Installing Exchange 2007/2010 Update Rollups

[tweetmeme source=”stalehansen” only_single=false]Installing Update Rollups for Exchange 2007 and Exchange 2010 is not always a walk in the park. I have customers who ended up with no Exchange files, WebAccess files not present or all Exchange services set to disabled. The common solution is to run the Update Rollup in elevated mode and just re-run the Update Rollup. Jan Egil Ring has posted a comprehensive best practice to running Update Rollups and also provide som troubleshooting tips in this blog article:

General guidelines for installing Update Rollups in Exchange Server 2007/2010:

  1. Use elevated Administrator-privileges when running the installation either from Windows Update or by manually downloading the installation file.
  2. Verify that all Execution Policies are set to “Undefined”.
  3. Uninstall any interim Exchange hotfixes installed since the last Update Rollup.
  4. Verify that the ExchangeSetupLogs directory are present on the system-drive. The installer uses this directory for saving service-state information.

PowerShell Script: Bhargav Shukla has created a PowerShell sctipt to check for current Exchange 2007/2010 patchlevel:

Thumbnail Photos in Exchange 2010 and Office 2010

[tweetmeme source=”stalehansen” only_single=false]Finally there is a built in way to add thumbnails of people in Exchange and Global Addresslist. In earlier Exchange versions there were no function to import pictures in to schema and therefore a lot of different scripts and third party tools was designed to import pictures. Now we can deliver this as a part of any other Exchange project. Office 2010 is built around showing thumbnail photo of users in E-mail, Global Address List, Communicator, and all other office products where you find a username. This is really an important part of the Unified Communications experience

Here are some facts:

  • You need to activate the thumbnailPhoto attribute in schema to replicate to Global Catalog
  • The attribute is limited to 10K in size
  • The recommended thumbnail size is 96*96 pixels
  • In Exchange PowerShell use the cmdlet Import-RecipientDataProperty
    • Import-RecipientDataProperty -Identity “Bharat Suneja” -Picture -FileData ([Byte[]]$(Get-Content -Path “C:\pictures\BharatSuneja.jpg” -Encoding Byte -ReadCount 0))
  • After the thumbnails are uploaded you need to update OAB, so that it will point to AD for the images
    • Update-OfflineAddressBook “Default Offline Address Book”
  • For true offline use, you could modify the ConfiguredAttributes of an OAB to make thumbnailPhoto a Value attribute
    • This will increase the size of the OAB so it need to be tested before deployed

Anderson Patricio, MVP has created a script to automate this pocess:
GAL Photos: Frequently Asked Questions:
See this article for the full story:

Install Exchange 2010 with latest update in Unattended Mode

[tweetmeme source=”stalehansen” only_single=false]If you are planning to install a new Microsoft Exchange Server 2010, you should probably consider installing the latest update before configuring any of the server roles.

The below guide is not written by me. I found it so useful that I want to repost it here on my blog for later reference. This guide is written by Elie Bou Issa and the original article can be found here:

In the below scenario, we are installing the Mailbox role, the Client Access role and the Hub Transport role along with Update Rollup 2 in unattended mode. The exchange installation root folder is called exch and the Update Rollup 2 is placed under C:\Exchange2010\Patches. To install the exchange prerequisites, run “Exchange-Typical.xml” from the Scripts folder found in the installation directory. You can also take a look at this post for installing the prerequisites manually:
After successfully installing the prerequisites, set the NetTcpPortSharing service startup type to automatic by running the below command
Now, it is time to run the setup in unattended mode.
To do that, run the following command from the exchange installation directory: /m:Install /r:M,C,H /OrganizationName:Name of the Organization /UpdatesDir: Updates path 
If you wish to check the different options for unattended setup, you can refer to Install Exchange 2010 in Unattended Mode
After completing the installation, you can check the product version by clicking Help-> About from the Exchange Management Console as shown below:

Configure Exchange 2010 InternalUrl PowerShell script

[tweetmeme source=”stalehansen” only_single=false]

UPDATE: This script has been updated and revamped 07.05.2010 and described in this post:

In Exchange 2010 you need to set the internal URL for various services on the Client Access Server. Outlook 2007 uses autodiscover internally to connect to the exchange server. If internal URL is configured wrong you could get certificate errors when logging on to Outlook as well as errors when using other services internally.

