Exchange Connections 2014 is happening in Las Vegas in September, and I’m pleased to say that I will be attending and presenting two sessions.

The session titles are:

• Managing Database Availability Groups
• Making ActiveSync Work, Instead of “It Just Works”

I heard good things about last year’s Connections conference and this year promises to be even better, moving to the Aria resort and hosting 27 Exchange sessions over 3 days, covering on-premises, hybrid, and Office 365 topics. You can see a complete list of speakers and sessions here.

Even though the event is 4 months away I am already starting to plan my sessions, because I want to deliver content that you will enjoy and find useful.

So I’d like to ask for just a few minutes of your time to help me out. I would really appreciate it if you could share any real world questions, concerns or problems you have for Database Availability Groups or ActiveSync.

I’ve created a simple survey here to collect your responses:

Click here to take survey

Thanks in advance. And I look forward to seeing you in Las Vegas!

This article I’m Speaking at Exchange Connections 2014 in Las Vegas is © 2014 ExchangeServerPro.com

Get more Exchange Server tips at ExchangeServerPro.com

     

From time to time I receive a support ticket to restore a mailbox folder or items because they have gone missing. In literally 99% of cases the missing mailbox contents can be found by using a search, avoiding the need to perform a mailbox recovery. Often the cause of the missing folder or items is that they have simply been moved to another folder in the mailbox by accident.

One of the search techniques I use involves the Get-MailboxFolderStatistics cmdlet.

You may be wondering why I’m not using the Get-MailboxFolder cmdlet instead. The answer is that the Get-MailboxFolder cmdlet works when the mailbox owner runs it. This is explained in more depth here.

Anyway, Get-MailboxFolderStatistics works perfectly fine for this type of scenario where you are looking for a folder name.

Let’s say that a customer reports they are missing a folder named “Invoices”. You can perform a Get-MailboxFolderStatistics query for mailboxes that match the name “Invoices”, for example:

[PS] C:\>Get-MailboxFolderstatistics -Identity alan.reid | Where {$_.Name -Match "Invoices"}

If there are any matches you’ll see a result such as this:

RunspaceId                        : 13f46c2a-fe30-4a26-aaf3-35802e4844b8
Date                              : 22/01/2013 10:35:05 PM
Name                              : Invoices
FolderPath                        : /Folders/Project Matters/01. Construction/Invoices
FolderId                          : LgAAAVBUeIJL9KbERYxlSZYX1as2AQAe/v3fqiJWHJJazVoxVJTnACsOCIAqAAAB
FolderType                        : User Created
ItemsInFolder                     : 34
DeletedItemsInFolder              : 0
FolderSize                        : 3.516 MB (3,686,955 bytes)
ItemsInFolderAndSubfolders        : 34
DeletedItemsInFolderAndSubfolders : 0
FolderAndSubfolderSize            : 3.516 MB (3,686,955 bytes)
OldestItemReceivedDate            :
NewestItemReceivedDate            :
OldestDeletedItemReceivedDate     :
NewestDeletedItemReceivedDate     :
OldestItemLastModifiedDate        :
NewestItemLastModifiedDate        :
OldestDeletedItemLastModifiedDate :
NewestDeletedItemLastModifiedDate :
ManagedFolder                     :
TopSubject                        :
TopSubjectSize                    : 0 B (0 bytes)
TopSubjectCount                   : 0
TopSubjectClass                   :
TopSubjectPath                    :
TopSubjectReceivedTime            :
TopSubjectFrom                    :
TopClientInfoForSubject           :
TopClientInfoCountForSubject      : 0
SearchFolders                     : {AllItems, Reminders, To-Do Search, Restriction(1-61B5D4A3), Tracked Mail Processin
                                    g}
Identity                          : alan.reid\Folders\Project Matters\01. Construction\Invoices
IsValid                           : True

The FolderPath and Identity both give you the path to the folder in the mailbox.

FolderPath                        : /Folders/Project Matters/01. Construction/Invoices
Identity                          : alan.reid\Folders\Project Matters\01. Construction\Invoices

Ask the customer if that is the folder they are missing. If it is then you’ve saved yourself a lot of effort, and saved them a lot of time waiting for a restore to be performed.

This article Find Users Missing Email Folders Using Get-MailboxFolderStatistics is © 2014 ExchangeServerPro.com

Get more Exchange Server tips at ExchangeServerPro.com

    

Related Stories

• PowerShell Script: Audit Mailbox Sent Items Configurations
• PowerShell Script: IIS Log File Cleanup and Archive
• Logging Client IP Address in IIS When Using Load Balancing with Source NAT

 

One of the most common feedback items for PowerShell scripts that I’ve published, such as Test-ExchangeServerHealth.ps1, is that having to edit the script to insert the correct email settings is a pain. The other is that the scripts are unsigned, requiring the execution policy of the machine running the script to be relaxed.

These two things go hand in hand. I don’t sign the scripts because they always need editing to work in your environment. And I include the settings that need editing in the script, instead of making them parameters, because I want the script to be easy to run (a lot of parameters seems to increase the number of “How do I…?” questions I get).

To solve these issues, at least partially (people may still choose to edit scripts to customize their operations in other ways), I am looking at breaking these settings out into a separate file instead.

Here is a demonstration of how this would work. I’ve created a simple demo script and Settings.xml file to go with it.

The PowerShell script is quite simple – it sends an email message.

<# .SYNOPSIS Script Settings File Demo #>
[CmdletBinding()]
param ()
#-------------------------------------------------
#  Variables
#-------------------------------------------------
$myDir = Split-Path -Parent $MyInvocation.MyCommand.Path
# Import email settings from config file
[xml]$ConfigFile = Get-Content "$MyDir\Settings.xml"
$smtpsettings = @{
    To = $ConfigFile.Settings.EmailSettings.MailTo
    From = $ConfigFile.Settings.EmailSettings.MailFrom
    Subject = "Email Subject Line Goes here"
    SmtpServer = $ConfigFile.Settings.EmailSettings.SMTPServer
    }
$body = "Email body goes here"
#-------------------------------------------------
#  Script
#-------------------------------------------------
try
{
	Send-MailMessage @smtpsettings -Body $body -ErrorAction STOP
}
catch
{
    Write-Warning $_.Exception.Message
}
#-------------------------------------------------
#  The End
#-------------------------------------------------

The script imports the Settings.xml file to determine the various email settings it should use.

# Import email settings from config file
[xml]$ConfigFile = Get-Content "$MyDir\Settings.xml"

The XML file itself is also quite simple.

The script uses the data in the XML file to set parameters for the email message. Values can still be set directly in the script (like the email subject below), but I think it will make more sense to put them in the XML file instead.

$smtpsettings = @{
    To = $ConfigFile.Settings.EmailSettings.MailTo
    From = $ConfigFile.Settings.EmailSettings.MailFrom
    Subject = "Email Subject Line Goes here"
    SmtpServer = $ConfigFile.Settings.EmailSettings.SMTPServer
    }

When the script is executed an email message is sent. Simple as that.

This concept extents beyond just the email settings for scripts. Several of my scripts also include other variables such as alert thresholds, text strings for different languages, and so on. The more of these that are moved into a Settings.xml file like the above demonstration uses, the fewer reasons there will be to edit a script file directly.

If you have any feedback or comments on this I’d love to hear them.

