Author Archives: Michel de Rooij

Unknown's avatar

About Michel de Rooij

Michel de Rooij, with over 25 years of mixed consulting and automation experience with Exchange and related technologies, is a consultant for Rapid Circle. He assists organizations in their journey to and using Microsoft 365, primarily focusing on Exchange and associated technologies and automating processes using PowerShell or Graph. Michel's authorship of several Exchange books and role in the Office 365 for IT Pros author team are a testament to his knowledge. Besides writing for Practical365.com, he maintains a blog on eightwone.com with supporting scripts on GitHub. Michel has been a Microsoft MVP since 2013.

Exchange 2010 SP2 Rollup 4

Posted on by
4

Today the Exchange Team released Rollup 4 for Exchange Server 2010 Service Pack 2 (KB2706690). This update raises Exchange 2010 version number to 14.2.318.2.

Here’s the list of changes in this Rollup:

  • 2536846 Email messages sent to a mail-enabled public folder may be queued in a delivery queue on the Hub Transport server in an Exchange Server 2010 environment
  • 2632409 Sent item is copied to the Sent Items folder of the wrong mailbox in an Exchange Server 2010 environment when a user is granted the Send As permission
  • 2637915 “550 5.7.1” NDR when an email message is sent between tenant organizations in a multi-tenant Exchange Server 2010 environment
  • 2677727 MRM cannot process retention policies on a cloud-based archive mailbox if the primary mailbox is in an on-premises Exchange Server 2010 organization
  • 2685001 Retention policies do not work for the Calendar and Tasks folders in an Exchange Server 2010 SP1 environment
  • 2686540 Journal report is not delivered to a journaling mailbox in an Exchange Server 2010 environment
  • 2689025 Performance issues when you use the light version of Outlook Web App in an Exchange Server 2010 environment
  • 2698571 Some email messages are not delivered when you set the MessageRateLimit parameter in a throttling policy in an Exchange Server 2010 environment
  • 2698899 Add-ADPermission cmdlet together with a DomainController parameter fails in an Exchange Server 2010 environment
  • 2700172 Recipient’s email address is resolved incorrectly to a contact’s email address in an Exchange Server 2010 environment
  • 2701162 User A that is granted the Full Access permission to User B’s mailbox cannot see detailed free/busy information for User B in an Exchange Server 2010 environment
  • 2701624 ItemSubject field is empty when you run the Search-MailboxAuditLog cmdlet together with the ShowDetails parameter in an Exchange Server 2010 environment
  • 2702963 The “Open Message In Conflict” button is not available in the conflict notification message in Exchange Server 2010
  • 2707242 The Exchange Information Store service stops responding on an Exchange Server 2010 server
  • 2709014 EdgeTransport.exe process crashes intermittently on an Exchange Server 2010 server
  • 2709935 EdgeTransport.exe process repeatedly crashes on an Exchange Server 2010 server
  • 2713339 Multi-Mailbox Search feature returns incorrect results when you perform a complex discovery search in an Exchange Server 2010 environment
  • 2713371 Throttling policy throttles all EWS applications in Exchange Server 2010
  • 2719894 The Microsoft Exchange RPC Client Access service consumes 100 percent of CPU resources and stops responding on an Exchange Server 2010 Client Access server
  • 2723383 Incorrect time zone in a notification when the Resource Booking Attendant declines a meeting request from a user in a different time zone in an Exchange Server 2010 environment
  • 2724188 A subject that contains colons is truncated in a mixed Exchange Server 2003 and Exchange Server 2010 environment
  • 2726897 Event 14035 or Event 1006 is logged when Admin sessions are exhausted in an Exchange Server 2010 environment

In addition to these fixes, this Rollup also includes a fix for the WebReady security issue described in Microsoft Security Bulletin MS12-058 (KB2740358).

Note that  This Rollup includes changes enabling Retention Tags for Calendar Items and Tasks (see KB2685001). If you wish to retain pre-SP2RU4 functionality, implement the following registry key on each Mailbox server:
HKLM\SYSTEM\CurrentControlSet\Services\MSExchangeMailboxAssistants\Parameters\ELCAssistantCalendarTaskRetentionEnabled=0x00000000 (REG_DWORD); default value is 1. More information on possible implications at the Exchange Team’s blog here.

Important: Be advised that it is reported that installing MS12-058 (KB2740358) means Rollup 4 will be installed on your system. This applies to manual installations but updates installed through Windows Update / WSUS as well, which might pose a challenge (or better, dilemma) for security departments (Thanks to Paul Bendall).

Those who use WSUS to deploy security updates or manually apply MS12-058 will be inadvertently applying Exchange 2010 SP2 RU4 as the security

As of this Rollup, its no longer required to disable/re-enable ForeFront Protection for Exchange using the fscutility to be able to install the Rollup properly. However, if you want to remain in control, you can disable ForeFront before installing the Rollup using fscutility /disable and re-enable it afterwards using fscutility /enable.

Note that Rollups are cumulative, i.e. they contain fixes released in earlier Rollups for the same product level (RTM, SPx). This means you don’t need to install previous Rollups during a fresh installation but can start with the latest Rollup.

As with any Hotfix, Rollup or Service Pack, I’d recommend to thoroughly test this rollup in a test and acceptance environment first, prior to implementing it in production. For the correct procedure on how to update DAG members, check here.

You can download Exchange 2010 SP2 Rollup 4 here.

The UC Architects Podcast S01E05

Posted on by
Reply

The 5th episode of The UC Architects is online. The UC Architects is a bi-weekly podcast on Exchange and Lync Server.

This episode is hosted by Steve Goodman, who’s joined by Johan Veldhuis, Justin Morris, Ståle Hansen and me.

Topics discussed in this episode are Outlook.com versus Exchange Online, DirSync Filtering, Multi-Site Active/Active DAGs, EWS publishing, (Future of) TMG, and Logging in Lync 2013.

You can download the podcast here or subscribe to updates using iTunes here, Zune here or RSS here.

The UC Architects Podcast S01E04

Posted on by
Reply

The 4rd episode of The UC Architects is online. The UC Architects is a bi-weekly podcast on Exchange and Lync Server.

This monster 2 hour episode is split in a Lync and an Exchange part. The episode is hosted by Pat Richard, who’s joined by Johan Veldhuis and Tom Arbuthnot for Lync and Dave Stork, Michael Van Horenbeeck, Johan Veldhuis, Serkan Varoglu, John Cook, Mahmoud Magdy and yours truly for Exchange. Special guests for Lync are Elan Shudnow and Kevin Peters.

Besides discussing top stories, this episode focuses largely on the recently released Exchange 2013 Preview and Lync 2013 Preview.

Exchange topics discussed in this episode are Licensing update for Multi-Mailbox Search, ActiveSync device issue, Outlook 2013 issue, No more MAPI/RPC, Reduction in Server Roles, Exchange Admin Center/EAC and Cmdlet Extension Agents.

Some of the Lync topics discussed are multiparty & HD video, VDI Support with Voice and Video, Less server roles, Director role, Co-location of Archiving and Monitoring, Persistent Chat, Skype Federation. Unified Contact Store, Logitech BCC950 and the Kuando BusyLight.

You can get the Exchange part of the podcast here and the Lync part here. You can subscribe using iTunes here or Zune here.

Important Hotfix for Outlook 2013 Preview

Posted on by
Reply

Microsoft released a quick fix for a nasty bug in Outlook 2013 Preview, part of the Office Professional Plus 2013 Preview. The related knowledgebase article is kb2737132.

Note: Despite the warning that goes with pre-release software about not using it in production environments, I assume Microsoft knows people will and decided to produce a hotfix so quickly, which is quite unusual for preview software, also looking at the potential consequences.

The bug causes everything, i.e. e-mail, contacts, appointments and tasks, to be deleted permanently from an Exchange server when using the Cleanup Tools from Outlook. Nothing is recoverable through the Recover Deleted Items option.

To install the hotfix, follow one of the links below, depending on your architecture:

Changes in Exchange 2013 Preview

Posted on by
5

Note: This article is based on a pre-release product and may therefor be subject to changes.

Here’s an short list of the changes and notes regarding Exchange 2013, compared to Exchange 2010:

Goodbye EMC, Hello EAC
The Exchange Management Console (EMC) is no more. A new web-based management interface, the Exchange Administration Center (EAC), replaces EMC and ECP (organization management functions). The EAC provides a single console for on-premise, hybrid or online deployments and doesn’t require installation of management tools.

EAC can also be used to manage Public Folders and contains functionality to run reports on mailbox or administrator audit logs.

