How to check SRV records for OCS and Exchange

[tweetmeme source=”stalehansen” only_single=false]A critical part of an OCS deployment is SRV records for automatic sign in. It is critical that these are present and configured correct. An easy way to check them is using nslookup. Below are how to check SRV records and what SRV records need to be present.

  1. Open cmd
  2. Type: nslookup
  3. Type: set type=all
  4. Type the SRV record to list its content

For OCS 2007 R2

  • External
    • _sip._tls.domain.com
      • Usually points to Access EDGE FQDN on port 443 
    • _sipfederationtls._tcp.domain.com
      • Usually points to Access EDGE FQDN on port 5061
  • Internal
    • _sipinternaltls._tcp.domain.com
      • Usually points to Pool name with correct sip domain on port 5061

For Exchange 2007/2010

  • External autodiscover
    • _autodiscover._tcp.domain.com
      • Usually points to owa FQDN listener with NTLM negotiate on port 443

When migrating from Exchange 2003 Outlook 2003 clients don’t see free/busy

When you are migrating users from Exchange 2003 to Exchange 2007 and 2010, users that uses Outlook 2003 stop seeing Free/Busy on the users after you turn off or remove Exchange 2003. This has happened to me on two occasions now and you also see the following Event ID:

Event ID : 8207
Category : General
Source : MSExchangeFBPublish
Type : Error
Message : Error updating public folder with free/busy information on virtual machine <Exchange2007ServerName> . The error number is 0x80004005

To resolve the situation do the following:

  • Open the Exchange Management Shell
  • Run the following command
    • get-publicfolder -Identity “\NON_IPM_SUBTREE\SCHEDULE+ FREE BUSY” -Recurse | fl name,Replicas
  • Notice that at least one of the SCHEDUE+ FREE BUSY folders is missing an Exchange 2010 or Exchange 2007 server listed as a replica. For example, the output may appear as follows:
    • Name : EX:/o=contoso/ou=First Administrative Group Replicas : {}
  • Run the following to add the Exchange 2007 server as replica for the folder
    • Set-publicfolder –identity “\NON_IPM_SUBTREE\SCHEDULE+ FREE BUSY\EX:/o=<netbios domain name>/ou=First Administrative Group” –Replicas “<exchange server>\Second Storage Group\Public Folder Database”
  • Verify that the Exchange 2007 server is added as replica

Note All users whose free/busy data is not populated must accept or decline a meeting request to populate the free/busy data.

For more information see: http://support.microsoft.com/kb/945602

Best Practices for Active Directory Schema changes

Any Post starting with this disclaimer means that this post was not written by me however I liked it and added to my blog to easily find it later. I will also include the link to the original or similar post to provide credit to the original author.

http://chrislehr.com/2009/08/best-practices-on-schema-upgrades.htm

First off, a quick review of AD schema, and what it is and the function it performs. The Schema is essentially the “database” that AD resides in, so when we say things like “extending the schema” we mean the same thing any SQL DBA would mean – we are adding additional objects attributes to AD. These new additions allow for features in products that were not previously there to store their settings in Active Directory. Some of the recent Schema extensions you will see:

  • Exchange 2007 SP2 requires schema extension.
  • Exchange 2010 requires schema extension.
  • OCS 2007 R1 or R2 require schema extension.

Additionally, while not an extension, these best practices also apply before raising your forest or domain functional levels.

Step One – Determine your Schema Master FSMO role holder

  1. On any domain controller, click Start, click Run, type Ntdsutil in the Open box, and then click OK.
  2. Type roles, and then press ENTER.
  3. Type connections, and then press ENTER.
  4. Type connect to server <servername>, where servername is the name of the server you want to use, and then press ENTER.
  5. At the server connections prompt, type q, and then press ENTER again
  6. At the FSMO maintenance prompt, type Select operation target, and then press ENTER again.
  7. At the select operation target prompt, type List roles for connected server, and then press ENTER again.
  8. This will display all 5 FSMO roles. The one that has Schema is the one we need to back up.
  9. Type q 3 times to exit the Ntdsutil prompt.

Step Two – Ensure you have your DSRM password

  1. Most of the time, even if this is known, it has not been changed in a long time and is likely due.
  2. Follow instructions to reset DSRM password from KB322672
  3. This allows your backup to be authoritatively restored in the case you need to. Without this password being correct, your backup may not be usable. 

Step Three – Take a system state backup (or two)

  1. Take an ntbackup.exe (Windows 2003) or Windows Server Backup (Windows 2008) if you are more comfortable with Microsoft restore procedures.
  2. Take another backup using whatever third party vendor product you typically use, if you are more comfortable with their restore procedures.
  3. It is recommended taking BOTH of the above for the Schema Master FSMO role holder.

While I have YET to run into any issues or problems with Schema extensions, if I ever did, I know I want a really good backup or two!

Exchange 2007 SP2 released!

This is an important milestone in preparation for Exchange 2010. You can grab it here: http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=4c4bd2a3-5e50-42b0-8bbb-2cc9afe3216a

The service pack is so large because it is the complete installation files. You can install a new server using this download only. The Exchange 2007 SP2 Build number is 8.2.176.2

Go through the Exchange 2007 Service Pack 2 Prerequisites:

  • Backup System State on the Schema master
  • Patch the Exchange server OS to the highest level
  • Extend the Schema
  • Prepare Active Directory
  • Install Windows Installer 4.5
  • Uninstall Interim Updates

See  the full details at: http://msexchangeteam.com/archive/2009/08/28/452209.aspx

Exchange 2007 SP2 is able to install in a Server 2008 R2 domain but it wont be supported to install on Windows Server 2008 R2 machine. See this post on why: http://msexchangeteam.com/archive/2009/09/21/452567.aspx

How to save your Exchange 2007 PowerShell session transcript

I was doing some troubleshooting when I came over an article for automating the process for saving your transcript in PowerShell to a file. The article can be found here : http://blogs.technet.com/benw/archive/2007/07/24/how-to-save-your-exchange-2007-powershell-session-transcript.aspx

In the article the author talks about editing the PowerShell Profile. I cant do this for every customer site I am at, so I have edited the syntax to fit my needs. If this is run after you launch PowerShell the file is saved at the root of your C drive.

CD \
$date = get-date -UFormat %y%m%d
Start-Transcript c:\$date.txt -append -noclobber

This will set the working directory to the root of the C drive (gives you more real estate to work with), defines a variable called $date, and specifies that it will get the date in the format of YearMonthDay (i.e. 090706), then tells Powershell to start the transcript, and it uses the variable we defined earlier to automatically create a new text file based on the current date.  Additionally, since the default behavior of start-transcript is to overwrite the previous file, we are telling it to append to an existing file (if present), and the -noclobber tells it to not overwrite the previous file.

Powershell does have some other options here.  The Start-Transcript command includes a -Path parameter that you can define, but it is not used here.

Scalability of Combined CAS and Hub Roles in Exchange 2007

From the White Paper: Determining the Scalability of Combined Client Access and Hub Transport Server Roles in Exchange 2007 over at Technet. http://technet.microsoft.com/en-us/library/dd901772.aspx

Conclusion

We found that the Client Access server and Hub Transport server roles can be combined and supported in most environments. Based on the test results, we recommend the following hardware configuration for servers that are running both the Client Access and Hub Transport roles:
  • 8 processor cores
  • 12 GB of RAM
  • Pagefile size, RAM + 10MB (for systems with 8 GB of RAM or less, set pagefile to RAM * 1,5)

The tests showed that a server with 8 processor cores and 12 GB of RAM provides an optimal balance of server costs and scalability. This configuration allows a combined-role server to handle significantly more load than a 4-core server if the number of clients increases and if the clients access processor resources heavily. Clients such as Outlook Web Access and Exchange ActiveSync consume more of the processor resources of a Client Access server than do clients such as Outlook. Increasing processor resources and memory on a Hub Transport server allowed the server to handle an increased average message size. There was a direct correlation between an increase in average message size and greater processor use. Having more available memory also allowed the server to better handle transient events, such as transport queue growth.

Key considerations for supporting the two roles on a single Exchange server are:

  • All deployments should take advantage of the transport database maximum cache size recommendations. This helps avoid back pressure events. For more information, see the Exchange Team Blog article New maximum database cache size guidance for Exchange 2007 Hub Transport Server role.
  • Consider carefully both RAM and processor requirements when you’re planning server hardware. Be sure you understand the following areas of resource constraint:
    • The Hub Transport role is primarily processor and disk intensive.
    • The Client Access server role is primarily memory intensive.
    • The combined Client Access and Hub Transport server is primarily processor constrained.
  • A single 4-core, 8-GB RAM, combined-role server can service the same load as two 2-core, 4-GB RAM, single-role servers.
  • A single 8-core, 16-GB RAM, combined-role server can service the same load as two 4-core, 8-GB RAM, single-role servers.
  • Based on these tests, we don’t recommend deploying servers with 2 processor cores or 4 GB or less of RAM for use as combined-role servers.

How to Modify a Database Size Limit

The default database size limit for Exchange 2007 Standard Edition RTM is 50 gigabytes (GB). In Exchange 2007 Standard Edition SP1 the limit is 250GB. There is no default database size limit for the Exchange 2007 Enterprise Edition. The Exchange store process checks database size limits periodically and dismounts a database when the size limit is reached. A warning is logged using Event ID 9685 which tells you that the  database has exceeded the size limit. You can modify the database size limit by adding or changing a value in the registry.

Database Size Limit is a useful way for administrators to have control over their Exchange environment. The Exchange server will react by dismounting the store if the size gets out of hand, and it is a good way to be sure that the database size never outgrows the logical partition it resides on.

