Exchange Server 2013Comments (0)

Microsoft Exchange Server is a tremendous popular mailserver developed by Microsoft.
The first version to be released was version 4.0 shipped in April 1996. It has been evolved during the years and the latest and greatest offering is called Exchange Server 2013.

Comments

You need sign in to comment! Sign up today!

Pre-requirementsComments (0)

Before we run setup.exe for the actual Exchange deployment we have to prepare the operating system. The following post will cover the requirements needed.

Windows Server 2012 R2

Fire up PowerShell and type:
Install-WindowsFeature AS-HTTP-Activation, Desktop-Experience, NET-Framework-45-Features, RPC-over-HTTP-proxy, RSAT-Clustering, RSAT-Clustering-CmdInterface, RSAT-Clustering-Mgmt, RSAT-Clustering-PowerShell, Web-Mgmt-Console, WAS-Process-Model, Web-Asp-Net45, Web-Basic-Auth, Web-Client-Auth, Web-Digest-Auth, Web-Dir-Browsing, Web-Dyn-Compression, Web-Http-Errors, Web-Http-Logging, Web-Http-Redirect, Web-Http-Tracing, Web-ISAPI-Ext, Web-ISAPI-Filter, Web-Lgcy-Mgmt-Console, Web-Metabase, Web-Mgmt-Console, Web-Mgmt-Service, Web-Net-Ext45, Web-Request-Monitor, Web-Server, Web-Stat-Compression, Web-Static-Content, Web-Windows-Auth, Web-WMI, Windows-Identity-Foundation

Next step is to install:
Microsoft Unified Communications Managed API 4.0, Core Runtime 64-bit

Comments

You need sign in to comment! Sign up today!

Activating Exchange Server(s)Comments (0)

This is a way of entering the licensecode and activate Exchange Server.

To activate a specific server:
Set-ExchangeServer EX-CAS01 -ProductKey XXXXX-XXXXX-XXXXX-XXXXX-XXXXX

To activate all servers starting with EX:
Get-ExchangeServer EX* | Set-ExchangeServer -ProductKey XXXXX-XXXXX-XXXXX-XXXXX-XXXXX

To activate all servers:
Get-ExchangeServer | Set-ExchangeServer -ProductKey XXXXX-XXXXX-XXXXX-XXXXX-XXXXX

After these keys has been entered one have to restart the Information Store:
Restart-Service "Microsoft Exchange Information Store"

Comments

You need sign in to comment! Sign up today!

Database Availability Group (DAG)Comments (0)

To provide high availability, Microsoft have evolved the Database Availability Group (DAG) concept and with Exchange Server 2013 its even better.
The steps to create and configure a DAG is as follows:

Pre-create CNO
The easiest way to prevent some error messages is to pre-create the CNO object that the DAG will use:
1. Fire up Active Directory Users and Computers
2. Create a Computer object, name it E15-DAG01 for instance
3. Disable the bject
4. Add Exchange Server Trusted Subsystem on the object with Full Access permissions
5. Add a DNS record for the object like, E15-dag01.contoso.com

Prepare the Witness server
In Exchange environments with an even number of Mailboxservers an additional vote will be required for the quorom and thats when the witness server comes into play. A witness servers is just a server that holds a share that the DAG nodes will see if it is reachable.

For instance if we choose a Lync Front-End server to be a witness we must first add a permission so that the DAG setup will be able to configure the store on the server. This is easily done using:
Net localgroup Administrators "contoso.com" "Exchange Trusted subsystem" /add

Create a Database Availability Group (DAG)
To create a DAG using Exchange Management Shell, use something like this:
New-DatabaseAvailabilityGroup -Name E15-DAG01 -WitnessServer lync01.contoso.com -WitnessDirectory C:\DAGFileShareWitness -DatabaseAvailabilityGroupIpAddresses 10.10.10.21

Add members to the DAG
Add-DatabaseAvailabilityGroupServer -Identity E15-DAG01 -MailboxServer EX-MBX01
Add-DatabaseAvailabilityGroupServer -Identity E15-DAG01 -MailboxServer EX-MBX02

Comments

You need sign in to comment! Sign up today!

