Category: Exchange 2010

Exchange 2010

Exchange 2007/2010 Performance settings on vSphere.

When install a Exchange 2007 or Exchange 2010 Server on vSphere there are some settings that will increase de performance.

Use de VMXNET 3 Adapter
– Use per Disk a SCSI Controller
– Store the Log & Database files on physical Lun on a SAN
– Use the LSI LOGIC SAS controller for Windows 2008 & 2008 R2
Use the VMware Paravirtual SCSI (PVSCSI) Controller for Every physical Raw Device Mapping (RDM).

Another TIP.  Exchange 2007 & Exchange 2010 needs a lots of Memory. When choosing the size for the OS partition, swap file need also al lot of space.

Exchange 2010 MapiExceptionLogonFailed: Unable to make connection to the server

The Error that I get when I did a local move request to move a user to a another mailbox database.
The new user cannot send email & could not login to Outlook Web Access.

image

Error:
Failed to communicate with the mailbox database.

MapiExceptionLogonFailed: Unable to make connection to the server. (hr=0x80040111, ec=1010)
Diagnostic context:
    Lid: 37053   Win32Error: 0x6A6
    Lid: 23065   EcDoConnectEx called [length=48]
    Lid: 17913   EcDoConnectEx returned [ec=0x0][length=48][latency=31]
    Lid: 18969   EcDoRpcExt2 called [length=313]
    Lid: 27161   EcDoRpcExt2 returned [ec=0x3F2][length=342][latency=46]
    Lid: 41073   StoreEc: 0x3F2    
    Lid: 48243 
    Lid: 50033   StoreEc: 0x3F2    
    Lid: 1494    —- Remote Context Beg —-
    Lid: 1238    Remote Context Overflow
    Lid: 49213   StoreEc: 0x8004010F
    Lid: 48573 
    Lid: 64957   StoreEc: 0x8004010F
    Lid: 56253 
    Lid: 65085   StoreEc: 0x8004010F
    Lid: 40381 
    Lid: 56765   StoreEc: 0x8004010F
    Lid: 31229   Error: 0x0
    Lid: 19149   Error: 0x0
    Lid: 24509   Error: 0x0
    Lid: 1219    StoreEc: 0x8004010F
    Lid: 3225    StoreEc: 0x8004010F
    Lid: 60049   StoreEc: 0x8004010F
    Lid: 49469 
    Lid: 65341   StoreEc: 0x8004010F
    Lid: 56125 
    Lid: 47933   StoreEc: 0x8004010F
    Lid: 32829 
    Lid: 49213   StoreEc: 0x8004010F
    Lid: 48573 
    Lid: 64957   StoreEc: 0x8004010F
    Lid: 31229   Error: 0x0
    Lid: 19149   Error: 0x0
    Lid: 24509   Error: 0x0
    Lid: 1219    StoreEc: 0x8004010F
    Lid: 24041 
    Lid: 13488   StoreEc: 0x3F2    
    Lid: 28780 
    Lid: 20076   StoreEc: 0x3F2    
    Lid: 57713   StoreEc: 0x3F2    
    Lid: 49009   StoreEc: 0x3F2    
    Lid: 1750    —- Remote Context End —-
    Lid: 52465   StoreEc: 0x3F2    
    Lid: 60065 
    Lid: 33777   StoreEc: 0x3F2    
    Lid: 59805 
    Lid: 52209   StoreEc: 0x3F2    
    Lid: 19778 
    Lid: 27970   StoreEc: 0x3F2    
    Lid: 17730 
    Lid: 25922   StoreEc: 0x3F2    

Exchange Management Shell command attempted:
‘wardvissers.local/wardvissers/wardtest2’ | New-MoveRequest -TargetDatabase ‘MailStore II’

Elapsed Time: 00:00:01

Solution:

I backup the AD with Windows Backup for sure.

Then I suspend and dismounted every mailbox database.

I opened ADSIEDIT.MSC to check the value of HomeMDB and homeMTA:

Go to:
CN=Configuration->CN=Services->CN=Microsoft Exchange->CN=wardvissers->CN=Administrative Groups->CN=Exchange Administrative Group (FYDIBOHF23SPDLT)->CN=Servers->CN=DAGEK10-01->CN=Microsoft System Attendant

The value by my mailbox server looks a bid strange:
HomeMDB: CN=InformationStore,CN=DAGEK10-02,CN=Servers,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=wardvissers,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=wardvissers,DC=local

HomeMTA: CN=Microsoft MTA,CN=DAGEK10-01,CN=Servers,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=wardvissers,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=wardvissers,DC=local

Clear the Value bij HomeMDB & HomeMTA like the picture below.
image

Important:
Clear the value by every mailbox server if you have a dag cluster

Restarted the Microsoft Exchange System Attendant Service on every mailbox server.

