Exchange 2010 Client Access Throttling

Environment:
Windows 2008 R2 – Exchange 2010 RTM 
Later  I installed SP1 & Rollup 2 for SP1

Outlook 2003 Service Pack 3 Clients
Issue:
During normal working hours users randomly was unable to access their mailboxes when they launched their Outlook client.

The users were receiving the following Outlook message:
Outlook error

“Unable to open your default e-mail folders. The Microsoft Exchange Server computer is not available. Either there are network problems or the Microsoft Exchange Server computer is down for maintenance.”
It was also reported that some users had issues expanding additional mailboxes. (Delegate Mailboxes )
The following Outlook message appeared.

set of folders

Or users have issues opening Shared Calendars.

Solution:
http://support.microsoft.com/kb/2299468

With Get-ThrottlingPolicy you can see the value of RCAMaxConcurrency

(Exchange 2010 RTM default value 20) (Exchange 2010 SP1 default value 214748364)

I changed RCAMaxConcurrency to 214748364 and the problem is fixt:

Get-ThrottlingPolicy | set-ThrottlingPolicy -RCAMaxConcurrency 214748364

Infrastructure Planning and Design (IPD) Guide for Microsoft Exchange Server 2010 with Service Pack 1

The Infrastructure Planning and Design (IPD) Guide for Microsoft Exchange Server 2010 with Service Pack 1 is very handy for successfully designing an Exchange Server 2010 infrastructure. The guide will help consultants make informed decisions about the design of fault tolerance and scalability so that their overall requirements are met.

The guide covers these key steps in the Exchange Server 2010 infrastructure design process:

  • Defining the project scope by identifying your individual business and IT requirements for a messaging infrastructure.
  • Mapping features and functionality based on the defined scope to develop the appropriate Exchange Server 2010 design.
  • Designing the infrastructure and role requirements for the proposed Exchange Server 2010 architecture.
  • Determining the sizing, fault tolerance, and physical placement of Exchange Server 2010 roles.

The Exchange Server 2010 Guide includes the following content:

  • Step 1: Define the Business and Technical Requirements
  • Step 2: Define the Instances of Exchange Server 2010
  • Step 3: Design the Mailbox Server Infrastructure
  • Step 4: Design the Client Access Server Infrastructure
  • Step 5: Design the Hub Transport Server Infrastructure
  • Step 6: Design the Edge Transport Server Infrastructure
  • Step 7: Design the Unified Messaging Server Infrastructure
  • Step 8: Define the Active Directory Domain Services Requirements

Launch the download of the IPD Guide for Microsoft Exchange Server 2010 with Service Pack 1.

Launch the download of the entire Infrastructure Planning and Design Guide series.

Publish Exchange 2010 With TMG (Forefront Threat Management Gateway)

When you want you use Forefront Threat Management Gateway to publish Exchange 2010 you must do the following things

1. Get a SAN Certificate.

I my case I have the following URL’s registered with the certificate.
webmail.wardvissers.nl
autodiscover.wardvissers.nl
legacy.wardvissers.nl
casarray.wardvissers.local

image

2. Import the Certificate in to Exchange 2010. 
How to check HERE

3. Create on the Exchange 2010 Server a Client Access Array.
How you must do it I spoke it Configuring Client Access Array. I this case a used casarray.wardvissers.local for the client acces array.

4. Setting the internal & external url’s

Set-ClientAccessServer -Identity ward-ex01 -AutoDiscoverServiceInternalUri https://casarray.wardvissers.local/Autodiscover/Autodiscover.xml

Set-WebServicesVirtualDirectory -Identity “ward-ex01\EWS (Default Web Site)” -InternalUrl https://casarray.wardvissers.local/ews/exchange.asmx -ExternalUrl https:// webmail.wardvissers.nl/ews/exchange.asmx

Set-OABVirtualDirectory -Identity “ward-ex01\oab (Default Web Site)” -InternalUrl http:// casarray.wardvissers.local/oab -ExternalUrl https://webmail.wardvissers.nl/oab

Enable-OutlookAnywhere -Server ward-ex01 -ExternalHostname “webmail.wardvissers.nl” -ClientAuthenticationMethod “Basic”-SSLOffloading:$False

Set-ActiveSyncVirtualDirectory -Identity “ward-ex01\Microsoft-Server-ActiveSync (Default Web Site)” -InternalURL https://casarry.wardvissers.local/Microsoft-Server-Activesync
-ExternalURL https://webmail.wardvissers.nl/Microsoft-Server-Activesync

