Transport

Exchange Server 2013 Preview – Part 2: How to do the Basic configuration

Exchange Server 2013 Preview – Part 2: How to do the Basic configuration

If you haven’t read it already, I did post a complete guide for installing Exchange 2013, it can be found here. That was part 1, now it’s time for part 2. Which of course is the configuration of the server setup.

We have lots of changes between how you configured Exchange 2007/2010 and 2013.
First thing is that Exchange Management Console is gone and replaced by a refreshed ECP called Exchange Admin Center (EAC), built on Silverlight (I suppose). The “old” Exchange Management Shell (EMS) is still there, so I suppose lots of us geeks will use more PowerShell in the near future.

The fact that EMC is replaced will make the administration easier and more portable, but I still like the EMC better. I will like the EAC better after used it for a while. This portable administration together with Remote PowerShell will be awesome.

I will use both methods for the configuration steps, both EAC and PowerShell.

The easiest way to find the URL path to the EAC is to start the Exchange Management Shell and run the command below:

Get-EcpVirtualDirectory | fl *url*

The picture below is my output from my lab environment

image

So let’s get things started..

Start up an Internet browser and go to the URL output from the command above

image

Mail Flow

Let’s get the mail flow configured first so we can receive mails from external senders.

In EAC: on the left side (menu) press “Mail Flow”.

image

Accepted Domains

Ensure sure that your domains that should be used for SMTP is listed in here for making Exchange able to receive mails for these domains. More info about Accepted Domains can be found here.

In EAC: After selecting “Mail Flow” to the left, press “Accepted Domains” at the top menu in the middle.

image

If your domain is not listed and you need to add it, press the plus mark and fill in the information, like my example below.

image

image

Using PowerShell: Since I’m a geek I like to use PowerShell because it gives you the advantage of see what happens, have the full control and easily build scripts.

For listing and adding a domain like above in PowerShell you should write:

Get-AcceptedDomain
New-AcceptedDomain –Name testlabs.com –DomainName testlabs.com –DomainType Authoritative

image

Email Address Policies

These policies are used to stamp each user mailbox object with an email address/SMTP address.
These policies does not remove any addresses used previously, it just adds new addresses to mail objects.

In EAC: By default after the installation we only have one policy, called Default Policy.

I want to edit this one, by selecting the “Default Policy” and pressing the “pen” icon.

image

The Default Policy is showing up, in the left menu, press “Email Address Format”.

image

Since I live in Sweden and we have some special characters that I want to get rid of, I’m using the custom policy, Address type: SMTP and the Email address parameters:

%råa%räa%röo%g.%råa%räa%röo%s@testlabs.se

%r means it replaces the character after, in this case åäö. Which it replaces with aao.

When you have done the change press the “Save” button at the bottom of the page.

image

Check so that the change is correct, then press the “Save” button.

image

After the changes have been saved, it needs to be applied. This is done by pressing the “Apply” text/button down in the right menu.

image

image

Using PowerShell: Let’s start with listing the Policy and the settings in it. As a final step let’s do the same configuration to the “Default Policy” that we did using EAC.

If you want to create more than just alias@domain.com to your policies, then this is done by comma separation. For setting the Primary SMTP address, use capital letters for SMTP, and for additional addresses use small letters for smtp. See the example below:

Get-EmailAddressPolicy

Get-EmailAddressPolicy | fl

Get-EmailAddressPolicy | Set-EmailAddressPolicy –EnabledEmailAddressTemplates “SMTP: %råa%räa%röo%g.%råa%räa%röo%s@testlabs.se”,”smtp: %m@testlabs.se”

Set-EmailAddressPolicy –identity “Default Policy” –EnabledEmailAddressTemplates “SMTP: %råa%räa%röo%g.%råa%räa%röo%s@testlabs.se”,”smtp: %m@testlabs.se”

Get-EmailAddressPolicy | Update-EmailAddressPolicy

It can easily be checked if the policy has been applied, it will show a True or False value. For checking the value run the command below:

Get-EmailAddressPolicy | fl *appl*

Note: Don’t forget to update the Policy, or else the new addresses won’t be pushed out to the recipients.

image

Receive Connectors

Since the HUB Transport server role now is gone and the HUB role is placed together with the CAS role, this is the server you should be looking at.

After the SMTP domains have been added into the Accepted Domain tab, some settings could be of value to have a look at before starting to use the servers.

A change has been made to the new version, the default connector now named “Default Frontend servername”. It now allows traffic from Anonymous users by default. I suppose this is due to that the Edge Transport Role also is removed.

In EAC: Go to the “Receive Connectors”, found under “Mail Flow”. Make sure to select your CAS server(s) and the “Default Frontend servername”. Then press the “pen” icon for Edit the selected connector.

image

The only thing I did change was the “Maximum receive message size” to 30 MB.
When you have done your changes for the connector, press the Save button.

image

Using PowerShell: Start the Exchange Management Shell, lets view the receive connectors and then make the changes like above.

Get-ReceiveConnector

Get-ReceiveConnector | fl

Set-ReceiveConnector –Identity “TLCAS01\Default Frontend TLCAS01” –MaxMessageSize 30MB

Note: The size can be configured between 64KB up to 2GB.

Verify that the settings was correctly set, using the command below
Get-ReceiveConnector | fl ide*,maxmes*

image


Send Connectors

When the HUB server role now is gone and after the default installation of Exchange we don’t have any send connectors. So… for being able to send out mails to external recipients, let’s create a Send Connector on the CAS server.

In EAC: Go to the “Send Connectors”, found under “Mail Flow”. Press the “plus” icon for Creating a new send connector.

image

Give the send connector a friendly name and select what type it should be. Since this one I’m creating now is for sending to external recipients I’m selecting “Internet”. (Seems like we have a typo, see picture below). Press Next.

image

Select how to route those mails, either by using MX records or through a smart host(s). If you have a mail gateway then you should select smart host and type in it’s IP address. My server is just sending them directly to Internet so I’m using the MX method. Then press Next.

image

Press the “plus” icon for adding the address space this connector should use. In my case it will be “*”. Then it takes care of all domains. Press Save.

image

Then Press Next for accepting the settings you’ve just made.

