Bhargav's IT Playground

Passion for Technology. Power of Messaging.

Archive for category Exchange 2007

What does New-ExchangeCertificate –confirm do?

Jan 21

Posted by Bhargav in Exchange 2007, Exchange 2010, Troubleshooting | No Comments

Depends who is asking.

Let’s assume a scenario where you are trying to create a new self-signed certificate on Exchange 2007 using a script. You run the command “New-Exchange Certificate – Services “IMAP, POP3, IIS, SMTP” –Confirm:$false”. The script stops at a prompt when it tries to confirm overwrite of existing SMTP certificate (because current self-signed certificate is assigned to that function). Since this is breaking your script, you decide to throw in –force to force override of the prompt.

Now you face another error: “Parameter set cannot be resolved using the specified named parameters.

This is because –Force serves different purpose in Exchange 2007. According to TechNet:

Use this parameter switch to overwrite an existing certificate request file that matches the same file path as specified in this cmdlet. By default, this cmdlet will not overwrite existing files.

Unfortunately, there is no way you can override the dreaded SMTP certificate prompt in Exchange 2007 (that I know of).

Now let’s turn our attention to Exchange 2010. Since New-ExchangeCertificate cmdlet does not directly write to a file, –force serves the purpose you expected in previous scenario. According to TechNet:

The Force switch specifies whether to override the confirmation prompt and set the new self-signed certificate as the default certificate for TLS for internal SMTP communication. By default, this cmdlet requires a confirmation before setting the new certificate as the default certificate for TLS encryption of internal SMTP communication.

So in case you were wondering, there you go.

Print Friendly
Share

Tags: , ,

How do I check Update Rollup version on Exchange 20xx Server?

Dec 14

Posted by Bhargav in Exchange 2007, Exchange 2010, Exchange Management Shell, Exchange Server, PowerShell | 11 Comments

Instead of updating my previous post which covers only Exchange 2007, I decided to create a new post which covers both versions.

Now that Update Rollup for Exchange Server 2010 is available, I have updated my previous script to check for Update Rollup versions on both Exchange Server 2007 and Exchange Server 2010. No need to have two versions of script. Just download this one!

Here’s what has changed between versions:

  • Product GUID has changed to AE1D439464EB1B8488741FFA028E291C (Exchange 2010) from 461C2B4266EDEF444B864AD6D9E5B613 (Exchange 2007).
  • Exchange writes installation information to HKLM\SOFTWARE\Microsoft\ExchangeServer\v14\Setup instead of “HKLM\SOFTWARE\Microsoft\Exchange\Setup”

The script below will do the work for you so you don’t need to remember what I just said above. Isn’t that what script is for?

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88

# Store header in variable
$headerLine =
@"
 
Server Name,Rollup Update Description,Installed Date,ExSetup File Version
"@
 
# Write header to file
$headerLine | Out-File .\results.csv -Encoding ASCII -Append
 
function getRU()
{
# Set server to connect to
	$Server = "$_".ToUpper()
 
 
# Check if server is running Exchange 2007 or Exchange 2010
 
	$ExchVer = (Get-ExchangeServer $Server | ForEach {$_.AdminDisplayVersion.Major})
 
# Set appropriate base path to read Registry
# Exit function if server is not running Exchange 2007 or Exchange 2010
	if ($ExchVer -eq "8" -or $ExchVer -eq "14")
		{
			switch ($ExchVer)
			{
			 "14"	{
			 			$REG_KEY = "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Products\\AE1D439464EB1B8488741FFA028E291C\\Patches"
						$Reg_ExSetup = "SOFTWARE\\Microsoft\\ExchangeServer\\v14\\Setup"
			 		}
			 "8"	{
			 			$REG_KEY = "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Products\\461C2B4266EDEF444B864AD6D9E5B613\\Patches"
						$Reg_ExSetup = "SOFTWARE\\Microsoft\\Exchange\\Setup"
			 		}
			}
		}
	else
		{return}
 
# Read Rollup Update information from servers
 
# Set Registry constants
	$VALUE1 = "DisplayName"
	$VALUE2 = "Installed"
	$VALUE3 = "MsiInstallPath"
 
# Open remote registry
	$reg = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey('LocalMachine', $Server)
 
# Set regKey for MsiInstallPath
	$regKey= $reg.OpenSubKey($REG_ExSetup)
 
# Get Install Path from Registry and replace : with $
	$installPath = ($regkey.getvalue($VALUE3) | foreach {$_ -replace (":","`$")})
 
# Set ExSetup.exe path
	$binFile = "Bin\ExSetup.exe"
 
# Get ExSetup.exe file version
	$exSetupVer = ((Get-Command "\\$Server\$installPath$binFile").FileVersionInfo | ForEach {$_.FileVersion})
 
