Bhargav Shukla’s IT Playground

Passion for Technology. Power of Messaging.

Posts Tagged Exchange 2007

What does New-ExchangeCertificate –confirm do?

Jan 21

Posted by Bhargav in Exchange 2007, Exchange 2010, Troubleshooting

Depends who is asking.

Let’s assume a scenario where you are trying to create a new self-signed certificate on Exchange 2007 using a script. You run the command “New-Exchange Certificate – Services “IMAP, POP3, IIS, SMTP” –Confirm:$false”. The script stops at a prompt when it tries to confirm overwrite of existing SMTP certificate (because current self-signed certificate is assigned to that function). Since this is breaking your script, you decide to throw in –force to force override of the prompt.

Now you face another error: “Parameter set cannot be resolved using the specified named parameters.

This is because –Force serves different purpose in Exchange 2007. According to TechNet:

Use this parameter switch to overwrite an existing certificate request file that matches the same file path as specified in this cmdlet. By default, this cmdlet will not overwrite existing files.

Unfortunately, there is no way you can override the dreaded SMTP certificate prompt in Exchange 2007 (that I know of).

Now let’s turn our attention to Exchange 2010. Since New-ExchangeCertificate cmdlet does not directly write to a file, –force serves the purpose you expected in previous scenario. According to TechNet:

The Force switch specifies whether to override the confirmation prompt and set the new self-signed certificate as the default certificate for TLS for internal SMTP communication. By default, this cmdlet requires a confirmation before setting the new certificate as the default certificate for TLS encryption of internal SMTP communication.

So in case you were wondering, there you go.

  • Windows Live Favorites
  • Windows Live Spaces
  • TechNet
  • Twitter
  • LinkedIn
  • Technorati Favorites
  • Share/Bookmark
Print

Tags: , ,

No Comments

Logs not truncated after VSS Backup in Exchange 2007 SP2 or Exchange 2010

Nov 2

Posted by Bhargav in Exchange 2007, Exchange 2010, Troubleshooting

Release of Exchange 2007 SP2 brought much awaited feature – VSS Backups!

This was exciting. You were now able to take Exchange Server Backups on Windows Server 2008 without third-party backup software.

That was until after you ran your first backup, or a few more if you weren’t watching! That is when you noticed that the backups have not failed but the transactions logs did not truncate either!

What could go wrong with Exchange? Why is it not truncating logs? The backups have not failed.

Trust me, there is nothing wrong with Exchange. Exchange is fine!

The problem is with the way backup is run. When you run the backup and select “Everything”, The VSS default is “Copy” backup. When you run “Copy” backup, it does not change archive bit. In this case, it does not truncate transaction logs.

You need to make sure when you run the backup to create a custom backup and make sure it is “Full” backup and not a “Copy” backup. When you run a “Full” backup, Exchange will truncate transaction log files as expected after backup successfully completes.

  • Windows Live Favorites
  • Windows Live Spaces
  • TechNet
  • Twitter
  • LinkedIn
  • Technorati Favorites
  • Share/Bookmark
Print

Tags: , ,

1 Comment

Why is Exchange 2007 SP2 not supported on Windows Server 2008 R2?

Sep 21

Posted by Bhargav in Exchange 2007, Exchange Server, Supportability

This is a tough question to answer as a PFE when I work with customers for whom, the release of both products came almost around the same timeframe. For many things, we rely on product groups to answer such questions and Exchange Team has answered it on their recent blog post.

I am sure there will be many more questions around this post. I am looking forward to reading interesting discussions that will follow.

On the lighter side of life, if you are getting ready to shoot someone for this issue, make sure that’s not me as I have nothing to do with how those decisions are made, neither do I have any input in that process. I’m just the messenger.

  • Windows Live Favorites
  • Windows Live Spaces
  • TechNet
  • Twitter
  • LinkedIn
  • Technorati Favorites
  • Share/Bookmark
Print

Tags: ,

No Comments

Who knew? Does Microsoft support Exchange 2007 Databases on BitLocker Encrypted drive?

