Blog Post: Understanding Exchange Server 2013–Part2 (Public Folders) #Microsoft #msexchange

Public Folders provide an awesome way for collaboration, for years there were rumors that Microsoft will drop PF with the introduction of Exchange 2007, Microsoft saw obstacles in PF as they are using different management and different hierarchy and architecture from regular mailbox.

With the introduction of Exchange 2013, Microsoft made PF leaps into the future with the changes that Microsoft introduced on PF storage in Exchange 2013, so what happened to PF in 2013, let us take a look:

• PFs are not stored in PF mailboxes: previously PF were stored in the PF database, thus prevented the use of modern protection technologies offered by Exchange 2007/2010 such as replication/DAG, in Exchange 2013 PF are now stored in special type of mailbox called a PF mailbox, this mailbox stores the PF hierarchy and the PFs content that were created on that mailbox.
• PFs no longer utilize PF replication architecture: In previous versions of Exchange PFs were utilizing the PF replication architecture, it was a separate architecture that was managed separately and required its own set of monitoring and management and was inherited from previous versions of Exchange, with the new architecture PFs no longer use replication as before, the mailbox itself can be replicated now using DAG architecture offering mailbox resiliency and protection, but content themselves are not replicated across mailboxes, each content mailbox holds his own content and he is the only holder of that content, the mailbox is replicated using underlying DAG architecture but not the content.

With the new architecture we have now a new type of mailboxes called “Public Folder Mailbox” this mailbox can be divided into 2 types:

1. Master Hierarchy PF Mailbox: the Master Hierarchy mailbox is special kind of PF mailbox that you create to either import your hierarchy from previous versions or and hold your PF hierarchy and this is usually the first PF mailbox you create.
2. PF mailbox: All later PF mailboxes are that kind of PF mailbox, there is a very important difference between PF mailboxes and Master PF mailbox, the Master PF mailbox holds a writable copy of the hierarchy but other PF mailboxes hold a read-only copy of the hierarchy (note: you can upgrade a PF mailbox to a master one anytime, but at any time there is only 1 writable copy of the hierarchy) (another note: all PF gets a copy of the hierarchy but it is read only one)

Design Considerations:

with the new architecture there is a very important point to note (PF contents are not replicated) so organizations that are geographically dispersed and utilizing PF replication to provide local access to Public Folders must reconsider their PF hierarchy and how it is planned now because in order for a user to access the PF content he will need to access the content PF mailbox directly and that might occur over the WAN if content distribution is not well planned.

For the last point some people might have some concerns, but with the all HTTPS traffic between clients and CAS I can imagine that with the use for WAN optimizers and proper planning this will offer orgs greater flexibility and even better management.

From end-users perspective, PFs in Mailboxes are just the same as PF in older versions of Exchange, the storage of the PF is different from admin point of view but users are not aware of that change

The other things you might want to consider is the PF mailbox storage limit, mailbox in Exchange 2013 supports 100 GB, although it is fine for normal mailboxes, you will need to take serious consideration if your organization is heavily using PFs and you have PF trees that is larger than this limit.

The only things that you will need to know that RTM launch, PF will be available from Outlook Only, OWA access to PF is not ready yet.

at this point and as this article is being written any of the secondary hierarchy mailboxes could be prompted to a primary one, but this is not documented until now, I will update this article to include a pointer for the new information, to identify which mailbox is the master hierarchy mailbox you can use this cmdlet:

Get-OrganizationConfig | fl DefaultPublicFolderMailbox

PF Migration from earlier versions:

As this article is being written Exchange 2010 SP3 is the only source from where migration  can be done, Exchange 2007 is supported for coexistence with Exchange 2013 but an update that is unknown so far will be released later to allow such coexistence.