Mounted & Resuming the mailbox database. Now the users could login again in OWA Smile.

Exchange 2010 Autodiscovery Issues

Two weeks ago a build my first production Exchange 2010 cluster. The Exchange 2010 web services are causing a lot of issues to people, and my self not any more.

Well, let us first list the directories that are used in the Exchange web service:

EWS is used for OOF, Scheduling assistance and free+busy Lookup.
OAB provides offline address book download services for client.
Autodiscover is used to provide users with autodiscover service.
EAS provides ActiveSync services to Windows Mobile based devices.
OWA provides outlook web access for users.
ECP provides Exchange control panel feature for Exchange 2010 users only.

Issues that might be resolved using the troubleshooting steps here:

You cannot set the OOF using outlook client, you receive the server not available error.
You cannot view free/busy information for other users.
You cannot use scheduling assistance, also you might receive not free/busy information data retrieved.
You cannot download Offline Address book errors.
You cannot use autodiscover externally.
Certificate mismatch error in autodiscover, users prompted to trust certificate in outlook 2007/2010.

First let us start by settings the right virtual directory configuration required for Exchange 2010 to work correctly:
Configure External and Internal URLs for OWS, ref: http://technet.microsoft.com/en-us/library/bb310763.aspx

You have to configure the internal URL to be the server name. In case you have multiple cas/hub servers configured in a NLB then can use the nlb cluster name for the internal url. 
External URL will be the URL used by users to access webmail e.g. https://webmail.wardvissers.nl/owa 

Configure the autodiscover internal URL, ref: http://technet.microsoft.com/en-us/library/bb201695.aspx

You will use the powershell cmdlet : Set-ClientAccessServer –Identity <CAS Server Name> -AutoDiscoverServiceInternalUri: <Internal URL>, this FQDN must match the URL included in the certificate. If you have NLB cluster then you put the internal name here like nlbek10.wardvissers.local

If you cannot use autodiscover.wardvissers.nl internally (you have a domain name of domain.local and you must use it), you will get a certificate miss match error, you will have to include the internal name in the SAN certificate if you purchase an external SAN certificate. 

You cannot set autodiscover external URL since outlook will try to access https://autodiscover.wardvissers.nl/autodiscover/autodiscover.xml, this behavior is by design and cannot be changed.

Best Practice: Use SAN Certificates

Depending on how you configure the service names in your Exchange deployment, your Exchange server may require a certificate that can represent multiple domain names. Although a wildcard certificate, such as one for *.wardvissers.nl, can resolve this problem, many customers are uncomfortable with the security implications of maintaining a certificate that can be used for any sub-domain. A more secure alternative is to list each of the required domains as SANs in the certificate. By default, this approach is used when certificate requests are generated by Exchange.

Best Practice: Use the Exchange Certificate Wizard to Request Certificates

There are many services in Exchange that use certificates. A common error when requesting certificates is to make the request without including the correct set of service names. The certificate request wizard in the Exchange Management Console will help you include the correct list of names in the certificate request. The wizard lets you specify which services the certificate has to work with and, based on the services selected, includes the names that you must have in the certificate so that it can be used with those services. Run the certificate wizard when you’ve deployed your initial set of Exchange 2010 servers and determined which host names to use for the different services for your deployment.

Which Names you must include when you use a third party SAN certificate, ref http://technet.microsoft.com/en-us/library/dd351044.aspx:
External:
webmail.wardvissers.nl
autodiscover.wardvissers.nl
legacy.wardvissers.nl (If you migrating from 2003 to 2010)
Internal:
autodiscover.wardvissers.local
legacy.wardvissers.local
nlbek10.wardvissers.local(Internal NLB CAS/HUB Cluster)
casarray.wardvissers.local(I use this address for the casarray. It has the same ip as the nlbek10)

Show and move “hidden” Arbitration mailboxes in Exchange Server 2010

When you have a new installation of Exchange 2010 Server and you want to move all mailboxes, including all hidden Mailboxen (Arbitration) from the default database store to a database that you created. Here is how i did it.

When you try to delete the default database you will get this message:

clip_image001

The Database is not empty, even though it does look empty if you do a get-mailbox for the specific database:

get-mailbox -Database “Mailbox Database 1905367170”

clip_image003

There is a switch that you should use if you want to see all mailboxes, even the “hidden” Arbitration mailboxes:

get-mailbox -Database “Mailbox Database 1905367170” –Arbitration

This gives a different result.
clip_image005

As you can se the database is n’t as empty as we first thought. To move these mailboxes to the new database you can easily pipe the result of the get-mailbox command and create new move requests for all Arbitration mailboxes:

get-mailbox -Database “Mailbox Database 1905367170” -Arbitration | New-MoveRequest –TargetDatabase “MailboxDatabase1”

clip_image007

Source: msundis.wordpress.com

Database Availability Group (DAG) in Exchange 2010

One of the new features of Exchange 2010 is DAG Database Availability Group. The Customer were i work now wants Exchange 2010 in a dag cluster because they have a datacenter for failback.
Because i going to implement Exchange 2010 at the customer i created a test setup.

Configuration:

Server 1 – HYPERVDC-01
OS: Microsoft Windows 2008 R2 Standard x64
IP: 192.168.150.90
Roles: Active Directory / Hyper-V

Server 2 – CHEK10-01
OS: Microsoft Windows 2008 R2 Standard x64
IP: 192.168.150.91
Roles: Exchange 2010 HT / CAS

Server 3 – CHEK10-02
OS: Microsoft Windows 2008 R2 Standard x64
IP: 192.168.150.92
Roles: Exchange 2010 HT / CAS

Server 4 – DAGEK10-01
OS: Microsoft Windows 2008 R2 Enterprise x64
IP: 192.168.150.93
Roles: Exchange 2010 MBX

Server 5 – DAGEK10-02
OS: Microsoft Windows 2008 R2 Enterprise x64
IP: 192.168.150.94
Roles: Exchange 2010 MBX

Creating the DAG

clip_image002
clip_image004

Groupname: DAG01
Witness Server: CHKEK10-01 (Microsoft says use one of the CAS or Hub Servers. You cannot use a DAG Server! If you want use a non Exchange 2010 server you must at the Exchange Trusted Subsystem group at the local administrators group.
Witness Directory: C:\DAG01
clip_image006

Add a MB server to a DAG

clip_image008clip_image010

clip_image012clip_image014

clip_image016clip_image018

clip_image020

Setting a IP address on a Database Availability Group

With the following command you can set the DAG Database Availability Group an IP address. Set-DatabaseAvailabilityGroup -Identity DAG01 -DatabaseAvailabilityGroupIpAddresses 192.168.150.96

Rollup 4 for Exchange Server 2010

The Exchange team has released Update Rollup 4 for Exchange Server 2010 RTM (KB 982639)

KB 982639 lists all the fixes included in this rollup. Here are some of the product improvements and critical bug fixes we’d like to call out starting with 5 improvements we made to prevent crashes in very unique scenarios.

  • KB 980852 The RpcClientAccess process on an Exchange Server 2010 server crashes when you access a mailbox by using a MAPI application
  • KB 979801 An error message is generated in Exchange Server 2010 when you use Exchange Troubleshooting Assistant
  • KB 980364 The Exchange Transport service on an Exchange Server 2010 server crashes when a certain message is processed
  • KB 980353 A MAPI application that is used to access Exchange Server 2010 mailboxes crashes when the application accesses an address book
  • KB 979790 An IMAP4 client crashes when accessing an Exchange Server 2010 mailbox

We corrected a few replication issues some of you encountered.

  • KB 980149 The Add-MailboxDatabaseCopy command fails when it is used to add a database copy to a Database Availability Group in an Exchange Server 2010 environment
  • KB 981961 Event ID 4033 is logged and the Free/Busy replication from an Exchange Server 2003 server to an Exchange Server 2010 server fails
  • KB 979921 You cannot replicate a public folder from one Microsoft Exchange Server 2010 server to another, and Event ID 3079 is logged on the target server

Important:
Microsoft Update does not detect Update rollups on Exchange Server 2010 Mailbox servers that are part of a database availability group (DAG).

Download Rollup 4 for Exchange 2010 HERE

Configuring Client Access Array for Exchange 2010

When you want to use the Client Access Array function from Exchange 2010. You have to options.
1. Use the NLB function in Windows. Check this article that i blogged: Configuring NLB for Exchange 2010 for Cas load balancing.
2. When you have 2 physical load balancers in combination with a DAG cluster.

I haven’t any pre-Created CAS arrays in my hyper-v.local domain. But you would to check of there is any pre-created CAS Arrays. Run the command below. if you didn’t create a CAS Array before, you will get nothing .

Get-ClientAccessArray
clip_image002

Then you should create new Client Access Array. Run below Cmdlet in Exchange Management Console

New-ClientAccessArray –Name “CasArray1” –Fqdn casarray.hyper-v.local -Site “Default-First-Site-Name”

clip_image004
Now we have finished creating a CAS array. Then we must associate databases with this CAS Array.
Use below CMDLet to add mailbox database to CAS array. We can attach all mailbox databases at once as shown as shown  below

Get-MailboxDatabase | Set-MailboxDatabase -RPCClientAccessServer “casarray.hyper-v.local”
clip_image006

Exchange 2010 SP1 Beta

Exchange Server 2010 Service Pack 1 Beta is available now. It incorporates a number of feature updates including: archiving and discovery enhancements, a faster Outlook Web App (OWA), upgraded mobility features, and several improvements in the management UI. In short it helps you achieve new levels of reliability and performance by delivering features that help to simplify your administration, protect your communications, and delight your customers by meeting their demands for greater business mobility.

