About Michel de Rooij

I'm a Microsoft Exchange Server MVP and publisher of EighTwOne. I was originally a developer so hence my PowerShell affection. Connect with me on Twitter, LinkedIn or Google+ or just use the Contact Form.

Client Message Size Limits

powershellExchange 2013 enforces certain message size limits when it comes to client messages. These limits are in-place so clients can’t generate excessive load on your Exchange environment. These limits are determined for various access methods in multiple web.config files on Exchange Client Access Servers as well as Mailbox Servers.

Sometimes you may have good reasons to increase those limits. For example, when migrating to Office 365 using a product like MigrationWiz, you may want to increase the limit for Exchange Web Service (EWS) requests to allow for migration of larger items. Another example is when you want to allow for bigger attachments in Outlook WebApp (OWA). On TechNet, there’s an article on how to reconfigure these limits. However, the process consists of editing multiple web.config files, replacing multiple values in the same file, and following this process on each Exchange 2013 server in your environment. This is not only labor intensive and prone to error, but becomes tedious when you consider that each Cumulative Update will overwrite your web.config files.

But do not despair. To execute these changes for OWA and EWS, I have created a PowerShell script which will perform these tasks for you.

Requirements
Using the script requires Exchange 2013. You need to provide the server name (default is local server) or AllServers to apply to all Exchange 2013 servers in your environment. The script will modify the web.config remotely using the system share (e.g. C$), using the location of the Exchange installation, and uses IISRESET tool to restart IIS. It will create a backup of the web.config before modifying it.

Notes:

  1. The script checks for running in elevated mode when running against the local machine.
  2. Current version of the script requires Exchange Management Shell, to run Exchange cmdlets for checking installed roles a.o., as the web.config files which require editing depend on the installed roles.
  3. For OWA, add ~33% to the value you want to specify to compensate for encoding overhead.
  4. When connected to an Exchange server, the script processes the server hosting the EMS session last to prevent abortion caused by IIS reset.
  5. Script currently runs against Exchange 2013.

Usage
The script Configure-ClientSizeLimits.ps1 uses the following syntax:

.\Configure-ClientSizeLimits.ps1 [-Server |-AllServers] [-OWA ] [-EWS ] [-Reset] 

A quick walk-through on the parameters and switches:

  • Server specifies the server to configure. When omitted, it will configure the local server. This parameter is mutually exclusive with AllServers.
  • AllServers switch specifies to configure all Exchange 2013 servers. This switch is mutually exclusive with Server.
  • OWA configures the message size limit for OWA. Value is in 1KB units.
  • EWS configures the message size limit for EWS. Value is in 1KB units.
  • Reset switch specifies to perform an IISRESET against servers after reconfiguration of client-specific message size limits.

So, suppose you want to configure an OWA message size limit for you can use:

.\Configure-ClientSizeLimits.ps1 -Server EX01 -OWA 100 -EWS 10240 -Reset

Configure Client Size Limits If you want to configure EWS limits for all servers without resetting IIS, you could use:

.\Configure-ClientSizeLimits.ps1 -AllServers -EWS 10240

Download
You can download the script from the TechNet Gallery here.

Feedback
Feedback is welcomed through the comments. If you got scripting suggestions or questions, do not hesitate using the contact form.

Revision
See TechNet Gallery page.

To Do
Compatibility with Exchange 2010 and removal of dependency on Exchange Management Shell.

Exchange 2013 Server Role Requirements Calculator 7.6

Exchange 2010 Mailbox Role Sizing Calculator 16.4The Exchange team published an update for the Exchange 2013 Server Role Requirements Calculator as well. The new version number is 7.6.

Changes since version 6.6:

  • Added support for ReplayLagManager
  • Added support for PreferredMaximumActiveDatabases
  • Added new table that exposes theoretical CPU utilization for each mode (normal runtime, first server failure, second server failure, site failure, site failure + 1 failure)
  • Added Restore-DatabaseAvailabilityGroup scenario support in Distribution algorithm
  • Added warning about designs that include more than24 processor cores / server and 96GB of memory
  • Added support for DAGs without Administrative Access Point (default behavior is no administrative access point) in the CreateDAG script
  • Changed default for Deleted Item Retention in export file to be the highest profile value for Deleted Item Retention
  • Changed default for Circular Logging in export file to be true when using Exchange Native Protection
  • Added ability to save scripts and CSV files to OneDrive for Business
  • Fixed CreateDAG.ps1 script error for DAG creation without administrative IP address
  • Modified CreateMBDatabases.ps1 to ignore CircularLogging choice and modified CreateMBDatabaseCopies.ps1 to enforce CircularLogging choice
  • Fixed Export DAG list function to use the correct value for MaximumActiveDatabases
  • Added support for MaximumPreferredActiveDatabases and AutoDatabaseMountDial in Export DAG List function and createdag.ps1
  • Modified CreateMBDatabaseCopies.ps1 to remove sleep timer, improving copy creation significantly
  • Fixed createdag.ps1 to not generate an error when there is no alternate witness server provided

