Author Archives: Sathish Veerapandian

Foreign Connectors VS Delivery Agent connectors

Connectors, Uncategorized January 30, 2016 Leave a comment

Over the period of time these foreign connectors have been playing a major role in handling the non SMTP messages from the applications and FAX machines.

These foreign connectors manage a file transfer system process to route inbound/outbound messages from a NON-SMTP systems.

For outbound systems it uses the drop directory where applications must create and submit their own messages to this drop directory .
These foreign connectors checks if the messages are properly formatted (MIME)
and then move them to the drop directory. From here Exchange has done its job and its the responsibility of the NON-SMTP system to pick these messages and deliver them.

For the inbound flow the message should be submitted to to the replay directory from the non-smtp system. We need to make sure that the submitted messages are properly formatted in MIME or TIFF(Usually used format) so that  exchange picks them up, processes these messages and delivers them to the directory.

Usually these directories are not scoped to these connectors and we need to run the below command  an example below

Set-ForeignConnector -identity Test -DropDirectory \\exchange2010\share

Running the above command will create a shared directory for the outbound so that after exchange drops the email the non-smtp system will pick these messages for delivery.

From Exchange 2013 these foreign connectors have been depreciated.Since it uses  file transfer systems to route the messages through drop(outbound) and replay (inbound) the sender will not be aware if the message has been delivered to the recipients.

But still this foreign connectors can be configured in Exchange 2013

From Exchange 2013 Microsoft recommends to have the delivery agent connectors which is having a simpler configuration compared to the foreign connectors.

Below are the advantages of having the delivery agent connectors:

  1. There is no need to manage file transfer to a Drop directory and check the drop directory quota, permissions etc.
  2. We can use the queue management for messages that are routed to non-smtp systems through this method.
  3. We can verify and acknowledge the message delivery to which is a major benefit when compared to foreign connectors.

 

Each delivery agent is associated with a Delivery Agent connector, which queues messages routed to the delivery agent for processing and delivery to the non-SMTP device or system

A delivery agent is a component installed in the Transport service of a Mailbox server.
Example there is a Citrix Virtual Delivery Agent which is used for one of the citrix application to route the non smtp messages.
If there is a agent required for your non-smtp system then we need to install that agent on Mailbox servers of exchange 2013 & 2016

By Default there is a text messaging Delivery Agent connector.
This is an agent which is installed by default in the Mailbox Servers of Exchange 2013 & 2016.
This delivery agent connectors are available from exchange 2010 where they are present in hub roles.

By default it will have only the default mobile delivery agent connector. You can see the delivery protocol is mentioned as MOBILE.

So for other delivery agent connectors we need to specify the protocol types.

D1.png

Example if we need a delivery protocol as x400 which most of the fax applications and non-smtp application uses we need to run the below command.
New-DeliveryAgentConnector -Name “Contoso X.400 Connector” -AddressSpaces “X400:c=US;a=Fabrikam;p=Contoso;1” -DeliveryP
rotocol “X.400” -SourceTransportServers Mailboxserver

D2.png

After performing the above the  message is routed to a Delivery Agent connector, the associated delivery agent performs the content conversion and message delivery.

Thanks

Sathish Veerapandian

Troubleshooting addressbook issues in Lync 2013/Skype For Business

Lync, Skype for Business January 15, 2016 Leave a comment

 

You might come across a scenario where end users might report that they are not able to search for contacts  through Lync/Skype for Business client.

In this article i have collected few troubleshooting steps based on my experience which might help in addressing these kind of issues

Before looking into troubleshooting lets have a small idea on the address book synchronization :

The address book creation in Lync client happens separately and it never talks to Exchange.

The core component user replicator which was introduced from Lync 2010 contacts Active Directory very frequently once in every 60 seconds and updates the information of the users present in the Lync server. This interval is set by default and can be altered.

These updated information is stored in the backend SQL database named RTCab.

After the above job is completed it doesn’t mean that the address book is updated.After this the responsible server for  update process of  address book will start a synchronization pass once in every 24 hours usually 1:30 AM local server time.

This information will be updated in the address book files in the shared folder in the type dabs file.

So by looking into the above process there can be so many factors which might block searching the address book from client perspective.

Below  troubleshooting steps which might help in fixing these issues.

1)  First identify how many users are affected. Check the version of the client Lync 2013, Skype for business 2015 or Skype for Business 2016 client.

Pick any one of the affected user and perform the below tests.

