| David's profileExchange Server 2007 / 2...BlogLists |  Tools  Help |
|
Exchange Server 2007 / 2003 (tips and tricks) sprinkled with SMS and AD stuff...David Elfassy MCX WWW.NETLOGON.CA April 15 Announcing Exchange Server 2010 BetaWell, you can finally download it here http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=1898ed2c-2f88-48ac-824e-d3d20fad77d7
Exchange Server 2010 Beta is now publically available. You can look forward to the following changes:
I've been fortunate enough to play around with Exchange Server 2010 for the past year and I just think its a stellar feature packed product. If we can have a solid migration path from Exchange Server 2003 and Exchange Server 2007, we've got a winner!!! March 11 When will Exchange 14 be available in Public Beta?Well, there has not been any official announcement yet about when everyone will get to play with Exchange 14; however, a little (not so deep) detective work yields some interesting information. By taking a quick look at the upcoming Microsoft TechEd conference sessions, we immediately notice a whole slew of Exchange 14 sessions. What that usually means is that the product should be available in beta BEFORE May 11th 2009, the day TechEd opens. If I was a betting man (and I am), I would bet on a public beta prior to May 11.
Get ready, this one will be fun!?! January 14 First post about Exchange 14...Well, we are inching closer and closer to a public release of Exchange 14, likely to be named Exchange Server 20xx (Maybe Exchange Server 2010 ?). The cat is out of the bag, Microsoft has finally made a public release of information on Exchange 14 through a video on TechNet Edge. Not much was described in there, except for:
1. A user's ability to create and manage his distribution groups.
2. An administrator's ability to use a new web based administration page.
3. Continuous features for OWA and Exchange ActiveSync
Though this video discussed Exchange Labs more than Exchange 14, more videos on Edge will provide more Exchange 14 information in the new future. You should also come back to this blog to get more info Exchange 14, since I've been running beta versions for 10 months now... Lots of good stuff coming our way!!! November 18 Not much of an interviewer... but I try...I was recently at Tech-Ed EMEA in Barcelona working with the Springboard group. When my friend Ken Rosen bailed on a scheduled interview with Mark Minasi, I was asked to step in and discuss the controversial topic of Vista adoption. I was actually very interested in hearing other's opinion to this question: "With Windows 7 hanging in the shadows, should companies deploy Windows Vista or wait?" We answered this question and many others...
Click on the following link to see my interview with Mark Minasi:
October 22 Got Cert? - Get Tested!Here's a rare "non-technical" post...
Casting call for Certification Video Payment: No Pay Description: Production Coordinator is looking for well-spoken real Microsoft Certified Individuals (MCP & MCT) —aged 21 or older, all ethnicities and types - to appear as Microsoft testimonials. Most testimonial days last between 2-4 hours and are filmed in the greater Seattle, WA area. Accepted applicants for shooting will be provided with lunch. Pre-Interview is required. (Pre-Interview will take place Week of October 27th) Testimonial applicants will have had a positive experience with Microsoft Certifications. They will then tell us why they chose to get certified and how being certified impacted their career journey. Send picture, current job position and a brief description of your Microsoft Certification experience to:Regines@microsoft.com Electronic submissions only. October 16 100 things you may not know about Exchange server: #99For the past few months, I've been getting requests from customers about their emails getting bounced from various SMTP servers out on the Internet. Looking at their servers, most of them were issuing outbound SMTP sessions by using the local server FQDN, and not the server name used in MX/SPF records. I instructed a couple of customers t change the FQDN in the properties of the Send Connector, but remembered that another setting had to be change. You also need to change the permissions assigned to the Anonymous Logon by using the following EMS command, if your Mailbox and HT servers are on the same box: Get-SendConnector "NameOfSendConnector" | Remove-ADPermission -User "NT AUTHORITY\ANONYMOUS LOGON" -ExtendedRights "Ms-Exch-Send-Headers-Routing"
