Praveen

Praveen

In this post I will cover the recovery installation steps for a failed/crashed DAG member server with multi role (the same steps can also be used if you wish to change the hardware). I have tried tried to include almost every possible points which can occure during the recovery of mutil role DAG member recovery on Exchange Server 2010.

Few of the steps mentioned in the below steps can be performed initially, however try to follow on this order to have a success recovery.
  • Install a new server with same Name, OS and patch level.

  • Perform the DAG removal steps, otherwise setup will fail (Exchange server is a member of a database availability group.)
Note - There are 2 scenarios, one is when we decide to recover a live server and other is recovering a crashed server. So if the server which is planned to be recovered in online, perform the DAG removal steps before you shut this server down to ensure successful removal without any errors. I have taken the situation that the server is offline and can not be bought online to do the DAG cleanup (configuration only removal).
    • Remove all database copies on the failed server (it may give a warning, if the server is offline but it can be safely ignored)
Remove_Database_Copy
    • Remove the failed server from DAG configuration
Remove_DAG_Member-serverconfig_Only
  • Reset the computer account from ADUC Console(failed exchange server/ the server planned to reinstall),

  • Assign the same IP as like the failed server(including replication), and join to the domain

  • Install the pre-requisites for exchange installation.

  • Create Same structure of drives/mount points on the new server, this is for the database copy creations etc.

  • Initiate the recovery mode installation by running the below command from installation directory on command prompt (sometimes ASP and ISAPI feature error may through during the pre-check, ensure these features are installed to the recovery server),
    • Setup /m:RecoverServer
Success_Completion
  • You will need to restart the server after the successful installation of the server.

Once the server is restarted, you can add it back to the DAG membership and create the database copeis, which I have explained in the next sction.

Add the server back to DAG membership

This operation may fail if the server is still in the cluster configuration,So you may have to evict the node from Failover Cluster Manager (shown below)

Evict_from_Failover_Cluster_Manager

Add database copy to the recovered server and let it finish the initial seeding.

Add_Database_Copy

You are almost all done.  Also ensure that you redo all the customized settings for your infrastructure.

Share if you face any issues,

-Praveen

OAB (Offline Address Book), as you know, is one of the critical features of Microsoft Exchange Server. Microsoft Exchange Team has introduced a major change in architecture of OAB in Exchange Server 2013, mainly targeting to avoid the single point of failure of OAB generation process. As we all know, until Exchange 2010 when we create an Offline Address Book, we need to specify the mailbox server name that is responsible for the generation of OAB. Hence this server becomes a single point of failure thus affecting the generation process if the particular server becomes unavailable.

In Exchange Server 2013, OAB generation does not owned by single server, whereas it generated by the Mailbox Server(s) that hosts special type of arbitration mailbox, called organization mailbox. Hence, the OAB generation is not bound to a single server.

Get-OfflineAddressBook

Exchange Component Responsible for OAB Generation,

In all the previous versions of exchange Microsoft Exchange System Attendant (SA) was responsible for the OAB generation process. And the OAB generation was a scheduled activity, which will run according to the schedule regardless of the server load. Whereas in Exchange Server 2013 “OABGeneratorAssistant” (mailbox agent running under the Microsoft Exchange Mailbox Assistant service) generated the OAB. Good part is, “OABGeneratorAssistant” is a throttled process and it pauses and resumes according to the load of a server to give a maximum server performance.

OAB file storage and Client Distribution,

The Exchange Server 2007/2010 was designed to distribute the OAB in 2 methods,
  1. Web based distribution
  2. Public Folder distribution
The Exchange Server 2013 is designed only to support web-based distribution. Wait…, how about outlook 2003? Well, I did not see a complete review on it yet. According to the available information, outlook 2003 might not go with Exchange Server 2013(as usual to arhive clients). Let’s wait for the RTM to be released.

Also, in exchange 2007/2010 version the OAB files were saved under %ExchangeInstallPath%\ExchangeOAB folder and is shared with Exchange CAS server for delivering it to the clients. In Exchange Server 2013, the OAB files are stored in the Organization Mailbox first and later the contents are copied to %ExchangeInstallPath%\ClientAccess\OAB\ folder. As it mentioned, it is no more accessible to CAS server via shared like in previous versions, hence the CAS server proxies such requests to the mailbox server where the database of Organization mailbox is active.

