Exchange News: August 2015

Monday, August 31, 2015

EighTwOne: Connecting to Office 365/Exchange

Almost 3 years ago, I wrote an article on how to enhance the PowerShell Integrated Scripting Environment, or ISE. That seemed adequate for the Exchange admin back then, who mostly connected their PowerShell session to their his on-premises environment, and perhaps occasionally a bit of Exchange Online.

Fast forward to 2015, most modern Exchange administrators not only require a connection – if any – to their Exchange on-premises environment, but likely to one or more of the Office 365 services as well. This includes Exchange On-Premises, Azure Active Directory, Exchange Online Protection and perhaps even Skype for Business Online, SharePoint Online, Azure Rights Management Services or Compliance Center.

All these service use a different PowerShell session, use a different endpoint FQDN, and sometimes even require a locally installed PowerShell module. Likely common denominator is the credential used to access each of these services. So, tired of re-entering my credentials every time when switching from Exchange Online to Exchange Online Protection, I created a script with a set of functions to allow me connect to each individual Office 365 service or Exchange Online:

Connect-AzureAD: Connects to Azure Active Directory
Connect-AzureRMS: Connects to Azure Rights Management
Connect-ExchangeOnline: Connects to Exchange Online
Connect-SkypeOnline: Connects to Skype for Business Online
Connect-EOP: Connects to Exchange Online Protection
Connect-ComplianceCenter: Connects to Compliance Center
Connect-SharePointOnline: Connects to SharePoint Online
Get-Office365Credentials: Gets Office 365 credentials
Connect-ExchangeOnPremises: Connects to Exchange On-Premises
Get-OnPremisesCredentials: Gets On-Premises credentials
Get-ExchangeOnPremisesFQDN: Gets FQDN for Exchange On-Premises
Get-Office365Tenant: Gets Office 365 tenant name (SharePoint)

Note that functions and credentials used in the script are global, and in principle only need to be entered once per shell or ISE session. If you need different credentials, call Get-Office365Credentials again. User interaction is a very basic Read-Host, but it does the job.

Requirements
During initialization, the script will detect the modules which are required for certain Office 365 services. When not installed, it will notify you, and provide a link where to obtain the PowerShell module. The related Connect function will not be made available. The Azure Active Directory module also requires the Microsoft Online Sign-In Assistant to be installed. Needless to say, PowerShell is required to run this script, which is tested against version 4 (but should work with 3)

Usage
The functions are contained in a script called Connect-Office365Services.ps1. You can call this script manually from your PowerShell session to make the functions available. However, more convenient may be to have them always available in every PowerShell or ISE session. To achieve this, you need to edit your $profile, which is a script which always starts when you start a PowerShell or ISE session. By default this file does not exist and you need to create it, including the path. Also note that the files for PowerShell and ISE are different, Microsoft.PowerShell_profile.ps1
and Microsoft.PowerShellISE_profile.ps1 respectively.

Now, of course you can copy and paste the functions from the script file to your own $profile. Better is to call the script from your $profile, as this allows you to overwrite the Connect-Office365Services.ps1 with updates. To achieve this, assume you copied the Connect-Office365Services.ps1 in the same location as your $profile, for example C:\Users\Michel\Documents\WindowsPowerShell. You can then make PowerShell and ISE call this script by adding the following line to the $profile scripts:

& “$PSScriptRoot\Connect-Office365Services.ps1”

Now when you start a PowerShell session, you might see the following:

This shows the Microsoft Online Sign-In Assistant and Azure Active Directory PowerShell module is available, and related connect functions should be available.

When you load the script from ISE, it will show something similar. However, it will also show ISE is detected and make all functions available through the Add-On menu:

Notes
Customize this script to your liking. For example, if you always want to connect to Azure Active Directory when connecting to Exchange Online, add Connect-AzureAD in the Connect-ExchangeOnline function, or when you always want to connect to a fixed FQDN for Exchange On-Premises, insert it in the script or – better – configure your $profile to predefine the FQDN, e.g. $global:ExchangeOnPremisesFQDN=’mail.contoso.com’.

Download / Revisions
You can download the script from the TechNet Gallery here. The TechNet Gallery page as well as the script contains revision information.

Feedback
Feedback is welcomed through the comments. If you got scripting suggestions or questions, do not hesitate using the contact form.

Filed under: Azure Active Directory, Exchange 2013, Exchange 2016, Office 365, Online Tagged: PowerShell, Script

from Exchange News Full Article

MSExchange.org: Product Review: Kernel for Exchange

This article reviews Kernel for Exchange.

from Exchange News Full Article

Friday, August 28, 2015

msexchange.org: Lepide makes Exchange migration even simpler

Latest upgrade enables IT managers to analyze Exchange data prior to migration and migrate Public Folders from on-premise Exchange Server to Office 365.

from Exchange News Full Article

Thursday, August 27, 2015

MSExchange.org: Off-boarding email from Office 365 to Exchange 2013 (Part 4)

In this series we cover how to successfully migrate mail from Office 365 into a new Exchange organization.

from Exchange News Full Article

msexchange.org: Azure AD Connect - August update released

First update released.

