Monday, February 29, 2016

Mailbox export request queued-DAG issue

Background 

Yesterday, I was doing some mailbox export activities and my export request got stuck in Queued state, following is the status after 15 minute.

 

I though due to some other running process such as backup etc. it got stuck on queued, I checked on Exchange servers, there is no backup running.

Workaround

Then, I started to looking on the server and restarted Mailbox Replication service on CAS and wait 10-15 minute but no luck.
When I checked on my best place event viewer, saw multiple RED indication for replication issues with following ID
Log Name:      Application
Source:        MSExchangeRepl
Date:          4/20/2015 7:30:13 PM
Event ID:      3154
Task Category: Service
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      xxxxx.com
Description:
Active Manager failed to mount database Archive_Mailboxes on server xxxxx.com. Error: An Active Manager operation failed. Error: The database action failed. Error: An error occurred while trying to select a database copy for possible activation. Error: The database 'Archive_Mailboxes' was not mounted because errors occurred either while validating database copies for possible activation, or while attempting to activate another copy.

Also I have checked replication health, following is the output:
 Continuous Replication for database 'DB1\xxxxxx.com' is in a 'Failed' state on machine 'xxxxxxx'. The specific message is: The Microsoft Exchange Replication service failed to talk to the local Information Store service. This often means that the Information Store service is not running. Error:MapiExceptionNetworkError: Unable to make admin interface connection to server.
(hr=0x80040115, ec=-2147221227)                
             

Resolution 

Following is the work around for resolved the issue:

First of all we need to suspend replication for the mailbox database copy on the problematic server.  Use the following command:
Suspend-MailboxDatabaseCopy -Identity "DB1\servername"    

Once command is complete the mailbox database copy status will now change from “Failed” to “Failed and Suspended

Now we need to reseed the database with a new copy by issuing the following command

Update-MailboxDatabaseCopy -Identity "DB1\Servername" –DeleteExistingFiles

Seeding process took long time, again it is depends on the size of the database and the speed of the network.
When Seeding completed it will automatically resume the replication of the database, also we have the option to do resume manual  replication with following cmdlet:

Update-MailboxDatabaseCopy -Identity "DB1\servername" -DeleteExistingFiles –ManualResume

Following is the status after the completion of the all process:
Replication Status:



Once everything is fine in server, I have re-initiated mailbox export and successfully exported.

Hope post will help you.

Glad to see your comments.

Configure Cross forest Availability Service (Free/Busy,Autodiscover)

GalSync

1.     First Two Way Transitive Trust is configured between these forests
2.     When target Forest resolves the Source domain for Free/busy it should resolve “Autodiscover.domain.com” to your source forest client access server
3.     You can use a GALsync to have your Mailboxes synced from source forest as contacts in the Target forest.
4.     You can use ILM, FIM 2010 or you can use 3rd party NetSec Galsync which will get the contacts synced from Source to Target.

Free/Busy information
1.     Now you got to add your AvailabilityAddressSpace on the source forest
2.      Run the Below Command on the Source Forest
Add-AvailabilityAddressSpace -ForestName Targetdomain.com -AccessMethod PerUserFB -UseServiceAccount $true
3.     Giving "ms-exch-epi-token-serialization" permission to the Source Exchange Servers over the Target Forest
4.     Run the Below Command on the Target Forest
Get-ClientAccessServer | Add-AdPermission -AccessRights ExtendedRight -ExtendedRights "ms-exch-epi-token-serialization" -User "Exchangehostname\Exchange Servers"
5.     Run this command in the Source forest to export the SCP from the Source forest to the Target forest, So that the Target forest will have the free busy information of the Source forest
6.     Save the Credentials of the Target forest.
$Target=Get-Credential
Please Type “DomainName\Username” and Password
7.     Now run
Export-AutodiscoverConfig -TargetForestDomainController "Targetdc.targetexchange.com" -TargetForestCredential $Target -MultipleExchangeDeployments $true
8.     Now Autodiscover information has been exported from source forest to the Target forest
9.      Now able to use autodiscover & Access free busy without any issues

Hope It will help you.
Thanks!

Monday, February 22, 2016

Office 365 DirSync Issues Stopped-Server-Down

Today, one of the my team member reported there are some issues with object syncing between on-premises to Office 365, when I checked Office 365 portal and found yellow highlighted warning under active user.


Immediately, I logged on my DirSync server and checked the events and found multiple event IDs related Directory Sync.


And same time open miisclient (C:\Program Files\Windows Azure Active Directory Sync\SYNCBUS\Synchronization Service\UIShell.) and found status stopped service down on delta import and Delta synchronization


From here I noticed all the “stopped-server-down” messages on the TargetWebService line.

