Exchange 2013 Server Role Requirements Calculator 6.3

Excel-2013[1]The Exchange 2013 Server Role Requirements Calculator received an update to reflect changed incorporated in Exchange 2013 SP1, such as adjusted guidance to accomodate for MAPI/http and its impact on the CAS role, as well as revised pagefile sizing guidance. The new version number is 6.3.

Changes since version 6.1:

  • Fixed Backup Requirements calculations to include greater than 50 databases.
  • Added additional processor core support.
  • Fixed the number of database volumes calculation when disk count is specified.
  • Fixed the database size calculation for A/P scenarios to match A/A scenario calculations.
  • Fixed the calculator to take into account halving database number per volume in non-site resilient scenarios.
  • Fixed conditional formatting errors on transport configuration settings.
  • Fixed transport sizing to take into account mailbox growth.
  • Updated CAS megacycle calculations to align with SP1 guidance.
  • Revised Dispart.ps1 script to create database mount points consistent with JetStress performance counters.
  • Added Calculator version number to record one field three of CSV export files.

You can download the calculator here. For more information, please consult the release notes and read me

Internal Message Classifications visible in Outlook

Ex2013 LogoMessage classifications were introduced with Exchange 2007 which seems like ages ago now. They are a piece of metadata which you can assign to messages, for example the intended audience or sensitivity of messages. These message can then be treated accordingly by the recipient or you can leverage transport rules functionality and Rights Management Services to act on or protect these messages.

Let’s assume you have created a custom message classification using the following cmdlet:

New-MessageClassification –Name ‘InternalUseOnly’ –DisplayName ‘Internal Use Only’ –SenderDescription ‘This message is for internal use only.’

When you retrieve the list of message classifications using Get-MessageClassifications you will notice three additional classifications:

image

Exchange comes with these message classifications which are used by Exchange internally: ExAttachmentRemoved, ExOrarMail and ExPartnerMail. These should not be used by users, let alone be visible. To make them hidden, the PermissionMenuVisible attribute is set to $false for these classifications. This will make them not show up in Outlook WebApp:image

Now, using classifications in Outlook is less admin-friendly and requires exporting of classification information and configuring Outlook to read these classifications from a file. In short, the process described on TechNet TechNet to use message classifications from Outlook is as follows:

From the Exchange Management Shell, run the Export-OutlookClassification.ps1 script from Exchange scripts folder, e.g.

& ‘C:\Program Files\Microsoft\Exchange Server\v15\Scripts\Export-OutlookClassification.ps1’ | Set-Content ‘C:\OutlookClass.xml’

Next, copy the XML file to a location on the client or networked location which is readable by Users. On the client, make the following registry changes:

[HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Common\Policy]
"AdminClassificationPath"="c:\\Classifications.xml"
"EnableClassifications"=dword:00000001
"TrustClassifications"=dword:00000001

Note: For the purpose of this example the XML is stored as C:\Temp\OutlookClass.xml . Note that “15.0” is for configuring Outlook 2013, replace with 14.0 for Outlook 2010 and 12.0 for Outlook 2007.

Restart Outlook so it will use these settings. When composing a message you will now see the message classification options appear under Options > Permission:

image

Apart from the message classification “Internal Use Only” we created, you will also see that Outlook shows the internal classifications by their display name. That should not be happening.

When you open up the Outlook classifications export file, you will spot that it contains all classifications, including the internal ones:image

So, what you can do now and what the documentation seems to fail to mention, is that after exporting message classifications you may want to remove the internal classifications “Attachment Removed” (ExAttachmentRemoved), “Originator Requested Alternate Recipient Mail” (ExOrarMail) and “Partner Mail” (ExPartnerMail) from the XML export file. Downside is that message with these internal classifications will not display the related description in Outlook, but that should not be an issue and a better option than users being able to select them.