from Exchange News Full Article

msexchange.org: New Windows Server 2016 Technical Preview 3 Networking Overview

from Exchange News Full Article

msexchange.org: A brave new world for Exchange 2016 cmdlet reference topic delivery and updates

from Exchange News Full Article

msexchange.org: Exchange Server 2013 CU9 – Watch your IMAP clients

from Exchange News Full Article

msexchange.org: Deeper integration between Office documents and Outlook for iOS

from Exchange News Full Article

Tuesday, August 25, 2015

MSExchange.org: Exchange Archiving: On-Premises vs Cloud-Based (Part 5)

Working with In-Place Hold and eDiscovery when on-premises and cloud-based archives are in use.

from Exchange News Full Article

Monday, August 24, 2015

Exchange Team Blog: A brave new world for Exchange 2016 cmdlet reference topic delivery and updates

Update-ExchangeHelp is an Exchange cmdlet that installs the latest available Exchange cmdlet reference help topics on the Exchange server for use in the Exchange Management Shell (Get-Help <Cmdlet>). Although there are ostensibly Windows PowerShell cmdlets for this same task (Update-Help and Save-Help), they don’t work with the Exchange Management Shell.

Update-ExchangeHelp was available in Exchange 2013, but we haven’t previously used it to its full potential. That’s about to change for Exchange 2016. We’re going to rely heavily on Update-ExchangeHelp to release new and updated Exchange cmdlet reference topics for the Exchange Management Shell for all Exchange 2016 product releases (RTM and Cumulative Updates (CUs)). In fact, in a given Exchange product release, you may find that some Exchange cmdlet reference topics aren’t fully documented at the command line.

And how, is this a positive, you may ask? By changing how we approach updating cmdlet reference topics, we can achieve the following benefits:

Increased quality for the cmdlets customers actually use We can concentrate on writing help for new cmdlets and updates to high-usage cmdlets first. We have 2+ years of customer usage data for the Exchange 2013 cmdlet reference topics on TechNet. Instead of attempting to update every single cmdlet topic completely for an Exchange release, as we’ve done in the past (think: wide and shallow), we can concentrate on making updates to the new and most highly viewed cmdlets first (think: narrow and deep).
Timely localization For a given Exchange release, the English help for Exchange cmdlets comes first, and the translated versions follow. This means that localized Exchange cmdlet help for RTM was available at the command line for CU1, localized Exchange cmdlet help for CU1 was available at the command line for CU2, etc. Using Update-ExchangeHelp, we can make the localized Exchange cmdlet help available as soon as it’s ready without having to wait for the next release.

For an Exchange product release, we’ll target the highest priority updates for Exchange cmdlet reference topics, and get those updates into Exchange code for availability at the command line. After the Exchange product release, we’ll continue to work on updates to Exchange cmdlet reference topics, and publish them to TechNet and as downloadable update packages for Update-ExchangeHelp. At your convenience before the next Exchange product release, you can use Update-ExchangeHelp to download the updated Exchange cmdlet reference topics for the Exchange Management Shell.

We’ll try to balance the frequency of update package releases between Exchange product releases. An Exchange product release allows us to get updated Exchange cmdlet reference topics into Exchange code, so there’s no need to release a downloadable update package right before an Exchange product release. Given the quarterly status of Exchange product releases, it’s reasonable to expect one or two English update packages releases per quarter, and no more frequently than a month or so apart. For localized versions, it’s likely we’ll release one update package per quarter. The English versions of the topics will always be ahead of the localized versions, but the gap will be smaller.

Here’s an example. There’s an Exchange product release, and not all of the Exchange cmdlet reference topics are complete. We’ll continue to work on the topics, and one month after the release, we’ll publish an update package for English. We’ll localize that update package and publish it as soon as it’s ready (likely, a few weeks after the English update package). We’ll continue to work on incomplete cmdlet reference topics in English, and we’ll publish another update package for English about a month after the first one. At this point, we’re two months into the quarter, and the next Exchange product release is likely only one month away. We’ll continue to improve the cmdlet reference topics, and we’ll check them into Exchange code for that next product release. When that Exchange product release goes public, the cycle starts over again.

Another key factor in this strategy is notification. You can periodically run Update-ExchangeHelp to check for updates, but that’s not ideal. We’ll likely use an RSS feed to notify when an updated package is available.

How it works

Using Update-ExchangeHelp is pretty straightforward: you run this command in the Exchange Management Shell on an Exchange server, or on a computer that has the Exchange Management Tools installed.

Update-ExchangeHelp -Verbose

The Verbose switch is important, because it gives you status messages, like “your server is already up-to-date” or “you already tried this within the last 24 hours.” To bypass the 24-hour limit and run the command more frequently, you can add the Force switch.

The problem? The Exchange server requires Internet access so it can download the update package. Not a big deal for some, but a deal-breaker for others. To work around this, read on.

Offline mode for Update-ExchangeHelp

Basically, there are the 4 steps you need to follow to customize Update-ExchangeHelp so it looks for updates on your local network.

Download and inspect the ExchangeHelpInfo.xml manifest file.
Download the update packages, publish the update packages on an internal web server, and customize the ExchangeHelpInfo.xml file.
Publish the customized ExchangeHelpInfo.xml file.
Modify the registry of the Exchange servers to point to the customized ExchangeHelpInfo.xml file.

Step 1: Download and inspect the ExchangeHelpInfo.xml manifest file.

Open http://ift.tt/1JffrIN, save the ExchangeHelpInfo.xml file, and open the file in Notepad. Here’s a hypothetical example of the contents of the ExchangeHelpInfo.xml file:

<?xml version="1.0" encoding="utf-8"?>
<ExchangeHelpInfo>
<HelpVersions>
    <HelpVersion>
      <Version>15.01.0225.030-15.01.0225.050</Version>
      <Revision>001</Revision>
    <CulturesUpdated>en</CulturesUpdated>
<CabinetUrl>http://ift.tt/1Nwg8DO;
    </HelpVersion>
    <HelpVersion>
      <Version>15.01.0225.030-15.01.0225.050</Version>
      <Revision>002</Revision>
      <CulturesUpdated>de, es, fr, it, ja, ko, pt, pu, ru, zh-HanS, zh-HanT</CulturesUpdated>
<CabinetUrl>http://ift.tt/1JffrIP;
    </HelpVersion>
    <HelpVersion>
      <Version>15.01.0225.030-15.01.0225.050</Version>
        <Revision>003</Revision>
      <CulturesUpdated>en</CulturesUpdated>
<CabinetUrl>http://ift.tt/1Nwg8U4;
      </HelpVersion>
    </HelpVersions>
</ExchangeHelpInfo>

Each available update package is defined in a <HelpVersion> section, and each <HelpVersion> section contains the following keys.

<Version> Identifies the version Exchange that the update package applies to. 15.01.xxxx.xxx is Exchange 2016. 15.00.xxxx.xxx is Exchange 2013. This key might specify one version or a range of versions.
<CulturesUpdated> Identifies the language that the update package applies to. This key might specify one language or multiple languages.
<Revision> Identifies the order that the updated packages were released for the major version of Exchange. In other words, the first update package released for Exchange 2016 is 001, the second is 002, etc. And, there's no relationship between the update packages and the order they were released in. For example, 001 might be an English only update, 002 might be an update for all other supported languages, and 003 might be a German-only update.
<CabinetUrl> Identifies the name and location of the update package for the <HelpVersion> section.

The update package that's defined in a <HelpVersion> section applies to an Exchange server based on the combination of <Version> and <CulturesUpdated> values.

You might find that multiple <HelpVersion> sections apply to your Exchange servers for a given version of Exchange. For example, there might be multiple updates for the same language, or separate updates for different languages that both apply to your Exchange servers because you have multiple languages installed. Either way, you need only the most recent update for your Exchange server version and language based on the <Revision> key.

For example, suppose your Exchange servers are running Exchange 2016 version 15.01.0225.040 with English and Spanish installed, and the ExchangeHelpInfo.xml manifest file looks like the example mentioned above.

In this example, all the updates apply to you based on the version of Exchange. However, you need only revision 003 for English, and revision 002 for Spanish. You don't need revision 001 for English because revision 003 is newer.

Step 2: Download the update packages, publish the update packages on an internal web server, and customize the ExchangeHelpInfo.xml manifest file.

The easiest and least time-consuming thing to do is to act like every available update package applies to you.

Download all of the .cab files that are defined in the ExchangeHelpInfo.xml file by using the URL that’s defined in the <CabinetUrl> value.
Publish those .cab files on an Intranet server (for example http://ift.tt/1JffrIR).
Modify the <CabinetUrl> values in the ExchangeHelpInfo.xml file to point to the .cab files on the Intranet server (for example, http://ift.tt/1Jffsw9;).
Save the customized ExchangeHelpInfo.xml file.

The benefits to this approach?

Not much thought involved. It’s difficult to make a mistake and accidentally miss an update that applies to you, because you’re grabbing every available .cab file.
Easier maintenance. Whenever we release an update package, you just download the new ExchangeHelpInfo.xml file, and grab every new .cab file that’s defined in it.

The drawback to this approach?

It’s pretty much guaranteed that you’ll download update packages than you don’t need based on version and language.
Space is consumed on the Intranet server by irrelevant .cab files that you don’t need.

If you want to identify only the .cab files that apply to you, follow these steps.

1. Find the version details for your Exchange servers

a. To find the version details on a single Exchange server, run the following command in the Exchange Management Shell.

Get-Command Exsetup.exe | ForEach {$_.FileVersionInfo}

b. To find the version details for all Exchange servers in your organization, run the following command in the Exchange Management Shell.

Get-ExchangeServer | Sort-Object Name | ForEach {Invoke-Command -ComputerName $_.Name -ScriptBlock {Get-Command ExSetup.exe | ForEach{$_.FileVersionInfo}}} | Format-Table -Auto

The result for ProductVersion will be in the format 15.01.0225.xxx.

2. Find the <HelpVersion> sections in the ExchangeHelpInfo.xml file that apply to you based on the values of the <Version>, <CulturesUpdated>, and <Revision> keys. The methodology was described in Step 1.

After you identify the .cab files that apply to you, follow these steps:

Download the applicable .cab files by using the URL that’s defined in the <CabinetUrl> value.
Publish those .cab files on an Intranet server (for example http://ift.tt/1JffrIR).
Modify the <CabinetUrl> values in the ExchangeHelpInfo.xml file to point to the .cab files on the Intranet server (for example, http://ift.tt/1Jffswb;).
If you like, you can also remove the <HelpVersion> sections that don’t apply to you.
Save the customized ExchangeHelpInfo.xml file.

