Archive for the ‘Exchange 2013’ Category

Hi folks,

with Exchange 2013 ManagedFolders are no longer supported. This feature has been replaced by RetentionTags and RetentionPolicies.
The central management of custom folders is made more diffcult. The local user can apply the RetentionPolicies manual. A workarround for centralized management is the use of Exchange Web Services.

$getRTResp=$service.GetUserRetentionPolicyTags();
foreach ($rtTagin$getRTResp.RetentionPolicyTags) {
if ($rtTag.DisplayName-eq”1 Month Delete”)
{
$NewFolder=new-objectMicrosoft.Exchange.WebServices.Data.Folder($service)
$NewFolder.DisplayName=”My New Folder12345″
$NewFolder.FolderClass=”IPF.Note”
$NewFolder.PolicyTag=New-Object
Microsoft.Exchange.WebServices.Data.PolicyTag($true,$rtTag.RetentionId)
$NewFolder.Save($folderid)
}
}

This is an example how to create a new folder and set the RetentionPolicyTag on that folder to a UserRetentionPolicyTag called “1 Month Delete”.

(Source: MSDN Blog)

Cheers,

Chris

Hi Folks,

in the last days I had massive problems setting up the replication of a database in a DAG.
While executing the command Add-Database Copy” following error message was generated:

[PS] C:\>Get-MailboxDatabase -Server AD-ex01 | Add-MailboxDatabaseCopy -MailboxServer AD-ex11 -ActivationPreference 2
The seeding operation failed. Error: An error occurred while performing the seed operation. Error: Failed to notify source server
‘AD-EX01.AD.customer.local’ about the local truncation point. Hresult: 0xc8000713. Error: Unable to find the file.
[Database: ex00-mdb001, Server: AD-EX11.AD.customer.local]
+ CategoryInfo          : InvalidOperation: (:) [Add-MailboxDatabaseCopy], SeedInProgressException
+ FullyQualifiedErrorId : [Server=AD-EX01,RequestId=2e434125-4b73-4845-b42c-218aae43caf4,TimeStamp=07.10.2014 15:37:18] [FailureCategory=Cmdlet-SeedInPr
ogressException] 92042DF7,Microsoft.Exchange.Management.SystemConfigurationTasks.AddMailboxDatabaseCopy
+ PSComputerName        : AD-ex01.AD.customer.local

After trying to enable replication by turning on / off circular logging to replicate, we opened a case at Microsoft Support.

The solution provide from Microsoft Support worked:

1. Dismount database

2. Make sure the database is in “clean shutdown” state:
ESEutil /mh X:\Databases\Database.edb

If database isn’t in clean shutdown you’ve to repair it with eseutil:
Eseutil /r E00 /d: “Database Path” /l: “Log Folder Path” /s: “Log Folder Path” /a /i
(http://technet.microsoft.com/en-us/library/aa998074(v=exchg.65).aspx)

3. Move away all data and folders within the Log Folder Path

4. Mount database

5. Update the Prior failed database copy

Update-MailboxDatabaseCopy database\AD-EX11 -DeleteExistingFiles

After this the replication worked!

Cheers, Chris

Hi Folks,

today’s challenge was to bulk set calendar rights in a multilingual environment (with powershell).
On the net you can find some articles that address similar problems, but no real solution.

Download the follwing scripts as txt here.

Here my quick an dirty script:

# Set default as LimitedDetails for all calendars.
# Will get the language forch each users calendar Folder
# TEST WITH ONE ORE MORE USERS
# foreach($mbx in Get-Mailbox -identity USER | where-object {$_.displayname -like "*test user*"})


foreach($mbx in Get-Mailbox -ResultSize Unlimited | where-object {$_.displayname -notmatch "discovery"})

{
$Calfolder = $Mbx.Name
$Calfolder += ':\'
$CalFolder += [string](Get-mailboxfolderstatistics $Mbx -folderscope calendar).Name
$mbx = $CalFolder
$test = Get-MailboxFolderPermission -Identity $mbx -erroraction silentlycontinue
if($test -ne $null)
{
Set-MailboxFolderPermission -Identity $mbx -User Default -AccessRights LimitedDetails | out-null
}
}

