Connecting to Office 365/Exchange

powershellAlmost 3 years ago, I wrote an article on how to enhance the PowerShell Integrated Scripting Environment, or ISE. That seemed adequate for the Exchange admin back then, who mostly connected their PowerShell session to their his on-premises environment, and perhaps occasionally a bit of Exchange Online.

Fast forward to 2015, most modern Exchange administrators not only require a connection – if any – to their Exchange on-premises environment, but likely to one or more of the Office 365 services as well. This includes Exchange On-Premises, Azure Active Directory, Exchange Online Protection and perhaps even Skype for Business Online, SharePoint Online, Azure Rights Management Services or Compliance Center.

All these service use a different PowerShell session, use a different endpoint FQDN, and sometimes even require a locally installed PowerShell module. Likely common denominator is the credential used to access each of these services. So, tired of re-entering my credentials every time when switching from Exchange Online to Exchange Online Protection, I created a script with a set of functions to allow me connect to each individual Office 365 service or Exchange Online:

  • Connect-AzureAD: Connects to Azure Active Directory
  • Connect-AzureRMS: Connects to Azure Rights Management
  • Connect-ExchangeOnline: Connects to Exchange Online
  • Connect-SkypeOnline: Connects to Skype for Business Online
  • Connect-EOP: Connects to Exchange Online Protection
  • Connect-ComplianceCenter: Connects to Compliance Center
  • Connect-SharePointOnline: Connects to SharePoint Online
  • Get-Office365Credentials: Gets Office 365 credentials
  • Connect-ExchangeOnPremises: Connects to Exchange On-Premises
  • Get-OnPremisesCredentials: Gets On-Premises credentials
  • Get-ExchangeOnPremisesFQDN: Gets FQDN for Exchange On-Premises
  • Get-Office365Tenant: Gets Office 365 tenant name (SharePoint)

Note that functions and credentials used in the script are global, and in principle only need to be entered once per shell or ISE session. If you need different credentials, call Get-Office365Credentials again. User interaction is a very basic Read-Host, but it does the job.

Requirements
During initialization, the script will detect the modules which are required for certain Office 365 services. When not installed, it will notify you, and provide a link where to obtain the PowerShell module. The related Connect function will not be made available. The Azure Active Directory module also requires the Microsoft Online Sign-In Assistant to be installed. Needless to say, PowerShell is required to run this script, which is tested against version 4 (but should work with 3)

Usage
The functions are contained in a script called Connect-Office365Services.ps1. You can call this script manually from your PowerShell session to make the functions available. However, more convenient may be to have them always available in every PowerShell or ISE session. To achieve this, you need to edit your $profile, which is a script which always starts when you start a PowerShell or ISE session. By default this file does not exist and you need to create it, including the path. Also note that the files for PowerShell and ISE are different, Microsoft.PowerShell_profile.ps1
and Microsoft.PowerShellISE_profile.ps1 respectively.

Now, of course you can copy and paste the functions from the script file to your own $profile. Better is to call the script from your $profile, as this allows you to overwrite the Connect-Office365Services.ps1 with updates. To achieve this, assume you copied the Connect-Office365Services.ps1 in the same location as your $profile, for example C:\Users\Michel\Documents\WindowsPowerShell. You can then make PowerShell and ISE call this script by adding the following line to the $profile scripts:

& “$PSScriptRoot\Connect-Office365Services.ps1”

Now when you start a PowerShell session, you might see the following:

image

This shows the Microsoft Online Sign-In Assistant and Azure Active Directory PowerShell module is available, and related connect functions should be available.

When you load the script from ISE, it will show something similar. However, it will also show ISE is detected and make all functions available through the Add-On menu:

image

Notes
Customize this script to your liking. For example, if you always want to connect to Azure Active Directory when connecting to Exchange Online, add Connect-AzureAD in the Connect-ExchangeOnline function, or when you always want to connect to a fixed FQDN for Exchange On-Premises, insert it in the script or – better – configure your $profile to predefine the FQDN, e.g. $global:ExchangeOnPremisesFQDN=’mail.contoso.com’.

