Monthly Archives: August 2010

Exchange ActiveSync and Hotmail

Posted on by
Reply

As of Monday, it is possible to synchronise your Hotmail account, i.e. e-mail, calendar and contacts, with your mobile using Exchange ActiveSync (EAS).

To synchronise your mobile with Hotmail, use the following settings:

Server m.hotmail.com
Username E-mail address, e.g. jandvries@hotmail.com
Password *****
Domain Leave blank
SSL Enabled

When asked, choose to accept the SSL certificate.

Synchronisation currently works for Windows Mobile 6.x, Windows Phone 7, iPhone, iPod Touch, iPad and Nokia E/S/N-Series with Mail for Exchange.

RBAC Overview Sheet 1.2

Posted on by
3

I’ve updated the Role Based Access Control (RBAC) Overview sheet with information of Exchange 2010 SP1. You can download version 1.2 of the RBAC Overview sheet from here.

The sheet contains information on the default RBAC configuration of Exchange 2010 RTM and Exchange 2010 SP1 and a list of differences found between the two setups.

For information on how to use the sheet, consult the post on the initial release here.

For those interested, there were 39 changes introduced in Exchange SP1 Final compared to SP1 Beta. Below are the differences. A “-” means an RBAC entry is removed in SP1 Final, a “+” means it was added:

- Discovery Management,Legal Hold,Enable-Mailbox
+ Discovery Management,Mailbox Search,Get-MailboxExportRequest
+ Discovery Management,Mailbox Search,Get-MailboxExportRequestStatistics
+ Discovery Management,Mailbox Search,New-MailboxExportRequest
+ Discovery Management,Mailbox Search,Remove-MailboxExportRequest
+ Discovery Management,Mailbox Search,Set-MailboxExportRequest
+ Discovery Management,Mailbox Search,Suspend-MailboxExportRequest
- Organization Management,Exchange Virtual Directories,New-PowerShellVirtualDirectory
- Organization Management,Exchange Virtual Directories,Remove-PowerShellVirtualDirectory
- Organization Management,Exchange Virtual Directories,New-PowerShellVirtualDirectory
- Organization Management,Exchange Virtual Directories,Remove-PowerShellVirtualDirectory
- Organization Management,Legal Hold,Enable-Mailbox
- Organization Management,Legal Hold,Enable-Mailbox
- Organization Management,Mailbox Import Export,Export-Mailbox
- Organization Management,Mailbox Import Export,Import-Mailbox
+ Organization Management,Mailbox Search,Get-MailboxExportRequest
+ Organization Management,Mailbox Search,Get-MailboxExportRequestStatistics
+ Organization Management,Mailbox Search,New-MailboxExportRequest
+ Organization Management,Mailbox Search,Remove-MailboxExportRequest
+ Organization Management,Mailbox Search,Set-MailboxExportRequest
+ Organization Management,Mailbox Search,Suspend-MailboxExportRequest
+ Organization Management,Message Tracking,Resume-MailboxExportRequest
+ Organization Management,Message Tracking,Resume-MailboxExportRequest
+ Organization Management,Monitoring,Test-AssistantHealth
+ Organization Management,Monitoring,Test-SmtpConnectivity
+ Organization Management,Monitoring,Test-AssistantHealth
+ Organization Management,Monitoring,Test-SmtpConnectivity
+ Organization Management,View-Only Audit Logs,New-AdminAuditLogSearch
+ Organization Management,View-Only Audit Logs,New-MailboxAuditLogSearch
+ Organization Management,View-Only Audit Logs,New-AdminAuditLogSearch
+ Organization Management,View-Only Audit Logs,New-MailboxAuditLogSearch
+ Recipient Management,Message Tracking,Resume-MailboxExportRequest
+ Records Management,Message Tracking,Resume-MailboxExportRequest
- Server Management,Exchange Virtual Directories,New-PowerShellVirtualDirectory
- Server Management,Exchange Virtual Directories,Remove-PowerShellVirtualDirectory
+ Server Management,Monitoring,Test-AssistantHealth
+ Server Management,Monitoring,Test-SmtpConnectivity
+ View-Only Organization Management,Monitoring,Test-AssistantHealth
+ View-Only Organization Management,Monitoring,Test-SmtpConnectivity

Besides RBAC information, you may also find this list and the Overview Sheet useful for spotting new cmdlets and changes in functionality.

DAC: Datacenter Activation Coordination Mode (Part 2)

Posted on by
3

Part 1: Active Manager, Activate!
Part 3: DAC and Exchange 2010 SP1

In an earlier article I elaborated on Exchange 2010’s Active Manager, what role it plays in the Database Availability Groups concept and how this role is played. In this article I want to discuss the Datacenter Activation Coordination (DAC) mode, what it is, when to use it and when not.

