Archiwum kategorii: Exchange

Outlook not connecting to Exchange 2016 outside LAN – MAPIoverHTTPS

Since Exchange 2013 lots of things are changing and some technology’s that we are used to are being force out. Recently I was asked to performed migration form Exchange 2010 to Exchange 2016. I have done fair number of migrations but this was first to 2016. Everything went smooth. I encounter some small problems with Mailbox Database states and problems with Public Folder migration but nothing scary. Test users did not report any issues so we proceed with migration. On Monday user starter to report that Outlook is not connected without VPN. Strange how did I w missed it. Outlook Anywhere is setup correctly the EWS is reachable and all VirtualDirectorys are setup as should. Test-OutlookConnectivity end up in success. After some digging and taking closer look into Autodiscovery and Connection status of Outlook it came out instead of trying to connect using OutlookAnywhere it did try to use MAPIoverHTTPS.

Why even use MAPIoverHTTPS I will not repeat MS just fallow this Technet
Article. In Short it is more stable connection that allows pause resume states. In my short experience it not always works as it should and I notice sometimes it is not reconnecting during network switch but maybe it is still some misconfiguration of mine. Since this is the future I decided to set it up. I don’t know why by default it is set this way that Outlook Anywhere is not working. First you need to decide what mechanism you want to use and second setup appropriate settings in exchange. To do some there are two important tables form technet. And I advise to check this Microsoft configuration Guide

Product Exchange 2016 RTM Exchange 2013 SP1 Exchange 2013 RTM Exchange 2010 SP3
Outlook 2016 RTM
  • MAPI over HTTP
  • Outlook Anywhere
  • MAPI over HTTP
  • Outlook Anywhere
Outlook Anywhere
  • RPC
  • Outlook Anywhere
Outlook 2013 SP1
  • MAPI over HTTP
  • Outlook Anywhere
  • MAPI over HTTP
  • Outlook Anywhere
Outlook Anywhere
  • RPC
  • Outlook Anywhere
Outlook 2013 RTM Outlook Anywhere Outlook Anywhere Outlook Anywhere
  • RPC
  • Outlook Anywhere
Outlook 2010 SP2 and updates KB2956191 and KB2965295 (April 14, 2015)
  • MAPI over HTTP
  • Outlook Anywhere
  • MAPI over HTTP
  • Outlook Anywhere
Outlook Anywhere
  • RPC
  • Outlook Anywhere
Outlook 2010 SP2 and earlier Outlook Anywhere Outlook Anywhere Outlook Anywhere
  • RPC
  • Outlook Anywhere
Outlook 2007 Outlook Anywhere Outlook Anywhere Outlook Anywhere
  • RPC
  • Outlook Anywhere
Organization setting (MapiHttpEnabled value) User or mailbox setting (MapiHttpEnabled value) User or mailbox setting (MapiBlockOutlookExternalConnectivity setting) AutoDiscover result
$true $null $false MAPI over HTTP, internal and external
$true $null $true MAPI over HTTP, internal only
$true $true $false MAPI over HTTP, internal and external
$true $true $true MAPI over HTTP, internal only
$true $false $false Outlook Anywhere, internal and external
$true $false $true Outlook Anywhere, internal only
$false $null $false Outlook Anywhere, internal and external
$false $null $true Outlook Anywhere, internal only
$false $true $false MAPI over HTTP, internal and external
$false $true $true MAPI over HTTP, internal only
$false $false $false Outlook Anywhere, internal and external
$false $false $true Outlook Anywhere, internal only

Since I decided to use MAPI over HTTP internally and externally. I did go for this settins.

  1. Setup Exterlna URL for mapi Virtual Directory

    Get-MapiVirtualDirectory -server ServerName | Set-MapiVirtualDirectory -ExternalUrl „https://consto.com/mapi”

  2. Test settings for test user.

    Get-CASMailbox UserName | select *mapi*

    Result:

    MAPIEnabled : True

    MapiHttpEnabled :

    MAPIBlockOutlookNonCachedMode : False

    MAPIBlockOutlookVersions :

    MAPIBlockOutlookRpcHttp : False

    MAPIBlockOutlookExternalConnectivity : False

  3. Set appropriate values using 2nd table.

Finally test user connectivity and apply setting to other users. As I mention I’m still getting some reports about reconnection problems but overall I’m glad that we don’t stuck in past. I like PowerShell clarity instead of constantly looking for options in windows, I like that Public Folders evolve and are more reliable and I think I will like MAPI over HTTP.

Cheers,

Maciej

Quick Guide – Migration Exchange 2007 on Windows 2003 to Exchange 2013 on Windows 2012 R2 – Part 2

This part will cover how to migrate PF and Removing old Exchange from Active Directory. This can be sometimes tricky and please pay attention what server are You should be on as there is some juggling.

!!! Sometimes will put in Shell examples variables i.e. <FQDN of source server> remember to replace it accordingly to Your environment

1.Migrate Public Folders

1.1 Take a time and check out Technet information about this part that you can find HERE

1.2 Download Migartion Scripts from HERE:

1.3 Prepere migration Files

1.3.1 Copy all the scripts to C:\PFMigration on Exchange 2007

1.3.2 Open Management Shell on Exchange 2007

Create Folder Name to folder size Mapping.

– Export original Public Folder Structure

Get-PublicFolder -Recurse | Export-CliXML C:\PFMigration\Legacy_PFStructure.xml

– Export Public Folder item count size and owners

Get-PublicFolderStatistics | Export-CliXML C:\PFMigration\Legacy_PFStatistics.xml

– Export Public Folder Permission

Get-PublicFolder -Recurse | Get-PublicFolderClientPermission | Select-Object Identity,User -ExpandProperty AccessRights | Export-CliXML C:\PFMigration\Legacy_PFPerms.xml

– If the name of a public folder contains a backslash \, the public folders will be created in the parent public folder when migration occurs. Before you migrate, we recommend that you rename any public folders that have a backslash in the name.

Get-PublicFolderDatabase | ForEach {Get-PublicFolderStatistics -Server $_.Server | Where {$_.Name -like „*\*”}}

* If You are using this Guide for Exchange 2010 to Exchange 2013 Migration check appropriate script in Technet (Step2 Point 2a)

– If any public folders are returned, you can rename them by running the following command

Set-PublicFolder -Identity <public folder identity> -Name <new public folder name>

– Make sure there isn’t a previous record of a successful migration (Command Should Return False in both fields)

Get-OrganizationConfig | Format-List PublicFoldersLockedforMigration, PublicFolderMigrationComplete

1.3.3 Still on Exchange 2007 machine

– Create the folder name-to-folder size mapping file.

.\Export-PublicFolderStatistics.ps1 PF_Statistic.csv <FQDN of source server>

1.3.4 Long on to Exchange 2013 Management Console

– Copy PF_Statistic.csv form Exchange 2007 Machine to Exchange 2013 C:\PFMigration and go in management Shell to this folder.

.\PublicFolderToMailboxMapGenerator.ps1 5GB PF_Statistic.csv PF_Folder2Mailbox.csv

*Max Size is 25GB

1.3.5 Create mailboxes to store Public Folders on Exchange 2013 Shell

TIP: I prefer to store Public Folders in separate Mailbox Database and name Public Folders Mailboxes respectfully to its content. So If you like to set it up like me just create new Mailbox Database (e.g. PF_Database) and rename Mailbox name in PF_Folder2Mailbox.csv and new-mailbox command (e.g. PF_Mailbox1) For purpose of this guide I will left names as created by Microsoft Provided scripts.

New-Mailbox -PublicFolder Mailbox1 –HoldForMigration: $true

You can specific name and mailbox database by adding –Database <Mailbox Database Name> and –Server <FQDN of source server>

1.3.5 Now start Migration – remember to be aware on witch server you are and also that Public Folders will now be unavailable for users.

Exchange 2013 Shell

Start Migration request

New-PublicFolderMigrationRequest -SourceDatabase (Get-PublicFolderDatabase -Server <FQDN of source server>) -CSVData (Get-Content PF_Folder2Mailbox.csv -Encoding Byte)

– Check Migration State

Full

Get-PublicFolderMigrationRequest | Get-PublicFolderMigrationRequestStatisti­cs -IncludeReport | fl

Brief

Get-PublicFolderMigrationRequest | Get-PublicFolderMigrationRequestStatisti­cs -IncludeReport | fl | Select Name,Status

If State is AutoSuspended do the fallwoing

Exchange 2007 Shell

Lock Folders for Migration

Set-OrganizationConfig -PublicFoldersLockedForMigration:$true

Exchange 2013 Shell

Resume Migration Task

Set-PublicFolderMigrationRequest -Identity \PublicFolderMigration -PreventCompletion:$false

Resume-PublicFolderMigrationRequest \PublicFolderMigration

– Check Migration State

Full

Get-PublicFolderMigrationRequest | Get-PublicFolderMigrationRequestStatisti­cs -IncludeReport | fl

Brief

Get-PublicFolderMigrationRequest | Get-PublicFolderMigrationRequestStatisti­cs -IncludeReport | fl | Select Name,Status

Now be patient State should change to InProgress and wait till You see state as completed.

