Monday, May 03, 2010

My Blog is Moving…

I know there are like 2 people (including myself) that actually read this blog, but due to the Spam filters that hate and because of a bit better flexibility found elsewhere, I will be moving this blog to very soon.  My new blog is located at


Feel free to subscribe to this in your favorite RSS reader by using the link

Tests Prove: Windows 2008 R2 Much Better for Exchange 2010!

Well, Microsoft has just released a new blog post showing their test results comparing Windows 2008 SP2 and Windows 2008 R2 and Exchange 2010 when under an Outlook Anywhere load.  Lets face it, Outlook Anywhere is the way of the future!  I know for me, I have to be able to work anywhere, anytime, and I don’t want to worry about VPN solutions and firewalls, so Outlook Anywhere is the answer. 

So, how does R2 help you say?  It provides 10 times smaller CPU usage for the same number and type of OA users, thanks how.  This appears to be due to the significant performance improvements made to the RPC/HTTP feature in R2.  And in case your wondering, this should also benefit Exchange 2007 SP3 (when it becomes publicly available). 

Another way to look at this, as pointed out by the Microsoft blog post is that using identical hardware for both OS versions, R2 supported 14,000 OA users, while SP2 only supported 6,500!


Check out the source at:


Monday, April 19, 2010

Office 2010 RTM’ed

I received an email from Microsoft last Friday (4/16/10) exclaiming that they have Released to Manufacturing Office 2010.  I have been using a pre-release beta for many months since I have been part of the thousands Beta-Testing this release and I can tell you that it is a fantastic product.  In the release I have been using, and I mean using every day all day long, I have had no issues to report.  I mean none, zero, no crashes, no compatibility problems, no problems at all!  I HIGHLY recommend that organizations still stuck on Office 2003 or earlier upgrade immediately once this becomes publicly available.  The email from Microsoft is included below, for your enjoyment.

Office 2010 RTM Email

Thursday, April 08, 2010

Exchange 2010 SP1 Coming…

So, I have been waiting and waiting and waiting to finally start talking about what is coming in Service Pack 1 for Exchange Server 2010.  Although the NDA I am held to will not allow me to tell you everything that is coming in SP1, I can still talk a bit about the features already revealed by this

First of all, what can we say is coming in SP1?

  • Feature enhancements to OWA
  • Mobile user and management improvements
  • EMC UI enhancements
  • Online Arching and Discovery enhancements
  • Server side PST export/import (without Outlook)
  • Message Records Management (Retention Tagging) tool improvements in EMC
  • ActiveSync Enhancements including tether-free IRM support
  • The usual hotfix inclusions
  • And so many more (that darn NDA!)

There are so many changes and improvements, that I hardly know where to start.  So, I will just dive right in and start at the top of this list.

Outlook Web App

This set of changes is the most visible to end users and is a very welcome set of updates.  To start with, OWA once again has themes.  These themes are many and varied and are selectable right from the main OWA page by clicking on “Options”

theme change in SP1 Within OWA, you can also select multiple messages for action (similar to Gmail or your iPhone/iPAD).  Exchange CAS server will also allow for your browser to pre-fetch message content within OWA so that actions users take will feel instantaneous and will not slow down their browsing experience. 

The entire interface has been simplified and cleaned up a lot.  I showed the new interface to my children (ages 15 – 7) and they felt right at home in the new interface without much instruction from me at all.  One of the most asked about feature in OWA was to once again enable the reading pane to be placed at the bottom or the right side (RTM only enabled the right side).  This has been updated in SP1. 

Archiving and E-Discovery

To start with, we can now create the Online Archive mailbox on a different database than the users primary mailbox (YEAH!!).  This enables us to design the system with tiered storage and availability policies.  And to go one step further, if you provision the archive with the intention of consuming the users PST archives, we can now import the PST file directly into the Archive right on the server and without Outlook being installed on the server.  Once last note, Microsoft is also planning on releasing an update to Outlook 2007 that will enable it to see and participate in the Online Archives.

On the E-Discovery front, a few changes exist there as well, including search preview and search result de-duplication.  Also, when reviewing the search results, you can now add annotations to your review to make your task more efficient.

Archiving and E-Discovery

Since many administrators prefer to use the Exchange Management Console (EMC) instead of Powershell (EMS), Microsoft has placed a great deal of emphasis on UI improvements in SP1 including those in EMC and ECP.  Some of the improvements are:

  • Create/configure Retention Tags + Retention Policies in EMC
  • Configure Transport Rules in ECP
  • Configure Journal Rules in ECP
  • Configure MailTips in ECP
  • Provision and configure the Personal Archive in ECP
  • Configure Litigation Hold in ECP & EMC
  • Configure Allow/Block/Quarantine mobile device policies in ECP
  • RBAC role management in ECP
  • Configure Database Availability Group (DAG) IP Addresses and Alternate Witness Server in EMC
  • Recursive public folder settings management (including permissions) in EMC


    So, to close this blog post, I have to say that this Service Pack is one of the best ones in recent memory and since I know for a fact that most of what it contains are a direct consequence of the feedback many customers and architects like myself have provided. 