# Create an array of patch subkeys
	$regKey= $reg.OpenSubKey($REG_KEY).GetSubKeyNames() | ForEach {"$Reg_Key\\$_"}
 
# Walk through patch subkeys and store Rollup Update Description and Installed Date in array variables
	$dispName = [array] ($regkey | %{$reg.OpenSubKey($_).getvalue($VALUE1)})
	$instDate = [array] ($regkey | %{$reg.OpenSubKey($_).getvalue($VALUE2)})
 
# Loop Through array variables and output to a file
	$countmembers = 0
 
	if ($regkey -ne $null)
	{
		while ($countmembers -lt $dispName.Count)
		{
		$server+","+$dispName[$countmembers]+","+$instDate[$countmembers].substring(0,4)+"/"+$instDate[$countmembers].substring(4,2)+"/"+$instDate[$countmembers].substring(6,2)+","+$exsetupver | Out-File .\results.csv -Encoding ASCII -Append
		$countmembers++
		}
	}
	else
	{
		$server+",No Rollup Updates are installed,,"+$exsetupver | Out-File .\results.csv -Encoding ASCII -Append
	}
}
 
# Get Exchange 2007 servers and write Rollup Updates to results file
$Servers = (Get-ExchangeServer | Where-Object {($_.AdminDisplayVersion -match "8" -OR $_.AdminDisplayVersion -match "14") -AND $_.ServerRole -ne "ProvisionedServer" -and $_.ServerRole -ne "Edge"} | ForEach {$_.Name})
$Servers | ForEach {getRU}

Download – Get-ExchangeUpdateRollups.ps1

Print Friendly
Share

Tags:

Verify Exchange Server Schema Version

Nov 20

Posted by Bhargav in Exchange 2003, Exchange 2007, Exchange 2010 | 5 Comments

When you run Exchange Setup to prepare schema, usually the very next question is, how do I verify schema was updated successfully? Verifying only the values of attributes as mentioned below is not a good verification of Exchange setup completion. This article is intended to only provide reference to attributes and their values.

Let’s start back at Exchange 2003 SP2.

One of the last actions setup /forestprep in Exchange 2003 is to set objectVersion attribute on Exchange organization container to a value of 6903. You can verify this using ADSIEdit and navigating to Configuration NC, Exchange organization object under services\Microsoft Exchange node.

 

On the other hand, when setup /domainprep is run, it sets the objectVersion attribute on Microsoft Exchange System Objects container to a value of 6936. You can verify this using ADSIEdit and navigating to Domain NC, Microsoft Exchange System Objects container.

 

In Exchange 2007, after successful run of Setup /PrepareSchema you will find that the attributes mentioned above are not changed! You need to verify the value of rangeUpper attribute of ms-Exch-Schema-Version-Pt object in Schema NC. The value should be 10637.

 

It is only when you run Setup /PrepareAD the objectVersion attribute of Organization container in Configuration NC is updated to a value of 10666. You will also find that objectVersion attribute on Microsoft Exchange System Objects container in Domain NC is set to a value of 10628.

 

You will also notice that Setup /PrepareDomain does not have any effect on these attribute values.

 

Let’s briefly review what does Exchange 2007 SP1, SP2 and Exchange 2010 setup update these attribute values to.

Exchange 2007 SP1

  • Value of rangeUpper attribute of ms-Exch-Schema-Version-Pt object in Schema NC is set to 11116 when setup /PrepareSchema is run successfully.
  • Setup /PrepareAD sets the objectVersion attribute of Organization container in Configuration NC is updated to a value of 11221. objectVersion attribute on Microsoft Exchange System Objects container in Domain NC is also set to the same value of 11221.
  • Setup /PrepareDomain does not have any effect on these attribute values.

 

Exchange 2007 SP2

  • Value of rangeUpper attribute of ms-Exch-Schema-Version-Pt object in Schema NC is set to 14622 when setup /PrepareSchema is run successfully.
  • Setup /PrepareAD sets objectVersion attribute of Organization container in Configuration NC to a value of 11222. objectVersion attribute on Microsoft Exchange System Objects container in Domain NC remains unchanged at value of 11221.
  • Setup /PrepareDomain does not have any effect on these attribute values.

Exchange 2007 SP3

  • Value of rangeUpper attribute of ms-Exch-Schema-Version-Pt object in Schema NC is set to 14625 when setup /PrepareSchema is run successfully.
  • objectVersion attribute of Organization container in Configuration NC remains unchanged at a value of 11222. objectVersion attribute on Microsoft Exchange System Objects container in Domain NC remains unchanged at value of 11221.
  • Setup /PrepareDomain does not have any effect on these attribute values.