Less roles is more
Exchange 2013 reduces the number of Exchange server roles to two: Client Access Front End server and Mailbox server (Exchange 2003 Front-End/Back-End anyone?):

  • Client Access Front End servers will only proxy or process client traffic. They consist the known Client Access Server services as well as the Front End Transport Service component that deals with mail transport, hence the term Client Access Front End or CAFE. Multiple CAFE servers can still be organized in Client Access Arrays. New in Exchange 2013 is that client connections are stateless, which means you can utilize simple layer 4 (based on IP address or port) load balancing solutions or DNS Round Robin when requirements permit. Since connections are stateless, I expect client experience to improve as well as clients shouldn’t notice when being failed over to a different CAS server;
  • Mailbox servers are used for data storage and UM. Multiple Mailbox servers can still be organized in clusters using Database Availability Groups.

If you require an Edge Transport server, you can use Exchange 2010 or even Exchange 2007 Edge Transport servers in combination with Exchange 2013.

Transport Servers MIA?
In Exchange 2013, mail flow is dealt with by both the Client Access server and the Mailbox server. The Client Access server hosts a service called Front End Transport service which will process messages from or to external sources. The Mailbox server hosts two transport-related services, Hub Transport and Mailbox Transport service, which will process messages from or to other Mailbox servers or deal with the retrieval or storage of messages.

Transport pipeline overview diagram

Because the transport services are now co-located with Mailbox and Client Access servers, I do foresee challenges for organizations who designed infrastructure and farms purely for routing and processing messages. Of course, Mailbox servers will perform the same job, next to serving mailboxes, but this defeats the best practice of reducing attack surface by splitting roles.

This architecture found in Exchange 2010 didn’t exist in Exchange 2003 (but could come a long way by hardening servers). Then came Exchange 2007 with its server role architecture, which made a lot of sense for large environments (of course, there’s always the option of co-locating server roles). Now, wtih this reduction of server roles, I know at least 1 customer who will ponder on creating hardening guides for Exchange 2013 when the time comes.

Au revoir, MAPI
MAPI (RPC) will be dropped in Exchange 2013, leaving Outlook Anywhere (RPC over HTTPS) access as the protocol of choice for clients (IMAP/POP access still there). This means less holes to put in firewalls (only HTTPS), easier load balancing configurations, a single client endpoint (which also has benefits from a certificate perspective), etc. Of course there are also downsides, like Outlook 2003 doesn’t work and tools may stop working.

Public Folders
Unlike Exchange 2010, where Microsoft in early announcements mentioned the possible deprecation of Public Folders, Microsoft leaves no doubt when it comes to Public Folders and Exchange 2013. In fact, Microsoft made some interesting changes to the Public Folders architecture, where Public Folders reside in mailbox databases utilizing mailboxes (i.e. Public Folder Mailboxes).

This architectural change enables Public Folders to basically have the same benefits as Mailboxes in Mailbox databases, e.g. cluster continuous replication better known as Database Availability Groups. While this has serious implications for the migration scenario, it might prove a better alternative the “move to Sharepoint” cliché. It also requires rethinking placement of mailbox databases; while public folders utilize a multi-master model, where a branch office could make changes in local public folder database which replicated throughout the organization, Database Availability Groups utilizes a single master model, meaning with Exchange 2013 public folder clients must connect to the writable mailbox database copy.

The feeling that Microsoft is serious again about Public Folders is also driven by the fact that the next version of Exchange Online, part of the next version of Office 365 which confusingly is called Office 365 Preview, contains Public Folders. That’s right, Public Folders in Office 365; who thought that would ever happen, raise your hands. Check out Office 365 Preview here.

Outlook Web Access support for Exchange 2013’s Public Folders is expected in Exchange 2013 SP1.

Storage Engine
Exchange 2013 sticks with the ESE as the database engine of choice. The Information Store processes, now called Managed Store, have been revised, utilizing per database processes which enable faster fail-over and improved resilience. The engine integrates Microsoft’s FAST indexing engine.

Additionally, Microsoft expects another 50% IOPS reduction (which would mean 1/8th of Exchange 2003 figure) and support for 8TB SATA disks which are expected to become available later this year.

