Didn’t manage to make it to TechEd this year? No worries, possum! Channel 9 has recordings of the sessions for your viewing pleasure!
Update: O365 sessions can be found here
Update: Lync Sessions can be found here
( This is Scott’s session, but there is no intro slide to capture. )
Cheers,
Rhoderick
Via this blog we have discussed the fundamentals of Exchange Autodiscover, and also issues around the Set-AutodiscoverVirtualDirectory cmdlet.
At this point the message should be out there with regards to how Outlook functions internally and externally to locate Autodiscover and the difference that having the workstation domain joined makes. Lync on the other hand is a different beastie!
Both the Outlook Client and the Lync client want to get to the Exchange Autodiscover endpoint, but they differ in how to get to Sesame Street. **
At one of my recent engagements the customer experienced a situation around Lync 2010 and Exchange 2010 integration. Exchange was successfully upgraded to Exchange 2010, and OCS was still in use. When piloting Lync 2010 and the Lync 2010 client they noted errors in the Lync client. There were a couple of reasons for this. The required configuration on the load balancer was not in place, and the device’s firmware was not at the required build level.
When we investigated what Lync and Exchange Autodiscover were doing, we noted that Lync was not locating the Exchange Autodiscover endpoint. Hmm. That’s a bit strange, innit? Outlook was running perfectly, and all the domain joined clients were always able to located Autodiscover by querying for the SCP. The Lync client on the other hand does not leverage SCP when locating Exchange Autodiscover.
Dave Howe’s whitepaper Understanding and Troubleshooting Microsoft Exchange Server Integration discusses this in more detail and is a great read! The one line that distils the important message is:
Unlike Outlook, which uses an SCP object to locate the Autodiscover URL, UC clients and devices will only use the DNS-based discovery method.
There is also a flow diagram in the whitepaper showing the DNS records used.
Note that nowhere in Dave’s article does he change or view the properties of the Autodiscover virtual directory. The same is also true in Prerequisites for Integrating Microsoft Lync Server 2013 and Microsoft Exchange Server 2013.
There are some differences between Exchange 2007 and 2010 with regards to how the requests get serviced. Exchange 2007 only does POX (Plain Old Xml) whereas newer Exchange does SOAP (Simple Object Access Protocol) in addition. Lync can leverage SOAP, Outlook kicks it old School with POX.
The customer above had deployed Exchange, but had not created any internal DNS records for Autodiscover.domain.com. Technically this was not needed for their Exchange + Outlook design, as they have an environment with HA load balancers and multiple CAS servers behind each load balancer. Their Autodiscover namespace had been set as the load balancer FQDN. As such the FQDN Autodoscover.domain.com was not on any of the Exchange CAS Certificates. And as mentioned in the busting Autodiscover myth post on Set-AutodiscoverVirtualDirectory their Autodiscover URI was previously configured by running:
Set-ClientAccessServer –AutoDiscoverServiceInternalUri “https://lb.contoso.com/Autodiscover/Autodiscover.xml”
In order to change this they:
** - That 8 foot tall yellow bird still freaks me out!!
>>>
Update 28-10-2013: Added PowerShell example to install Desktop Experience
While working with one of my consulting colleagues recently on some Windows Server 2012 installations. There was an application requirement to install Media Player onto a couple of the servers. This met with some muttering and cursing from the nearby fabric covered box as the option to install the Desktop Experience feature is not as obvious as it was on Windows 2008 R2, highlighted below.
I’m sure there is an oxymoron in there if you look hard enough!! If you want to just drive the GUI to install the Desktop Experience feature through Server Manager you have to expand the User Interfaces and Infrastructure feature and select the Desktop Experience component. So yes, it’s a little bit more hidden but you don’t have to be Indiana Jones to discover it..
This is shown in the screenshot below:
So that’s all nice, but what if we did not know that the Desktop Experience feature was located in that area? PowerShell to the rescue!!!!
Probably my favourite installation features in Windows Server 2012 are the Get-WindowsFeature and Install-WindowsFeature cmdlets.
What makes these cmdlets even more powerful, is that they accept wildcards as input. So in our case we can look for something called *Desktop*
Get-WindowsFeature *Desktop*
That’s pretty neat, and we can then see exactly where the Desktop Experience feature is located. The same goes for the GUI options that are present in Windows Server 2012 R2:
We could then install it via Install—WindowsFeature.
So as an example, we could use the following PowerShell oneliner to install Desktop Experience:
Install-WindowsFeature Desktop-Experience
For those folks out there who used the Windows 2008 R2 cmdlets, you will have noted that I specified Install-WindowsComponents above and not Add-WindowsFeature.
This is because the cmdlet is Install-WindowsFeatures and Add-WindowsFeature is an alias to Install-WindowsFeature. We can see this with the Get-Alias cmdlet:
Using wildcards is neat, and can make administration quicker and faster. What makes this even more efficient is that Windows 2012 now has a ComputerName parameter so we can directly query a remote machine. Additionally we do not have to manually import the ServerManager module in Windows 2012 either. In the example below DC-1 is the local machine which then queries a remote computer called Server-1:
PowerShell is not installed by default onto a Windows 2008 R2 core installation. Most customers will install it unattended or manually since the addition of PowerShell was a great new Feature in Windows 2008 R2. One of the machines that was previously upgraded did not have PowerShell enabled on 2008 R2 and after the upgrade to Windows 2012 it was still not fully enabled.
OCLIST on 2008 R2 will show us the initial state, prior to upgrading
On Windows 2008 R2 the Sconfig tool was one way that PowerShell could have been enabled.
I noted that a clean 2008 R2 Core VM when upgraded to 2012 was not able to run PowerShell as the feature was not present.
Checking the installed components locally with DISM showed
Dism.exe /Online /Get-Features
Checking the installed components remotely shows that the PowerShellRoot is installed, but PowerShell itself is not installed.
To Check remotely from PowerShell we can use a separate machine, and we specify the –ComputerName parameter with the name of Server-10 which is the name of the upgraded 2008 R2 core machine.
Compare this to the below (a server with the GUI installed) and note that PowerShell is installed on the example below but not on the upgraded server shown above.
Since PowerShell is not installed we cannot use Add-WindowsFeature to install It locally, since it’s chicken and egg time….
DISM is still present so we can enable the feature using it:
DISM.exe /Online /Enable-Feature /FeatureName:MicrosoftWindowsPowerShell
Alternatively we could have used a remote Server 2012 machine, and specified the upgraded box using –ComputerName and installed PowerShell that way. This is shown below along with the –Restart parameter which automatically restarts the machine if required:
Logging off and back on to re-spawn the cmd prompt then allowed PowerShell to be launched.
One little cmdlet, but it’s so very powerful. You could change the above syntax to suit your requirements. PowerShell will show you the name of the feature, and now you can add it remotely and also restart the target machine when the installation is complete. As Bill & Ted would say – Excellent!! **
** PS – Looks like a third film is planned. Hopefully this will be better than the proposed Highlander reboot……
After seeing several posts and some folks discussing whether or not Exchange supports the Hyper-V Replica feature I thought it would be prudent to address the following:
For some background reading on Hyper-V and the Replica feature; the component poster and downloadable documents can be found in this post. In short the Hyper-V Replica feature tracks changes to the specified VHDs, then ships these changes to keep a copy of the virtual machine synchronised on a second host. Windows Server 2012 R2 will enhance this further. The diagram below from the replica whitepaper shows a 20,000 foot view.
In short, Exchange does not support the Hyper-V Replica feature. Exchange has a long history of supporting virtualisation from Exchange 2003 onwards. It is fully supported to install Exchange 2007, 2010 or 2013 as a virtual machine on Hyper-V, but using the Hyper-V replica feature is not supported.
The Exchange 2010 virtualization support requirements and Exchange 2013 virtualization requirements pages are rather detailed in what must and must not be done on an Exchange virtual machine or hypervisor. If what you want to do is not listed, then that should set an alarm bell off….
The Exchange virtualization support statement has never listed Hyper-V replica, though some of the Hyper-V content has alluded to running Exchange as a replicated VM. Some workloads have announced support for Hyper-V replica, which includes:
Jeff Mealiffe delivered a great session on Exchange & Virtualization at TechEd. You can find this session here, and a list of all of the other Exchange sessions here.
In his session Jeff highlighted what was supported and what was not supported. Here is his slide for Hyper-V replica.
Exchange has specific supportability requirements, and additional virtualization specific stipulations. Please see the system requirements page for the appropriate version. You can find them at the bottom of this post. The Server Virtualization Validation Program (SVVP) should also be consulted to ensure that the hypervisor is supported under SVVP.
So until the Exchange Product Group folks have signed off and stated that Hyper-V Replica is supported, please do not leverage it for Exchange VMs.
The Exchange Team released the first Update Rollup for Exchange 2010 SP3. Exchange 2010 SP3 RU1 is available for download from the download centre as update 2803727.
This is build 14.03.0146.000 of Exchange 2010. Article 2803727 has the full details for this release.
Probably the two biggest changes that we have been waiting on are:
2814847 Rapid growth in transaction logs, CPU use, and memory consumption in Exchange Server 2010 when a user syncs a mailbox by using an iOS 6.1 or 6.1.1-based device
2822208 Unable to soft delete some messages after installing Exchange 2010 SP2 RU6 or SP3
You can find a previous blog about the soft delete issue here.
In addition to this, there is a fix for the move mailbox issue in Exchange 2010 SP2 RU3+
“Post-move cleanup failed. The operation will try again in 30 seconds”
2763065 Move request log is logged when you move a mailbox in an Exchange Server 2010 SP2 environment
Exchange 2010 DAG AllowCrossSiteRPCClientAccess Reverts to False is resolved in SP3 RU1.
2561346 Mailbox storage limit error when a delegate uses the manager's mailbox to send an email message in an Exchange Server 2010 environment
2729954 Can't send voice message to a selected non-primary email address in an Exchange Server 2010 environment
2750846 Information Store service crashes when you mount public folder databases on an Exchange Server 2010 server
2751628 Event ID 9682 does not record the folder name when you delete a public folder in an Exchange Server 2010 environment
2756460 You cannot open a mailbox that is located in a different site by using Outlook Anywhere in an Exchange Server 2010 environment
2777742 Address Book service crashes on an Exchange Server 2010 Client Access server when a server has been running for 25 days or more
2781488 RPC_S_SERVER_UNAVAILABLE (0x6BA) error code when you use a MAPI or CDO-based application in an Exchange Server 2010 environment
2782683 Email message that a user sends by using the "Send As" or "Send On Behalf" permission is saved only in the Sent Items folder of the sender in an Exchange Server 2010 environment
2784210 Ethical wall does not function as expected when the ReportToOriginatorEnabled property is disabled in an Exchange Server 2003 and Exchange Server 2010 coexistence environment
2793348 Read receipt is sent unexpectedly when you view an email message by using Outlook Web App
2796490 Microsoft Exchange Information Store service crashes on an Exchange Server 2010 Mailbox server
2802569 Mailbox synchronization fails on an Exchange ActiveSync device in an Exchange Server 2010 environment
2806602 EdgeTransport.exe process crashes on an Exchange Server 2010 Hub Transport server
2814723 Server loses network connectivity and UDP ports are used up on an Exchange Server 2010 server
2816934 Error code 0X800CCC13 when an additional POP3 or IMAP account is used to send an email message and Outlook online mode is used to connect to an Exchange Server 2010 environment
2817140 Exchange Replication service crashes intermittently in an Exchange Server 2010 environment
2817852 Cyrillic characters are displayed as question marks in the "To" field of message items in the Sent Items folder in an Exchange 2010 environment
2818456 Attachments are missing from an embedded message in an Exchange Server 2010 SP2 environment
2826066 VSAPI-based antivirus software causes delayed response in an Exchange Server 2010 environment
2827037 Copy of an item is created in the Version subfolder in an Exchange Server 2010 environment
2833888 No items are displayed in Outlook after you install Exchange Server 2010 SP3 or Update Rollup 6 for Exchange Server 2010 SP2
2840099 ArgumentOutOfRangeException exception when an EWS application creates a new MIME email in an Exchange Server 2010 environment
This may, or may not be an issue depending on the language used for your Windows Server 2012 installation.
You cannot install or uninstall Update Rollup 1 for Exchange Server 2010 SP3 on a computer that is running the double-byte character set (DBCS) version of Windows Server 2012 if the language preference for non-Unicode programs is set to the default language. To work around this issue, you must first change this setting. To do this, follow these steps:
After you successfully install or uninstall Update Rollup 1, revert this language setting, as appropriate.
The Exchange Team are aware of this and will look to correct this in a future update.
Now, before we rush off to download and install this there are a couple of items to mention!
The updated version of Windows 2012’s Hyper-V Architecture component poster is now available for download which is pretty neat!
As an added bonus, there are companion references for Hyper-V Replica, Hyper-V Storage, VM Mobility and Networking.
The Windows Server 2008 R2 SP1 Hyper-V poster is available here if you want to round out your collection
Edit 30-5-2013: Exchange 2010 SP3 RU1 has been released to address this issue. Details and download are here.
Quick heads up on an issue from Exchange 2010 SP2 RU6 and that is also in Exchange 2010 SP3. After installing either of these updates, users may report that they are unable to delete certain items when in online mode.
This issue does not surface when running Outlook in cached mode.
Workaround 1: Hard delete the message instead of soft deleting. To hard delete email using Microsoft Outlook, select the message and then press SHIFT+DELETE to delete it.
Workaround 2: Use cached mode for Outlook. When using the cached mode of Outlook, the message can be soft deleted.
Please see KB 2822208 for details and updates on this issue. In addition the community is active in the TechNet forums which can also be followed to stay up to date.
Exchange 2010 introduced the concept of Datacentre Activation Coordination (DAC). DAC is a property found on a Database Availability Group (DAG). It still remains slightly mysterious to some folks out in the field, so its certainly worth bringing it back up for discussion.
Tim McMichael’s famous paper plate demo with lots of willing participants was one of my MCM 2010 highlights!
Typically we see the following questions around DAC:
NO. You must explicitly enable it in Exchange Management Shell
Set-DatabaseAvailabilityGroup -Identity DAG-01 -DatacenterActivationMode DagOnly
Set-DatabaseAvailabilityGroup -Identity DAG-01 –DatacenterActivationMode Off
TechNet has a good write up on DAC. DAC mode is designed to prevent split brain from occurring by including a protocol called Datacenter Activation Coordination Protocol (DACP). Why is this needed? Let’s go back in history for a quick story.
I used to have an Exchange 2007 CCR cluster in Toronto and a SCR node in Vancouver. When the power failed (as it often did) in Toronto, we would activate the SCR node and get service restored. That was all good, but when the power came back up in Toronto the CCR cluster had quorum, and since the cluster service was responsible for mounting databases, the databases were mounted. The network team would need to do their magic on the WAN, but that was not always quick. Spot the problem there? I have one instance of DB1 mounted and running in Toronto and another instance of DB1 mounted and running in Vancouver! There is no network access between sites, and AD cannot replicate with the changes. Holy database divergence Batman!! Since the DBs had diverged, say hello to all databases being reseeded over the WAN back to Toronto. I used to work around this by setting the BIOS on the physical Exchange boxes not to power on after power loss, and there were copious stickers instructing the NOC not to power on without permission. When it came time to power on, servers were started one at a time and the cluster service was stopped to prevent the databases from mounting. Pretty ugly. Pretty manual.
