Client Access

Exchange 2013 script – automatic installation of prerequisites

Exchange 2013 script – automatic installation of prerequisites

I’ve updated a script that was intended for installing prerequisites for Exchange 2010 that were released by a couple of peoples (Anderson Patricio, Pat Richard and Bhargav Shukla). This script have now been updated and applies to Exchange 2013.

It will help you with installing all prerequisites (features) plus the FilterPack(s) and the Unified Communications Managed API. It also provides the option to disable the UAC (User Access Control) and the Windows Firewall.

You can download the script here
Feel free to use it as much as you want, I just want to mention I do not provide support for it and there are no warranty.

The script/code can be viewed below:

#############################################################################
 # Install-Exchange2013PreReqs.ps1
 # Configures the necessary prerequisites to install Exchange 2013 on a
 # Windows Server 2008 R2 server or Windows Server 2012 server
 #
 # Updated by: Jonas Andersson
 # Original written by: Pat Richard, Anderson Patricio and Bhargav Shukla
 #
 # Some info taken from
 # http://www.ucblogs.net/blogs/exchange/archive/2009/12/12/Automated-prerequisite-installation-via-PowerShell-for-Exchange-Server-2010-on-Windows-Server-2008-R2.aspx">http://www.ucblogs.net/blogs/exchange/archive/2009/12/12/Automated-prerequisite-installation-via-PowerShell-for-Exchange-Server-2010-on-Windows-Server-2008-R2.aspx
 # http://msmvps.com/blogs/andersonpatricio/archive/2009/11/13/installing-exchange-server-2010-pre-requisites-on-windows-server-2008-r2.aspx">http://msmvps.com/blogs/andersonpatricio/archive/2009/11/13/installing-exchange-server-2010-pre-requisites-on-windows-server-2008-r2.aspx
 # http://www.bhargavs.com/index.php/powershell/2009/11/script-to-install-exchange-2010-pre-requisites-for-windows-server-2008-r2/">http://www.bhargavs.com/index.php/powershell/2009/11/script-to-install-exchange-2010-pre-requisites-for-windows-server-2008-r2/
 #############################################################################

# Detect correct OS here and exit if no match
 if (-not((Get-WMIObject win32_OperatingSystem).OSArchitecture -eq '64-bit') -and (((Get-WMIObject win32_OperatingSystem).Version -eq "6.1.7601") -or (Get-WMIObject win32_OperatingSystem).Version -eq "6.2.9200")){
 Write-Host "This script requires a 64bit version of Windows Server 2008 R2 or Windows Server 2012, which this is not." -ForegroundColor Red -BackgroundColor Black
 Exit
 }

Function Disable-UAC(){

$path = "HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\System"
 $a = Get-ItemProperty $path -Name EnableLUA

if ($a | Select-String "0")
 {
 Write-Host "UAC is already disabled" -ForegroundColor Green
 return
 }

if ($a | Select-String "1")
 {
 Write-Host "Enabled" -ForegroundColor Red
 Set-ItemProperty "HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\System" -Name "EnableLUA" -Value 0
 Write-host "Registry key HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA has been changed." -ForegroundColor yellow
 Write-Host "UAC is now disabled" -ForegroundColor Green
 }

}

Function Disable-FW(){

$status = netsh advfirewall show allprofiles state

if ($status | Select-String "ON")
 {
 $enabled = $true
 }
 else
 {
 $enabled = $false
 }

if ($enabled -eq $true) {

netsh advfirewall set allprofiles state off
 Write-Host "Firewall is now disabled" -ForegroundColor yellow
 return
 }

if ($enabled -eq $false) {
 Write-Host "Firewall is already disabled" -ForegroundColor Green
 }

}

Function InstallFilterPack(){

if (Get-ItemProperty "HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall\{95140000-2000-0409-1000-0000000FF1CE}" -ErrorAction SilentlyContinue) {

Write-host "FilterPack is already installed." -ForegroundColor yellow
 return
 }

else
 {

trap {
 Write-Host "Problem downloading FilterPackx64.exe. Please visit: <a href="http://www.microsoft.com/en-us/download/details.aspx?id=26604">http://www.microsoft.com/en-us/download/details.aspx?id=26604</a> and <a href="http://www.microsoft.com/en-us/download/details.aspx?id=17062&quot;">http://www.microsoft.com/en-us/download/details.aspx?id=17062"</a>

break
 }

#set a var for the folder you are looking for
 $folderPath = 'C:\Temp'

#Check if folder exists, if not, create it
 if (Test-Path $folderpath){
 Write-Host "The folder $folderPath exists."
 } else{
 Write-Host "The folder $folderPath does not exist, creating..." -NoNewline
 New-Item $folderpath -type directory | Out-Null
 Write-Host "done!" -ForegroundColor Green
 }

# Check if file exists, if not, download it
 $file1 = $folderPath+"\FilterPack64bit.exe"
 $file2 = $folderPath+"\filterpack2010sp1-kb2460041-x64-fullfile-en-us.exe"

if (Test-Path $file1){
 write-host "The file $file1 exists."
 } else {
 #Download Microsoft Filter Pack
 Write-Host "Downloading Microsoft Filter Pack..." -nonewline
 $clnt = New-Object System.Net.WebClient
 $url = "<a href="http://download.microsoft.com/download/0/A/2/0A28BBFA-CBFA-4C03-A739-30CCA5E21659/FilterPack64bit.exe&quot;">http://download.microsoft.com/download/0/A/2/0A28BBFA-CBFA-4C03-A739-30CCA5E21659/FilterPack64bit.exe"</a>
 $clnt.DownloadFile($url,$file1)
 Write-Host "done!" -ForegroundColor Green
 }

if (Test-Path $file2){
 write-host "The file $file2 exists."
 } else {
 #Download Microsoft Filter Pack SP1
 Write-Host "Downloading Microsoft Filter Pack SP1..." -nonewline
 $clnt = New-Object System.Net.WebClient
 $url = "<a href="http://download.microsoft.com/download/A/A/3/AA345161-18B8-45AE-8DC8-DA6387264CB9/filterpack2010sp1-kb2460041-x64-fullfile-en-us.exe&quot;">http://download.microsoft.com/download/A/A/3/AA345161-18B8-45AE-8DC8-DA6387264CB9/filterpack2010sp1-kb2460041-x64-fullfile-en-us.exe"</a>
 $clnt.DownloadFile($url,$file2)
 Write-Host "done!" -ForegroundColor Green
 }

#Install Microsoft Filter Packs
 Write-Host "Installing Microsoft Filter Packs..."

$args = "/quiet /norestart"
 $setup1 = (Start-Process $file1 -ArgumentList $args -Wait -PassThru).ExitCode
 if ($setup1 -eq 0) { write-host "Successfully installed $file1" -ForegroundColor Green }
 if ($setup1 -ne 0) { write-host "Failed!" -ForegroundColor Red }

$setup2 = (Start-Process $file2 -ArgumentList $args -Wait -PassThru).ExitCode
 if ($setup2 -eq 0) { write-host "Successfully installed $file2" -ForegroundColor Green }
 if ($setup2 -ne 0) { write-host "Failed!" -ForegroundColor Red }

}
 }

Function InstallUMAPI(){

#Change reg key below!
 if (Get-ItemProperty "HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall\UCMA4" -ErrorAction SilentlyContinue) {

Write-host "Unified Communications Managed API 4.0 Runtime is already installed." -ForegroundColor yellow
 return
 }

else
 {

trap {
 Write-Host "Problem downloading UM API. Please visit: <a href="http://www.microsoft.com/en-us/download/details.aspx?id=34992&quot;">http://www.microsoft.com/en-us/download/details.aspx?id=34992"</a>

break
 }
 #set a var for the folder you are looking for
 $folderPath = 'C:\Temp'

#Check if folder exists, if not, create it
 if (Test-Path $folderpath){
 Write-Host "The folder $folderPath exists."
 } else{
 Write-Host "The folder $folderPath does not exist, creating..." -NoNewline
 New-Item $folderpath -type directory | Out-Null
 Write-Host "done!" -ForegroundColor Green
 }

# Check if file exists, if not, download it
 $file = $folderPath+"\UcmaRuntimeSetup.exe"
 if (Test-Path $file){
 write-host "The file $file exists."
 } else {

#Download Microsoft UM API
 Write-Host "Downloading Microsoft UM API..." -nonewline
 $clnt = New-Object System.Net.WebClient
 $url = "<a href="http://download.microsoft.com/download/2/C/4/2C47A5C1-A1F3-4843-B9FE-84C0032C61EC/UcmaRuntimeSetup.exe&quot;">http://download.microsoft.com/download/2/C/4/2C47A5C1-A1F3-4843-B9FE-84C0032C61EC/UcmaRuntimeSetup.exe"</a>
 $clnt.DownloadFile($url,$file)
 Write-Host "done!" -ForegroundColor Green
 }

#Check/Install Media Foundation feature
 $mf = Get-WindowsFeature "Server-Media-Foundation" | select *

Start-Sleep 2

if ($mf.Installed -eq $False)
 {
 Write-Host "Installing Media Foundation feature..."    -ForegroundColor Green
 Add-Windowsfeature Server-Media-Foundation

Write-Host ""
 Write-Host "Installing of Media Foundation feature completed." -ForegroundColor Green
 Write-Host ""
 Write-Host "Restart the server and restart the task" -ForegroundColor Red
 Write-Host "or else the UM API won't be installed" -ForegroundColor Red
 Write-Host ""

return

}

if ($mf.Installed -eq $True)
 {
 #Install Microsoft UM API
 Write-Host "Installing Microsoft UM API..." -ForegroundColor Green

$args = "/quiet /norestart"
 $setup = (Start-Process $file -ArgumentList $args -Wait -PassThru).ExitCode
 if ($setup -eq 0) { write-host "Successfully installed $file" -ForegroundColor Green }
 if ($setup -ne 0) { write-host "Failed!" -ForegroundColor Red }

}
 }

}

Import-Module ServerManager
 $opt = "None"
 # Do {
 clear
 if ($opt -ne "None") {write-host "Last command: "$opt -foregroundcolor Yellow}
 write-host
 write-host Exchange Server 2013 - Prerequisites script
 write-host Please, select which role you are going to install..
 write-host
 write-host '1) Client Access Server'
 write-host '2) Mailbox'
 write-host '3) Typical (CAS/Mailbox)'
 write-host
 write-host '10) Install Microsoft Filter Pack 2.0'
 write-host '    Required if installing Mailbox Server roles' -foregroundcolor yellow
 write-host '    Automatically set for options 2 and 3' -foregroundcolor yellow
 write-host '11) Install Microsoft UM API'
 write-host '    Required if installing Mailbox Server roles' -foregroundcolor yellow
 Write-Host '12) Disable UAC'
 Write-Host '13) Disable Firewall'
 write-host
 write-host '15) Restart the Server'
 write-host '16) End'
 write-host
 $opt = Read-Host "Select an option.. [1-14]? "

switch ($opt)    {
 1 {

# Windows Server 2008 R2 SP1
 if ((Get-WMIObject win32_OperatingSystem).Version -eq "6.1.7601") {

Import-Module ServerManager
 Add-WindowsFeature "Desktop-Experience", "NET-Framework", "NET-HTTP-Activation", "RPC-over-HTTP-proxy", "RSAT-Clustering", "RSAT-Web-Server", "WAS-Process-Model", "Web-Asp-Net", "Web-Basic-Auth", "Web-Client-Auth", "Web-Digest-Auth", "Web-Dir-Browsing", "Web-Dyn-Compression", "Web-Http-Errors", "Web-Http-Logging", "Web-Http-Redirect", "Web-Http-Tracing", "Web-ISAPI-Ext", "Web-ISAPI-Filter", "Web-Lgcy-Mgmt-Console", "Web-Metabase", "Web-Mgmt-Console", "Web-Mgmt-Service", "Web-Net-Ext", "Web-Request-Monitor", "Web-Server", "Web-Stat-Compression", "Web-Static-Content", "Web-Windows-Auth", "Web-WMI" -restart

}

# Windows Server 2012
 if ((Get-WMIObject win32_OperatingSystem).Version -eq "6.2.9200") {

Install-WindowsFeature "AS-HTTP-Activation", "Desktop-Experience", "NET-Framework-45-Features", "RPC-over-HTTP-proxy", "RSAT-Clustering", "RSAT-Clustering-CmdInterface", "RSAT-Clustering-Mgmt", "RSAT-Clustering-PowerShell", "Web-Mgmt-Console", "WAS-Process-Model", "Web-Asp-Net45", "Web-Basic-Auth", "Web-Client-Auth", "Web-Digest-Auth", "Web-Dir-Browsing", "Web-Dyn-Compression", "Web-Http-Errors", "Web-Http-Logging", "Web-Http-Redirect", "Web-Http-Tracing", "Web-ISAPI-Ext", "Web-ISAPI-Filter", "Web-Lgcy-Mgmt-Console", "Web-Metabase", "Web-Mgmt-Console", "Web-Mgmt-Service", "Web-Net-Ext45", "Web-Request-Monitor", "Web-Server", "Web-Stat-Compression", "Web-Static-Content", "Web-Windows-Auth", "Web-WMI", "Windows-Identity-Foundation" -restart

}

}

2 {

# Windows Server 2008 R2 SP1
 if ((Get-WMIObject win32_OperatingSystem).Version -eq "6.1.7601") {

Import-Module ServerManager
 InstallFilterPack
 Add-WindowsFeature "Desktop-Experience", "NET-Framework", "NET-HTTP-Activation", "RPC-over-HTTP-proxy", "RSAT-Clustering", "RSAT-Web-Server", "WAS-Process-Model", "Web-Asp-Net", "Web-Basic-Auth", "Web-Client-Auth", "Web-Digest-Auth", "Web-Dir-Browsing", "Web-Dyn-Compression", "Web-Http-Errors", "Web-Http-Logging", "Web-Http-Redirect", "Web-Http-Tracing", "Web-ISAPI-Ext", "Web-ISAPI-Filter", "Web-Lgcy-Mgmt-Console", "Web-Metabase", "Web-Mgmt-Console", "Web-Mgmt-Service", "Web-Net-Ext", "Web-Request-Monitor", "Web-Server", "Web-Stat-Compression", "Web-Static-Content", "Web-Windows-Auth", "Web-WMI" -restart

}

# Windows Server 2012
 if ((Get-WMIObject win32_OperatingSystem).Version -eq "6.2.9200") {

InstallFilterPack
 Install-WindowsFeature "AS-HTTP-Activation", "Desktop-Experience", "NET-Framework-45-Features", "RPC-over-HTTP-proxy", "RSAT-Clustering", "RSAT-Clustering-CmdInterface", "RSAT-Clustering-Mgmt", "RSAT-Clustering-PowerShell", "Web-Mgmt-Console", "WAS-Process-Model", "Web-Asp-Net45", "Web-Basic-Auth", "Web-Client-Auth", "Web-Digest-Auth", "Web-Dir-Browsing", "Web-Dyn-Compression", "Web-Http-Errors", "Web-Http-Logging", "Web-Http-Redirect", "Web-Http-Tracing", "Web-ISAPI-Ext", "Web-ISAPI-Filter", "Web-Lgcy-Mgmt-Console", "Web-Metabase", "Web-Mgmt-Console", "Web-Mgmt-Service", "Web-Net-Ext45", "Web-Request-Monitor", "Web-Server", "Web-Stat-Compression", "Web-Static-Content", "Web-Windows-Auth", "Web-WMI", "Windows-Identity-Foundation" -restart

}

}

3 {

if ((Get-WMIObject win32_OperatingSystem).Version -eq "6.1.7601") {

Import-Module ServerManager
 InstallFilterPack
 Add-WindowsFeature "Desktop-Experience", "NET-Framework", "NET-HTTP-Activation", "RPC-over-HTTP-proxy", "RSAT-Clustering", "RSAT-Web-Server", "WAS-Process-Model", "Web-Asp-Net", "Web-Basic-Auth", "Web-Client-Auth", "Web-Digest-Auth", "Web-Dir-Browsing", "Web-Dyn-Compression", "Web-Http-Errors", "Web-Http-Logging", "Web-Http-Redirect", "Web-Http-Tracing", "Web-ISAPI-Ext", "Web-ISAPI-Filter", "Web-Lgcy-Mgmt-Console", "Web-Metabase", "Web-Mgmt-Console", "Web-Mgmt-Service", "Web-Net-Ext", "Web-Request-Monitor", "Web-Server", "Web-Stat-Compression", "Web-Static-Content", "Web-Windows-Auth", "Web-WMI" -restart

