Exchange 2013 Cumulative Update 7 (CU)

Microsoft released the quarterly servicing update to Exchange Server 2013 – CU7 and updated UM Language Packs. Cumulative Update 7 includes significant improvements in Public Folder scalability and improvements for OAB distribution in large Exchange environments. You can read the full blog post at the Exchange Team Blog.

Download Cumulative Update 7 for Exchange Server 2013

Exchange 2013 CU6 Hybrid Hotfix KB2997355

Microsoft released a hybrid hotfix KB2997355 for Exchange 2013 CU6 on September 1, 2014.

This fixes Exchange Online tasks using the Exchange Admin Center. For example, you are not able to create Office 365 mailboxes, change mailboxes, or create and enable an archive mailbox. PowerShell cmdlets are not affected and work properly.

Unfortunately, the fix has several issues as well:

1. The script to fix the issue looks for the XAML file in the default Program Files folder, using the default Exchange installation folder. Michel de Rooij published an updated fix here. It checks the installation path of your Exchange environment if it’s in another directory instead of the default.

2. After installation of the Microsoft hotfix KB2997355, some users are wondering why the EAC has a 500 error after login:

The updated file is called “RemoteDomains.XAML” and you can see an error event with id 4 in your application log. The file is located in %Exchange Installation Path%\ClientAccess\ecp\DDI\RemoteDomains.XAML.

Take a look at the line “<Variable DataObjectName=”RemoteDomain” Name=”TargetDeliveryDomain” Type=”{x:Type s:Boolean}” /> and check if this entry is present twice.

Make a backup of the original file, delete the second entry, and restart IIS.

Introduction to Managed Availability: Local Monitoring Files and Overrides Part III

Now that you’ve finished Part I & Part II of my three part Managed Availability blog series, I will now provide some information about local .xml monitoring files and overrides of Managed Availability.

Local Managed Availability .xml monitoring files

Some HealthSets, such as the FEP HealthSet are local .xml files. Because FEP is the Forefront Endpoint Protection service, some of you may want to disable this HealthSet on the servers, because there is no use for it.
Browse to %ExchangeInstallationPath%\Microsoft\Exchange\V15\Bin\Monitoring\Config, search for FEPActiveMonitoringContext.xml and open the file with an editor, such as Notepad.
Change line 12 by replacing Enabled = True to Enabled = False
Restart the Microsoft Exchange Health Management service on the server where you modified the .xml file.

Overrides

With overrides, you can change the Managed Availability monitoring thresholds and define you own settings when Managed Availability in case of errors should take action.
There are two kinds of overrides:

  • Local overrides: are used to customize a component on a specific server or on components which aren’t globally available. For example, if you are running multiple data centers and would like to change only server components on a specific location for individual monitoring. Local overrides are managed with the *-SetMonitoringOverride set of cmdlets. They are stored in the registry under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ExchangeServer\v15\ActiveMonitoring\Overrides\ and are automatically updated every 10 minutes. The Microsoft Exchange Health Management service reads the changes in the registry path above.
  • Global overrides: are used to customize a component for a whole Exchange organization. They are managed with the *-GlobalMonitoringOverride set of cmdlets. Global overrides are stored in Active Directory: Continue reading “Introduction to Managed Availability: Local Monitoring Files and Overrides Part III”

Introduction to Managed Availability: An Exchange Administrator‘s task? Part I

Microsoft introduced a new built-in monitoring system called Managed Availability in Exchange 2013, which automatically takes recovery actions for unhealthy services within the Exchange organization.

Microsoft has been operating a cloud version of Exchange since 2007 and have put all their knowledge into Managed Availability monitoring. Managed Availability is a cloud trained system based on an end user’s experience with recovery oriented computing.

Managed Availability doesn’t mean you don’t have to monitor your on-prem or hybrid Exchange environment in fact, it’s just the opposite. The long and complex PowerShell cmdlet’s used to monitor Exchange (which we will look at in more detail later) are not the best and most effective method to do so.

Continue reading “Introduction to Managed Availability: An Exchange Administrator‘s task? Part I”

Exchange 2013 on Windows Server 2012 with multiple IP addresses on a single NIC

Many people want to use multiple IP addresses on a single NIC interface with Exchange 2013 and Windows Server 2012. There are several reasons for this multi-homed IP configuration, such as various receive connectors for diverse applications (fax, SharePoint, gateways, etc.), or for an additional IIS website, amongst other things.

