As you may already know there are two versions of Exchange 2010 available:

• Standard, which supports a maximum of 5 databases
• Enterprise, which supports a maximum of 100 databases

In many cases the correct license will be installed immediately but in some cases it might be necessary to upgrade to the Enterprise edition. For example when your company buys another company and your Exchange environment will need to host all mailboxes of the employees of the other company which may not fit in your current database anymore. In these cases it might happen that you will reach the maximum of 5 databases which is the maximum of Standard Edition. But is it possible to upgrade to Enterprise in this case?

That was something which I thought was worth trying so I tested it in my lab environment. In the lab environment an Exchange 2010 Server Standard Edition is installed with the maximum of 5 databases. Now I want to add another database which would be the 6th database so this will have as a result that I would need to upgrade to the Enterprise Edition. In the Exchange Management Console you will not find the option anymore to fill in a license key so the only option left is the Exchange Management Shell.

By executing the following command:

set-exchangeserver -productkey 123445-14553-53363-453463

We will tell Exchange to use a new productkey, in this case a productkey for the Enterprise Edition. Just as like upgrading from a trail key to an official key you will need to restart the Information Store service.

Once restarted run the get-exchangeserver cmdlet and you will see you have upgraded from Standard Edition to Enterprise Edition. But is there a way back? No there isn’t. You can only perform an upgrade and not a downgrade. When you try to do this you will receive the following error message:

So don’t change the key before you are 100% sure that’s this is the way to go.

Gepost in Exchange 2010 ~ Geen Reactie

According to the Technet documentation you should be able to install Exchange 2010 in an environment where Exchange 2007 is running. A while ago I got a question from a customer who had an issue when trying to install Exchange 2010. The problem occured running the setup.com /ps to extend the schema for Exchange, the following error message was displayed:

The schema version of Exchange 2007 SP3 is higher than the one from the Exchange 2010 setup. This makes it impossible to install Exchange 2010.

When you have installed Exchange SP3 you will have to wait for a service pack which will extend the schema. Because a lot of people will probably install Exchange 2007 SP3 this may be included in SP1 for Exchange 2010.

Below an overview of the Exchange versions and which schema version they use:

If you would like to know how you can find out which version of AD schema you are using then take a look at the site below:

open

Gepost in Exchange 2010 ~ 7 Reacties

It has been a while since the last tutorial, so it gets time to publish a new one. This one will inform you about the new functionality that’s included in Exchange 2010 SP1 beta and then specifically the Unified Messaging role.

Have fun reading it:

open

Gepost in Exchange 2010 ~ Geen Reactie

In Exchange 2010 SP1 beta you will find a lot of changes. In this tutorial I will have a closer look at the Unified Messaging Role from Exchange 2010 SP1. 

Before starting the installation of the UM role you will need to ensure that you have installed the two prerequisits mentioned below: 

• Unified Communications Managed API 2.0, Core Runtime (64-bit)
• Speech Platform

This is one of the new things in Service Pack 1, in the RTM version this was not necessary. In RTM you only needed to install the prerequisits using the Excahnge-UM.xml file. The files mentioned above are additional to this. Please pay attention when installing the Unified Communications Managed API 2.0 it might look the installation is done very quickly. But what is only done during the installation is extracting the files to C:\Microsoft UCMA 2.0 RuntimeInstaller Package\amd64 here you can find the file  SetupUcmaRuntime which does perform the installation of UCMA 2.0. 

After the files have been installed you can start the installation of Exchange and select the Unified Messaging Role. Besides selecting the Unified Messaging Role don’t forget to place a checkmark before automatically install Windows Server Roles and Features required for Exchange Server. This new option will install all Windows Server Roles and Features necessary for the installed Exchange role. 