If only we had something else that was smarter than the cluster service and was aware of such a situation…
That’s where DAC comes in. Think of DAC as application level quorum, over and above what is present in the Windows failover cluster service.
DAC is designed to prevent databases mounting is such a situation. Even if some servers have obtained quorum at the Windows cluster level they are still not allowed to mount databases. Remember that Exchange 2010 does not install Exchange specific resources into the cluster, and Exchange itself is responsible for database failover and mounting. This is why Active Manager was added. But don't go looking for a Windows service called Active Manager, all of this code runs within the Replication Service. DAC makes Active Manager store a bit in memory (you can’t see it so don't go looking) and when the server starts up the bit is set to zero. Databases can only be mounted if the bit is set to one. How does the bit get set to one? Either that server:
A database can only be mounted on the server if the bit is set to 1. Tim describes this as the “Mummy, may I ?” bit. In other words, Active Manager starts up and seeks permission before it blindly mounts databases.
Taking our Toronto / Vancouver scenario into the Exchange 2010 world we would have a DAG that spans two Active Directory sites (no more LCR/CCR/SCR complexity). There would be two Mailbox servers in Toronto and a third in the Vancouver site. We must manually enable DAC.
When the Toronto side went down we would perform the necessary manual steps to activate the Vancouver DR infrastructure. And when the power came back in Toronto we see a difference. The servers could start up and if they could form a cluster with quorum, the cluster service would be up and running. Because the DACP bit is set to 0 on start-up and the Toronto servers cannot get over the WAN to a Vancouver server with the DACP bit set to 1, the Toronto servers cannot change their bit to 1. Since the Toronto servers have a DACP bit of 0, they are unable to mount databases even if the cluster service has quorum.
When the WAN comes back, the servers can then communicate and the Toronto server’s DACP bit will go to 1. They can then mount databases. However the Toronto database copies need to get synchronised with the changes written to the log stream in Vancouver. If all the necessary log files are present the databases will update and the full reseed operation is prevented. Also note there is none of that nasty database divergence stuff!
DAC also simplifies the process of restoring service into the DR data centre. See the section at the bottom for more details on this.
At this point the value of DAC can be seen, and this is how it was with Exchange 2010 RTM - DAC was only supported with 3+ member DAGs in multiple AD sites.
Exchange 2010 SP1 added more high availability features, and extended DAC so that it supports a DAG in a single data center. This is buried in the New High Availability and Site Resilience Functionality in Exchange 2010 SP1 article.
In Exchange 2010 SP1, DAC mode has been extended to support two-member DAGs that have each member in a separate data center. DAC mode support for two-member DAGs uses the witness server to provide additional arbitration. In addition, DAC mode has been extended to support DAGs that have all members deployed in a single Active Directory site, including single Active Directory sites that have been extended to multiple locations.
In addition to the datacentre resilience aspects there is also another benefit with DAC. If DAC is not enabled then we need to kick it old school and use failover cluster techniques to manage service restoration. If DAC is enabled we do not have to do this, and we can control all of the work from the native Exchange management shell.
For details on DAC and Data Centre activation please see:
TechNet - Datacenter Switchovers Tim’s Datacenter Switchover Tool on the Exchange team blog Tim's blog
TechNet - Datacenter Switchovers
Tim’s Datacenter Switchover Tool on the Exchange team blog
Tim's blog
If it wasn’t enough to be spoiled with the Exchange 2013 RTM help files being made available yesterday, now you can hit up TechNet and download the actual product.
How neat is that?
If you are reading this, why are you still here?? Go get downloading now……
7N7TNKBM5WEH
This is an article written by Frank Plawetzki, a Senior PFE from Deutschland, and originally published on Opsvault.
Throughout the last weeks I have seen two different issues that prevented Outlook clients from downloading the OAB (Offline Address Book). One affected public-folder based OAB distribution and the other affected web-based distribution.
I want to provide some hints on things that need to be checked in order to follow the OAB generation and publishing process from the server to the client. While checking this list, the administrator can be sure that the OAB has been generated successfully and check if it has been published at the place where the Outlook client is expecting to find it.
At the end of this post, I will give a recommendation regarding the best way in my opinion for rolling out a new OAB to your whole user base, in case you face a situation where a full OAB download for all Outlook clients is necessary.
But let’s start with the OAB generation and publishing process.
In case you want to start with a detailed understanding of the process, Dave Goldman has provided a detailed guidance on the client-server interaction when downloading an OAB in his post Understanding why error code 0X8004010F is thrown when trying to download an OAB. While this info is great technical background, in this post I want to shed some light on the publishing of the OAB through Public Folders and through Web-based distribution, especially on where to look first.
It is important to note, that I am concentrating on a domain joined Outlook client. In case your client is not member of a domain, please see this article: Troubleshooting Error 0x8004010F When Outlook 2007 Clients Download OAB.
So how does this work? When you create a new OAB, you must at least specify the following attributes:
In order to work through the process, you need to check a few first things first, as follows.
From the properties of the OAB you can check which server is the generating server: in the EMC (Exchange Management Console) this property is called “Generating server”; in the EMS (Exchange Management Shell) you need to look for the “server” attribute.
Then you need to check the application event log for entries of source “MSExchangeSA” and category “OAL Generator”, so events like this one
In order to have the system log these events it is a best practice to have event logging level increased for this category on a permanent basis, because you might be missing important events otherwise in case OAB creation fails.
The flow of events will also show which version of the OAB has been successfully created and which have failed. In the case below OABv4 has been created successfully.
So at the end of the OAB generation process there should be a success event like the one above for every OAB version you generated.
After OAB generation has finished, the mailbox server publishes the OAB to the public folder database its private store is pointing to and / or is saving the OAB on the local disk, in order to enable the Client Access Servers (CAS) to pull it from there for the web-based distribution method.
We continue on the mailbox server that created the OAB. Just enter the server name into explorer and you will see the share with the local files:
After entering the ExchangeOAB directory, you see the GUIDs of the OABs and creation time stamps:
It is important to note that you can double-check this GUID for Outlook 2007 and older clients since they are using the web-based distribution method of the OAB. When you check the “Test E – Mail Autoconfiguration” in Outlook 2007 / 2010 and check on which URL the Outlook client is looking for the OAB, you will see which CAS server Outlook will query and also which OAB GUID it will be looking for on the CAS file share.
The CAS itself will use the “Microsoft Exchange File Distribution” service to pull the OAB from the mailbox server and will save the OAB in the path mentioned here:
If you generate a new OAB for troubleshooting purposes and it has been generated on the mailbox server, but is not available on the CAS, you can use the CommandLet “Update-FileDistributionService –Identity <server name> –Type OAB”, in order to force re-distribution of the OAB files.
So, in the end, as soon as Autodiscover is able to provide the OAB URL to the client and the OAB file is present to the CAS, the Outlook client should be able to pull the OAB via a HTTP-request and then using its own BITS service to copy it over to the client.
A nice method for testing if the client is able to reach the OAB-URL is using the URL you get back from Autodiscover
and adding /OAB.XML while trying access with a browser which should bring up something like this:
Now let’s check the other OAB publishing method.
One of the most important events will tell you that the generation process has published the OAB to the public store. This event will also tell you the OAB GUID and, even more important, the OAB sequence number (1 in this case):
The mailbox server will use the public store it is pointing to for publishing the OAB. From there public folder replication will kick in and take care of replicating the OAB files to all public stores specified as replicas.