Fixes since version 6.6:

  • Fixed an issue that prevented the calculator from displaying results when site resilience was disabled while Active/Active (Single DAG) was selected
  • Changed Processor Cores/Server to not use a list drop down, thereby enabling customers to enter in configurations they are deploying.
  • Fixed bugs in Diskpart script with PrepareAutoReseedVolume switch and WhatIf processing
  • Fixed bug in Diskpart with escaping quotes in some languages
    Fixed bug with display of lag copies in single site design
  • Fixed multiple databases / volume calculation to take into account symmetric designs that utilize an odd number of servers in a single site
  • Fixed scenario to count number of servers in A/P scenario where the only copy deployed in DR is a lagged copy
  • Fixed #NAME error in Database Copy Configuration table for standalone configurations
  • Updated DC1 memory sizing to take into account site failure mode for A/A (Single DAG) designs involving a 2 copy architectures
  • Updated Distribution Tab error reporting and Lastrow calculation
  • Fixed copy count validation formula for site resilient scenarios to not allow more copies in the primary datacenter than the number of servers
  • Added support for 10TB and 12TB capacity disks
  • Fixed run-time error on distribution tab when disabling site resilience
  • Fixed distribution error when disabling cross-site failover
  • Fixed bug in Distribution tab ActiveServer formula when modeling Cross Site Failover behavior
  • Fixed an issue with the distribution tab throwing an error when two files were opened at the same time
  • Fixed distribution algorithm where lagged copies were not always represented correctly
  • Blocked unsupported A/A (Single DAG) scenario where copy count is not the same in both datacenters

You can download the calculator here. For more information, please consult the list of changes here or Read Me here.

Exchange 2013 Cumulative Update 9

Ex2013 LogoThe Exchange Team released Cumulative Update 9 for Exchange Server 2013 (KB3049849). This update raises Exchange 2013 version number to 15.0.1104.5.

Cumulative Update reintroduces configuration of sent items for shared mailboxes, as was possible in Exchange 2010 but wasn’t available in Exchange 2013 yet. More information here.

Next to a security fix for MS15-064, this Cumulative Update contains the following fixes:

  • KB2983216 Category setting on an item in Outlook jumps the selection to the top of the list in an Exchange Server 2013 environment
  • KB2988660 Role assignment with custom write scope fails in an Exchange Server 2013 environment
  • KB3003978 Email messages are displayed with incorrect format in Outlook in an Exchange Server 2013 environment
  • KB3006849 GSSAPI-based Kerberos authentication protocol is not offered to IMAP clients in Exchange Server 2013
  • KB3009631 Advanced Find against the Sent Items folder in Outlook returns no result in Exchange Server 2013
  • KB3032153 Recurring events in Calendar over DST are not adjusted on all ActiveSync devices in all Exchange Server environments
  • KB3040681 MapiExceptionTimeout error during a hierarchy synchronization process of multiple public folders in Exchange Server 2013
  • KB3040683 System WLM overrides do not work when you do on-premises installations in Exchange Server 2013
  • KB3049081 OwaDeepTestProbe probe fails intermittently on a server that installs the Mailbox server role in Exchange Server 2013
  • KB3049771 Outlook Web App logon page takes longer time than expected to time out in an Exchange Server 2013 environment
  • KB3050825 EdgeTransport.exe starts to crash when PriorityQueuingEnabled is set to “True” in Exchange Server 2013
  • KB3050877 Emails that are sent as a secondary mailbox are not saved in the delegate’s Sent Items folder in Exchange Server 2013
  • KB3055940 “Object reference not set to an instance” error when you install cumulative update in Exchange Server 2013
  • KB3056045 “Cannot find Template User object” error when you find contacts that use a consumer domain in Exchange Server 2013
  • KB3056133 Exchange Server 2013 Activation time of transport rule is not displayed in UTC time
  • KB3056413 SMTP connection fails when you log on with a child domain account and use NTLM authentication in Exchange Server 2013
  • KB3056817 Update adds the Let me select the message option in Outlook Web App in an Exchange Server 2013 environment
  • KB3056822 Dynamics CRM 2013 stops synchronizing items from mailbox in an Exchange Server 2013 environment
  • KB3060825 The MSExchangeDelivery service crashes when you receive an email message from a specific sender in Exchange Server 2013
  • KB3064393 “Bad Command. 12″ error and IMAP CAPABILITY commands are not offered in an Exchange Server 2013 co-existence environment
  • KB3068681 RPC encryption requirement is re-enabled for RPC Client Access Service after you upgrade server in Exchange Server 2013
  • KB3069060 Recurring meetings are accepted when their time conflicts on the same room mailbox in Exchange Server 2013
  • KB3069501 Duplicate folders are created after a mailbox move in Exchange Server 2013 Enterprise
  • KB3071427 Outlook Web App still downloads web beacon contents when you forward email messages in Exchange Server 2013

Notes:

  • If the new Set-Mailbox parameters for Sent Items configuration, i.e. MessageCopyForSentAsEnabled and MessageCopyForSendOnBehalfEnabled, are not available after installing this CU, run Setup /PrepareAD /IAcceptExchangeServerLicenseTerms explicitly.
  • When using Exchange hybrid deployments or Exchange Online Archiving (EOA), you are required to stay current.
  • Previously released CU7 introduced changes to prevent restoration of pre-CU7 databases. Pre-CU7 users are advised to perform a full backup post-upgrade to CU7 or later.
  • Previously released CU7 added support for hierarchies containing 250,000 modern public folders. Consult this article for co-existence scenarios.

This Cumulative Update does not include schema or Active Directory changes when compared to Cumulative Update 7. If you have deployed a version earlier than CU7, make sure you run PrepareSchema /PrepareAD.  If you want to speed up the Cumulative Update installation process, you can temporarily disable certificate revocation checking as described here.

Note that Cumulative Updates can be installed directly, i.e. no need to install RTM prior to installing Cumulative Updates. Note that once installed, you can’t uninstall a Cumulative Update nor any of the installed Exchange server roles. The order of upgrading servers is irrelevant, unlike with previous generations of Exchange.

Finally, and I can’t emphasize this enough: For any Hotfix, Rollup, Service Pack or Cumulative Update, I’d recommend to thoroughly test this in a test and acceptance environment first, prior to implementing it in production. When you lack such facilities, hold out a week or two and monitor the comments on the release article or TechNet forum for any issues.

You can download Exchange 2013 Cumulative Update 8 here; UM Language Packs can be found here.

Exchange 2010 SP3 RU10 & Exchange 2007 SP3 RU17

Exchange 2010 LogoThe Exchange Team released Rollup 10 for Exchange Server 2010 Service Pack 3 (KB3049853) as well as Rollup 17 for Exchange Server 2007 Service Pack 3 (KB3056710). These update raises the version numbers to 14.3.248.2 and 8.3.417.1 respectively.

Rollup 10 contains the following fixes for Exchange Server 2010 SP3:

  • KB 3069055 Various DAG maintenance scripts do not work in an Exchange Server 2010 environment
  • KB 3057422 “MapiExceptionNoAccess: Unable to query table rows” error and some mailboxes cannot be moved
  • KB 3056750 Exchange ActiveSync application pool crashes in an Exchange Server 2010 environment
  • KB 3054644 “The item no longer exists” error when you access an archive mailbox in Outlook Web App in Exchange Server 2010
  • KB 3051284 Event ID 4999 is logged and MSExchangeServicesAppPool crashes in an Exchange Server 2010 environment
  • KB 3049596 Event ID 4999 is logged and remote procedure call Client Access service crashes in an Exchange Server 2010 environment
  • KB 2964344 MSExchangeRPC service stops working intermittently in Exchange Server 2010
  • KB 3055764 Exchange Server 2010 Address Book Service crashes with event ID 4999

For Exchange Server 2007 SP3, the Rollup 17 contains the following fix:

  • KB 3057222 “InvaIidOperationException” error and cannot open digitally signed or NDR messages in FIPS-enabled Exchange Server 2007

Notes:

  • If you want to speed up the update process for systems without internet access, you can follow the procedure described here to disable publisher’s certificate revocation checking.
  • If you got an Exchange 2010 DAG, and want to properly update the DAG members, check the instructions here.
  • Rollups are cumulative per service pack level, i.e. they contain fixes released in earlier update Rollups for the same product level (RTM, SP). This means you don’t need to install previous Rollups during a fresh installation but can start with the latest Rollup package.

You can download Exchange 2010 SP3 Rollup 10 here and Exchange 2007 SP3 Rollup 14 here.

Exchange data: NTFS vs. ReFS

chartFor Exchange, NTFS has been the file system of choice since time immemorial. In 2012, Windows Server 2012 introduced a new file system: Resilient File System or just ReFS. ReFS was designed to overcome some of the limitations of NTFS, in particular in the area of maintaining data integrity. More information on ReFS in comparison to NTFS can be found here.

At that time Windows Server 2012 went RTM, the latest version of Exchange, Exchange 2010, was not supported to run on ReFS. Present day, Exchange 2010 still doesn’t support ReFS. However, when Exchange 2013 entered the arena shortly after Windows Server 2012, it came with support for both NTFS and ReFS file systems. NTFS was still considered best practice, with ReFS being a supported option with the added recommendation to turn off ReFS’ integrity checking feature, and disabling it for Content Index-exclusive volume is optional. It may therefor come as no surprise that nearly all customers are deploying Exchange 2013 on NTFS volumes only.

That may change with Exchange 2016. As announced at Ignite 2015, for Exchange 2016 more emphasis will be put on following the Preferred Architecture design when deploying Exchange on-premises. The Exchange 2016 Preferred Architecture contains guidance to use ReFS formatted, BitLocker encrypted data volumes with Exchange 2016. The latter option is of course to protect organizations against theft of physical storage devices.

With some time to spare, I was interested to see what the impact would be on the storage performance when using NTFS or ReFS, and especially the performance penalty when enabling BitLocker on a volume. Similar to a comparison I did between Exchange 2010 and Exchange 2013 on different operating systems, I ran a JetStress 2013 test utilizing these 3 file systems to get a sense of what to expect.

The ESE engine files from Exchange 2013 CU8 were used for testing, along with the following parameters:

Mode Test Disk Subsystem Throughput
Thread Count 12 (fixed)
Min/Max DB Cache 32 MB / 256 MB
Ins / Del / Repl / Read % 40/20/5/35
Lazy Commits 70%
Run Background DB Maintenance True
Databases 1 x DB (186GB), 3 Copies
Running Time 2 Hours

Databases and logs were stored on a DAS SSD drive, and the volume was GPT partitioned with 64K allocation units. ReFS Integrity checking was disabled for the volume using:

Format-Volume –DriveLetter X -FileSystem ReFS -AllocationUnitSize 65536 -SetIntegrityStreams $false

The drive supported hardware encryption for BitLocker, which offloads encryption to the drive. You can verify that hardware encryption is used after enabling BitLocker on the volume by inspecting the BitLocker status using the manage-bde utility or Get-BitLockerVolume cmdlet:

image

As you can see from the EncryptionMethod property, this volume is protected using hardware-based BitLocker encryption. Perhaps needless to say, but the CPU performance penalty is substantial when using BitLocker with software encryption, and this mode is not to be used with I/O intensive applications like Exchange.

The results from the JetStress tests are show in the following table:

JetStress Version 15.0.658.4
ESE.DLL 15.0.1076.9
Operating System 6.2.9200.0
Overall Test Result

Passed

Passed

 

Passed

Achieved Transactional IOPS

1,613.13

1,407.55

-13%

1,379.98

-14%

Database Reads Average Latency (msec)

8.53

10.50

-23%

9.73

-14%

Database Writes Average Latency (msec)

12.80

20.80

-63%

19.98

-56%

Database Reads/sec

895.25

787.08

-12%

769.47

-14%

Database Writes/sec

726.48

628.55

-13%

618.65

-15%

Database Reads Average Bytes

35,220.22

35,375.26

0%

35,437.64

1%

Database Writes Average Bytes

34,389.82

34,510.95

0%

34,496.88

0%

Log Reads Average Latency (msec)

4.64

5.06

-9%

5.00

-8%

Log Writes Average Latency (msec)

5.16

7.22

-40%

6.73

-30%

Log Reads/sec

18.64

16.29

-13%

16.08

-14%

Log Writes/sec

87.25

72.81

-17%

73.82

-15%

Log Reads Average Bytes

232,562.72

232,562.01

0%

232,562.30

0%

Log Writes Average Bytes

25,005.97

26,210.03

5%

25,589.45

2%

Avg. % Processor Time

4.28

3.66

14%

3.60

16%

Some observations and notes:

  • ReFS caused a ~13-14% IOPS drop when compared to NTFS.
  • Using ReFS resulted in increased I/O latencies, especially write operations.
  • ReFS had a positive impact on the processor utilization, lowering average utilization by around 15%.
  • For some reason, average write latencies were lower using ReFS with BitLocker rather than without it (~10%).

Given the impact of file system choice on I/O performance and CPU utilization, I hope next versions of Exchange Server Role Calculator will feature an option to select which file system will be used to store Exchange data, as the difference in I/O performance and CPU utilization between NTFS and ReFS seems significant. Though this small test was performed with Exchange 2013 running on Windows Server 2012 R2, It could be that Exchange 2016 or the next version of Windows Server 2016 contain changes that will diminish the differences or perhaps even grant ReFS an advantage over NTFS. This is something we will only know after these products have shipped, something worth investigating later this year.

The JetStress reports can be found here.

I will finish with a short disclaimer: This test was only performed to get an indication of performance impact of using different file systems with Exchange 2013 utilizing identical hardware. The results are purely indicative, and not necessarily representative for other configurations nor meant to provide guidance or proof. Always test and validate your configuration using tools like JetStress before putting Exchange in production.

The UC Architects Podcast Ep52

iTunes-Podcast-logo[1]Episode 52 of The UC Architects podcast is now available. This episode is hosted by Pat Richard, who is joined by Dave Stork and Tim Harrington. Editing was done by Andrew Price.

Some of the topics discussed in this episode are:

  • Exchange 2013 Performance Health Check Script
  • Upgrade to Office Configuration Analyzer Tool (OffCAT) version 2
  • Apple releases iOS 8.3 which fixes additional Exchange related Issues
  • Must-knows for migrating Public Folders to Exchange 2013
  • Using the Hybrid Configuration Wizard in Exchange Server 2013 (Part 4)
  • IIS Exploit can reboot your Windows 2008 Server R2 and up; install patch KB3042553 ASAP
  • Exchange 2013 CPU Sizing Checker
  • Office 365 now supports larger email messages—up to 150 MB
  • Office 365 datacenter map
  • Announcing “Office 365 for Exchange Professionals”
  • Potential impact on Lync and Skype for Business meeting join experience when Google Chrome is the default browser
  • PBX Replacement secret sauce… How to do a Loud Ringer in Lync / Skype for Business
  • Skype for Business client awareness and readiness resources
  • Skype for Business Server 2015 documentation now Live on TechNet
  • Lync Meeting Update Tool (32 bit) (UPDATED)
  • Skype for Business 2015 Protocol Workloads Poster
  • Federation Call Flow Skype for Business and Lync clients
  • Client Tool Available to download
  • Microsoft Ignite 2015
  • EventZero/The UC Architects party at Ignite
  • LyncDay becomes SkypeDays
  • UCBUG meeting 05/13/2015
  • UCDAY UK meeting 09/28/2015

