Lepide Exchange Recovery Manager – Product Review

Tools June 4, 2016 1 Comment

For one of my colleague customer project  where the database was corrupted and they did not have any backup in their environment. He reached me for a help and suggestion to recover this data.

So what  we all did in that situation is, searched online for a solution, and came across Lepide Exchange Recovery Manager. After a short trial I quickly determined that it would do what we  needed enable me to restore this data quickly and easily. I found this solution specifically helped me with both the data recovery, Exchange to Office 365 migration and the backup/restore. Let me share with you my experience of using Lepide.

How Lepide Exchange Recovery Manager works

There are two main components of Lepide Exchange Recovery Manager; the source and the destination. Before proceeding for Exchange recovery, both source and the destination must be specified.

Adding Source

  1. It gives you multiple options to select your source. After Exchange corruption, I was left with an offline EDB file only so I added it as a source.

LP

  1. After selecting the source type, the following dialogue box appeared.

LP1

 

  1. There were two ways to add EDB files.
  • Select the EDB files manually: To select the EDB files manually, click on the Browse button and then select the location where the EDB file is stored.

LP2

  • Search for EDB: Search the computer and shared locations to add the EDB files.
  1. Click on the Search button to access the search dialog box.
  2. Click on the Browse button to select the location. After selecting the location click on the Go button.
  3. Then click on the Search button to start the search.

LP3

  1. Select the desired EDB file from the result displayed and then click OK.

 

  1. Select the EDB scanning mode and then select the next button. There are two types of EDB scanning:

 

  • Standard Scan: If your EDB file is less corrupted or if you just want to migrate the data from a working offline EDB file to any destination then you can opt for Standard scan.
  • Deep Scan: If the EDB file is severely corrupted, large sized, or oversized, then you can opt for deep scan.

I simply opted for Standard scan, which is also a recommended method for scanning.

LP4

  1. Click on the Next button to start the scanning process. After the successful completion of scanning, the following wizard appeared.

LP5

  1. Click on the Finish button to complete the process.
  2. The selected offline EDB files will be showed in the Source List.

LP6

Adding Destination

  1. I then needed to export the mailboxes in the EDB to another Live Exchange Server, so I selected Live Exchange Server as a destination (there are other destinations options as well, as shown below):

LP7

2. After selecting the destination, the following wizard will appear.

It gives you five ways to add mailboxes and public folders as destination. I was having multiple mailboxes, so I opted for connect multiple mailboxes option.

lp8

3. To get the list of mailboxes, establish the connection with the Exchange Server.

4. After the successful connection, the user mailbox list appeared onscreen.

LP9

5. The users whose mailboxes were to be recovered had to be selected in this stage and the software will connect with the respective mailboxes.

LP10

Source List Operations

Select the folder from the source list to display the list of the messages.

LP10

The last step was simply to copy and paste the selected mailboxes into the destination and I had all the important data in a working state all again.

There were many more options to enable you to accommodate different scenarios.

Source message operations:

  • Filter messages – to streamline mailbox items and move only required items
  • Sort messages
  • Copy messages – to copy and paste individual items, folders or entire mailboxes
  • Export messages – into PST or EML formats
  • Extract attachments – I liked this option which allowed extracting attachments through a range of parameters.
  • Select all

Destination List Operations

  • Copy and Paste messages

This will allow you to copy the messages from the Source Message List and paste them into the Destination message List.

  • Import MSG/EML files

This will allow you to import the MSG and EML files from the disk drive to the PST files and Mailboxes of Exchange Server/Office 365.

  • Import messages from a folder

This will allow you to import the files (MSG and EML) from a folder to the PST files and Mailboxes of Exchange Server/Office 365.

Lepide Exchange Recovery Manager (Operation Logs)

One more brilliant capability of Lepide Exchange Recovery Manager is its Operation Logs which comes inbuilt with this software. With the help of Operation Logs, one can view the logs of the items such as mailboxes, folders, and messages exported/copied from the Source to the Destination or to the disk.

LP11

Lepide Exchange Recovery Manager provided me a way to repair my corrupt databases without burning a hole in my pocket. It even didn’t used much of my resources. The process was very simple, add Offline EDB files in the source and Live Exchange Server in the destination and move the mailboxes.

Other features of Lepide Exchange Recovery Manager that attracted me were:

  • It can repair almost all aspects of your Exchange environment.
  • It has extremely powerful capabilities for search, select, preview and export features.
  • The attachments extraction feature and backup restoration.
  • With it one can even migrate their data to and from Exchange and Office 365.
  • It requires no agent installation

 

Final Verdict

It’s a very useful application and absolutely superseded my expectations. Its interface is really simple yet powerful. Lepide Exchange Recovery Manager provided a really simple way of ensuring a quick and painless recovery. It enabled me to both recover and export mailbox data and perform simple migrations. Any organization that relies heavily on exchange needs this in their arsenal to ensure that in the event of an Exchange Server failure they are able to recover with minimal disruption to service.

I certainly don’t want to get myself into a situation like this again, but it’s nice to know that if I did, Lepide Exchange Recovery Manager would be there to rescue me.

