in forms to Outlook Web App in an Exchange Server 2013 environment
2982759 You cannot access the archive mailbox of a delegated user after enabling MAPI over HTTP
2982017 Incorrect voice mail message duration in an Exchange Server 2013 environment
2981835 You cannot add attachments, delete or move many email messages in bulk in Outlook Web App
2981466 MAPI/CDO client cannot connect to Exchange Server 2013
2977279 You cannot disable journaling for protected voice mail in an Exchange Server 2013 environment
2975599 Exchange Server 2010 public folder replication fails in an Exchange Server 2013 environment
2975003 Calendar item body disappears in Outlook online mode in an Exchange Server 2013 environment
2974339 OAB generation fails if FIPS is used in an Exchange Server 2013 environment
2971270 Blank page after you sign in to Exchange Server 2013 EAC (formerly ECP)
2970040 Folder Assistant rule does not work correctly in an Exchange Server 2013 environment
2965689 EAS device cannot sync free/busy status if an item is created by EWS in an Exchange Server 2013 environment
2963590 Message routing latency if IPv6 is enabled in Exchange Server 2013
2961715 "Something went wrong" error in Outlook Web App may show an incorrect date

2958434 Users cannot access mailboxes in OWA or EAS when mailbox database is removed

Important Note:

The Exchange Team have discovered an issue with the latest Exchange 2013 Cumulative Update 6, a knowledge base article has been posted with information KB2997209, also another knowledge base article with a script to fix issue KB2997355

Also see Michael de Rooji's blog post about an alternative to the knowledge base script Blog Post

Now it's time to go test in my home lab…

Wednesday, 28 May 2014

Exchange 2013 & 2010 Updates

The Exchange Team have announced Exchange 2013 CU5 and Exchange 2010 SP3 RU6 is now available for download.

Exchange 2013 CU5 – KB2936880

Issues that the cumulative update resolves

This update resolves the issues that are described in the following Microsoft Knowledge Base (KB) articles:

2963590 Message routing latency if IPv6 is enabled in Exchange Server 2013
2963566 Outlook Web App accessibility improvement for UI appearance in Exchange Server 2013
2962439 You cannot sync contacts or tasks in Microsoft CRM client for Outlook in an Exchange Server 2013 environment
2962435 CRM synchronization fails if the time zone name of a meeting is not set in an Exchange Server 2013 environment
2962434 Slow performance in Outlook Web App when Lync is integrated with Exchange Server 2013
2958430 "Some or all Identity references could not be translated" error when you manage DAG in Exchange Server 2013 SP1 in a disjoint namespace domain
2957592 IME is disabled in Outlook Web App when you press Tab to move the focus in an email message in Exchange Server 2013
2942609 Exchange ActiveSync proxy does not work from Exchange Server 2013 to Exchange Server 2007
2941221 EWS integration for Lync works incorrectly in an Exchange Server 2013 and 2007 coexistence environment
2926742 Plain-text message body is cleared when writing in Outlook Web App by using Internet Explorer 8 in Exchange Server 2013
2926308 Sender's email address is broken after importing a PST file into an Exchange Server 2013 mailbox
2925559 Users always get the FBA page when they access OWA or ECP in Exchange Server 2013
2924519 "SyncHealth\Hub" folder is created unexpectedly after installing Cumulative Update 2 for Exchange Server 2013
2916113 Cannot open .tif files from email messages by using Windows-based applications in an Exchange Server 2013 environment
2592398 Email messages in the Sent Items folder have the same PR_INTERNET_MESSAGE_ID property in an Exchange Server 2010 environment

Exchange 2010 SP3 RU6 – KB2936871

Issues that the rollup update resolves

Update Rollup 6 for Exchange Server 2010 SP3 resolves the issues that are described in the following Microsoft Knowledge Base (KB) articles:

2960652 Organizer name and meeting status field can be changed by EAS clients in an Exchange Server 2010 environment
2957762 "A folder with same name already exists" error when you rename an Outlook folder in an Exchange Server 2010 environment
2952799 Event ID 2084 occurs and Exchange server loses connection to the domain controllers in an Exchange Server 2010 environment
2934091 Event ID 1000 and 7031 when users cannot connect to mailboxes in an Exchange Server 2010 environment
2932402 Cannot move a mailbox after you install Exchange Server 2010 SP3 RU3 (KB2891587)
2931842 EWS cannot identify the attachment in an Exchange Server 2010 environment
2928703 Retention policy is applied unexpectedly to a folder when Outlook rule moves a copy in Exchange Server 2010
2927265 Get-Message cmdlet does not respect the defined write scope in Exchange Server 2010
2925273 Folder views are not updated when you arrange by categories in Outlook after you apply Exchange Server 2010 Service Pack 3 Update Rollup 3 or Update Rollup 4
2924592 Exchange RPC Client Access service freezes when you open an attached file in Outlook Online mode in Exchange Server 2010
2923865 Cannot connect to Exchange Server 2010 when the RPC Client Access service crashes

Thursday, 27 February 2014

Exchange 2013 Service Pack 1

The Exchange Team have announced Exchange 2013 SP1 is now available for download! - Exchange Team Blog

The service pack includes the following enhancements:

DLP Policy Tips for Outlook Web App
S/MIME support for Outlook Web App
Windows 2012 R2 Support for Exchange 2013 SP1
Exchange Admin Center Cmdlet logging
Edge Transport server role
SSL Offloading
Enhanced text editor for Outlook Web App
Plus many more…

As with previous CUs, SP1 is a full build of Exchange 2013, prior to upgrading or deploy SP1 onto a server, you must update Active Directory!!!

