Exchange | Ward Vissers

Exchange Server 2013 Architecture Poster

Microsoft released the Exchange Server 2013 Architecture Poster.
To download just click on the picture

Kemp Loadmaster: Drop Connections on Real Server Failure & Drop at Drain Time End

I want to refer to two features within Kemp Loadmaster:
Drop Connections on Real Server (Exsist from 5.x) (Default not enabled!!).
Failure & Drop at Drain Time End (New feature at 7.04) (Default not Enabeld!!)

Drop Connections on Real Server Failure

By default existing connections are not closed if a Real Server fails. This can lead to issues with Outlook clients if an Exchange CAS server fails. A solution to this is to enable the Drop Connections on RS Failure option which can be found on the System Configuration > Miscellaneous > L7 Configuration screen in the WUI.

When this option is enabled, LoadMaster tracks all the incoming connections and which Real Servers they are connected to. When a Real Server fails, all connections to the Real Server are immediately dropped, forcing the connections to reconnect to a different Real Server.

Enabling this option has the added benefit of allowing relatively higher Idle Connection Timeout values to be set as the danger of the client retaining a connection to a failed server is removed.

Drop at Drain Time End

By default existing connections are not closed when a real server is disabled. This can lead to issues with Outlook clients if an Exchange CAS server is administratively disabled. A solution to this is to enable the Drop at Drain Time End option which can be found on the System Configuration > Miscellaneous > L7 Configuration screen in the WUI.

When this option is enabled, LoadMaster will sever all existing connections to a disabled server after the L7 Connection Drain Time is reached. Clients will then be fored to reestablish a connection to one of the remaining Real Servers.

Deployment_Guide-MS_Exchange_2010 v7.0.pdf

Update Rollup 1 for Exchange Server 2010 Service Pack

Update Rollup 1 for Exchange Server 2010 Service Pack 3 (SP3) resolves issues that were found in Exchange Server 2010 SP3 since the software was released. This update rollup is highly recommended for all Exchange Server 2010 SP3 customers.
For a list of changes that are included in this update rollup, see KB2803727.

Download

KEMP LoadMaster v7.0-4 firmware is now available with Edge Security Pack

Kemp announced Firmware release LoadMaster 7.0-4. Here are the details below. Watch out for more announcements on some of the features in the coming weeks.

New Features and Feature Enhancements:

Edge Security Pack – A range of new security features has been added to the LoadMaster.
Sub-VS Support – The LoadMaster now supports the creation and management of sub-VSs.
Graphical Metrics – There is a new dashboard home screen with the capability to display graphical performance information.
New License format – A new license format has been introduced
Oracle VirtualBox VLM – A new VLM package, to support VLM installation within an Oracle VirtualBox environment is available
MIBS files have been updated
SID and revision information included in IPS logging
VLAN Separation per Interface
Support for larger TCP window sizes
‘Kill switch’ is now supported on all LoadMaster versions
LM-R320 has its serial number visible on the WUI
The Netconsole Host interface is configurable via the WUI

Issues Resolved:

Issue with SMTP STARTTLS when a client sends an EHLO is resolved
Issue with ACL whitelist allowing other IPs is resolved
Issue with switching VS types under load is resolved
Some reboot issues have been resolved
An issue with caching on Firefox has been resolved
The “-“ character is now allowed in the DNS Search Domain field
Issues with the MIBS have been resolved
A circular routing problem has been resolved
SNMP trap Source IP has been changed to pre 5.1-48 behaviour
SSL renegotiation can be toggled on/off
SSLv2 is no longer used for LoadMaster initiated SSL connections
An issue with Not Available Redirection XSS has been resolved
The Default IP is now displayed on the WUI when DHCP fails
An issue with VS Specific insert X-Clientside header being overwritten by system default has been resolved
The “-“ character is now allowed in the User Login field
An issue with the Fail on Match functionality has been resolved
An issue with Maximum Cache Size has been resolved

Known Issues:

Quick setup Help appears automatically if no IP address is configured on the LM if a VLAN is configured on eth0 and no IP address is assigned to the underlying interface (eth0)

LoadMaster version v7.0-4 supports the following hardware:

LM-2000
LM-2200
LM-2500
LM-2600
LM-3500
LM-3600
LM-5300
LM-5500
LM-Exchange
LM-R320
VLM-100
VLM-1000
VLM-Exchange

NOTE – ESP is supported on select LoadMaster models and new VLM installations.

Learn more about LoadMaster 7.0:

Manual

Full Release Notes

Full Documentation

CreateCluster failed with 0×5 adding members to DAG in Exchange 2013

Last weekend I was building a Exchange 2013 cluster. Since everything so far was working as expected, I proceeded with creation of DAG. From EAC, creating DAG itself worked with no issues. I then went ahead and added first mailbox server to DAG. this step, however, refused to complete with error:

A server-side database availability group administrative operation failed. Error The operation failed. CreateCluster errors may result from incorrectly configured static addresses. Error: An error occurred while attempting a cluster operation. Error: Cluster API ‘”CreateCluster() failed with 0×5. Error: Access is denied”‘ failed.. [Server: ward-02.wardvissers.local]

Assigning “Full Control” to Exchange Trusted Subsystem on , I assumed should fix the issue, however, it actually produced a completely different error when I tried to add the mailbox server to DAG again:

An Active Manager operation failed with a transient error. Please retry the operation. Error: The fully qualified domain name for node ‘DAG01′ could not be found.

