Posted by Ståle Hansen on 12/11/2011
Microsoft Lync and Microsoft Exchange consultants from Atea are in big demand these days and we need to add more skillful hands. In Norway Atea seeks consultants, architects and advisors that want to work with Lync and Exchange in the Oslo area, Drammen area and Bodø area
Why work with Lync and Exchange in Atea?
- Atea strive to always deliver best practice deployments
- There are about thirty active consultants with Lync and Exchange as their primary focus placed all over the country
- Some of the consultants have worked with Microsoft UC as their primary focus since Live Communications Server 2005
- We have an active internal community that share knowledge internally using SharePoint 2010 and strive to help each other as best we can
- Atea encourage consultants to be active within the global Microsoft community through forums, blogging, presenting and user groups
Who should apply?
- You want to deep dive and focus on becoming a valuable resource within Lync and Exchange
- You are always looking for new challenges and want to work with a variety of deployments from simple to complex
- You want to learn from some of the best Lync consultants in Norway
- You aim for Certified Master within Lync or Exchange
- You are familiar with PowerShell scripting
Where to apply?
Why is Atea the best UC team in Norway?
Posted in UCC | Tagged: Exchange 2010, Lync Server 2010 | Leave a Comment »
Posted by Ståle Hansen on 30/09/2011
Back in july 2010 I created a script to set the default AccessRight to Reviewer for Exchange 2010. This was a new feature for Exchange 2010 that we could use the command Set-MailboxFoldersPermission to change AccessRights on specific folders on the server level. As the calendar is a folder we now could do this organization wide using PowerShell.
The reason for creating this script is when migrating customers in Norway most of them want to allow everyone to use side by side calendaring in Outlook and Oulook Web App. In Exchange 2003/2007 we needed to instruct users how to set Default to Reviewer. This script sets it for all users. The script works for both Exchange Online and Exchange Server 2010. For Exchange 2007 check out this post on how to do it: http://exchangeshare.wordpress.com/2008/05/27/faq-give-calendar-read-permission-on-all-mailboxes-pfdavadmin/
Get the script here: http://msunified.net/exchange-downloads/script-set-calendarpermissions-ps1/
What the script does
As the picture shows you get three menu items.
- Will set the permission on all users and resources
- Will set the permission on all users and reources created the last 30 days
- Will give a user you specify Editor access to a mailbox you specify
- This is good for switchboard or secretary functions
How to run the script against an Exchange Online environment
- Connect to Exchange Online through PowerShell Remoting
$cred = Get-Credential
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell -Credential $cred -Authentication Basic -AllowRedirection
- Set Execution Policy to unrestricted
- Run the script by copying the script, saving it as a ps1 file, navigate to it in PowerShell and start typing set-Cal and hit TAB to use TAB completion
Administering Microsoft Office 365 using Windows PowerShell: http://blog.powershell.no/2011/05/09/administering-microsoft-office-365-using-windows-powershell/
Posted in Exchange 2010, Office 365 | Tagged: Exchange 2010, Exchange Online, Office 365, PowerShell | 2 Comments »
Posted by Ståle Hansen on 22/11/2010
UPDATE: This blog post has moved to the TechNet Wiki for open editing: http://social.technet.microsoft.com/wiki/contents/articles/10119.wiki-lync-server-2010-features-and-how-to-configure-them.aspx
Now that Lync has gone RTM and Virtual Launch is done we need to get down to business and deploy Lync to the general masses. During the time of Beta, RC and early RTM a lot of great blog articles were published about features and how to configure them. I wanted to collect the posts I find interesting here so I have them all in one place when I deploy Lync Server to my customers. I will update this article with new posts as I find them or when they get published.
