This is a link throw-down for the items that we discussed during a recent Office 365 workshop that I delivered to customers in sunny Calgary.

I’m posting the links here since they will be available to all of the attendees, and thought that others may also find them useful/interesting. 

Service Descriptions

Exchange Online Service Description – required reading!  Especially the limits section.  Read this now.  Do not be surprised…..

Tools

MXToolbox – useful site to test DNS records, SMTP blacklists etc.

Remote Desktop Connection Manager (RDCMAN) 2.7 is now available.  Downloadable from here. 

New MacLook

New Outlook for MAC - New version of Outlook for MAC (MacLook).

The new Outlook for Mac includes:

• Better performance and reliability as a result of a new threading model and database improvements.

• A new modern user interface with improved scrolling and agility when switching between Ribbon tabs.

• Online archive support for searching Exchange (online or on-premises) archived mail.

• Master Category List support and enhancements delivering access to category lists (name and color) and sync between Mac, Windows and OWA clients.

• Office 365 push email support for real-time email delivery.

• Faster first-run and email download experience with improved Exchange Web Services syncing

Cross Premises Shared Mailbox Support

Planning an Exchange hybrid deployment.  This page has the support statement that shared mailboxes and mailboxes accessing them must reside in the same premises. 

• Mailbox permissions  On-premises mailbox permissions such as Send As, Receive As, and Full Access that are explicitly applied on the mailbox are migrated to Exchange Online if the tenant in Exchange Online has been fully synchronized using Dirsync or AAD Sync. Inherited (non-explicit) mailbox permissions such as permissions applied to the mailbox database and any permissions on non-mailbox objects (such as distribution lists or a mail-enabled user) are not migrated. Therefore, you should recreate these permissions in Exchange Online using the Add-MailboxPermission or Add-RecipientPermission cmdlets.

• Cross-premises permissions Mailbox permissions such as Send As, Receive As, and Full Access are not supported if the user trying to access the mailbox is in Exchange Online but the target mailbox is on-premises, or vice versa. Typically, when migrating a user mailbox from on-premises to Exchange Online, in order to overcome this limitation, mailboxes belonging to users who have access to the first mailbox should also be migrated at the same time to ensure the delegate scenarios continue to work.

Office 365 Authentication Changes

Authentication changes to Office 2013.  This was first announced at MEC 2014 and earlier this year on the Office blog.  The November update is here. 

Training Links

Microsoft Virtual Academy – multiple training videos

Office Technical Blog

Garage Series

DirSync

DirSync release announcement of Password Sync. 

List of Attributes that are Synced by the Azure Active Directory Sync Tool

 How To Run Manual DirSync / Azure Active Directory Sync Updates

 DirSync: How To Switch From Single Sign-On To Password Sync

Random

Exchange Innovation lab – if only it were real….

Do fish drown? – yes they do….

Cheese phobia is  called Turophobia.  It’s a long story…………….

Cheers,

Rhoderick

This post was promoted from the draft bin to production after a customer visit a couple of weeks ago.  When onsite we were looking at how the environment was configured.  The admins had written a series of scripts to determine the environment state which was excellent to see!  One thing that they had assumed though was that the ServerName attribute on a mailbox was where the database was currently mounted.  In this customer’s case they had 12 mailbox servers in the DAG and this data led them to believe that mailboxes were evenly balanced across all of the servers.

Let’s see what is going on, and what caused the issue.

Starting Configuration

In this lab we have Exchange 2010 SP3 RU5 servers.  A single Database Availability Group (DAG) exists which has three members  CONSEA-MB1, CONSEA-MB2 and CONDAL-MB1

No database copies are mounted on mailbox server CONSEA-MB1 apart from DB01:

Just to ensure that there are no MMC refresh issues, PowerShell shows the same:

Since only DB01 is mounted and active on server CONSEA-MB1, then we should expect to see the same number of mailboxes returned if we check both – no?

Get-Mailbox –Server CONSEA-MB1

Get-Mailbox –Database DB01

Let’s run both commands, and pipe to Measure-Object since that makes it easy to count.

Are the numbers the same?  Well, not so much…

In this case we are only off by one, but this is a tiny test lab and not representative of reasonable production environment.

