New Outlook Address Book (OAB) virtual directory in Exchange 2010

Check if there is an existing OABVirtualDirectory on any of the servers: get-oabvirtualdirectory [this command can take up to half an hour to complete, depending on the size and scope of your domain]

Remove the existing OAB virtual directory with the following command: Remove-OABvirtualdirectory -identity “<server name>\OAB (Default Web Site)”

Run iisreset

New OAB command: New-OABVirtualDirectory -RequireSSL $true -ExternalURL “https://<full DNS name>/OAB”

 

Advertisements

Error changing Exchange 2010 log file path

Attempts to move the Exchange 2010 logs to a different folder fail via both EMC and EMS:

—————————

Failed to connect to target server “EXCH2010”. Error: WMI exception occurred on server
Quota violation

—————————

Resolution: Enable Circular Logging for the database in EMC. Dismount and remount the database. Then, change the log file path via EMS using the PowerShell command
“move-DatabasePath -Identity ‘Archive’ -LogFolderPath <path>”. Disable Circular Logging. Dismount and remount the database

Upgrade Exchange 2007 to Exchange 2010

The following information is based upon my experience of transitioning from a single Exchange 2007 server to a single Exchange 2010 server with Unified Messaging in a SMB environment. Adapt the instructions to your own organisation. As usual, any and all steps undertaken are at your own risk.

High Level Steps

  • See which Certificate Authority issued your Exchange 2007 and UM 2007 certificates and for what services
  • Build two servers running Windows Server 2008 R2 or higher for Exchange 2010 and UM 2010
  • Install Exchange 2010 and UM 2010 with all the required roles
  • Create a new UM dial plan which includes the new Exchange 2010 server
  • Create the necessary new pathways on your voice gateway to point to the new UM dial plan
  • Configure the OWA settings on the new Exchange 2010 server
  • Create a new external DNS entry for the new Exchange 2010 server
  • Alter your traffic flow settings on the firewall
  • Configure the hun transport send/receive connectors
  • If using a provider such as MessageLabs, create and test new outbound and inbound connections in your account
  • Test a mailbox move
  • Move the remainder of the mailboxes, disabling the voicemail prior to moving and re-enabling it afterwards with the new dial plan
  • Uninstall Exchange 2007 and UM 2007 from their respective servers
  • Remove the redundant servers from the domain

Pre-requisites

  • Exchange 2007 at SP2 or higher
  • Exchange 2010 SP1 and higher runs on Windows Server 2008 R2 or higher
  • VMware host has sufficient RAM and SAN datastore has sufficient spare capacity. While 2010 utilises more disk space than 2007, you will find your initial 2010 .edb is smaller than your 2007 .edb due to white space in the latter over the years of use
  • Decide on the external and internal IP addresses of the new Exchange server
  • Decide what Exchange services you want covered by your Certificate Authority and add to your existing CA for importing to Exchange 2010
  • Various Windows Roles and Features need to be installed on the new Exchange box

Installing Server 2008 R2

Have two drives: C and D

From Server Manager, go to Roles and click Add Roles. Select:

  • Web Server (IIS). Click Next and Next

Leave the default settings as they are and select the following additional Role services:

  • HTTP Redirection
  • .NET Extensibility
  • ASP.NET
  • ISAPI Extensions
  • Tracing
  • Basic Authentication
  • Windows Authentication
  • Digest Authentication
  • Client Certificate Mapping Authentication
  • Dynamic Content Compression
  • IIS 6 Metabase Compatibility
  • IIS 6 Management Console
  • IIS WMI Compatibility

From Server Manager, go to Features and Add Features. Select:

  • Expand .NET Framework 3.5.1. Tick “.NET Framework 3.5.1 Features”. Expand WCF Activiation and select the HTTP Activation option. A wizard informs you of a required component so click the Add Required Features button. Scroll through the list to Remote Server Administration Tools. Under it, expand Role Administration Tools. Select “AD DS and AD LDS Tools”. Click Next and Install.

Restart the server. Upon restarting:

  • Go to Services under Administrative Tools. Find the Net.TCP Port Sharing Service and set its startup to be automatic. Start the service and close the Services console
  • Download and install the Microsoft Office Filter Pack and x64, which is the filter pack for Office 2010 and is a pre-requisite for Exchange 2010 SP1 or higher