1.3.6 Test and Unlock the Public Folder

Assign new Public Folder Mailbox to test user

Set-Mailbox -Identity <Test User Mailbox> -DefaultPublicFolderMailbox mailbox1

Logon to test user mailbox via OWA or Outlook and test folders. See if you can manage it and create items.

If everything is OK proceed

Exchange 2013 Shell

Get-Mailbox -PublicFolder | Set-Mailbox -PublicFolder -IsExcludedFromServingHierarchy $false

Exchange 2007 Shell

Set-OrganizationConfig -PublicFolderMigrationComplete:$true

2. Remove Exchange 2007 – Everything is now done on Exchange 2007 Shell and UI

This task should be simple. Delete and uninstall everything J

2.1 Check if all mailbox are migrated to new server and if so Delete all the Mailbox Database form Exchange 2007

Remove-MailboxDatabase -Identity <Mailbox Database Name>

2.2 Remove all OAB form Exchange 2007. Check if OAB form new server is assign.

Remove-OfflineAddressBook -Identity <OAB Name>

2.3 Uninstall Exchange 2007 form server. From Elevated Command Prompt run

Setup.com /mode:uninstall

Now it is done you can remove old server form domain. I hope this was helpful for some of You.

Cheers.

Maciek Jędryszek

Quick Guide – Migration Exchange 2007 on Windows 2003 to Exchange 2013 on Windows 2012 R2 – Part 1

Scenario is simple. We have one server with Exchange 2007 installed on Windows Server 2003 Standard. We added new server to domain with Windows 2012 Standard R2 to be our new Exchange 2013 Server. The plan is to Install Exchange 2013 and migrate mailboxes from old server. New Server is installed and up to date.

1.Install Prerequisite

1.1 Update Exchange 2007 Server to latest Rollup. Rollup list you can find HERE

1.2 On New Exchange 2013 Server Install:

Unified Communications Managed API 4.0 Runtime

Microsoft Office 2010 Filter Packs

Service Pack 1 for Microsoft Office Filter Pack 2010 (KB2460041) 64-bit Edition

▪ Install required Windows Features and Roles

You can also download my simple PowerShell script that will install all required Roles and Features. Available HERE It is just a simple example of PS>Install-WindowsFeature. You can read more about it on Technet.

2.Prepare Domain

2.1 Now let’s prepare Active Directory. Just remember to check Organization Name. You can do that by running on Exchanage 2007 Server Management Shell following command.

Get-OrganizationConfig |select Name

2.2 Go to Exchange 2013 server and open command prompt. Insert or mount Exchange 2013 media and go to it.

Use this command to prepare AD just remember to change Organization to appropriate.

.\setup /PrepareAD /OrganizationName: consto /IAcceptExchangeServerLicenseTerms

3.Install Exchange 2013

3.1 Now it is time to install Exchange 2013. Run setup form Exchange media and fallow the wizard. I think good practices to store Exchange Installation and Mailboxes on 2nd Partition and Logs on 3rd. Just for clear view.

▪ Accept the License

▪ Don’t use recommended settings

▪ Select Server Roles

▪ Specific Install Directory

▪ Disable malware scanning – No

▪ And if no Warring’s or Errors will display install Server. (If you get warring’s or errors refer to links in prerequisite check)

▪ You can now update the Exchange 2013 Server but just in case don’t go further than Exchange Server 2013 Service Pack 1 (SP1 aka CU4). This is quite important and often missed in other guides. CU5 change ipv6 and may generate communication problems with old server a specially if You are using Windows 2003 or implementation takes place in small environments where DC is same Server as Exchange. Cumulative Updates for Exchange 2013 list can be found HERE.

4.Configure Exchange 2013

4.1 Create Exchange 2013 Admin Account. If your current Exchange account have Mailbox on Exchange 2007 You will not be able to connect to ECP using this credentials. That is why create new Exchange Admin Account f.e. ExAdm that will be member of Exchange Admins and Exchange Organization Administrators.

