Exchange2013-KB2997355-FixIt-v2

Ex2013 LogoAs mentioned earlier, when you have deployed Exchange Server 2013 Cumulative Update 6 in a Hybrid deployment, several Office 365-related mailbox functions will not show up in the Exchange Admin Center (EAC). The issue was identified by Microsoft in KB2997355 and a fix was published.

However, the script to fix the issue looks for the XAML file in the default Program Files folder, using the default Exchange installation folder. Better is to check the actual Exchange installation folder, which can easily be accomplished in Exchange Management Shell using the $exinstall environment variable, or by reading the folder from the registry.

To help those installing Exchange in a non-default installation folder, and I know there are quite a few of you out there, who are hesitant to correcting the installation path in the provided FixIt script, I have create an alternative version of the Exchange2013-KB2997355-FixIt script. This version will read the installation path from the registry. Not disturbing but changed as well is correcting the XAML file in one go, unlike the official script which performs 3 consecutive read/modify/write actions on the same file.

You can download the Exchange2013-KB2997355-FixIt-v2.ps1 script here.

 

Exchange-Processor Query Tool: PowerShell Edition

powershellAnyone sizing for Exchange Server 2013 or even still Exchange Server 2010, using the Server Role Requirements Calculator, has to determine processor requirements at some point. This is accomplished by looking up the SPECint_rate2006 score of the planned processor configuration and matching that against the calculated number of required megacycles by the calculator. To account for fail-over situations, additional overhead needs to be added to the number of megacycles. The process as part of the overall sizing has been explained in detail by Jeff Mealiffe here.

The Exchange consultants’ Swiss army knife when determining SPECint rates is the Exchange Processor Query Tool, an Excel sheet designed by Scott Alexander from Microsoft, which allows you to easily look up and determine the SPECint_rate2006 value by inputting a processor model. While still useful, the tool has been out there since 2011. Also, it would be nice sometimes to see which systems are eligible for a certain sizing specification, rather than validating if the planned processor configuration meets the sizing requirements.

So, I wrote a PowerShell script which can query the SPECint rates for you. Because the rating scores are returned as objects, you can perform additional tasks using PowerShell functionality, such as:

  • Use additional criteria, such as vendor, min/max number of cores, etc.
  • Calculate the average SPECint2006 Rate Value for a certain CPU/cores configuration.
  • You can use the SPECint value calculated by the Server Role Requirements Calculator  to find hardware configurations which meet the required total megacycles requirements, optionally including a required overhead percentage.
  • You can select if you are sizing for Exchange Server 2010 or Exchange Server 2013.

Requirements
The script requires PowerShell and internet access to query the SPECint database.

Usage
The script is called Exchange-PQT.ps1, in honor of the Processor Query Tool (PQT).  The syntax is as follows:

Exchange-PQT.ps1 [-CPU <String>] [-Vendor <String>] [-System <String>] [-Overhead <Int32>] [-MinMegaCycles <Int32>] [-Type <String>] [-MinCores <Int32>] [-MaxCores <Int32>] [-MinChips <Int32>] [-MaxChips <Int32>] [<CommonParameters>]

The information returned and which you can use for post-processing is: Vendor, System, CPU (processor description), Cores, Chips (number of CPU’s), CoresPerChip (number of Cores per CPU), Speed, Result, Baseline, MCyclesPerCore (megacycles per core), MCyclesTotal (total megacycles), OS and Published. Note that megacycles calculations are based on the selected Exchange version, by default this is Exchange Server 2013.

A quick walk-through on the parameters:

  • CPU, Vendor or System can be used for partial matching on the respective attribute.
  • Type specifies what calculation to perform. Possible values are 2010 for Exchange Server 2010 and 2013 for Exchange Server 2013. Default value is 2013.
  • MinCores/MaxCores can be used to only return information for systems with this minimum or maximum number of cores. Note that you can not use MinCores and MaxCores at the same time.
  • MinChips/MaxChips can be used to only return information for systems with this minimum or maximum number of CPU’s. Note that you can not use MinChips and MaxChpis at the same time.
  • MinMegaCycles can be used to specify a treshold for the total megacycles value for returned items, using the specified Type for calculations.
  • Overhead can optionally be used to take into account a certain percentage for megacycles overhead. Default is 0 (0%).