In previous versions, Microsoft Exchange File Distribution Service on the CAS role was pulling the OAB files, and passes it to the clients on request. Bu in Exchange 2013, Exchange CAS 2013 proxies all OAB download requests to the appropriate Exchange 2013 Mailbox server. As a result, Microsoft Exchange File Distribution Service is removed from the CAS role of Exchange Server 2013 architecture.

The process of OAB downloads in short,

  1. Outlook receives the OAB download information from the Autodiscover and reaches the Exchange Server 2013 Client Access Server (CAS role)
  2. CAS server (role) performed the initial authentication for OAB
  3. CAS server (role) Look for the nearest mailbox server for the requesting user
  4. CAS server (role) Identifies mailbox server where the active (mounted) database of Organization Mailbox.
  5. CAS role proxies the request to the identified mailbox server and retrieves the OAB file and passes to the client processing.

Now, what if the current active mailbox server fails where in DAG scenario?

The database will be mounted on another server according to the activation preference. So if CAS server receives another request for OAB download it then queries to Active Manager for the current active mailbox server to process the request.

-Praveen

As you aware, MS confirms the availability of Exchange Server 2013 certification exams by January 31, 2013. Keeping that in mind, I would like to give you an idea about how the new certification is planned. There are no more “MCITP: Enterprise Messaging Administrator" on Exchange 2013 and is now named to MCSE: Messaging (Exchange Server 2013). i.e. “Microsoft Certified Solutions Expert: Messaging”.

To become MCSE: Messaging on Exchange Server 2013, you need to get the following exams on your credits (simple diagram from MS explains everything),

Certification_Path

So you need below certification in credits to become MCSE: Messaging certified,
    • MCSA Windows Server 2012
    • Exam 70-341: TS: Core Solutions of Microsoft Exchange Server 2013
    • Exam 70-342: Advanced Solutions of Microsoft Exchange Server 2013

Now, How to become MCSA: Windows Server 2012?

You need to get the following certifications in your credit to become “MCSA: Windows Server 2012”.

Core:
Exam 70-410: Installing and Configuring Windows Server 2012
Exam 70-411: Administering Windows Server 2012
Exam 70-412: Configuring Advanced Windows Server 2012 Services
Or, the Upgrade Plan
Exam 70-417: Upgrading Your Skills to MCSA Windows Server 2012
This is intended for the candidates, who already have one of the following certifications,
    • MCSA: Windows Server 2008
    • MCITP: Virtualization Administrator
    • MCITP: Enterprise Messaging Administrator
    • MCITP: Lync Server Administrator
    • MCITP: SharePoint Administrator
    • MCITP: Enterprise Desktop Administrator

Look the screen shot below(which has taken from the Certification Planner,

Certificate_Planner

Either you have to write all core exams + the 2 Exchange Server 2013 Exams as mentioned earlier.

In short, the candidate who have any MCITP list above (normally all of us mostly have MCITP – Enterprise Messaging Admin) can write single Upgrade exam (Exam 70-417) to become MCSA and then take the additional two Exchange Server 2013 exams (70–341 & 70–342) to become MCSE: Messaging certified person. Otherwsie a total of 5 exams needed to become MCSA: Messaging.

Need more reading, see MCSE: Messaging Certification Overview

-Praveen

The outlook calendar and reminders are always headache to IT support staff, since it is extensively used by the top management of any company and gets limited time to resolve it. Here is one such problem I have come across recently and the simple resolution.

You might have experienced the reminder pop up issue with the users who are running Outlook 2010, Service pack 1(mostly after you upgrade the outlook 2010 with service pack 1). Whereas the user gets his reminder pop up when he uses the Webmail (Outlook Web Access).

Symptoms:
  • Reminder Pop Ups are working fine with OWA
  • Reminder Pop Ups are working with other version of outlook (Outlook 2003, 2007 and Outlook 2010 without SP1)
  • Outlook Pop Ups are not working with Outlook 2010 SP1, no matter if it is cached mode or Online mode.
You will also see that this issue does not resolve by the well known reminder fixing switches like outlook /cleanreminders, /resetfolders and cleanfreebusy etc.