4.2 Prepare Database Path and Log location – ref. to my previous post

4.3 Setup Virtual Directories External URL – go to ECP -> Servers -> Virtual Directories and setup external URL for each Virtual Directory

▪ Autodiscover

▪ ECP

▪ EWS

▪ Microsoft-Server-ActiveSync

▪ OAB

▪ OWA

4.4 Configure Outlook-Anywhere – go to ECP -> Servers ->Servers -> [Exchange2013ServerName] -> Outlook Anywhere

4.5 Configure Send and Receive Connectors (if there is no major change in your environment you can leave it as it is)

4.6 Configure Certificates (If You are using other CA (local or public) replace self-singed certificate with the appropriate one and assign it to Services)

New-ExchangeCertificate – generate request

▪ If You are using local CA generate certificate using request and Web Server template

Import-ExchangeCertificate – import new certificate

Enable-ExchangeCertificate – assign services

4.6 At this point we should have environment with 2 Exchange Servers within same Organization. This should be a time to start thinking about migration. First lest migrate Administrator Account to Exchange 2013 (if you Admin already have mailbox on Exchange 2007 else use other account to test environment) I’m choosing Admin account because I don’t want to test it on new clean mailbox and admin account is one mailbox that usually contains just spam and some reports (nothing major – at least in my case)

4.7 Create Migration Batch. Got to ECP -> Recipients -> Migration.

▪ Add user to Migration

▪ Name migration Batch

▪ Specific destination mailbox database

▪ Specific who will receive migration report

▪ Run Migration Batch

And wait till it is finish. By default there is zero tolerance for bad items but if your mailbox is corrupted browse corrupted items and either save it via outlook or accept it lose and run migration batch with appropriate bad items limit.

4.8 Login first to OWA first and see if everything is ok. Then start Outlook and if ask reopen it again.

4.9 If everything is ok Congratulation you can now create new batch with more users.

5.END of Part 1

Things that are still on schedule is Public Folder migration (and this can be tricky since in Exchange 2013 Public folder is way different and evolved into Public Folder Mailboxes) and removing Exchange 2007 from old server. I will cover this in Part 2.

If You encounter any problems please let me know I will try to help if I can.

Cheers,

Maciek

Exchange 2013 – SMTP Banner

It is always good to setup SMTP Banner to match RevDNS Record. More often in medium and small company’s server external server name do not match internal one. This may cause problems with your outgoing mails as some server may register it as spam due this mismatch in Banner.

 

To Check current SMTP Banner just telnet on port 25 to you server IP. By default you will get response that will give your Local FQDN.

 

220 servername.local Microsoft ESMTP MAIL Service ready at Fri, 9 May 2014 12:13:35 +0200

 

I’m quite used to check servers on http://mxtoolbox.com/ site using mail server check just to verify if nothing is missed. The Banner issue will give fallowing results.

 

 

  1. Let’s Start with identifying which connector is default frontend. This should be the one with Anonymous users in Permission groups. By Default it is simply named Default Fronted ServerName

 

 

  1. No we just need to modify banner for this receive connector.

     

    Ref: http://technet.microsoft.com/en-us/library/bb124740(v=exchg.150).aspx

    Ref: http://technet.microsoft.com/en-us/library/bb125140(v=exchg.150).aspx

     

    To do so we use PS command Set-ReceiveConnector

     

    Set-ReceiveConnector -Identity „Default Fronted ServerName” -Banner „220 ExternalServerName” -ConnectionTimeout 00:15:00

 

IIS and Exchange – Log Retention

Let’s start with that log files retention should be handle by backup mechanisms. But sometimes backup is handle by different layer (f.e. Virtualization) and You still want to manage your logs.

There are few suggestions how to handle it and one of those is via PowerShell Script. Today I wanted to provide You with my variation of Log Purge script and how to set it up in Task Scheduler.

You can download the scrip over here LogPurge4.ps1

Script base on 2 parameters .

First is Integer that provide number of days between 0 and 365 that sets log files maximum age.

Second is path to text file that contains list of folders with log files. (Example to download – this example have default path to IIS and Exchange log files, remember to check if yours are not redirected)

So if we want to call script from PowerShell that will Purge f.e. IIS logs older than 30 days we need to provide text file that will have just one line (if You store IIS log files in default path o.c.)

Example.txt

C:\inetpub\logs

And call it from PowerShell

    .\LogPurge4.ps1 30 Example.txt

This will check all the subfolders from C:\inetpub\logs and search for files with extension *.log or *.blg that are older than 30 days and delete it. It will also generate report file with list of all processed folders and files and name it LogPurge-FileList.txt

This is quite neet. Now if u want to schedule it in TaskSheduler, You have to remember few things.

  1. Call Powershell just in case and provide script as parameter.
  2. And if u provide full path to Folders list file or script use quote ” so string will be interpreted as one parameter
  3. Always good to provide start in folder.

Here is Example of Action in task.