 You can reach them from the below sources:

Product page – http://www.lepide.com/exchange-manager/

Product download –   http://www.lepide.com/exchange-manager/download.html

Product Pricehttp://www.lepide.com/exchange-manager/buy-online.html

 

UC Analytics by Code Software

Skype for Business, Unified Communications May 28, 2016 Leave a comment

UC Analytics – Monitoring and reporting for Skype for Business

Available anywhere and on all devices the powerful analytics enable organisations to get smart about the areas that matter most to their businesses. UC Analytics is a user driven solution which delivers relevant information through its customisable dashboards and the automated reports.

Skype for Business allows users to connect from anywhere using different communication methods such as voice, video, IM and conferencing allowing you to improve your business outcomes in a sustainable way.

It can reduce the operational costs of travel, telecoms and IT and increase response times and productivity but only if you are smartly managing the resources. UC Analytics ensures that users are adopting the new modes of communication and the expected cost savings are being realised. It will highlight potential problems areas showing usage trends assisting you in driving user adoption through education and training.

Monitoring reports provide basic analytical reports with some useful information.

It has the comprehensive user adoption reports and dashboards for Lync but also can collate data from other data sources such as Cisco UCM, Avaya and mobile phones.

Solution overview:

UC Analytics is a monitoring and reporting tool which delivers a 360⁰ view of Skype for Business usage and associated costs. Trends in use of voice, video, IM, conferences, file transfers and app sharing can be compared highlighting user acceptance, performance metrics and cost savings enabling more effective use of resources.

It is easy to use, displaying information either through the customizable dashboard user interface or automated reports in a simple to view format suitable for use by any employee within an organisation without the need for any time consuming manual processes.

DASHBOARD USER INTERFACE

The dashboards deliver a real-time snapshot of Skype for Business usage updating every 60 seconds. Enjoy the flexibility of a user experience the way you want it, you decide what charts go where and what information is displayed. Filters can be applied directly to the charts ensuring only relevant information is displayed and click through reporting produces detailed reports with a single click.

Example of few samples:

We have an option to see which client, IP the user is logging

SFC1

This can be integrated to a dashboard  which displays automated daily reports as below

SFC3.png

We have an option to generate outbound and inbound calls and choose the pie chart options of our choiceSFC4

The report has options to choose top destinations, top usage employees , unused extensions and queue status

SFC5.png

Good thing is that this product supports multi-tenancy as well  and we have option to automate reports based on OU.

SFC6.png

We have option to collect response group utilization and check the cost usage by every users for enterprise voice.

SFC7

REPORTS

All reports can be scheduled to run automatically or generated on a one-off basis. Delivery is typically via email or saved to disk and can be in a variety of formats such as Excel, PDF or CSV. Standard report templates are available for user adoption, capacity planning, conferences, call carrier comparisons, costs and more.

 

The varying reporting requirements of organisations using Skype for Business means the reporting solution must be flexible enough to reflect these diverse needs. The report designer allows users to define the fields displayed in reports ensuring the information is entirely relevant. The report builder allows reports to be sorted and grouped by up to 3 levels such as date, department, employee, cost, duration or call volume. Filters can be applied including date, time, call direction, call type, employee, extension, department, response group and more. There is the option to include or exclude charts which can be bar, pie, line or stacked bar. Details displayed on the Y-Axis can also be selected dependant on report type. It is easy to brand the reports with an organisations logo and relevant colour scheme.

 

ALARMS AND BUDGET

It is possible to set up as many system alarms as required. When a user defined call criteria has been met such as low MOS, specific error ID, calls over a defined cost or duration an alarm is instantly delivered by email and immediate action can be taken.  Using the budget feature you can even set a monthly cost threshold on an extension, when this has been reached outbound calling is barred allowing further investigation to be made which addresses employee abuse and the threat of toll fraud.

Hardware Specification and requirements:

One web application server
Intel Xeon or Equivalent 2 cores CPU with 2.66 Ghz Intel Processor
4 GB RAM Minimum
Windows 2008/2012 OS 64 Bit + IIS + ASPNET +FrameWork 4.5
SQL 2008\2012\2014 express 64 bit
Minimum 40 GB HDD
100/1000 Ethernet Cards

Connection to remote SQL  is required where the Skype for Business LCSCDR , QOEMetrics and LCSLog databases are hosted.
The reporting URL is published on MS SQL port which is usual 1433 but it can be changed based on the requirement.

Their Team  would be happy to organise a demonstration of the solution or a completely free of charge trial  and you can reach them through their website www.codesoftware.net

Thanks & Regards

Sathish Veerapandian

 

Monitor Exchange 2016 services

Exchange 2016 May 21, 2016 Leave a comment

In this blog we will look on ways to monitor the exchange 2016 services.

Configure health probes on Load Balancers:

Till Exchange 2010 the monitoring exchange we were dependent on SCOM . The SCOM management pack contained SCOM’s health manifests and correlation engines which used to collect analyze and report through SCOM.