Few notes:

  • MinCores/MaxCores and MinChips/MaxChips are mutually exclusive, because we can not specify both in the query against the SPECint database. However, you can use additional filtering on objects returned in the pipeline to distill information, e.g.
    Exchange-PQT.ps1 –MaxCores 32 –MaxChips 8 | Where { $_.Cores –ge 4 –and $_.Chips –ge 2}. 

    Do note that usage of these parameters is recommended when possibe, as it will minimize the result set from SPECint.

  • Make sure you set Type to 2010 when sizing for Exchange 2010.

Examples

Lookup the specifications of the server used by Jeff in his sizing example (Hewlett-Packard DL380p Gen8 server with Intel Xeon E5-2630 processors @2.30GHz). You will notice 25,481 is slightly off from Jeff’s 25,479, which is due to Jeff rounding numbers:

.\Exchange-PQT.ps1 -System 'DL380p Gen8'  -CPU 2630 | select System,MCycle*

Search all specs for systems from Dell containing x5470 processors and return megacycle information for Exchange 2010 calculations:

.\Exchange-PQT.ps1 -CPU x5470 -Vendor 'Dell Inc.' -Type 2010 | Select System,*cycle*

image

Calculate average SPECint 2006 rate values for  hex-core x5450 systems:

.\Exchange-PQT.ps1 -CPU x5470 | Where { $_.Cores -eq 8 } | Measure -Average Result

Search all specs for Dell systems using x5670 CPUs, with a minimum total of 16,000 megacycles and 20% megacycle overhead:

.\Exchange-PQT.ps1 –Vendor Dell -CPU x5670  -MinMegaCycles 16000 -Overhead 20 

image

Download
You can download the script from the TechNet Gallery page.

Feedback
Feedback is welcomed through the comments. If you got scripting suggestions or questions, do not hesitate using the contact form.

Revision History
See TechNet Gallery page.

Hybrid EAC, Ex2007 & In-Place Hold issues in Ex2013 CU6

Ex2013 LogoLast update September 2nd, 2014: Microsoft has released a ‘fix’ to correct the EAC issue. It is available through KB2997355. Be advised that the fix uses the default Program Files folder. If you have installed Exchange in a different location, I suggest using Exchange2013-KB2997355-FixIt-v2. Also added information on a serious In-Place Hold issue to this post.

Just a few days after the release of Exchange 2013 Cumulative Update 6, some issues have been identified which could pose issues for organizations utilizing Exchange 2013 Hybrid deployments, or organizations using Exchange 2013 in co-existence with Exchange 2007.

First, Exchange MVP fellow Jeff Guillet discovered that, when you have deployed Exchange 2013 CU6 on-premises in a Hybrid scenario, several Office 365-related mailbox functions will not show up in the Exchange Admin Center (EAC), e.g.

  • Create mailboxes in Exchange Online.
  • Move mailboxes to Exchange Online.
  • Create In-Place Archive mailboxes.

Of course, this functionality remains available when using Exchange Management Shell (EMS), or alternatively use the Office 365 Portal where possible. The severity of this issue therefor depends on how your operations procedures make use of these functions in EAC. This issue has been confirmed in KB2997355, which contains a fix but I suggest using my adjusted version available here, which will use the actual Exchange installation folder instead of assuming Exchange is installed using the default installation path.

The second issue was reported by another Exchange MVP, Ratish Nair. When using Exchange 2013 in co-existence with Exchange 2007, access to delegated mailboxes may cause Exchange 2013 databases to fail-over (or dismounts when you have single copies of databases) due to Microsoft.Exchange.Worker.Store crashing. This only happens when the user’s mailbox is on hosted on Exchange 2007 and the delegate mailbox is on Exchange 2013 CU6. This issue has been confirmed in KB2997209 which contains a link to request the related hotfix.

On a more serious note, Exchange MVP Tony Redmond reported that a serious flaw has been discovered in OWA, which allows delegates to bypass In-Place Hold and remove entire folders from a mailbox without a trace. This applies to Exchange Server 2013 as well as Office 365. Meanwhile, Microsoft has acknowledged the issue in KB2996477. Suggested workarounds are to put delegate mailboxes on In-Place Hold as well or to disable OWA access for those delegates.

