Exchange High Availability with Kemp Load Balancer…

Working recently on an Exchange 2010 deployment I was doing end to end testing with the environment before it went into pilot phase, all was working well till I failed one of the server nodes in the DAG, I noticed the Outlook client would freeze… The Kemp VLM was downloaded from the website, and I'd used the Exchange 2010 ESP template. So what was wrong?

What was wrong was I didn't follow the deployment guide like I'd previously done when I didn't use the Exchange template, the template had made me lazy as it does all the hard work for you. But there are some basic settings that need to be changed on the load balancer so that the load balancer will function correctly.

In my case I hadn't change "Drop Connections on Real Server Failure", this is a very quick change on the Web User Interface (WUI), from the Kemp deployment guide:

By default existing connections are not closed if a Real Server fails. This can lead to issues with Outlook clients if an Exchange CAS server fails. A solution to this is to enable the Drop Connections on RS Failure option which can be found on the System Configuration > Miscellaneous > L7 Configuration screen in the WUI.

When this option is enabled, LoadMaster tracks all the incoming connections and which Real Servers they are connected to. When a Real Server fails, all connections to the Real Server are immediately dropped, forcing the connections to reconnect to a different Real Server.

Enabling this option has the added benefit of allowing relatively higher Idle Connection Timeout values to be set as the danger of the client retaining a connection to a failed server is removed.

Figure 1: L7 Configuration

So always make sure that you read the deployment guide and apply the settings required even if the templates do all the hard work for you…

Kemp Exchange 2010 Deployment Guide - https://support.kemptechnologies.com/hc/en-us/articles/201737917-Exchange-2010

Exchange 2013/2010/2007 Updates…

This is delayed post as I've been offline due to operation on my knee. On the 26^th August 2014 The Exchange Team announced updated to Exchange 2013, 2010 and 2007.

• Exchange 2013 CU6 - Article Knowledge Base
• Exchange 2010 SP3 RU7 - Article Knowledge Base
• Exchange 2007 SP3 RU14 - Article Knowledge Base

Exchange 2007 SP3 RU14:

This update includes new daylight saving time (DST) updates for Exchange Server 2007 SP3.

Exchange 2010 SP3 RU7:

Update Rollup 7 for Exchange Server 2010 SP3 resolves the issues that are described in the following Microsoft Knowledge Base (KB) articles:

• 2983261 "HTTP 400 - Bad Request" error when you open a shared mailbox in Outlook Web App in an Exchange Server 2010 environment
• 2982873 Outlook Web App logon times out in an Exchange Server 2010 environment
• 2980300 Event 4999 is logged when the World Wide Web publishing service crashes after you install Exchange Server 2010 SP3
• 2979253 Email messages that contain invalid control characters cannot be retrieved by an EWS-based application
• 2978645 S/MIME option disappears when you use Outlook Web App in Internet Explorer 11 in an Exchange Server 2010 environment
• 2977410 Email attachments are not visible in Outlook or other MAPI clients in an Exchange Server 2010 environment
• 2976887 eDiscovery search fails if an on-premises Exchange Server 2010 mailbox has an Exchange Online archive mailbox
• 2976322 Assistant stops processing new requests when Events in Queue value exceeds 500 in Exchange Server 2010
• 2975988 S/MIME certificates with EKU Any Purpose (2.5.29.37.0) are not included in OAB in Exchange Server 2010
• 2966923 Domain controller is overloaded after you change Active Directory configurations in Exchange Server 2010

Exchange 2013 CU6:

This update resolves the issues that are described in the following Microsoft Knowledge Base (KB) articles:

• 2991934 Duplicate mailbox folders after migration to Exchange Server 2013
• 2988229 Hybrid Configuration wizard error "Subtask CheckPrereqs execution failed" for Exchange Server 2013
• 2986779 EMS takes a long time to execute the first command in an Exchange Server 2013 Cumulative Update 5 environment
• 2983512 RPC Client Access service crashes on an on-premises Mailbox server in an Exchange Server 2013 hybrid environment
• 2983426 AutodiscoverSelfTestProbe fails when external URL is not set for EWS virtual directory in Exchange Server 2013
• 2983423 AutodiscoverSelfTestProbe fails when external URL is not set for ECP virtual directory in Exchange Server 2013
• 2983422 The ServerWideOffline component is set to Inactive after Exchange Server 2013 prerequisite check fails
• 2983207 "532 5.3.2" NDR when you send an email message to a hidden mailbox in an Exchange Server 2013 environment
• 2983066 Removed Default or Anonymous permission for Outlook folders cannot be restored in an Exchange Server 2013 environment
• 2982769 "Topology service cannot find the OWA service" when you perform an eDiscovery search in Exchange Server 2013
• 2982763 Mail-enabled public folder accepts email messages from unauthorized users in an Exchange Server 2013 environment
• 2982762 OAB generation arbitration mailbox can be removed or disabled in an Exchange Server 2013 environment
• 2982760 The Enter key submits duplicate sign-in forms to Outlook Web App in an Exchange Server 2013 environment
• 2982759 You cannot access the archive mailbox of a delegated user after enabling MAPI over HTTP
• 2982017 Incorrect voice mail message duration in an Exchange Server 2013 environment
• 2981835 You cannot add attachments, delete or move many email messages in bulk in Outlook Web App
• 2981466 MAPI/CDO client cannot connect to Exchange Server 2013
• 2977279 You cannot disable journaling for protected voice mail in an Exchange Server 2013 environment
• 2975599 Exchange Server 2010 public folder replication fails in an Exchange Server 2013 environment
• 2975003 Calendar item body disappears in Outlook online mode in an Exchange Server 2013 environment
• 2974339 OAB generation fails if FIPS is used in an Exchange Server 2013 environment
• 2971270 Blank page after you sign in to Exchange Server 2013 EAC (formerly ECP)
• 2970040 Folder Assistant rule does not work correctly in an Exchange Server 2013 environment
• 2965689 EAS device cannot sync free/busy status if an item is created by EWS in an Exchange Server 2013 environment
• 2963590 Message routing latency if IPv6 is enabled in Exchange Server 2013
• 2961715 "Something went wrong" error in Outlook Web App may show an incorrect date

• 2958434 Users cannot access mailboxes in OWA or EAS when mailbox database is removed

Important Note:

The Exchange Team have discovered an issue with the latest Exchange 2013 Cumulative Update 6, a knowledge base article has been posted with information KB2997209, also another knowledge base article with a script to fix issue KB2997355

Also see Michael de Rooji's blog post about an alternative to the knowledge base script Blog Post

Now it's time to go test in my home lab…

Kemp – Hyper-V 2012\Windows 8 Deployment

This is a step-by-step guide to deploying a Kemp Virtual LoadMaster (VLM) on a Hyper-V 2012 or Windows 8 installation. This guide was put together using the Kemp documentation.

VLM Requirements:

• 2 x virtual processors
• 1 Gb RAM
• 32 GB Virtual hard disk capacity

VLM Download

Download the VLM from Kemp Download Link (52 Mb), once download is complete you will need to extract the content from the compressed folder. For this guide I extracted the files to "D:\Virtual Machines\LoadMaster VLM"

Importing the VLM  

To import the VLM follow these instructions.

1. Open the Hyper-V Manager and select Import Virtual Machine… from the Action Pane
   
   
2. Click Next >
   
   
3. Click Browse… button and select the folder you extracted the downloaded file too.
4. Click Next >
   
   
5. Select the VLM, and click Next >
   
   
6. Select the Copy the virtual machine (create a new unique ID) option.
7. Click Next >
   
   
8. You can change the virtual machine location, or use the Hyper-V server defaults
9. Click Next >
   
    
10. Click Browse… to select the location of the virtual hard disk
11. Click Next >
    
     
12. Click Finish, and let the VLM import to your Hyper-V server

VLM Network Adapter Settings

Before the starting the VLM the network settings must be checked on the Hyper-V guest.

1. Right-click the virtual machine in the Virtual Machines pane
2. Click Settings… option
3. Click on the Network Adapter option within the Hardware list 
 
1. Ensure that the network adapter is connected to the correct Hyper-V virtual network
   
   
2. Expand the Network Adapter, select the Advanced Features and select Static in the MAC Address
3. Ensure that the Enable MAC address spoofing is checked
   
   
4. Click OK button
4. Repeat these steps for the second network adapter

Start VLM and License

Once the VLM has been imported and the network settings have been checked you start the VLM from the Hyper-V console.