 

Exchange 2010

  • Value of rangeUpper attribute of ms-Exch-Schema-Version-Pt object in Schema NC is not changed from 14622 when setup /PrepareSchema is run successfully.
  • Setup /PrepareAD sets objectVersion attribute of Organization container in Configuration NC to a value of 12640. objectVersion attribute on Microsoft Exchange System Objects container in Domain NC remains unchanged at value of 12639.
  • Setup /PrepareDomain does not have any effect on these attribute values.

Exchange 2010 SP1

  • Value of rangeUpper attribute of ms-Exch-Schema-Version-Pt object in Schema NC is not changed from 14726 when setup /PrepareSchema is run successfully.
  • Setup /PrepareAD sets objectVersion attribute of Organization container in Configuration NC to a value of 13214. objectVersion attribute on Microsoft Exchange System Objects container in Domain NC is changed to value of 13040.
  • Setup /PrepareDomain does not have any effect on these attribute values.

Exchange 2010 SP2

  • Value of rangeUpper attribute of ms-Exch-Schema-Version-Pt object in Schema NC is changed to 14732 when setup /PrepareSchema is run successfully.
  • Setup /PrepareAD sets objectVersion attribute of Organization container in Configuration NC to a value of 14247. objectVersion attribute on Microsoft Exchange System Objects container in Domain NC remains unchanged at value of 13040.
  • Setup /PrepareDomain does not have any effect on these attribute values.

When reading this article, consider the fact that the lab setup I used was upgraded from Exchange 2003 schema to Exchange 2007 schema and then to Exchange 2010/SP1 schema. Service Pack 2 was tested in Exchange 2003 environment with no Exchange 2007 or Exchange 2010 Service Pack 1. This should not affect any attribute values mentioned above however I cannot guarantee since I have not tested it.

Print Friendly
Share

Tags: , , , , , ,

Logs not truncated after VSS Backup in Exchange 2007 SP2 or Exchange 2010

Nov 2

Posted by Bhargav in Exchange 2007, Exchange 2010, Troubleshooting | 1 Comment

Release of Exchange 2007 SP2 brought much awaited feature – VSS Backups!

This was exciting. You were now able to take Exchange Server Backups on Windows Server 2008 without third-party backup software.

That was until after you ran your first backup, or a few more if you weren’t watching! That is when you noticed that the backups have not failed but the transactions logs did not truncate either!

What could go wrong with Exchange? Why is it not truncating logs? The backups have not failed.

Trust me, there is nothing wrong with Exchange. Exchange is fine!

The problem is with the way backup is run. When you run the backup and select “Everything”, The VSS default is “Copy” backup. When you run “Copy” backup, it does not change archive bit. In this case, it does not truncate transaction logs.

You need to make sure when you run the backup to create a custom backup and make sure it is “Full” backup and not a “Copy” backup. When you run a “Full” backup, Exchange will truncate transaction log files as expected after backup successfully completes.

Print Friendly
Share

Tags: , ,

Why is Exchange 2007 SP2 not supported on Windows Server 2008 R2?

Sep 21

Posted by Bhargav in Exchange 2007, Exchange Server, Supportability | No Comments

This is a tough question to answer as a PFE when I work with customers for whom, the release of both products came almost around the same timeframe. For many things, we rely on product groups to answer such questions and Exchange Team has answered it on their recent blog post.

I am sure there will be many more questions around this post. I am looking forward to reading interesting discussions that will follow.

On the lighter side of life, if you are getting ready to shoot someone for this issue, make sure that’s not me as I have nothing to do with how those decisions are made, neither do I have any input in that process. I’m just the messenger.

Print Friendly
Share

Tags: ,

Who knew? Does Microsoft support Exchange 2007 Databases on BitLocker Encrypted drive?

Sep 21

Posted by Bhargav in Exchange 2007, Exchange Server | No Comments

Did you know that Microsoft has tested and fully supports Exchange 2007 Databases on BitLocker encrypted drive? That does mean you will need Windows 2008 with BitLocker encryption enabled. If you are willing to go that for for securing your servers, Microsoft is committed to supporting your secure configuration!

You can read more about it here.

Print Friendly
Share

Tags: , ,

How to bypass confirmation prompts for Managed Folder Policy

Sep 16

Posted by Bhargav in Exchange 2007, Exchange Management Shell, PowerShell | No Comments

When you try to apply managed mailbox folder policy to a mailbox using set-mailbox, you would run a command like this:

 

set-mailbox -identity mailboxA -ManagedFolderMailboxPolicy "MFPolicy"

 

This would result in a confirmation prompt

 

Confirm
  <br />Are you sure you want to perform this action?
  <br />...

 

To avoid the prompt, you instead run command

 

set-mailbox -identity mailboxA -ManagedFolderMailboxPolicy "MFPolicy" –confirm:$false

 

However, you will get prompted again with the following:

 

Confirm
  <br />When assigning a managed folder mailbox policy…

To put it in perspective, the first confirmation prompt is for set-mailbox operation. The second confirmation prompt is for applying Managed Folder Policy. Whenever Managed Folder Policy is applied, it impacts legacy Outlook client functionality. Which explains why additional confirmation is needed.