The UC Architects Podcast Ep42

iTunes-Podcast-logo[1]Episode 42 of The UC Architects podcast is now available, which is hosted by Pat Richard, who is joined by John A. Cook, Tom Arbuthnot and yours truly. Editing was done by Andrew Price.

Some of the topics discussed in this episode are:

  • Tool: PelNet v2.0
  • Managed Availability Probes
  • Skype for Desktop Settings – Set-SkypeClientPreferences withPowerShell
  • New firmware for LPE devices
  • Desktop sharing update
  • New Tool: Lync Common Area Phone Management (GUI)
  • Lync SDN For Dummies
  • Lync Anonymous Response Group Limitations and Field Notes
  • Practical use of Call Quality Methodology
  • New Tool: Event Zero Broadcast IM tool
  • Lync Server 2013 Cumulative Update (flex fabric update)
  • Static route for Edge server internal interfaces
  • UC Architects @ Connections speakers and Scheduled Maintenance party
  • Norwegian Lync Day
  • TechEd Europe 2014
  • Northern UC User Group

More information on the podcast including references and a link to download the podcast here or you can subscribe to the podcasts using iTunes, Zune or use the RSS feed.

About
The UC Architects is a bi-weekly community podcast by people with a passion for Unified Communications; our main focus is on Exchange, Lync or related subjects.

Exchange 2013 Cumulative Update 6

Note: There are some known issues with CU6 RTM concerning Hybrid environments and when used in co-existence with Exhange 2007. Please check this post for updates.

Today, Cumulative Update 6 for Exchange Server 2013 was released by the Exchange Team (KB2936880). This update raises Exchange 2013 version number to 15.0.995.29.

This Cumulative Update increases the Public Folder for Exchange On-Premises to 100,000. It also fixes the ‘Hybrid Configuration Wizard ‘Subtask Checkprereqs Execution Failed’ issue I blogged about here (2988229).

This Cumulative Update contains the following fixes:

  • 2983512 RPC Client Access service crashes on an on-premises Mailbox server in an Exchange Server 2013 hybrid environment
  • 2983426 AutodiscoverSelfTestProbe fails when external URL is not set for EWS virtual directory in Exchange Server 2013
  • 2983423 AutodiscoverSelfTestProbe fails when external URL is not set for ECP virtual directory in Exchange Server 2013
  • 2983422 The ServerWideOffline component is set to Inactive after Exchange Server 2013 prerequisite check fails
  • 2983207 “532 5.3.2″ NDR when you send an email message to a hidden mailbox in an Exchange Server 2013 environment
  • 2983066 Removed Default or Anonymous permission for Outlook folders cannot be restored in an Exchange Server 2013 environment
  • 2982769 “Topology service cannot find the OWA service” when you perform an eDiscovery search in Exchange Server 2013
  • 2982763 Mail-enabled public folder accepts email messages from unauthorized users in an Exchange Server 2013 environment
  • 2982762 OAB generation arbitration mailbox can be removed or disabled in an Exchange Server 2013 environment
  • 2982760 The Enter key submits duplicate sign-in forms to Outlook Web App in an Exchange Server 2013 environment
  • 2982759 You cannot access the archive mailbox of a delegated user after enabling MAPI over HTTP
  • 2982017 Incorrect voice mail message duration in an Exchange Server 2013 environment
  • 2981835 You cannot add attachments, delete or move many email messages in bulk in Outlook Web App
  • 2981466 MAPI/CDO client cannot connect to Exchange Server 2013
  • 2977279 You cannot disable journaling for protected voice mail in an Exchange Server 2013 environment
  • 2975599 Exchange Server 2010 public folder replication fails in an Exchange Server 2013 environment
  • 2975003 Calendar item body disappears in Outlook online mode in an Exchange Server 2013 environment
  • 2974339 OAB generation fails if FIPS is used in an Exchange Server 2013 environment
  • 2971270 Blank page after you sign in to Exchange Server 2013 EAC (formerly ECP)
  • 2970040 Folder Assistant rule does not work correctly in an Exchange Server 2013 environment
  • 2965689 EAS device cannot sync free/busy status if an item is created by EWS in an Exchange Server 2013 environment
  • 2963590 Message routing latency if IPv6 is enabled in Exchange Server 2013
  • 2961715 “Something went wrong” error in Outlook Web App may show an incorrect date
  • 2958434 Users cannot access mailboxes in OWA or EAS when mailbox database is removed

Notes:

  • There are some additional changes in the way Public Folders operate. Consult this article from the Exchange team for details on these changes.
  • When using Exchange hybrid deployments or Exchange Online Archiving (EOA), you are required to keep up to date.
  • Be advised of OAB architectural changes introduced with CU5 which are documented here. If you are affected, it is recommended to update CAS servers prior to Mailbox servers.
  • If you have installed the Interim Update to fix Hybrid Configuration Wizard, you can install the Cumulative Update over it – there is no need to uninstall the IU prior to installing CU6.