LogPurge4.ps1 and TargetFoldrer.txt are in C:\Scripts\Log\

Action:        Start Program

Program:    C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Arguments:    C:\Scripts\Log\LogPurge4.ps1 30 TargetFolder.txt

Star in:         C:\Scripts\Log\

Exchange 2013 – Rename, Move Transaction Logs, Remove Default MailboxDatabase

 

After fresh installation u stuck with default MailboxDatabase that looks like this:

 

You can rename it and keep using and in this scenario You might also want to move Transaction Logs to Logs Partition. Rename is simple.

  1. Logon to ECP
  2. Go to Server -> Database
  3. Select Mailbox Database and click on edit
  4. Now simply change the name.

 

To move Transaction logs use command

 

Move-DatabasePath „Mailbox Database name” -LogFolderPath L:\LogFolder

 

Ref: http://technet.microsoft.com/en-us/library/bb124742(v=exchg.150).aspx

 

Or like me You might like to delete it and create new one and move things as You like. First ensure that there is nothing on this data base that will prevent You from deleting it. To do so use fallowing PS commands:

 

Get-Mailbox -Database „Mailbox Database 0039654422”

Get-Mailbox -Database „Mailbox Database 0039654422” -Archive

Get-Mailbox -Database „Mailbox Database 0039654422” -PublicFolder

Get-Mailbox -Database „Mailbox Database 0039654422” -Arbitration

 

If Mailbox is fresh You should get fallowing results.

 

Before we can remove Database we need to move system mailboxes to new one.

 

Get-Mailbox -Arbitration | New-MoveRequest -TargetDatabase „New Mailbox Database Name”

Get-Mailbox –Database „Mailbox Database 0132456789” | New-MoveRequest -TargetDatabase „New Mailbox Database Name”

 

And now go back to ECP to delete MailboxDB

  1. Logon to ECP
  2. Go to Server -> Database
  3. Select Mailbox Database and click delete

 

Public Folder Assistant in Exchange 2010 SP3

Recently we were asked to setup auto-reply message on public folder. We all know that Public Folders are no longer in favour with Microsoft. Luckily in Exchange 2010 we have Public Folder Management Console to help us but error handling could be better. Till SP1 Rollup 4 to get this feature working it required messing with ADSIedit and as Microsoft states it is just wrong to do so.

  1. It is always good to have a special account (not to use Domain Admin) just in case. So let’s create AD user account (with no extra privilege) and correspondent mailbox as it will be needed to do some setting via outlook.
  2. Some ppl wrote that if you created PF before installing SP2, even if setup correctly, Folder Assistant rules will not work. So what they do is create new PF and move data as well as assigned mails alias to this new PF. It wasn’t like this in my case and it is probably mess in rights configuration but since someone claim it might help I just wanted to mention it.
  3. To user created in first point we need to assign appropriate permissions:
    1. Start from owner rights on public folder – Start Public Folder Management Console form EMC (Exchange Management Console) -> Toolbox Select Default Public Folder and select Public folder you want to give rights. From Action menu got to Properties

    2. On Permission tab add User and select level to Owner

    3. User will also require Send As permission From Public Folder Management Console select Manage Send As Permission and Add User form wizard.

  4. This point is often missing in other guides I found and sometimes can give You a headache if test is done from external account and You didn’t notice that internally it’s been working since 2 hours J . If You plan that reply options will send mails not only to internal accounts but also to external ones you need to Allow automatic replies and forwards (depend what will be used) Exchange Management Console – > Organization Configuration -> Hub Transport -> Remote Domains (tab) from context menu properties and Message Format tab

  5. Finally we can set up rule we plan. Open outlook using previously setup account and select appropriate public folder. From context menu go to properties and from there click on Administration tab. Start Folder Assistant.

  6. Now simply add rule and define parameters you found useful. If f.e. just a simple mail is required to send as a reply to each mail (often use in Customer Support email) just select Reply using and click on Template to create one (fill just message
    text, subtitle and confirm with save).

  7. If you are using pre SP1 RU4 Exchange you need to setup Receive As permission on Exchange Administrative Group for user we created. To do so open ADSIedit.msc and add connect to configuration. Then browse tree Services-> Microsoft Exchange -> %OrganizationName% -> Administrative Groups -> Exchange Administrative Group and form properties go to Security and add user form advanced permission Receive As. My advice: don’t to so just install the update.



There is no doubt that MS Exchange is great solution for company messaging. The other great thing is that it is changing and things like constantly enhanced Management Shell help us speed up configuration and administration processes. But when receive error with no error or any information what might point to problem it simply generates number of lost hours for number Administrators. Just a thought.