Next screen will show you which source servers that should be used. Let’s add these into the connector by pressing the “plus” icon and selecting the Mailbox servers.

image

Press Finish button so the connector get’s created.

Note: By default the connector has a maximum message size of 10MB. You can’t configure the maximum send message size when creating the connector, but this can be done by editing the created connector.

Using PowerShell: Start the Exchange Management Shell, lets view the send connectors and then make the changes like above.

Get-SendConnector

Get-SendConnector| fl

This creates a new send connector using the DNS/MX method
New-SendConnector –Name “Outbound” –AddressSpaces ‘*’ –SourceTransportServers TLMB01 –MaxMessageSize 30MB

This creates a new send connector using the smarthost method

New-SendConnector –Name “Outbound” –AddressSpaces ‘*’ –SourceTransportServers TLMB01 –MaxMessageSize 30MB –DNSRoutingEnabled:$false –SmartHosts “10.10.10.10”

This creates a new send connector using the smarthost method together with using the CAS server as a proxy server for sending the mails

New-SendConnector –Name “Outbound” –AddressSpaces ‘*’ –SourceTransportServers TLMB01 –MaxMessageSize 30MB –DNSRoutingEnabled:$false –SmartHosts “10.10.10.10” –FrontEndProxyEnabled:$True

Note: The size can be configured between 0 Bytes up to 2TB.

Verify that the settings was correctly set, using the command below
Get-SendConnector| fl ide*,maxmes*

image

Certificates

As most of you already know we need to request and import a certificate for Exchange. This for having a fully working OWA, ActiveSync etc. certificates needs to be configured so let’s get started.

In EAC: Go to the “Certificates”, found under “Servers”. Select the server and press the “plus” icon for Creating a new certificate request.

image

I’m using an Internal PKI solution, so in this case I want to “Create a request for a certificate from a certificate authority”. Press Next.

image

Type in a friendly name for the certificate. Press Next.

image

If you want to create the request for a wildcard certificate, this is the checkbox you should use.
I don’t want a wildcard certificate, so I just let it be unchecked. Press Next.

image

Press Browse and select which server you want to store it on. Press Next.

image

For each service you can here type in the address, and the request will generate the names in the end. When you’re done press Next.

image

Go through the names in the list and make sure that all names that’s needed are included. Press Next.

image

Fill in Organization name, Department, Country, City and State. Press Next.

image

In my example I did type in the path to a share on my domain controller, which also is my Internal CA. Press Finish.
Example: \\tldc01\certificates\certreq.req

image

When the request is completed, it shows up with the friendly name, together with the status “Pending request”. When the certificate is issued, press the “Complete” button below the status.

image

Type in the URL path to the .cer file, my file is saved on my DC. Press OK.
Example: \\tldc01\certificates\certnew.cer

image

It’s now time for assigning the services to the certificates. This is done by selecting the certificate and press the Edit button.

image

Go to “Services” and add the one’s that should be used. Press Save.

image

Press OK.

image

Check so that the services is assigned to the certificate.

image

Using PowerShell: Start the Exchange Management Shell, lets view the existing certificates and then make a new cert request like above. Finally import the issued certificate.

Get-ExchangeCertificate

Get-ExchangeCertificate | fl

This creates a new certificate request and saves it to a share
New-ExchangeCertificate –Server TLCAS01 –GenerateRequest –FriendlyName Exchange2013-PS –PrivateKeyExportable $true –SubjectName “c=SE, s=Skane, l=Malmo, o=Testlabs, ou=Testlabs, cn=mail.testlabs.se” –DomainName  mail.testlabs.se,autodiscover.testlabs.se –RequestFile “\\tldc01\certificates\test.req”

image

Import-ExchangeCertificate –Server TLCAS01 –FileName “\\tldc01\certificates\certnew-ps.cer” –PrivateKeyExportable $true –FriendlyName Exchange2013-PS

Enable-ExchangeCertificate –Thumbprint A2E6649A22A99BEAB2654BEB403C92BB9D34B404 –Services “IIS, SMTP, POP, IMAP” –Server TLCAS01

Get-ExchangeCertificate

image

Note: Make sure to specify –Server, or else you can have difficulties finding our created request. Mine landed at my Mailbox server even if I did it on the CAS server.

If you haven’t read it already, have a look at Part 1: Complete guide of how to perform the installation

Thanks for reading, I hope that it’s informative and great reading for most of you. It would be awesome if you guys leave some comments, what do you think about Exchange 2013? Maybe you have already installed the Preview/Beta? Which new feature is the best one?

Next part will cover Databases, Outlook Anywhere, Outlook 2013 and MAPI/RPC etc.

Part 3 can be found here

Exchange Server 2013 Preview – Part 1: Complete guide of how to perform the installation

Exchange Server 2013 Preview – Part 1: Complete guide of how to perform the installation

Since Exchange Server 2013 beta was released yesterday I’m glad to announce that my first installation is done and here’s a complete walkthrough.

My setup is basic, using one server as domain controller, Windows 2008 R2.
Initially for Exchange I’m using 3 servers, 1 server for the CAS role and 2 servers for the Mailbox role.

There are some prerequisites that need to be installed/removed before the installation of Exchange can take place.

Note: It’s now recommended to install the Mailbox server first. So I’m starting with that server.

Step 1. Install the administration pack using the commands below, make sure to restart the server before proceeding to step 2.

Import-Module ServerManager
Add-WindowsFeature RSAT-ADDS

image

Step 2. Install the Windows features that Exchange uses, for Mailbox and CAS server use the command below:

Import-Module ServerManager
Add-WindowsFeature Desktop-Experience, NET-Framework, NET-HTTP-Activation, RPC-over-HTTP-proxy, RSAT-Clustering, RSAT-Web-Server, WAS-Process-Model, Web-Asp-Net, Web-Basic-Auth, Web-Client-Auth, Web-Digest-Auth, Web-Dir-Browsing, Web-Dyn-Compression, Web-Http-Errors, Web-Http-Logging, Web-Http-Redirect, Web-Http-Tracing, Web-ISAPI-Ext, Web-ISAPI-Filter, Web-Lgcy-Mgmt-Console, Web-Metabase, Web-Mgmt-Console, Web-Mgmt-Service, Web-Net-Ext, Web-Request-Monitor, Web-Server, Web-Stat-Compression, Web-Static-Content, Web-Windows-Auth, Web-WMI

image

Step 3. When the feature is completed. Continue with the installation of the required components, use the links below to download the components.

.NET Framework 4.5 RC

Windows Management Framework 4.0

Unified Communications Managed API 4.0, Core Runtime 64-bit

Office 2010 Filterpack x64

Office 2010 Filterpack SP1 x64

KB 974405 (Windows Identity Foundation)

KB 2619234 (RPC over HTTP)

KB 2533623 (Remote code execution)

Note: Make sure to uninstall the Visual C++ 11 Beta Redistributable (x64) before starting the Exchange 2013 installation.

You can have a look at the setup.exe parameters using

setup.exe /?
setup.exe /help:install

image

Step 4. Start the installation using unattended installation for the Mailbox server role

setup.exe /mode:install /roles:Mailbox, ManagementTools /IAcceptExchangeServerLicenseTerms /InstallWindowsComponents /OrganizationName:Testlabs /TargetDir:"D:\Program Files\Microsoft\Exchange Server\V15"

The installation process starts up and prepare the organization for Exchange 2013, install the necessary Windows components. The schema prep can also be done manually using setup.exe /preparead, I’ve chosen to go with the default behavior.

When for the Mailbox server role installation is successfully finished it will tell you to restart the server.

image

Step 5. Start the installation of the Windows features for the CAS server role

Import-Module ServerManager
Add-WindowsFeature RSAT-ADDS
Add-WindowsFeature Desktop-Experience, NET-Framework, NET-HTTP-Activation, RPC-over-HTTP-proxy, RSAT-Clustering, RSAT-Web-Server, WAS-Process-Model, Web-Asp-Net, Web-Basic-Auth, Web-Client-Auth, Web-Digest-Auth, Web-Dir-Browsing, Web-Dyn-Compression, Web-Http-Errors, Web-Http-Logging, Web-Http-Redirect, Web-Http-Tracing, Web-ISAPI-Ext, Web-ISAPI-Filter, Web-Lgcy-Mgmt-Console, Web-Metabase, Web-Mgmt-Console, Web-Mgmt-Service, Web-Net-Ext, Web-Request-Monitor, Web-Server, Web-Stat-Compression, Web-Static-Content, Web-Windows-Auth, Web-WMI

Make sure to restart the server after the Windows features got installed.

Step 6. Start the installation of the CAS server role

setup.exe /mode:install /roles:ClientAccess, ManagementTools /IAcceptExchangeServerLicenseTerms /InstallWindowsComponents /OrganizationName:Testlabs /TargetDir:"D:\Program Files\Microsoft\Exchange Server\V15"

Since this is the second server, the schema prep is already done so the installation will skip that step.

When it’s finished it will look like the picture below, a restart of the server is required.

image

The installation of both servers are now completed.

Next blog post will be around how to configure Exchange 2013.

Thanks for reading, looking forward to your comments about the post and also about Exchange 2013 in general.

More information about the prerequisites can be found here.

What’s new in Exchange 2013

Next blog post, Part 2: How to do the Basic configuration

How to setup and configure Exchange 2010 Edge Transport Server Role

 

Published: 2011-05-30
Updated: –
Version: 1.0

First of all, the Edge role should be placed in DMZ, that’s the only Exchange role that should be placed in DMZ.
A picture below will show an example of an environment for how the Edge server could be place into infrastructure.


The prerequisites are installed by using the xml file provided with the ISO file for Exchange 2010 SP1.
It’s used by starting up PowerShell and running the following command: “servermanagercmd –ip path:\scripts\exchange-all.xml“.

Before starting with the installation, since it’s placed in the DMZ, make sure that the DNS suffix is added for the “domain.local”, in my case its “target.local”.

A reboot of the server and you will be ready to continue the installation of the Edge role.

Then it’s time for the Edge installation, it’s done by starting up the setup.com (Run as administrator).

Installation is done after some waiting..

It’s time for the EdgeSubscription file creation, it’s done by using the EMS and typing in:
New-EdgeSubscription –Filename “C:\edge.xml

(Start the EMS with Run as administrator, or else you won’t be able to save the file into C:)

The next step is to copy the xml file to the HUB transport server, in my case it’s a multi-role server (CAS/HUB/MBX).
Start EMC and go to Organization Configuration -> Hub Transport -> Edge Subscriptions and select New EdgeSubscription.

Select which AD Site that the Edge should be subscribed to, and browse for the xml file created earlier.

When the subscription is completed successfully it should look like this.

It’s time to start the Edgesync, it’s done from my multi-role server (server03.target.local).

And hopefully it will look something like this after a while and you will see the accepted domains in the Edge server.
You will also see the receive and send connectors.

Conclusion

For being able to have a successful Edgesync the port 50636 (TCP) should be open from HUB server(s) to the Edge server.
Also for sending mails (SMTP), port 25 should be open.
The Edge server is listening on port 50389.

Quote: “EdgeSync uses a secure LDAP connection from the Hub Transport server to subscribed Edge Transport servers over TCP 50636. AD LDS also listens on TCP 50389.
Connections to this port don’t use SSL. You can use LDAP utilities to connect to the port and check AD LDS data. ”

Make sure that the name resolution is working, the Edge server needs to have a working name resolution to the HUB server(s) and in the opposite direction.

Exchange port reference:
http://technet.microsoft.com/en-us/library/bb331973.aspx

Coexistence between Domino and Exchange 2010 – Part 2 of 2

 

Published: 2011-01-05
Updated: 2011-01-16
Version: 1.1
Changelog: Exchange configuration added.

Let’s start from where we ended the last part the Domino configuration.
I hope everything was clear on the last part, if there are any questions about it feel free to give feedback or send me an email on:
Jonas.Andersson@testlabs.se.

DNS Infrastructure

 

In this part we start with the DNS investigation.
There needs to be created at least 2 additional records in the DNS zone for using of Exchange and CMN.

These are autodiscover and mail, in my environment I’m using mail, it could be owa or webmail or whatever you want it to be.

The important information here is that these names should be included into the certificate for the Exchange CAS server(s).
And that certificate is exported and imported into the CMN server as well.

Certificate installation

 

I’m not going to show how to create a CSR and Import and Export it.
There are already so many guides about that, check here for more information about that.

For creating a CSR in Exchange 2010, use this one:
http://www.digicert.com/csr-creation-microsoft-exchange-2010.htm

How to install the certificate when it have been processed use this one:
http://www.digicert.com/ssl-certificate-installation-microsoft-exchange-2010.htm

When the certificate has been installed on the Exchange server and the services have been assigned, it’s time to export it.
This is done by starting a MMC console, adding Certificates (Computer) and go to Personal/Certificates.

Right click the appropriate certificate and choose All Tasks/Export.
Export the private key and select the option “Include all certificates in the certification path if possible”.
Then set a password and copy the certificate file to the CMN machine.

The process for importing the certificate is almost the same, start a MMC console, adding Certificates (Computer)
and right click Personal and choose All Tasks/Import.

Browse for the certificate file and type in the password for it and make sure it’s placed in Personal.

In my case when it’s imported successfully it will look like this.

Check in IIS so that the bindings for port 443 (HTTPS) is using the imported certificate.

Exchange WebServices configuration

 

With DNS and the Certificates in place the keys to get everything to work are done.

Next thing to change from the default behavior on the Exchange CAS machine is to change the EWS.
This is done by running the following command:

“Set-WebServicesVirtualDirectory -Identity “EWS (Default Web Site)” -InternalUrl https://autodiscover.target.local/EWS/Service.asmx
-ExternalUrl https://autodiscover.target.local/EWS/Service.asmx”

Important is to double check the path for the asmx file on the CMN server, in my case this is the correct path.

Double check so the value has been modified by running:

“Get-WebServicesVirtualDirectory | fl *url*”

InternalUrl : https://autodiscover.target.local/EWS/Service.asmx
ExternalUrl : https://autodiscover.target.local/EWS/Service.asmx

When these settings are in place, let’s have a look at the authentication settings for EWS in IIS.
The setting for IIS authentication that should be enabled for the EWS is Anonymous authentication and Windows authentication.

AvailabilityAddressSpace setup

 

To be able to share F/B information between the systems, we need to configure the availabilityaddressspace.
This is done by adding the sub-domain that’s used for the Domino side.
The process is described in Part 1.

“Add-AvailabilityAddressSpace -ForestName domino.target.local -AccessMethod OrgWideFB -UseServiceAccount $true”

Prerequisites for Quest Coexistence Manager for Notes

 

Domino server

Supported versions of Lotus Domino are 6.5.1–6.5.6, or 7.0.0–7.0.4, or 8.0.0–8.0.2, or 8.5.0 or 8.5.1.

Exchange server

Supported versions of Exchange server are Exchange 2010, 2007, or 2007 SP1 or SP2

.NET Framework 3.5 SP1, IIS 7.0 with ASP.NET 2.0

Open up an elevated PowerShell prompt and run the below commands:

  • Import-Module ServerManager
  • Add-WindowsFeature NET-Framework,Web-Server,Web-Basic-Auth,Web-Windows-Auth,Web-Metabase,Web-Net-Ext,
    Web-Lgcy-Mgmt-Console,WAS-Process-Model,RSAT-Web-Server,Web-ISAPI-Ext,Web-Digest-Auth,Web-Dyn-Compression,
    NET-HTTP-Activation

 

Powershell 2.0

Powershell 2.0 is included in Windows Server 2008 R2.

Lotus Notes Client

Supported versions are 6.5.1–6.5.6, or 7.0.0–7.0.4, or 8.0.0–8.0.2, or 8.5.0 or 8.5.1.

  • Install Lotus Notes in Single User mode.
  • After the installation is complete, copy admin.id from C:\Program Files\Lotus\notes\data on the Domino server to
    C:\Program Files (x86)\lotus\notes\data on the CMN server.
  • Start and configure the Lotus Notes client.

     

Turn off UAC and Windows Firewall

To avoid complications during installation of Coexistence Manager for Notes and related components, turn off Windows Firewall and
User Account Control

Mailbox

We need to create a mailbox for CMN to use to be able to retrieve F/B information, the service
“Quest CMN Exchange Free/Busy Connector Service” should be using this account.

Installation of Quest Coexistence Manager for Notes

 

  • Start autorun.exe on the CMN CD and select the Install tab.
  • Click on “Coexistence Manager for Notes Mail Connector” to start the installation

     

  • Accept the license agreement and then choose default settings in the wizard.
  • Click Finish to complete the installation.

 

Coexistence Manager for Notes Free/Busy Connector

  • Start autorun.exe on the CMN CD and select the Install tab.
  • Click on the appropriate version (32 or 64 bit) of Coexistence Manager for Notes Free/Busy Connector.
  • Accept license agreement and click next
  • Deselect “Domino Server Components” on the “Custom Setup” screen and then click Next.

     

  • Review the Prerequisites screen and confirm all prerequisites are met and click install.
  • Complete the installation with Finish.

 

PowerGUI

  • Start autorun.exe on the CMN CD and select the Install tab.
  • Click on PowerGUI to start the installation.
  • Choose the default features and path.

     

Domino Server Components

  • On the Domino server start autorun.exe on the CMN CD and select the Install tab.
  • Click on the appropriate version (32 or 64 bit) of Coexistence Manager for Notes Free/Busy Connector.
  • Accept License Agreement and click next.
  • Deselect everything except “Domino Server Components”

     

     

  • Review the Prerequisites screen and confirm all prerequisites are met and click install.
  • Complete the installation with Finish.

 

Configuration of Quest Coexistance Manager for Notes

 

Exchange

To be able to send messages between the systems, a send connector needs to be created.
Create a Send connector that sends all messages with “@domino.target.local” to the CMN server.

Open Exchange Management Shell and run the following command.

“New-SendConnector -Name ‘To Coexistence Manager’ -AddressSpaces ‘SMTP:domino.target.local;1’ -DNSRoutingEnabled $false -SmartHosts ‘cmn.target.local’ -SmartHostAuthMechanism ‘None’ -UseExternalDNSServersEnabled $false -SourceTransportServers ‘SERVER03’ -MaxMessageSize ’50 MB'”

PowerGUI configure Web Services and Lotus Notes Components

  • Start PowerGUI from the Start Menu / All Programs / PowerGUI.
  • Select the “Configure Web Services and Lotus Notes Components” item on the left pane.

     

  • Click on Configuration Wizard in the Actions pane on the action panel.
  • Click next and type the SMTP domain target.local in the “SMTP Domain” screen. Also click the radio button for “autodiscover.target.local”

     

 

  • On the Domino Credentials screen enter the Domino server name, the path to the Admin.id file that was copied to the CMN server under the Lotus Notes client installation and the Administrator password and click next.

     

  • On the “Ready to configure” screen review the information entered and click next to configure the Configure Web Services and Lotus Notes Components.

     

    Make sure that the Domino Free/Buys Connector Service is started.

Configure Domino Server and Exchange Components.

 

  • Start PowerGUI from the Start Menu / All Programs / PowerGUI
  • Select the “Configure Domino Server and Exchange Components/Domino Server tasks” item on the left pane.

     

    Make sure the right path is typed in for qcalcon.exe.config file, in my case it’s:

    \\domino\c$\program files\lotus\domino\qcalcon.exe.config

    If everything looks correct it should show you something like this, information about Foreign domain.

  • Select the “Configure Domino Server and Exchange Components/Domino Server tasks” item on the left pane and choose “Configuration Wizard” on the action panel.

     

    In the beginning of the configuration wizard it will give information about the Foreign domain like below

  • Next settings that should be configured is typing in the URL for EWS (Exchange), https://mail.target.local/EWS/Exchange.asmx.
    Also enter the credentials of the CMN Free/Busy service account.

 

 

  • On the “Ready to configure” screen review the information entered and click next to configure the “Configure Domino Server and Exchange Components”.
  • Make sure that the Exchange Free/Busy Connector service is set to log on as the Free/Busy service account “Target\CMNFB” and then start the service.

     

 

Verify / Troubleshooting the function

 

Before doing anything, with my 2 users I’ve added meetings all week/workdays the whole morning 8-12 AM.

  • Start PowerGUI from the Start Menu / All Programs / PowerGUI x86
  • Select the “Diagnostics and Troubleshooting/Troubleshoot free/busy for Domino users” item on the left pane.

    I’m typing in the cmnfb account, password, verify that the EWS path is correct and typing in an Exchange emailaddress for verifying the
    F/B function.

    It seems to work very well!

 

  • Select the “Diagnostics and Troubleshooting/Troubleshoot free/busy for Exchange users” item on the left pane.

    Choose “Test free/busy through Domino” in the action panel.

    Make sure the Domino server name, id file, password and an email address that resides in Domino is typed in.
    Test and verify the function by pressing “Test” button to verify the function.

    It works from both ways! J

Time to verify it with Lotus Notes and Outlook 2010

From Lotus Notes, I’m trying to schedule a meeting from my Domino user to my Exchange user.
Let’s take the time I know that’s setup as BUSY, selecting the user and pressing the availability button.

This is the result, it shows the F/B between the systems.

On the other hand we have Outlook 2010.
Booking a meeting and selecting the contact for my Domino user, it takes some seconds before any information shows up.

Then it will show the F/B information, and I can confirm this is correct.
Domino by default is setting 12-13 as BUSY time.

QCALCON tasks

 

If there are any problems retrieving the F/B information from Lotus Notes to an Exchange user do the following steps.

On the Domino server, verify so that those 3 services have been installed and started.
This can be done in Domino Administrator and/or Notes.ini

They are named: QCALCON, QCALCON NOTESSCHEDGATEWAY, QCALCON LWPSCHEDGATEWAY
Open Domino server console and verify that there is 3 QCALCON tasks running (show tasks), if not use the LOAD command to start them. (LOAD QCALCON, LOAD QCALCON NOTESSCHEDGATEWAY and LOAD LWPSCHEDGATEWAY)

Exchange Configuration

To be able to use sub-domains between the systems, we need to configure the Exchange environment with some settings.

Accepted domains

The sub-domains need to be added into the Accepted Domains.
In my lab environment it looks like this:

Domino.target.local – Internal relay
exch.target.local – Authoritative

E-mail Address Policies

The exchange mailboxes that have recently been created and migrated from Domino needs both the target.local (primary)
and the exch.target.local (secondary) addresses for being able to receive mails when the sub-domains are in use.

Contact

For the users that have not yet been migrated there needs to be a contact with the following settings, ex. From my lab.
Primary: Jonas.Andersson@target.local
Secondary: Jonas.Andersson@domino.target.local
Secondary: Jonas.Andersson@exch.target.local

TargetAddress (forward): Jonas.Andersson@domino.target.local

Summary

 

For setting up CMN from Quest, it’s recommended to use a PSO (certified consultant)!

Feel free to give feedback on the article!
I hope this was interesting and informative, thanks for reading!

Coexistence between Domino and Exchange 2010 – Part 1 of 2

 

Published: 2011-01-03
Updated: 2011-04-19
Version: 1.2
Changelog: Minor changes have been done in the connection doc, smarthost removed and forwarding address added.

For what I’ve seen here is a very large gap that I want to cover, Neil Hobson wrote a very good article about Domino to Exchange 2007
with Transporter Suite. It can be found here.

Also Elan Shudnow wrote a nice article regarding Free/Busy, a little bit more deep-dive into it and how it works, it can be found here.

Both of those articles used Exchange 2007 with Public Folder, this is not my case so here are a bit differences.
In my case, I’m not using any native tools, since Microsoft decided to not support and update their Transporter Suite to fit Exchange 2010
it was up to 3rd part suppliers.

I’m using Quest’s Coexistence Manager for Notes and I haven’t found any great guide or information on a real-world scenario.
That’s why this article is born J

More information about Coexistence Manager for Notes can be found here.
I don’t deal with license questions, these can be handled directly by Quest, just send them an email on: info@quest.com.

I’ve decided to split this article into two parts, or else it will be very long.
These parts will cover SMTP routing and Free/Busy between the systems, the first part will cover the Infrastructure setup and Domino setup.
The second part will cover the CMN and Exchange configuration.
DirSync is not covered in neither of these parts.
Maybe I’ll write an article about that later if it would be of any interest?

Any form of feedback on the article would be nice, good as bad.

Infrastructure Setup

 

This is an overview of my Infrastructure in this setup.

And a little picture on the SMTP Routing mailflow setup and also here’s about the FreeBusy (F/B) information between the systems.
On the CMN server there’s a “connector” called QCalCon installed which handles the F/B between the systems, it sends and receives
the information between them like a collector. I will attach a picture about it below.

Here is some short information about the process (copied from Quest’s document “Free Busy connector user guide.pdf” and a little bit edited).
When Outlook requests free/busy information for Jonas, the following occurs:

1. Exchange resolves “target.local” through DNS. DNS has a zone called target.local which contains a host called
autodiscover.target.local. The host name must match the common name (of the certificate you requested) where
Coexistence Manager for Notes – Free/Busy Connector is installed.

Exchange connects to https://autodiscover.target.local/autodiscover/autodiscover.xml to query the location of the
Availability Web Service from which to receive free/busy information.

The Autodiscover Web Service returns the URL of the Availability Web Service where CMN Free/Busy Connector is installed.

2. Exchange requests free/busy information from this URL.

3. The Free/Busy Availability Web Service communicates with the Quest CMN Domino Free/Busy Connector Service to get free/busy
information. The Quest CMN Domino Free/Busy Connector Service configuration file is configured with Domino Server name,
Directory Server name, ID path, and secure password where your Domino server is installed.

4. The Quest CMN Domino Free/Busy Connector Service queries the Domino server for the free/busy information.

5. Jonas’s free/busy information is returned back to the Exchange server, where it is displayed to Klas.

When Lotus Notes requests free/busy information for Klas, the following occurs:

1. The Domino server requests free/busy information from QCALCON. QCALCON Domino Server Task is installed on the Domino server,
and configured to listen for “Exchange” calendar requests.

2. QCALCON communicates with the Quest CMN Exchange Free/Busy Connector Service to retrieve free/busy information.

3. The Quest CMN Exchange Free/Busy Connector Service retrieves free/busy information from Exchange using Exchange Web Services
(EWS) calls.

4. Klas’s free/busy information is returned back to the Domino server (through the Exchange Free/Busy Service and QCALCON),
where it is displayed to Jonas.

Domino configuration

 

The first thing to add when using sub-domains is to add the sub-domain into the global domain document.
It’s done in Configuration/Messaging/Domains and selecting the Global domain and choosing edit the domain.

In the field “Alternate Internet domain aliases:” there should be added the following domain in my setup:
“domino.target.local”

Next thing to configure and setup is the Foreign SMTP Domain, this is added in Configuration/Messaging/Domains.
Choose “Add domain” and type in the following information.

Domain type: Foreign SMTP Domain
Internet domain: exch.target.local
Domain name: ToExchange

Then it’s time to add the Foreign Domain to be able to have the Free/Busy information between the systems.
This is added in Configuration/Messaging/Domains by choosing “Add domain”.

Domain type: Foreign Domain
Foreign domain name: Exchange
Gateway server name: domino/target
Gateway mail file name: mail.box
Calendar server name: domino/target
Calendar system: Exchange

Next thing to add is a connection document, it’s done in Configuration/Messaging/Connections and by pressing “Add Connection”.
In this document, it needs to be filled with information like source server, source domain, destination server and domain, destination ip,
replication.

Connection type: SMTP
Source server: domino/target
Connect via: Direct connection

Usage priority: Normal
Destination server: cmn.target.local
Destination domain: ToExchange
Optional network address: 172.16.2.20

Replication task: Disabled
Schedule: It should run 24 hours per day

Since we have a matching connection document with the Foreign Domain document we don’t need the smarthost configured. This is deleted in this version, v1.1.

When a Domino user is migrated, the Calendar information will be changed, another value that’s changed it the Mail System,
it will be set to: Other Internet Mail, then Domino knows that it doesn’t have the responsible for the mailbox.
And another option that will be changed is the forwarding address will be changed, in my environment it will be:
Klas.Andersson@exch.target.local since we use exch and domino as coexistence sub-domains.

I will attach two pictures about this, the first one shows the Other Internet Mail settings and the other one shows the calendar information.

This part is completed, next part will cover the Exchange configuration and the CMN configuration.

For setting up CMN from Quest, it’s recommended to use a PSO (certified consultant)!

Feel free to give feedback on the article!
I hope this was interesting and informative, thanks for reading!

Quest MessageStats MAPI_E_FAILONEPROVIDER (8004011D)

 

I was getting an error when connecting to the Exchange Organization.

This is documented by Quest and is a bug and there is an official workaround until next release of QMS (hopefully).
The “KB” at Quest’s place is named “SOL67917”.

This error is happening when trying to connect to an Exchange 2010 Organization without Public Folder database
and the error message looks like below.

DESCRIPTIONMessageStats is unable to connect to an Exchange 2010 organization if that organization does not have at least one
Public Folder database. The error that is associated with the failed connection is MAPI_E_FAILONEPROVIDER (8004011D).

WORKAROUND

Please download the Hotfix called, MessageStats 6.8.1 Hotfix (TFS138271) for solution SOL67917 from: https://support.quest.com/Downloads.aspx?id=3416166&ver=MessageStats~6.8.1&productid=268435854&productversionid=268454124&category=Patches&SKB=1

Please follow the instructions included in the downloaded file to apply it.

STATUS

Issue resolved in hotfix

How to install and configure Quest MessageStats in Lab environment

 

Published: 2010-12-16
Updated: –
Version: 1.0

Background Information

I hope you will find this article helpful and interesting to read.
I just want to mention to everyone that’s reading this article, it’s not any type of best practice, it’s just
a sample of how it could be installed and configured in a Lab environment.
It will not be a how-to guide in depth with every small step but it will provide as much information that
you can be used as a reference.

I’m going to use Quest: MessageStats 6.8.1 (current version when the article is created)
It can be found here: http://www.quest.com/messagestats/

Don’t ask me about licensing, that’s a question for Quest, send a mail to: info@quest.com

Below here is a picture of the server infrastructure used in this scenario

The server AD01 is just a basic Active Directory server with Windows 2003 R2, nothing special.
The Exchange server, is using Windows 2008 R2 and with a typical installed Exchange 2010.
Domino server is based on Windows 2003 and IBM Lotus Domino version 7.0.4
Windows/Quest NME, is used as a SQL Express 2005 server in this scenario
Windows 2008 R2, is used for the Quest MessageStats application and for the reporting parts (IIS).

Configuration

We need for configure SQL 2005 Express for use of both Windows and SQL Server authentication.
This is done from the NME machine were SQL is installed with SQL Management Studio Express by
right-clicking on the server and select properties and choose “Security” and make sure the “SQL Server
and Windows Authentication mode” is selected. Check the picture below.

We also need to create a SQL user for this purpose; I named it SA-QMS (Server Account-Quest MessageStats)

Then it’s time to start the installation of MessageStats (QMS).
Just want to mention some short prereq’s that need to be in place before starting the installation.

  • IIS with typical installation
    • Verify that “Reports” virtual directory is using Windows Authentication
    • “ASP.NET, ASP and Server Side Includes” needs to be enabled and installed
  • Local administrator to perform the installation
  • MAPICDO needs to be installed, version 6.5.8153.0 or later
  • PowerShell 2.0 needs to be installed
  • At least; Exchange View-Only Management and Recipient Management permissions with the account
    that’s used for collecting data
  • For public folders it should also be member of; Public Folder Management group
  • Local administrator on every Exchange server
  • Read permissions on the folder which have the message tracking logs
  • Share the folder which includes the message tracking logs
  • The mailbox for the collecting account CAN’T be hidden in the GAL
  • It should also have AD permissions and Mailbox permissions
    • Add-ADPermission -id:mailboxName -User:userName -AccessRights:extendedright
    • Add-MailboxPermission -id:mailboxName -User:userName -AccessRights:FullAccess
    • Get-MailboxServer MyServer | Add-ADPermission -User:UserA -ExtendedRights Send-As
    • Get-MailboxServer MyServer | Add-ADPermission -User:UserA -ExtendedRights Receive-As
  • SQL-DMO 2005 Backward Compatibility Pack needs to be installed

 

Installation

Let’s start the installation

Selecting Complete installation

Typing in where the database should be installed; QUEST\SQLEXPRESS
Reporting and Scheduler service should be installed on; QMS

Selecting the default setting

Selecting the default setting

Typing in server name and email address for the service account

Typing in service account and password

Installation is in progress..

SQL Database creation..

Selecting the default setting

Selecting the default setting; “Small”

Selecting the default setting

The creation is completed successfully

After the installation is done, install the license by starting Quest MessageStats Console and right click the servername
then select License information and update the license.

Then it’s time to configure QMS to use SQL Server authentication instead of Windows Authentication, since there
seems to be issues related to the combination of SQL Express and Windows Authentication, that’s why I want to use
SQL Authentication instead of Windows.
Select properties on the server name and Database tab, on the Connection tab change from Windows NT Integrated security
to SQL authentication and type in the appropriate username and password, have it successfully verified.

For connecting QMS into the Exchange Organization, right click Exchange Organization and choose “Connect”.
In my lab I’m using Exchange 2010, typing in the server name (CAS) and the account with the necessary permissions.

The Exchange Organization is now connected.

On the server, right click and select “Properties” and “Tracking Logs”, browse for the share with the message tracking logs.

Right click the “Exchange Organization” and select “Create Task”.

Select task “Complete Exchange Gathering” and give it a friendly name.

Select “Yesterday” for the Tracking Logs.

In my lab I want to run this task every night at 1 AM (01.00).

The wizard is completed.

The Gathering job is currently running..

To complete this post, I just want to show a very basic example of what QMS can provide, this is just a sample.
Of course you can build your own reports, all type of details can be provided.

Hope this article gave you something
Cheers J

Paper: Microsoft Exchange 2010 on VMware vSphere Best Practices Guide

 

VMware has released a best practice guide for how to deploy Exchange 2010.
This paper hopefully will cover most parts including ESX host best practice, performance etc.

The paper can be found here:
http://www.vmware.com/files/pdf/Exchange_2010_on_VMware_-_Best_Practices_Guide.pdf

Source: http://virtualization.info/en/news/2010/11/paper-microsoft-exchange-2010-on-vmware-vsphere-best-practices-guide.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Virtualization_info+%28virtualization.info%29

Generated Signatures with Exchange 2010

 

After some requests and questions from customers that want to use any type of signature and of course the less 3rd part products the better and lower costs.

This could be done with the built-in tools and services!
There are a lot of posts on Internet how to do this, but I want to show you by myself, that’s why this post will be published.

This task is a pretty basic thing to accomplish with a Transport Rule, if you want to try it by yourself just follow my text and pictures.

Start by logging onto any of your Exchange 2010 servers and start Exchange Management Console (EMC)

Go to Organization Configuration -> Hub Transport -> Transport Rules

Create a new Transport Rule

The conditions; Apply this rules to messages from users that are Inside the organization and sent to Outside the organization.

Actions; Append disclaimer text

Then it’s time for editing the Disclaimer text, the nice thing here is that the AD attributes can be used. Let’s show an example.

If the text on the picture is too small, here’s the example:

Best Regards<br><br>
%%displayName%% | %%title%%<br>
%%company%% | %%department%%<br>
%%streetAddress%%<br>

Finish J

Cross-Forest Migration in Lab

How to do a migration from one organization to another?
In this case it’s about Exchange 2003 organization (legacy) to Exchange 2010

They are totally separated by individual domains, network connection has been established between the domains and two-way trusts have been setup.

Company A à Company B

I’ve created up an account in the target domain called; admt.
The account is added to domain administrator for target.local and the built-in administrators group in the source domain.

To get the passwoed migration to work I needed to:
First on the DC in target domain I installed ADMT ver 3.0 and then run the following command from cmd
“admt key /opt:create /sd:source /kf:c:\key”

In the source domain I needed to create a local group named sourcedomain$$$

A little registry change needs to be done:
“HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa” Create a new DWORD value called TcpipClientSupport and configure it with a value of 1
Install the ADMT password migration DLL on the server from I386\ADMT\Pwdmig folder on the Windows Server 2003 CD-ROM or from C:\Windows\ADMT\PES
Then in the installation point on the pes file created previously on the target/destination DC

Reboot when the settings and installation are done.
When password migration is done, remove the DWORD and reboot the source DC.

On the target side I needed to do some things:
Enable auditing for success and failures for account management in your default domain controllers policy in the target domain

Also verify that the account that’s going to be used in the migration has the appropriate permissions and that the Password Export Server Service is started.

We’re ready to start the user migration from the source domain to the target domain using ADMT.

In my case I had a little problem migrating the accounts because they didn’t have any password so I had to set password for them
Here’s an example I used to set password for all users in a OU

“dsquery user “ou=source,dc=source,dc=local” -limit 0 | dsmod user -pwd P@ssw0rd >password.log”

Now it’s time for the mailbox to move from one organization to another, this could be a little problematic.

I’ve done the following steps to move the mailbox from Exchange 2003 to 2010.
Then move will be an offline move, this means that the client will be disconnected when the move starts.
There are a lot of suffixes for how to move the mailbox if need exists.
These suffixes of commands can be found here:
http://technet.microsoft.com/en-us/library/dd876952.aspx

First step is: Typing in the password for the local forest/domain by starting EMS and typing in
$Local = Get-Credential

Second step is to type in the password for the source forest/domain
$Remote = Get-Credential

It’s time to prepare the move by identifying the user/mailbox
./Prepare-MoveRequest.Ps1 -Identity admin@source.local -RemoteForestDomainController server01.source.local -RemoteForestCredential $Remote -LocalForestDomainController server02.target.local -LocalForestCredential $Local
This is done by using the official prepare-moverequest script, it can be found here:
http://www.microsoft.com/downloads/details.aspx?FamilyID=16a91d42-5ca4-4b58-aaa6-b2689b99ba51&displaylang=en#filelist

When the prepare is set, the move request can be set
New-MoveRequest -Identity admin@target.local -RemoteLegacy -TargetDatabase “DB” -RemoteGlobalCatalog server01.source.local -RemoteCredential $Remote -TargetDeliveryDomain “target.local”

The move have started, to check the progress run:
Get-MoveRequestStatistics -id username

When the move is done, the move-request needs to be removed by typing in:
Remove-MoveRequest –id username

The problems I have discovered were that for some reason the attribute “msExchMailboxGuid” didn’t migrate to the new account in the target domain.
This can be solved by either: copy and paste the information manual or by using IIFP.
In my case I did a manual copy and paste because this is a lab environment.

The last problem, I wasn’t able to create the MoveRequest because it couldn’t find the mailbox/user for some reason and this seems to be a bug and can be solved by on the target mailbox server adding the dns suffix of both the target and the source domain.

Hope this helps someone that will make this procedure!
Don’t hesitate to leave comments and feedback

Source:

http://www.microsoft.com/downloads/details.aspx?familyid=6D710919-1BA5-41CA-B2F3-C11BCB4857AF&displaylang=en

http://technet.microsoft.com/en-us/library/bb124797.aspx

http://technet.microsoft.com/en-us/library/dd876952.aspx

http://technet.microsoft.com/en-us/library/ee861103.aspx

http://www.microsoft.com/downloads/details.aspx?FamilyID=16a91d42-5ca4-4b58-aaa6-b2689b99ba51&displaylang=en#filelist

Load More