Posted by Ståle Hansen on 13/01/2010
In Exchange 2010 you need to set the internal URL for various services on the Client Access Server. Outlook 2007 uses autodiscover internally to connect to the exchange server. If internal URL is configured wrong you could get certificate errors when logging on to Outlook as well as errors when using other services internally.
This script may come in handy in the following scenarios
- Initial configuration
- Expansion in the infrastructure with load balanced CAS
- Change in internal FQDN if you change certificate name
- Change from https to http
- When you have a total disaster on site 1 and need to fail over to a second site with a passive DAG server that holds all server roles
It is a very simple script, if you have some advice to make the script better I would be happy if you let me know. The script does the following:
- The server path is specified with a prompt
- The script is set up with “-identity *” if you have more than one instance you need to specify wich instance you want to configure
- The url is generated using the variable and the default location of the services
- After configuring the URL’s the scritp lists all changes so its easy to doublecheck the configuration
- The UM role is excluded because it is not supported to be hosted on the same server as CAS
To run the script do the following:
- Copy this into a txt file and rename it to a ps1 file
- Open powershell and navigate to the location where the file is saved
- Use tab in powershell to get the correct run syntax
- Run it and type the correct FQDN like this when prompted: https://yourcasserver.domain.local
#InternalURL.ps1
$urlpath = Read-Host "Type internal Client Access FQDN starting with http:// or https://"
Set-AutodiscoverVirtualDirectory -Identity * –internalurl “$urlpath/autodiscover/autodiscover.xml”
Set-ClientAccessServer –Identity * –AutodiscoverServiceInternalUri “$urlpath/autodiscover/autodiscover.xml”
Set-webservicesvirtualdirectory –Identity * –internalurl “$urlpath/ews/exchange.asmx”
Set-oabvirtualdirectory –Identity * –internalurl “$urlpath/oab”
Set-owavirtualdirectory –Identity * –internalurl “$urlpath/owa”
Set-ecpvirtualdirectory –Identity * –internalurl “$urlpath/ecp”
Set-ActiveSyncVirtualDirectory -Identity * -InternalUrl "$urlpath/Microsoft-Server-ActiveSync"
#get commands to to doublecheck the config
get-AutodiscoverVirtualDirectory | ft identity,internalurl
get-ClientAccessServer | ft identity,AutodiscoverServiceInternalUri
get-webservicesvirtualdirectory | ft identity,internalurl
get-oabvirtualdirectory | ft identity,internalurl
get-owavirtualdirectory | ft identity,internalurl
get-ecpvirtualdirectory | ft identity,internalurl
get-ActiveSyncVirtualDirectory | ft identity,internalurl
Posted in Exchange 2010 | Tagged: Autodiscover, Exchange 2010, InternalUrl, PowerShell | 1 Comment »
Posted by Ståle Hansen on 07/12/2009
Any Post starting with this disclaimer means that this post was not written by me however I liked it and added it to my blog. I will also include the link to the original or similar post to provide credit to the original author
http://www.howexchangeworks.com/2009/11/finding-users-who-have-out-of-office.html
It might come in handy if you know how to get a list of users who have out of office message turned on. Exchange 2010 shell gives you that ability now. You can even change the message, set the audience (internal or external), turn it off etc with the shell.
- To get a list of users who have out of office scheduled, run the following command.
- Get-Mailbox | Get-MailboxAutoReplyConfiguration | Where-Object { $_.AutoReplyState –eq “scheduled” }
- The above command gives you much more than you need, including the actual message, start time, end time etc.
- If you are only interested in the list of users, run
- Get-Mailbox | Get-MailboxAutoReplyConfiguration | Where-Object { $_.AutoReplyState –eq “scheduled” } | fl identity
- If you want to get the settings for a particular user (for example Rajith), run
- Get-MailboxAutoReplyConfiguration –identity rajith
- You can also change the out of office settings for a particular user with the Set-MailboxAutoReplyConfiguration cmdlet.