Sep 21

Posted by Bhargav in Exchange 2007, Exchange Server

Did you know that Microsoft has tested and fully supports Exchange 2007 Databases on BitLocker encrypted drive? That does mean you will need Windows 2008 with BitLocker encryption enabled. If you are willing to go that for for securing your servers, Microsoft is committed to supporting your secure configuration!

You can read more about it here.

  • Windows Live Favorites
  • Windows Live Spaces
  • TechNet
  • Twitter
  • LinkedIn
  • Technorati Favorites
  • Share/Bookmark
Print

Tags: , ,

No Comments

How to bypass confirmation prompts for Managed Folder Policy

Sep 16

Posted by Bhargav in Exchange 2007, Exchange Management Shell, PowerShell

When you try to apply managed mailbox folder policy to a mailbox using set-mailbox, you would run a command like this:

 

set-mailbox -identity mailboxA -ManagedFolderMailboxPolicy "MFPolicy"

 

This would result in a confirmation prompt

 

Confirm 
  <br />Are you sure you want to perform this action?
  <br />...

 

To avoid the prompt, you instead run command

 

set-mailbox -identity mailboxA -ManagedFolderMailboxPolicy "MFPolicy" –confirm:$false

 

However, you will get prompted again with the following:

 

Confirm 
  <br />When assigning a managed folder mailbox policy…

To put it in perspective, the first confirmation prompt is for set-mailbox operation. The second confirmation prompt is for applying Managed Folder Policy. Whenever Managed Folder Policy is applied, it impacts legacy Outlook client functionality. Which explains why additional confirmation is needed.

So, how can you tell the shell not to ask you for confirmation as you know what you are doing or you don’t care if it breaks ;) ?

Type this:

set-mailbox -identity mailboxA -ManagedFolderMailboxPolicy "MFPolicy" -ManagedFolderMailboxPolicyAllowed -Confirm:$false

you can now tell the computer who is the boss. :)

  • Windows Live Favorites
  • Windows Live Spaces
  • TechNet
  • Twitter
  • LinkedIn
  • Technorati Favorites
  • Share/Bookmark
Print

Tags: ,

No Comments

Exchange 2003 support and Windows Server 2008 R2 Domain Controllers

Sep 10

Posted by Bhargav in Exchange 2003, Exchange 2007

When I originally wrote this post, Windows Server 2008 R2 Domain Controllers were not supported for Exchange 2003, however, in recent months the guidance from product team has changed and new support guidance now includes Windows Server 2008 R2 Domain Controllers as supported configuration.

Please refer to this article on Technet for more information.

MS Exchange Team recently published an article on Exchange 2007 Supportability Matrix. As I read more into it and look at the accompanying article on Technet, it is noteworthy that we talk about Exchange 2003 support as well.

I got questions from multiple customers I work with on this. As I realize many organizations are still in process of deploying Exchange 2007. Many have Exchange 2003 SP2 in production and majority of users are on Exchange 2003 mailbox servers.

This poses an interesting challenge. If an organization wants to move forward with Windows Server 2008 R2 (specifically – R2) Domain Controllers, they hit a huge roadblock. The supportability Matrix provides specific guidance around that and that means Exchange 2003 is not supported against Windows 2008 R2 Domain Controllers.

When I looked at Microsoft Support Lifecycle site for Exchange 2003, I noticed that Mainstream support for Exchange 2003 ended 4/14/2009. Given SP2 support note says support for SP2 will end at release of new Service Pack or end of Support Lifecycle of Exchange 2003 which is sometime in 2014, it still is important to note that when Mainstream support ends, only security fixes are provided for the product without any cost to customer.