Microsoft Download Center Link is here and direct downloadable exe file link is available below.

File Name: Exchange2010-SP1-Beta-x64.exe
Version: 14.01.0180.002
Date Published: 6/5/2010
Language: English
Download Size: 532.5 MB

Configuring NLB for Exchange 2010 for CAS Load Balancing

Exchange’s dependence on the Client Access Server (CAS) role has increased dramatically in Exchange 2010.  This is because, in Exchange 2010, on-network Outlook MAPI connectivity now connects to a mailbox through the CAS role via the RPC Client Access Service.  As a result, high availability of the CAS role is crucial since any failure of CAS could affect Outlook client connectivity.  For smaller implementations or those where the limitations of native Windows Network Load Balancing (NLB) are not a major problem

You need two or more Exchange 2010 servers (each with two NICs) with the CAS role installed have been deployed, you are ready to start configuring NLB to provide high availability and load balancing.  First, you must allocate a dedicated private IP address and create an associated A record in DNS for the NLB cluster. 

This IP address and name are what clients will connect to and against which the ClientAccessArray will be created.  In this blog post, I will use 192.168.150.95 and casarray.hyper-v.local
To simplify the management of your NLB cluster members, I recommend that you name each NIC’s network connection so that it is easy to understand what function the NIC serves.  For example, as depicted below, I have named the connections “LAN” (used for communication with clients and servers on the network) and “NLB” (used for internal NLB heartbeat).  This process should be repeated on all NLB cluster members.

IP configuration:
Server 1:
LAN:
IP: 192.168.150.90
Subnetmask: 255.255.255.0
Gateway: 192.168.150.254
DNS: 192.168.150.1

Server 2:
LAN:
IP: 192.168.150.91
Subnetmask: 255.255.255.0
Gateway: 192.168.150.254
DNS: 192.168.150.1
clip_image002

 

Configuring NLB – First Member

On each NLB cluster member, NLB must be installed.  With Windows 2008 R2, this can be completed simply by running the command “ServerManagerCmd -i NLB” via a command prompt.  Once NLB has been installed, launch the Network Load Balancing Manager to continue the configuration process.

clip_image003[1]

To create your new cluster, you can right-click Network Load Balancing Clusters or simply click Cluster, New.  In the New Cluster wizard, enter the name of the first server in the NLB cluster (for example, CHEK10-01) and click Connect.  This will display the available NICs on the server, at which point the NLB NIC should be chosen before clicking Next.

clip_image005

Since this is the first member of the NLB cluster, you can leave the all of the Host Parameters at their default values, as depicted below.  Please note that the Priority value should be configured as 1 for the first member.

clip_image007

Next we must configure the IP address and subnet mask of the NLB cluster, which is the IP address for which we created a DNS A record at the very beginning of this process.  In this example, this would be 192.168.150.95 and 255.255.255.0, respectively.

clip_image009

For the Cluster Parameters, we want to enter the FQDN of the DNS A record we created at the very beginning of this process (casarray.hyper-v.local).  In addition, Unicast should be selected as the desired clustered operation mode.

clip_image011

I lieve the Port Rules how they are and end with Finish
clip_image013

Let the NLB cluster converge with its first member and you should eventually see the cluster report success.

clip_image015[1]

Now you can proceed with adding your second cluster member.

Configuring NLB – Second/Subsequent Member

After the configuration of the NLB cluster itself and the first NLB cluster member has been completed, you are ready to add additional members.  Provided that NLB has been installed, you can simply right-click on your NLB cluster in the Network Load Balancing Manager and click Add Host To Cluster.

Enter the name of the second NLB cluster member, for example CHEK10-02, and click Connect.  Be sure to choose the NLB LAN NIC and click Next.

clip_image017

On the Host Parameters screen, ensure that the Priority is set to 2 (or as appropriate, depending on how many cluster members you have) and click Next.

clip_image019

Confirm that your port rules are accurate and, if they are, click Finish to add your second NLB cluster member.

clip_image021

Let the NLB cluster converge with the new member and, eventually, it should report success.

clip_image023

At this point, you have an NLB cluster with two members!

Next configure CASARRAY.

Exchange 2010 Hiding a Distribution Group from the Exchange Address List

Some times you want to hide a Distribution Group from de Global Address List (GAL).
In Exchange 2010 this is a simple thing
1. Open the properties from the Distribution Group.

2. Go to the Tab Advanced
image

3. Set V by Hide group from Exchange address list

image

Translate »