The migration high-level steps are done as following:

• You Generate a CSV file that contains your hierarchy from your older Exchange server. Keep in mind that you can open that CSV and edit its content mapping to PF mailbox if you would like to spread your content across mailboxes for geo-access or for proper distribution.
• You create a Master Hierarchy PF mailbox and import that CSV to it.
• Create a new PF migration request.
• Lock down the access to the PF, at the final stages a lock down is placed which prevents users from accessing the PF to lock access to finalize the migration.
• Complete the request and resume the migration.

the steps are detailed here http://technet.microsoft.com/en-us/library/jj150486(v=exchg.150), once lab is done I will post a blog post about editing the CSV before migration.

I hope that you enjoyed the post and wish you happy Public Foldering .

Mahmoud

Understanding Exchange Server 2013–Part1 (Role Architecture Changes) #Microsoft #msexchange

Today the Exchange server 2013 technical preview has been announced, it was a long waited version that will take the Microsoft communication and messaging platform to the new level, with the new version there are a lot of changes in how things work internally and in architecture in general, in these blog series we will explore the new architectural changes in details, this the first part we will speak on the new role architecture changes.

Old Architecture:

in Exchange 2007, Microsoft did a dramatic change in server role architecture by splitting the functionality into HUB, CAS, UM, Edge and Mailbox, this was huge change from the old Backend/Frontend architecture in Exchange 2003, the new architecture was the same in Exchange 2010.

Behind the scene:

Behind the scene, Microsoft saw a limiting boundary in hardware expansion from Memory and Disk perspective and saw that CPU power is increasing over time; additionally current server roles architecture and binaries doesn’t make full use of the current CPU cores capabilities which introduce a potential for server role consolidation ; and that was the major drive for the new architecture change.

New Exchange server 2013 Architecture:

in Exchange Server 2013, the architecture has been changed to consolidate all the roles to the following:

• Client Access Server Role: The Role proxies and handles all client connectivity protocols including HTTPs/POP3 and SMTP, you will have to note that in Exchange server 2013 all client to server traffic is done over HTTPs so no RPC traffic any more.
• Mailbox Server Role: this role does all Mailbox functionality, UM functionality.

The driver behind the new architecture that more roles can be combined in a single box offering less server roles and higher hardware utilization and better capacity also since roles are combined they can communicate internally using RPC thus eliminating the need to support RPC protocol outside a single box and making communication between Mailbox and CAS servers only over HTTPs or SMTP.

with the new architecture; the CAS does its role differently by doing pure proxy’ing for connections that he handles thus offering simplified deployment for 2 reasons:

• Since all traffic is proxied there is no need for advanced Layer 7 load balancers, because everything is stateless it just takes the connections and forward it to the appropriate mailbox or backend server so all what you need is a layer 4 TCP with source IP load balancer to do the job, this means that if a CAS server failed there is no problem in forwarding the session to another client access server because there is no session affinity to maintain.
• since CAS server is now doing proxy there are no need for different types of stickiness or session affinity configuration needed in previous versions, which has been simplified by using a simple single namespace to o all of the work.

CAS servers also now handle SMTP connection, the sole service responsible for that is the Frontend transport services which does all of the SMTP related functionality including recipient/sender filtering, protocol logging…etc.

there is no Edge Server 2013 specific version, you can use the Exchange 2010 Edge server along with your Exchange server 2013 deployment, there might be change in this regard in later service packs.

in part 2 we will explore the new features in mailbox servers and how it differs from its predecessors.

No More local names in the certificate starting November 2015 #MsExchange #Lync #ucoms #lync2010 #Microsoft Part1

Starting November 2015 all public domains providers will prohibit the use of invalid domain names, this is because internal servers names are common and could be falsified and end server connection can’t be assured, you can read more about it here

http://www.digicert.com/internal-names.htm

and

http://www.networking4all.com/en/ssl+certificates/faq/change+san+issue/

The reason that is given for the change is that the internal server names are not unique and therefore easy to falsify. With common names like server01 or webmail, the end user is never sure if it is actually dealing with the right party or with a malicious.