Single Item RecoveryComments (0)

Single Item Recovery is one of those nice features you want to enable as fast as possible on every user...

To configure single item recovery for a mailbox do the following in EMS:
Set-Mailbox -SingleItemRecoveryEnabled $true

Comments

You need sign in to comment! Sign up today!

Verify The ArbitrationmailboxesComments (0)

See any system mailboxes:
Get-Mailbox -Arbitration
Get-Mailbox -Monitoring
Get-ADObject -LDAPFilter ("Name=System*") | fl DistinguishedName
Get-Mailbox “*Discovery*”

If your are in a forest with multiple domains you might want to add:
Set-AdServerSettings -ViewEntireForest $True

Comments

You need sign in to comment! Sign up today!

Proper sizingComments (0)

When sizing Exchange its a good practice to understand the basics; diskutalization, disk iops, memory and the processor.
Ross Smith posted this interesting article about their approach to A Preferred Architecture.

Pagefile
On the 3rd of April, Microsoft posted some new guidelines about the pagefile setup. For many years it has been recommended to have fixed page file at RAM+10 MB. But with the release of Exchagnge Server 2013 SP1, Microsoft have made some adjustments to this recommendation.

As of now; the new recommended fixed pagefilesize should be of the smaller of RAM size + 10MB or 32,778 MB (which is 32GB + 10MB).

Comments

You need sign in to comment! Sign up today!

Configure network adapters properly for DAG usage in Exchange Server 2013!Comments (0)

The information in this post is critical when it comes to configuring the network adapters on your servers when using a Database Availability Group (DAG for short).
If these settings are not applied, the system might be unstable.

MAPI network adapter configuration
Client for Microsoft Networks, Enabled
QoS Packet Scheduler, Optionally Enabled
File and Printer Sharing for Microsoft Networks, Enabled
Internet Protocol version 6 (TCP/IP v6, Enabled
Internet Protocol version 4 (TCP/IP v4), Enabled
Link-Layer Topology Discovery Mapper I/O Driver, Enabled
Link-Layer Topology Discovery Responder, Enabled

Additional MAPI settings:
- The MAPI network typically uses a default gateway
- At least one DNS server address must be configured
- The Register this connection's addresses in DNS check box should be selected.

Replication network adapter configuration
Client for Microsoft Networks, Disabled
QoS Packet Scheduler, Optionally Enabled
File and Printer Sharing for Microsoft Networks, Disabled
Internet Protocol version 6 (TCP/IP v6), Enabled
Internet Protocol version 4 (TCP/IP v4), Enabled
Link-Layer Topology Discovery Mapper I/O Driver, Enabled
Link-Layer Topology Discovery Responder, Enabled

Additional Replication settings:
- Replication network typically don't have a default gateway, and if the MAPI network has a default gateway, no other networks should have a default gateway
- DNS server addresses should not be configured
- The Register this connection's addresses in DNS check box shouldn't be selected.

General settings
Remember to change the binding order of the network adapter cards, MAPI should be on top and the Replication adapter below.

Comments

You need sign in to comment! Sign up today!

Load Balancing in Exchange Server 2013!Comments (0)

Load balancing is quite different than it was back in any previous version of Exchange.
Common knowledge was that the load balancer needed to maintain session state to a specific Front-End/Client Access server in the past, and we all know that these layer 7 balancers performed very well but came at a high cost.

In Exchange 2013 and the architectural change that has been made, we only have to find a Client Access server (if using separate CAS/MBX servers). The CAS will in turn put the client in contact with the mailbox server that has the active database copy in which the user-mailbox resides.

Since we no longer need to maintain session we can use much less-expensive load-balancing technologies, meaning that we could potentially use DNS Round Robin with very short Time to Live (TTL) values.

Comments

You need sign in to comment! Sign up today!

Understanding the Transport Service in Exchange Server 2013Comments (0)

In Exchange Server 2013 we now have three types of transport services:
- Front End Transport service
- Transport service
- Mailbox Transport service

Front End Transport service
This is a service that runs on all client Access servers and acts like a stateless proxy for all inbound and outbound external SMTP traffic. This service does not inspect the messages itself, it only communicates with the Transport service on a Mailbox server. The service does not queue any messages locally either.