- For example, to turn off the out of office for the user account “Rajith”, run
- Set-MailboxAutoReplyConfiguration –identity “Rajith” –AutoreplyState disabled
- Similarly, if you want to extend the out of office message for a user (change the end time), run
- Set-MailboxAutoReplyConfiguration –identity “Rajith” –EndTime 01/12/2009 17:00:00
- You can change the actual out of office message (internal and external) by running
- Set-MailboxAutoReplyConfiguration –identity “Rajith” –InternalMessage “I won’t be around today guys” –ExternalMessage “I am out of the office today”
NOTE: This cmdlets will only work in Exchange 2010 Shell
Posted in Exchange 2010 | Tagged: AutoReplyState –eq “scheduled”, Exchange 2010, Get-MailboxAutoReplyConfiguration | Leave a Comment »
Posted by Ståle Hansen on 07/12/2009
Any Post starting with this disclaimer means that this post was not written by me however I liked it and added it to my blog. I will also include the link to the original or similar post to provide credit to the original author
http://chrislehr.com/2009/11/implementing-integrated-ocs-in-owa-2010.htm
This entry is to show you how to integrate OCS 2007 R2 into your Exchange 2010 OWA experience. This is based on the following Technet article:
http://technet.microsoft.com/en-us/library/ee633458%28EXCHG.140%29.aspx
First, download and extract OCS 2007 R2 Web Trust Tool from http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=ca107ab1-63c8-4c6a-816d-17961393d2b8 Running and installing this will only extract these additional files. Each of these will need to be installed on each CAS server in your environment that you are enabling OCS Messaging on. Remember, there is no right click run as Administrator for MSI’s – so run from an elevated command prompt if needed!
- Install the vc_redistx64
- Install UCMAredist.msi
- Install CWAOWASSP.msi
On your Exchange 2010 CAS server(s), edit c:\program files\Microsoft\Exchange\V14\ClientAccess\Owa\web.config – look for the IMPoolName field. Update the webconfig file as follows:
| Field |
Insert Value From |
Example |
| IMPoolName |
FQDN of OCS R2 Pool |
ocsr2pool.domain.local |
| IMCertificateIssuer |
DN of Issuer |
CN=DigiCert Global CA, OU=http://www.digicert.com/, O=DigiCert Inc,C=US |
| IMCertificateserialNumber |
Serial Number |
01 F9 4E 46 AA 3C 4C 9E BD 8F 2C(include spaces between octets!) |
Look for this:
And based on this (where thumbprint is the certificate your CAS server uses for IIS)
Get-ExchangeCertificate -Thumbprint BJBHDS78FG6D8GFYH49SDF34TH9 ft Issuer,SerialNumber,subject
Change to this:
The “subject” gives us the common name that we use in a bit to configure OCS.
Additionally, if your Issuer has funky characters, you need to replace them as they will break your web.config file, causing generic IIS errors. Just removing those characters will make for application event log errors that the certificate was not found in your certificate store.
Since the web.config is an XML file, and you need to use XML character special escapes
| entity |
character |
meaning |
" |
“ |
(double) quotation mark |
& |
& |
ampersand |
' |
‘ |
apostrophe (= apostrophe-quote |
< |
< |
less-than sign |
> |
> |
greater-than sign |
So if your SSL provider’s issuer field causes you a problem here, this should help you work around it.
In Powershell, configure OCS:
- Get-OWAVirtualDirectory -server SERVER set-owaVirtualDirectory -InstantMessagingType 1
- (The above line *did* say -InstantMessagingType OCS, but RTM documentation says 1 for OCS – thanks to Brian Day for this!)
- Restart IIS (IISreset is fine)
On your OCS R2 Pool server configure authorized host
- under the server properties of your pool
- on the Hosts Authorization tab
- you need to add the Client Access server
- This can be FQDN or IP.
- If you use FQDN, OCS will additionally authenticate the FQDN against the certificate names – the FQDN here has to match the “subject” we found above
- NOTE: Not the whole string, just the FQDN common name given in the subject
- Additionally, you can choose to use FQDN and then use a hosts file to ensure that OCS is communicating with the correct server/IP.
Now I am able to log into OWA 2010 and get the light CWA client as well:
Upper right allows me to see and update my presence, as well as see how many IM conversations I have active and switch between them as well.
Labels:
Posted in Exchange 2010, OCS 2007 | Tagged: Client Access Role, Exchange 2010, OCS 2007 R2 | 1 Comment »
Posted by Ståle Hansen on 06/12/2009
The Exchange Team has written several blogs about how to transition the Client Access server to Exchange 2010.