From the affected PC try to access the URL you have published for lync  https://webs.contoso.com/abs and see if you get the authentication prompt.

If you are not getting the authentication prompt then there is some serious issue with the connectivity from your end reaching the server. You have to fix this issue.

2)  Run the command Get-CsUserReplicatorConfiguration and see the replication cycle interval.

Lync2

The replication cycle interval by default is 60 seconds. If this value has been modified then we need to wait till the replication interval period gets completed.

3)  Its better to check the Synchronizepolling interval .This is the value which the addressbook server looks for any pending synchronization events for the lync users.Because there are more chances this value might be altered if you don’t want to happen this for every 5 minutes. In that case we need to wait till the interval period completes or run the Update-CsAddressBookConfiguration.

This value can be altered from 5 minutes to 3 hours.

Lync3

4) Check the Csclientpolicy

Run the command Get-CSClientPolicy and see the AddressBookAvailabilty configuration.

Lync1

Basically there are 3 options which we can set based on our requirement for this Lync/Skype for business address book availability.

a) Websearchandfiledownload.

b) Websearchonly.

c) FileDownloadOnly.

Its very self explanatory based on the names that we have for the addressbook.

By default this value is set to Websearchandfiledownload only. By having this option what it does is a local address book cache file from each client will be downloaded from the server. After that the Lync client will use the local cache. In-turn it will use the websearch functionality to download the user photos only.

So basically it takes 24 hours of time to have a fully updated local cache files.

When we have a web search only option  it does a direct lookup to the RTCAB database which will give the fully updated information for the lync/SFB clients. This is more or less similar like difference between having users in Outlook Cache Mode and in online Mode.

It would be better if we have a separate client policy only for the top VIP users. This will help them to see all the updated information from the Active Directory.

Inorder to create the client policy you can run the below command

New-CsClientPolicy -Identity VIP -AddressBookAvailability WebSearchOnly.

You can use this option for all users as well if we have less number of users where the user attribute changes happens very often and provided your network bandwidth is strong.

5) One last step that we can try is to run the below command.

The output of the command result should say there are no unindexed or abandoned objects.

Lync4

If you see any errors on them then you can try running Update-CSAddressBookConfiguration and see if it helps.

Hope this helps

Thanks

Sathish Veerapandian

MVP – Exchange Server 

Quick Tip – legacy log off mode for Exchange 2016 OWA logoff request

Exchange 2016 January 12, 2016 Comments: 2

As we know the importance of securing the web applications which are published on the internet have been increased.
So usually these external url’s are published in a secure way via reverse proxy which will handle this job.

When a end user logs into the OWA URL the session proxies via the published reverse proxy.
From Exchange 2013 we can notice that clicking on logoff will not trigger GET/OWA/Logff.owa like it was till Exchange 2010 where it generates a logoff page owa/auth/logoff.aspx?Cmd=logoff&src=exch
This log off page in 2010 was used by few Reverse Proxy to terminate the connection. This value can be modified in Exchange 2013 web.config file to bring this same page like 2010.

On Exchange 2016 we need to perform the below operation :

Navigate only to the below location

%ExchangeInstallPath%\ClientAccess\OWA\web.config

Remove the following line and do iisreset(make sure you make a backup of web.config before you do this):
<!– Disable logout page temporarily until UX is updated –>
<add key=”LogonSettings.SignOutKind” value=”LegacyLogOff” />

 

After performing this action the cookie session can be terminated.

 

Thanks 
Sathish Veerapandian

MVP – Exchange Server

Create private key and certificates for load balancer ,firewalls through Certificate Authority

Certificates January 5, 2016 Leave a comment

All of the Load balancer’s require an SSL certificate since they use HTTPS as a front end listener for all of the services that are handled by them.
So basically a certificate is very much mandatory here to terminate the incoming connections and then decrypt the requests from the clients and sending them to the appropriate instances.
In order to install the SSL certificate on your load balancer , you must create a certificate request , submit them to a CA , get them signed by your internal CA or a third party trusted CA and then installing them on your load balancers.

Before creating a CSR, the applicant first generates a key pair, keeping the private key secret.
The CSR has the public key chosen by the requester. So in most of the cases these CSR gets generated from a web application and the private key is not shared and is stored in the application itself.

In most of the cases SSL certificate for these load balancers can be either a self-signed certificate or a trusted Certificate Authority (CA) certificate.

A self-signed SSL certificate is a certificate that has been signed by its own private key

A trusted CA is an SSL certificate that is signed by a CA’s private key

Though there is an option to create a self signed certificate,most of the load balancers recommends using only a trusted CA certificates since it is more secure than using self-signed certificates.

In this article we will have a look at generating a certificate through CA for a load balancer.

First in order to create the CSR request we need to login to the certificate authority (certsrv) and submit the CSR request with your internal IP of the load balancer

usually it is https://yourinternalCAserver/certsrv

CA

 

Now select the 2nd option in the next page as below

CA1

 

Now select the 1st option as shown below

CA2

Next comes the main page where we need to provide the ip address of the load balancer as the common name for which it will generate the CSR from the CA server and submit to the CA.

In the name section we need to make sure that the IP address is specified

We need to make sure that we are selecting the option mark keys as exportable which will allow us to export the private and the public key (for giving the key pair) to the load balancer.

Also we need to make sure that we select the format as PKCS10

CA3

 

once the request is submitted you need to go to the home and click on  view request status

CA4

You will get the status of the pending requests as below

CA5

Once you click on this you can see this certificate will be issued to the CA for verification.

On a successful submission of this CSR this request will go to the CA in the pending queue and will show in the pending requests.

Then we need to go ahead and issue this certificate from the pending requests

Once the certificate is issued successfully you can go to the issued certificates and there we can see this certificate. When we double click on that certificate and in the general tab we will see an information that says you have a private key that corresponds to this certificate.

 

CA6

So this ideally means that the private key as well as the public for the load balancer is generated from the certificate authority in my example. And it was my CA who generated the private key and the CSR request.

Now  we need to export this certificate in the pfx format with the keypair (private & public) and then import them on the load balancer.

So now while exporting this certificate i need to export the certificate with the below option

CA7

Once exported we can install this certificate on the load balancer.

Disclaimer:

We need to be very careful while working with certificates .In the above method key-pair will be generated and this key pair should not be shared to any of the external parties. Sharing this key-pair to any of the third parties will easily compromise your whole network since they are load balancer certificates. Proper planning and understanding of the scenario according to your environment needs to be done before performing such kind of tasks.

Hope this helps !!

Thanks 

Sathish Veerapandian

MVP – Exchange Server

Exclaimer cloud signatures for office 365

Exclaimer, Office 365 November 25, 2015 Comments: 3

As we all know exclaimer have been in the auto self signed signature market for a long period of time.

I have been working on the on premise version of this product for a quite period of time.

When we talk about the on premise solution based on my experience i would say its definitely a WOW factor. It is loaded with bundles of options by which you can customize the signature per department basis. Even you can give  granularity till each and every user .

If you are an HTML expert then you can play around with the signatures on your own  and make more customization. It gives you the flexibility to modify each and every signature from the source code which is amazing.

I thought to explore the cloud signature for office 365 .In this article we will have a detailed review of the installation and configuration of exclaimer for office 365 environment.

Prerequisites:

Office 365 subscription with Microsoft.

Admin account in the office 365

Ex-claimer  for office 365 subscription

After you are subscribed for office 365 for exclaimer you will get the below information

Ex1

Specify the domain name

Ex3

Then login with your office 365 admin account

Ex4

 

Then you will be prompted to read the directory data

eX5

Once granted it establishes a connection with the Azure directory

eX6

On a successful sync you will get the below information

eX7

After establishing synchronization ,now we need to set up a connector inorder to route the emails to exclaimer cloud so that they can apply email signatures to outgoing email.

In-order to achieve this we need to establish connectivity between office 365 and exclaimer cloud.

Inorder to set this up first login with your username and password

Ex8

Now we have an option to set up signatures for all users in your organization or only for specific users.

If you want to set signatures only for few users then create a group and add all those users in office 365. Since the azure directory is already synced when you type the group name it would be able to pick it up.

Ex9

Now we need to perform the below actions:

Create Send connector – from your office 365 to Exclaimer cloud

For doing that login with admin privilege on your office 365 portal – Go to mail flow – click connector and create new connector

o2

Make sure to  select only the first option else  your outbound emails will be affected.

