Category: Microsoft

Add Extra Windows 2012 server to DirectAccess NLB Cluster

First you install Server 2012 and you add the Remote Access Server Role.

And Install

KB2788525: You cannot enable external load balancing on a Windows Server 2012-based DirectAccess server.

 

Add or Remove Server

image

image

image

image

image

image

image

Server 2012 Dedub

Start Windows PowerShell. Right-click the Windows PowerShell icon on the taskbar, and then click Run as Administrator.

Run the following Windows PowerShell commands:

PS C:\> Import-Module ServerManager
PS C:\> Add-WindowsFeature -name FS-Data-Deduplication
PS C:\> Import-Module Deduplication
PS C:\> Enable-DedupVolume E: & Enable-DedupVolume D:

And wait….

dedub

Saving already 240GB on my home lab…. Dedub is great

CreateCluster failed with 0×5 adding members to DAG in Exchange 2013

Last weekend I was building a Exchange 2013 cluster. Since everything so far was working as expected, I proceeded with creation of DAG. From EAC, creating DAG itself worked with no issues. I then went ahead and added first mailbox server to DAG. this step, however, refused to complete with error:

A server-side database availability group administrative operation failed. Error The operation failed. CreateCluster errors may result from incorrectly configured static addresses. Error: An error occurred while attempting a cluster operation. Error: Cluster API ‘”CreateCluster() failed with 0×5. Error: Access is denied”‘ failed.. [Server: ward-02.wardvissers.local]

Assigning “Full Control” to Exchange Trusted Subsystem on , I assumed should fix the issue, however, it actually produced a completely different error when I tried to add the mailbox server to DAG again:

An Active Manager operation failed with a transient error. Please retry the operation. Error: The fully qualified domain name for node ‘DAG01′ could not be found.

Solution:

Pre-stage the CNO (CLUSTER NAME OBJECT)

  1. Open Active Directory Users and Computers.
  2. Expand the forest node.
  3. Right-click the organizational unit (OU) in which you want to create the new account, select New, and then select Computer.
  4. In New Object – Computer, type the computer account name for the CNO in the Computer name box. This is the name that you’ll use for the DAG. Click OK to create the account.
  5. Right-click the new computer account, and then click Disable Account. Click Yes to confirm the disable action, and then click OK.

Assign permissions to the CNO (CLUSTER NAME OBJECT)

  1. Open Active Directory Users and Computers.
  2. If Advanced Features aren’t enabled, turn them on by clicking View, and then clicking Advanced Features.
  3. Right-click the new computer account, and then click Properties.
  4. In <Computer Name> Properties, on the Security tab, click Add to add either the computer account for the first node to be added to the DAG or to add the Exchange Trusted Subsystem USG:
    • To add the Exchange Trusted Subsystem, type Exchange Trusted Subsystem in the Enter the object names to select field. Click OK to add the USG. Select the Exchange Trusted Subsystem USG and in the Permissions for Exchange Trusted Subsystem field, select Full Control in the Allow column. Click OK to save the permission settings.
    • To add the computer account for the first node to be added to the DAG, click Object Types. In the Object Types dialog box, clear the Built-in security principals, Groups, and Users check boxes. Select the Computers check box and click OK. In the Enter the object names to select field, type the name of the first Mailbox server to be added to the DAG, and then click OK. Select the first node’s computer

 Pre-Stage the Cluster Network Object for a Database Availability Group

Exchange 2013 Cumulative Update 1

Today the long-awaited Cumulative Update 1 for Exchange Server 2013 was released by the Exchange Team (KB2816900). This update raises Exchange 2013 version number to 15.0.620.29.

This is the Exchange 2013 product level required for co-existence with previous versions of Exchange, being Exchange Server 2010 SP3 or Exchange Server 2007 SP3 Rollup 10.

The Exchange Team provided a description of the major changes in CU1. You will find the announcement here; Here are some of the major changes in CU1:

  • Includes Address Book Policy Routing Agent (info);
  • Allows group memberships to be managed by groups (again, as it was possible in Exchange 2007 but not in Exchange 2010);
  • Access to Public Folders you have added as favorites via your favorites menu either in Outlook or Outlook Web App (still no regular Public Folder tree access though);
  • EAC has been enhanced and now includes Unified Messaging management and migration options;
  • Many probes, monitors, and responders have been updated and improved over the RTM release;
  • Get-HealthReport cmdlet has been streamlined and its performance has been optimized;
  • Supports the Exchange Server 2013 Management Pack for SCOM 2007 R2 and SCOM 2012 (due at a later date);
  • High Availability changes

Note that CU1 includes a schema change. Like Service Packs for earlier versions of Exchange, the Cumulative Update is indeed cumulative (hence the size of 1.3 GB) and you can install it directly, i.e. no need to install RTM first. Also, once installed you can’t uninstall CU1 or any of the installed roles. The order of upgrading servers doesn’t matter, unlike with earlier Exchange versions.

Important:

Beware Full OAB Downloads After Installing 1st Exchange 2013 Server in Existing 07/10 Environment

You can download Exchange 2013 Cumulative Update 1 here.