Resolution:

This issue is acknowledged by MS long back, however the hotfix intended for this issue include fixes for many other reported issues. Hence it becomes difficult to point down to the article when you search for it. This issue is addressed in the Microsoft Knowledge Base article number(s) 2584053.

Request for the hotfix from the below link,

Description of the Outlook 2010 hotfix package (x86 Outlook-x-none.msp; x64 Outlook-x-none.msp)

Download the hotfix mentioned in the above link and verify the reminder functionality again. It should work like a charm!

If it did fix the issue for you, I would recomend you to deploy this on all Outlook 2010 SP1 machine to kill the issue before it pops up !

-Praveen

Recently I faced a DR situation, in which the Exchange Servers are gone down due to a major hardware failure on blade enclosure. Finally it went up to ‘rehoming’ the mailbox and merging the data from a recent available backup as the hardware issue took little more time that I could keep the exchange offline. Though it took a little while to understand the complete procedure, the restoration procedure the merging activity on Exchange 2010 found to be little easy than the older versions of Exchange.

Here is how the recovery works (I was using Symantec BackupExec as backup solution),

Create a recovery database using the below shell command(it has to be created from Shell only at this point in time),

new-mailboxdatabase -Recovery -Name RDB1 -Server EXH3 -EdbFilePath "D:\RecoveryDBs\ RDB1\ RDB1.edb" -LogFolderPath "D:\RecoveryDBs\ RDB1"

Once the database is created, do not mount it. Ensure that the “this database can be overwritten by a restore” option is enabled before you go to restore the database. Once the Recovery DB is created, go to the backup software and restore the DB into this recovery database (BackupExec Exchange redirection has been shown below), this may be different in different backup software.

BackupExec_Restore

If you use the Symantec BackupExce software, it will initiate the log replay and finally mount the DB if the restore is success. Note that, you can only have one Recovery DB mounted at any point in time. So keep all other Recovery DB’s dismounted before you initiate the restore job.Once you are able to mount the Recovery DB successfully, you are all set to restore/merge the mailbox data to the desired mailbox. To restore individual mailbox, execute below cmdlet,

New-MailboxRestoreRequest -SourceDatabase " RDB1" -SourceStoreMailbox "PraveenBalan" -TargetMailbox “praveen.balan”

One thing to remember is to give the Display name of the user for “-SourceStoreMailbox” parameter and alias of the user to “-TargetMailbox” parameter. This will initiate the merging operation.Now if you would to initiate a bulk restore operation (bulk merge from Recovery Database), all you need to do is prepare a CSV file with DisplayName and Alias (looks like blow),

DisplayName,Alias
Praveen Balan,praveen.balan

Now, run the below power shell cmdlet,

Import-Csv C:\Input\Restorerequest.csv | foreach {New-MailboxRestoreRequest -SourceDatabase "RDB1" -SourceStoreMailbox $_.DisplayName -TargetMailbox $_.Alias}

Now if you wish to list all the available mailboxes on the recovery database, you may use the Get-MailboxStatitics cmdlet against it same as the other database.

Post comments if you face any issues, as I know this is really short explanation..

-Praveen

The first question that came to mind when I open the EMC (Exchange Management Console) after the successful installation of Exchange Server 2013 is, how we do the GUI management of this new version of Exchange. And I was not surprised to know that MS has come up with the Web based administration console by replacing the EMC administration, as all is going towards the web based management. Microsoft Exchange development team has replaced the Exchange Management Console (EMC) and Exchange Control panel with the introduction of Exchange Administration Center (EAC). Yes, now we manage exchange using the web based administrative console called EAC in short.

Now let us look at how it looks like, and what all the major tasks which can be managed through the EAC (Exchange Administration Console or Exchange Admin Center).

To open the Exchange Administration Console, type https://<<server name>>/ecp on your web browser, if you wish to change

Important Elements of EAC is explained here,

As you can see, the Exchange Administration Center (EAC) is almost similar to our EMC. Each of the important potions of EAC is briefly explained here,

GUI_Admin_GUI_Explained_from_MS

Left Navigation Pane:

  • Recipients: - You manage the recipients here, including all types of mailboxes, contacts, groups, mailbox migration tasks etc.

