Monthly Archives: February 2014

You are browsing the site archives by month.

SMBKitchen: Looking at public folders

Next up … http://www.msexchange.org/articles-tutorials/exchange-server-2013/migration-deployment/planning-and-migrating-small-organization-exchange-2007-2013-part3.html


Now up public folders….


Quoting again…


“Public Folder Infrastructure


In previous versions of Exchange, a public folder migration could certainly be a pain, but it was a rather straightforward procedure (unless you needed to troubleshoot) as the key method was to replicate the current public folders to the new Exchange servers, then remove the original replica.


With Exchange 2013, we’ll migrate our Public Folder infrastructure to Modern Public Folders. This means the approach is different, and for larger organizations has additional planning concerns due to the removal of the multi-master model, that while troublesome, allowed users in different sites to access a local copy of the Public Folder they were using.


Our small example site doesn’t have such concerns, but we’ll take a quick snapshot using the Exchange Management Shell to ensure we know the sizes we’ll need to migrate, and in the case you have multiple Public Folder databases, list the replicas.


Get-PublicFolder -Recurse `
|Where {$_.Identity.ToString() -ne “\NON_IPM_SUBTREE”} `
|Select Identity,@{N=”Replicas”;E={[String]::Join(“;”, $_.Replicas)}}, `
MailEnabled,@{N=”Size MB”;E={(Get-PublicFolderStatistics $_).TotalItemSize.Value.ToMB()}} `
|Export-CSV .\PublicFolderOverview.CSV -NoTypeInformation


I personally think that SMBs have more complications in public folders as we’ll stick things in there and forget why we need it.


“If you don’t use Public Folders, or can easily move away from them, there’s no requirement to implement them with Exchange 2013. As the Outlook 2003 client is no longer supported, there is no client dependency.


Clients


We’ve collected data about our Exchange Server and some high level information about the mailboxes on it that we’ll feed into the design, so now we’ll look at what’s connecting to Exchange 2007 and see if we’ve got any work to do.


Windows Outlook clients supported by Exchange must meet minimum requirements, and for Exchange 2013 that means they must be either:


  • Outlook 2013 (Build 15.0.4420.1017 or higher)
  • Outlook 2010 Service Pack 1 with at least the November 2012 update (Build 14.0.6126.5000 or higher)
  • Outlook 2007 Service Pack 3 with at least the November 2012 update (Build 12.0.6665.5000 or higher)

Remember, Exchange 2007 supports clients as old as Outlook 2002, but in general, we’d expect the majority of older clients to only be as old as Outlook 2003.


Exchange 2013 also supports Mac clients, including Outlook 2011 and Entourage Web Services addition. Apple’s Mac Mail also connects, and naturally you may expect to find ActiveSync, POP3 and IMAP clients if these protocols are enabled. Outside of Exchange, we also have BES users in our environment; however we’ll collect information about these separately when we examine the BES server in a later section.”


Let’s make this really really clear here.  You need to be on outlook 2007 or higher.  Outlook 2010 and higher is really preferred.  You can’t use Outlook 2003 to connect to Exchange 2013.


Blogging my way (starting over) through a proof of concept migration from SBS 2008 to Essentials 2012 R2 series will be a SMB kitchen project whitepaper.  More about the SMBKitchen project at – http://www.thirdtier.net/enterprise-solutions-for-small-business 

SMBKitchen: Checking those connectors

Next up … http://www.msexchange.org/articles-tutorials/exchange-server-2013/migration-deployment/planning-and-migrating-small-organization-exchange-2007-2013-part3.html


Send and Receive Connector Configuration


Send Connectors help your Exchange organization know where to route outbound email destined for non-local recipients, and Receive Connectors provide SMTP connectivity for other Exchange Servers, SMTP clients and inbound external mail.


We’ll collect information about the configuration here to ensure that we know what Send Connectors we’ll be switching across to Exchange 2013, so that any changes elsewhere (such as IP restrictions for relaying) can be actioned; and make sure we understand the Receive Connector configuration that we’ll need to re-create and apply to Exchange 2013.


Examine each Send Connector, by navigating to Organization Configuration>Hub Transport and choosing the Send Connectors tab. You’ll see each Send Connector listed.



Record details of each Send Connector, including which Exchange Servers are currently specified as Source Servers. You’ll find that information by choosing Properties for each Send Connector.




Since we have a single server here, we won’t need to re-create the send connectors; but we’ll need to examine the configuration of where they send to and ensure they are allowed to connect. The details we’ve recorded are shown below:


Send Connector

Source Servers

Address Space

Windows SBS Interneet Send SBSTESTSERVER

SBSTESTSERVER

*


 


Next, we’ll collect information to ascertain if any Receive Connectors have Anonymous relay permissions granted via Active Directory permissions.