Windows 10
Be advised that when used with Windows 10 build 10525 or 10532, your PowerShell session might crash when connecting to certain services, e.g. Exchange Online Protection. Fellow Exchange MVP Tony Redmond wrote about this here, including a possible workaround. Windows 10 RTM does not have this issue.

Download / Revisions
You can download the script from the TechNet Gallery here. The TechNet Gallery page as well as the script contains revision information.

Feedback
Feedback is welcomed through the comments. If you got scripting suggestions or questions, do not hesitate using the contact form.

IT/Dev Connections 2015 App

IMG_0608A quick note that if you are attending IT/Dev Connections this year, you can now build your schedule using a mobile app. The app allows you to browse and pick from 190 sessions, view speaker bios, etc.

The app is available for:

For other devices, you can use the generic mobile website here.

Note: You can still register for the event. New registrations can use SPKRSOC15 when registering for a $400 off!

The UC Architects Podcast Ep54

iTunes-Podcast-logo[1]Episode 54 of The UC Architects podcast is now available. This episode is hosted by Steve Goodman, who is joined by Michael van Horenbeeck and Michel de Rooij. Editing was done by Andrew Price.

Some of the topics discussed in this episode are:

You can download the podcast here or you can subscribe to the podcasts using iTunes, Zune or use the RSS feed.

About
The UC Architects is a community podcast by people with a passion for Unified Communications; our main focus is on Exchange, Skype for Business or related subjects.

KEMP LoadMaster & HA Virtual ID

imageA small heads-up on something which you need to configure when deploying a Highly Available setup of physical or virtual KEMP LoadMaster devices in environments with redundant network routing components, but this may apply to other components with similar functionality as well. While in typical environments the LoadMaster’s default setting will never be an issue, it can easily be overlooked or not immediately considered suspect when you do have issues, for example in hosted environments.

Note: If you are looking for more information on load balancing Exchange 2013 using KEMP LoadMaster devices, Exchange-fellow Jeff Guillet did an excellent multi-part write-up on this topic here.

When configuring multiple LoadMaster’s in a High Availability setup, one of the settings is the HA Virtual ID parameter, which is located System Configuration > Miscellaneous Options > HA Parameters. This setting configures the routing identifier used by the LoadMaster as part of the VRRP or Virtual Router Redundancy Protocol (see RFC5798).

The HA Virtual ID is used to construct a unique MAC address, so that all devices in the same VRRP group can communicate. The MAC address uses a format as defined by VRRP, and is 00:00:5E:00:01:<ID> for IPv4 and 00:00:5E:00:02:<ID> for IPv6.  One device, the Master being the Active LoadMaster, owns the VRRP group and manages its MAC address and shared IP address.

As you can imagine, using the same identifier for multiple non-related devices on the same segment may cause unexpected behavior, like LoadMasters being unable to communicate with eachother, both HA LoadMasters thinking they are the Active HA node, or other disruptive behavior. This is likely caused by a device other than LoadMasters managing the VRRP group.

Therefor, it is recommended to always change the default value of ‘1’, but always consult with the network or hosting people which value to use, as different vendors use their own default ID. For example, Cisco may use a different default value than FortiNet or CheckPoint for their redundant networking components. Of course, you also need to use different values when using multiple HA LoadMaster deployments on the same segment.

Exchange Server 2016 Preview is here!

Ex2013 LogoAnd so it begins. Few moments ago, the Exchange team published the public preview of Exchange 2016. The build number of the preview version is 15.1.225.17 (yes, 15.1.*, not 16.*). Exchange 2016 Preview raises schema to version 15317.

The team’s post contains information on the changes and features introduced in Exchange 2016. Many of these were already announced at Ignite earlier this year. An earlier blog post on these announcements can be found here.

With this Exchange 2016 Preview, there are important deviations from announcements made at Ignite 2015:

  • Minimum required Forest Functional Level (FFL) and Domain Functional Level (DFL) is Windows Server 2008. At Ignite is was announced Windows Server 2008 R2 FFL/DFL would be required.
  • Supported Operating Systems will be Windows Server 2012 and Windows Server 2012 R2. At Ignite, it was announced Windows Server 2012 was not going to be supported. Note that Windows Server 10 (Windows Server 2016) is currently in preview, is not (yet) supported, but likely will be at or shortly after both reach RTM status.
  • Coexistence requires  Exchange Server 2013 Cumulative Update 8 or Exchange Server 2010 Service Pack 3 Rollup 9. This is lower than Exchange 2013 CU10+ or Exchange 2010 SP3 RU11+ as was mentioned at Ignite.
  • Exchange 2016 Preview works with Outlook 2013, Outlook 2010 with KB2965295, or Outlook 2016 (currently in Preview). This is a lower requirement than Outlook 2010 SP2 with KB2956191 and KB2965295 or Outlook 2013 SP1 with KB3020812 as announced at Ignite. Note that Mac users can utilize Outlook for Mac for Office 365 or Outlook for Mac 2011.
  • Not mentioned at Ignite, but something which recently was introduced in Exchange Online, is the introduction of auto-expanding In-Place Archives in Exchange 2016 Preview. After filling up the initial archive with 100 GB (default quota), Exchange will create auxiliary archives in chunks of 50 GB. To the end user using Outlook 2016 or Outlook for the web (the new Outlook WebApp branding), these archives will appear as a single archive. Downlevel Outlook clients will only display the initial 100 GB archive.

Meanwhile, the TechNet technical library has been updated with information on Exchange 2016. Be advised that this documentation may be incomplete and subject to change, and in fact may even be not on par with the preview product. However, as the product reaches RTM, the documentation should become more complete and final.

Some links to get you started:

  • The official announcement from the Exchange Team can be found here
  • Preliminary documentation for Exchange 2016 can be found on TechNet here
  • Documentation on Active Directory schema changes for Exchange 2016 can be found here

Needless to say, this is a preview. It’s great to play with in a lab, but don’t install it in your production environment unless you are part of the TAP program.

You can download the Exchange 2016 Preview here

Client Message Size Limits

powershellExchange 2013 enforces certain message size limits when it comes to client messages. These limits are in-place so clients can’t generate excessive load on your Exchange environment. These limits are determined for various access methods in multiple web.config files on Exchange Client Access Servers as well as Mailbox Servers.

Sometimes you may have good reasons to increase those limits. For example, when migrating to Office 365 using a product like MigrationWiz, you may want to increase the limit for Exchange Web Service (EWS) requests to allow for migration of larger items. Another example is when you want to allow for bigger attachments in Outlook WebApp (OWA). On TechNet, there’s an article on how to reconfigure these limits. However, the process consists of editing multiple web.config files, replacing multiple values in the same file, and following this process on each Exchange 2013 server in your environment. This is not only labor intensive and prone to error, but becomes tedious when you consider that each Cumulative Update will overwrite your web.config files.

But do not despair. To execute these changes for OWA and EWS, I have created a PowerShell script which will perform these tasks for you.

Requirements
Using the script requires Exchange 2013. You need to provide the server name (default is local server) or AllServers to apply to all Exchange 2013 servers in your environment. The script will modify the web.config remotely using the system share (e.g. C$), using the location of the Exchange installation, and uses IISRESET tool to restart IIS. It will create a backup of the web.config before modifying it.

Notes:

  1. The script checks for running in elevated mode when running against the local machine.
  2. Current version of the script requires Exchange Management Shell, to run Exchange cmdlets for checking installed roles a.o., as the web.config files which require editing depend on the installed roles.
  3. For OWA, add ~33% to the value you want to specify to compensate for encoding overhead.
  4. When connected to an Exchange server, the script processes the server hosting the EMS session last to prevent abortion caused by IIS reset.
  5. Script currently runs against Exchange 2013.

Usage
The script Configure-ClientSizeLimits.ps1 uses the following syntax:

.\Configure-ClientSizeLimits.ps1 [-Server |-AllServers] [-OWA ] [-EWS ] [-Reset] 

A quick walk-through on the parameters and switches:

  • Server specifies the server to configure. When omitted, it will configure the local server. This parameter is mutually exclusive with AllServers.
  • AllServers switch specifies to configure all Exchange 2013 servers. This switch is mutually exclusive with Server.
  • OWA configures the message size limit for OWA. Value is in 1KB units.
  • EWS configures the message size limit for EWS. Value is in 1KB units.
  • Reset switch specifies to perform an IISRESET against servers after reconfiguration of client-specific message size limits.

So, suppose you want to configure an OWA message size limit for you can use:

.\Configure-ClientSizeLimits.ps1 -Server EX01 -OWA 100 -EWS 10240 -Reset

Configure Client Size Limits If you want to configure EWS limits for all servers without resetting IIS, you could use:

.\Configure-ClientSizeLimits.ps1 -AllServers -EWS 10240

Download
You can download the script from the TechNet Gallery here.

Feedback
Feedback is welcomed through the comments. If you got scripting suggestions or questions, do not hesitate using the contact form.

Revision
See TechNet Gallery page.

To Do
Compatibility with Exchange 2010 and removal of dependency on Exchange Management Shell.

Exchange 2013 Server Role Requirements Calculator 7.6

Exchange 2010 Mailbox Role Sizing Calculator 16.4The Exchange team published an update for the Exchange 2013 Server Role Requirements Calculator as well. The new version number is 7.6.

Changes since version 6.6:

  • Added support for ReplayLagManager
  • Added support for PreferredMaximumActiveDatabases
  • Added new table that exposes theoretical CPU utilization for each mode (normal runtime, first server failure, second server failure, site failure, site failure + 1 failure)
  • Added Restore-DatabaseAvailabilityGroup scenario support in Distribution algorithm
  • Added warning about designs that include more than24 processor cores / server and 96GB of memory
  • Added support for DAGs without Administrative Access Point (default behavior is no administrative access point) in the CreateDAG script
  • Changed default for Deleted Item Retention in export file to be the highest profile value for Deleted Item Retention
  • Changed default for Circular Logging in export file to be true when using Exchange Native Protection
  • Added ability to save scripts and CSV files to OneDrive for Business
  • Fixed CreateDAG.ps1 script error for DAG creation without administrative IP address
  • Modified CreateMBDatabases.ps1 to ignore CircularLogging choice and modified CreateMBDatabaseCopies.ps1 to enforce CircularLogging choice
  • Fixed Export DAG list function to use the correct value for MaximumActiveDatabases
  • Added support for MaximumPreferredActiveDatabases and AutoDatabaseMountDial in Export DAG List function and createdag.ps1
  • Modified CreateMBDatabaseCopies.ps1 to remove sleep timer, improving copy creation significantly
  • Fixed createdag.ps1 to not generate an error when there is no alternate witness server provided

Fixes since version 6.6:

  • Fixed an issue that prevented the calculator from displaying results when site resilience was disabled while Active/Active (Single DAG) was selected
  • Changed Processor Cores/Server to not use a list drop down, thereby enabling customers to enter in configurations they are deploying.
  • Fixed bugs in Diskpart script with PrepareAutoReseedVolume switch and WhatIf processing
  • Fixed bug in Diskpart with escaping quotes in some languages
    Fixed bug with display of lag copies in single site design
  • Fixed multiple databases / volume calculation to take into account symmetric designs that utilize an odd number of servers in a single site
  • Fixed scenario to count number of servers in A/P scenario where the only copy deployed in DR is a lagged copy
  • Fixed #NAME error in Database Copy Configuration table for standalone configurations
  • Updated DC1 memory sizing to take into account site failure mode for A/A (Single DAG) designs involving a 2 copy architectures
  • Updated Distribution Tab error reporting and Lastrow calculation
  • Fixed copy count validation formula for site resilient scenarios to not allow more copies in the primary datacenter than the number of servers
  • Added support for 10TB and 12TB capacity disks
  • Fixed run-time error on distribution tab when disabling site resilience
  • Fixed distribution error when disabling cross-site failover
  • Fixed bug in Distribution tab ActiveServer formula when modeling Cross Site Failover behavior
  • Fixed an issue with the distribution tab throwing an error when two files were opened at the same time
  • Fixed distribution algorithm where lagged copies were not always represented correctly
  • Blocked unsupported A/A (Single DAG) scenario where copy count is not the same in both datacenters

You can download the calculator here. For more information, please consult the list of changes here or Read Me here.