Procedure

  1. To use the Registry Editor to modify a database size limit
  2. Start Registry Editor (regedit).
  3. Locate the following registry subkey:
    1. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSExchangeIS\<SERVER NAME>\Private-<database GUID>
    2. You can get the GUID of a database by running the following command in the Exchange Management Shell: Get-MailboxDatabase -Identity “<server name>\<storage group name>\<database name>” | Format-Table Name, GUID
  4. If the Database Size Limit in GB DWORD exists for the subkey, change its value to the desired size in gigabytes.
  5. If the Database Size Limit in GB DWORD does not exist for the subkey, create a new DWORD with that name, and then set its value to the desired size in gigabytes
  6. Restart the Microsoft Exchange Information Store service
  7. Check evenviewer for the following events:
    1. Event ID 1216 which tells you how much size is allocated and what the current physical size is

Source: http://technet.microsoft.com/en-us/library/bb232092.aspx
See this great post about Exchange database size and limits: http://blog.sembee.co.uk/archive/2009/07/21/105.aspx

Administration of Public Folders with the introduction of Exchange 2007

There are some key commandlets to use when using EMS to administer Public Folders in Exchange 2007. Here is a short list of useful commands

  • For Public Folders
    • Get-publicfolder -recurse |fl name,replicas
  • For System Folders
    • Get-public folder \non_ipm_subtree |fl name, replicas

To Move replicas to Exchange 2007

Moveallreplicas.ps1 –server<sourceserver> -newserver<destinationserver>

Note: Scripts are found at %SystemDrive%\Program Files\Microsoft\Exchange Server\Scripts. To run a script, type the following in the Exchange Management Shell:

[PS] C:\>cd $exscripts

[PS] C:\Program Files\Microsoft\Exchange Server\Scripts>.\Moveallreplicas.ps1

To add or remove a server from a public folder replica’s properties including subfolders you can use the following two scripts:
RemoveReplicaFromPFRecursive.ps1 –TopPubicFolder <\folder> –Server toRemove <servername>

AddReplicatoPFRecursive.ps1 –TopPulblicFolder <\folder> -ServerToAdd <servername>

For more information see this post: http://msexchangeteam.com/archive/2007/06/25/445429.aspx

Allowing application servers to relay off Exchange Server 2007

To allow application servers to relay through your Exchange 2007 server do the following

  • Create a new internal receive connector in EMC
  • Add the servers that need to relay
  • When created edit the settings and navigate to Permission Groups
  • Select only Anonymous users, deselect other options
  • Navigate to the Authentication tab
  • Deselect every checkbox so that nothing is selected
  • Apply changes
  • Open EMS and run the following commandlet
  • Get-ReceiveConnector “InternalRelay” | Add-ADPermission -User “NT AUTHORITY\ANONYMOUS LOGON” -ExtendedRights “ms-Exch-SMTP-Accept-Any-Recipient”
  • Relay should now work for the selected servers

This information was based on this blog, http://msexchangeteam.com/archive/2006/12/28/432013.aspx

Deleted Mailbox not appearing in Disconnected mailbox in Exchange 2007

[tweetmeme source=”stalehansen” only_single=false]Deleted mailboxes will appear in disconnected mailbox list, but it will not reflect immediately. You have to wait for online maintenance to run and complete.

If you accidentally delete mailbox and if you wanted to reconnect it back then you may not be able to find it Disconnected Mailbox. You have to  run Clean-MailboxDatabase to get the deleted mailbox. Also if you want to disconnect the mailbox to re-add it to an other user or the same user do the following:

  • Disable the mailbox in EMC
  • When you disable a mailbox the user object stays in AD and the mailbox is marked for deletion.
  • The disconnected mailbox should appear in the disconnected mailbox view
  • If it is not appearing in the disconnected mailbox view run one of the following commands from powershell

Clean-MailboxDatabase \servername\SGName\Store
Cleaning Database of Individual Store

Get-Mailboxdatabase | Clean-MailboxDatabase
Cleans all the database in the Organization

Get-Mailboxdatabase | Where{ $_.Server –eq “<servername>”}| clean-MailboxDatabase
Cleans all the database in the specific store

Get-Mailboxdaatabase | Where{ $_.Name –eq “<DatabaseName>”}| clean-MailboxDatabase
Cleans all the Database which matches the specific name given in Databasename

  • After the command completes, check the event viewer for the following  event ID’s
    • Event ID 9531 – the clean mailboxdatabase process has begun
    • Event ID 9533 – a user does not exist in the directory or is not enabled for Exchange mail. This mailbox will be removed from mailbox store  in after the retention time has passed
    • Event ID 9535 – the process completes and lists that the mailbox was retained in the store
  • Finally you should see it in the disconnected mailbox view and you can connect it to the same AD user or an other AD user.

This blog was based on smtpport25’s blog, http://smtpport25.wordpress.com/2009/04/22/deleted-mailbox-not-appearing-in-disconnected-mailbox-in-exchange-2007/


If you need to restore the mailbox because it is not retained in the mailbox store, see these great sites for restore guide using Recovery Storage Groups
http://www.petri.co.il/using_rsg_in_exchange_2007.html
http://www.msexchange.org/tutorials/Working-Recovery-Storage-Groups-Exchange-2007.html