Migrating to Exchange 2010 (Part 1)

Ah, upgrades and migrations. Nothing every happens the same way it does in the lab! First off though, I do have to say that my upgrade/migration from Exchange 2003 to Exchange 2010 SP1 was successful and relatively transparent to my end users. Of course, we have a pretty small office and only one server, so there were not a lot of moving parts.

Before working in production, I did two lab-based migrations using some older copies of my Active Directory and Exchange servers – probably a tad too old, since I ran into totally different troubleshooting hurdles in production. Also, there were several things I couldn’t completely test in our lab environment, like our BlackBerry BES implementation or inbound and outbound mail connectors. But hey, I love flying by the seat of my pants.

One of the benefits of being late to Exchange 2010 was that there was lots of information on the Internet when I went search for solutions and nothing was insurmountable.
My primary source of guidance was the Microsoft Exchange Deployment Assistant, which is an online checklist of steps to follow. It asks a few questions about your environment and the produces a “customized” checklist. I have a few caveats about it though.

  1. It assumes you are installing the various Exchange server roles on different machines or at different times. Since I was using the “typical” installation process my CAS, Hub and Mailbox roles were being installed together.
  2. You must check off the completed steps in order. Sure, you can skip around and follow the instructions however you want, but if you like crossing things off a list as you go along and something early in the list is delayed, you can’t check of any of the later tasks. For example, “Adding digital certificates on the CAS” is something that is listed very early in the checklist. I had to wait several days for my new SAN certificate to be issued but that didn’t prevent me from moving forward with my migration. However, I couldn’t play along with with the checklist.

These are small gripes and if you are a stickler for documentation, you can print, email or copy/paste the instructions from the deployment assistant into your own project plan.

In the lab, the typical installation went along with out a hitch. However, I was not blessed with such luck in production. The CAS and Hub Transport roles installed fine, but the installation choked on the Mailbox role with the following error.

Couldn’t resolve the user or group “mydomain.local/Microsoft Exchange Security Groups/Discovery Management.” If the user or group is a foreign forest principal, you must have either a two-way trust or an outgoing trust.
I found the solution in several places, but it was very nicely documented here on Peter Schmidt’s blog.

Just to clarify, you are deleting the “DiscoverySearchMailbox” user from Active Directory, rerunning your install for the mailbox role and then rerunning “setup /prepareAD” to recreate the user you deleted. Interestingly, I can’t see the Discovery Search Mailbox in my Recipient Configuration in production, but I can in my test lab. (Odd… maybe one day I’ll figure that out.)

At this point, Exchange 2010 is humming along right next my Exchange 2003 server and everything is happy and still working the way it did before, mostly because we have a Barracuda appliance that collects our inbound mail and delivers it to the Exchange 2003 server, so really nothing had changed.

I created a Receive Connector for the Barracuda, updated the Barracuda to deliver mail the Exchange 2010 server, then created my new Send Connector as per the Deployment Assistant and removed the Send Connector on the Exchange 2003 server.  Once I verified that inbound and outbound mail was still flowing it was time to take a breather and regroup for the next round.

Coming up – Getting BlackBerry BES to work again, fixing certificate errors with Outlook 2007, creating an external relay for some legacy devices on my network and figuring out why I couldn’t mount an new database after I created it.  Stay tuned.


Exchange 2010 Lab: Things I’ve Learned So Far

This month, I’ve been trying to concentrate on working on my test lab for Exchange 2010.  I’ve done a lot of reading about Exchange 2010, but now is the time where the rubber hits the road and I can start seeing what I’ve been reading actually means in practice.  Also, this gives me a reason to start paying attention to PowerShell, since I’ve have little need for it so far and I know I need to start learning it!

I did a pretty standard, “out of the box” installation of Exchange for this first test and I was having a problem moving mailboxes and creating databases.  If you are already a member of the Organization and Recipent Management groups in AD, then you might need to rerun the “setup.exe /PrepareAD” command to reapply the permissions. 

Yes,  the PrepareAD switch is run when you do the standard install.  And yes, even when I manually checked all the permissions they looked fine.  However, rerunning /PrepareAD solved my issues. Want to read more about Exchange Trusted Subsystem permissions and how they fit in?  Go here, to Richard’s Exchange Ramblings on TechNet Blogs.