You can download the podcast here or you can subscribe to the podcasts using iTunes, Zune or use the RSS feed.

About
The UC Architects is a bi-weekly community podcast by people with a passion for Unified Communications; our main focus is on Exchange, Lync or related subjects.

Ignite 2015, Takeaways

ignite ButtonDespite not being present, the information presented at Microsoft Ignite can be followed by monitoring certain sources on social media. Twitter still seems to be the platform of choice, but you may need to narrow down your stream of tweets using filters or only monitor a selected group of people. For example, the stream of tweets during the keynote using the hashtag #MSIgnite was overwhelming.

This post is an overview of things announced at Microsoft Ignite 2015 related to Exchange. Note that information presented at Ignite regarding Exchange 2016 was all subject to change as Exchange 2016 is still a work in progress.

Rumor on day 1 was that Microsoft Ignite is going to be in Chicago for the next 4 years as well. That is at least true for next year, as Microsoft announced that Ignite 2016 will be held in Chicago from May 9th to May 13th, 2016.

Roadmap

  • Exchange 2016 Public beta announced for Summer 2015. RTM is expected Fall/Winter 2015.
  • Customers can join the Exchange 2016 TAP program at http://aka.ms/joinoffice.
  • Office 2016 is now in Public Review, and is available at here.
  • Office Graph and Delve will be able to digest on-premises information via Hybrid connector and SharePoint 2016.

Architecture

  • Exchange 2016 will only have the Preferred Architecture multi-role setup, so no more CAS or Mailbox server-only deployments. Visible in Setup UI as well as Unattended setup (roles parameter).
  • The Edge role will be available in RTM.
  • More emphasis on Preferred Architecture, which isn’t very different for Exchange 2016 from Exchange 2013:
    • DAG design with unbound symmetrical model.
    • Four database copies (2 in each DC), 3 database copies and one lagged copy (7 days).
    • FSW in Azure or 3rd data center (preferred).
    • Single NIC for client and replication traffic.
    • Use commodity hardware with 20-24 core/up to 196GB nodes, utilizing JBOD with large disks, multiple databases per volume, Autoreseed with hot spare and using ReFS formatted, BitLocked encrypted data volumes.
    • Office WebApp Server farm in each DC with bound namespace and affinity.
  • Exchange 2016 MAPI/CDO is death – use RestAPI’s or Exchange Web Services (EWS).
  • MAPI/HTTP will be the default client protocol for Outlook with Exchange 2016. MAPI/HTTP will be a per-user setting in Exchange 2016. For Exchange 2013, the per-user setting will be introduced with a future CU.
  • Office WebApp Server required to view or edit Office documents from OWA 2016.
  • When required, scale up by add another node rather than scale up by adding resources like CPU or memory.
  • DAGs spanning more than 2 data centers are not recommended.
  • Use public and private namespace for Exchange 2016 Outlook Anywhere to leverage Kerberos for internal authentication.
  • For Exchange 2016, claims-based authentication will require Windows 2016 ADFS (version 4?).
  • The Exchange team put up a blog post on Exchange 2016 architecture here.