The Exchange CAS servers were load balanced on a VIP and the LB’s used to check the CAS nodes just by pinging or telneting them frequently on port 443 , 80 to check the availability.
Behind the scene there can be the application services which might not be available like Exchange services not running but still the LB’s can ping them on required port.

In this case still the connections will be going to the CAS server on which the exchange services are stopped and unavailable .This does not give a 100 percent high availability and monitoring.

To address this From Exchange 2013 Microsoft has released a new component called Managed Availability.This is a self healing internal component that runs on every exchange server to monitor and fix any issues with the services on their own.It polls and analyzes hundreds of health metrics every second.

So there is a component called health probes which should be configured  to monitor the Exchange services on the load balancers where the exchange services are published.

So we need to monitor the below probes from the loadbalancer:

https://server/microsoft-server-activesync/healthcheck.htm
https://server/microsoft-server-mapi/healthcheck.htm
https://server/microsoft-server-owa/healthcheck.htm
https://server/ecp/healthcheck.htm;
https://server/autodiscover/healthcheck.htm
https://server/ews/healthcheck.htm
https://server/oab/healthcheck.htm

So basically servers are monitored from the load balancers on each protocol level.

Meaning as per below example if the MBX1 has issues with OWA service and managed availability marks this service down the load balancer with the above configuration will be able to identify that MBX1 has only issues with OWA through offline responder and will take only the owa service out and keep the remaining service available and functional which is very good.

PRobe

We can run the below command to check  the component state

Get-ServerComponentState -Identity servername

proxy

We can take the required components inactive during our maintenance interval as well.

We will speak  only little bit about the components that are involved in managed availability since there are very good blogs about managed availablity written by  other experts and MVP’s and do not want to explain them  again here.

Managed Availability has two  groups:
Health Sets – This is an  internal view managed by managed availability using probes, monitors, and responders.It has the inbuilt capability to recover the services on its own if any issue occurs.

Below are the main components involved in Managed Availability

Probe – Check the services and its status very frequently.

Monitor – Monitors the probe result

Responder- Component responsible to take necessary action.

Responder has again below components :

Restart Responder – Terminates and restarts a service
Reset AppPool Responder – Stops and restarts an application pool in Internet Information Services (IIS)
Failover Responder – Initiates a database or server failover
Bugcheck Responder – Initiates a bugcheck of the server, thereby causing a server reboot
Offline Responder – Takes a protocol on a server out of service (rejects client requests)
Online Responder – Places a protocol on a server back into production (accepts client requests)
Escalate Responder – Escalates the issue to an administrator via event logging.

So the above tasks  for health sets is an automated action and we do not need to perform any steps from our side.

Health Groups – Health groups are exposed to System Center Operations Manager 2007 R2 and System Center Operations Manager 2012 and reported  via dashboard.This health group is required for the SCOM to give a detailed dashboard report of the exchange status.
Any issues that can’t be recovered automatically are escalated to the Exchange 2016 Management Pack as an alert
Responder that’s relevant for the Exchange 2016 Management Pack is the Escalate Responder.
When the Escalate Responder is triggered, it generates an event that the Exchange 2016 Management Pack recognizes and feeds the appropriate information into that alert that provides administrators with the information necessary to address the problem.

Below are the new additional health indicators added in the Exchange 2013 management pack

21

Customer Touch Points: This shows the end user experiencing status. If this indicator is healthy, it means that the end users do not have any issues with connecting to exchange and using its components.

Service Components: This shows the state of the particular service associated with the component.
For example, when navigated to the service component indicator for mapi this will indicate whether the overall mapi service is healthy.

Server Resources: This shows the state of physical resources that impact the functionality of a server.
Key Dependencies: This shows the state of the external resources that exchange requires to function. Examples like network connectivity, DNS ,Active Directory, storage.

Very IMP Note: There is not separate management pack available for Exchange 2016. Exchange 2013 & 2016 uses the same management pack as of now and Microsoft recommends to use only Exchange 2013 management pack for exchange 2016.

How to respond when Managed Availability cannot resolve a problem on its own:

Exchange team has centralized Exchanged monitoring inside of Exchange.
We can no longer configure monitoring thresholds in SCOM (other than turning on or off the SCOM monitor)
So how we admins can troubleshoot when the issue occurs :

Example if the owa says its unhealthy it is reported on the SCOM via an event logged on mailbox server

Check owa component state by running the below command on the affected mailbox server
Get-ServerHealth Server1.contoso.com | ?{$_.HealthSetName -eq “OWA.Proxy”}

Also check the owa healthcheck htm availability  and see if you are getting 200 ok response by accessing the below url

https://server/microsoft-server-owa/healthcheck.htm

Then we can start troubleshooting  on the affected component and try to bring them up.

Also noticed one thing that the managed availability will generate some logs on the below location.

Am

We can disable this and its not required and perform the below steps

Goto your exchange servers

Open <ExchangeInstallPath>:\bin\MSExchangeHMWorker.exe.config in a administrative notepad

Find the Line <add key=”IsTraceLoggingEnabled” value=”true” /> and change to false and save. Reboot server and you can now clear the logs in the monitoring path and they will not regenerate

Reason not required:If you take you time to look at the bottom of this config file it will say “Used for Exchange Online only” Microsoft have confirmed this has been set to true in error.

