Log in


Categories » ‘Microsoft Related’

Do I need a CAS Array?

Categories: Exchange Server Microsoft Related
September 12th, 2011 by

I wouldn’t be surprised if I saw this topic covered at TechEd next year.  I have many clients ask me the following question a lot, “do I need a CAS Array in my organization?”  I imagine that there are many people out there wondering the exact same thing.  So, do you need a CAS Array for your Exchange 2010 organization?

Well, let’s start out by looking at how Exchange 2010 will work without a CAS array.  In the event where you do not have a CAS Array when you create a Database the database will configure the “RpcClientAccessServer” (the RPC Endpoint for Outlook Client Connectivity) based on one of the following:

  • If you have both the Client Access server role and the Mailbox server role on the same physical server, the value of RPCClientAccessServer property for a particular Mailbox server will be the same as the Mailbox server.
  • If you have the Client Access server role on a separate maching the RPCClientAccessServer property for a particular Mailbox server will be set to a random Client Access server within the Active Directory site.

What this means is that the Mailbox Database that you created will either assign the RPCClientAccessServer property based on one of the two options above.   Which brings me to Scenario one.

Scenario one:

Let’s say you have two Exchange Servers deployed within your organization EXCH1 and EXCH2.  Each server is running the Mailbox, Hub Transport, and Client Access role in the same Active Directory Site.  Now say you deploy one databases on each server Database1 on EXCH1 and Database2 on EXCH2.  Each Database will be assigned the RPCClientAccessServer property with the server name the database resides on.  i.e. Database1 will have a RPCClientAccessServer set to EXCH1 and Database2 will have a RPCClientAccessServer set to EXCH2.

Next we deploy a DAG within our two nodes and replicate the two databases between the servers.  Even with a DAG deployed in the event that EXCH2 goes off line all users in Database2 will lose their connection!  This is because their RPCClientAccessServer points to EXCH2 even thought their database is mounted on EXCH1.  The RPCClientAccessServer property does not get updated automatically.

End Scenario one

Now let’s take a look at how Exchange 2010 behaves if the CAS Array is already created.  When you create a Database the database will configure the “RpcClientAccessServer” (the RPC Endpoint for Outlook Client Connectivity) based on one of the following:

  • In the event that you have first created a CAS Array and then second created a mailbox database Exchange will assign the RPCClientAccessServer property with the name of the CAS Array for that Active Directory site.

Which brings me to Scenario two!

Scenario two:

Let’s say you have two Exchange Servers deployed within your organization EXCH1 and EXCH2.  Each server is running the Mailbox, Hub Transport, and Client Access role in the same Active Directory Site.  There is no hardware load balancer in your organization but you decided that before creating any databases in your organization you would create a CAS Array.  (for info on creating a CAS Array see my article: Exchange 2010 Client Access Server Array (CAS Array)

Once the CASArray has been created you go out and create a DNS entry, in this case cas.scottfeltmann.com.  For an IP address for this DNS entry you type in the IP Address of EXCH1 and set the time to live to 5 minutes or less (you could do DNS round robin but in the event of an outage 50% of the users will be off line).

Now that we have our CAS Array created we can move forward and create our two new databases, Database1 and Database2.  Each Database will reside on their respective servers EXCH1 and EXCH2.  Since we have created our CAS Array the RPCClientAccessServer property will be set with the CAS Array name, in this case “cas.scottfeltmann.com”.

As a final step a DAG has been deployed to replicate the mailbox databases between the two servers within our organization.  Since our CAS Array is currently pointing to cas.scottfeltmann.com which points to EXCH1 in the event that we lose the server EXCH1 our users will lose their connection.  Once this occurs a manual process needs to take place to update the DNS entry cas.scottfeltmann.com to point to EXCH2.  Once DNS updates, all users will be back on line and working again!  Much better than the scenario one if you ask me.

End Scenario 2.

Honestly to simply the failover process I always suggest a Hardware Load Balancer like Kemp Technologies (http://www.kemptechnologies.com/us/) which will automatically re-establish the connection.

Also keep in mind that if you created a Mailbox database before the creation of a Client Access array or the installed a Client Access server within the Active Directory site, you’ll need to reconfigure the value of the RPCClientAccessServer property. If no Client Access server exists in the Active Directory site when the Mailbox database is created, the value of the RPCClientAccessServer property will be set to the FQDN of the Mailbox server. To configure the value of the RPCClientAccessServer property, use the following command: Set-MailboxDatabase DBName -RPCClientAccessServer cas.scottfeltmann.com (or whatever your CAS Array name is).  In some rare instances you  may run into a bug where you created the CAS Array after the databases were deployed, and updated the RPCClientAccessServer property on the Database.  For more information on that bug see my article Outlook Profile not updating after creating CAS Array.

So, to answer the question, “Do I need a CAS Array?”  The answer is YesMost certainly!  Absolutely!
Edit — I should point out, even if you have a single Exchange 2010 Server in your entire Organization you should use a CAS Array!

Questions?  Comments?  Please Share!


 

 

 

 

Tags:
6 Comments »

Exchange 2010 SP1 Rollup 4 re-released

Categories: Exchange Server Microsoft Related
July 28th, 2011 by

As many of you know the Exchange team released Exchange 2010 SP1 Rollup 4 back on June 22nd.  Well, on July 13th there was a bug identified with the release and they had to pull the release.

Last night the Exchange team re-release Rollup 4 for Exchange 2010 SP1.  Following the release they also posted a update on what happened with the recall of Rollup 4 and what they are doing to help reduce the likelihood of this happening in the future.

As for me, I may wait a week or two before applying it just to be sure it is working correctly.  Not to say I doubt the Exchange team but if you recall Rollup 3 for Exchange 2010 SP1 went through three revisions before they got it right.

Here is a quick read of the Q&A of the update on Rollup 4:

  • Q: What actually triggered the recall?
  • A: While fixing a bug that prevented deleted public folders from being recovered, we exposed an untested set of conditions with the Outlook client. When moving or copying a folder, Outlook passes a flag on a remote procedure call that instructs the Information Store to open deleted items which haven’t been purged. Our fix inadvertently caused the RPC to skip all content that wasn’t marked for deletion because we were not expecting this flag on the call from Outlook on the copy and move operations.
  • Q: Why didn’t you test this scenario?
  • A: The short answer is we thought we did. We didn’t realize we missed a key interaction between Exchange and Outlook. The Exchange team has well over 100,000 automated tests that we use to validate our product before we ship it. With the richness and number of scenarios and behaviors that Exchange supports, automated testing is the only scalable solution. We execute these tests in varying scenarios and conditions repeatedly before we release the software to our customers. We also supplement these tests with manual validation where necessary. The downside of our tests is that they primarily exercise the interfaces we expose and are designed around our specifications. They do test positive and negative conditions to catch unexpected behavior and we did execute numerous folder copy and move tests against the modified code which all passed. What we did not realize is that our tests were not emulating the procedure call as executed by Outlook.
  • Q: Exchange has been around a while, why did this happen now?
  • A: In Exchange 2010 we introduced a feature called RPC Client Access. This functionality is responsible for serving as the MAPI endpoint for Outlook clients. It allowed us to abstract client connections away from the Information Store (on Mailbox servers) and cause all Outlook clients to connect to the RPC Client Access service.    As part of our investigation, we discovered that there was some specific code added to the Exchange 2003 Information Store to handle the procedure call from Outlook using the extra flag. This code was also carried forward into Exchange 2007. But when the Exchange team added the RPC Client Access service to Exchange 2010, that code was not incorporated into the RPC Client Access service because it was mistakenly believed to be legacy Outlook behavior that was no longer required. That, unfortunately, turned out not to be the case. The fact that we were not allowing a deleted public folder to be recovered was masking this new bug completely.
  • Q: Are there other similar issues lurking in RPC Client Access?
  • A: We do not believe so. The RPC Client Access functionality has been well-tested at scale and proven to be reliable for the millions of mailboxes hosted in on-premises deployment and in our own Office 365 and Live@EDU services.
  • Q: What are you doing to prevent similar things from happening in the future?
  • A: We have conducted a top-to-bottom review of the process we use to triage, develop and validate changes for Rollups and Service Packs and are making several improvements. We have changed the way we evaluate a customer requested fix to ensure that we more accurately identify the risk and usage scenarios that must be validated for a given fix. Recognizing the diversity of clients used to connect to Exchange, we are increasing our client driven test coverage to broaden the usage patterns validated prior to release. Most notably, we are working even closer with our counterparts in Outlook to use their automated test coverage against each of our releases as well. We are also looking to increase coverage for other clients as well.

 

 

 

Tags:
No Comments »

If you’re running Exchange 2010 and have a DAG install one of the following Hotfixes

Categories: Exchange Server Microsoft Related
July 12th, 2011 by

I came across an interesting Tweet yesterday from Scott Schnoll which said “If you have a DAG, install the cluster hotfixes from MSKB 2549472, 2549448 or 2552040. Only need to install one (same files in each hotfix).”

The Hotfixes can be found here:

Why any one of these KBs?  Well each KB has the same files required to repair the issue that Microsoft has discovered with Exchange 2010.  As Scott put it, “These packages contain the same cluster fixes, which address some issues that can affect network connectivity in a cluster.”

Thanks Scott!

Tags:
No Comments »

Exchange 2010 OWA redirection causing a forever loop

Categories: Exchange Server Microsoft Related
June 22nd, 2011 by

I ran into a problem last week where a client wanted to have all http traffic into an exchange 2010 server get redirected to https.  While there are a number of ways of doing this I found a nice article by Brian Desmond  on how to configure doing IIS redirects using IIS 7 instead of creating Custom Code, which is what I used to do.  The article proved to be a great find however there was an error that occurred as a result of configuring the Redirect.

While stepping through the article I did exactly what the article said to do however as part of the process of assigning the redirect to go to /owa for the Exchange, ExchWeb, and Public Folders the OWA virtual directory also inherited the /owa redirect.  This basically caused a loop whenever a user went to https://owa.domain.com/owa.  The URL kept doing a forward which caused the loop.

In my research I was able to find the problem, as I mentioned, the OWA virtual directory inherited the loop.  If I went to the OWA virtual directory and cleared the check box to do the Redirect it would clear the redirect for all the required virtual directories!  When I would re-enabled the redirect for the Exchange virtual directory it would enable the redirect on the OWA virtual directory.

As it turns out when making the modifications to the Exchange Redirects the web.config file also gets a line added to the configuration for redirects.  The first step to resolve this issue is to remove the httpRedirect in the web.config file located in “C:\Program Files\Microsoft\Exchange Server\V14\ClientAccess\Owa”.  Once in this directory I oped the web.config file and looked for the redirect reference which appeared like this: <httpRedirect enabled=”false” destination=”/owa” childOnly=”false” />

By removing that above line and saving the Web.Config I was then able to use appcmd to set the config of the /Exchange, /Exchweb, and /Public virtual directories.  To enable the redirection type the following:

C:\Windows\System32\inetsrv>appcmd set config “Default Web Site/Exchange” /section:httpredirect /enabled:true -commit:apphost

C:\Windows\System32\inetsrv>appcmd set config “Default Web Site/Exchweb” /section:httpredirect /enabled:true -commit:apphost

C:\Windows\System32\inetsrv>appcmd set config “Default Web Site/Public” /section:httpredirect /enabled:true -commit:apphost

And then this to disable redirection for /owa:

C:\Windows\System32\inetsrv>appcmd set config “Default Web Site/owa” /section:httpredirect /enabled:false -commit:apphost

And done, the redirects work correctly and the /owa loop is removed!

Tags:
3 Comments »

Kemp Technologies LoadMaster Sizing Guide for MS Exchange 2010 (Beta)

Categories: Exchange Server Kemp Technologies Microsoft Related
June 9th, 2011 by

I was out looking at Kemp’s site today looking at Kemp devices for a client of mine.  The request was to determine a proper Load Balancer for my client based on their organization.  While I was on the Kemp site I came across a new tool Kemp currently has in Beta.

The tool is called the “LoadMaster Sizing Guide for MS Exchange 2010”.  The tool itself is pretty cool and is exactly what every Exchange guru should be aware of!  The tool is capable of making a recommendation of what Kemp LoadMaster you should get for your organization.

In order to determine the size of the LoadMaster (LM) you are able to enter in the following information based on your organization size:

  • Total Mailboxes
  • Percent Concurrent Connections
  • Percentage of HTTPS services
  • Avg# of Messages/Day/Mailbox
  • Avg.Message Size (KB)
  • Hours/day
  • Busy Hour Multiplier
  • Max Virtual Services (VIP)
  • Max Exchange Servers
  • Select SSL Key Length

The options have either a direct entry where you can put a number or slide bars to adjust the setting.  Pretty sweet tool!  You can have a look for yourself.  You can find the tool by following the URL:  http://www.kemptechnologies.com/fileadmin/templates/sizingDoc/lme_calc_2k/lme_calc_2k.htm

Great Job on this one!  PERFECT!

Questions, Comments?  Please Share!

 

Tags:
No Comments »

SQL Express Error when installing Threat Management Gateway

Categories: Microsoft Related SQL Express
June 8th, 2011 by

I ran into an issue today while attempting to install Threat Management Gateway 2010 on a Windows 2008 R2 server for one of my clients.  The issue that was occurring when deploying TMG I would receive the error “Microsoft SQL Express 2008 (logging instance) could not be installed.  As a result, Forefront TMG installation cannot be completed.”  Frustrating!  Looking at the logs revealed that there was a failure in the deployment with an error of “Wrapper: Install failed, hr = 0x84b30001”.  Eh?

The next step I tried was to deploy SQL 2008 Express on the Windows 2008 R2 server.  While in the process of deploying the SQL 2008 Express edition I received an error “Access Denied” and the installation failed.  After removing the failed SQL deployment from the server I started to do some research.  As it turns out Microsoft will leave their debug info in the SQL Express editions.  In order to install SQL Express the user much have permissions to “Debug Program”.   This setting is only related to SQL Express editions and not full blown (to my knowledge) SQL programs.

In order to find the security setting Debug Program I went to the “Local Security Policy” on the Windows 2008 R2 server.  I then went to “Local Policies”, “User Rights Assignment” and located “Debug Programs”.  Looking at the configuration this policy was being configured by Group Policy and was only allowing two users in the organization access to this perform Debug Program.  I asked my client to adjust their group policy to include my security account in this policy.  Did a GPUpdate /Force and rebooted the server.  Next attempt to install the server was a success!

Questions or Comments?  Please share!

 

Tags:
No Comments »

TechEd 2011 Update Day 3

Categories: Microsoft Related TechEd
May 23rd, 2011 by

Well, I got back home and realized I haven’t done my day 3 or day 4 updates yet!  Doh, TechEd is a great place for learning and meeting a lot of new contacts.  If you ever want to go to TechEd make sure to network because you will never know who you will meet.

Day 3 started out a lot like Day 2, I went to some sessions and met some new people.

The first session I went to was EXL401 – Exchange Server 2010 High Availability Management and Operations with Scott Schnoll, what a kick butt session.  There were a lot of great slides in this deck and if you can, down load the deck!  The PowerShell cmdlets in this deck are great for any Exchange guy.

The next session worth mentioning is the EXL374-INT – Real-World Site Resilience Design in Microsoft Exchange 2010.  This was an interesting discussion on deploying DAG and different deployment scenarios.  This session was put on by Ross Smith IV, Robert Gillies, and Andrew Ehrensing.  The interactive sessions are always good.  I love the discussions around the different ways to deploy, what’s best practice, and what other people are doing.  This session was actually help before the session on Thursday afternoon, which was odd and was apparently an accident in scheduling but still, a good discussion.

I went and spent some time on the Vendor floor learning about products available and talking to MVPs and MCMs and Microsoft employees.  I always learn a lot at TechEd and build relationships in the Microsoft Community.

Wednesday night came up pretty quick, and involved the UC Round Table which is always a great session.  This year we got some sponsorship from F5 and we were able to bring in the Exchange product team and some Microsoft Certified Masters (MCM) in Exchange.  Talk about an Exchange Fest!  I had a great time meeting the Exchange Product team and some MCM.  F5 contributed some great food including the Marconi Martini Bar which was make our Macaroni and Cheese with additional foods like bacon, and other stuff.  I can’t recall but it was darn good!

After the UC Round Table I headed over to the Springboard party.  There I got to meet Mark Russinovich, and got an autographed copy of his book, “Zero Day”!  Pretty sweet deal!

The Springboard party was pretty sweet as it is every year.  Great food and wine and Excellent company!  They were serving Sushi, Crab Cakes, little burgers and roast beef.  YMMMMM Roast beef!  Actually my favorite part was the dessert bar where they were serving burnt creme.  One of my favorite desserts.  Now that was the icing on the cake.  Thanks to Springboard for throwing such a quick butt party!

I’ll be sure to get Day 4 Posted in the next day or two and some photos!

 

 

 

 

Tags:
No Comments »

Microsoft TechEd 2011 Update – Day2

Categories: Microsoft Related TechEd
May 18th, 2011 by

Yesterday was the second Day of TechEd 2011. While the sessions were still pretty solid the best part for me was sitting down with a Microsoft Certified Master in Exchange to discuss Exchange 2010. We had a great discussion and I plan to pick it up again tomorrow.

I’m sure as you are all aware Microsoft has changed their position of Exchange 2010 and Virtualization. Microsoft is saying that Exchange 2010 is now fully supported on a virtual platform, including the Unified Messaging Role. The reason for this change is due to all the testing they have performed and are now comfortable with it. I should point out to Virtualize the UM role you will need to dedicate 4CPUs and 16GB of RAM. this type of configuration will support around 60 concurrent users without the VM preview or 40 users with Voice Mail preview. I have to ask, given the requirements for the VM why virtualize it especially since you want to do the best to disburse your Exchange Roles across your VM hosts.

After TechEd we had a false alarm and went to the UC Round Table. I say false alarm because there was a mix up, we thought the event was supposed to be Wednesday night, but got an email it was Tuesday night, we ended up going to the location Tuesday night only to find out it was Wednesday night. Honestly it turned out pretty good because due to the miscommunication we ended up going to a private party with a number of MCM in one of the suites in the hotel. This turned out to be a great place to network and swap stories both technical and nontechnical. Right spot at the right time I suppose.

Afterwards we took a trip down to the SpiceWorks party which turned out to be fun. Free Booze and Free pool, can’t complain. I did take a picture of my buddies Lars and Jake playing some pool.

Jake and Lars playing nine ball

Not sure who won that game.
Afterwards we headed over to GeekFest which was at STATS.  When we got there Jake had some problems getting his wrist band on and required assistance.  The man in the picture helping him is an actual police officer.  Jake couldn’t quite figure out how to get the sticker off….

Jake gets help

Finally when we got upstairs we found some good food and then some women doing an act from a rope and a ring hanging from a ceiling.  Now I have seen just about everything.

Tags:
1 Comment »

Exchange 2010 SP2

Categories: Exchange Server Microsoft Related TechEd
May 16th, 2011 by

I am here in Atlanta at TechEd 2011 and just finished the session on whats new in Exchange Service Pack 2. Good session. During the session it was brought up when SP2 would be released and what some of the new features will be.

The first thing to talk about is SP2 is currently in DF1 mode meaning it is currently being tested internally. The update will fix an estimated 500 bugs and carry some new features. For the user community the update will be released in the second half of 2011. Sorry, that is all the info I have there. I was hoping for third quarter personally. The update will require a schema update to active directory so be ready

During the sessions a few of the new features were presented for the first time. Those features include GAL Segmentation, OWA Cross Site Redirection, and OWA Mini.

GAL Segmentation is what it sounds. It will allow an exchange admin to have multiple GAL that are filtered to users based on a new feature called Address Book Policy (ABP). The ABP allows an administrator to assign to a user which address books, GALs, rooms, and users they can see. I say users because if a person looks at an distribution list that contains users from different GALs and the user doesn’t have permission to see that GAL the ABP will filter out those users. Make sense? In order for this feature to work the users have to be on Exchange 2010 SP2 and be accessing their mailbox through a CAS 2010 Sp2 server. This is a big plus to organizations where they do not want other users to see each other if in different address books. I should point out that with the Distribution List being filtered to only users you can see you will still send to all users in he DL. So be careful!

The next big feature was the OWA Cross Site Redirection. As it stands now when a user hits OWA and logs in to their mailbox, if that user resides in another Internet facing AD Site they will be presented with a link to click to get to their OWA URL. Once they click that link the user will need to enter their username and password again. With the new feature in Exchange 2010 SP2 this will no linger be the case! Users will now automatically be logged in to the redirected site. This gives the users a single sign on experience!

The final feature that was discussed was OWA Mini. OWA Mini is basically OMA brought back using new code. The URL will reside as a virtual directory under OWA/OMA. If you are in an organization that requires OWA policies have no fear. OWA Mini will use the OWA policies! Basically when a user logs in they will get their FBA and supply their credentials. The screen that the user receives is basic and will be used on their device or phone.
The menu looks something like this:
1)Inbox
2)Calendar
3)Contacts
4)Tasks – yes tasks!
5)Find Someone
6)New
7)Search Mail
8)Browse Folders
9)Options
0)About

This feature was brought back because of user demand. I should also point out that ActiveSync Policies are not applied to the OWA Mini.

Some pretty cool features. My favorite is the GAL Segmentation using Address Book Policies. I did manage to take a picture of one of the slides. Take a look and let me know if you have any questions!

20110516-043913.jpg

Finally look for a blog post huge Exchange Team tomorrow for more details on Exchange 2010 SP2. I would post a link but typing this blog post from my iPhone is pretty limited.

Update – The MSExchange Team has posted an update regarding Exchange 2010 SP2.  You can read it here.

Tags:
1 Comment »

Microsoft TechEd 2011 Keynote

Categories: Microsoft Related TechEd
May 16th, 2011 by

Well it is Monday morning down in Atlanta where I am attending TechEd 2011. This morning is the key note and I write this from the auditorium where the keynote will be taking place on my iPhone. The first thing I noticed this hear is that the auditorium seems much bigger than last year. There are a ton of people here as the line to get in here was huge!

20110516-084238.jpg

My network connection is already starting to get hosed as the people file in. I noticed yesterday there were a lot of wireless access points through out the building.

Currently we are minutes away from the special guest that will come out at 8:45. I wonder if it will be anyone worth while.

The stage is setup pretty nice and there are four huge screens in front on the each side of the stave so people can see. Behind me it looks like another six screens are available to people in the back.

20110516-084341.jpg

Good shot of the stage. As I type the show has begun. It appears music is being provided by “The Glitch Mob”. No idea who they are.

Either way, my network connection is getting worse. I hope this post will be published some point this morning!

Tags:
No Comments »
« Older Entries
Newer Entries »

  • You are currently browsing the archives for the Microsoft Related category.