O3

Proceed to the next step and smart host it to the below  exclaimer smtp server

smtp.us1.exclaimer.net 

 

In the similar way we need to create  a receive connector

o4

Now we need to enter ,By verifying that the subject name on the certificate that the sending server uses to authenticate with
Office 365 matches this domain name (recommended)’. In the field below, enter smtp.exclaimer.net then click ‘Next’:

O5

Now we need to create a rule exactly as below with same values

Ex55

As we can see the idea behind creating this rule is to forward only genuine emails to the exclaimer cloud and this is very mandatory. The rule is pretty simple and going through the rule will give a clear idea behind them.

On a successful configuration of the above things you can login successfully to your exclaimer for cloud

https://portal.exclaimer.com/

This is the place where we can create a new signature, Import a signature template designed by your development team or use the existing template which is very good.

ex33

Below are the available fields in the signature template provided . It has good default templates which is very good. It pulls all the information from the value eg: Telephone, organization, address on every users mailbox. So we need to make sure that the newly created mailboxes is populated with the values that are required in the template you have chosen.

Ex44

Below is the sample of signature applied from the exclaimer cloud.

EEEE

 

I’m always positive and will definitely recommend Exclaimer for any one based on my personal experience with the on premise version. If Microsoft releases any new version of Exchange i’m sure there will be a supported version of this product without any delay.

The Exclaimer cloud version is too  awesome and also it simplifies more by having the setup in the cloud and you just need to create the signature which is amazing. And the exclaimer support is always instantaneous without any delay based on my real time experience.

Thanks 

Sathish Veerapandian

MVP – Exchange Server

 

Configure New Store, storage , provisioning groups in Enterprise Vault in Exchange Environment

Enterprise Vault, Exchange2010, Exchange2013 November 17, 2015 Leave a comment

In this article we will have a look at the steps to provision the Enterprise Vault in the Storage, Policy and Group level.

If we talk about Enterprise Vault its again a big topic considering all the functionalities ,configuration , features , HA etc..,

So here we will focus only on how to provision archive only for end users in a new deployment

We will need to look at the steps to consider in creating a storage, Backup , creating policy based on the retention that end users are expecting.

So below things needs to be planned properly before the configuration:

a) Archive policy based on mailbox quota and number of months. eg: If the quota exceeds 80 percent and emails  greater than 5 months should be archived.

b) Archive retention period for end users. How long the archived emails will stay eg: like 5 years, 7 years etc

c) Retention of the shortcuts archived items in the mailbox after the archive.

Once planning on the above is done we need to configure Provisioning group, Archive policy and create a store group and a store for the archive process to happen.

Below things needs to be created :

a) Create a provisioning group to target the users who require the archive feature to be enabled.

b) Create a dedicated policy for this group based on the requirement.

c) Create a dedicated store-group and store to place all the archive .

d) Configure the backup for these stores.

 

We will look into the steps to create provisioning group first

Log in to the Vault Administration console and navigate to provisioning groups and select new provisioning group

 

PR

Give a name

Part15

Associate the targets for this group

Part16

Targets can be OU’s, Whole domain, Distribution Group. The best practice is to always target a Distribution group and add users who require EV since the OU’s will contain service accounts, vendor mailboxes which will unnecessarily consume licenses.

Part17

Then later you need to select the policy that you would need to apply for this group of users based on your requirement.

Part18

Set the retention category

Part19

Select the associated store and enable the option automatically provision the mailboxes for people who comes under this group

Part21

 

Now we will look in creating the Policy

It is better to have multiple policies since its always better to segregate users based on their quota, nature of job and the amount of emails they receive on daily basis.

To create a New Policy Open Vault Admin Console – Navigate to policies and create a new mailbox policy.

 

POlicy1

 

These are the default values once its created. Based on your requirement you can modify these values.

Part22

 

There is nothing much complexity involved in creating the policy but yes if the users retention is not understood properly then later you would be in trouble. So its better to set the clear expectations to the end users before setting the policy.

 

Now we should look in creating a store for the archived mailboxes.

Its better to create a store group first

SG1

 

Then create a Store under the Store group

SG2

 

You will get the below window

Part1

Give it a name and select the option whether open or closed. If you keep  this partition open then partition rollover can happen if any of the other partition are full. If you keep it closed then rollover to this partition will not happen.

Part2

Select the storage type by default it is NTFS

Part3

Then you need to specify the drives and drive path and finally you have to perform the run test which will indicate a success or failure of your config

Part6

This is the partition rollover which i was taking in earlier screenshots which is an amazing feature

You have an option to set the volume and time

Part7

Here you go for setting the backup for this partition. The beauty of the archive is when you create the store by specifying the SQL instance location the DB’s are automatically created.

So now these values needs to be chosen according to the type of backup you are using.

If you have a snap shot EV unaware backup then you need to select the option check for a trigger file.

If you have a EV aware backup most likely backup exec from Symantec then you can use the first option.

Note: Its very important that you need to keep in mind that these backups will never help you in restoring brick level for end users. These are meant only for system recovery scenarios.

So when a user permanently deletes an archive from EV its gone forever.

Part9

Then you need to use the file collection software if you are using the second option

Part11

And enter the time at which you need to place this file collection software.

Part12

After this once you click on finish the archive is configured to take place.So based on your Archiving Mailbox server Task schedule the archiving job would start happening.

There are few more backup configurations that needs to be done if you choose the 2nd option. We will look  that seperately in another write up since adding those information will definitely confuse and increase the length of reading this blog.

Thanks 

Sathish Veerapandian

MVP – Exchange Server

Configure Mapi/Http in Exchange 2016/2010 Coexistence

Exchange 2016 November 9, 2015 Comments: 2

In this article we will have a look at the steps to configure MAPI/HTTP for all users in Exchange 2016 server.

We need to understand this point very clearly.

Since the MAPI/HTTP protocol is supported only from the Exchange 2013 with exchange 2016 & Exchange 2010 coexistence the behavior will be :

  1. Exchange 2010 users will be getting the RPC/HTTP connections on their outlook.
  2. Exchange 2016 users will be getting only MAPI/HTTP connections on their outlook.

Reason :

From Exchange 2013 we had an option to choose either RPC/HTTP or MAPI/HTTP .But from Exchange 2016 Microsoft has totally retired the legacy RPC protocol and wrapped them via MAPI/HTTP through which all the connections will be only via mapi/http.

In-order to accomplish this task you need to make few changes in exchange, firewall as well as DNS side.

So basically the connections will go like the below

 

For Exchange 2010 Users: 

From internet (RPC/HTTP) – Firewall receives/RPC requests – The request is forwarded to Exchange 2016 CAS services – Connections are proxied back to Exchange 2010 CAS server

For Exchange 2016 Users:

From Internet (MAPI/HTTP) – Firewall received /MAPI requests – The request is forwarded to Exchange 2016 CAS services – Connections are directed to Exchange 2016 Mailbox server.

 

Now lets see the steps that we need to do to accomplish this task:

On Exchange

  1. Run the Command Set-MapiVirtualDirectory and set the external URL of MAPI virtual directory

Example:

Set-MapiVirtualDirectory -Identity “mapi (Default Web Site)” -InternalUrl https://contoso.com/mapi -IISAuthenticationMethods Negotiate,NTLM,OAuth

Better to keep the authentication negotiate for the legacy clients till the migration gets completed from Exchange 2010

If we could recollect for Exchange 2013 users we need to run this command to enable MAPIHTTP for end users

Set-OrganizationConfig -MapiHttpEnabled $true

Since from exchange 2016 the default connections are mapi/http this command has been depreciated and hence can skip this step.

So all the outlook clients who are connecting via MAPI post autodiscover request exchange 2016 server accepts them and understands that its is coming from MAPI/HTTP
later it gives the required way to connect for the MAPI clients

2. Point your autodiscover DNS records to the Exchange 2016 server. So for the Exchange 2010 users the connections will be proxied to the Exchange 2010 CAS by the Exchange 2016 CAS service.

3. On your firewall allow connections for both /RPC and /MAPI for Exchange 2010 and 2016 connections. Once the Migration is completed you can remove the /RPC rules from the firewall since all the connections are going to be through MAPI/HTTP .

 

Few more important Tips:

Outlook 2013 and later all the connections will be established MAPI/HTTP by default and so the connections will be fast.

If the end users are using Outlook 2010 and would need to connect to Exchange 2016 mailboxes they need to have the latest Outlook service Packs installed on their PC.

If you have Outlook 2013 user and wants to connect to the legacy mailbox which resides on the exchange 2010 you can use the below registry key to disable the mapi/http attempt on their PC

HKEYCURRENTUSER- Software – MicrosoftExchange – create a new DWORD  “MapiHttpDisabled” with value 1.

 

Hope this helps

Thanks 

Sathish Veerapandian

MVP – Exchange

Installing Monitoring server role in Lync 2013/SFB in SQL remote instance

Lync, Skype for Business November 5, 2015 Leave a comment

In this article we will have a look at configuring the monitoring server role for enterprise deployment  in a remote instance for Lync server 2013 and SFB.