Transport service
This service rins on all Mailbox servers and is identical to the hub Transport server role in previous versions of Exchange. This role handles all SMTP flow for the organization, performs messages categorization and performs the message inspection. Unlike previous versions of Exchange the Transport service never communicates directly with the mailbox databases, this task is now handled by the Mailbox transport service. the Transport Service routes messages between the Mailbox service, the Transport service and the Front End Transport service.

Mailbox Transport service
This service runs on all Mailbox servcer and consists of two separate services, the Mailbox Transport Submission service and Mailbox Transport Delivery service.

Comments

You need sign in to comment! Sign up today!

Planning for Exchange 2007 or 2010 coexistance with 2013.Comments (0)

This will cover the basics in configuring coexistance between Exchange 2007 and Exchange 2010.
In this example we will


Exchange 2007 Pre-Requirements
We need to have installed Exchange Server 2007 SP3 RU10 for coexistance purposes.

If you want to create an EdgeSync Subscription between an Exchange 2007 Hub Transport server and an Exchange 2013 SP1 Edge Transport server, you need to install Exchange 2007 SP3 Update Rollup 13 or later on the Exchange 2007 Hub Transport server.

Exchange 2010 Pre-Requirements
For Exchange Server 2010 we need to have installed SP3 on all servers including the Edge servers.

If you want to create an EdgeSync Subscription between an Exchange 2010 Hub Transport server and an Exchange 2013 SP1 Edge Transport server, you need to install Exchange 2010 SP3 Update Rollup 5 or later on the Exchange 2010 Hub Transport server.


Certificates
When it comes to certificates we have a few limitations.

For our destination environment, Exchange 2013 we can use:
mail.company.com, and autodiscover.company.com
And its always a good practice to include the FQDNs of the servers itself for troubleshooting purposes.

For Exchange 2007 CAS servers we need to add a record called legacy.company.com which is the name that clients will use after the cutover if their mailboxes still resides on this environment.

For Exchange 2010 we dont have to do much since the 2013 environment will proxy the client requests.

Mailflow

Outlook Anywhere
We need to be sure that clients that now connects via Outlook Anywhere can be redirected or proxied back to the legacy environment. That being said we need to enable and configure Outlook Anywhere on Exchange 2007 or Exchange 2010.

Exchange 2007 example:
Enable-OutlookAnywhere -Server: -ExternalHostName: -ClientAuthenticationMethod:Basic -IISAuthenticationMethods -SSLOffloading:$false

Exchange 2010 example:
Enable-OutlookAnywhere -Server: -ExternalHostname:mail.contoso.com -ClientAuthenticationMethod:Ntlm -SSLOffloading:$true

Virtual Directories on Exchange 2007
OWA InternalUrl: https://legacy.company.com/owa
OWA ExternalUrl: https://legacy.company.com/owa

ActiveSync InternalUrl: https://legacy.company.com/Microsoft-Server-ActiveSync
ActiveSync ExternalUrl: $null to force a proxy

Outlook Anywhere - ExternalHostName: mail.company.com
IISAuthenticationMethods: Basic, NTLM
ExternalClientAuthenticationMethods: Basic

EWS InternalUrl: https://legacy.company.com/EWS/Exchange.asmx
EWS ExternalUrl: https://legacy.company.com/EWS/Exchange.asmx

Autodiscover AutodiscoverServiceInternalURI: https://autodiscover.company.com/
Autodiscover/Autodiscover.xml

Virtual Directories on Exchange 2010
OWA InternalUrl: https://mail.company.com/owa
OWA ExternalUrl: https://mail.company.com/owa

ECP InternalUrl: https://mail.company.com/ecp
ECP ExternalUrl: https://mail.company.com/ecp

ActiveSync InternalUrl: https://mail.company.com/Microsoft-Server-ActiveSync
ActiveSync ExternalUrl: https://mail.company.com/Microsoft-Server-ActiveSync