Last updated: 16.10.2011
- Lync Server 2010 Deployment
- Exchange 2010 integration
- Lync 2010 Client
- Lync Phone Edition
- The Addressbook in Lync Server 2010
- Lync 2010 Networking
- SQL Configuration
- Mediation server
- DNS Loadbalancing
- Response Groups
- Third Party integrations
- Office 365 and UC
Posted in Lync Server 2010 | Tagged: Exchange 2010, Lync, Lync Phone Edition, Lync Server 2010, Media Bypass | 6 Comments »
Posted by Ståle Hansen on 16/11/2010
When Exchange 2010 was released in RTM it introduced a new feature called Archive Mailbox. In RTM this Archive Mailbox had to be collocated in the same database as the main mailbox of the users. In Exchange Server 2010 SP1 the Archiving Mailbox feature was updated with the ability to have the Archive Mailbox located in a different database than the main mailbox.
When designing solutions for customers on Exchange Server 2010 I often get asked why they need archiving in the first place and is Exchange 2010 archiving good enough compared to Enterprise Information Archiving solutions such as Symantec Enterprise Vault. The answer is complicated, and it depends greatly on the customer needs and their users. To answer this you need to understand what Exchange archiving really is and how it differs from Enterprise Information Archiving. to answer this we look to Gartner.
Gartner has been publishing a Magic Quadrant for E-Mail Active Archiving since 2002 featuring products that does Enterprise level archiving of emails. They now see an increase in end-user demand of same type of archiving for additional content types such as files shares, Sharepoint and IM. That is the reason for Gartner in 2010 to release a new Magic Quadrant replacing the old. They now call it Enterprise Information Archiving. Vendors featured in this version need to be able to archive e-mail, file, Sharepoint and IM. Below is the latest Magic Quadrant for Enterprise Information Archiving (EIA):
We see in this quadrant that Symantec is a leader with its Enterprise Vault product. These are the key points for the reason of why EV is in the leader quadrant
- It’s a mature product with the largest worldwide base of enterprise customers
- It archives mail, Windows file systems, Sharepoint and IM
- Virtual Vault enables users to manage and view their archive data using a familiar GUI experience
- Tight integration with is backup products
- Enterprise level E-Discovery
- Support for Exchange 2010 SP1 and Microsoft BPOS
Microsoft Exchange Server 2010 is not part of the EIA Magic Quadrant. Gartner gives the following statement about why:
“Exchange 2010 archiving is a good choice for organizations that have never implemented archiving and are struggling with rapid, unmanageable growth of historical e-mail, or are looking for organizations that are looking to replace PST files with a more efficient and secure archiving capability. Because there is no support for files or other content types beyond e-mail, Microsoft’s archiving capabilities are not rated in this Magic Quadrant for EIA”
This is the essence of the Exchange Server 2010 archiving feature, it is an online PST archive with entry level archiving features. Knowing this, it boils down to the following questions:
- When is Exchange 2010 archiving good enough?
- When does the need for Enterprise Information Archiving like Symantec Enterprise Vault arise?
Koen Vermoesen has created a feature comparison between Exchange 2010 and Enterprise Vault in this article: http://blog.koenvermoesen.be/2010/06/03/symantec-enterprise-vault-vs-microsoft-exchange-server-archiving/
The feature Comparison between Exchange 2010 SP1 and Enterprise Vault 9.0 should be a good starting point to decide what solution to choose. I have updated it with some additional information. The conclusion in the feature comparison is noteworthy.
SP1 to store primary and secondary mailboxes in separate databases
Support for E2K10 from SP1 onwards
OWA or Outlook 2010/2007 to access the archives
Additional client software required
Seamless integration, both client and server-side; pst-like
Training required for both the Administrator and the end-user
Mailbox search and conversation view work across both mailboxes
“Stubs”, Archive Explorer look “different” to the end-user
Virtual Vault looks just like a pst and mailbox search work across mailbox and Virtual Vault
Offline Archive Support
Special options like WORM, lots of choice
Gathering of PST is manual. Need to be imported using Outlook or Powershell
PST files can be added both from local computers and NFS with limited user interaction using collector tools
In place upgrades not supported, need to do swing migrations
Cannot skip major versions. Full reinstall even for SP’s
Need to pay attention to compatibility both for client and server-side software
Enterprise CAL’s (Client Access Licenses) required
Additional software to license
Possibly additional server licenses
Additional hardware, can be virtualized with less than 1000 users, or low mailflow.