Note that the following information is based on Exchange 2010 RTM behavior. A separate Exchange 2010 SP1 follow-up will be posted describing changes found in Exchange 2010 SP1.

To understand the requirement for Datacenter Activation Coordination, imagine an organization running Exchange 2010. For the purpose of high availability and resilience they have implemented a DAG running on four Mailbox Servers, stretched over 2 sites running in separate data centers, as depicted in the following diagram:

Types of Failure
Before digging into Datacenter Coordination Mode, I first want to name certain types of failures. This is important, because DAC’s goal is to address situations caused by a certain type of failure. You should distinguish between the following types of failure:

  • Singe Server Failure – A single server fails. The server needs recovery (availability, fail over automatic);
  • Multiple Server Failure – Multiple servers fail. Each server needs recovery (availability, automatic);
  • Site Failure – All components in a site (datacenter) fail. Site recovery needs to be initiated (resilience, manual).

What you need to remember of this list is that each type of failure is different, from the level of impact to the actions required for recovery.

Quorum
With an odd number of DAG members, the Node Majority Set (NMS) model is used, which means a number of (n/2)+1 voters (DAG members) is required to obtain quorum, rounded downward when it’s not a whole number. Obtaining quorum is important because that determines which Active Manager gets promoted to PAM and the PAM can give the green light to activate databases.

With an even number of DAG members, the Node and File Share Majority Set (NMS+FSW) model is used. This means an additional voter is introduced in the form of a File Share Witness (FSW) located on a so called Witness Server. This File Share Witness is used for quorum arbitration. Regarding the location of this File Share Witness, best practice is to put it on a Hub Transport server in the same site as the primary mailbox servers. When combining roles, e.g. Mailbox + Hub Transport, put the FSW on another (preferably e-mail related) server.

So, given this information and knowing how quorum is obtained, we can construct the following table regarding quorum voting. As we can see, when using 4 nodes as in our example scenario, we require a File Share Witness and a minimum of 3 voters to obtain quorum.

DAG members Model Voters Required

2

NMS+FSW

2

3

NMS

2

4

NMS+FSW

3

5

NMS

3

10

NMS+FSW

6

15

NMS

8

Site Resilience
Consider our example with the primary datacenter failing. Damage is substantial and recovery takes a significant amount of time and you decide to fall back on the secondary datacenter (site resilience). That would at least require reconfiguring the DAG, because the remaining DAG members can’t obtain quorum on their own since they form a minority.

So you remove the failed primary datacenter components from the DAG, force quorum for the secondary datacenter and reconfigure cluster mode or Witness Server (depending on the number of remaining DAG members). After reconfiguring, the remaining DAG members can obtain quorum because they can now form a majority. And, because the DAG members in de secondary datacenter can obtain quorum, the Active Manager on the quorum owner becomes Primary Active Manager and the process of best copy selection, attempt copy last logs and activation starts.

Split Brain Syndrome
Consider your secondary datacenter is up and running and you start recovering the primary datacenter. You recover the server hosting the File Share Witness and both servers; network connection is still down. A problem may arise, because the two recovered servers together with the File Share Witness form a majority according to their knowledge. So, because they have quorum they are free to mount databases resulting in divergence from the secondary datacenter, the current state.

This situation is called split brain syndrome, because both DAG members in each datacenter can’t communicate with DAG members in the other datacenter. Both groups of DAG members may determine they have a majority. Split brain syndrome can also occur because of network or power outages, depending on the configuration and how the failure manifests.

Datacenter Activation Coordination
To prevent these situations, Exchange has a special DAG mode called Datacenter Activation Coordination mode. DAC adds an additional requirement for DAG members during startup, being the ability to communicate with all known DAG members or contact a DAG member which states it’s OK to mount databases.

In order to achieve this, a protocol was devised called Datacenter Activation Coordination Protocol (DACP). The way this protocol works is shown in the following diagram:

  1. During startup of a DAG member, the local Active Manager determines if the DAG is running in DAC mode or not;
  2. If running in DAC mode, an in-memory DACP flag is set to 0. This tells Active Manager not to mount its databases;
  3. If the DACP flag is set to 0, Active Manager queries the DACP flags of all other DAG members it has knowledge of. If one of those DAG members responds with 1, the local Active Manager sets the local DACP flag to 1 as well;
  4. If the Active Manager determines it can communicate with all DAG members it has knowledge of it sets the local DACP flag to 1;
  5. If the DACP flag is set to 1, Active Manager may mount its databases.