And for a little useful PowerShell, here’s how to find the versions of Exchange you have installed in the entire organization:
Get-ExchangeServer | Format-Table Name, *Version*
For reference, all build numbers listed in this KB Article – http://support.microsoft.com/kb/158530

Finally, if you’ve been tweaking the Rentention Policies and want to kick off the Managed Folder Assistant immediately to see if your policies work for a particular user, here’s the PowerShell for that too.
Start-ManagedFolderAssistant -Identity *MailboxOrMailUserIdParameter*
The full explanation of that command can be found here.

Exchange 2010 on the Horizon

I started this week and hopefully I’ll get to spend more time next week working on my lab for migrating from Exchange 2003 to Exchange 2010.   Today I’m using the Exchange Server Deployment Assistant, which asks a few questions about your environment and then generates a checklist of things for you to check and do as you move through the installation process.

I’m also hoping to find some time to run the Exchange Pre-Deployment Analyzer in my production environment and see if that give me some good news.

Happy Friday Everyone!

Blog Highlights for October

October is just flying by, but I thought I’d take a moment to toss out a some other great blogs and recent posts that have caught my eye in the last few weeks.  (Many are by some of my fellow Microsoft MVPs, too!)
For those of you in the Exchange camp, check out BlankMan’s Blog, by Nicolas Blank, an Microsoft Exchange MVP. He’s recently posted a link to the Exchange 2010 Architecture Poster and a overview about Exchange 2010 SP1
Thinking about IPv6? Don’t miss out on some recent posts on www.howfunky.com, the blog by Microsoft MVP, Ed Horley.  Are you an ostrich or not when it comes to IPv6? You might want to find out.
Maybe you are on the certification path, if so, don’t miss out on some of the posts on the Born to Learn blog, geared to keep you up to date with the latest in Microsoft certification.  Born to Learn recently highlighted MVP Justin Rodino, who will be presenting a session on Windows 7 at the upcoming Certified Career Conference on November 18th.
Finally, since I’ve spent a lot of time in airports this month, I’m finding the TSA Blog to be particularly interesting. Learn about upcoming technologies, changes in protocols and tips on packing so you can breeze through security. Maybe I’ll cross paths with you at the airport.

Take-Aways from a Breakfast Event on Exchange 2010

Yesterday, I spent the morning at an event hosted by Quickstart, EMC and ExtraTeam on Exchange 2010 and Unified Communications.  Not only did they have a great breakfast laid out for those of us who attended event, I picked up a few tidbits about the new versions of these Microsoft products.  The Exchange portion of morning was lead by Mike Sneeringer, who is currently the only person in the world holding both the Microsoft Certified Master in Exchange 2010 and Office Communications Server 2007 – very cool.

If you are an Exchange administrator, you’ll appreciate some of these features:

  • Role Based Access Control – enables administrators to delegate permissions to responsible users based on job function without giving them access to the entire Exchange management interface. Tasks such as performing multi-mailbox searches no longer have to be the sole responsibility of Exchange Admins, allowing your organization take better advantage of features like legal hold and mailbox searches without involving the IT department.
  • Multi-Mailbox Search – allows designated users (like a legal team) a web-based tool for searching across mulitple mailboxes.  This applies to online archive as well as the main mailbox.
  • Legal Hold – A legal hold preserves deleted mailbox items and records changes made to mailbox items. Deleted and changed items are returned in a discovery search.
  • Improved Transport Rules – will allow for greater control of how mail flows both within your organization and to outside contacts.
  • Online Mailbox Moves – this is available for 2007 to 2010 migrations only, but will allow users access to their mailboxes during migration from one database to another. For migrations from 2003 mailboxes must be taken offine.

In addition to some great improvement from the mail administration side, end users will appreciate some of these improvements:

  • Delivery reports – provides access to message delivery information for both end users and administrators to help answer questions common questions about mail status.  Great for offices that have multiple locations and multiple email servers.
  • MailTips – I can’t describe how helpful mail tips can be any better than this blog post by the Microsoft Exchange team. You’ll never accidentally “reply to all” for an email you where were BCC’d again.
  • Online Archive – Instead of using PSTs to store archive mail, users can take advantage of an online archive separate from their regular mailbox.  With SP1, that archive can even be stored in a different database.
  • List Moderation – Allow designated moderators to approve messages before they are sent out to common distribution lists.  This combined with MailTips will probably reduce a lot of common interoffice email mistakes!

