Exchange 2013

Update: Exchange 2013 script – automatic installation of prerequisites v2.1 *NEW*

Update: Exchange 2013 script – automatic installation of prerequisites v2.1 *NEW*

*Update*

*********************************************************************************************************************************************

Reuben Welsh came up with a great feature request regarding verifying the checksum of the files that’s being installed.
This has been implemented in the version 2.1 of the script.

*********************************************************************************************************************************************

For a year ago I was publishing a script that helped with installing prerequsites for Exchange 2013, this has now been updated so it also works for Exchange 2013 SP1 and Windows Server 2012 R2.
I hope this script helps someone for a smoother installation.
The script can be downloaded here: http://www.testlabs.se/blog/wp-content/uploads/2014/04/Install-Exchange2013PreReqs_v2.1.zip

*********************************************************************************************************************************************

Feel free to use this, make sure to test it in a test environment before using it inside production.
All contents is provided “AS IS” with no warranties, and confers no rights. You assume all risk for your use.

# +=======================================================================
 # | Blog: <a href="http://www.testlabs.se/blog">http://www.testlabs.se/blog</a>
 # | Twitter: @jonand82
 # | =============================================
 # | Filename: Install-Exchange2013PreReqs_v2.1.ps1
 # |
 # | CREATED BY: Jonas Andersson - Original written by: Pat Richard, Anderson Patricio and Bhargav Shukla
 # | FUNCTION: Installs and configures the prerequisites to install Exchange 2013 on..
 # | ..Windows Server 2008 R2, Windows Server 2012 or Windows Server 2012 R2 server
 # |
 # | CHANGE LOG:
 # | v1.0 - 2013-04-05, *Created*
 # | v2.0 - 2014-04-11, *Updated with functions*
 # | v2.1 - 2014-04-28, *Checksum implemented*
 # |
 # | <a href="http://www.ucblogs.net/blogs/exchange/archive/2009/12/12/Automated-prerequisite-installation-via-PowerShell-for-Exchange-Server-2010-on-Windows-Server-2008-R2.aspx">http://www.ucblogs.net/blogs/exchange/archive/2009/12/12/Automated-prerequisite-installation-via-PowerShell-for-Exchange-Server-2010-on-Windows-Server-2008-R2.aspx</a>
 # | <a href="http://msmvps.com/blogs/andersonpatricio/archive/2009/11/13/installing-exchange-server-2010-pre-requisites-on-windows-server-2008-r2.aspx">http://msmvps.com/blogs/andersonpatricio/archive/2009/11/13/installing-exchange-server-2010-pre-requisites-on-windows-server-2008-r2.aspx</a>
 # | <a href="http://www.bhargavs.com/index.php/powershell/2009/11/script-to-install-exchange-2010-pre-requisites-for-windows-server-2008-r2/">http://www.bhargavs.com/index.php/powershell/2009/11/script-to-install-exchange-2010-pre-requisites-for-windows-server-2008-r2/</a>
 # | <a href="http://www.tinyint.com/index.php/2011/09/14/get-an-md5-or-sha1-checksum-with-powershell/">http://www.tinyint.com/index.php/2011/09/14/get-an-md5-or-sha1-checksum-with-powershell/</a>
 # +=======================================================================

# Detect correct OS here and exit if no match
 if (-not((Get-WMIObject win32_OperatingSystem).OSArchitecture -eq '64-bit') -and (((Get-WMIObject win32_OperatingSystem).Version -eq "6.1.7601") -or ((Get-WMIObject win32_OperatingSystem).Version -eq "6.2.9200") -or ((Get-WMIObject win32_OperatingSystem).Version -eq "6.3.9600"))) {
 Write-Host "This script requires a 64bit version of Windows Server 2008 R2, Windows Server 2012 or Windows Server 2012 R2, which this is not." -ForegroundColor Red -BackgroundColor Black
 Exit
 }

function Get-Checksum
 {
 Param (
 [string]$File=$(throw("You must specify a filename to get the checksum of.")),
 [ValidateSet("sha1","md5")]
 [string]$Algorithm="sha1"
 )

$fs = new-object System.IO.FileStream $File, "Open"
 $algo = [type]"System.Security.Cryptography.$Algorithm"
 $crypto = $algo::Create()
 $hash = [BitConverter]::ToString($crypto.ComputeHash($fs)).Replace("-", "")
 $fs.Close()
 $hash
 }

function Disable-UAC() {

function UAC-status() {

$path = "HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\System"
 $EnableLUA = ""
 $EnableLUA = Get-ItemProperty $path -Name EnableLUA

if ($EnableLUA.EnableLUA -eq "0") {
 [bool]$UACenabled = $false
 }

if ($EnableLUA.EnableLUA -eq "1") {
 [bool]$UACenabled = $true
 }

return $UACenabled
 }

[bool]$status = UAC-status

if ($status -ne $true) {
 Write-Host "UAC already disabled" -ForegroundColor Green
 return
 }

else {

Write-Host "Starting to disable UAC.."

Set-ItemProperty "HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\System" -Name "EnableLUA" -Value 0
 Start-Sleep -Seconds 2

[bool]$status = UAC-status

if ($status -ne $false) {
 Write-Host "An error occurred, try again." -ForegroundColor Red
 return
 }

else {
 Write-Host "UAC Enabled:", $status
 Write-Host "...."
 Write-Host "UAC is now disabled" -ForegroundColor Green
 Write-Host "Registry key HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA has been changed." -ForegroundColor White
 }
 }
 }

function Disable-FW() {

function FW-status() {

$status = ""
 $status = netsh advfirewall show allprofiles state

if ($status | Select-String "ON") {
 [bool]$enabled = $true
 }

else {
 [bool]$enabled = $false
 }

return $enabled
 }

[bool]$fwstatus = FW-status

if ($fwstatus -eq $false) {
 Write-Host "Firewall is already disabled" -ForegroundColor Green
 return
 }

if ($fwstatus -eq $true) {

Write-Host "Starting to disable the firewall.."

$param = "advfirewall set allprofiles state off"
 $run = (Start-Process netsh -ArgumentList $param -Wait -PassThru).ExitCode
 if ($run -ne 0) { Write-Host "Failed!" -ForegroundColor Red }

[bool]$fwstatus = FW-status

if ($fwstatus -ne $false) {
 Write-Host "An error occurred, try again." -ForegroundColor Red
 return
 }

else {
 Write-Host "Firewall enabled:", $fwstatus
 Write-Host "...."
 Write-Host "Firewall is now disabled" -ForegroundColor Green
 }
 }
 }

function InstallFilterPack() {

function DownloadFilterPack1() {

#Download Microsoft Filter Pack
 Write-Host "Downloading Microsoft Filter Pack..." -nonewline
 $clnt = New-Object System.Net.WebClient
 $url = "<a href="http://download.microsoft.com/download/0/A/2/0A28BBFA-CBFA-4C03-A739-30CCA5E21659/FilterPack64bit.exe&quot;">http://download.microsoft.com/download/0/A/2/0A28BBFA-CBFA-4C03-A739-30CCA5E21659/FilterPack64bit.exe"</a>
 $clnt.DownloadFile($url,$file1)
 Write-Host "done!" -ForegroundColor Green
 }

function DownloadFilterPack2() {

#Download Microsoft Filter Pack SP1
 Write-Host "Downloading Microsoft Filter Pack SP1..." -nonewline
 $clnt = New-Object System.Net.WebClient
 $url = "<a href="http://download.microsoft.com/download/A/A/3/AA345161-18B8-45AE-8DC8-DA6387264CB9/filterpack2010sp1-kb2460041-x64-fullfile-en-us.exe&quot;">http://download.microsoft.com/download/A/A/3/AA345161-18B8-45AE-8DC8-DA6387264CB9/filterpack2010sp1-kb2460041-x64-fullfile-en-us.exe"</a>
 $clnt.DownloadFile($url,$file2)
 Write-Host "done!" -ForegroundColor Green
 }

function InstallFilterPack1() {

#Install Microsoft Filter Packs 1
 Write-Host "Installing Microsoft Filter Packs..."

$args = "/quiet /norestart"
 $setup1 = (Start-Process $file1 -ArgumentList $args -Wait -PassThru).ExitCode
 if ($setup1 -eq 0) {
 Write-Host "Successfully installed $file1" -ForegroundColor Green
 }

if ($setup1 -ne 0) {
 Write-Host "Failed!" -ForegroundColor Red
 }
 }

function InstallFilterPack2() {

$args = "/quiet /norestart"
 $setup2 = (Start-Process $file2 -ArgumentList $args -Wait -PassThru).ExitCode
 if ($setup2 -eq 0) {
 Write-Host "Successfully installed $file2" -ForegroundColor Green
 }

if ($setup2 -ne 0) {
 Write-Host "Failed!" -ForegroundColor Red
 }
 }

if (Get-ItemProperty "HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall\{95140000-2000-0409-1000-0000000FF1CE}" -ErrorAction SilentlyContinue) {

Write-Host "FilterPack is already installed." -ForegroundColor Yellow
 return
 }

else {

trap {
 Write-Host "Problem downloading FilterPackx64.exe. Please visit: <a href="http://www.microsoft.com/en-us/download/details.aspx?id=26604">http://www.microsoft.com/en-us/download/details.aspx?id=26604</a> and <a href="http://www.microsoft.com/en-us/download/details.aspx?id=17062&quot;">http://www.microsoft.com/en-us/download/details.aspx?id=17062"</a>
 break
 }

#set a var for the folder you are looking for
 $folderPath = 'C:\Temp'

#Check if folder exists, if not, create it
 if (Test-Path $folderpath) {
 Write-Host "The folder $folderPath exists."
 }

else {
 Write-Host "The folder $folderPath does not exist, creating..." -NoNewline
 New-Item $folderpath -type directory | Out-Null
 Write-Host "done!" -ForegroundColor Green
 }

$file1 = $folderPath+"\FilterPack64bit.exe"
 $file1chksum = "9253B09EA9A2ADD0E773CD30FE4120F5732C4D98"

$file2 = $folderPath+"\filterpack2010sp1-kb2460041-x64-fullfile-en-us.exe"
 $file2chksum = "2C7B81D0C148E3E1894A9183FEE6A543EA5DC9B2"

# Check if file exists, if not, download it
 if (Test-Path $file1) {
 Write-Host "The file $file1 exists."

$chksum1 = Get-Checksum $file1
 if ($file1chksum.CompareTo($chksum1) -eq 0) {
 Write-Host "Checksum OK" -ForegroundColor 'Green'
 InstallFilterPack1
 }

else {
 Write-Host "Checksum Error, removing $file1" -ForegroundColor 'Red'
 Remove-Item $file1
 DownloadFilterPack1
 InstallFilterPack1
 }
 }

else {
 #Download Microsoft Filter Pack
 DownloadFilterPack1

#Install FilterPack 1
 InstallFilterPack1
 }

if (Test-Path $file2) {
 Write-Host "The file $file2 exists."