What is causing this?

Floating Like A Butterfly, Fixed Like AD

The ServerName attribute is written to AD when the mailbox is created or moved into that database.  Which name is used?  The server which was hosting the active mailbox copy at that time.  The ServerName attribute is held in AD and is stamped on the user object.  We can see this on the below test mailbox:

The ServerName value is not updated when the database is activated on another server.  If it were, then that would add considerable overhead to AD replication.  That would make the grumpy triangle people even more grumpy, and we don’t want that!

Even *IF* this value was updated and replicated by AD, the other issue is replication latency.  AD may take hours to replicate between AD sites.  This is far too slow for certain Exchange database tasks such as updating log generation values which is why we use the cluster database to ensure fast guaranteed updates for critical database information.

To illustrate, let’s activate DB01 on a different server, in this case CONSEA-MB2.  In the below screen shot you will see that DB01 was moved from CONSEA-MB1 to CONSEA-MB2.  Then we check to make sure that there are no other active databases on server CONSEA-MB1.  Finally we re-run the Get-Mailbox –Server cmdlet to see how many mailboxes are stamped with a ServerName attribute of CONSEA-MB1, and if that value has changed from the initial result of 30.

Has the count changed from the initial value of 30?

No it has not.  This shows that the attribute is not updated when a *-over event occurs in a DAG.

Moving Mailbox To Different Database

In the below example we shall move mailbox Test-100 from database DB01 to DB02.  The initial ServerName value is CONSEA-MB1.  DB02 is currently mounted on server CONDAl-MB1.  This is indicated in the red box below.   Note that once the move request completes, the ServerName value is updated with the name of the mailbox server which hosted the active copy of the database at that point –> CONDAL-MB1.

Again, we see in the below example that activating another copy of the mailbox does not change the ServerName value.  Initially it was mounted on CONDAL-MB1, then moved to CONSEA-MB2.

ServerName Takeaway

In a DAG environment, the ServerName attribute becomes less useful as there are typically multiple copies of a given mailbox database which can seamlessly transition between multiple servers.  The ServerName attribute is not updated in AD when the *-over event occurs.

The ServerName value is stamped based on where the database was mounted when the mailbox was created or last moved.  It is possible to get it to update by running:

Set-Mailbox <user> –Database samedatabasename

Note that we are setting the  same database to the user.  In the lower line the ServerName field has now been updated.

When determining how many databases are actually running off a given mailbox server in a DAG, it is necessary to see what databases are currently mounted on each mailbox server and then enumerate the mailboxes from there.  This could look something like the below one-liner:

 $(Get-MailboxServer | Get-MailboxDatabaseCopyStatus | Where-Object {$_.Status –eq “Mounted”} | Sort-Object) | ForEach-Object { Write-Host $_.DatabaseName (Get-Mailbox –Database $_.Databasename –ResultSize Unlimited).Count }

Please note that the above is one line, and it may wrap.

Cheers,

Rhoderick

Time flies.  It’s now been 5 years since I completed the Exchange 2007 Microsoft Certified Master course in not so sunny Redmond.  That was MCM rotation 4, which was the last Exchange 2007 rotation.  If memory serves me correctly we started on the Monday the 2nd of November 2009 and finished on Saturday the 21st. 

During this Exchange love fest we had a total of 4 tests.  3 written tests and the qual lab.  After each week there would be a written test which covered the content from the preceding week.  For us it was on the following Monday.  Though in week 3 we had the week 2 content tested on the Monday, the week 3 exam on Friday and the qual lab the next day (Saturday).  Owch, that is still painful even thinking about it.  The below MCP exam transcript does not really do justice to the effort, cost and blood spent to earn each line….;.

One common comment is that this is a marathon of Exchange!  To get through it and stay healthy is a challenge. I elected to stay at the silver cloud hotel and walk to campus daily.  That 15 minute walk there and back at the end of the day was a blessing!  Before settling down to do more study at the end of a 12 hour day, I got into the habit of swimming in the highly chlorinated pool.  And to assist with memory retention whilst in building 40, paid many frequent visits to one of Starbucks coffee dispensing contraptions. 