We’ll perform this using the Exchange Management Shell using the snippet below:


Get-ReceiveConnector | Get-ADPermission | Where {$_.ExtendedRights -like “*Ms-Exch-SMTP-Accept-Any-Recipient*” -and $_.Deny -eq $False -and $_.User -like “*NT AUTHORITY\Anonymous Logon*”} | fl Identity


After running the commands, if there are no anon relays, you’ll see no input



Then, examine each Receive Connector, within Server Configuration>Hub Transport and select the first server you wish to record details for:



 


Open each Receive Connector, and record details both from the PowerShell output, and from each connector’s Properties tab, as shown in the example table below.


Server

Receive   Connector

Max   Message Size (KB)

IP/Port

Accept   Mail From

Authentication

Permission   Groups

Anonymous   Relay

SBSTESTSERVER

Default SBSTESTSERVER

10240

192.168.1.5/25

192.168.1.0-192.168.1.255

- TLS

-Basic authentication

  – Offer basic authentication only after starting TLS

- Exchange Server Authentication

- Integrated Windows authentication

- Exchange users

- Exchange servers

- Legacy Exchange Servers

No

SBSTESTSERVER

Windows SBS Fax SharePoint Receive SBSTESTSERVER

10240

127.0.0.1/25

127.0.0.1-127.0.0.1

- Basic Authentication

-Anonymous users

- Exchange users

No

SBSTESTSERVER

Windows SBS Internet Receive SBSTESTSERVER

10240

192.168.1.2/25

0.0.0.0-192.168.1.2

192.168.1.2-192.168.1.2

192.168.1.2-255.255.255.255

- TLS

- Anonymous users

No


Obviously adjust this table for how you have your IP addresses setup and what you see in your server migration


Next up public folders….


Blogging my way (starting over) through a proof of concept migration from SBS 2008 to Essentials 2012 R2 series will be a SMB kitchen project whitepaper.  More about the SMBKitchen project at – http://www.thirdtier.net/enterprise-solutions-for-small-business 

Windows Server 2012 R2 Essentials technical training series

Check it out….


Windows Server 2012 R2 Essentials technical training series now available on Microsoft Virtual Academy – The Windows Server Essentials and Small Business Server Blog – Site Home – TechNet Blogs:
http://blogs.technet.com/b/sbs/archive/2014/02/26/windows-server-2012-r2-essentials-technical-training-series-now-available-on-microsoft-virtual-academy.aspx

SMBKitchen: Checking limits

Next up … http://www.msexchange.org/articles-tutorials/exchange-server-2013/migration-deployment/planning-and-migrating-small-organization-exchange-2007-2013-part3.html


Mailbox Quotas


Quota limits for mailboxes are by default defined at a Mailbox Database level. We’ll therefore collect details about the limits currently in place. Within the Exchange Management Console, navigate to Server Configuration>Mailbox and view each respective Database properties as shown below: 



 I removed them from my server and thus why there are no settings



From the Database Properties dialog window, record the Warning, Send and Send/Receive Limits as shown above


As the database limits are shown in Kilobytes, we can divide the values by 1024 (for example 1048576 KB divided by 1024 equals 1024 MB) and then record the values as shown below:


Storage Group

Mailbox Database

Issue Warning

Prohibit Send

Prohibit Send/Recieve

MailboxDatabase

MailboxDatabase

None

None

None

 

 


To record any exceptions from these defaults we need to be aware of, we’ll then open up the Exchange Management Shell and run the following command to display a list of users with overrides set and the values of those overrides.


Remember SBS has one up on the template level as well



So if you took that off (like many of us do) your output of the command below


Get-Mailbox -ResultSize Unlimited | Where {$_.UseDatabaseQuotaDefaults -eq $False} | Select Name,Prohibit*,Issue*


Will look like this:




More on the SBS quotas .. http://blogs.technet.com/b/sbs/archive/2008/10/28/how-do-i-change-message-size-limits-in-exchange-2007.aspx


We can then record that information in a table as shown below:


Name

ProhibitSendQuota

ProhibitSendReceiveQuota

IssueWarningQuota

SBSAdmin

20000MB

2Gb

1948MB

Susan

unlimited

unlimited

unlimited

Susanb

unlimited

unlimited

unlimited

 

 

 

 


Next up …send receive connectors….


Blogging my way (starting over) through a proof of concept migration from SBS 2008 to Essentials 2012 R2 series will be a SMB kitchen project whitepaper.  More about the SMBKitchen project at – http://www.thirdtier.net/enterprise-solutions-for-small-business 

More of Robert’s tools for your back pocket

If you haven’t checked out some of Robert’s tools… check them out!


