Monthly Archives: July 2016

Resolve Frequent Account lockout of Notes ID

Lotus Notes July 28, 2016 Comments: 2

One of the notes user when trying to log in was getting the below message even though recovered and reset new notes ID was given to him from the server.

“Server error: Your password was expired and your account are locked; contact the system administrator to unlock it”
That message sounds more like a Windows lockout ,but the message is actually coming from Lotus Notes.
I was unaware that Notes would give a message like that and i’m seeing this for the first time . I haven’t worked much on  domino other than creating notes ID, recovering ID, creating routing mailboxes , creating new DB’s, copying /moving the DB’s and monitoring the services.

Posting this solution so it may help others if they face this issue.

Solution:

Open Domino Administrator – Go to the users person doc in the names.nsf – Go into edit mode – and then the administrator tab.

Go to Password management section in edit mode
Make sure check password is set to “don’t check password”
Set “Required Change Interval” to 0
Change the “Grace Period” to 0.
Clear the contents of the Password Digest field in the person document in the Domino Directory.

notes

Once above is done replicate notes topology ,replicate names.nsf through Notes Network.
Once after making the above change user is able to login to the notes.
Always make sure the password digest field is removed for any new ID creation as well as for recovered ID files , which will help the user to login in the first attempt itself by the provided recovered notes ID file.

Thanks & Regards
Sathish Veerapandian
MVP – Office Servers and Services

Offline Address Book Configuration in Exchange 2010 & 2016 Coexistence

Exchange 2016, Offline Address Book July 25, 2016 Comments: 4

In this article we will have a look at the OAB configuration in Exchange 2016 in coexistence.

Outlook will trigger an OAB download every 24 hours right from the time it received the last fully updated OAB files.

A small background functionality of OAB from Exchange 2016:
1)Outlook Queries OAB through Autodiscover URL.
2)Reaches the Exchange 2016 mailbox OAB Virtual Directory.
3)Exchange 2016 Mailbox  Client access service  queries Active Manager and finds out database hosting  organization  Arbitration mailbox.
4)Then OABGen Assistant from the Arbitration mailbox will provide the required information.
5)Like with Exchange Web Services, Autodiscover will provide the Offline Address Book URL.This request will then be proxies to OABGEN mailbox which had the OAB information and this information is served back to the client.
The OAB files are stored in the same place as we have in Exchange 2013 CAS server but now it will be on Exchange 2016 Mailbox server itself since we do not have the CAS role.

In Exchange 2016, the OAB files are generated and stored in the Organization arbitration Mailbox with persisted capability first and later copied to the location %ExchangeInstallPath%\ClientAccess\OAB\ folder in the Mailbox Server.

Below are the important things to perform:

1) When we introduce Exchange 2016 we need to create a new Offline Address Book
New-OfflineAddressBook –name “OAB NEW” –Addresslists “\Default Global Address List” -VirtualDirectories $null
2)Make sure 2016 OAB Virtual Directories URL’s are pointing to the Exchange 2016 Servers.
Run the below command to check the settings
Get-OabVirtualDirectory | ft identity,internalurl,externalurl -AutoSize

3)Change the default OAB on Exchange 2016 databases, to do so open Exchange 2016 Management Shell and run the following command:

Get-MailboxDatabase | Set-MailboxDatabase -OfflineAddressBook “\Default Offline Address Book (Ex2016)

Enable GlobalWebDistribution
The recommendation is to enable global web distribution for all OABs hosted on Exchange 2016.

What is the benefit of doing this?
The main benefit is all Exchange 2016 Mailbox servers can take part only in web distribution.
The OAB generation still remains with the mailbox server which hosts the active copy of the DB which has the Arbitration Mailbox with Persisted capability.

How to check if GlobalWebDistributionEnabled is set to true
Run the below command.
Get-OfflineAddressBook Select | Identity,Name,GLobal* |Fl

If it is set to false set it to True by running the below command.
Set-OfflineAddressBook <E16OAB> -GlobalWebDistributionEnabled $true

What is this GlobalWebDistributionEnabled parameter?
This parameter is used by Autodiscover to determine which mailbox OAB virtual directories are eligible candidates for distributing the OAB to the clients.
By doing the above action we are making all Mailbox Servers to distribute the address book automatically.

Enable Shadow Distribution:

By enabling this we can have a shadow copy of an OAB instance generated by an Arbitration Mailbox to another Arbitration Mailbox.
Prior to enabling shadow distribution, we should deploy an OAB generation mailbox in each AD site where Exchange 2016 infrastructure is deployed.

Benefits of Shadow Distribution:
1)Prevents the OAB download across WAN if the user is connecting from different site.
2)If we don’t have this Shadow distribution enabled then it will trigger a full instance of OAB download if the user logs in from another site .

We can enable Shadow distribution by running the below command.
Set-OfflineAddressBook “Redmond OAB” -ShadowMailboxDistributionEnabled $True

Again we can enable this option if the end users are travelling and connecting in multiple sites randomly.
Point new Exchange 2016 On-Premises DBs to the new default Offline Address Book that was created.
And make sure current Ex 2010 DBs are pointing to Ex 2010 OAB until the migration is completed.
After installing the 1st Ex 2016 new Ex 2016 DBs should point to new default OAB.

Do we need to move the Exchange 2010 OAB’s ?
No we don’t have to move, all OAB’s . They have already been created and stored in OABGEN mailbox and are Updating 12 times a day.
From Exchange 2013 all OABs have gone into <Default Offline Address Book>.

After the configuration try to browse the OAB end points and see if you are able to login
https://mail.domain.com/oab/07a8-6g35-7d30-36sh-84b5-15g4h/oab.xml

Below example of how it looks after successful authentication

OAB
OAB URL can be taken from Test Email AutoConfiguration Outlook results.
Download the OAB and see the results.

By default, a new OAB is generated every 8 hours in Exchange Server 2016, but we can change the interval by using the Exchange Management Shell by using a new-setting override.

New-SettingOverride -Name “OAB Generation Override” -Component MailboxAssistants -Section OABGeneratorAssistant -Parameters @(“WorkCycle=02:00:00”) -Reason “Generate OAB every 2 hours”

Note: It is better to leave the default work-cycle schedule and not modify them.

Thanks & Regards
Sathish Veerapandian
MVP – Office Servers & Services

Configure Enterprise Vault Office Mail App in Exchange 2016 Environment

Enterprise Vault, Exchange 2016 July 14, 2016 Comments: 4

The Enterprise Vault Office Mail App provides Enterprise Vault features in end users outlook and owa. This works in Integration with the Microsoft  Office Mail apps feature.
It is desired that users will try to  access  archived items via OWA as well when their older items are being archived by a  archive system.
The Enterprise Vault Office Mail App does not appear in Outlook or OWA by default.
It requires deployment to users  or organizational level and only then they will appear.

In this article i will explain quick steps to perform this action on a environment where we have the Archive enabled for Exchange 2016 users through Enterprise Vault

There are 3 possible methods to perform this action:

1)  We can deploy them to individual users.
2) We can deploy them to group of users.
3) We can deploy them to whole organization on the Mailbox Server Organization level.

The main methods are as below:

1)  We need to deploy the Office Mail App on the Newly introduced Exchange 2016 Server on the org level to EV server.
2) Setting up the Enterprise Vault Office Mail App
3) One important note that we need to make is that if we enable this feature on organizational level then this option will appear on all mailboxes including the one’s which has not EV enabled.
4) The same Enterprise Vault server is used for Office Mail App requests from
all users.

The high level steps are as follows :
1)We need to run the PowerShell command New-App in the Exchange Management
Shell on Exchange 2016 Server .
The command requires the following:
2)An Exchange 2016 Server  that is enabled for archiving and that you want to enable
for the Office Mail App.
3)The URL of the OfficeMailAppManifest.aspx page from the EV server.
The server that is specified in the URL can be any Enterprise Vault server
in your site can be http or https according to the IIS config on your EV server.
Office Mail Apps must only be served using Secure Sockets Layer (SSL). We need to  obtain a certificate from a certification authority.
4)The Exchange server sends a request to Enterprise Vault server EV1 to
configure a manifest file.

 

We need to run the below command to enable this feature on organizational level :

Add-Type -AssemblyName System.Web
$Mbx = get-mailbox “mailbox”
New-App -OrganizationApp -DefaultStateForUser:enabled -Url `
(“https://EV_server/EnterpriseVault/OfficeMailAppManifest.aspx?LegacyMbxDn=&#8221; +
[System.Web.HttpUtility]::UrlEncode($Mbx.LegacyExchangeDN))

Where:
■ mailbox is the name of a mailbox that is enabled for archiving.
■ EV_server is the name of Enterprise Vault server which has this manifest file in your organization.

 

When a user access the EV office mail app from the owa or Outlook following things happens:

EV
a) Basically this officeMailAppManifest.aspx page from EV server generates a manifest file
for Exchange and sends it to the Exchange 2016 server.
b) The manifest file contains the Office Mail App settings for Exchange.
c) The settings include the URL from which the Office Mail App will be loaded.
d) Later end user will be able to perform his archive action  from the Office Mail App.

Below are the steps to enable EV web app for individual users :

$mbx = Get-mailbox mailbox@domain.com | select LegacyExchangeDN
$url = “https://EVurl.com/EnterpriseVault/OfficeMailAppManifest.aspx?LegacyMbxDn=”+ $mbx.LegacyExchangeDN
New-App -Mailbox $mbx.LegacyExchangeDN -Url $url

Later we can verify the end user web app readiness by accessing the Manifest URL from his PC

https://evurl.com/EnterpriseVault/OfficeMailAppManifest.aspx?LegacyMbxDn=/o=MSG/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=mailbox

On accessing the end user should be able to see the XML file an example below.