Outlook Anywhere - ExternalHostName: mail.company.com
IISAuthenticationMethods: Basic, NTLM
ExternalClientAuthenticationMethods: Basic

EWS InternalUrl: https://mail.company.com/EWS/Exchange.asmx
EWS ExternalUrl: https://mail.company.com/EWS/Exchange.asmx

Autodiscover AutodiscoverServiceInternalURI: https://autodiscover.company.com/
Autodiscover/Autodiscover.xml


Virtual Directories on Exchange 2013
OWA InternalUrl: https://mail.company.com/owa
OWA ExternalUrl: https://mail.company.com/owa

ECP InternalUrl: https://mail.company.com/ecp
ECP ExternalUrl: https://mail.company.com/ecp

ActiveSync InternalUrl: https://mail.company.com/Microsoft-Server-ActiveSync
ActiveSync ExternalUrl: https://mail.company.com/Microsoft-Server-ActiveSync

Outlook Anywhere - ExternalHostName: mail.company.com
IISAuthenticationMethods: Basic, NTLM
ExternalClientAuthenticationMethods: Basic

EWS InternalUrl: https://mail.company.com/EWS/Exchange.asmx
EWS ExternalUrl: https://mail.company.com/EWS/Exchange.asmx

Autodiscover AutodiscoverServiceInternalURI: https://autodiscover.company.com/
Autodiscover/Autodiscover.xml

SCP – Service Connection Points
To get the current configuration type:
Get-ClientAccessServer | fl name, AutoDiscoverServiceInternalUri

To configure all the SCP's to point towards the new environment:
Get-ClientAccessServer | Set-ClientAccessServer -AutoDiscoverServiceInternalUri https://autodiscover.company.com/autodiscover/autodiscover.xml

DNS
As of the DNS wich will be one of the final steps in the Cutover is to point all clients to the Exchange 2013 infrastructure.
This could be pointing mail.company.com and autodiscover.company.com towards the new environment via a hardware loadbalancer or WNLB for example.

The Cutover
So, when we hit the button for the cutover the following will happen to the clients.

OWA 2007 will be redirected
OWA 2010 will be proxied, redirect if ExternalURL is set

ECP 2007 N/A
ECP 2010 will be proxied, redirect if ExternalURL is set

POP/IMAP 2007 will be proxied
POP/IMAP 2010 will be proxied

ActiveSync 2007 will be proxied
ActiveSync 2010 will be proxied

Autodiscover 2007 will be proxied to Exchange 2013 MBX
Autodiscover 2010 will be proxied

Outlook Anywhere 2007 will be proxied
Outlook Anywhere 2010 will be proxied

EWS 2007 a requirement
EWS 2010 will be proxied

Comments

You need sign in to comment! Sign up today!

Alternate Service Account (ASA) for Exchange Server 2013!Comments (0)

When using Kerberos Constrained Delegation together with Exchange Server 2013 we need to do a few things to get TMG/UAG to authenticate correctly for external user access.

First off we need to create a Computer account in Active Directory Users and Computers. Name the account CASARRAY-ASA

Next step is to configure Exchange to use this ASA account and set a password:
cd $exscripts
.\RollAlternateServiceAccountPassword.ps1 -ToEntireForest -GenerateNewPasswordFor "LOGICSPOT\CASARRAY-ASA$" -Verbose

Now when this is configured we have to create a few SPN's:
setspn -s http/mail.logicspot.net logicspot\CASARRAY-ASA$
setspn -s http/autodiscover.logicspot.net logicspot\CASARRAY-ASA$
setspn -s exchangeMDB/mail.logicspot.net logicspot\CASARRAY-ASA$
setspn -s exchangeRFR/mail.logicspot.net logicspot\CASARRAY-ASA$
setspn -s exchangeAB/mail.logicspot.net logicspot\CASARRAY-ASA$

To verify, type:
setspn -L logicspot\CASARRAY-ASA$

Comments

You need sign in to comment! Sign up today!