The first blog titled Transitioning Client Access to Exchange Server 2010 and can be found here: http://msexchangeteam.com/archive/2009/11/20/453272.aspx
To sum it up you must transition the “Internet Facing AD Site” associated with your external Autodiscover record, then regional Internet facing AD Sites, and then transition your internal Active Directory sites. It is not supported to transition an internal Active Directory site before all your Internet-accessible sites have been transitioned.
The second blog titled Upgrading Outlook Web App to Exchange 2010 and can be found here: http://msexchangeteam.com/archive/2009/12/02/453367.aspx
It discusses how Outlook Web App will function in an Exchange 2003 or 2007 environment that has Exchange 2010 deployed for the end users. Essentially, Exchange 2010 CAS does not support rendering mailbox data from legacy versions of Exchange. Exchange 2010 CAS does one of four scenarios depending on the target mailbox’s version and/or location:
- If the Exchange 2007 mailbox is in the same AD Site as CAS2010, CAS2010 will silently redirect the session to the Exchange 2007 CAS.
- If the Exchange 2007 mailbox is in another Internet facing AD Site, CAS2010 will manually redirect the user to the Exchange 2007 CAS.
- If the Exchange 2007 mailbox is in a non-Internet facing AD site, CAS2010 will proxy the connection to the Exchange 2007 CAS.
- If the mailbox is Exchange 2003, CAS2010 will silently redirect the session to a pre-defined URL.
Note: For the purposes of this discussion it is assumed you are utilizing Forms Based Authentication for Outlook Web App authentication.
The third blog titled Upgrading Exchange ActiveSync to Exchange 2010 and can be found here: http://msexchangeteam.com/archive/2009/12/08/453472.aspx
The blog discusses how Exchange ActiveSync will function in an Exchange 2003 or 2007 environment that has Exchange 2010 deployed. Some may have environments that have Internet facing AD sites and non-Internet facing AD sites. As part of our upgrade process, you will be following a model where:
- Ensure all legacy Exchange 2003 servers are at latest Service Pack level
- Deploy Exchange 2010 CAS, Hub Transport, and Mailbox in the “Internet Facing AD Site”
- Have legacy Exchange servers in the “Non-Internet facing AD site” (if they exist)
The simple version is that if configured correctly Exchange 2010 will proxy for the legacy server like this
- Exchange CAS2010 will authenticate the user
- Determine the mailbox version to be legacy Exchange (2003/2007)
- Look up legacy server FQDN on AD
- The legacy server will authenticate the user again and will provide the rendered data back to the CAS2010 server
- CAS2010 will expose the data to the end user
Posted in Exchange 2010 | Tagged: Exchange 2010, Exchange 2010 coexistence, how to migrate cas to Exchange 2010 | Leave a Comment »
Posted by Ståle Hansen on 08/11/2009
On several OCS 2007 Enterprise installations this patch was not that easy to install when you are using SQL 2008 backend database. Here’s what I had to do to install this patch
To apply the hotifx, you must have the following software installed.
- OCS administration tools
- MS SQL Native Client
- If you decide to install SQL 2008 Client Tools, SQL 2005 Service Pack 2 (SP2) Backward Compatibility must also be installed.
- To install the SQL 2005 Service Pack 2 (SP2) Backward Compatibility you need to download and install
- Microsoft SQL Server 2005 Management Objects Collection
- Microsoft SQL Server 2005 Backward Compatibility Components
- Finally run the patch with the following command when on a OCS Enterprise deployment
- OCS2009-DBUpgrade.msi POOLNAME=poolname
If the installation failes check Scott Oseychik’s post about SQL won’t allow update here: http://blogs.msdn.com/scottos/archive/2009/08/21/installation-of-ocs-2007-r2-hotfix-package-969834-may-fail-if-sql-settings-have-been-changed.aspx
View the full technical article here: http://support.microsoft.com/kb/969834
Posted in OCS 2007 | Tagged: OCS 2007 R2, OCS2009-DBUpgrade.msi, SQL 2005 Service Pack 2 (SP2) Backward Compatibility, SQL 2008 backend | Leave a Comment »
Posted by Ståle Hansen on 08/11/2009
MVP Lee Desmond posted a great post about the November updates for Office Communications Server 2007 R2. Check it out here: http://www.leedesmond.com/weblog/?p=607
Check out the latest Nov 2009 updates released for the different Office Communications Server 2007 R2 server roles as described in KB968802. This applies to both the Standard and Enterprise Editions.