Set-ECPVirtualDirectory –Identity ward-ex01\ECP (default web site) -InternalURL https://casarry.wardvissers.local/ECP -ExternalURL https://webmail.wardvissers.nl/ECP

5. Configure Exchange 2010 for basic authentication

Set-OwaVirtualDirectory -id ward-ex01\* -BasicAuthentication $true -WindowsAuthentication $true -FormsAuthentication $false

set-WebServicesVirtualDirectory -Identity “ward-ex01\EWS (Default Web Site)” -WindowsAuthentication $true -BasicAuthentication $true

set-EcpVirtualdirectory –Identity ward-ex01\ECP (default web site) -BasicAuthentication $true -WindowsAuthentication $true -FormsAuthentication $false

set-OabVirtualDirectory -Identity “ward-ex01\oab (Default Web Site)” -WindowsAuthentication $true -BasicAuthentication $true

set-ActiveSyncVirtualDirectory -Identity “ward-ex01\Microsoft-Server-ActiveSync (Default Web Site)” -BasicAuthentication $true

6. Import the SAN certificate in to the TMG server.

1. Click Start –> Run –> Type MMC
2. Click File –> add remove Snap-in –> Certificates –> ADD –> Computer account-> Next –> finish-> ok
3. Click Personal –> certificates
4. Right Click certificates –> all task –> import –> next –> select the *.pfx file –> next –> Password –> next –> next –> Finish

7. Publish OWA

1. Publish Exchange Web Client Access

2. Exchange Publishing rule name: OWA 2010
image

3. Choose Exchange Server 2010 & Outlook Web Access

image

4. Next ( I have only Single TMG Server)
image

5. Next
image

6.Internal Site Name: Client Access Array name. My Case casarray.wardvissers.local
image

7. Public Name: webmail.wardvissers.nl
image

8. At this moment I have no Web Listener so we gone create them

image

9. Weblister Name: HTTPS
image

10. Next
image

11. I choise for All Networks (and local host) because the Server has one NIC.
image

12. Select the Certificate that you just imported.
image image
image
13. Choise for LDAP (Active Directory)
image
14. SSO Domain name: my case wardvissers.nl (External Domain name)
image
15. Finish
image

16. Next
image

17. Next
image

18. Next
image

19. Finish
image

8. Publish Active Sync

1. Publish Exchange Web Client Access

2. Exchange Publishing rule name: Active Sync 2010
image

3. Exchange Server 2010 & Exchange ActiveSync
image

4. Next
image

5. Next
image

6. Internal Site name: CasArray name
image

7. Public Name: I my case webmail.wardvissers.nl
image

8.Choise the HTTPS web listerner
image

9. Next
image

10. Next
image

11. Finish
image

Next Time I will publish how to deploy a Legacy Exchange Server 2003 & 2007 with TMG

Exchange 2010 Tested Solutions

image_thumb

Microsoft provides some documentation examples of well-designed, cost-effective Exchange 2010 solutions deployed on hardware offered by some partners from Microsoft.

9000 Mailboxes in Two Sites Running Hyper-V on Dell M610 Servers, Dell EqualLogic Storage, and F5 Load Balancing Solutions

16000 Mailboxes in a Single Site Deployed on IBM and Brocade Hardware 

500 Mailboxes in a Single Site Running Hyper-V on Dell Servers

It’s really nice info to read Smile if you designing a Exchange 2010 Solution for your company or customer.

Rollup 2 for Exchange Server 2007 Service Pack 3


Today the Exchange Team released Rollup 2 for Exchange Server 2007 Service Pack 3 KB2407025. This update raises Exchange 2007 version number to 8.3.137.3.

The List with fixes:
972186 Some functions do not work if you install Security Configuration Wizard on a Windows Server 2008 SP2-based Exchange Server 2007

979046 Attachments are empty when you save them by using OWA after you have applied the update of KB 958881 on an Exchange Server 2007

980038 The Microsoft Exchange System Attendant service crashes intermittently in the Oabgen.dll module on an Exchange Server 2007 server

981602 Event ID: 4999 is frequently generated in a mixed Exchange Server 2007 and Exchange Server 2003 environment

982476 The Imap4.exe process crashes intermittently on an Exchange Server 2007 server

982478 Notes URL links in a plain text message are not clickable when you open this message by using OWA in an Exchange Server 2007 environment

2028675 The MSExchangeFDS.exe process occupies lots of memory if there are thousands of OABs created on an Exchange Server 2007 server

2029086 Some characters of an email message are displayed in an incorrect text size when you access your mailbox by using OWA in Exchange Server 2007

2032216 The Microsoft Exchange Information Store service crashes on an Exchange Server 2007 server when you start it or try to mount certain databases

2121536 Exchange Server 2007 cannot index a message

2201236 The "All Day" field is marked with "No" when you access a meeting request that has a duration time that is more than 24 hours by using a mobile client through ActiveSync in an Exchange Server 2007 environment

2203212 Certain mailboxes cannot be moved from an Exchange Server 2007 server to an Exchange Server 2010 server

2210042 A sub contact folder is still visible after you set the "PR_ATTR_HIDDEN" attribute to "True" in an Exchange Server 2007 environment

2230824 The Microsoft.Exchange.POP3.exe process or the Microsoft.Exchange.Imap4.exe process may crash after you enable protocol logging for POP3 or IMAP4 on an Exchange Server 2007 server

2249814 You receive misleading information when you run the "New-TestCasConnectivityUser.ps1" script on an Exchange Server 2007 server

2263342 "The operation failed" error message in Outlook client when a user sends a recurring meeting request with an email message attachment in an Exchange Server 2007 SP2 environment

2276439 (http://support.microsoft.com/kb/2276439/ ) The Microsoft.Exchange.IMAP4.exe process crashes when an IMAP4 client retrieves a meeting request that includes exception attachments in an Exchange Server 2007 environment

2280234 "Your POP3 server has not responded in 60 seconds." error message when a POP3 client connects to an Exchange Server 2007 Client Access server to access an Exchange Server 2003 mailbox

2282570 "550 5.1.3" NDR message when an Exchange Server 2007 user sends an email message to a recipient

2265306 The Exchange Information Store service stops responding when you perform a search operation on an Exchange Server 2007 mailbox in Outlook

2282746 The "Private" sensitivity status of an occurrence of a recurring meeting request is lost when you edit the occurrence in OWA in an Exchange Server 2007 environment

2286782 The response details are still included in the response email message when you set the "EnableResponseDetails" property to "False" in an Exchange Server 2007 environment

2290105 A shared document cannot be open by using OWA after you install Exchange Server 2007 SP3 on an Exchange Server 2007 server

2290159 The POP3 service crashes on an Exchange Server 2007 server

2344372  You cannot move mailboxes to an Exchange Server 2007 server

2362371 You receive a "Success" response when using the Test-Mailflow command on an invalid or nonexistent external email address in an Exchange Server 2007 environment

2384754 "Unable to identify local server row in Replication state table for this FID" error message when you run the Information Store Integrity Checker tool on an Exchange Server 2007 server

2387915 The ESEBack component does not support ETL tracing on an Exchange Server 2007 server

2388057 The Exchange Transport service crashes on Exchange Server 2007 servers in a mixed Exchange Server 2007 and Exchange Server 2010 environment

2394731 An HTML attachment of a shared mailbox cannot be saved when you set the "BypassOwaHTMLAttachmentFiltering" setting to "True" in an Exchange Server 2007 environment

2424499 Exchange Server 2007 does not support to assign a mailbox with the "Send on behalf" permission of a security group in the EMC or in the EMS

2427297 The created time and the modified time of an attachment are incorrect when you save an email message on an Exchange Server 2007 mailbox

2430674 The "Leave message intact" method in a Folder Assistant rule does not work when you post an item by using OWA in an Exchange Server 2007 environment

Download the hotfix HERE

FREE Exchange 2010 Training available

Exchange 2010 Upgrade and Deployment (HOLO)

This 300 level hands-on labs online course (including seven hands-on labs) will prepare learners with the knowledge to engage with customers to help them implement best practices for smooth Exchange 2010 upgrades and deployments. These hands-on labs online (HOLOs) are provided at no charge to Microsoft partners, and provide IT Professionals with the essential information they need to setup, deploy, and configure Microsoft Exchange Server 2010.  The course will address gaps in knowledge around topics such as new features, upgrade paths, tools and processes to support upgrade and deployment planning.

Training includes the following curriculum:

Course (Online): Using Exchange 2010 Tools to Plan a Deployment (Part 1)

Course (Online): Using Exchange Tools to Plan a Deployment (Part 2)

Course (Online): Exchange 2010 Setup, Deployment, and Server Role Configuration

Course (Online): Configuring Mail Flow and Outlook Web Access

Course (Online): Moving Mailboxes to Exchange 2010

Course (Online): Moving Other Services to Exchange 2010 (Part 1)

Course (Online): Moving Other Services to Exchange 2010 (Part 2)
exchange 2010

Thanks to

Bryan Von Axelson

Home folders renamed to My Documents

When you redirect users home folders to network share the folders are show as My Documents folder.

This is a bug in Windows 7 
http://support.microsoft.com/kb/947222

Solution:

Do not grant the Read permission to the administrator for the Desktop.ini files on the server. To do this, follow these steps:

Note If more than one Desktop.ini file exists, follow these steps for all the Desktop.ini files.

  1. Right-click the Desktop.ini file, click Properties, and then click the Security tab.
  2. In the Group or user names pane, click Administrators.
  3. Click to select the Deny check box for the Read permission.
  4. Click OK.

If you have 1000+ home folders this is not great thing to do Sad smile

Richard Willis created a nice powershell script that will do it for you Open-mouthed smile
You need only change the groupName to the group that you will give deny read permissions.
Save the script in de home folder where all the “My Documents” are and run the script.

The Script:
———————————————————————————————————–

$folders = Get-ChildItem | where-object {$_.psiscontainer};
foreach ($folder in $folders)
{
$desktopIni = Get-ChildItem $folder -Filter desktop.ini -Force
if ($desktopIni -ne $null)
{
$Acl = Get-Acl $desktopIni.FullName
$Ar = New-Object system.security.accesscontrol.filesystemaccessrule `
("groupName","Read","Deny")
$Acl.SetAccessRule($Ar)
Set-Acl $desktopIni.FullName $Acl
}
}

———————————————————————————————————-

Advanced Deployment Scenarios using the Microsoft Deployment Toolkit 2010

I was attended on twitter on the following video’s. I watch some of them. They are really interesting Open-mouthed smile

The Vid’s
TechNet Video: Advanced Deployment Scenarios using the Microsoft Deployment Toolkit 2010: (Part 1 of 7)Reviewing the Available Options in the Deployment Workbench

TechNet Video: Advanced Deployment Scenarios using the Microsoft Deployment Toolkit 2010: (Part 2 of 7)Create and Explore the Configuration Database

TechNet Video: Advanced Deployment Scenarios using the Microsoft Deployment Toolkit 2010: (Part 3 of 7)Configuring Role Methods in the Configuration Database

TechNet Video: Advanced Deployment Scenarios using the Microsoft Deployment Toolkit 2010: (Part 4 of 7)Configuring Other Methods in the Configuration Database

TechNet Video: Advanced Deployment Scenarios using the Microsoft Deployment Toolkit 2010: (Part 5 of 7)Configuring the Deployment Point to Use the Configuration Database

TechNet Video: Advanced Deployment Scenarios using the Microsoft Deployment Toolkit 2010: (Part 6 of 7)Using Linked Deployment Points

TechNet Video: Advanced Deployment Scenarios using the Microsoft Deployment Toolkit 2010: (Part 7 of 7)Custom Edit the Deployment Wizard to Add a New Page

The security certificate on the server is invalid. Contact your Exchange Server administrator or ISP to install a valid certificate on the server. Support Code: 80072F0D or 0x80072f0d

I had some Windows Mobile device that did not sync anymore. I changed the Certificates on Exchange 2007 and ISA 2006 Servers.

After some investing. The problem was I was missing the GlobalSign Domain Validation CA certificate

image 

After creating the cer file and installed on my PDA active sync works again.

Source:
http://support.microsoft.com/kb/927465

http://support.microsoft.com/kb/915438

VMMUpdate Script to Check if all Hyper-V hosts & SCVMM Server are Up to Date

Jonathan has created a nice script. This script checks witch updates are missing from Hyper-V hosts and SCVMM Server.

What updates?

Updates are regularly released for SCVMM Server, Hosts, and the Admin Console. These updates must be applied to all Hosts no matter how many you have. Updates are also released for technologies SCVMM leverages:

  • Windows
  • Hyper-V
  • Failover Cluster

As well as components SCVMM cannot function without:

  • WinRM
  • BITS
  • WMI
  • VDS
  • VSS

The difficulty is in making sure all systems are fully updated. This is a time-consuming task.

WSUS takes care of this for me…

Not necessarily. There are certain Hotfixes that need to be downloaded manually, but for the most part Windows Update is the key. WSUS is Microsoft’s solution to distributing Windows Updates within an enterprise, and this pulls from Windows Update as well. Unfortunately, rules in WSUS are sometimes set up such that all updates required do not find their way to SCVMM systems. So, there are layers of complexity in keeping systems up to date.

Prevent problems with VMMUpdate

With this script you now or that your Hyper-V hosts & SCVMM Server are up to date.

To download the latest follow the link HERE

vmmupdate

Translate »