Installing Exchange 2010

  • Upgrade Exchange 2007 and UM 2007 servers to SP3
  • New internal DNS pointer to Exchange 2010
  • New external DNS point to Exchange 2010; this is your external facing name. If for example your previous was mail.contoso.com then you could have webmail.contoso.com ; doing it this way is the least complicated. An alternative it is have an internal legacy redirect as recommended by Microsoft but it can be messy. Having two separate urls is clean
  • Run the Microsoft Best Practice Analyzer tool (ExBPA) to identify any problems that can be found by validating the details of the infrastructure against Microsoft’s best practice database
  • While the earlier installation of the filter pack makes its filters available to Windows Search, it is also necessary to enable Exchange Search to use the filters. Go through the steps described in http://technet.microsoft.com/en-us/library/ee732397.aspx . Also download and install the Adobe 64-bit PDF IFilter to allow Exchange Search to include PDF documents in its content indexes (instructions)
  • Run the setup.exe from the Exchange dvd
  • In the Install section, click “Step 3: Choose Exchange language option”. Choose “Install only languages from the DVD”.
  • Click “Step 4: Install Microsoft Exchange”
  • Custom installation: all roles bar UM
  • During the installation, check the option for the server to be internet-facing and enter your new external url. This sets up OWA (formerly Outlook Web Access, now Outlook Web App)
  • Connect to Exchange 2007 and click Next
  • Complete the installation and apply all available updates
  • Install the updated Certificate Authority certificate and assign the respective services against the certificate through the EMC
  • Move the Exchange 2010 database to drive D: http://technet.microsoft.com/en-us/library/dd351168.aspx
  • Configure the e-mail policy
  • In EMC, go to “Server Configuration” and “Exchange 2010 Client Access Server”. In the Action Pane click on “Enable Outlook Anywhere”. Enter the external hostname in the wizard and select the apprioriate authentication mechanism eg NTLM). Click Enable and Finish
  • At this point: If you get a certificate warning (The name on the security certificate is invalid or does not match the name of the site) on opening Outlook 2007 on a client computer at this stage, see http://support.microsoft.com/kb/940726
  • In EMC on Exchange 2010, under Organization Configuration/Mailbox. Click on the “Offline Address Book” tab in the results pane. Add in a new OAB for Exchange 2010 (web distribution only), i.e. have one for 2007 and another for 2010
  • Configure IIS on Exchange 2010: top-level http redirect with SSL unticked. aspnet + ecp + ews + activesync + oab + owa + rpc (http redirect unticked, ssl selected), exchange + exchweb + PowerShell + Public + RpcWithCert (neither selected)
  • Configure the Hub Transport and send/receive connectors, including the mail size limits, for Exchange 2010. Have an initial higher cost than the existing 2007 connectors
  • Configure the firewall to permit inbound and outbound traffic to/from Exchange 2010
  • Configure your external e-mail protection company’s account (e.g. MessageLabs) to send/receive e-mail from your Exchange 2010 box
  • Configure the Exchange 2010 send/receive connectors to be the only connectors, i.e. remove the 2007 connectors. Also remove the external IP for inbound/outbound in your extenal protection company’s account
  • Move mailboxes across from 2007 to 2010. First disable the voicemail against each mailbox and re-enable it after the move has completed (see below for Unified Messaging setup). You can do the move through the EMC or EMS. I prefer EMS: New-MoveRequest -Identity ” -BadItemLimit 100 -AcceptLargeDataLoss
  • If you forget to disable the voicemail prior to moving a mailbox, issue this command in EMS: Disable-UMMailbox -Identity and subsequently re-enable voicemail through EMC for the mailbox
  • Decommission your Exchange 2007 server via Add/Remove Programs and remove from Active Directory by making the server part of a Workgroup
  • Alter auto-discover external and internal DNS entries to point to Exchange 2010
  • In EMC on Exchange 2010, under Organization Configuration/Mailbox. Click on the “Offline Address Book” tab in the results pane. Remove the 2007 OAB
  • Remove the external and internal DNS pointers to Exchange 2007

Unified Messaging 2010

  • Install the UM 2010 role onto a new Windows Server 2008 R2 or higher box. This can be another virtual machine, i.e. UM 2010 can be virtualised
  • New internal DNS pointer to UM 2010
  • Log into your phone administration system and configure. For those running CUCM (Cisco Unified Communications Manager) and Call Manager, see https://supportforums.cisco.com/docs/DOC-11414
  • Then on UM 2010 server, see http://www.networkworld.com/community/node/48189
  • Migrate mailboxes over as above. If you accidentally forget to disable voicemail prior to the migration, the MWI light on the Cisco phone will not function. There is a dynamic folder called “voice mail” under the Search Folders in Outlook. The new properties are set incorrectly by this accident. What happens is that UM sends an e-mail with the voicemail, the dynamic search folder detects it and sends the relevant alert to Call Manager. The way to correct this is to take the Outlook client out of cached mode, delete the voice mail search folder, close Outlook and leave a new voicemail. Re-open Outlook and re-enable cached mode
  • When ready, remove the old 2007 UM from the UM properties on the new Exchange server and decommission the old 2007 UM server
  • Remove the internal DNS pointer to UM 2007
  • Enable Archiving, if required, which is as simple as creating a separate Database (wideally on a separate drive to a separate disk or datastore) with the log files stored in the same location as the databse. Select the user(s) in EMC, click “enable Archive” and select the newly created Archive database
  • Remember not to have a redirection on your OAB in IIS, for the IIS OAB authentication to be enabled for anonymous, basic and Windows authentication; also for the web.config file in the Windows Explorer OAB folder to have read and read-write permissions set for “Authenticated Users”.

Other matters of interest

  • If a distribution list was a mail security group, you may well encounter errors when attempting to add/remove staff. Update it to a Mail Universal Distribution Group through Active Directory
  • If there is an error when uninstalling Exchange 2007 to do with the Public Folder Database: http://www.petenetlive.com/KB/Article/0000227.htm

Important: Remember to enable truncating of the Exchange logs in your backup programme, whether it is Windows Server backup (full VSS), PHD Virtual, Backup Exec or any of the other backup programmes available. Check the manufacturer’s documentation for details.