Things that frequently get forgotten when migrating


Public Folders are not replicated or moved

To replicate public folders:

Use either PFDAVADMIN or Exchange system manager from 2003

PFDAVADMIN

  • image 

ESM

  • You can set by adding the replication partners on each folder by right click the folder -> properties -> replication tab -> add
  • image
  • Or by right click the folder -> all tasks -> manage settings -> next -> modify list of replica servers -> -> add servers

To move public folder replicas

  • From Exchange Powershell “.\MoveAllReplicas.ps1 -Server <MySourceServer> -NewServer <MyTargetServer>”

Exchange Team Article on the matter http://msexchangeteam.com/archive/2007/07/09/445967.aspx

Address Lists are not upgraded

To upgrade all address lists: (Just the default lists)

set-EmailAddressPolicy “Default Policy” -IncludedRecipients AllRecipients
Set-AddressList “All Users” -IncludedRecipients MailboxUsers
Set-AddressList “All Groups” -IncludedRecipients MailGroups
Set-AddressList “All Contacts” -IncludedRecipients MailContacts
Set-AddressList “Public Folders” -RecipientFilter { RecipientType -eq ‘PublicFolder’ }
Set-GlobalAddressList “Default Global Address List” -RecipientFilter {(Alias -ne $null -and (ObjectClass -eq ‘user’ -or ObjectClass -eq ‘contact’ -or ObjectClass -eq ‘msExchSystemMailbox’ -or ObjectClass -eq ‘msExchDynamicDistributionList’ -or ObjectClass -eq ‘group’ -or ObjectClass -eq ‘publicFolder’))}

OAB is not moved or upgraded

  • From Powershell: Move-OfflineAddressBook -Identity <OfflineAddressBookIdParameter> -Server <ServerIdParameter>

Quick and Easy Remote ExchangePowerShell


  1. Configure the powershell virtual directory with basic auth
    1. image
    2. image
  2. Forward 443 through your firewall (or publish with ISA)
  3. Copy this script, change the FQDN to match your server and save as RemoteExchange.ps1
      $usercredential = get-credential
      $pso = new-pssessionoption -skipcacheck -SkipCNCheck -SkipRevocationCheck
      $session= New-PSSession -configuration Microsoft.EXchange -ConnectionUri
      https://FQDN/powershell -credential $usercredential -authentication basic -sessionoption $pso
      import-pssession $session
  4. open powershell and run the script ./RemoteExchange.ps1
  5. Disconnect with “Remove-PSSession $Session”

Note: this script ignores Certificate checks, only use if you can trust the server you are connecting to!

You may need to set the Powershell Execution Policy so you can run the scripts

Set-ExecutionPolicy Unrestricted or Set-ExecutionPolicy RemoteSigned

*Note: you do have to enable remote powershell access for the user

Problem logging into OWA after installing Exchange 2010


(UPDATE: This is resolved by Exchange RU9)

Do you still have have Exchange 2007 and 2010  coexisting in the same environment and after you installed 2010 come users couldn’t access OWA anymore.?

Your getting this error:

“The mailbox you’re trying to access isn’t currently available. If the problem continues, contact your helpdesk”

AND in the application event log you have and Event ID 46 source MSExchange OWA

The issue may be you are trying to us CAS 2010 to CAS 2007 proxy and you don’t have the correct files on the 2010 server.

To resolve

1. From the 2007 Exchange server copy the following folder to 2010:

      “\Program Files\Microsoft\Exchange Server\Client Access\Owa\8.x.xxx.x

Copy the highest numbered 8.x.xxx.x folder to the Exchange 2010 Client Access server:

      “\Program Files\Microsoft\Exchange Server\V14\Client Access\Owa”

the 2010 OWA directory should look some thing like this

image

2. Then run IISRESET from and elevated command prompt

SBS 2008 and RU3 and Outlook Repeat Login Prompt


UPDATE Exchange RU9 is supposed to fix this

On Small Business Server 2008 we have see that if you install RU3 you may start getting repeatedly prompted for log in credentials when opening outlook.

I believe that is because of some additional NTLM security that is put in place which I believe is included with RU3 based on this blurb in the update documentation

“After you install this update, the authentication mode that is set for the Web site at http://companyweb changes from the NTLM authentication to the Kerberos authentication. The reason this change occurs is because we recommend that you use the Kerberos authentication instead of the NTLM authentication.”

