Log in


Archive for November, 2009

Exchange 2010 Configuration Certified!

Categories: Exchange Server
November 30th, 2009 by Scott

It’s been awhile since I posted so I thought I’d explain, I’ve been busy studying for the 70-662 exam. 

I took the 70-662 TS: Microsoft Exchange Server 2010, Configuring exam today and passed.  Yeah!  The most frustrating part was the lack of info on the web for Exchange 2010.  Granted there is some good info but I came across links that stated you needed Windows 2003 SP1 GC and then found another article stating you need Windows 2003 SP2 GCs, really the info on technet was inconsistent.

Either way, it’s all good!  So the stress if finally off, next step will be MCITP on 2010. :)

No Comments »

Managing Split Brain in Exchange 2010 DAG with Datacenter Activation Coordination Mode

Categories: Exchange Server Microsoft Related
November 18th, 2009 by Scott

While in my Exchange 2010 ignite class we came across a new feature of DAG called Database Availability Groups (DAG).  DAG is a great way to provide high availability and redundancy in an Exchange 2010 environment.  DAG’s are basically replacing the Exchange 2007 features known as LCR, CCR, SCR, and SCC. 

One consideration for leveraging a DAG is placing mailbox servers in different datacenters and replicate the data over the wire.  This can be accomplished with DAG and was accomplished in Exchange 2007 using a geo-distributed CCR setup.  One concern however is a split brain occurrence.  Say for example you have two datacenters in your organization.  Datacenter A has 2 nodes of the DAG plus the File Share Witness (FSW) and datacenter B has two DAG server nodes.  If the primary datacenter (Datacenter A) should happen to lose power and the DAG is activated in Datacenter B those two servers now are primary.  However, when the primary datacenter is restored, Datacenter A, and say for example the network between the two sites has not been restored, this is then potential for a split brain.  This is because when Datacenter A comes back on line it sees the FSW and has 3 votes for quorum.  Two from the DAG and one from the FSW.  Datacenter B believes it is in charge and remains active.  Now both datacenters believe they are authoritative for the DAG. 

In order to remedy this problem in Exchange 2010 a new feature has been developed called Datacenter Activation Coordination (DAC).  DAC is used to control the activation behavior of DAG nodes that may be split between multiple datacenters.  Basically what occurs here is that when there is an outage in a datacenter other members of the DAG will come on line in another datacenter.  When the DAG nodes that are offline return to service the offline DAG nodes will leverage a protocol called Datacenter Activation Coordination Protocol (DACP) before trying to mount their databases.  The DACP is used to determine the current state of the DAG and whether Active Manager should try to mount the databases or not. 

Now you may be wonder, what is Active Manager?  Well, Active Manager stores a bit in memory (either a 0 or a 1) that tells the DAG whether it’s allowed to mount local databases that are assigned as active on the server. When a DAG is running in DAC mode (which would be any DAG with three or more members), each time Active Manager starts up the bit is set to 0, meaning it isn’t allowed to mount databases. Because it’s in DAC mode, the server must try to communicate with all other members of the DAG that it knows to get another DAG member to give it an answer as to whether it can mount local databases that are assigned as active to it. The answer comes in the form of the bit setting for other Active Managers in the DAG. If another server responds that its bit is set to 0, it means servers are allowed to mount databases, so the server starting up sets its bit to 1 and mounts its databases.

So, what this means that if you recover from a failure in the datacenter the DAG nodes must communicate with all other Nodes in the DAG that it is aware of and verify if the databases on that DAG node can be mounted since they all have a DACP bit value of 0.  Once they can verify that no other databases are mounted (setting of 1) then those databases will mount and set their bit to 1. 

Make sense?  I think this is a pretty impressive solution that MS has come up with to prevent the split brain in Exchange 2010.  The kicker?  DAC is disabled by default.  Keep in mind that in order to leverage DAC you need to have at least a 3 node DAG in different datacenters.  I suppose you wouldn’t need this if they are all in the same datacenter and the nodes can communicate with each other. ;)  

If you are looking at deploying a DAG across multiple datacenters you will want to enable DAC.  In order to Enable DAC you can run the following command:

Set-DatabaseAvailabilityGroup –Identity DAGID –DatacenterActivationMode DagOnly

For more information on the ‘Set-DatabaseAvailabilityGroup’ you can go here.

EDIT: This feature will be updated in Exchange 2010 SP 1.  For more information please read my article “Datacenter Activation Coordinator Changes in Exchange 2010 SP1!

Tags:
1 Comment »

Client Access Server Outlook Redirection – Scenario

Categories: Exchange Server Microsoft Related
November 16th, 2009 by Scott

As I mentioned earlier last week I had the privilege of going to a MS Exchange 2010 Partner Ignite training course.  I found the course to be quite interesting give the audience was mostly Exchange architects from around the country.  With this type of Audience there were a number of interesting conversations that occurred during the session and the following was one that was quite interesting.

During the class we were talking about the Client Access Server and how Outlook clients will now connect to a CAS rather than the mailbox server.  The question came up, “What happens if a user who normally resides in the New York office is visiting the Los Angeles office?”

This really sparked a great conversation because we were not sure.   We determined first the Outlook client machine will log on to a DC in LA (assuming the domain topology is simple) due to the configuration of Active Directory Sites and Services.  That domain controller will then inform the computer what site the computer is in.  Once the computer is alerted of its site the computer will then connect to a CAS server in that AD site. 

Now, the question is, what’s next?  The conversation went about a few ways.  Will the user remain off line?  Will the user connect to their CAS server back in NY rather than the LA CAS server?  Why won’t outlook connect directly to the mailbox server?

After doing some digging I believe I found the answer to this question and great conversation back in class.  When a user connects to a CAS in a different Site the CAS will perform an AD lookup.  This AD lookup will inform the CAS where the users mailbox resides.  If the users mailbox resides in the same site as the CAS then do nothing, the connection is established.  However, if the mailbox resides in another mailbox server in a different site the CAS will then “redirect” (yes, redirect) the user to the proper CAS server which will then connect the user to their mailbox.

So, what this means is that when the user visiting LA launches outlook, outlook will do a query and locate the CAS in the LA office.  That CAS will look up the user in AD and redirect that users request to a CAS in NY. 

Here is how MS explains it:

If the user’s mailbox is in the same Active Directory site as the Client Access server, the user is connected directly to their mailbox. If the user’s mailbox is in a different Active Directory site than the Client Access server that received the initial connection, the connection is redirected to a Client Access server in the remote Active Directory site.

I pulled that from this link:  

http://technet.microsoft.com/en-us/library/aa998561(EXCHG.140).aspx

Tags:
No Comments »

Netflix streaming to the PS3

Categories: NetFlix PS3
November 15th, 2009 by Scott

I finally received my Netflix PS3 disk.  After having to update my PS3 I simply put the disk in, registered my device, and walla, I am now able to watch movies streamed from netflixs to my PS3!  I have to admit, I do love it and I’m looking for other devices to stream netflix for my basement and the toy room for the kids!

Tags:
1 Comment »

Gone for a week and lots of things happening in the Exchange World

Categories: Microsoft Related
November 15th, 2009 by Scott

Well, I was out in San Francisco last week for Exchange 2010 Ignite Partner training (more info to come), while I was there Exchange 2010 RTM was released as noted here http://msexchangeteam.com/archive/2009/11/09/453096.aspx!  I am sure you are aware of the many benefits of Exchange 2010 and I’m happy to see it has been released.  I have a number of clients that would like to leverage archiving which  has become available in Exchange 2010.

Another announcement while I was gone was the release of the Exchange 2010 Mailbox Server Role Requirements Calculator.  I have used this tool a number of time for Exchange 2007 and it is definitely worth checking out if you haven’t done so already.

Finally the MS Exchange team announced the Release of the Exchange Server 2010 Deployment Assistant.  This looks like a great way to help plan the deployment of exchange 2010 in your environments.

