Tag Archives: Exchange 2010

How to Use Windows Server Backup to back up Exchange 2010 Database Availability Groups (DAG)

Unless you’re comfortable with entrusting your data to DAG & circular logging, backing up Exchange 2010 on a routine basis is critical in order to protect your data and truncate the database logs.

While Microsoft has several articles on using Windows Backup for Exchange 2010, none of them really spell out a start to finish solution for a DAG environment.

In order to configure Windows Backup for an Exchange 2010 environment employing DAG’s, the following need to be accomplished.

  1. If not installed already, install the Windows Server Backup Feature, but NOT the command line tools (those are still 32-bit and incompatible)
  2. Uninstall the Windows Server Backup Features “Command-line Tools” if installed.
  3. Create a registry entry to disable the Microsoft Exchange Replication service VSS writer (see below for step-by-step).
  4. Restart the Microsoft Exchange Replication service.
  5. Set to Automatic and then start the Microsoft Exchange Server Extension for Windows Server Backup service.
  6. Configure your backup using Windows Server Backup (see below for step-by-step).

Registry Change

This was taken from http://technet.microsoft.com/en-us/library/dd876851.aspx which has additional information on using Windows Backup with Exchange 2010… I highly encourage everyone responsible for their Exchange environment to read it thoroughly:

If a server hosting the data being backed up is a member of a database availability group (DAG) and hosts both active and passive database copies, you must disable the Microsoft Exchange Replication service VSS writer. If the Microsoft Exchange Replication service VSS writer is enabled, the backup operation will fail.

To disable the Microsoft Exchange Replication service VSS writer, perform the following steps:

  1. Log on to the server by using an account that has local administrator access, and then start Registry Editor (regedit).
  2. Navigate to HKEY_LOCAL_MACHINE\Software\Microsoft\ExchangeServer\v14\Replay\Parameters.
  3. Add a new DWORD value named EnableVSSWriter, and set its value to 0.
  4. Exit Registry Editor and then restart the Microsoft Exchange Replication service.

Configure Windows Backup

You only need to specify the drives that have an Exchange database on them that you wish to backup.  In my environment, I have one database per drive, and I only back up the drives that typically run the Active copy of the database.   i.e. every Exchange mailbox server in my environment has a Windows Backup job configured to back up only the drives that have an active database.  There is no reason to back up the passive database copies on every server.

By configuring it this way, that Exchange Agent for Windows Backup automatically knows that you’ve backed up the database and will truncate the logs shortly after the backup completes on all servers in the DAG.

The following was taken from http://technet.microsoft.com/en-us/library/dd876854.aspx which has additional information on using Windows Backup with Exchange 2010… Again, I highly encourage everyone responsible for their Exchange environment to read it thoroughly:

You need to be assigned permissions before you can perform this procedure. To see what permissions you need, see the “Mailbox recovery” entry in the Mailbox Permissions topic.

  1. Start Windows Server Backup.
  2. In the Actions pane, click “Configure Performance Settings…”
  3. Change the Performance Settings to Custom, and then configure at least your DAG volumes to Incremental, though I would recommending changing all volumes to Incremental (this will cause a fresh, full backup to occur every 14 days)
  4. In the Actions pane, click Backup Once. The Backup Once wizard appears.
  5. On the Backup options page, select Different options, and then click Next.
  6. On the Select backup configuration page, select the type of backup that you want, and then click Next.
    1. Select Full server (recommended) to back up all volumes on the server.
    2. Or, select Custom to specify which volumes should be included in the backup. If you select this option, the Select backup items page appears. Select the volumes to be backed up, and then click Next.
  7. On the Specify destination type page, select the location where you want to store the backup, and then click Next. If Remote shared folder is selected, the Specify remote folder page appears. Specify a UNC path for the backup files, and then do one of the following to configure access control settings:
    1. Select Do not inherit if you want the backup to be accessible only by a set of specified user credentials, and then click Next. Type a user name and password for a user account that has write permissions on the computer that is hosting the remote folder, and then click OK.
    2. Or, select Inherit if you want the backup to be accessible by everyone who has access to the remote folder, and then click Next.
  8. On the Specify advanced options page, select VSS full backup, and then click Next.
  9. On the Confirmation page, review the backup settings, and then click Backup.
  10. On the Backup progress page, you can view the status and progress of the backup operation.
  11. Click Close when the backup operation has completed.

How to add Proxy SMTP Address from Exchange Management Shell

Microsoft’s article related to adding an email address to an existing mailbox in 2010 is here:

http://technet.microsoft.com/en-us/library/bb123794.aspx

However, I really didn’t like how they do it as it relies on multiple line entries to add a single address.  So I sought out the command below to be able to add an address with a single line.


