Exchange Server: The virtualization story

Microsoft has finally released its definitive story about virtualizing Exchange and the support policies. http://technet.microsoft.com/en-us/library/cc794548.aspx

 

Here are the highlights and lowlights:

 

1. Exchange Server 2007 on Hyper-v is now fully supported, as long as:

 

• You are running Exchange 2007 SP1 on Windows Server 2008 OS. 🙂
• You do not install UM 🙂
• You only use Fixed Disks 😦
• You do not run any management/AV/AS software on Hyper-V host. 😦

2. Exchange Server 2007 is supported on 3rd Party virtualization software, as long as:

• Product has been validated by MS as part of this program: http://www.windowsservercatalog.com/svvp/ 🙂
• At this point, this does not seem to include VMWare (or at least I don’t see it in the list of supported vendors) 😦

3. Exchange HA is supported. (as long as its not combined with Hyper-V HA)

4. Clustering is supported. (as long as you’re not using clutered virtualized servers.)

5. Exchange Server 2003 is supported in a virtualization environment, as long as:

• Its running Exchange 2003 SP2 or higher.
• Its running on Virtual Server 2005 R2 or higher
• Exchange 2003 is NOT clustered
• VM Additions are installed on the guests.

This is a better story than what we’ve had up to now, albeit not a complete support policy yet. The obviously lack of support for VMWare, IMO, is going to be an issue. Though there is basic support for all 3rd party virtualization products. http://support.microsoft.com/kb/897615/en-us

 

Windows Server 2008 cannot perform streaming backups of Exchange Server 2007 Databases

Updated on March 4th, 2008

 

You may not have heard about this yet, but more and more people have been asking me about this. The "Windows Server Backup" feature running on Windows Server 2008 cannot backup your databases/stores on Exchange 2007. What were refer to as streaming backups, is no longer supported with the built-in backup tool (still possible with 3rd party). So what do we use to backup the DBs? Well, you have a few options. First, of course, you have 3rd party products, the same you may currently be using to backup Exchange 2003 servers, are available in versions supported by Windows 2008/Exchange 2007. Second, if you want to stay on the MS side of things, you will want to use System Center Data Protection Manager (SCDPM) to perform VSS-based backups of your Exchange 2007 servers. (SC DPM cannot take streaming backups)

 

Now what will happen in Cougar (SBS 2008)? I haven’t had a chance to check it out yet, but this may be prohibitive to small businesses who look for simple backup solutions. My guess (and this only a guess) is that they will leverage SC Essentials with a minimal version of SCDPM. Well… at least that’s what I would do…

 

I also want to point out though that I’ve recently been told that you can restore, on Windows2008, Exchange Offline DB backups done in Windows Server 2003 (no online backups supported). I’ve actually tried this out (other than the SCDPM) and the options for Exchange are simply not there.

 

More guidance on this from Microsoft will be arriving soon.

 

Learning path for Exchange Server 2007

I was recently asked by Microsoft to create a Learning Plan for Exchange Server 2007. These Learning Plans were promoted as part of a marketing initiative that took place at IT Forum in Barcelona this year. Basically, its a list of resources, in a relevant order, that you can use to become knowledgeable on Exchange Server 2007.

 

http://learning.microsoft.com/manager/LearningPlanV2.aspx?resourceId=%7Bb72c7c8c-1299-426b-890f-56e3c938e52e%7D&clang=en-US&program=MSDNChallenge

Get ready for Exchange Server 2007 SP1

 

Any day now… Exchange Server 2007 SP1 will drop. Initially, Microsoft has said that this service pack will be released in conjunction with Windows Server 2008. Well, Windows has slipped, but the Exchange team has stuck to their guns and SP1 will be released this quarter. Typically, this doesn’t happen too close to x-mas, which means any day now!!!

 

Why should you care about this Service Pack? Well sure, you get SCR, support for Windows 2008, better mobile device policies, improved management from the EMC… but really, we know that the favorite new features will be the new Zune and XBOX 360 OWA themes 🙂

SSL certificate server name is incorrect – Exchange System Manager issue

 

I came across this issue today, where the Exchange System Manager returns the following error when accessing the Public Folders node:

 

SSL certificate server name is incorrect

 

All Internet queries to this problem point to the following Microsoft article: http://support.microsoft.com/kb/324345 The article offes two solutions, one is to match the FQDN of the server in the certificate assigned to the website. This was not a realistic option for us, given that the server was installed with a .PRIV domain name. The second option was to remove the SSL requirement on the EXADMIN virtual directory. This task was easy enough to do, but didn’t solve the problem. I found that the solution was actually in Active Directory. When we made the modifications on the EXADMIN virtual directory in IIS manager, the setting did not propagate to Active Directory. So to resolve the issue, browse to the EXADMIN object in ADSIEdit and remove the SSL port value (443) from the MSExchSecureBinding property.

 

Now, we can manage our Public folders again.

Announcing System Center Mobile Device Manager 2008

Over the years, a lot of management of mobile devices has been handled by Exchange servers. This never felt like a natural fit, but a defacto method of managing devices in lieu of another solution. The new solution is arriving soon… The System Center Mobile Device Manager (SCMDM) 2008 will allow administrators to manage mobile devices, deploy policies to devices and even push down applications to corporate mobile devices.

 

Expected to land on your MSDN pages, second quarter 2008…

Troubleshooting CAS Autodiscover problems

 

So i’ve posted about client connection issues before. It seems that most admins encounter configuration issues all the time, regarding RPC over HTTP, Exchange ActiveSync and AutoDiscover. This article is really dedicated to a problem I often see with Autodiscovery.

 

First, some basics. If you are having trouble getting Autodiscover working, there is a lot file on the client machine that holds all Autodiscovery information. You will find it at: %userprofile%\Local Settings\Temp\2\olkdisc.log

 

If you look in this log file and find failed URL errors, chances are you have an erroneous URI (that’s right not URL, URI) in the SCP (Service Connection Point) that is stored in AD or that your certificate is badly configured. So lets troubleshoot both problems:

 

1. Reset your SCP in AD: I get this question often, how do you set the URL (actually URI) that is used from the Internet to access your Exchange server. Well you need to publish that information in AD through the SCP (there’s actually other connection methods, but that discussion is for another day :)).

To reset your SCP with the accurate URI, use the following EMS command:

 

Set-ClientAccessServer -identity "EXCHANGECASSERVERNAME" -AutodiscoverServiceExternalURI HTTPS://EXTERNALFQDN/autodiscover/autodiscover.xml  -DomainController "DC NAME"

 

Force replication betwen all DC’s in your domain, restart Outlook and if you had a bad URI, you’re golden now!

 

2. If you have a cert problem, ensure that the following are correct: Certificate is not expired, Certificate is trusted on the client computer and that the name in the certificate matches your external URI.

 

Good luck with your CAS deployments!!!

 

 

 

 

Tasks that CANNOT be performed from the Exchange Management Console

 

I’ve been getting this question a lot! “What tasks CANNOT be performed from the Exchange Management Console?”

The following is the answer to this question. I’ve done a “best effort” to compile a complete list of these tasks. Feel free to comment here if you feel I should add information to this post or if there is incorrect information.

Tasks that MUST be performed from the Exchange Management Shell

Mailbox, Recipient and Public Folder Settings  

·         Get a list of all mailboxes, organized by size and number of items – Get-MailboxStatistics

·         Perform bulk management of multiple attributes for mailbox recipients – Get-mailbox | Set-Mailbox

·         Bypass antispam filtering for a specific recipient(s) Set-Mailbox -AntispamBypassEnabled $true

·         Get information about public folder sizes – Get-PublicFolderStatisics

·         Upgrade address lists and email address policies from LDAP syntax (after a migration from 2003) to OPATH syntax – Set-EmailAddressList

·         Give permission to a user’s mailbox (to another user) – Add-MailboxPermission

·         Give permission to an entire database, to a user – Add-ADPermission

·         All Public Folder management, for example:

o   Create Public Folders (Can be done from Outlook)

o   Mail Enable Public Folders

o   Enable Public Folder replication

o   Suspend/Resume Public Folder replication

o   Modify Public Folder Replication

o   Set/Modify Public Folder Quota

o   Modify Public Folder Referrals

·         Extract specific content from a mailbox and copy it to an alternate location – Export-Mailbox

·         Configure a resource mailbox to automatically accept all meeting requests – Set-MailboxCalendarSettings

·         Create (and modify) a new Global Address List – New-GlobalAddressList

Transport Settings

·         Set a maximum message size for incoming or outgoing messages (org) – Set-TransportConfig

·         Disable Xexch50 for outbound ESMTP connections – Set-TransportConfig

·         Set a maximum message size for incoming or outgoing messages (conn) – Set-ReceiveConnector

·         Add the Antispam tab to the Exchange Management Console – Set-TransportServer –AntispamAgentsEnabled $true

·         Set advanced SMTP connection settings such as Tarpit, connection timeouts, inactivity timeouts etc… – Set-ReceiveConnector

·         Install or uninstall antispam agents on a Hub Transport server – (un)install-AntispamAgents

·         Modify the properties of the Content Filtering agent to filter messages originating from authenticated servers INSIDE the organization – Set-ContentFilterConfig (useful if another server relays the message but does not perform filtering)

·         Add an exception to the Content Filtering agent to NOT perform any filtering for a specified SMTP Domain or Sender – Set-ContentFilterConfig –BypassSenderDomains / BypassSenders

·         Update the safe senders aggregation list –  Update-SafeList

·         Modify properties for the transport dumpster (Enable/disable – Max Size) – Set-TransportServer

·         Override AD Site link costs with Exchange Specific costs – Set-ADSiteLink

·         Design Exchange Hub Sites for message routing – Set-ADSite

·         Force a manual start to the Edge Synchronization between the HT and the ET servers – Start-EdgeSynchronization

Client Access Settings

·         Set connection time-outs for POP3/IMAP4 servers – Set-IMAPSettings / Set-POPSettings

  Following settings should be used with a Get-CASMailbox and piped to the Set-CASMailbox to be applied globally.

·         Prevent previous versions of Outlook from connecting to Exchange – Set-CASMailbox –MAPIBlockOutlookVersions

·         Enable/disable POP3 or IMAP4 for a user – Set-CASMailbox

·         Disable selected features of OWA (Calendaring, Change Password button etc…) – Set-CASMailbox

Other

·         Reseed a LCR or CCR (Maybe SCR ?) database copy – Update-StorageGroupCopy

·         Specify a message class for Managed Content Settings (For message classes NOT available in the EMC, such as IPM.XYZ) –  New-ManagedContentSettings

·         Create a customized quota message to mailbox recipients – New-SystemMessage

·         Create a customized Delivery Status Notification message – New-SystemMessage

·         Enable/disable, modify the properties of Message Tracking – Set-MailboxServer

·         Specify the number of ‘unreplicated logs’ that a CCR node will allow, and still mount a database a failover – Set-MailboxServer –AutoDatabaseMountDial

·         Allow a database to be overwritten by a restore operation – Set-MailboxDatabase –AllowFileRestore

·         Configure domain controllers that should NOT be used by your Exchange server – Set-ExchangeServer –StaticExcludedDomainControllers

       Modify the email address visible by external recipients, for internal users – New-AddressRewriteEntry

Confusion about Antispam agents on Hub Transport servers

A recent discussion has prompted me to write this and clarify some of the cmdlets and features relating to Antispam agents on Hub Transport servers; so here are the facts around it:

 

• To install antispam agents on a Hub Transport server: From EMS, Install-AntiSpamAgents.PS1
• To enable the Antispam Tab in the Exchange Management Console: Set-TransportServer -AntiSpamAgentsEnabled $True (Automatically run as part of the script mentioned above)
• To view the list of INSTALLED Transport Agents: Get-TransportAgent (Note: If you disable an agent from the EMC, it will still show under this task as ENABLED)
• To view the status of a specific Transport Agent, for example Content Filtering agent: Get-ContentFilterConfig | FL (Note: If you disable the agent from the EMC, it will show under this task as DISABLED)
• To disable a specific Transport Agent, for example Content Filtering agent: Set-ContentFilterConfig -Enabled $False

Confused yet?

Basically, when you disable an agent from the list of agents in the EMC, and run a Get-TransportAgent, it shows as enabled. That is because you are disabling the filtering feature of the agent from the EMC and not the actual agent running on the messages. The whole thing is really not documented anywhere and may lead to confusion from some admins. Even more confusing, if you run the Set-TransportServer -Antispamagentsenabled $True cmd, the tab will show up in the EMC, but the agents will actually NOT be installed.

 

SMTP over SSL from Outlook Express *only* over 25

I had an issue on a brand new implementation of Exchange 2007 last month, I resolved it in a funny and never really understood the underlying reason for the problem. Basically, I tried to connect Outlook Express clients through IMAP4 and SMTP. You may know that Exchage 2007 creates two defaut Receive Connectors, one of which is meant for SMTP relaying from POP3/IMAP4 clients. I enabled certificate encryption on the Receive Connector, but couldn’t get the clients to redirect over the default port, 587. Whatever I tried, the client would get an error. I could get the client to connect over SMTP (no ssl). I ended up fixing the issue by recreating a new Receive Connector and forcing the clients to go to SMTP over SSL on port 25.

Today, I was catching up on my Exchange Team Blog reading and I came across an article that describes the exact issue I ran into. Basically, this is an Outlook Express problem and is fixed in Vista Windows Mail. There may be  future fix to Outlook Express to get this to work.

 

Reason 3268 for moving to Windows Vista 😉