This Cumulative Update includes schema and AD changes, so make sure you run PrepareSchema / PrepareAD. After updating, the schema version will be 15303.

Note that Cumulative Updates can be installed directly, i.e. no need to install RTM or Service Packs prior to installing Cumulative Updates. Note that once installed, you can’t uninstall a Cumulative Update nor any of the installed Exchange server roles. The order of upgrading servers is irrelevant, unlike with previous generations of Exchange.

Finally, and I can’t emphasize this enough: For any Hotfix, Rollup, Service Pack or Cumulative Update, I’d recommend to thoroughly test this in a test and acceptance environment first, prior to implementing it in production. When you lack such facilities, hold out a week or two and monitor the comments on the release article or TechNet forum for any issues.

You can download Exchange 2013 Cumulative Update 6 here; UM Language Packs can be found here. More details about these changes, preparing Active Directory or installing this Cumulative Update can be found in the original announcement.

Exchange 2010 SP3 Rollup 7

Exchange 2010 LogoToday the Exchange Team released Rollup 7 for Exchange Server 2010 Service Pack 3 (KB2961522). This update raises Exchange 2010 version number to 14.3.210.2.

This Rollup includes the following fixes:

  • 2983261 “HTTP 400 – Bad Request” error when you open a shared mailbox in Outlook Web App in an Exchange Server 2010 environment
  • 2982873 Outlook Web App logon times out in an Exchange Server 2010 environment
  • 2980300 Event 4999 is logged when the World Wide Web publishing service crashes after you install Exchange Server 2010 SP3
  • 2979253 Email messages that contain invalid control characters cannot be retrieved by an EWS-based application
  • 2978645 S/MIME option disappears when you use Outlook Web App in Internet Explorer 11 in an Exchange Server 2010 environment
  • 2977410 Email attachments are not visible in Outlook or other MAPI clients in an Exchange Server 2010 environment
  • 2976887 eDiscovery search fails if an on-premises Exchange Server 2010 mailbox has an Exchange Online archive mailbox
  • 2976322 Assistant stops processing new requests when Events in Queue value exceeds 500 in Exchange Server 2010
  • 2975988 S/MIME certificates with EKU Any Purpose (2.5.29.37.0) are not included in OAB in Exchange Server 2010
  • 2966923 Domain controller is overloaded after you change Active Directory configurations in Exchange Server 2010

Notes:

  • If you want to speed up the update process for systems without internet access, you can follow the procedure described here to disable publisher’s certificate revocation checking.
  • If you got a DAG and want to properly update the DAG members, check the instructions here.
  • Rollups are cumulative per service pack level, i.e. they contain fixes released in earlier update Rollups for the same product level (RTM, SP). This means you don’t need to install previous Rollups during a fresh installation but can start with the latest Rollup package.

As with any Hotfix, Rollup or Service Pack, I’d recommend to thoroughly test this rollup in a test and acceptance environment first, prior to implementing it in production.

You can download Exchange 2010 SP3 Rollup 7 here.

Exchange 2007 SP3 Rollup 14

exchange2007logo2[1]Today the Exchange Team released Rollup 14 for Exchange Server 2007 Service Pack 3 (KB2936861). This update raises Exchange 2007 version number to 8.3.379.2.

This Rollup introduces daylight saving times (DST) changes.

Notes:

  • When running ForeFront Protection for Exchange, make sure you disable ForeFront before installing the rollup and re-enable it afterwards, otherwise the Information Store and Transport services may not start. You can disable ForeFront using fscutility /disable and enable it using the fscutility /enable command;
  • If you want to speed up the update process for systems without internet access, you can follow the procedure described here to disable publisher’s certificate revocation checking;
  • Rollups are cumulative per service pack level, i.e. they contain fixes released in earlier update Rollups for the same product level (RTM, SP). This means you don’t need to install previous Rollups during a fresh installation but can start with the latest Rollup package.