EV2

On a failure to see the XML file will not result in accessing this feature from end user level.

After its enabled this will how it will be displaying for end users on their OWA and Outlook when they open any emails.

EV1

Note:

1)  This office mail app  is not an mandatory feature to be enabled for all users . All users can see their archived items from the archive URL and the EV thick client on their desktops. This mail app gives more comfort for the end users to access, make operations on their archive from the owa and viewing their email on outlook itself.
2) Support for the Enterprise Vault Office Mail App is pending from Exchange 2016 CU1 and not in Symantec compatibility lists.At this moment the Office mail app is working only on owa in Exchange 2016 CU2. Symantec has confirmed that they will be soon releasing a patch which will support this feature on Outlook as well.
3) With Exchange 2016 CU2 Archive is working fine on the Outlook EV Client and the EV Web URL.
4) Enterprise vault to be compatible with Exchange 2016 Cu2 server version requires  Enterprise Vault 11.0.1 Cumulative Hotfix 4 or later.

Below are the following commands are available for managing Office
Mail Apps in Exchange 2016:

Get-App                  – Returns information about the installed Office Mail Apps.
New-App                  – Deploys an Office Mail App.
Remove-App               – Removes the specified Office Mail App.
Disable-App              – Disables a specific Office Mail App for a specific user.
Enable-App               – Enables an Office Mail App for a specific user.
Set-App                  – Sets configuration properties on an Office Mail App.

Thanks & Regards
Sathish Veerapandian
MVP – Office Servers and Services

Extending the existing storage on Linux applications

linux July 10, 2016 Comments: 2

It can happen that we arrive at a point where the storage is not sufficient or reached the maximum level on the Linux Servers.
In this case we need to add a new  physical disk ,create a physical volume and extend the existing  logical volumes assigned on the Linux based application.

There are many ways of doing this job.
In this article we will have a look at one step to accomplish this activity.
Before assigning the new physical disk  to the application  we need to check the below values.

Open Putty session ssh to the Linux server and run the below commands in order.
a. fdisk –l

This Fdisk command line utility is very useful in terms of creating space for new partitions, organising space for new drives, re-organizing an old drives and copying or moving data to new disks. It allows us to create a maximum of four new primary partition and number of logical (extended) partitions, based on size of the hard disk we have in our system.

In our case we use the above command to View all Disk Partitions their size and their name  in Linux system

Linux

b. pvs

This reports information about physical volumes.
pvs produces formatted output about physical volumes.
In our case we use this to check the current physical volume size.

Linux1

c. vgs
vgs command provides volume group information in a configurable form, displaying one line per volume group. The vgs command provides a great deal of format control, and is useful for scripting.
We are using this to display properties of LVM volume groups

Linux1

d. df 

To get the VG name and LVNAME

df displays the amount of disk space available on the file system containing each file name argument. If no file name is given, the space available on all currently mounted file systems is shown.
In our case why we are using this is to check the current free space on the disks currently assigned.

Linux2
Also we get the current disk VG and LV names ,so that we run the LV extend on them after assigning the new disk in the next steps.

Now we need to follow the below steps after assigning the new disk

a. fdisk –l
Now after assigning the new disk we need to Compare the output from previous step fdisk output to find out the new disk name.

After identifying the new disk name we need to create the Physical Volume.

b. pvcreate /dev/sd<New Disk>

After we get the new disk name from the previous output we should run the above command with the new disk name.
Here we are actually choosing the newly assigned physical volumes that will be used to create the LVM.
We can create the physical volumes on the linux system using pvcreate command.

c. lvextend –lvresize +200GB /dev/VGNAME/LVNAME

lvresize can be used for both operations (shrinking and/or extending) The lvresize will resize only the virtual volumes.
In our case we are using this command utility to the newly added space to resize the existing LVs.

There are few other options to extend the logical volume. By using the above command syntax we are reserving additional 200 GB space on this physical disk.
This 200 GB free space can be extended any time online to any LV’s without need for a reboot or bringing down the application if we run out of space for the file system  in future.

So It is always important to include the plus (+) signs while resizing a logical volume.
If we don’t do this then we are setting a fixed size for the LV instead of resizing it.

d. Finally after all the above steps are done we can run pvs
After running PV’s we can Compare the output from previous step output of PVS;
After the comparison the we need to extend new  volume group by the below command.

resize2fs /dev/sd<newdisk>

Note:
Its very important to note that you need to understand how the LV’s , PV’s & VG’s are created and assigned on the Linux application.
Also do this only if you have worked and having knowledge on the Linux systems.
If you are not sure on this its always better to perform this action with Linux Admin.

Thanks & Regards
Sathish Veerapandian
MVP – Office Services & Servers