If you want to create all new mailboxes with special permissions you nee to configure the Cmdlet Extension Agent
To enable the agent this you have to the following steps:

  • Create an XML file named ScriptingAgentConfig.xml  and save it in your Exchange’s Default Directory on EVERY Exchange Server in your organization
    e.g. C:\Program Files\Microsoft\Exchange Server\V15\Bin\CmdletExtensionAgents

    <?xml version=”1.0″ encoding=”utf-8″ ?>
    <Configuration version=”1.0″>

    <Feature Name=”MailboxProvisioning” Cmdlets=”New-Mailbox”>
    <ApiCall Name=”OnComplete”>
    if($succeeded)
    {
    start-sleep -s 10
    $mbx =  (Get-User $provisioningHandler.UserSpecifiedParameters[“Name”]).distinguishedName
    Set-MailboxFolderPermission -Identity $mbx”:\Calendar” -User “Default” -AccessRights LimitedDetails
    }
    </ApiCall>
    </Feature>

    <Feature Name=”MailboxProvisioning” Cmdlets=”Enable-Mailbox”>
    <ApiCall Name=”OnComplete”>
    if($succeeded)
    {
    start-sleep -s 5
    $user = Get-User -Identity $provisioningHandler.UserSpecifiedParameters[“Identity”]
    $mbx = Get-Mailbox -Identity $user.DistinguishedName
    Set-MailboxFolderPermission -Identity $mbx”:\Calendar” -User “Default” -AccessRights LimitedDetails
    }
    </ApiCall>
    </Feature>

    </Configuration>

 

  • Use the Exchange Management Shell and run the following command on EVERY Exchange server in your organization:
    Enable-CmdletExtensionAgent “Scripting Agent”
  • Create new user

Cheers,

Chris

Hey folks,

in the following post I want to give you a list of alternative solutions for the safe publishing of exchange (some with pre-auth):

KEMP Edge Security Pack
http://kemptechnologies.com/de/tmg-edge-security-authentication

Barracuda ADC
https://techlib.barracuda.com/adc/msx2013deploy

CITRIX Netscaler
http://blogs.citrix.com/2013/12/19/tmg-replacement-for-exchange-2013-with-netscaler/

SOPHOS UTM
http://www.sophos.com/en-us/products/unified/utm/tmg-replacement.aspx

Microsoft WAP
http://blogs.technet.com/b/jrosen/archive/2013/12/28/setting-up-windows-application-proxy-for-exchange-2013.aspx

Cheers,

Chris

 

 

Hey Folks,

yesterday, the Exchange Team announced that  SP1 for EXCHANGE 2013 was released:

Exchange Server 2013 Service Pack 1 (SP1) is now available for download! Please make sure to read the release notesbefore installing SP1. The final build number for Exchange Server 2013 SP1 is 15.00.0847.032.

SP1 has already been deployed to thousands of production mailboxes in customer environments via the Exchange Server Technology Adoption Program (TAP). In addition to including fixes, SP1 provides enhancements to improve the Exchange 2013 experience. These include enhancements in security and compliance, architecture and administration, and user experiences. These key enhancements are introduced below.

Note: Some of the documentation referenced may not be fully available at the time of publishing of this post.

Security and Compliance

SP1 provides enhancements improving security and compliance capabilities in Exchange Server 2013. This includes improvements in the Data Loss Prevention (DLP) feature and the return of S/MIME encryption for Outlook Web App users.

  • DLP Policy Tips in Outlook Web App – DLP Policy Tips are now enabled for Outlook Web App (OWA) and OWA for Devices. These are the same Policy Tips available in Outlook 2013. DLP Policy Tips appear when a user attempts to send a message containing sensitive data that matches a DLP policy. Learn more about DLP Policy Tips.
  • DLP Document Fingerprinting – DLP policies already allow you to detect sensitive information such as financial or personal data. DLP Document Fingerprinting expands this capability to detect forms used in your organization. For example, you can create a document fingerprint based on your organization’s patent request form to identify when users are sending that form, and then use DLP actions to properly control dissemination of the content. Learn more about DLP Document Fingerprinting.
  • DLP sensitive information types for new regions – SP1 provides an expanded set of standard DLP sensitive information types covering an increased set of regions. SP1 adds region support for Poland, Finland and Taiwan. Learn more about the DLP sensitive information types available.
  • S/MIME support for OWA – SP1 also reintroduces the S/MIME feature in OWA, enabling OWA users to send and receive signed and encrypted email. Signed messages allow the recipient to verify that the message came from the specified sender and contains the only the content from the sender. This capability is supported when using OWA with Internet Explorer 9 or later. Learn more about S/MIME in Exchange 2013.

