Slow webmail (OWA) logon and authentication after publishing Exchange with Microsoft Forefront TMG

Posted by on May 2, 2012 No comments

This week I was at a customer site who had problems logging in to Exchange webmail. After logging in using the forms-based authentication dialog it took the site about a minute to show the contents of the inbox. Analyzing the problem with Wireshark or the builtin Forefront TMG did not show any usable information as all traffic was redirected to the exchange server correctly. Also, Exchange ActiveSync behaved normally and fast.

In my case, the customer used Microsoft Exchange 2007 with Microsoft Forefront TMG 2010 RTM. After some inspection of the Web listener I saw that the following options were enabled:

  • Allow users to change their passwords
  • Remind users that their password will expire in this number of days …

Read more »

Configuring a Cisco Wireless LAN Controller (WLC) with multiple AP-Manager Interfaces

Posted by on March 27, 2012 No comments

In certain Cisco Wireless Lan Controllers (WLC) the functionality to connect your controller to upstream switches using a Link Aggregation (LAG) is not available. An example of such a WLC is the Cisco WLC 2504.

To be able to connect your access points in a redundant way, you can configure multiple AP-Manager interfaces on your WLC. This article shows the neccesary steps and explains how Access Points know that there are multipe interfaces available to route traffic. This howto was written using WLC Controller release version 7 but should work with other releases also.

Differences between LAG and Multiple AP-Manager Interfaces.

From the WLC Config Guide:

  • With LAG, all of the controller ports need to connect to the same neighbor switch. If the neighbor switch goes down, the controller loses connectivity.
  • With multiple AP-manager interfaces, you can connect your ports to different neighbor devices. If one of the neighbor switches goes down, the controller still has connectivity.

Howto configure multiple AP-Manager Interfaces.

  • Log on to your WLC using the web console and navigate to Interfaces.
  • Add a new interface
  • Configure the interface as follows:

Read more »

Exchm: A GUI for PST Migration commands in Exchange 2010

Posted by on February 28, 2012 2 comments

A few weeks ago I posted an article about the difficulties and challenges in Exchange PST migrations and the language difficulties that come with the process.

After posting the mentioned article, I got a reply from @vworlddotnl on twitter, who told me that there is a graphical front-end available for the commands which are being used in the article. The tool is called Exchm and is available for download at http://www.it-value.nl/tools. Unfortunately the website is in dutch, but the manual and tool itself are in english.

The tool allows you to do the following:

  • Watch your current Exchange import / export and move queue
  • Show stats related to users and mailboxes
  • Import mailboxes from PST’s, based on PST’s from a directory or CSV file (to mbx and archive!)

By default, the tools uses the PST filename to match the PST to an account in the Exchange mailbox store. When no account is found, you are able to select one yourself. Some impressions of the tool:

Read more »

Exchange Cross Forest Migrations and x500 address calendar issues

Posted by on February 24, 2012 No comments

After conducting an Exchange migration a much heard issue is that old calendar items of users cannot be modified or send to the recipients that are members of the appointment.

Reason for this behavior are x500 addresses which where available in the old environment, and are saved by Exchange in the appointment itself. x500 addresses are an alternative for smtp addresses, and can be used for internal message routing. The x500 message format includes addresses in the following format:

/o=First Organization/ou=First Administrative Group/cn=Recipients/cn=username

The above example comes from an Exchange 2003 environment. When looking at an Exchange 2010 environment, the standard format is as follows:

/o=OrgName/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/

Note that the actual path may differ when you are using other Administrative groups in your environment. At this point, after a migration, users have no x500 address in the new Exchange environment, so when a user updates an old calendar item and sends it to the members of the appointment, you’ll get a non-deliverable report (NDR) stating that the destination user does not exist. Other symptoms include crashing of Outlook.exe

When clicking the recipient in the appointment, you’ll see the x500 address that Exchange tries to contact.

Besides this, the x500 address can also be seen in the NDR.

How to fix this?

Read more »

Exchange 2010 SP1 Archiving Part 4: Creating Retention Policy Tags on Default Folders

Posted by on November 22, 2011 6 comments

When you’ve read the previous posts in this series about Exchange 2010 archiving, you’ve probably seen the one explaining default folders. In this post, retention policy tags will be attached to default folders. Default folders are folders that are present in Exchange mailboxes by default. Examples are the Inbox, Drafts, Sent Items etcetera.

These Retention Policy Tags are set by administrators on the mentioned default folders and cannot be changed by users. Items in a default folder that has a retention policy tag attached to them inherit the retention policy that is set on the above default folder.

One downside to keep in mind

One big downside on the use of retention policy tags on default folders is that they can’t be used to move items to an archive after a certain period of time. Below you see the handsome error that is presented when you will try to do this. In my opinion, this is a reasonably big downside of using tags on default folders. When put in other words, retention policy tags on default folder can only have “Delete and allow recovery” or “Permanently Delete” as action to the policy.

Read more »

Exchange 2010 SP1 PST Migration: Foreign Default Language Hell

Posted by on November 18, 2011 4 comments

Exchange 2007 and above sure have come a long way regarding migration of mailboxes to a new environment, for example the ability to do a cross-forest migration which is now possible. But in some cases, you still have to go with a migration to PST, moving the PST to the new environment and importing it there.

In a lot environments, this proces comes with a lot of confusion regarding regional settings. For example, when mailboxes in the source environment are configured for the dutch language (nl-NL), and this configuration has not been made in the target environment, you’ll end up with a mailbox that has both “Inbox” and “Postvak IN” folders, as well as “Calendar” and “Agenda” folders. No fun to deal with.

Problems following the above are normally confused users, and administrators who have to manually clean up the mess.

How to prevent the Default Language Mess

Read more »

Exchange 2010 SP1 Archiving Part 3: Importing PST files to the Online Archive

Posted by on November 17, 2011 No comments

Let me introduce you to PST files. Ah, you’ve met already? Space eating email files that waste your fileservers space? I’m sure we’re talking about the same phenomenon.

In part 3 of this series on Exchange 2010 Archiving, PST files get moved out of the way and into the archive mailbox, where they belong. This can be acomplished in 2 ways:

  • Let an administrator do the job
  • Let the users do the job

How? Read on!

Read more »

Exchange 2010 SP1 Archiving Part 2: Creating a Company wide policy

Posted by on November 15, 2011 2 comments

In part 1 in this series about Exchange 2010 archiving I talked about setting up the Exchange environment and make it ready for archiving. In this part a company wide policy will be created.

In my opinion, the company wide policy has a somewhat strange way of setting it up. Looking at it from Exchange’s point of view, you have to create a policy that will be used “when no other policy effects the mailbox / folder”. When you follow the steps below you will see what I mean.

1. Set up your Exchange environment.

Part 1 in this series on Exchange 2010 SP1 archiving talks about setting up our Exchange environment to make it ready for archiving. It is a prerequisite to follow part 1 first.

2. Create the retention policy tags

2a. Using the Exchange Management Console (EMC):

  • Start the EMC
  • Navigate to Organization Configuration – Mailbox
  • Select the retention policy tags tab
  • Choose “new retention policy tag” in the actions pane
  • Name the retention policy tag
  • Choose “All other folders in the mailbox” as tag type

Read more »

Exchange 2010 SP1 Archiving Part 1: Introduction and Preparing the Exchange Environment

Posted by on November 9, 2011 1 comment

In this multi-part article I want to introduce you to Exchange 2010 SP1 Archiving. Because the archiving mechanism changed heavily in the transition from Exchange 2010 RTM to Exchange 2010 SP1, this article assumes SP1 for Exchange 2010 is installed.

Introduction

Exchange 2010 SP1 has the following archiving possibilities:

  • Legal Hold: Stores all incoming and outgoing messages into an archive. Legal Hold can be enabled on a per-user basis. This form of archiving is mostly used for legal purposes.
  • Retention: Takes care of archiving messages that meet certain criteria. These criteria can be set by an administrator or by the user if tags are enabled in the environment. This form of archiving is mostly used to store certain messages on slower (cheaper) storage.

Legal hold will be discussed in a future article. For now I want to focus on retention.

How retention works

In Exchange 2010 SP1, archiving is based on tags. There are a few ways to implement archiving based on retention:

 

Read more »

First look and howto configure Windows 8 Server DHCP Failover / Load Balancing

Posted by on October 12, 2011 1 comment

If you have been following the presentations at the recent “build windows” event, you probably have seen some new features of the Windows 8 Server version. In this blogpost I want to take a look at the new failover option that the DHCP server in Windows 8 Server has onboard. The failover options are based on the failover draft from the Internet Engineering Task Force (IETF).

I think every Windows admin knows the hassle, creating DHCP scopes that have to be redundant by splitting scopes using multiple DHCP Servers. Windows 8 Server should make this process easier for us, as it allows a mechanism between DHCP servers to use them in a active-passive (failover) or active-active (load balancing!) setup. Let’s take a look at these new features.

Prerequisites

In the following example I’ve made use of a dual server setup. Be sure to meet the following prerequisites:

  • 2 Servers running the Windows 8 Server Developer Preview
  • The Domain Controller Role Installed on 1 server
  • The DHCP Role installed on both servers
  • Authorization of the DHCP Servers in Active Directory

Configuring DHCP Failover

Read more »