The final build number for Exchange 2013 SP1 is 15.00.0547.032, a full description of the service pack is here – KB2926248

Microsoft Exchange Server 2013 Service Pack 1 (SP1) - Download

the Exchange Team also announced updates for older versions of Exchange

Exchange 2010 SP3 RU5:

Description of Update Rollup 5 for Exchange Server 2010 Service Pack 3 – KB2917508

Update Rollup 5 For Exchange 2010 SP3 (KB2917508) – Download

Exchange 2007 SP3 RU13:

Description of Update Rollup 13 for Exchange Server 2007 Service Pack 3 – KB2917522

Update Rollup 13 for Exchange Server 2007 Service Pack 3 (KB2917522) - Download

Friday, 14 February 2014

Modern Public Folder Migration

There is a lot of information and guides out there about ‘Modern Public Folder” migrations, this post is steps recorded during a live migration of a public folder from Exchange 2007 to Exchange 2013.

This blog is to a real world view of migrating public folders to Exchange 2013.

All steps\actions are from the TechNet Article

Preparation

Create two folders on your ‘Legacy’ Server called “PFScripts” and “PFMigration”, I choose to keep these on the root of the C:\
Download the migration scripts:

Export-PublicFolderStatistics.ps1
Export-PublicFolderStatistics.strings.psd1
PublicFolderToMailboxMapGenerator.ps1
PublicFolderToMailboxMapGenerator.strings.psd1

Download Link

Prepare for Migration

It’s recommend to take a snapshot of the current Public Folder deployment, run the following command to take a snapshot of the original source folder structure:

## Get Public Folder Structure
Get-PublicFolder -Recurse | Export-CliXML C:\PFMigration\Legacy_PFStructure.xml

Run the following command to take a snapshot of public folder statistics of the public folders:

## Get Public Folder Statistics
Get-PublicFolderStatistics | Export-CliXML C:\PFMigration\Legacy_PFStatistics.xml

Run the following command to take a snapshot of the permissions:

## Get Public Folder Permissions
Get-PublicFolder -Recurse | Get-PublicFolderClientPermission | Select-Object Identity,User -ExpandProperty AccessRights | Export-CliXML C:\PFMigration\Legacy_PFPerms.xml

If the name of a public folder contains a backslash “\” the public folders will be created in the parent public folder when migration occurs. Before you migrate its recommend that you rename any public folders that have a backslash in the name.

Locate public folders with a backslash in Exchange 2007 and 2010:

## Public Folder with “\” Exchange 2007
Get-PublicFolderDatabase | ForEach {Get-PublicFolderStatistics -Server $_.Server | Where {$_.Name -like "*\*"}}

## Public Folders with “\” Exchange 2010
Get-PublicFolderStatistics -ResultSize Unlimited | Where {$_.Name -like "*\*"} | Format-List Name, Identity

If and folders are returned it’s recommended to rename them:

## Rename Public Folder
Set-PublicFolder -Identity <public folder identity> -Name <new public folder name>

Make sure there isn’t a previous record of a successful migration. If there is, you’ll need to set that value to $false. If the value is set to $true the migration request will fail.

## Check for previous migration
Get-OrganizationConfig | Format-List PublicFoldersLockedforMigration, PublicFolderMigrationComplete

If the status of the PublicFoldersLockedforMigration or PublicFolderMigrationComplete properties is $true, run the following command to set the value to $false.

## Change PF migration status
Set-OrganizationConfig -PublicFoldersLockedforMigration:$false -PublicFolderMigrationComplete:$false

NOTE: After resetting these properties, you must wait for Exchange to detect the new settings, This may take some time to replicate.