The behavior that changed since Windows Server 2008 is that the source IP address on a NIC will always be the lowest numerical IP address. The challenge for every Exchange administrator is to configure the correct firewall settings for the appropriate IP address. Lets make an example:

You install the first Exchange 2013 server in your environment with the „primary“ IP address of 10.35.3.200. Afterwards you decide to add an additional IP address to your MAPI network adapter, such as for a further receive connector. The secondary IP address would be 10.35.3.100. No you have two issues:

  • The server registered two DNS names for the same server
  • The server is now sending all outbound traffic from 10.35.3.100, because 100 is lower than 200.

Let’s go a bit deeper and explain the “weak host model“ and the “strong host model“ for multi-homed servers and how they choose the source IP address selection.

Continue reading “Exchange 2013 on Windows Server 2012 with multiple IP addresses on a single NIC”

Introduction to Managed Availability: How to check, Recover, and Maintain your Exchange Organization Part II

Now that you’ve finished Part I of my three-part Managed Availability blog series, I will now go a bit deeper and provide some examples about the functionality and operability of Managed Availability. My virtual test lab contains a two-member DAG based on Windows Server 2012 and Exchange 2013 CU6.

  1. Identify Unhealthy Health Sets and their error description

To get the server state, run the following cmdlet within the Exchange Management Shell:

Get-HealthReport -Server | where {$_.alertvalue -ne “Healthy” –and $_.AlertValue –ne “Disabled”}

1

This cmdlet shows multiple HealthSets, which are Unhealthy. In this example, let’s take a look at the HealthSet Clustering, which has 5 Monitors.

Note: the property “NotApplicable” shows whether Monitors have been disabled by Set-ServerComponentState for their component. Most Monitors are not dependent on this, and thereby report “NotApplicable.”

Continue reading “Introduction to Managed Availability: How to check, Recover, and Maintain your Exchange Organization Part II”

Managing Exchange recipients

Exchange Server has two options with which an administrator can successfully manage the environment. These options are accessed through the EAC, which replaces the Exchange Management Console (EMC), the Exchange Control Panel (ECP) in Exchange 2010, and the Exchange Management Shell (EMS). The EAC is a web browser-based that you use to manage Exchange and can be used for administrators and end-users to perform various management tasks. Administrative tasks that can be completed in EAC including managing mailboxes, contacts, groups and User and Administrator roles. However, if you want to perform many tasks or have greater control over the Exchange environment, you need to become familiar with the EMS, especially when performing bulk administration.

EMS has been designed so that you can automate repetitive administrative tasks, and it’s a best practice to become familiar with how EMS can be used in your Exchange organization. EMS is used to manage any Exchange objects, including those in a cloud tenant domain that is linked to an on-premises organization.

Continue reading “Managing Exchange recipients”

Exchange permissions model

Exchange Server offers a large set of predefined permissions based on the Role-Based Access Control (RBAC) model, which you can use to delegate object creation or modify permissions even on an attribute level. RBAC was introduced in Exchange 2010 to allow precise permission management within the Exchange organization for administrators and users.

Active Directory groups in Exchange

During Exchange Setup, Exchange creates a set of groups in the Microsoft Exchange Security Groups organizational unit (OU) of your root domain in Active Directory that are used for assigning permissions to the Exchange system. Table 1 describes these groups and their respective functionality. The table describes only Exchange system groups, not the Default Management Role Groups used to assign RBAC permissions; those are described later in this section.

Continue reading “Exchange permissions model”

Autodiscover

Autodiscover is a critical service to understand, because it automatically configures email profiles for Microsoft Outlook email clients, mobile devices like smartphones, tablets, and so on. It also provides the client URLs for features such as free/busy, Unified Messaging, the Out of Office assistant, shared and site mailboxes, and the OAB. Because Autodiscover information is refreshed when the email client is started and at regular intervals (every 60 minutes), it allows the administrator to move mailboxes without having to manually reconfigure every email client. The interval at which the client is expected to refresh its configuration can be changed with the Set-OutlookProvider cmdlet by setting the TTL parameter to the number of hours for the interval. Some clients, such as Windows Mobile devices, use Autodiscover for initial profile creation, but do not refresh the configuration once the profile has been created. Also, the email clients find the URL for Autodiscover differently based on whether the client has internal access or external access. The Autodiscover service is not used by Outlook versions prior to Outlook 2007.

Continue reading “Autodiscover”

Exchange 2013 Cumulative Update 6 (CU6)

Microsoft released the quarterly servicing update to Exchange Server 2013 – CU6 and updated UM Language Packs. Cumulative Update 6 includes significant improvements in Public Folder scalability and a fix for the HCW issue described in KB2988229. You can read the full blog post at the Exchange Team Blog.

A complete list of reported issues in Exchange Server 2013 CU6 can be found in the Knowledge Base Article KB2961810.

Download Cumulative Update 6 for Exchange Server 2013 (KB2961810).