As with any Hotfix, Rollup or Service Pack, I’d recommend to thoroughly test this rollup in a test and acceptance environment first, prior to implementing it in production.

You can download Exchange 2007 SP3 Rollup 14 here.

Impersonation: To be, or pretend to be

imageAs frequent readers of this blog may know, I made several Exchange-related scripts available to the community. Some of these scripts make use of what is called Exchange Web Services (EWS). I receive lots of questions via e-mail and through the comments about configuring impersonation or permission-related issues when running those scripts, which support delegated access as well as impersonation, against mailboxes. This blog shows how can configure delegation, why you should use impersonation, and how to configure impersonation on Exchange 2007 up to Exchange 2013 and Exchange Online in Office 365.

Introduction

EWS provides functionality to allow client applications, such as Outlook or OWA apps, tools, or in my case scripts, to communicate with Exchange server. Even Exchange itself makes uses of EWS when performing Free/Busy lookups by the Availability services for example. EWS was introduced in Exchange Server 2007 back in December 2006, which now seems decades ago.

Some of these EWS scripts or tools access or even manipulate mailbox contents. In the MAPI era, in order for you to access a mailbox that’s not yours, you required delegated full access permissions. These permissions could be granted at the mailbox, mailbox database or mailbox server level. The latter would grant you access to all mailboxes hosted in that mailbox database. For example, to grant an account Archibald full access permission on the mailbox of Nestor, you would typically use something like:

Add-MailboxPermission –Identity Nestor –User Archibald –AccessRights FullAccess –InheritanceType All

Note: Specifying InheritanceType is sometimes overlooked. Not specifying it only configures an Access Control Entry (ACE) on the top level folder (InheritanceType None), resulting in symptoms like scripts not processing subfolders for example.

EWS enables you to use another access method besides delegation, which is impersonation. Impersonation, as the many online available dictionaries may tell to you, is ‘an act of pretending to be another person for the purpose of entertainment or fraud’ or something along those lines. In the Exchange world, this means you can have an account which has the permission to pretend to be the owner of the mailbox, including being subject to the same effective permissions. So, if for some reason the owner only has Read permission on a certain folder, so will the impersonator. Typical use cases for impersonation are for example applications for archiving, reporting or migration, but also scheduled scripts that need to process mailboxes could be one.

Before we dive into the configuration itself, first some of the reasons why you should should prefer Impersonation over delegated access:

  • No mailbox needed for the account requesting access.
  • Throttling benefits, since the operation is subject to the throttling policy settings configured on the mailbox accessed, not the throttling policy configured on the mailbox requesting access. To bypass these delegate limits, one had to configure and assign a separate throttling policy with no limits for the account. Of course, a bad behaving application could then run without boundaries from a resource perspective, something throttling policies try to limit.
  • In Exchange 2010 and up, impersonation leverages Role Based Access Control, which is better manageable than a collection of distributed  ACEs.
  • Actions performed by the impersonator are on behalf of the impersonated. This may complicate auditing, as logging will come up with actions performed by the impersonated user, not the impersonator.

Note that where ‘user’ is specified below with regards to granting permissions, one could also specify a security group as well unless mentioned otherwise.

Impersonation on Exchange 2007

On Exchange 2007, you configure impersonation by granting the following two permissions:

  • The ms-Exch-EPI-Impersonation permission grants the impersonator the right to submit impersonation calls. It is configured on Client Access Servers. This does not grant the impersonation right, just the right the make the call through a CAS server.
  • The ms-Exch-EPI-May-Impersonate when granted, allows the impersonator to impersonate selected accounts.