The solution I found so far was

  1. Remove RU3 for now.
  2. re-apply the Windows Authentication on the EWS, OAB, and Autodiscover virtual directories
    1. Open Internet information Services (IIS) Manager
    2. Expand the Server -> Sites -> SBS Web Applications
    3. Click on autodiscover -> authentication ->
      image
    4. windows Authentication -> Disable -> enable
      image
    5. Repeat for OAB and EWS virtual directories
  3. restart the server

Note: It may be necessary to add the root exchange URL to the “intranet sites” for on the clients

Tools -> Internet options -> security tab -> Local Intranet -> Sites -> advanced -> add -> https://remote.domain.com

image

Mail Flow Troubleshooting


Mail flow issues should be troubleshot by first determining what direction the issue

  • Internal to Internal
  • Internal to External
  • External to Internal

MX Record – You need to make sure that the MX record for you domain points to a host record that points to your IP

Example(purely theory): If my IP was 65.55.88.22 and my domain is Domain.com then I my MX should look something like this

Domain Pref Hostname IP Address TTL
Domain.com 10 mail.domain.com 254.63.63.63 60

Services

Make sure the services are running (in order 2003, 2007, 2010)

Capture

image

 image

Firewall

Email uses port 25(SMTP) primarily for mailflow, you need to be sure that port 25 is forwarded through your firewall to the exchange server
Also if you have (you can test with MXtoolbox.com or Manual SMTP test (below) to verify that you can get to the mail server.

Accepted domains

In order to receive mail to a domain name you need to have that name listed in the  accepted domains (2007\2010)

image 

Email Address Policy (2007\2010)

In addition to the accepted domains you need your users to have the domain address stamped on the users, to do that you need to add it to the Address Policy

(Left is 2010\2007, Right is 2003)image

image image

image

Next -> Next -> Finish

Active directory lookups

Make sure you can access a Global catalog Domain controller in your site

Also make sure that replication is ok between servers
(Active Directory Sites and Services -> Site Name -> Servers -> ServerName -> NDTS Settings -> Rt Click the connection in the right window and choose “Replicate Now”)

Manual SMTP Testing (Red TXT is typed commands)

Click Start -> run -> CMD (enter)

telnet mail.domain.com 25220 mail.domain.com Microsoft ESMTP MAIL Service ready at Sat, 19 Dec 20
09 15:57:35 -0600
ehlo domain.com
250-mail.domain.com Hello [192.168.3.10]
250-SIZE
250-PIPELINING
250-DSN
250-ENHANCEDSTATUSCODES
250-STARTTLS
250-X-ANONYMOUSTLS
250-AUTH NTLM
250-X-EXPS GSSAPI NTLM
250-8BITMIME
250-BINARYMIME
250-CHUNKING
250-XEXCH50
250 XRDST
mail from: me@domain.com
250 2.1.0 Sender OK
rcpt to: administrator@domain.com250 2.1.5 Recipient OK
data
354 Start mail input; end with <CRLF>.<CRLF>
this is a test
.
250 2.6.0 <f23d11e3-fcac-4033-8450-9f1b5451430c@mail.domain.com> Queued mail for delivery

Problem after deleting legacy exchange administrative group


To start with you generally do not want to delete it but if you already did…..Start ADSI Edit. In the CN=Configuration container, locate the following container:

CN=Services,CN=Microsoft Exchange,CN=ORGANIZATION,CN=Administrative Groups,CN=administrative_group,

Now we were missing the ‘Folder Hierarchies’ folder – All we have to do is recreate it as follows:
Create the “Folder Hierarchies” under the Exchange Administrative Group

1. Right click on Exchange Administrative Group
2. Select New Object
3. Select msExchPublicFolderTreeContainer for the class and click Next
4. Enter the following for the value: Folder Hierarchies, click Next
5. Click Finish

Create Public Folder Tree Object

1. Right click CN=Folder Hierarchies -> New Object
2. Selected msExchPFTree for the class
3. For the value we entered, “Public Folders” and clicked next
4. Clicked on the “More Attributes” button, selected msExchPFTreeType and set the
value to 1. Note: This is very important that this value is set to a value of 1 as
this tells Exchange that this is a MAPI Tree
5. Click Ok and then finish

Populate msExchOwningPFTreeBL attribute object of the PF Stores in the organization
(Since this attribute is not directly editable, you have to follow the below steps
to do this for each PF store)

1. Get properties of the newly created “Public Folders” Tree object in ADSIEdit.
2. Copy the distinguishedname value to the clipboard and then click cancel.
3. Navigate to the Storage group that contains the Public Folder Store for this
server and get properties of the server database.
4. Locate the msExchOwningPFTree attribute and paste in the value that was copied
to the clipboard in step 2. Click OK.
5. Restart the Information Store Service

Set permissions on the Public Folders

  1. Start ADSI Edit. In the CN=Configuration container, locate the following container:
    • CN=Services,CN=Microsoft Exchange,CN=ORGANIZATION,CN=Administrative Groups,CN=administrative_group,CN=Folder Hierarchies,CN=Public Folders
    • Note In this container, ORGANIZATION is the name of the Exchange Server organization and administrative_group is the name of your administrative group.
  2. Right-click CN=Public Folders, and then click Properties.
  3. Click the Security tab.
  4. Make sure that the Allow inheritable permissions from parent to propagate to this object check box is selected.
  5. Make sure that the Everyone group has the following Allow permissions:
    • Create named properties in the information store
    • Create public folder
    • Create top level public folder
    • If the Allow inheritable permissions from parent to propagate to this object check box is selected, the Everyone group should already have these permissions. Make sure that the Deny check boxes are not selected.
  6. Now try to mount the PF store and see if we can access it fine now.