Exchange 2013 Cumulative Update 9

Ex2013 LogoThe Exchange Team released Cumulative Update 9 for Exchange Server 2013 (KB3049849). This update raises Exchange 2013 version number to 15.0.1104.5.

Cumulative Update reintroduces configuration of sent items for shared mailboxes, as was possible in Exchange 2010 but wasn’t available in Exchange 2013 yet. More information here.

Next to a security fix for MS15-064, this Cumulative Update contains the following fixes:

  • KB2983216 Category setting on an item in Outlook jumps the selection to the top of the list in an Exchange Server 2013 environment
  • KB2988660 Role assignment with custom write scope fails in an Exchange Server 2013 environment
  • KB3003978 Email messages are displayed with incorrect format in Outlook in an Exchange Server 2013 environment
  • KB3006849 GSSAPI-based Kerberos authentication protocol is not offered to IMAP clients in Exchange Server 2013
  • KB3009631 Advanced Find against the Sent Items folder in Outlook returns no result in Exchange Server 2013
  • KB3032153 Recurring events in Calendar over DST are not adjusted on all ActiveSync devices in all Exchange Server environments
  • KB3040681 MapiExceptionTimeout error during a hierarchy synchronization process of multiple public folders in Exchange Server 2013
  • KB3040683 System WLM overrides do not work when you do on-premises installations in Exchange Server 2013
  • KB3049081 OwaDeepTestProbe probe fails intermittently on a server that installs the Mailbox server role in Exchange Server 2013
  • KB3049771 Outlook Web App logon page takes longer time than expected to time out in an Exchange Server 2013 environment
  • KB3050825 EdgeTransport.exe starts to crash when PriorityQueuingEnabled is set to “True” in Exchange Server 2013
  • KB3050877 Emails that are sent as a secondary mailbox are not saved in the delegate’s Sent Items folder in Exchange Server 2013
  • KB3055940 “Object reference not set to an instance” error when you install cumulative update in Exchange Server 2013
  • KB3056045 “Cannot find Template User object” error when you find contacts that use a consumer domain in Exchange Server 2013
  • KB3056133 Exchange Server 2013 Activation time of transport rule is not displayed in UTC time
  • KB3056413 SMTP connection fails when you log on with a child domain account and use NTLM authentication in Exchange Server 2013
  • KB3056817 Update adds the Let me select the message option in Outlook Web App in an Exchange Server 2013 environment
  • KB3056822 Dynamics CRM 2013 stops synchronizing items from mailbox in an Exchange Server 2013 environment
  • KB3060825 The MSExchangeDelivery service crashes when you receive an email message from a specific sender in Exchange Server 2013
  • KB3064393 “Bad Command. 12” error and IMAP CAPABILITY commands are not offered in an Exchange Server 2013 co-existence environment
  • KB3068681 RPC encryption requirement is re-enabled for RPC Client Access Service after you upgrade server in Exchange Server 2013
  • KB3069060 Recurring meetings are accepted when their time conflicts on the same room mailbox in Exchange Server 2013
  • KB3069501 Duplicate folders are created after a mailbox move in Exchange Server 2013 Enterprise
  • KB3071427 Outlook Web App still downloads web beacon contents when you forward email messages in Exchange Server 2013

Notes:

  • If the new Set-Mailbox parameters for Sent Items configuration, i.e. MessageCopyForSentAsEnabled and MessageCopyForSendOnBehalfEnabled, are not available after installing this CU, run Setup /PrepareAD /IAcceptExchangeServerLicenseTerms explicitly.
  • When using Exchange hybrid deployments or Exchange Online Archiving (EOA), you are required to stay current.
  • Previously released CU7 introduced changes to prevent restoration of pre-CU7 databases. Pre-CU7 users are advised to perform a full backup post-upgrade to CU7 or later.
  • Previously released CU7 added support for hierarchies containing 250,000 modern public folders. Consult this article for co-existence scenarios.

This Cumulative Update does not include schema or Active Directory changes when compared to Cumulative Update 7. If you have deployed a version earlier than CU7, make sure you run PrepareSchema /PrepareAD.  If you want to speed up the Cumulative Update installation process, you can temporarily disable certificate revocation checking as described here.

Note that Cumulative Updates can be installed directly, i.e. no need to install RTM prior to installing Cumulative Updates. Note that once installed, you can’t uninstall a Cumulative Update nor any of the installed Exchange server roles. The order of upgrading servers is irrelevant, unlike with previous generations of Exchange.

Finally, and I can’t emphasize this enough: For any Hotfix, Rollup, Service Pack or Cumulative Update, I’d recommend to thoroughly test this in a test and acceptance environment first, prior to implementing it in production. When you lack such facilities, hold out a week or two and monitor the comments on the release article or TechNet forum for any issues.

You can download Exchange 2013 Cumulative Update 8 here; UM Language Packs can be found here.

Exchange 2010 SP3 RU10 & Exchange 2007 SP3 RU17

Exchange 2010 LogoThe Exchange Team released Rollup 10 for Exchange Server 2010 Service Pack 3 (KB3049853) as well as Rollup 17 for Exchange Server 2007 Service Pack 3 (KB3056710). These update raises the version numbers to 14.3.248.2 and 8.3.417.1 respectively.

Rollup 10 contains the following fixes for Exchange Server 2010 SP3:

  • KB 3069055 Various DAG maintenance scripts do not work in an Exchange Server 2010 environment
  • KB 3057422 “MapiExceptionNoAccess: Unable to query table rows” error and some mailboxes cannot be moved
  • KB 3056750 Exchange ActiveSync application pool crashes in an Exchange Server 2010 environment
  • KB 3054644 “The item no longer exists” error when you access an archive mailbox in Outlook Web App in Exchange Server 2010
  • KB 3051284 Event ID 4999 is logged and MSExchangeServicesAppPool crashes in an Exchange Server 2010 environment
  • KB 3049596 Event ID 4999 is logged and remote procedure call Client Access service crashes in an Exchange Server 2010 environment
  • KB 2964344 MSExchangeRPC service stops working intermittently in Exchange Server 2010
  • KB 3055764 Exchange Server 2010 Address Book Service crashes with event ID 4999

For Exchange Server 2007 SP3, the Rollup 17 contains the following fix:

  • KB 3057222 “InvaIidOperationException” error and cannot open digitally signed or NDR messages in FIPS-enabled Exchange Server 2007

Notes:

  • If you want to speed up the update process for systems without internet access, you can follow the procedure described here to disable publisher’s certificate revocation checking.
  • If you got an Exchange 2010 DAG, and want to properly update the DAG members, check the instructions here.
  • Rollups are cumulative per service pack level, i.e. they contain fixes released in earlier update Rollups for the same product level (RTM, SP). This means you don’t need to install previous Rollups during a fresh installation but can start with the latest Rollup package.

You can download Exchange 2010 SP3 Rollup 10 here and Exchange 2007 SP3 Rollup 14 here.

Exchange data: NTFS vs. ReFS

chartFor Exchange, NTFS has been the file system of choice since time immemorial. In 2012, Windows Server 2012 introduced a new file system: Resilient File System or just ReFS. ReFS was designed to overcome some of the limitations of NTFS, in particular in the area of maintaining data integrity. More information on ReFS in comparison to NTFS can be found here.

At that time Windows Server 2012 went RTM, the latest version of Exchange, Exchange 2010, was not supported to run on ReFS. Present day, Exchange 2010 still doesn’t support ReFS. However, when Exchange 2013 entered the arena shortly after Windows Server 2012, it came with support for both NTFS and ReFS file systems. NTFS was still considered best practice, with ReFS being a supported option with the added recommendation to turn off ReFS’ integrity checking feature, and disabling it for Content Index-exclusive volume is optional. It may therefor come as no surprise that nearly all customers are deploying Exchange 2013 on NTFS volumes only.

That may change with Exchange 2016. As announced at Ignite 2015, for Exchange 2016 more emphasis will be put on following the Preferred Architecture design when deploying Exchange on-premises. The Exchange 2016 Preferred Architecture contains guidance to use ReFS formatted, BitLocker encrypted data volumes with Exchange 2016. The latter option is of course to protect organizations against theft of physical storage devices.

With some time to spare, I was interested to see what the impact would be on the storage performance when using NTFS or ReFS, and especially the performance penalty when enabling BitLocker on a volume. Similar to a comparison I did between Exchange 2010 and Exchange 2013 on different operating systems, I ran a JetStress 2013 test utilizing these 3 file systems to get a sense of what to expect.

The ESE engine files from Exchange 2013 CU8 were used for testing, along with the following parameters:

Mode Test Disk Subsystem Throughput
Thread Count 12 (fixed)
Min/Max DB Cache 32 MB / 256 MB
Ins / Del / Repl / Read % 40/20/5/35
Lazy Commits 70%
Run Background DB Maintenance True
Databases 1 x DB (186GB), 3 Copies
Running Time 2 Hours

Databases and logs were stored on a DAS SSD drive, and the volume was GPT partitioned with 64K allocation units. ReFS Integrity checking was disabled for the volume using:

Format-Volume –DriveLetter X -FileSystem ReFS -AllocationUnitSize 65536 -SetIntegrityStreams $false

The drive supported hardware encryption for BitLocker, which offloads encryption to the drive. You can verify that hardware encryption is used after enabling BitLocker on the volume by inspecting the BitLocker status using the manage-bde utility or Get-BitLockerVolume cmdlet:

image

As you can see from the EncryptionMethod property, this volume is protected using hardware-based BitLocker encryption. Perhaps needless to say, but the CPU performance penalty is substantial when using BitLocker with software encryption, and this mode is not to be used with I/O intensive applications like Exchange.

The results from the JetStress tests are show in the following table:

JetStress Version 15.0.658.4
ESE.DLL 15.0.1076.9
Operating System 6.2.9200.0
Overall Test Result

Passed

Passed

 

Passed

Achieved Transactional IOPS

1,613.13

1,407.55

-13%

1,379.98

-14%

Database Reads Average Latency (msec)

8.53

10.50

-23%

9.73

-14%

Database Writes Average Latency (msec)

12.80

20.80

-63%

19.98

-56%

Database Reads/sec

895.25

787.08

-12%

769.47

-14%

Database Writes/sec

726.48

628.55

-13%

618.65

-15%

Database Reads Average Bytes

35,220.22

35,375.26

0%

35,437.64

1%

Database Writes Average Bytes

34,389.82

34,510.95

0%

34,496.88

0%

Log Reads Average Latency (msec)

4.64

5.06

-9%

5.00

-8%

Log Writes Average Latency (msec)

5.16

7.22

-40%

6.73

-30%

Log Reads/sec

18.64

16.29

-13%

16.08

-14%

Log Writes/sec

87.25

72.81

-17%

73.82

-15%

Log Reads Average Bytes

232,562.72

232,562.01

0%

232,562.30

0%

Log Writes Average Bytes

25,005.97

26,210.03

5%

25,589.45

2%

Avg. % Processor Time

4.28

3.66

14%

3.60

16%

Some observations and notes:

  • ReFS caused a ~13-14% IOPS drop when compared to NTFS.
  • Using ReFS resulted in increased I/O latencies, especially write operations.
  • ReFS had a positive impact on the processor utilization, lowering average utilization by around 15%.
  • For some reason, average write latencies were lower using ReFS with BitLocker rather than without it (~10%).

Given the impact of file system choice on I/O performance and CPU utilization, I hope next versions of Exchange Server Role Calculator will feature an option to select which file system will be used to store Exchange data, as the difference in I/O performance and CPU utilization between NTFS and ReFS seems significant. Though this small test was performed with Exchange 2013 running on Windows Server 2012 R2, It could be that Exchange 2016 or the next version of Windows Server 2016 contain changes that will diminish the differences or perhaps even grant ReFS an advantage over NTFS. This is something we will only know after these products have shipped, something worth investigating later this year.

The JetStress reports can be found here.

I will finish with a short disclaimer: This test was only performed to get an indication of performance impact of using different file systems with Exchange 2013 utilizing identical hardware. The results are purely indicative, and not necessarily representative for other configurations nor meant to provide guidance or proof. Always test and validate your configuration using tools like JetStress before putting Exchange in production.