This article Using an XML Settings File for PowerShell Scripts is © 2014 ExchangeServerPro.com

Get more Exchange Server tips at ExchangeServerPro.com

    

Related Stories

• PowerShell Script: Audit Mailbox Sent Items Configurations
• PowerShell Script: IIS Log File Cleanup and Archive
• Find Users Missing Email Folders Using Get-MailboxFolderStatistics

 

When adding members to an Exchange Server 2013 database availability group you may encounter the following error message.

“Some or All Identity References Could Not Be Translated”

This error can occur when adding the first DAG member to a new DAG, or when adding additional members to an existing DAG.

On closer inspection you may notice that the DAG member appears to have been successfully added to the DAG.

[PS] C:\>Get-DatabaseAvailabilityGroup
Name             Member Servers
----             --------------
DAG1             {SYDEX1}

In addition, the existing mailbox databases have been updated to MasterType “DatabaseAvailabilityGroup” and the MasterServerOrAvailabilityGroup value updated to the name of the DAG.

[PS] C:\>Get-MailboxDatabase | fl name,*master*
Name                            : Mailbox Database 1055054279
MasterServerOrAvailabilityGroup : DAG1
MasterType                      : DatabaseAvailabilityGroup

In addition, the failover cluster has been formed. However, it is running in Node Majority quorum configuration instead of Node and File Share Majority.

PS C:\> Get-ClusterQuorum | fl
Cluster        : DAG1
QuorumResource :
QuorumType     : NodeMajority

No file share witness resource exists for the cluster when viewed in Failover Cluster Manager.

And, the file share witness server does not contain a file share witness folder and share for the DAG.

[PS] C:\>Get-DatabaseAvailabilityGroup | fl *witness*
WitnessServer             : syddc1.exchange2013demo.com
WitnessDirectory          : C:\DAGFileShareWitnesses\DAG1.exchange2013demo.com

This appears to be a bug introduced in Exchange Server 2013 Service Pack 1. Explained by Jared Van Leeuewn in this TechNet forums thread:

“The issue isn’t with the FSW or the cluster or anything else; the issue is with the Dag cmdlets trying to auto configure the FSW in Exchange 2013 SP1 in a disjoint namespace. In Exchange 2013 RTM it was setting up the permissions incorrectly in a disjoint namespace, and now it’s just out and out failing. It looks like the cmdlets are able to add nodes to the Dag AD object, and add them to the cluster, but will always fail when trying to get the SID for the CNO objects in a disjoint namespace.

So it’s possible to create and configure the Dag, let the cmdlets fail, and then manually add the FSW cluster resource, for the time being.”

You can read more about disjoint namespace scenarios on TechNet. To summarize, a disjoint namespace could be one of the following scenarios:

“ A disjoint namespace scenario is one in which the primary DNS suffix of a computer doesn’t match the DNS domain name where that computer resides. The computer with the primary DNS suffix that doesn’t match is said to be disjoint. Another disjoint namespace scenario occurs if the NetBIOS domain name of a domain controller doesn’t match the DNS domain name.”

In my case the DNS domain name is exchange2013demo.com, and the NetBIOS name is EXDEMO, which is a disjoint namespace scenario as described above.

To follow Jared’s advice:

1. Create the FSW directory on the FSW server, using the naming format suggested by Jared (eg folder name “dag1.exchange2013demo.com”).
2. Share the FSW directory with a share name the matches the folder name “dag1.exchange2013demo.com”.
3. Grant the DAG Cluster Name Object (CNO) computer account Full Control share permissions.
4. Set the cluster quorum to Node and File Share Majority

PS C:\> Set-ClusterQuorum -NodeAndFileShareMajority "\\syddc1\dag1.exchange2013demo.com"
Cluster              QuorumResource
-------              --------------
DAG1                 File Share Witness

The DAG should now function correctly.

Pre-creating and sharing the FSW directory does not seem to avoid the issue. However, it appears that when the error occurs you can perform the steps shown above, then click Save on the Exchange Admin Center dialog to add the DAG member(s) again, and the task will complete successfully.

Note that this issue can occur when adding new members to an established DAG. In these cases the cluster quorum configuration reverts to Node Majority even if it was previously configured correctly. The fix steps above would need to be run each time a new DAG member is added.

References:

• TechNet forums thread
• Anderson Patricio’s blog

This article Error “Some or All Identity References Could Not Be Translated” When Adding Members to Exchange Server 2013 Database Availability Group is © 2014 ExchangeServerPro.com

Get more Exchange Server tips at ExchangeServerPro.com

    

Related Stories

• Why Did My Database Failover to the Wrong Server?
• Find Users Missing Email Folders Using Get-MailboxFolderStatistics
• Block External Emails for an Exchange Server 2013 Mailbox

 

Tom asks about a situation where mailboxes on an Exchange Server 2010 database that is no longer part of a database availability group are showing different values for the ServerName attribute.

I’ve had this question a few times before so I wanted to demonstrate the behaviour of Exchange when it comes to that ServerName attribute.

To begin with, I have a database MB-HO-01 in my DAG that is active on server HO-EX2010-MB1. If I retrieve a count of mailboxes grouped by ServerName, then this is the result.

[PS] C:\>Get-Mailbox -Database MB-HO-01 | Group-Object -Property:ServerName | Select Name,Count | ft -auto
Name          Count
----          -----
ho-ex2010-mb1   140

So, of the 140 mailboxes on the database they all have a ServerName value of “ho-ex2010-mb1″.

Next, I move the active database copy to server HO-EX2010-MB2.

[PS] C:\>Move-ActiveMailboxDatabase MB-HO-01 -ActivateOnServer HO-EX2010-MB2
Confirm
Are you sure you want to perform this action?
Moving mailbox database "MB-HO-01" from server "HO-EX2010-MB1.exchangeserverpro.net" to server
"HO-EX2010-MB2.exchangeserverpro.net".
[Y] Yes  [A] Yes to All  [N] No  [L] No to All  [?] Help (default is "Y"): y
Identity        ActiveServerAtS ActiveServerAtE Status     NumberOfLogsLost   RecoveryPoint MountStatus MountStatus
                tart            nd                                            Objective     AtMoveStart AtMoveEnd
--------        --------------- --------------- ------     ----------------   ------------- ----------- -----------
MB-HO-01        ho-ex2010-mb1   ho-ex2010-mb2   Succeeded  0                  5/18/2014 ... Mounted     Mounted

Then, I create a new mailbox on the database MB-HO-01.

[PS] C:\>New-Mailbox "Test1" -Shared -Database MB-HO-01
Name                      Alias                ServerName       ProhibitSendQuota
----                      -----                ----------       -----------------
Test1                     Test1                ho-ex2010-mb2    unlimited

As you can see the ServerName attribute matches the name of the server where the database is currently active.

Another look at mailboxes on MB-HO-01 grouped by server name now shows a different result:

[PS] C:\>Get-Mailbox -Database MB-HO-01 | Group-Object -Property:ServerName | Select Name,Count | ft -auto
Name          Count
----          -----
ho-ex2010-mb1   140
ho-ex2010-mb2     1

I then move the active database copy back to HO-EX2010-MB1.

[PS] C:\>Move-ActiveMailboxDatabase MB-HO-01 -ActivateOnServer HO-EX2010-MB1
Confirm
Are you sure you want to perform this action?
Moving mailbox database "MB-HO-01" from server "HO-EX2010-MB2.exchangeserverpro.net" to server
"HO-EX2010-MB1.exchangeserverpro.net".
[Y] Yes  [A] Yes to All  [N] No  [L] No to All  [?] Help (default is "Y"): y
Identity        ActiveServerAtS ActiveServerAtE Status     NumberOfLogsLost   RecoveryPoint MountStatus MountStatus
                tart            nd                                            Objective     AtMoveStart AtMoveEnd
--------        --------------- --------------- ------     ----------------   ------------- ----------- -----------
MB-HO-01        ho-ex2010-mb2   ho-ex2010-mb1   Succeeded  0                  5/18/2014 ... Mounted     Mounted

The server name attribute of the new mailbox retains its value of HO-EX2010-MB2.

[PS] C:\>Get-Mailbox -Database MB-HO-01 | Group-Object -Property:ServerName | Select Name,Count | ft -auto
Name          Count
----          -----
ho-ex2010-mb1   140
ho-ex2010-mb2     1

As you can see, when a mailbox is created on a database that is part of a DAG the ServerName attribute is assigned a value of the name of the server hosting the active database copy at a time. It would be normal to see a mix of different server names for mailboxes on the same database if the active copy was not strictly maintained on the same DAG member the majority of the time.

Tom’s case takes this a little further – he has removed the DAG and has two standalone mailbox servers now. Even though only one copy of the database exists, some of those mailboxes still show a ServerName value for the *other* server that does not host that database at all. I believe the issue here is simply that the ServerName attribute is not updated even if you remove your DAG and revert to standalone mailbox servers.

This is not a fault or bug, it is just the behaviour of the product.

This article Exchange Server 2010 Mailboxes and the ServerName Attribute is © 2014 ExchangeServerPro.com

Get more Exchange Server tips at ExchangeServerPro.com

    

Related Stories

• Why Did My Database Failover to the Wrong Server?
• Output a List of In-Policy Users for a Resource Mailbox Using PowerShell
• PowerShell Script: Audit Mailbox Sent Items Configurations

 

This article is the first in a series that will follow the migration to Exchange Server 2013 for the Exchange Server Pro organization.

For this migration scenario the Exchange Server Pro organization will be migrating from Exchange Server 2010 to Exchange Server 2013. Although this scenario will not precisely match yours, it is intended to provide as much useful information as possible to help you with your own migration project.

Current Environment

The current environment is built on a “head office/branch office” topology, with the head office location being the only internet-facing site.

At the head office location a pair of multi-role Exchange 2010 servers are deployed in a DAG, along with a public folder/Unified Messaging server, and an Edge Transport server in the DMZ. The internet connection is firewalled using Forefront TMG which is also used to publish Exchange services to the internet.

At the branch office location a single multi-role Exchange 2010 server is deployed. There is no internet connection at this site.

The organization makes use of many of the features of Exchange Server 2010, such as:

• Outlook Anywhere and OWA for external access
• ActiveSync for mobile device access
• Native archiving
• Public folders
• Unified messaging
• Transport rules

Client machines exist at both the head office and branch office locations.

Target Environment

Although the existing environment was suitable at the time it was deployed, a different topology is planned to be deployed to meet new requirements for the business.

For the Exchange Server environment this means moving to a highly-available and site-resilient solution hosted in two dedicated datacenters. The head office and branch office locations will continue to host end users, with upgraded WAN connections to manage the increase in network traffic.

The Exchange Server Pro organization will deploy a solution that aligns with the Preferred Architecture for Exchange Server 2013, beginning with Datacenter 1 and expanding to Datacenter 2 in a later phase of the project.

In the next part of this series we’ll begin looking at the information gathering phase of the project.

This article Exchange Server 2010 to 2013 Migration – Environment Overview is © 2014 ExchangeServerPro.com

Get more Exchange Server tips at ExchangeServerPro.com

    

Related Stories

• Exchange Server 2010 to 2013 Migration – Namespace and Certificate Planning
• Exchange Server 2010 to 2013 Migration – Pre-Requisites and Information Gathering
• Why Did My Database Failover to the Wrong Server?

 

The Get-DailyBackupAlerts.ps1 script has been updated to v1.06 and is available in the Exchange Server Pro Insiders members area. If you’re not already a member you can join for free here.

This update includes some minor bug fixes, a new -Log switch to assist with troubleshooting, and moves the customizations into a Settings.xml file as demonstrated here.

If you are updating from a previous version please review the instructions on the download page as they have changed with this version.

This article Get-DailyBackupAlerts.ps1 Script Updated to v1.06 is © 2014 ExchangeServerPro.com

Get more Exchange Server tips at ExchangeServerPro.com

    

Related Stories

• Find Users Missing Email Folders Using Get-MailboxFolderStatistics
• PowerShell Script: Audit Mailbox Sent Items Configurations
• Get-DailyBackupAlerts.ps1 v1.04 is Available

 

There are a number of factors that you should consider before your migration to Exchange Server 2013.

For the upgrade from Exchange Server 2010 to Exchange Server 2013 the Exchange Server Pro organization has gathered the following information.

Active Directory Requirements

The system requirements for Exchange Server 2013 include the following for Active Directory:

• Forest and domain functional level of Windows Server 2003 or higher (up to Windows Server 2012 R2 is supported with Exchange Server 2013 SP1 or later)
• Schema Master running Windows Server 2003 SP2 or later
• At least one global catalog server in each Active Directory site where Exchange 2013 will be installed that runs Windows Server 2003 SP2 or higher

Using the ADInfo.ps1 PowerShell script the following information was discovered.

PS C:\Scripts\Exchange2013Planning> .\ADInfo.ps1
*** Forest: exchangeserverpro.net ***
Forest Mode: Windows2003Forest
Schema Master: HO-DC.exchangeserverpro.net
*** Domain: exchangeserverpro.net ***
Domain Mode: Windows2003Domain
PDC Emulator: HO-DC.exchangeserverpro.net
Infrastructure Master: HO-DC.exchangeserverpro.net
RID Master: HO-DC.exchangeserverpro.net
*** Global Catalogs by Site/OS ***
Site, OS                                      Count
--------                                      -----
HeadOffice, Windows Server 2008 R2 Enterprise     1
HeadOffice, Windows Serverr 2008 Standard         1
BranchOffice, Windows Serverr 2008 Standard       1

This meets the Active Directory requirements for Exchange Server 2013. As Exchange Server Pro will be building the Exchange 2013 infrastructure in new datacenters there will be new domain controllers installed and Active Directory sites created for the datacenters.

Supported Clients

Work was performed to ensure all clients workstations have been upgraded to Windows 7 with Office 2013 to meet the minimum support client versions for Exchange Server 2013.

For more information on discovering client versions in an existing Exchange environment see the following article:

• Exchange Server 2013 Planning and Discovery – Client Versions

Storage Quotas

The Exchange Server 2010 storage quota configurations for databases were checked using the StorageQuotas.ps1 PowerShell script:

• PowerShell Script to Audit Exchange Server Database Storage Quotas

The organization does not plan to use storage quotas for mailboxes on Exchange Server 2013. However, a small number of individual mailboxes were found to have a quota configured on them by running the following command:

Get-Mailbox | Where {$_.UseDatabaseQuotaDefaults -eq $False} | ft name,prohibit*,issue*

These mailboxes have had their mailbox quota overrides removed in readiness for migration to Exchange Server 2013.

Email Routing Topology

The Exchange Server Pro organization’s email routing topology has been documented as follows:

The following configurations are within control the IT team:

• DNS/MX records
• Firewalls
• Load balancer
• Exchange servers
• Devices (eg printers and MFPs)

The following configurations are not entirely within control of the IT and may be controlled by other application or device support teams:

• Business Applications
• Building/infrastructure components

Internal/External Client Access DNS Names

Virtual directory report has been generated using Get-VDirInfo.ps1. The report shows that there are two namespaces and split DNS in use:

• autodiscover.exchangeserverpro.net
• mail.exchangeserverpro.net

SSL Certificates

An SSL certificate report has been generated using CertificateReport.ps1.

Applications and Devices Integration

A review of mail-integrated applications and devices has been conducted. For example:

• Antivirus/Antispam
• Backup products
• Fax/SMS gateways
• Virtualization
• Telephony/Voice integration
• SMTP relay

In the next part of this series we’ll look at namespace planning for the Exchange Server 2013 environment.

This article Exchange Server 2010 to 2013 Migration – Pre-Requisites and Information Gathering is © 2014 ExchangeServerPro.com

Get more Exchange Server tips at ExchangeServerPro.com

    

Related Stories

• Exchange Server 2010 to 2013 Migration – Namespace and Certificate Planning
• Exchange Server 2010 to 2013 Migration – Environment Overview
• Exchange Server 2013 Planning and Discovery – Client Versions

 

For this Exchange Server 2013 migration scenario we’ve already covered the decision to deploy the Preferred Architecture for Exchange 2013, and gathered information about the existing environment.

This article will cover namespace planning for Exchange Server 2013.

Namespace planning refers to the decisions that need to be made for the DNS names that will be used by clients such as Outlook and mobile devices when they are connecting to Exchange 2013 services.

When you install Exchange Server 2013 it is pre-configured with default namespaces matching the servers fully-qualified domain name (FQDN). For example, a server named sydex1.exchangeserverpro.net would be pre-configured with an Outlook Web App (OWA) URL of https://sydex1.exchangeserverpro.net/owa.

Even the simplest, single server deployment of Exchange Server 2013 should include namespace planning and reconfiguration of URLs to use an alias instead of the server’s FQDN. This has a number of benefits, such as allowing the namespace to be moved during server replacement, scale out, or migration in the future. It also gives end users easy to remember aliases for services such as OWA. After all, they are more likely to remember an alias such as “webmail.company.com” than a real server name of “consydexc01.company.com“.

The Microsoft Exchange Team blog has a comprehensive article on namespace planning that covers the unbound vs bound model, internal vs external namespaces, regional namespace considerations, legacy namespace considerations (for Exchange 2007 -> 2013 migration), and the changes in namespace requirements since Exchange Server 2007.

Namespace Planning

For this deployment that is aligning with the Preferred Architecture the unbound model will be used, which means a unified namespace for both datacenters that allows clients to connect to either datacenter under normal conditions. DNS round robin will be used to direct traffic to servers in both sites, with the option later to add hardware load-balancers at each site to make the solution more reliable by only performing DNS round robin between the two load-balanced VIPs instead of four server IP addresses.

To simplify the namespace configuration and certificate provisioning the following namespaces have been chosen. These are based on the existing namespaces deployed in the Exchange Server Pro organization, collected during the information gathering stage using the Get-VirDirInfo.ps1 script.

• autodiscover.exchangeserverpro.net (HTTP – Autodiscover)
• mail.exchangeserverpro.net (HTTP – Outlook Anywhere, OWA, ECP/EAC, ActiveSync, EWS, OAB)
• imap.exchangeserverpro.net (IMAP)
• pop.exchangeserverpro.net (POP)
• smtp.exchangeserverpro.net (SMTP)

Certificate Planning

With the namespaces chosen we can plan the SSL certificates for Exchange Server 2013. Even though Exchange Server 2013 installs with a self-signed certificate automatically, this certificate is unsuitable for client connectivity to Exchange because it will fail the validity check on at least two counts:

1. That it doesn’t match the hostname the client is connecting to (after we’ve configured the new namespaces shown above)
2. That it hasn’t been issued by a trusted certification authority

The third validity check is whether the certificate has expired or not, which is unlikely as the self-signed certificate is valid for 5 years.

Again, aligning with the Preferred Architecture and following the certificate planning and best practices advice from Microsoft we can arrive at a configuration involving one SSL certificate that will:

• include the HTTP, SMTP and POP/IMAP namespaces (a SAN certificate)
• does not include any server host names
• be installed on all Client Access servers (ie, same certificate for all servers, not separately provisioned certificates for each)
• be issued by a trusted third party certification authority such as Digicert

In the next article in this series we’ll look at reviewing Autodiscover configurations for the existing environment.

This article Exchange Server 2010 to 2013 Migration – Namespace and Certificate Planning is © 2014 ExchangeServerPro.com

Get more Exchange Server tips at ExchangeServerPro.com

    

Related Stories

• Exchange Server 2010 to 2013 Migration – Pre-Requisites and Information Gathering
• Exchange Server 2010 to 2013 Migration – Environment Overview
• Exchange Server 2013 Planning and Discovery – Client Versions

 

Microsoft has released Cumulative Update 5 for Exchange Server 2013.

From the Microsoft Exchange Team blog:

Cumulative Update 5 represents the continuation of our Exchange Server 2013 servicing and builds upon Exchange Server 2013 Service Pack 1. The release includes fixes for customer reported issues, minor product enhancements and previously released security bulletins. A complete list of customer reported issues resolved in Exchange Server 2013 Cumulative Update 5 can be found in Knowledge Base Article KB2936880. Customers running any previous release of Exchange Server 2013 can move directly to Cumulative Update 5 today. Customers deploying Exchange Server 2013 for the first time may skip previous releases and start their deployment with Cumulative Update 5 as well.

CU5 delivers improvements to OAB management for large/distributed environments, which Microsoft has detailed in a blog post here.

Important Note: Cumulative Update 5 includes a Managed Availability probe configuration that is frequently restarting the Microsoft Exchange Shared Cache Service in some environments. The service is being added to provide future performance improvements and is not used in Cumulative Update 5. More information is available in KB2971467.

Also includes is the fix for the “Some or all identity references could not be translated” error in Exchange 2013 SP1.

Cumulative Update 5 is available for download here.

For deployment steps refer to this guide to installing cumulative updates for Exchange Server 2013.

Related coverage:

• New Hybrid Configuration Wizard Features in Exchange Server 2013 CU5

This article Exchange Server 2013 Cumulative Update 5 Released is © 2014 ExchangeServerPro.com

Get more Exchange Server tips at ExchangeServerPro.com

    

Related Stories

• Get-DailyBackupAlerts.ps1 Script Updated to v1.06
• Exchange Server 2013 FAQ: Where is Cumulative Update 4?
• Exchange Server 2013 Cumulative Update 3 Released

 

Microsoft has released Update Rollup 6 for Exchange Server 2010 Service Pack 3.

This update includes a number of fixes that are listed in KB2936871.

Deploying Exchange Server 2010 SP3 Update Rollup 6

The standard order of deployment for Exchange Server updates applies.

1. Client Access servers, starting with the internet-facing ones. See this article for how to patch a CAS array.
2. Hub Transport servers
3. Unified Messaging servers
4. Mailbox servers. See this article for how to patch a Database Availability Group.
5. Edge Transport servers

This article Exchange 2010 Service Pack 3 Update Rollup 6 Released is © 2014 ExchangeServerPro.com

Get more Exchange Server tips at ExchangeServerPro.com

    

Related Stories

• Get-DailyBackupAlerts.ps1 Script Updated to v1.06
• Exchange Server 2010 Mailboxes and the ServerName Attribute
• Find Users Missing Email Folders Using Get-MailboxFolderStatistics

 

One of the risks during Exchange Server 2013 deployment is that the installation of a new Client Access server may cause certificate warnings to begin appearing in the Outlook client of your end users.

This is similar to the certificate warning issue often seen during Exchange Server 2013 installation, which was caused by the Outlook client making Autodiscover or Exchange Web Services connections to an Exchange server with a self-signed (ie, untrusted by the client) SSL certificate.

If there is going to be a delay in SSL certificate provisioning for the new Exchange 2013 servers (which is common when third party certification authorities are used) then steps should be taken to mitigate this risk.

This issue can be avoided with a little bit of planning before you deploy the first server. Let’s take a look at the existing Exchange Server Pro organization.

First, a quick review of existing Autodiscover configurations should be performed.

From the information gathering stage where we ran the Get-VirDirInfo.ps1 script we already know that the following Autodiscover URLs are configure:

• autodiscover.exchangeserverpro.net
• br-ex2010-mb.exchangeserverpro.net

Another view of this information can be seen by running Get-ClientAccessServer.

[PS] C:\>Get-ClientAccessServer | Select Name,AutodiscoverServiceInternalURI,AutodiscoverSiteScope | Fl
Name                           : BR-EX2010-MB
AutoDiscoverServiceInternalUri : https://br-ex2010-mb.exchangeserverpro.net/Autodiscover/Autodiscover.xml
AutoDiscoverSiteScope          : {BranchOffice}
Name                           : HO-EX2010-MB1
AutoDiscoverServiceInternalUri : https://autodiscover.exchangeserverpro.net/Autodiscover/Autodiscover.xml
AutoDiscoverSiteScope          : {HeadOffice}
Name                           : HO-EX2010-MB2
AutoDiscoverServiceInternalUri : https://autodiscover.exchangeserverpro.net/Autodiscover/Autodiscover.xml
AutoDiscoverSiteScope          : {HeadOffice}

Notice the AutoDiscoverSiteScope value above. This is also referred to as “Site Affinity” and is used to tell Outlook clients which Client Access servers to prefer when they are looking for an Autodiscover service to connect to. For more on configuring site scope refer to this article:

• Modifying Autodiscover Site Scope for Exchange 2010

In a migration scenario where new servers are being introduced to the organization, the site scope can be used to avoid having Outlook clients connecting to your new servers for Autodiscover. If you have not configured site scope it is recommended to do so before installing the first Exchange 2013 server.

However, this solution requires that the new Exchange 2013 servers are being deployed in an Active Directory site that is different to the existing site(s). In our Exchange Server Pro deployment scenario this is true; the new servers are being deployed into new datacenters that have different IP subnets and different Active Directory sites configured.

If you are not deploying into a new site you can still use this method by establishing a temporary AD site where Exchange 2013 is provisioned, then move it into your production AD site when it is ready to go live.

If neither of the above options is available to you then you can use DNS to avoid the issue instead. For example, if a single site exists and the Autodiscover namespace is autodiscover.exchangeserverpro.net, then as long as the Exchange 2013 server is also configured with that Autodiscover namespace, you can use DNS to only resolve that name to your existing Exchange servers only, or resolve to a load balanced VIP that distributes the traffic only to those Exchange 2010 servers.

To achieve this you would need to configure the Autodiscover URL on the Exchange 2013 server immediately after it is installed. You can see a demonstration of this in the following article:

• Avoiding Server Names in SSL Certificates for Exchange Server 2013

To summarize, the primary objectives here are to use Autodiscover namespace and site scope configurations to prevent Outlook clients from connecting to an Exchange 2013 server that has not been full provisioned, to avoid SSL warning dialogs appearing, and also to optimize the Autodiscover configuration in larger environments.

In the next article in this series we’ll look at reviewing the offline address book configuration for the existing Exchange 2010 environment.

This article Exchange Server 2010 to 2013 Migration – Reviewing Autodiscover Configuration is © 2014 ExchangeServerPro.com

Get more Exchange Server tips at ExchangeServerPro.com

    

Related Stories

• Exchange Server 2010 to 2013 Migration – Namespace and Certificate Planning
• Exchange Server 2010 to 2013 Migration – Pre-Requisites and Information Gathering
• Exchange Server 2010 to 2013 Migration – Environment Overview

 

After installing an Exchange 2013 server into an existing organization Outlook clients may begin displaying a security alert warning dialog with the name of the Exchange 2013 server in it.

An example of the warning text is:

The security certificate was issued by a company you have not chosen to trust. View the certificate to determine whether you want to trust the certifying authority.

This can occur if the Outlook clients are connecting to Autodiscover or Exchange Web Services on the new Exchange 2013 server that you have installed.

This issue can be avoided if you review your Autodiscover configuration and make changes to the Autodiscover namespace configured on the server, as well as provisioning an SSL certificate for the new server.

See the following articles for more information:

• Exchange Server 2010 to 2013 Migration – Reviewing Autodiscover Configuration
• Avoiding Server Names in SSL Certificates for Exchange Server 2013
• SSL Certificates for Exchange Server 2013

This article Outlook Certificate Security Alert after Exchange Server 2013 Installation is © 2014 ExchangeServerPro.com

Get more Exchange Server tips at ExchangeServerPro.com

    

Related Stories

• PowerShell Script to Generate Exchange Server SSL Certificate Report
• Error “Some or All Identity References Could Not Be Translated” When Adding Members to Exchange Server 2013 Database Availability Group
• Find Users Missing Email Folders Using Get-MailboxFolderStatistics

 

Before installing your first Exchange 2013 server during a migration project you must first review your offline address book configuration.

The issue, as explained in detail by Exchange MVP Andrew Higginbotham here, and mentioned by Microsoft in the release notes and a subsequent blog post, is that Exchange Server 2013 will create a new default offline address book for the organization.

Any mailbox users who do not have an existing OAB assigned to their mailbox directly, or to the mailbox database that they are located on, will download the entire OAB from the new default OAB that Exchange 2013 creates. In organizations with a large OAB or distributed network environment this is obviously not ideal.

The solution is to review your existing OAB configuration. You can check the OAB configured on mailbox databases with a single PowerShell command.

[PS] C:\>Get-MailboxDatabase | select name,offlineaddressbook | sort name
Name          OfflineAddressBook
----          ------------------
MB-BR-01      \Default Offline Address Book
MB-BR-02
MB-HO-01      \Default Offline Address Book
MB-HO-02
MB-HO-04
MB-HO-Archive

As you can see only two of the six databases in the Exchange Server Pro organization have an offline address book configured.

To avoid mailbox users on the other four databases re-downloading the entire OAB we can assign an OAB to the databases. Again this can be performed with a single PowerShell command in many cases.

[PS] C:\>Get-MailboxDatabase | Where {$_.OfflineAddressBook -eq $null} | Set-MailboxDatabase -OfflineAddressBook "\Default Offline Address Book"

Alternatively you can assign the OAB to a database using the Exchange Management Console by opening the mailbox database properties and selecting the Client Settings tab.

This is an important configuration item to review during a migration project and should not be overlooked.

In the next part of this article series we’ll look at server sizing guidance for Exchange Server 2013.

This article Exchange Server 2010 to 2013 Migration – Reviewing Offline Address Book Configuration is © 2014 ExchangeServerPro.com

Get more Exchange Server tips at ExchangeServerPro.com

    

Related Stories

• Exchange Server 2010 to 2013 Migration – Reviewing Autodiscover Configuration
• Exchange Server 2010 to 2013 Migration – Namespace and Certificate Planning
• Exchange Server 2010 to 2013 Migration – Pre-Requisites and Information Gathering

 

Any Exchange Server 2013 deployment should include the use of the server sizing calculator published by Microsoft. This calculator represents the best and latest sizing guidance available for Exchange Server 2013, based on real world deployments.

As such, the calculator does vary over time, with changes such as minor calculation fixes all the way up to major changes such as the additional CPU requirements for MAPI-over-HTTP released in Service Pack 1.

You can download the Exchange 2013 Server Role Requirements calculator from TechNet. Always check to make sure you are downloading the latest version.

This article Exchange Server 2010 to 2013 Migration – Server Sizing Guidance is © 2014 ExchangeServerPro.com

Get more Exchange Server tips at ExchangeServerPro.com

    

Related Stories

• Exchange Server 2010 to 2013 Migration – Reviewing Offline Address Book Configuration
• Exchange Server 2010 to 2013 Migration – Reviewing Autodiscover Configuration
• Exchange Server 2010 to 2013 Migration – Namespace and Certificate Planning

 

Before installing the first Exchange 2013 server during a migration project we must first prepare Active Directory.

These preparation steps can happen automatically during installation of the first server, as long as the correct conditions are in place. For example, if you are running Exchange Server 2013 setup:

• On a 64-bit server in the same Active Directory site as the Schema Master, and as a writeable global catalog for each domain in the forest
• With an account that has Schema Admins, Domain Admins and Enterprise Admins permissions

For a simple environment with one or just a few sites and only one domain in the forest it can be easier to just allow this preparation to run as part of the first server installation. However, more complex environments, or those that need to control their change schedule a bit more closely, running the Active Directory preparation tasks separately may be more suitable.

You can read more about Active Directory preparation on TechNet here.

The Exchange Server Pro organization has four Active Directory sites, and a single domain in the forest. The FSMO roles have been moved to the domain controller in the DataCenter1 site where the first Exchange 2013 servers are being deployed, so that is where the preparation steps will be performed.

Before we start it is recommended to note the current schema version so that you can compare it later when you are verifying the results of Exchange setup. Use Michael B Smith’s PowerShell script here to perform this task.

PS C:\> "Exchange Schema Version = " + ([ADSI]("LDAP://CN=ms-Exch-Schema-Version-Pt," + ([ADSI]"LDAP://RootDSE").schemaNamingContext)).rangeUpper
Exchange Schema Version = 14734

Prepare the Active Directory Schema

The first step is to apply the Exchange Server 2013 schema update to Active Directory. Extract the Exchange Server 2013 setup files to a folder on the server. In this example I am deploying Exchange Server 2013 with Service Pack 1, which is the latest version available right now.

Next, launch a CMD prompt as administrator.

Run setup /PrepareSchema, including the /IAcceptExchangeServerLicenseTerms switch as well.

C:\Admin\ex2013sp1>setup /prepareschema /iacceptexchangeserverlicenseterms
Welcome to Microsoft Exchange Server 2013 Service Pack 1 Unattended Setup
Copying Files...
File copy complete. Setup will now collect additional information needed for
installation.
Performing Microsoft Exchange Server Prerequisite Check
    Prerequisite Analysis                                     COMPLETED
Configuring Microsoft Exchange Server
    Extending Active Directory schema                         COMPLETED
The Exchange Server setup operation completed successfully.

Run the schema version script again to compare the results.

PS C:\> "Exchange Schema Version = " + ([ADSI]("LDAP://CN=ms-Exch-Schema-Version-Pt," + ([ADSI]"LDAP://RootDSE").schemaNamingContext)).rangeUpper
Exchange Schema Version = 15292

Preparing the Forest and Domains

After extending the schema we can proceed with preparing the Active Directory forest and domains.

Again, from an elevated CMD prompt run setup /PrepareAD and use the /IAcceptExchangeServerLicenseTerms switch as well. Because we are installing into an existing organization there is no need to use the /OrganizationName switch.

C:\Admin\ex2013sp1>setup /preparead /iacceptexchangeserverlicenseterms
Welcome to Microsoft Exchange Server 2013 Service Pack 1 Unattended Setup
Copying Files...
File copy complete. Setup will now collect additional information needed for
installation.
Performing Microsoft Exchange Server Prerequisite Check
    Prerequisite Analysis                                     COMPLETED
 Setup will prepare the organization for Exchange 2013 by using 'Setup /PrepareA
D'. No Exchange 2007 server roles have been detected in this topology. After thi
s operation, you will not be able to install any Exchange 2007 servers.
 For more information, visit: http://technet.microsoft.com/library(EXCHG.150)/ms
.exch.setupreadiness.NoE12ServerWarning.aspx
Configuring Microsoft Exchange Server
    Organization Preparation                                  COMPLETED
The Exchange Server setup operation completed successfully.

With only one domain in the forest there are no additional steps to perform here. If you have multiple domains you should refer to the TechNet instructions here.

In the next article in this series we’ll look at installation of the first Exchange 2013 server.

This article Exchange Server 2010 to 2013 Migration – Preparing Active Directory is © 2014 ExchangeServerPro.com

Get more Exchange Server tips at ExchangeServerPro.com

    

Related Stories

• Exchange Server 2010 to 2013 Migration – Server Sizing Guidance
• Exchange Server 2010 to 2013 Migration – Reviewing Offline Address Book Configuration
• Exchange Server 2010 to 2013 Migration – Reviewing Autodiscover Configuration

 

After preparing Active Directory we can proceed with the installation of the Exchange 2013 servers into the Exchange Server Pro organization.

The first servers to be installed are EX2013SRV1 and EX2013SRV2 in the Datacenter1 site. The servers in Datacenter2 will be deployed later in the project as the HA environment is expanded to include site resiliency.

Before you proceed with the first Exchange 2013 installation I recommend you read and understand the guidance in the Reviewing AutoDiscover Configuration part of this article series. You should also have already performed your namespace and certificate planning.

Installing Exchange Server 2013

The Exchange Server Pro organization has chosen to deploy Exchange Server 2013 SP1 on Windows Server 2012 R2. If you are planning to deploy Exchange Server 2013 there may be a more recent build available for you to deploy instead.

The installation involves:

• Building the new servers to the specifications determined using the Exchange 2013 server sizing guidance from Microsoft
• Installing the Exchange Server 2013 pre-requisites
• Installing Exchange Server 2013 on both servers as a multi-role server (Mailbox and Client Access server roles)

Configuring the AutoDiscover URI

To avoid Outlook security alert issues for end users the AutoDiscover URI is immediately updated on the Exchange 2013 Client Access servers to use the AutoDiscover namespace for the organization. This is performed by opening the Exchange Management Shell on an Exchange 2013 server and running the following commands.

[PS] C:\>Set-ClientAccessServer ex2013srv1 -AutoDiscoverServiceInternalUri https://autodiscover.exchangeserverpro.net/Autodiscover/Autodiscover.xml
[PS] C:\>Set-ClientAccessServer ex2013srv2 -AutoDiscoverServiceInternalUri https://autodiscover.exchangeserverpro.net/Autodiscover/Autodiscover.xml

In the next part of this series we’ll look at accessing the Exchange 2013 management tools during the co-existence phase of the project.

This article Exchange Server 2010 to 2013 Migration – Installing Exchange Server 2013 is © 2014 ExchangeServerPro.com

Get more Exchange Server tips at ExchangeServerPro.com

    

Related Stories

• Exchange Server 2010 to 2013 Migration – Preparing Active Directory
• Exchange Server 2010 to 2013 Migration – Server Sizing Guidance
• Exchange Server 2010 to 2013 Migration – Reviewing Offline Address Book Configuration

 

After installing the first Exchange 2013 server into an existing Exchange 2010 organization we are effectively in a co-existence state. During this phase of the Exchange 2013 migration project there are some management considerations to be aware of.

Exchange Server 2013 Management Tools

On the Exchange 2013 servers there are three parts to the Exchange management tools:

• The Exchange Admin Center, a web-based administration console
• The Exchange Management Shell, a PowerShell interface for Exchange 2013
• The Exchange Toolbox, which contains a few MMC-based tools for Exchange 2013

For a migration scenario you will primarily be using the Exchange Admin Center and the Exchange Management Shell.

• A Quick Look at Exchange Server 2013 Management Tools

Accessing the Exchange Admin Center During Co-Existence

The Exchange Admin Center can be accessed using a web browser. It is available on any Exchange 2013 server with the Mailbox server role installed. Because this is a web-based console you do not need to log on directly to the server to use it, nor do you need to install any management tools on your admin workstation to access it.

The URL for the Exchange Admin Center is https://serverFQDN/ecp, for example https://ex2013srv1.exchangeserverpro.net/ecp, or https://mail.exchangeserverpro.net/ecp if you have already configured and migrated your Client Access namespaces.

It is likely you will see an SSL certificate warning in your browser when you first access the EAC, due to the default self-signed certificate on the server. Later when you have configured the correct namespaces and SSL certificates this warning will not appear.

Exchange Admin Center Redirects to Exchange Server 2010 OWA

If you log on to the Exchange Admin Center with a user account that has an Exchange 2010 mailbox then you may be redirected to the Exchange 2010 OWA page instead.

To avoid this you can append the ?ExchClientVer=15 string to the end of the URL, for example https://ex2013srv1.exchangeserverpro.net/ecp?ExchClientVer=15.

However, in some cases such as when the new Exchange 2013 servers are located in a different AD site to the Exchange 2010 servers, this workaround may not be successful.

In such cases it is often simpler to create a new admin account specifically for use during the co-existence period. In this example scenario I’ve created an account called “E15Admin” and added it to the Organization Management group.

Managing Exchange Objects During Co-Existence

There are some general rules for managing Exchange objects during co-existence. From TechNet:

You can’t use the Exchange 2010 EMC to manage Exchange 2013 objects and servers. While customers upgrade to Exchange 2013, we encourage them to use the EAC to:

1. Manage Exchange 2013 mailboxes, servers, and corresponding services.
2. View and update Exchange 2010 mailboxes and properties.
3. View and update Exchange 2007 mailboxes and properties.

We encourage customers to use Exchange 2010 EMC to create Exchange 2010 mailboxes.

We encourage customers to use Exchange 2007 EMC to create Exchange 2007 mailboxes.

Customers can continue to perform management tasks using the Exchange Management Shell and script tasks.

Transport rules are a slightly different situation. From TechNet:

When you coexist with Exchange 2010 or Exchange 2007, all transport rules are stored in Active Directory and replicated across your organization regardless of the Exchange Server version you used to create the rules. However, all transport rules are associated with the Exchange server version that was used to create them and are stored in a version-specific container in Active Directory. When you first deploy Exchange 2013 in your organization, any existing rules are imported to Exchange 2013 as part of the setup process. However, any changes afterwards would need to be made with both versions. For example, if you change an existing rule using the Exchange 2013 EAC, you need to make the same change using the Exchange 2010 or Exchange 2007 EMC.

In the next article in this series we’ll look at configuring SSL certificates for Exchange Server 2013.

This article Exchange Server 2010 to 2013 Migration – Managing a Co-Existence Environment is © 2014 ExchangeServerPro.com

Get more Exchange Server tips at ExchangeServerPro.com

    

Related Stories

• Exchange Server 2010 to 2013 Migration – Installing Exchange Server 2013
• Exchange Server 2010 to 2013 Migration – Preparing Active Directory
• Exchange Server 2010 to 2013 Migration – Server Sizing Guidance

 

For this Exchange 2013 upgrade project a new SSL (SAN) certificate is being provisioned for the Exchange 2013 servers. From the namespace and certificate planning part of this series we know that the following namespaces are required for the certificate:

• autodiscover.exchangeserverpro.net (HTTP – Autodiscover)
• mail.exchangeserverpro.net (HTTP – Outlook Anywhere, OWA, ECP/EAC, ActiveSync, EWS, OAB)
• imap.exchangeserverpro.net (IMAP)
• pop.exchangeserverpro.net (POP)
• smtp.exchangeserverpro.net (SMTP)

Note: the Exchange 2010 SSL certificate can be re-used if it contains the correct namespaces. You can export the SSL certificate from Exchange 2010 and import it into Exchange 2013. However, if the names on the certificate are not correct, or the certificate is due to expire soon anyway, you may find it easier to simply acquire a new SSL certificate.

To complete the SSL certificate configuration the following process is used:

1. Generate a Certificate Request for Exchange 2013
2. Submit the certificate request to the CA to generate the SSL certificate. For real world production environments I recommend Digicert for their competitive pricing, good support, flexible licensing, and free re-issues if you happen to make an error. For the purposes of this demonstration a private CA is being used by following these steps instead.
3. Complete the pending certificate request
4. Export/import an SSL certificate to multiple Exchange 2013 servers
5. Assign the SSL certificate to services in Exchange 2013

The same SSL certificate is used on both servers. So the certificate can be acquired for EX2013SRV1, then exported and imported for EX2013SRV2. You should not provision separate SSL certificates for Client Access servers that will be accessed by clients via the same namespaces.

In the next part of this series we’ll begin configuring the Exchange 2013 server roles.

This article Exchange Server 2010 to 2013 Migration – Configuring SSL Certificates is © 2014 ExchangeServerPro.com

Get more Exchange Server tips at ExchangeServerPro.com

    

Related Stories

• Exchange Server 2010 to 2013 Migration – Managing a Co-Existence Environment
• Exchange Server 2010 to 2013 Migration – Installing Exchange Server 2013
• Exchange Server 2010 to 2013 Migration – Preparing Active Directory

 

With the correct SSL certificates installed on the Exchange 2013 servers we can now proceed with configuration of the Client Access server role.

Both of the Exchange 2013 servers deployed so far, EX2013SRV1 and EX2013SRV2, are multi-role servers, and need their Client Access roles configured.

Configuring Client Access URLs

The Client Access URLs are configured to match the namespaces that we planned earlier. Because the AutoDiscover URL was already configured immediately after Exchange 2013 was installed that only leaves:

• Outlook Anywhere
• Outlook Web App
• Exchange Control Panel
• ActiveSync
• Exchange Web Services
• Offline Address Book

These are easy to configure with a simple PowerShell script. Here is an example:

param(
	[Parameter( Mandatory=$true)]
	[string]$Server,
	[Parameter( Mandatory=$true)]
	[string]$InternalURL,
	[Parameter( Mandatory=$true)]
	[string]$ExternalURL
	)
Write-Host "Configuring Outlook Anywhere URLs"
Get-OutlookAnywhere -Server $Server | Set-OutlookAnywhere -ExternalHostname $externalurl -InternalHostname $internalurl -ExternalClientsRequireSsl $true -InternalClientsRequireSsl $true -DefaultAuthenticationMethod NTLM
Write-Host "Configuring Outlook Web App URLs"
Get-OwaVirtualDirectory -Server $server | Set-OwaVirtualDirectory -ExternalUrl https://$externalurl/owa -InternalUrl https://$internalurl/owa
Write-Host "Configuring Exchange Control Panel URLs"
Get-EcpVirtualDirectory -Server $server | Set-EcpVirtualDirectory -ExternalUrl https://$externalurl/ecp -InternalUrl https://$internalurl/ecp
Write-Host "Configuring ActiveSync URLs"
Get-ActiveSyncVirtualDirectory -Server $server | Set-ActiveSyncVirtualDirectory -ExternalUrl https://$externalurl/Microsoft-Server-ActiveSync -InternalUrl https://$internalurl/Microsoft-Server-ActiveSync
Write-Host "Configuring Exchange Web Services URLs"
Get-WebServicesVirtualDirectory -Server $server | Set-WebServicesVirtualDirectory -ExternalUrl https://$externalurl/EWS/Exchange.asmx -InternalUrl https://$internalurl/EWS/Exchange.asmx
Write-Host "Configuring Offline Address Book URLs"
Get-OabVirtualDirectory -Server $server | Set-OabVirtualDirectory -ExternalUrl https://$externalurl/OAB -InternalUrl https://$internalurl/OAB

Simply run the script using the Exchange Management Shell (from a server or workstation with the Exchange 2013 management tools installed) with the required parameters, for example:

[PS] C:\Admin>.\ConfigureURLs.ps1 -Server ex2013srv1 -InternalURL mail.exchangeserverpro.net -ExternalURL mail.exchangeserverpro.net
[PS] C:\Admin>.\ConfigureURLs.ps1 -Server ex2013srv2 -InternalURL mail.exchangeserverpro.net -ExternalURL mail.exchangeserverpro.net

Configuring OWA and ECP Authentication

The default authentication for Exchange 2013 OWA is forms-based. If you need to use a different authentication type then you should configure it now on the OWA and ECP virtual directories for your Exchange 2013 servers. The virtual directory configuration is found in the Exchange Admin Center in the Servers -> Virtual Directories area.

For example, here I am changing the username format to UPN so that users can login with their “email address” (because the organization uses UPNs that match the primary SMTP address).

Restart IIS

An IISReset of each server should also be performed so that the virtual directory changes can take effect.

[PS] C:\Admin>iisreset ex2013srv1
Attempting stop...
Internet services successfully stopped
Attempting start...
Internet services successfully restarted
[PS] C:\Admin>iisreset ex2013srv2
Attempting stop...
Internet services successfully stopped
Attempting start...
Internet services successfully restarted

Configure POP/IMAP Settings

If you are also using POP or IMAP in your environment you should configure those services as well. For each server set the X509 certificate name, and the internal/external connection settings.

[PS] C:\>Set-PopSettings -Server ex2013srv1 -X509CertificateName pop.exchangeserverpro.net -InternalConnectionSetting pop.exchangeserverpro.net:995:SSL,pop.exchangeserverpro.net:110:TLS -ExternalConnectionSettings pop.exchangeserverpro.net:995:SSL,pop.exchangeserverpro.net:110:TLS
WARNING: Changes to POP3 settings will only take effect after all Microsoft Exchange POP3 services are restarted on
server EX2013SRV1.
[PS] C:\>Set-PopSettings -Server ex2013srv2 -X509CertificateName pop.exchangeserverpro.net -InternalConnectionSetting pop.exchangeserverpro.net:995:SSL,pop.exchangeserverpro.net:110:TLS -ExternalConnectionSettings pop.exchangeserverpro.net:995:SSL,pop.exchangeserverpro.net:110:TLS
WARNING: Changes to POP3 settings will only take effect after all Microsoft Exchange POP3 services are restarted on
server EX2013SRV2.

Restart the POP services for the servers.

[PS] C:\>Invoke-Command -ComputerName ex2013srv1,ex2013srv2 {Restart-Service MSExchangePOP3}

The same basic process applies to IMAP as well.

[PS] C:\>Set-ImapSettings -Server ex2013srv1 -X509CertificateName imap.exchangeserverpro.net -InternalConnectionSetting imap.exchangeserverpro.net:993:SSL,imap.exchangeserverpro.net:143:TLS -ExternalConnectionSettings imap.exchangeserverpro.net:993:SSL,imap.exchangeserverpro.net:143:TLS
WARNING: Changes to IMAP4 settings will only take effect after all Microsoft Exchange IMAP4 services are restarted on
server EX2013SRV1.
[PS] C:\>Set-ImapSettings -Server ex2013srv2 -X509CertificateName imap.exchangeserverpro.net -InternalConnectionSetting imap.exchangeserverpro.net:993:SSL,imap.exchangeserverpro.net:143:TLS -ExternalConnectionSettings imap.exchangeserverpro.net:993:SSL,imap.exchangeserverpro.net:143:TLS
WARNING: Changes to IMAP4 settings will only take effect after all Microsoft Exchange IMAP4 services are restarted on
server EX2013SRV2.
[PS] C:\>Invoke-Command -ComputerName ex2013srv1,ex2013srv2 {Restart-Service MSExchangeIMAP4}

Testing the Client Access Server Configuration

Ideally we would test the new configuration before pointing any production users at it. However, to test in this case we would need to change the DNS records for our Client Access namespaces (autodiscover.exchangeserverpro.net and mail.exchangeserverpro.net) to resolve to the IP address of the Exchange 2013 servers. Since that would potentially have a negative impact on end users, instead we can use a hosts file to point a test PC at the new servers.

First, create a new user and mailbox on an Exchange 2013 database. This is performed using the Exchange Admin Center.

Next, modify the hosts file on a test PC. The file is located in C:\Windows\System32\drivers\etc, and will require admin/elevated rights to modify.

Note: Without a load balancer in place you may need to repeat your tests multiple times for each Exchange 2013 server IP. Later when the production cut over takes place you can use DNS round robin instead.

From the test PC logged in as the Exchange 2013 test user you should be able to launch Outlook and have the profile automatically configured to open the mailbox. While you’re logged in to the mailbox you may also like to do some send/receive tests between the Exchange 2013 test mailbox and some Exchange 2010 test mailboxes to verify that mail flow is working between the servers.

In the next part of this series we’ll look at configuring the Exchange 2013 Mailbox server role.

This article Exchange Server 2010 to 2013 Migration – Configuring Client Access Servers is © 2014 ExchangeServerPro.com

Get more Exchange Server tips at ExchangeServerPro.com

    

Related Stories

• Exchange Server 2010 to 2013 Migration – Configuring SSL Certificates
• Exchange Server 2010 to 2013 Migration – Managing a Co-Existence Environment
• Exchange Server 2010 to 2013 Migration – Installing Exchange Server 2013