1. Right-Click the Virtual Machine in the Virtual Machines pane
2. Click Start 
3. Right-click the VLM and select Connect to open the console window
   
   
4. The VLM should get an IP from DHCP, browse to that address via a web browser
5. You receive a certificate warning:
   
   Internet Explorer:-
   
   
   
   Google Chrome:
   
   
6. Click Continue to this website (not recommend) or Proceed anyway (Depending on web browser)
   • The Root certificate can be downloaded\installed later
7. The LoadMaster End User License Agreement screen appears. Please read the license agreement and, if willing to accept the conditions therein, click Agree button to proceed
8. The LoadMaster will then ask if you are OK with the LoadMaster regularly contacting Kemp to check for updates and other information
   
   
9. Click the relevant button to proceed
   
   
10. Before the VLM can be used it needs to be licensed, this can be done either Online or Offline
11. Both methods require a Kemp ID, to register complete registration form
12. You will then be prompted to login to the VLM
    
    
13. Enter Username bal and Password 1fourall, the VLM will ask you set a new default password
    
    
14. Enter new password and click Set Password
    
    
15. You will be prompted to login into the VLM again, this time with your new password
    
    
     

This completes the first steps of importing to Hyper-V 2012 or Windows 8 and licensing the VLM, next steps are to configure the IP addresses of the VLM and setup some virtual services, I'll post these later so keep a look out.

Kemp Software Version: 7.1-16(Hyper-V)

Exchange 2013 & 2010 Updates

The Exchange Team have announced Exchange 2013 CU5 and Exchange 2010 SP3 RU6 is now available for download.

Exchange 2013 CU5 – KB2936880

Issues that the cumulative update resolves

This update resolves the issues that are described in the following Microsoft Knowledge Base (KB) articles:

• 2963590 Message routing latency if IPv6 is enabled in Exchange Server 2013
• 2963566 Outlook Web App accessibility improvement for UI appearance in Exchange Server 2013
• 2962439 You cannot sync contacts or tasks in Microsoft CRM client for Outlook in an Exchange Server 2013 environment
• 2962435 CRM synchronization fails if the time zone name of a meeting is not set in an Exchange Server 2013 environment
• 2962434 Slow performance in Outlook Web App when Lync is integrated with Exchange Server 2013
• 2958430 "Some or all Identity references could not be translated" error when you manage DAG in Exchange Server 2013 SP1 in a disjoint namespace domain
• 2957592 IME is disabled in Outlook Web App when you press Tab to move the focus in an email message in Exchange Server 2013
• 2942609 Exchange ActiveSync proxy does not work from Exchange Server 2013 to Exchange Server 2007
• 2941221 EWS integration for Lync works incorrectly in an Exchange Server 2013 and 2007 coexistence environment
• 2926742 Plain-text message body is cleared when writing in Outlook Web App by using Internet Explorer 8 in Exchange Server 2013
• 2926308 Sender's email address is broken after importing a PST file into an Exchange Server 2013 mailbox
• 2925559 Users always get the FBA page when they access OWA or ECP in Exchange Server 2013
• 2924519 "SyncHealth\Hub" folder is created unexpectedly after installing Cumulative Update 2 for Exchange Server 2013
• 2916113 Cannot open .tif files from email messages by using Windows-based applications in an Exchange Server 2013 environment
• 2592398 Email messages in the Sent Items folder have the same PR_INTERNET_MESSAGE_ID property in an Exchange Server 2010 environment

Exchange 2010 SP3 RU6 – KB2936871

Issues that the rollup update resolves

Update Rollup 6 for Exchange Server 2010 SP3 resolves the issues that are described in the following Microsoft Knowledge Base (KB) articles:

• 2960652 Organizer name and meeting status field can be changed by EAS clients in an Exchange Server 2010 environment
• 2957762 "A folder with same name already exists" error when you rename an Outlook folder in an Exchange Server 2010 environment
• 2952799 Event ID 2084 occurs and Exchange server loses connection to the domain controllers in an Exchange Server 2010 environment
• 2934091 Event ID 1000 and 7031 when users cannot connect to mailboxes in an Exchange Server 2010 environment
• 2932402 Cannot move a mailbox after you install Exchange Server 2010 SP3 RU3 (KB2891587)
• 2931842 EWS cannot identify the attachment in an Exchange Server 2010 environment
• 2928703 Retention policy is applied unexpectedly to a folder when Outlook rule moves a copy in Exchange Server 2010
• 2927265 Get-Message cmdlet does not respect the defined write scope in Exchange Server 2010
• 2925273 Folder views are not updated when you arrange by categories in Outlook after you apply Exchange Server 2010 Service Pack 3 Update Rollup 3 or Update Rollup 4
• 2924592 Exchange RPC Client Access service freezes when you open an attached file in Outlook Online mode in Exchange Server 2010
• 2923865 Cannot connect to Exchange Server 2010 when the RPC Client Access service crashes

MCSA - Windows Server 2012

I passed my 70-417 Exam Upgrading Your Skills to MCSA Windows Server 2012, yesterday. This was a tough exam for me covering 70-410, 70-411, and 70-412 in a single exam.

  

This was the first step for me to complete to get to my MCSE: Messaging, just two exams left to go…

New Accepted Domain and Email Address Policy.

I recently worked on a Exchange deployment where the business wanted to add a new Accepted Domain, update the E-mail Address Policy so the new domain was their primary SMTP address on all mailboxes.
 

So in good practice I thought I’d test before apply to every mailbox in the organisation, I identified a test mailbox called “User A” and added a custom attribute of “NewDomain”, Created a copy of the original policy filtered with the new custom attribute and applied the policy.
 

On checking the mailbox I found the new E-Mail hadn’t been applied, this was because the “Automatic update e-mail address based on e-mail policy” had been unchecked.

So i thought I needed to Identity which other mailboxes have been removed from the policy, by using PowerShell I was quickly able to establish this:

## Get Mailboxes where EAP isn't enabled
$Mailbox = Get-Mailbox | Where {$_.EmailAddressPolicyEnabled -like "False"}

Using the $Mailbox collection I could quickly identify how many mailboxes had been removed:

## Get Mailboxes count
$Mailbox.count

Using the collection I could then put back into the policy using the following:

## Update Mailbox to be in the EAP
ForEach ($ObjItem in $Mailbox)
    {
    Set-Mailbox $ObjItem.identity -EmailAddressPolicyEnabled $true
    }

This will check the “Automatic update e-mail address based on e-mail policy” that had been unchecked.

The above was my working out the solution to re-enable the policy on mailboxes, however this could create large collections on the computer because as you’ll see from from my PowerShell I was getting the mailboxes and running a Where on the collection. The more efficient way is to use the –Filter, on the initial Get-Mailbox:

Get-Mailbox -Filter {EmailAddressPolicyEnabled -eq $False}

If your happy to process all at the same time the PowerShell can be simplified to a single line:

Get-Mailbox -Filter {EmailAddressPolicyEnabled -eq $False} | ForEach {Set-Mailbox $_ -EmailAddressPolicyEnabled $True}

Disclaimer: All scripts and other PowerShell references on this blog are offered "as is" with no warranty.  While these scripts are tested and working in my test environment, it is recommended that you test these scripts in your own test environment before using in any production environment.

Exchange 2013 Service Pack 1

The Exchange Team have announced Exchange 2013 SP1 is now available for download! -  Exchange Team Blog

The service pack includes the following enhancements:

• DLP Policy Tips for Outlook Web App
• S/MIME support for Outlook Web App
• Windows 2012 R2 Support for Exchange 2013 SP1
• Exchange Admin Center Cmdlet logging
• Edge Transport server role
• SSL Offloading
• Enhanced text editor for Outlook Web App
• Plus many more…

As with previous CUs, SP1 is a full build of Exchange 2013, prior to upgrading or deploy SP1 onto a server, you must update Active Directory!!!

The final build number for Exchange 2013 SP1 is 15.00.0547.032, a full description of the service pack is here – KB2926248

Microsoft Exchange Server 2013 Service Pack 1 (SP1) - Download

the Exchange Team also announced updates for older versions of Exchange

Exchange 2010 SP3 RU5:

Description of Update Rollup 5 for Exchange Server 2010 Service Pack 3 – KB2917508

Update Rollup 5 For Exchange 2010 SP3 (KB2917508) – Download

Exchange 2007 SP3 RU13:

Description of Update Rollup 13 for Exchange Server 2007 Service Pack 3 – KB2917522

Update Rollup 13 for Exchange Server 2007 Service Pack 3 (KB2917522) - Download