So, how can you tell the shell not to ask you for confirmation as you know what you are doing or you don’t care if it breaks ;) ?

Type this:

set-mailbox -identity mailboxA -ManagedFolderMailboxPolicy "MFPolicy" -ManagedFolderMailboxPolicyAllowed -Confirm:$false

you can now tell the computer who is the boss. :)

Print Friendly
Share

Tags: ,

Exchange 2003 support and Windows Server 2008 R2 Domain Controllers

Sep 10

Posted by Bhargav in Exchange 2003, Exchange 2007 | 1 Comment

When I originally wrote this post, Windows Server 2008 R2 Domain Controllers were not supported for Exchange 2003, however, in recent months the guidance from product team has changed and new support guidance now includes Windows Server 2008 R2 Domain Controllers as supported configuration.

Please refer to this article on Technet for more information.

MS Exchange Team recently published an article on Exchange 2007 Supportability Matrix. As I read more into it and look at the accompanying article on Technet, it is noteworthy that we talk about Exchange 2003 support as well.

I got questions from multiple customers I work with on this. As I realize many organizations are still in process of deploying Exchange 2007. Many have Exchange 2003 SP2 in production and majority of users are on Exchange 2003 mailbox servers.

This poses an interesting challenge. If an organization wants to move forward with Windows Server 2008 R2 (specifically – R2) Domain Controllers, they hit a huge roadblock. The supportability Matrix provides specific guidance around that and that means Exchange 2003 is not supported against Windows 2008 R2 Domain Controllers.

When I looked at Microsoft Support Lifecycle site for Exchange 2003, I noticed that Mainstream support for Exchange 2003 ended 4/14/2009. Given SP2 support note says support for SP2 will end at release of new Service Pack or end of Support Lifecycle of Exchange 2003 which is sometime in 2014, it still is important to note that when Mainstream support ends, only security fixes are provided for the product without any cost to customer.

It isn’t surprising that Exchange Product team may have decided to focus their efforts in developing features that customers asked for in current and future versions and not for the products that are in Extended Support phase of Lifecycle. I have no visibility in the effort of development and testing of any fix/service pack, features that goes into Exchange Server products but if I have to assume, I am sure it is huge for every possible combination they may have to test.

So to summarize, I know it is going to be painful to plan around the supportability of Exchange 2003 and Windows Server 2008 R2 Domain Controllers. The best approach I can recommend is follow the published guidance and plan around migration to Exchange 2007 before you can upgrade all your domain Controllers to Windows Server 2008 R2 and raise Domain / Forest functional level.

Last but not least, do read the site disclaimer, the views presented here are of my own and not of my employer.

Print Friendly
Share

Tags: , ,

Exchange 2007 Service Pack 2 Released

Aug 25

Posted by Bhargav in Exchange 2007, Exchange Server | No Comments

Exchange 2007 Service Pack 2 has been released!

I in particular have been waiting for this as transition from Exchange 2007 to Exchange 2010 and co-existence of both products in single environment requires Exchange 2007 servers running SP2.

If you missed it, it is documented by Exchange Team here in FAQs.

If you are like me, I am sure you can’t wait to download Exchange 2007 SP2. Well, wait is over. Head over to the following link and download it now. I already did!

http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=4c4bd2a3-5e50-42b0-8bbb-2cc9afe3216a

Overview

Microsoft Exchange Server 2007 Service Pack 2 (SP2) has been designed specifically to help meet the challenges of any business and the needs of all the different groups with a stake in the messaging system. Exchange Server 2007 SP2 is a mission-critical communications tool that enables employees to be more productive and access their information anywhere and anytime while providing a messaging system that enables rich, efficient access to e-mail, calendar items, voice mail, and contacts. For the administrator, Exchange Server 2007 SP2 provides advanced protection options against e-mail security threats, such as spam and viruses, as well as the tools to help manage internal compliance and high availability needs. For an overview of the new features that are available in Exchange Server 2007 SP2, see "What’s New in Exchange Server 2007 SP2".

Print Friendly
Share

Tags:

Exchange 2007 PowerShell Scripts – What would you like to script?

Aug 17

Posted by Bhargav in Announcements, Exchange 2007, PowerShell | No Comments

I am always thinking about how can I script/automate tasks I have to do repeatedly or I see others ask for. I would like to go a step beyond. I would like to ask you – the readers:

If you would want to script something for your Exchange 2007 environment, what would it be?

I am going to keep comments open on this one so please comment and provide me the list you would like to see scripts on. You can also use contact form if you like.

Print Friendly
Share

Tags: