Exchange Server 2010 SP1 Beta and Exchange Server 2007 SP3 released

by Shijaz Abdulla on 08.07.2010 at 23:29

Exchange Server 2010 SP1 Beta incorporates a number of feature updates including archiving and discovery enhancements, a faster Outlook Web App (OWA), upgraded mobility features, and several improvements in the management UI. The SP1 beta is available to the public and can be downloaded today.

Recently, Exchange Server 2007 Service Pack 3 was also made available to customers in 11 languages for both 32 and 64 bit. As highlighted in the recent post on the Exchange Server Team Blog,  this service pack was created in response to strong customer demand for Windows Server 2008 R2 supportability for Exchange Server 2007. In addition to the newly supported OS, this service pack also provides updates to a number of core components and the reintroduction of the password reset functionality within OWA for customers using Windows Server 2008 and Windows Server 2008 R2.

Exchange Server 2007 will be supported on Windows Server 2008 R2

by Shijaz Abdulla on 06.11.2009 at 23:00

image image

Microsoft had initially planned not to have Exchange Server 2007 supported on Windows Server 2008 R2. However, in response to feedback from customers worldwide, things have taken an interesting change–

Exchange Server 2007 will soon be fully supported on Windows Server 2008 R2!

The Microsoft Exchange Team is working on an update for Exchange Server 2007 that will enable full support for Windows Server 2008 R2. Watch the Exchange Team Blog for latest information on this update.

This is an excellent example to prove that we do listen to customers. 🙂

Etisalat’s Blackberry – Suddenly it’s a privacy issue!

by Shijaz Abdulla on 15.07.2009 at 21:17

Day before yesterday, I wrote about the Blackberry update that caused device batteries to drain out on a UAE telco’s Blackberry subscriber network.

A later report in the Gulf News has revealed that the fateful patch, distributed by Etisalat, contained what is called an ‘interceptor’. An interceptor is basically a program that can potentially send a copy of each message on the device back to the service provider – which I would call – a serious privacy issue.

Quote from the Gulf News:

After a confirmation is successfully sent by the BlackBerry device to
etisalat, the device waits for a message from etisalat to activate the
interceptor software.
…if and when the command is received, the software sends every subsequent
opened message to etisalat.

…the software was also designed to protect itself from removal. It tracks changes to the system configuration and if it detects any, it uninstalls then reinstalls itself.

Apparently the battery drain was caused due the device waiting on an open data connection to send confirmation to Etisalat for the interceptor.

Unlike Blackberry devices, Windows Mobile devices are not managed by the service provider or telco. They are managed by the organization that owns/administers the devices, and hence there is a more complete degree of control on what software gets installed on these devices. All communication between the Windows Mobile device and the Exchange servers (email servers hosted within the organization’s premises), happens through a secure, encrypted SSL tunnel between the device and the server over the 3G/GPRS network. The operator only provides simple internet connectivity for the device, and can’t do much to intercept or tamper with email data getting sync’d with the device.

However, some organizations refrain from going the Windows Mobile way, the common reason being the ability to have consistent monthly data charges with the Blackberry. However, based on a recent survey with Windows Mobile users, we found very compelling results:

Windows Mobile 6.1, coupled with Exchange Server 2007 provided a major improvement in bandwidth utilization. For a heavily active user profile, Windows Mobile 6.1 used only 388 KB per day to synchronize with Exchange Server!

What’s more?

  • A single Exchange 2007 Client Access Server can handle more concurrent connections on similar hardware when compared to Blackberry Enterprise Server (BES).
  • Windows Mobile is of lower cost and complexity
  • Windows Mobile is more secure and is highly manageable through System Center
  • You get a wider choice of applications and devices.
  • Familar and open development environment fosters development of exciting tools/add-ons

Which Exchange 2007 High Availability Solution should I choose?

by Shijaz Abdulla on 14.05.2009 at 16:06

For those of you still upgrading to Exchange Server 2007 or consolidating your Exchange Servers, and are considering some of the High Availability solutions, I have a clear recommendation:

Avoid Single Copy Cluster (SCC); Use CCR (Cluster Continuous Replication) or SCR (Standby Continuous Replication) instead!

Why?

  • SCC is not a complete HA solution. There exists a single point of failure – the shared storage! In CCR or SCR, there are two replicas of the same data.
  • You don’t need a shared storage for CCR or SCR
  • You don’t need third-party replication software (such as Double-Take) to span the database over two data centers.
  • Improved failover behavior when compared to SCC.
  • Installation is easier than SCC, and you do not need to perform additional hardware validation because shared storage is not required.
  • Easier to manage.
  • Improve backup performance, by letting backups to run from the passive copy of the data
  • Single Copy Cluster (SCC) is being discontinued in Exchange Server 2010

So, for all future Exchange 2007 HA designs, please keep this in mind!

Fig 1. (below) Single Copy Cluster

Fig 2. (below) Cluster Continuous Replication

Implementing a two-node single copy cluster in Exchange Server 2007

by Shijaz Abdulla on 03.05.2009 at 17:29

This article used to exist on www.shijaz.com before it was taken down in May 2009. Originally published in July 2007.

This article gives step-by-step explanation on how to implement Single Copy Cluster in Microsoft Exchange Server 2007.

Background

For Exchange Server 2003 administrators:

Short and sweet: A two-node Single Copy Cluster in Exchange Server 2007 works just about the same way a two-node Active-Passive cluster works in Exchange Server 2003.

For newbie Exchange administrators:

It is assumed you know what the following terms mean:

  • Cluster

  • Node

  • Failover

  • Storage Group

  • SAN

A two-node single copy cluster (SCC) is a clustered mailbox server that uses shared storage in a failover cluster configuration to allow multiple servers to manage a single copy of the storage groups. In short, the Exchange data is stored on a shared storage device (such as a Storage Area Network – SAN) and is connected to two server computers, but can be accessed by only one at a time. The server computer that has access to the storage resource at any given point of time is called the Active node and the server computer is not active is called the Passive node. When the active node fails, the passive node gains access to the shared storage and the Exchange services run on the second node. The passive node then becomes active and this process is called failover.

2node1

Procedure

Task 1 of : Configure Network Cards

Configure two network cards in each node: a public network card for the clients and a private network card for the two server nodes.

  1. To configure a cluster, you need a minimum of two network cards on each node. Verify that you have at least two on each of your two servers.

  2. To easily identify the network cards, rename one card to "Public" and the other to "Private". The Public NIC on each server connects to your LAN and will have an IP address on your local LAN. The Private NIC on your server connects to private network shared between your two nodes. This can be a cross-cable connection directly drawn between the Private NIC of Node1 and the Private NIC of Node2. Use an IP address scheme that is different from your LAN IP range for the Private interfaces. The Private interface is used for "heartbeat" communication between the nodes (to see if the other node is "alive").

Task 2 of : Configure Shared Storage

Configure shared data storage, and assign the same drive letter for the shared disk storage on both nodes in the SCC cluster

  1. Configure your shared storage device and create volumes for use by the Exchange cluster. For information on how to do this, refer hardware documentation/vendor.

  2. Once the volumes have been created, map them on both servers by the same drive letter using Disk Management. (Right-click My Computer > Manage > Disk Management)

Task 3 of : Create Windows Cluster User Account

Create a Windows cluster service account that will be used by the clustering service to start and stop service during failover. The necessary permissions for this account are granted when configuring the cluster.

  1. Open Active Directory Users & Computers

  2. Create a user (say) CLUSTERADMIN.

  3. Set Password Never Expires for this user. You don’t want the password time bomb to blow on your face!

Task 4 of : Create the Cluster

Create a new cluster on the first node by using the graphical Cluster Administrator tool or the cluster.exe command-line tool.

  1. See my article "How to setup an Exchange 2003 cluster" and follow only step 1 and step 2 to create the cluster.

  2. Add the second node to the cluster, by specifying the computer name and the password for the cluster service account. If you wanted to create a multi-node cluster, add all the nodes in this step.

Task 4 of : Install Mailbox Server Role

Install the Exchange Server 2007 Mailbox Role on the active node

  1. Start Exchange Server 2007 setup and choose Custom Exchange Server Installation. Select the Active Clustered Mailbox Role.
    2Node_1

  2. During installation, you will be prompted for the clustered Virtual Name and the clustered Virtual IP. This is the "virtual" hostname/IP that will always be online regardless of which node is up. The virtual hostname and virtual IP address is created as a resource on the cluster. Clients will be configured to use this virtual hostname.
    Note: You can also run setup from the command prompt with the following options: /newcms /CMSname:ClusterMailboxServerName /CMSIPAddress:ClusteredMailboxServerNameIPAddress /CMSSharedStorage CMSDataPath

  3. If applicable, move existing storage groups and mailbox databases to the active node by using the Move-StorageGroupPath and Move-DatabasePath cmdlets in the Exchange Management Shell. Brief syntax is as follows:
    Move-StorageGroupPath -Identity <StorageGroupIdParameter> [-ConfigurationOnly <SwitchParameter>] [-CopyLogFolderPath <NonRootLocalLongFullPath>] [-CopySystemFolderPath <NonRootLocalLongFullPath>] [-DomainController <Fqdn>] [-Force <SwitchParameter>] [-LogFolderPath <NonRootLocalLongFullPath>] [-SystemFolderPath <NonRootLocalLongFullPath>]
    Move-DatabasePath -Identity <DatabaseIdParameter> [-ConfigurationOnly <SwitchParameter>] [-CopyEdbFilePath <EdbFilePath>] [-DomainController <Fqdn>] [-EdbFilePath <EdbFilePath>] [-Force <SwitchParameter>]

  4. Your first node is now ready. Install the Mailbox Server role on the passive node. Select Custom Exchange Server Installation, choose the Passive Clustered Mailbox Role option. Once setup completes, you will be able to failover from the active node to the passive node. Test the failover using Move-ClusteredMailboxServer Cmdlet.
    Important: Always test the failover (also called ‘Handoff’) using the Move-ClusteredMailboxServer cmdlet on Exchange Server 2007. It is recommended NOT to
    use the Move Group option in Cluster Administrator.

  5. Move mailboxes or create new mailboxes on the active node.

Test your Exchange Server remotely

by Shijaz Abdulla on 03.04.2009 at 00:07

Microsoft Exchange Team has released the Exchange Server Remote Connectivity Analyzer.

This tool helps you ensure that your Exchange internet services like Autodiscover, ActiveSync, Outlook Anywhere, Inbound SMTP have been configured correctly.

Exchange implementers! Bookmark this website: www.TestExchangeConnectivity.com

image

In the current release, the tool can check Exchange ActiveSync on Windows Mobile 5 and third party devices. It can also check Outlook Anywhere on Outlook 2003 and Outlook 2007 with Autodiscover.

For more information on the tool and a video, check out the Exchange Team blog.

MSExchangeSA Event 9396 while generating Offline Address Book

by Shijaz Abdulla on 28.01.2009 at 09:49

January 28, 2009

Log Name:      Application
Source:        MSExchangeSA
Date:          1/28/2009 10:18:59 AM
Event ID:      9396
Task Category: OAL Generator
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      servername
Description:
OALGen is running on a single-copy cluster (SCC) node that does not have the registry value ‘SYSTEMCurrentControlSetServicesMSExchangeSAParameters
servernameOabDropFolderLocation’ or it is set to a non-existing path. Offline address book generation will not be performed.

This typically happens on an SCC cluster when the OabDropFolderLocation registry entry:

  • does not exist (was accidentally deleted). The key should exist on all nodes with the same value.
  • the location/folder mentioned in this registry value was deleted or renamed
  • the location is on a non-shared disk (like C:). On an SCC cluster, this folder should always be on a shared disk.

To fix the problem, recreate the registry entry if it doesn’t exist, or edit the value so that it points to a valid location.

image

ExTRA crashes when you try to restore a mailbox

by Shijaz Abdulla on 26.01.2009 at 09:24

January 26, 2009

On Exchange Server 2007 SP1, Exchange Troubleshooting Agent hangs/crashes after you mount the database in the recovery storage group and begin the actual ‘merge or copy mailbox’ process with the following (or similar) crash information:

Problem signature:
  Problem Event Name:      APPCRASH

  Application Name:            ExTRA.exe
  Application Version:         8.1.240.3
  Application Timestamp:       47342a91
  Fault Module Name:           migbase.dll
  Fault Module Version:        8.1.240.5
  Fault Module Timestamp:      47427ba1
  Exception Code:              c0000005
  Exception Offset:            000000000006741e
  OS Version:                  6.0.6001.2.1.0.274.10
  Locale ID:                   1033
Operating System: Windows 2008 Server
Time Zone: (GMT+04:00) Abu Dhabi, Muscat
Alternate Language: en-US
Support topic(s): Tools/ExTRA

The solution would be to install Rollup Update 5 on Exchange Server 2007 SP1.

***Lighten your load. Store, Backup and Access Important Files Online using ElephantDrive – Free Trial.***

Outlook prompting for credentials when OAB Web-based publishing enabled

by Shijaz Abdulla on 25.01.2009 at 10:17

January 25, 2009

If you have enabled web-based publishing of your Offline Address Book (OAB) and your Outlook users get continuously prompted to enter their passwords, you need to check a couple of things:

  • Make sure Autodiscover is working perfectly before you made the OAB change.
  • Hold down the CTRL button and right click on the Outlook icon on the task bar, then select Test Email Autoconfiguration. Unselect GuessSmart and Secure GuessSmart and keep Use Autodiscover selected. On the Log tab, make sure Autodiscover is successful and that it was able to bind to an SCP.
  • Make sure that the autodiscover.domain.com entry is added to your certificate’s Subject Alernative Names list.
  • If you are facing problems with Autodiscover, you should correct that first before attempting the steps mentioned below.
  • Make sure that you have defined the External and Internal URLs for the OAB virtual directory in your client access server.

Once you have made sure that Autodiscover is working OK, and that the credentials are being prompted for the OAB URL (and not the mailbox server), you need to check the IIS Authentication setting on the client access server.

  • On the Client Access Server running Windows Server 2008, open IIS Manager console.
  • Click on Default Web Site
  • Open Authentication
  • Note that only Anonymous Authentication is enabled. All other authentication methods should be disabled.
    • Temporarily enable Windows Authentication
    • Right click on Windows Authentication and choose Advanced Settings
    • Uncheck Enable Kernel Mode Authentication and click OK
    • Disable Windows Authentication
    • Do an IISRESET

image

Also make sure that kernel-mode authentication is disabled for the RPC virtual directory.

Restart Outlook. You should no longer get the prompt for credentials. Test the configuration with Outlook Anywhere clients as well, if you have enabled Outlook Anywhere on your Client Access Servers.

You may need to repeat this configuration on all Client Access Servers that are enabled for Web-based publishing of Offline Address Book (OAB).

CAS running an ‘older version’ of Exchange?

by Shijaz Abdulla on 22.11.2008 at 21:18

Outlook Web Access is not currently available for the user mailbox that you are trying to access. If the problem continues, contact technical support for your organization and tell them the following: The Microsoft Exchange Client Access server that is proxying the Outlook Web Access requests is running an older version of Microsoft Exchange than the Client Access server in the mailbox Active Directory site.


If you have set up Exchange Server 2007 Client Access Servers in a CAS-CAS Proxy scenario, where the CAS server in the main site is exposed to the internet and the CAS servers in other remote locations depend on the internet-exposed CAS to proxy requests to them, users in the remote site may get the above error when they try to access their mailboxes via Outlook Web Access.

The cause is very simple. The Client Access Server in the remote site may have the latest Update Rollup for Exchange 2007 installed on it, while Client Access Server in the main site is still having an older Update Rollup.

I noticed this problem when the Client Access Server in the main site is running with Update Rollup 3, while the remote site has already got Update Rollup 4 installed.  A quick install of the latest Update Rollup on all servers solved the problem.

< Previous posts