A very important and welcome addition to assist the patch management process is the “Cumulative Server Update Installer” (ServerUpdateInstaller.exe) delivered as part of this release. Instead of having to determine and manually applying the relevant patches to the various R2 server roles, this tool relieves the administrator from those tedious chores by applying all updates for the appropriate server role in just one click. You can also use this tool on the command line with the switches /silent, /forcereboot and /extractall.
If not already present, you shoud also apply the update* for the Office Communications Server 2007 R2 Back-end Database (KB969834).
Download for the updates (.msp), executable (.exe) and installer (.msi) can be obtained here.
Here is a good guide on how to install the updates: http://blogs.technet.com/ucspotting/archive/2009/11/26/3296447.aspx
Posted in OCS 2007 | Tagged: hotfix, lcs, MOC, OCS 2007 R2, patch, rollup package, update | Leave a Comment »
Posted by Ståle Hansen on 04/11/2009
The Migrate to Microsoft Online Services white paper guides you through the process of migrating your current e-mail environment to Microsoft Exchange Online by:
- Describing supported coexistence scenarios
- Describing the supported migration scenarios
- Guiding you through a detailed information-gathering and planning process to help you prepare for a successful migration
- Providing detailed step-by-step instructions for each of the supported migration scenarios
Posted in Exchange 2010 | Tagged: Exchange Online Services | Leave a Comment »
Posted by Ståle Hansen on 30/10/2009
Commands to install the necessary prerequisites for Exchange 2010 on Windows Server 2008 R2
Before you begin, prepare your environment
- Make sure that the functional level of your forest is at least Windows Server 2003
- Also make sure that the Schema Master is running Windows Server 2003 with Service Pack 1 or later
- If Database Availability Groups (DAG) is going to be used install Server 2008 R2 Enterprise Edition
- Exchange 2010 Standard Edition supports DAG with up to 5 databases
- Exchange 2010 Enterprise Edition supports up to 100 databases per server
- You can install all server roles on the same server when using DAG
- But then you need a hardware load balancer for redundant CAS and HUB due to a Windows limitation preventing you from using Windows NLB and Clustering Services on the same Windows box
- Two node DAG requires a witness that is not on a server within the DAG
- Exchange 2010 automatically takes care of FSW creation; though you do have to specify the location of the FSW
- It is recommended to specify the FSW to be created on a Hub Transport Server
- Alternatively, you can put the witness on a non-Exchange Server after some prerequisites have been completed
- You can follow these steps to get your member server to act as FSW
- add the “Exchange Trusted Subsystem” group to our Local Administrators Group on that member server
- On servers that will host the Hub Transport or Mailbox server role, install the Microsoft Filter Pack. For details, see 2007 Office System Converter: Microsoft Filter Pack (this allows office attachments content to be searched and indexed)
- Set Pagefile size, RAM + 10MB (for systems with 8 GB of RAM or less, set pagefile to RAM * 1,5)
- Disable IPv6 by running this fix
- Run Windows Update untill all updates are installed
Install the Windows Server 2008 R2 operating system prerequisites
- Open powershell and run the following command
- Import-Module ServerManager
- For a server that will have the typical installation of Client Access, Hub Transport, and the Mailbox roles:
- Add-WindowsFeature NET-Framework,RSAT-ADDS,Web-Server,Web-Basic-Auth,Web-Windows-Auth,Web-Metabase,Web-Net-Ext,Web-Lgcy-Mgmt-Console,WAS-Process-Model,RSAT-Web-Server,Web-ISAPI-Ext,Web-Digest-Auth,Web-Dyn-Compression,NET-HTTP-Activation,RPC-Over-HTTP-Proxy -Restart
- For a server that will host the Client Access and Hub Transport server roles:
- Add-WindowsFeature NET-Framework,RSAT-ADDS,Web-Server,Web-Basic-Auth,Web-Windows-Auth,Web-Metabase,Web-Net-Ext,Web-Lgcy-Mgmt-Console,WAS-Process-Model,RSAT-Web-Server,Web-ISAPI-Ext,Web-Digest-Auth,Web-Dyn-Compression,NET-HTTP-Activation,RPC-Over-HTTP-Proxy -Restart
- For a server that will host only the Mailbox role:
- Add-WindowsFeature NET-Framework,RSAT-ADDS,Web-Server,Web-Basic-Auth,Web-Windows-Auth,Web-Metabase,Web-Net-Ext,Web-Lgcy-Mgmt-Console,WAS-Process-Model,RSAT-Web-Server -Restart
- For a server that will host only the Unified Messaging role:
- Add-WindowsFeature NET-Framework,RSAT-ADDS,Web-Server,Web-Basic-Auth,Web-Windows-Auth,Web-Metabase,Web-Net-Ext,Web-Lgcy-Mgmt-Console,WAS-Process-Model,RSAT-Web-Server,Desktop-Experience -Restart
- For a server that will host the Edge Transport role:
- Add-WindowsFeature NET-Framework,RSAT-ADDS,ADLDS -Restart
- After the system has restarted, configure the Net.Tcp Port Sharing Service for Automatic startup by running the following command:
- Set-Service NetTcpPortSharing -StartupType Automatic
NOTE: You can also install the above features using xml scripts found in a scripts catalogue on the Exchange media. You still need to manually configure Net.Tcp Port Sharing Service for Automatic startup though. There is one script for every role. Thanks goes to Alex Lewis for the tip: http://www.networkworld.com/community/node/46829
For more information see Technet article http://technet.microsoft.com/en-us/library/bb691354(EXCHG.140).aspx
Also check out Chris and Robin’s Technology blog http://chrislehr.com/2009/10/installing-exchange-2010-quickly-using.htm
You should also check out MVP Elan Shudnows blog for how to install Exchange 2010 with DAG: http://www.shudnow.net/2009/10/29/exchange-2010-rtm-dag-using-server-2008-r2-%E2%80%93-part-1/
Posted in Exchange 2010 | Tagged: Exchange 2010, Prerequisites, Server 2008 R2 | Leave a Comment »
Posted by Ståle Hansen on 28/10/2009
Doug over at DMTF has written an excellent article about what do for OCS single sign on when internal domain and sip domain does not match. When split brain DNS is no option you can create two dns zones for the SRV records only. Here is an excerpt from his blog. View the full blog post here: http://blogs.technet.com/dougl/archive/2009/06/12/communicator-automatic-configuration-and-split-brain-dns.aspx
To implement this for Contoso, we would create a zone “_sipinternaltls._tcp.contoso.com” and zone “sip.contoso.com.” Notice that these are two zones – not two records in one “contoso.com” zone. A zone is a name resolution boundary in the hierarchical DNS namespace. By configuring the internal DNS server to be authoritative only for these two names, clients will continue resolving other names in the contoso.com domain as they always have.
Coincidentally, over on his blog, Geoff Clark has just suggested the same thing. He describes the problem and suggests the same solution but shows a method of creating the zone on a Windows DNS server via the DNS management console. Unfortunately, there is a limitation in the management console that is not present in the underlying Windows DNS implementation. This limitation required Geoff to create the zone as “_tcp.contoso.com” when what we would really like is a zone named “_sipinternaltls._tcp.contoso.com.”
This limitation in the user interface can be resolved by creating the zones and the records using the Dnscmd command line tool. For Contoso, here are the required commands:
dnscmd . /zoneadd _sipinternaltls._tcp.contoso.com. /dsprimary
dnscmd . /recordadd _sipinternaltls._tcp.contoso.com. @ SRV 0 0 5061 sip.contoso.com.
dnscmd . /zoneadd sip.contoso.com. /dsprimary
dnscmd . /recordadd sip.contoso.com. @ A 172.16.45.12
Of course, you’ll need to make the appropriate changes for your environment. If you are not running the command on your Windows DNS server, you will need to replace the first dot with your server name. You may also prefer a different zone type than “dsprimary.” If so, change the zoneadd commands appropriately. I doubt that your pool’s IP address is the same as my example but, if you have followed me this far, you already know what to change there.
Posted in OCS 2007 | Tagged: OCS 2007 R2, Split Brain DNS | Leave a Comment »