Windows Server Essentials – Configuration Troubleshooter | Title (Required):
http://titlerequired.com/2014/02/14/windows-server-essentialsconfiguration-troubleshooter/


Essentials 2012 Manage DNS AutoDiscovery | Title (Required):
http://titlerequired.com/2014/02/14/essentials-2012-manage-dns-autodiscovery/


TechNet Password Expiry Email Notification:
http://gallery.technet.microsoft.com/Password-Expiry-Email-177c3e27

SMBKitchen: Profiling your Exchange

Back on our proof of concept project for migrating from a SBS 2008 to Essentials… and in the meantime good news – Exchange 2013 sp1 is out which means Exchange 2013 is now finally (about time) and officially supported on 2012 R2.  So while I’m still reviewing my existing setup, I’m going to download Server 2012 R2 and Exchange 2013 sp1 and get ready to build a new member server.


But let’s get back to where I was inventorying our setup on SBS 2008.


http://www.msexchange.org/articles-tutorials/exchange-server-2013/migration-deployment/planning-and-migrating-small-organization-exchange-2007-2013-part2.html


I was right at the Exchange profile analyzer section (and obviously taking this from someone in the UK that spells it Analyser)


Exchange Profile Analyser


The EPA tool allows us to scan mailboxes within the existing environment to determine some very important values that will assist with sizing the environment. When we size Exchange 2013, we’ll need to know the average message size and the average number of messages sent and received each day. We can collect this data using this tool.


First, we’ll need to assign the correct permissions to allow the EPA to read data from the mailboxes within the environment. To allow EPA to scan all mailboxes on our single Exchange Server, we’ll use the following set of commands at the Exchange Management Shell to set permissions against all Mailbox Databases on the server. In our case we’ll use E12M01 as the server name and Administrator as the username, so replace those values with appropriate ones for your environment:


Get-ExchangeServer E12M01 | Add-ADPermission -user Administrator -AccessRights ExtendedRight -ExtendedRights “Send-As”


Get-ExchangeServer E12M01 | Add-ADPermission -user Administrator -AccessRights ExtendedRight -ExtendedRights “Receive-As”


In my case it’s SBSTESTSERVER


So my commands will be


Get-ExchangeServer SBSTESTSERVER | Add-ADPermission -user Administrator -AccessRights ExtendedRight -ExtendedRights “Send-As”


Get-ExchangeServer SBSTESTSERVER | Add-ADPermission -user Administrator -AccessRights ExtendedRight -ExtendedRights “Receive-As”


Click start


Exchange management shell and right mouse click and click on Run As Administrator



Next, we’ll download the Exchange Profile Analyser from the Microsoft website. We can install this tool on an administrative workstation or for our example, we’ll install the tool on the local, single Exchange Server for simplicity.


After install using the default options, launch the Exchange Profile Analyser. After launch, choose Connect to Active Directory and press, next. Then, we’ll choose to connect to Active Directory using the current user credentials



And we install it on the box



 


We connect to AD using the existing user



 


The current Exchange topology will be loaded by the EPA.


Before beginning the scan, we’ll then set options including leaving Logging/Stats Options as-is with Information selected, and Output Statistics for Individual Mailbox left unselected, and select our Exchange 2007 Servers.


We’ll then ensure scanning over a period of time that is representative. For example, if it’s currently during the summer holidays and we only scan a couple of weeks, our data may be incorrect because end users are on holiday and therefore sending less mail. Or if we are only scanning a period of time that represents then busiest period, for example the week that coincides with the year end, then our average figures may be skewed too high. A period of perhaps three to six months therefore may be a good starting figure to consider.


Exchange BPA


Sadly the Exchange Best Practices Analyser, and it’s sibling the Exchange 2010 Pre-Deployment Analyser are no longer a part of Exchange 2013, but that isn’t to say that they are not useful. We’ll use the output from the Exchange BPA to help identify whether there’s any well known underlying issues we need to be aware of and correct before moving forward with the Exchange 2013 deployment.


To launch the BPA, open the Exchange Management Console and navigate to the Toolbox. Then select Exchange Best Practices Analyser:


There are some things to ignore…



At least on my virtual box anyway…



Next up checking for mailbox quotas.. http://www.msexchange.org/articles-tutorials/exchange-server-2013/migration-deployment/planning-and-migrating-small-organization-exchange-2007-2013-part3.html


Blogging my way (starting over) through a proof of concept migration from SBS 2008 to Essentials 2012 R2 series will be a SMB kitchen project whitepaper.  More about the SMBKitchen project at – http://www.thirdtier.net/enterprise-solutions-for-small-business 

Finally!! Exchange 2013 sp1

Released: Exchange Server 2013 Service Pack 1 – Exchange Team Blog – Site Home – TechNet Blogs:
http://blogs.technet.com/b/exchange/archive/2014/02/25/exchange-server-2013-service-pack-1-available.aspx


Okay I’ll admit I was slightly dragging my feet on the proof of concept migration blogging project because I was HOPING that sp1 for Exchange 2013 would come out that brings support of Exchange 2013 to the 2012 R2 platform.  So now I can use 2012 R2 as the platform of choice for deployment.