Finally, Unified Communications Server can bring your teams together more than ever before, as well as make it easier to manage voice mails and emails together.  With the ability to integrate with other common applications like Office and SharePoint, knowing the “presence” and availabilty of other coworkers can streamline communications and improve productivity. 
Overall, the event was a morning well spent.  While the Unified Communcations offerings aren’t something I’m looking at, the Exchange 2010 features just make me look forward to getting there sooner.  Also, EMC has some additional features regarding eDiscovery with their SourceOne product that could complement your Exchange infrastructure depending on your needs.

Exchange 2010 SP1: Personal Archive Improvements

I’ve spent a few years running a small Exchange 2003 organization and now’s the time to start thinking about upgrading. At one point I was deciding between Exchange 2007 and Exchange 2010, but with improvements slated for Service Pack 1 for Exchange 2010, I’m sold. Granted, SP1 isn’t out for general release yet, but I’m willing to wait on my upgrade until it is. Here are some of the killer features for me:

Personal Archives – Introduced in the RTM of Exchange 2010, the personal archives act as an alternate location for users to store mail outside of the main mailbox. Service Pack 1 introduces the option to store the archive in a different database than the main mailbox, finally bringing home the chance for users to store ALL their mail on the server, without affecting the time needed to restore their main mailbox in a recovery scenario.

PST Import – One you are using that personal archive option for users, its possible to put back all that mail that users have already moved out to PST files. The import tool helps streamline this process.

Better Discovery – Improved multi-mailbox search features and search “preview” options will provide a basic “e-discovery” solution for companies that aren’t quite ready to invest in a full blown archiving and discovery product.

I’m looking forward to SP1 for Exchange 2010 as the chance to to bring some new and valuable features to our existing mail infrastructure and take the leap from Exchange 2003. A day where I don’t have to help users keep track of PST files is a day I’ll be breaking out the champagne.

My TechEd Session Wish List

Had a great time at TechEd this year, do not get me wrong. But like all the other conferences of the past, there is often too much good stuff to get it all in.
This year, just about all the breakout sessions are available online. While some may think this reduces the value of actually attending the conference, I disagree. The more intimate sessions, like Birds-of-a-Feather and the “Interactive” style sessions were not recorded. So when I could, I attended those sessions over the traditional breakouts, chatted with Microsoft experts in the TLC areas, or spent time networking with others in the Expo and Community Lounge.
If I could have tailored TechEd to fit my schedule and I had more than 4 days, here are the sessions I would have attended. I did get to a few of them during the conference, they are marked with a (*). Since it will probably take me a while to view all the ones I missed, if you caught one of these and it’s especially good or bad, comment and let me know!
Management Track
MGT314* – Technical Introduction to Microsoft System Center Essentials 2010
Office & SharePoint
OSP314* – Microsoft Outlook and Exchange 2010: Better Together Overview
OSP208 – Microsoft Office 2010 for IT Professionals
OSP203 – (SharePoint) Designing Governance: How Information Management and Security Must Drive Your Design
Security, Identity & Access
SIA333 – Useful Hacker Techniques: Which Part of Hackers’ Knowledge Will Help You in Efficient IT Administration?
SIA230 – Why Security Fixes Won’t Fix Your Security
SIA306 – Night of the Living Directory: Understanding Windows Server 2008 R2 Active Directory Recycle Bin, Undeletion and Reanimation
Unified Communications
UNC303* – Upgrading from Microsoft Exchange Server 2003/2007 to Exchange Server 2010: Tips, Tricks and Lessons Learned
UNC307* – What’s New in Archiving, Retention, and Discovery in Microsoft Exchange Server 2010 SP1
UNC201 – Microsoft Exchange Server 2010 SP1: An Overview of What’s Coming
UNC306 – Going Big! Deploying Large Mailboxes with Microsoft Exchange Server 2010 without Breaking the Bank
UNC203 – What’s New in OWA, Mobility, and Calendaring in Microsoft Exchange Server 2010 SP1
UNC301 – Microsoft Exchange Server 2010: Sizing and Performance – Get It Right the First Time


VIR310 – Networking and Windows Server 2008 R2 Hyper-V: Deployment Considerations
VIR403 – Virtualization FAQ, Tips and Tricks
VIR316 – Remote Desktop Session Host vs. Virtual Desktop Infrastructure Smackdown
Windows Client
WCL304 – Best Practices Guide to Managing Applications
WCL205 – Windows 7 Deployment Tips from Early Adopters
Windows Server
WSV208* – Best Practices in Architecting and Implementing Windows Server Update Services (WSUS)
WSV333 – DNSSEC and Windows: Get Ready, ‘Cause Here It Comes!
WSV201 – 10 Hot Topics Every IT Admin Needs to Know about Windows Server 2008 R2
WSV303 – Death of a Network: Identify the Hidden Causes of Lousy Network Performance
WSV301 – Administrators’ Idol: Windows and Active Directory Best Practices
WSV307 – Windows Server 2008 R2 SP1

Developer Tools, Languages & Frameworks DEV211 – Microsoft Professional, Master and Architect Level Certifications: Notes from Those Who Have Conquered and Lived to Tell the Tale

Notes from TechEd

Hope all the TechEd attendees have been enjoying themselves – I know I’ve been busy racing from one end of the conference center to the other. Turns out that the conference center is about 1.5 miles long and TechEd is spread throughout a mile of it. And it never fails, the next place I have to be is always the furthest point from where I am the moment before.
So far, I’ve been concentrating on sessions around Exchange 2010, so look for some Exchange and Outlook related posts as soon as I get a little bit more time to get everything I’ve been learning straight in my head.
This morning I’m starting out with a session on some technology that’s pretty critical to most systems administration – WSUS. I know it’s time for me to review and potentially adjust how we monitor and update computers in the office and I’m hoping this WSUS session will help move those tasks higher up on my project list.

My 2010 Reading List: So Far

It’s unfortunate that I feel like I’m starting the year already behind on my “tech” reading list. Here’s a quick list of I have within arms reach.

In addition to books, I’ve downloaded several whitepapers onto my Kindle for those free moments on the subway:

Exchange Server under the tree this Christmas?

I’ve been reading a lot about Exchange 2007 and have been thinking about what the next move for our Exchange server at the office should be. We haven’t decided on Exchange 2007 vs. Exchange 2010 yet, but no matter… I want Santa to bring me a way to eliminate all the PST files being used around the office.

We don’t have a large staff. With less than 70 people our Exchange server doesn’t work that hard. However, with the desire to bring email services back up as quickly as possible after a failure we have a policy in place that limits the amount of mail stored on the server to 250MB per user. This leaves our data store at a little over 18GB. Our last test restoration of exchange required about 2 hours for loading the database.

Contrary to this is everyone’s need to keep every scrap of every email message. This has lead to numerous PST files created as archives for all this mail. It’s pretty safe for me to assume that almost every employee has at least one PST file and they are all stored on the network shares.(Yes, I know PST storage on the network is unsupported.) My quick search yielded about 30 GB of PST files and I know I didn’t find them all.

So what exactly can Santa bring me?

First, I would be lying if I said I needed a server with more space. The current exchange server still has upwards of 180GB free, so it’s likely I could support years of user email with our current setup just by throwing open the storage limits.

I would like to have a proper email archiving system that would automatically move mail from the active mailboxes to secondary storage, thus leaving my primary database small while allowing users to seamlessly access old messages. Personally, I don’t keep much in the way of work email and I think that if my company wants me to keep mail for historical purposes, they should provide an easy way to do so. However, I haven’t managed to convince the powers-that-be that this is something to embrace quite yet.

My next choice would be reconfiguring Exchange using 2007 or 2010 to take advantage of additional storage groups and “dial-tone” mail service. If I could virtualize the mail server with a SAN for storage, I could bring basic services up in a snap(shot). By breaking up users into multiple storage groups, it would be possible for us to restore mail service immediately and then backfill the databases in small chunks. While it would still take time to restore all the data, users would be able to send and receive mail while old mail would trickle in as the storage groups come back online.

I know “dial-tone” restores are possible with my current setup, but utilizing it in Exchange 2007 or later is much easier than Exchange 2003 due to the auto-discovery features. I also would like to have at least one storage group (with only one database) per department, nearly double of the four storage group limit with Exchange 2003. With the 50 storage group limit in Exchange 2007 I wouldn’t have any problem meeting my goal. Also, Exchange 2010 has some good “starter” archiving features for mail management that might be worth a closer look.

Of course Exchange 2007 and 2010 require 64-bit hardware, so maybe Santa can bring me that new server after all.