Skip to content

Shell commands to manage Cluster Continous Replication – Exchange 2007

1).Viewing Cluster resources on EXCMBXV-01 cluster 

          Cluster.exe /cluster:EXCMBV-01 res 

Cluster resources on EXCMBXV-01 cluster

 2). Shell commands to Stop-Strat Cluster Mailbox server 

Stopping Clustered Mailbox Server EXCMBX-01
Stop-ClusteredMailboxServer EXCMBX-01 -StopReason setup -Confirm:$false

Stopping Clustered Mailbox Server

Starting Clustered Mailbox Server EXCMBX-01 

Start-ClusteredMailboxServer EXCMBX-01 

Start Clustered Mailbox Server

3). Shell commands to move cluster resources to Passive node (failover)

 Move-ClusteredMailboxServer –Identity Excmbx-01 -TargetMachine:excclun-02 -MoveComment:’Moving cluster resources to passive node for testing purpose”.

 4). Switching Active Node and Passive node

 Set-MailboxServer -Identity:<CMSName> -RedundantMachines:{<ActiveNodeName>,<PassiveNodeName>}

5). Checking Cluster mailbox server (EXCMBX-01) status

Get-ClusteredMailboxServerStatus EXCMBX-01

CMS Status

6). Suspending Replication

Suspend-StorageGroupCopy -Identity <Server\StorageGroup> -SuspendComment <Comment>

 7). Resuming Replication

Resume-StorageGroupCopy -Identity <Server\StorageGroup>

8). Checking Storage group copy Status

Get-StorageGroupCopyStatus -Identity:<StorageGroupName>

Reply Queue Length: Indicates number of log files  needed to be played on the replicated copy

Storage Group Copy Status

Advertisements

Comparison Blackberry and Active Sync

There are many differences between Microsoft’s Active Sync and Research In Motion’s Blackberry Enterprise server technologies. Here below you will find the comparison of both the technologies in terms of Features, Cost and Security…

Features….:
Blackberry
———-
Blackberry offers many more features in comparison with Active sync these features are:
1.) Mobile Data service allows Blackberry users to access intranet sites and applications.
2.) IT policies to control features on Blackberry devices.
3.) Complete logging of PIN, SMS messages and Phone calls is available on blackberry server.
4.) Remote Wipe / lock / Unlock of device are supported. These are also supported on Active Sync.
5.) Synchronization of email, Calendar, notes, contacts and tasks is supported. These are also supported on Active Sync.
6.) Controlled surfing of Internet network is available only with Blackberry. i.e internet access can be routed through corporate network with internal proxy server.

Active Sync
———–
1.) Remote Wipe / lock / Unlock of device are supported.
2.) Synchronization of email, Calendar, notes, contacts and tasks is supported.
3.) You can see all old emails but blackberry there is a limitation.
4.) You can download larger attachments and on blackberry only near 5MB.

Cost factor…:

Blackberry
———–
To implement blackberry solution you are required to have purchased or spent on

Blackberry Enterprise server software license
Additional Blackberry Client Access Licenses
Costly Blackberry device for the user.
Skilled technical staff to manage blackberry server
Blackberry Enterprise services needs to enable from service provider for each device. Cost of GPRS (EDGE Technology) this allows fastest email sync
Hardware for blackberry server
If you need to run more than 50 users you have to incur cost on SQL database server.

ActiveSync
———–
To implement Active sync solution you are required to have Microsoft Exchange server with Outlook web access and Outlook mobile access published with external Internet URL and Secure HTTP (HTTPS) and purchased or spent on few things as compared to blackberry

No additional software license is required because Microsoft exchange server is enough for implementation
Purchase of certificate to enable https from third party vendor or install your Certificate Authority Server inside your environment.
Windows mobile phone
Exchange administrator can manage Active Sync
Cost of GPRS
No additional hardware for Active Sync Server software installation
SQL server is not required for Active Sync implementation

Security factor…:

Security level is almost same in both the technologies.
Blackberry Enterprise server supports 3DES and AES encryption. AES encryption is fastest and completely unbreakable but requires blackberry devices with firmware version 4.0 or higher.