If you want to monitor Lync server 2013/SFB  and Lync client 2013 you need deploy Lync Monitoring server role.

As an overview deploying the monitoring role into an Existing Lync enterprise deployment would look easier. Un proper planning according to your environment and  installation will result you in Empty reports.

But when we look into the real time practical scenarios the situation changes on each and every environment basis according to your SQL setup.

So we cannot follow the installation  as such  unless and until we are clear on the SQL configuration.

In this article based out of my real time experience i will post few points and tips  :

1) Before installing the monitoring server role ,You need to deploy the monitoring server and then you need to deploy the monitoring reporting service.

2) For that your Lync Admin user account should have SYSADMIN on the SQL server (assigned through SQL Server Management Studio > Security > Logins).

 

3) Lync only supports Windows Authentication.  So the remote SQL Server instance  you have chosen to install the monitoring role  will need Windows Authentication enabled, similarly user who launches topology builder needs to have permissions to create/edit databases and access the SRS you have configured.

Lync Security

Make sure the use windows credentials is selected.

lync20133

4) You need to have  lcsqoeq and lcsCDRQ on the public queues of Message Queuing accessible from the Lync Server so that it can pull the data and show you the reports.

For example you can try accessing the reporting services instance you configured from the Lync Monitoring server and the configured SRSS should show as below.

Lync20132

 

5) The lync monitor server name (NETBIOS) should not be more than 15 characters
If this is the case MSMQ will not able to deliver the messages

Basically the approach should be the below:

a) First you need to configure the SRS instance on your remote SQL.
b) Install the SQL reporting services.You’ll have to run the SQL report server setup wizard to define the report server URL. usually sql.domain.com/reportserver_lync
c) Define the monitoring server in the topology.
d) Publish the topology.
e) And then install the reports from the installation wizard.

f) Make sure the lync server monitoring services is started, and the connectivity is good with sql server

g) Make sure that your SSRS instance SQL version (version and SP level) match the SQL version of your database instance that has the monitoring databases.

h) You should verify that the LcsCDR database was created in the SQL Server instance that you specified for Monitoring Server.

i) You need to run the dbo.RtcRecreateSummaryTable once the databases are created from the management studio.

Very IMP : You need to make sure that you are allowing the required ports for the srs url

Example if you have multiple srs configured on a SQL enterprise farm like one for Archive solution use a different port rather than 80 since the other application will be using this port.

Make sure that you are able to access the webpage of the report service URL from the Monitoring  server you are trying the installation

Usually the url would be your SQL server the port you defined and then the reports

Example :- http://SQL:8888/reports

If you have multiple applications using the SRS then you need to create the URL for the lync and make them to listen on different ports. Also you can see the other instances created under this location.

5678

If its not accessible then you are having an issue with the permission with the account you have logged in on the SQL server.

 

Finally a healthy report should look like below

Lync20133

 

Hope this helps

Thanks

Sathish Veerapandian

MVP – Exchange Server

Quick Tip for Bringing up an Exchange 2016 in an Exchange 2013 Environment

Exchange 2016 October 26, 2015 Leave a comment

There is something called Up-version proxy by which your Exchange 2013 CAS can handle all the connections for Exchange 2016 mailbox servers.

By having this you have a flexibility to introduce Exchange 2016 servers configure DAG on them , Move the mailboxes and do not worry about the CAS URL’s , since exchange 2013 have the capability to route the connections to exchange 2016 mailboxes.

Later you can introduce the CAS services into your LB’s , point your CAS URL’s to Exchange 2016 services.Exchange 2013 can proxy requests to Exchange 2016 and Exchange 2013 and one more good thing is that  Exchange 2016 can exist in the same load balanced CAS array.

 

So the best approach would be:

1.Prepare your AD
2.Make sure that you install CU10 on your Exchange 2013 servers
3.Bring Exchange 2016 servers
4.Configure the URL’s
5.Configure the certificates
6.Move few pilot users and test the coexistence
7.Configure DAG
8.Start staged migration by moving sets of mailboxes
9.Point all your CAS URL’s to point to your exchange 2016 services
10.Install certificates on the Exchange 2016 CAS servers
This might help you for the certificates
http://social.technet.microsoft.com/wiki/contents/articles/31783.configure-ssl-certificate-in-exchange-server-2016.aspx

Also there is Exchange 2016 sizing calculator is out. Please use them to configure according to your environment.

http://blogs.technet.com/b/exchange/archive/2015/10/15/ask-the-perf-guy-sizing-exchange-2016-deployments.aspx

http://blogs.technet.com/b/exchange/archive/2015/10/15/exchange-server-role-requirements-calculator-update.aspx

Note : Exchange 2007 and earlier won’t be supported for coexistence, So make sure you do not have any legacy versions running on your environment.

