Important Notice For All Office 365 Hybrid Environments

Just saw this important blog issue from Microsoft.

On April the 15th Microsoft is renewing the TLS Certificate used by Office 365.

This means that hybrid mail flow may be broken for users who do not take appropriate action.

This fix is quite simple. All on-prem servers used for hybrid  need to be updated to Exchange 2013 CU9 or later and the Exchange hybrid wizard needs to be run again.

You can find the latest version of the hybrid wizard over here

You can find the full Microsoft blog regarding this issue over here

Advertisements

Office 365 now supports 150MB Atachments

That right, the atached file size in office 365 has been enlarged from 25MB (Which is usually enough for most people) to 150MB.

That means that you can now send and receive 150MB file attachments using office 365.

However take note, the default size is still 25MB and to take advantage of the 150MB file limit the office 365 admin must modify the default settings.

You can change the default for your organization by adjusting the default message size restriction. Simply select recipients mailboxes then click “. . .” and select Set default message size restrictions.

message size limit

message size limit2

 

So go ahead and take advantage of the new 150MB file size limit.

Exchange 2010 can be installed on WIndows 8.1 – REALLY

OK, so this just happened to me and this post is not to be intended as a guide or even a recommendation!

A customer called me with a serious issue that mails were not being sent to people outside of his organisation. upon connecting to his EMC I received a message that one server was running in trial mode with 119 days left. So that means that it had just been installed the previous day. It turned out that the so-called trial server was actually a helpdesk PC running windows 8.1. The tech (who was also a domain admin – wich he of course shouldn’t have been) wanted to install the Exchange management console.

Now Exchange should not even install on windows 8 but in this case (guessing 8.1) exchange did not recognise that this was a workstation OS and offered the option of installing all components. The tech who was not familiar just clicked next and installed a full blow all in one copy of exchange 2010 on his PC. This ofcourse led to mail flow issues. Uninstalling the exchange fixed everything but I couldn’t believe my eyes when I saw exchange 2010 installed on  windows 8.1.

So my advice to you is
1. Beware
2. Don’t give a helpdesk tech domain admin privileges.

New Veeam Explorers Just Announced

A few weeks ago I blogged about the new Veeam Explorer for Active Directory.

Veeam have just announced the addition of another Explorer, Veeam Explorer For SQL.

This is a great addition, as we will now have the capability to perform SQL granular level restores without the need for a running virtual machine, as was the case when using Veeam Virtual Lab.

In addition to the SQL explorer Veeam also announced that Transaction log based level backup for SQL will also be supported in upcoming version 8, allowing both point in time backups and recovery of SQL databases.

SQL Transactional backup

In addition to the new Veeam explorer for SQL, Veeam Explorer for Exchange is also being updated. the updated version adds:

  • The ability to recover hard deleted Items
  • Restore to online archive mailboxes
  • 1 click recovery using the web-based portal

All this is great news, as it means Veeam has evolved from a great virtual machine backup tool to a great all around Microsoft backup tool. The new explorers allow us to perform granular recovery of nearly all Microsoft based products (databases: SQL, Exchange, Active Directory & Sharepoint). and we can of course still use the Veeam Virtual Lab to assist with the recovery process of any other database that is not supported by a Veeam Explorer.

You can find the Veeam Explorer update here

Exchange 2013 SP1 – MAPI over HTTP

In my previous post I talked about creating a DAG without an AAP.

In this post I want to talk about another new feature in Exchange 2013 Sp1 know as MAPI over HTTP.

All Previous version of Exchange communicated with outlook clients using the RPC Protocol. Since Exchange 2003 there has been a second protocol available to connect to the server –  RPC over http also know as outlook anywhere. This option was mainly used for secure external access (Outlook clients that are outside of the exchange network) to the Exchange server.
Exchange 2013 used this protocol (Outlook Anywhere) for all communications both internal and external.

Now with SP1 a new communication protocol has been added – MAPI over HTTP.
The benefits of using MAPI over HTTP are:

  • Provides faster reconnection times after a communications break because only TCP connections—not RPC connections—need to be rebuilt. Examples of a communication break include:
    • Device hibernation
    • Changing from a wired network to a wireless or cellular network
  • Offers a session context that is not dependent on the connection. The server maintains the session context for a configurable period of time—even if the user changes networks.