Once installed it’s time to start the Exchange Management Console and selecting the UM Server which can be found under the organizational configuration tree. On the organizational configuration level you can configure the following things: 

• dial-plan
• gateway
• hunt group
• auto attendant
• UM policy

Let’s begin with creating the dial-plan. First we need to specify the name, the length of the extensions, URI type, VOIP Security and Country/Region code. Depending on what kind of implementation you are performing you might chose other options for the URI type and VOIP security. In this case the dial-plan will be used to attach the Exchange UM server to an OCS 2007 R2 environment. 

In the next step we will need to add the servers attached to the dial-plan. In this case it’s only one server but in an environment where you’ve got multiple UM servers you can easily add them all here. 

Before the dial-plan is created you will get an overview of the settings which will be used. When pushing the New button the dial-plan will be created. 

When the dial-plan is created you will see a warning. This warning is the result of the default configuration of the UM server. The UM Server is default configured to accept traffic using TCP. Since we configured the dial-plan to accept only traffic which is secured we will need to modify this option on server configuration level so that the server will accept TLS traffic. 

After the wizard has been closed you will need to get the properties of the dial-plan to configure the subscriber-access. This feature can be used by users to call their mailbox to, for example, check if new mails have arrived. Once you get the properties of the UM server select the subscriber access tab and add the extension which you would like to use fot this functionality. 

Next step in the process is to add the gateway to which the Exchange UM server will need to send it’s traffic to. 

We will only need to specify a name, IP-address of FQDN of the gateway and the dial-plan which may use this gateway. 

During the creation of the gateway a hunt group will be automatically created. In some cases it may be necessary to remove the hunt group and create a new one.  This because the pilot identifier will not be configured by default. If want to skip the creation of the hunt group don’t select a dial-plan and attach the gateway manually to the dial-plan. 

Default a UM Mailbox policy will be created during the creation of the dial-plan. With this policy you may not have to change things as the settings are OK for your organization. But if you like to make changes to the text of the message which is send to the users when they are UM enabled then modify the policy. 

Beside the text there are a lot of other settings which are defined by this policy. For example the pin policies which you would like to apply to users: complexity, minimum pin length and wrong pin attempts. 

Optional it’s possible to configure an auto attendant. This is an electronic operator which can transfer calls and play a menu to the caller with options which will transfer him/her to the correct department. 

The configuration at organizational configuration level is finished and so it’s to configure some things on server configuration level. Get the properties of the UM server and select the UM Settings tab. Change the value of the startup mode to TLS or Dual and press OK. 

A warning will be displayed that the Exchange UM service will need to be restarted and that you will need to verify that a valid certificate is assigned to the service. The certificate is important because we selected secure at the dial-plan. This will ensure that all traffic is secured using certificates for authentication. If an invalid certificate is used by one of the parties the communication will fail. 

If you decide to install the certificate later then you may have some issues with restarting the Exchange UM service. This because the self-signed certificate is not assigned to the Exchange UM service. 

Configuring UM can be dan a lot easier when using Powershell. Below you will find an overview of commands which you can use to create the configuration exactly as done via the GUI: 

New-UMDialplan -Name Utrecht -UriType SipName -NumberOfDigitsInExtension 3 -VoIPSecurity Secured -AccessTelephoneNumbers “110″ -CountryorRegion 030 

New-UMIPGateway -Name “Utrecht VOIP Gateway”  -Address 192.168.1.250 -UMDialplan “Utrecht”   

New-UMAutoAttendant -Name Utrecht_AA -UMDialPlan Utrecht -PilotIdentifierList ”+313012345100″ -SpeechEnabled $true 

Set-UMserver -identity “ex” -DialPlans “Utrecht” -UMStartupMode “TLS” 

If you like Powershell then I recommend to use it because configuring UM goes a lot faster.

New in SP1 are two additional expensions for the UM role, these can be found under tools in the Exchange Management Console:

• Call Statistics
• User Call logs

First the call statistics, this report utility can be used to generate overviews of calls which are processed by your Exchange UM server. This may be very usefull when you would like to get an overview of how much users will use the UM functionality of Exchange.