Architecture & Administration

These improvements help Exchange meet our customer requirements and stay in step with the latest platforms.

  • Windows Server 2012 R2 support – Exchange 2013 SP1 adds Windows Server 2012 R2 as a supported operating system and Active Directory environment for both domain and forest functional levels. For the complete configuration support information refer to the Exchange Server Supportability Matrix. This matrix includes details regarding Windows Server 2012 R2 support information about earlier versions of Exchange.
  • Exchange Admin Center Cmdlet Logging – The Exchange 2010 Management Console includes PowerShell cmdlet logging functionality. Listening to your feedback, we’re happy to announce that this functionality is now included in the Exchange Admin Center (EAC). The logging feature enables you to capture and review the recent (up to 500) commands executed in the EAC user interface while the logging window is open. Logging is invoked from the EAC help menu and continues logging while the logging window remains open.

image

image

  • ADFS for OWA – Also new for Outlook Web App in SP1 is claims-based authentication for organizations using Active Directory Federation Services. Learn more about the scenario.
  • Edge Transport server role – SP1 also reintroduces the Edge Transport server role. If you have deployed Exchange 2013 with a supported legacy Exchange Edge Transport role, you don’t need to upgrade. That configuration is still supported. But we do recommend that future deployments use the Exchange 2013 Edge Transport role. Learn more about Edge Transport in Exchange 2013.
  • New communication method for Exchange and Outlook – SP1 introduces a new communication method for Exchange Server and Microsoft Outlook called MAPI over HTTP(MAPI/HTTP). This communication method simplifies connectivity troubleshooting and improves the user connection experience with resuming from hibernate or switching networks. MAPI/HTTP is disabled by default, allowing you to decide when to enable it for your organization. MAPI/HTTP can be used in place of RPC/HTTP (Outlook Anywhere) for your Outlook 2013 SP1 clients while Outlook 2013 RTM and older clients continue to use RPC/HTTP. Learn more about deploying MAPI/HTTP.
  • DAGs without Cluster Administrative Access PointsWindows Server 2012 R2 introduces failover clusters that can operate without an administrative access point: no IP addresses or IP address resource, no network name resource, and no cluster name object. SP1 enables you to create a DAG without an administrative access point on Windows Server 2012 R2 from EAC or PowerShell. This is an optional DAG configuration for SP1 and requires Windows Server 2012 R2. DAGs with administrative access points continue to be supported. Learn more about creating a DAG without an administrative access point here and here.
  • SSL offloading – SP1 now supports SSL offloading, allowing you to terminate incoming SSL connections in front of your CAS servers and move the SSL workload (encryption & decryption tasks) to a load balancer device. Learn how to configure SSL offloading in Exchange 2013.

User Experience

We know the user experience is crucial to running a great messaging platform. SP1 provides continued enhancements to help your users work smarter.

  • Enhanced text editor for OWA – OWA now uses the same rich text editor as SharePoint, thereby improving the user experience, and enabling several new formatting and composition capabilities that you expect from modern Web application – more pasting options, rich previews to linked content, and the ability to create and modify tables.

image

  • Apps for Office in Compose – Mail apps are now available for use during the creation of new mail messages. This allows developers to build and users to leverage apps that can help them while they are composing mails. The compose apps leverage the Apps for Office platform and can be added via the existing Office store or corporate catalogs. Learn more about Apps for Office.

image

Upgrading to SP1/Deploying SP1

As with all cumulative updates (CUs), SP1 is a full build of Exchange, and the deployment of SP1 is just like the deployment of a cumulative update.

Active Directory Preparation

Prior to or concurrent with upgrading or deploying SP1 onto a server, you must update Active Directory. These are the required actions to perform prior to installing SP1 on a server.

1. Exchange 2013 SP1 includes schema changes. Therefore, you will need to execute the following command to apply the schema changes.

setup.exe /PrepareSchema /IAcceptExchangeServerLicenseTerms

2. Exchange 2013 SP1 includes enterprise Active Directory changes (e.g., RBAC roles have been updated to support new cmdlets and/or properties). Therefore, you will need to execute the following command.

setup.exe /PrepareAD /IAcceptExchangeServerLicenseTerms

Server Deployment

Once the above preparatory steps are completed, you can install SP1 on your servers. Of course, as always, if you don’t separately perform the above steps, they will be performed by Setup when you install your first Exchange 2013 SP1 server. If this is your first Exchange 2013 server deployment, you will need to deploy both Client Access Server and Mailbox Server roles in your organization.

If you already deployed Exchange 2013 RTM code and want to upgrade to SP1, you will run the following command from a command line.

setup.exe /m:upgrade /IAcceptExchangeServerLicenseTerms

Alternatively you can start the installation through the GUI installer.

Hybrid deployments and EOA

Customers in hybrid deployments where Exchange is deployed on-premises and in the cloud, or who are using Exchange Online Archiving (EOA) with their on-premises Exchange deployment are required to maintain currency on Cumulative Update/Service Pack releases.

Looking Ahead

Our next update for Exchange 2013 will be released as Exchange 2013 Cumulative Update 5. This CU release will continue the Exchange Server 2013 release process.

If you want to learn more about Exchange Server 2013 SP1 and have the opportunity to ask questions to the Exchange team in person, come join us at the Microsoft Exchange Conference.

(Source: http://blogs.technet.com/b/exchange/archive/2014/02/25/exchange-server-2013-service-pack-1-available.aspx )

Cheers,

Chris

Hi,

Exchange 2013 CU2  was released yesterday. Until now, no further release notes are available.

http://www.microsoft.com/en-us/download/details.aspx?id=39609

I’ll Keep you up to date.

UPDATE:

Changes in Exchange 2013 RTM CU2

In addition to bug fixes, Exchange 2013 RTM CU2 introduces enhancements in the following areas.

  • Per-server database support
  • OWA Redirection
  • High Availability
  • Managed Availability
  • Cmdlet Help
  • OWA Search Improvements
  • Malware Filter Rules

Per-Server Database Support

As mentioned previously, Exchange 2013 RTM CU2 increases the per-server database support from 50 databases to 100 databases in the Enterprise Edition of the product. Please note that this architectural change may not provide any additional scalability as CPU may be a bottleneck, thereby limiting the number of mailboxes you can deploy per-server.

As promised, the Exchange 2013 Server Role Requirements Calculator has been updated for this architectural change.

OWA Redirection

Depending on your deployment model, Exchange 2013 RTM CU1 supported the following redirection or proxy scenarios:

  1. In environments where Exchange 2013 and Exchange 2010 coexist, Exchange 2013 CAS proxies OWA requests to Exchange 2010 CAS for Exchange 2010 mailboxes.
  2. In environments where Exchange 2013 and Exchange 2007 coexist, Exchange 2013 CAS redirects the request to the Exchange 2007 CAS infrastructure’s ExternalURL. While this redirection is silent, it is not a single sign-on event.
  3. In native Exchange 2013 environments:
    1. Exchange 2013 CAS proxies the OWA request directly to the Exchange 2013 Mailbox server when in a single site.
    2. Exchange 2013 CAS proxies the OWA request directly to the Exchange 2013 Mailbox server when the Mailbox server exists in a different site and the CAS infrastructure in the target site has no ExternalURL defined.
    3. Exchange 2013 CAS proxies the OWA request directly to the Exchange 2013 Mailbox server when the Mailbox server exists in a different site and the CAS infrastructure in the target site has an ExternalURL that matches the source site’s ExternalURL.
    4. Exchange 2013 CAS redirects the OWA request to the CAS infrastructure in the target site when the target site’s ExternalURL does not match the source site’s ExternalURL. While this redirection is silent, it is not a single sign-on event.

Exchange 2013 RTM CU2 changes this behavior by providing a single sign-on experience when Forms-Based Authentication (FBA) is used on the source and destination OWA virtual directories by issuing back to the web browser a hidden FBA form with the fields populated. This hidden form contains the same information as what the user had originally submitted to the source CAS FBA page (username, password, public/private selector) as well as, a redirect to the target Exchange specific path and query string. As soon as this form is loaded it is immediately submitted to the target URL. The result is the user is automatically authenticated and can access the mailbox data.

Many of you may be familiar with this functionality in Exchange 2010 SP2. However, there are differences in the Exchange 2013 RTM CU2 implementation:

  1. Silent redirection is the default behavior in Exchange 2013, meaning that if FBA is enabled on source and target OWA virtual directories, the redirection will also be a single sign-on event.
  2. You can disable silent redirection on the source CAS via the web.config file located at <ExchangeSetupDir>\FrontEnd\HttpProxy\owa by adding the following line in the <appSettings>section:<add key=”DisableSSORedirects” value=”true” />

High Availability

Exchange 2013 RTM CU2 introduces a new service, the DAG Management Service. The DAG Management service contains non-critical code that used to reside in the Replication service. This change does not introduce any additional complexities in event reporting, either – events are written into the Application event log with the source of MSExchangeRepl and crimson channel.

Managed Availability

In addition to improvements in various probes and monitors, there have been changes to the responder throttling framework. Prior to Exchange 2013 RTM CU2, many responders were only throttled per-server (e.g., RestartService). Now, these responders are throttled per group. For example, originally RestartService was throttled based on the number of occurrences that occurred on a server; in Exchange 2013 RTM CU2, RestartService can execute every 60 minutes DAG-wide, with a maximum of 4 restarts per day DAG-wide.

RecoveryAction Enabled Per Server Per Group
Minutes Between Actions Max Allowed Per Hour Max Allowed Per Day Minutes Between Actions Max Allowed Per Day
ForceReboot True 720 N/A 1 600 4
SystemFailover True 60 N/A 1 60 4
RestartService True 60   N/A 1 60 4
ResetIISPool True 60 N/A 1 60 4
DatabaseFailover True 120 N/A 1 120 4
ComponentOffline True 60 N/A 1 60 4
ComponentOnline True 5 12 288 5 Large
MoveClusterGroup True 240 N/A 1 480 3
ResumeCatalog True 5 4 8 5 12
WatsonDump True 480 N/A 1 720 4

Cmdlet Help

Exchange 2013 RTM CU2 introduces the capability for administrators to get updates to Exchange Management Shell cmdlets without needing to deploy a new service pack or cumulative update. Administrators can launch the Exchange Management Shell and run the Update-ExchangeHelp cmdlet to update their local Shell help.

OWA Search Improvements

Previously searching for keywords within OWA did not give indications of the location of the keyword in the search result set. Exchange 2013 RTM CU2 improves OWA’s search results highlighting in three ways:

  1. Conversation items are auto-expanded that have hits in them.
  2. Whenever you search for a term and select a conversation from the result list, OWA will move the scroll position of the reading pane so that the first item part with that search term is in view.
  3. Hit navigation within a conversation – you can jump between search hits quickly using a control built into the reading pane.

Malware Filter Rules

Exchange 2013 RTM CU2 introduces the –MalwareFilterRule cmdlets. You can use the –MalwareFilterRule cmdlets to apply custom malware filter policies to specific users, groups, or domains in your organization. Custom policies always take precedence over the default company-wide policy, but you can change the priority (that is, the running order) of your custom policies.

(Source: http://blogs.technet.com/b/exchange/archive/2013/07/09/released-exchange-server-2013-rtm-cumulative-update-2.aspx )

Cheers,

Chris

If you install Exchange 2013 CU1 in an existing Exchange 2010 SP3 environment you might wonder why you will be redirected to Exchange 2010’s OWA/ECP when trying to open Exchange 2013 EAC.
In a mixed environment you have to add the Exchange client version as parameter:

https://yourEXCHANGE2013-CASServer.yourdomain.com/ecp?ExchClientVer=15

After adding this parameter you should be able to open the EAC.

Cheers, Chris