So you need to consider an additional delay here until a certain folders has been fully replicated to all public folder replicas.
A very useful tool at this point is MFCMAPI, which you can use to open the OAB folder within a certain public folder and check if the OAB files you want to see are present and in good shape.
In my example, it would be this folder:
By double-clicking this folder, you can see the OAB items it contains.
You can see the sequence number (“1”) in the end of the subject and when it was received (in my example I took the screenshot at a later date). The file in the screenshot is the full OAB file. When the OAB generation processes run over several days, you will also see the delta / differential OAB files.
In any case, the OAB files in this folder will have a continuous order of sequence numbers. So you can check very easily on which day which sequence number OAB file has been created.
Another very important property is the “size” of this OAB file item in that folder. The OAB file is compressed and will be downloaded by the client in a compressed format and the client will extract the OAB file afterwards. So the compressed file size should be meaningful and match your (compressed) GAL size.
I am stressing this point, since this was the root cause of the first case I was working on when public folder based OAB distribution failed. In that case OAB download failed with Outlook error 0x8004011B aka MAPI_E_CORRUPT_DATA. The root cause was that the 3rd party Antivirus solution at this customer replaced the data.oab file in transport (the HUB-Server sending the public folder replication message) with a text file. Certainly Outlook could not download this text file. The updated “text” data.oab was then replicated out by the public folder replication, since the file was newer than the original created data.oab.
So make sure to also check the file size of the relevant objects in that folder.
It might happen that a full OAB download needs to be done by clients. During normal operations this will not occur, since modern clients will use the optimized OABv4 which only results in very seldom download of small delta files.
In cases where your OAB is corrupt and needs to be replaced with a new OAB, all Outlook clients in your organization will initiate a full download. This will happen in cases the clients find a new OAB with a sequence number not matching what they used to download in the past.
For more information on OAB improvements and full downloads see: Improvements for Offline Address Books, which recommends using the “OAB Bandwidth Threshold (KBps)” registry key in order to control the bandwidth an Exchange server can use to distribute an OAB. Please note that this is registry key is only valid for Public Folder based distribution of the OAB.
In many environments it can be challenging to find an appropriate setting for this key, since usually the network links in a corporate environment differ widely between the branch offices and the main office. In case you want to throttle Web-based distribution of the OAB you might want to think about OAB pre-staging or check the work that went into Exchange Server 2010 SP2 RU1, see the article It Takes a Long Time….
So, the methods above at a minimum require a lot of additional work, but there is a more straightforward option to help solve this problem:
In my experience the more elegant solution is to use the per database msExchUseOAB attribute. In other words, when you need to create a new OAB, you can select a single mailbox database and equip the users in that database with the new OAB by setting the “OfflineAddressBook” attribute:
You can use Performance Counters like “MSExchangeIS\OAB: Full Download Attempts” to check when the “download wave” for the first mailbox database is over and then step-by-step equip the other mailboxes databases with the new OAB one by one. After each step you wait until the download wave is over in order not to overload the network.
(Article by Frank Plawetzki, Senior Premier Field Engineer)
Frank Plawetzki posted a great article on issues that can affect how clients retrieve their Offline Address Book (OAB). This has also been the source of some recent work for myself, though with slightly different root causes. The issues that I have encountered were due to:
Update 4-3-2014: Added link to KB 975341 How to configure Exchange to redirect OWA HTTP requests to HTTPS requests in IIS 7
OAB by default uses HTTP rather than HTTPS. This is because the web OAB download mechanism uses BITS, and BITS does not support self signed certificates. Thus to ensure a working initial configuration with the default self signed Exchange certificate, HTTP is used. Once the correct certificate is installed, with all the URLs as per your CAS namespace design, then the URL can be changed to HTTPS.
This is important as sometimes certificate issues can block the HTTPS connection to CAS. To bypass this, the client can connect to CAS by using HTTP thus eliminating SSL. If the OAB download then works, then the issue is most likely with the certificate. How do we get the client to connect with HTTP? Either the OAB download location can be changed in EMS to HTTP with the command below or an AutoDiscover tweak can be used.
Set-OABVirtualDirectory –InternalURL “http://Exch-1.tailspintoys.com/OAB”
Though if this is not permissible due to change control etc. then it is possible to override the connection on an individual workstation. Since AutoDiscover is responsible for handing the URLs to the client, all we have to do is to override AutoDisover results from the server by specifying a local AutoDiscover XML file as specified in the bonus tips of this blog entry.
It should also be noted, and as shown in Frank’s blog, Internet Explorer should typically be used as the browser when making test connections to Exchange. This is because IE will use the same certificate infrastructure as Outlook, where other browsers maintain their own certificate stores. That said, if you suspect that there is an issue with the IE certificate components then it would be a good test to use a different browser to see if the behaviour persists.
Traditionally Exchange administrators have configured redirects on Outlook Web App so that users who do not add /Exchange or /OWA to the end of the URL are automatically redirected to the correct URL (with the /Exchange or /OWA appended). The same is also true for some organisations who want to automatically redirect users who do not enter the HTTPS:// prefix and use HTTP, again the URL will be automatically redirected.
This is an established practise with the Exchange community, and the process is documented on TechNet. So what could possibly go wrong? In short, not reading all the instructions, or working from a forum post that has incomplete instructions. In the scenario that I will describe a web.config file is added to the OAB virtual directory and can cause issues. By default no web.config file is present in the OAB directory as can be seen here:
When settings on the OAB virtual directory are changed to disable the redirection which is inherited from the root of the web site for example, a web.config is created to hold the settings. This file does not have the correct ACL set and thus will cause issues for OAB download.
An ACL to allow Authenticated Users to have Read & Execute permissions should be added. Once the ACL is added the OAB will be able to be downloaded. This is documented on the TechNet article, but is not always implemented. Please also review the note at the bottom of the TechNet article with regards to removing the redirection.
Additionally, KB 975341 How to configure Exchange to redirect OWA HTTP requests to HTTPS requests in IIS 7 is also available to discuss how to redirect users.
If you are looking to see the first public presentations on Exchange 2013, then look no further! Channel 9 has recordings from last week’s TechEd Australia.
You can find these great sessions on Exchange 2013:
Still reading this? What’s wrong with you? Go get your geek on!!!!
Please be aware that there is a pending change for the minimum key length for certificates with RSA keys. The private keys used in these certificates can be derived and could allow an attacker to duplicate the certificates and use them fraudulently to spoof content, perform phishing attacks, or perform man-in-the-middle attacks.
The update is available on the Download Center as well as the Microsoft Update Catalog for all supported releases of Microsoft Windows. In addition, Microsoft is planning to release this update through Microsoft Update in October, 2012 after customers have a chance to assess the impact of this update and take necessary actions to use certificates with RSA keys greater than or equal to 1024 bits in length in their enterprise.
Recommendation: Microsoft recommends that customers download the update and assess the impact of blocking certificates with RSA keys less than 1024 bits in length before applying the update to their enterprise. Please see the Suggested Actions section of in the advisory for more information.
This update will impact HTTPS web services which have a RSA key length of less than 1024 bits. Examples will include Outlook, Exchange web services and web browsers. This article discusses the impact of KB2661254 to Internet Explorer.
Known issues with this security update, after the update is applied:
There are four main methods for discovering if RSA certificates with keys less than 1024 bits are in use:
To quickly check a single certificate the Public Key attribute can be inspected using the Certificates MMC snap-in as shown below. If you need steps to open the Certificates MMC please read this.
This certificate is OK as it has a 2048 bit key.
For more details on the additional methods to check and information on resolutions please read the full Security Advisory for this update.