Besides to the overall overview you can generate reports per user using the user call log. In this overview you can for example see how much calls a user receives and which quality the call was. This may be very usefull when troubeshooting the quality of calls

But what are the other changes in SP1 when looking at UM:

• you can assign a second dial plan to a user. In some scenario’s ut may be usefull to assign a second extenstions to a user.
• cross-forest migration of UM-mailboxes is possible
• UM Settings can be managed using the Exchange Control Panel
• no support for Exchange 2010 SP1 in combination with Office Communication Server 2007

Remark: all features and screenshots mentioned in this article are based on the beta of SP1 and may change in the final release.

Gepost in ~ Geen Reactie

During a migration of a mailbox from one forest to a new Exchange Forest I encountered the following problem:

(PID 5396, Thread 640) Task New-MoveRequest writing error when processing record of index 0. Error: Microsoft.Exchange.MailboxReplicationService.MailboxReplicationTransientException: Service ‘net.tcp://cas001.lab.local/Microsoft.Exchange.MailboxReplicationService’ encountered an exception. Error: MapiExceptionNetworkError: Unable to make connection to the server. (hr=0×80004005, ec=2423)

Diagnostic context:

Lid: 25922   StoreEc: 0×977      —> Microsoft.Exchange.MailboxReplicationService.MailboxReplicationTransientException: Exception details: MapiExceptionNetworkError (80004005): MapiExceptionNetworkError: Unable to make connection to the server. (hr=0×80004005, ec=2423)

But what is the cause of this error? Well there are multiple causes of this issue. The message MapiExceptionNetworkError tells you that there is a problem connecting to a server. The next question is which server? This can be found on the rule starting with Lid 8856, when looking at the end of the rule you will see the name of the server, in this case EX02.

When looking a little bit further in the log you will see the 0×80004005 error code which might be caused by an authentication problem.

This last option could be easily verified by performing the new-moverequest again and this time with the correct credentials.

But when this does not work which things can cause can you check:

• is the server reachable
• check the firewall settings on both sides
• can you resolve the server on NETBIOS name

I admit the last option is a little bit strange, but in this case caused the issue. On the NIC the default DNS suffixes where registered but not the old one. After adding the old suffix in the TCP/IP configuration the command worked without any issues.

Gepost in Exchange 2010 ~ Geen Reactie

During a cross-forest migration from Exchange 2003 to Exchange 2010 I found a nasty issue while migration a mailbox. The first 10% of the move request went OK but after that it failed. In the first 10% the mailbox is created, the folder structure is created and permissions are set on the folders.

I started looking in the event log as, by default, enough information is logged here to see why a move request failed and found the following event:

Mailbox move for ‘xxxxxxxxxxxxxxxxxxxxxx’ (d126705e-af4d-4aca-83c6-0ea443a2ad60) has failed.

SD: O:S-1-5-21-3869603026-3631219241-1903344517-3835G:S-1-5-21-3869603026-3631219241-1903344517-513D:AI(A;OIIO;0x1f0fbf;;;S-1-5-21-3869603026-3631219241-1903344517-3835)(A;CI;0x1fc9ff;;;S-1-5-21-3869603026-3631219241-1903344517-3835)(A;OIIO;0x1208a9;;;S-1-5-21-4230955503-526549450-3057572010-5377)(D;OIIOID;0x1f0716;;;S-1-5-21-3869603026-3631219241-1903344517-2781)(A;CI;0x1208a9;;;S-1-5-21-4230955503-526549450-3057572010-5377)(D;CIID;0xdc916;;;S-1-5-21-3869603026-3631219241-1903344517-2781)

As you can see above it has some problems with the Taken folder. When we had a look at this folder together with the end-user we found out that specific permissions where set in the folders. So we asked if he could remove them on one of the folders to check if that fixed the issue. After the user had done this we were a step further but, as expected, had the same issue with another folder. As it isn’t an option to remove all permissions before migrating the mailbox I decided to contact Microsoft.