Publish Exchange 2013 With Forefront Threat Management Gateway

 

TMG doest not support jet Exchange 2013. But with minor changes you get it working Smile

Change in the OWA Rule

In Exchange 2013 changed the published server logoff URL to /owa/logoff.owa

image

You need create a Extra Rule Exchange 2013 APPS Rule

image
You need the ExchangeGuid

Powershell:

Get-Mailbox -Arbitration | where {$_.PersistedCapabilities -like “OrganizationCapabilityClientExtensions”} | fl exchangeGUID, primarysmtpaddress
ExchangeGuid : 3eccca51-d996-49df-b6e0-302d644fdcaa

image

image

image

 

Totally:
image

Exchange 2013 CU1 delayed, Planned for April the 2nd

The last piece required to support coexistence and start migrating from Exchange 2010 to Exchange 2013, just got delayed some days…

“We found an issue with Exchange 2010 coexistence. The issue actually had an easy workaround, but we made a decision; instead of burdening you with a configuration change on all of your Exchange 2010 Client Access servers, we decided to take a code change in Exchange 2013 and solve the problem so that you will not have to make any additional configuration changes. Given that the goal of CU1 is to enable coexistence with legacy versions of Exchange, we felt this was the right decision; after all, we want to ensure that your upgrade to Exchange 2013 and your coexistence period goes as smooth as possible.”

“The release date for Exchange 2013 RTM CU1 is currently planned for April 2nd”

Publish all Exchange roles on one TMG listener

I have only 1 public IP address in my testlab so I wanted also deploy Outlook Anywhere so dat I can reseice mail from every where I am.

Configure Outlook anywhere rule on TMG

  1. Open Forefront TMG
  2. Click on image_thumb5[1]
  3. In the Action Pane under Task click image_thumb6[1]
  4. Give the rule a Name ill name mine “2010 OA”
  5. image
  6. Next –> Next
  7. image_thumb8[1]
  8. Internal Site Name should be your CAS server FQDN (needs to be on the cert)
  9. image_thumb9[1]
  10. The external name is what you use to access OA (Also needs to be on the cert)
  11. image
  12. Click –> Next –> Finish –> Select the Listener. (Choose the OWA listener you created before)

  13. This step moves the auth from the TMG server and moves it to the Exchange
  14. image
  15. Modify the User set to include “all users” and remove “all authenticated users”.
  16. clip_image002
  17. You may get the following error you can click ok and ignore it. (Do not check require users to authenticate check box on the listener or this method will not work)
  18. clip_image002[5]
  19. Finish
  20. Now Outlook anywhere is published using the same listener as OWA! (Albeit without pre-auth)

After configuring DirectAccess in an IPv4-only deployment with a single network adapter, and after the default DNS64 (the IPv6 address which contains ":3333::") is automatically configured on the network adapter, attempting to enable load-balancing via the Remote Access Management console causes a prompt for the user to supply an IPv6 DIP. If an IPv6 DIP is supplied, the configuration fails after clicking Commit with the error: The parameter is incorrect.

  1. Download the backup and restore scripts from Back up and Restore Remote Access Configuration.
  2. Back up your Remote Access GPOs using the downloaded script Backup-RemoteAccess.ps1
  3. Attempt to enable load balancing until the step at which it fails. On the Enable Load Balancing dialog box, expand the details area, right-click in the details area, and then click Copy Script.
  4. Open Notepad, and paste the contents of the clipboard. For example:

    Set-RemoteAccessLoadBalancer -InternetDedicatedIPAddress @(‘10.244.4.19/255.255.255.0′,’fdc4:29bd:abde:3333::2/128’) -InternetVirtualIPAddress @(‘fdc4:29bd:abde:3333::1/128’, ‘10.244.4.21/255.255.255.0’) -ComputerName ‘DA1.domain1.corp.contoso.com’ -Verbose

  5. Close any open Remote Access dialog boxes and close the Remote Access Management console.
  6. Edit the pasted text and remove the IPv6 addresses. For example:

    (Remove de IPv6 IP Addresses)
    Set-RemoteAccessLoadBalancer -InternetDedicatedIPAddress @(‘10.244.4.19/255.255.255.0’) -InternetVirtualIPAddress @(‘10.244.4.21/255.255.255.0’) -ComputerName ‘DA1.domain1.corp.contoso.com’ -Verbose

    In an elevated PowerShell window, run the command from the previous step.

  7. If the cmdlet fails while it is running (not due to incorrect input values), run the command Restore-RemoteAccess.ps1 and follow instructions to make sure that the integrity of your original configuration is maintained.
  8. You can now open the Remote Access Management console again.

Migrate a certificate authority from Windows 2008 R2 to Windows 2012

Today I was moving my testlab enterprise root CA from a Windows 2008 r2 server to a new Windows 2012 with a different server name. To accomplish this, I used this excellent Technet Post . I encountered no problems!

Create Internal Wildcard Certificate

I created I internal wildcart Certificate. This i ideal when you want do some testing and you not any certificate from a Third-Party.

You must have a internal CA Winking smile

Open IIS

Go to Server Certificates

Choise Create Domain Certificate

image

image

image

Now you can export this Certificate Smile.

Very handy when you want to test Exchange 2013 & TMG or any other product.

Translate »