This script may come in handy in the following scenarios

  • Initial configuration
  • Expansion in the infrastructure with load balanced CAS
  • Change in internal FQDN if you change certificate name
  • Change from https to http
  • When you have a total disaster on site 1 and need to fail over to a second site with a passive DAG server that holds all server roles

 It is a very simple script, if you have some advice to make the script better I would be happy if you let me know. The script does the following:

  • The server path is specified with a prompt
  • The script is set up with “-identity *” if you have more than one instance you need to specify wich instance you want to configure
  • The url is generated using the variable and the default location of the services
  • After configuring the URL’s the scritp lists all changes so its easy to doublecheck the configuration
  • The UM role is excluded because it is not supported to be hosted on the same server as CAS

To run the script do the following:

  • Copy this into a txt file and rename it to a ps1 file
  • Open powershell and navigate to the location where the file is saved
  • Use tab in powershell to get the correct run syntax
  • Run it and type the correct FQDN like this when prompted: https://yourcasserver.domain.local
$urlpath = Read-Host "Type internal Client Access FQDN starting with http:// or https://"
Set-AutodiscoverVirtualDirectory -Identity * –internalurl “$urlpath/autodiscover/autodiscover.xml”
Set-ClientAccessServer –Identity * –AutodiscoverServiceInternalUri “$urlpath/autodiscover/autodiscover.xml”
Set-webservicesvirtualdirectory –Identity * –internalurl “$urlpath/ews/exchange.asmx”
Set-oabvirtualdirectory –Identity * –internalurl “$urlpath/oab”
Set-owavirtualdirectory –Identity * –internalurl “$urlpath/owa”
Set-ecpvirtualdirectory –Identity * –internalurl “$urlpath/ecp”
Set-ActiveSyncVirtualDirectory -Identity * -InternalUrl "$urlpath/Microsoft-Server-ActiveSync"
#get commands to  to doublecheck the config
get-AutodiscoverVirtualDirectory | ft identity,internalurl
get-ClientAccessServer | ft identity,AutodiscoverServiceInternalUri
get-webservicesvirtualdirectory | ft identity,internalurl
get-oabvirtualdirectory | ft identity,internalurl
get-owavirtualdirectory | ft identity,internalurl
get-ecpvirtualdirectory | ft identity,internalurl
get-ActiveSyncVirtualDirectory | ft identity,internalurl

Finding Users Who Have “Out Of Office” Enabled In Exchange 2010

[tweetmeme source=”stalehansen” only_single=false]Any Post starting with this disclaimer means that this post was not written by me however I liked it and added it to my blog. I will also include the link to the original or similar post to provide credit to the original author

It might come in handy if you know how to get a list of users who have out of office message turned on. Exchange 2010 shell gives you that ability now. You can even change the message, set the audience (internal or external), turn it off etc with the shell.

  • To get a list of users who have out of office scheduled, run the following command.
    • Get-Mailbox | Get-MailboxAutoReplyConfiguration | Where-Object { $_.AutoReplyState –eq “scheduled” }
    • The above command gives you much more than you need, including the actual message, start time, end time etc.
  • If you are only interested in the list of users, run
    • Get-Mailbox | Get-MailboxAutoReplyConfiguration | Where-Object { $_.AutoReplyState –eq “scheduled” } | fl identity
    • Find USers with oof scheduled
  • If you want to get the settings for a particular user (for example Rajith), run
    • Get-MailboxAutoReplyConfiguration –identity rajith
  • You can also change the out of office settings for a particular user with the Set-MailboxAutoReplyConfiguration cmdlet.
    • For example, to turn off the out of office for the user account “Rajith”, run
    • Set-MailboxAutoReplyConfiguration –identity “Rajith” –AutoreplyState disabled
    • Disable autoreply
  • Similarly, if you want to extend the out of office message for a user (change the end time), run
    • Set-MailboxAutoReplyConfiguration –identity “Rajith” –EndTime 01/12/2009 17:00:00
  • You can change the actual out of office message (internal and external) by running
    • Set-MailboxAutoReplyConfiguration –identity “Rajith” –InternalMessage “I won’t be around today guys” –ExternalMessage “I am out of the office today”

NOTE: This cmdlets will only work in Exchange 2010 Shell

How to migrate Client Access to Exchange 2010

[tweetmeme source=”stalehansen” only_single=false]The Exchange Team has written several blogs about how to transition the Client Access server to Exchange 2010.

