client connectivity exchange 2016 with exchange 2013 · client connectivity exchange 2016 with...

infoWAN Datenkommunikation GmbH

CLIENT CONNECTIVITY EXCHANGE 2016 WITH EXCHANGE 2013

Source: Client Connectivity in an Exchange 2016 Coexistence Environment with Exchange 2013, The Exchange Team Blog

INSTALLATION

Setup /Mode:Install /Role:Mailbox /IAcceptExchangeServerLicenseTerms

Configuration of the default mailbox database

Setup.exe /mode:Install /role:Mailbox /IAcceptExchangeServerLicenseTerms/MdbName:DB1 /DbFilePath:C:\MSX\DB1\DB1\DB1.edb /LogFolderPath:C:\MSX\DB1\DB1Log /InstallWindowsComponents

EXCHANGE ADMIN CENTER

If your mailbox is still on 2007 or 2010: https://<server>/ecp/?ExchClientVer=15

MOVE SYSTEM MAILBOXES MAILBOXES

SystemMailbox{e0dc1c29-89c3-4034-b678-e6c29d823ed9}

Admin audit logs

Discovery search metadata

SystemMailbox{1f05a927-xxxx-xxxx-xxxx-xxxxxxxxxxxx}

Move requests

FederatedEmail.4c1f4d8b-8179-4148-93bf-00a95fa1e042

Federation / RMS

DiscoverySearchMailbox{D919BA05-46A6-415f-80AD-7E09334BB852}

Result of discovery search

Migration.8f3e7716-2011-43e4-96b1-aba62d229136 (new for Exchange 2013)

Used by the Migration Service to hold details of the mailboxes that are being moved in migration batches

SystemMailbox{bb558c35-97f1-4cb9-8ff7-d53741dc928c} (new for Exchange 2013)

The default organization mailbox Exchange uses to hold files for the OAB

MIGRATION.* ARBITRATION MAILBOX

Migration.8f3e7716-2011-43e4-96b1-aba62d229136

Stores meta data of batch migrations

Large transaction logs are generated when you move mailboxes in Exchange Server 2013 or Exchange Server 2016 Administration Center

Large transaction log volume

Circular logging for the corresponding database

New-MoveRequest instead of New-MigrationBatch

MAILBOX MIGRATION

*-MoveRequest

Single mailbox migration

*-MigrationBatch

Multiple mailboxes at once

EAC user interface to manage the batch

Used in Office 365 onboarding

CSV FILE

Required Header

EmailAddress

Optional Header

TargetDatabase

TargetArchiveDatabase

BadItemLimit

MailboxType

PrimaryOnly

ArchiveOnly

PrimaryAndArchive (the default value)

IMPORTANT OPTIONS I

BadItemLimit

Default 0

LargeItemLimit

Source item larger than maximum allowed target item limit

Default 0

AcceptLargeDataLoss

IMPORTANT OPTIONS II

AutoStart

Start-MigrationBatch

AutoComplete

Complete-MigrationBatch

TargetDatabases

MIGRATION BATCH EXAMPLE

MIGRATION BATCH IN EXCHANGE ADMIN CENTER

MOVE HISTORY

Get-MoveRequestStatistics -IncludeReport

Get-MailboxStatistics IncludeMoveHistory

Get-MigrationUserStatistics IncludeReport

(Get-MoveRequest -Identity $user | Get-MoveRequestStatistics -IncludeReport).Report.BadItems | select kind, foldername, subject, DateSent

INCREASED MAILBOX SIZE

The reported mailbox size may increase by 30 40 %

The calculation includes additional properties

The mailbox does not use more disk space

Mailboxes may exceed their quota after the migration

Adjust the mailbox or target database quotas

AUTODISCOVER ISSUE

Options

Restart-WebAppPool MSExchangeAutodiscoverAppPool

Change the IIS configuration to periodically recycle the app pool

C:\Windows\System32\inetsrv\appcmd.exe set apppool /apppool.name: MSExchangeAutodiscoverAppPool /recycling.periodicRestart.time:00:05:00

C:\Windows\System32\inetsrv\appcmd.exe list apppoolMSExchangeAutodiscoverAppPool /text:recycling.periodicRestart.time

MODERN PUBLIC FOLDERS

Public folder database is replaced by public mailboxes

Public folder replication is removed

Exchange Server 2013 / 2016 users can access legacy public folders

EWS clients with mailboxes on 2013 / 2016 cannot access legacy PF

Legacy Exchange users cannot access modern public folders

First migrate all legacy mailboxes to Exchange Server 2013 / 2016

Public folder migration is a cut-over migration

MODERN PUBLIC FOLDER ARCHITECTURE

Source: Modern Public Folders Migration & Office 365, MEC 2014

PUBLIC FOLDER MANAGEMENT

Get-OrganizationConfig | fl *public*

Get-Mailbox PublicFolder

Get-PublicFolder

New-Mailbox PublicFolder OrganizationalUnit Z Name Y

New-PublicFolder Name X Mailbox -Y

PUBLIC FOLDER PERMISSIONS

Source: On-Premises Upgrade and Coexistence, Microsoft Tech Ed 2013

2. Analyze

Take snapshot of existing PF folder structure, statistics and permissions

Map PF folders to PF mailboxes

PUBLIC FOLDER MIGRATION

Outlook clients

1. Prepare

Install Exchange SP and/or updates across the ORG

Migrate all users that require access to Exchange 2013

4. Begin migration request

Clients continue to access and create new data during copyAfter copy is complete migration request status is AutoSuspended

5. Finalize migration request

Update snapshot of existing PF folder structure, statistics and permissionsLock source, clients logged off, final sync occurs

3. Create new public folder mailboxesSet to HoldForMigration Mode, mailboxes invisible to clients

MBX MBX

6. Validate

Check and verify destination folders

PF dbase 2

PF dbase 3

E2007 SP3 or E2010

Exchange 2013 CU1

PF mbx 1

PF mbx 2

PF dbase 1

PF mbx 3

RU10 SP3

Source: On-Premises Upgrade and Coexistence, Microsoft Tech Ed 2013

PUBLIC FOLDER BATCH MIGRATION

Faster

Multiple migration jobs, one per destination mailbox

Migration management using Exchange Admin Center UI or PowerShell

Batch migration commands

New-MigrationBatch -Name PFMigration -SourcePublicFolderDatabase (Get-PublicFolderDatabase -Server <Source server name>) -CSVData (Get-Content <Folder to mailbox map path> -Encoding Byte) -NotificationEmails <email addresses for migration notifications>

Start-MigrationBatch PublicFolderMigration

Complete-MigrationBatch PublicFolderMigration

PUBLIC FOLDER MIGRATION TOPICS

Anonymous users require Create Item permission if external users should send mail to a public folder

No \ in folder name

No illegal characters in alias e.g. space, comma

PUBLIC FOLDER TO MAILBOX MAP

By default created via a script based on maximum mailbox size

.\PublicFolderToMailboxMapGenerator.ps1 <Maximum mailbox size in bytes> <Folder to size map path> <Folder to mailbox map path>

You can manually adjust the map

"FolderPath","TargetMailbox"

"\","PF-Root"

"\IPM_SUBTREE\Consulting","PF-Consulting"

"\IPM_SUBTREE\Einkauf","PF-Einkauf"

"\IPM_SUBTREE\infoWAN Admin","PF-infoWAN_Admin"

"\IPM_SUBTREE\infoWAN Firmeninfos","PF-infoWAN_Firmeninfos"

"\IPM_SUBTREE\Lieferanten und Partner","PF-Lieferanten_und_Partner"

"\IPM_SUBTREE\Marketing","PF-

DATABASE AVAILABILITY GROUP

SOFTWARE REQUIREMENTS

Operating System

Windows Server 2012 or Windows Server 2012 R2 Standard or Datacenter Edition

All member servers must run the same operating system version

Exchange Server

Exchange Server 2016 Standard Edition

Maximum 5 databases per server

Exchange Server 2016 Enterprise Edition

Maximum 100 databases per server

A single DAG can use a mixture of Standard and Enterprise Edition

DAG DETAILS

Up to 16 servers / up to 16 database copies per DAG

All servers must be running the same Exchange Server version

No mixture of Exchange Server 2016 / 2013 / 2010

All servers must be in the same domain

Servers can be in different AD site / IP subnet

Round trip latency < 500 ms

Windows Failover Clustering

Cannot be combined with Network Load Balancing

NETWORK REQUIREMENTS

All DAG members must have the same number of networks

Single network is now recommended

Each network must be on a different IP subnet

MAPI network used for client and infrastructure access

Only one MAPI network per server

Replication network used for database replication

Zero or more replication networks per server

Each DAG member must be able to reach all other servers on same network

No direct communication between MAPI and Replication network

Round trip latency between nodes < 500 ms

Static or DHCP IP addresses but no APIPA

MAPI NETWORK

In network binding order above replication network

Typically default gateway

Register this connection addresses in DNS

This configuration has to be used with a single network setup

REPLICATION NETWORK

Log shipping network

Typically no default gateway

Persistent routes in a multi subnet configuration

No DNS server, not registered in DNS

WITNESS

Not a member of the DAG

On non-Administrators

DCs are not recommended as Witness server

Location

Single datacenter same datacenter

Two datacenter primary datacenter

More than two datacenters third datacenter

WITNESS FILE SYSTEM DIRECTORY

WITNESS SHARE PERMISSION

DYNAMIC QUORUM

Previously quorum configuration is fixed based on initial cluster configuration

>= Windows Server 2012 quorum configuration is determined by the set of active cluster nodes

The node loses its vote when it shuts down or crashes

The node regains its vote when it rejoins the cluster

Cluster can sustain sequential node shutdown to a single node

Does not allow a cluster to sustain a simultaneous failure of majority of voting members

Get-ClusterNode <Name> | ft name, dynamicweight, state

Source: Windows Server 2012 R2 and Database Availability Groups, Scott Schnoll Blog

DYNAMIC WITNESS

The witness vote is dynamically adjusted

Odd number of nodes -> witness does not have a vote

Even number of nodes -> witness has a vote

Get-Cluster <Name> | Ft name, WitnessDynamicWeight

Source: Windows Server 2012 R2 and Database Availability Groups, Scott Schnoll Blog

DYNAMIC WITNESS

NODES BEING AUTOMATICALLY REMOVED FROM FAILOVER CLUSTER

Import-module FailoverClusters

(Get-Cluster).Property = value

PRE-STAGE CLUSTER NAME OBJECT

$DAGname

import-module ActiveDirectory

New-ADComputer Name $DAGname -Enabled $false

cd ad:

$comp = Get-ADComputer $DAGname

$sid = (Get-ADGroup "Exchange Trusted Subsystem").sid

$rights = [System.DirectoryServices.ActiveDirectoryRights]::GenericAll

$perm = [System.Security.AccessControl.AccessControlType]::Allow

$acl = get-acl $comp

$ace = new-object System.DirectoryServices.ActiveDirectoryAccessRule $sid, $rights, $perm

$acl.AddAccessRule($ace)

set-acl -AclObject $acl -Path $comp

Source: Exchange 2010 Pre-

DAG SETUP WITH ADMINISTRATIVE ACCESS POINT

New-DatabaseAvailabilityGroup -Name DAG1 -WitnessServer Sheep-e7s1 -WitnessDirectory C:\DAGWitness\DAG1.Sheep.local -DatabaseAvailabilityGroupIPAddresses 192.168.5.75