DAG 2.0
Well, sort of. Exchange 2013 adds functionality to the Database Availability Groups. To enhance site resiliency, servers can be in different locations, meaning you you aren’t required to place CAS servers in the Active Directory site together with the Mailbox servers. This creates interesting scenarios, where for example you could create (centralized) CAS farms (even in dedicated sites), while the DAGs are hosted in other sites. Major benefit of this is also that this reduces the namespaces required to create a resilient Exchange configuration.

Certificates
Client Access servers deal with certificate management; Mailbox servers contain self-signed certificates which are automatically trusted. The EAC contains a notification center which will report on certificates nearing expiration.

Data Loss Prevention
Here, Data Loss doesn’t refer to loss of bits, but to loss of sensitive information. Exchange 2013 provides a mechanism to protect sensitive data. Supported clients, like Outlook 2013, provide notifications of possible policy breaches through PolicyTips, much like MailTips. More information on DLP here.

OWA 2013
Outlook Web App (OWA) in Exchange 2013 adds integrated apps, like Bing Maps. Apps can be managed using the EAC. Apps installed in Outlook 2013 also become available in OWA 2013 and vice versa. OWA 2013 also offers LinkedIn integration and merged calendar view (like in Outlook).

OWA 2013 supports the following browsers when compared to OWA 2010:

  • Windows
    • Internet Explorer 7 or later (same);
    • Firefox 12 or later (was Firefox 3.0.1+);
    • Chrome 18 or later (was Chrome 3.0.195.27+);
    • Safari 5.1 or later.
  • Mac
    • Firefox 12 or later (was 3.0.1+);
    • Safari 5.0.6 or later (was 3.1+);
    • Chrome 18 or later.
  • Linux
    • Firefox 12 or later (was 3.0.1+);
    • Chrome 18 or later.
  • Tablets & Smartphones
    • Windows 8 PRE;
    • iOS 5.0 or later for iPhone or iPad;
    • Android 4.0 or later;
    • Other browsers revert to Light mode

Note: iPad 1 has 256 MB, OWA 2013 requires 512 MB therefor it isn’t supported on iPad1 devices.

When using compatible browsers OWA 2013 supports offline mode, which means you can read or compose messages while disconnected, using your system to store the information. More information on which platform / browser combinations supports offline mode can be found here.

image

eDiscovery
Recently, Microsoft announced it was no longer required to have an Enterprise CAL to perform Multi-Mailbox Searches in Exchange 2010. Like some predicted this was a clue on changes in Exchange 2013, which not only allows for cross-platform against Exchange, Lync and Sharepoint (In-Place eDiscovery), but allows you to export mail contents to PST files.

You can also search across primary and archive mailboxes in OWA.

Compliance
Also, Legal Hold, now known as In-Place Hold, can now be performed based on queries and can be bound to a certain timeframe as well in Exchange 2013.

Unified Messaging
In Exchange 2013, UM functionality is split between CAS and Mailbox servers which explains the absence of the UM server role. The CAS server deals with call routing, while the Mailbox server provides UM services like synthesis.

Based on UCMA 4.0, Exchange 2013 UM utilizes the same engine for text-to-speech (TTS) and automatic speech recognition (ASR). The generated grammar files, previously generated and stored per server, are generated by the Mailbox Assistant running on the Mailbox server hosting the arbitration mailbox. The speech grammar files are stored in the arbitration mailbox and can be downloaded by Mailbox servers.

When trying to resolve the Caller ID, Exchange 2013 UM will consult different sources besides the default contacts folder, like other contact folders and social networks.

Updated MRS
The Mailbox Replication Service (MRS) has been updated in Exchange 2013 to enable bigger parallel moves, providing progress reports using notifications and to make the process more resilient by automatic retries and move priorization.

Site Mailboxes
Exchange 2013 introduces a new concept called Site Mailboxes, which bind an Exchange mailbox to a Sharepoint site. Goal is to enable users to collaborate easier, by enabling site members to utilize a single interface to access documents as well as related messages. More information on Site Mailboxes here.

PowerShell 3.0
The Exchange Management Shell is now based on WinRM 3.0.

Miscellaneous
Other changes worth mentioning:

    • Lync 2013 can archive contents in Exchange 2013 and use it to store contacts;
    • Exchange Workload Management, more information here.
    • To skip the license screen during (unattended) setups, you can use the switch IAcceptExchangeServerLicenseTerms with setup.exe, e.g.
      Setup /m:Install /r:C,M /OrganizationName:X /IAcceptExchangeServerLicenseTerms