Separate SQL server in large deployments
Low end alternative for pst-files for the first time ever
If you want to archive…
… for seamless PST import
… for legal reasons
… multiple targets
… to specific storage solutions
Gartner Magic Quadrant EIA october 2010: http://www.symantec.com/content/en/us/about/media/industryanalysts/Gartner_MQ_EIA_03Nov10.pdf
Posted in Exchange 2010 | Tagged: Archiving, Enterprise Vault, Exchange 2010, Gartner, Symantec | 7 Comments »
Posted by Ståle Hansen on 21/10/2010
I am proud to announce that we have solved a problem we had with Exchange UM integration with OCS 2007 R2 when the users mobile phone is the primary number.
In Norway and Scandinavia it is normal for end users to have a mobile phone as work and private phone. A lot of companies in Norway have adopted mobile phone number as their primary phone numbers and can only be reached using this types of numbers. Traditionally the operators have offered their customers net centric logic for their call handling and switchboards and using only mobile phones as terminals. Since the users use the same phone at work and privately they only have their mobile number and the numbers follow the users and not the company. When we started deploying OCS 2007 R2 for these companies they wanted the solution to be built with using mobile phone numbers as primary number when calling from Communicator. Operators in Norway such as Telenor and Netcom are therefore offering IP Trunks that can integrate with OCS 2007 R2. With these IP Trunks they can rewrite the callers number from a PSTN number to mobile phone number before the call reaches the PSTN network and by that realizing single number reach. And when the called party calls back to the mobile phone number the OCS PSTN number is called at the same time using Dual Forking provided by the operator. This is how single number reach is realized when mobile phone is the main number and it works great. The end user do not have a clue what their real number in OCS is.
If you throw Exchange UM into this mix with single number reach and mobile phone as primary number you get an issue. The integration itself works fine and as expected. The problem occurs when the users log off their computers and go to meetings, drive home or are generally not logged in. What happens is that when you are not logged in to Communicator and someone calls you. OCS will answer the call after under a second, ignoring the users call forwarding settings in Communicator, and forward it to Exchange UM resulting in users loosing the call on the mobile phone. Exchange UM therefore breaks the solution. This is by design and we have not been able to implement Exchange UM in the UC mix in these scenarios until now.
Why Exchange Unified Messaging in conjunction with OCS
So why are we so eager to implement Exchange UM in these scenarios? When using the operators own net centric voice mail features we loose some technology and integration. By default the users get an SMS telling them they have a new message, and they can call in and hear the message. A lot of users set up their voice mail settings so that it sends an email with a wav file of the message to their inbox. After listening to the wav file and archive it or delete it, they still get the sms with the unheard message and there is no integration with their inbox and that they have already possessed it. Resulting that the SMS can tell them they have several unheard messages and that not being true. That is why we want to have Exchange UM deployed to have a complete UC solution.
Exchange UM has a couple of advantages to name a few:
- Integration with Exchange inbox, messages that are heard/read from Outlook, Outlook Web App or mobile phone through ActiveSync, are also read when calling the Exchange UM service
- Call back functionality directly for outlook Web App, you can have Exchange UM call you and play the message on the phone of your choosing
- Note field integrated in Outlook and Outlook Web App, gives you the ability take notes in outlook while listening to the message, save them and have them indexed
- You can call Exchange UM and rearrange you calendar, a good thing when you are late for a meeting and in a car travelling
- Read more about the Exchange UM server role here: http://technet.microsoft.com/en-us/library/bb125141.aspx
I have spent the most part of a year to find someone to help med with this. After some research I found out that it was possible to work around this using Front End Scripts and a program to put the call on hold for a given period of time. This summer I came in touch with a Scandinavian developer company called Competella. They develop application based on the UCMA (Unified Communications Managed API) and are currently developing an switchboard attendants that integrate call control with an advanced directory search tool, access to presence, calendar, e-mail and IM. The system adds attendant call control functionality to the Microsoft OCS beyond the level found in legacy PBXs. They developed a script and a program that checks the status of the user. If the user is offline it will put the call on hold for 20 seconds before forwarding it to the Exchange UM and by that solving the problem we have with single number reach using mobile phones and Exchange UM. This also works if the user has the status “in a mobile call” set by third party programs that get free/busy status from the operators on the users mobile phones.
By using the script and program from Competella we are now able to complete our UC deployments with Exchange UM when mobile phone is the primary number in a single number reach scenario. With this we can realise enterprise voice mail for mobile phones as well as OCS/Lync.
Posted in Exchange 2010, OCS 2007 | Tagged: Exchange 2010, Exchange UM, OCS 2007 R2 | Leave a Comment »
Posted by Ståle Hansen on 09/08/2010
A critical part of an OCS deployment is SRV records for automatic sign in. It is critical that these are present and configured correct. An easy way to check them is using nslookup. Below are how to check SRV records and what SRV records need to be present.
- Open cmd
- Type: nslookup
- Type: set type=all
- Type the SRV record to list its content
For OCS 2007 R2
- Usually points to Access EDGE FQDN on port 443
- Usually points to Access EDGE FQDN on port 5061
- Usually points to Pool name with correct sip domain on port 5061
For Exchange 2007/2010
- External autodiscover
- Usually points to owa FQDN listener with NTLM negotiate on port 443
Posted in Exchange 2010, OCS 2007 | Tagged: Exchange 2007, Exchange 2010, OCS 2007 R2, SRV record | 2 Comments »
Posted by Ståle Hansen on 09/07/2010
This post is a note to self to remember this the next time I encounter a similar problem. Article first published: http://telnet25.wordpress.com/2010/02/22/an-error-caused-a-change-in-the-current-set-of-domain-controllers-it-was-running-command-get-federationtrust/
Problem: Receiving following error on Exchange 2010 server after opening EMC and expending Mailbox tab under organization configuration. An error caused a change in the current set of domain controllers. It was running command ‘Get-FederationTrust”
To be honest first thing I checked was to make sure Exchange server is able to talk to all domain controllers as its configured on its TCP/IP properties.Also as always check to see anything catches your attention under application logs. Fair enough I was able to locate the event log “2080” MsExchangeADAccess” was showing me one DC only, however the TCP/IP stack was configured to talk to secondary DC.
Make sure Exchange is able to talk to all DC’s within its “Site”. Above example the second DC was not even discovered by MSExchange AD access, due to replication problems existed among the DC’s in the site where exchange is residing. After fixing the relocation issues and restarting MSExchangeADTopology service took care of the error.
Some other people who had same error assumed to fix this issue by deleting the local profile ( corrupted profile) for the user account they logged into Exchange server. So if the above solution does not work, try this:
This error is actually a false error, and is caused by GUI caching, more specifically MMC caching. This occurs when a DC (domain controller) that is either unreachable or has changed in some way is still cached by the MMC applet. To fix this issue by removing the cache and basically resetting the MMC applet do this:
Delete this file: “c:\users\<specific user>\appdata\roaming\microsoft\mmc\Exchange Management Console“
Posted in Exchange 2010 | Tagged: Exchange 2010 | Leave a Comment »
Posted by Ståle Hansen on 09/07/2010
Lately I have seen a lot of good articles about what the new and improved features of Exchange 2010 SP1 are and also a lot about how to configure these features. This post is written while Exchange 2010 SP1 is still in Beta so the information provided may be a little off from the released version later this year. I wanted to collect the posts I find interesting here so I have them all in one place when I will deploy SP1 to my customers.