It isn’t surprising that Exchange Product team may have decided to focus their efforts in developing features that customers asked for in current and future versions and not for the products that are in Extended Support phase of Lifecycle. I have no visibility in the effort of development and testing of any fix/service pack, features that goes into Exchange Server products but if I have to assume, I am sure it is huge for every possible combination they may have to test.

So to summarize, I know it is going to be painful to plan around the supportability of Exchange 2003 and Windows Server 2008 R2 Domain Controllers. The best approach I can recommend is follow the published guidance and plan around migration to Exchange 2007 before you can upgrade all your domain Controllers to Windows Server 2008 R2 and raise Domain / Forest functional level.

Last but not least, do read the site disclaimer, the views presented here are of my own and not of my employer.

  • Windows Live Favorites
  • Windows Live Spaces
  • TechNet
  • Twitter
  • LinkedIn
  • Technorati Favorites
  • Share/Bookmark
Print

Tags: , ,

1 Comment

Exchange 2007 Service Pack 2 Released

Aug 25

Posted by Bhargav in Exchange 2007, Exchange Server

Exchange 2007 Service Pack 2 has been released!

I in particular have been waiting for this as transition from Exchange 2007 to Exchange 2010 and co-existence of both products in single environment requires Exchange 2007 servers running SP2.

If you missed it, it is documented by Exchange Team here in FAQs.

If you are like me, I am sure you can’t wait to download Exchange 2007 SP2. Well, wait is over. Head over to the following link and download it now. I already did!

http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=4c4bd2a3-5e50-42b0-8bbb-2cc9afe3216a

Overview

Microsoft Exchange Server 2007 Service Pack 2 (SP2) has been designed specifically to help meet the challenges of any business and the needs of all the different groups with a stake in the messaging system. Exchange Server 2007 SP2 is a mission-critical communications tool that enables employees to be more productive and access their information anywhere and anytime while providing a messaging system that enables rich, efficient access to e-mail, calendar items, voice mail, and contacts. For the administrator, Exchange Server 2007 SP2 provides advanced protection options against e-mail security threats, such as spam and viruses, as well as the tools to help manage internal compliance and high availability needs. For an overview of the new features that are available in Exchange Server 2007 SP2, see "What’s New in Exchange Server 2007 SP2".

  • Windows Live Favorites
  • Windows Live Spaces
  • TechNet
  • Twitter
  • LinkedIn
  • Technorati Favorites
  • Share/Bookmark
Print

Tags:

No Comments

Disable Certificate Revocation Check

Jul 11

Posted by Bhargav in Exchange 2007, Setup, Troubleshooting

If your Exchange 2007 servers are not connected to internet (which for most cases should be true), installation of Rollup Update can hang and/or Exchange 2007 managed code services do not start. This happens due to Certificate Revocation check for certificate used to sign the code. It is documented here and here.

For Rollup Installation, You can address this one of two ways:

Turn off certificate revocation check in Internet Explorer

In Internet Explorer –> Tools –> Internet Options –> Advanced tab
In the Security section, uncheck or clear the box for two options mentioned below:

Check for publisher’s certificate revocation
Check for server certificate revocation

Turn off certificate revocation check in registry

In registry editor browse to the following key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing

Change Value “State”  to 146944 Decimal or 0×00023e00 Hexadecimal

Either way, you should not leave these settings intact after installation of Rollup update. Do not forget to revert the changes. I don’t think you will ask me for steps to revert it if you used IE method. If you changed registry, I have listed details below.

Turn on certificate revocation check in registry

In registry editor browse to the following key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing

Change Value “State”  to 146432 Decimal or 0×00023c00 Hexadecimal

 

If you are facing second issue which is Exchange 2007 managed code services do not start after installation of Rollup Update is installed, you will want to create or change the configuration files as discussed in articles mentioned above. If you are not running .Net Framework 2.0 SP1 or above, you need to apply software updates mentioned in KB944752.