Prepare Active Directory and Domains for Exchange Server 2013!Comments (0)

Before you installing Exchange Server 2013 on any servers in the organization, you must prepare Active Directory and domains. This post will cover the steps needed for this.

For this to work we need to have the Active Directory Domain Services Tools (RSAT-ADDS) installed on the server that we run the commands from.

The setup.exe file is located on the Exchange media.

Step 1: Prepare Schema
setup /PrepareSchema

Step 2: Prepare Active Directory
setup /PrepareAD

or if a new Organization is to be installed:
setup /PrepareAD [/OrganizationName:]


Step 3: Prepare Domain
setup /PrepareDomain

Comments

You need sign in to comment! Sign up today!

Make use of Content FilteringComments (0)

There are three thresholds in Exchange:
- SCLDeleteThreshold
- SCLRejectThreshold
- SCLQuarantineThreshold

SCLDeleteThreshold
Messages with SCL equal to or higher than the threshold will be deleted silently.

To set SCLDeleteThreshold to 8:
Set-ContentFilterConfig -SCLDeleteThreshold 8 -SCLDeleteEnabled:$true

SCLRejectThreshold
Messages with SCL equal to or higher then the threshold will be rejected during the SMTP session. The sender will get an NDR.

To set SCLDeleteThreshold to 8:
Set-ContentFilterConfig -SCLRejectThreshold 7 -SCLRejectEnabled:$true

Messages that dont get accepted will response with: Message rejected due to content restrictions.

To change the response message:
Set-ContentFilterConfig -RejectionResponse “We dont want your spam!”

SCLQuarantineThreshold
Messages with SCL equal to or higher than the threshold are delivered to the quarantine mailbox that must exist.
To configure SCLQuarantineThreshold and specifi a quarantine mailbox:
Set-ContentFilterConfig -SCLQuarantineThreshold 6 -SCLQuarantineEnabled:$true -QuarantineMailbox:quarantine@contoso.com

The Junk Folder
To move the messages to the users Junk Mail folder we need another type of Threshold; SCLJunkThreshold and is a part of the Set-OrganizationConfig cmdlet.

To set CSLJunkthreshold:
Set-OrganizationConfig -SCLJunkThreshold 5

Comments

You need sign in to comment! Sign up today!

Exclude DC/GC server hosting FSMO roles from Exchange lookupsComments (0)

If you have a GC/DC that you want to exclude from the Exchange lookups to minimize the traffic generated from Exchange to a particular DC/GC server you can do so by this command:
Set-ExchangeServer -Identity "ExchangeServer" -StaticExcludedDomainControllers "ServerName"

Comments

You need sign in to comment! Sign up today!

Initiate Exchange installation based upon serverrole via shell:Comments (0)

To install the Client Access role:
Setup.exe /mode:Install /role:ClientAccess /IAcceptExchangeServerLicenseTerms /targetDir:”D:\Program Files\Microsoft\V15\Exchange Server”

To install the Mailbox role:
Setup.exe /mode:Install /role:Mailbox /IAcceptExchangeServerLicenseTerms /targetDir:”D:\Program Files\Microsoft\V15\Exchange Server”

To install both Client Access and Mailbox on the same server (multirole):
Setup.exe /mode:Install /role:ClientAccess,Mailbox /IAcceptExchangeServerLicenseTerms /targetDir:”D:\Program Files\Microsoft\V15\Exchange Server”

Comments

You need sign in to comment! Sign up today!

How to remove Database folders from the file system in Exchange 2013!Comments (0)

If you have created a database and you want to remove it, you have probably succeeded within Exchange using either EMC or the shell.
But if you have a look at the file system you will see that the directory is still there and you cannot manually remove it. Why? Well its because of the Search index holding a lock on files in that particular folder.

Resolution?
Well stop the MSExchange Search Host Controller service and try remove the folder. It will must likely work if you don't have another system holding ca lock on it like antivirus or a backup agent.

Comments

You need sign in to comment! Sign up today!

A few words on queue database files in Exchange Server!Comments (0)

The Queue database consists of several files, which are stored in the following default location:
C:\Program Files\Microsoft\Exchange Server\TransportRoles\data\Queue

Here are a short explanation of the files and its purpose:

Mail.que
This file is the actual queue database. It stores all queued messages after they are committed from the transaction log files.

Tmp.edb
This temporary database file is used to verify the queue database schema on startup.

Trn*.log
A transaction log that records all changes to the queue database. Changes to the database are fist written to the transaction log and are then committed to the database. Trn.log is the current active transaction log file. Trntmp.log is the next one provisioned. When the existing Trn.log file reaches its maximum size of 5 MB, Trn.log is renamed to TrnXXXX.log, where the XXXX is a sequence number. Trntmp.log is renamed to Trn.log and becomes the current active transaction log file.

Trn.chk
This is a checkpoint file. It tracks the transaction log enries that have been committed to the database.

Trnres00001.jrs and Trnres00002.jrs
These files are used to reserve some emergency storage if the transaction log volume becomes full.

Comments

You need sign in to comment! Sign up today!

Unconvering Autodiscover in Exchange Server 2013!Comments (0)

The Exchange Autodiscover service helps client applications to automatically configure settings for Exchange Web Services (EWS) endpoint for a mailbox and other associated mailbox information. these configuration information can be retrieved from both outside and inside of the company network.

There are three different access methods:
- Active Directory Service Connection Point (SCP) lookup
- SOAP Autodiscover
- POX Autodiscover

The client performs the following steps to use Autodiscover:
1) Get a list of Autodiscover URLs using Active Directory SCP record lookup
2) Makes a request to a defined URL if the SCP lookup does not provice an endpoint
3) Follows any redirection requests or responses to find the URL of the Autodsicover service for the particular mailbox.
4) Requests the information from the Autodiscover service

Note: All these requests must be trustworthy - and the client validates that the URL endpoint is HTTPS and that certificate is valid.

Using SCP lookup process to find Autodiscover endpoint
1) The client reads the configurationNamingContext property of the Root DSE entry, if it cannot be found the client abandons SCP record lookup and proceed with SOAP Autodiscover.
2) The client searches for SCP records under the configurationNameContext entry. This returns a list of all SCP records, pointers and URLs. If no records are return, the client abandons SCP record lookup and proceed with SOAP Autodiscover.
3) The client looks for an SCP pointer that is scoped to the user's domain.
4) The client tries the SCP URLs

Using SOAP to find the Autodiscover endpoint
1) The client fins the correct starting URL using this process:
a) Any URL returned by the SCP lookup process
b) https://contoso.com/autodiscover/autodiscover.scv
c) https://autodiscover.contoso.com/autodiscover/autodiscover.svc
2) If none of the URL's work, the client does a DNS query for an SRV record for: _autodsicover._tcp.contoso.com

Using POX to find the Autodiscover endpoint
1) The client fins the correct starting URL by trying URLs in the following order:
a) Any URL returned by the SCP lookup process
b) Any URLs returned by the SOAP Autodiscover process
c) https://contoso.com/autodiscover/autodiscover.xml
d) https://autodiscover.contoso.com/autodiscover/autodiscover.xml
2) If none of the HTTPS URLs work, the client tries an unauthenticated request hoping to get redirected
3) If none of the previous URLs work, the application performs a DNS query for an SRV record for _autodiscover._tpc.contoso.com

Microsoft recommends that you use the SOAP Autodiscover service when you connect to the Autodiscover service in versions of Exchange starting with Exchange 2010. The SOAP Autodiscover service provides more functionality than the POX Autodiscover service.

Comments

You need sign in to comment! Sign up today!

How to use telnet to troubleshoot Exchange!Comments (0)

Telnet is a fantastic tool when it comes to troubleshoot mail flow in Exchange Server.
In Windows Server 2008 and Windows 7 it’s not installed by default so one have to manually install it, either using the GUI or Powershell:
Add-WindowsFeature Telnet-Client

So lets try connect to and Exchange server, first we need to type telnet followed by an IP/or DNS name and last but not least the port 25 to specify that we want Telnet to talk to the SMTP port.
telnet 192.168.0.20 25

This would give you a reply saying:
220 exchangeserver.company.com Microsoft ESMTP MAIL Service ready at Mon, 11 April 2011

Now we can type:
HELO or EHLO (EHLO has some additional feature and is more commonly used nowdays)

After we got a response we need to enter who are the sender:
MAIL FROM: sender@company-a.com

Next step is to specify the recipient:
RCPT TO: recipient@company-b.com

Now we need to enter the DATA string:
DATA

To enter a subject:
SUBJECT: This is a testmail

Press enter and type the message itself:
This is a testbody message, whats up?

To quit the, press enter twice and press “.” dot followed by pressing enter again:
.

The message will now enter the queue if accepted.
Otherwise it will display some error saying for instance, Unable to Relay, User Unknown…

Comments

You need sign in to comment! Sign up today!

A few words on message securityComments (0)

There are different types of message security in the world of Exchange.
First we have security in the form of message being sent (in transit) and then we have security when it has arrived to the destination and what will happen after that.

Transport Layer Security (TLS)
- TLS is a standard protocol that encrypts messages between servers or between servers and clients.
- Exchange 2010 uses TLS by default for all internal transfer, between Hub servers or Hub and Edge and so on…
- When connectin external, Echange 2010 attempts to use TLS, called Opportunistic TLS. If the receiver can’t use TLS, then it will use regular SMTP.
- One can configure Domain Security to enforce TLS, this is called Mutual TLS (MTLS). And this is done between organizations.

S/MIME Encryption
- S/MIME allows you to encrypt messages and its attachments.
- With S/MIME the recipient must have a digital ID in the form of a certificate that allows the recipient to open the message.
- One can digitally sign an S/MIME message so the sender is verified so that you can prove that the message is from you.

Comments

You need sign in to comment! Sign up today!

How to use OPATH filter in Exchange Management Shell!Comments (0)

This filter will help you in the search of objects a bit easier!

For example:
Get-Mailbox | where { $_.Office -eq “HQ”}

Possible OPATH filter:
- and
- or
- not
- eq (equals)
- ne (not equal)
- lt (less than)
- gt (greater than)
- like (string comparison)
- notlike (string comparison)

Comments

You need sign in to comment! Sign up today!

Understanding log file truncation and continuous replication circular logging in Exchange Server!Comments (0)

Logfile truncation appears when a full backup or incremental backup has done its job.
If we for some reason don’t have backups doing this truncation we could have tons of log files just piling up.
To get rid of these we could enable Circular Logging.

To enable Circular Logging:
Set-MailboxDatabase -Identity 'DB01' -CircularLoggingEnabled $True

Now, if we are using DAG we get a new type of Circular Logging called; Continuous Replication Circular Logging (CRCL) wich behaves differntly from traditional Circular Logging.
CRCL is performed by the Microsoft Exchange Replication Service, not Microsoft Exchange Information Store service. CRCL also verifies log files that are required for log shipping and replay before its being deleted.
Traditional Circular Logging deleted the log file when it was committed to the database.

When CRCL is enabled, log file truncation for database copies that are nog lagged occurs in the following way:
- The log file is checked to determine whether it is below the checkpoint
- The log file is inspected that all other non-lagged database copies replayed the logfile into their database
- The log file has been inspected by all database copies (including any lagged onces)

Log file truncation happens for lagged database copies in the following way:
- The log file is checked to determine whether it is below the checkpoint.
- The log file is older than ReplayLagTime and TruncationLagTime
- The log file is already deleted on an active database copy and all copies agreed on the deletion

Comments

You need sign in to comment! Sign up today!

Some or all Identity references could not be translated" error when you manage DAG in Exchange Server 2013 SP1 in a disjoint namespace domainComments (0)

This seems to be a bug i SP1 and was solved in RU5.

The error message is saying: Some or all Identity references could not be translated

To solve this do the following:
1. run Remove-DatabaseAvailabilityGroupServer DAGName -Server ServerName -ConfigurationOnly
2. Now on the cluster side run: cluster node ServerName /forcecleanup or run the Failover Cluster Manager utility

Comments

You need sign in to comment! Sign up today!