SuperTekBoy

Exchange June 2017 Updates

July 4, 2017 By Gareth Gudger 6 Comments

17 Shares

Last week was a big week for Exchange updates. Not only did we get Cumulative Update 6 for Exchange 2016, but we also got Cumulative Update 17 for Exchange 2013.

As always, test these updates in a lab first! I recommend checking out this 7-part guide on configuring Exchange in your lab. It doesn’t take much to get one going.

The updates are as follows:

Exchange 2016 Cumulative Update 6 | KB4012108 | UM Language Pack

Exchange 2013 Cumulative Update 17 | KB4012114 | UM Language Pack

Exchange 2010 SP3 Rollup 18 | KB4018588

A quick word on Exchange 2007

It’s time to update. Exchange 2007 went end of life as of April 11th 2017. You will receive no further patches and will be unable to acquire telephone support. Published back in March 2017, Rollup 23 is the final update for Exchange 2007.

Exchange 2007 SP3 Rollup 23 | KB4011325 (final update for 2007)

If the lack of security updates from Microsoft isn’t convincing enough, check this article for a list of cool things Exchange 2013 can do. (P.S. Like the fact Exchange 2013 uses less IOPS per mailbox than 2007…say whaaat) [Read more…] about Exchange June 2017 Updates

Awarded for a 2nd year as a Microsoft MVP (Thank you!)

July 2, 2017 By Gareth Gudger Leave a Comment

117 Shares

On July 1st I had the great pleasure of being awarded for a second year as a Microsoft Most Valuable Professional (MVP). It is truly a great honor to be awarded for another year.

I want to give a special shout out to everyone who supports this blog. Your comments, your follows, your likes and your shares–they have all got me to this point. Thank you.

I would like to offer special thanks to my family, friends, colleagues and employer. Thank you for your continued support and challenging me to the best I can be.

For me the MVP program grants two fantastic benefits.

The first is being able to interact directly with the Microsoft product groups. Similar to the Technology Adoption Program (TAP), MVPs get early access to the latest software builds. Not only does this allow us to discover new features but it also provides a forum for feedback and feature requests. As an MVP you get to help shape Microsoft products and services.

The second benefit is being able to collaborate with MVPs from all across the globe. I have had the great pleasure of becoming friends with MVPs from many different countries and cultures. It is truly an amazing experience. [Read more…] about Awarded for a 2nd year as a Microsoft MVP (Thank you!)

Recover Exchange Server after total loss

June 26, 2017 By Gareth Gudger Leave a Comment

317 Shares

Being able to recover an Exchange Server is key to business continuity. This is magnified in environments where there is only a single Exchange server. Rebuilding an Exchange environment from scratch would be an arduous and monumental task. Luckily Exchange saves much of its configuration settings in Active Directory. As long as Active Directory is healthy you can recover an Exchange Server to its former configuration. This process saves a massive amount of time.

That said there are some items that are not stored in Active Directory. This includes the databases where user and public folder data is stored, third-party certificates and, customizations made outside of the Exchange management tools.

Certificates are easy. If you don’t have a backup you can have your certificate re-keyed by your provider. This may take some time so it is much better to export your Exchange server certificate and save it to a safe location. Then it can be quickly imported in the event of a failure. This will reduce down time.

Databases are a little more difficult. Depending on the nature of the failure they may need to be restored from backup. The time required for restore largely depends on the size of the database. With the Exchange standard license you get five databases. So, rather than one large database, go with five smaller ones. This greatly aides your recovery time objective (RTO). Exchange enterprise allows up to a hundred databases giving you even greater capacity.

I always recommend that you architect a database availability group (DAG) where possible. Even if your budget can only cover two Exchange servers–creating a two member DAG with two copies of each database–will put you miles ahead when it comes to disaster recovery. The instructions to recover a DAG member differ and we will cover that in a later article.

Configuration outside of the Exchange tools is going to be a little tougher. You will either need documentation so the changes can be repeated, or, a backup of the changes. Customizations outside of Exchange can include the registry, IIS, or, text-based configuration files. [Read more…] about Recover Exchange Server after total loss

Access is Denied when enabling Group Writeback

June 20, 2017 By Gareth Gudger Leave a Comment

22 Shares

Group Writeback is a feature in Azure AD Connect that allows for Office 365 Groups to be written back to your on-premises Active Directory as a universal distribution group. This allows your on-premises users in a hybrid environment to send email to the Office 365 Group.

When configuring group writeback you specify which organizational unit (OU) you want these objects to be written. Each of these Office 365 groups is then represented by a separate universal distribution group that starts with a name of “Group_” followed by a unique identifier.

In the screenshot below I have two Office 365 groups that are being written back to my local AD.

The problem – Access is Denied

When I first tried to get these groups written back to this organizational unit was where I ran into problems. I was following this Microsoft document verbatim. The document specifies to open Active Directory Users and Computers and locate the account that started with “AAD_”. Which I found.

The document later uses this account to run a script. When running the script everything completed as expected. No errors.

When I checked the permissions on the organizational unit I could see that the script had added the AAD_ account with a bunch of permissions. Everything looked good.