When you have removed the three entries from the XML file and restarted Outlook, the built-in options will no longer be on the permission menu:

image

Exchange 2013 SP1 Transport Agent Fix (updated)

Ex2013 LogoAfter installing Exchange 2013 Service Pack 1, people reported issues with Transport Agents. Symptoms are that the Transport service doesn’t start or stops shortly after starting the service or you can’t install the 3rd party product.

Products experiencing the issue are TrendMicro ScanMail, McAfee Email Security (GroupShield), Symantec Mail Security for Exchange, AVG for Servers, ESET Mail Security for Exchange and CodeTwo Exchange Rules. Products from other vendors may be affected as well.

Microsoft is aware of this issue and has published KB2938053 which has a small Exchange2013-KB2938053-FixIt.zip script to fix the issue.

The cause of the issue lies in XML files containing invalid XML markup in the form of “comments” which prevents .NET from loading the XML files, e.g.

<!-- 15.0.847.30 -------------------------------->

The two files containing the invalid XML markup are:

$Env:Windir\Microsoft.NET\assembly\GAC_MSIL\policy.8.0.Microsoft.Exchange.Data.Common\v4.0_15.0.847.30__31bf3856ad364e35\Microsoft.Exchange.Data.Common.VersionPolicy.cfg
$Env:Windir\Microsoft.NET\assembly\GAC_MSIL\policy.8.0.Microsoft.Exchange.Data.Transport\v4.0_15.0.847.30__31bf3856ad364e35\Microsoft.Exchange.Data.Transport.VersionPolicy.cfg

Be advised that the script supplied in the KB article tries to locate and fix various alternate versions of those files. Something you might want to consider as well when fixing it manually, should you be unable to locate the specific files mentioned above.

After running the script you should be able to start the Transport service or install 3rd party containing transport agents..

Update (3/5): Updated blog after official KB article got published. The issue was also blogged on by fellows Jason Sherry, Paul Cunningham while Tony Redmond has additionanal background details here.

Inbound e-mail not accepted after applying Exchange 2013 SP1

Ex2013 LogoAfter installing Exchange 2013 Service Pack 1 you may notice that inbound e-mail is not accepted and attempts to connect to port 25 will result in a timeout.

The application event log will contain event log entries ID 7012, generated by the MSExchangeFrontEndTransport, mentioning that “The service state for frontend transport is inconsistent. Current state – Inactive. Expected state – Active”:

image

When inspecting the component state from the Exchange Management Shell using:

Get-ServerComponentState <ServerID> -Component FrontendTransport

you will notice that it really is inconsistent, as Exchange will report that the component is active:

image

The quick workaround for this issue at the moment is to restart the Frontend Transport service:

Restart-Service MSExchangeFrontendTransport

After a restart of the service, or system restart if you must, the component state is working fine again and connections are accepted. In addition, the MSExchangeFrontendTransport will generate an event log entry ID 7009, “Retrieved the service state. Host service – FrontendTransport, Service state data – Active.”

Exchange and The UC Architects fellow Paul Cunningham discovered the same issue and blogged about it here.

Exchange 2013 Service Pack 1

Ex2013 LogoThe long awaited Service Pack 1 for Exchange Server 2013 was released today by the Exchange Team (KB2926248). This update raises Exchange 2013 version number to 15.0.847.32.

Service Pack 1 introduces the following changes or enhancements:

  • Support for running Exchange Server 2013 SP1 on Windows Server 2012 R2.
  • Support for Windows Server 2012 R2 Domain Controllers and Windows Server 2012 R2 Forest and Domain Functional Level.
  • MAPI over HTTP.  More information on MAPI over HTTP here. Note that MAPI over HTTP requires Outlook 2013 SP1; you can download Office 2013 SP1 32-bit version here and the 64-bit version here.
  • DLP policy tips for OWA.
  • Add custom document types to DLP using fingerprinting technologies.
  • Cmdlet logging in Exchange Administrative Console.
  • Support for IP-less DAGs (on Windows Server 2012 R2).
  • S/MIME support.
  • Rich-Text editor for OWA.
  • Edge Transport server role.
  • Support for SSL Offloading.