Step 3: Publish the customized ExchangeHelpInfo.xml file

In the previous step, you customized the ExchangeHelpInfo.xml file by changing the <CabinetUrl> values to point to the .cab files on an Intranet server. Now, you need to publish the customized ExchangeHelpInfo.xml file on an Intranet server (for example, http://ift.tt/1Nwg7Q6). Note that there's no relationship between the ExchangeHelpInfo.xml file and .cab file locations. You can have them available at the same URL or on different servers.

Step 4: Modify the registry of the Exchange servers to point to the customized ExchangeHelpInfo.xml file

You need the Intranet location for the ExchagneHelpInfo.xml file that you configured in the previous step. This example uses the value http://ift.tt/1Nwg7Q6 as an example.

1. Copy and paste the following text into Notepad, customize the URL for your environment, and save the file as UpdateExchangeHelp.reg.

Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ExchangeServer\v15\UpdateExchangeHelp]
"ManifestUrl"="http://ift.tt/1JffrZa;

2. Run the UpdateExchangeHelp.reg file on your internal Exchange servers.

Maintenance and use of Update-ExchangeHelp

Now when you run Update-ExchangeHelp in the Exchange Management Shell on your Exchange servers, the command gets information and downloads files from the Intranet locations you specified. That’s easy.

What’s less easy is the long-term maintenance of this customized setup. Basically, you'll need to repeat Steps 1 through 3 when you discover a downloadable update package has been made available for Exchange cmdlet reference help, and you want to deploy that updated help to your Exchange servers (everything but the registry modification).

Chris Davis

from Exchange News Full Article

Thursday, August 20, 2015

msexchange.org: Introducing the Office IT Pro Deployment Script project

PowerShell has quickly become an indispensable skill for Office 365 administrators, and if you’re like me, you are starting to gather a toolbox of useful scripts. If you are new to PowerShell for Office 365, make sure you check out our PowerShell for Office 365 site with common scenarios and sample scripts available to download.

from Exchange News Full Article

msexchange.org: Announcing Windows Server 2016 Containers Preview

At DockerCon this year, Mark Russinovich, CTO of Microsoft Azure, demonstrated the first ever application built using code running in both a Windows Server Container and a Linux container connected together. This demo helped demonstrate Microsoft's vision that in partnership with Docker, we can help bring the Windows and Linux ecosystems together by enabling developers to build container-based distributed applications using the tools and platforms of their choice.

from Exchange News Full Article

msexchange.org: Last Chance to Sign up for the Webinar Windows 2003 End of Life Risks and Considerations

Windows Server 2003 support ended on July 14, 2015. Now more than ever, you need to be aware of the risk factors and other considerations as you migrate to Windows Server 2012.

from Exchange News Full Article

MSExchange.org: Intune and Exchange ActiveSync (Part 4)

In the previous part of this article series we had a look at how to create and use Intune groups, and created an Intune Mobile Device Security Policy. In this fourth part we will start enrolling mobile devices and create an Email Profile to automatically configure mobile devices to connect to our organization.

from Exchange News Full Article

msexchange.org: Virtual Event: Implementing Microsoft Lync/Skype for Business in Your Enterprise

Microsoft Lync/Skype for Business is one of the fastest-growing enterprise communications products, with offerings ranging from basic presence/Instant Messaging to room video. Most enterprises are at least considering Lync for some of their UC architecture going forward—but which parts of Lync are best for a particular enterprise, and how does the enterprise make Lync elements interwork with legacy communications systems, to protect investments in these systems?

from Exchange News Full Article

msexchange.org: Free ebook: Microsoft System Center Building a Virtualized Network Solution

We’re happy to announce the release of our newest free ebook, Microsoft System Center Building a Virtualized Network Solution, Second Edition (ISBN 9780735695801), by Nigel Cain, Michel Luescher, Damian Flynn, and Alvin Morales; Series Editor: Mitch Tulloch.

from Exchange News Full Article

The EXPTA {blog}: Exchange 2013 Migration Batch Completes Successfully, But Mailbox is Not Moved

Here's another weird one. I'm testing a mailbox move from Exchange 2013 to Exchange 2016 (beta) for a mailbox with an in-place archive. I can create a new migration batch for the user and it completes in short order, but the mailbox and archive are not moved. The number of Total, Synced, Failed, and Successful mailboxes for the batch is zero. I get a notification email saying the batch completed successfully, but no mailboxes were moved or synced.

"Successful" Migration Batch Notification

When I look at the details of the migration batch in EMS I see that the ValidationWarningCount is 1 and the ValidationWarnings show, "Error:The user already exists, but the migration batch that includes it couldn't be found. Before you try migrating the user within a batch again, please remove the existing user by running the Remove-MigrationUser cmdlet."

Migration Batch Validation Warnings

Whoever wrote that error message deserves a raise. MUCH better than the "Error code 2" I'm used to getting.

A "MigrationUser" object is created for each user who is in the process of being migrated or the migration has not been completed, so it remains in a syncing state. I ran the Get-MigrationUser cmdlet which revealed that the mailbox was indeed "stuck" in a migration since 7/20/2013(!!) with no other issues.

This mailbox has been "migrating" for over two years!

So, I removed the migration user using the Remove-MigrationUser cmdlet. I needed to use the -Force parameter since the move request no longer exists.