The process of creating or changing configuration files may seem daunting task. Especially if you need to do it on many servers. Guillaume Bordier has created PowerShell script to automate this task. You can read more about it here.

  • Windows Live Favorites
  • Windows Live Spaces
  • TechNet
  • Twitter
  • LinkedIn
  • Technorati Favorites
  • Share/Bookmark
Print

Tags:

No Comments

Exchange 2007 DAS or SAN? Discussion goes on…

Jun 23

Posted by Bhargav in Exchange 2007

I have read about it in many places and my friend Rob actually posted once here about it. Should I use SAN for my Exchange 2007? Will DAS save me money? What about performance? How do I manage storage silos? Troubleshooting complexities in SAN deployments… many questions and many views, but rarely an answer.

There is a reason for it. One cannot definitively answer this question. There are collaterals published by both Microsoft and Storage vendors. Each for obvious reasons promoting different solution.

Microsoft IT published a whitepaper that discussed how Exchange 2007 storage solution was designed and what went into the decision process. Everyone has been reading into the cost savings not realizing that’s not the only takeaway from that whitepaper. To summarize, the following factors played key role:

  • Previous SAN failure and it’s impact on availability
  • Dependency on another group for managing and troubleshooting storage related issues
  • Scaling to higher capacity for each mailbox while controlling costs associated with storage

And these were not the only factors so don’t respond to me with list of other factors that I did not list here.

Microsoft IT deployed DAS based solution and shared their challenges, decision process and outcome along with benefits they reap from the solution implemented.

At the end of the day, the decision is going to be made based on lot of factors including business reasons. Business reasons playing a key role in decisions that will decide if you will implement SAN or DAS. Few I will list here:

  • Existing investment in SAN solutions
  • Existing knowledge and expertise in SAN solutions
  • Management of storage (who is responsible? Application group or Storage group)
  • Cost to implement DAS solution (learning curve, procedures, staff training, support)
  • Operational framework and responsibilities (who should manage storage)
  • Willingness of Storage group to dedicate storage and guarantee performance (dedicated disks on shared array vs. shared disks on shared array)
  • SLAs, Tolerances, Dependencies, Time to recover… the list goes on

As you can see, the factors I listed above are not all technical. Business decisions are made by asking these questions along with facts that answer technical questions related to performance, MTBF, complexity to implement and manage/troubleshoot and so on.

In the end, I am not writing this post to tell you what is the best answer to DAS vs SAN debate. I am writing this to give you some questions that can help you decide for yourself what is best for your environment.

 

“We are our best friend or worst enemies.”

 

Some references to aggregate:

How Microsoft IT Exceeds High-Availability Targets with Large Mailboxes at Low Costs Based on New Storage Designs

Some more thoughts on SAN v DAS. Is it actually time to consider DAS? – Doug Owans

Brian Henderson – Microsoft Exchange Server 2007 Storage Considerations: DAS or SAN

  • Windows Live Favorites
  • Windows Live Spaces
  • TechNet
  • Twitter
  • LinkedIn
  • Technorati Favorites
  • Share/Bookmark
Print

Tags: , , ,

No Comments

How do I check Rollup Update version on Exchange 2007 server?

Jun 16

Posted by Bhargav in Exchange 2007, Exchange Management Shell, PowerShell

This is one question that gets asked around many times! The article “Exchange Server 2007: Platforms, Editions and Versions” gives important information to identify the build numbers for each Rollup Updates, however, it is unclear where to look for this information.

To solve that problem, I have come up with a script which looks at Exsetup.exe version and registry entries for each Rollup Update installed…

Uh, what happened to the rest of this post?

Well, since I wrote a better script that handles both Exchange 2010 and Exchange 2007, I have removed this script. You can find new version here.

  • Windows Live Favorites
  • Windows Live Spaces
  • TechNet
  • Twitter
  • LinkedIn
  • Technorati Favorites
  • Share/Bookmark
Print

Tags: ,

No Comments