Note: Managed availability will never record any logs for the health probes and its value is stored in temporary memory only so we don’t need to worry about the health probes.

Hope this gives some idea in configuring the monitoring for Exchange 2016.

Thanks 
Sathish Veerapandian

MVP- Office Servers and services

Install & Configure Office Online Server

office online server May 9, 2016 Leave a comment

In this article we will have a look at installing and configuring Office Online Server for Exchange 2016, Skype for Business and Sharepoint server.

Office Online server is released last week.The OOS is available for download only at the Volume License Servicing Center .
To use the full feature of the office online server we need to have on-premise office suite license or office 365 pro plus subscription

The Office online server can be found at below location when logged in the VLSC portal account and can be downloaded.

VLSC -> Search for “Office Professional Plus 2016 ” -> Click download -> Now you can see oos download.

Below are the prerequisites:

System Requirements:
This office online server needs to be installed on a seperate Windows server 2012 R2.
Better to have this server on the same subnet where we have the dependent applications (Exchange,Skype for Business and Sharepoint).
No other applications should be dependent on this server and should be dedicated for Office Online Server.

Software requirements:

Visual C++ Redistributable for Visual Studio 2015
Microsoft .NET Framework 4.5.2
Below operating system feature is required
Install-WindowsFeature Web-Server, Web-Mgmt-Tools, Web-Mgmt-Console, Web-WebServer, Web-Common-Http, Web-Default-Doc, Web-Static-Content, Web-Performance, Web-Stat-Compression, Web-Dyn-Compression, Web-Security, Web-Filtering, Web-Windows-Auth, Web-App-Dev, Web-Net-Ext45, Web-Asp-Net45, Web-ISAPI-Ext, Web-ISAPI-Filter, Web-Includes, InkandHandwritingServices

All available Windows updates to be installed

It requires Windows identity foundation feature to be installed.

Certificate Requirements:

It basically requires 2 URL’s similar we required for Office web apps server in the earlier version.

It requires 2 certificates one internal to trust the connections coming from the internal URL and the one external to trust the connections coming from the external outside the firewall.

The internal certificate can be generated from the internal CA and imported to  the local store root of the OOS server.

The external certificate can be generated from  trusted third party CA and then installed on the reverse proxy server.

Network configuration:

We need to create internal URL and the external URL  on the DNS for the office web apps to work.

So for the internal URL we need to create a DNS records for the decided URL pointing to the OOS server.

Similarly the external URL needs to be published on port 443 on a public ip so that the external requests will reach the OOS server via reverse proxy.

Enable client affinity and ssl offloading for this OOS requests on the load balancer

Similarly we need to ensure that the dns resolution happens between the OOS server and the application (exchange, Skype for Business and Sharepoint) so that the rendering will happen successfully.

 

Installation:

The installation is pretty simple and straight forward and has no complex configurations . All we need to do is to run the downloaded setup with the default values.

Configure the certificate , DNS , network configurations before we install the setup which will make our job simpler.

Post installation we need to open the powershell in elevated mode and run the below command to configure the URL’s

Command for Same internal and external URL ( which is better)

New-OfficeWebAppsFarm -InternalURL https://oos.domain.com -ExternalURL https://oos.domain.com -CertificateName “OOS certificate”

After running the above command we can run the below command

Get-OfficeWebAppsFarm 

Below are the new properties available

OOS

Also we can see the below app pools are created on the OOS server after installation.

Basically we can see Excel,powerpoint ,word and few more pools.

 

oos1.png

These app pools function in the backgroud to provide rich user interface to preview and modify the attachment online through OWA, Sharepoint intranet/internet sites and sharing presentation during the Skype conferences.
The reason to use this is that Microsoft has outsourced the rendering of PowerPoints etc. to the Office online Server. So this can be used as a one server to server online document rendering for these three microsoft applications.

So this will help end users in watching PowerPoints in skype conferences from a desktop web browser and view modify MS office documents in exchange sharepoint even though the MS office is not installed on that computer.

We can also verify if the farm is installed correctly by navigation to the below URL

http://servername/hosting/discovery

The response should be the below.

ooo.jpg

Now we will have a look at configuring OOS endpoints on Exchange , Skype for Business and Sharepoint.

Configure OOS server for Exchange 2016:

We can option to configure the office online server on the organizational level and the mailbox server level. So we can decide according to the requirement.This has to be decided based on the Exchange versions that is running on the environment and DR setup.

Below is the command for configuring the OOS for mailbox level.

Set-MailboxServer servername -WacDiscoveryEndpoint “https://oos.internal.domain.com/hosting/discovery&#8221;

Below is the  command for configuring the OOS for Organizational level.

Set-OrganizationConfig -WacDiscoveryEndpoint “https://oos.internal.domain.com/hosting/discovery&#8221;

For Skype for Business :

Just use the FQDN published under “InternalURL” when configuring Office Web Apps Server through the Topology Builder

Here we need to specify the OOS FQDN and the URL alone.