Service Pack 1 includes the following fixes:

  • 2860242 HTML format is lost after saving as an MSG file in Exchange 2013
  • 2900076 Mailbox quota warning message uses an incorrect language in Exchange Server 2013
  • 2910199 “Reply all by IM” chat window displays seven recipients in Outlook Web App
  • 2913999 Meeting request body and instructions are lost in delegate’s auto-forwarded meeting request
  • 2918655 Microsoft.Exchange.Servicehost.exe crashes after you enable FIPS
  • 2918951 Users cannot access public folders after you upgrade to Exchange Server 2013 Cumulative Update 3
  • 2925281 Outlook connectivity issue if SSLOffloading is “True” in Exchange 2013
  • 2925544 Empty ExternalURL value for ActiveSync virtual directory after build-to-build upgrade of Exchange Server 2013
  • 2927708 Resource mailboxes that are created by EAC will not be updated by policies in Exchange Server 2013
  • 2928748 Default from delegate’s address in shared mailboxes in Exchange Server 2013
  • 2928803 Long server connection for Outlook after a database failover in Exchange Server 2013
  • 2930346 POP3 access does not work if the name of the resource mailbox differs from the user’s name
  • 2930348 Manual redirection occurs in Outlook Web App if External URLs in each site are the same
  • 2930352 Outlook Web App cross-site silent redirection does not work in Exchange Server 2013

Cumulative Updates and Service Packs includes schema and AD changes, so make sure you run PrepareSchema /PrepareAD. After updating, the schema version will be 15292.

Note that Service Packs and Cumulative Updates can be installed directly, i.e. no need to install RTM prior to Cumulative Updates or Service Packs. Note that once applied, you can’t uninstall a Cumulative Update or Service Pack nor any of the installed Exchange server roles. The order of upgrading servers is irrelevant, unlike with previous Exchange generations.

Finally, and I can’t emphasize this enough: For any Hotfix, Rollup, Service Pack or Cumulative Update, I’d recommend to thoroughly test this in a test and acceptance environment first, prior to implementing it in production. When you lack such facilities, hold out a week or two and monitor the comments on the release article or TechNet forum for any issues.

Also check with any 3rd party products you may use – there are reports of compatibility issues with 3rd party transport agents by Exclaimer, Trendmicro (other AV solutions possibly as well) and CodeTwo. The cause of the Transport service failing to start or problems with installing 3rd party transport agents has been identified. A workaround can be found here.

You can download Exchange 2013 Service Pack 1 here. The Exchange 2013 SP1 UM Language Packs can be found here. More details about these changes, preparing Active Directory or installing this Cumulative Update can be found in the original announcement here.

So long RPC/HTTP, Hello MAPI/HTTP

Ex2013 LogoMicrosoft published three sessions from the Redmond Interoperability Protocols Plugfest 2013 on Channel 9 on the protocol MAPI over HTTP or MAPI/HTTP which looks scheduled to arrive with Exchange 2013 Service Pack 1.

This protocol is set to (over time!) replace the RPC/HTTP protocol we all know. RPC/HTTP, or Outlook Anywhere, is used by Outlook to communicate with Exchange Server and is most often seen with clients working remotely. With Exchange Server 2013, support for MAPI was dropped and RPC/HTTP became the only protocol. With Exchange 2013 SP1 it seems we will receive an alternative which is set to replace RPC/HTTTP, MAPI/HTTP.

Of course, the information is preliminary and subject to change as Exchange 2013 SP1 hasn’t been released yet, but it won’t harm to get familiar with the planned changes. It also remains to be seen how quick organizations will adopt this new protocol, which I’m pretty sure we will soon see getting supported by Office 365.

MapiHttp in Exchange 2013 SP1
Joe Warren, Principal SDE at Microsoft delivering a presentation covering the Exchange 2013 MapiHttp protocol implementation in Exchange 2013 SP1. Topics: What is MAPI-HTTP?, Why do MAPI-HTTP?, Goal of MAPI-HTTP, Why not rebuild with EWS?, Existing RPC-HTTP, New MAPI-HTTP, What does a MAPI-HTTP request look like?, What does a MAPI-HTTP response look like?, Session Context, Request Types, Sequencing & Protocol Failures. Click here.