Note:

So, assume we enabled DAC for our example configuration and we recover the servers in the primary datacenter with the network connection still down. Those servers are still under the assumption that the FSW is located in the primary datacenter so – according to knowledge of the original configuration – they have majority. When starting up, their DACP flag is set to 0. However, they can’t reach a DAG member with a DACP flag set to 1 nor can they contact all DAG members they know about. Therefore, the DAG members in the primary site will not mount any databases, not causing split brain syndrome nor divergence.

If the recovered servers in the primary datacenter come online and the network is already up, the nodes will also not mount their databases because part of the procedure for switching datacenters is removing the primary datacenter DAG members from the DAG configuration. So, the DAG members in the primary datacenter contain invalid information and will be denied by the DAG members in the secondary datacenter.

Implementing DAC
Datacenter Activation Mode is disabled by default. To enable DAC, use the Set-DatabaseAvailabilityGroup cmdlet using the DataCenterActivationMode parameter, e.g.

Set-DatabaseAvailabilityGroup –Identity <DAGID> –DatacenterActivationMode DagOnly

Note that DagOnly and Off are the only options for the DatacenterActivationMode parameter.

Monitoring

If you’ve configured the DAG for DAC mode, and LogLevel is sufficient, you can monitor the DAG startup process using the EventLog. The Active Manager holding quorum check status every 10 seconds. It is responsible for keeping track of the status of the other DAG members. When sufficient DAC members are registered online, it will promote itself to PAM (like in non-DAC mode), which functions as the “green light” for the other Active Managers.

The Active Manager on the other DAG members will periodically check if consensus has been reached:

If the Active Manager holding quorum has promoted itself to PAM, the Active Manager on the other nodes will become SAM. After this the activation and mounting procedure will start.

Limitations
Unfortunately, it’s not an all good news show. DAC mode in Exchange 2010 RTM can only be enabled when using a DAG with 3 or more DAG members distributed over at least 2 Active Directory sites. This means DAC can’t be used in situations where you have 2 DAG members or when all DAG members are located in the same site. This makes sense for the following reasons:

  • In Exchange 2010 RTM, DAC only looks at the DACP flag querying DAG members. The FSW plays no part in it;
  • DAC is meant to prevent split brain syndrome which normally only can occur between multiple sites.

When you try to enable DAC using a 2 DAG member configuration, you’ll encounter the following message:

Database Availability Group <DAGID> cannot be set into datacenter activation mode, since it contains fewer than three mailbox servers.

When you try to enable DAC using a single site, the following error message will show up:

Database availability group <DAGID> cannot be set into datacenter activation mode, since datacenter activation mode requires servers to be in two or more sites.

Note that this message will also show up if you didn’t define sites in Active Directory Sites and Services at all, so make sure you define them properly.

But there is also good news: Exchange 2010 SP1 supports all DAG configurations. I’ll discuss this and other changes in Exchange 2010 SP1 DAC mode in a follow up article.

Additional reading
More information on Datacenter switchovers and the procedure to activate a second datacenter using DAGs in non-DAC as well as DAC mode can be read in this TechNet article. Make sure you compare the actions to perform for DAC and non-DAC setups and see that DAC makes life of the administrator much easier and the procedure less prone to error.

Exchange 2010 Endpoint Mapper Issue & Firewall

Posted on by
17

While upgrading one of my existing Exchange 2010 lab machines from RTM to SP1, I encountered the following error message during the upgrade:

Error:
The following error was generated when "$error.Clear();
          if (!(get-service MSExchangeADTopology* | where {$_.name -eq "MSExchangeADTopology"}))
          {
            install-ADTopologyService
          }
        " was run: "There are no more endpoints available from the endpoint mapper. (Exception from HRESULT: 0x800706D9)".
There are no more endpoints available from the endpoint mapper. (Exception from HRESULT: 0x800706D9)

The message appeared at the stage of upgrading the Unified Messaging components. I had a look at the ExchangeSetup.log file and it contained the the following information:

[08/27/2010 10:08:13.0948] [2] Beginning processing install-UMService
[08/27/2010 10:08:14.0011] [2] [WARNING] An unexpected error has occurred and a Watson dump is being generated: There are no more endpoints available from the endpoint mapper. (Exception from HRESULT: 0x800706D9)
[08/27/2010 10:08:14.0027] [2] [ERROR] There are no more endpoints available from the endpoint mapper. (Exception from HRESULT: 0x800706D9)
[08/27/2010 10:08:15.0823] [1] The following 1 error(s) occurred during task execution:
[08/27/2010 10:08:15.0823] [1] 0.  ErrorRecord: There are no more endpoints available from the endpoint mapper. (Exception from HRESULT: 0x800706D9)
[08/27/2010 10:08:15.0823] [1] 0.  ErrorRecord: System.Runtime.InteropServices.COMException (0x800706D9): There are no more endpoints available from the endpoint mapper. (Exception from HRESULT: 0x800706D9)
at Interop.NetFw.INetFwRules.Add(NetFwRule rule)
at Microsoft.Exchange.Security.WindowsFirewall.ExchangeFirewallRule.Add()
at Microsoft.Exchange.Configuration.Tasks.ManageService.Install()
at Microsoft.Exchange.Management.Tasks.UM.InstallUMService.InternalProcessRecord()
at Microsoft.Exchange.Configuration.Tasks.Task.ProcessRecord()
at System.Management.Automation.CommandProcessor.ProcessRecord()

It seems the error is caused while trying to add a firewall rule, indicated by Interop.NetFw.INetFwRules.Add (INetFwRules is the rules collection of the built-in Windows Firewall).

I had a quick check with the firewall settings on the machine and it turned out the Windows Firewall was disabled. I figured that perhaps adding the rules failed because setup couldn’t communicate with the firewall service.

I enabled the Windows Firewall and this time the upgrade process went fine:

[08/27/2010 10:23:10.0988] [2] Beginning processing install-UMService
[08/27/2010 10:23:11.0145] [2] Ending processing install-UMService

 

Exchange 2010 SP1 Schema Version

Posted on by
Reply

For planning and validation purposes, Exchange 2010 SP1 preparation of the forest and domain results in the following:

  • rangeUpper property of CN=ms-Exch-Schema-Version-Pt,cn=schema,cn=configuration,<Forest DN> is set to 14726;
  • objectVersion property of cn=<ExOrg>,cn=Microsoft Exchange,cn=Services,cn=Configuration,<Forest DN> is set to 13214;
  • objectVersion property in the Microsoft Exchange System Objects container of <Domain NC> is set to 13040.

The Exchange Schema Versions page has been updated with this information.

With SP1 RTM the issue with Exchange 2007 SP3 and Exchange 2010 SP1 Beta is a thing of the past, since Exchange 2010 SP1’s version (14726) is greater than Exchange 2007 SP3’s version (14625).

Exchange 2010 SP1 RTM

Posted on by
7

Exchange Server 2010 Service Pack 1 (SP1) has been released raising the Exchange version number to 14.1.218.15. You can download Exchange 2010 SP1 here.

For those still unaware, the 500Mb+ file (1,3 GB extracted) contains the full set of binaries; you can use it to upgrade existing RTM installations but can also deploy new Exchange 2010 SP1 installations.

Prior to upgrading or installing, be sure to check out the Release Notes, especially the list of required hotfixes and components:

Component Windows Server 2008 SP2 Windows Server 2008 R2
AD RMS KB977624 KB979099
.NET Framework 2.0 KB979744
 KB973136		 KB979744
.NET Framework 3.5 KB982867
ASP.NET 2.0 KB983440
KB979917		 KB983440

KB977020 (CAS)
RPC KB977592
UCMA (UM) Speech Platform Runtime

UCMA Runtime 2.0

 UCMA Runtime 2.0
Content Filtering

(Hub, Mbx)

 Office 2010 Filter Pack Office 2010 Filter Pack

Note that you cannot upgrade Exchange 2010 SP1 Beta installations, you need to uninstall the Beta first.

When comparing the What’s New and Discontinued Features of SP1 Beta with SP1 RTM you’ll notice some small differences; luckily, most major changes are still in the final product. For completeness I’ve included the full list of changes. A (+) means a new item in SP1 RTM compared to SP1 Beta, (-) means it was dropped:

Deployment
During an Exchange 2010 SP1 installation, you can now select a new option to install the required Windows roles and features for each selected Exchange 2010 SP1 server role.

Client Access Server Role Improvements
The improvements and new features in the Client Access server role fall under several key areas: Federation certificates, Exchange ActiveSync, SMS Sync, Integrated Rights Management, Microsoft Office Outlook Web App, and virtual directories. Each area is described in more detail in the following sections.

Federation Certificates
In Exchange 2010 SP1, you can use a self-signed certificate instead of a certificate issued by a Certificate Authority to establish a federation trust with the Microsoft Federation Gateway. A self-signed certificate is automatically created and installed on Exchange servers in your organization when you use the New Federation Trust wizard in the Exchange Management Console.