October 01 100 Things You May Not Know About Exchange Server: #100We have all grown to love and enjoy OWA with Forms-Based Authentication. Gives us great security, cookie timeouts, forces us to do SSL--- Wait a sec. What? No. Actually I can do Forms-based authentication WITHOUT SSL. The GUI (in this case the Exchange System Manager) will not let you run it without SSL, unless you modify a reg key. Add a reg dword (value of 1) under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSExchangeWeb. This will allow you to run FBA without SSL (disclaimer: only meant to be used in a test environment) New series on this blog: 100 things you may not know about Exchange ServerSo I've been busy working on so many different projects that I find I'm not learning a lot of new stuff about Exchange 2003 or 2007 these days. I need to get excited, amazed, bewildered, bemused about some new and interesting Exchange topics. Therefore, I decided to start a new series on my blog that will force me to add a new interesting thing about Exchange (any version currently supported) that you may not know. Hopefully we'll keep those OUTSIDE of the pure "trivia" category. Next post will be there first! August 19 Exchange Server: The virtualization storyMicrosoft has finally released its definitive story about virtualizing Exchange and the support policies. http://technet.microsoft.com/en-us/library/cc794548.aspx
Here are the highlights and lowlights:
1. Exchange Server 2007 on Hyper-v is now fully supported, as long as:
2. Exchange Server 2007 is supported on 3rd Party virtualization software, as long as:
3. Exchange HA is supported. (as long as its not combined with Hyper-V HA) 4. Clustering is supported. (as long as you're not using clutered virtualized servers.) 5. Exchange Server 2003 is supported in a virtualization environment, as long as:
This is a better story than what we've had up to now, albeit not a complete support policy yet. The obviously lack of support for VMWare, IMO, is going to be an issue. Though there is basic support for all 3rd party virtualization products. http://support.microsoft.com/kb/897615/en-us
February 11 Windows Server 2008 cannot perform streaming backups of Exchange Server 2007 DatabasesUpdated on March 4th, 2008
You may not have heard about this yet, but more and more people have been asking me about this. The "Windows Server Backup" feature running on Windows Server 2008 cannot backup your databases/stores on Exchange 2007. What were refer to as streaming backups, is no longer supported with the built-in backup tool (still possible with 3rd party). So what do we use to backup the DBs? Well, you have a few options. First, of course, you have 3rd party products, the same you may currently be using to backup Exchange 2003 servers, are available in versions supported by Windows 2008/Exchange 2007. Second, if you want to stay on the MS side of things, you will want to use System Center Data Protection Manager (SCDPM) to perform VSS-based backups of your Exchange 2007 servers. (SC DPM cannot take streaming backups)
Now what will happen in Cougar (SBS 2008)? I haven't had a chance to check it out yet, but this may be prohibitive to small businesses who look for simple backup solutions. My guess (and this only a guess) is that they will leverage SC Essentials with a minimal version of SCDPM. Well... at least that's what I would do...
I also want to point out though that I've recently been told that you can restore, on Windows2008, Exchange Offline DB backups done in Windows Server 2003 (no online backups supported). I've actually tried this out (other than the SCDPM) and the options for Exchange are simply not there.
More guidance on this from Microsoft will be arriving soon.
December 14 Learning path for Exchange Server 2007I was recently asked by Microsoft to create a Learning Plan for Exchange Server 2007. These Learning Plans were promoted as part of a marketing initiative that took place at IT Forum in Barcelona this year. Basically, its a list of resources, in a relevant order, that you can use to become knowledgeable on Exchange Server 2007.
November 21 Get ready for Exchange Server 2007 SP1Any day now... Exchange Server 2007 SP1 will drop. Initially, Microsoft has said that this service pack will be released in conjunction with Windows Server 2008. Well, Windows has slipped, but the Exchange team has stuck to their guns and SP1 will be released this quarter. Typically, this doesn't happen too close to x-mas, which means any day now!!!