The changing legislation for SSL Certificates shall start on 1 November 2015. This means, from that date, the invalid Fully-Qualified Domain Names (hereafter called FQDN) will no longer be accepted at the standard of the CA/Browser Forum and after that date such certificates may no longer be issued. All certificates issued after 1 November 2015 and meet this qualification will be revoked upon discovery.

Users who are requesting a certificate on an invalid FQDN with an expiration date after 1 November 2015 should remember that their certificates will be revoked after 1 November 2015. After this date, no SAN SSL Certificate with a reserved IP address or internal server name will be issued either.

you can download the new certificate requirement for the cabforum here http://www.cabforum.org/Baseline_Requirements_V1.pdf

What does that means:

if you are running your domain using an invalid name (.local or .dom) you might face some issues depending on your configuration, the most commonly affected applications by this changes are Microsoft Exchange and Microsoft Lync servers.

for years we have been using the UCC certificate which allowed us to include internal server names along within the public certificate which offered a simplified configuration, I do believe that this change will require massive changes in the Exchange and Lync infrastructure to support this change.

For Microsoft Exchange:

Depending on your configuration you might need to do some changes in your infrastructure to support this change, let us divide the configuration as following:

1- Your Active Directory domain name is domain.com or other valid domain names:

if your Active Directory domain is running domain.com name or other valid domain names, then most probably your changes are minimal, the only catch here if your users are accessing OWA using https://mail or https://Exchange internally for end users simplicity, this will not be supported or working anymore and you will need to work with your end-users to fix that.

2- your Active Directory domain is domain.local (or other invalid name): 

oooh baby, you will have fun, because of how internal and external URLs in Exchange are functioning you will need to do more than just a new certificate request for your servers, but again it depends on how you configured your Exchange servers:

For a single Active Directory site deployment:

 

If your Internal URLs for Exchange Webservices uses External names, then you are fine, but if you are running a single Website for OWA, OAB and other webservices functionality, you will have to consider 2 solutions:

• Change the internal names of the vDirectories to include public domain names (.com or .net for example) this will require creating the correct DNS zones in Active Directory (domain.<valid domain>) and configure the entries in that DNS zone to map to the correct internal and external IPs (some services will point to internal IPs like Exchange webservices and some will point to External IPs like your website for example), you might also require some changes in the certificate to include the new names or purchase a new certificate to accommodate the new names.
• Create a new website on the Exchange and split the traffic between the External website and the internal website, for the new website you will need to include the correct names (either internal and External) and configure a new IP for the CAS servers, using host headers with OWA and ECP currently breaks OWA/ECP thus you will need to assign your CAS servers new IP, and configure the websites to listen on its corresponding IPs and configure publishing rules to publish the new configuration (this also depends on your network infrastructure and firewall configuration).
• External Names and its certificate will need to be revisited to issue the correct names in the certificate, I am not sure whether old certificate will be revoked or kept as-is, but if they will be kept until they are revoked and never re-issues then you can skip this step.

You might need to check you NLB configuration if it is there to include a new NLB IP for the internal Names.

For a Multi Active Directory site deployment:

again it depends on your configuration, and this might be a little tricky because or redirection and proxying, I have tried to simplify it but I couldn’t as there are various factors and configurations but here are some guidelines:

• Document how you are doing OWA and webservices right now, also how your are doing your proxy or redirect configuration.
• External Names and its certificate will need to be revisited to issue the correct names in the certificate, I am not sure whether old certificate will be revoked or kept as-is, but if they will be kept until they are revoked and never re-issues then you can skip this step.
• Internal Names will need to be checked and either re-mapped to names that includes valid external domains and this will require DNS and certificate changes as I stated above.
• Internal names that will be kept internal will need to use their own website, new IPs and Certificate which might be re-issued, also you might want to re-visit your NLB configuration, also you will need to check you NLB configuration.
• you will need to revisit your InternalNLBBypassUrl , the recommendation is not to change it from the internal server name and for the time being I don’t have another recommendations, and until then and if you do Proxy across the sites you might stuck with the new website option

in part 2 we will see how the change affects Lync 2010.

Invitation for Windows 8 Metro Style Development using HTML5 & java script‏–Arabic Speaker #Egypt #Microsoft

HTML5 is the next wave for standards aiming at transforming standard web technologies into a great application development platform. Windows 8 is the first OS to integrate HTML5 as a first class development platform.
In this session we will explore how to take advantage of new HTML5 features like Enhanced Layout, CSS3 Transitions and Animations, and Touch Support, beside introducing how to integrate with the rich WinRT API like Enhanced UI Controls, HW Device Support, and Store Integration.
Please join us at the “Windows 8 Metro Style Development using HTML5 & java script”, to learn more about these guiding principles.
Date: Tuesday July 10th, 2012
Time: 10:00 AM – 3:00 PM
Session: “Windows 8 Metro Style Development using HTML5 & java script”
Speaker: Yasser Makram
Venue: Microsoft building – Smart Village
Now, you can join the session online through the below links:
Note: please make sure that you are using good internet connection
Join online meeting
https://join.microsoft.com/meet/azzae/88CNPVBK
Join by Phone
+20235393330

July 2012 #mvpbuzz #Microsoft

below the list of MEA MVPs for July 2012:

 

Renewed MVPs

Influencer	Technical Expertise	Country/Region
Mustafa  Acungil	SQL Server	Turkey
Alon  Fliess	Visual C++	Israel
Pnina  Zinger	Project	Israel
Aviv  Liberman	Visio	Israel
Tarek  Majdalani	Forefront	Kuwait
Muhammad Imran  Khawar Bodla	SharePoint Server	Pakistan
Hakan  Uzuner	Directory Services	Turkey
Gokhan  Senyuz	Enterprise Security	Turkey
Shay  Levy	PowerShell	Israel
Ockert Johannes du Preez	Visual Basic	South Africa
Muhammad  Umair	Visual Basic	Saudi Arabia
Gail  Shaw	SQL Server	South Africa
Ali  Tahiri	Visual Studio ALM	Morocco
Michael (Micky) Avidan	Excel	Israel
Baki Onur Okutucu	Windows Expert-IT Pro	Turkey
Adil Ahmed Mughal	Visual C#	Pakistan
Alex  Golesh	Silverlight	Israel
Yaron  Naveh	Connected System Developer	Israel
Dylan  Haskins	Dynamics CRM	South Africa
Bechir  Gharbi	System Center Configuration Manager	Tunisia
Meir  Dudai	SQL Server	Israel
Ahmet Sertay  Halka	Connected System Developer	Turkey
Josh  Reuben	Technical Computing	Israel
Ronen  Chenn	SQL Server	Israel
Idan  Plotnik	Forefront	Israel
Mustafa  Kara	System Center Cloud and Datacenter Management	Turkey
Burak  Batur	SharePoint Server	Turkey

New MVPs

Influencer	Technical Expertise	Country/Region
Serkan  Varoglu	Exchange Server	Bermuda
Yaniv  Totshvili	Exchange Server	Israel

Retired MVPs

Sadly, we had to say goodbye to the following MVPs this cycle, but they stay on our watch list for possible nominations in the future.

Influencer	Technical Expertise	Country/Region
Ediz  Ozturk	System Center Configuration Manager	Turkey
Peter  Willmot	SQL Server	South Africa
Khalil ur Rehman  Khan	SharePoint Server	Pakistan
Erbug  Kaya	Expression Blend	Turkey
Mina  Nagy	Lync	Egypt
Alaa  Ajweh	App-V	Jordan
Fatih  Karaalioglu	System Center Cloud and Datacenter Management	Turkey

In addition, Turkish SQL Server MVP Turgay Sahtiyan is retired due to his recent employment at Microsoft MEA as a Senior Premier Field Engineer.