ExchangeNerd

Powered by Ed Buford and Coffee

Archives: March 2014

Book Review: Microsoft Exchange Server 2013 High Availability

I just finished the Microsoft Exchange Server 2013 High Availability book from Nuno Mota.
I highly recommend it as the definitive resource for HA. But, I also recommend this book as the perfect reference for how many components of Exchange actually work. From Database Availability Groups  to the inner workings of the  Client Access Server.  Although the book is only 266 pages long it’s packed full of great information!
I highly recommend it.

1508EN_Microsoft

Pin-Point DNS (Split- DNS Alternative)

Frequently you’re faced creating DNS records for internal objects that we don’t have a Zone for. If you create a Forward Lookup Zone for them then you need maintain it for ALL the external records to. just imagine the issues that come with that, but thankfully we can create a Pin-Point record that will solve this for us with very little effort.

First take a look at this internal DNS Server:

DNS1

You can see here that I have an ExchangeNerd.Local zone but no ExchangeNerd.com.
So if I wanted to create a record for Mail.ExchangeNerd.com you might think the first step is create a Zone for ExchangeNerd.com but instead we’re going to create a Zone for Mail.ExchangeNerd.com which is the External Name of my mail server.

Right Click Forward lookup Zone and Choose New Zone:

DNS2

This will launch the New Zone Wizard – click next
Choose Primary Zone and Make sure the Checkbox is checked for Store In Active Directory.
Click Next

DNS3

If you’re dealing with just a domain then Choose Zone Replication for Domain.
If you’re dealing with a Forest then choose Forest – If you don’t know then choose Domain ;-)

DNS4

Now Name the Zone the FQDN of the External Record – in my case it’s Mail.ExchangeNerd.com

DNS5

Choose Allow on Secure dynamic updates for this zone – then click next and finished to create the Zone.

dns6

Now you have a Pin- Point zone all you need to do now is point requests to you internal host.
Expand your new Zone and in the right hand pane right click and choose New Host Record:

DNS7

Notice that if you leave the Host Name blank it uses the name of the zone which we just created – so leave that field blank and add the IP address of the internal resource:

DNS8

Wait for AD replication to work and you’re done!

[Top]

IIS Default Website connection logs taking a lot of space

While working on an Exchange server last week I notice the 120GB drive was almost full.  I had a guess what the issue was and I was right. The IIS connection logs were taking up 65GB of space.  Now I could have just deleted all the files but someday I would have to come back and do it again. So instead I broke out a great little command to delete these log files every Sunday if the logs are older than 30 days.  I’ve had this command archived for years now so I apologize that I can’t give credit to person who put it together originally – anyway here it is:

Open an command prompt as Administrator and type this in:

at 12:00 /EVERY:Su Forfiles.exe -p C:\InetPub\Logs\LogFiles\W3SVC1 -m *.log -d -30 -c \"Cmd.exe /C del @path\"

Take note of the Path as this can be in different place for you. Also if 30 days isn’t long enough you can change that by changing the –30 to –60 or –90 or whatever you like.

So that created the task but it has yet to run it, unless you have some time to kill to wait until Sunday for this to run you’ll want to kick it off on your own. So open your Task Scheduler and locate the command you just created, right click and choose Run.
If all went well when it completes it will say The operation completed successfully, (0x0)

TaskScheduler

[Top]

Setting Mailbox Database Limits with PowerShell

While doing an install or migration of Exchange to a new server one of the things I often need to do is configure all the mailbox databases at once to unlimited.
Now this is something you can certainly in the GUI but if you have more than 1 database to change then the GUI gets old fast.
You can do this easily in the Exchange Management Shell.

First you might want to record the current settings. I would run this Command to view the current settings:
*in each of these examples change SERVERNAME to the name of your server.

Get-MailboxDatabase -Server SERVERNAME | FL name,issuewarningquota,prohibitsendquota,prohibitsendrecievequota

To set the Issue Warning Quota:

Get-MailboxDatabase -Server SERVERNAME | Set-MailboxDatabase -IssueWarningQuota unlimited

 

To Set the Prohibit Send Quota:

Get-MailboxDatabase -Server SERVERNAME | Set-MailboxDatabase -ProhibitSendQuota unlimited

 

To Set the Prohibit Send / Receive Quota:

Get-MailboxDatabase -Server SERVERNAME | Set-MailboxDatabase -ProhibitSendReceiveQuota unlimited

 

IF you want to set all at the same time:

Get-MailboxDatabase -Server SERVERNAME | Set-MailboxDatabase -IssueWarningQuota unlimited  -ProhibitSendReceiveQuota unlimited -ProhibitSendQuota unlimited

[Top]

PacktPub BOGO

If you’re reading this blog you must be Technology Geek which means you collect technology books as well. With that in mind I want to point you to PacktPub.
They are currently running a Buy one Get one Free from now until March 26th 2014

You won’t want to miss this one ;-)

2000th-Book-Home-Page-Banner

[Top]

Configuring an Onsite Relay for Office 365

Moving to the cloud comes with a lot of things no one ever thinks about.  One of those things is SMTP traffic from Printers, Network Monitors and Line of Business apps that have been sending mail straight to an Exchange server for the past decade (or longer). SO what do you do with that SMTP traffic to get it up to Office 365?

Well, the best and most reliable way to do this by setting up an IIS SMTP Relay. To do this from the Windows world your choice is to use an IIS 6 SMTP configuration.  A good server to do this from would be your DirSync Server.
Here’s what you need to know to do it:

First in Office 365 you’ll need to configure a connection to your On-Premise connection.  So log into your Office 365 Admin Portal and choose Exchange. From the list on the left choose Mail Flow and then choose Connectors from the options and create a new Inbound Connector:
Be certain to add the IP that your server purports to be an easy way to see that is http://www.whatismyip.com 

Make the connector an On-Premises connector and then add your Domain and make certain you set it to Opportunistic TLS.

O365Connector

Once you’ve created the connector you’ll need to setup IIS 6.

In Server Manager Add a new Feature. In the list check the box for SMTP. It will pop up a box with everything you need for SMTP.

SMTP_!!S

Once this installs go to the Administrative tools and Launch IIS 6.0 Manager.

IIS6

If you click on Domains you’ll see the domain will become the FQDN of the server itself. I recommend that you right click on this and change to an HostName.Domain.Onmicrosoft.com for good measures.  Now add a new REMOTE Domain by right clicking Domains and selecting New.  Now choose your new domain from the list and right click for Properties.

Check the box to allow Incoming mail to be relayed

And then click OK

RelayDomain

Now right click the SMTP Server name and choose properties from the list.  Click the Connection button and from there select the Radio button for Only the list below and add IP addresses for each device you want to relay email for.

Access

The Default IIS Outbound connection is Port 25 so you don’t have to do anything there.
It is best practice to use TLS as a connection so under the Delivery Tab choose Outbound Security make sure Anonymous Access and TLS are both selected

Outbound

After you make any changes to an SMTP Virtual server you need to stop and restart it.
Do this by right clicking the SMTP Virtual Server in the Navigation pane and choosing stop.
Once it’s stopped right click and start it.

Now test it you should be able to see mail going into and out of the Mailroot Queue:

MailRoot

[Top]

Office 365 Public Folder Migration

I was working in a Hybrid Exchange Deployment of Office 365 this past week and came across a few issues with the documentation from Microsoft so I thought I’d point out a couple of issues.

The first issue I ran into was locating the correct scripts to make it work. When you look at this documentation on Public Folder Migration you’ll be hard pressed to actually find a link that will help you download anything: http://technet.microsoft.com/en-us/library/jj983799(v=exchg.150).aspx

But all in all that document is what you MUST work out of to make this public folder migration work.

If you go out to the Download center and search for the Public Folder Migration Scripts you’ll find that the download is missing a couple of the scripts you need to make this work but download these anyway because you will need these anyway: http://www.microsoft.com/en-us/download/details.aspx?id=38407

You’ll also want to download these scripts because these include the ones missing from the above scripts link: http://www.microsoft.com/en-us/download/details.aspx?id=38408

As I worked through a couple other issues I had with the documentation I stumbled on a couple of other things – first this:
“PublicFolderDestination_78c0b207_5ad2_4fee_8cb9_f373175b3f99”
From the code below left me scratching my head – However in the end it does work even though I could not find out what boilerplate the code is form. 
Make certain when you run this you use the DomainName.OnMicrosoft.com and not just your DomainName.Com

New-AcceptedDomain -Name "PublicFolderDestination_78c0b207_5ad2_4fee_8cb9_f373175b3f99" -DomainName contoso.onmicrosoft.com -DomainType InternalRelay 

During the Start the Migration Request phase of the process I collected all the information and ran the request in Step 6 and started getting errors with this heading:
MapiExceptionNoAccess: Unable to make connection to the server. (hr=0x80070005, ec=-2147024891)
At first I started to despair and then while I stared it I realized the command

New-PublicFolderMigrationRequest -OutlookAnywhereHostName: $source_OutlookAnywhereExternalHostName -CSVData (Get-Content <folder_mapping.csv> -Encoding Byte) -RemoteCredential: $source_credential -RemoteMailboxLegacyDN: $source_remoteMailboxLegacyDN -RemoteMailboxServerLegacyDN: $source_remotePublicFolderServerLegacyDN -AuthenticationMethod Basic

While looking at this I began to realize the -AuthenticationMethod Basic was the cause and although the documentation didn’t give me a good clue it did hit me that the Auth was for Outlook Anywhere which was part of the collection of information to build the request. Since OA was NTLM not Basic I reran the request with NTLM at the end and it worked.

Once I got it kicked off I wanted to be able to see the percent complete when looking at the request so I ran this command to see that:

Get-PublicFolderMigrationRequest | Get-PublicFolderMigrationRequestStatistics -IncludeReport | FL Statusdetail,percentcomplete

The final thing I ran into was an error after I started the finalization  where the Status Detail was the StatusDetail was StalledDueToMailboxLock
StatusDetail    : StalledDueToMailboxLock
PercentComplete : 95

After some searching I came up with the solution of restarting the information store on the Legacy Exchange server. Once I did that shortly afterwards the Status moved to Completion and then finished.

One resource which helped me a considerable amount was the Microsoft Exchange 2013 Cookbook from  Michael Van Horenbeeck. Although it is not aimed at Office 365 I’ve used this to migrate Public Folders to Exchange 2013 servers and was able to glean enough from it to ease the pain of the unclear Microsoft Documentation.

[Top]

Mailbox Migration quick view

Frequently I start mailbox migrations on a Friday night and then babysit the moves all weekend long (or longer). Clients like to know some basic info about the move just to check to make certain things are going as expected.

Now when you’re moving hundreds of users at a time the last thing you want to do is try to count all the users that are completed so you can give an update to your clients. So I created a simple powershell script to tell me how many users are Queued, completed, failed or moving.  Hope this is helpful:
get-movestats

# Simple script to Display Mailbox migration stats
# 1.0 Ed Buford AKA ExchangeNerd (or just Nerd for short)

$queued=Get-MoveRequest | Where {$_.status -eq "Queued"}
$comp=Get-MoveRequest | Where {$_.status -eq "Completed"}
$Failed=Get-MoveRequest | Where {$_.status -eq "Failed"}
$move=Get-MoveRequest | Where {$_.status -eq "Inprogress"}

write-host There are $queued.count mailboxes Queued -foregroundcolor Green
Write-host There are $move.count Mailboxes moving -foregroundcolor Green
Write-host there are $comp.count Mailboxes Completed -foregroundcolor Green
Write-host there are $failed.count Mailboxes Failed -foregroundcolor Green
[Top]

Simplifying Exchange 2013 URL

Thanks to a great Script from Pat Richard at Ehlo World I was able to do an HTTP Redirect to HTTPS without much effort for Exchange 2010 CAS servers.

Exchange 2013 is not as easy to do http redirection as 2010. It took a lot of trolling the forums to find a process that works for me and I thought I’d share it with you.

The process is three easy steps – make sure you do all three!

Step 1. Locate the Web.Config file it should be in your inetpub folder.  For most of us that’s  C:\inetpub\wwwroot but for many of you it could be located on another drive.

Open the Web.config file as an administrator file and open it with Notepad.

*Note Lines 2 and 4 I have added the <!–    –> comments to keep from loading the Modules. Add these comment brackets and save the file.

<system.webServer>
<!-- <modules>
<add name="OwaUrlModule" type="Microsoft.Exchange.HttpProxy.OwaUrlModule,Microsoft.Exchange.OwaUrlModule,Version=15.0.0.0,Culture=neutral,PublicKeyToken=31bf3856ad364e35" preCondition="" />
</modules> -->
</system.webServer>

 

 

Step 2.  While you’re still working out of the Inetpub\wwwroot folder you’ll want to create a new file called Default.htm  and paste the code into it and save it.

<html><meta http-equiv="REFRESH" content="0;url=/owa"></HEAD></html>

 

 

Step 3.  Open IIS Manager and Highlight the Default Website.  In the Center pane under IIS choose Error Pages. In the Actions Pane choose Add and create a new Custom Error Page.

In the Status code box Type: 403.4  then choose the Respond with a 302 redirect and type the complete path to OWA

 

Redirect

Once you’ve finished click ok and then Do an IISReset to start using the changes.

 

 

[Top]