The first blog titled Transitioning Client Access to Exchange Server 2010 and can be found here:

To sum it up you must transition the “Internet Facing AD Site” associated with your external Autodiscover record, then regional Internet facing AD Sites, and then transition your internal Active Directory sites. It is not supported to transition an internal Active Directory site before all your Internet-accessible sites have been transitioned.

The second blog titled Upgrading Outlook Web App to Exchange 2010 and can be found here:

It discusses how Outlook Web App will function in an Exchange 2003 or 2007 environment that has Exchange 2010 deployed for the end users. Essentially, Exchange 2010 CAS does not support rendering mailbox data from legacy versions of Exchange.  Exchange 2010 CAS does one of four scenarios depending on the target mailbox’s version and/or location:

  • If the Exchange 2007 mailbox is in the same AD Site as CAS2010, CAS2010 will silently redirect the session to the Exchange 2007 CAS.
  • If the Exchange 2007 mailbox is in another Internet facing AD Site, CAS2010 will manually redirect the user to the Exchange 2007 CAS.
  • If the Exchange 2007 mailbox is in a non-Internet facing AD site, CAS2010 will proxy the connection to the Exchange 2007 CAS.
  • If the mailbox is Exchange 2003, CAS2010 will silently redirect the session to a pre-defined URL.

Note: For the purposes of this discussion it is assumed you are utilizing Forms Based Authentication for Outlook Web App authentication.

The third blog titled Upgrading Exchange ActiveSync to Exchange 2010 and can be found here:

The blog discusses how Exchange ActiveSync will function in an Exchange 2003 or 2007 environment that has Exchange 2010 deployed. Some may have environments that have Internet facing AD sites and non-Internet facing AD sites.  As part of our upgrade process, you will be following a model where:

  • Ensure all legacy Exchange 2003 servers are at latest Service Pack level
  • Deploy Exchange 2010 CAS, Hub Transport, and Mailbox in the “Internet Facing AD Site”
  • Have legacy Exchange servers in the “Non-Internet facing AD site” (if they exist)

The simple version is that if configured correctly Exchange 2010 will proxy for the legacy server like this

  • Exchange CAS2010 will authenticate the user
  • Determine the mailbox version to be legacy Exchange (2003/2007)
  • Look up legacy server FQDN on AD
  • The legacy server will authenticate the user again and will provide the rendered data back to the CAS2010 server
  • CAS2010 will expose the data to the end user

There is also possible to update the Outlook Mobile version on Windows Mobile 6.1 using Exchange 2010 for users hosted on Exchange 2010. This is done by enabling AllowMobileOTAUpdate on the users Activesync Policies. This is the same version that comes with Windows Mobile 6.5. New features in Outlook Mobile:

  • E-mails grouped by conversation
  • Free/busy lookup
  • Sync SMS messages to Exchange
  • Enhanced voice mail

More information can be found here:

Exchange 2010 Certified!


Today I passed the Exam 70-662:TS: Microsoft Exchange Server 2010, Configuring. The exam was released october 27, 2009 and it is nice to be certified before the product launches. The exam focused on configuring mailflow, DAG and compliance as well as other features.

Installing Exchange 2010 Prerequisites on Server 2008 R2

Commands to install the necessary prerequisites for Exchange 2010 on Windows Server 2008 R2

Update 08.12.11: Exchange Server 2010 SP2 was released and require an additional prerequisite which is IIS 6 WMI Compatibility feature (Web-WMI).  This article and PowerShell Script was updated accordingly in all options containing the CAS role.

Before you begin, prepare your environment

  • Make sure that the functional level of your forest is at least Windows Server 2003
  • Also make sure that the Schema Master is running Windows Server 2003 with Service Pack 1 or later
  • If Database Availability Groups (DAG) is going to be used install Server 2008 R2 Enterprise Edition
    • Exchange 2010 Standard Edition supports DAG with up to 5 databases
    • Exchange 2010 Enterprise Edition supports up to 100 databases per server
    • You can install all server roles on the same server when using DAG
    • But then you need a hardware load balancer  for redundant CAS and HUB due to a Windows limitation preventing you from using Windows NLB and Clustering Services on the same Windows box
    • Two node DAG requires a witness that is not on a server within the DAG
      • Exchange 2010 automatically takes care of FSW creation; though you do have to specify the location of the FSW
      • It is recommended to specify the FSW to be created on a Hub Transport Server
      • Alternatively, you can put the witness on a non-Exchange Server after some prerequisites have been completed
      • You can follow these steps to get your member server to act as FSW
        • add the “Exchange Trusted Subsystem” group to our Local Administrators Group on that member server
      • On servers that will host the Hub Transport or Mailbox server role, install the Microsoft Filter Pack. For details, see 2007 Office System Converter: Microsoft Filter Pack (this allows office attachments content to be searched and indexed)
  • Set Pagefile size, RAM + 10MB (for systems with 8 GB of RAM or less, set pagefile to RAM * 1,5)
  • Disable IPv6 by using this guide:
  • Run Windows Update untill all updates are installed