Prerequisites for Exchange 2013

Make sure there are no existing public folder migration request:

## Check Exchange 2013 for migration request
Get-PublicFolderMigrationRequest | Remove-PublicFolderMigrationRequest -Confirm:$false

Confirm there are no public folders on Exchange 2013:

## Check Exchange 2013 has no public folders
Get-Mailbox -PublicFolder
Get-PublicFolder

If public folders are returned, run the following command to remove them:

## Remove Exchange 2013 Public Folders
Get-Mailbox -PublicFolder | Where{$_.IsRootPublicFolderMailbox -eq $false} | Remove-Mailbox -PublicFolder -Force -Confirm:$false
Get-Mailbox -PublicFolder | Remove-Mailbox -PublicFolder -Force -Confirm:$false

Generate the CSV file for migration

On the legacy Exchange server, run the Export-PublicFolderStatistics.ps1 script to create the folder name-to-folder size mapping file:

## Generate CSV file for migration
.\Export-PublicFolderStatistics.ps1 <CSV File Name> <FQDN of source server>

Run the PublicFolderToMailboxMapGenerator.ps1 script to create the public folder-to-mailbox mapping file:

## Exchange 2013 Public Folder mapping
.\PublicFolderToMailboxMapGenerator.ps1 <Maximum mailbox size in bytes> <Folder to size map path> <Folder to mailbox map path>

i.e.

.\PublicFolderToMailboxMapGenerator.ps1 1GB PFStats.csv FolderToMailbox.csv

Copy the generated file to the Exchange 2013 server

Create the public folder mailboxes on Exchange 2013

Create a new public folder mailbox on 2013:

## Exchange 2013 new public folder
New-Mailbox -PublicFolder <Name> -HoldForMigration:$true

The migration I was working wasn’t very big, so I only required a single public folder mailbox, if you require additional mailboxes run:

## Exchange 2013 additional public folder mailboxes
$numberOfMailboxes = x;
for($index =1 ; $index -le $numberOfMailboxes ; $index++)
{
$PFMailboxName = "Mailbox"+$index; if($index -eq 1) {New-Mailbox -PublicFolder $PFMailboxName -HoldForMigration:$true -IsExcludedFromServingHiearchy:$true;}else{NewMailbox-PublicFolder $PFMailboxName -IsExcludedFromServingHierarchy:$true}
}

Public Folder migration

Legacy system public folders such as OWAScratchPad and the schema-root folder subtree in Exchange 2007 won’t be recognized by Exchange 2013 and will be treated as bad items. This will cause the migration to fail. As part of the migration request, you must specify a value for the BadItemLimit parameter. This value will vary depending on the number of public folder databases you have. The following commands will determine how many public folder databases you have and compute the BadItemLimit for the migration request.

## Get 2007 Public Folder
$PublicFolderDatabasesInOrg = @(Get-PublicFolderDatabase)

## Set Bad Items
$BadItemLimitCount = 5 + ($PublicFolderDatabasesInOrg.Count -1)

Start Public folder migration (Exchange 2007):

## Start Public Folder Migration – Exchange 2007
New-PublicFolderMigrationRequest -SourceDatabase (Get-PublicFolderDatabase -Server <Source server name>) -CSVData (Get-Content <Folder to mailbox map path> -Encoding Byte) -BadItemLimit $BadItemLimitCount

Start Public folder migration (Exchange 2010):

## Start Public Folder Migration – Exchange 2010
New-PublicFolderMigrationRequest -SourceDatabase (Get-PublicFolderDatabase -Server <Source server name>) -CSVData (Get-Content <Folder to mailbox map path> -Encoding Byte)

To check the migration has started, run the following command:

## Check public folder migration
Get-PublicFolderMigrationRequest | Get-PublicFolderMigrationRequestStatistics -IncludeReport | Format-List

Once the migration reached the AutoSuspended state as shown below, proceed to the next steps, otherwise you must wait as this may take some time based on your PF size.

Lock down the public folders on the legacy Exchange server for final migration (Downtime required)

On the legacy Exchange server run the following command:

## Lock Public Folders
Set-OrganizationConfig -PublicFoldersLockedForMigration:$true

Resume\Complete the public folder migration on the Exchange 2013 server, run the following command:

## Complete public folder migration
Set-PublicFolderMigrationRequest -Identity \PublicFolderMigration -PreventCompletion:$false
Resume-PublicFolderMigrationRequest -Identity \PublicFolderMigration

I found once I started the completion process the StatusDetail reported back as StalledDueToMailboxLock:

To get this started again I restarted the ‘Information Store’ on the legacy Exchange server:

The final status changes you should see are:

and

Test and unlock

After the final migration has completed, you should test to make sure the public folder hierarchy\permissions\content are correct, create additional folders and post content to folders to confirm folders are working.

To tell a mailbox to look at the new modern folders, run the following command:

## Exchange 2013 set mailbox to modern PF
Set-Mailbox -Identity <Test User> -DefaultPublicFolderMailbox <Public Folder Mailbox Identity>

Once test have been completed and you can confirm public folders are working as they should be, you can unlock the folders for the rest of the organisation, run the following command:

## Exchange 2013 Unlock PF’s
Set-OrganizationConfig -PublicFolderMigrationComplete:$true

Modern public folder migration complete !!!

Disclaimer: All scripts and other PowerShell references on this blog are offered "as is" with no warranty. While these scripts are tested and working in my environment, it is recommended that you test these scripts in a test environment before using in your production environment.