Then there came the crazy little thing called the qual lab…

On the topic of other crazy little things, November the 24th is also the day that Freddie Mercury died.  *

Greg, as only Greg can/will do, blogged as we were doing the qual lab in his normal style: 17 Frowns and a Box of Donuts.  At the end of the day there were 10 happy souls, though only 9 knew about it.  One person thought that they had not completed the final task, but they had.  They just needed cached store data to expire and everything was perfect!

What has happened since that?  Lots of good stuff, and some bad…

Good Stuff

There was a great bunch of people in my rotation.  And to this day we still all help each other out and that is one of the best outcomes from the MCM.  The same is true for the wider MCM community.  These are the most passionate and capable people that you’d every dream of working with and it is a vibrant community.  Every day I learn some arcane aspect of Exchange. 

12 months after this we had a mini-reunion and a lot of MCM R4 came back to do the Exchange 2010 MCM upgrade course.  This was a beast.  Lots of content compressed into a single week, with a written exam at the end followed by yet another qual lab.  There were 25 people attending, all of which were existing MCMs and only half a dozen walked away fully upgraded.  Thankfully I was one of them, but it was rough.  I seem to remember not being able to sleep with my leg muscles going into spasm.  After completing the written test things  was a blur. Then the qual lab was done on vapours and RockStar (thanks for that Dan S!).  Did I say it was a tough week?

There used to be a nice page on the Microsoft learning (MSL) portion of Microsoft.com where you could see all the people who had passed MCM/MCA and agreed to their name being publically displayed.  Now there are a series of PDF files in lieu. 

Having my brain melted with all of the MCM content certainly helped the technical interviews when applying to Microsoft.  I’m still not really sure if Eric wanted to hire me for my technical acumen or since I was crazy enough to crack jokes with them whilst being interviewed.

Bad Stuff

I clearly remember being up late on a Friday evening in August, when an email popped up.  It was the Friday on a long weekend.  This was from MSL and it said that the MCM programme was being cut.  I read it.  Then re-read it and was wondering if the date was not the 1st of April.  Unfortunately the date was the 30th of August 2013 and the email was real. 

Neil has the content of letter posted, and there are some “interesting” comments. 

While I can understand that MSL has the right to change/cancel any one of its programmes, the way that all of the MCM programmes were cancelled was inexcusable.  IIRC there were non-exchange rotations currently in-progress when the news was released, and Exchange rotations starting in the near future.  When a standard MCP exam is scheduled to retire there is significant amount of notice given so people can plan accordingly.  One can only imagine why this was not also afforded to the MCM track.  An MCP exam costs $150 USD.  MCM was $18,500 or so….

The other not so good memory, relates to walking to the qual lab.  After drinking a can of RockStar I then walked to campus.  Half way up the hill I thought the scene in Alien featuring John Hurt was being re-enacted and my heart was about to detach itself.  That was the last time I drank that potion,  Well until the next qual lab!

Cheers,

Rhoderick

* – That was 1991.  Time certainly does fly. 

The venerable Remote Desktop Connection Manager (RDCMan) 2.2 was starting to show its age. 

After a slight hiatus, RDCMan 2.7 is now available.  Please say thank you to Julian Burger for the early Christmas present.  Remote Desktop Connection Manager (RDCMan) is a great tool to consolidate multiple RDP connections into a single window to prevent desktop clutter.

RDCMan 2.7 supports Windows 8, 8.1, Server 2012 and 2012 R2.

The tool can be obtained from the Microsoft download centre. 

Installation Pointers

There are a couple of things worth noting about the tool:

It will install into the x86 Program Files folder on a x64 machine: 

C:\Program Files (x86)\Microsoft\Remote Desktop Connection Manager

Do not save your custom RDG files in the installation folder, just in case your local workstation dies and the file is gone. I always keep my .RDG files in a  subfolder of My Documents, which is a redirected folder to a file server. 

The RDG files are portable, and you can share them within your organisation.  For example, when you get a new admin give them a copy of the RDG files and they are able to review your list of servers and get connected easily – assuming they have the permissions….

The help file is located in a sub directory called Resources,  - unsurprisingly this is called help.htm

2.7 Fixes & Features

From the above help file.  Please review the help file for details. 