Here is the main new features in Exchange 2010 SP1 and how to configure them
- Installation of prerequisites made part of SP1 setup process
- DAG improvements
- DAC mode support for 2 node DAG’s over two datacenters and in single AD sites
- Ability to set static IP and Alternate Witness Server in EMC
- Continuous Replication – Block Mode. Each update to the log file is updated on the copy databases
- Archiving improvements
- Archives can be stored in different databases, DAG’s and servers
- Create retention policy tags for automating archiving
- Outlook 2007 can access archive mailboxes
- Import and Export of mailboxes can be done directly to pst files without the need for Outlook
- E-Discovery improvements
- Support for iCal Calendar Sharing
- Administrator Audit Logging improvements
- OWA improvements
- Ability to choose themes. Branding of OWA can be down with only one theme for the entire organization
- Delivery reports improvements
- ECP, more configuration possibilities available
- Journar rules
- Transport rules
- Manage Litigation Hold
- Public Folder permissions added to EMC
Some minor changes in how to configure some features
- Change to how static ports are assigned on a CAS server
- Reset virtual directories in EMC
- Change to how to configure OWA integration with OCS 2007 R2
You can find a longer list of new features here: http://exchangepedia.com/2010/06/released-exchange-sever-2010-sp1-beta.html
TechEd 2010 Interviews with folks from the Exchange Product group about SP1: http://blogs.msexchange.org/walther/2010/06/16/teched-2010-interviews-with-folks-from-the-exchange-product-group/
Posted in Exchange 2010 | Tagged: Exchange 2010, Exchange 2010 SP1 | 2 Comments »
Posted by Ståle Hansen on 22/06/2010
I recently integrated Exchange 2010 RTM OWA with OCS 2007 R2 for chat and presence. Having read some blog posts about how to implement the feature I decided to blog how I got this feature working based on these blogs and my own findings. I will cover the steps for both the Exchange 2010 RTM and SP1 versions since the steps are different.
- Download and install OCS 2007 R2 Web Trust Tool on the Exchange 2010 server
- Locate and install the following files in elevated mode by running cmd.exe as administrator
- If the Exchange 2010 server is running on Server 2008 R2 you also need to install the latest cumulative hotfix update for OCS 2007 R2 on the Exchange server
- Download and run ServerUpdateInstaller.exe
- Also download the latest update for UCMAredist that is not included in CU5
- Reboot the server
Configuring Exchange 2010 RTM
NOTE: The below steps need to be done on all Exchange 2010 CAS servers in you deployment
- Download and run the PowerShell Script found in the below link
- The script will not configure anything
- It takes backup of web.conf and generates the configuration you manually need to add the web.conf file
- The script makes it easy to generate the correct syntax for populating the below keys
- Navigate to the web.conf file
- C:\Program Files\Microsoft\Exchange Server\V14\ClientAccess\Owa\web.conf
- Edit the file and search for the string IMPoolName
- Replace the three “add key” strings with the ones provided with the script
- In Exchange Management Shell run the following command to configure OWA Virtual Directory
- Run IISreset in PowerShell
Configuring Exchange 2010 SP1
The Exchange 2010 SP1 guide is based on this great post written by Martin Sundström: http://msundis.wordpress.com/2010/06/21/integrate-ocs-2007-r2-with-exchange-server-2010-sp1-owa/ The configuration on Exchange is now moved from web.conf to the per server OWA Virtual Directory. I will definitely create a script automating the below process when I get more hands on :)
NOTE: The below steps need to be done on all Exchange 2010 CAS servers in you deployment
- Get the active Exchange 2010 certificate using this command in Exchange Management Shell
- Use the thumbprint and OCS pool FQDN in the command below
- Run iisreset
Configuring OCS 2007 R2
In order to allow the Exchange 2010 server to communicate with OCS using SIP containing presence and chat you need to add every Exchange 2010 CAS servers as authorized hosts on OCS.
- On your OCS R2 Pool server configure authorized host
- NOTE: Your user needs to be member of the RTCUniversalServerAdmins group
- Open Office Communications Server R2 under Administrative Tool
- Expand forest and Enterprise pool or Standard Edition Servers depending on you deployment
- Right click your pool and choose properties->Front End Properties
- On the Hosts Authorization tab
- You need to add the Client Access server FQDN and configure as the below image
- NOTE: This is the FQDN of your subject name (CN) on the certificate used on the CAS server
Troubleshooting the Installation (RTM)
Next are a few troubleshooting steps that can assist with some of the more common problems encountered with Exchange/OCS integration. I found these valid troubleshooting steps on Rand Morimoto’s post: http://www.networkworld.com/community/node/47348
Configuring the Firewall on the CAS Server
If the Client Access Server has the Windows Firewall enabled, it might need an exception to enable OCS 2007 R2 to communicate with it. To create the exception, perform the following steps:
- From the Control Panel, open Windows Firewall
- On the left side of the Windows Firewall window, click .“Allow a Program Through Windows Firewall.
