I know there are like 2 people (including myself) that actually read this blog, but due to the Spam filters that hate blogspot.com and because of a bit better flexibility found elsewhere, I will be moving this blog to WordPress.com very soon. My new blog is located at http://ExchangeRanger.WordPress.com.
Feel free to subscribe to this in your favorite RSS reader by using the link http://ExchangeRanger.WordPress.com/feed.
Well, Microsoft has just released a new blog post showing their test results comparing Windows 2008 SP2 and Windows 2008 R2 and Exchange 2010 when under an Outlook Anywhere load. Lets face it, Outlook Anywhere is the way of the future! I know for me, I have to be able to work anywhere, anytime, and I don’t want to worry about VPN solutions and firewalls, so Outlook Anywhere is the answer.
So, how does R2 help you say? It provides 10 times smaller CPU usage for the same number and type of OA users, thanks how. This appears to be due to the significant performance improvements made to the RPC/HTTP feature in R2. And in case your wondering, this should also benefit Exchange 2007 SP3 (when it becomes publicly available).
Another way to look at this, as pointed out by the Microsoft blog post is that using identical hardware for both OS versions, R2 supported 14,000 OA users, while SP2 only supported 6,500!
Check out the source at: http://msexchangeteam.com/archive/2010/04/30/454805.aspx
I received an email from Microsoft last Friday (4/16/10) exclaiming that they have Released to Manufacturing Office 2010. I have been using a pre-release beta for many months since I have been part of the thousands Beta-Testing this release and I can tell you that it is a fantastic product. In the release I have been using, and I mean using every day all day long, I have had no issues to report. I mean none, zero, no crashes, no compatibility problems, no problems at all! I HIGHLY recommend that organizations still stuck on Office 2003 or earlier upgrade immediately once this becomes publicly available. The email from Microsoft is included below, for your enjoyment.
So, I have been waiting and waiting and waiting to finally start talking about what is coming in Service Pack 1 for Exchange Server 2010. Although the NDA I am held to will not allow me to tell you everything that is coming in SP1, I can still talk a bit about the features already revealed by this EHLO blog article.
First of all, what can we say is coming in SP1?
There are so many changes and improvements, that I hardly know where to start. So, I will just dive right in and start at the top of this list.
Outlook Web App
This set of changes is the most visible to end users and is a very welcome set of updates. To start with, OWA once again has themes. These themes are many and varied and are selectable right from the main OWA page by clicking on “Options”
The entire interface has been simplified and cleaned up a lot. I showed the new interface to my children (ages 15 – 7) and they felt right at home in the new interface without much instruction from me at all. One of the most asked about feature in OWA was to once again enable the reading pane to be placed at the bottom or the right side (RTM only enabled the right side). This has been updated in SP1.
Archiving and E-Discovery
To start with, we can now create the Online Archive mailbox on a different database than the users primary mailbox (YEAH!!). This enables us to design the system with tiered storage and availability policies. And to go one step further, if you provision the archive with the intention of consuming the users PST archives, we can now import the PST file directly into the Archive right on the server and without Outlook being installed on the server. Once last note, Microsoft is also planning on releasing an update to Outlook 2007 that will enable it to see and participate in the Online Archives.
On the E-Discovery front, a few changes exist there as well, including search preview and search result de-duplication. Also, when reviewing the search results, you can now add annotations to your review to make your task more efficient.
Archiving and E-Discovery
Since many administrators prefer to use the Exchange Management Console (EMC) instead of Powershell (EMS), Microsoft has placed a great deal of emphasis on UI improvements in SP1 including those in EMC and ECP. Some of the improvements are:
Wrap-Up
So, to close this blog post, I have to say that this Service Pack is one of the best ones in recent memory and since I know for a fact that most of what it contains are a direct consequence of the feedback many customers and architects like myself have provided.
I sincerely thank the Exchange Product Group for listening and taking what your customers say to heart and then doing what is needed to make the product that much better.
As time and my NDA permits, I will blog on more features and improvements coming in SP1. Until then, you can look forward to obtaining your own copy of Exchange Server 2010 Service Pack 1 beta around the TechEd timeframe in June.
Microsoft has officially released (on 4/7/2010) the Exchange Server 2010 Installation Guide Templates. These are beginning points for organizations to use to create server built procedure documentation. These are well written and a great starting point for any organization to begin their install docs from!
You can download them at: http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=5f9dbd88-dadf-4ad9-9f28-ad35a1ab1da2
I have had the pleasure of being the administrator of the very first organization to implement the new Exchange 2010 Free/Busy Federation (from now on I will call it F/B Fed) infrastructure last year during the Exchange 2010 TAP (Technical Adaption Program). In doing so, I have been given the opportunity to work directly with a couple of the Microsoft Exchange Product Group members (thank you Ladislau and Matthias!!!) that guided me through the initial implementation and troubleshooting of Free/Busy Federation when it occasionally went awry. I could probably write a small whitepaper on what I have learned, however for the purposes of this blog post, I wanted to delve into the latest issue I had.
Recently, the public certificate we had been using for OWA, etc… and therefore for F/B Fed was going to expire and the cert vendor had made some changes to the UC certs they offered so we had to make a cert change, not just a renewal. After we installed the new certificate and began using it for all the other web services (OWA, OA, EAS, etc…), we turned to F/B Fed and ran two commands with the intent of rolling to the new certificate.
Set-FederationTrust -Identity MyFederationTrust -Thumbprint <your new cert thumbprint here>
Set-FederationTrust "MyFederationTrust" –PublishFederationCertificate
The problem is, it didn’t work. The new certificate didn’t get rolled to as it should have. Instead, I received the error shown below.
| An error occurred accessing Windows Live. Detailed information: "The request failed with HTTP status 403: Forbidden.". + CategoryInfo: ResourceUnavailable: (:) [Set-FederationTrust], LiveDomainServicesAccessException + FullyQualifiedErrorId: 7CDAC73F,Microsoft.Exchange.Management.SystemConfigurationTasks.SetLiveFederationTrust |
Next, I validated that the new certificate was in fact valid and that the certificate was enabled for Server Authentication.
After a bit more trial and error, it had seemed like the Set-FederationTrust command shown earlier had finally worked, at least it didn’t give me an error when I ran it, however, F/B Fed still wasn’t working and when I ran Test-FederationTrust –Verbose, I received the following error in response.
| RunspaceId : xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx |
With the help of Matthias, I ran the following script in order to attempt to push the old certificate completely out of the Federation system.
$a = Get-FederationTrust
Set-FederationTrust -Identity $a.Identity -Thumbprint $a.OrgPrivCertificate
Set-FederationTrust -Identity $a.Identity –PublishFederationCertificate
Unfortunately, when I ran the second command, I received a new error.
| Federation certificate with thumbprint "C54359E291F10213…" must have a unique Subject Key Identifier. The Subject Key Identifier "1A29F0C8C62971EA524BE4…" is already used by the certificate with thumbprint "C54359E291F10213…". + CategoryInfo: InvalidArgument: (:) [Set-FederationTrust], ProvisionerConfigException + FullyQualifiedErrorId: 4CFC5CA6,Microsoft.Exchange.Management.SystemConfigurationTasks.SetLiveFederationTrust |
So, it seemed at the time that the issue was more of a security one due to the beta we are running for Service Pack 1, so we tried a different approach.
$a = get-federationtrust
$b = "LDAP://" + $a.DistinguishedName
$c = [ADSI]$b
If ($c.msExchFedOrgPrevPrivCertificate -ne $null) { $c.PutEx(1, "msExchFedOrgPrevPrivCertificate", 0) }
If ($c.msExchFedOrgPrevCertificate -ne $null) { $c.PutEx(1, "msExchFedOrgPrevCertificate", 0) }
$c.SetInfo()
I ran that script (without error) and waited for AD to replicate. Afterwards, I ran Test-FederationTrust –Verbose again, this time with a slightly different error, yet still related to the “msExchFedOrgPrevPrivCertificate” attribute.
| RunspaceId : xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx Id : OrganizationPreviousCertificate Type : Error Message : Unable to find certificate referenced by property OrgPrevPrivCertificate in the FederationTrust object. |
Hmmm… that is interesting, now I don’t have a value in that attribute at all! So I checked that by running Get-FederationTrust | fl and sure enough, this attribute was empty from Exchange’s point of view. However, not fully convinced, Ladislau recommended I run the script below just to ensure it really was missing from AD.
$a = get-federationtrust
$b = "LDAP://" + $a.DistinguishedName
$c = [ADSI]$b
$c | fl * -force
And of course, it was actually missing from AD as well….
Come to find out, I had hit a new unknown bug on cert rolling and had to run this final script to set the msExchFedOrgPrevPrivCertificate attribute and get F/B Fed working again.
$a = get-federationtrust
$b = "LDAP://" + $a.DistinguishedName
$c = [ADSI]$b
$c.msExchFedOrgPrevPrivCertificate = $c.msExchFedOrgPrivCertificate
$c.SetInfo()
Now, when I run Test-FederationTrust –Verbose I get a “Success” on all tests! And our users are happy because Free/Busy Federation is once again working as advertised. I hope these little insights are helpful to others when they use their favorite search engine to find answers to their own Federation issues.
Until next time…
Well, the boys in Redmond (thanks Ross and the soon to be Greg) for another fantastic update to the Exchange 2010 Storage Server Role Calculator! There are a bunch of fixes in this version since the release of version 3.5. According to the Version Notes, these include:
| Version 3.6 - Fixed Number of Mailboxes per Database (I/O Driven) calculation formula to round down thereby adding additional IO buffer in the max number of mailboxes per database that could be supported in JBOD scenario (Perry Thompson); comment fixes | ||||||||||
| Version 3.7 - Fixed processor core calculations for secondary datacenter that resulted in error when only lagged copies are deployed; formatting fixes | ||||||||||
| Version 3.8 - Fixed number of lagged copy server calculation to round (Justin Brown) | ||||||||||
| Version 3.9 - Fixed required mailbox core CPU calculations to take into account that certain site resilient scenarios result in neither datacenter supporting a single server failure | ||||||||||
| Version 4.0 - Fixed /DAG LUN Size calculation to calculate based on number of servers and not total number of database copies (Wilfried van Oosterhout) | ||||||||||
| Version 4.1 - Added better explanation in JBOD scenario when disk selection falls short either via capacity or IO reasons (Jeremy Gagne) | ||||||||||
| Version 4.2 - Added Restore LUN RAID parity options (Robert Gillies and Rick Shire) | ||||||||||
| Version 4.3 - Conditional Formatting fixes (Robert Gillies) | ||||||||||
| Version 4.4 - Added minimum number of global catalog cores (James Reed) | ||||||||||
| Version 4.5 - Improved formatted capacity calculation formula (Kyryl Perederiy) |
Lets just say it is well worth the download! So… What are you waiting for…. http://msexchangeteam.com/files/12/attachments/entry453145.aspx
I ran into a poster that Microsoft published a few days ago that details the traffic flow of protocols and ports used in each workload within Office Communications Server 2007 R2 (OCS 2007 R2). OCS 2007 R2 supports the following workloads: IM and Presence, Conferencing, Application Sharing, and Enterprise Voice. These filtered views can assist you in architecting your deployment of Communications Server 2007 R2. The different server roles are described along with server certificate requirements. Firewall and DNS configuration requirements are also described.
Get your copy at: http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=af2c17cb-207c-4c52-8811-0aca6dfadc94
Microsoft (thank you Ross and Matt!) have released a much needed update to the Exchange 2010 Mailbox Requirements Calculator.
This version includes the following improvements and new features:
This version also corrects the following bugs:
For more information on this new update: http://msexchangeteam.com/archive/2009/11/09/453117.aspx
You can download the update from: http://msexchangeteam.com/files/12/attachments/entry453145.aspx