After we contacted Microsoft a lot became more clear. During the migration of a mailbox from Exchange 2003 to Exchange 2010 the process will try to regenerate the ACL’s on the Exchange 2010 side. This because Exchange 2010 does use the ACL’s in another way then Exchange 2003. It can happen that the an ACL get’s corrupt which will cause the migration of the mailbox to fail.

The solution: redefine the permissions via Outlook either by removing and adding them again or by changing them to something else and then change them back to the original permissions. Not a really nice solution but you can continue migrating.

Collegue Michel de Rooijave me another tip, try to use PFdavAdmin with this tool it’s possible to fix AC’L's of mailboxes.

Gepost in Exchange 2010 ~ Geen Reactie

During a cross-forest test migration from Exchange 2003 to Exchange 2010 I got the following error:

Warning: Unable to update AD information for the source mailbox at the end of the move.  Error details: An error occurred while updating a user object after the move operation. –> Failed to find the address type object in Active Directory for address type “SMTP:AMD64″.
Failed to cleanup the source mailbox after the move.
Error details: MapiExceptionNotFound: Unable to delete mailbox. (hr=0x8004010f, ec=-2147221233)

When I looked in the old and new environment I found out that the mailbox both existed in the old and new environment. In this  case you might have a big issue even when the mail is delivered in the Exchange 2003 environment  and the homeMDB attribute is not updated. Updating the attribute may take a while due to AD replication, in this case mail is not delivered in the new mailbox and so mails will not be placed in the new mailbox.

To prevent this issue Microsoft has released a hotfix for Exchange 2003 which can be found on the website below.

open

Gepost in Exchange 2003, Exchange 2010 ~ Geen Reactie

By accident I found a bug in Exchange 2010. The issue only occurs in Exchange 2010 and if you have multiple CAS servers which are located in different sites and can’t communicate to eachother. Till now I only saw the issue with Exchange 2010 where an extra CAS server was added to the mainoffice. In this case this is the 3rd CAS server in the Exchange 2010 environment

Normally you will get a nice overview of all CAS servers when running the get-owavirtualdirectory command. But when no RPC traffic is allowed between the sites you will get the following result:

As you can see the command will display the first CAS server but it goes wrong when it wants to connect to the 2nd CAS server. This is normal because it can’t connect to it via RPC. Normally you would expect that the query will continue to run and will display the other servers, NOT. After contacting Microsoft they confirmed that this is a bug which will be fixed in a future update.

Workaround: open RPC

Gepost in Exchange 2010 ~ Geen Reactie

During the conversion of a pilot to production environment I found a nice issue. The mailboxes needed to be moved from the old mailbox server to the new mailbox server. Normally not a very exciting proces which can be done both by using the Exchange Management Console as Exchange Management Shell. But the move from the old Exchange 2010 mailbox server to the new Exchange 2010 mailbox server failed with a strange error. So first I had a look in the event log of the server and found the following error:

(PID 5988, Thread 954) Task New-MoveRequest writing error when processing record of index 0. Error: Microsoft.Exchange.MailboxReplicationService.MailboxReplicationTransientException: The call to ‘net.tcp://cas.domain.local/Microsoft.Exchange.MailboxReplicationService’ failed. Error details: The type initializer for ‘Microsoft.Exchange.MailboxReplicationService.LocalMailbox’ threw an exception.. —> System.ServiceModel.FaultException`1[System.ServiceModel.ExceptionDetail]: The type initializer for ‘Microsoft.Exchange.MailboxReplicationService.LocalMailbox’ threw an exception. (Fault Detail is equal to An ExceptionDetail, likely created by IncludeExceptionDetailInFaults=true, whose value is:

System.TypeInitializationException: The type initializer for ‘Microsoft.Exchange.MailboxReplicationService.LocalMailbox’ threw an exception. —-> System.IO.FileLoadException: The located assembly’s manifest definition does not match the assembly reference. (Exception from HRESULT: 0×80131040)

   at Microsoft.Exchange.MailboxReplicationService.LocalMailbox..cctor()

   — End of inner ExceptionDetail stack trace —

   at Microsoft.Exchange.MailboxReplicationService.LocalMailbox..ctor(LocalMailboxFlags flags)

   at Microsoft.Exchange.MailboxReplicationService.LocalSourceMailbox..ctor(LocalMailboxFlags flags)

   at Microsoft.Exchange.MailboxReplicationService.MailboxReplicationService.<>c__DisplayClass25.<GetMailboxInformation2>b__24()

   at Microsoft.Exchange.MailboxReplicationService.CommonUtils.CatchKnownExceptions(GenericCallDelegate del, FailureDelegate failureDelegate, MrsTracer tracer)

   at Microsoft.Excha…).

   — End of inner exception stack trace —

   at Microsoft.Exchange.MailboxReplicationService.CommonUtils.CallService(GenericCallDelegate del, String epAddress)

   at Microsoft.Exchange.MailboxReplicationService.MailboxReplicationServiceClient.GetMailboxInformation(Guid primaryMailboxGuid, Guid physicalMailboxGuid, Guid targetMdbGuid, String targetMdbName, String remoteHostName, String remoteOrgName, String remoteDCName, NetworkCredential cred)

   at Microsoft.Exchange.Management.RecipientTasks.NewMoveRequest.InternalValidate()

   at Microsoft.Exchange.Configuration.Tasks.Task.ProcessRecord()

As you can see in the error message there went something wrong with the Exchange Mailbox Replication Service (MRS). These services are located on a server which has the Client Access Role installed on it and is responsible for moving the mailbox from the source to the target server. When you have multiple CAS servers in one site the MRS services will share information about the mailbox move process to prevent multiple servers are busy with the same request.

As their was only one CAS, cas.domain.local, I decided to have a closer look at that server. The MRS service was running according to the services.msc so I decided to restart the Mailbox Replication Service. After this was done I tried the move of the mailbox again and this time it went without issues.

I haven’t found the cause why this issue happened. One of the issues could be a mailbox database which is not 100% healthy. By using eseutil and isinteg you can fix the database and then try the process again.

Below you will find some links to sites containing further information about this topic:

Technet: Understanding Move Requests open

Technet: Troubleshooting Mailbox Moves open

Gepost in Exchange 2010 ~ 1 Reactie

I had a nice issue during the installation of Forefront for Exchange 2010. It began with an issue with the pre-release which caused the Exchange Transport service to stop after a failed update of Forefront. This had as result that several Forefront services didn’t start anymore. As the Exchange Transport service is dependent on the Forefront service this had as result that this service didn’t start anymore also. Which caused no mails could be send and received.

As the RTM is released it was a nice moment to install that one. So first removed the pre-release so this couldn’t cause any issues. After this the problems began, the first steps went OK till I reached the prerequisite check. This gave the following error:

First I checked the group membership of the user, these were:

• local administrator
• domain administrator
• Exchange organization management groep

So this couldn’t cause issues because this should be enough. So I tried to connect to the domain controller on specific ports which was no issue at all. You may ask why does the setup needs to reach the domain controller? Well during the setup the computeraccount needs to be added to the Exchange Hygiene Management group. Because we had to make some changes in the firewall so the servers could reach some other domain controllers in another location.

As last step I wanted to show a collegue the issue and was surprised when the setup continued. So we started to investigate the issue. The problem was that the Exchange server couldn’t reach the domain controller which had the PDC and RID Master FSMO roles.

Now everything is fixed I can look back at a good learning moment en why the pre-release installation worked ? All servers where in the same location when that happened.

Gepost in Exchange 2010 ~ Geen Reactie