Exchange ActiveSync
In Exchange 2010 SP1, you can manage Exchange ActiveSync devices using the Exchange Control Panel (ECP). Administrators can perform the following tasks:

  • Manage the default access level for all mobile phones and devices.
  • Set up e-mail alerts when a mobile phone or device is quarantined.
  • Personalize the message that users receive when their mobile phone or device is either recognized or quarantined.
  • Provide a list of quarantined mobile phones or devices.
  • Create and manage Exchange ActiveSync device access rules.
  • Allow or block a specific mobile phone or device for a specific user.

For every user, the administrator can perform the following tasks from the user’s property pages:

  • List the mobile phones or devices for a specific user.
  • Initiate remote wipes on mobile phones or devices.
  • Remove old mobile phone or device partnerships.
  • Create a rule for all users of a specific mobile phone or device or mobile phone type.
  • Allow or block a specific mobile phone or device for the specific user.

SMS Sync
SMS Sync is a new feature in Exchange ActiveSync that works with Windows Mobile 6.1 with the Outlook Mobile Update and with Windows Mobile 6.5. SMS Sync is the ability to synchronize messages between a mobile phone or device and an Exchange 2010 Inbox. When synchronizing a Windows Mobile phone with an Exchange 2010 mailbox, users can choose to synchronize their text messages in addition to their Inbox, Calendar, Contacts, Tasks, and Notes. When synchronizing text messages, users will be able to send and receive text messages from their Inbox. This feature is dependent on the user’s mobile phones or devices supporting this feature.

Server-Side Information Rights Management Support
Exchange ActiveSync mailbox policies now contain support for Information Rights Management (IRM) functionality. Information Rights Management is enabled when creating a new Exchange ActiveSync mailbox policy. This new functionality allows non-Windows Mobile devices to receive and view protected e-mails. When the IRMEnabled property is configured on the Exchange ActiveSync mailbox policy and IRM is enabled for Client Access Servers, the protected e-mail will be decrypted on the server before it is downloaded to the mobile phone or device. The downloaded e-mail will be downloaded with additional properties that indicate the restrictions sent with the original e-mail. Protected messages will only be decrypted and downloaded if the mobile phone or device connects to the Client Access server using Secure Sockets Layer (SSL).

Outlook Web App Improvements
The following is a list of the new Outlook Web App functionality in Exchange 2010 SP1:

  • Improved management of the relationship between Office Communications Server and Outlook Web App. Configuration is stored in Active Directory instead of a web.config file and can be managed via cmdlet.
  • Twenty-seven themes are available, and they have new administrative options:
    • Set default theme with the DefaultTheme parameter by using either the Set-OwaMailboxPolicy or the Set-OwaVirtualDirectory cmdlet.
    • Create custom themes by modifying existing themes.
    • Control the order themes are listed in Outlook Web App.
  • By default, attachment types that are marked as Force Save will be excluded from security checks for XML or HTML. You can change this behavior by setting the ForceSaveAttachmentFilteringEnabled parameter to $true by using either the Set-OwaMailboxPolicy or the Set-OwaVirtualDirectory cmdlet.

Reset Virtual Directory
In Exchange 2010 SP1, you can use the new Reset Client Access Virtual Directory wizard to reset one or more Client Access server virtual directories. The new wizard makes it easier to reset a Client Access server virtual directory. One reason that you might want to reset a Client Access server virtual directory is to resolve an issue related to a damaged file on a virtual directory. In addition to resetting virtual directories, the wizard creates a log file that includes the settings for each virtual directory that you choose to reset.

Client Throttling Policies (+)

You can use client throttling policies to help you manage performance of your Client Access servers. Consider the following changes as you use client throttling policies to manage performance when running Exchange 2010 SP1.

  • In Exchange 2010 RTM, only the policies to limit the number of concurrent client connections were enabled by default. In Exchange 2010 SP1, all client throttling policies are enabled by default.
  • In Exchange 2010 RTM, when the thresholds defined on a latency-based client throttling policy parameter such as EWSPercentTimeInCAS were exceeded, Exchange would cause the transactions and connections to fail. In Exchange 2010 SP1, exceeding the thresholds defined on a latency-based throttling policy parameter will not cause a failure. Instead, Exchange will delay transactions and connections until the transaction rate is within the policy limits. Such transaction and connection delays will usually not be apparent to end users. Client throttling policy parameters with a hard quota limits such as EWSMaxSubscriptions will cause a failure when exceeded. As an administrator, you can monitor the impact of your performance policies and make adjustments as needed.
  • Two new cmdlets, Get-ThrottlingPolicyAssociation and Set-ThrottlingPolicyAssociation, help you manage and apply client throttling polices to specific objects.

Improvements in Transport
The following is a list of new Transport functionality in Exchange 2010 SP1:

  • MailTips access control over organizational relationships
  • Enhanced monitoring and troubleshooting features for MailTips
  • Enhanced monitoring and troubleshooting features for message tracking
  • Message throttling enhancements
  • Shadow redundancy promotion
  • SMTP failover and load balancing improvements
  • Support for extended protection on SMTP connections
  • Send connector changes to reduce NDRs over well-defined connections

Permissions Functionality
The following is a brief description of new permissions features and enhancements in Exchange 2010 SP1:

  • Database scope support
    With database scopes, you can control which databases mailboxes can be created for a given set of administrators and also control which databases they can manage.
  • Active Directory split permissions
    Active Directory split permissions enable you to completely separate the administrative capabilities of Exchange administrators from your Active Directory administrators. The ability to create and remove Active Directory users and groups and manage non-Exchange attributes of Active Directory objects by Exchange administrators and servers has been removed in Exchange 2010 SP1.
  • Improved user interface
    You can now create and manage management role groups and management role assignment policies in the Exchange Control Panel (ECP). This includes adding and removing management roles to role groups and role assignment policies, adding and removing members to and from role groups, and assigning users to role assignment policies.

Exchange Store and Mailbox Database Functionality
The following is a list of new store and mailbox database functionality in Exchange 2010 SP1:

  • With the New-MailboxRepairRequest cmdlet, you can detect and repair mailbox and database corruption issues.
  • With the New-PublicFolderDatabaseRepairRequest cmdlet, you can detect and repair public folder replication state problems (+).
  • Store limits were increased for administrative access.
  • The Database Log Growth Troubleshooter (Troubleshoot-DatabaseSpace.ps1) is a new script that allows you to control excessive log growth of mailbox databases.
  • Public Folders client permissions support was added to the Exchange Management Console (EMC).

Mailbox and Recipients Functionality
The following is a list of new mailbox and recipient functionality included in Exchange 2010 SP1:

  • Calendar Repair Assistant supports more scenarios than were available in Exchange 2010 RTM.
  • Mailbox Assistants are now all throttle-based (changed from time-based in Exchange 2010 RTM).
  • Internet calendar publishing allows users in your Exchange organization to share their Outlook calendars with a broad Internet audience.
  • Importing and exporting .pst files now uses the Mailbox Replication service and doesn’t require Outlook.
  • Hierarchical address book support allows you to create and configure your address lists and offline address books in a hierarchical view.
  • Distribution group naming policies allow you to configure string text that will be appended or prepended to a distribution group’s name when it’s created.
  • Soft-delete of mailboxes after move completion.

High Availability and Site Resilience Functionality

The following is a list of new high availability and site resilience functionality included in Exchange 2010 SP1:

  • Continuous replication – block mode
  • Active mailbox database redistribution
  • Improved Outlook cross-site connection behavior and experience (-)
  • Enhanced datacenter activation coordination mode support
  • New and enhanced management and monitoring scripts
  • Exchange Management Console user interface enhancements
  • Improvements in failover performance

Messaging Policy and Compliance Functionality
The following is a list of new messaging policy and compliance functionality included in Exchange 2010 SP1:

  • Provision personal archive on a different mailbox database
  • Import historical mailbox data to personal archive
  • Delegate access to personal archive
  • New retention policy user interface
  • Support for creating retention policy tags for Calendar and Tasks default folders
  • Opt-in personal tags
  • Multi-Mailbox Search preview
  • Annotations in Multi-Mailbox Search
  • Multi-Mailbox Search data de-duplication
  • WebReady Document Viewing of IRM-protected messages in Outlook Web App
  • IRM in Exchange ActiveSync for protocol-level IRM
  • IRM logging
  • Mailbox audit logging

Unified Messaging Server Role Improvements
The Unified Messaging server role has been improved and has added new features in Exchange 2010 SP1. To use some of these features, you must correctly deploy Microsoft Office Communications Server “14″ in your environment. The following is an overview of all the new features in Exchange 2010 Unified Messaging:

  • UM reporting
    The reports for Call Statistics and User Call Logs found in the Exchange Management Console are displayed in the Exchange Control Panel.
  • UM management in the Exchange Control Panel
    You can use the ECP to manage UM components in a cross-premises environment.
  • Cross-Forest UM-enabled mailbox migration
    In Exchange 2010 SP1, you can use the New-MoveRequest cmdlet with the Mailbox Replication Service (MRS) to move a UM-enabled mailbox within a local forest and multiple forests in an enterprise.
  • Outlook Voice Access improvements
    Outlook Voice Access users can log on to their Exchange 2010 mailbox and choose the order to listen to unread voice mail messages, from the oldest message first or the newest message first.
  • Caller Name Display support
    Exchange 2010 SP1 includes support for enhanced caller ID resolution for displaying names for voice mails from unresolved numbers using Caller Name Display (CND).
  • Test-ExchangeUMCallFlow cmdlet
    With this Exchange 2010 SP1 cmdlet, you can test UM connectivity and call flow.
  • New UM Dial Plan wizard
    An additional page has been added to the New UM Dial Plan wizard that allows you to add a UM server to the dial plan.
  • Office Communications Server “14″ Support
    Migrating SIP URI dial plans and Message Waiting Indicator (MWI) notifications in a cross-premises environment has been added.
  • Secondary UM dial plan support
    You can add a secondary UM dial plan for a UM-enabled user.
  • UM language packs added
    New UM language packs are now available in Exchange 2010 SP1. In addition, the Spanish (Spain) (es-ES) UM language pack available for Exchange 2010 SP1 now includes Voice Mail Preview, a feature that wasn’t available in the Exchange 2010 RTM release of that language pack.
  • Call answering rules improvements
    There are three updates to Call Answering Rules for UM-enabled users in SP1.
  • UC Managed API/speech platform improvements
    Beginning with Exchange 2010 SP1, the UM server relies on Unified Communications Managed API v. 2.0 (UCMA) for its underlying SIP signaling and speech processing.
  • UM auto attendant update
    In Exchange 2010 SP1, a UM auto attendant will play only the holiday greeting on a holiday.

Audit Logging Improvements
Exchange 2010 SP1 provides improvements in functionality related to administrator audit logging and new functionality for mailbox audit logging:

  • Improvements in administrator audit logging
    Exchange 2010 enhances the administrator audit logging functionality by providing you with the ability to perform searches of the admin audit log using the Exchange Management Shell. You can search on cmdlet and parameter names, date, the user who ran the command, and more. The results generated by your search can be displayed on the screen or e-mailed to a recipient you specify and viewed as an XML file. And, because all the administrative interfaces run Shell cmdlets in the background, the actions that occur in all the interfaces can be logged.
  • New mailbox audit logging
    Exchange 2010 SP1 introduces new mailbox audit logging functionality to allow you to track mailbox access by administrators, delegates, and mailbox owners, and actions taken on mailbox items such as moving or deleting a message, using SendAs or SendOnBehalf rights to send messages, and accessing a mailbox folder or a message. You can use the ECP to generate a report of non-owner mailbox access and use the Shell to search mailbox audit logs.
  • The Exchange Control Panel also provides several reports which are generated based on the audit logs in Exchange 2010 SP1.

Support for Coexistence with Exchange Online
Exchange 2010 SP1 includes functionality that supports coexistence with Exchange Online. However, Exchange Online has not yet been updated to support the following Exchange 2010 SP1 functionality:

  • Migration of UM-enabled mailboxes
    The New-MoveRequest cmdlet can be used with the Microsoft Exchange Mailbox Replication service (MRS) to move a UM-enabled mailbox within a coexistence environment.
  • IRM support for coexistence
    IRM is fully supported for cross-premises deployments. The tenant administrator can export the trusted publishing domain from the on-premises Active Directory Rights Management Services (AD RMS) server and import it to the cloud-based service. This functionality allows IRM-protected messages to be decrypted in the cloud, and cloud mailbox users to send IRM-protected messages that on-premises mailbox users can decrypt and access.
  • Remote Mailboxes
    A new set of SP1 cmdlets allow you to create and manage a mail-enabled user in the on-premises Active Directory site and at the same time create and manage the associated mailbox in the cloud-based service. The cmdlets are:

    • New-RemoteMailbox
    • Set-RemoteMailbox
    • Get-RemoteMailbox
    • Enable-RemoteMailbox
    • Disable-RemoteMailbox
    • Remove-Remote Mailbox
  • Transport
    Updated features in Transport help ensure that message flow remains protected between users regardless of where their mailboxes are located. Enhanced Transport features such as MailTips, delivery reports, and message moderation also support this deployment scenario.

Multi-Tenancy Support (+)

With Exchange 2010 2010 SP1 built-in multi-tenant support, service providers that use Service Provider Licensing Agreement (SPLA) no longer need a solution such as Microsoft Hosted Messaging and Collaboration version 4.5 to host multiple organizations. Multi-tenant support provides the core feature set of Microsoft Exchange that can be deployed to multiple customers in a single installation and provides ease of management and flexibility of provided features to end-users.

The hosting solution available for Exchange 2010 SP1 includes most of the features and functionality available in Exchange 2010 SP1 Enterprise deployments, but also includes features and functionality that allow you to create and manage tenant organizations.

The multi-tenant capabilities in Exchange 2010 SP1 form part of the suite of multi-tenant capable products that will replace the Hosted Messaging and Collaboration version 4.5 solution.

Discontinued Features
The following list are discontinued features from Exchange 2010 RTM to Exchange 2010 SP1:

Export-Mailbox and Import-Mailbox
Use Mailbox Export Requests or Mailbox Import Request.

Enable-AntispamUpdates (+)
Use Forefront Security for Exchange Server to obtain automatic anti-spam updates.

Federated Delivery
Federated delivery allowed messages to be sent in an encrypted format and delivered as if they came from an internal server with internal addresses resolved, unsolicited e-mail and virus filtering results preserved, and trusted system data preserved between federated organizations.

ISInteg
Use New-MailboxRepairRequest or New-PublicFolderDatabaseRepairRequest.

Managed Folders in EMC
In Exchange 2010 SP1, use the Shell to administer Managed Folders features such as Managed Default Folders, Managed Custom Folders and Managed Folder Mailbox Policies. Use the EMC and the Shell to manage Retention Policies and Retention Tags – the new Messaging Records Management (MRM) feature introduced in Exchange 2010 (MRM 2.0).

Exchange 2010 SP1 UM Language Packs

Posted on by
Reply

The Exchange Server 2010 SP1 Unified Messaging (UM) Language Packs can be downloaded here. The version is 14.01.0218.015, dated 08/24/2010. Note that earlier this link referred to SP1 Beta material, as mentioned in this post.

Unified Messaging (UM) language packs allow an Exchange Server 2010 Service Pack 1 (SP1) UM server to speak additional languages to callers and recognize other languages when callers use ASR or when voice messages are transcribed.

The UM language packs contain, per language:

  • Pre-recorded prompts;
  • Grammar files that are used by a UM server to lookup the names of given users in the directory;
  • Text to Speech (TTS) translation so that content (e-mail, calendar, contact information, etc.) can be read to callers;
  • Support for Automatic Speech Recognition (ASR), which allows callers to interact with UM using the voice user interface (VUI);
  • Support for Voice Mail Preview which allows users to read the transcript of voice mail messages in a specific language from within a supported e-mail client such as Outlook or Outlook Web Access.

Exchange 2010 SP1 Help

Posted on by
Reply

Update: The help file located at this link has been promoted from Beta to RTM. Updated post title and text accordingly.

The Exchange 2010 SP1 help file has been released just before SP1 became available online. You can download it here. Nice to take with you when you need reference material and you can’t access online resources.

Exchange 2010 Mailbox Role Calculator 7.8

Posted on by
Reply

Without mentioning it on their blog, the Microsoft Exchange Team updated the Exchange 2010  Mailbox Role Calculator to version 7.8. This version includes a small fix compared to 7.7 regarding the Read IOPS per mailbox calculation for all four combinations of desktop search engine and multiplication factor settings.

You can consult the changeblog here, download the calculator here. Instructions on usage can be found here.

Blocking automatic activation in DAGs

Posted on by
6

After the post on Exchange 2010’s Active Manager I received a question on the possibilities to block automatic activation of database copies in a DAG. There could be legitimate reasons for wanting this, like when you want to prevent remote database copies in a secondary data center from being activated automatic.

The blockade can be created on two levels:

  • Server – this prevents automatic activation for any database copy hosted on that server;
  • Database Copy – this prevents automatic activation for a specific database copy hosted on a specific server.

To block all database copies on DAG member <ServerID> from becoming activated automatically, use:

Set-MailboxServer –Identity <ServerID> – DatabaseCopyAutoActivationPolicy Blocked

To enable all database copies on DAG member <ServerID> for automatic activation again, use:

Set-MailboxServer –identity <ServerID> –DatabaseCopyAutoActivationPolicy Unrestricted

To block automatic activation on the database copy level, use the Suspend-mailboxDatabaseCopy. For example, to block the database copy of DatabaseID from automatic activation on ServerID, use:

Suspend-MailboxDatabaseCopy –identity <DatabaseID>\<ServerID> –ActivationOnly

To enable automatic activation again for this database copy on the specified server, use Resume-MailboxDatabaseCopy, like:

Resume-MailboxDatabaseCopy –identity <DatabaseID>\<ServerID>

Be advised that contrary to what the name of the cmdlet might suggest, using Suspend in conjunction with ActivationOnly and Resuming an activation blocked database copy does not affect the replication process for that database copy.