Why should you care about this Service Pack? Well sure, you get SCR, support for Windows 2008, better mobile device policies, improved management from the EMC... but really, we know that the favorite new features will be the new Zune and XBOX 360 OWA themes :) October 25 SSL certificate server name is incorrect - Exchange System Manager issueI came across this issue today, where the Exchange System Manager returns the following error when accessing the Public Folders node:
SSL certificate server name is incorrect
All Internet queries to this problem point to the following Microsoft article: http://support.microsoft.com/kb/324345 The article offes two solutions, one is to match the FQDN of the server in the certificate assigned to the website. This was not a realistic option for us, given that the server was installed with a .PRIV domain name. The second option was to remove the SSL requirement on the EXADMIN virtual directory. This task was easy enough to do, but didn't solve the problem. I found that the solution was actually in Active Directory. When we made the modifications on the EXADMIN virtual directory in IIS manager, the setting did not propagate to Active Directory. So to resolve the issue, browse to the EXADMIN object in ADSIEdit and remove the SSL port value (443) from the MSExchSecureBinding property.
Now, we can manage our Public folders again. October 22 Announcing System Center Mobile Device Manager 2008Over the years, a lot of management of mobile devices has been handled by Exchange servers. This never felt like a natural fit, but a defacto method of managing devices in lieu of another solution. The new solution is arriving soon... The System Center Mobile Device Manager (SCMDM) 2008 will allow administrators to manage mobile devices, deploy policies to devices and even push down applications to corporate mobile devices.
Expected to land on your MSDN pages, second quarter 2008... October 15 Troubleshooting CAS Autodiscover problemsSo i've posted about client connection issues before. It seems that most admins encounter configuration issues all the time, regarding RPC over HTTP, Exchange ActiveSync and AutoDiscover. This article is really dedicated to a problem I often see with Autodiscovery.
First, some basics. If you are having trouble getting Autodiscover working, there is a lot file on the client machine that holds all Autodiscovery information. You will find it at: %userprofile%\Local Settings\Temp\2\olkdisc.log
If you look in this log file and find failed URL errors, chances are you have an erroneous URI (that's right not URL, URI) in the SCP (Service Connection Point) that is stored in AD or that your certificate is badly configured. So lets troubleshoot both problems:
1. Reset your SCP in AD: I get this question often, how do you set the URL (actually URI) that is used from the Internet to access your Exchange server. Well you need to publish that information in AD through the SCP (there's actually other connection methods, but that discussion is for another day :)).
To reset your SCP with the accurate URI, use the following EMS command:
Set-ClientAccessServer -identity "EXCHANGECASSERVERNAME" -AutodiscoverServiceExternalURI HTTPS://EXTERNALFQDN/autodiscover/autodiscover.xml -DomainController "DC NAME"
Force replication betwen all DC's in your domain, restart Outlook and if you had a bad URI, you're golden now!
2. If you have a cert problem, ensure that the following are correct: Certificate is not expired, Certificate is trusted on the client computer and that the name in the certificate matches your external URI.
Good luck with your CAS deployments!!!
June 21 Tasks that CANNOT be performed from the Exchange Management Console
I’ve been getting this question a lot! “What tasks CANNOT be performed from the Exchange Management Console?” The following is the answer to this question. I’ve done a “best effort” to compile a complete list of these tasks. Feel free to comment here if you feel I should add information to this post or if there is incorrect information. Tasks that MUST be performed from the Exchange Management Shell Mailbox, Recipient and Public Folder Settings
Transport Settings
Client Access Settings
Following settings should be used with a Get-CASMailbox and piped to the Set-CASMailbox to be applied globally.