image image

Deployment

  • Exchange 2016 can proxy traffic from Exchange 2013 (down-level proxy)  and vice-versa (up-level proxy). This means you don’t have to upgrade Exchange servers in your internet-facing site prior to upgrading other locations. Up-level proxy transition is preferred.
  • Exchange 2010 to Exchange 2016 transition path is same experience as Exchange 2010 to Exchange 2013. Regarding Kerberos authentication, check guidance here.
  • Exchange 2016 can co-exist with Exchange 2010 SP3 RU11+ or Exchange 2013 CU10+. Exchange 2013 + 2016 can share one single Alternate Service Account (ASA) for Kerberos authentication.
  • There is no co-existence possible with Exchange 2007, which means you will need to perform a double-hop migration if you want to transition from Exchange 2007 to Exchange 2016.
  • Exchange 2016 will support installation on Windows Server 2012 R2 and Windows Server 10 (2016).
  • Exchange 2016 will require Windows Server 2008 R2 Forest and Domain Functional Levels or up, running at least on Windows Server 2008 R2 domain controllers.
  • Exchange 2016 will support at least Outlook 2010 SP2 with KB2956191 and KB2965295, Outlook 2013 SP1 with KB3020812, and Outlook 2016 desktop clients.
  • Exchange 2016 will require .NET Framework 4.5.2. Scalability improvements coming in .NET Framework 4.6 (release candidate in preview, don’t install yet).
  • Office WebApp Server can’t be installed on Exchange 2016 server, and requires web publishing through bound namespace (and thus possibly certificate implications) anywhere you want to work with attachments from OWA 2016. Don’t expose internal Office WebApp namespace externally. Use Set-OrganizationConfig -WACDiscoveryEndpoint and restart MSExchangeOWAAppPool to configure Office WebApp Server for OWA.
  • Certificate names required:
    • Exchange 2010 + 2016: Bound= 12, Unbound= 7
    • Exchange 2013 + 2016: Bound= 10, Unbound= 7
    • Exchange 2010 + 2013+ 2016: Bound= 10, Unbound= 7
    • Of course, internal MAPI endpoints do not require entry on certificate.
  • Use a dedicated Active Directory site to install and configure Exchange before moving them to a production site.
  • Exchange 2013 and Exchange 2016 introduce new OAB, specify existing OAB on all mailbox databases before installing Exchange 2013/2016.
  • After introducing Exchange 2016 to your environment, move the SystemMailbox{e0dc1c29-89c3-4034-b678-e6c29d823ed9} system mailbox to Exchange 2016, or you won’t be able to export admin audit logs, perform In-Place discovery searches etc.
  • When dimensioning your Exchange deployment, use the calculator.
  • By disabling an Anti-Virus product for troubleshooting, you don’t remove their filter driver. Uninstall if you suspect AV product, or use fltmc to list or unload filter driver.
  • Recommended to set lagged copies to 7 days delay.
  • Exchange 2016 will allow adding mailbox database copies with ConfigurationOnly to postpone automatic seeding. Fast Database Reseeds allows for up to 10 parallel reseeds.
  • On the Exchange server configuration:
    • Use “High Performance” Power Plan.
    • Disable Hyperthreading in physical deployments.
    • Use battery-backed storage controller with 1:3 Read:Write ratio.
    • For RAID, use stripe sets of 1+ factors of 256KB
    • Use GPT partitions
    • Host Exchange binaries on NTFS with 64K cluster size.
    • Host Exchange data on ReFS volumes with Data Integrity Feats disabled.
    • Use BitLocker to secure Exchange volumes.
    • Use JetStress with BitLocker and Virus Scanner if you’re going to use those in production.
    • Do not disable entire IPv6 stack.
    • Do not disable Exchange services post installation.
    • Do not restrict the dynamic TCP port range, e.g. do not use ‘netsh int ipv4 set dynamicport tcp startport=X numberofports=Y‘.
    • Use Exchange Health Checker script to verify configuration, available here.

Exchange 2016 Client Connectivity rpcreq

Virtualization

  • Exchange 2013 deployments are now supported on Azure IaaS virtual machine for production environments when using Azure Premium Storage. Amazon AWS is not supported. Most cost-effective remains Exchange On-Premises on physical hardware (or Exchange Online). Official guidance has been updated to reflect this here.
  • When virtualizing Exhange:
    • Do not use memory overcommit.
    • Hyperthreading is OK, but size for physical cores.
    • Do not oversubscribe CPUs, causes queue growth, increased IOPS due to lower indexing throughput, RPC latency issues.
    • Size like physical deployment, but add overhead for CPU (10%).
  • Exchange 2013 now supports Dynamic VHDX (not VHD!) disks for Hyper-V deployments. Will apply to Exchange 2016 as well. JetStress tests showed only 2% additional writes penalty for VHDX (for VHD 20%).

Storage

  • Exchange 2016 will require 22% lower IOPS when compared to Exchange 2013 RTM. That means that since Exchange 2003 with 1 IOPS per mailbox, we are down to 0.04875 IOPS per mailbox.
  • Search index will use passive database copies for indexing, instead of copying indexes from the active copy.
  • Delayed LAG play down, depending on disk health (delayed if disk latency more than  20ms). Replay Lag Manager will be enabled by default, for automatic play down of lagged copies when insufficient copies remain available.
  • Usage of ReFS for Exchange data volumes should result in less corruption, thus less reseeds or rebuilds. Exchange 2016 can detect database corruption through DB Divergence Detection. Loose Truncation will make sure Log Files won’t fill up disk space after extended outages.
  • Exchange 2013 and later will report more accurately on mailbox sizes. Accommodate for 30% increase when moving mailboxes from Exchange 2010 or earlier.
  • Autoreseed in Exchange 2016 can fix a single database on a volume.
  • Exchange 2016 Workload Management (WLM) adds Disk Latency Monitor. Can throttle non-critical workloads based on measured disk latencies.
  • Exchange 2016 adds predictive controller or hard disk failure, based on disk read and write latency trends, bad block detection or disk failures.

