We noticed that StartDAGServerMaintenance.ps1 -serverName SERVER is not working well for large deployments - causes indexes corruption.
Before putting server in the maintenance, databases should be moved manually or using your favorite Powershell script) out of the server.
After that SERVER can be put into the maintenance node with no problems.
Tuesday, December 10, 2013
Monday, December 9, 2013
Enterprise Vault - SQL Query to find number of items awaiting indexing
SELECT Count(*) FROM
JournalArchive WHERE IndexCommited = '0'
Note: it should be
ran on the Vault Database
Friday, October 25, 2013
Configuring POP3s/SMTPs access to Exchange 2010 (part 2 - POP3s)
POP3s:
- Setting up the X.509 certificate name: in EMC – Server Configuration/Client Access; highlight the server, click “POP3 and IMAP4” tab in the lower pane; highlight POP3/right click/Properties; on “Authentication” tab put popserver.yourdomain.com in the “X.509 certificate name” field
- Assigning the certificate to POP3:
Unlike the IIS, SMTP, the POP3 certificate assignment fails
when you use the “normal” way (ie. Server Configuration/highlight the
server/select the proper certificate in the lower pane/right click/”Assign
Services to Certificate”), you have to run following command in the Powershell
“Set-PopSettings –X509CertificateName popserver.yourdomain.com” (check PopSettings
using the command “Get-Popsettings | fl”)
- Publish POP3 settings to outside:
- Run command “Set-PopSettings –ExternalConnectionSettings {popserver.yourdomain.com:995:ssl}
- Check the setting by running “Get-Popsettings | fl”
- Do iisreset
Configuring POP3s/SMTPs access to Exchange 2010 (part 1 - SMTPs)
SMTPs:
- Create ‘Receive Connector’ for this (in EMC: Server Configuration/Hub Transport, highlight the server, ‘New Receive Connector’ from the right pane) – on the production servers naming convention like ‘Fancy Name Connector’
- Following are parameters of the new connector:
On Network Tab: Use these local IP addresses to receive mail: 'All Available IPv4'; Port: 465; Receive mail from remote servers that have these IP addresses: all
On Authentication: Following to be check marked: 'Transport Layer Security' (TLS), 'Basic Authentication', 'Offer Basic Authentication after starting TLS', 'Integrated Windows authentication
On Permission Groups: 'Exchange users'
- Allow the group “Authenticated Users” proper permissions (ie. “Accept any Sender”) using ADSIEdit:
Run ADSIEDIT
Connect to “Configuration”
Navigate to: “CN=Configuration,DC=yourdomain,DC=com/CN=Services/CN=Microsoft
Exchange/CN=First Organization/CN=Administrative Groups/CN=Exchange
Administrative Group (FYDIB…)/CN=Servers/CN=’ServerName’/CN=Protocols/CN=SMTP
Receive Connectors”
Right click the connector/Properties/Security Tab Set “Accept Any Sender” for “Authenticated Users”
- Follow the article: http://exchangeserverpro.com/exchange-2010-publish-pop3-client-settings/ . Basically, if you follow the article they have you do following: Set the attribute “AdvertiseClientSettings” to true (default is “false”):
Run command “Get-ReceiveConnector "hubserver.yourdomain.com\
Fancy Name Connector " | fl” to note the “AdvertiseClientSettings” set to
false
Run command: “Set-ReceiveConnector " hubserver.yourdomain.com
\ Fancy Name Connector " –AdvertiseClientSettings $true”
Check the setting by running “Get-ReceiveConnector " hubserver.yourdomain.com
\ Fancy Name Connector”
Friday, October 4, 2013
Restoring AD/Exchange 2010 environment DAG (ESX-to-ESX)
Task: restore
Exchange 2010 environment after complete loss of it (or to restore in isolated
environment within different VLAN for testing)
Steps:
- Restore (do not clone) domain controller, re-ip (if you host DNS outside of AD in production, but not in isolated environment, have DNS added to restored domain controller, restart Net Logon service)
- Clone Exchange servers – CAS, HT, Mailbox Servers, re-ip them.
- Fix DAG (through “Failover Cluster Manager”) :
i.
(You might need to remove Exchange Servers
objects using ADSIedit)
b.
Fix IP addresses (highlight the DAG name/Cluster
Core Resources/Expand cluster DAG name/IP Address)
c.
Right click the DAG name (under Cluster Core
Resources) /Repair cluster
Thursday, October 3, 2013
Exchange 2010 CAS servers (accessed through TMG) and Comodo wild card certificate
Issue: following symptoms
are noticed:
- · Outlook gets disconnected, autodiscover does not work from outside;
- · OWA works from outside;
- · Outlook works from inside.
Investigation
TMG logs shows the failed connection attempts with Status: 0x80090325. Also if you “Test” the firewall rule: it
failed with certificate errors.
It’s
happening for COMODO wildcard certificate
Solution:
Compare
“Certificates” mmc for working CAS server and not
working CAS server.
Notice
the “working” CAS server has many COMODO certificates in the various folders in
Certificates console, while “not working” CAS server has none.
- Export from the working CAS server, import to not working CAS server.
- Re-assign Exchange Certificate (click on “Server Configuration” in EMC).
Thursday, September 26, 2013
Offline Address Book not getting downloaded locally - no error (Exchange 2010)
Description of the Issue: in Outlook - Send/Receive/Download
Address Book… runs successfully, but Offline Address Book does not get
downloaded.
Additional information: both mailbox server on which OAB
gets generated, and CAS server to where OAB gets distributed work properly (ie.
OAB gets gets generated and distributed properly – great article that helps
troubleshoot the process - http://www.msexchange.org/articles-tutorials/exchange-server-2010/management-administration/offline-address-book-part3.html)
Following additional tweaks on the CAS servers fix the
issue:
o
Enable Directory Browsing (IIS Manager/OAB
site/Directory Browsing/Enable)
o
Assign IIS_IUSRS (CAS_ServerName\IUSRS)
and Authenticated Users read permissions to OAB folder (C:\exchange
server\v14\clientaccess\oab)
Subscribe to:
Posts (Atom)