Set-Mailbox [user alias] -EmailAddresses (((Get-Mailbox [user alias]).EmailAddresses)+="smtp:proxy_address@domain.com")

Better yet, by using Excel and some nifty concatenate work, you can make yourself a nice spreadsheet to apply multiple changes at once.  If you didn’t already know, you can copy and paste in multiple commands at once, and the Exchange 2010 Powershell will process each line as an independent command.

…scripting for dummies I guess : )

Dreaded "Red X" with OWA in Exchange 2010

It appears that after applying Hotfix Rollup 2 in Exchange 2010 Service Pack 1 (and I’d wager this may be an issue in the future), some users are getting the following error in Outlook Web App:

exchange 2010 owa “Couldn’t find a base theme (folder name=base)”

…along with a bunch of Red X’s where the images should be.

Turns out the issue is that, for a variety of reasons, Update Rollup 2 installed with insufficient permissions to apply some settings.

In order to fix this issue, you need to right-click on Exchange Management Shell, select Run As Administrator, and then run the following command:

C:\Program Files\Microsoft\Exchange Server\V14\Bin\UpdateCas.ps1

After running that command, restart your server and OWA should work properly again.

EMS Command to Set Legacy Outlook Web Access in Exchange 2010

If you will be running Exchange 2003 & 2010 simultaneously with mailboxes in both environments, you’ll need to run the Set-OWAVirtualDirectory command on each CAS Server in your organization.  The command to run is:


Set-OWAVirtualDirectory -Identity "CASServer\owa (Default Web Site)" -Exchange2003URL https://legacy.webmail.domain.com/exchange

Simply change the relevant parts to reflect the settings in your environment.  This will tell Exchange 2010 OWA to redirect for clients with Exchange 2003 mailboxes to the appropriate OWA server.

Exchange 2010 Database Accessability Group Witness Server Requirements

In the Exchange Server 2010 Database Accessibility Group (DAG) documentation (http://technet.microsoft.com/en-us/library/dd298065.aspx), it states the following:

“The witness server and its directory are used only for quorum purposes where there’s an even number of members in the DAG.”

This is semi-confusing during the planning stages of an Exchange 2010 infrastructure, as you must have a witness server regardless of how many mailbox servers are members of a DAG.  It’s just that the witness only comes in to play when their are an even number of active members in a DAG.

Even a little more confusing is that a witness server is typically just an Exchange Hub Transport server that does not have the mailbox role installed (i.e. a Witness can never host a copy of the database it’s witnessing).  So, if your environment consists of dedicated mailbox servers separated from the Client Access and Hub Transport roles, you really don’t have to install any additional servers.

In our environment, we’re taking Microsoft’s recommendation of using only mutli-role servers, so we had to set up a dedicated Hub Transport server to act as the Witness for our DAG.

While you can set up a Windows Server as a witness without Exchange installed on it (see the above article), it’s really not a good idea as that prevents your Exchange administrators from properly managing the entire environment from within Exchange (and we get cranky when we can’t control everything).

Additionally, while your mailbox-role servers must be running the Enterprise Edition of Windows Server to be a part of the DAG, the Hub Transport (Witness) server does not need to be running Enterprise Edition, even though it is a proper part of the DAG.

Download Links for Microsoft Exchange Server 2010 SP1 Pre-Requisites

In order to install Microsoft Exchange 2010 Service Pack 1 (SP1) you must first download and install a number of hotfixes that are not available via Microsoft update.  Unfortunately, Microsoft was not so kind as to give you a clickable or copyable link in the installer in order make installing them efficient.

So, I prepared the list below with all relevant links.  Note that on many of the links downloads are available for a number of different platforms.  If, like me, you are running Windows Server 2008 R2, you’ll be looking for the Windows 6.1 x64 version.

KB979099 (Update – No Longer Required if SP1 for Windows Server 2008 R2 is installed)
http://www.microsoft.com/downloads/en/details.aspx?FamilyID=87f72529-d316-42e8-bf77-a46951f66dda&DisplayLang=en

KB191548
http://www.microsoft.com/downloads/en/details.aspx?FamilyID=5CD4DCD7-D3E6-4970-875E-ABA93459FBEE&displaylang=en

KB982867 (Update – No Longer Required if SP1 for Windows Server 2008 R2 is installed)
http://code.msdn.microsoft.com/KB982867/Release/ProjectReleases.aspx?ReleaseId=4520

KB979744 (Update – No Longer Required if SP1 for Windows Server 2008 R2 is installed)
http://connect.microsoft.com/VisualStudio/Downloads/DownloadDetails.aspx?DownloadID=27109

KB983440 (Update – No Longer Required if SP1 for Windows Server 2008 R2 is installed)
http://connect.microsoft.com/VisualStudio/Downloads/DownloadDetails.aspx?DownloadID=29092

KB977020 (Update – No Longer Required if SP1 for Windows Server 2008 R2 is installed)
http://connect.microsoft.com/VisualStudio/Downloads/DownloadDetails.aspx?DownloadID=27977

Additionally, the PowerShell commands to install the Windows OS prerequisites can be found at:

http://technet.microsoft.com/en-us/library/bb691354.aspx

Have fun!