Remove-MigrationUser clears the way to re-run the migration

This fixed the problem and I was able to move the mailbox and archive successfully. This condition would prevent a mailbox from moving to any other database or Office 365. It's strange that Exchange doesn't detect this when the batch request is created.

from Exchange News Full Article

Saturday, August 15, 2015

msexchange.org: Virtual Event: Implementing Microsoft Lync/Skype for Business in Your Enterprise

msexchange.org: Free ebook: Microsoft System Center Building a Virtualized Network Solution

msexchange.org: Rollout and Adoption Success Kit (RASK) Resources

This Rollout and Adoption Resources package is a collection of tools, documentation, and templates designed to help project teams plan, pilot, deploy, and evaluate the success of their Lync/Skype for Business rollout. These resources are intended for use with the Rollout and Adoption Success Kit (RASK).

from Exchange News Full Article

msexchange.org: Microsoft Message Analyzer v1.3.1

Message Analyzer enables you to capture, display, and analyze protocol messaging traffic; and to trace and assess system events and other messages from Windows components.

from Exchange News Full Article

msexchange.org: Office Deployment Tool for Click-to-Run v1.02

The Office Deployment Tool allows the administrator to customize and manage Office 2013 Click-to-Run deployments. This tool will help adminstrators to manage installations sources, product/language combinations, and deployment configuration options for Office Click-to-Run.

from Exchange News Full Article

MSExchange.org: Off-boarding email from Office 365 to Exchange 2013 (Part 3)

In this series we cover how to successfully migrate mail from Office 365 into a new Exchange organization.

from Exchange News Full Article

Blankman Blog: Office 365 users cannot see on-premises free/busy

Issue

My Customer introduced an Exchange 2013 server into the Exchange 2010 based organisation, however found that Inbound Free/Busy tests failed using Office 365 based OWA.

The W3SVC IIS logs revealed the following error – the line has been shortened for clarity

POST /autodiscover/http://ift.tt/1gHVH8T & ASAutoDiscover/CrossForest/EmailDomain//15.01.0225.018 – 500 0 0 124

Cause

The Exchange 2013 server was unable to resolve mail.domain.com and autodiscover.domain.com to itself, as internal DNS had not been updated yet. This was resolved by adding static entries for these names into the HOSTS file.

After re-testing, the issue was found to have been resolved.

Tags: #IAMMEC, ignite, office 365

from Exchange News Full Article

Blankman Blog: Office 365 users cannot see on-premises free/busy

Issue

My Customer introduced an Exchange 2013 server into the Exchange 2010 based organisation, however found that Inbound Free/Busy tests failed using Office 365 based OWA.

The W3SVC IIS logs revealed the following error – the line has been shortened for clarity

POST /autodiscover/http://ift.tt/1gHVH8T & ASAutoDiscover/CrossForest/EmailDomain//15.01.0225.018 – 500 0 0 124

Cause

After re-testing, the issue was found to have been resolved.

Tags: #IAMMEC, ignite, office 365

from Exchange News Full Article

Blankman Blog: Exchange 2013 Hybrid Wizard–Empty Certificate Dropdown

When Running the Hybrid mode wizard in Exchange 2013, occasionally you’ll find that the certificate dropdown selector within the wizard is empty, even though you’ve confirmed that

the certificate is a valid third party certificate
services have been assigned to the same certificate in Exchange

with a screen which looks as follows:

We can confirm the certificate validity via PowerShell using

Get-ExchangeCertificate

We know that the hybrid configuration is stored in Active Directory, so even though we can’t complete the Hybrid Mode configuration via the GUI, we can populate the required field – in this case which certificate to use, using PowerShell.

We will be using the Set-HybridMode cmdlet to force the certificate selection. First we’ll examine the certificate for the the Issuer and Subject attributes as follows

then we’ll combine those into the required sting and set it using the Set-HybridMode cmdlet

We can see the successful population of the Hybrid mode object using the Get-HybridConfiguration cmdlet

Next, we can re-run the Hybrid mode Wizard, and even though the dropdown still appears as empty, we can click past to the next stage. Once the wizard completes, however, we are able to choose to modify the Hybrid mode configuration, and see the certificate in the wizard, even though the drop down menu is still empty.

Tags: #IAMMEC, ignite, Office365

from Exchange News Full Article

Blankman Blog: Exchange 2013 Hybrid Wizard–Empty Certificate Dropdown

When Running the Hybrid mode wizard in Exchange 2013, occasionally you’ll find that the certificate dropdown selector within the wizard is empty, even though you’ve confirmed that

the certificate is a valid third party certificate
services have been assigned to the same certificate in Exchange

with a screen which looks as follows:

We can confirm the certificate validity via PowerShell using

Get-ExchangeCertificate

We will be using the Set-HybridMode cmdlet to force the certificate selection. First we’ll examine the certificate for the the Issuer and Subject attributes as follows

then we’ll combine those into the required sting and set it using the Set-HybridMode cmdlet

We can see the successful population of the Hybrid mode object using the Get-HybridConfiguration cmdlet

Tags: #IAMMEC, ignite, Office365

from Exchange News Full Article

The EXPTA {blog}: Fix for Server Manager Error: "Online - Cannot get performance counter data"

One of the interesting things about having a home lab is you get to break things in ways that no one thought possible. I'll give a nickle to the next person who has this happen to them.

I have three Exchange servers running Windows Server 2012 R2. Performance counters have been started on all three servers (see http://ift.tt/1WpV1pw). One server had two IP addresses configured for one NIC so I could do some testing. When I removed the second IP address from the single NIC and restarted the server Server Manager complained that it could not refresh that server.