Solution:

Pre-stage the CNO (CLUSTER NAME OBJECT)

Open Active Directory Users and Computers.
Expand the forest node.
Right-click the organizational unit (OU) in which you want to create the new account, select New, and then select Computer.
In New Object – Computer, type the computer account name for the CNO in the Computer name box. This is the name that you’ll use for the DAG. Click OK to create the account.
Right-click the new computer account, and then click Disable Account. Click Yes to confirm the disable action, and then click OK.

Assign permissions to the CNO (CLUSTER NAME OBJECT)

Open Active Directory Users and Computers.
If Advanced Features aren’t enabled, turn them on by clicking View, and then clicking Advanced Features.
Right-click the new computer account, and then click Properties.
In <Computer Name> Properties, on the Security tab, click Add to add either the computer account for the first node to be added to the DAG or to add the Exchange Trusted Subsystem USG:
- To add the Exchange Trusted Subsystem, type Exchange Trusted Subsystem in the Enter the object names to select field. Click OK to add the USG. Select the Exchange Trusted Subsystem USG and in the Permissions for Exchange Trusted Subsystem field, select Full Control in the Allow column. Click OK to save the permission settings.
- To add the computer account for the first node to be added to the DAG, click Object Types. In the Object Types dialog box, clear the Built-in security principals, Groups, and Users check boxes. Select the Computers check box and click OK. In the Enter the object names to select field, type the name of the first Mailbox server to be added to the DAG, and then click OK. Select the first node’s computer

Pre-Stage the Cluster Network Object for a Database Availability Group

Exchange 2013 Cumulative Update 1

Today the long-awaited Cumulative Update 1 for Exchange Server 2013 was released by the Exchange Team (KB2816900). This update raises Exchange 2013 version number to 15.0.620.29.

This is the Exchange 2013 product level required for co-existence with previous versions of Exchange, being Exchange Server 2010 SP3 or Exchange Server 2007 SP3 Rollup 10.

The Exchange Team provided a description of the major changes in CU1. You will find the announcement here; Here are some of the major changes in CU1:

Includes Address Book Policy Routing Agent (info);
Allows group memberships to be managed by groups (again, as it was possible in Exchange 2007 but not in Exchange 2010);
Access to Public Folders you have added as favorites via your favorites menu either in Outlook or Outlook Web App (still no regular Public Folder tree access though);
EAC has been enhanced and now includes Unified Messaging management and migration options;
Many probes, monitors, and responders have been updated and improved over the RTM release;
Get-HealthReport cmdlet has been streamlined and its performance has been optimized;
Supports the Exchange Server 2013 Management Pack for SCOM 2007 R2 and SCOM 2012 (due at a later date);
High Availability changes

Note that CU1 includes a schema change. Like Service Packs for earlier versions of Exchange, the Cumulative Update is indeed cumulative (hence the size of 1.3 GB) and you can install it directly, i.e. no need to install RTM first. Also, once installed you can’t uninstall CU1 or any of the installed roles. The order of upgrading servers doesn’t matter, unlike with earlier Exchange versions.

Important:

Beware Full OAB Downloads After Installing 1st Exchange 2013 Server in Existing 07/10 Environment

You can download Exchange 2013 Cumulative Update 1 here.

Publish Exchange 2013 With Forefront Threat Management Gateway

TMG doest not support jet Exchange 2013. But with minor changes you get it working Smile

Change in the OWA Rule

In Exchange 2013 changed the published server logoff URL to /owa/logoff.owa

You need create a Extra Rule Exchange 2013 APPS Rule

You need the ExchangeGuid

Powershell:

Get-Mailbox -Arbitration | where {$_.PersistedCapabilities -like “OrganizationCapabilityClientExtensions”} | fl exchangeGUID, primarysmtpaddress
ExchangeGuid : 3eccca51-d996-49df-b6e0-302d644fdcaa

Totally:

Exchange 2013 CU1 delayed, Planned for April the 2nd

The last piece required to support coexistence and start migrating from Exchange 2010 to Exchange 2013, just got delayed some days…

“We found an issue with Exchange 2010 coexistence. The issue actually had an easy workaround, but we made a decision; instead of burdening you with a configuration change on all of your Exchange 2010 Client Access servers, we decided to take a code change in Exchange 2013 and solve the problem so that you will not have to make any additional configuration changes. Given that the goal of CU1 is to enable coexistence with legacy versions of Exchange, we felt this was the right decision; after all, we want to ensure that your upgrade to Exchange 2013 and your coexistence period goes as smooth as possible.”

“The release date for Exchange 2013 RTM CU1 is currently planned for April 2^nd”

Publish all Exchange roles on one TMG listener

I have only 1 public IP address in my testlab so I wanted also deploy Outlook Anywhere so dat I can reseice mail from every where I am.

Configure Outlook anywhere rule on TMG

Open Forefront TMG
Click on
In the Action Pane under Task click
Give the rule a Name ill name mine “2010 OA”
Next –> Next
Internal Site Name should be your CAS server FQDN (needs to be on the cert)
The external name is what you use to access OA (Also needs to be on the cert)
Click –> Next –> Finish –> Select the Listener. (Choose the OWA listener you created before)
This step moves the auth from the TMG server and moves it to the Exchange
Modify the User set to include “all users” and remove “all authenticated users”.
You may get the following error you can click ok and ignore it. (Do not check require users to authenticate check box on the listener or this method will not work)
Finish
Now Outlook anywhere is published using the same listener as OWA! (Albeit without pre-auth)