New features

• Virtual machine connect-to-console support
• Client size options come from the application config file (RDCMan.exe.config) rather than being hard-coded.
• View.Client size.Custom menu item shows the current size
• View.Client size => From remote desktop size
• Option to hide the main menu until Alt is pressed. Hover over the window title also shows the menu.
• Added Smart groups
• Support for credential encryption with certificates
• Better handling of read-only files
• Added recently used servers virtual group
• New implementation of thumbnail view for more predictable navigation
• Thumbnail view remembers scroll position when changing groups, etc.
• Performance improvements when loading large files
• Allow scale-to-fit for docked servers (Display Settings.Scale docked remote desktop to fit window)
• Allow scale-to-fit for undocked servers (Display Settings.Scale undocked remote desktop to fit window)
• "Source" for inheritance in properties dialog is now a button to open the properties for the source node.
• Focus release pop up => changed to buttons, added minimize option.
• Added command-line "/noconnect" option to disable startup “reconnect servers” dialog
• Session menu items to send keys to the remote session, e.g. Ctrl+Alt+Del
• Session menu items to send actions to the remote session, e.g. display charms
• Domain="[display]" means use the display name for the domain name.

Bugs fixed

• Application is now DPI aware
• Undocking a server not visible in the client panel resulted in the client not being shown in undocked form.
• Ctrl+S shortcut didn’t work at all. It now works and always saves, even if there are no detected changes to the file.
• Shortcut keys didn’t work when focus was on a thumbnail.
• Add/delete profile in management tab. In same dialog instance, profiles are not updated. Similarly adding a new profile from combo doesn’t update the tab.
• Window title was not updated when selected node is removed and no new node selected (open a file, close the file.)
• Connect via keyboard didn’t always give focus when it should.
• Connected Group would always show itself upon connecting to a machine, regardless of setting.
• Selecting a built-in group then hiding via menu option didn’t work properly.
• Editing server/group properties did not always mark a file as changed.
• Non-changes could result in save prompts at exit. This should no longer happen.
• Activating the context menu via the keyboard button was not always operating on the correct node.
• Changing a server/group name doesn’t change window title if the server/group is currently selected.
• ALT+PAGEUP and ALT+PAGEDOWN hotkeys were switched. This is fixed for new installs—for existing files you’ll want to change on the [Tools.Options.Hot Keys] tab.
• /reset command line option wasn’t resetting all preferences
• “Server Tree” option from “Select server” focus release dialog didn’t show the server tree if it was hidden.
• New file directory now defaults to “Documents”.
• ListSessions dialog sometimes popped up in a weird location. Now placed within the main window
  

Finally and most importantly, please say a big thank you to Julian Burger the developer who wrote this and David Zazzo for working to get the tool released initially!!

Cheers,

Rhoderick

In some of the recent posts you will have noted that there have been some issues with VMware, and also network cards dropping packets in packets received discarded.  One symptom of this is that nodes will be removed from the cluster and EventID 1135 is logged into the System log.  EventID 1135  states that the Cluster node was removed from the active failover cluster membership.  In Exchange 2010/2013 this impacts the Database Availability Group (DAG) as the databases will be moved off that server. 

This is not good, and is something that warrants investigation.  

To facilitate this I wrote a quick script to review the number of EventID 1135 on Exchange servers in a DAG. 

The script is available in the TechNet gallery. 

It will loop through all Exchange 2010 servers that have the mailbox role, and for each of these servers then determine how may 1135 errors are present in the system event log.  The default value is to search back for the past 90 days.

As noted in this post for filtering PowerShell, you can edit the query to select different Exchange servers.

In order to try and improve performance a FilterHashTable was used rather than Where-object:

$Events = Get-WinEvent -ComputerName $ExchangeServer.Name -ErrorAction silentlycontinue -FilterHashtable @{logname='system'; ID=$EventIDToSearch; StartTime=$SearchDate}

The output data is saved into an array called $Output.  You can edit the script to choose where the data is displayed.  Either directly under each server as it is queried, at the end of processing or to a CSV file.  By default the other are REMMED out, and the contents of $Output are written to a CSV in the directory where the script is executed from. 

Comments and feedback are always welcome!

Cheers,

Rhoderick