It will be much easier for you if you have Exchange 2013 in your environment since the CAS services can still remain in exchange 2013 until your migration is completed.

But if you have only  Exchange 2010 in your setup then you will need to move all of your external URL’s to exchange 2016 and place your SSL certificates into the Exchange 2016 servers and then start the migration.

Thanks 

Sathish Veerapandian

MVP – Exchange Server

Normalization Rules in Lync 2013 and Skype for Business

Lync, Skype for Business October 18, 2015 Leave a comment

Normalization rules are Created to translate phone numbers in different format so that lync/SFB  can understand and transfer them to a correct location, User.

It is created to translate dial strings to E.164 format for the purpose of performing reverse number lookup.

This reverse lookup  is applied and reverse number lookup is performed, the called number is translated to  appropriate format so that the Lync/SFB mediation or the PBX receives the number in their understandable format so that they can perform the routing.

Its better to Classify  Normalization rules in the below scope :

User Dial plan –  Per User basis

Pool Dial plan –  Applicable to PSTN or registrar

Site dial plan –  Applies to Entire site

Global Dial plan – For all users

Its always better to create normalization rules rather than leaving the global as such . It will be easier to assign valid number patterns for each site according to the country and their area codes.

You need to keep these things in mind while creating a Normalization Rule

Dial plan – Per user, Per site , Pool or Global.
Country code – Choose the correct country codes according to your area.
Area code – Choose the right area code.
Length of extension – Make sure choose the correct length of extension that your PBX supports.

Below is the sample  format

^(\d{4})$

A regular expression should start with a ^ – This is a beginning of the string
Should end with $ – which should be at the end.

So any number within the brackets is counted as variable : $1

Test111

Similarly add the digit line URI format that your PBX supports for the SIP Trunk integration. So you need to input the right pattern and the correct  digits which combines and creates a right translation rule.

These Translation rules modify the number before it leaves your Lync server so that your integrated PBX setup can understand the routing correctly.

Basically the normalization rules input is provided by the address book service.So the rules are triggered once the number is received from the Address Book Service.The Address Book Service is designed in a way that it removes all the non-mandatory characters before the rule triggers. So you wouldn’t need to worry about these non-mandatory characters.

So you need to make sure the phone numbers are correctly populated in the Active Directory so that they can be fetched and used for the Lync.

If you already have provided the numbers in E.164 format then your job would be pretty much easy.

Now we will see how to populate these values in Lync 2013 and Skype for Business

If its Lync server 2013 you need to use Company_Phone_Number_Normalization_Rules.txt file located in your Lync File Store location. Open the topology builder and see your file store location in the below folder

Webservices\ABfiles\Company_Phone_Number_Normalization_Rules.txt

In the above example we need to open the text file and add below and save it

(\d{4})
+971$1

Once the above is done you need to run the below command

Get-CsAddressBookConfiguration

Make sure that use normalizationrules is set to true

444

Also there will be a notepad named Invalid_AD_Phone_Numbers created inside ABS files folder

Those numbers you get them in the txt are not acceptable number formats and you need to change them form the AD.

You can also test the normalization rule by running ABServer.exe file in the below path

C:\Program Files\Microsoft Lync Server 2013\Server\Core\ABServer.exe -testPhoneNorm “1234565”

From Skype for Business this job has been made simpler. There is no such files we need to modify them for this functionality.

The only thing you need to make sure is that you have entered the phone numbering format in the correct pattern E.164

If that is the case you can run the below commands from which we need to modify the new set of default roles according to your region and country , area codes

These can be defined in the Organizational  Level by the below commands

New-CsAddressBookNormalizationConfiguration

Set-CsAddressBookNormalizationConfiguration

In-turn we need to create rules for translations and conversions.

New-CsAddressBookNormalizationRule

Set-CsAddressBookNormalizationRule

Thanks & Regards

Sathish Veerapandian

MVP – Exchange server