Active sync uses SSL port 443 for data transfer which is again highly secure encryption.

Controlling OWA components by enabling user-level segmentation on Microsoft Exchange server

Recently, I came across an issue where user was reporting that in OWA Navigation pane,  folders other than Inbox are not visble. I could find a solution for this problem in segmentation of Microsoft Exchange server features in OWA.

So what is Segmentation? Segmentation is a way which allows control of OWA on component basis. The existence of segmentation is there from Exchange 2000, but there required registry entries to enable it on Exchange 2000 and Exchange 2003. In Exchange 2007 we can enable segmentation on CAS server level using graphical user interface and on user level using “Set-CASMailbox” command.

We can enable / disable various features from CAS server using segmentation. If you will enable or disable the feature at server level then this feature will be applied on all the users connecting through CAS server. You can follow the steps given below to open segmentation tab to make changes on server level

1) Open Exchange Management Console. Navigate Server Configuration select the Client access server you want to segment.

2) Right click on the listing for OWA (Default Web Site) and select properties.

3) You can segment owa from Segmentation tab here in properties.

Once changes are done you are required to restart IIS service so that settings can take effect. You can enable or disable following features using segmentation tab:-

Exchange ActiveSync Integration

All Address Lists

Calendar

Contacts

Journal

Junk Email

Reminders and Notifications

Premium

Search Folders

Email Signature

Spelling Checker

Tasks.

Theme.

Unified Messaging.

Change Password

Segmenting OWA on user level

Segmenting OWA, using “Set-CASmailbox” command which provides more flexibility to control features on specific user. See example below

Set-CASMailbox xmgirdhar@test.biz -OWAPremiumClientEnabled:$True -OWACalendarEnabled:$True -OWAContactsEnabled:$True -OWANotesEnabled:$True -OWAPublicFoldersEnabled:$True -OWATasksEnabled:$True -DomainController testdcgc001.be.test.biz

The list of features that can be changed using “Set-CASMailbox” Command

MAPIBlockOutlookNonCachedMode

MAPIBlockOutlookRpcHttp

MAPIBlockOutlookVersions

MAPIEnabled

OWAActiveSyncIntegrationEnabled

OWAAllAddressListsEnabled

OWACalendarEnabled

OWAChangePasswordEnabled

OWAContactsEnabled

OWAEnabled

OWAJournalEnabled

OWAJournalEnabled

OWAJunkEmailEnabled

OWANotesEnabled

OWAPremiumClientEnabled

OWARemindersAndNotificationsEnabled

OWASearchFoldersEnabled

OWASignaturesEnabled

OWASpellCheckerEnabled

OWATasksEnabled

OWAThemeSelectionEnabled

OWAUMIntegrationEnabled

OWAUNCAccessOnPrivateComputersEnabled

OWAUNCAccessOnPublicComputersEnabled

OWAWSSAccessOnPrivateComputersEnabled

OWAWSSAccessOnPublicComputersEnabled

The user uses the OWA virtual directory settings as default. When we enable any feature, the other features will automatically be set $false.  Because of this behavior disable the features that you are not planning to revert in future using this command.

Installing Exchange 2003 on Microsoft Cluster 2003

Installing Exchange 2003 on Cluster  

 In this post I am going to demonstrate the installation of Exchange 2003 server high availability with Microsoft cluster. I have created cluster “EXC-MBX” with two nodes as EXC-MBX-01 and EXC-MBX-02. This cluster has resource disks on Openfiler SAN, which I have connected using iSCSI initiator to the cluster nodes.  

As of now I have two cluster groups, in default cluster group I have cluster IP, and cluster name. Quorum disk resource stores configuration of cluster and MSDTC is a required component for exchange 2003 installation. 

Figure 1 MS Cluster configuration

Recommendations for MSDTC resource from Microsoft High Availability guide. 