Add-DatabaseAvailabilityGroupServer -Identity DAG1 -MailboxServerSheep-e15S1

Add-DatabaseAvailabilityGroupServer -Identity DAG1 -MailboxServerSheep-e15S2

Add-MailboxDatabaseCopy -Identity DB1 -MailboxServer Sheep-e15S2

Add-MailboxDatabaseCopy -Identity DB2 -MailboxServer Sheep-e15S1

DAG SETUP WITHOUT ADMINISTRATIVE ACCESS POINT

New-DatabaseAvailabilityGroup -Name DAG1 -WitnessServer Monkey-E10S1

Add-DatabaseAvailabilityGroupServer -Identity DAG1 -MailboxServerMonkey-E16S1

Add-DatabaseAvailabilityGroupServer -Identity DAG1 -MailboxServerMonkey-E16S2

Add-MailboxDatabaseCopy -Identity DB2 -MailboxServer Monkey-E16S2

Add-MailboxDatabaseCopy -Identity DB3 -MailboxServer Monkey-E16S1

DAG IN EAC

DATACENTER ACTIVATION COORDINATION MODE

Controls activation behavior of a DAG

Two datacenter configuration

Primary datacenter with majority of servers fails

You manually activate secondary datacenter

Primary datacenter comes online again

DAC prevents split brain if WAN connection to secondary datacenter is unavailable

Set-DatabaseAvailabilityGroup -Identity <DAGname> -DatacenterActivationMode DagOnly

DATABASE COPIES

Only one database is active

Up to 16 copies per database 1 active and up to 15 passive copies

Only a single database copy per server

Same database and log file path on all servers

Backup using Exchange aware VSS solution

The Preferred Architecture has 4 database copies and uses Exchange Native Data Protection without traditional backups

DATABASE COPY PROPERTIES

ActivationPreference

1 is highest preference

ReplayLagTime

Default 0 seconds

Maximum 14 days

TruncationLagTime

Default 0 seconds

Maximum 14 days

SeedingPostponed

LAGGED DATABASE COPY

Automatic log replay

When a low disk space threshold is reached

When the lagged copy has physical corruption and needs to be page patched

When there are fewer than three available healthy copies (active or passive only; lagged database copies are not counted) for more than 24 hours

Beginning with Exchange 2016 CU1 ReplayLagManager is enabled by default

Deferred Lagged Copy Play Down

Play down activity is tied to the health of the disk / disk IO latency

PREFERENCEMOVEFREQUENCY

Starting with Exchange Server 2016 CU2

Automatic redistribution of the database to the preferred owner

By default every 60 minutes

The behaviour can be disabled

Set-DatabaseAvailabilityGroup <Name> -PreferenceMoveFrequency([System.Threading.Timeout]::InfiniteTimeSpan)

This replaces the script RedistributeActiveDatabases.ps1

DATAMOVEREPLICATIONCONSTRAINT

Health check of database copy architecture / continuous replication

Mailbox replication services checks the health during mailbox moves

Set-MailboxDatabase -DataMoveReplicationConstraint[None|SecondCopy|SecondDatacenter|AllDatacenters|AllCopies]

Default = SecondCopy

COMMON MANAGEMENT COMMANDS

Add-MailboxDatabaseCopy -Identity DB1 -MailboxServer MBX3

Remove-MailboxDatabaseCopy -Identity DB1\MBX1

Suspend-MailboxDatabaseCopy -Identity DB1\MBX1 -SuspendComment

Update-MailboxDatabaseCopy -Identity DB1\MBX1

Resume-MailboxDatabaseCopy -Identity DB1\MBX1

Move-ActiveMailboxDatabase DB1 -ActivateOnServer MBX3

MONITORING COMMANDS

Get-MailboxDatabaseCopyStatus -Server MBX1

Get-MailboxDatabaseCopyStatus -Identity DB1

Test-ReplicationHealth

REBUILD THE SEARCH CATALOG

Database is part of a DAG

Update-MailboxDatabaseCopy CatalogOnly

Force a content index rebuild

Stop-Service MSExchangeFastSearch

Stop-Service HostControllerService

Delete the folder containing the content index catalog

Start-Service MSExchangeFastSearch

Start-Service HostControllerService

CUMULATIVE UPDATES

About 4 times per year

Full installation

Unified Messaging Language packs must be uninstalled / reinstalled

Customizations in server web.config are lost, OWA/Lync integration

Setup /RecoverServer if CU install failed

INSTALLING CUMULATIVE UPDATES AD PREPARATION

CUs often contain schema updates or new RBAC configuration

Check AD health

Repadmin /replsum /bysrc /bydest /sort:delta

Event Viewer

setup /IAcceptExchangeServerLicenseTerms [/PrepareSchema | /PrepareAD| /PrepareAllDomains ]

INSTALLING CUMULATIVE UPDATES SERVER PREPARATION

Check health of DAG members

Get-DatabaseAvailabilityGroup

Get-MailboxDatabaseCopyStatus

Load Balancing

If DNS Round Robin Then remove ServerToUpgrade from autodiscover, mail,..