Rhoderick.
Since the System Centre Operations Manager (SCOM) Management Pack (MP) for Exchange 2010 has been re-released to the Microsoft download center, I thought that it would be worth bubbling this up. The previous post can be found here on the blog.
This is build 14.03.0038.004 of the MP, and is dated August 31st 2012.
The Microsoft Exchange Server 2010 Management Pack includes a complete health model, extensive protocol synthetic transaction coverage, and a full complement of diagnostics-based alerts and service-oriented reporting, including mail flow statistics. Alerts are classified by impact and recovery action, and are now processed by a new component called the Correlation Engine. The Correlation Engine suppresses duplicate alerts whenever possible to help front-line monitoring technicians monitor Exchange more efficiently. Most diagnostic information used in the Exchange 2010 Management Pack, including events and performance counters, is specifically engineered for monitoring. Very little tuning is required to monitor your Exchange organization. The Exchange 2010 Management Pack will scale with your environment.
To make a change from the way that a Monday typically starts, Rajesh Jha (Corporate Vice President, Exchange) posted a great overview on Exchange 2013’s features.
This is published on the Exchange team blog.
Here are some of the great benefits you get with the next release of Exchange:
Exchange can now support up to 8TB disks, by reducing database IOPS by +50% and optimizing for multiple databases per volume to increase aggregate disk utilization while maintaining reasonable database sizes. Ever growing memory capacity is used to improve search query performance and reduce IOPS. All this allows you and your end users to have larger mailboxes at lower costs.
DAG management is simplified via automatic DAG network configuration, enhancements to DAG management cmdlets, support for multiple databases per disk, and enhancements to lagged copies. Auto-recovery capabilities – inherently built into DAGs – are now extended to the rest of Exchange and all protocols. Client-initiated, automatic recovery allows you to reduce recovery time for site failures from hours to under a minute.
Decrease the amount of time spent managing your system while maintaining control
Exchange now provides a single, easy-to-use, Web-based administration interface – the Exchange Administration Center (EAC). Role based access control (RBAC) empowers your helpdesk and specialist users to perform specific tasks which are surfaced appropriately in the EAC – without requiring full administrative permissions. This streamlined and intuitive experience helps you manage Exchange efficiently, delegate tasks, and focus on driving your business forward.
Go and check it out for more details!
TechEd 2012 North America is almost here, and Twitter will be a great resource to stay atop of all of the great news and announcements.
You can find a list of TechEd Twitter hashtags and also see the official hashtag ttp://www.hashtags.org/msTechEd
Official TechEd 2012 Twitter account: @TechEd_NA
Related hashtag: #msTechEd
Official Windows Azure Twitter account: @WindowsAzure
Related hashtags: #Windows #Azure
Official Windows Server Twitter account: @windowsserver
Related hashtag: #winserv
Official System Center Twitter account: @system_center
Related hashtag: #sysctr
Official Cloud Twitter accounts: @msservercloud, @mscloud
Related hashtag: #msftprivatecloud
Official SQL Server Twitter account: @SQLServer
Related hashtags: #SQLServer, #SQL2012
Official myITforum Twitter account: @myITforum
TheKrewe’s official Twitter account: @TheKrewe
You can also watch the live stream from the Keynote and some of the other popular sessions.
Looking for some interesting bedtime reading? Want to pick through the new and exciting features in Exchange server 2013?
Well then this should be something you want to scoot off and download – The Exchange 2013 RTM build of the standalone help file.
Note that there are two downloads, one for hybrid configurations and the other for on-premises installations.
I’d start with the what's new, what’s discontinued and the release notes for Exchange 2013. When you review the release notes there are some important items to consider. For example:
I have to mention the release notes, as there is always important information in there and everyone always reads them, right?
Last Tuesday was December’s Patch Tuesday, it also featured the re-release of Exchange 2010 SP2 RU5 as the V2 of the update. As a result Exchange administrators have been busy updating servers and installing patches.
If you read no further, remember only this – do not install Windows Management Framework 3.0 onto Exchange 2010 SP2 or Exchange 2007 servers!
Update 28-2-2014: The system requirements for Windows Management Framework 3.0 remain the same, and Exchange 2007 and 2010 are not listed. Windows Management Framework 4.0 is now supported with the release of Exchange 2010 SP3 RU5, and Exchange 2013 SP1. For reference the text is here:
There have now been a few occurrences in the TechNet Exchange 2010 forums where people have just selected all the available updates from Microsoft Update and hit install. This has caused a bit of an issue and is also on the Exchange Team blog. Why you may ask? Well the latest build of PowerShell, version 3.0, is now available as an optional download and is not currently supported with Exchange 2010 SP2. Well it’s also not supported with Exchange 2007 either, but since I’ve been seeing this in the Exchange 2010 forums let’s focus on that.
While I do not want to dive into additional issues around patch management, and the fact that patch management is a required IT process, the main item I wanted to address in this post is around the fact that some organisations installed this update simply because it was there in the update screen with a particular status. In an Exchange Risk Assessment interview this would lead to additional questions around testing and validating patches in a separate test lab.
We will look at Microsoft Update and also Windows Server Update Services (WSUS).
One justification posted on the forums for installing update 2506143 is that WSUS showed the update with a status of “important”, and because of that it was installed. Please note that a WSUS administrator must have manually approved the update for installation, or created an auto–approval rule, and if this is the case then this need to be reviewed within your organisation as all updates that are to be installed onto servers must be carefully reviewed. This is not an update that should have been approved for any Exchange 2007 or Exchange 2010 SP2 server!
Let’s look to see:
This shows Microsoft Update running on an Exchange 2010 SP2 RU3 server on Windows 2008 R2 SP1. There are 11 important updates and 3 optional updates.
We can determine if MU or WSUS was checked by looking along the bottom of the screen.
Inspecting the optional updates shows no Windows Management Framework 3.0
Why is this you say? Well on the Windows Management Framework 3.0 download page there are certain prerequisites, namely .NET 4.0 Framework. This test lab has .NET 3.51 Framework installed and not 4.0, so Microsoft Update did not offer up the Windows Management Framework 3.0 update. After installing .NET 4.0 from http://go.microsoft.com/fwlink/?LinkID=212547 let’s retest!
After Installing .Net 4.0 Framework additional patches now show up from Microsoft Update. There are now 18 important updates and 7 optional updates.
Inspecting the optional updates shows the below, where the Windows Management Framework 3.0 is now offered for installation:
Please note that this is an optional update, and without even clicking onto the link to get more information we see in the brief summary on the right hand side that this contains updates to WMI, PowerShell along with other bits of plumbing.
What if you are installing updates from WSUS? While the same prerequisites, namely the .NET Framework 4.0, apply to an install of Windows Management Framework 3.0 from WSUS the user interface will vary slightly. In this example I created a test WSUS group and approved update 2506143 for installation to the same Exchange 2010 server as shown above. Note that there the important update category and no “Optional Updates”.
Clicking into the available updates, we see the Windows Management Framework 3.0 update that was approved for installation via WSUS.
So what’s going on here? Why is this now “important” all of a sudden via WSUS and not optional? Well WSUS does not display an option in the GUI to use the optional category and most people do not go further than that. It is worthwhile again pointing out that WSUS will ONLY offer updates that the WSUS administrator has manually approved or created a WSUS auto-approval rule. This shows the Windows Server 2012 WSUS console approving an update, note there is no optional selection.
WSUS does actually support an option to approve an update as “optional”. How is this possible?
MSDN documents the API in “How to Approve Updates for Optional Install”.