“The Microsoft Distributed Transaction Coordinator (MSDTC) resource is
required for Exchange Server Setup and Service Pack Setup. On a cluster that
is dedicated to Exchange, it is recommended that the MSDTC resource be added
to the default Cluster Group. It is further recommended that the ‘Affect the
Group’ option be unchecked for the MSDTC resource. This prevents a failure
of the MSDTC resource from affecting the default cluster group” 

 I have created a cluster group named  EVS1 where i would be storing the Exchange virtual server resource. I have added physical disk resources E: and F: (These drives are on openfiler SAN). 

Figure 2 EVS1 cluster group

Prepare and install Exchange 2003 server on both the cluster nodes. 

 1.)    Exchange 2003 Enterprise edition supports cluster installation of exchange server 

2.)    Install required component (IIS, SMTP, and NNTP) on both the nodes. 

3.)    Make sure cluster service is running on both the nodes on cluster. If the Cluster service is not installed and running on each node in a cluster before installation, Exchange Server 2003 Setup cannot install the cluster-aware version of Exchange Server 2003. 

4.)    Make sure MS DTC component is installed and configured. 

5.)    Before you install Exchange Server 2003 anywhere in the forest, you must extend the Windows Active Directory schema using setup using forestprep switch. 

6.)    Run domainprep on all the nodes where you are planning to install exchange server 2003. 

7.)    Run exchange setup on both the nodes, Installing Exchange Server 2003 on a cluster is similar to installing Exchange Server 2003 on non-clustered servers. 

8.)    Don’t install exchange installation files on resource disks. 

Creating the Exchange Virtual Server 

 The final step in configuring Exchange Server 2003 is to create the Exchange Virtual Server. EVS1 cluster group will container for this exchange virtual server and separate cluster group is required for each exchange virtual server you create. 

Cluster resources should not be added to the default cluster group, and adding an Exchange Virtual Server to the cluster group is not supported. 

Step 1: Create IP address resource for an Exchange virtual server    

  1. In Cluster administrator, right-click the EVS1 cluster resource group, select New, and then select Resource.
  2. In the Name box, type EVS1 IP Address.
  3. Select IP Address from Resource type list. Click Next.
  4. In Possible Owners, under possible owners, verify that all cluster nodes that will be used as Exchange servers are listed, and then click next.
  5. Figure 3 Prefered Nodes

  6. Make sure that no resources are listed in Resource dependencies box, and then click Next. 
  7. Figure 4 Resource Dependencies

  8. In TCP/IP Address Parameters, in the Address box, enter an IP address for the cluster group and in subnet mask box enter the valid subnet mask for your network.
  9. Select public network interface from the network list if not selected already.
  10. Enable NetBIOS for this address” box select, and then click Finish

Step 2: Create a Network Name resource for Exchange virtual server. 

  1. Open Cluster Administrator, right-click the resource group EVS1, click New, and then click Resource.
  2. In the Name box, type EVS1 Network Name.
  3. In the Resource type list, select Network Name. click Next.
  4. In Possible Owners, under Possible owners, verify that all nodes are listed, and then click Next.
  5. Under Available resources, select the EVS1 IP Address resource for this Exchange Virtual Server, and then select Add. Click Next.
  6. Figure 5 Resource Dependencies for EVS1 Network Name

  7. In name box, type a network name for the Exchange Virtual Server.  This name will be identifying exchange virtual server on the network. After creating system attendant resource this name will be visible in Exchange system manager. Once exchange virtual server is created you will not able to rename it so consider this name carefully
  8. Figure 6 EVS1 Network Name

  9. Check for DNS record updation and support for kerberos authentication. Click Finish.

Step 3: Create an Exchange System Attendant Resource for an Exchange Virtual Server 

  1. Open Cluster Administrator, right-click on the EVS1, and then click Bring Online.
  2. Right-click the EVS1, select New, and then click Resource.
  3. In the Name box, type Exchange System Attendant – EVS1.
  4. Select Microsoft Exchange System Attendant from the Resource type list,. Make sure that in Group box the name of your Exchange Virtual Server is selected, and then click Next.
  5. Under Possible owners, verify that all nodes that are running Exchange 2003 are listed, and then click on Next.
  6. Under Available resources, Add the Network Name resource, all of the Physical Disk resources for this Exchange Virtual Server, and Click Next.
  7. Figure 7 System Attandent dependencies