$chksum2 = Get-Checksum $file2
 if ($file2chksum.CompareTo($chksum2) -eq 0) {
 Write-Host "Checksum OK" -ForegroundColor 'Green'
 InstallFilterPack2
 }

else {
 Write-Host "Checksum Error, removing $file2" -ForegroundColor 'Red'
 Remove-Item $file2
 DownloadFilterPack2
 InstallFilterPack2
 }
 }

else {
 #Download Microsoft Filter Pack SP1
 DownloadFilterPack2

#Install Microsoft Filter Pack SP1
 InstallFilterPack2
 }
 }
 }

function InstallUMAPI() {

function InstallMicrosoftUMAPI() {

#Check/Install Media Foundation feature
 $mf = Get-WindowsFeature "Server-Media-Foundation" | select *

Start-Sleep 2

if ($mf.Installed -eq $False) {

Write-Host "Installing Media Foundation feature..."    -ForegroundColor Green
 Add-Windowsfeature Server-Media-Foundation

Write-Host ""
 Write-Host "Installing of Media Foundation feature completed." -ForegroundColor Green
 Write-Host ""
 Write-Host "Restart the server and restart the task" -ForegroundColor Red
 Write-Host "or else the UM API won't be installed" -ForegroundColor Red
 Write-Host ""
 return
 }

if ($mf.Installed -eq $True) {

#Install Microsoft UM API
 Write-Host "Installing Microsoft UM API..." -ForegroundColor Green

$args = "/quiet /norestart"
 $setup = (Start-Process $file -ArgumentList $args -Wait -PassThru).ExitCode
 if ($setup -eq 0) {
 Write-Host "Successfully installed $file" -ForegroundColor Green
 }

if ($setup -ne 0) {
 Write-Host "Failed!" -ForegroundColor Red
 }
 }
 }

function DownloadMicrosoftUMAPI() {

#Download Microsoft UM API
 Write-Host "Downloading Microsoft UM API..." -nonewline
 $clnt = New-Object System.Net.WebClient
 $url = "<a href="http://download.microsoft.com/download/2/C/4/2C47A5C1-A1F3-4843-B9FE-84C0032C61EC/UcmaRuntimeSetup.exe&quot;">http://download.microsoft.com/download/2/C/4/2C47A5C1-A1F3-4843-B9FE-84C0032C61EC/UcmaRuntimeSetup.exe"</a>
 $clnt.DownloadFile($url,$file)
 Write-Host "done!" -ForegroundColor Green
 }

#Checking for regkey
 if (Get-ItemProperty "HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall\UCMA4" -ErrorAction SilentlyContinue) {

Write-Host "Unified Communications Managed API 4.0 Runtime is already installed." -ForegroundColor yellow
 return
 }

else {

trap {
 Write-Host "Problem downloading UM API. Please visit: <a href="http://www.microsoft.com/en-us/download/details.aspx?id=34992&quot;">http://www.microsoft.com/en-us/download/details.aspx?id=34992"</a>
 break
 }

#set a var for the folder you are looking for
 $folderPath = 'C:\Temp'

#Check if folder exists, if not, create it
 if (Test-Path $folderpath) {
 Write-Host "The folder $folderPath exists."
 }

else {
 Write-Host "The folder $folderPath does not exist, creating..." -NoNewline
 New-Item $folderpath -type directory | Out-Null
 Write-Host "done!" -ForegroundColor Green
 }

# Check if file exists, if not, download it
 $file = $folderPath+"\UcmaRuntimeSetup.exe"
 $filechksum = "5E4D536E916F9C97EE5A91A61952589825AEAA6C"
 if (Test-Path $file) {
 Write-Host "The file $file exists."

$chksum3 = Get-Checksum $file
 if ($filechksum.CompareTo($chksum3) -eq 0) {
 Write-Host "Checksum OK" -ForegroundColor 'Green'

#Install Microsoft UM API
 InstallMicrosoftUMAPI
 }

else {
 #Remove the file with wrong checksum
 Remove-Item $file

#Download Microsoft UM API
 DownloadMicrosoftUMAPI

#Install Microsoft UM API
 InstallMicrosoftUMAPI
 }
 }

else {
 #Download Microsoft UM API
 DownloadMicrosoftUMAPI

#Install Microsoft UM API
 InstallMicrosoftUMAPI
 }
 }
 }

Import-Module ServerManager
 $opt = "None"
 # Do {
 clear
 if ($opt -ne "None") {Write-Host "Last command: "$opt -foregroundcolor Yellow}
 Write-Host
 Write-Host Exchange Server 2013 SP1 - Prerequisites script
 Write-Host Please, select which role you are going to install..
 Write-Host
 Write-Host '1) Client Access Server'
 Write-Host '2) Mailbox'
 Write-Host '3) Typical (CAS/Mailbox)'
 Write-Host
 Write-Host '10) Install Microsoft Filter Pack 2.0'
 Write-Host '    Recommended if installing Mailbox Server roles' -foregroundcolor yellow
 Write-Host '    Automatically set for options 2 and 3' -foregroundcolor yellow
 Write-Host '11) Install Microsoft UM API' -foregroundcolor yellow
 Write-Host '    Automatically set for options 1, 2 and 3' -foregroundcolor yellow
 Write-Host '12) Disable UAC'
 Write-Host '13) Disable Firewall'
 Write-Host
 Write-Host '18) Restart the Server'
 Write-Host '19) End'
 Write-Host
 $opt = Read-Host "Select an option.. [1-19]? "

$Win2008feat = "Desktop-Experience", "NET-Framework", "NET-HTTP-Activation", "RPC-over-HTTP-proxy", "RSAT-Clustering", "RSAT-Web-Server", "WAS-Process-Model", "Web-Asp-Net", "Web-Basic-Auth", "Web-Client-Auth", "Web-Digest-Auth", "Web-Dir-Browsing", "Web-Dyn-Compression", "Web-Http-Errors", "Web-Http-Logging", "Web-Http-Redirect", "Web-Http-Tracing", "Web-ISAPI-Ext", "Web-ISAPI-Filter", "Web-Lgcy-Mgmt-Console", "Web-Metabase", "Web-Mgmt-Console", "Web-Mgmt-Service", "Web-Net-Ext", "Web-Request-Monitor", "Web-Server", "Web-Stat-Compression", "Web-Static-Content", "Web-Windows-Auth", "Web-WMI"
 $Win2012feat = "AS-HTTP-Activation", "Desktop-Experience", "NET-Framework-45-Features", "RPC-over-HTTP-proxy", "RSAT-Clustering", "RSAT-Clustering-CmdInterface", "RSAT-Clustering-Mgmt", "RSAT-Clustering-PowerShell", "Web-Mgmt-Console", "WAS-Process-Model", "Web-Asp-Net45", "Web-Basic-Auth", "Web-Client-Auth", "Web-Digest-Auth", "Web-Dir-Browsing", "Web-Dyn-Compression", "Web-Http-Errors", "Web-Http-Logging", "Web-Http-Redirect", "Web-Http-Tracing", "Web-ISAPI-Ext", "Web-ISAPI-Filter", "Web-Lgcy-Mgmt-Console", "Web-Metabase", "Web-Mgmt-Console", "Web-Mgmt-Service", "Web-Net-Ext45", "Web-Request-Monitor", "Web-Server", "Web-Stat-Compression", "Web-Static-Content", "Web-Windows-Auth", "Web-WMI", "Windows-Identity-Foundation"

switch ($opt) {
 1 {

# Windows Server 2008 R2 SP1
 if ((Get-WMIObject win32_OperatingSystem).Version -eq "6.1.7601") {

InstallUMAPI
 Import-Module ServerManager
 Add-WindowsFeature $Win2008feat -restart
 }

# Windows Server 2012 or Windows Server 2012 R2
 if (((Get-WMIObject win32_OperatingSystem).Version -eq "6.2.9200") -or ((Get-WMIObject win32_OperatingSystem).Version -eq "6.3.9600")) {

InstallUMAPI
 Install-WindowsFeature $Win2012feat -restart
 }
 }

2 {

# Windows Server 2008 R2 SP1
 if ((Get-WMIObject win32_OperatingSystem).Version -eq "6.1.7601") {

Import-Module ServerManager
 InstallUMAPI
 InstallFilterPack
 Add-WindowsFeature $Win2008feat -restart
 }

# Windows Server 2012 or Windows Server 2012 R2
 if (((Get-WMIObject win32_OperatingSystem).Version -eq "6.2.9200") -or ((Get-WMIObject win32_OperatingSystem).Version -eq "6.3.9600")) {

InstallUMAPI
 InstallFilterPack
 Install-WindowsFeature $Win2012feat -restart
 }
 }

3 {

# Windows Server 2008 R2
 if ((Get-WMIObject win32_OperatingSystem).Version -eq "6.1.7601") {

Import-Module ServerManager
 InstallFilterPack
 InstallUMAPI
 Add-WindowsFeature $Win2008feat -restart
 }

# Windows Server 2012 or Windows Server 2012 R2
 if (((Get-WMIObject win32_OperatingSystem).Version -eq "6.2.9200") -or ((Get-WMIObject win32_OperatingSystem).Version -eq "6.3.9600")) {

InstallUMAPI
 InstallFilterPack
 Install-WindowsFeature $Win2012feat -restart
 }
 }

10 {
 # future - auto detect Internet access
 Write-Host 'Can this server access the Internet?'
 $filtpack = Read-Host 'Please type (Y)es or (N)o...'
 switch ($filtpack)                {
 Y { InstallFilterPack }
 N {Write-warning 'Please download and install Microsoft Filter Pack from here: <a href="http://www.microsoft.com/en-us/download/details.aspx?id=26604">http://www.microsoft.com/en-us/download/details.aspx?id=26604</a> and <a href="http://www.microsoft.com/en-us/download/details.aspx?id=17062'}">http://www.microsoft.com/en-us/download/details.aspx?id=17062'}</a>
 }
 }

11 {
 # future - auto detect Internet access
 Write-Host 'Can this server access the Internet?'
 $umapi = Read-Host 'Please type (Y)es or (N)o...'
 switch ($umapi)                {
 Y { InstallUMAPI }
 N {Write-Warning 'Please download and install Microsoft UM API from here: <a href="http://www.microsoft.com/en-us/download/details.aspx?id=34992'}">http://www.microsoft.com/en-us/download/details.aspx?id=34992'}</a>
 }
 }

12 { Disable-UAC }
 13 { Disable-FW }
 18 { Restart-Computer }
 19 {
 Write-Host "Exiting..."
 Exit
 }
 default {Write-Host "You haven't selected any of the available options. "}
 }

Part 6: Prerequisites for Coexistence between Domino and Exchange 2013/Office 365

Part 6: Prerequisites for Coexistence between Domino and Exchange 2013/Office 365

Published: 2013-10-08
Updated: –
Version: 1.0

This post will focus on having the technical prerequisites ready and in place for a successful Domino/Notes coexistence deployment.

Before going into any details, if you are planning to do have a coexistence scenario between Domino and Exchange, you may consider to use Dell Software’s Coexistence Manager for Notes. One important thing to mention is that there is a requirement from the vendor, to use certified people for the project.

This blog post is based on Coexistence Manager for Notes version 3.5.0.29

Read the other parts:

Part 1: Migrations – Overview
Part 2: Prerequisites for Domino/Notes migrations
Part 3: Migrating Domino/Notes to Exchange 2013 On-premise
Part 4: Migrating Domino/Notes to Office 365
Part 5: Migrating Resources Mailboxes, Mail-In databases and Groups
Part 7: Configuring Coexistence Manager for Notes with Exchange 2013 On-premise
Part 8: Configuring Coexistence Manager for Notes with Office 365
Part 9: Prerequisites for Migration Manager
Part 10: Migrating User Mailboxes from Exchange 2003 to Exchange 2013 using Migration Manager
Part 11: Migrating User Mailboxes from Exchange On-premise to Office 365

Service Accounts

Some service accounts are needed when using the coexistence software, as outlined below.

Mail connector

No specific account with permissions is required.

Free/Busy

For looking up the free/busy information, we need read access on both sides. One regular Exchange mailbox/Office 365 mailbox and one regular Domino mailbox.

One thing to keep in mind when established coexistence between on-premise Domino and Office 365 is that an additional namespace needs to be introduced for having the requests to use Autodiscover and find the route back. If that for any reason can’t be implemented a hybrid solution is the only possible way of solving it. More info about this in the upcoming post.

Directory connector

The service account used for directory sync should be a member of the Domain Admin and Organization Management groups to provide the rights to Active Directory (or delegated write permissions to the specified OU).
On the Domino side, a regular account can be used with read permissions through LDAP to the different address books that should be synced. Write permissions is only required if synchronization should take place from AD to Domino. Note that the Internet password needs to be configured for this account.

One thing to keep in mind is that synchronizing the Domino objects directly to Office 365 is not supported. However, this can be done in a two-step procedure by directory synchronizing them from Domino into the local Active Directory and then use the Microsoft Office 365 dirsync tool for having them in Office 365.

Note: Target Active Directory server must have the Exchange schema extensions for being able to create mail contacts.

Availability Address Space

One thing that’s required for free/busy lookups is that the availability address space is configured. This is done either in the on-premise Exchange or Office 365.

The cmdlet for doing it on-premise:

Add-AvailabilityAddressSpace -ForestName <smtpdomain>
-AccessMethod OrgWideFB

For doing this in Office 365, run the following cmdlet:

New-AvailabilityConfig –OrgWideAccount questmsn
$domain = "<YourHostDomain>.onmicrosoft.com"
$adminUserId = "<YourID>"
$adminCredsId = "<YourUserName>"
$adminCredsPassword = "<YourPassword>"
$securePassword = ConvertTo-SecureString
$adminCredsPassword -AsPlainText -Force
$adminCreds = New-Object
System.Management.Automation.PSCredential($adminCredsId,$securePassword)
Add-AvailabilityAddressSpace -AccessMethod OrgWideFB -ForestName
<YourDomain.com> -Credentials $adminCreds -TargetAutodiscoverEpr
'https://autodiscover.<YourDomain.com>/autodiscover/autodiscover.xml'
Office 365

If CMN is using in an on-premise deployment, I would recommend or at least consider using internal PKI for the certificate, since the certificate chain can easily be deployed using Group Policy’s.

But in the case of having coexistence between on-premise Domino and Office 365, the freebusy requests to the CMN server(s) will come from an external part (Office 365) and they don’t trust your internal PKI solution, so it’s a requirement of buying a certificate from a trusted root vendor.

SQL Server

With version 3.5.x of Coexistence Manager for Notes (CMN), now uses SQL Server for its configuration and collected data.

The Native Client needs to be installed together with SQL Server 2005 or SQL Express 2005, or newer.

In my lab environment, I’m running SQL 2008 R2 Express on my Coexistence server. In larger environments, the databases can be placed onto a SQL cluster/server instead of having them locally.

If you, however, choose to use SQL Express, make sure to take backups of the databases.

Lotus Notes client

If you are going to use the ActiveMail feature, I recommend using the Lotus Notes version 8.0.0 (Basic version, Eclipse is not supported). However, Lotus Notes version 7.0.3 and 7.0.4 can also be used if you don’t have the 8.0.0.

The installation of Lotus Notes should be done in single-user mode.

.NET Framework 4

Make sure to install the .NET Framework 4 since this is a prerequisite for CMN. I would also recommend upgrading it with the latest service pack level.

Internet Information Services (IIS)

Install IIS together with the ASP.NET 4.0 feature and use a certificate with a matching “CN” name for the Quest Autodiscover Host Name value.

This certificate is used when clients sends its requests between the systems.

Antivirus

There are NO known folders that should be excluded from the Antivirus file-level scanning

Regional Settings

For being able to install the software, be aware that regional settings and language settings need to be configured to “English”.

Windows Firewall

It’s recommended to turn OFF the Windows Firewall for all CMN servers. If that’s not possible, make sure to open all the needed ports. The port list can be found below.

User Account Control (UAC)

It’s recommended to disable UAC on all CMN servers.

This is done in the Control Panel under User Accounts, Change User Account Control settings.

Make sure to set it to “Never notify” and restart the sever before installing the software.

Data Execution Prevention (DEP)

It’s recommended to disable DEP, so make sure to do that.

If you’re using Windows 2008 R2 like I do, then you disable DEP by running:

"bcdedit /set nx AlwaysOff"

Also, make sure to restart the server when this is done to allow it to take effect.

Network Ports
Port In/Out Type Source Target Description
25 In SMTP Domino/Exchange CMN Server(s) Incoming SMTP
25 Out SMTP CMN (SMTPl) Domino/Exchange Outgoing SMTP
389 Out LDAP CMN (Dirsync) Active Directory DCDomino LDAP Server LDAP
3268 Out LDAP GC CMN (Dirsync) Active Directory DC LDAP GC
636 Out LDAPS CMN (Dirsync) Active Directory DC LDAPS LDAPS
3269 Out LDAPS CMN (Dirsync) Active Directory DC LDAPS LDAPS GC
80 Out HTTP CMN (Freebusy) Exchange CAS servers HTTP
443 Out HTTPS CMN (Freebusy) Exchange CAS servers HTTPS
80 In HTTP Exchange CAS servers, Office 365 CMN (Freebusy) HTTP
443 In HTTPS Exchange CAS servers, Office 365 CMN (Freebusy) HTTPS
8900 Out Availability Service Domino Qcalcon server Exchange CAS servers Availability
8960 In Qcalcon Domino Qcalcon server CMN (Freebusy) Qcalcon
8961 In Qcalcon Domino Qcalcon server CMN (Freebusy) Qcalcon
1352 Out Domino CMN (Freebusy, Dirsync) All Domino servers Freebusy lookup
8962 Out PF Reader CMN (Freebusy) Exchange PF Exchange reader service
1433 In SQL CMN servers CMN SQL instance SQL
Notes from the field

Network Monitoring or Wireshark may sometimes be your best friend during troubleshooting network connectivity.

Portqry is another tool that could be of great value during initial network verification.

A good log reader, my favorite is the old tool that was included in the SMS 2003 resource kit called trace32.exe. It can be downloaded here.

Read the other parts

Part 1: Migrations – Overview
Part 2: Prerequisites for Domino/Notes migrations
Part 3: Migrating Domino/Notes to Exchange 2013 On-premise
Part 4: Migrating Domino/Notes to Office 365
Part 5: Migrating Resources Mailboxes, Mail-In databases and Groups
Part 7: Configuring Coexistence Manager for Notes with Exchange 2013 On-premise
Part 8: Configuring Coexistence Manager for Notes with Office 365
Part 9: Prerequisites for Migration Manager
Part 10: Migrating User Mailboxes from Exchange 2003 to Exchange 2013 using Migration Manager
Part 11: Migrating User Mailboxes from Exchange On-premise to Office 365

Bulk import PST files – [updated] v1.1

Bulk import PST files – [updated] v1.1

Just wrote a basic script for importing PST files into mailboxes, that I want to share with the community.

It is designed to check for PST files in the specified folder. Based on the filenames (of the PST files) it then verifies that a mailbox can be found. This is done by using the filename and adding the @ character and the domain value into a string value. If there is a match, it returns a value of $True and the script continues with running the New-MailboxImportRequest cmdlet.

The script is written just as basic as it can, it provides much information about values and what’s going on.
The most recent updated script can be downloaded here

I hope this will help you to import the PST files into the mailboxes

Ps. Sorry for the word-wrap, see the script file instead of copy the script code below

Changelog
v1.1
– Updated the $name variable due to issues with filenames got trimmed away. Also added so that if errors exists, they will be sent to a errorlog. Thanks to Chris Steding!

# +=======================================================================
# | Blog: http://www.testlabs.se/blog
# | Twitter: @jonand82
# | =============================================
# | Filename: Import-PST v1.1.ps1
# |
# | CREATED BY: Jonas Andersson
# | FUNCTION: Imports PST files into mailboxes, matching on emailaddresses
# |
# | CHANGE LOG: 
# | v1.0 - 2013-09-18, *Created*
# | v1.1 - 2013-09-22, *Update of $name variable*
# |
# |    Required permissions (RBAC) Role: “Mailbox Import Export”, example: New-Managementroleassignment –Role “Mailbox Import Export” –User “Administrator”
# +=======================================================================

# Load snapin
Add-PSSnapin Microsoft.Exchange.Management.PowerShell.E2010 -ErrorAction 'SilentlyContinue'

# Variables
$error.clear()
$errorlog = "C:\temp\errorlog.txt"
$pstpath = "C:\temp"
$domain = "testlabs.se"
$servername = "tlex01"
$files = Get-ChildItem -Path $pstpath -Filter *.pst

Write-Host $files

if (($files -ne $null) -or ($files -eq "")) {

    foreach ($i in $files) {

        $name = $i.BaseName
        $id = $name + "@" + $domain
        $filename = $i.FullName
        $filename = $filename.Replace(":","$")
        $uncfilepath = "\\" + $servername + "\" + $filename

        Write-Host "#################################################################"
        Write-Host "Filename:" $i -ForegroundColor 'Cyan'
        Write-Host "UNC path:" $uncfilepath -ForegroundColor 'DarkCyan'
        Write-Host "Emailaddress:" $id -ForegroundColor 'DarkGreen'

        $MailboxExists = [bool](Get-Mailbox -Identity $id -ErrorAction SilentlyContinue)

        if ($MailboxExists -eq $false)
        {
            Write-Host "Found mailbox:" $MailboxExists -ForegroundColor 'Red'
            Write-Host "Make sure to match filename to mailaddress, without @domain" -ForegroundColor 'Red'

        }

        if ($MailboxExists -eq $true)
        {
            Write-Host "Found mailbox:" $MailboxExists -ForegroundColor 'Green'
            Write-Host "Importing $uncfilepath into mailbox: $id" -ForegroundColor 'White'

            New-MailboxImportRequest -Mailbox $id -FilePath $uncfilepath

        }

        Write-Host ""
    }

}

else
{
    Write-Host "No PST files found"
}

if ($error -ne $null)
{
    $error | Out-File -FilePath $errorlog -Append
    Write-Host "See $errorlog for errors" -ForegroundColor 'Red'
}
Part 5: Migrating Resources Mailboxes, Mail-In databases and Groups

Part 5: Migrating Resources Mailboxes, Mail-In databases and Groups

Published: 2013-08-07
Updated: –
Version: 1.0

This post will focus on migrating Groups, Mail-In databases and Resources from Domino/Notes migration to Exchange On-premise or Office 365.

Before going into any details, if you are planning to do a migration from Domino and want to use Dell Software’s Notes Migrator for Exchange, it is important to mention that there is a requirement from the vendor to use certified people for the project.

This blog post is based on Notes Migration for Exchange version 4.7.0.82.

Read the other parts:
Part 1: Migrations – Overview
Part 2: Prerequisites for Domino/Notes migrations
Part 3: Migrating Domino/Notes to Exchange 2013 On-premise
Part 4: Migrating Domino/Notes to Office 365
Part 6: Prerequisites for Coexistence between Domino and Exchange 2013/Office 365
Part 7: Configuring Quest Coexistence Manager for Notes with Exchange 2013 On-premise
Part 8: Configuring Quest Coexistence Manager for Notes with Office 365
Part 9: Prerequisites for Quest Migration Manager
Part 10: Migrating User Mailboxes from Exchange 2003 to Exchange 2013 using Migration Manager
Part 11: Migrating User Mailboxes from Exchange On-premise to Office 365

Installation Notes Migrator for Exchange (NME)

The installation is a regular next/next/finish installation. During the first startup it will ask for a license file, so provide an appropriate license and the application will start.

The installation and configuration instructions can be found at:
http://www.testlabs.se/blog/?p=680

Creating batches/collections

Creating batches of Groups is done through “Group Collections – Manage” and the “New collection…” option.

image

Creating batches of mail-in databases and resources works the same way, following the steps below.
Users are migrated based in batches (or collections), these batches are created through “User Collections – Manage” and pressing “New collection…”.

image

Provide a collection name and label (label is not required). Labels can be very helpful when looking for a particular batch after creating many collections.

image

Designating users for each batch can be done either by finding them in the directory (i.e. NME database) or by importing from a TSV file. In this example, I select from the directory because I am only selecting one user. In other cases, the TSV import may be useful.

image

As demonstrated below, I search for a user with a Display Name that starts with Jonas. Type the desired characters in the value field, press “Add” button. You can add multiple criteria to the search filter if desired and press “Find now” when ready.

image

The results will be shown in the search result section. Select the desired user(s) and press “OK”. The user is then added into the batch.

image

For illustration, the picture below shows a collection of Groups.

image

Migration finalization / switch / routing

Updating routing for groups, mail-in databases and resources works almost the same as user routing.

Migrations are accomplished by switching the routing and migrating the contents.
NME will configure the objects with appropriate forwarding settings to ensure Domino can route email to Exchange for this specified forwarding domain.

See section Notes from the field for configuring Domino mail routing.

Before any changes are made, it’s good to have insight of how the objects look in Domino Administrator. See the pictures below. For more information about the objects, an LDAP browser can be used.
I recommend Softerra LDAP Browser 4.5.

Rooms

image

Room100 – Restricted room “specific people”, can only be booked by the listed people.

image

Room101 – “Owner only”, only owners are allowed to book the room, others requires owner approval.

image

Room102 – No restrictions

image

See the picture below for total summary of the Domino restriction settings (source: Dell Software: Pre-migration planning guide).

image

Room switching / routing / migration

From “User Collections – Migrate User Data”, select the migration batch by pressing the arrow and choosing the desired batch. When selected, press “Migrate…”

image

Select “Manage mail routing” and press “Next”.

image

Select “Exchange” and “Quest Coexistence Manager for Notes” with “Using ActiveMail processing”.
This will configure the associated Domino object with a forwarding address.

image

Calendar domain: Exchange” (this is used during Freebusy coexistence, discussed in coexistence post)
”Set server running qcalcon: dominoserver/dominodomain” (specify the server that have Qcalcon installed)
”Specify your Domino domain: dominodomain” (specify your Domino domain)

Check “Set mail forwarding address”
”Forwarding mail domain: exchange.testlabs.se” (Domino need to route mails to this SMTP domain)
Select ”Append Domino domain to forwarding address”
”Overwrite existing mail forwarding address: Always

Then press “Next”.

image

If Exchange mailboxes have forwarding/targetAddresses configured, these can be removed using this option as well. In my test case, I don’t have these configured, so I will let them be unchecked. Press “Next”.

image

When switching (routing) mailboxes, with sufficient hardware, I typically run this operation with at least 20 threads (simultaneous processes). However, in this scenario it is being performed on a couple of mailboxes, so I left it with 1 thread. Press “Next”.

image

A summary is shown, press “Next”.

image

The operation can be scheduled but, in my case, I want to run it now. Press “Next”.

image

The operation starts…

image

…and it was completed. Press “Exit”.

image

When the operation is complete, you can verify that the object in Domino directory has been updated.
Note that the Forwarding address (known as “mailaddress”) now is configured, the Mail system (known as “mailsystem”) is configured to Other Internet Mail (has a value of “5”) and Domain value has been deleted.

Migrating data

Since the mail routing is complete and new mail will route directly to the Exchange mailbox, it’s time to migrate the data.

One thing to keep in mind before starting the migration, is verifying the mailboxes were created with the correct mailbox type. In this scenario it should be created as “Room Mailbox”. This can be verified by running the PowerShell command:

Get-Mailbox room* | ft DisplayName,Resourcetype –Autosize

If they were listed as User Mailboxes for some reason, they could easily be changed to Room Mailboxes by running the PowerShell command:

Get-Mailbox room* | Set-Mailbox –Type Room

Similarly, for Mail-In databases to Shared Mailboxes, verify they are listed as shared mailboxes. If needed, change the type by running the PowerShell command:

Get-Mailbox mail-in-databases* | Set-Mailbox –Type Shared

Before the migration, one of the target mailboxes had 1 item and a total of 4 kb. All others had zero items, shown in the picture below. Using PowerShell command:

Get-Mailbox room* | Get-MailboxStatistics | ft displayname,itemcount,totalitemsize –Autosize

image

Go to “User Collections – Migrate User Data”, select the migration batch and press “Migrate…”

image

Select “Migrate mailbox data”, press “Next”.

image

In this scenario, I didn’t use the notification options. However, these can be helpful for letting users know that they are migrated and should start to use Outlook instead of Notes. Press “Next”.

image

Select the data types you wish to migrate. I decide not to migrate Trash and the Archive. Everything else will get migrated. Press “Next”.

image

Select the preferred conversion method for DocLinks. For this example, I used “Notes .NDL attachment (requires Notes client to use after migration)”. Press “Next”.

image

Select “Through Domino server(s)”, press “Next”.

image

Select “Server-based mailbox”, press “Next”.

image

In my scenario, I want to migrate everything, but the filtering options can be very useful in projects that might require migrating (or pre-migrating) a subset by date or size.

After selecting the appropriate settings, press “Next”.

image

When migrating mailbox data, I commonly run it with 8-12 threads (simultaneous processes).

You will need to determine the setting that is best in your environment. This is normally done before or during the pilot phase of the project to ensure the optimal configuration is ready for production migrations.

In this scenario, I am just migrating three resources so I leave it with 1 thread. Press “Next”.

image

A summary is shown, press “Next”.

image

I want to start the migration now. However, if that’s not the case, you have the opportunity to schedule it.

Press “Next”.

image

The operation starts…

image

…during the operation…

image

…operation completed. Press “Exit”.

image

For this example, the migration throughput rates are low because we migrated a couple of test mailboxes with a small sampling of data. As you scale your migrations to include additional mailboxes and threads, much higher throughput rates will be achieved. This was done in a lab environment using slow disks and small amount of memory.

When the migration is completed, I recommend comparing item counts and mailbox sizes, but you will need to account for data compression differences between Domino and Exchange.

I’ve seen differences between 20-35% depending on the circumstances. This means a Notes mail file of 1 GB may be 1,35 GB in Exchange. However, this is just a rule of thumb and needs to be estimated with actual data from each project since every customer is unique.

Verify the item count and mail data size by using the same PowerShell command:

Get-Mailbox room* | Get-MailboxStatistics | ft displayname,itemcount,totalitemsize –Autosize

The picture below shows that there are now a total of 5 items and 17 kb of data in the mailboxes.

image

Group migrations

We created one Group collection/batch at the beginning of this article.

For illustration the two Groups will be migrated into Active Directory (AD) / Exchange. The first group, called “Finance”, is a Multi-purpose group (could be compared with Security Group in AD) that could not only be used for mail but also controlling permissions.

image

image

The second group called “Marketing”, is Mail-only group, which could be compared to a Distribution Group/List in Exchange and is only used for distribution mails.

image

image

Let’s start the provisioning process within “Group Collections – Provision”. Select the desired group collection and press “Provision groups…”

image

Verify the Group Type for the collection and the path are correct. Also, verify the container for external contacts is correct. Check the option “Keep groups in sync with corresponding Notes groups”, this option will make sure that the group is updated with the correct members. Press Next.

image

image

A summary is shown, press Next.

image

I want to run the task Now, press Next.

image

The result is shown. Press Exit.

image

Groups were created successfully in the correct OU.

image

Verify the members are correct. Looks fine…

image

image

The owner/manager (ManagedBy) is also migrated over.

image

image

If groups are updated in Domino on a regular basis and they need to be maintained in AD/Exchange, a scheduled job could be created to automate this process. Information about how to create a scheduled job can found in the Administration Guide of NME included with the software.

Permissions / Delegation / Restrictions during migrations

The following quote from the User Guide regarding migration of delegated users outlines

the prerequisites quite well for getting the delegates over to Exchange.

The permissions on normal Domino mailboxes are migrated IF the prerequisites above are fulfilled.

I would like to recommend investigating both the Resources and the Mail-In databases regarding restrictions, who has permissions to book and who is the owner before starting the migration. This can either be done in Domino or using an analyzer tool, like MessageStats.

Changes regarding migration of delegates have been made in the last version of NME (version 4.7.0.82). These optional variables has been added and could be used, more information can be found in the release notes for NME.

[Exchange]

MigrateResourceDelegation=<#>

GrantResourceOwnerFullAccess=<#>

MigrateMailInDBOwner=<#>

Notes from the field

Dell Software – MessageStats – The tool can be of great value for analyzing and investigating environments before starting migrations. More information is available here: http://www.quest.com/messagestats/

Domino SMTP routing – This can be difficult to understand if you haven’t been working with Domino or been involved in any migration projects before. I posted an article about coexistence that goes through the configuration steps: http://www.testlabs.se/blog/?p=1042

Proxy server – One thing that can be a potential issue during migrations is proxy servers. I recommend avoiding them as much as possible. If you can avoid them you will most likely save yourself some issues that might occur if a proxy server is used. These tend to block or throttle traffic, the impact can be either that the migration throughput will be very low or that it will prohibit the traffic from reaching its destination.

Creating batches/collections – If you are involved in larger migration projects, you likely won’t want to find each user manually. As an alternative, you can search by a Domino Directory value that is unique to each migration batch.

Another method for adding users to the batch is using TSV files. If you choose this approach, Excel will become your best friend.

Pre-stage/Delta migration consideration – In cases where it’s possible, I recommend starting the migration right away after the pilot has been approved. This means that the mailbox data can be migrated over/synchronized before the actual migration must take place. By pre-staging data, the mailbox switch/routing can be done fast and finally the mailbox delta data (differences) can be migrated. This can minimize the “migration time”. By this, I mean the time that the end-users are impacted in some way or another.

One thing to keep in mind if using this method is that as soon as a mailbox is created in Exchange, the Free/Busy requests from other Exchange users sent to this newly created user won’t be sent back to Domino (where the most current data remains and action should take place).

I have requested a feature from Microsoft that would make the “forwarding” of Free/Busy requests possible, but haven’t heard anything back from them yet. It would be great if that could be solved, probably easily by using targetAddress attribute together with a new attribute, for ex. forwardfbreq set to either 0 (default) or 1.

Don’t hesitate to comment if you would like to add anything or if you have other experiences, I will add it into the post and link your blog.

Next post will be published after the holidays, in the meanwhile enjoy the vacations stay tuned after summer for new publications, we I start of with Coexistence Manager for Notes.

Part 2: Prerequisites for Domino/Notes migrations

Part 2: Prerequisites for Domino/Notes migrations

Published: 2013-06-06
Updated: –
Version: 1.0

This post will focus on having the technical prerequisites ready and in place for a successful Domino/Notes migration.

Before going into any details, if you are planning to do a migration from Domino and want to use Dell Software’s Notes Migrator for Exchange, it is important to mention that there is a requirement from the vendor to use certified people for the project.

If you would like to read the other parts, see the end section of post

Migration Accounts

I recommend using three accounts, one with Domino permissions, one with Active Directory (AD) permissions and one with Exchange permissions.

Domino

The Domino account should be Manager for all .NSF files (database files), Editor on the NAB (names.nsf) and Reader on all users archive files.
Username example: Quest Migrator/DominoDomain

This is done by following the steps below:

Create a new migration account in People & Groups, select the directory and People.
On the right hand side, press People – Register. Fill in a proper name, I typically create an account called Quest Migrator as shown in the example below. Finally, press Register.

image

To configure the permissions on the NAB (directory), go to Files and select the directory (names.nsf), right click, choose Access Control and Manage. Add the account by browsing for it, give it the User type: Person and the Access: Editor. (see picture below)

image

The final step is granting the Quest Migrator/dominodomain account Manager permissions on all NSF files that will be migrated. Go to Files and select the folder where the NSF files are located. Right click and choose Access Control and Manage. Add the account by browsing for it, give it the User type: Person and the Access: Manager. (see picture below)

image

Active Directory

For the AD account, it’s recommended to be a member of “Domain Admins”. However, this is not a requirement, because delegated permissions can be used. The important aspect is that the AD account have “Full Control” over the OUs where user objects are located. The AD account also needs to be a member of “View-Only Organization Management”. If using the provision feature within Notes Migrator for Exchange (NME), the AD account needs to have “Full Control” over the OU where the contact objects are located as well.

This account also needs to have Remote PowerShell enabled, use the command:

“Set-User ”SA-NME” –RemotePowerShellEnabled $True”

Username example: Domain\SA-NME

Migration User

This user is not used for logging on interactively. The important aspect with this user is that it has the correct permissions on the Mailbox Databases. Configure the databases so that the account has Receive-As permissions, this can be done by using the command below:

”Get-Mailboxdatabase | Add-Adpermission -user “SA-MIG” -extendedrights Receive-As”

Username example: Domain\SA-MIG

Office 365 account

Most permissions are done automatically by NME but you must manually set account impersonation. This is done by using the command below:

New-ManagementRoleAssignment -Role "ApplicationImpersonation" –User SA-MIG

More information about the migration performance and throttling can be found by reading the provided link in the end of this post.

Throttling Policies and Windows Remote Management

Another thing to keep in mind is the configuration of the Throttling Policies and the Windows Remote Management.

If you are migrating to Exchange 2010, make sure to configure the Throttling Policy according to the configuration below.

“New-ThrottlingPolicy Migration”
“Set-throttlingpolicy Migration -RCAMaxConcurrency $null -RCAPercentTimeInAD $null `
-RCAPercentTimeInCAS $null -RCAPercentTimeInMailboxRPC $null”
“Set-Mailbox “SA-MIG” -ThrottlingPolicy Migration”

Also make sure to configure the Windows Remote Management with the following settings.

“winrm set winrm/config/winrs '@{MaxShellsPerUser="150"}'”
“winrm set winrm/config/winrs '@{MaxConcurrentUsers="100"}'”
“winrm set winrm/config/winrs '@{MaxProcessesPerShell="150"}'”
“winrm set winrm/config/winrs '@{AllowRemoteShellAccess="true"}'”
“set-executionpolicy unrestricted”

If you are migrating to Exchange 2013, the throttling policies have been changed. Create a new throttling policy and assign it to the migration mailbox “SA-MIG”.

“New-ThrottlingPolicy Migration -RCAMaxConcurrency Unlimited -EWSMaxConcurrency Unlimited”
”Set-Mailbox “SA-MIG” -ThrottlingPolicy Migration”
SQL Server

Notes Migrator for Exchange leverages SQL for saving user information (and much more).

The Native Client needs to be installed together with SQL Server 2005 or SQL Express 2005, or newer.

I do prefer running at least SQL 2008 R2 and I would recommend using the SQL Server instead of the Express version, since you have more flexibility of creating maintenance jobs for example.

A little heads up if you are about to run a large migration, make sure to take full backups of the NME40DB so that you have a copy of it, if anything happens and also for having the logs truncated.

In smaller migration projects the SQL Express version works fine, I would still recommend taking full backup of the database or dumping it to a .bak file and then backup the .bak file.

Configure the account “Domain\SA-NME” as DBCreator, for allowing it to create the NME40DB during the setup of Notes Migrator for Exchange.

Lotus Notes client

I would recommend you to use the latest Lotus Notes client. In my last projects I’ve been using version 8.5.3 Basic or Normal client.

An important thing to never forget is to install Lotus Notes in single user mode.

.NET Framework 4

Make sure to install the .NET Framework 4 since this is a prerequisite for NME. I would recommend upgrading it to the latest service pack level.

Antivirus

If Antivirus is installed, make sure all Quest folders and %temp% are excluded from any Antivirus scans. If not it may result in slower performance and potential disruption of migrated content.

Most likely, there will be a mail gateway of some kind in the environment which takes care of the antispam. In those situations, antivirus and antispam are already addressed in the Domino environment.

On the target side, Exchange probably has antivirus and antispam solution installed as a second layer protection to the Transport services.

As a result, I have not encountered any problems when  excluding a couple of folders for the migration from scanning process.

Outlook

Outlook 2007, 2010 and 2013 are all supported. I’ve been using Outlook 2010 in all my projects and it have been working very well.

Configure Outlook with the “SA-MIG” account, since this is the account that will insert migrated content into the Exchange mailboxes using the Receive-As permission.

I’ve been learned to create and configure a Outlook profile using the SA-MIG account. Make sure to configure it for not using the cached-mode.

However, in theory, a profile should not need to be created in advance, because NME creates temporary profiles during the migration. However, this step shouldn’t hurt anything either.

User Account Control (UAC)

It’s recommended to disable UAC on all migration servers.

This is done in the Control Panel under User Accounts, Change User Account Control settings.

Make sure to set it to “Never notify” and then restart the sever.

Data Execution Prevention (DEP)

It’s highly recommended to disable DEP, so make sure to do that.

If you’re using Windows 2008 R2 like I do, then you disable DEP by running:

"bcdedit /set nx AlwaysOff"

Also, make sure to restart the server when this is done to allow it to take effect.

Local administrator

If you choose to delegate the permissions instead of using the Domain Admin group for the SA-NME account, then it is required to add the SA-NME account into the local administrators group.

Regional Settings

During the migration, the folder names (Inbox, Inkorgen etc.) are created based on the regional settings on the migration console.

So, for example, if you are migrating a UK/English mailbox, make sure to configure the regional settings to match this and for example, if migrating a Swedish mailbox, set it to match the Swedish locale settings.

With this said, I would recommend migrating users using the same language at the same time. And then change the regional settings on the migration console and continue with another region.

Office 365 Prerequisites

Migrating to Office 365 is like a normal migration, besides the target is a cloud service which can be a bit special.

There are two requirements that needs to be fulfilled on the migration servers before starting the migration to Office 365. Install the following (select the one that suits your operation system):

MSOL Sign-in Assistant:

32 bit

64 bit

MSOL Module for Windows PowerShell:

32 bit

64 bit
The Admin Account Pooling Utility (AAPU) is used for getting better throughput performance. The AAPU tool provides a workaround by using different migration accounts for each migration thread, instead of having one migration account with a throttling limit, you could have ten migration accounts which would give 10 migration threads in total. You can have up to 10000 migration accounts (NME 4.7.0.82).

If you are going to use the AAPU, you should add the parameter below into the NME Global Defaults or Task Parameters.

[Exchange]

O365UsageLocation=<xx>

http://www.iso.org/iso/country_codes/iso_3166_code_lists/country_names_and_code_elements.htm

For NME 4.7.0.82 the following text is stated in the release notes (always read them!):

Office 365 Wave 15 Throttling: NME has been updated to better address the PowerShell Runspace throttling introduced in O365 Wave 15. In order to efficiently proceed with migrations to Wave 15, the tenant admin must submit a request through Microsoft to ease the PowerShell throttling restrictions. The tenant admin must open a service request with Microsoft and reference “Bemis Article: 2835021.” The Microsoft Product Group will need this information:

  • tenant domain (tenant.onmicrosoft.com)
  • version of Exchange (in this case, for Wave 15)
  • number of mailboxes to be migrated
  • number of concurrent admin accounts to be used for the migration
  • number of concurrent threads to be used
  • number of Runspaces to be created per minute*
  • proposed limit (powershellMaxTenantRunspaces, powershellMaxConcurrency, etc.), and the number to which to increase the limit*

* For the last two items in this list, the tenant admin should take the total number of threads across all migration machines and add a buffer, because it is difficult to predict the timing of the Runspace initiation. It is best to assume that all potential Runspaces could be created within a minute, so the values for both items should probably both be submitted as the total number.

More information about migration performance and throttling can be found by reading the provided link at the end of this post.

Network Ports
Port In/Out Type Source Target Description
1352 Out Domino Quest NME servers All Domino mail serversDomino Qcalcon server Domino/Notes client (migration)
445 Out NetBIOS/SMB Quest NME servers All Domino mail serversDomino Qcalcon serverQuest NME master server Microsoft-DS/NetBIOS traffic for Migration. For reaching SMB shares. Note: Not required, but recommended.
389 Out LDAP Quest NME servers Active Directory DC server(s) LDAP
3268 Out LDAP GC Quest NME servers Active Directory DC server(s) LDAP Global Catalog
1025-65535 Out High-ports Quest NME servers Active Directory DC server(s)Exchange server(s) High-ports(differs depending on version)
1433 Out Microsoft SQL Quest NME servers Quest NME master server For reaching SQL DB
443 Out HTTPS Quest NME servers Office 365 Transferring migration content
Notes from the field

Network Monitoring or Wireshark may sometimes be your best friend during troubleshooting network connectivity.

Portqry is another tool that could be of great value during initial network verification.

Read through the release notes and the User Guide (PDF), it is included within the NME zip file. All information is collected into that document.

Office 365 Migration Performance and throttling information

Read the other parts

Part 1: Migrations – Overview
Part 3: Migrating Domino/Notes to Exchange 2013 On-premise
Part 4: Migrating Domino/Notes to Office 365
Part 5: Migrating Resources Mailboxes, Mail-In databases and Groups
Part 6: Prerequisites for Coexistence between Domino and Exchange 2013/Office 365
Part 7: Configuring Coexistence Manager for Notes with Exchange 2013 On-premise
Part 8: Configuring Coexistence Manager for Notes with Office 365
Part 9: Prerequisites for Quest Migration Manager
Part 10: Migrating User Mailboxes from Exchange 2003 to Exchange 2013 using Migration Manager
Part 11: Migrating User Mailboxes from Exchange On-premise to Office 365

Feel free to comment the post, I hope you liked the information. If you find something that might be incorrect/other experiences, leave a comment so it can be updated.

Content Indexing failed using Exchange 2013 RTM

Content Indexing failed using Exchange 2013 RTM

I just found a bug in my lab environment and wanted to share the information with you.
My lab environment is a small environment that consists of one domain controller (Windows 2008 R2) and two Exchange 2013 RTM servers (based on Windows 2012 Server), these holds both the Mailbox and the CAS role.

I found this issue when I was about to do a failover of one of the mailbox databases.
It couldn’t be done (without using any additional parameters) because the content indexing was in failed state.

When I did run: Get-MailboxDatabaseCopyStatus –Server tlex01 it did show me that the index was in failed state.

image

I tried to update it using the Update-MailboxDatabaseCopy –CatalogOnly cmdlet, but after a while it was still in failed state. Some posts on the forums stated to remove the indexing files, which is the standard procedure when having these kind of issues. However, it was done as a step 2 but it didn’t solve the issue for me.

Finally I came over some information that a group should be created called “ContentSubmitters”, I did create this group in the Microsoft Exchange Security Groups OU as a Universal – Security Group.
I also granted “Builtin\Administrators” and “NetworkServiceFull Control to this group.

After this was done I stopped the Microsoft Exchange Search and Microsoft Exchange Search Host Controller service and removed the content indexing files. Then started up the services again, after a while the index was rebuilt and was in a healthy state.

I have tried to find information if this issue is solved by using CU1, but I haven’t found any information yet.

Regards,
Jonas

Exchange 2013 script – automatic installation of prerequisites

Exchange 2013 script – automatic installation of prerequisites

I’ve updated a script that was intended for installing prerequisites for Exchange 2010 that were released by a couple of peoples (Anderson Patricio, Pat Richard and Bhargav Shukla). This script have now been updated and applies to Exchange 2013.

It will help you with installing all prerequisites (features) plus the FilterPack(s) and the Unified Communications Managed API. It also provides the option to disable the UAC (User Access Control) and the Windows Firewall.

You can download the script here
Feel free to use it as much as you want, I just want to mention I do not provide support for it and there are no warranty.

The script/code can be viewed below:

#############################################################################
 # Install-Exchange2013PreReqs.ps1
 # Configures the necessary prerequisites to install Exchange 2013 on a
 # Windows Server 2008 R2 server or Windows Server 2012 server
 #
 # Updated by: Jonas Andersson
 # Original written by: Pat Richard, Anderson Patricio and Bhargav Shukla
 #
 # Some info taken from
 # http://www.ucblogs.net/blogs/exchange/archive/2009/12/12/Automated-prerequisite-installation-via-PowerShell-for-Exchange-Server-2010-on-Windows-Server-2008-R2.aspx">http://www.ucblogs.net/blogs/exchange/archive/2009/12/12/Automated-prerequisite-installation-via-PowerShell-for-Exchange-Server-2010-on-Windows-Server-2008-R2.aspx
 # http://msmvps.com/blogs/andersonpatricio/archive/2009/11/13/installing-exchange-server-2010-pre-requisites-on-windows-server-2008-r2.aspx">http://msmvps.com/blogs/andersonpatricio/archive/2009/11/13/installing-exchange-server-2010-pre-requisites-on-windows-server-2008-r2.aspx
 # http://www.bhargavs.com/index.php/powershell/2009/11/script-to-install-exchange-2010-pre-requisites-for-windows-server-2008-r2/">http://www.bhargavs.com/index.php/powershell/2009/11/script-to-install-exchange-2010-pre-requisites-for-windows-server-2008-r2/
 #############################################################################

# Detect correct OS here and exit if no match
 if (-not((Get-WMIObject win32_OperatingSystem).OSArchitecture -eq '64-bit') -and (((Get-WMIObject win32_OperatingSystem).Version -eq "6.1.7601") -or (Get-WMIObject win32_OperatingSystem).Version -eq "6.2.9200")){
 Write-Host "This script requires a 64bit version of Windows Server 2008 R2 or Windows Server 2012, which this is not." -ForegroundColor Red -BackgroundColor Black
 Exit
 }

Function Disable-UAC(){

$path = "HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\System"
 $a = Get-ItemProperty $path -Name EnableLUA

if ($a | Select-String "0")
 {
 Write-Host "UAC is already disabled" -ForegroundColor Green
 return
 }

if ($a | Select-String "1")
 {
 Write-Host "Enabled" -ForegroundColor Red
 Set-ItemProperty "HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\System" -Name "EnableLUA" -Value 0
 Write-host "Registry key HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA has been changed." -ForegroundColor yellow
 Write-Host "UAC is now disabled" -ForegroundColor Green
 }

}

Function Disable-FW(){

$status = netsh advfirewall show allprofiles state

if ($status | Select-String "ON")
 {
 $enabled = $true
 }
 else
 {
 $enabled = $false
 }

if ($enabled -eq $true) {

netsh advfirewall set allprofiles state off
 Write-Host "Firewall is now disabled" -ForegroundColor yellow
 return
 }

if ($enabled -eq $false) {
 Write-Host "Firewall is already disabled" -ForegroundColor Green
 }

}

Function InstallFilterPack(){

if (Get-ItemProperty "HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall\{95140000-2000-0409-1000-0000000FF1CE}" -ErrorAction SilentlyContinue) {

Write-host "FilterPack is already installed." -ForegroundColor yellow
 return
 }

else
 {

trap {
 Write-Host "Problem downloading FilterPackx64.exe. Please visit: <a href="http://www.microsoft.com/en-us/download/details.aspx?id=26604">http://www.microsoft.com/en-us/download/details.aspx?id=26604</a> and <a href="http://www.microsoft.com/en-us/download/details.aspx?id=17062&quot;">http://www.microsoft.com/en-us/download/details.aspx?id=17062"</a>

break
 }

#set a var for the folder you are looking for
 $folderPath = 'C:\Temp'

#Check if folder exists, if not, create it
 if (Test-Path $folderpath){
 Write-Host "The folder $folderPath exists."
 } else{
 Write-Host "The folder $folderPath does not exist, creating..." -NoNewline
 New-Item $folderpath -type directory | Out-Null
 Write-Host "done!" -ForegroundColor Green
 }

# Check if file exists, if not, download it
 $file1 = $folderPath+"\FilterPack64bit.exe"
 $file2 = $folderPath+"\filterpack2010sp1-kb2460041-x64-fullfile-en-us.exe"

if (Test-Path $file1){
 write-host "The file $file1 exists."
 } else {
 #Download Microsoft Filter Pack
 Write-Host "Downloading Microsoft Filter Pack..." -nonewline
 $clnt = New-Object System.Net.WebClient
 $url = "<a href="http://download.microsoft.com/download/0/A/2/0A28BBFA-CBFA-4C03-A739-30CCA5E21659/FilterPack64bit.exe&quot;">http://download.microsoft.com/download/0/A/2/0A28BBFA-CBFA-4C03-A739-30CCA5E21659/FilterPack64bit.exe"</a>
 $clnt.DownloadFile($url,$file1)
 Write-Host "done!" -ForegroundColor Green
 }

if (Test-Path $file2){
 write-host "The file $file2 exists."
 } else {
 #Download Microsoft Filter Pack SP1
 Write-Host "Downloading Microsoft Filter Pack SP1..." -nonewline
 $clnt = New-Object System.Net.WebClient
 $url = "<a href="http://download.microsoft.com/download/A/A/3/AA345161-18B8-45AE-8DC8-DA6387264CB9/filterpack2010sp1-kb2460041-x64-fullfile-en-us.exe&quot;">http://download.microsoft.com/download/A/A/3/AA345161-18B8-45AE-8DC8-DA6387264CB9/filterpack2010sp1-kb2460041-x64-fullfile-en-us.exe"</a>
 $clnt.DownloadFile($url,$file2)
 Write-Host "done!" -ForegroundColor Green
 }

#Install Microsoft Filter Packs
 Write-Host "Installing Microsoft Filter Packs..."

$args = "/quiet /norestart"
 $setup1 = (Start-Process $file1 -ArgumentList $args -Wait -PassThru).ExitCode
 if ($setup1 -eq 0) { write-host "Successfully installed $file1" -ForegroundColor Green }
 if ($setup1 -ne 0) { write-host "Failed!" -ForegroundColor Red }

$setup2 = (Start-Process $file2 -ArgumentList $args -Wait -PassThru).ExitCode
 if ($setup2 -eq 0) { write-host "Successfully installed $file2" -ForegroundColor Green }
 if ($setup2 -ne 0) { write-host "Failed!" -ForegroundColor Red }

}
 }

Function InstallUMAPI(){

#Change reg key below!
 if (Get-ItemProperty "HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall\UCMA4" -ErrorAction SilentlyContinue) {

Write-host "Unified Communications Managed API 4.0 Runtime is already installed." -ForegroundColor yellow
 return
 }

else
 {

trap {
 Write-Host "Problem downloading UM API. Please visit: <a href="http://www.microsoft.com/en-us/download/details.aspx?id=34992&quot;">http://www.microsoft.com/en-us/download/details.aspx?id=34992"</a>

break
 }
 #set a var for the folder you are looking for
 $folderPath = 'C:\Temp'

#Check if folder exists, if not, create it
 if (Test-Path $folderpath){
 Write-Host "The folder $folderPath exists."
 } else{
 Write-Host "The folder $folderPath does not exist, creating..." -NoNewline
 New-Item $folderpath -type directory | Out-Null
 Write-Host "done!" -ForegroundColor Green
 }

# Check if file exists, if not, download it
 $file = $folderPath+"\UcmaRuntimeSetup.exe"
 if (Test-Path $file){
 write-host "The file $file exists."
 } else {

#Download Microsoft UM API
 Write-Host "Downloading Microsoft UM API..." -nonewline
 $clnt = New-Object System.Net.WebClient
 $url = "<a href="http://download.microsoft.com/download/2/C/4/2C47A5C1-A1F3-4843-B9FE-84C0032C61EC/UcmaRuntimeSetup.exe&quot;">http://download.microsoft.com/download/2/C/4/2C47A5C1-A1F3-4843-B9FE-84C0032C61EC/UcmaRuntimeSetup.exe"</a>
 $clnt.DownloadFile($url,$file)
 Write-Host "done!" -ForegroundColor Green
 }

#Check/Install Media Foundation feature
 $mf = Get-WindowsFeature "Server-Media-Foundation" | select *

Start-Sleep 2

if ($mf.Installed -eq $False)
 {
 Write-Host "Installing Media Foundation feature..."    -ForegroundColor Green
 Add-Windowsfeature Server-Media-Foundation

Write-Host ""
 Write-Host "Installing of Media Foundation feature completed." -ForegroundColor Green
 Write-Host ""
 Write-Host "Restart the server and restart the task" -ForegroundColor Red
 Write-Host "or else the UM API won't be installed" -ForegroundColor Red
 Write-Host ""

return

}

if ($mf.Installed -eq $True)
 {
 #Install Microsoft UM API
 Write-Host "Installing Microsoft UM API..." -ForegroundColor Green

$args = "/quiet /norestart"
 $setup = (Start-Process $file -ArgumentList $args -Wait -PassThru).ExitCode
 if ($setup -eq 0) { write-host "Successfully installed $file" -ForegroundColor Green }
 if ($setup -ne 0) { write-host "Failed!" -ForegroundColor Red }

}
 }

}

Import-Module ServerManager
 $opt = "None"
 # Do {
 clear
 if ($opt -ne "None") {write-host "Last command: "$opt -foregroundcolor Yellow}
 write-host
 write-host Exchange Server 2013 - Prerequisites script
 write-host Please, select which role you are going to install..
 write-host
 write-host '1) Client Access Server'
 write-host '2) Mailbox'
 write-host '3) Typical (CAS/Mailbox)'
 write-host
 write-host '10) Install Microsoft Filter Pack 2.0'
 write-host '    Required if installing Mailbox Server roles' -foregroundcolor yellow
 write-host '    Automatically set for options 2 and 3' -foregroundcolor yellow
 write-host '11) Install Microsoft UM API'
 write-host '    Required if installing Mailbox Server roles' -foregroundcolor yellow
 Write-Host '12) Disable UAC'
 Write-Host '13) Disable Firewall'
 write-host
 write-host '15) Restart the Server'
 write-host '16) End'
 write-host
 $opt = Read-Host "Select an option.. [1-14]? "

switch ($opt)    {
 1 {

# Windows Server 2008 R2 SP1
 if ((Get-WMIObject win32_OperatingSystem).Version -eq "6.1.7601") {

Import-Module ServerManager
 Add-WindowsFeature "Desktop-Experience", "NET-Framework", "NET-HTTP-Activation", "RPC-over-HTTP-proxy", "RSAT-Clustering", "RSAT-Web-Server", "WAS-Process-Model", "Web-Asp-Net", "Web-Basic-Auth", "Web-Client-Auth", "Web-Digest-Auth", "Web-Dir-Browsing", "Web-Dyn-Compression", "Web-Http-Errors", "Web-Http-Logging", "Web-Http-Redirect", "Web-Http-Tracing", "Web-ISAPI-Ext", "Web-ISAPI-Filter", "Web-Lgcy-Mgmt-Console", "Web-Metabase", "Web-Mgmt-Console", "Web-Mgmt-Service", "Web-Net-Ext", "Web-Request-Monitor", "Web-Server", "Web-Stat-Compression", "Web-Static-Content", "Web-Windows-Auth", "Web-WMI" -restart

}

# Windows Server 2012
 if ((Get-WMIObject win32_OperatingSystem).Version -eq "6.2.9200") {

Install-WindowsFeature "AS-HTTP-Activation", "Desktop-Experience", "NET-Framework-45-Features", "RPC-over-HTTP-proxy", "RSAT-Clustering", "RSAT-Clustering-CmdInterface", "RSAT-Clustering-Mgmt", "RSAT-Clustering-PowerShell", "Web-Mgmt-Console", "WAS-Process-Model", "Web-Asp-Net45", "Web-Basic-Auth", "Web-Client-Auth", "Web-Digest-Auth", "Web-Dir-Browsing", "Web-Dyn-Compression", "Web-Http-Errors", "Web-Http-Logging", "Web-Http-Redirect", "Web-Http-Tracing", "Web-ISAPI-Ext", "Web-ISAPI-Filter", "Web-Lgcy-Mgmt-Console", "Web-Metabase", "Web-Mgmt-Console", "Web-Mgmt-Service", "Web-Net-Ext45", "Web-Request-Monitor", "Web-Server", "Web-Stat-Compression", "Web-Static-Content", "Web-Windows-Auth", "Web-WMI", "Windows-Identity-Foundation" -restart

}

}

2 {

# Windows Server 2008 R2 SP1
 if ((Get-WMIObject win32_OperatingSystem).Version -eq "6.1.7601") {

Import-Module ServerManager
 InstallFilterPack
 Add-WindowsFeature "Desktop-Experience", "NET-Framework", "NET-HTTP-Activation", "RPC-over-HTTP-proxy", "RSAT-Clustering", "RSAT-Web-Server", "WAS-Process-Model", "Web-Asp-Net", "Web-Basic-Auth", "Web-Client-Auth", "Web-Digest-Auth", "Web-Dir-Browsing", "Web-Dyn-Compression", "Web-Http-Errors", "Web-Http-Logging", "Web-Http-Redirect", "Web-Http-Tracing", "Web-ISAPI-Ext", "Web-ISAPI-Filter", "Web-Lgcy-Mgmt-Console", "Web-Metabase", "Web-Mgmt-Console", "Web-Mgmt-Service", "Web-Net-Ext", "Web-Request-Monitor", "Web-Server", "Web-Stat-Compression", "Web-Static-Content", "Web-Windows-Auth", "Web-WMI" -restart

}

# Windows Server 2012
 if ((Get-WMIObject win32_OperatingSystem).Version -eq "6.2.9200") {

InstallFilterPack
 Install-WindowsFeature "AS-HTTP-Activation", "Desktop-Experience", "NET-Framework-45-Features", "RPC-over-HTTP-proxy", "RSAT-Clustering", "RSAT-Clustering-CmdInterface", "RSAT-Clustering-Mgmt", "RSAT-Clustering-PowerShell", "Web-Mgmt-Console", "WAS-Process-Model", "Web-Asp-Net45", "Web-Basic-Auth", "Web-Client-Auth", "Web-Digest-Auth", "Web-Dir-Browsing", "Web-Dyn-Compression", "Web-Http-Errors", "Web-Http-Logging", "Web-Http-Redirect", "Web-Http-Tracing", "Web-ISAPI-Ext", "Web-ISAPI-Filter", "Web-Lgcy-Mgmt-Console", "Web-Metabase", "Web-Mgmt-Console", "Web-Mgmt-Service", "Web-Net-Ext45", "Web-Request-Monitor", "Web-Server", "Web-Stat-Compression", "Web-Static-Content", "Web-Windows-Auth", "Web-WMI", "Windows-Identity-Foundation" -restart

}

}

3 {

if ((Get-WMIObject win32_OperatingSystem).Version -eq "6.1.7601") {

Import-Module ServerManager
 InstallFilterPack
 Add-WindowsFeature "Desktop-Experience", "NET-Framework", "NET-HTTP-Activation", "RPC-over-HTTP-proxy", "RSAT-Clustering", "RSAT-Web-Server", "WAS-Process-Model", "Web-Asp-Net", "Web-Basic-Auth", "Web-Client-Auth", "Web-Digest-Auth", "Web-Dir-Browsing", "Web-Dyn-Compression", "Web-Http-Errors", "Web-Http-Logging", "Web-Http-Redirect", "Web-Http-Tracing", "Web-ISAPI-Ext", "Web-ISAPI-Filter", "Web-Lgcy-Mgmt-Console", "Web-Metabase", "Web-Mgmt-Console", "Web-Mgmt-Service", "Web-Net-Ext", "Web-Request-Monitor", "Web-Server", "Web-Stat-Compression", "Web-Static-Content", "Web-Windows-Auth", "Web-WMI" -restart

}

# Windows Server 2012
 if ((Get-WMIObject win32_OperatingSystem).Version -eq "6.2.9200") {

InstallFilterPack
 Install-WindowsFeature "AS-HTTP-Activation", "Desktop-Experience", "NET-Framework-45-Features", "RPC-over-HTTP-proxy", "RSAT-Clustering", "RSAT-Clustering-CmdInterface", "RSAT-Clustering-Mgmt", "RSAT-Clustering-PowerShell", "Web-Mgmt-Console", "WAS-Process-Model", "Web-Asp-Net45", "Web-Basic-Auth", "Web-Client-Auth", "Web-Digest-Auth", "Web-Dir-Browsing", "Web-Dyn-Compression", "Web-Http-Errors", "Web-Http-Logging", "Web-Http-Redirect", "Web-Http-Tracing", "Web-ISAPI-Ext", "Web-ISAPI-Filter", "Web-Lgcy-Mgmt-Console", "Web-Metabase", "Web-Mgmt-Console", "Web-Mgmt-Service", "Web-Net-Ext45", "Web-Request-Monitor", "Web-Server", "Web-Stat-Compression", "Web-Static-Content", "Web-Windows-Auth", "Web-WMI", "Windows-Identity-Foundation" -restart

}

}
 10 {
 # future - auto detect Internet access
 write-host 'Can this server access the Internet?'
 $filtpack = read-host 'Please type (Y)es or (N)o...'
 switch ($filtpack)                {
 Y { InstallFilterPack }
 N {Write-warning 'Please download and install Microsoft Filter Pack from here: <a href="http://www.microsoft.com/en-us/download/details.aspx?id=26604">http://www.microsoft.com/en-us/download/details.aspx?id=26604</a> and <a href="http://www.microsoft.com/en-us/download/details.aspx?id=17062'}">http://www.microsoft.com/en-us/download/details.aspx?id=17062'}</a>
 }
 }
 11 {
 # future - auto detect Internet access
 write-host 'Can this server access the Internet?'
 $umapi = read-host 'Please type (Y)es or (N)o...'
 switch ($umapi)                {
 Y { InstallUMAPI }
 N {Write-warning 'Please download and install Microsoft UM API from here: <a href="http://www.microsoft.com/en-us/download/details.aspx?id=34992'}">http://www.microsoft.com/en-us/download/details.aspx?id=34992'}</a>
 }
 }
 12 { Disable-UAC }
 13 { Disable-FW }
 15 { Restart-Computer }
 16 {
 Write-Host "Exiting..."
 Exit
 }
 default {write-host "You haven't selected any of the available options. "}
 }
Complete guide on configuring KEMP VLM load balancer for Exchange 2013

Complete guide on configuring KEMP VLM load balancer for Exchange 2013

Introduction

Published: 2012-11-02
Updated: 2013-04-24
Version: 1.1

Update:
Made some updates regarding the health check for the OWA and Outlook Anywhere service.

Since Exchange Server 2013 reached RTM the 11th of October, and finally it was published to MSDN the 24th of October. This post is based on the RTM version of Exchange 2013.

I decided to write a post that included both the KEMP configuration together with the Exchange 2013 configuration. I’ve also seen that Jaap Wesselius have posted an article regarding this topic already, it’s my hope that I can fill the gap regarding the complete configuration of both Exchange and the load balancer.

For illustrating my lab environment, see the picture below.

On the left side is the “client” which tries to connect, in the middle is the load balancers and to the right are my two Exchange 2013 servers.

Drawing1

I did decide to have one namespace per service for having a better flexibility, however this is NOT required. But the advantage for having it like this is that the load balancer can check the health of each component. If one component is not working, it’s just disabling that service from the corresponding server, and not the whole server.
But an disadvantage is a increased cost for the certificate and the load balancer get’s a bit more complex.

I’m using the Virtual LoadMaster which resides in different versions (in the end of my post I will provide some links regarding versions etc).

Initial configuration

My configuration is a two-leg load balancer, where the first leg is placed into the client network segment and the other leg (NIC) is placed into my server segment.

The initial configuration is done by providing a license key.

image

Go to System Configuration –> Interfaces –> eth0 for configuring the IP address of the first network card.

image

System Configuration –> Local DNS Configuration –> Hostname configuration for giving the VLM a hostname.

image

System Configuration –> Local DNS Configuration –> DNS configuration for configuring the VLM with a domain and DNS server.

image

System Configuration –> Route Management –> Default Gateway for configuring the VLM with a default gateway.

image

Often it’s required to have the VLM understand other networks and can route traffic to them, for configuring additional route go to System Configuration –> Route Management –> Additional Routes.

image

Don’t forget to configure the date and time on the VLM, go to System Configuration –> System Administration –> Date/Time. I’ve configured to use “ntp.lth.se” as my NTP server, it’s recommended to use the NTP option.

image

When the configuration is done, a good tip is to take a backup of it, go to System Configuration –> System Administration –> Backup/Restore.

image

High Availability configuration

Kemp is providing a high availability cluster of two load balancing nodes, where one is active and one is passive (standby). I’ve been playing around with it and it works really good. The passive kicks in right away when the active one is broken or restarted/shutdown.

During a restart of the active node the passive becomes the active node.

In general, they share a cluster IP/name where the configuration is done and on each LB node the local settings can be done such as configuring date/time, IP addresses etc.

Start with the first node, for configuring this go to System Configuration –> Miscellaneous Options –> HA Parameters. Set it to “HA Mode: HA (First) Mode”.

image

Go to System Configuration –> Interfaces –> eth0. Give the load balancer cluster a IP address and also provide the IP address for the second node. Don’t forget to press the “Set Shared address” and “Set Partner address” buttons for saving the configuration. Then go back to System Configuration –> System Administration –> System Reboot. Restart the first node.

When the first node is back online, continue with the second node. Go to System Configuration –> Miscellaneous Options –> HA Parameters. Set it to “HA Mode: HA (Second) Mode”.

image

Example of my first node.

image

Example of my second node.

image

Creating and configuring load balancing services

I will create two examples for load balancing services, one for OWA and one for Outlook Anywhere.
Using these examples, you can easily creating services by yourself for the other ones.

OWA

Go to Virtual Services –> View/Modify Services –> Add New.

image

Type in the IP address for the service in the Virtual Address field, together with port, protocol and name.
Press “Add this Virtual Service”.

image

Make sure that “Force L7” is checked, but the “L7 Transparency” is unchecked.
Since Exchange 2013 doesn’t require persistence anymore, make sure that the option is set to “None”.
For the load method/Scheduling method, I’m using Round-Robin which is pretty much spreading the load on all servers.

image

Update:
Under “Real Servers”, let’s configure the health checks. Make sure it’s set to use HTTPS protocol. This together with Checked Port: “443” and URL: “/owa/healthcheck.htm”. Don’t forget to press the “Set URL” button for saving the settings. Check the option “Use HTTP/1.1” and select GET as the HTTP Method.

image

Let’s press the “Add New…” button under “Real Servers”. Add your Exchange 2013 Client Access servers. When all servers are added, press the Back button. (I’m using multirole servers, so all of them are added)

image

When everything is setup it should look like the figure below.

image

When you’re satisfied with the configuration, press the Back button. The services should then show up as green if the protocols are available.

image

Outlook Anywhere

Go to Virtual Services –> View/Modify Services –> Add New.

image

Type in the IP address for the service in the Virtual Address field, together with port, protocol and name.
Press “Add this Virtual Service”.

image

Make sure that “Force L7” is checked, while the “L7 Transparency” is unchecked.
Since Exchange 2013 doesn’t require persistence anymore, make sure that the option is set to “None”.
For the load method/Scheduling method, I’m using “Round-Robin” which is spreading the load to the servers.

image

Update:
Under “Real Servers”, let’s configure the health checks. Make sure it’s set to use HTTPS protocol. This together with Port: 443 and URL: “/rpc/healthcheck.htm”. Don’t forget to press the “Set URL” button for saving the settings. Also check the option “Use HTTP/1.1” and select GET as the HTTP Method.

image

Let’s press the “Add New…” button under “Real Servers”. Add your Exchange 2013 Client Access servers. When all servers are added, press the Back button.

image

Everything is now setup for load balancing the Outlook Anywhere function.

image

In the services console, it should look like below if the health is successfully verified.

image

Note: In my lab environment I’ve decided to not use L7 transparency since I don’t have any use for it. It is used when the Client Source IP address needs to show up at the CAS Servers. This can sometimes be important when using SMTP filters. So for proper load balancing, the traffic needs to flow through the load balancer, both back and forth. Therefore you need to change the Default Gateway settings of your servers, when you are activating the L7 Transparency.

Final tests

Let’s start with testing the load balancing functions so that Outlook is able to connect and that the connections are spread throughout the servers.

Here’s my final configuration, for clarifying that I’m using five different VIP’s, one for each service.

image

The figure below shows that Outlook 2013 profile is getting connected, I was using the autodiscover feature for configuring the Outlook profile. Both the InternalHostname and the ExternalHostname is configured to: outlook.testlabs.se in my scenario, on both my servers. For authentication I’m using NTLM.

image

Since Outlook 2013 was worked fine, it’s up to OWA to show up.
I reached the form-based authentication page and put in my credentials and finally got to the Inbox.
Did this a couple of times, together with login into the Admin Center for getting some more sessions in the load balancer.
This for checking so that the VLM spreads the load between the servers in a good way.

image

image

Below are two figures that shows how the sessions are spread between the servers.
To me this looks really good!
The first figure shows the servers and how the sessions are spread between them.
The second figure does show the services instead of the servers, this together with the total amount of connections last minute and up to the last hour.

These two figures together shows how the load is spread, since this is just a lab environment I don’t have an large amount of connections. It would be really interesting to see in a large enterprise environment how the load is spread between the servers.

image

image

Helpful links

General documentation
http://www.kemptechnologies.com/documentation

Sizing tool for load balancer (Exchange 2010)
http://www.kemptechnologies.com/emea/loadmaster-sizing-for-ms-exchange-2010.html

Deployment guide
http://www.kemptechnologies.com/fileadmin/content/pdf/KEMP_Exchange_2010_Deployment_Guide_5_1_v1.6.pdf

Compare Load Balancer models
http://www.kemptechnologies.com/emea/products/server-load-balancing-internet-router-load-balancer.html

Exchange Load Balancers
http://www.kemptechnologies.com/emea/loadbalancingresource/ms-exchange-2010.html

Virtual Load Balancers
http://www.kemptechnologies.com/emea/products/virtual-load-balancers/vlm-overview.html

Multi-Site Load Balancers
http://www.kemptechnologies.com/emea/products/multi-site-load-balancers/overview.html

Thanks for reading!
I hope that this was informative and interesting to read, please feel free to provide feedback

Regards,
Jonas Andersson

Wave 15 is now RTM

Wave 15 is now RTM

If you haven’t seen it already, the whole Wave 15 has reached RTM state, which means that the code is ready.
This means that Office 2013, Lync 2013, Exchange 2013 and Sharepoint 2013 is now code completed.

The software will be available for download in mid November.

More information can be found on Exchange Team blog.

Another update regarding Exchange is that Microsoft re-released the Update Rollups.
Exchange 2010 UR4 for SP2 was re-released as UR4 v2, more info/download.
Exchange 2010 UR7 for SP1 was re-released as UR7 v2, more info/download.
Exchange 2007 UR8 for SP3 was re-released as UR8 v2, more info/download.

Since my last post I’ve had a great time attending MEC in Orlando, lots of great contents and met a lot of inspiring people.

In the upcoming weeks I will try to publish the next post, regarding load balancing for Exchange 2013 Preview. (It will be updated when the RTM is downloadable if there are any changes).

Exchange Server 2013 Preview – Part 4: Configure DAG, CAS Array and Public Folders

Exchange Server 2013 Preview – Part 4: Configure DAG, CAS Array and Public Folders

In this series of posts, you can read about the fresh release of Exchange 2013 beta/Preview.
The posts are done as “how-to” posts with configuration examples from both Exchange Administration Console (EAC) and Exchange Management Shell (EMS).

Earlier parts can be found below:

Part 1: Installation guide
Part 2: Basic configuration
Part 3: Continue of configuration, URL’s etc.

At the end of the post, I will link to some interesting TechNet articles around High Availability, Disaster Recovery, Site resilience and Public Folder migration.

Note: My posts around Exchange 2013 Preview/beta are based on Beta information and it could be changed before it will be released (RTM).

Database Availability Group (DAG)

If this expression is new to you, here are some background information.
The DAG is the new cluster technology from Exchange 2010 and also included in 2013. It give us the opportunity to have a mailbox database replicated between two or more servers, the DAG can have utilize up to 16 copies of each database (16 different servers). The advantage of this is that if one server fails, it’s easy and very fast for doing switchover/failover to another server.

Some interesting changes around databases are that each database runs under it’s own process in Windows. Store (ESE) is totally rewritten, again.. which means you can’t use databases from older versions of Exchange directly on Exchange 2013. I have also read that IOPS requirements for databases have been reduced with another 50% from Exchange 2010, but I haven’t read it officially so maybe it’s just a rumor. We’ll see what happens when it’s being release and probably Microsoft will release an update mailbox calculator.

DAG is available for both Standard and Enterprise version of Exchange, and supported to run on both Windows 2008 R2 and Windows Server 8. Though all DAG members needs to run the same OS version.

Let’s get ready to create the DAG and add the Databases as copies on each DAG member/node.

Using EAC: It’s time to like the new EAC “console”.

Running “ipconfig” on both mailbox servers, for checking the IP addresses. Both for the MAPI network and the Replication network.

image

image

Go into Control Panel and check the network interfaces,

image

Login to the EAC, go to Servers and select Database Availability Group. Press Add button (+).

image

Type in DAG name, Witness Server, Witness directory and DAG IP. Press Save.

image

When the DAG is created, select it and Press Edit. Check the option “Configure database availability group network manually”. Press Save.

image

It’s now time for adding the mailbox servers into the DAG, this by pressing “Manage membership” button.

image

Press the Add button (+) and add the mailbox servers.

image

Add the mailbox servers that should reside in the DAG. Press OK.

image

Press Save.

image

The configuration now gets saved, failover clustering was installed on mailbox servers. Press Close.

image

Next thing to do it the DAG Networks, as you can see in the right bottom corner, a network called “MapiDagNetwork” has been created. I want to have the control over these networks so I will create my own.
Start by pressing “New DAG Network”. I’m about to create two new networks.

image

I will give the first network a name like MAPI Network, and assign the Subnet to it where the clients are supposed to connect. Press Save.

image

My second network will be called Replication Network, since that it’s purpose and also assign it to the correct Subnet. Press Save.

image¨

Since we now have created those two network, let’s remove the automatic created one by pressing “Remove” button.

image

Press OK.

image

The MAPI Network is not supposed to be used as replication network, so let’s disable that function by pressing “Disable Replication” on the MAPI network. Press OK.

image

The DAG should now show two networks called MAPI and Replication. The MAPI Network should not be enabled for replication.

image

Final DAG configuration

The last step (just a recommendation) is to enable the DAC mode, this for preventing split brain syndrome. Which means that you end up with having same database mounted on two (or more) different servers. More info about DAC mode can be found on the link in the end of the post.

This can’t be done through EAC (maybe that will change to RTM). So let’s start up Exchange Management Shell (EMC).

Set-DatabaseAvailabilityGroup –Identity DAG01 –DatacenterActivationMode DagOnly

image

Database copies

On each mailbox database we now need to add a copy to another server for having the redundancy.

In the menu, go to Databases and select one database, then press the Add database copy button.

image

Specify mailbox server that at the moments doesn’t hold a copy of the database and add it by pressing the browse button. Press Save.

Note: In this menu you also have the option to configure lag time (if using lagging node).

image

The database now get’s copied (Seeding).

image

Then do the same procedure on all of your databases.

image

Press Close, when the operation is done.

image

Do the same procedure on all of your databases.

image

The seeding operation is running.

image

Press Close.

image

It might take a while (some minutes..) until it get’s Healthy and everything has been checked and verified.
In my test environment it took around 15min to be fine. It should look like the picture below when everything is completed.

image

Using PowerShell: The Web interface is nice to work with. But I prefer the PowerShell, because I have the full control over what’s going on.

Let’s start with creating the DAG by using the command below:

New-DatabaseAvailabilityGroup –Name DAG01 –WitnessServer TLCAS01 –WitnessDirectory C:\FSW_DAG01 –DatabaseAvailabilityGroupIpAddresses 172.16.1.15

Configure the DAG so that the networks can be manually configured:
Set-DatabaseAvailabilityGroup –Identity DAG01 –ManualDagNetworkConfiguration $True

Add the mailbox servers into the DAG:
Add-DatabaseAvailabilityGroupServer –Identity DAG01 –MailboxServer TLMB01
Add-DatabaseAvailabilityGroupServer –Identity DAG01 –MailboxServer TLMB02

Enable DAC mode for the DAG:
Set-DatabaseAvailabilityGroup –Identity DAG01 –DatacenterActivationMode DagOnly

List the DAG Networks:
Get-DatabaseAvailabilityGroupNetwork

Create two new DAG Networks, one for Mapi and one for Replication:
New-DatabaseAvailabilityGroupNetwork –DatabaseAvailabilityGroup DAG01 –Name Mapi –Description “Mapi Network” –ReplicationEnabled $False –Subnets “172.16.1.0/24”

New-DatabaseAvailabilityGroupNetwork –DatabaseAvailabilityGroup DAG01 –Name Replication –Description “Replication Network” –ReplicationEnabled $True –Subnets “10.0.0.0/8”

Remove the automated created network, it will not be used:
Remove-DatabaseAvailabilityGroupNetwork –Identity DAG01\MapiDagNetwork

image

image

image

Database copies

On each mailbox database we now need to add a copy to another server for having the redundancy.

Specify a mailbox server that at the moments doesn’t hold a copy of the database and add it by running the following commands.

Add-MailboxDatabaseCopy –Identity DB01 –MailboxServer TLMB02
Add-MailboxDatabaseCopy –Identity DB02 –MailboxServer TLMB02
Add-MailboxDatabaseCopy –Identity DB03 –MailboxServer TLMB02

image

Verify the replication status on each mailbox server:
Get-MailboxDatabaseCopyStatus –Server TLMB01
Get-MailboxDatabaseCopyStatus –Server TLMB02

image

Public Folders

The Public Folder databases are now gone, and transferred to “normal” mailboxes instead. The advantage of this is that the mailbox itself can now be replicated using DAG technology. This doesn’t mean that the public folder contents is replicated, it’s still required that you configure the public folder replication for the contents.

With “normal” mailbox I mean that they reside in the mailbox databases, just like user mailboxes does. However they can in someway be compared to shared and room, those are also special mailboxes.

If you decide to use the Public Folders in Exchange 2013, the first step will be to create a mailbox that holds the public folder hierarchy. This will be the writeable copy, you can have copies of the hierarchy. But you can only have one that is allowed to make changes/writeable.

How can the hierarchy mailbox be created?

Using EAC: Go to Public Folders section, this is the first warning/error message you will receive.
It means that you don’t have any public folder hierarchy (mailbox) created yet.

image

Go to the second public folder selection called “Public Folders Mailboxes”. Add (+), create the first mailbox for the public folders, so it’s hierarchy can be saved.

image

Give the mailbox a friendly name, example: PF_Hierarchy, place it into an organizational unit and select a mailbox database where it should be saved into. Press Save.

image

Now when the hierarchy is created, let’s create some test folders too.
Go back to “Public Folders”, press the Add (+) button. Give the public folder a name. Press Save.

image

If you want to configure any storage quota on the public folder content, press Edit and configure it. Statistics can also be found under Edit selection, which sometimes is valuable.

image

Just for testing purposes I did mail-enable the folder. By pressing the Enable button.

image

Press Yes.

image

Let’s check the properties for the folder again, now we see that we have lots of new settings. Here’s a small example how the Mail Flow settings looks like.

image

Using PowerShell: Start up Exchange Management Shell, the following commands will be used for creating the public folder hierarchy and contents folder.

Create the hierarchy by running the following command
New-Mailbox –Name PF_Hierarchy –Alias PF_Hierarchy –Database DB01 –OrganizationalUnit Users

This mailbox, like shared/room mailboxes is also disabled by default. This for not having the possibility to logon as this user.

Let’s create the folder named Testlabs
New-PublicFolder –Name Testlabs

Finally, mail enable the public folder
Enable-MailPublicFolder –Identity \Testlabs

image

We have public folders located in Exchange 2007/2010, what about them?

In the end of this post, you can find a link to a TechNet article, it provides you with a great step-by-step guide. I haven’t tried to migrate public folder contents from earlier versions of Exchange since SP3 for Exchange 2010 is required for having coexistence between Exchange 2010 and Exchange 2013. SP3 is right now under development/testing and no official information can be found.

When I get my hands on SP3, this will be one of the first things to try out.

Client Access Server Array

In my previous blog post I did write about some news regarding MAPI and RPC, where I did mention what changes been made. It can be found here.

The “new” Client Access Server role can now been seen as more of a traditional Front-End server.
It utilize as a front-end connection point and redirects/proxies (depending on method) the clients to it’s correct mailbox server.

After the architectural change around the CAS role, it’s now “stateless” which means there’s no need for the load balancer to configure affinity/sticky session. For example, it means that the clients is not required to have the connection established to the same CAS server for having the OWA to work. This means that all CAS servers now will serve all clients with connections to it’s mailbox endpoint server.

How to create a client access array?

Right now, I don’t see any specific reason for creating the CAS Array, since the traffic will be proxied from the CAS servers to the correct active Mailbox servers.

In an upcoming blog post I will cover how to configure the load balancing for Exchange 2013.

Upcoming topics: load balancing Exchange 2013 using different load balancers, database fail-over, move mailbox reports, disaster recovery etc.

But first it’s time for 3 weeks of vacation, until then. Keep on reading the posts and you’re more than welcome to comment on them.

Thanks for reading, I hope it did gave you some valuable information.

More information:

High Availability
http://technet.microsoft.com/en-us/library/dd638137%28v=exchg.150%29.aspx

DAC mode
http://technet.microsoft.com/en-us/library/dd979790.aspx

Client Access Server
http://technet.microsoft.com/en-us/library/dd298114%28v=exchg.150%29

Public Folder migration scenario
http://technet.microsoft.com/en-us/library/jj150486%28v=exchg.150%29

Load More