}

# Windows Server 2012
 if ((Get-WMIObject win32_OperatingSystem).Version -eq "6.2.9200") {

InstallFilterPack
 Install-WindowsFeature "AS-HTTP-Activation", "Desktop-Experience", "NET-Framework-45-Features", "RPC-over-HTTP-proxy", "RSAT-Clustering", "RSAT-Clustering-CmdInterface", "RSAT-Clustering-Mgmt", "RSAT-Clustering-PowerShell", "Web-Mgmt-Console", "WAS-Process-Model", "Web-Asp-Net45", "Web-Basic-Auth", "Web-Client-Auth", "Web-Digest-Auth", "Web-Dir-Browsing", "Web-Dyn-Compression", "Web-Http-Errors", "Web-Http-Logging", "Web-Http-Redirect", "Web-Http-Tracing", "Web-ISAPI-Ext", "Web-ISAPI-Filter", "Web-Lgcy-Mgmt-Console", "Web-Metabase", "Web-Mgmt-Console", "Web-Mgmt-Service", "Web-Net-Ext45", "Web-Request-Monitor", "Web-Server", "Web-Stat-Compression", "Web-Static-Content", "Web-Windows-Auth", "Web-WMI", "Windows-Identity-Foundation" -restart

}

}
 10 {
 # future - auto detect Internet access
 write-host 'Can this server access the Internet?'
 $filtpack = read-host 'Please type (Y)es or (N)o...'
 switch ($filtpack)                {
 Y { InstallFilterPack }
 N {Write-warning 'Please download and install Microsoft Filter Pack from here: <a href="http://www.microsoft.com/en-us/download/details.aspx?id=26604">http://www.microsoft.com/en-us/download/details.aspx?id=26604</a> and <a href="http://www.microsoft.com/en-us/download/details.aspx?id=17062'}">http://www.microsoft.com/en-us/download/details.aspx?id=17062'}</a>
 }
 }
 11 {
 # future - auto detect Internet access
 write-host 'Can this server access the Internet?'
 $umapi = read-host 'Please type (Y)es or (N)o...'
 switch ($umapi)                {
 Y { InstallUMAPI }
 N {Write-warning 'Please download and install Microsoft UM API from here: <a href="http://www.microsoft.com/en-us/download/details.aspx?id=34992'}">http://www.microsoft.com/en-us/download/details.aspx?id=34992'}</a>
 }
 }
 12 { Disable-UAC }
 13 { Disable-FW }
 15 { Restart-Computer }
 16 {
 Write-Host "Exiting..."
 Exit
 }
 default {write-host "You haven't selected any of the available options. "}
 }
Complete guide on configuring KEMP VLM load balancer for Exchange 2013

Complete guide on configuring KEMP VLM load balancer for Exchange 2013

Introduction

Published: 2012-11-02
Updated: 2013-04-24
Version: 1.1

Update:
Made some updates regarding the health check for the OWA and Outlook Anywhere service.

Since Exchange Server 2013 reached RTM the 11th of October, and finally it was published to MSDN the 24th of October. This post is based on the RTM version of Exchange 2013.

I decided to write a post that included both the KEMP configuration together with the Exchange 2013 configuration. I’ve also seen that Jaap Wesselius have posted an article regarding this topic already, it’s my hope that I can fill the gap regarding the complete configuration of both Exchange and the load balancer.

For illustrating my lab environment, see the picture below.

On the left side is the “client” which tries to connect, in the middle is the load balancers and to the right are my two Exchange 2013 servers.

Drawing1

I did decide to have one namespace per service for having a better flexibility, however this is NOT required. But the advantage for having it like this is that the load balancer can check the health of each component. If one component is not working, it’s just disabling that service from the corresponding server, and not the whole server.
But an disadvantage is a increased cost for the certificate and the load balancer get’s a bit more complex.

I’m using the Virtual LoadMaster which resides in different versions (in the end of my post I will provide some links regarding versions etc).

Initial configuration

My configuration is a two-leg load balancer, where the first leg is placed into the client network segment and the other leg (NIC) is placed into my server segment.

The initial configuration is done by providing a license key.

image

Go to System Configuration –> Interfaces –> eth0 for configuring the IP address of the first network card.

image

System Configuration –> Local DNS Configuration –> Hostname configuration for giving the VLM a hostname.

image

System Configuration –> Local DNS Configuration –> DNS configuration for configuring the VLM with a domain and DNS server.

image

System Configuration –> Route Management –> Default Gateway for configuring the VLM with a default gateway.

image

Often it’s required to have the VLM understand other networks and can route traffic to them, for configuring additional route go to System Configuration –> Route Management –> Additional Routes.

image

Don’t forget to configure the date and time on the VLM, go to System Configuration –> System Administration –> Date/Time. I’ve configured to use “ntp.lth.se” as my NTP server, it’s recommended to use the NTP option.

image

When the configuration is done, a good tip is to take a backup of it, go to System Configuration –> System Administration –> Backup/Restore.

image

High Availability configuration

Kemp is providing a high availability cluster of two load balancing nodes, where one is active and one is passive (standby). I’ve been playing around with it and it works really good. The passive kicks in right away when the active one is broken or restarted/shutdown.

During a restart of the active node the passive becomes the active node.

In general, they share a cluster IP/name where the configuration is done and on each LB node the local settings can be done such as configuring date/time, IP addresses etc.

Start with the first node, for configuring this go to System Configuration –> Miscellaneous Options –> HA Parameters. Set it to “HA Mode: HA (First) Mode”.

image

Go to System Configuration –> Interfaces –> eth0. Give the load balancer cluster a IP address and also provide the IP address for the second node. Don’t forget to press the “Set Shared address” and “Set Partner address” buttons for saving the configuration. Then go back to System Configuration –> System Administration –> System Reboot. Restart the first node.

When the first node is back online, continue with the second node. Go to System Configuration –> Miscellaneous Options –> HA Parameters. Set it to “HA Mode: HA (Second) Mode”.

image

Example of my first node.

image

Example of my second node.

image

Creating and configuring load balancing services

I will create two examples for load balancing services, one for OWA and one for Outlook Anywhere.
Using these examples, you can easily creating services by yourself for the other ones.

OWA

Go to Virtual Services –> View/Modify Services –> Add New.

image

Type in the IP address for the service in the Virtual Address field, together with port, protocol and name.
Press “Add this Virtual Service”.

image

Make sure that “Force L7” is checked, but the “L7 Transparency” is unchecked.
Since Exchange 2013 doesn’t require persistence anymore, make sure that the option is set to “None”.
For the load method/Scheduling method, I’m using Round-Robin which is pretty much spreading the load on all servers.

image

Update:
Under “Real Servers”, let’s configure the health checks. Make sure it’s set to use HTTPS protocol. This together with Checked Port: “443” and URL: “/owa/healthcheck.htm”. Don’t forget to press the “Set URL” button for saving the settings. Check the option “Use HTTP/1.1” and select GET as the HTTP Method.

image

Let’s press the “Add New…” button under “Real Servers”. Add your Exchange 2013 Client Access servers. When all servers are added, press the Back button. (I’m using multirole servers, so all of them are added)

image

When everything is setup it should look like the figure below.

image

When you’re satisfied with the configuration, press the Back button. The services should then show up as green if the protocols are available.

image

Outlook Anywhere

Go to Virtual Services –> View/Modify Services –> Add New.

image

Type in the IP address for the service in the Virtual Address field, together with port, protocol and name.
Press “Add this Virtual Service”.

image

Make sure that “Force L7” is checked, while the “L7 Transparency” is unchecked.
Since Exchange 2013 doesn’t require persistence anymore, make sure that the option is set to “None”.
For the load method/Scheduling method, I’m using “Round-Robin” which is spreading the load to the servers.

image

Update:
Under “Real Servers”, let’s configure the health checks. Make sure it’s set to use HTTPS protocol. This together with Port: 443 and URL: “/rpc/healthcheck.htm”. Don’t forget to press the “Set URL” button for saving the settings. Also check the option “Use HTTP/1.1” and select GET as the HTTP Method.

image

Let’s press the “Add New…” button under “Real Servers”. Add your Exchange 2013 Client Access servers. When all servers are added, press the Back button.

image

Everything is now setup for load balancing the Outlook Anywhere function.

image

In the services console, it should look like below if the health is successfully verified.

image

Note: In my lab environment I’ve decided to not use L7 transparency since I don’t have any use for it. It is used when the Client Source IP address needs to show up at the CAS Servers. This can sometimes be important when using SMTP filters. So for proper load balancing, the traffic needs to flow through the load balancer, both back and forth. Therefore you need to change the Default Gateway settings of your servers, when you are activating the L7 Transparency.

Final tests

Let’s start with testing the load balancing functions so that Outlook is able to connect and that the connections are spread throughout the servers.

Here’s my final configuration, for clarifying that I’m using five different VIP’s, one for each service.

image

The figure below shows that Outlook 2013 profile is getting connected, I was using the autodiscover feature for configuring the Outlook profile. Both the InternalHostname and the ExternalHostname is configured to: outlook.testlabs.se in my scenario, on both my servers. For authentication I’m using NTLM.

image

Since Outlook 2013 was worked fine, it’s up to OWA to show up.
I reached the form-based authentication page and put in my credentials and finally got to the Inbox.
Did this a couple of times, together with login into the Admin Center for getting some more sessions in the load balancer.
This for checking so that the VLM spreads the load between the servers in a good way.

image

image

Below are two figures that shows how the sessions are spread between the servers.
To me this looks really good!
The first figure shows the servers and how the sessions are spread between them.
The second figure does show the services instead of the servers, this together with the total amount of connections last minute and up to the last hour.

These two figures together shows how the load is spread, since this is just a lab environment I don’t have an large amount of connections. It would be really interesting to see in a large enterprise environment how the load is spread between the servers.

image

image

Helpful links

General documentation
http://www.kemptechnologies.com/documentation

Sizing tool for load balancer (Exchange 2010)
http://www.kemptechnologies.com/emea/loadmaster-sizing-for-ms-exchange-2010.html

Deployment guide
http://www.kemptechnologies.com/fileadmin/content/pdf/KEMP_Exchange_2010_Deployment_Guide_5_1_v1.6.pdf

Compare Load Balancer models
http://www.kemptechnologies.com/emea/products/server-load-balancing-internet-router-load-balancer.html

Exchange Load Balancers
http://www.kemptechnologies.com/emea/loadbalancingresource/ms-exchange-2010.html

Virtual Load Balancers
http://www.kemptechnologies.com/emea/products/virtual-load-balancers/vlm-overview.html

Multi-Site Load Balancers
http://www.kemptechnologies.com/emea/products/multi-site-load-balancers/overview.html

Thanks for reading!
I hope that this was informative and interesting to read, please feel free to provide feedback

Regards,
Jonas Andersson

Exchange Server 2013 Preview – Part 3: How to configure site URL’s, Databases and Outlook Anywhere

Exchange Server 2013 Preview – Part 3: How to configure site URL’s, Databases and Outlook Anywhere

I suppose you already have, but if you haven’t read my previous parts in this Exchange 2013 serie, have a look at the links below.

Part 1: Complete guide of how to perform the installation
Part 2: How to do the Basic configuration

This part will include details on how the configuration could be made for Site URL’s/Virtual Directories, Databases, Outlook Anywhere and MAPI vs RPC over HTTPs together with connecting using Outlook 2013.

In the previous part we did install the certificate which included the following names, so we can use these names in the site configuration. (If using HTTPS, the configured name needs to be included into the certificate.)

  • mail.testlabs.se
  • autodiscover.testlabs.se
  • tlcas01
  • tlcas01.testlabs.se
Sites / URL’s

Let’s go through the steps for configuring the sites with the ExternalURL and other settings.
I’ll go through both the EAC and the PowerShell, so you have the opportunity to select which method you prefer.

Let’s start..

In EAC: Go to Servers, select Virtual Directories.

image

Select the server in the menu and which type you want to show. Then press Edit.

image

Let’s start with Autodiscover.

image

By default, Integrated Windows Authentication and Basic authentication is enabled. Press Save.

image

Next, select Exchange ActiveSync (EAS). Press Edit.

image

General settings shows the URL’s, I did type in the ExternalURL like the pic below. Press Authentication.

image

Make sure that Basic authentication is enabled. Press Save.

image

Next, select ECP. Press Edit.

image

General settings shows the URL’s, I did type in the ExternalURL like the pic below. Press Authentication.

image

Authentication default settings is “Use forms-based authentication” enabled. Press Save.

image

A warning, make sure to change all virtual directions. Press OK.

image

Next, select EWS. Press Edit.

image

General settings shows the URL’s, I did type in the ExternalURL like the pic below. Press Authentication.

image

Authentication settings, Integrated Windows authentication is enabled by default. Press Save.

image

Next, select OAB. Press Edit.

image

I did type in the ExternalURL in this setting, the InternalURL was already configured. I did also change the Polling interval from 480 minutes to 60. For having a faster update of the OAB. Press Save.

image

Next, select OWA. Press Edit.

image

General settings shows the URL’s, I did type in the ExternalURL like the pic below. Press Authentication.

image

Forms-based authentication is selected, I did select the Logon format: User name only and did select my domain by the browsing button. Press Features.

image

Showing the default settings. Press File Access.

image

Showing the default settings. Press Save.

image

Next, select PowerShell. Press Edit.

image

General settings shows the URL’s, I did type in the ExternalURL like the pic below. Press Authentication.

image

Both Integrated Windows authentication and Basic authentication was selected by default. Press Save.

image

Using PowerShell

Start the Exchange Management Shell (EMS) and the following commands will do the same work that’s done in EAC.

Autodiscover:
Get-ClientAccessServer | fl *uri*
Set-ClientAccessServer –Identity TLCAS01 –AutoDiscoverServiceInternalUri https://autodiscover.testlabs.se/Autodiscover/autodiscover.xml

image

Exchange ActiveSync (EAS):
Get-ActiveSyncVirtualDirectory | fl *url*, ide*
Set-ActiveSyncVirtualDirectory –Identity “TLCAS01\Microsoft-Server-ActiveSync (Default Web Site)” –ExternalUrl https://mail.testlabs.se/Microsoft-Server-ActiveSync
image

Exchange Control Panel (ECP):
Get-EcpVirtualDirectory | fl *url*, ide*
Set-EcpVirtualDirectory –Identity “TLCAS01\ecp (Default Web Site)” –ExternalUrl https://mail.testlabs.se/ecp

image

Exchange Web Services (EWS):
Get-WebServicesVirtualDirectory | fl *url*, ide*
Set-WebServicesVirtualDirectory –Identity “TLCAS01\EWS (Default Web Site)” –ExternalUrl https://mail.testlabs.se/EWS/Exchange.asmx

image

Offline Address Book (OAB):
Get-OabVirtualDirectory | fl *url*, ide*,pol*
Set-OabVirtualDirectory –Identity “TLCAS01\OAB (Default Web Site)” –ExternalUrl https://mail.testlabs.se/OAB –PollInterval 60

image

Outlook Web App (OWA):
Get-OwaVirtualDirectory | fl *url*, ide*
Set-OwaVirtualDirectory –Identity “TLCAS01\OWA (Default Web Site)” –ExternalUrl https://mail.testlabs.se/OWA

image

PowerShell:
Get-PowerShellVirtualDirectory | fl *url*, ide*
Set-PowerShellVirtualDirectory –Identity “TLCAS01\PowerShell (Default Web Site)” –ExternalUrl https://mail.testlabs.se/powershell

image

Databases

Let’s go through the steps that’s required for renaming the default database, dismount and mount. Also creating new databases. Let’s start with the EAC and then do it in PowerShell.

Let’s start..

In EAC: Go to Servers, select Databases.

Select the default database, named “Mailbox Database 0883045..”. Press Edit.

image

General settings is shown. Press Cancel.

image

Select the database, Dismount it by pressing the … icon and press Dismount database.

image

It does show a warning, that mailboxes being on this database now will be unavailable. Press Yes.

image

Select the database. Press Edit.

image

Give the database a friendly name, example: DB01. Press Maintenance.

image

Maintenance settings is shown. Press Limits.

image

Mailbox limits are shown, these are the default values. Press Client Settings.

image

By default, no Offline address book was selected. Press Browse and make sure to select the address book. Press Save.

image

What about if you want to create a new database?

Let’s start in EAC

Press the Add button (+).

image

Give the database a friendly name, example: DB02. Browse for a mailbox server. And also put in the database path and log path. Press Save.

image

During the creating of the database, there is not option for associate the database with the offline address book. When the database is created, press Edit. Then go to Client Settings and select the Offline address book.

image

Using PowerShell

Start the Exchange Management Shell (EMS) and the following commands will do the same work that’s done in EAC.

Retrieve database information
Get-MailboxDatabase
Get-MailboxDatabase | fl name,*path*

Dismount Database
Dismount-Database –Identity DB01

After the default database is renamed to DB01, I want to move the database file and the logs to another drive. It’s done by the commands below:

Move-DatbasePath –identity DB01 –EdbFilePath “E:\Database\DB01\DB01.edb” –LogFolderPath “F:\Logs\DB01”

Mount-Database DB01

image

Get-OfflineAddressBook

For creating a new database (DB02), we have the opportunity in PowerShell to specify all parameters that’s needed for having all options configured.

New-MailboxDatabase -Name DB02 -EdbFilePath “E:\Database\DB02\DB02.edb” -LogFolderPath “F:\Logs
\DB02” -OfflineAddressBook “\Default Offline Address Book” -Server TLMB01

Mount-Database DB02

image

Note that the OfflineAddressBook is specified during the creation of the database.

Outlook Anywhere

Configuration of the feature Outlook Anywhere can also be done from both the EAC and EMS, in various ways.

Let’s start with the EAC:

Go to the servers menu, and select Servers. Press Edit.

image

Then go to the “Outlook Anywhere” option, type in the external name, example: mail.testlabs.se.
I’m using Basic authentication for Outlook Anywhere. Press Save.

image

And the Configuration is completed.

Using PowerShell

Start the Exchange Management Shell (EMS) and the following commands will do the same work that’s done in EAC.

Enable Outlook Anywhere:
Enable-OutlookAnywhere –Server TLCAS01 –ExternalHostname mail.testlabs.se –InternalHostname tlcas01.testlabs.se –ExternalClientAuthenticationMethod Basic –InternalClientAuthenticationMethod Ntlm –IISAuthentication Ntlm –SSLOffloading:$false

Get-OutlookAnywhere –Server TLCAS01

image

MAPI and RPC

The MAPI/RPC (RPC over TCP) traffic is now gone and  replaced with RPC over HTTP/s instead. With that said no more load balancing of static RPC ports, as far as I know this will make both the Firewall team and the Load Balancer teams work easier, less ports is used together with the requirement of load balancing affinity/sticky session settings is not required anymore. This because of there is no need anymore to have the affinity settings, it can now be load balanced based on IP addresses. Just make sure that the load balancer verifies the Exchange services before sending traffic to it.

Outlook instead will use port 443 (HTTPS) or port 80 (HTTP). I think (and hope) most of you will use RPC over HTTPS, with this said I’ll show you the new Outlook 2013 Preview/beta and how it connects and also the traffic it’s using.

Outlook 2013 Preview, connects to my mailbox in Exchange 2013. It’s using HTTPS to initiate the connection, using port 6001 by default for it’s connection, using RPC over HTTPS.

image

A small picture from Network Monitor when the connection initiated by Outlook 2013.

image

More information around What’s new in Exchange 2013 can be found here.

Next parts will cover Public Folders, Client Access Server Array, Database Availability Groups and more.
Next part can be found here.

Thanks for reading, I hope it helped you guys/girls out there.
If you want me to cover anything special around Exchange 2013, leave a comment.

Exchange Server 2013 Preview – Part 2: How to do the Basic configuration

Exchange Server 2013 Preview – Part 2: How to do the Basic configuration

If you haven’t read it already, I did post a complete guide for installing Exchange 2013, it can be found here. That was part 1, now it’s time for part 2. Which of course is the configuration of the server setup.

We have lots of changes between how you configured Exchange 2007/2010 and 2013.
First thing is that Exchange Management Console is gone and replaced by a refreshed ECP called Exchange Admin Center (EAC), built on Silverlight (I suppose). The “old” Exchange Management Shell (EMS) is still there, so I suppose lots of us geeks will use more PowerShell in the near future.

The fact that EMC is replaced will make the administration easier and more portable, but I still like the EMC better. I will like the EAC better after used it for a while. This portable administration together with Remote PowerShell will be awesome.

I will use both methods for the configuration steps, both EAC and PowerShell.

The easiest way to find the URL path to the EAC is to start the Exchange Management Shell and run the command below:

Get-EcpVirtualDirectory | fl *url*

The picture below is my output from my lab environment

image

So let’s get things started..

Start up an Internet browser and go to the URL output from the command above

image

Mail Flow

Let’s get the mail flow configured first so we can receive mails from external senders.

In EAC: on the left side (menu) press “Mail Flow”.

image

Accepted Domains

Ensure sure that your domains that should be used for SMTP is listed in here for making Exchange able to receive mails for these domains. More info about Accepted Domains can be found here.

In EAC: After selecting “Mail Flow” to the left, press “Accepted Domains” at the top menu in the middle.

image

If your domain is not listed and you need to add it, press the plus mark and fill in the information, like my example below.

image

image

Using PowerShell: Since I’m a geek I like to use PowerShell because it gives you the advantage of see what happens, have the full control and easily build scripts.

For listing and adding a domain like above in PowerShell you should write:

Get-AcceptedDomain
New-AcceptedDomain –Name testlabs.com –DomainName testlabs.com –DomainType Authoritative

image

Email Address Policies

These policies are used to stamp each user mailbox object with an email address/SMTP address.
These policies does not remove any addresses used previously, it just adds new addresses to mail objects.

In EAC: By default after the installation we only have one policy, called Default Policy.

I want to edit this one, by selecting the “Default Policy” and pressing the “pen” icon.

image

The Default Policy is showing up, in the left menu, press “Email Address Format”.

image

Since I live in Sweden and we have some special characters that I want to get rid of, I’m using the custom policy, Address type: SMTP and the Email address parameters:

%råa%räa%röo%g.%råa%räa%röo%s@testlabs.se

%r means it replaces the character after, in this case åäö. Which it replaces with aao.

When you have done the change press the “Save” button at the bottom of the page.

image

Check so that the change is correct, then press the “Save” button.

image

After the changes have been saved, it needs to be applied. This is done by pressing the “Apply” text/button down in the right menu.

image

image

Using PowerShell: Let’s start with listing the Policy and the settings in it. As a final step let’s do the same configuration to the “Default Policy” that we did using EAC.

If you want to create more than just alias@domain.com to your policies, then this is done by comma separation. For setting the Primary SMTP address, use capital letters for SMTP, and for additional addresses use small letters for smtp. See the example below:

Get-EmailAddressPolicy

Get-EmailAddressPolicy | fl

Get-EmailAddressPolicy | Set-EmailAddressPolicy –EnabledEmailAddressTemplates “SMTP: %råa%räa%röo%g.%råa%räa%röo%s@testlabs.se”,”smtp: %m@testlabs.se”

Set-EmailAddressPolicy –identity “Default Policy” –EnabledEmailAddressTemplates “SMTP: %råa%räa%röo%g.%råa%räa%röo%s@testlabs.se”,”smtp: %m@testlabs.se”

Get-EmailAddressPolicy | Update-EmailAddressPolicy

It can easily be checked if the policy has been applied, it will show a True or False value. For checking the value run the command below:

Get-EmailAddressPolicy | fl *appl*

Note: Don’t forget to update the Policy, or else the new addresses won’t be pushed out to the recipients.

image

Receive Connectors

Since the HUB Transport server role now is gone and the HUB role is placed together with the CAS role, this is the server you should be looking at.

After the SMTP domains have been added into the Accepted Domain tab, some settings could be of value to have a look at before starting to use the servers.

A change has been made to the new version, the default connector now named “Default Frontend servername”. It now allows traffic from Anonymous users by default. I suppose this is due to that the Edge Transport Role also is removed.

In EAC: Go to the “Receive Connectors”, found under “Mail Flow”. Make sure to select your CAS server(s) and the “Default Frontend servername”. Then press the “pen” icon for Edit the selected connector.

image

The only thing I did change was the “Maximum receive message size” to 30 MB.
When you have done your changes for the connector, press the Save button.

image

Using PowerShell: Start the Exchange Management Shell, lets view the receive connectors and then make the changes like above.

Get-ReceiveConnector

Get-ReceiveConnector | fl

Set-ReceiveConnector –Identity “TLCAS01\Default Frontend TLCAS01” –MaxMessageSize 30MB

Note: The size can be configured between 64KB up to 2GB.

Verify that the settings was correctly set, using the command below
Get-ReceiveConnector | fl ide*,maxmes*

image


Send Connectors

When the HUB server role now is gone and after the default installation of Exchange we don’t have any send connectors. So… for being able to send out mails to external recipients, let’s create a Send Connector on the CAS server.

In EAC: Go to the “Send Connectors”, found under “Mail Flow”. Press the “plus” icon for Creating a new send connector.

image

Give the send connector a friendly name and select what type it should be. Since this one I’m creating now is for sending to external recipients I’m selecting “Internet”. (Seems like we have a typo, see picture below). Press Next.

image

Select how to route those mails, either by using MX records or through a smart host(s). If you have a mail gateway then you should select smart host and type in it’s IP address. My server is just sending them directly to Internet so I’m using the MX method. Then press Next.

image

Press the “plus” icon for adding the address space this connector should use. In my case it will be “*”. Then it takes care of all domains. Press Save.

image

Then Press Next for accepting the settings you’ve just made.

Next screen will show you which source servers that should be used. Let’s add these into the connector by pressing the “plus” icon and selecting the Mailbox servers.

image

Press Finish button so the connector get’s created.

Note: By default the connector has a maximum message size of 10MB. You can’t configure the maximum send message size when creating the connector, but this can be done by editing the created connector.

Using PowerShell: Start the Exchange Management Shell, lets view the send connectors and then make the changes like above.

Get-SendConnector

Get-SendConnector| fl

This creates a new send connector using the DNS/MX method
New-SendConnector –Name “Outbound” –AddressSpaces ‘*’ –SourceTransportServers TLMB01 –MaxMessageSize 30MB

This creates a new send connector using the smarthost method

New-SendConnector –Name “Outbound” –AddressSpaces ‘*’ –SourceTransportServers TLMB01 –MaxMessageSize 30MB –DNSRoutingEnabled:$false –SmartHosts “10.10.10.10”

This creates a new send connector using the smarthost method together with using the CAS server as a proxy server for sending the mails

New-SendConnector –Name “Outbound” –AddressSpaces ‘*’ –SourceTransportServers TLMB01 –MaxMessageSize 30MB –DNSRoutingEnabled:$false –SmartHosts “10.10.10.10” –FrontEndProxyEnabled:$True

Note: The size can be configured between 0 Bytes up to 2TB.

Verify that the settings was correctly set, using the command below
Get-SendConnector| fl ide*,maxmes*

image

Certificates

As most of you already know we need to request and import a certificate for Exchange. This for having a fully working OWA, ActiveSync etc. certificates needs to be configured so let’s get started.

In EAC: Go to the “Certificates”, found under “Servers”. Select the server and press the “plus” icon for Creating a new certificate request.

image

I’m using an Internal PKI solution, so in this case I want to “Create a request for a certificate from a certificate authority”. Press Next.

image

Type in a friendly name for the certificate. Press Next.

image

If you want to create the request for a wildcard certificate, this is the checkbox you should use.
I don’t want a wildcard certificate, so I just let it be unchecked. Press Next.

image

Press Browse and select which server you want to store it on. Press Next.

image

For each service you can here type in the address, and the request will generate the names in the end. When you’re done press Next.

image

Go through the names in the list and make sure that all names that’s needed are included. Press Next.

image

Fill in Organization name, Department, Country, City and State. Press Next.

image

In my example I did type in the path to a share on my domain controller, which also is my Internal CA. Press Finish.
Example: \\tldc01\certificates\certreq.req

image

When the request is completed, it shows up with the friendly name, together with the status “Pending request”. When the certificate is issued, press the “Complete” button below the status.

image

Type in the URL path to the .cer file, my file is saved on my DC. Press OK.
Example: \\tldc01\certificates\certnew.cer

image

It’s now time for assigning the services to the certificates. This is done by selecting the certificate and press the Edit button.

image

Go to “Services” and add the one’s that should be used. Press Save.

image

Press OK.

image

Check so that the services is assigned to the certificate.

image

Using PowerShell: Start the Exchange Management Shell, lets view the existing certificates and then make a new cert request like above. Finally import the issued certificate.

Get-ExchangeCertificate

Get-ExchangeCertificate | fl

This creates a new certificate request and saves it to a share
New-ExchangeCertificate –Server TLCAS01 –GenerateRequest –FriendlyName Exchange2013-PS –PrivateKeyExportable $true –SubjectName “c=SE, s=Skane, l=Malmo, o=Testlabs, ou=Testlabs, cn=mail.testlabs.se” –DomainName  mail.testlabs.se,autodiscover.testlabs.se –RequestFile “\\tldc01\certificates\test.req”

image

Import-ExchangeCertificate –Server TLCAS01 –FileName “\\tldc01\certificates\certnew-ps.cer” –PrivateKeyExportable $true –FriendlyName Exchange2013-PS

Enable-ExchangeCertificate –Thumbprint A2E6649A22A99BEAB2654BEB403C92BB9D34B404 –Services “IIS, SMTP, POP, IMAP” –Server TLCAS01

Get-ExchangeCertificate

image

Note: Make sure to specify –Server, or else you can have difficulties finding our created request. Mine landed at my Mailbox server even if I did it on the CAS server.

If you haven’t read it already, have a look at Part 1: Complete guide of how to perform the installation

Thanks for reading, I hope that it’s informative and great reading for most of you. It would be awesome if you guys leave some comments, what do you think about Exchange 2013? Maybe you have already installed the Preview/Beta? Which new feature is the best one?

Next part will cover Databases, Outlook Anywhere, Outlook 2013 and MAPI/RPC etc.

Part 3 can be found here

Exchange Server 2013 Preview – Part 1: Complete guide of how to perform the installation

Exchange Server 2013 Preview – Part 1: Complete guide of how to perform the installation

Since Exchange Server 2013 beta was released yesterday I’m glad to announce that my first installation is done and here’s a complete walkthrough.

My setup is basic, using one server as domain controller, Windows 2008 R2.
Initially for Exchange I’m using 3 servers, 1 server for the CAS role and 2 servers for the Mailbox role.

There are some prerequisites that need to be installed/removed before the installation of Exchange can take place.

Note: It’s now recommended to install the Mailbox server first. So I’m starting with that server.

Step 1. Install the administration pack using the commands below, make sure to restart the server before proceeding to step 2.

Import-Module ServerManager
Add-WindowsFeature RSAT-ADDS

image

Step 2. Install the Windows features that Exchange uses, for Mailbox and CAS server use the command below:

Import-Module ServerManager
Add-WindowsFeature Desktop-Experience, NET-Framework, NET-HTTP-Activation, RPC-over-HTTP-proxy, RSAT-Clustering, RSAT-Web-Server, WAS-Process-Model, Web-Asp-Net, Web-Basic-Auth, Web-Client-Auth, Web-Digest-Auth, Web-Dir-Browsing, Web-Dyn-Compression, Web-Http-Errors, Web-Http-Logging, Web-Http-Redirect, Web-Http-Tracing, Web-ISAPI-Ext, Web-ISAPI-Filter, Web-Lgcy-Mgmt-Console, Web-Metabase, Web-Mgmt-Console, Web-Mgmt-Service, Web-Net-Ext, Web-Request-Monitor, Web-Server, Web-Stat-Compression, Web-Static-Content, Web-Windows-Auth, Web-WMI

image

Step 3. When the feature is completed. Continue with the installation of the required components, use the links below to download the components.

.NET Framework 4.5 RC

Windows Management Framework 4.0

Unified Communications Managed API 4.0, Core Runtime 64-bit

Office 2010 Filterpack x64

Office 2010 Filterpack SP1 x64

KB 974405 (Windows Identity Foundation)

KB 2619234 (RPC over HTTP)

KB 2533623 (Remote code execution)

Note: Make sure to uninstall the Visual C++ 11 Beta Redistributable (x64) before starting the Exchange 2013 installation.

You can have a look at the setup.exe parameters using

setup.exe /?
setup.exe /help:install

image

Step 4. Start the installation using unattended installation for the Mailbox server role

setup.exe /mode:install /roles:Mailbox, ManagementTools /IAcceptExchangeServerLicenseTerms /InstallWindowsComponents /OrganizationName:Testlabs /TargetDir:"D:\Program Files\Microsoft\Exchange Server\V15"

The installation process starts up and prepare the organization for Exchange 2013, install the necessary Windows components. The schema prep can also be done manually using setup.exe /preparead, I’ve chosen to go with the default behavior.

When for the Mailbox server role installation is successfully finished it will tell you to restart the server.

image

Step 5. Start the installation of the Windows features for the CAS server role

Import-Module ServerManager
Add-WindowsFeature RSAT-ADDS
Add-WindowsFeature Desktop-Experience, NET-Framework, NET-HTTP-Activation, RPC-over-HTTP-proxy, RSAT-Clustering, RSAT-Web-Server, WAS-Process-Model, Web-Asp-Net, Web-Basic-Auth, Web-Client-Auth, Web-Digest-Auth, Web-Dir-Browsing, Web-Dyn-Compression, Web-Http-Errors, Web-Http-Logging, Web-Http-Redirect, Web-Http-Tracing, Web-ISAPI-Ext, Web-ISAPI-Filter, Web-Lgcy-Mgmt-Console, Web-Metabase, Web-Mgmt-Console, Web-Mgmt-Service, Web-Net-Ext, Web-Request-Monitor, Web-Server, Web-Stat-Compression, Web-Static-Content, Web-Windows-Auth, Web-WMI

Make sure to restart the server after the Windows features got installed.

Step 6. Start the installation of the CAS server role

setup.exe /mode:install /roles:ClientAccess, ManagementTools /IAcceptExchangeServerLicenseTerms /InstallWindowsComponents /OrganizationName:Testlabs /TargetDir:"D:\Program Files\Microsoft\Exchange Server\V15"

Since this is the second server, the schema prep is already done so the installation will skip that step.

When it’s finished it will look like the picture below, a restart of the server is required.

image

The installation of both servers are now completed.

Next blog post will be around how to configure Exchange 2013.

Thanks for reading, looking forward to your comments about the post and also about Exchange 2013 in general.

More information about the prerequisites can be found here.

What’s new in Exchange 2013

Next blog post, Part 2: How to do the Basic configuration

Can’t connect to Exchange using EMC / EMS

Can’t connect to Exchange using EMC / EMS

I was facing an issue after upgrading to Exchange 2010 SP2 in my lab environment.

When starting up the Management Shell and Console, it was telling me that it couldn’t connect to the Exchange server and that it couldn’t find an Exchange server in this site.

It was giving me the error message below
“The WinRM client cannot process the request. It cannot determine the content type of the HTTP response from the destination computer.”

After some research I found out that it could be because of the “WinRM IIS Extension” wasn’t installed.
So in my case I was adding it as a feature in Server Manager. (See the pic below)

During my research I also found out that if it was already installed, it should be uninstalled and run “winrm quickconfig”, restart.
And then install the feature again and run the command once again.

When it was installed, I tried to start the EMS again, with a great result J

Hope this post help those of you that faces the same issue that I did

Cheers!

Forum post around this: http://social.technet.microsoft.com/Forums/en-US/exchange2010/thread/5b82f131-b469-4661-9d6c-1c1c7939b73a

Out of Office and Free/Busy doesn’t work

 

Hi!

I’ve seen so many threads on the TechNet forum now so i thought it was time for a blog post around this topic.

 

I hit into trouble when the Out of Office (OoO) and Free Busy (F/B) functions didn’t work.
It started with troubleshooting it regarding certificate, names, URL’s and autodiscover testing.

Everything looked OK, but still the functions were out of order..

This issue will apply on both Exchange 2007 and 2010 as far as I know.

 

When using Outlook 2007 or newer and a user wants to configure his/her OoO, Outlook uses the EWS/Autodiscover functions and here we go.

This issue can be solved in the following way

  • Check the current config/settings
  • Check the certificate
  • DNS settings

 

  1. Check the following settings using the cmd-lets

Get-OwaVirtualDirectory | fl name, path, *url*
Get-WebServicesVirtualDirectory | fl name, path, *url*
Get-OabVirtualDirectory | fl name, path, *url*
Get-ActiveSyncVirtualDirectory | fl name, path, *url*
Get-AutodiscoverVirtualDirectory | fl name, path, *url*
Get-ClientAccessServer | fl name, *uri*

Save the results from those commands and compare the names to the certificate since the names in the settings needs in the certificate.

 

  1. Check the included names in the certificate

Get-ExchangeCertificate | fl certificatedomains,services,status,notbefore,issuer

Let’s compare the results with each other..

 

  1. DNS settings

The DNS settings were OK since a SRV record was created for the Autodiscover function internally and it was tested successfully using

Test-OutlookWebServices -Identity klas.andersson@target.local

 

========================================================================

 

In my case, it looked OK but still didn’t function and we did a lot of research around the issue and found that a delete and recreate of the virtual directories (vdir) should solve the issue.

But that wasn’t the case..

We successfully deleted the EWS vdir but couldn’t create a new one since the prompt was telling us that the object was already in the Active Directory.

The picture below shows the error message

 

However, the command we run did create the EWS vdir, but without any path, so it’s impossible to use it and it couldn’t be configured using the “Set” command either.

 

The only option for solving this issue will be to remove the CAS role and then reinstall it.
This can easily be done using the Exchange media (ISO or extracted files)..

Start up an elevated command prompt and go to the path of the media and run:

Setup /mode:uninstall /roles:ca

When the procedure is completed, let’s restart the server.

 

When the server has been restarted, let’s start up an elevated command prompt again and reinstall the CAS role using:

Setup /mode:install /role:ca

 

When the installation is done, I would recommend to restart the server again to fresh it up.

When it’s started up, let’s check the settings:

Get-WebServicesVirtualDirectory | fl

Here we see that the path have been added..
So let’s try the OoO function using Outlook 2010, pressing File-> Info -> Automatic Replies (Out of Office).

Here we go J

 

Hope this information will become valuable for anyone that hit into the same problem that I did.

To me this seems to be a bug that the vdirs cannot be removed and then cannot be recreated.
Hopefully we will not see these kinds of errors in the future J

DirSync between Domino and Exchange 2010

 

Published: 2011-04-19
Updated: –
Version: 1.0

Since this is included with Coexistence Manager for Notes from version 3.0 and above it was released very late last year (2010).
The version I’m using in the lab is 3.0.2 and is currently the latest version when this blog post is released.

Below are some known issues that are fixed in version 3.0.2.

Known Issues in the CMN Directory Connector:

#140661 SMTP addresses that contain a space within a quoted string, such as “Wilbur Jones”@domain.com, are not supported in this release of the Directory Connector.
The addresses must be corrected (remove the space).
#139586 The Directory Connector Configurator creates a folder for each defined Connector (under …\Directory Connector\Tools\Connections) to store Connector-specific
information. The Remove feature does not remove this corresponding Connector folder.

 

More information about Coexistence Manager for Notes can be found here.
I don’t deal with license questions, these can be handled directly by Quest, just send them an email on: info@quest.com.

When downloading the trial version of the product there are some PDF’s with valuable information included, make sure you read
through them if you’re going to use the product(s). There are also some videos about DirSync included

  • Configuring LDAP
  • Domino to Exchange DirSync
  • Exchange to Domino DirSync

If you’re reading this post I suppose you already know what CMN DirSync provides, this post is based on basic knowledge of the product.

Any form of feedback on the article would be nice, good as bad.

Infrastructure Setup

 

This is an overview of my Infrastructure in this setup.

Installation

 

Prerequisites

  • Microsoft .NET Framework 4.0
  • An account for synchronization that have access for creating objects in each directory’s

 

Configuration

 

The first thing to do is to install the license; it’s done by starting “Quest Coexistence Manager for Notes Configurator”. Go to Common -> Licenses and browse for the license file.

Directory Synchronization (Domino -> Exchange)

 

For creating a DirSync connector, go to “Connector Settings” and pressing Add.

Start with typing in a friendly name for the Connector.
Mine is called “Domino to Exchange” and Direction: Notes to Exchange.
Press Next.

Typing in the credentials for Source server:

Server: domino
Username: system/target
Password: ****
Port: 389

Typing in credentials for Target directory (Active Directory)

Target Server: server02 (DC)
Username: Administrator
Password: ****
Port: 389

I want to synchronize “Users & Contacts” from O=taget (Organization).

Select a Target OU for the objects to be placed into, also specify the Exchange part of the sub-domain,
in my case it’s domino.target.local and the check “Notes Migrator for Exchange compatibility mode” so the objects not get duplicated.

Facts from Quest PDF:

Notes Migrator for Exchange compatibility mode: If this checkbox is marked, the Connector will merge any processed object from the source
that matches (by proxyaddresses) an existing object in the target. For each processed object from the source, the Connector will search the
entire target directory (all containers) for any merged object with the same proxyaddress. If this checkbox is not marked,
the Note: The values you enter for Notes Calendar domain, Notes Domain and Server Running QCALCON are merged with the AD source data
that is pushed into Notes. There are no comparable fields for this data in Active Directory. If you later change the value of any of these fields,
it will appear that the source data has changed, although nothing has actually changed in AD.

Quest Coexistence Manager for Notes 3.0 Directory Connector will compare its source objects to the target objects, and will copy only new
source objects into the target. Note: This feature is intended to find and eliminate duplicate objects (same proxyaddresses), and thereby
help prevent directory looping—which proliferates duplicate objects by copying them back and forth.

Quest therefore recommends that you enable this feature (mark the checkbox) unless you have a particular strategic reason not to.
If you experience Connector errors that appear due to duplicate objects, or if you just want to learn more about duplicate objects,
see Connector Errors Due to Duplicate Objects in the Troubleshooting Appendix of this User Guide.
This checkbox must be marked if you will use Quest’s CMN Free/Busy Connector.

Note Also: When using NME compatibility mode with a Notes-to-Exchange Connector (only), some admins report that Domino updates
sometimes do not arrive in Active Directory. This is actually a system latency issue rather than a CMN process bug. In some environments
the Domino changes simply take a few seconds to propagate to the Notes LDAP service, and therefore may be missed if the Connector is
run too soon after the updates are entered in Domino. The Connector will succeed, however, if you wait a minute or two after the last of the
Domino updates before running the Connector.


Since there is no existing connector, it cannot be selected.

Scheduling settings, I choose to synchronize Daily at 1 AM. Press Add.

These users below are located in Domino as mail-users and will be synchronized into Active Directory.

Right clicking the connector and make sure it runs and then validate if any objects have been created.
In my case they are located under DirSync OU and looks like the picture below.

The first impressive tells me that it haven’t synchronized everything since 2 objects are missing.
BUT, they already have a mailbox with that proxyaddress so we have now validated the function for Notes Migrator for Exchange compatibility mode.

Directory Synchronization (AD/Exchange -> Domino)

 

For creating a DirSync connector, go to “Connector Settings” and pressing Add.

Start with typing in a friendly name for the Connector.
Mine is called “Exchange to Domino” and Direction: Exchange to Notes.
Press Next.

Typing in credentials for Source directory (Active Directory)

Target Server: server02 (DC)
Username: target\administrator
Password: ****
Port: 3268

Typing in the credentials for Source server:

Server: domino
Username: system/target
Password: ****
Port: 389

I want to synchronize “Users & Contacts” from OU=Migrated..

Domino target information

Exchange Internal Routing Domain: exch.target.local
Notes Calendar domain: Exchange
Notes Domain: target
Server running QCALCON: domino

And check the NME compatibility mode

I choose to not make any kind of order management setting on my DirSync connectors.

Scheduling settings, I choose to synchronize Daily at 2 AM. Press Add.
Then the DirSync in the other direction is finished and up-to-date.

Domino configuration

 

In case of objects should be synchronized from Exchange into Domino, Domino must be LDAP configured.

This is done by using Domino Administrator, select Configuration tab and Directory, LDAP and Settings.
Allow LDAP users write access: Yes

Then select, Save and Close and restart the Domino server.

Quest recommends that DirSync resides on a separate server.

For setting up CMN from Quest, it’s recommended to use a PSO (certified consultant)!

Feel free to give feedback on the article!

Outlook 2007 Online Archive investigation

 

The system setup I’m using is based on Exchange 2010 SP1 UR2.

This post is a summary of everything that have been written about Outlook 2007 and the archive feature.

Outlook versions that includes the Online Archive feature
Office Professional Plus with volume license
Office Ultimate (retail)
*Office Enterprise with volume license
Outlook Standalone (retail)
Outlook Standalone with volume license

* The version I’m using in my tests

Office 2007 Service Pack 2 needs to be installed before any of the hotfixes will be installed, the Service Pack can be found here:
http://www.microsoft.com/downloads/en/details.aspx?FamilyID=b444bf18-79ea-46c6-8a81-9db49b4ab6e5

The first hotfix that should enable the online archiving feature were made available online in Dec 2010: (Don’t use this one)
http://support.microsoft.com/hotfix/KBHotfix.aspx?kbnum=2458611

But unfortunately there were issues in this hotfix
http://www.officeforlawyers.com/outlook/tips/2412171.html
http://eightwone.com/2010/12/15/outlook-2007-and-exchange-2010-personal-archive-support/

When the archive feature is working and the archive is enabled on a mailbox it should look like this

I’m using the latest hotfix that was released on the 28th of February.
Read about the cumulative update and download it from here:
http://msexchangeteam.com/archive/2011/02/28/458375.aspx

Request the hotfix from here:
http://support.microsoft.com/hotfix/KBHotfix.aspx?kbnum=2475891&kbln=en-us


Cached Exchange Mode and Archive Mailboxes

In Outlook 2010 and Outlook 2007, users can access archive mailboxes only when they’re connected to the Exchange server. The connection can be an RPC (over TCP) connection, or Outlook Anywhere (aka RPC over HTTP). Even if the Outlook profile is configured to use Cached Exchange Mode, the archive mailbox is never cached locally to the user’s computer. When the user is no longer connected to Exchange, the archive mailbox becomes inaccessible. The locally cached primary mailbox remains accessible if using Cached Exchange Mode.

Once the archive mailbox is visible in Outlook 2007, users can expand the folder hierarchy, and are able to perform the following operations:

  • Move or copy messages and folders between their primary mailbox and the archive mailbox
  • Move or copy messages and folders between a PST file and their archive mailbox (if access to PST files is not blocked by the administrator).

    Note: In Exchange 2010 SP1, administrators can also use mailbox import requests to import data from PST files to either the user’s archive or primary mailbox. For more information, see Understanding Mailbox Import and Export Requests.

  • Export or import messages to and from the archive mailbox
  • Use Inbox Rules to automatically move messages to a folder in the archive mailbox

However, Outlook 2007 does not support the following functionality:

  • Search across primary and archive mailboxes: When a user searches the primary mailbox, and selects All Mailbox Items, Outlook does not search the archive mailbox. Similarly, when the user searches the archive mailbox, the primary mailbox is not searched.
  • Archive policies: In Outlook 2007, users can’t use personal tags (also known as archive policies) to move items to the archive mailbox. Any default archive policies for the mailbox continue to be applied. Users can use Outlook Web App to see or apply archive policies.

 

Sources
http://msexchangeteam.com/archive/2010/12/20/457238.aspx
http://technet.microsoft.com/en-us/library/dd979795.aspx
http://www.officeforlawyers.com/outlook/tips/2412171.html
http://eightwone.com/2010/12/15/outlook-2007-and-exchange-2010-personal-archive-support/

Released: Office 2007 Cumulative Update for February 2011

 

The 28th of February ExchangeTeamBlog posted that it was released, this update fixes some issues there have been with the Online Archive feature for Outlook 2007 SP2.

More information about the hotfix can be found at: http://msexchangeteam.com/archive/2011/02/28/458375.aspx
KB article: http://support.microsoft.com/kb/2475891
Request the hotfix: http://support.microsoft.com/hotfix/KBHotfix.aspx?kbnum=2475891&kbln=en-us

The original post about Outlook 2007 and the Personal/Online Archive can be found here
http://msexchangeteam.com/archive/2010/12/20/457238.aspx

I will shortly post an update on a test with the new hotfix.

Cheers J

Load More