321.png

Once we publish this on the SFB then we are done with this part.

For Sharepoint :

Run the below commands
New-SPWOPIBinding -ServerName “oos.domain.com”

Set-SPWOPIZone –zone “external-https”

$config = (get-spsecuritytokenserviceconfig)
$config.allowoauthoverhttp = $true
$config.update()

 

Hope this helps

Thanks & Regards

Sathish Veerapandian 

MVP – Office Servers & Services 

How certificate revocation works

Certificates April 21, 2016 Leave a comment

For any web application which is hosted externally will be SSL encrypted.To establish a secure connection they require a certificate.Basically these certificates have a Public key certificate which has a digital signature  for them so that it  can be trusted  for the name, address , organization it has in the certificate by the client.

In a typical public-key infrastructure (PKI) scheme, the signer is a certificate authority (CA), usually a company which charges customers to issue certificates for them.Browsers ensure user safety by requesting certificate information from the vendor instead of from the web application server.

The job of a CA who issues the certificate is not to just issue the new  certificate requests . It needs to provide the certificate revocation information for all the requests it is receiving from the clients.

In this article we will have a look at how certificate revocation works.

Below are the types of  certificate revocation check that can be configured

1) CRL Distribution. –  Certificate Revocation List.

2) OCSP – Online Certificate Status Protocol.

3) OCSP Staple .

Both the configuration (CRL & OCSP)  needs to be done  on the certificate authority properties extension tab as shown below

CRLL

CRL distribution is the core component of the certificate revocation check.so the latter two options are indirectly and totally dependent on the CRL.

The CRL configuration has below  components:

Base CRL – This will contain the whole complete list of revoked certificates (non-expired). so what ever the revoked certificates we have will be present here.

An example below of how it will show in the CRL  and will show all the revoked certificates

C
Delta CRL – This will contain only the list of revoked certificates which got from the last CRL distribution points. So this will not have all the revoked certificates.

An example of delta CRL

C1
CDP(CRL distribution points) – This CRL distribution point is the place where the Certificate Authority publishes all the certificate information. So the base CRL and the delta CRL gets information from this place only.

A real time example of CRL distribution point wehn seen from the client side.

RT.png

There are 2 types of CRL distribution points which can be configured:

LDAP – Not firewall friendly and complicated. We also need to allow LDAP port for this verification which is normally not feasible. Personally i don’t feel to allow my LDAP port accessed externally for this revocation process.

HTTP – This is easily accessible by all clients.Its very good if configured properly without exposing the internal name space. So basically we need to create a DNS records for the http url to publish ,create a virtual directory for the CRL distribution points and configure a file server.

The disadvantage of CRL’s is that the client has to search through the complete revocation list. More over they are updated periodically and chances are there the client might get wrong information until the next update happens on the CDP. Usually the browsers take more time to load all these certificates and then check the revocation for its required certificate.

OCSP : Online Certificate Status Protocol

With the OCSP the job has become very simple and easier. This removes the major disadvantage of CRL by allowing the client to check the certificate status of its only one which it owns by providing a serial number to the responder.

OCSP Client – This is the client responsible for querying the certificate check . This OCSP client is available from Windows vista and later versions of operating systems. Operating systems prior to these versions will be using the normal CRL check to validate the certificates. This client is responsible for  providing a serial number to the responder.

OCSP responder (web proxy) – This component is available from Windows 2008 server CA. Servers holding CA prior to this versions will be using the CRL to respond the
requestors. This will check the certificate status of the serial number provided by the client. Then it holds a cache entry of the requests that came so that it would be easier to provide them in future .
The OCSP client request process in shown below:
1) Client access the website via browser.
2) Client sends OCSP Request to a OCSP Responder (over HTTP) with the certificates serial number for which it requires verification.
3) OCSP Responder replies with a certificate status of either Good, Revoked or Unknown .

Certificate

 

2 important things for OCSP configuration

1) The Online Responder service runs under the Network Service account. So we need to make sure it Network service has read permission.
2)  we need to enable the value id-pkix-ocsp-nocheck extension for the OCSP by running the below command.

certutil -v -setreg policy\editflags +EDITF_ENABLEOCSPREVNOCHECK

This extension is to avoid the circular revocation checking so that it will not verify the signing certificate from the OCSP requestor.

OCSP stapling:

With OCSP stapling, the web server downloads a copy of the vendor’s response which it can deliver directly to the browser. So the browser do not need to contact the CA seperately rather it will contact the application directly and get the certificate.

With OCSP stapling, the application periodically queries CA and caches a response which is then provided to the browser. By default this setting is configured when we configure OCSP .

The registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters\ controls this behavior.

If we want to disable stapling then all we need to do is create a DWORD called RequestOCSP in the same location and set it to value 0.

A real time example of OCSP distribution point when seen from the client side

RT

Hope this article gave some idea on how certificate revocation works .

Thanks & Regards

Sathish Veerapandian

MVP – Office Servers and Services 

Exchange 2016 install error – Tried to create new default OAB but the object already exists

Exchange 2016, Offline Address Book April 18, 2016 Leave a comment

We might get this below error on installing the first Exchange 2016 on a coexistence setup with Exchange 2013 or Exchange 2010.