To configure these permissions in your Exchange 2007 environment, use:

Get-ClientAccessServer | Add-AdPermission –User svcExchangeScripts –ExtendedRights ms-Exch-EPI-Impersonation

Then, we can configure impersonation permission on the mailbox level:

Get-Mailbox Tintin| Add-ADPermission –User svcExchangeScripts –ExtendedRights ms-Exch-EPI-May-Impersonate

on the database level:

Get-MailboxDatabase MailboxDB1 | Add-ADPermission –User svcExchangeScripts –ExtendedRights ms-Exch-EPI-May-Impersonate

or mailbox server level:

Get-MailboxServer MailboxServer1 | Add-ADPermission –User svcExchangeScripts –ExtendedRights ms-Exch-EPI-May-Impersonate

Be advised that members of the various built-in Admin groups are by default explicitly denied impersonation permissions on the server and database level, and deny overrules allow. You will notice this when querying impersonation configuration settings, for example on the database level (in the screenshot example, olrik was granted impersonation permissions):

Get-MailboxDatabase | Get-AdPermission | Where { $_.ExtendedRights –like ‘ms-Exch-EPI-Impersonation’} | Format-Table Identity, User, Deny, IsInherited, ExtendedRights –AutoSize

 image

Note that permissions assigned on the mailbox may not immediately be reflected as you are administering them in Active Directory. Changes in Active Directory are subject to AD replication, and the Exchange Information Store caches information for up to 2 hours, so worst case it may take up to 2 hours and 15 minutes for new permission settings to be re-read from Active Directory.

Impersonation on Exchange 2010 and 2013

Exchange 2010 introduced Role Based Access Control, better known by its acronym RBAC. For a quick introduction to RBAC, see one of my earlier blogs here. There is a management role associated with impersonation, which is ApplicationImpersonation.

To enable a user impersonation rights, create a new assignment for ApplicationImpersonation and assign it to the user:

New-ManagementRoleAssignment –Name 'AIsvcExchangeScripts' –Role ApplicationImpersonation –User svcExchangeScripts

Note that if we want to assign these permissions to a security group, we need to use the SecurityGroup parameter instead of User, specifying the group name.

Now be careful, when used like this you will have granted that user or group permission to impersonate all users in your Exchange organization. Here is where RBAC comes into play, or more specific the RBAC feature named management role scopes. With write scopes for example, you can limit the scope of where you can make changes in Active Directory. For more information on management role scopes, see here.

Let  us assume we want to limit the scope to a distribution group named ‘All Employees’, using New-ManagementScope in combination with RecipientRestrictionFilter. Note that when specifying MemberOfGroup in the filter, you need to use the distinguishedName of the group:

New-ManagementScope –Name 'Employee Mailboxes' –RecipientRestrictionFilter { MemberOfGroup –eq 'CN=All Employees,OU=Distribution Groups,OU=NL,DC=contoso,DC=com'} 

We can then apply this scope to the assignment created earlier:

Set-ManagementRoleAssignment –Identity 'AIsvcExchangeScripts' –CustomWriteScope 'Employee Mailboxes'

Impersonation on Exchange Online

Impersonation is available in most Office 365 plans, but currently not in the small business plans.  To configure Impersonation in Exchange Online we need to connect anyway, so we’ll first open a remote PowerShell session to Exchange Online:

$EXO= New-PsSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell -AllowRedirection -Authentication Basic
Import-PsSession $EXO

Provide tenant administrator credentials when prompted. You can then see if you have the ApplicationImpersonation role at your disposal using:

Get-ManagementRole –Identity ApplicationImpersonation

If nothing is returned, you may need to resort to delegate access permissions.

Configuring impersonation is identical to configuring it in Exchange 2013. Nonetheless, some people may be more comfortable using the Exchange Admin Center. If so:

  1. Open up Exchange Admin Center.
  2. Navigate to Permissions > Admin Roles
  3. Now we can’t directly assign a management role through EAC, so assume we’ll create a role group for our application account by clicking New (+).
  4. Enter a name for your role group, e.g. ExchangeMaintenanceScripts.
  5. Add the role ApplicationImpersonation.
  6. Add the accounts which need Impersonation permissions, e.g. svcExchangeScript.
  7. Optionally, you can also select a Write Scope, which you need to create upfront through Exchange Management Shell.
  8. In Exchange on-premises, instead of a Write Scope you will have the option to select a a specific OU instead (scope filter RecipientRoot parameter) .
  9. When done, Save.

 image

 One word of caution: scopes are not automatically updated when objects referenced are relocated or change names. Now, for your own environment you may have this under control through some form of change management process. For Exchange Online however, your tenant might get relocated without notice. Therefor, should impersonation fail, verify any management scopes you may have defined for distinguishedName references, and check if they require updating, e.g.

Set-ManagementScope -Name 'All Employees' -RecipientRestrictionFilter { MemberOfGroup -eq 'CN=All Employees,OU=contoso.onmicrosoft.com,OU=Microsoft Exchange Hosted Organizations,DC=EURPR05A001,DC=prod,DC=outlook,DC=com'}

Final words

Note that many EWS-based scripts or tools do not natively support EWS but make use of the Exchange Web Services Managed API. This installable package consists of support files (e.g. DLL’s) which provide EWS functions to your PowerShell environment. You can download the current version of EWS Managed API here (2.2). You can read more on developing with EWS Managed API here, or you can have a peek at the source of code of one of my EWS scripts or the ones published by Exchange MVP-fellow Glen Scales’ here.

The UC Architects Podcast Ep41

iTunes-Podcast-logo[1]I’m happy to announce the availability of episode 41 of The UC Architects podcast.

This episode is hosted by Steve Goodman, who is joined by Pat Richard, Stale Hansen and Tom Arbuthnot. Editing was done by Andrew Price.

Some of the topics discussed in this episode are:

 

  • Microsoft ordered to hand over overseas email, throwing EU privacy rights in the fire
  • Microsoft’s unified technology event for enterprises
  • Exchange Log Level GUI Powershell Script
  • Lingering entries for long-departed servers retained by Exchange 2013
  • Outlook 2013 cannot connect to Exchange 2013 using MAPI over HTTP when proxy is enabled
    Exchange 2013′s Hybrid Configuration Wizard in SP1 and CU5 is BROKEN!
  • Walking through Exchange 2013′s Hybrid Configuration Wizard steps
  • Microsoft Exec Discusses Plan To Offer Customers Free Office 365 Migration Services
  • Signatures in Office 365
  • BitTitan Data Encryption Released
  • Complete Home Lync Lab
  • Isn’t It Time For Lync To Make Way For Skype?
  • Assign Lync Policies to Lync users based on Active Directory Group membership
  • Change Lync Conferencing Dial-In Number Display Order (GUI)
  • Installing and Configuring Lync 2013 Watcher Node
  • Plantronics-as-a-Service
  • Lync Snom Configuration Manager
  • Lync Phone Edition July 2014 CU
  • Microsoft selects 911Enable for Lync Online Dedicated
  • New Lync PowerShell tool: Lync 2013 Contact Backup and Restore Tool (GUI)
  • Polycom UCS 5.1 for VVX phones
  • Using Lync Like a LyncPro
  • Logitech cc3000e review
  • Lync Users Group
  • UC Birmingham User Group – August 13th @ The Priory Rooms Meeting & Conference Centre
  • Norwegian Lync Day October 14th, 2014

More information on the podcast including references and a link to download the podcast here or you can subscribe to the podcasts using iTunes, Zune or use the RSS feed.

About
The UC Architects is a bi-weekly community podcast by people with a passion for Unified Communications; our main focus is on Exchange, Lync or related subjects.

 

HCW 2013 Subtask CheckPrereqs execution failed

Ex2013 LogoA quick heads-up on the Hybrid Configuration Wizard (HCW) in Exchange 2013, which is broken. The HCW in Exchange 2010 does not have this issue.

The HCW is needed when you want to configure or maintain your Exchange 2013 Hybrid configuration. When checking the prerequisites, the Exchange 2013 HCW may throw the following error message:

Subtask CheckPrereqs execution failed: Check Tenant Prerequisites
Deserialization fails due to one SerializationException: 
Microsoft.Exchange.Compliance.Serialization.Formatters.BlockedTypeException: 
The type to be (de)serialized is not allowed: 
Microsoft.Exchange.Data.Directory.DirectoryBackendType

The issue has been documented in KB2988229. An Interim Update is available, as reported here. The IU is available for Exhange 2013 Service Pack 1 (CU4) and Cumulative Update 5. Unfortunately, the IU is not available publicly, but must be requested through support.

The fix will be incorporated in Exchange 2013 Cumulative Update 6.

If you must, you can use Exchange fellow Steve Goodman’s instructions documented here, which describes the process to manually configure Exchange 2013 Hybrid deployments. Be advised that, as Steve also points out, the Exchange Hybrid deployment support status depends on the ability to run HCW successfully.