Exchange IOPS

Availability

  • Database Availability Groups are now by default deployed without an cluster administrative access point or cluster name object (CNO). This reduces complexity and dependencies, but you may need to check with for example your backup vendor as many 3rd party products still access Exchange through this CNO.
  • Exchange 2016 database fail-overs will be 33% faster. Given that Exchange 2013 database fail-overs are about 10 seconds, that should mean they are down to 6-7 seconds.
  • Recommended load-balancing configuration for Exchange 2016 is single namespace, Layer 7 and no affinity. Use load balancer with per-service monitors and features like Slow Ramp (F5) or Least Connections with Slow Start Time (KEMP) to grant servers time to initialize and warm-up.
  • Office WebApp Server requires affinity on the load-balancer.
  • As Exchange 2016 can proxy traffic to Exchange 2013 and vice-versa, both versions can co-exist in the same load balancer server pool.
  • Get-MailboxServerRedundancy allows to prioritize repairs and upgrades by inspecting the DAG member servers, database copies and their state.

image.pngclientreq

Management

  • You can manage Exchange 2016 objects from Exchange 2013 Management Shell and Administrative Console and vice-versa. Limited for Exchange 2010, recommended to use Exchange 2010 management tools to manage Exchange 2010.
  • An Exchange 2013 Managed Availability tool was released (MATS) to assist in troubleshooting and diving in the Management Availability related events. The tool is available here.
  • ExMon, the Exchange Server User Monitor, will be back.
  • Exchange 2016 Workload Management introduces policies to limit or block mailbox moves during peak hours.

Exchange Limit Moves

Public Folders

  • Modern Public Folder migration scripts in $exscripts folder are likely to be outdated. Always use the latest Modern Public Folder migration scripts, which are available here.
  • It’s recommended to host Modern Public Folders in dedicated databases.
  • Modern Public Folders are here to stay, but emphasis will shift to Office 365 Groups. Groups are also expected to replace Distribution Lists. Distribution List naming policies will help enforcing naming policy on Groups. Tool named ‘Hummingbird’ to be made available to move from DL to Groups, or script conversion using new UnifiedGroup cmdlets.

Compliance

  • Exchange 2016 will allow you to put Public Folders on In-Place Hold.

Features

  • Modern attachments in Outlook 2016, Exchange 2016 and SharePoint 2016 allows on-premises customers to offload attachment storage to SharePoint, just sending a link and setting permissions through Outlook. Also, Outlook 2016 contains a convenient MRU list to select recently touched Office documents as attachment. Note that SharePoint is on the roadmap for 2016, which could imply that modern attachments will not be available when Exchange 2016 RTM’s.
  • OWA 2016 will contain a revised ribbon with additional buttons to triage e-mail more quickly, e.g. for archiving or sweep (similar to functionality currently found in outlook.com formerly known as Hotmail). It also contains an Undo button.
  • Outlook 2016 and Exchange 2016 will use always search online. Hopefully this will result in consistent search results between Outlook, OWA and ActiveSync devices.
  • Being able to restore items from the recoverable items with folder preservation is on Microsoft’s radar.

Exchange Hybrid

  • Hybrid Configuration Wizard is now downloadable app, similar to previous OAuth configuration step in HCW. It works with Exchange 2013 and Exchange 2016 deployments, contains AADSync multi-forest support, and OAuth enhancements for MFA configuration. Allows team to introduce changes more quickly.
  • When configuring Hybrid, point your MX records to Exchange Online Protection (EOP) to prevent possible issues with SPF, DMARC or DKIM. This however requires EOP licenses at day 1.
  • 3rd party SMTP gateways sitting between Exchange On-Premises and EOP is not supported.
  • New Hybrid Migration troubleshooter can be found here.
  • Be advised that Exchange Hybrid is not compatible with Alternate Login ID or AlternateID for short. More information here.

Exchange Online / Office 365

  • Exchange Online runs 50.000+ servers hosting 1.2M database copies. Every month, 3.5M database fail-overs occur, 100’s server fail, while adding 1000’s of servers. Still, Exchange Online maintains an availability rate of 99.95%!
  • The Office 365 first release option, which will receive updates and new features first, will have the option to enable this option for the entire organization or per user.
  • Document Tracking now live in Office 365 and clients when using the Azure RMS connector. More information here.
  • Latest Azure Active Directory Sync has password write-back, so passwords changes in Office 365 are synced back to Active Directory on-premises. Get it here.
  • Currently in preview for Azure Active Directory Sync are user write-back (user created in Office 365 is synced back to Active Directory on-premises) and Groups write-back.
  • Office 365 to introduce dynamic Office 365 Groups, which will utilize recipient filters against Azure AD, and auto-expiring and other controls for Office 365 Groups housekeeping.

Note that you can download the Ignite session videos and slides for offline viewing as they become available. A script to accomplish this is available here.

Special thanks to Jeff Guillet, Dave Stork, Andy David, Tony Redmond, Bhargav Shukla John Barsodi, Nathan O’Bryan, John A Cook, Greg Tiber, Ingo Gegenwarth, Richard Hay, Jetze Mellema and Randall Vogsland for keeping us Exchange peeps updated from Ignite!

Ignite 2015 Session Download Script

ignite ButtonYesterday was the first day of Ignite, and Exchange fellow Tony Redmond put up a nice summary of the first day, keynoted included, here.

For those not attending Microsoft Ignite, attending different sessions or not able to enter a session because the room was full, Microsoft publishes Ignite sessions on Channel 9. Because you may want to watch sessions offline, some people created scripts to retrieve all session videos and slidedecks.

Here is a slightly modified script, originally from Claus Nielsen, to download all Microsoft Ignite 2015 videos and slidedecks as the become available on Channel9. You can select sessions based on category or speaker, which helps narrowing down the contents offered at Ignite to sessions you are interested in. The script also allows you to download other session videos and decks, for example from Build 2015 or last year’s TechEd NA.

You can download the script from the TechNet Gallery here.

HCW fails on intra-organization configuration

o365logoFor my lab, I often have to recreate the Exchange Hybrid configuration for a fresh setup of Exchange On-Premises using formerly used namespaces. Normally you would just run the Exchange Hybrid Configuration Wizard (HCW) after configuring certificates and endpoint URLs. If you don’t clean up the previous configuration information from your tenant upfront, you may then run in the following error message when running the HCW:

Updating hybrid configuration failed with error ‎’Subtask Configure execution failed: Configure IntraOrganization Connector Execution of the Get-IntraOrganizationConfiguration cmdlet has thrown an exception. This may indicate invalid parameters in your hybrid configuration settings. Multiple OnPremises configuration objects were found. Please use the OrganizationGuid parameter to select a specific OnPremises configuration object.

Multiple OnPremises configuration objects indicates there are multiple intra-organization objects defined in your tenant. You can clean up previous intra-organization configuration objects from your tenant as follows:

  1. First, in your Exchange On-Premises environment, run the Get-OrganizationConfig cmdlet from the Exchange Management Shell:
    image
  2. Copy the Guid value, in the example 1a95d446-ff56-4399-a95e-8ab46c30912b.
  3. Connect to Exchange Online (instruction here).
  4. Check the existing On-Premises definitions in your tenant by running Get-OnPremisesOrganization. There should be more than 1 entry.
  5. To remove the orphaned objects, remove all the objects that don’t match the Organization Guid you retrieved from your On-Premises environment earlier, e.g.:Get-OnPremisesOrganization | Where { $_.OrganizationGuid –ne ‘1a95d446-ff56-4399-a95e-8ab46c30912b’ } | Remove-OnPremisesOrganization
    image
  6. Now you could try re-running the HCW immediately, but chances are you will run in another error caused by orphaned intra-organization connectors (IOC). In those cases, when the HCW tries to run New-IntraOrganizationConnector, it will fail as the namespace defined by TargetAddressDomains is already in use by an existing connector, and ‘The domain <domain> already exists in another intra-organization connector’ is reported. Those connectors, named ‘HybridIOC – ’, where GUID is the Guid of previously used organizations, exist in your tenant. In your Exchange Online session, run the following cmdlet to remove orphaned connector definitions:Get-IntraOrganizationConnector | Where { $_.Identity –ne ‘HybridIOC – 1a95d446-ff56-4399-a95e-8ab46c30912b’ } | Remove-IntraOrganizationConnector
    image
  7. While you’re at it, you also might want to remove previously created connectors. Again, in your Exchange Online session, run the following cmdlets to remove orphaned inbound and outbound connectors (again, using the previously noted Organization GUID):
    Get-OutboundConnector | Where { $_.Identity –ne ‘Outbound to 1a95d446-ff56-4399-a95e-8ab46c30912b’ } | Remove-OutboundConnector
    Get-InboundConnector | Where { $_.Identity –ne ‘Inbound from 1a95d446-ff56-4399-a95e-8ab46c30912b’ } | Remove-InboundConnector

After removing these orphaned objects, you should be able to run the HCW succesfully.

Official 70-341 and 70-342 Preparation Books

mcse-messagingFor those striving for Exchange certification, there is nothing like good written material to prepare you for the exam at hand. Of course, hands-on experience is invaluable, but it could be you don’t know where to start, and find TechNet contents great for reference but more written with the support audience in mind. In those cases, you may need more guidance through the exam subjects, as with a regular course.

In this situation, the following two recently released Microsoft Press titles may be of interest:

Both books are the official preparation material for the exams, and they written by authors with proper field experience. Also, both Bhargav and Reid teached on the Microsoft Certified Master (MCM/MCSM) program at Microsoft in Redmond. If getting certified for Exchange 2013 is on your personal roadmap, be sure to check out these titles.

On another note, fellow Exchange MVP’s Tony Redmond, Michael van Horenbeeck and Paul Cunningham, together Jeff Guillet in the role of technical editor, will self-publish an e-book-only title, called “Office 365 for Exchange Professionals”. Intention of self-publishing an e-book-only title is to be able to incorporate Office 365 service changes more often. They plan to have it ready before Microsoft Ignite in 2 weeks time.

If you are looking for titles on Exchange or Exchange-related subject such as PowerShell or Active Directory, be sure to check out my section of recommended titles here.