When looking through the setup logs we can find the below reason to stop the installation.
{
                Write-ExchangeSetupLog -Warning (“Tried to create new default OAB but the object already exists; it may have been created by another instance of setup.”)
              }

Resolution :
Open ADSI Edit, go to CN=Configuration,DC=domainname,DC=local\CN=Services\CN=Microsoft Exchange\CN=Container\CN=Address Lists Container\CN=Offline Address Lists
Right click on the Exchange 2010/2013 OAB (according to the legacy exchange version you have )and click Properties.

Look for the value ‘msExchOABDefault‘ and Make this value to Not Set or False and then click apply ok.

 

OAB

 

What is this  msExchOABDefault ?
This is a Boolean attribute in the offline address book  properties.

The already existing Exchange setup might be having this value set to True.
This value can be either True ,false or Not Set .

If its set to true then this will be the offline address book for any mailbox store, databases in the organization.
Why it fails with this value True is because the Exchange 2016 setup successfully creates the new OAB container in the ADSI EDIT during the installation.When it attempts to set this value to True it fails because the old one has already value set to True.
There can be only one Offline Address Book in a Organization which value can be set to True which is the default OAB.

Now rerun the setup and it should be completed without any issues

After successful installation we can see the default value set to True on the higher version of Exchange as below

OAB1

IMP Note:

Be careful while performing the steps on the ADSI EDIT container since deleting any objects accidentally will lead to a big issue. Better to take a backup before performing any actions on the ADSI Edit.

Thanks 
Sathish Veerapandian

MVP – Office Servers & Services

Content Index and search in Exchange 2016

Content Index, Exchange 2016 April 11, 2016 Leave a comment

In this article we will have a look at content index in Exchange 2016 and its improvements

A Small background functionality of how Indexing works in the background:

Index will contain all the search data for database and its copies. This will create a search data for all the mailboxes in that database.This data will be stored in a GUID on corresponding databases on the same location in a folder  and has sub-folders in it.This will help all end users search query from their mailbox.

So basically this will be like an index for a book where we usually look for the subject page location and navigate to the right page. This index functionality is also similar where it looks for the specific email based on the executed search query from the users and returns the appropriate results.

Exchange 2016 uses the same Fast Search index which was introduced from Exchange 2013.

We can see that corresponding file FastSearchIndex as well in the below location on indexing folder in Exchange 2016 as well..
CIII2

So how does the indexing functionality work with Fast Search Index ?

This fast search index has two core components :

CTS – Content Transformation Service:

This service is responsible for performing the actual background work . When the search query reaches here it actually filters the request and performs the search content analysis with  dictionary matches, keyword matches and parsing data with regular expressions. These all  of them are preloaded registered filters on Exchange 2016 Mailbox Server. From Exchange 2016 this parsing retry logic and search result cap have increased from 30 to 250 search refiners which will give a better  search results.

As soon as the search process with this CTS reaches the corresponding database store where the mailbox resides that’s when the below event ID gets created.

CCC

IMS – Interaction Management Service:

This component receives the prepared search results from CMS service processes and then sends the search results back to the user.

The corresponding service which is responsible for these components is Microsoft Exchange Search.

actual

Rest of the content index operators statistics remains the same as Exchange 2013

C1

What happens when you rebuild an index ?

Usually we don’t require to rebuild the index until the database and copies goes in inconsistent state which is very very rare case in a well planned deployment. But when index is rebuilt Exchange will create a clone copy of the existing database and will use this copy to rebuild the index from the scratch.This will take lot of time to rebuild the index and will consume cpu ,memory and disk .

Search Enhancements and improvements from Exchange 2016:

In earlier versions of Exchange these passive database  copies index will be updated from the active copies.This will  consume more resources CPU time , memory and also disk space 10 to 20 percent.

From Exchange 2016 the indexing of passive copies is done on the passive itself rather than getting it from active copies. This will definitely reduce the utilization of the system resources and network which is very good.

Calendar search which is available only from Outlook Web App at the moment.

actual2

 

Enhanced server power search and hand off to the end user is available for all Outlook 2016 clients.

Which means from Exchange 2016 with Outlook 2016 client end users will not get this below screen with option “find more on the server”  anymore

actual2

By having this as a default search index from  Outlook 2016 client this will seamlessly search on the local cache(ost) ,Exchange 2016 computer and provide better results in the first search itself. Important point to note is that the client computer needs  an internet connection to have the server side search .

The good thing is that after configuring  outlook profile  for a user having huge mailbox size  on a new laptop the help desk team no longer needs to wait for the local OST file to be cached and indexed since the server side search is attempted on the first try itself.

When  offline, still the search will be performed against the Windows Search Index on the computer.

Based on my experience with the enhanced search from Exchange 2016 is really faster and returns appropriate results with outlook 2016 client.

Thanks  & Regards 

Sathish Veerapandian 

MVP – Office Servers & Services 

Skype for Business leave messages offline

Skype for Business April 5, 2016 Comments: 5

From build 16.0.3331.1000 Skype for Business client 2016 there is an option to send IM to people who are offline. When the users sign in to the Desktop  client all the missed IM conversations will be notified.

We need to follow the below steps to enable this feature for all users.

Basically we require 2 parameters that needs to be enabled on the client policy in order for this feature to work.

EnableIMAutoArchiving

DisableSavingIM

By default this value will be set to null with no values as below.

SFB.png

The default option is set to null which means it will save the conversation history locally on the PC and mobile devices and not on the server side unless the option EnableServerConversationHistory value is set to True.

We have 3 options to set:

1) DisableSavingIM value to Null 

When set end users will have the option either to select or uncheck the option save IM conversations in my email conversation history folder.

2) DisableSavingIM  value to True 

When set end users will not have the option either to select or uncheck the option save IM conversations in my email conversation history folder. The option will be greyed out.

SFB

3) DisableSavingIM value to False 

Setting this value will not

In-order for this feature to work we need to set this value to True  since with the null option and false  it will not work.

post enabling this end users will get this notifications icon on the Skype for business 2016 client.

SFB2.png

 

If the exchange server integration is enabled for archiving then all these archiving data will be stored on the associated user Exchange Mailbox.

The versions of exchange it supports to integrate the oauth setup is from Exchange 2013 and Exchange 2016 or Exchange Online.
If the version of exchange is 2010 then we do not have this option to store this archiving data on the Exchange.
In this scenario the data will be stored in the Archiving SQL server database.

Below sample Dashboard report shows about IM information contained in the archiving database for IM stored on Archiving SQL database.

11

If we have the server side enabled on the Archiving SQL DB its very important we need to look for two values

Test

CachePurging Interval

The system will look for the participants who doesn’t have archive enabled and for them the transcript will be deleted from the database.

Keep Archiving data

By setting this value the system will have only the logs of specified value and purge other records which are older than the specified value.

If in case the data is stored on the Exchange mailbox then we need to make sure a retention policy with the retention tag corresponding to this folder is created which will not increase the Mailbox Quota for end users.

Below are the limitations of this sending Offline IM  feature at this moment:

  1. This feature available only for peer to peer Instant messages at this moment.
  2. This feature is not available for users sending IM to offline persons through mobile devices.
  3. The IM (senders) should be sent from a desktop/laptop thick client. Microsoft might extend this feature to all the clients in future.

Thanks & Regards

Sathish Veerapandian

MVP – Office Servers & Services

Error occured while establishing a connection to the SQL server

SQL March 29, 2016 Leave a comment

Recently in one of our application while trying to configure  reporting services configuration we were getting the below error while trying to connect to a SQL database.

IMG2

Checked the remote server connections for the database and it was enabled

SQL4

 

Went into the component services and checked the local DTC connection

 

Test3331

Network DTC access was disabled and hence the issue.

IMG-1.jpg

Enabled them and after MS DTC service restart checked UDL connection for the affected database on that instance.

Final

In addition to the above we can also check the execution account permission on the SQL database server.

This can also happen if the SQL service state is not running.

Make sure SQL Server service status is Running.
Also make sure the TCP/IP communication is enabled on the SQL server configuration manager on the instance where the problematic DB exists

final2

By default SQL Server runs on port 1433, if the default port is changed then these new ports should be added in the firewall exceptions.

You can also check the connectivity to the SQL Server by the below commands

netstat -ano| findstr 1433

You should get a successful  TCP listening establishment on the SQL server IP address and on port 1433 .

Hope this helps

Thanks & Regards 

Sathish Veerapandian 

MVP – Office Servers & Services

Exchange 2016 Migration planning on phases

Exchange 2016 March 23, 2016 Leave a comment

When it comes to migration we always need to plan properly before we start the actual project.Study on the the existing messaging environment as a whole and deriving  a detailed analysis is much required.
Study in terms of existing storage, current number of active users,mailbox traffic utilization , load on the exchange servers, email relay on the servers ,email security setup and messaging related components.

This will really help in understanding the current requirement for email platform and therefore we can scale-up the new environment in a healthy way.
Also by doing this study and implementing the new setup can run for another 5 years without any hassles.

In this article we will have a look at some steps which will help in doing an exchange migration in phases for a smooth and successful migration.

Phase 1: Analyzing existing environment :

I have segregated few core components in this phase that can help for better migration.

a) Email Traffic

Analyze the current email traffic flow of the whole environment in terms of monthly, weekly and daily email traffic.
Better to collect 3 sets of data on the above and get the average value on them.
By doing this we can actually plan very well for the new migration in terms of storage and network bandwidth.

b) Active Users

Determine the current number of active users in the environment . If there are mailbox statistics which have been collected on monthly basis in exchange reports it will be better.

By seeing this we can actually analyse the mailbox growth on a monthly basis. This will help us to calculate to some better value in terms of mailbox growth for the organization in the future.

c) Mailbox Growth & Quota

Again analyzing the Mailbox statistics report will give a better result to calculate the mailbox growth of individual users for the next 3 years. We need to calculate them based on the current growth from the time current exchange version is running and depending upon the nature of email traffic. Better to have an overhead value of 50 percent more which will run for a long time without any bottleneck.

