Exchange 2010 SP2 installation

Installing SP2 for Exchange 2010 should be a fairly straight forward process as with all other hotfixes, rollups and service packs. In the below article, I will install service pack 2 in a lab environment for the first time to see if this holds true.

First, I am going to verify my current build, hotfix and any rollups installed. The screenshot below shows that I am running Version 14.1 (Build 218.15) and the second screenshot shows the rollup number installed in programs in the control panel.

We can verify the build number  by using the below link which will take you to a list of all Exchange server build numbers and release dates. This has not yet been updated with the build number and release date for service pack 2

http://support.microsoft.com/kb/158530

Exchange 2010 SP2 will require an Active Directory schema update. The details of how to properly perform this procedure can be found here. Once the schema has been prepped for Exchange 2010 SP2, we can proceed with the installation.

You can find the Exchange 2010 SP2 download here, which is 535mb in size before extraction. Once extracted, the contents are 1.41gb

Launching setup.exe brings us to the familiar Exchange setup welcome screen.

Selecting, Install Microsoft Exchange Server upgrade will result in the installer copying the necessary setup files and initializing setup. Next, we are presented with the Exchange Server SP2 introduction screen

Selecting Next, will bring us to the license agreement screen which will we accept and continue on. The Exchange setup wizard will then proceed to perform its readiness check. I have prepped the schema outside of the wizard on a domain controller which should satisfy the readiness check so I can proceed with the upgrade. As suspected, the installer is warning me about the installation of Office 2010 filter packs not being installed on my hub/transport roles. I will ignore this as it is only a lab, and proceed with the upgrade.

Setup completed successfully on my vmware workstation Exchange server in just under 40 minutes. This is not bad considering all server roles are running on this server and the vm is not very powerful from a resource perspective.

Upon completion, launching the EMC shows the new build number for the updated multi-role server at 14.2.247.5

Another item to note is that all previous rollup packs installed prior to service pack 2 will not longer show in programs in the control panel.

How to properly prepare the Active Directory schema for Exchange 2010 and/or Exchange service packs

Certain Exchange Server updates and full installations require schema updates before installation. For the sake of this article, I will not detail which updates or why each requires a schema update, but detail how to disable replication on the schema master while these changes are made to prevent replication of a bad schema extension from propogating throughout the rest of the directory. By doing this, we can ensure we have followed Microsoft best practices and also provide that warm and cozy feeling needed to perform the update during business hours.

First, we must identify who holds the schema master role in the forest. This is a forest level fsmo role and a single schema master will exist per each Active Directory forest. To do this we will log onto a domain controller and run the following command.

(more…)

Virtual Machine Manager 2008 VM Status “Missing”

I recently ran into an issue at a customer site in that they had a few virtual machines in SCVMM 2008 listed with a status of “Missing” as shown below.

It seems as though the issue was caused by a host being put into maintenance mode and virtual machines migrating to other host systems. VMM also shows another instance of the machine in the vm list as green/healthy and running. Trying to delete the “phantom” virtual machine resulted in a failed job and a new status of  “Update Failed”.

How to fix this now? First close the admin console and stop the virtual machine management service (VMMService.exe).

Jump into SQL Server Management studio and connect to the remote sql server that houses the SCVMM database. If you are unsure of the database location, you can verify this in the adminsitration pane of SCVMM.

First things first once connected in SQL Management studio, we need to fix the vm status and change it back to “Missing” from “Update Failed”. To do this, expand the SCVMM database, then expand Tables, and right click on dbo.tbl_WLC_VObject and select “Edit Top 200 rows”.

The table will populate and present you with the first two hundreds row which you can then edit. Scroll down the rows inspecting column labled “Object State” for value 107. Value 107 is the value for the VM in question with a status of “Update Failed”. Change this value from 107 to 220 (Missing) to update the database and change the status of the problematic vm back to missing.

When the value is changed to 220, you can then execute your changes by clicking the red exclamation point to write them to the table. Keep in mind that you have hit enter or tab out of the cell for the value to change from 107 to 220.

Once completed, start the VMM service back up and launch the SCVMM administration console to check the status has in fact change from “Update Failed” back to “Missing”. If so, proceed with the removal of the phantom vm record using a procedure found here. To do this, close the admin console once more, stop the services again and take a backup of the SCVMM sql database as this WILL remove entries from the database tables. Once the backup is complete, connect to the database and execute the sql script found at the mentioned link against the SCVMM database.

Successful execution of the script should display similar results to the below image.

 Once completed successfully, you can start the Virtual Machine Manager service back up and launch the administration console to verify the missing vm has been successfully removed from the list of virtual machines.

This issue has also been resolved in a rollup pack released in September of 2010 found here.

Hyper-V Integration Servies versions (vmbus.sys)

Below is a list detailing the versions of each iteration of hyper-v integration services or vm “guest services”. The file version to verify is C:windows system32driversvmbus.sys.

Operating System
Hyper-V Integration Services version
Windows Server 2008 RTM 6.0.6001.18016
Windows Server 2008 SP2 6.0.6002.18005
Windows Server 2008 R2 6.1.7600.16385
Windows Server 2008 R2 SP1 6.1.7601.20542
Windows Server 2012 RTM 6.2.9200.16384

Exchange Server 2010 SP2

Exchange Server 2010 Sp2 has been released before year end. The download can be found here, and is just over 500MB. Sp2 is also slipstreamed into Exchange Server 2010 installation files as was the case with SP1. Some new features include

1. New hybrid configuration wizard for mixed environments of on premise and cloud based services.

2. Address book policies – http://blogs.technet.com/b/exchange/archive/2011/01/27/gal-segmentation-exchange-server-2010-and-address-book-policies.aspx

3. Outlook Web App mini – http://technet.microsoft.com/en-us/library/hh529922.aspx

4. Cross-Site Resillient redirection for Active/Active deployment scenarios. With Exchange 2010 SP2, you can enable a silent redirection when a Client Access server receives a client request that is better serviced by a Client Access server located in another Active Directory site. This silent redirection can also provide a single sign-on experience when forms-based authentication is enabled on each Client Access server.  – http://technet.microsoft.com/en-us/library/bb310763.aspx

Other notable items include changes to the following;

  • Mailbox Replication Service
  • Mailbox Auto-Mapping
  • Multi-valued custom attributes
  • Litigation Hold

The service pack also as usual contains all previous hotfixes and rollup packs.

Domain Controller Demotion Fails with “the directory service is missing mandatory configuration information, and is unable to determine the ownership of floating single-master opration roles

Attempting to demote a domain controller halted with the following error..

Demoting the domain controller will not success until this is resolved. Because we are modifying the domain with either a promotion or demotion of a domain controller and th error references a FSMO role, my assumption was the Infrastructure Master role was the culprit.

The errror message also states that it cannot transfer remaining data in the ForestDnsZone directory partition.

I was able to resovle this issue by launching ADSI Edit on the Infrastructure Master DC and connecting to DC=ForestDNSZone,DC=domain,DC=com. After connecting I was presented with the below object list.

Right click the Infrastructure object and select properties to disply the attributes and values of the object as shown below.

The value of  fSMORoleOwner in my case was a long GUID string that was invalid. An Example is shown below.

CN=NTDS SettingsADEL:662af435-c295-4c49-be21-ea430d931be7,CN=AD1ADEL:91c7679f-95f0-4b64-aad0-05ffa61790d7,CN=Servers,CN=SiteName,CN=Sites,CN=Configuration,DC=domain,DC=com

By replacing this value with the proper value of a domain controller that holds the infrastructure master role in the correct syntax, I was able to proceed with the domain controller demotion without error.

The proper syntax for this AD attribute is below. The values in bold italics are variables that need to be changed per environment.

CN=NTDS Settings,CN=ServerName,CN=Servers,CN=SiteName,CN=Sites,CN=Configuration,DC=domain,DC=com

A quick way to determine who the current fsmo role holders are in Active Directory is to launch a command line from a domain controller and run, netdom query fsmo, which will list all FMSO role holders as shown below.

What? My hyper-v cluster is over-commited!

I found myself asking the other day how it was possible for my cluster to be over-committed in SVMM 2008 R2 with the creation of one more virtual machine. With a four node cluster and each with 53GB of memory and only a subset of that memory allocated to existing running virtual machines I was sure that I should be able to continue with creating more VMs. My first mistake was looking at memory allocation of virtual machines that were running and not including the virtual machines that were in an OFF state. If we were talking about not being able to start a virtual machine because of a lack of memory resources we would only focus on running virtual machines, but when talking about over commitment, all memory allocation needs to be taken into consideration.

I then hit the internet and TechNet as usual for my answers and troubleshooting steps. What I was able to determine is that cluster over-commitment is determined based on slot size. For example and for the sake of simplicity, lets take a 2 node cluster with a few virtual machines created. Below is our setup, all vms are configured as highly available.

Cluster Host 1 – 24GB or RAM configured

Cluster Host 2 – 24GB or RAM configured

VM1 – Running with 6GB of RAM allocated

VM2 – Running with 4GB or RAM allocated

VM3 – Off with 4GB of RAM allcoated

VM4 – Running with 2GB or RAM allocated

VM5 – Running with 2GB of RAM allocated

Given that VM1 is the HA VM with the largest configured memory at 6GB, our slot size for the entire cluster is 6GB. This also tells us that each host has a total slot count of 4 per host. 24 (usable ram on host) / 6 (slot size) = 4 slots.

This means that at any given time, should we lose a single host, we only have four slots available that can be filled to ensure our virtual guests stay online. Virtual Machines 1-5 in the example will use a total of 3 slots as shown below

VM1 has 6GB RAM allocated = 1 6GB slot used

VM2 has 4GB of RAM allocated & VM4  has 2GB of RAM allocated = 1 6GB slot used

VM3 has 4GB of RAM allocated & VM5 has 2GB of RAM allocated = 1 6GB slot used

As stated we have 1 slot left open that could be filled should we lose a single host, meaning we can create more virtual guests and not be overcommited. The new guests could be a single 6GB vm, three 2GB vms, a 4GB and 2GB vm, or anything totaling 6GB of highly available RAM that must be accounted for.

Consider we create a new 6GB vm and add it into the HA cluster and all is well. The next virtual machine, whether it be a single 1GB vm or a two 4GB vms, will result in an error stating that our cluster is over-committed and prevent creation.

Update Rollup 6 for Exchange 2010 SP1

Update Rollup 6 for Exchange 2010 SP1 was release on Oct. 27 2o11 and resolves the below issues;

Upgrading System Center Virtual Machine Manager 2008 R2 SP1 to System Center VMM 2012 RC

In this blog post I will run through upgrading an existing System Center Virtual Machine Manager 2008 R2 SP1 instance to System Center Virtual Machine Manager 20102 RC. I will then explain two different methods of updating the host agents that currently exist on my 2008 R2 SP1 host hyper-v servers.

I have already backed up the vmm database that currently resides in SQL Server 2008 R2, checked all my prerequisites and am ready to proceed. For a full list of prerequisites, please go here.

After extracting the install files, executing the setup.exe brings me to the below splash screen.

Click install to proceed. I purposely did not install WAIK for Windows 7 on the server, to see if it would either error out or prompt and assist with downloading and installing.

The installer detects that an existing installation of 2008 R2 Sp1 exists and asks if you would like to upgrade.

Obviously we will click Yes to proceed and the installer will then detect all roles or features installed on the server that will be updated as part of the process.

Clicking next to proceed will bring us to the product registration page.

Next is the License Agreement that you will read and agree to.

After agreeing you are asked to join the customer experience improvement program.

The installer will then check hardware and software prerequisites.

My check failed due to memory requirements as you can see below. I am in fact upgrading a scvmm 2008 r2 sp1 instance that is running as a guest in hyper-v r2 sp1 and is configured to use dynamic memory. The dynamic memory settings are configured for a maximum of 2048MB, but as you can see the installer is detecting only what is currently assigned in Hyper-V, which was 1289MB. Kind of annoying that I now have to cancel the installation because I can’t switch from dynamic to static memory while the vm is running, but no big deal really, I’ll shut down, reconfigure for 3GB of static memory and rerun the installer.

The prerequisite checker flagged the WAIK installation the second go around. Also kind of annoying that the prerequisite checker will not check for all requirements and provide a full list like the Exchange 2010 installer does. That’s ok though, did my due diligence and checked this myself before attempting the upgrade and have the .iso already mounted to the virtual machine for installation.

Attaching the WAIK iso and executing the startdc file in the source directory brings up the below splash screen.

Executing Windows AIK Setup on the left hand menu will start the WAIK installation process. The WAIK installer welcome screen in shown below.

Clicking next will bring us to the License Agreement which we will read and proceed through. Finally, we will select the installation location before confirming the installation and installing.

WAIK has been successfully installed and we can go back to the prerequisite checker to check requirements again.

The third time around we are presented with a memory warning shown below. I will proceed with the installation and update the memory afterward.

Clicking Next will bring us the database configuration page. Since we are upgrading an existence Virtual Machine Manger Database, I will leave this at defaults and continue.

The next part of the installation requires us to specify the service account for the virtual machine management service and asks us how we want to store encryption keys. Distributed Key Management is new in SCVMM 2012 and is required if installing SCVMM 2012 in an HA deployment. Distributed Key Management stores information in Active Directory instead of locally and is recommended. I purposely did not prepopulate the object using ADSI for DKM to see if the installer would create the object in AD for me as I have all necessary permissions required to do so and it states in the documentation here that if you have the required rights you do not have to prepopluate using ADSI Edit.

If you have any unique port configuration requirements the next screen will allow you to input them.

Self-Service portal configuration is next in the wizard. In my situation I am accepting the defaults as my portal is installed on the same virtual machine.

A report is then presented showing us what compatibility issues there are with SCVMM 2012 before proceeding.

The installation summary page will review all of our configuration. Review it before proceeding to make sure no changes are necessary and then click Install to continue with the upgrade. The installation will start and install any supported software necessary such as the .Net Framework and then will upgrade each of the three components below.

The entire upgrade process took about 8-10 minutes in my case but this is not a very large SCVMM deployment by any means. A successful installation should leave us at the below Setup Successful window.

Updating host agents from 2008 R2 SP1 to 2012 RC.

After a successful upgrade to 2012 we next need to update the host agents. This task does not need to be immediately done as the 2008 R2 SP1 host agents are compatible with SCVMM 2012.  There are two ways in the gui to update a host agent.

Method #1: To update a host agent we need to open the Fabric view from the left pane, resulting in the below view of the console.

Right click the host that will be updated and select “Update Agent”

System Center will prompt for credentials to update the host agent.

You can then view the status of the job in the lower right hand side of the console. The before and after views will show like the two images below.

Method #2: The other method of updating the host agent is to view the status of the host in the fabric view and remediate the errors the system has identified. Including the legacy host agent. Right click the host in the fabric view to display the below menu and select view status.

Viewing the status of the host will display what you see below. Notice the Yes under the remediation column for Host Agent Service and Host Agent Version.

Click Repair All to remediate all issue including updating the host agent version and service. The process will take a minute but can be run with active workloads running on the host. When complete the host status windows should look like image below.

Add permissions recursively to another users folders in Outlook

I found myself again trying to help a user add folder permissions for another user in a large hierarchy of folders inside their mailbox. What I wanted to do was tell this person they had to manually add the user to each folder in an attempt to deter it from happening but I couldn’t.

I figured there has got to be a way to do this in powershell using the -recurse switch, Get-MailboxFolder and piping that to the add-mailboxfolderpermission cmdlet that I have used in the past. I attempted the below cmdlet and failed miserably.

Get-MailboxFolder -Identity “user:rootfolder” -recurse | Add-MailboxFolderPermission -User user2 -AccessRights owner

Running the command resulted in the below error.

The term ‘Get-MailboxFolder’ is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.

I was certain that this was a valid cmdlet so I started digging only to find that this cmdlet, “Get-MailboxFolder”, is in fact a valid cmdlet, but it can only be used for the logged in user and not run against another user. See details and syntax information for Get-MailboxFolder using the below link.

http://technet.microsoft.com/en-us/library/dd351164.aspx

I started thinking about how this made sense and how an end user would ever be able to execute this cmdlet. RBAC and self service in Exchange came to mind. As I started to research this further I came across a post on TechNet forums that reinforced the fact the cmdlet could only be run against the logged in user. It also mentions using EWS to programatically achieve what I sent out to accomplish but I am not confortable with EWS so I continued to look for a way to set the permissions in powershell.

Using the below cmdlets, you will be able to retreive folder statistics for a particular folder within a mailbox, modify the path in the results to adhere to what is required to set permissions on a folder, and use a where clause to add permissions to the folders so that another user can view a long list or hierarchy of folders with Outlook.

I will not take credit for the shell commands or idea.  I found it someowhere on the internet but didn’t bookmark to link it here, my apologies to the author. I simply want to share this and have a place to reference it myself the next time it comes up. It surely will!

Get-MailboxFolderStatistics username | Where { $_.FolderPath.Contains(“Clients”) -eq $true }

ForEach($f in (Get-MailboxFolderStatistics mcaruso | Where {$_.FolderPath.Contains(“/Clients”) -eq $True } ) ) {$fname = “username:” + $f.FolderPath.Replace(“/”,”");Add-MailboxFolderPermission $fname -User anotheruser -AccessRights Owner }