Windows Server 2012 R2 support – Exchange 2013 SP1 adds Windows Server 2012 R2 as a supported operating system and Active Directory environment for both domain and forest functional levels. For the complete configuration support information refer to the Exchange Server Supportability Matrix. This matrix includes details regarding Windows Server 2012 R2 support information about earlier versions of Exchange

Uncheck this

So you have a client that still has a SBS 2003 and they want to RWW into a Windows 8.1 machine?


You need to uncheck a box



Go into the control panel, system, remote connections and UNCHECK the “Allow connections only from computers running Remote Desktop with Network Level Authentication”


Once you do that, you can remote into the workstation.

Items to know for Essentials R2

http://blogs.technet.com/b/sbs/archive/2014/02/21/deploying-windows-server-2012-r2-essentials-in-an-existing-active-directory-environment.aspx


http://blogs.technet.com/b/sbs/archive/2014/02/17/deploying-windows-server-2012-r2-standard-datacenter-with-windows-server-essentials-experience-role-in-an-existing-active-directory-environment.aspx


A couple of things to keep in mind at the present time – which are not well documented (IMHO).


The first thing is that the Essentials wizards will only work when there is one and only one DC.  All those thoughts and plans of a multiple DC SMB deployment using either Essentials or Essentials role?  Yeah no can do right now.  Bugged.  Have no idea of a ETA for a fix.


The second thing is that these wizards also can only be run when the Essentials IS the domain controller.  So If you had the plan to make the Essentials role a member server and still offer up a RWA like experience… well you can.. .but just as long as the one and only DC is also that 2012 R2 server with the Essentials role – or it’s an Essentials sku. (see http://social.technet.microsoft.com/Forums/windowsserver/en-US/ed131f6a-9f81-41af-8e85-ef73ed3321cd/essentials-experience-on-member-server-office-365-integration?forum=winserveressentials for a bit more discussion)


If you add an Essentials server to an existing domain and it’s in the member server role only – it will only backup clients.

Godaddy’s Office 365

http://redmondmag.com/articles/2014/01/13/godaddy-hosted-360-email.aspx

Just for grins I wanted to see how Godaddy set up Office 365 – was it really Office 365 or something else.  How automatic of a set up was the offering.. if you bought the domain name as part of the Office 365 package it would seem to me that they’d know what DNS settings to do right?

It appears not as they give you the settings you are supposed to do:

And before anyone says anything…yes I bought smbdiva.com because it was available, believe it or not!

 

Let’s get your mail going to the right place

Before we can get your account up and running, you’ll need to follow these steps to direct your mail to the right place for smbdiva.com

  1. Log on to your hosting provider or third-party domain name system manager (usually the same place you bought your domain)
  2. Locate the CNAMEs and set the following:
    • Name: autodiscover
    • Target: autodiscover.outlook.com
    • Name: sip
    • Target: sipdir.online.lync.com
    • Name: lyncdiscover
    • Target: webdir.online.lync.com
    • Name: email
    • Target: email.secureserver.net
    • Name: msoid
    • Target: clientconfig.microsoftonline-p.net
  3. Locate the MX and set the following:
    • Host: @
    • Priority: 0 Target: smbdiva-com.mail.protection.outlook.com
  4. Locate the SRV and set the following:
    • Port:
    • Protocol: Name: Service: Priority: Weight: Target:
      443 _tls @ _sip 0 0 sipdir.online.lync.com
    • Port:
    • Protocol: Name: Service: Priority: Weight: Target:
      5061 _tcp @ _sipfederationtls 0 0 sipfed.online.lync.com
  5. Locate the TXT and set the following:
    • Name: @ TXT Value: MS=ms73364951
    • Name: @ TXT Value: v=spf1 include:spf.protection.outlook.com -all

Note: Making these changes means you’ll stop receiving email to any account previously set up on this domain. Learn more »


I love how they say “log into your domain provider”… uh that would be you!

The other thing I noted is that they did NOT tell me to remove the existing MX record.

Priority 10 MX record that is pointing to mailstore1.secureserver.net

Now I had some issues trying to get a Lync meeting so I’m not convinced this is still set up right.

Another item of interest is that if you go to a normal Office 365 login page and type in your domain it redirects you to the godaddy sign in

 Flipping the domain over to  the public sharepoint site also isn’t working and as a workaround you are given the manual info:

Add these DNS records for www.smbdiva.com at your DNS hosting provider.

Need help adding the records? See step-by-step instructions for creating these records at popular DNS hosting providers.


Type Priority Host name Points to address TTL
CNAME - www.smbdiva.com        netorg22482.sharepoint.com        3600


 


Nor do they tell you you need to remove this



Not as polished of a process as I was expecting