Other
June 20 Confusion about Antispam agents on Hub Transport serversA recent discussion has prompted me to write this and clarify some of the cmdlets and features relating to Antispam agents on Hub Transport servers; so here are the facts around it:
Confused yet? Basically, when you disable an agent from the list of agents in the EMC, and run a Get-TransportAgent, it shows as enabled. That is because you are disabling the filtering feature of the agent from the EMC and not the actual agent running on the messages. The whole thing is really not documented anywhere and may lead to confusion from some admins. Even more confusing, if you run the Set-TransportServer -Antispamagentsenabled $True cmd, the tab will show up in the EMC, but the agents will actually NOT be installed.
May 22 SMTP over SSL from Outlook Express *only* over 25I had an issue on a brand new implementation of Exchange 2007 last month, I resolved it in a funny and never really understood the underlying reason for the problem. Basically, I tried to connect Outlook Express clients through IMAP4 and SMTP. You may know that Exchage 2007 creates two defaut Receive Connectors, one of which is meant for SMTP relaying from POP3/IMAP4 clients. I enabled certificate encryption on the Receive Connector, but couldn't get the clients to redirect over the default port, 587. Whatever I tried, the client would get an error. I could get the client to connect over SMTP (no ssl). I ended up fixing the issue by recreating a new Receive Connector and forcing the clients to go to SMTP over SSL on port 25.
Today, I was catching up on my Exchange Team Blog reading and I came across an article that describes the exact issue I ran into. Basically, this is an Outlook Express problem and is fixed in Vista Windows Mail. There may be future fix to Outlook Express to get this to work.
Reason 3268 for moving to Windows Vista ;) March 19 Using the Set-emailaddresspolicy after your migration to Exchange 2007The syntax used in address lists and recipient policies in Exchange Server 2003 is not compatible with the administration tools in Exchange Server 2007. Therefore, immediately following the transition of your administrative tasks to the 2007 servers, you should upgrade the lists and policies. If you don't, you will not be able to modify the Address Lists (used to view recipients in Outlook) or the E-mail Address Policy (used to define the incoming SMTP domains in your Exchange organization.)
To upgrade your Recipient Policy to a E-mail Address Policy syntax:
Set-emailaddresspolicy -includedrecipients allrecipients (when prompted for the name of the list, enter "Default Policy" if you are using a default naming convention.)
To upgrade your Address Lists to an Exchange Server 2007 syntax:
Set-AddressList -includedrecipients mailboxusers (This is for the All Users list, that included mailbox users; for other lists, enter the appropriate value, such as MailUsers, MailContacts, Resources or MailGroups) (Of course, when prompted, put in the correct list name.) March 16 Managing multiple SMTP domains during coexistence between Exchange 2003 and 2007As many of you start to Transition your Exchange environments from 2003 to 2007, you'll find out that most transition mean coexistence. Coexistence means issues... An issue you'll have to deal with is how certain settings are replicated betwen Exchange versions and others are not. For example, when you install your first Exchange 2007 server, Exchange 2003 Recipient Policies are regenerated in 2007 in the form of Accepted Domains and E-mail Address Policies; no problem there. However, if you create additional Recipient Policies, the associated Accepted Domain is NOT created. If you happen to decomission your 2003 servers, without noticing this, e-mail messages destined to those domains will be rejected. Solution: Create the new Accepted Domains manually. Voila. February 20 Top 5 routing concepts that have changed in 2007 (In brief)Many people have been asking many questions about all the changes in Exchange Server 2007. One concept that's been catching everyone asleep, is the new message routing features, paths and services. So here's your "In brief" review of the new routing concepts:
1. No more Routing Groups / Site Connectors used for internal Exchange messaging: Partially true, since you still maintain a routing group for coexistence with Exchange 2000/2003. So what's used instead? AD Sites and AD Site Links (with costs)
2. Exchange-specific routing costs: To tie in quickly the previous point, if you want to modify message routing costs and do not want to affect your AD replication paths, you can apply Exchange-specific costs. (Hint: Use the EMS for those)
3. Direct delivery of messages across sites: An Exchange server will try to establish a direct connection to a destination/target server in a destination site. If there are multiple sites in the routing path, the Exchange server (HT) will communicate directly with the final hop in the routing path. If that server is unavailable and all destination servers in the site are unavailable, it will back-off to the closest point of failure and queue it on that server (site).