Exchange Prerequisites Scripts


Exchange 2010 on windows 2008 R2

Copy this to a notepad and save with a .ps1 extension to install pre-req, run From elevated Powershell prompt  – Kudos to Anderson Patricio for the script

or you can get the version that downloads the filter pack from Bhargav

You also need to set the Powershell Execution Policy so you can run the scripts

Set-ExecutionPolicy Unrestricted or Set-ExecutionPolicy RemoteSigned

clear
write-host
write-host Exchange Server 2010 – Pre-requisites script
write-host Please, select which role you are going to install..
write-host
write-host ‘1) Hub Transport’
write-host ‘2) Client Access Server’
write-host ‘3) Mailbox’
write-host ‘4) Unified Messaging’
write-host ‘5) Edge’
write-host ‘6) Typical (CAS/HUB/Mailbox)’
write-host ‘7) Client Access and Hub Transport’
write-host
write-host ‘9) Configure NetTCP Port Sharing service’
write-host ’10) Install 2007 Office System Converter: Microsoft Filter Pack – Only if you are installing Hub or Mailbox Server role’
write-host
write-host ’13) Restart the computer’
write-host
write-host
write-host “Select an option.. [1-13]? ”
$opt = read-host

Import-module ServerManager

switch ($opt)
    {
        1 { Add-WindowsFeature NET-Framework,RSAT-ADDS,Web-Server,Web-Basic-Auth,Web-Windows-Auth,Web-Metabase,Web-Net-Ext,Web-Lgcy-Mgmt-Console,WAS-Process-Model,RSAT-Web-Server }
        2 { Add-WindowsFeature NET-Framework,RSAT-ADDS,Web-Server,Web-Basic-Auth,Web-Windows-Auth,Web-Metabase,Web-Net-Ext,Web-Lgcy-Mgmt-Console,WAS-Process-Model,RSAT-Web-Server,Web-ISAPI-Ext,Web-Digest-Auth,Web-Dyn-Compression,NET-HTTP-Activation,RPC-Over-HTTP-Proxy }
        3 { Add-WindowsFeature NET-Framework,RSAT-ADDS,Web-Server,Web-Basic-Auth,Web-Windows-Auth,Web-Metabase,Web-Net-Ext,Web-Lgcy-Mgmt-Console,WAS-Process-Model,RSAT-Web-Server}
        4 { Add-WindowsFeature NET-Framework,RSAT-ADDS,Web-Server,Web-Basic-Auth,Web-Windows-Auth,Web-Metabase,Web-Net-Ext,Web-Lgcy-Mgmt-Console,WAS-Process-Model,RSAT-Web-Server,Desktop-Experience }
        5 { Add-WindowsFeature NET-Framework,RSAT-ADDS,ADLDS }
        6 { Add-WindowsFeature NET-Framework,RSAT-ADDS,Web-Server,Web-Basic-Auth,Web-Windows-Auth,Web-Metabase,Web-Net-Ext,Web-Lgcy-Mgmt-Console,WAS-Process-Model,RSAT-Web-Server,Web-ISAPI-Ext,Web-Digest-Auth,Web-Dyn-Compression,NET-HTTP-Activation,RPC-Over-HTTP-Proxy }
        7 { Add-WindowsFeature NET-Framework,RSAT-ADDS,Web-Server,Web-Basic-Auth,Web-Windows-Auth,Web-Metabase,Web-Net-Ext,Web-Lgcy-Mgmt-Console,WAS-Process-Model,RSAT-Web-Server,Web-ISAPI-Ext,Web-Digest-Auth,Web-Dyn-Compression,NET-HTTP-Activation,RPC-Over-HTTP-Proxy }
        9 { Set-Service NetTcpPortSharing -StartupType Automatic }
        10 { Write-warning ‘Download it from here: http://tinyurl.com/36yrlj’}
        13 { restart-computer }
        default {write-host “You haven’t selected any of the available options. “}
    }

Exchange 2010 on windows 2008 R1

Dejan Foro has made a script to install 2010 on 2008 R1

Exchange 2007 on windows 2008 R1

Simon Gallagher has a script for 2k7/R1

Exchange 2007 on windows 2003

Still have to do it manually 😦

MS KBS with prerequisite info