    I sincerely thank the Exchange Product Group for listening and taking what your customers say to heart and then doing what is needed to make the product that much better.

    As time and my NDA permits, I will blog on more features and improvements coming in SP1.  Until then, you can look forward to obtaining your own copy of Exchange Server 2010 Service Pack 1 beta around the TechEd timeframe in June. 

  • Microsoft Releases Exchange 2010 Installation Guides

    Microsoft has officially released (on 4/7/2010) the Exchange Server 2010 Installation Guide Templates.  These are beginning points for organizations to use to create server built procedure documentation.  These are well written and a great starting point for any organization to begin their install docs from!

    You can download them at:

    Thursday, March 18, 2010

    Free/Busy Federation Troubleshooting

    I have had the pleasure of being the administrator of the very first organization to implement the new Exchange 2010 Free/Busy Federation (from now on I will call it F/B Fed) infrastructure last year during the Exchange 2010 TAP (Technical Adaption Program).  In doing so, I have been given the opportunity to work directly with a couple of the Microsoft Exchange Product Group members (thank you Ladislau and Matthias!!!) that guided me through the initial implementation and troubleshooting of Free/Busy Federation when it occasionally went awry.  I could probably write a small whitepaper on what I have learned, however for the purposes of this blog post, I wanted to delve into the latest issue I had. 

    Recently, the public certificate we had been using for OWA, etc… and therefore for F/B Fed was going to expire and the cert vendor had made some changes to the UC certs they offered so we had to make a cert change, not just a renewal.  After we installed the new certificate and began using it for all the other web services (OWA, OA, EAS, etc…), we turned to F/B Fed and ran two commands with the intent of rolling to the new certificate.

    Set-FederationTrust -Identity MyFederationTrust -Thumbprint <your new cert thumbprint here>

    Set-FederationTrust "MyFederationTrust" –PublishFederationCertificate

    The problem is, it didn’t work.  The new certificate didn’t get rolled to as it should have.  Instead, I received the error shown below.

    An error occurred accessing Windows Live. Detailed information: "The request failed with HTTP status 403: Forbidden.".

    + CategoryInfo: ResourceUnavailable: (:) [Set-FederationTrust], LiveDomainServicesAccessException

    + FullyQualifiedErrorId: 7CDAC73F,Microsoft.Exchange.Management.SystemConfigurationTasks.SetLiveFederationTrust

    Next, I validated that the new certificate was in fact valid and that the certificate was enabled for Server Authentication.

    server-auth-sample So Far, everything looked ok, but we still couldn’t roll the cert properly and federation had stopped working as well.  ARGH..

    After a bit more trial and error, it had seemed like the Set-FederationTrust command shown earlier had finally worked, at least it didn’t give me an error when I ran it, however, F/B Fed still wasn’t working and when I ran Test-FederationTrust –Verbose, I received the following error in response.

    RunspaceId : xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
    Id         : OrganizationPreviousCertificate
    Type       : Error
    Message    : Certificate referenced by property OrgPrevPrivCertificate in the FederationTrust object is expired.

    With the help of Matthias, I ran the following script in order to attempt to push the old certificate completely out of the Federation system.

    $a = Get-FederationTrust

    Set-FederationTrust -Identity $a.Identity -Thumbprint $a.OrgPrivCertificate

    Set-FederationTrust -Identity $a.Identity –PublishFederationCertificate

    Unfortunately, when I ran the second command, I received a new error.

    Federation certificate with thumbprint "C54359E291F10213…" must have a unique Subject Key Identifier.  The Subject Key Identifier "1A29F0C8C62971EA524BE4…" is already used by the certificate with thumbprint "C54359E291F10213…".

    + CategoryInfo: InvalidArgument: (:) [Set-FederationTrust], ProvisionerConfigException

    + FullyQualifiedErrorId: 4CFC5CA6,Microsoft.Exchange.Management.SystemConfigurationTasks.SetLiveFederationTrust

    So, it seemed at the time that the issue was more of a security one due to the beta we are running for Service Pack 1, so we tried a different approach.

    $a = get-federationtrust

    $b = "LDAP://" + $a.DistinguishedName

    $c = [ADSI]$b

    If ($c.msExchFedOrgPrevPrivCertificate -ne $null) { $c.PutEx(1, "msExchFedOrgPrevPrivCertificate", 0) }

    If ($c.msExchFedOrgPrevCertificate -ne $null) { $c.PutEx(1, "msExchFedOrgPrevCertificate", 0) }


    I ran that script (without error) and waited for AD to replicate.  Afterwards, I ran Test-FederationTrust –Verbose again, this time with a slightly different error, yet still related to the “msExchFedOrgPrevPrivCertificate” attribute.

    RunspaceId : xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx

    Id         : OrganizationPreviousCertificate

    Type       : Error

    Message    : Unable to find certificate referenced by property OrgPrevPrivCertificate in the FederationTrust object.

    Hmmm…  that is interesting, now I don’t have a value in that attribute at all!  So I checked that by running Get-FederationTrust | fl and sure enough, this attribute was empty from Exchange’s point of view.  However, not fully convinced, Ladislau recommended I run the script below just to ensure it really was missing from AD.

    $a = get-federationtrust

    $b = "LDAP://" + $a.DistinguishedName

    $c = [ADSI]$b

    $c | fl * -force

    And of course, it was actually missing from AD as well….

    Come to find out, I had hit a new unknown bug on cert rolling and had to run this final script to set the msExchFedOrgPrevPrivCertificate attribute and get F/B Fed working again.

    $a = get-federationtrust

    $b = "LDAP://" + $a.DistinguishedName

    $c = [ADSI]$b

    $c.msExchFedOrgPrevPrivCertificate = $c.msExchFedOrgPrivCertificate


    Now, when I run Test-FederationTrust –Verbose I get a “Success” on all tests!  And our users are happy because Free/Busy Federation is once again working as advertised.  I hope these little insights are helpful to others when they use their favorite search engine to find answers to their own Federation issues. 

    Until next time…   

    Wednesday, February 17, 2010

    Download the updated E2010 Mailbox Server Role Calc!

    Well, the boys in Redmond (thanks Ross and the soon to be Greg) for another fantastic update to the Exchange 2010 Storage Server Role Calculator!  There are a bunch of fixes in this version since the release of version 3.5.  According to the Version Notes, these include:

    Version 3.6 - Fixed Number of Mailboxes per Database (I/O Driven) calculation formula to round down thereby adding additional IO buffer in the max number of mailboxes per database that could be supported in JBOD scenario (Perry Thompson); comment fixes
    Version 3.7 - Fixed processor core calculations for secondary datacenter that resulted in error when only lagged copies are deployed; formatting fixes
    Version 3.8 - Fixed number of lagged copy server calculation to round (Justin Brown)
    Version 3.9 - Fixed required mailbox core CPU calculations to take into account that certain site resilient scenarios result in neither datacenter supporting a single server failure
    Version 4.0 - Fixed /DAG LUN Size calculation to calculate based on number of servers and not total number of database copies (Wilfried van Oosterhout)
    Version 4.1 - Added better explanation in JBOD scenario when disk selection falls short either via capacity or IO reasons (Jeremy Gagne)
    Version 4.2 - Added Restore LUN RAID parity options (Robert Gillies and Rick Shire)
    Version 4.3 - Conditional Formatting fixes (Robert Gillies)
    Version 4.4 - Added minimum number of global catalog cores (James Reed)
    Version 4.5 - Improved formatted capacity calculation formula (Kyryl Perederiy)

    Lets just say it is well worth the download!  So… What are you waiting for….

    Thursday, January 28, 2010

    OCS 2007 R2 Workload Architecture Poster

    I ran into a poster that Microsoft published a few days ago that details the traffic flow of protocols and ports used in each workload within Office Communications Server 2007 R2 (OCS 2007 R2). OCS 2007 R2 supports the following workloads: IM and Presence, Conferencing, Application Sharing, and Enterprise Voice. These filtered views can assist you in architecting your deployment of Communications Server 2007 R2. The different server roles are described along with server certificate requirements. Firewall and DNS configuration requirements are also described.

    Get your copy at:

    Friday, January 22, 2010

    Newly updated Exchange 2010 Mailbox Requirements Calculator

    Microsoft (thank you Ross and Matt!) have released a much needed update to the Exchange 2010 Mailbox Requirements Calculator. 

    This version includes the following improvements and new features:

    • Added processor core guidance for Hub Transport and Client Access server roles.
    • Added the ability to define a custom number of databases that you would like to implement in the solution.
    • Added support for 2-node site resilient Database Availability Groups.
    • Added 1 and 6 processor cores as selectable options.
    • Improved breakdown of the activation scenarios in a site resilient solution.
    • Improved breakout of the role requirements section.
    • The Storage Design tab now indicates that when you select a custom RAID configuration that the calculator ignores RAID-5 and RAID-6 for 5.xK and 7.2K spindles due to performance concerns.
    • Updated processor utilization results to show the processor utilization even if it is above the recommended threshold.
    • Made conditional formatting improvements throughout the calculator to warn you when you have a configuration that will not work.
    • Improved various cell comments.

    This version also corrects the following bugs:

    • Fixed LUN Requirements tables to accurately reflect space requirements when database copies are deployed as each server may not host all database copies.
    • Fixed conditions that resulted in -1 lagged copies.
    • Improved the active database copies after first/second server failure calculations:
      • We now calculate and expose the worst case scenario (the server that has to host the most active databases) is used in sizing memory and CPU.
      • We now ensure that the secondary datacenter calculations only consider double server failures when there are 3+ HA copies located in the secondary datacenter.
    • Removed maximum memory stipulation in the minimum ESE cache memory calculation.

    For more information on this new update:

    You can download the update from: