Tuesday, March 21, 2017

March 2017 Quarterly Exchange Update Released

Today Microsoft Released new/updated patches for Exchange 2007, 2010, 2013 and 2016.

As you know Exchange 2007 End of Life by 11th of April 2017 and read for further update exchange 2007 end of life support

Update Rollup 23 is the last update for Exchange 2007 SP3.
For Exchange 2010 SP3 Rollup 17.
For Exchange 2013 Cumulative Update 16.
For Exchange 2016 Cumulative Update 5.

Exchange 2016 CU 5 and Exchange 2013 CU16 doesn't have any Active Directory Schema update.

Please refer the Microsoft Article for more information.

https://blogs.technet.microsoft.com/exchange/2017/03/21/released-march-2017-quarterly-exchange-updates/


Thanks for Visiting. Keep watch for the further updates!
Export the Members of Exchange Dynamic Distribution Group

I received the email from one of my friend asking how to extract the Dynamic Distribution Group Membership details from Exchange, as you know we cannot extract the data using Exchange Management console as we do for regular mailbox export list, but we can use Exchange Management Shell to extract the data.

Step 1: - Get details of Dynamic Distribution Group

Ideally, we need to find what attribute entry used to setup the Dynamic Distribution Group and the parameter, in the below example we have LDAPRecipientFilter parameter used the connection with “Location” attribute to setup.



Get-DynamicDistributionGroup -Identity "/CMLTFALL2@learnexchange.info" | fl

RunspaceId                             : c3966317-166a-4aa5-8d28-d58eeb6ec871

RecipientContainer                     : learnexchange.info

RecipientFilter                        :

LdapRecipientFilter                    : (&(!cn=SystemMailbox{*})(&(&(&(& (mailnickname=*) (| (&(objectCategory=person)(objectClass=user)(|(homeMDB=*)(msExchHomeServerName=*))) )))(objectCategory=user)(l=Little Falls))))

IncludedRecipients                     :

ConditionalDepartment                  : {}

ConditionalCompany                     : {}

ConditionalStateOrProvince             : {}

ConditionalCustomAttribute1            : {}


Step 2: - Get details of Mail Recipient

Now, we need to extract the recipient details from above Dynamic Distribution Group so we will use Get-Recipient cmd.



Get-Recipient –Identity Gengaiyan@learnexchange.info | FL


Step 3 Export Dynamic Distribution Group: -

Pick-up the parameter that you want while exporting the member details from Dynamic Distribution Group, like Display Name, PrimarySMTPAddress, Title, Database


$Dy=Get-DynamicDistributionGroup -Identity "/CMLTFALL2@learnexchange.info"

Get-Recipient -RecipientPreviewFilter $Dy.LdapRecipientFilter | select DisplayName,primarysmtpaddress | Export-Csv C:\temp\DynamicGroup.csv -NoTypeInformation

Thanks for Visiting. Keep watch for the further updates!

Saturday, March 18, 2017

Type of Exchange Configuration Nodes

In this article, we will go through what are types of configuration we have in Exchange.

  • Organization Configuration
  • Server Configuration
  • Recipient Configuration




Organization Configuration: -

Any changes/update in organization configuration settings that apply to your entire organization You can also create and manage federation configuration with other partner organization including Office 365.

Mailbox –Use this node to manage Mailbox Server role setting that applies to the entire organization such as Creating and Managing Database, DAG, Offline Address Book, Address List, Custom Folders.

Client Access – Use this node to manage Client Access Server Settings that apply to the entire organization such as Exchange Active-Sync Policy (Device Security, Encryption, Email Sync threshold etc), Outlook Web Access Policy (Enabling/Disabling OWA Segmentation, OWA File download, and View settings).

Hub Transport – Use this node to manage Hub Transport Server that applies to entire organization level such as Send connector, Accepted Domain, Remote Domain, Email Address Policy, Journaling Rules, Transport Rules, Global Settings.

Unified Messaging – Use this node to manage Unified Messaging Server settings that apply to the entire organization such as Dial Plan, Exchange Auto Attendant, Exchange UM Gateway and Unified Messaging Mailbox Policy.

Server Configuration: -

Use Server Configuration to view the list of Exchange Servers, Version and Build version.
Similar to Organization Configuration, Server Configuration also have four sub-nodes,

Mailbox Server – Use this node to manage mailbox server settings that apply to specific server level such as activating passive database as active, View list of available Domain Controller, View Logging Configuration details.

Client Access Server – Use this node to manage client access server setting that applies to the specific servers such as Outlook Web Access URL, Active-Sync, ECP, IMAP, POP3, and OAB.

Hub Transport Server – Use this node to manage hub transport server setting that applies to the specific server such as Create and Manage Receive Connector settings that apply to the specific server.

Unified Messaging Server – Use this node to manage to enable and to disable UM settings.

Recipient Configuration: -

Use Recipient Configuration to create and manage recipient related settings.

Similar to Organization and Server configuration, Recipient configuration also have 4 sub-nodes.

Mailbox –Use this node to create, remove, disable mailboxes and manage settings to the existing mailboxes including granting full mailbox access, send-as permission.

Distribution Group – Use this node to create, delete and manage mail-enabled distribution groups, Mail-enabled security groups, Dynamic Distribution Groups.

Contacts – Use this node to create and manage external mail enabled contacts.

Disconnected Mailbox – Use this node to view and connect disconnected mailboxes to the same user or different user/account.

Thanks for Visiting. Keep watch for the further updates!


Exchange 2010 Database Availability Group Setup

The Database Availability Group (DAG) is quietly most important feature in Exchange. In Exchange 2003, 2007 we used to have SCR, CCR, LCR clusters to maintain the high availability. In Exchange 2010 Microsoft combined CCR + SCR = DAG cluster functionalities together to improve the Exchange Database High Availability.

By now, I’m sure that most Exchange professionals have read up on the features of the DAG from the official Exchange product documentation, and the numerous articles that exist on the Internet. However, if you haven’t, you can find out what all the fuss is about within the Exchange 2010 product documentation.

In this article, we will cover mostly what is required and how to setup the Database Availability Group.

First and foremost important to understand is how we are going to setup the environment highly available all the times irrespective of Server OS level outage, VMware/Hyper-V Host Level, Site Level.

In this article, I am using the two-node DAG can be 

considered to be modeling a high availability solution 

within a single data center. However, this DAG 

configuration clearly cannot survive the loss of the 

data center itself, as no copies of the mailbox 
databases exist outside of the single site.




Before we setup DAG we need to understand what are the DAG component and how to setup properly,

DAG Components: -

DAG Name – We can have maximum 16 mailbox servers in a single DAG, Each DAG you create in exchange environment is a unique name, which ultimately used in the failover cluster.

DAG IP address – A DAG must have one or more Static IP address, In my environment, we have single AD site so I am using Single IP address but in your case, if it’s multiple AD sites, you can assign multiple IP addresses.

Witness Directory – If the witness server name has been specified then we must specify the witness directory, witness directory will keep the cluster configuration information.

Witness Server - If a DAG has an even number of mailbox servers contained within it, as is my environment DAG, a witness server will be used to act as an additional vote in the cluster to maintain cluster quorum. A CAS/Hub Transport server is typically chosen as the witness server, as long as that server role is not running on a member of the DAG.

Network Configuration: -
Network configuration playing the major role in Exchange DAG setup, if any misconfiguration on the NIC card setup leads poor behaviors. In exchange DAG setup either we can use dedicated MAPI & Replication Network as long as it is connecting to the backend physical NIC card delicately. Also, you can use single NIC card for MAPI + Replication this is fully supported.

MAPI Network: - This network used by client communication such as outlook and server to server communication.

Replication Network: -This network purely used for replication exchange transaction logs and reseeding the databases.

Feature
MAPI Network Setting
Replication Network Setting
Client for Microsoft Networks
Enabled
Disabled
QoS Packet Scheduler
Optionally Enabled
Optionally Enabled
File and Printer Sharing for Microsoft Networks
Enabled
Disabled
IPv6
Optionally Enabled
Optionally Enabled
IPv4
Enabled
Enabled
Link-Layer Topology Discovery Mapper I/O Driver
Enabled
Enabled
Link-Layer Topology Discovery Responder
Enabled
Enabled

DAG Setup Creation: -

Before we begin creating Exchange Database Availability Group, we need some of the prerequisites ready such as,
  • Add CAS/HUB server into Exchange Trusted Subsystem security group
  • Add Exchange Trusted Subsystem into server local administrator groups.
  • Create DAG Name computer object in AD.





Open Exchange Management Console Navigate to Organization Configuration and select Mailbox.
Select Database Availability Group tab, select “New Database Availability Group” option from Action pane.


As we discussed above in the article, specify the DAG Name, Witness Server and Witness Directory, Click Next.


If Witness server were already assigned to Exchange Trusted Subsystem and Local administrator group, you DAG creation will finish successfully.

Now, Right click the DAG Name that you created now, select properties


Select IP Addresses Tab and Update one or more IP address according to your environment, Click OK and Apply the changes.



Right Click DAG Name, Select “Manage Database Availability Group Membership”


Click “Add” and Select Mailbox servers that need to be part of selected DAG Member. This option helps you to add or remove servers from the DAG, when the server added to the DAG it will configure for automatic database recovery from database failures.


Click Manage





Now, we successfully completed DAG setup. Right Click the DAG you created and Select properties validate DAG Name, Witness server, Witness Directory, DAG IP address and Operation servers which are part of the DAG.


Select Database Availability DAG Network settings and ensure Replication and MAPI are enabled and all NIC card is UP.



Now, we validated all configuration settings and it’s time for us to configure the database copies.

Navigate to Organization Configuration, Select Database Management Tab
Select the database that you want to configure for High Availability

Select “Add Mailbox Database Copy


Click Browse and select Mailbox server, which needs to hold the Passive Database Copy. This creates a copy of the mailbox database in specified mailbox server and its enable continues replication from active database copy.

Click Add



Click Finish, Once database copy is created.




Repeat the steps for rest of your mailbox databases to configure HA.



Once you configured the passive database copy, Mailbox Replication service kicks to start replicating the Active Database EDB and Transaction Logs to Passive Database Server.

Once the replication is completed, it’s fully available for HA.



Thanks for Visiting. Keep watch for the further updates!

Friday, March 17, 2017

Issue: -

Unable to configure Exchange 2010 Database Availability Group Membership

Error Message: -

A database availability group administrative operation failed. Error: The operation failed. Create Cluster errors may result from incorrectly configured static addresses. Error: An error occurred while attempting a cluster operation. Error: Cluster API “AddClusterNode() (Max Percentage=12) failed with 0x800706d3.





[2017-02-26T19:35:07] The following log entry comes from a different process that's running on machine 'EXCHLAB2K10-01.learnexchange.info'. BEGIN
[2017-02-26T19:35:07] [2017-02-26T19:35:07] Opening a local AmCluster handle.
[2017-02-26T19:35:07] Updated Progress 'Adding server 'exchlab2k10-02' to database availability group 'DAG01'.' 2%.
[2017-02-26T19:35:07] Working
[2017-02-26T19:35:07] ClusterSetupProgressCallback( eSetupPhase = ClusterSetupPhaseValidateNodeState, ePhaseType = ClusterSetupPhaseStart, ePhaseSeverity = ClusterSetupPhaseInformational, dwPercentComplete = 12, szObjectName = EXCHLAB2K10-02, dwStatus = 0x0 )
[2017-02-26T19:35:07] ClusterSetupProgressCallback( eSetupPhase = ClusterSetupPhaseValidateNodeState, ePhaseType = ClusterSetupPhaseContinue, ePhaseSeverity = ClusterSetupPhaseFatal, dwPercentComplete = 12, szObjectName = EXCHLAB2K10-02, dwStatus = 0x800706d3 )
[2017-02-26T19:35:07] ClusterSetupProgressCallback( eSetupPhase = ClusterSetupPhaseValidateNodeState, ePhaseType = ClusterSetupPhaseEnd, ePhaseSeverity = ClusterSetupPhaseFatal, dwPercentComplete = 12, szObjectName = EXCHLAB2K10-02, dwStatus = 0x800706d3 )
[2017-02-26T19:35:07] ClusterSetupProgressCallback( eSetupPhase = ClusterSetupPhaseFailureCleanup, ePhaseType = ClusterSetupPhaseStart, ePhaseSeverity = ClusterSetupPhaseInformational, dwPercentComplete = 12, szObjectName = EXCHLAB2K10-02, dwStatus = 0x0 )
[2017-02-26T19:35:07] ClusterSetupProgressCallback( eSetupPhase = ClusterSetupPhaseFailureCleanup, ePhaseType = ClusterSetupPhaseEnd, ePhaseSeverity = ClusterSetupPhaseInformational, dwPercentComplete = 12, szObjectName = , dwStatus = 0x0 )

[2017-02-26T19:35:07] The preceding log entry comes from a different process running on computer 'EXCHLAB2K10-01.learnexchange.info'. END
[2017-02-26T19:35:07] The operation wasn't successful because an error was encountered. You may find more details in log file "C:\ExchangeSetupLogs\DagTasks\dagtask_2017-02-26_19-33-39.663_add-databaseavailabiltygroupserver.log".
[2017-02-26T19:35:08] WriteError! Exception = Microsoft.Exchange.Cluster.Replay.DagTaskOperationFailedException: A database availability group administrative operation failed. Error: The operation failed. CreateCluster errors may result from incorrectly configured static addresses. Error: An error occurred while attempting a cluster operation. Error: Cluster API '"AddClusterNode() (MaxPercentage=12) failed with 0x800706d3. Error: The authentication service is unknown"' failed. ---> 
Microsoft.Exchange.Cluster.Replay.AmClusterApiException: An Active Manager operation failed. Error An error occurred while attempting a cluster operation. Error: Cluster API '"AddClusterNode() (MaxPercentage=12) failed with 0x800706d3. Error: The authentication service is unknown"' failed.. ---> System.ComponentModel.Win32Exception: The authentication service is unknown
   --- End of inner exception stack trace ---


Error Statement: -

This error seemed rather strange in that it was referencing an incorrectly configured static address, this issue mainly happen when below things happen,

  • Missing the Database Availability Group IP address.
  • Having same MAC address in both cluster node servers when the same image used to build another server.


Resolution: -

Open Exchange Management Console, Expand Organization Configuration and Select Mailbox
Select Database Availability Group tab, Select DAG01, Right Click Properties




Select “IP addresses” tab and update the Static IP address, Click “OK” and Apply the changes.




Select Database Availability Group, Right Click and 

select Manage Database Availability Group 

Membership, Click "Add" and Select Local Mailbox 

server (EXCHLAB2K10-01), Click "OK"




Similarly, login to second Exchange Mailbox Server and Add it.






Thanks for Visiting. Keep watch for the further updates!
Exchange 2007 End of Life Support

Just a reminder for the Organization who still running Exchange 2007 servers to plan for Exchange 2013/2016/O365 migration because 11th of April 2017 Microsoft Ending the Extended Support of the product.

Post-April 11th we will not receive any below supports from Microsoft to continue our services,


  • Free or Paid premier support.
  • Bug fixes for any issues are discovered that might impact server availability and stability.
  • NO Time Zone update (Daylight saving settings will not automatically be updated.
  • Will not get further Security & Vulnerability patches.


Exchange 2007 will not stop working due to the above limitation but it's Recommended and Best Practice to upgrade the production environment with the latest version.
 
Thanks for Visiting. Keep watch for the further updates!

Monday, March 6, 2017

Issue: - IMCEAEX – Recipient Is not found

Error Message: -

IMCEAEX-_O=EXCH_OU=EXCHANGE+20ADMINISTRATIVE+20GROUP+20+28FHSDHJF23GHYED+29_CN=RECIPIENTS_CN=Gengaiyan+2EMani@domain.com
Issue Statement: -
When you send email to any internal users these will be routed based on user LegacyDN Exchange attributes and auto-complete cache in Microsoft Outlook and in Microsoft Outlook Web App (OWA) uses, these values to route email messages internally. If the value changes, the delivery of email messages may fail with a 5.1.1 NDR – Recipient is not found.
If someone changed any below object properties in Exchange or AD user LegacyExchangeDN will change,
  • First Name
  • Last Name
  • Email Address
  • Alias


Resolution: -

To resolve the email delivery issue, we need to convert the below IMCEAEX delivery address to X500 Address and add it on user Exchange properties under X500 Type.

Before you convert the values, we need to understand few things to make correct X500 address,

IMCEAEX-_O=EXCH_OU=EXCHANGE+20ADMINISTRATIVE+20GROUP+20+28FHSDHJF23GHYED+29_CN=RECIPIENTS_CN=Gengaiyan+2EMani@domain.com

Convert _ to /
/O=EXCH/OU=EXCHANGE+20ADMINISTRATIVE+20GROUP+20+28FHSDHJF23GHYED+29/CN=RECIPIENTS/CN=Gengaiyan+2EMani@domain.com

Next

/O=EXCH/OU=EXCHANGE+20ADMINISTRATIVE+20GROUP+20+28FHSDHJF23GHYED+29/CN=RECIPIENTS/CN=RON+2EMani@domain.com
•Replace any underscore character (_) with a slash character (/)
•Replace "+20" with a blank space
•Replace "+28" with an opening parenthesis character
•Replace "+29" with a closing parenthesis character
•Replace "+2E" with a period
•Delete "IMCEAEX-"
•Delete "@domain.com"
•Add "X500:" at the beginning.
X500:/O=EXCH/OU=EXCHANGE ADMINISTRATIVE GROUP (FHSDHJF23GHYED)/CN=RECIPIENTS/CN=Gengaiyan.Mani

Thanks for Visiting. Keep watch for the further updates!

Saturday, March 4, 2017

How to configure Exchange 2010 Client Access Carry?

Before we continue and configuring Exchange CAS Array, I think we need to understand how and what type of connection is handled by the CAS servers and accordingly we can plan for the configurations.


In Exchange 2003, 2007 we had Frond end and Backend concepts were as Outlook Web Access, Outlook Anywhere, Active-Sync and other web services connected to CAS/Front End servers and MAPI/RPC connections connected directly to Backend mailbox servers.




Continue from Exchange 2007, we have CAS servers in Exchange 2010 but it’s improved lot of architecture design level.

MAPI/RPC, Outlook Anywhere, Outlook Web Access, Outlook Web Services, Active-Sync..etc is connecting to Exchange 2010 Client Access Service. However, still, Public Folder connection still routed to Backend Mailbox Server directly.




Benefits of CAS Arrays: -

It improved the common namespace connection from outlook and other resources.
It improved End user experience during the mailbox server/database failover.
Also, we can throttle the connection to improve the performance of the server.

Configuration: -

  • CAS Array is an object in Active Directory that associates with DNS name for RPC Client Access Service for a particular AD site.
  • Create the CAS Array Object in Active Directory.
  • Create DNS records for the CAS Array pointing the IP address of the CAS servers.
  • Configure the RPC Client Access Server attribute on the Mailbox Databases in the site.

Create the CAS Array Object in Active Directory: -

CAS Array objects are created and Managed using Exchange Management Shell, you cannot use Exchange Management Console to create and administer it.

  • Name = Headoffice or whichever is referred to your organization.
  • FQDN = outlook.learnexchange.info or whichever is preferred for your organization.
  • Site =AD Site “HeadOffice” where your mailbox server is installed.

New-ClientAccessArray – Name “HeadOffice” –Fqdn 

“outlook.learnexchange.info” –Site “Default-First-

Site-name”


Create DNS records for the CAS Array:-

In this port, I am using DNS Round Robin type, but you can use Hardware Load balancer, Windows Load Balancer.




Configure the RPC Client Access Server attribute on the Mailbox Databases: -

The Final step is to configure mailbox database RPCClientAccess server attribute. It is this attribute that Outlook looks up to determine which RPC Client Access Server to connect to for a given mailbox.

The attribute is set automatically when the mailbox database is created to either,

The CAS Array name if one already exists in the AD Site

The FQDN of a Client Access server in the AD Site

You can see from this that it is wise to configure the CAS Array object first before creating mailbox databases, or at the very least creating the CAS Array object and updating the mailbox databases before deploying mailbox users to those databases.



Get-MailboxDatabase | Set-MailboxDatabase -RpcClientAccessServer outlook.learnexchange.info




High Availability for Exchange Client Access Array: -

One of the biggest benefits of CAS Array is that enables the RPC Client Access Service is made highly available during the Patching, Hardware issue.

Thanks for Visiting. Keep watch for the further updates!