If Load Balancer And Load Balancer does not integrate with Managed Availability then take the ServerToUpgrade out of the pool

INSTALLING CUMULATIVE UPDATES START MAINTENANCE MODE

Set-ServerComponentState $env:COMPUTERNAME Component HubTransport State DrainingRequester Maintenance

Redirect-Message -Server $env:COMPUTERNAME -Target $ActiveServer -Confirm:$false

Restart-Service MSExchangeFrontEndTransport

Restart-Service MSExchangeTransport

Suspend-ClusterNode Name $env:COMPUTERNAME

Set-MailboxServer $env:COMPUTERNAME -DatabaseCopyActivationDisabledAndMoveNow$true

Set-MailboxServer $env:COMPUTERNAME DatabaseCopyAutoActivationPolicy Blocked

Set-ServerComponentState $env:COMPUTERNAME Component ServerWideOffline State InActive Requester Maintenance

INSTALLING CUMULATIVE UPDATES VERIFY MAINTENANCE MODE

Get-ServerComponentState $env:COMPUTERNAME | Format-Table Component,State -Autosize

Get-MailboxServer $env:COMPUTERNAME | Format-Table DatabaseCopy* -Autosize

Get-ClusterNode $env:COMPUTERNAME | Format-List

Shutdown /r

INSTALLING CUMULATIVE UPDATE

Setup.exe /RemoveUmLanguagePack:de-DE

Setup /m:upgrade /IAcceptExchangeServerLicenseTerms

setup.exe /AddUmLanguagePack:de-DE/IAcceptExchangeServerLicenseTerms /s:D:\Install\UMLanguagePacks

Restore customizations like Skype Integration in OWA

INSTALLING CUMULATIVE UPDATE STOP MAINTENANCE MODE

Set-ServerComponentState $env:COMPUTERNAME Component ServerWideOfflineState Active Requester Maintenance

Resume-ClusterNode Name $env:COMPUTERNAME

Set-MailboxServer $env:COMPUTERNAME DatabaseCopyAutoActivationPolicyUnrestricted

Set-MailboxServer $env:COMPUTERNAMEDatabaseCopyActivationDisabledAndMoveNow $false

Set-ServerComponentState $env:COMPUTERNAME Component HubTransportState Active Requester Maintenance

Restart-Service MSExchangeTransport

Restart-Service MSExchangeFrontEndTransport

INSTALLING CUMULATIVE UPDATE POST PREPARATION

Get-ServerComponentState $env:COMPUTERNAME | Format-Table Component,State -Autosize

Get-MailboxServer $env:COMPUTERNAME | Format-Table DatabaseCopy* -Autosize

Get-ClusterNode $env:COMPUTERNAME | Format-List

Get-MailboxDatabaseCopyStatus

Load Balancing

If DNS Round Robin Then add ServerToUpgrade to autodiscover

If Load Balancer And Load Balancer does not integrate with Managed Availability then add the ServerToUpgrade to the pool

INSTALLING CUMULATIVE UPDATE BLOG ARTICLES

Placing Exchange 2013 Into Maintenance Mode - http://blog.c7solutions.com/2012/10/placing-exchange-2013-into-maintenance.html

Installing Cumulative Updates on Exchange Server 2016 -http://exchangeserverpro.com/installing-cumulative-updates-on-exchange-server-2016/

Exchange Server: HowTo zur Installation von Updates - https://www.frankysweb.de/exchange-server-howto-zur-installation-von-updates/

Exchange 2013/2016: Cumulative Update Deployment in Production without any Outage -http://msexchangeguru.com/2015/12/26/exchange-update-deployment-process/

Exchange 2016 and Exchange 2013 Pre-Patching or Restart Script -https://gallery.technet.microsoft.com/Exchange-2016-and-Exchange-e46ba457

Exchange 2016 and Exchange 2013 Post-Patching or Restart Script -https://gallery.technet.microsoft.com/Exchange-2016-and-Exchange-47b53102

MANAGED AVAILABILITY

Source: High Availability and Site Resilience, Microsoft Virtual Academy

Source: Managed Availability, Microsoft TechNet

MANAGED AVAILABILITY EVENT VIEWER

MANAGED AVAILABILITY CMDLETS

Get-HealthReport -Server Monkey-E16S1| Where-Object { $_.Alertvalue -ne "Healthy" }

Get-ServerHealth -Server Monkey-E16S1| Where-Object { $_.Alertvalue -eq"Unhealthy" }

Add-ServerMonitoringOverride

Add-GlobalMonitoringOverride

TRANSPORT SERVICE

TRANSPORT PIPELINE

Source: Mail flow and transport pipeline, Microsoft TechNet

INBOUND MAIL FLOW (NO EDGE TRANSPORT SERVERS)

INBOUND MAIL FLOW WITH EDGE TRANSPORT SERVERS

OUTBOUND MAIL FLOW (NO EDGE TRANSPORT SERVERS)

OUTBOUND MAIL FLOW WITH EDGE TRANSPORT SERVERS

DEFAULT RECEIVE CONNECTORS

CUSTOM RECEIVE CONNECTOR

New-ReceiveConnector -Usage <Custom | Internet | Internal | Client | Partner> [-Bindings <MultiValuedProperty>] [-RemoteIPRanges<MultiValuedProperty>] <COMMON PARAMETERS>

ANONYMOUS RELAY

Create a dedicate receive connector

Restrict the remote IP addresses

Configure anonymous relay permission

New-ReceiveConnector -Name "Anonymous Relay" -TransportRoleFrontendTransport -Custom -Bindings 0.0.0.0:25 -RemoteIpRanges192.168.5.10,192.168.5.11

Set-ReceiveConnector "Anonymous Relay" -PermissionGroups AnonymousUsers

Get-ReceiveConnector "Anonymous Relay" | Add-ADPermission -User "NT AUTHORITY\ANONYMOUS LOGON" -ExtendedRights "Ms-Exch-SMTP-Accept-Any-Recipient"

SEND CONNECTOR

No send connector for external mail flow is created during the Exchange 2016 installation

Exchange is not able to send mails to external recipients

Sending mail to the Internet

New-SendConnector -Name <Name> -AddressSpaces * -Internet [-SourceTransportServer <fqdn1>,<fqdn2>...]

New-SendConnector -Name <Name> -AddressSpaces * -Custom -DnsRoutingEnabled $false -SmartHosts <SmartHost1>[,<SmartHost2>...] [-SourceTransportServer <fqdn1>,<fqdn2>...]

OUTBOUND MAIL FLOW

Source: Configure Send connectors to proxy outbound mail, Microsoft TechNet

Set-SendConnector <Send connector identity> -FrontEndProxyEnabled $true

QUEUE VIEWER

LIMITS

Recipient Limits

A Distribution List counts as a single recipient!

Message Size Limits

QUESTIONS & ANSWERS

client connectivity exchange 2016 with exchange 2013 · client connectivity exchange 2016 with...

Documents

exchange 2013. exchange server role architecture in exchange...

cloud exchange - a smart tool to enhance cloud connectivity...

intel entry storage system ss4200-e...client connectivity...

owa client protocol connectivity flow in exchange 2013/2007...

configuring client access array for exchange 2010

module 8: managing client configuration and connectivity

kepserverex client connectivity guide for wonderware intouch

gmex trade and exchange solutions flyer aw new style 09...

smart manufacturing connectivity for brownfield sensors...

wcs data exchange at the datafed server/client

find and edit a client - home | data exchange

chapter 17 client server system and remote connectivity

remote client access with exchange server 2007

dg broker & client connectivity - high availability day...

client connectivity

planning for exchange server 2007 client access servers

defcon 2012 - hacking ms exchange mobile client

specific client connectivity guide -...

aspen and the health insurance exchange€¦ · aspen and...

kepserverex client connectivity guide -...