I highly recommend you take a look at the articles around the storage calculator and the 2010 deployment assistant.  If you have any desire to deploy Exchange 2010 or 2007 feel free to send me an email if you need help or post on the Exchange Forums.  Don’t forget, I’m also a consultant who specializes in Exchange.  :)

Tags:
No Comments »

Exchange 2007 SP2 Failed because of ‘beremote’

Categories: Microsoft Related
November 6th, 2009 by Scott

I was upgrading Exchange 2007 with Exchange 2007 SP2 on a client exchange server this evening and came across the error “Setup cannot continue with the upgrade because the ‘beremote’ () process (ID: 1876) has open files.  Close the process and restart Setup.

The problem was a result of having Veritas Backup installed on the Exchange 2007 server.  The service “Backup Exec Remote Agent for Windows Servers” was locking the process and preventing the Exchange 2007 SP2 setup from running.  I had to go into Services and stop the “Backup Exec Remote Agent for Windows Servers” service.  Once I stopped this service I was able to proceed with the installation of Exchange 2007 SP2.

Tags:
2 Comments »

Netflix streaming to PS3 Update

Categories: Microsoft Related
November 6th, 2009 by Scott

As many of you know I posted an article two weeks ago about netflix streaming to PS3’s.  Well, I came across an article this morning: http://www.techspot.com/news/36842-Netflix-PS3-streaming-arrives-tomorrow.html

It sounds like the DVD for streaming netflix to your PS3 is now available and being shipped to current customers.  Being that I have a PS3 and have been holding out for this feature I’ll likely become a netflix customer!  Thanks Netflix and Sony!  Now the only question is, do I go with the $8.99 plan or the $13.99 plan?

No Comments »

Deploying Exchange 2010….

Categories: Microsoft Related
November 4th, 2009 by Scott

As many of you know I’ve been playing around with Exchange 2010 for some time, but I had to post credits to the Exchange Team for including a nice directory called “scripts” which not only includes some useful scripts but also includes xml answers files for the servermanagercmd .  These xml files will deploy the required roles and features the Exchange 2010 server role will require.  In the old days of Exchange 2007 these answer files were not readily available and you had to either use the GUI which could cause inconsistency of Exchange deployments or leave room for error i.e. missing a required feature. 

You may be asking, where can I find these answer files?  They are located on the installation DVD under scripts.  Just look for the XML files.  They are pretty obvious when you see them since they are named exchange-base or exchange-hub or exchange-mbx etc etc.  

Thanks Guys for simplifying this deployment!

I should point out that these answer files are also available in Exchange 2007 SP2. 

Tags:
No Comments »

Exchange 2007 ActiveSync Error “support code 0×80072f0d”

Categories: Microsoft Related
November 2nd, 2009 by Scott

I recently had a call from a client regarding support code 0×80072f0d on their Windows mobile devices.  I’m aware that there is a lot of information out on the net but I thought I would post a reminder….

The problem the client had was their Exchange 2007 certificate was about to expire so they went out and bought a new certificate from a different certificate vendor then what they have used in the past.  When going into OWA the certificate was fine however, when trying to user ActiveSync they received an error that the certificate was not trusted with the support code of 0×80072f0d. 

While looking into the issue I took a peek at the certificates installed on the Windows Mobile and sure enough, the certificate authority from the vendor was not installed on the phone!  Windows mobile has certificate authorities installed by default, they are:

Root certificates that are installed on a Windows Mobile-based device

The following root certificates are installed on a Windows Mobile-based device:

  • Class 2 Public Primary Certification Authority (VeriSign, Inc.)
  • Class 3 Public Primary Certification Authority (VeriSign, Inc.)
  • Entrust.net Certification Authority (2048)
  • Entrust.net Secure Server Certification Authority
  • Equifax Secure Certification Authority
  • GlobalSign Root CA
  • GTE CyberTrust Global Root
  • GTE CyberTrust Root
  • Secure Server Certification Authority (RSA)
  • Thawte Premium Server CA
  • Thawte Server CA

So, what is the lesson here?  Make sure your Windows Mobile devices will be issued from a certificate authority that is installed on the mobile device itself!  Either that or deploy a new root CA to each mobile device in your org. 

For more information on how to install additional certificates on Windows Mobile look here: http://support.microsoft.com/kb/915840

No Comments »