Outlook 2013 Client Protocols
Shri Vidhya Alagesan, SDE at Microsoft presenting on Outlook 2013 Client Protocols from a client’s perspective. Topics: Client side view of Outlook-Exchange MAPI-HTTP protocol using WinHTTP, Error Handling & RPC Vs. MAPI-HTTP with sub-topics of Architecture Overview, Outlook & WinHttp, Cookies, Connection Status Dialog, Timeout, Pause/Resume & Protocol Switching. Click here.

Exchange 2013 Protocols
Andrew Davidoff, Senior Software Developer Engineer in Test at Microsoft presenting on the Exchange 2013 protocol families and important protocol updates for Exchange 2013. Click here.

Apart from these sessions on protocol change announced for Exchange Server 2013 SP1, Microsoft also published some other interesting Exchange-related sessions:

Exchange 2013 Web Services Overview
Harvey Rook, Principal Development Lead, and Naveen Chand, Senior Program Manager Lead, deliver a presentation on Exchange Web Services best practices. Click here.

Exchange RPC and EWS Protocol Test Suites
Jigar Mehta, Software Development Engineer in Test provides an in depth overview of the test suite packages for the Exchange RPC and Exchange Web Services protocols. Click here.

Cmdlet Extension Agents & XML Case Sensitivity

Ex2013 LogoOccasionally, I get requests to come to the aid of a fellow IT professional (I seldomly get requests to come to the aid of fair maidens. Oh, well). This weekend I responded to one of those distress calls by someone who couldn’t get his Cmdlet Extension Agent to work. This post is a quick heads-up for the collective memory of IT Professionals as it took me quiet a bit of screen staring to spot the issue.

For those unfamiliar with Cmdlet Extension Agents, they are modules which allow you to enhance or customize the behavior of cmdlets in Exchange. For example, the built-in Mailbox Resources Management agent is responsible for picking the database when creating new mailboxes when a database hasn’t been specified. By means of the Script Agent and an XML file named ScriptingAgentConfig.xml containing PowerShell code fragments, you can enhance and tailor Exchange cmdlets to your own needs. For those interested in Cmdlet Extension Agents, I did two earlier articles on Cmdlet Extension Agents, here and here.

The code provided was a simple agent to enhance New-Mailbox with enabling SingleItemRecovery after the mailbox was created:

<?xml version="1.0" encoding="utf-8" ?>
<Configuration version="1.0">    
        <Feature Name="Mailbox Provisioning" cmdlets="new-mailbox">
         <ApiCall Name="OnComplete">
             if($succeeded) {
                $newmailbox = $provisioningHandler.UserSpecifiedParameters["Name"]
                set-mailbox $newmailbox -SingleItemRecoveryEnabled $true
                }
        </ApiCall>
        </Feature>
</Configuration>

The Scripting Agent was enabled using Enable-CmdletExtensionAgent. Yet, for some reason after creating a new mailbox, SingleItemRecoveryEnabled wasn’t enabled. Running New-Mailbox in Verbose mode showed that the Scripting Agent did not come into play:

Capture1Now know that debugging and troubleshooting Cmdlet Extension Agents can be an unpleasant task since you put PowerShell code in XML files and there is no way to easily perform simple tests except running the Cmdlet you’re customizing or developing script fragments in an external PowerShell script and copy/paste it in the Scripting Agent XML file when you think it’s ready for and want to perform some final tests.

I didn’t immediately spot it, so to see if the problem was actually in the XML I picked the example of my 2nd article on Cmdlet Extension Agents and I compared it with the non-working XML using WinMerge (which by the way is an excellent tool to compare code or plain texts):

WinMergeIt took some time to discover why the Scripting Agent wouldn’t pick up the XML and it can be easily overlooked. The culprit in underlined in red: the C of the Cmdlets attribute in the Feature tag should be uppercase. Doh! This case sensitivity is perhaps not a primary suspect by Windows folks, as mostly we don’t have to worry about it and things “just work”, but in the case of XML it is essential. The XML standard prescribes that element names (<Feature> .. </Feature>) and attribute names (<Feature Cmdlets=..>) are case-sensitive entitling the Scripting Agent to be strict.

Can’t Create Mailboxes in Remote Sites

Ex2013 LogoRecently I got an e-mail from someone who had problems creating mailboxes in a new environment. When trying to create a mailbox, he received a following message stating, “Load balancing failed to find a valid mailbox database.” Apparently, the Mailbox Resources Management Agent (a Cmdlet Extension Agent) could not find an eligible mailbox database candidate.

image

The MRMA uses the following selection process when picking a candidate for mailbox creation or moving:

  1. Create a list of all mailbox databases;
  2. Remove databases marked for exclusion;
  3. Remove databases out of the management scope;
  4. Remove databases from remote (AD) sites;
  5. Pick a random online, healthy database from the list.

This person had a DAG, two mailbox databases (MDB1, MDB2) and two sites (AMS and LON).

We first checked the more or less obvious, which is to see if databases are not excluded from the provisioning process, so we entered Get-MailboxDatabase | fl *FromProvisioning:

image

Databases seemed enabled for provisioning. We then checked the status of the active database copies:

image

The copies looked healthy, but we noticed all databases were mounted in a remote site (derived from the server name starting with LON; we’re working from AMS). Looking back at the database selection process, it explained why it probably didn’t work and since the active copies should be moved back to the preferred site AMS anyway we moved the active copies back:

image

After moving the active database copies back to the location where we were performing our cmdlets from solved things.

Note that we could have discovered the issue using the Verbose parameter with the cmdlet. For example, New-Mailbox in conjunction with Verbose will show the selection process. The following screenshot shows an unsuccessful selection process considering available databases:

image

This screenshot shows a successful selection process.

image

More information on automatic mailbox distribution and controlling its behavior here.

Exchange ESE Performance: 2010 versus 2013

Ex2013 LogoNote: I finished this article after having the draft ready for some time. It describes a simple storage performance test I did some time ago when I had some spare time and a few SSD disks to spare – a seldom circumstance. Despite Exchange 2013 CU3 and Windows Server Server 2012 R2 now available, I choose not to redo the tests with current versions as WS2012 R2 is more similar to WS2012 than WS 2012 is to WS2008R2 and also due to current time and resource constraints. Therefor, the information collected at the time is used as-is. Also, be sure to check the disclaimer at the end of the article.

After the release of Exchange 2013, the claim was that the new Exchange extensible storage engine (ESE), when compared to Exchange 2010 ESE, would require 50% less IOPS. I wanted to get in indication if there was any truth to that claim utilizing my humble lab setup, consisting of HP’s entry level ML110 G6 servers (x3430, 16GB). Using spare SSD’s as storage, that should provide sufficient IOPS thus not becoming a bottleneck, I ran JetStress 2010 and JetStress 2013 to see if there were any significant differences in the results. As at that time Windows Server 2012 also became available, I ran both versions of JetStress on Windows Server 2008 R2 as well as on Windows Server 2012.

For those unfamiliar with JetStress, it is the tool to verify the performance and stability of Exchange storage solutions and is normally used prior to putting an Exchange server into production when validate the storage solution against required performance criteria. It does this by simulating Exchange I/O patterns for a specified number of users and profiles or you can test the storage throughput in general.

The following parameters were used to perform JetStress tests:

Mode Test Disk Subsystem Throughput
Thread Count 8 (fixed)
Min/Max DB Cache 32 MB / 256 MB
Ins / Del / Repl / Read % 40/20/5/35
Lazy Commits 70%
Run Background DB Maintenance True
Databases 1 x 100 GB DB, 3 Copies

I used a fixed number of threads to rule out differences in JetStress’ auto tuning components and level the 2010 and 2013 playing fields. Also, in JetStress 2013 the thread count is global where in JetStress 2010 it was a per database setting. Since we’re using a single database, this shouldn’t have any impact. The database and logs were storage on a single LUN, using a a dedicated directly attached SSDs with an aligned NTFS partition and 64k cluster size.

The results of the JetStress 2010/2013 tests on Windows Server 2008 R2 / 2012 are contained in the table below (I/O is Total I/O as Database and Logs were put on the same volume). All significant (10%+) deviations are marked in bold.

JetStress Version 14.2.225.17
(2010)
15.0.658.4
(2013)
14.2.225.17
(2010)
15.0.658.4
(2013)
ESE.DLL 14.3.123.2
(Exchange 2010 SP3)
15.0.620.0
(Exchange 2013 CU1)
14.3.123.2
(Exchange 2010 SP3)
15.0.620.0
(Exchange 2013 CU1)
Operating System 6.1.7600
(WS2008R2)
6.1.7600
(WS2008R2)
6.2.9200.0
(WS2012)
6.2.9200.0
(WS2012)
Overall Test Result Passed Passed Passed Passed
Achieved Transactional IOPS 773,71 899,72 777,34 865,84
Database Reads Average Latency (msec) 16,86 11,78 16,06 11,47
Database Writes Average Latency (msec) 4,54 3,70 4,32 3,32
Database Reads/sec 397,82 506,96 396,41 490,70
Database Writes/sec 392,75 398,87 398,76 381,34
Database Reads Average Bytes 42.681,78 35.649,30 43.127,88 35.753,71
Database Writes Average Bytes 35.404,62 35.312,04 34.894,94 35.520,67
Log Reads Average Latency (msec) 12,17 9,34 10,29 8,35
Log Writes Average Latency (msec) 0,68 0,57 0,63 0,50
Log Reads/sec 8,97 9,03 8,36 8,84
Log Writes/sec 171,72 172,59 172,94 173,15
Log Reads Average Bytes 232.562,93 232.566,98 232.565,23 232.565,17
Log Writes Average Bytes 6.305,28 8.381,35 5.845,82 8.269,47
Avg. % Processor Time 3,65 2,83 3,70 2,77
JetStress Report Link Link Link Link

Some interesting observations:

  • Though I didn’t see a 50% IOPS reduction, which could be related to my setup, Exchange 2013 generates significant less IOPS;
  • Exchange 2013 shows significant lower average DB+Log latencies for read and write operations;
  • Exchange 2013 on WS2012 gives slightly worse IO performance but offers lower DB+Log latencies for read and write operations;
  • Exchange 2013 shows a higher DB read read (DB Reads/sec) reading smaller chunks of data (DB Reads Avg. Bytes);
  • Stressing the disk subsystem in Windows Server 2012 results in a lower CPU utilization.

Finally, a short disclaimer: This test was only performed to get an indication of differences in storage performance of Exchange Server 2010 SP3 and Exchange Server 2013 CU1 on Windows Server 2008 R2 and Windows Server 2012 when utilizing identical hardware. The JetStress results are purely indicative and not meant to provide guidance or proof related to disk subsystem performance in any form with regards to Exchange Server 2010 versus Exchange Server 2013 on Windows Server 2008 R2 and Windows Server 2012. Your mileage may – and will – vary.

You can download the JetStress tool here to test your storage solution; monitor my toolkit page for any updates. The JetStress 2013 Field Guide can be found here.

MS13-105: Security Fix & Rollup Fest for Exchange 2007/2010/2013

Ex2013 LogoToday the Exchange Team released security fixes for the issue described in bulletin MS13-105. Fixes have been released for the following product levels:

Note that depending on the release scheme fixes are either made available through a Rollup or as security fix; the Rollups only address the vulnerabilities mentioned in security bulletin.

Note that this Rollup or security fix replaces MS13-061 – you can install MS13-105 over installations containing MS13-061 (no need to uninstall it first).