Exchange 2013, Recipient Management Center

  • Permissions: - manage the administrative roles, user roles and OWA polcies

Exchange Server 2013 Permission Management

  • Compliance Management: - Manage your e-discovery, Auditing, Retention Policies, Retention Tags, and Journaling etc.

Compliance_Management

  • Organization:- Manage Federated Shares, Outlook Apps, Address Lists etc

Exchange 2013 Organization Management Center

  • Protection: - Anti-malware protections etc.
  • Mail Flow: - Similar to Transport management in Exchange 2007 and 2010. Here you manage rules, delivery reports, accepted domains, email address policies, and send and receive connectors

Exchange 2013 Mailflow/Transport Management

  • Mobile: - As the name implies, you manage the mobile devices, its access policies and rules.
  • Public Folder: - Manage your public folder if exists.
  • Servers: - Manage Mailbox and CAS servers, DAGs, Mailbox Databases, Virtual Directories, certificates etc.

Exchange 2013 Server Management Center

  • Hybrid: - Manage your Hybrid configuration

Now, let's look at the other major areas on the Exchange Administration Center, each area marked in the first figure has been elaborated here.

Tabs: - Tabs marked in the above picture is the second level of navigation

Toolbar: - As the name indicates are the actions which we can take on each level of navigation. It is similar to the action pane of EMC/ECP.

List View – Lists all the objects in the navigated area, where you can select the object on which you wish to execute some actions.

Details Pane, displays the information about he selected object from List View.

Notification shows any in-progress/long running tasks. You also see a link enabled “View Details” which will take you to the location to know more about the tasks.

There are more to give about the administration tasks on Exchange Server 2013, which I hope will be able to cover up on upcoming posts…

The details about this topic is available on Exchange Administration Center

-Praveen

Update: On Windows Server 2012, follow Installation Guide of Exchange 2013 on Windows 2012 Server

This documents describes how the exchange environment for Exchange 2013 is installed. This includes the steps by step process of installing exchange in a new environment with Exchange Server 2013 preview version installation. From my thought, the installation will become much more easier when the RTM version is available to download. Even at this point the installation goes smooth if you follow the instructions correctly.

LAB Details:

One Domain Controller in Windows 2008 R2 Std, and running in Windows 2008 native mode.

One member server joined into the domain exchange2013.local.

Coivering Exchange 2013 Prerequisites

Login to the server App-Exchange2013 with domain credentials (Ensure that the domain account you use to install Exchange 2013 have sufficient privileges.)

See MS write up on permission required, however I use the Administrator account to avoid any permission issues.

-- You must ensure the account you use is delegated membership in the Schema Admins group if you haven't previously prepared the Active Directory schema. If you're installing the first Exchange 2013 Preview server in the organization, the account you use must have membership in the Enterprise Admins group. If you've already prepared the schema and aren't installing the first Exchange 2013 Preview server in the organization, the account you use must be a member of the Exchange 2013 Preview Organization Management role group.

Administrators who are members of the Delegated Setup role group can deploy Exchange 2013 Preview servers that have been previously provisioned by a member of the Organization Management role group. --

Now, open Windows PowerShell (preferable to run as administrator) and type “Import-Module ServerManager” without quotes

Run the following command to add the all the features for the role combination.

Role Combination

Add-WindowsFeature command

Only Mailbox role

OR

Mailbox and Client Access Server

Add-WindowsFeature Desktop-Experience, NET-Framework, NET-HTTP-Activation, RPC-over-HTTP-proxy, RSAT-Clustering, RSAT-Web-Server, WAS-Process-Model, Web-Asp-Net, Web-Basic-Auth, Web-Client-Auth, Web-Digest-Auth, Web-Dir-Browsing, Web-Dyn-Compression, Web-Http-Errors, Web-Http-Logging, Web-Http-Redirect, Web-Http-Tracing, Web-ISAPI-Ext, Web-ISAPI-Filter, Web-Lgcy-Mgmt-Console, Web-Metabase, Web-Mgmt-Console, Web-Mgmt-Service, Web-Net-Ext, Web-Request-Monitor, Web-Server, Web-Stat-Compression, Web-Static-Content, Web-Windows-Auth, Web-WMI

Client Access Role

Add-WindowsFeature Desktop-Experience, NET-Framework, NET-HTTP-Activation, RPC-over-HTTP-proxy, RSAT-Clustering, RSAT-Web-Server, WAS-Process-Model, Web-Asp-Net, Web-Basic-Auth, Web-Client-Auth, Web-Digest-Auth, Web-Dir-Browsing, Web-Dyn-Compression, Web-Http-Errors, Web-Http-Logging, Web-Http-Redirect, Web-Http-Tracing, Web-ISAPI-Ext, Web-ISAPI-Filter, Web-Lgcy-Mgmt-Console, Web-Metabase, Web-Mgmt-Console, Web-Mgmt-Service, Web-Net-Ext, Web-Request-Monitor, Web-Server, Web-Stat-Compression, Web-Static-Content, Web-Windows-Auth, Web-WMI

 1.       Run the below command on Windows Power Shell to add “Remote Tools Administration Pack”

 Cmdlet:  Add-WindowsFeature RSAT-ADDS

RSAT

Important: Ensure that you take a restart of the server before step to the next stage of installations.

1.       Once you finish the roles and features for the operating system, do install the following software in given order. Note – If you fail to follow the order may end up in error during Exchange installation.

  1. Download and Install Microsoft .NET Framework 4.5 RC
  2. Download and Install Windows Management Framework 3.0 (Note – restart the server at this point, and process to next step.)
  3. Download and Install Microsoft Unified Communications Managed API 4.0, Core Runtime 64-bit
  4. Download and Install Microsoft Office 2010 Filter Pack 64 bit
  5. Download and Install Microsoft Office 2010 Filter Pack SP1 64 bit
  6. Download and Install Microsoft Knowledge Base article KB974405 (Windows Identity Foundation)
  7. Download and Install Knowledge Base article KB2619234 (Enable the Association Cookie/GUID that is used by RPC over HTTP to also be used at the RPC layer in Windows 7 and in Windows Server 2008 R2)
  8. Download and Install Knowledge Base article KB2533623 (Insecure library loading could allow remote code execution)

Restart the server once you complete all the above software installations.

Once you done with all above software, follow below steps. This is also part of pre-requisites, do complete them before you start the actual installation.

  1. Uninstall Microsoft Visual C++ 11 Beta Redistributable (x64) (Open Program and Feature from Control Panel and uninstall the specified program) Note - This task must be done after you've installed UCMA, but before you run Exchange 2013 Preview Setup.
  2. Unistall_c_11_beta-updated
  3. Register ASP.NET with .NET Framework 4.5 in Internet Information Services (IIS)
    1. Open windows command prompt
    2. Run “%SystemDrive%\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_regiis.exe -ir –enable” without quotes
  4. Do an IISReset after registering the ASP.NET with .NET Framework 4.5

Before you proceed with the Exchange 2013 installation, please reboot the server. Otherwise the pre-installation check may fail.

The actual Install Exchange Server 2013:

  • Extract the Exchange 2013 to local drive of the server
  • Run the setup.exe with Run as Administrator
  • Select appropriate selection on Check for Updates, I selected do not check.
  • The setup will start copying the files, wait for it to complete and click on “next”
  • On Introduction Page, click “next”
  • Accept the License Agreement and say “next”
  • Error reporting, I selected “No” for time being, and click on “next”
  • Click next on Checking for required software section
  • Select the roles, (mailbox and Client access). By now you must have known that the hub transport role now in Mailbox server.

Server_Roles

  • Installation space and Location, I leave as default and click on “next”
  • Give an Organization name, and click on Next

Org_Name

  • Leave default on Malware Protection Settings, click next
  • Give the external URL on Configure Client Access Server page, and click next

CAS_Internet_Facing

  • Leave as default on CEP page, and give “next”
  • You will see successful readiness check if you have done all the steps mentioned in this article. Click on Install button to start the installation process.

You will see a completion page after the successful installation of Exchange Server 2013. You may now go to the ECP or Exchange Management Shell for further configuartion, as the EMC has very limited

administration option.

Share your feedback on the installation experience, hope this helped you in setting up your Exchaneg Server 2013 server.

References,

Install Exchange 2013 Using the Setup Wizard , Exchange 2013 Prerequisites, Verify an Exchange 2013 Installation

-Praveen

Microsoft has released it preview of next full version of Exchange Server, Exchange Server 2013!!!

Looks to be little fast, yes but it is time again to do more R & D, get the preview version of Exchange Server 2013 from below location,

Register and Download here

MS says it is full featured limited period evaluation, get it soon as possible and set up your own evaluation LAB for digging further on its features...

If you are interested in knowing more on Plan, Deploy and Operate on Exchange Serfer 2013, you may visit "Exchange Server 2013 for IT Pros". I will post more articles on Exchange Server 2013 in coming days, wait for it. Also, I welcome all of you to share your experience with Exchange Server 2013..

Let's get started with it !!!

-Praveen

Recently I have been asked to set restriction to the OWA traffic from certain IPs/ Range of IPs. This was in test for the control that we can have on our Forefront TMG 2010 firewall policy. This will become useful when you want to block the OWA traffic from certain public IP range. One such situation I feel is to block the unauthorized Blackberry Internet Services (BIS) users of company email. As you know that if the OWA feature is enabled for a user, he can configure his own device with BIS account. To overcome that, you may block the BlackBerry® Internet Service Internet Protocol (IP) ranges listed in this article Firewall and connection requirements for the BlackBerry Internet Service

Now, how do we achieve this on our Forefront Firewall policy? I would say it is easy, I have taken IP range as 10.10.10.11 – 10.10.10.19 in my LAB infrastructure.

I assume that you already have a rule on you Forefront TMG 2010 to publish the Outlook Web App, if you have not done it refer this article –

Publish Exchange 2010 OWA Using Forefront TMG 2010 & Configure OWA Redirection – Part 1

Now let’s see how we configure the restriction on IP range,

  • Open Forefront TMG Console and Locate Firewall Policy in the left pane
  • On your Right hand side, make selection on “Toolbox” (by default the selection will be on Tasks)
  • Now expand the Address Ranges as shown below

Address_Range_-_All

  • Right click on it and say “New Address Range” and name it as IP Block List then enter the IP range you want to put restriction on (If you wish to block only 1 IP enter the same IP on both start and end address).

New_Address_Range

  • Now go back to the “All Firewall Policy” area and select the OWA publishing rule (in my case it is named as Exchange2010 OWA), right click on it and go to Properties.
  • Click on the tab “From” and add the newly created Address Range IP Block List’ to the Exceptions as shown below.

TMG_Firewall_Rule_Property

  • Click on Apply and say OK.
  • Apply these changes to TMG configuration by clicking on Apply button on top.

Now you have set restriction to the IP range specified, try accessing the OWA page from machines those are in the IP Block List. You should be receiving the below message in the bottom of the webpage.

Error Code: 403 Forbidden. The server denied the specified Uniform Resource Locator (URL). Contact the server administrator

Likewise you may add the same IP Block List to any policy that you have created, for e.g. the OWA redirection policy and so on.

-Praveen

This article is in continuation with the first part, which is available here Publish Exchange 2010 OWA Using Forefront TMG 2010 & Configure OWA Redirection – Part 1

Create Rule for OWA Redirect and Simplify URL

  • Go to the TMG Management Console and in the Firewall Policy list, highlight the OWA publishing rule created, and right click and again click on “Copy”.

TMG_Rule_Copy

  • Select the Exchange 2010 OWA rule again and click on “Paste”, it will create a same copy of rule as shown below

TMG_Rule_Paste

Before we Apply the rule, we have to do some changes as shown below,

  • Change the Rule name to Exchange2010 OWA Redirect, and select the tab “Action” and set like below, enter the complete URL of the Web App page e.g. https://mail.fabrikam.com/owa

TMG_Rule_Action_Tab

  • Go to the Listener tab, and click on properties of selected listener and select the Connection tab. Tick the “Enable HTTP connections on port:” option and then click on OK to come back to rule properties.

TMG_Listener_Connections_Tab

  • Go the Paths tab, and remove all and Add “/” without quotes.

TMG_Rule_Paths_Tab

  • Go to Users tab and Remove the Authenticated Users and Add All Users.

TMG_Rule_Users_Tab

  • Now get on to Authentication Delegation tab and select “No delegation, but client may authenticate directly” option.

TMG_Rule_Athentication_Delegation_Tab

That’s now it is all set to Apply. Click on Apply button on Forefront TMG console and enjoj.

Write if you have any comments/queries.

-Praveen

Page 11 of 15
theme by reviewshub