Friday, September 30, 2016

Exchange Server 2016 AntiVirus Exclusions

File system Anti-Virus scanning is the very important for Exchange server. There are multiple issues arise if you allow file system AV to scan Exchange Server, this is not just for the mailbox database file, there are other locations that must also be exempted from the file system AV scanning.

File level scanning may scan a file when the file is being used or at a scheduled interval, this can cause the scanners to lock or quarantine an Exchange log file or Exchange Database when it is tries to use the files. This may cause of several Exchange server failure such as well-known -1018 ESE error.

What is File System Anti-Virus Scanning

Memory resident file level scanning refers to a part of the file level AV that is loaded in memory as all times and it checks all the files that are used on the local hard drive and in the Server memory. Another option is On-demand file level scanning as name indicate that we can configure to scan files on the hard drive manually or we can also schedule. Some of the antivirus can on-demand scan automatically after virus definition/signature update and it will make sure the signature/definition is latest up to date. On demand scan also like as On-Access if you are never  opened the any file than it will never scanned and if you open the file multiple time than it will likely get scan each time when you open the file.

Microsoft strongly recommended for exclusion directory, process and file for both memory-resident and file level scanning.

There are three types of the Exchange exclusion for Exchange server 2016



Once you complete the exclusion you can apply the same to other Exchange servers. If you want to generate a list of file, folder, process file extensions exclusion for antivirus software which is running you Exchange 2013/2016, you can use this Power Shell Script by Paul Cunningham, MCC, MVP and based on single server you can apply the same to other servers.

Reference: https://technet.microsoft.com/en-us/library/bb332342(v=exchg.160).aspx

Channel9 Session Downloader-Script

Here you go for the updated Channel 9 Session downloader Script by Michel de Rooij, Microsoft MVP, it has been updated to include Ignite 2016 content. The script right now is not working to retrieve Ignite 2016 sessions. As you know Microsoft is currently hosting all the session videos on YouTube instead of Channel 9 as it has done in the past. Its a strange change.

Download session videos or slidedecks from Channel 9 sessions, oriented by event (TechEd, Build, etc).)Added session name as destination file prefix.Events included: Ignite.


Events included:

Ignite 2016 (when it becomes available)
Build 2016
AzureCon 2015
Ignite 2015 (US, AU and NZ)
Build 2012-2015
TechEd North America 2012-2014
TechEd Europe 2012-2014
TechEd New Zealand 2013
Sharepoint Conference 2014

Download the Script from here- Channel9 Session Downloader

Thursday, September 29, 2016

Exchange Server Supportability Matrix

Some time we are getting confused during customer requirement, mainly when customer dont want to move newer version or want to stick on same old flavor. But As we know Microsoft moving very fast and releasing newer version and not supporting the legacy technology.

For Exchange implementation/transformation we have to know which version supporting which technology, such as Exchange 2016 will not support Windows 2008 R2, here is the chart.

Supported operating system platforms
Operating system platformExchange 2016 CU3 and laterExchange 2016 CU2 and earlierExchange 2013 SP1 and laterExchange 2010 SP3Exchange 2007 SP3
Windows Vista SP2


X1
X1
Windows Server 2003 SP2



X
Windows Server 2003 R2 SP2



X
Windows Server 2008 SP2


X
X
Windows Server 2008 R2 SP1
X
X
X
Windows 7 SP1
X1
X1
X1
Windows 8
X1
X1

Windows 8.1
X1
X1
X1


Windows 10
X1
X1


Windows Server 2012
X
X
X
X

Windows Server 2012 R2
X
X
X


Windows Server 2016
X


Supported Active Directory environments

Operating system environmentExchange 2016 CU3 and laterExchange 2016 CU2 and earlierExchange 2013 SP1 and laterExchange 2010 SP3 RU5 or laterExchange 2007 SP3 RU13 or later
Windows Server 2003 SP1 Active Directory servers




X
Windows Server 2003 SP2 Active Directory servers
X
X
X
Windows Server 2008 SP2 Active Directory servers
X
X
X
X
Windows Server 2008 R2 SP1 Active Directory servers
X
X
X
X
X
Windows Server 2012 Active Directory servers
X
X
X
X
X
Windows Server 2012 R2 Active Directory servers
X
X
X
X
X
Windows Server 2016 Active Directory servers
X
X
X
X
X
Functional level
Forest functional levelExchange 2016 CU3 and laterExchange 2016 CU2 and earlierExchange 2013 SP1 and laterExchange 2010 SP3 RU5 or laterExchange 2007 SP3 RU13 or later
Windows Server 2003 forest functional level
X
X
X
Windows Server 2008 forest functional level
X
X
X
X
Windows Server 2008 R2 SP1 forest functional level
X
X
X
X
X
Windows Server 2012 forest functional level
X
X
X
X
X
Windows Server 2012 R2 forest functional level
X
X
X
X

Windows Server 2016 forest functional level
X
X
X
X


Clients

ClientExchange 2016Exchange 2013 SP1 and laterExchange 2010 SP3Exchange 2007 SP3
Outlook 2003


X
X
Outlook 2007
X2
X
X
Outlook 2010
X5
X3
X
X
Outlook 2013
X5
X
X
X
Outlook 2016
X5
X
X
Outlook for Mac for Office 365
X5
X
X
Windows Phone 7
X
X
X
Windows Phone 7.5
X
X
X
Windows Phone 8
X
X
X
X
Windows Phone 8.1
X
X
X
X
Windows Mobile 10
X
X
X
Entourage X



X1
Entourage 2004 (DAV)



X2
Entourage 2008 (DAV)



X2
Entourage 2008 (EWS)
X4
X4
X4
X
For more details:  https://technet.microsoft.com/en-us/library/ff728623(v=exchg.150).aspx

Wednesday, September 28, 2016

Publishing Exchange in WAP-ADFS

When we publish the Exchange using WAP and ADFS we have make sure we will use right authentication types, here is the method

Service
Path
Authentication Type
Outlook Web App
/OWA/
AD FS
Exchange Control Panel
/ECP/
AD FS
Exchange Web Services
/EWS/
Pass thru
Auto Discover
/Autodiscover/
Pass thru
ActiveSync
/Microsoft-Server-ActiveSync
Pass thru
Offline Address Book
/OAB/
Pass thru
Outlook Anywhere
/rpc/
Pass thru
MAPI HTTP
/mapi/
Pass thru

Thanks!

Wednesday, September 21, 2016

Exchange Server Role Requirements Calculator 8.3-Released

The Exchange team has released updated Exchange server Requirements Calculator, the tool will help you to size Exchange server 2013 or Exchange Server 2016 properly

The new version number is 8.3, and it contains two major enhancements compared to version 7.9:


  • Added ability for the calculator to automatically determine the number of Mailbox servers and DAGs that need to be deployed to meet the chosen input requirements.
  • Added Read from Passive support for Exchange 2016 deployments which results in decreased bandwidth utilization for HA copies.


Cumulative Update 3 for Exchange Server 2016-Released

In continue improvement Microsoft has released the Cumulative Update 3 for Exchange Server 2016. Cumulative Update 3 for Exchange Server 2016 resolves issues that were found in Exchange Server 2016 since the software was released. This update rollup is highly recommended for all Exchange Server 2016 customers.

You can download from HERE

There are some high level features:

.Net 4.6.2 Support
.Net 4.6.2 is included with Windows Server 2016. Customers deploying Exchange on Windows Server 2016 must use .Net 4.6.2 and Cumulative Update 3 or late.
So it means Windows Server 2016 supportable for Exchange 2016.

High Availability Improvements
One of the challenging areas in some on-premises environment is the amount of data replicated with each database copy. In Exchange Server 2016 Cumulative Update 3, network bandwidth requirements between the active copy and passive HA copies are reduced.

Refreshed People Experience in Outlook on the web
Exchange Server 2016 Cumulative Update 3 includes an updated view of Contact information and Skype for Business presence information. These changes mirror the current experience of Office365.



For more details- You Had Me At EHLO

Monday, September 19, 2016

Error Get-Mailpublicfolder for get mail enabled public folder -Exchange 2013

I used to run these commands all the time in Exchange 2010, get all the mail enabled public folder with command get-publicfolder, when i tried to run this command in Exchange 2013 CU7 and getting error

Get-Mailpublicfolder | Get-Publicfolder 

Get-Recipient pf@domain.com | Get-Publicfolder

Error getting:

Cannot process argument transformation on parameter 'Identity'. Cannot convert the "domain.com/Microsoft
Exchange System Objects/Public Folder" value of type "Microsoft.Exchange.Data.Directory.ADObjectId" to
type "Microsoft.Exchange.Configuration.Tasks.PublicFolderIdParameter".
    + CategoryInfo          : InvalidData: (Public Folder:PSObject) [Get-PublicFolder], ParameterBindin...
   mationException
    + FullyQualifiedErrorId : ParameterArgumentTransformationError,Get-PublicFolder
    + PSComputerName        :server.domain.com

Solution:

In Exchange 2013 following command work for getting the mail enabled public folder

Get-PublicFolder -Recurse | where {($_.MailEnabled -eq $True)}

for details : https://technet.microsoft.com/en-us/library/aa997615%28v=exchg.150%29.aspx?f=255&MSPPError=-2147217396

Thursday, September 15, 2016

Cannot find a recipient that has mailbox GUID for move a mailbox-Exchange hybrid

Today, when i tried to "offload" the mailbox from Office 365/online to Exchange on-premises orgnization and got the Error

Cannot find a recipient that has mailbox GUID '***************************'. -->


Error clearly stating the value of the mailbox GUID is not stamped on the associated mailbox in the on-premises. There are multiple cause for GUID value not stamped such as property is not synced to the associated remote mailbox in on-premises when remote mailbox created.

For confirmation i run the cmdlet on Azure Active Directory Module after connecting to Office 365

Get-RemoteMailbox user@domain.com | Format-List ExchangeGUID

and result is no ExchangeGuid associated with mailbox.

Than i checked on on-premises PowerShell module with cmdlet is:

Get-Mailbox user@domain.com | Format-List ExchangeGUID

and result got the with ExchangeGuid, so now you get to know that ExchangeGuid is not synced with Remote Mailbox.

Solution


Now, i have to fix the issue and map the ExchangeGUID with Remote Mailbox manually with help of Azure Active Directory Module after connecting to Office 365

Set-RemoteMailbox user@domain.com -ExchangeGUID 123456-678910-987654-321987


once i set the ExchangeGUID for Remote Mailbox, now check the ExchangeGUID is mapped or not, so i run the same cmdlet.

Get-RemoteMailbox user@domain.com | Format-List ExchangeGUID

This time got the ExchangeGUID for Remote Mailbox.

Now everything look good for "Off-board" mailbox to on-premises from online, run the same cmdlet for move back the mailbox into on-premises Exchange Servers.


Now cmdlet running successfully and mailbox ready for "Off-Board".


Hope this will help you for troubleshooting.

Thank You!



Thursday, September 8, 2016

Office 365- Options to Send email from Device or Application

In this post will see how we can send email from any device such as printers/scanner and any business applications when all mailboxes are in Office365. If our all mailboxes are in Office 365 and some Exchange servers  are in on-premises such as hybrid deployment than we can use our device or applications in local network and route the email via on-premises Exchange server as we can set the receive connector for receive the email from a device or an application.

If your all mailboxes are in Office 365 than there are three option to send email to recipients :

1. SMTP client submission.
2. Direct Send.
3. SMTP Relay.

SMTP client submission

Each device/application must have the authentication to Office 365 and have the own sender address such as device@tech.com to send email using SMTP client submission. Mailbox from outside of the Office 365 are not supported.

SMTP client submission can allows to send email to internal as well as external recipients. Also you can send email from any location or IP address and bypass the most spam checks from email sent to internal which will help to protect company IP addresses from being blocked.

                                   Diagram Courtesy from Microsoft


Basic Requirement

Must have the user name and password to send email on the device.
Office 365 license must be assigned to mailbox.
Must enabled TLS.
Port 587 or 25 is unblocked on firewall/network.
Domain must be verified and accepted domain for Office 365.
Smart host for third party hosted application smtp.office365.com

Direct Send

In Direct Send as name implies, the device or application  will handle send all email directly and Office 365 is not use to send the email. In this case Office 365 will not relay the any email for external and will deliver to hosted mailboxes only.

We can use the direct send where device/application  is not using SMTP client to send email one of the simplest method is direct send in this there is no Office 365 configuration required.
Direct send allows each users  to send email using there own email address.
You can also use Direct Send when device/application does not support the TLS.
When you are sending the bulk email via SMTP client submission Office 365 does not allow in this case you can use the Direct Send methods.
Windows SMTP can provide the direct send routing capability if some device /application does not support the direct send methods.
                                        Diagram Courtesy from Microsoft

Basic Requirement

Port 25 must unblocked on network.
Static IP address recommended for avoid the spam.


SMTP Relay

This method of relaying messages allows Office 365 to handle email delivery on mailbox behalf by authenticating using  public IP address or a certificate.  Device/ Application can send email as any email address within owned and verified domains. The email address does not have to resolve to an Office 365 mailbox. However, if the email address doesn’t exist, then recipients that reply to the emails will receive a Non-Delivery Report (NDR). If the device or application is used to send spam or bulk email against the Office 365, the email address and/or IP may be blocked by Office 365. If device/application supports or requires authentication, you may want to consider the Client SMTP Submission method instead.
Office 365 connector for authentication of the device/application with using the Office 265 IPs, device/application can send the email using any addresses (address uses one of the office 365 domain), the email address does not required to associated with any mailboxes, you can send email such as donotreply@tech.com mailbox.

SMTP relay does not require Office 365 license on mailbox to send emails.
                                       Diagram Courtesy from Microsoft

Basic Requirement

Static IP address for devices/applications.
Connector must be configure between Office 365 and device/application.
Port 25 must be open in network.
Only Office 365 licensed user can send email to SMTP relay.


For Troubleshooting and Configuration click here

References :
https://technet.microsoft.com/en-us/library/dn554323(v=exchg.150).aspx