How to Use a Proxy Server with Microsoft Exchange 2007/2010

If you’re like me and managing an Exchange 2010 infrastructure in an environment that requires the use of a proxy server to access the Internet, you may experience various issues with Exchange.  One issue in particular is that SSL’s issued by an external certificate authority (CA) will not be able to be verified by Exchange.  You’ll get an error such as:

“The Certificate Status could not be determined because the revocation check failed”

The reason for this is that Exchange uses WinHTTP to determine the validity of the certificate.  WinHTTP uses the Web Proxy Auto-Discover Protocol (WPAD) in order to determine if a proxy server is utilized in the installed environment (if it’s specified in DHCP or DNS).

In order to determine what proxy server, if any, Exchange is using run the following command from the Exchange Management Shell (working in either Exchange 2007 or 2010):


netsh winhttp show proxy

If none is specified, or if you wish to change it, run the following command (2003/2008 only):


netsh winhttp set proxy-server="http=myproxy:8080;https=secureproxy:8080" bypass-list= "*.internal.com"

For 2008 R2, use this command:


netsh winhttp set proxy proxy-server="http=myproxy:8080;https=secureproxy:8080" bypass-list= "*.internal.com"

Just change the parts necessary to reflect the settings in your environment.  Note that “myproxy” and “secureproxy” may be the same thing.  Although techically optional, I would highly recommend setting the bypass-list to your local, internal domain name or you may have significant difficulty with the Exchange Management Console/Shell.

If you need to reset it back to direct access, just use this command:


netsh winhttp reset proxy

How to assign Full Access Permissions to Multiple Mailboxes in Exchange 2007/2010

Recently I was required to modify several dozen mailboxes in Exchange 2007 to give a user Full Access administrative rights on those mailboxes.

The Exchange Management Console limits you whereby you can only grant those permissions on one mailbox at a time.  I wanted to find a way to script it to speed the process along and make it more interesting.

The first thing I had to figure out was how to filter out just a certain set of users.  Adding them to a security group was easy enough using DSMOD (previous Blog post), but unfortunately the Exchange Shell doesn’t let you specify a security group when assigning permissions.  It does, however, allow you to specify a Custom Attribute.

In order to set one of the CustomAttribute settings in Active Directory to something unique, I used one of my favorite utilities… ADModify.Net.  Once ADModify.Net is launched, you’ll want to filter your users down by using the following LDAP Query:


(&(objectCategory=person)(memberOf=CN=Group,CN=OU,DC=domain,DC=local))

Once they are filtered out, you can the select all of the users that appear from the query and proceed to the next screen, and go to the Custom tab.  Under the attribute name field, type in extentionAttribute# substituting the “#” for any number between 1-15.  Make absolutely sure it is not currently in use.

Under the attribute value field, type in whatever you want in order to find your set of users easily.

Hit Go! and once everything is finished, proceed to the Exchange Management Shell.

Use the following command in the shell to add Full Access to a specific user for all of your users with the Custom Attribute set to the value you specified.  You’ll need to change the labels in bold to fit your environment.


Get-mailbox –filter {CustomAttribute1 –eq “VALUE”} | Add-MailboxPermission -User "TrustedUser" -AccessRights FullAccess

Use the following command in the shell to add only Receive As access rights to a specific user for all of your users with the Custom Attribute set to the value you specified.  You’ll need to change the labels in bold to fit your environment.


Get-mailbox –filter {CustomAttribute1 –eq “VALUE”} | Add-ADPermission -User "TrustedUser" -ExtendedRights Receive-As

That’s it.  Technically giving a user Full Access will also give the Receive As rights, but I like to be thorough.

Good luck! : )

Language Pack Error when Attempting to Install Exchange 2010 Service Pack 1 Upgrade

While attempting to install Service Pack 1 for Microsoft Exchange Server 2010, I kept getting this during the Readiness Checks:

Language Prerequisites
Language packs are installed on this server and must be upgraded with the Exchange binaries. Please specify a language bundle with the upgrade operation.

I was unable to proceed with the install, and clicking on the link led me nowhere.  I finally discovered that the language packs can be downloaded separately from Microsoft here:

http://www.microsoft.com/downloads/en/details.aspx?FamilyID=56C2AF38-A080-4CE1-8518-E63EE87F11C5

After downloading them, I re-ran setup, and this time chose to install not only languages from the DVD, but to install all languages from the language bundle.  That led me to a screen where I was able to point to the Language Pack Bundle .exe I had downloaded.

The installation then proceeded normally with no interruption.