I’m a simple cable plugger and the code sample there is a wee bit gnarly for me, so how can we proceed? Well I know PowerShell, and PowerShell can directly load .NET classes – so let’s use PowerShell to fix this – huraaah! A quick search on Bing using the optional approval method and the phrase “Scripting Guy” (as they always have great examples) led to this cool post.
In the introduction and subsequent Scripting Guy blog posts they show how to connect PowerShell to the WSUS server, select the update[s] in question and then flag them for optional approval status. One thing that I noted in the example code was that they run WSUS on port 80 TCP whereas I run on 8530 TCP and could not connect using those instructions. The following code works when running locally on the WSUS server:
# Load up the required .NET assembly [reflection.assembly]::LoadWithPartialName("Microsoft.UpdateServices.Administration")
# Connect to the local WSUS instance $Wsus = [Microsoft.UpdateServices.Administration.AdminProxy]::getUpdateServer()
Moving on to actually setting the update as an optional approval. First we need to know the update in question. The full title of the Windows 2008 R2 update in WSUS is:
Windows Management Framework 3.0 for Windows Server 2008 R2 for x64-based Systems (KB2506143)
To Search for this in WSUS run:
$Wsus.SearchUpdates('Windows Management Framework 3.0 for Windows Server 2008 R2 for x64-based Systems (KB2506143)')
(Note that the PowerShell commands may wrap but are a single line)
This can then be saved into a variable called $Update
$Update = $wsus.SearchUpdates('Windows Management Framework 3.0 for Windows Server 2008 R2 for x64-based Systems (KB2506143)')
We need to specify to which group the update is to be approved. All groups can be retrieved by running
$wsus.GetComputerTargetGroups()
In my lab this is the group called “PowerShell-3” and was saved into the variable called $Group”
$Group =$wsus.GetComputerTargetGroups() | where {$_.Name -eq "powerShell-3"}
Finally let’s approve the update for this group:
$Update[0].ApproveForOptionalInstall($Group)
Note that we are specifying the first element in the array, as this is what the method expects. In my example there is only a single element in the array which is stored in the first available location. Numbering starts at zero in case you had not figured that part out .
After all of our hard work, lets go back and check what the Exchange server now sees. Previously there were 22 important updates, now there are still a total of 22 updates but the breakdown is different. There is one optional update and 21 important ones!
What update is optional?
It’s the one that we marked as optional!
Patch management and testing remains a critical aspect of managing and maintaining any IT system, and in the above example we saw how the default WSUS approval process can be enhanced to flag updates as “optional” within the corporate WSUS environment.
At a recent engagement a customer wanted to quickly scan through multiple servers to easily determine which services were set to log on as non-standard accounts, i.e. ones like network service, and local service were OK, but which ones were using an Active Directory logon for example? They also wanted to search specific portions of the AD, so logic was added to start searching a collection of computers from a given OU.
We took the opportunity to quickly knock up a PowerShell script to leverage the Windows 2008 R2 AD cmdlets in combination with WMI to show which services on multiple computers were using specific credentials. Please find the script attached to this blog post.
While the Get-Service cmdlet is able to query services on remote machines using the -ComputerName parameter it is not able to interrogate the Log On As information for a service. WMI is able to do this, and by using the Get-WMIObject cmdlet it was simple to query for the desired logon information.
Note that the OU path is set in the script, and unless you work for TailspinToys.com you will have to edit the OU path to reflect the correct structure.
Update 15-7-2014: The script was previously stored on the blog, but since a recent blog upgrade has blocked adding/editing attached files the script has been moved to the TechNet gallery:
EDIT 8-2-2013: A new update KB 2744129 has superseded the original KB 2526776
Please note that this new update now applies to Hyper-V 2008 and 2008 R2 -- the original was only for R2.
If you are testing out Windows 8 as a VM which is hosted on a Windows 2008 or 2008 R2 Hyper-V server, then you will need to install the following update.
An update that enables the Windows Developer Preview or Windows Server Developer Preview to be hosted in a Hyper-V virtual machine on Windows Server 2008 R2
You cannot run a Windows 8-based or Windows Server 2012-based virtual machine in Windows Server 2008 or in Windows Server 2008 R2
The issue occurs because the Hypervisor does not handle the one-shot synthetic timer that is also known as an aperiodic timer correctly.
Note that this will require a reboot of the host machine, and if you do not install the patch the host may produce a stop screen, and restart which will impact other running VMs on the host.
Link to the updated Hyper-V poster for 2008 R2 SP1 is here.
This poster provides a visual reference for understanding key Hyper-V technologies in Windows Server 2008 R2 Service Pack 1. It focuses on architecture, snapshots, live migration, virtual networking, storage, RemoteFX and Dynamic Memory. You can use this poster in conjunction with the previously published Windows Server 2008 Hyper-v Component Architecture, Windows Server 2008 and Windows Server 2008 R2 component posters.
This poster has been updated for Windows Server 2008 R2 Service Pack 1 with Dynamic Memory and RemoteFX.
The syntax to install Exchange Cumulative Updates (CU) via the command line is pretty straight forward. However there are some common themes that still pop up in the TechNet forums, cases and customers that I speak with. So I wanted to discuss some of the issues that can and will arise. There are a range of issues in here from:
Update 11-12-2013: Added note back to the TechNet Exchange 2013 unattended documentation
Update 15-10-2014: Added note to not run the shortcut commands. Full syntax should be used to prepare the Schema and AD.
No it is not a cute and fluffy rodent! On this Exchange 2013 RTM CU2 lab machine, the CU3 bits are present on the D:\ drive which is a DVD. The necessary steps to update the AD schema, etc. were already done by the relevant AD team. Well that was me wearing a different hat – the grumpy triangle hat!
We can see the commands executed below:
Note: This article was written in the CU2 timeframe. There are issues running the shortcut commands in the newer Exchange 2013 builds, Please use the full syntax and not the shortcut syntax that is shown below.
setup.exe /PS /IAcceptExchangeServerLicenseTerms setup.exe /PAD /IAcceptExchangeServerLicenseTerms setup.exe /PD /IAcceptExchangeServerLicenseTerms
setup.exe /PS /IAcceptExchangeServerLicenseTerms
setup.exe /PAD /IAcceptExchangeServerLicenseTerms
setup.exe /PD /IAcceptExchangeServerLicenseTerms
So let’s not worry about the Prepare Schema aspects or the permissions required to execute them. We want to focus on a simple server installation.
We shall look at server called F2013-CAS1, which is an Exchange 2013 CAS with CU2 installed. In the DVD drive Exchange 2013 RTM CU3 is loaded. The starting build version, which is CU2, can be seen below:
What are some of the issues that can cause grief when installing ?
There is no setup.com in Exchange 2013. Setup.exe is used for both GUI and command line installations. It’s a habit to get out of. And yes, I frequently autopilot to this!
In an automated Exchange 2010 installation there was a pause to allow the admin the chance to reject the license terms. If the admin did nothing then the license was accepted. In Exchange 2013 the license terms must be explicitly accepted. Using GUI setup we have the ticky box, and in command line setup we use this setup parameter:
/IAcceptExchangeServerLicenseTerms
If this is not entered on a command line task, then the task will fail. You will be the lucky owner of the following error message:
Welcome to Microsoft Exchange Server 2013 Cumulative Update 3 Unattended Setup You need to accept the license terms to install Microsoft Exchange Server 2013. To read the license agreement, visit http://go.microsoft.com/fwlink/p/?LinkId=150127. To accept the license agreement, add the /IAcceptExchangeServerLicenseTerms parameter to the command you're running. For more information, run setup /?
This could also affect an Exchange 2010 installation as well. The issue here is that there are Exchange tools still running on the server when trying to apply the CU. Make sure all other users are logged off, you are the only one connected and the Exchange Management Shell is closed.
Installation should be done from an elevated prompt. DO NOT use the Exchange Management Shell to launch command line Exchange installations. Your installation will fail as PowerShell will still have files open and you will get the following error:
[PS] D:\>.\Setup.exe /Mode:Upgrade /IAcceptExchangeServerLicenseTerms
Welcome to Microsoft Exchange Server 2013 Cumulative Update 3 Unattended Setup Copying Files... File copy complete. Setup will now collect additional information needed for installation. Languages Client Access role: Front End Transport service Management tools Client Access role: Client Access Front End service
Performing Microsoft Exchange Server Prerequisite Check
Configuring Prerequisites COMPLETED Prerequisite Analysis FAILED Setup can't continue with the upgrade because the powershell (4484) has open files. Close the process, and then restart Setup. For more information, visit: http://technet.microsoft.com/libraryEXCHG.150)/ms.exch.setupreadiness.ProcessNeedsToBeClosedOnUpgrade.aspx
The Exchange Server setup operation didn't complete. More details can be found in ExchangeSetup.log located in the < SystemDrive>:\ExchangeSetupLogs folder. [PS] D:\>
If you are interested, use Process Explorer to verify which process running is responsible for the open files.
Ensure that the prompt being used is elevated if UAC is enabled. This ensures that the setup process is launched with the required rights. As with some of the other issues above, this was also an issue with Exchange 2010 installations. Recent Exchange 2010 updates error and say the installation ended prematurely, though some of the earlier Exchange 2010 updates would do some unpleasant things.
Always install from an elevated command Prompt!
Make sure that the server is in a known good state to receive the CU. There should be no pending restart tasks on the server which could be caused by installing other pieces of software. In larger organisations ironically this may not be caused by the Exchange admins, rather other teams that are responsible for managing different aspects of the company. This could be due to installing or updating backup, AV, monitoring, patching, hardware tools or VM add-ons. The other team is happy that their maintenance went OK, but they left a pending file operation that needs a restart but the required restart never occured. The poor Exchange admin either has to get permission to deviate from their prescribed maintenance activity or abort and reschedule for later.
There are several places a restart flag could be squirreled. This is not an exhaustive list:
We saved the best for last! This is one of those “tearing my hair out as I swore that I just installed that CU” but:
There are a few more variants of the angst described above, but let’s discuss the issue rather than go down that rabbit hole further. As we saw in Issue #3, running setup in the Exchange Management Shell (EMS) causes issues so what some admins then do is close EMS and then fire up a standard PowerShell prompt. As discussed in Issue #4 this should be elevated.
In the example below, we can see that this is indeed a standard PowerShell prompt which is elevated. Note that we changed to the root of D:\ which is our Exchange 2013 RTM CU3 installation media. All good so far! We then kick off the CU3 installation process.
setup.exe /Mode:Upgrade /IAcceptExchangeServerLicenseTerms
That looks great! But is it? The answer is no.
If you look very closely at what Exchange has said to us in the very first line we see this
Welcome to Microsoft Exchange Server 2012 Cumulative Update 2 Unattended Setup
Did you spot the issue there? Go back and re-read if not.
You should be thinking what the heck? I Launched CU3 setup, and Exchange is telling me that it’s re-installing CU2??? I already installed CU2, why is it re-installing the old CU?
This is not an Exchange issue, this is a base PowerShell piece of functionality. PowerShell wants to know exactly where the item you are running is located and in this case because you did not specify a local copy of setup.exe using syntax .\Setup.exe then it has gone and searched through the path statement to locate a copy.
Let’s take a simple example to open a text file called File.txt in the C:\Temp folder. Look what happens below when entering only “File.txt” and compare that to “.\File.txt”.
Note the last command completed successfully, it is prefixed by .\
This prefixing happens automatically with tab complete, so you may not have previously noticed this. But when pasting in commands into PowerShell make sure .\ is used to explicitly state what command you are running . If we check the PowerShell help by reviewing the output from:
Get-Help about_Command_precedence
To run a script that is in the current directory, specify the full path, or type a dot (.) to represent the current directory. For example, to run the FindDocs.ps1 file in the current directory, type:
.\FindDocs.ps1
If you do not specify a path, Windows PowerShell uses the following precedence order when it runs commands:
1. Alias 2. Function 3. Cmdlet 4. Native Windows commands
What copy did it find? It found the CU2 Setup.exe that is the Exchange BIN folder. The BIN folder is included in the path which is why we located it. We can see this here.
Get-ChildItem env:path | Fl
C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Microsoft\Exchange Server\V15\bin;C:\Program Files\Microsoft\Exchange Server\V15\Bin\Search\Ceres\Native\
And for giggles, lets use Process Monitor to show which Setup.exe has been used. When .\ is omitted and only setup.exe is entered in PowerShell. we observed Setup.exe being located in the C:\Program Files Folder even though we launched from the D:\ drive.
In this instance we launched using .\Setup.exe from the root of the D:\ Drive
Bit of a difference, no?
The Exchange 2013 Unattended Mode documentation on TechNet does state that a command prompt should be used.
Note that the PowerShell path may be different from the CMD path statement.
How do we fix this? There are two choices:
Successful examples of both are shown below:
This is an addition after the initial post. In the newer builds of Exchange 2013, there are some issues with running commands with the shortcut syntax.
Please ensure that you are using the full syntax to prepare the Schema and AD. If you look at the TechNet documentation the full syntax is used.
I’d love to hear feedback from the field if this is helpful or if you have other questions / comments on the topic!
To recap:
* - (sic)
One of the popular topics lately has revolved around the Hyper-V Did Not Find Virtual Machines To Import error. This issue can arise when we try and import a VM into Windows Server 2012 R2 or 8.1 which was originally exported from Windows Server 2008 or 2008 R2. Such exported VMs from 2008 or 2008 R2 use a .exp file to hold the exported VM's configuration. The issue is discussed in detail in the previous post, but one item that was worth teasing out was how to get the VMs into a state where they can be imported easily into Windows Server 2012 R2 or 8.1 without discarding the old VM configuration.
This is important as chances are there are many people out there with VMs exported from Windows Server 2008 or 2008 R2 that they will want to re-use in the future. Consider the scenario where you have just finished installing 8.1 and you then realise that the old VMs will not import. Do you really want to:
Wipe Windows 8.1 Install Windows 8 Import the VMs Copy off the VM files Wipe Windows 8 Install Windows 8.1 Import VMs
Backing up data, re-installing apps and applying Windows Updates is also likely in the above scenario, but the above list is enough to illustrate the point….
Hopefully the answer is no. So what to do? Well as Travis suggested in a comment we can use the Windows boot to VHD feature to get a parallel install on Windows running where we can perform the intermediate import task. All this this can happen without impacting our main installation of Windows.
In this example we will have a machine running Windows Server 2012 R2. As discussed 2012 R2 and 8.1 cannot import a VM which was exported from Hyper-V 2008 or 2008 R2. We will:
The steps are interchangeable for Windows 8.1 and 8. So feel free to install Windows 8 into the VHD, this walkthrough uses Server 2012 instead.
Before embarking on the below, please make sure you have read and understood all the options at the bottom of the previous post.
The steps in this article are only necessary if you do not have any other Windows 2008 R2, Windows 8 or Server 2012 machines. If you still have one of those machines your legacy (.exp) exported VMs can be imported without having to do the above. Once imported simply copy over the VM folder to Hyper-V 2012 R2 or Windows 8.1
We will create a VHD on the root of the C:\ drive whilst running Server 2012 R2. Note the start menu button to indicate that the below image is from 2012 R2. This VHD will hold the OS for the copy of Windows 2012, and since we install Windows 2012 to the VHD the Server 2012 R2 installation will not be modified! For more details on boot to VHD scenarios check out TechNet.
Open up Computer Management, then navigate to Disk Management. Right Click and select Create VHD.
Note that the VHD must be sufficiently large to hold the new Windows 2012 install with pagefile etc. If you want to copy the VM to import to this partition later then allow additional space. Alternatively leave the VM on a USB disk and attach that once the parallel copy of Windows is up and running.
In the Create and Attach Virtual Hard Disk window specify the options below, though the disk size can be increased as mentioned above.
In this case we shall make a VHD of 60 GB at the root of C:\.
No need to do anything else to the VHD, next we will restart Server 2012 R2, boot off the DVD and install Server 2012 into the VHD just like it was a normal hard disk. Well almost…
Restart the host machine to boot from the Windows 2012 DVD, and click Install now.
Lets select Windows Server 2012 Standard with GUI. Again note this is Server 2012 --- not the R2 build!
Review and accept the license terms.
This will be a custom install since it is a fresh installation of Windows. Remember the intent is not to interfere with the running copy of Server 2012 R2. Also upgrading 2012 R2 to 2012 would be slightly strange…..
Press Shift + F10 to activate the command prompt. This party trick goes back to Windows 2000 days. Prior to that there was the browse for LMHosts file in NT and from the browse window you could run cmd.exe and get a cmd prompt. I digress…
You will need to ensure that you know what drive letter the Win-2012.VHD file is now on. It will not be on C:\ so check the drive letters so you know where it is. Once this is confirmed proceed to the next step. In the example here it is on D:\ but other systems will be different.
In the command prompt we will use Diskpart.exe to mount up the VHD file that was prepared in the Windows Server 2012 R2 environment. Run the following:
Diskpart.exe
Select VDisk=D:\Win-2012.vhd Attach VDisk
Select VDisk=D:\Win-2012.vhd
Attach VDisk
Make sure that the Attach VDisk command was entered, else the disk will not be visible.
Click Refresh, and the VHD will appear. Double check that the size is what we expect, 60 GB to ensure we do not install to the wrong partition, select this disk for the Server 2012 installation and click Next.
Ignore the error stating that “Windows can’t be installed on this drive”. For reference the details are:
Windows 2012 will install and do its thing….
Go get a coffee or Ardbeg depending upon what time it is or your preference…
Once installed, boot to the Windows 2012 installation.
We will need to install the Hyper-V role. Using PowerShell run either:
Add-WindowsFeature Hyper-V –IncludeManagementTools –Restart
Or
If copying files from a Bitlocker encrypted disk, also install the Bitlocker feature run:
Add-WindowsFeature Hyper-V,Bitlocker –IncludeManagementTools –Restart
Hyper-V will be installed, and Windows will restart automatically.
Now we are ready to import the legacy (.exp) VMs into our temporary Server 2012 installation. They do not need to be powered on or anything, this is only to import them.
Here is the Server 2012 install. For confirmation, note there is no start button.
Attach, copy or do whatever is necessary to get your old VM files onto this machine. In the below screenshot we see a VM called AD1HC1 that was copied to the C:\Working folder.
This VM’s directory structure is shown below.
Note the .exp file which indicates that it was exported from Windows Hyper-V 2008 or 2008 R2. Also note there is no XML file for the vm – only config.xml exists.
In the Hyper-V console, right click the server name start the VM import wizard.
Browse to the folder containing the VM, and click Next.
Confirm the VM name, and if correct click Next.
When importing a VM in the newer versions of Hyper-V there are different options to import a VM in place. Since we are using Windows 2012 we have these options. Hyper-V 2008 R2 had different ones.
In this case the files are where I want to use them, so lets use the Register option to suck them up as-is.
Click Next.
The import wizard completes. Click Finish.
The legacy VM is now imported into Hyper-V 2012.
The VM is now imported and is visible in the Hyper-V interface. There is no need to power on, since we just need to use this process to convert the VM to a format that can be imported to Windows 2012 R2 Hyper-V .
The export process in Windows Hyper-V 2012 is pretty much a straight file copy so we can either:
Remember in this example we copied a VM called AD1HC1 to the C:\Working folder. So we need to copy over the contents of this folder to the original Windows 2012 R2 OS.
If your VM files were located on an external USB disk this makes things easy. Once the files are where you need them restart and boot into Windows Server 2012 R2.
Now that we are back into Windows Server 2012 R2 (note the start button is present), we are able to import the converted VM files.
One thing to note, check that there is no .exp file present in the VM folder that you are going to import to Hyper-V 2012 R2. This was discussed in a previous post. You will get an error if this is present.
Fire up the Hyper-V import wizard, and navigate to the folder that contains our converted files. In this case I copied the VMs from C:\ Working to a USB disk that is now mounted as F:\.
Select the VM and click Next.
Confirm the VM name, and click Next.
As before we have the options below when importing, chose as appropriate and click Next.
The wizard completes, and click Finish.
At this point the VM has been successfully imported.
To prove that it works here is the VM running on Windows 2012 R2. Note that the creation date is the 19th of February 2010 and the VM has all of its original configuration.
Job done
Now if you want to keep the Server 2012 install on the VHD that's fine. If you want to remove it, the steps are below.
When done with the import and export work we can easily remove the temporary Windows Server 2012 installation by:
While this is a couple of steps to go through there are a couple of points that are worth noting:
RPC Client Access is the main conduit for Outlook clients communicating to Exchange 2010. So when something happens to it, the impact can be classified as “not good”…..
While Exchange 2010 SP3 RU2 addresses issues with RPC Client Access that may be caused by RPC Client Access threads hanging on a mailbox server that is experiencing issues, there is an additional update that was recently released to resolve an issue with the RPC Client Access Service crashing when running on Windows 2008 R2 SP1.
This update is released as hotfix 2836445 and updates one file:
File this one away just in case you run into it in the future!
Here I was truffling through the TechNet forums, and saw this thread. I thought I’d share a little bit more detail around it, as the error text that is added to the event log entry is a little confusing.
While Exchange 2007 did have some throttling mechanisms, it was Exchange 2010 that really introduced a fully featured throttling framework. This is implemented by configuring client throttling policies and assigning them to mailboxes. When a client exceeds it’s defined throttle policy, an event may be written to the application event log. In the example that is in the forum thread it is for one of the OWA components. An event ID 2915 was logged stating the following:
Process w3wp.exe () (PID=6252). User 'Sid~contosa\abcd~OWA~false' has gone over budget '14' times for component 'OWA' within a one minute period. Info: 'Policy:DefaultThrottlingPolicy_d7d68d93-9249-4fa7-cfoe-901ac837ae2f, Parts:AD:13;'. Threshold value: '10'.
What could possible be confusing with the above? In this case it was the last portion of the message:
“ Threshold value: '10'. ”
Most people assume that the threshold value, as shown in blue above, is an actual value as configured in the throttling policy. So when the cmdlet Get-ThrottlingPolicy is executed, and since 10 does not show up in the OWA section output head scratching ensues!
What is this mythical 10? Is it in binary - no. Is it in Hexadecimal – no. The threshold value actually tells Exchange after how many occurrences should it write the 2915 event to the application log. In other words, if the number of times a user exceeds the budget is higher than 10 in the last minute then we should create an Event 2915.
In this case the user had gone over budget 14 times in the last minute. Since 14 exceeds the event writing threshold count of 10, then the 2915 event was created.
I should do some coverage on throttling policies in general, as there have been some issues with them recently and also historically.
Please do add a comment if there is something that you would like to see posted here. If you don’t want to add a public comment there is always the “Email Blog Author” button to the right of every page.