Install the Windows Server 2008 R2 operating system prerequisites

  • Open powershell and run the following command
    • Import-Module ServerManager
  • For a server that will have the typical installation of Client Access, Hub Transport, and the Mailbox roles:
    • Add-WindowsFeature NET-Framework,RSAT-ADDS,Web-Server,Web-Basic-Auth,Web-Windows-Auth,Web-Metabase,Web-Net-Ext,Web-Lgcy-Mgmt-Console,WAS-Process-Model,RSAT-Web-Server,Web-ISAPI-Ext,Web-Digest-Auth,Web-Dyn-Compression,NET-HTTP-Activation,RPC-Over-HTTP-Proxy,Web-WMI -Restart
  • For a server that will host the Client Access and Hub Transport server roles:
    • Add-WindowsFeature NET-Framework,RSAT-ADDS,Web-Server,Web-Basic-Auth,Web-Windows-Auth,Web-Metabase,Web-Net-Ext,Web-Lgcy-Mgmt-Console,WAS-Process-Model,RSAT-Web-Server,Web-ISAPI-Ext,Web-Digest-Auth,Web-Dyn-Compression,NET-HTTP-Activation,RPC-Over-HTTP-Proxy,Web-WMI -Restart
  • For a server that will host only the Mailbox role:
    • Add-WindowsFeature NET-Framework,RSAT-ADDS,Web-Server,Web-Basic-Auth,Web-Windows-Auth,Web-Metabase,Web-Net-Ext,Web-Lgcy-Mgmt-Console,WAS-Process-Model,RSAT-Web-Server -Restart
  • For a server that will host only the Unified Messaging role:
    • Add-WindowsFeature NET-Framework,RSAT-ADDS,Web-Server,Web-Basic-Auth,Web-Windows-Auth,Web-Metabase,Web-Net-Ext,Web-Lgcy-Mgmt-Console,WAS-Process-Model,RSAT-Web-Server,Desktop-Experience -Restart
  • For a server that will host the Edge Transport role:
    • Add-WindowsFeature NET-Framework,RSAT-ADDS,ADLDS -Restart
  • After the system has restarted, configure the Net.Tcp Port Sharing Service for Automatic startup by running the following command:
    • Set-Service NetTcpPortSharing -StartupType Automatic

PowerShell Script: MVP Pat Richard has created a script to automate the process of installing the prerequisites:

NOTE: You can also install the above features using xml scripts found in a scripts catalogue on the Exchange media. You still need to manually configure Net.Tcp Port Sharing Service for Automatic startup though. There is one script for every role. Thanks goes to Alex Lewis for the tip:

For more information see Technet article
Also check out Chris and Robin’s Technology blog
You should also check out MVP Elan Shudnows blog for how to install Exchange 2010 with DAG:

Exchange 2010 Online Mailbox Move

One of many great new features in Exchange 2010 is the Online Mailbox Move. Together with DAG it may be reason enough to migrate Exchange 2010 as fast as possible. The Online Mailbox Move feature allows end-users to be online in their email accounts during a move of their mailbox. On completing the move users just needs to reopen their Outlook clients.

In earlier Exchange versions, administrators had to move mailboxes during a scheduled outage window, perhaps during night time. However this was problematic when a firm is operational 24×7 and end users cannot tolerate mailbox unavailability. The new Exchange 2010 ‘Online Mailbox Moves’ feature relieves administrators, allowing mailbox moves with near zero downtime.

Amit Tank has written a thorough article about the new ‘Online Mailbox Move’ in Exchange 2010 here: 

Note: Online mailbox moves are only supported in the following scenarios while moving mailboxes within the same forest or across forests.

  1. Between two Exchange 2010 databases
  2. From Exchange 2007 SP2 database to Exchange 2010 database