All posts in Technical

By on December 29, 2011

Microsoft Exchange Server: Yesterday, Today, and Tomorrow

Microsoft Exchange Server 4.0We don’t yet know what the next version of Microsoft Exchange Server will be called. Exchange 15 is an assumption based on the version number, the last being Microsoft Exchange Server 2010 which was version 14 (14.01.0218.015 for SP1, to be specific). We also don’t yet know when Exchange 15, or Exchange Server 2013 (based on the three year cycle) will be released into the wild.

So while we are waiting, here’s a quick look at the versions that have come before:

 

The Younger Half-Cousin Done Good – Exchange 1.0

Actually not a server product at all, Exchange 1.0 or Windows Messaging to give it its real name was an email client included in Windows 95, 98 and NT4. The fashion at the time, 1996, was to lack support for Internet email so if you were looking for SMTP or POP3 support you were out of luck unless you installed the separate Microsoft Plus! pack, codename ‘Frosting’. Frosting included other delights such as Space Cadet Pinball, DriveSpace 3 and some space-age screensaver and wallpaper files.

Windows Messaging had us hooked though; we never looked back. In 1996 HTML messages were evil, our marketing departments hadn’t yet realized how to brand plan text emails yet. It was de rigueur to include an obscure quote in your footer, and if you were really out to impress, a string of special characters on the verge of ASCII art. There was no support for international characters either; sorry, the rest of the world you lose.

The First Server, Server Product – Exchange 4.0

The server side of the business came crashing through the door one day wanting in on the new funky Windows Messaging action. Exchange Server 4.0 was born as an upgrade to Microsoft Mail 3.5, which in 1991 was slowly turning into something called Network Courier in. Lotus were very excited about acquiring cc:Mail at about the same time, so the race was on.

Our CEO, Peter Bauer still proudly displays his Microsoft Mail 3.5 certifications on the office wall.

Exchange Server 4.0 was a wholly new system, designed on the X400 client-server model, supported by a single database and an X500 directory service, which later morphed into Active Directory.

1997 Microsoft Valued at $261 Billion and Exchange Server 5.0

In the year Microsoft becomes the World’s most valuable company, and Bill Clinton is returned to office for a second term, as is Steve Jobs; Microsoft release Exchange 5.0 and the new Exchange Administrator Console.

Adding the new Internet Mail Connector allowed your new shiny Exchange 5.0 server to communicate over the internet via SMTP, for the first time allowing your users to arrange their days around the send/receive button. Exchange 5.0 also introduced a new-fangled web-based email interface uninspiringly called, Exchange Web Access.

A Few Short Months Later – Exchange Server 5.5

In November 1997 while the tech world was distracted by the $37 Billion merger of WorldCom and MCI Communications, Microsoft snuck out Exchange 5.5, which was sold in two editions, Standard and Enterprise. Standard was limited to a 16GB database which was a throwback to previous versions, whereas Enterprise Edition had a database limit of 16TB. I remember building a business case for Enterprise Edition and having to explain to the business why 16GB wasn’t enough – if only we knew then what we know now.

Drum Roll Please, Ladies and Gentlemen Exchange 2000 Server

By November 2000 we’re on Exchange Server version 6.0, codename Platinum. A big leap forward with changes to support clustering and database size limitations. But, the upgrade required there to be a complete Microsoft Active Directory infrastructure on the network as there was no built-in directory. There was no in-place upgrade from previous versions of Exchange, so consultants and Microsoft Partners made merry with the consulting hours as customers required both platforms to be online at once.

Codename Titanium – Exchange Server 2003

Version 6.5 added some useful migration tools that helped companies consolidate their distributed Exchange environments; I have a true story that demonstrates this perfectly.  One client of mine, who had twenty different Exchange Servers, one for each letter of the alphabet, distributed users depending on their surname, doubling up for some of the less common letters like X, Y & Z. All twenty servers, none of which were virtualized, sat in the same datacenter in central London. How they got to this stage was a long story, but the realization that Exchange Server 2003 could help them resolve this problem saw twenty servers whittled down to a handful of streamlined clusters in four locations across the globe.

Bells and Whistles and a Big Fanfare – Exchange Server 2007

Exchange Server 2007 was released amid much fanfare and marketing by Microsoft, and rightly too, this version brought some wonderful new technologies and functionality. Sadly though some users chose not to upgrade and stayed languishing on Exchange Server 2000 and 2003, I even knew a few still on 5.5!

64 bit support was a bit of a struggle for some customers, but eventually gave every IT department the budget to upgrade their old Exchange Server to a new, faster one. The 2007 release was version 8, codename E12 and brought and Enterprise Edition which allowed a whopping 16TB maximum database size.

HA Database Clustering was given a whole new batch of TLAs;, SCC, LCR, SCR and CCR. The Exchange Management Shell arrived as did Unified Messaging and Outlook Anywhere (which was really called RPC over HTTP).

However Microsoft announced the death of Public folders in the next release, due to what they call a ‘Wild West’ of public folders.

Which Brings us Right up to Today – Exchange Server 2010

November 2009: Exchange Server 2010, or Exchange 14 to those in the know, hit the market brimming with cool new features. Database Availability Groups or DAGs became even more popular than ever before replacing the Clustering options from Exchange Server 2007. Server Roles became important to Exchange Architects everywhere and sparked much debate about where in the network to put the CAS.

Luckily large mailbox support was extended after its initial introduction to Exchange Server 2007, which was good news for most as their end users had been using disk space like there was no tomorrow and databases everywhere were getting rather full. To this day I know an end user who refuses to ‘clean out’ their 32GB mailbox on the basis that he “needs” all of that email and knows “exactly where it all is” – you know who you are sir, if you’re reading this.

Public Folders are included in 2010 and not deprecated as planned.

Unfortunately some businesses are still languishing on old versions like Exchange Server 2000 and 2003. You also know who you are, and you know how keen we are to get you to Exchange Server 2010.

Enter the Cloud – Office 365

Luckily for administrators dealing with “Mr. I’ve got a Huge Mailbox & I don’t Care” the Cloud started to make life easier, by offloading some of those Big Data and Email Management issues. Microsoft have just launched Office 365 and introduced Exchange Online. Although EO has been around since about 2005 and mainstream since 2008, it’s only now that users are beginning to see the real benefits of the Cloud.

Enter Exchange 15

What Exchange 15 or Exchange Server 2013 will bring is still shrouded in Mystery, even the Servers real name is unknown (I hoping for “Philip”) but it’s just round the corner and slowly information is trickling out of Redmond.

Personally, I can’t wait.

 

Add your comment (0)

CISSP, CCSK
Mimecast, North America.

Article Tags

, ,

By on November 23, 2011

Migrating Exchange at the moment? 2007 or 2010?

Microsoft Exchange MigrationMimecast recently commissioned Loudhouse, an independent research consultancy to take a look at the Exchange Migration situation. The research tells us that there is a mass migration of Microsoft Exchange Servers going on right now. At Mimecast we call this ‘The Great Email Migration’ and some interesting facts and figures have been discovered.

Underneath the headline research figures there is a lot going on that struck me as interesting if not perplexing and clearly frustrating; I’m often talking to CIOs and IT Managers about their email infrastructure and recently their plans to migrate to the next version of Microsoft Exchange Server; I’m always assuming they’re planning to upgrade and migrate to Exchange 2010 or Office 365, but I’m hearing more and more choosing to stay a version behind on Exchange 2007, but not for want of trying.

Microsoft, and in fact Mimecast, are desperate to get you all off the old versions of Exchange, away from those Exchange 2000 or 2003 boxes that are still out there, but for so many the upgrade path stops at Exchange 2007. I began to wonder why this is, and after a quick unofficial straw poll I found a pattern emerging.

Firstly I noticed that upgrade plans for Exchange have been in the pipeline for quite a long time. Many people tell me they were planning to upgrade from 2000/2003 versions to Exchange to 2007 pretty much as soon as they heard about the new release. But given the scale of the upgrade the project took them longer to budget and plan for, most blame their own internal and overly complex procurement process; whereby a non-technical procurement employee veto’s or delays the project for trivial reasons.

Secondly, I’ve heard quite a few mentions of a “patch-and-pray” mentality to upgrades. Let me be clear, there is only so long this kind of support process lasts before your Exchange Admin is facing a late night and lost weekend due to some sort of failure, and that’s the last thing we want. At some point the CIO has to admit the business and the users have outgrown their email environment and it’s time to look elsewhere; but this overly cautious approach, akin to the “if it ain’t broke don’t fix it” method, means you’ll never be close to the latest version. Fear of change, hesitation and caution are the enemy of new technology.

All of this frustrating behavior adds up to significant delays; delays that leave your IT project plans looking like the airport departures board during a heavy snow storm. You know you’ll get there in the end, but the wait is agonizing and you would do almost anything just to “get on with it.”

A permanent cycle of delays means your Exchange environment could always be stuck a version behind. Given that Microsoft plan to release a new version of Exchange every three years, I’m always concerned when I hear of project life-cycles that are even longer; how can you possibly take longer to deploy the platform, than it took the vendor to write the software in the first place? Don’t answer that I already know how; project scope, evaluation, planning, more planning, more evaluation, procurement, re-scoping, procurement, deployment planning, re-scoping, procurement, and so on. Initial project evaluation to final deployment for Exchange 2007 could have taken so long, that Microsoft have released Exchange 2010 in the meantime. And so the cycle continues.

Breaking the upgrade cycle is something I’ve written about before; now is the time. Seriously, Exchange 2010 is worth the effort, especially if you’re still floundering about with old versions like 2000 and 2003.

 

 

Add your comment (0)

CISSP, CCSK
Mimecast, North America.

Article Tags

, ,

By on November 16, 2011

What features are driving people to Exchange 2010?

Looking at Exchange 2010?

In the Loudhouse research- “The Great Email Migration” commissioned by us at Mimecast- 57% of IT managers said they were upgrading to Exchange 2010 because of new features.

What are some of those features?

What’s been a real focus for Exchange 2010 is to directly enable the email user to do more, and to do it more easily.

Free/busy is a great example of where Exchange 2010 is a great improvement.

Free/busy is a well known feature to users worldwide, however in older versions of Exchange it’s nearly impossible to see the free/busy status of another user in another organization. Exchange 2007 enabled cross-forest free/busy lookup to another Exchange organization if the pre-requisites were in place. But it was still just free/busy.

Exchange 2010 builds significanly to that, by allowing organizations to federate with each other, and exchange free/busy information with detail, controlled by the administrators.

Assuming that partner companies in different forests and different networks need to see each other, Microsoft will broker and vouch for the authenticity of the relationship via a hosted service, and then enable each company to dial up or down the detail visible to the OTHER companies recipients.

Free/busy is akin to the availability feature of Lync or OCS when it comes to making the decision to make a call or not. Seeing another companies free/busy massively empowers users to work faster and more efficiently.

Another big step forward is MailTips with Exchange 2010 Outlook Web App and Outlook 2010.

MailTips enables the person emailing to see the Out of Office of the recipients before they send the mail. This eliminates that frustrating workflow associated with sending a mail again after thinking it was dealt with.

Managing availability between organisations and MailTips are just two of the many new productivity features available in Exchange 2010 which truly reclaim minutes in the information workers day. Help your people be more effective with Exchange 2010.

Migration on the other hand, isn’t always easy… so we’ve produced a series of webinars and how to guides to help you migrate in the Migration Readiness Kit (registration required).

Add your comment (0)

Messaging Architect
NB Consult

Article Tags

, ,

By on October 20, 2011

Minimizing the risk of an email migration

Last week Mimecast announced the results of their Great Email Migration research, conducted by Loudhouse Research.  Loudhouse surveyed 500 IT decision makers in the US, UK and South Africa and asked them about their email migration plans.

According to the report, “The potential loss of data is at the top of the list with more than half (52%) of the companies mentioning this.”

Companies are right to be concerned at the possibility of data loss. Infrastructure which is in flux opens companies up to be vulnerable to data loss, due to bad process, unmanaged configuration change and/or bad discipline. How can companies possible hope to mitigate these kinds of risk.

It is an old axiom that failing to plan is tantamount to planning to fail. In this context, planning should be a formal activity of every migration project, with a formal and on-going deliverable known as the migration plan.

Migration plans are only as good as the effort put into them and the accuracy of the scope which they are fed by. Accurate quantification of source environments, labs which approximate live environments, and a sample of representative user data are all prerequisites to ensuring a migration plan has the best possible chance of succeeding.  In fairness, most of us don’t migrate for a living, so it’s not unreasonable to expect not knowing where to start. Here we will offer two suggestions:

Follow the military approach to planning by starting with the end goal in mind, and working backwards through every objective until the base understanding of the requirement is defined, without knowing how to solve every objective or process requirement. The end goal must be a clearly defined business or technical requirement.

Follow up by adding process planning for each stage, known or unknown, and add technology choices last, so that technology becomes the enabler to the process, and not the other way around.

Migrations are epitomised by environments in flux. Flux is risky and is mitigates by process, planning and management. Migration planning as an on-going exercise as well as a living document is a foundation stone in the on-going exercise to mitigating on-going risk.

Add your comment (0)

Messaging Architect
NB Consult

Article Tags

, ,

By on September 14, 2011

Gold Stars, for Mimecast’s Unified approach to Email Management

Today is a brilliant day for us at Mimecast.

We’ve been awarded a four star gold review by one of the worlds largest Exchange communities: MSExchange.org! The highest possible rating. I can’t express how excited we are here at Mimecast to have this well respected blog and community praise our service like this because these accolades don’t come every day and I wanted to explain in more detail why it matters so much.

Perhaps our greatest strength and simultaneously our greatest weakness is our integrated platform, we call it Unified Email Management. But because it’s game changing, it means we spend a lot of time educating people about its potential and today is one of those days that all that work feels like it’s paid off when an Exchange MVP agrees:

It’s not often I find a product overwhelming (in a good way). Typically, I find products do what they advertise themselves to do within the Exchange realm with a feature or two that might impress me along the way. Where Mimecast’s Unified Email Management (UEM) blew me away is that it does everything it advertises so smoothly, through a single console.

As more and more people like Peter see the Unified Email Management approach as the best possible way of doing things, the industry at large is really starting to take notice! Lots are rushing to build their own “Unified” solution which involves multiple vendors, acquired technologies or OEM relationships… Mimecast was built from the ground up as an integrated solution, quite an investment, and it’s not something that can be mimicked easily as our competitors are finding out… There’s a big difference between gluing several products together and building a product that is integrated by design.

Mimecast is a company that’s been built by loyal fans, we call them customers. Once they’ve experienced our service, they tell their friends. When they change company, often the first thing they do is buy Mimecast.

Just look at some of the verticals we service such as legal, where we have over 60 of the top 100 law firms in the UK. Arguably some of the most demanding customers possible, Lawyers like their email to work!

The reason they do that is the combined power of our services, Archiving, Continuity, Security as one, Unified Solution. I can’t think of two more over used words in IT, yet they’re so apt here and I can’t think of a better alternative.

Like any suite vs best of breed debate, you need to evaluate whether the features and functionality offered meets your requirements or whether the suite tradeoff is worth it. Individually, vendors might have specific features in their point product that we don’t have, but often we find these are edge cases. With our new API coming- we’ll be able to handle these edge cases even better. Although we firmly believe that the sum is greater than the parts, we do sell the products individually as Peter notes:

Keep in mind that each of these features stands on its own and can be sold separately, however, typically Mimecast customers will pay for the entire UEM bundle.

Because in todays IT environment, integration matters more than anything. It enables IT to deliver the agility that the business is looking for, above and beyond specific features. We’ve said often that the business doesn’t care about how IT does things, it cares why. And the speed, the responsiveness the agility of the IT team is what enables that. So systems need to be easy to configure, so changes can be implemented quickly with the confidence that policies have been implemented consistently, in today’s security conscious world.

The threat of virus and spam invasion of your messaging environment is greater than ever and it makes sense to block these things before they even reach your messaging servers. Mimecast’s Secure Email Gateway provides protection and scanning of both incoming and outgoing email. Spam, malware, phishing, denial of service and more.

When downtime needs to happen the automatic continuity / disaster recovery kicks in. And we don’t lack granularity either:

…combined with the fact that the solution is just so huge in terms of settings and such that we are going to focus on features in general…

I’d like to end with Peter’s final thoughts:

To reiterate my initial thoughts, I found Mimecast’s UEM solution to be overwhelming… in a good way. An all-in-one with features that really just take the worry out of your hands as an administrator. Everything from legal compliance, to backup/recovery concerns, to having your server go down, to worrying about someone accidentally emailing something sensitive like credit card numbers… all of it wrapped up in one bundle. A bottomless email, an add-on for Outlook for users to search their own archive, no more dial-tone restores, a simple stationary tool to establish necessary disclaimers and such (Yes, Exchange lets you do transport rule disclaimers but have you ever tried to make it look good?… If so, you can see the need for an enhanced stationary feature here.)

Aside from some critique of the Help system provided and the obvious need to make the Administration Console more colorful and 21st century in appearance, I think Mimecast has just hit it out of the park with the features they provide. The admin console is a little retro, but a new flavor is in the works and, from what I’ve seen, it’s much more visually appealing. I’m giving them a gold because that is the highest we go.

But we’re not resting on our laurels: people on our customer community will already know we have a new administration console in the works and we’re actively working on improving help and support ;)

Add your comment (0)

Cloud Strategist
Mimecast

By on August 30, 2011

Migrating to Office 365 from BPOS without Mimecast

This is a Guest Post from a prolific blogger- Andy Kemp who has recently moved from a long standing customer of Mimecast and to a Microsoft Gold Partner UniTech, one that doesn’t have Mimecast in place but excited about what the toolset could do for them. One of the recent things he’s been tasked to do is their Migration from BPOS to Office365 both internally and for a number of serviced clients, and it’s interesting to see what life without Mimecast is like…

I finally took the plunge and migrated our primary email domain to Office 365 from BPOS the other weekend- we still don’t have Mimecast but we didn’t want to wait any longer! It could have gone better but on the other hand it could have been more painful like it was when I migrated one of our secondary domains.

The two issues I faced when migrating were:

  1. Migrating the data from BPOS to Office 365
  2. Migrating the Domain from BPOS to Office 365

1. Migrating the data from BPOS to Office 365

Unfortunately there isn’t a really clean automated way to do this, the only way possible which I found to do this was to attach the new Office 365 Mailbox using the unitech-onmicrosoft.com address to their exchange profile and copy/move the folders across.

This was pretty simple for the mail, contacts and task folders but the calendar folder was done in a slightly different way, you need to change the calendar view to a list and then copy and paste the entries into the new Office 365 Mailbox:

As the Exchange Folders were cached I needed to let the local folders sync up to the Online Exchange Server to then enable me to setup a clean outlook profile with only the 365 exchange account connected.

As this was all done pre migration it meant I had all my data in Office 365 when I switched over domains. This was the next step, although what should be a simple process proved to be my biggest worry with the migration even though I had done it before.

2. Migrating the Domain from BPOS to Office 365

As I have mentioned before this process although sounds straight forward is the most laborious part of the migration. If you are moving from an on prem setup or another hosted solution, then it is nowhere near as painful as moving from BPOS to Office 365.

The problem I had was with FOPE (Forefront Online Protection for Exchange) for BPOS although the Domain no longer existed in BPOS there were still artefact DNS records in FOPE which meant if I added the domain to Office 365 and then sent an email to an account using that Domain I would get an NDR immediately due to a possible mail loop. As the FOPE for Office 365 would see the DNS records in FOPE for BPOS and get a little confused and then just return a “Computer says No!” in the form of the NDR.

What I had to do was fill in a Standard Request form for removal of artefact DNS records and submit that as a Service Request via the BPOS admin centre and then call Microsoft BPOS support with the Service Request number and asked them to hurry the process up… well that made them sort it in 2 days as opposed to 6!

After a week into the move things have finally calmed down and users are running with no issues.  I have several Service requests open with Microsoft for Office 365 due to small issues that I’ve had in the admin portal but on the whole things are running well.

We are taking full advantage of Lync 2010 and the ability to federate with other organisations. We are now in the process of setting up our company intranet and extranet using SharePoint online.

Add your comment (2)

Cloud Strategist
Mimecast

Article Tags

, ,

By on August 22, 2011

Get Full Control over your Exchange remote PowerShell session

[Another great post from Shay Levy - original available here]

PowerShell 2.0 supports two kinds of remote configurations: fan-in and fan-out. When we execute a command against a bunch of servers we use fan-out (one to many). Fan-in is used when multiple users are connecting to a remote server (many to one). Exchange server implements a fan-in configuration via a virtual directory on the Exchange server’s IIS. We can connect to the virtual directory (http connection) and manage our Exchange server remotely, without having to install the Exchange Management Tools locally on our admin station.

We can create a remote session (using the currently logged on credentials) with the New-PSSession cmdlet.

If you need to connect with alternate credentials, add the –Credential parameter:

PS > $uri = 'http://dc1.homelab.com/PowerShell'
PS > $session = New-PSSession -ConfigurationName Microsoft.Exchange `
               -ConnectionUri $uri -Authentication Kerberos

The session is created and we can import the commands from the remote session into our local session and use them as if they were installed locally (aka, implicit remoting).

PS> Import-PSSession –Session $session

When the session finished importing, all commands from the remote session are available in our local session. In the background a module is created that contains all remote commands. Let’s try one command:

PS > Get-MailboxDatabase

Name                           Server   Recovery  ReplicationType
----                           ------   --------  ---------------
Mailbox Database 0311695863    DC1      False     None

Now let’s try to get the database size:

PS > $db = Get-MailboxDatabase -Identity 'Mailbox Database 0311695863' -Status
PS > $db.DatabaseSize
152.1 MB (159,449,088 bytes)

We get back the size of the database in MB and in bytes. Exchange supports several methods to format the size of an object (mailbox/database) through a series of methods: ToBytes(), ToKB(), ToMB() etc. Let’s try to format the size of the database and get the value in bytes:

PS > $db.DatabaseSize.ToBytes()
Method invocation failed because [System.String] doesn't contain a method named 'ToBytes'.
At line:1 char:25
+ $db.DatabaseSize.ToBytes <<<< ()
    + CategoryInfo          : InvalidOperation: (ToBytes:String) [], RuntimeException
    + FullyQualifiedErrorId : MethodNotFound

We get an error that the DatabaseSize property doesn’t contain the ToBytes method. We can also see that DatabaseSize is a String. This is the expected behavior in a remoting session. When a source computer sends a script to a remote computer, the code is serialized first (converted to XML), when it gets to the destination machine it’s converted back (deserialized) and executed. The result is serialized again and sent back to the source computer. It is important to understand that when the source computer gets the final result, it convert it back to objects but the objects are “dehydrated”, and contains a bunch of Note properties and one method – ToString (some “primitive” types, like Int, can be deserialized better than others). As a consequence, if we want to execute methods on the “real” object we need to do that on the remote end. When we want to get hold of the object itself (and it’s members) we invoke the command on the remote end with the Invoke-Command

cmdlet:

 
PS > $identity = 'Mailbox Database 0311695863'
PS > $sb = {(Get-MailboxDatabase -Status –Identity $identity).DatabaseSize.ToBytes()}
PS > Invoke-Command -Session $session -ScriptBlock $sb

Method calls are not allowed in restricted language mode or a Data section.
    + CategoryInfo          : ParserError: (ToGB:Token) [], ParseException
    + FullyQualifiedErrorId : MethodCallNotSupportedInDataSection

Another error! We cannot run methods in restricted language mode. What does this mean? The Exchange configuration is locked down (restricted session). By default, only administrators can connect to the end point, but they are restricted as well!

A few words on LanguageMode. There are three possible values: NoLanguage, RestrictedLanguage, and FullLanguage. In FullLanguage you can do whatever you want. In NoLanguage mode only commands that are using the Runspace APIs are allowed, and in RestrictedLanguage mode commands that contain scripts that need to be evaluated are not allowed.

This was a bit disappointing. If the server admin cannot have full access to the remote session then who can? I’m not sure why the Exchange team decided to lock the environment. The notion of connecting to any remote server and managing it without having to install local tools is not fulfilled here.

I started to look for a way to bypass that limitation and it appears that I was looking in the wrong direction! Hats off to my friend, MVP Aleksandar Nikolic, for a great tip! We can change the language mode by opening the web.config file in the PowerShell virtual directory:

 

 

 

 

 

 

I changed the value to FullLanguage, saved the file, recycled the MSExchangePowerShellAppPool application pool and re-created a remote session:

PS > $uri = 'http://dc1.homelab.com/PowerShell'
PS > $session = New-PSSession -ConfigurationName Microsoft.Exchange `
-ConnectionUri $uri -Authentication Kerberos
PS > $identity = 'Mailbox Database 0311695863'
PS > $sb = {(Get-MailboxDatabase -Status –Identity $identity).DatabaseSize.ToBytes()}
PS > Invoke-Command -Session $session -ScriptBlock $sb
159449088

And it worked, we can invoke methods in the remote session without having to parse strings. The final step was to create a separate environment, for admins only, one that doesn’t change the original configuration made by the Exchange team. I reverted back the value in the web.config file and wrote the following script to automate the process. Log on to your Exchange server, open PowerShell (not EMS) and run it (comments inline):

# load the IIS module
Import-Module WebAdministration

# get the path to the exchange server installation directory
# and create a new folder for the exadmin application
$path = ‘HKLM:\SOFTWARE\Microsoft\ExchangeServer\v14\Setup’
$exbin = Join-Path (Get-ItemProperty $path).MsiInstallPath ClientAccess
$folder = New-Item -Path $exbin\exadmin -ItemType Directory -Force 

# copy the web.config file to the new directory, load it (as xml) and
# change the language mode (from RestrictedLanguage) to FullLanguage
Copy-Item $exbin\PowerShell\web.config $folder.FullName -Force
[xml]$wconfig = Get-Content $exbin\exadmin\web.config
$wconfig.configuration.appSettings.add.value = 'FullLanguage'
$wconfig.Save("$exbin\exadmin\web.config")

# Create a new IIS application pool, and start it
$pool = New-WebAppPool -Name exadmin

# Configure the exadmin app pool to run under the LocalSystem account (0)
Set-ItemProperty IIS:\AppPools\exadmin -Name ProcessModel -Value @{identityType=0}

# start app pool
Start-WebAppPool -Name exadmin

# Create a new IIS Web Application.
$application = New-WebApplication -Name exadmin -Site 'Default Web Site' `
-PhysicalPath "$exbin\exadmin" -ApplicationPool $pool.name

#Set the application SSL settings to accept client certificates (if they are provided)
Set-WebConfigurationProperty -Filter //security/access –Name SslFlags `
-Value SslNegotiateCert -PSPath IIS:\ -Location 'Default Web Site/exadmin'

# create new end point configuration and allow administrators to remotely run commands
# a dialog is shown with the local administrators group selected, and we can add
# users/groups we want to have access to the end point
#Get-PSSessionConfiguration exadmin | Unregister-PSSessionConfiguration -Force
Register-PSSessionConfiguration -Name exadmin -Force
Set-PSSessionConfiguration -Name exadmin -ShowSecurityDescriptorUI -Force

# testing the new environment, uncomment and change database identity
# create a fan-in session (notice we are connecting to exadmin) and try to
# invoke the ToBytes method – it works
#$sb = { (Get-MailboxDatabase -Status -Identity 'Mailbox Database 0311695863').DatabaseSize.ToBytes() }
#$uri = ‘http://dc1.homelab.com/exadmin’
#$session = New-PSSession -ConfigurationName Microsoft.Exchange –ConnectionUri $uri
#Invoke-Command $session –ScriptBlock $sb

Now you can connect from any computer that has PowerShell 2.0 installed to your Exchange server and gain full access. I hope this has been helpful, here’s some related resources you may find useful as well:

How objects are sent to and from remote sessions
Configuring PowerShell for Remoting – Part 1
Configuring PowerShell for Remoting – Part 2 (Fan-In)
Administrator’s Guide to Windows PowerShell Remoting
Layman’s Guide to PowerShell 2.0 remoting
Deep Dive video: Constrained PowerShell Endpoints – Aleksandar Nikolic
Book: Microsoft Exchange 2010 PowerShell Cookbook – Mike Pfeiffer

Add your comment (1)

Enterprise Consultant
Mimecast

Article Tags

, ,

By on August 19, 2011

Exchange – Removing Illegal Alias Characters using PowerShell

[I came across this great article by Shay Levy and found it very useful so I thought I would share it. The original article can be found here]

If you’re in a mixed-mode environment with both Exchange 2003 and Exchange 2007/2010 you may have noticed this message when using the Get-* cmdlets in the Exchange Management Shell:

WARNING: The object domain.com/Users/UserName has been corrupted, and it’s in an inconsistent state. The following validation errors happened:
WARNING: Property expression “xx xxx” isn’t valid. Valid values are: Strings formed with characters from A to Z (uppercase or lowercase), digits from 0 to 9, !, #, $, %, &, ‘, *, +, -, /, =, ?, ^, _, `, {, |, } or ~. One or more periods may be embedded in an alias, but each period should be preceded and followed by at least one of the other characters. Unicode characters from U+00A1 to U+00FF are also valid in an alias, but they will be mapped to a best-fit US-ASCII string in the e-mail address, which is generated from such an alias.

Or one of the following:

WARNING: Object <distinguished name of the recipient> has been corrupted and it is in an inconsistent state. The following validation errors have been encountered:
WARNING: <alias of the recipient> is not valid for Alias.

These messages (there are others as well) appears when you try to manage a recipient with spaces (or any other invalid character) in its alias using the Exchange management tools. For example, in Exchange Server 2003, you could create recipients with spaces in aliases. Exchange Server 2007/2010 does not allow recipients to have spaces in their aliases. The biggest problem with invalid aliases – you will not be able to move a mailbox to an Exchange 2007/2010 server. To mitigate this I’ve written the following function.

Note: In Exchange 2010, the mailbox’s alias is generated based on the Name property. Invalid characters in the name will be replaced with a question mark (?) when the alias is generated.

function Test-ExchangeAlias
{
    param(
        [Parameter(
            Mandatory=$true,
            ValueFromPipeline=$true,
            ValueFromPipelineByPropertyName=$true
        )]
        [ValidateLength(1,64)]
        [string]$Alias,

        [switch]$RemoveIllegalCharacters
    )

    begin
    {
        $IllegalCharacters = 0..34+40..41+44,46+58..60+62+64+91..93+127..160
    }

    process
    {
        if($RemoveIllegalCharacters)
        {
            foreach($c in $IllegalCharacters)
            {
                $escaped = [regex]::Escape([char]$c)

                if($Alias -match $escaped)
                {
                    Write-Verbose "illegal character code detected: '$c'"
                    $Alias = $Alias -replace $escaped
                }
            }

            $Alias
        }
        else
        {
            for($c=0; $c -lt $Alias.Length; $c++)
            {
                $code = [int][char]$Alias[$c]
                Write-Verbose "Testing current Alias character code: $code" 

                if($IllegalCharacters -contains $code)
                {
                    Write-Verbose "Character code: $code is an invalid alias character."
                    $false
                    return
                }
            }    

            $true
        }
    }
}

The function supports two parameters, Alias and RemoveIllegalCharacters. In the Begin block we assign a series of numbers to a variable, $IllegalCharacters, using the range operator along with the plus operator (+) to combine a range with a list of elements in an array. These numbers represents the character codes an alias cannot contain.

In the Process block we check if the RemoveIllegalCharacters parameter has been specified. If it was specified, all invalid characters are removed and a fixed alias is returned. Otherwise the function just tests if the alias is valid and returns $true/$false respectively. Invalid characters are removed using the Replace operator. Since we don’t know if each invalid character is a regular expression meta character we use the Escape method to convert it so that the regular expression engine will interpret any metacharacters that it may contain as character literals.

With the following command you can fix all invalid aliases on all mailbox objects:

 
Get-Mailbox –ResultSize Unlimited | Where-Object {-not (Test-ExchangeAlias -Alias $_.Alias)} | Foreach-Object {
     $NewAlias = Test-ExchangeAlias -Alias $_.Alias -RemoveIllegalCharacters
     $_ | Set-Mailbox –Alias $NewAlias
}

When running the above you’ll get the ‘inconsistent state’ error for each invalid alias mailbox object but if you issue the command again you’ll see that the error has gone and the Aliases have been fixed.

Add your comment (2)

Enterprise Consultant
Mimecast

Article Tags

, ,

By on August 17, 2011

Cloud based continuity insures against migration mishaps

Exchange migrations tend to be complex.  Even smaller organizations running Small Business Server with less than 75 users, may take a week or more to plan, prepare and execute their email migration.

Any business that’s been through a migration at least once will remember that most of the migration effort was spent in planning. Otherwise they may remember the large mop-up operation and the time spent visiting desktops, recovering mail and rolling aspects of the migration backwards and forwards.

Data loss (what PSTs?), client upgrades and wrongly migrated data tend to come to mind when thinking about what can go wrong, as well as the mail server that crashed during the migration. During a migration a fair amount of change is introduced and additional processing is forced onto both the source and target Exchange platform. For an older platform at the limits of its lifespan or operational capacity, the extra overhead an email migration introduces may be the straw that breaks the camel’s back.

Cloud based email continuity may act as insurance in this regard by enabling client continuity and transactional continuity in case the migration wobbles or breaks. Let’s explore that in a bit more detail.

Migrations are heavily process driven. In order to migrate, a fair amount of surveying, planning, lab testing, etc need to be accomplished. It makes sense to use the desktop visit of the plan/survey component to introduce the agents required onto the desktops in order to make client continuity possible.

If an Exchange server in the source or the target organization were to fail during the migration, Outlook clients would be redirected to the cloud, with little or no disruption to service or – crucially – the user experience. This allows the outage to be addressed, mail flow and client mail service to be restored without the pressure of fighting two fires concurrently – ie, a broken environment and a broken migration.

Cloud based email continuity allows you to benefit from the scale of the cloud as a side effect of leveraging continuity in the cloud, provided of course your users have the  required network or internet connectivity to beat a path to the cloud.

In our day to day lives we’re generally quite comfortable accepting the argument of personal insurance, which guards us against any number of possible scenarios, such as breaking a leg while skiing, medical insurance, insurance against theft, and so on. All of these boil down to paying a small amount of money to a much larger entity and thereby being guaranteed the benefit of that entity’s scale and reach in the case of something unfortunate happening.

As the idea of cloud on demand becomes more pervasive, insuring your migration in the short term against loss of email continuity makes as much sense as taking out insurance on your car before you take it on the road.

Add your comment (0)

Enterprise Consultant
Mimecast

Article Tags

, ,

By on August 4, 2011

The Eerie Quiet of your Junk Folder

Spam volumes on the Internet are down on this time last year. Great news, we can all relax and stop worrying about our Junk or Quarantine folders or that missing million dollar order that might he hiding therein.

Brian Krebs wrote a great piece on the take down of the most prolific botnets, which is thought to be the main cause of drought in spam. It’s certainly true to say that since the likes of Spammit, Rustock, Coreflood, Pushdo and Bredolab have been knobbled the output of spam has been noticeably less.

Less spam is great news, but I’m worried. I suspect this eerie quiet in our spam and junk folders is a false sense of security, and one that is waiting to draw us into a more evil and harmful place.

Think about it this way. You’re a spammer…

Imagine you’ve been spamming people since 1997, persuading them to buy penny stocks, herbal enhancements and more recently fake AV products. You’ve been getting frustrated at the shrinking rate of return on your efforts, for the billions of spam messages you send you’re only seeing a 0.002% return or even less; mind you, at $30 for a bottle of those fake-little-blue-pills that’s still a few million dollars.

Why the decline? Well because we the vendors, are doing a better job of detecting and dealing with spam. Giving customers a 98% anti-spam SLA means we’re confident we can keep that junk and rubbish out of their inboxes. The same is true for personal or webmail accounts, providers are simply getting better at protecting users.

Then just when you thought things couldn’t get much worse someone shuts down your botnet, or the FBI takes away you hosting provider. Bad day at the office?

This is why I am worried…

Given the business challenges the spammers face today it’s no surprise we’re seeing a decline in the volume of spam. But are we? The figures we’re looking at here are related to spam volumes delivered over SMTP based email, and those have been on the wane for some time. The recent precipitous drop makes me feel uneasy about the spammers new business models. You might be surprised I’m using the word ‘business’ in relation to spammers – don’t be; this is their business, they have offices, employees, health-care plans, support lines and staff retreats just like everyone else.

These business models embrace all the latest social media trends. Spammers are simply jumping on the new mechanisms we’re using to communicate, social media gives them everything they need and in many cases an even more targeted audience who are trained to ‘like’ the same things their peers do.

The deeper impact of this switch to less well evolved communication channels, is that the classic AV and AS protections deployed at the corporate gateway are fast being made redundant. Their rules unenforced, their quarantines empty. The threats they protect against are getting onto the network via other means that in many cases are far less well protected. The point is that the spam isn’t going away, it’s just changing and adapting to the marketplace; the users might be breathing a sigh of relief when they look at their inboxes, but I can guarantee you they’re not doing the same elsewhere – Try tweeting the word mortgage or loan and see what happens.

The old money was SMTP email based spam, but just like everything else in corporate IT consumerization is taking over; spammers & scammers are simply keeping up with the trends.

 

 

 

 

Add your comment (0)

CISSP, CCSK
Mimecast, North America.

Article Tags

, ,
Previous Posts