First thing to mention is that MAPI over HTTP is only supported for outlook 2013 Sp1 clients. All previous clients will continue to use RPC over HTTP/Outlook Anywhere.
The second thing is that MAPI over HTTP is not enabled by default.

To enable MAPI over HTTP you need to complete the following steps:

1. Virtual directory configuration – By default, Exchange 2013 SP1 creates a virtual directory for MAPI over HTTP. You use the Set-MapiVirtualDirectory cmdlet to configure the virtual directory. You must configure an internal URL, an external URL, or both.

For example, to configure the default MAPI virtual directory on the local Exchange server by setting the internal URL value to https://contoso.com/mapi, and the authentication method to Negotiate, run the following command:

Set-MapiVirtualDirectory -Identity "Contoso\mapi (Default Web Site)" -InternalUrl https://Contoso.com/mapi -IISAuthenticationMethods Negotiate

2. Certificate configuration – The digital certificate used by your Exchange environment must include the same InternalURL and ExternalURL values that are defined on the MAPI virtual directory.  As always make sure the Exchange certificate is trusted on the Outlook client workstation and that there are no certificate errors, especially when you access the URLs configured on the MAPI virtual directory.

3. Update server rules – Verify that your load balancers, reverse proxies, and firewalls are configured to allow access to the MAPI over HTTP virtual directory.

4. Enable MAPI over HTTP in your Exchange Organization -Run the following command:

Set-OrganizationConfig -MapiHttpEnabled $true

Caution: Do not enable Mapi Overt Http if you are still migrating from Exchange 2007/2010. 
Doing so may cause outlook 2013 SP1 client to lose connectivity to public folders.

System Center Advisor

So I just discovered this new service from Microsoft called System Center Advisor. Ok, so it’s actually been around since January 2012 but I only just discovered it.

So what is it you ask? Well it’s a free Web-based (Sorry that should be cloud based) service that helps you monitor your Microsoft Systems. It Supports:
Windows Server 2008 & 2012 (This includes both Hyper-V & Active Directory), Exchange Server, SQL Server, Lync Server & Sharepoint Server.  And now support for SCVMM 2012 has been added.

So what does this all mean? Basically System Center Advisor is a Mini version of SCOM. You install agents on your servers and designate one server as a gateway (or if you already have SCOM implemented then you don’t need agents and the SCOM server acts as a gateway) and alerts are transferred to the System Center Advisor cloud service. You can now logon to the service and view alerts regarding your servers configuration, workload etc. Or alternatively have the alerts sent to you by E-mail. You can (and will) receive alerts regarding best practices, backups, unsupported configuration, system crashes and more.

All that’s required is a Microsoft account, you login and download the installation agent. The first server you install the agent on will also act as a gateway (not supported on domain controllers and I wouldn’t recommend putting the gateway on a Hyper-V host either), the rest of the servers require just the agent and pass all alerts to the gateway wich in turn uploads them to the System Center Advisor cloud.

This seems like an awesome tool and the fact that it’s free just makes things better. Just think that you now have a free service helping you to monitor and audit your Microsoft enviroment.

Alerts View
VMM Alerts

VMM Alerts

 

Windows XP Prompting for credentials on Exchange 2013

OK, so you’ve just installed Exchange 2013. Everything is working fine untill you find that windows XP clients with both outlook 2007 & 2010 are prompting you for passwords.

Both versions of outlook are fully supported as is windows XP & windows 7 clients are working fine so what gives?

The answer as it turns out is quite simple. The Exchange Certificate common name must match the exchange server name. Even if the Exchange server name is listed in the SAN (subject alternative names) windows XP will prompt for credentials. SO you can either make sure that when you create the SAN certificate that the Exchange name is the common name or run the following command:
Set-OutlookProvider EXPR -CertPrincipalName:”msstd:mail.company.com”
After running the command issue “iisreset”.
Hope this helps anyone with the same issue.

Take note here: If you have windows xp clients that are connecting both internally and externally using Outlook anywhere your going to have to set up split DNS and use the same namespace for both internal & external clients or set up a Proxy (Microsoft TMG or UAG) and issue seperate certificates with seperate common names.