4. Send Connectors and Receive Connectors: The concepts of "Sending" and "Receiving" are now clearly divided into Send and Receive Connectors. They're actually the new implementation of SMTP VS, without some of their limitations. Some Send Connectors are created "Dynamically) and cannot be modified (HT), some Send Connectors are created during the installation and allow for sending mail to the Internet (ET).
5. MexRuntime Agents: All antispam and filtering components run as agents. These agents can run on both HT and ET servers (except for a couple that are only available on ET. (Hint: To install most agents on an HT, run the install-antispamagents.ps1 script)
Of course, other things have changed, but lets start herefor now... April 28 Major permission change in Exchange Server 2003 StoreSince I know many readers of this blog are using BES or GoodLink servers, you'll be very interested with this change in behavior. In a nutshell, to send mail as another user in Exchange 2000/2003, Full Mailbox Owner permission is no longer enough, in conjunction with this permission, you also need the "Send As" permission. This will only affect you if you install an update to store.exe after April 28th, 2006.
Microsoft has created a script to help you identify the users in your organization that will require this update. The following KB has all details about this issue and the script. http://support.microsoft.com/kb/912918
For more information about the specific Store.exe version affected, look at the following KB article http://support.microsoft.com/kb/895949/
Of course, nobody believes in conspiracies to make your life real complicated to use BES or GoodLink for wireless access and in fact convince you to purchase som Mobile 5.0 direct push devices... Rubbish!!! April 21 Troubleshooting Exchange Server ActiveSync through an ISA serverI'm spending more time on advanced issues related to Exchange Server 2003 these days. I don't get calls anymore to migrate or install servers, i'm getting requests for RPC over HTTP, multi-node clusters and configuring Server ActiveSync. This makes for much more interesting projets...
So this week I had to configure a new client's Server ActiveSync environment and ensure connectivity through an existing ISA 2004 server. Of course, the current environment wasn't properly configured and I had to stabilize a few things before I could move on... However, when it came to the ActiveSync portion of the work, I ended up forgetting a few details and I made myself a list of gotcha's. Here they are:
Once all of this is done, configure the profile on the PDA to point to the FQDN on the certificate and start syncing!!! January 18 Windows Vista vs Windows XP Prohttp://www.bentuser.com/article.aspx?ID=332& : Good read!
I don't typically post links to articles, but i'm getting a lot of questions lately about the differences between Vista and XP. Although there are many differences under the hood, the interface differences are very impressive as well. As always, MS is pushing towards a user friendly interface and an effortless management of information. Sometimes succeeding on both fronts...
I'll write more in the months to come about Vista, as one of our clients has been selected as a MS TAP client for Vista and we'll be managing the deployment during March and April. January 11 More on the 64 Bit version of Exchange 12...Or Exchange Server 2007 as it will probably be known...
As an MCT (Trainer), one of the things I was very worried about is the 64Bit only version of Exchange 12. Since we run a lot custom courses and MS courses on Exchange, we would have to put in 64Bit processors as a requirement for our courses, driving costs up. After understanding a bit more of the driving factors for this 64Bit decision, I fully support it now and look forward to the new features and performance gains. But I was still concerned about not being able to run it on 32Bit hardware...
Quote from Terry Myerson (Exchange Team): "We will release a 32-bit version of E12 for feature evaluation, training, and demonstrations—but we are not planning to support this release in production"
I'm pretty sure this means it will be available post-beta. This is good news!!! |
|||
|
|
+sprinkled+with+SMS+and+AD+stuff...+-+Windows+Live&referrer=){kind=small}