After some digging I suspect the service account password could be main culprit for Sync.
I decided to update the service account password from within the Synchronization Service Manager
Management Agents-- > Right click TargetWebService-->  Properties


finally re-set the password for service account.
After this, everything is working normal.

Cheers!
Thank you


Configure Exchange 2010 SP3 Federation to Office 365

Federation is accomplished using the Microsoft Federated Gateway server, a free cloud-based service offered by Microsoft.  The Microsoft Federated Gateway (MFG) server acts as a trust broker between federated organizations, similar to the way a trusted root CA works for certificates.  All organizations that use federation must configure a one-time federation trust with the MFG, and organization  that share free/busy information must have an Organization Relationship with the other org(s) they want to share with. 

First of all we have to create “A” record for  autodiscover  which will point to external DNS. Federation uses autodiscover to automatically configure the Orgnization relationship for the remote organization.

Make sure your autodiscover is work properly otherwise you need to put all information put manually.

Create a new Federation Trust
  • Open the EMC and select the Organization Configuration.
  • In the Actions pane, select New Federation Trust.  The New Federation Trust wizard will run.
  • Click New to form the new trust with the Microsoft Federation Gateway.  The wizard will create a new self-signed certificate called Exchange Delegation Federation with the subject name of Federation. 
  • Click Finish to close the wizard.


Create Domain Proof Records
Domain Proof records are TXT records created in your domain's external DNS zone.  The purpose of these TXT records is to prove the identity of your domain for the trust with the MFG server. 
Run the following cmdlets from the Exchange Management Shell (EMS) to generate the domain proof values:

Get-FederatedDomainProof -DomainName tech.com


cmdlet will generate a unique Proof value, based on a hash using the Exchange Delegation Federation self-signed certificate.  If the MFG can read the domain proof value in an external DNS record and it matches the calculated value, it proves domain ownership and validates the trust.

You must create one TXT record in external DNS for each of the Proof values. 



Manage the Federated Domains

Once the domain proof TXT records have propagated you can add the federated domains to the Federation Trust.  But before you can add the federated domains, you must first add the new tech.com namespace to the Accepted Domains on the hub transport configuration.
  • Click the Organization Configuration and select the Microsoft Federation Gateway trust under the Federation Trust tab.
  • Click Manage Federation in the Actions pane.  You will see the current federation certificate status. 
  • Click Next to bring up the Manage Federated Domains window.
  • Click Add and select the Microsoft Federated Trust accepted domain you created earlier.
  • Click Next and Manage to configure Microsoft Federated Trust.  When the configuration is successful you will see the federation trust has an Application Identifier and Application URI.


Create Organization Relationships from On-Premises 
Now that the federated trust has been created and then validated by the MFG, you can create organization relationships.  These are the federation sharing policies that determine what is shared with whom.
  •  Click the Organization Relationships tab on the Organization Configuration node in the EMC.
  • Click New Organization Relationship in the Actions pane.  The New Organization Relationship wizard will start.
  • Enter a name.
  • Select the Enable free/busy information access checkbox and specify the free busy data access level you wish to share using the dropdown box.
  • Click Next to enter the External Organization details for my case its Office 365 so it is corp.mail.onmicrosoft.com.


When the organization relationship has been successfully configured you will see it listed under the Organization Relationships tab.  Sharing Enabled and Calendar enabled will show as True.

Create Organization Relationships from Exchange Online

Following steps you need to perform to create Orgnization relationship with your on-premises exchange servers:
  • Open the Exchange online portal.
  • Select Organization
  • Click on Plus sign in right side
  • Put the name of the relationship
  • Put the you on-premises domain name where you want to share the free/busy information.
  • Check the “enable calendar free/busy information sharing”
  • Click on save

Once you save you can see the your newly created organization domain details.

Testing and Troubleshooting

Use the following cmdlets to get or test Exchange federation configuration information:

Get-FederatedOrganizationIdentifier - Gets the Microsoft Exchange Server 2010 organization's federated organization identifier and related details, such as federated domains, organization contact, and status.  The Enabled attribute will show as False until the MFG has validated the trust using the domain proof TXT records in external DNS.

Get-FederationInformation - Gets federation information, including federated domain names and target URLs, from an external Exchange organization.  It does this using the autodiscover record of the external domain.  

Get-FederationTrust - Displays the federation trusts configured for the organization. 

Get-OrganizationRelationship - Gets settings for a relationship that has been created for free/busy information access or secure e-mail delivery using federated delivery.

Test-OrganizationRelationship - Verify that the organization relationship is properly configured and functioning as expected for a given user.

Test-FederationTrust - Runs the following series of tests to ensure that federation is working as expected.

Hope it will help you.

Cheers!