Phase 2: Preferred Architecture

Physical:(Recommended)

Microsoft recommends to have the Exchange servers to be running on physical VM. Since their new architecture is a very good approach which does not require a  very high configuration server ,because they say for future requirement perform a scale out and not scale up( which means bring up an additional mailbox server in future when required and do not scale up the hardware in the initial configuration) which perfectly makes sense.

In any case the Exchange 2016 Calculator needs to be used first to derive the values of your requirement.

Exchange 2016 Calculator

So if you are planning for a physical servers all we need is  a decent server with below configurations minimum.

You can use Commodity server platforms as the PA with the below minimum configuration.

1) 2U, dual socket servers (20-24 cores) according to your requirement choose the cores.
2) Maximum 96GB of memory according to your requirement choose the memory.
3) battery-backed write cache controller
4) 12 or more large form factor drive bays within the server chassis
5) Probably the server with DAS storage.

Virtual (Vmware or Hyper-V):

Though Microsoft recommends the PA to be on the physical server but still the environments running on VMware , Hyper-V have no options if they continue the new provisioning on the VM.

But still if VM is the plan below are the recommendations for  VMWARE:

1) Each new provisioned Mailbox/Edge Server  should have a reserved memory.Exchange Server 2016 calculator results are driven by the expected amount of loads that will be generated based on the actual inputs.

2) Microsoft supports up to 2:1 virtual-to-physical CPU allocation for Exchange Server 2016 in a virtual environment. VMware recommends to leave the cores per socket count at one at all times

3) Storage can be Fiber Channel, iSCSI, and network-attached storage (NAS) shared-storage protocols.

An Example below of how storage can be provisioned for Exchange 2016 VM.

We can use any one of the option Data Stores virtual disks  or RDM Raw Device mappings.

 

Storage
VMware recommends that you set up a minimum of four paths from an ESXi host to a storage array. To accomplish this, the host requires at least two host bus adapter (HBA) ports.

VMFS supports RDM . This  allows a virtual machine to directly access a volume on the physical storage subsystem through Fiber Channel or iSCSI.

The decision to use VMFS or RDM is not dependent on Exchange .So its better to check the backup to ensure it supports the above configuration.

New Improvements in Exchange 2016 have made Exchange 2016 Lower Storage I/O than earlier versions.
But still with a careless planning on storage especially for Exchange will result in a Poor Exchange infrastructure. Concentration on this part is very much required and we need to spend more time on this before building the setup.

4) Network Considerations

Vmware Recommends to use the VMXNET3 network adapter – This  provides better data transmission  with reduced CPU utilization. Better to have single network per site.

From Exchange 2016 since the data is replicated on one network all we need is one NIC card with the above configuration.

Also have Layer 7 load balancing with no session affinity. Also decide your network link and network link latency based on your previous calculated value from the phase 1.

Phase 3: Verify the Exchange Dependent Components Compatibility

After completing the two phases now we need to check the support compatibility of Exchange dependent components.

Below are most of the dependent components

1)   Check your current backup with Exchange and see if it supports Exchange 2016.

2) Check for any Transport categorizer  level Third party software’s compatibility. It can be any Antispam , Antivirus , Signature solutions etc …,

3) Check with existing journaling solution and its compatibility.

4) Check with  existing Archive solution if there is any and see their compatibility.

5) Check with MDM solutions  and its compatibility. There is no more MAPI/CDO support from Exchange 2016 . So you need to make sure that all MAPI/CDO components are retired.

6) Check the current Monitoring solution for Exchange and see if it supports Monitoring Exchange 2016 integration.

Phase 4: Data Center Design 

a) Active Active site : We can go with this option if we have a well connected round trip network latency. By using this option we are utilizing both the sites efficiently. If the data-centers are connected and having a good redundant paths we can choose this option.

b) Active Passive site : Active Passive option is also good but the only part is the DR resources will not be utilized most of the time unless and until there is some issues with the main site unavailability.

For any of the above configuration the preferred architecture is each of the data center should have its own Active Directory Sites.

This is because Safety Net and Shadow Redundancy will work  only when the DAG members are spanned across more than one Active Directory sites.

Phase 5: Deploy & Test the performance

Once above all factors are considered we can go ahead and deploy the Exchange 2016 as per the plan .

In this phase better not to join the servers to the existing infrastructure. We actually need to see if the provisioned servers, storage , networks are strong enough to handle the real load on them.

For that its better to create a dummy domain , not join them on existing domain and test the performance of the provisioned servers by using Exchange Load Generator and Exchange Jet Stress Analyzer.

 

To check the performance of the disk we can use JetStress Analyzer

Exchange Jet Stress Analyzer

To simulate the end users load we can use Exchange Load Gen Analyzer

Exchange Load Gen Analyzer

Once the loads and performance are tested on the newly provisioned servers we can go ahead and start the coexistence migration.

In the next blog we will discuss on coexistence migration phase.

Hope this helps

Thanks & Regards

Sathish Veerapandian

MVP – Office Servers & Services