- Click Add Program; then click Browse.
- Browse to C:\Windows\System32\inetsrv and select w3wp.exe.
- Click Open and then click OK twice to apply changes and close the window. Be sure to perform this step on all CAS servers with IM integration enabled.
- Before the user community can utilize the IM features, they must be “provisioned” for Office Communications Server R2 and must be enabled for Enhance Presence. When the user is initially enabled on OCS 2007 R2, he will automatically be enabled for Enhanced Presence.
- Users must also have a valid SIP proxy address for the OWA IM integration component to enable the IM Integration UI.
- When attempting to view the Instant Messaging contact list, a user might receive a notification that states
- Instant Messaging Isn’t Available Right Now. The Contact List Will Appear When the Service Becomes Available.
- If this occurs, perform the following steps:
- Using the same user account, confirm that you can access the IM services using the Office Communicator 2007 R2 client.
- If functional, confirm that the OCS Server name is properly entered in the Web.Config file of the CAS server.
- Also confirm the configuration of the Authorized Hosts option on the OCS pool contains all IM Integrated Client Access Servers.
OWA Certificate Error
If OWA cannot locate the certificate, an error stating The Local Certificate Specified Was Not Found in the Store for the Local Computer appears.
In this case, confirm that the value of the OCSCertificateIssuer and OCSCertificateSerialNumber fields in the Web.Config file are correct. Also ensure that there are blank spaces between every two characters in the serial number to separate octets in the string.
Chris and Robin’s Technology blog: http://chrislehr.com/2009/11/implementing-integrated-ocs-in-owa-2010.htm
Martin Sundström: http://msundis.wordpress.com/2010/06/21/integrate-ocs-2007-r2-with-exchange-server-2010-sp1-owa/
Rand Morimoto: http://www.networkworld.com/community/node/47348
Posted in Exchange 2010, OCS 2007 | Tagged: Exchange 2010, OCS 2007 R2, owa, OWA OCS Integration, PowerShell | 18 Comments »
Posted by Ståle Hansen on 07/05/2010
In Exchange 2010 you need to set the Internal URLs for various services on the Client Access Server. Outlook 2007/2010 uses Autodiscover to connect to the Exchange server. If the Internal URLs are configured wrong you could get certificate errors when logging on to Outlook as well as errors when using free busy and oof services internally. Also when deploying Outlook Anywhere you need to configure the External URLs correct for the same services to work.
This script may come in handy in the following scenarios:
- Initial configuration, avoid typos
- Expansion in the infrastructure with load balanced CAS
- Change in internal FQDN if you change certificate name
- When you have a total disaster on site 1 and need to fail over to a second site with a passive DAG server that holds all server roles
Please keep in mind:
- The Script is developed for Exchange 2003 coexistence and migration scenarios
- The script must not be run in an Exchange 2007 coexistence and migration scenario
- For InternalURL the script will look for a CASArray (It is recommended to create a CASArray in any scenario)
- The script assumes there is only one ADsite
About the script:
- First you will be presented with som choices on what to do
- InternalURL will autoconfigure based on CASArray
- ExternalURL will prompt for public FQDN and assume one external address
- Will use same FQDN for OWA, ActiveSync, Autodiscover and so on
- Will prompt for Exchange 2003 URL
- All configuration will output the changes made
- Added support for Exchange 2007 and Exchange 2007/2010 coexistence scenarios.
- The script will check for Exchange version before applying any settings.
- When applying Exchange 2010 Internal URL the script will match the CAS servers to the correct CASarray in the correct ADsite
- Added option for checking current configuration
- Corrected some errors on the Exchange 2007 configuration and listing of URLs
- Tested in Exchange 2007 only deployments and Exchange 2010 and 2007 coexistence deployments
The Script can be viewed and downloaded here: http://msunified.net/exchange-downloads/script-internalexternalurls-ps1/
Posted in Exchange 2010 | Tagged: Exchange 2010, ExternalURL, InternalUrl, PowerShell, Web Services | 7 Comments »