  8. In the Name of administrative group list, select the location in the directory where you want to create the Exchange Virtual Server, and then click Next.
  9. Figure 8 Exchange Admin group In the name of routing group list, select the routing group in which you want the Exchange Virtual Server created, and then click NextIn the Enter path to the data directory box, verify the data directory location. This location must be on the drive which assigned to exchange virtual server cluster group. Click Next.Figure 9 data directory

  10. In Summary, read the summary. Click Finish to create the Exchange Virtual Server.
  11. Figure 10 Summary

  12. After completion of system attendant resource you will getting a message
  13. Figure 11 Cluster resource created

  14. Right-click the EV1 cluster group, and then click Bring Online
  15. Now Exchange virtual server setup is completed successfully as all the resources are online.
  16. Figure 12 Exchange virtual server resources

  17. Verify if this Exchange virtual server is visble in Exchange system manager and create test mailboxes on the exchange server. Check mailflow also to verify if everything is running good.

Exchange Implementation in Cross forest

Exchange Server implementation in cross forest topology

Requirements of having exchange servers in multiple forests 

  1. During merger and Acquisition
  2. Splitting Exchange or Server administration
  3.  Re-Alignment due to business situation changes
  4. Moving part of business to separate forest

Supported Features in Cross forest environment

  1. Mail flow
  2. GAL Synchronization – Microsoft Identity Integration Server  is required
  3. Free Busy Data visibility –  Inter-Org Replication tool is required
  4. Public Folder sync – Inter-Org Replication tool is required
  5. Meeting request forwarding – if GAL sync is in place and SMTP authentication is configured
  6. Delivery receipts – Need to configure Global settings properly
  7. Distribution group – GAL sync will create a contact for each DL in destination domain so membership of DL will not be visible to users in different forest

Features not supported in Cross forest environment

  1. Public folder permissions cannot be replicated using Inter-Org replication tool
  2. Rules will not be available when cross forest move is performed
  3. Delegation is not supported in different forest as users are visible as contact there.
  4. User can not open calendar of users using Open Other User’s Folder in different forest.
  5. Send As rights cannot be provided to the users in other forest.
  6. Front-end server cannot proxy requests to the back end servers in different forest.

Minimum requirements of cross forest environment are to provide mail flow and GAL synchronization. Other feature can be configured as required at the later stages. You can use the GAL Sync feature in MIIS 2003 and for mail flow setup make sure Network connectivity in forests is established.

 Cross forest move

To move users account from one forest to other forest ADMT can be used and then with the help of Mailbox Migration Wizard we can move mailboxes

Deploy Exchange in Resource Account forest topology

Deploy Exchange in Resource/Account forest topology

 Why companies are separating forests?    

Companies separate forest due to multiple business requirements like data and service isolation and in situation of mergers and acquisition process. There may also be certain requirements to keep different schema for both forests.    

 What is resource forest?    

In Resource forest environment, there is a forest where Microsoft Exchange 2003 server is installed and one more forest where only accounts will be kept. Users in account forest will be associated with mailboxes in resource forest.    

We need extra hardware and infrastructure to deploy a forest that hosts all the mailboxes. We face problems related to GAL in cross forest topology but this problem is not there with exchange 2003 resource forest as all the users with mailboxes are in same resource forest.    

 Scenario:    

Figure1: Scenario

In Resource forest I have installed only Exchange Server 2003.  We need to setup an environment to share messaging infrastructure of usb-group.com with vpc-group.com with all possible settings.  ð     Users in USB-Group.com   

 mbxUser1   

 mbxUser2   

 mbxUser3   

 ð     Users in VPC-group.com   

 usrA   

 usrB   

Step 1: We have to configure the correct name resolution between forests before we setup Trust between two forests. Make sure Network connectivity is already in place between forests.   Setup Resource forest for name resolution:  On DNS server of Resource forest (usb-group.com) in forwarders tab put DNS domain and IP address of DNS server in account forest (vpc-group.com)   

Figure 2 Resource forest DNS forwarding

 Setup Account forest for name resolution: On DNS server of account forest (vpc-group.com) in forwarders tab put DNS domain and IP address of DNS server in resource forest (usb-group.com)   

Figure 3 Account Forest dns setup

 Step 2: Setting up trust between forests    

 Requirement of setting up a trust is to have an administrative account in both forests. Both the forests should be running Windows 2003 functional level to build forest trust. You can raise the forest functional level from Active Directory Domain and trust node. Plan before raising forest functional level   

Figure 4 Forest functional level change

Perform these steps in Resource forest to setup trust  Open Active Directory Domains and Trusts.  

  1. Right-click on Resource Forest domain (usb-group.com) and select Properties.
  2.  Click on New Trust Button. Add name of account forest in Name field. 

Figure 5 Enter the name of account forest

4.  Select trust type Forest Trust * it will not be visible if forest functional level is not windows 2003.   

Figure 6 Select trust type as Forest Trust

5.  Select Direction of trust as One-way: Outgoing.   

6.  Select sides of trust: Both this domain and specified domain.   

7. Enter user name and password of administrative account in Account forest.   

 8. Select authentication level as Forest-wide.   

Figure 7 Select authentication level as Forest wide

9. Click next on “Trust selection complete”.   

10. Trust creation complete will be will showing the details of trust.   

Figure 8 Details of trust completion

11. Complete New trust Wizard Status  shown.   

Figure 9. completing New trust Wizard

Step 3: Create a Disable user account in Resource forest    

  1. open Active directory users and computers snap in
  2. Select the OU where you want to create new resource account,
  3. Select Account is Disabled check box when creating new user in resource forest

 

Figure 10 Accout is disabled

  4. Create mailbox of this user and open mailbox rights in Exchange Advanced tab of this disabled user properties. Add linked accout forest user and assign Full mailbox and associated external permissions.   

Figure 11 Mailbox permissions on resource forest mailbox

*don’t use associated external account permission with enabled account because it is not supported and create problems   

5. Now configure outlook profile of user in account forest and check if mailflow is working…   

Figure 12 outlook configured in account forest

Step 4: Setup automatic provisioning of accounts Provisioning process is required so that Active Directory updates are reflected in Exchange. For example, creating a new Active Directory user in Account forest generates a mailbox-enabled object with permissions that is disabled in resource forest. You can use third party scripts or confirm MIIS 2003 for this purpose.   

Click on link below to download this post in word file Resource account forest setup with Exchange Server 2003

Setting up Linux Machine as a Router for your Microsoft Environment

I have recently installed Openfiler SAN  in my HyperV test environment to simulate common iscsi SAN for Exchange servers. Yes, you can install openfiler on hyperV virtual machine using Text mode of installation procedure. Installation and Configuration Openfiler is fairly easy as on VMware server.  Apart from providing real SAN for my test environment, I have configured openfiler machine to provide routing between two different networks switches of HyperV server.

Here below are few important commands, I used for my purpose to enable telnet, ftp and routing on Openfiler box.

1. Enable Telnet
=============
#nano /etc/securetty

=apend ports as mentioned below at the end of the file Securetty
pts/0
pts/1
pts/2
pts/3
pts/4
pts/5
pts/6
pts/7
pts/8
pts/9

#nano /etc/xinetd.d/krb5-telnet
set disable = no

2 Enable FTP
==========
# nano /etc/xinetd.d/gssftp

set disable = no
Change the “server_args” line; remove the “-a” option.

Reload configuration to enable ftp and telnet
===================
# service xinetd reload

3 Create User in linux
===========
#useradd manish -u 667 -g users -d /home/manish

assign password to user

#passwd manish

Allow newly create user to use sudo command
=====================
# nano /etc/sudoers

Create one more entry for user ‘manish’ as mentioned for root user thi will allow user to open su session with command  “Sudo su -”

now you can open a telnet session with command #telnet <ip-address of linux box>

4 Make linux machine as router
==========================
Open file sysctl.conf and change <net.ipv4.ip_forward = 1>

#nano /etc/sysctl.conf
set “net.ipv4.ip_forward = 1”

5 Restart Network service to reload ethernet cards
=================
#service network restart