When I clicked Manageability in Server Manager it showed "Online - Cannot get performance counter data." Re-adding the secondary IP and restarting the server doesn't help.

Lots of troubleshooting later (involving Perfmon, Bing-fu, and swearing) I discovered the following fix:

Open an elevated CMD prompt to C:\Windows
Run lodctr /R to rebuild the perf registry strings and info from scratch based on the current registry settings and backup INI files. If this works, you're done. In my case, it resulted with the error, "Error: Unable to rebuild performance counter setting from system backup store, error code is 2." Very helpful. :-|
Change to the C:\Windows\SysWOW64 folder and run lodctr /R again. This time I got "Info: Successfully rebuilt performance counter setting from system backup store"
Run winmgmt /resyncperf to register the system performance libraries with WMI and then refresh Server Manager to see that the problem is resolved.

One of the reasons I run this blog is to maintain a memory of esoteric things like this. I doubt I'll ever see it again.

from Exchange News Full Article

MSExchange.org: Deploying an Exchange 2013 Hybrid Lab Environment in Windows Azure (Part 32)

In this article we will take a look at the client experience, when a mailbox has been moved from an on-premises Exchange environment to Exchange Online.

from Exchange News Full Article

Exchange Team Blog: Hybrid deployment best practices

Many Office 365 customers are using our hybrid deployment option since it offers the most flexible migration process, the best coexistence story, and the most seamless onboarding user experience. However, even with all of this flexibility, a few wrong choices in the planning and deployment phase could cause you to have a delayed migration, unsupported configuration or have poor experience. This article will help you make the best choices for your hybrid configuration so you can avoid some common mistakes. For more information on Exchange hybrid go here.

* As of this writing, Exchange 2016 is in Preview. It is not meant for production use. You would never install that in your production environments… right?

Ensure your on-premises Exchange Deployment is healthy

Some of our best guidance for configuring hybrid comes from the Exchange Deployment Assistant (EDA), however the Exchange Deployment Assistant separates the on-premises configuration from the hybrid configuration. There is an unwritten assumption that is made in our hybrid guidance that you have already properly deployed and completed the coexistence process with the current versions of Exchange in your on-premises environment. You really should ensure the existing environment is a healthy environment prior to starting Exchange hybrid configuration steps.

This means that if the newest version of Exchange in your environment is Exchange 2010, you need to deploy the right amount of 2010 servers to handle the normal connection and mail flow load for all of your on-premises mailboxes. Similarly, if the latest version in your environment is Exchange 2013, you need to deploy enough 2013 servers to handle the load. For more information on on-premises Exchange Server sizing go here.

Note: There is always an exception to the rule. In this case the exception is mail flow. There is a possibility that you may configure hybrid so all mail flows through your on-premises environment even after you move most of your mailboxes to Exchange Online. You may even have some applications that rely on the on-premises Exchange servers for SMTP relay. All of this needs to be accounted for and some extra thought may need to go into your sizing plans for these scenarios. Currently, our toolset for planning and sizing your mail routing environments do not cover these more complex scenarios.

If you think about a typical hybrid deployment, on day one there are essentially no mailboxes in the cloud. Therefore, you most likely have an environment that can handle all of the current on-premises workflow. Then as you move mailboxes to Exchange Online the load on the on-premises servers reduces since much of the client connectivity and mail flow tasks are now handed off to Exchange Online. The minor amount of processing power that is needed on-premises for things like cross premises free busy for an Exchange Online mailbox after it is moved will not come close to the demands of an on-premises mailbox, for example.

Should we have a hybrid specific URL?

We have seen deployments where a decision is made to keep the existing Mail.Contoso.com and Autodiscover.Contoso.com pointing to a bank of Exchange 2010 servers and have a new hybrid URL, such as hybrid.Contoso.com, pointing to a couple of Exchange 2013 servers. This is an example of an environment that did not introduce Exchange 2013 in a recommended way. Let’s forget about hybrid for a second. When you introduce Exchange 2013 into an environment you should configure coexistence in a supported way. This means that you install enough Exchange 2013 servers to handle the proxy load for all on-premises mailboxes and point the external URL to the latest version of Exchange in the site. Again, deploy the latest version properly before you enter a hybrid configuration.

Keep Exchange up to date

The Cumulative Update (CU), Rollup, and Service Packs you have running on the on-premises server should also not be overlooked. Under normal circumstances we support you being no more than two updates behind the currently released update for Exchange; however, for hybrid environments, we are stricter and you should not be more than one build behind. If the latest update is Exchange 2013 CU9, then you must have either Exchange 2013 CU9 or CU8 to be considered in a supported state. We are stricter with our hybrid requirements because of how tightly the on-premises and Exchange Online environments will be coupled together. For more information on our available updates please go here.

Some might ask: “Can I keep just my hybrid server up to date?” The answer: there is no such thing as a “hybrid server.” (More on that in a minute.) What this question is really asking is: “Can I just update the server were I plan to run the Hybrid Configuration Wizard (HCW) from?” The answer to that is “No.” As we move through this post, you will see how entering into a hybrid world means most of your servers are playing a part and communicating cross premises. In order for you to have a seamless experience and be supported, you need your whole environment to be up-to-date, not just a specific server or two.

If you have a healthy updated on-premises configuration, you will have a proper foundation for introducing a Hybrid configuration into your messaging environment in a supported and optimal way.

There is no such thing as a ‘hybrid server’

We often hear people say “I am going to deploy a hybrid server,” thinking they will designate specific three or four servers as “hybrid servers.” However, they fail to realize that hybrid is a set of organization-wide configurations and the server where the HCW is run from is just there to initiate these configurations.

To explain this, let’s briefly cover a free/busy scenario. When an on-premises user creates a meeting request and looks up a cloud user’s free/busy information, the request will go to the EWS URL returned from Autodiscover (step 1 below) and that server will facilitate the request by initiating the Availability service to talk to the O365 service (step 2 below). At this point, that could be ANY server in the environment. This means that when you configure hybrid, all 2010 CAS, 2013 Mailbox, and 2016 servers (when this will be supported) in the environment could be facilitating a federated free/busy request. There is no reasonable way to direct outbound federated free/busy requests to a particular set of servers.

From on-premises to EXO

Let’s look at the reverse scenario and explain what happens when a cloud user looks up an on-premises user’s free/busy information. In this scenario, the EXO server would perform an Autodiscover request to determine the on-premises EWS endpoint (step 1 below) and any server that responds to that Autodiscover.Consoto.com or Mail.Contoso.com endpoints would be responsible for facilitating the Autodiscover or free/busy request (step 2 below). The thing to keep in mind is that these are the same endpoints for all of the on-premises users for things like client connectivity, so you would not want to limit them to one or two servers in a larger environment. In short, you should deploy Exchange properly into your environment, then do your hybrid configuration.

From EXO to on-premises

Part of this confusion could be because in the HCW we ask users for CAS and Mailbox servers. The reason we ask for the CAS is so that the receive connectors on these servers can be configured. The reason we ask for the Mailbox is to ensure that we properly configure the send connectors. Selecting those servers is not selecting your “Hybrid servers” it is just for mail flow control explicitly. We do not have any concrete recommendation around which servers or how many of them should be added for mail flow purposes. There are just too many factors with mail flow such as seat count, migration schedules, geographies, etc.

Be sure to choose the correct version of Exchange

The Hybrid Configuration Wizard can be run from Exchange 2010, 2013, and soon 2016 so the question is often asked: “What version should I run the HCW from?” Let’s go through some of the decisions that will have to be made to help answer this.

Do you have Exchange 2003?

If Exchange 2003 is in your environment, then your only option for going hybrid will be to use Exchange 2010. This means that you would need to ensure that you have properly deployed and sized the Exchange 2010 environment, and then you can run the hybrid configuration process.

Is Exchange 2007 the oldest version you have deployed?

If you have Exchange 2007, and you do not already have Exchange 2010 deployed then we would recommend you properly deploy Exchange 2013, then deploy hybrid. This will give you the largest feature set, and since you have to introduce a newer version of Exchange, you should deploy a version that is supported under mainstream support.

Have you deployed Exchange 2010?

If this is the case, you need to ask yourself if Exchange 2010 fits your needs or if you need the features of Exchange 2013. Deploying hybrid with Exchange 2013 allows for features like cross-premises e-discovery, enhanced secure mail, or OAuth federation support. If these features are not important to you, then you can stick with Exchange 2010 on-premises and deploy hybrid.

In the event you want to upgrade your on-premises environment to Exchange 2013, you would need to deploy Exchange 2013 following our best practices guidance and deploy enough Exchange 2013 servers to handle all of the on-premises traffic. This includes going through the proper steps to size and deploy Exchange 2013 for your on-premises environment and following the guidance for properly setting up hybrid configuration. Often customers will use the Exchange deployment assistant two times for this. First time to introduce Exchange 2013 into the Exchange 2010 environment and the second time to introduce hybrid.

Is your newest deployed version Exchange 2013? Are you planning for Multi-Org hybrid?

Aside from the OAuth configuration previously mentioned, Multi-Org hybrid requires at least one Exchange 2013 (or later, when this is supported) server on-premises in every forest that will be entering into the multi forest hybrid configuration. HCW for Exchange 2010 does not have the proper logic to handle the naming conventions used for connectors and organization relationships. For more information on Multi-Forest hybrid go here.

A simpler story is ahead for Exchange 2016

When we release Exchange 2016 the deployment guidance for coexistence with Exchange 2013 will be a lot simpler than in the past. You will no longer have to move your URL’s to the newest version of Exchange, and instead, will be able to add one or two Exchange 2016 servers to the pool of servers that respond to the Autodiscover.contoso.com and Mail.Contoso.com endpoints. This means you will not have to stand up enough servers running the latest version to handle all traffic on day one.

While this will not benefit customers that are running older versions of Exchange, customers who are upgrading from Exchange 2013 to Exchange 2016 will go through a really easy and seamless process.

In summary

Taking a bit of time to cleanup your current infrastructure and understand your options for your hybrid deployment can save you a lot of time and aggravation later.

Lou Mandich, Scott Roberts, Ross Smith IV, Scott Landry, Timothy Heeney

from Exchange News Full Article

Friday, August 14, 2015

The EXPTA {blog}: Exchange 2013 Migration Batch Completes Successfully, But Mailbox is Not Moved

"Successful" Migration Batch Notification

Migration Batch Validation Warnings

Whoever wrote that error message deserves a raise. MUCH better than the "Error code 2" I'm used to getting.

This mailbox has been "migrating" for over two years!

So, I removed the migration user using the Remove-MigrationUser cmdlet. I needed to use the -Force parameter since the move request no longer exists.

Remove-MigrationUser clears the way to re-run the migration

from Exchange News Full Article

Blankman Blog: Office 365 users cannot see on-premises free/busy

Issue

My Customer introduced an Exchange 2013 server into the Exchange 2010 based organisation, however found that Inbound Free/Busy tests failed using Office 365 based OWA.

The W3SVC IIS logs revealed the following error – the line has been shortened for clarity

POST /autodiscover/http://ift.tt/1gHVH8T & ASAutoDiscover/CrossForest/EmailDomain//15.01.0225.018 – 500 0 0 124

Cause

After re-testing, the issue was found to have been resolved.

Tags: #IAMMEC, ignite, office 365

from Exchange News Full Article

Blankman Blog: Office 365 users cannot see on-premises free/busy

Issue

My Customer introduced an Exchange 2013 server into the Exchange 2010 based organisation, however found that Inbound Free/Busy tests failed using Office 365 based OWA.

The W3SVC IIS logs revealed the following error – the line has been shortened for clarity

POST /autodiscover/http://ift.tt/1gHVH8T & ASAutoDiscover/CrossForest/EmailDomain//15.01.0225.018 – 500 0 0 124

Cause

After re-testing, the issue was found to have been resolved.

Tags: #IAMMEC, ignite, office 365

from Exchange News Full Article

Blankman Blog: Exchange 2013 Hybrid Wizard–Empty Certificate Dropdown

When Running the Hybrid mode wizard in Exchange 2013, occasionally you’ll find that the certificate dropdown selector within the wizard is empty, even though you’ve confirmed that

the certificate is a valid third party certificate
services have been assigned to the same certificate in Exchange

with a screen which looks as follows:

We can confirm the certificate validity via PowerShell using

Get-ExchangeCertificate

We will be using the Set-HybridMode cmdlet to force the certificate selection. First we’ll examine the certificate for the the Issuer and Subject attributes as follows

then we’ll combine those into the required sting and set it using the Set-HybridMode cmdlet

We can see the successful population of the Hybrid mode object using the Get-HybridConfiguration cmdlet

Tags: #IAMMEC, ignite, Office365

from Exchange News Full Article

Blankman Blog: Exchange 2013 Hybrid Wizard–Empty Certificate Dropdown

When Running the Hybrid mode wizard in Exchange 2013, occasionally you’ll find that the certificate dropdown selector within the wizard is empty, even though you’ve confirmed that

the certificate is a valid third party certificate
services have been assigned to the same certificate in Exchange

with a screen which looks as follows:

We can confirm the certificate validity via PowerShell using

Get-ExchangeCertificate

We will be using the Set-HybridMode cmdlet to force the certificate selection. First we’ll examine the certificate for the the Issuer and Subject attributes as follows

then we’ll combine those into the required sting and set it using the Set-HybridMode cmdlet

We can see the successful population of the Hybrid mode object using the Get-HybridConfiguration cmdlet

Tags: #IAMMEC, ignite, Office365

from Exchange News Full Article

The EXPTA {blog}: Fix for Server Manager Error: "Online - Cannot get performance counter data"

Open an elevated CMD prompt to C:\Windows
Run lodctr /R to rebuild the perf registry strings and info from scratch based on the current registry settings and backup INI files. If this works, you're done. In my case, it resulted with the error, "Error: Unable to rebuild performance counter setting from system backup store, error code is 2." Very helpful. :-|
Change to the C:\Windows\SysWOW64 folder and run lodctr /R again. This time I got "Info: Successfully rebuilt performance counter setting from system backup store"
Run winmgmt /resyncperf to register the system performance libraries with WMI and then refresh Server Manager to see that the problem is resolved.

One of the reasons I run this blog is to maintain a memory of esoteric things like this. I doubt I'll ever see it again.

from Exchange News Full Article

MSExchange.org: Deploying an Exchange 2013 Hybrid Lab Environment in Windows Azure (Part 32)

In this article we will take a look at the client experience, when a mailbox has been moved from an on-premises Exchange environment to Exchange Online.

from Exchange News Full Article

msexchange.org: Hybrid deployment best practices

Exchange Team Blog: Hybrid deployment best practices

* As of this writing, Exchange 2016 is in Preview. It is not meant for production use. You would never install that in your production environments… right?

Ensure your on-premises Exchange Deployment is healthy

Should we have a hybrid specific URL?

Keep Exchange up to date

If you have a healthy updated on-premises configuration, you will have a proper foundation for introducing a Hybrid configuration into your messaging environment in a supported and optimal way.

There is no such thing as a ‘hybrid server’

From on-premises to EXO

From EXO to on-premises

Be sure to choose the correct version of Exchange

Do you have Exchange 2003?

Is Exchange 2007 the oldest version you have deployed?

Have you deployed Exchange 2010?

Is your newest deployed version Exchange 2013? Are you planning for Multi-Org hybrid?

A simpler story is ahead for Exchange 2016

While this will not benefit customers that are running older versions of Exchange, customers who are upgrading from Exchange 2013 to Exchange 2016 will go through a really easy and seamless process.

In summary

Taking a bit of time to cleanup your current infrastructure and understand your options for your hybrid deployment can save you a lot of time and aggravation later.

Lou Mandich, Scott Roberts, Ross Smith IV, Scott Landry, Timothy Heeney

from Exchange News Full Article