However, I quickly started generating errors in Azure AD Connect. When I opened Synchronization Manager I received the following error on the export of my Office 365 group. “Permission Issue – Access is denied”

Unable to delete newly created calendar in Outlook on the Web (OWA)

June 19, 2017 By Gareth Gudger Leave a Comment

24 Shares

If you created a new calendar in Outlook on the Web you may notice the option to delete it might be missing. I see this question come up quite a lot so figured it was time to address it with a blog post.

The issue occurs when a user creates a calendar in Outlook on the Web. Often the calendar is created in error because the user was trying to add a shared calendar instead. When the user right-clicks the calendar they will see no option to delete.

We have an example of this in the screenshot below. The user has created a calendar titled, “My New Calendar”. However, when they right-click there is no option to delete.

Quickly copy an Anonymous Receive Connector “Relay” between servers

June 18, 2017 By Gareth Gudger Leave a Comment

33 Shares

In this article we are going to take a look at just how easy it can be to copy an anonymous receive connector from one server to another using PowerShell.

Anonymous Receive Connector Relay

This is especially important in scenarios where a receive connector may have dozens–if not hundreds–of IPs. Adding each IP using the graphical user interface would be insanely time consuming. It would also be prone to human error. This challenge only multiplies if you have many servers to repeat this process on. With PowerShell we can cut this task down to mere seconds.

The first part of this article is a primer on how to configure an anonymous receive connector. If you are just interested on how to copy all IPs from one connector to another jump to the section titled Copying an Anonymous “Relay” Connector between servers.

Note: While this article focuses on moving an anonymous receive connector it can be adapted for any custom receive connector you have created.

Quick primer on anonymous receive connectors

Before we explore how to move a receive connector let’s take a refresher on how we create a receive connector with PowerShell. For this task we use the New-ReceiveConnector cmdlet. For example, to create an anonymous receive connector our command might look like this.

 C:\> New-ReceiveConnector -Name "Anonymous Relay" -Server EX16-01 -Usage Custom -TransportRole FrontEndTransport -PermissionGroups AnonymousUsers -Bindings 0.0.0.0:25 -RemoteIPRanges 10.0.0.25, 10.0.0.26, 10.0.0.50-10.0.0.59

In this command we create a receive connector named “Anonymous Relay”. We use the -Server parameter to identify which server we want the connector to be created on. We identify that the -Usage of the connector will be Custom. Custom is one of five connector types and is used for anonymous relays. [Read more…] about Quickly copy an Anonymous Receive Connector “Relay” between servers

Don’t install .NET Framework 4.7 on Exchange Servers

June 17, 2017 By Gareth Gudger Leave a Comment

50 Shares

The Exchange Team posted a quick note Tuesday addressing the release of .NET Framework 4.7 and Exchange. As of right now (June 2017) .NET 4.7 is not supported. While the Exchange team has not documented any known compatibility issues (like we saw when previous releases first shipped) they report the update has not been fully tested with Exchange and recommend all customers block the update until further notice.

As with any series of patching it is always critical to review all updates against the Exchange Supportability Matrix. If you want support from Microsoft you must be within the boundaries of that matrix. At the time of writing .NET 4.6.2 is the latest version supported by Exchange 2013 and Exchange 2016, provided you are on the latest cumulative updates. Older cumulative updates only support older versions of .NET. The Exchange Supportability matrix states that any version of .NET not listed on that site should be considered unsupported.

If you have already applied .NET 4.7 to your Exchange servers the product group recommends rolling back. The have identified this process in their latest blog post.

For environment that use patch management software such as WSUS or System Center, it is always a good idea to put Exchange servers in their own update group. This allows you to isolate Exchange into its own update cycle. If you don’t have a patch management system you can temporarily block .NET through the registry. Although this registry change will need to be performed against each Exchange server.

With future cumulative updates .NET Framework 4.7 will eventually be supported. We will update this space when this occurs.

Do you think Exchange should have day one support for the .NET Framework? Come join the conversation on Twitter @SuperTekBoy.

Exchange March 2017 Updates

March 22, 2017 By Gareth Gudger Leave a Comment

36 Shares

It was a big month for Exchange updates. Not only did we get Cumulative Update 16 for Exchange 2013, but we also got Cumulative Update 5 for Exchange 2016.

As always, test these updates in a lab first! I recommend checking out this 7-part guide on configuring Exchange in your lab. It doesn’t take much to get one going.

The updates are as follows:

Exchange Server 2016 Cumulative Update 5 | KB4012106 | UM Language Pack

Exchange Server 2013 Cumulative Update 16 | KB4012112 | UM Language Pack

Exchange Server 2010 SP3 Update Rollup 17 | KB4011326

Exchange Server 2007 SP3 Update Rollup 23 | KB4011325 (final update for 2007)

A quick word on Exchange 2007

It’s time to update. Exchange 2007 will go end of life on April 11th 2017. At the time of writing that is 20 days. On April 12th you will receive no more patches and no more telephone support. In fact Update Rollup 23 will be the final patch for Exchange 2007. No more daylight savings updates will be provided from here on out.

If the lack of security updates from Microsoft isn’t convincing enough, check this article for a list of cool things Exchange 2013 can do. (P.S. Like the fact Exchange 2013 uses less IOPS per mailbox than 2007…say what?)
[Read more…] about Exchange March 2017 Updates

Main navigation

A quick word on Exchange 2007

The problem – Access is Denied

Quick primer on anonymous receive connectors

A quick word on Exchange 2007

Footer

Site Navigation

Join the conversation