Rebalance DAG automatically using Task Scheduler

Those of you who manage Exchange Database Availability Groups, particularly in Exchange 2013, will understand the frustration of coming to the office on a Monday morning to find that your Databases have migrated to A. N. Other server because of some scheduled backup or other task which occurred over the weekend.

To solve this problem, we can configure a Scheduled Task to run the RedistributeActiveDatabases.ps1 script, which will balance your databases out based on the Activation Preference set for each server. Before you configure this task, make sure that your Activation Preference settings are applied as per your desired configuration.

For example, say I have a database named MBDB and two servers named Server1 and Server2 (I’m feeling particularly inventive today). To set the Activation Preference for these database copies, I would run the following Powershell command from EMS:

Set-MailboxDatabaseCopy -identity MBDB\Server1' -ActivationPreference 1
Set-MailboxDatabaseCopy -identity MBDB\Server2' -ActivationPreference 2

This configuration will mean that when I run the RedistributeActiveDatabases.ps1 script, the MBDB database will be moved, if required, to Server1, as long as the required Database Mount Dial setting is achieved (the default setting is Best Availability which requires the Copy Queue Length to be no more than 12).

If I wanted to see how my database copies are currently configured, I would run the following Powershell command from EMS:

Get-MailboxDatabase MBDB | fl server, databaseCopies, activationPreference

This would show me all the database copies and their Activation Preference. So we now have our settings configured and we want to setup our Scheduled Task. Open your Task Scheduler and create a new Basic Task. Give the task a name and configure your recurrence schedule for the Task. When you get to the Action menu, choose ‘Start a Program’.

Now we need to tell the task to:

1. Launch Powershell
2. Load the Exchange modules and connect to the Exchange server
3. Run the RedistributeActiveDatabases.ps1 script with the correct switches
4. Supress the confirmation dialog which appears when running the script

To do this, we enter the details as follows:

  • Program/script:
    • C:\Windows\System32\WindowsPowerShell\v1.0\Powershell.exe
  • Add arguments:
    • -NonInteractive -WindowStyle Hidden -command “. ‘C:\Program Files\Microsoft\Exchange Server\V15\bin\RemoteExchange.ps1′; Connect-ExchangeServer -auto; .’C:\Program Files\Microsoft\Exchange Server\V15\scripts\RedistributeActiveDatabases.ps1’ -DagName DD-DAG -BalanceDbsByActivationPreference -Confirm:$false”
    • Note: Please change the DagName parameter to reference your own DAG!

It looks a little bit like this (OK, it looks just like this):

TaskScheduler DAG Rebalance

Complete the task creation and then go into the properties of the task. On the General page, configure the task to:

1. Run whether the user is logged on or not
2. Run with highest privileges
3. If need be, change the account running the task to a service account of some kind. That account must be a member of the Organisation Management group

Just like this:

TaskScheduler DAG Rebalance 2

Your Scheduled Task is not configured. You can test it out by manually running it. Hopefully this solves a headache for one or two of you out there!

Advertisements

Resource Mailboxes show availability as Busy

When you create a Resource Mailbox in Exchange 2010, 2013 or Office 365, the default permissions applied to the calendar for the Default user group is ‘AvailabilityOnly’. This means that you can see appointments in the calendar, however you cannot see the subject, attendees, or any further details. When this is being used for a piece of equipment or a meeting room, this configuration appears to be counterproductive.

After all, if you desperately need that piece of equipment (the corporate skipping rope for instance), how do you know who has booked it so you can go and argue with them about who should be able to use it that lunchtime? If you are on the board of a company, how do you know which of your minions have mistakenly booked the meeting room during your monthly board meetings so you can go and give them a verbal warning?

Almost all of my customers ask me these important questions, and the answer is simple. You run the following Powershell command against the Resource Mailbox and set the Default access rights to the more informative ‘Reviewer’ permission. Users can now see the subject, the attendees and the details of the booking.

Set-MailboxFolderPermission alias:\calendar -User Default -AccessRights Reviewer

Powershell. Helping you achieve the unachievable.

Exchange 2013 CU7 and more!

Today Microsoft have released a new slew of updates for On Premise Exchange environments!

There have been various hotfixes and scripts released to fix a multitude of sins in Exchange 2013 CU6, and Microsoft have rolled these hotfixes and more into their latest CU7 release. This update does require a Schema Update, so please run setup /prepareschema first. See https://support.microsoft.com/kb/2986485 for more information. Additionally there are some UM Language Packs for Exchange 2013 CU7 available.

In other news, the Exchange 2010 CU8 update has been recalled at the time of writing and is not available for download. This is because deployment of said update can lead to Outlook being unable to connect to Exchange :-/ If you have already installed, it is recommended that you rollback the update.

Lastly is the Exchange 2007 SP3 UR15 for all those retro Exchange nerds still running Exchange 2007. See KB here for information http://support2.microsoft.com/?kbid=2996150.

Check out http://blogs.technet.com/b/exchange/archive/2014/12/09/exchange-releases-december-2014.aspx for the full rundown!

Powershell – Automatically Update E-mail Address based on Recipient Policy

During a recent large Office 365 Hybrid Deployment, I came across the issue of many users (400+) having the ‘Automatically Update E-mail Address based on Recipient Policy’ option unticked. This meant that the users in question did not have the correct routing address of username@domain.mail.onmicrosoft.com specified. When attempting to migrate the mailboxes of said user accounts, they failed with the following error:

The target mailbox doesn't have an SMTP proxy matching 'domain.mail.onmicrosoft.com'

This address is required for mail routing between On Premise users and Office 365 users, therefore without if the mailbox move cannot take place. This address is added to all Email Address Policies which contain the hybrid domains during the Hybrid Configuration, in order to put the correct routing in place.

The company in question only had one email address per user in the format of firstname.lastname@domain.com so there was no reason not to have this option enabled. The only exception were a few users who had a different SMTP suffix (domain2.com), so these users needed to be left alone. The first thing I had to do was identify which users had the email address policy disabled. To do this I ran the following command:

get-mailbox | Where {$_.EmailAddressPolicyEnabled -eq $false} > C:\Temp\emailpolicy.txt

After realising there were 400+ mailboxes to enable this on, it became obvious that this was a problem which only Powershell could solve. Before I started, I first used the command listed on a previous blog http://doubledit.co.uk/2014/12/02/how-to-export-a-list-of-all-primary-smtp-addresses-and-aliases/ to export a list of all Primary SMTP addresses as a reference. I then ran the following command to find all users with a particular SMTP suffix and enable the ‘Automatically Update E-mail Address based on Recipient Policy’ option:

Get-mailbox | Where {$_.EmailAddresses -like ‘*@domain.com’} | Set-mailbox -EmailAddressPolicyEnabled $true

If you just wanted to apply the policy to all users, you would use the following command:

Get-mailbox | Set-mailbox -EmailAddressPolicyEnabled $true

How to export a list of all Primary SMTP addresses and aliases

I was about to upgrade an Email Address Policy from Exchange 2003 version to support the modern version of Email Address Policies. Due to problems I have had in the past with these policies, I wanted to export a list of all Primary SMTP addresses and any other email aliases present for each user, and I wanted it in an easy to read CSV format. This is the command I ended up using, which is a slightly modified version of the command provided by the Enterprise IT blog http://enterpriseit.co/microsoft-exchange/export-list-of-all-exchange-email-addresses-and-aliases/

Get-Mailbox -ResultSize Unlimited |Select-Object DisplayName,PrimarySmtpAddress, @{Name=“EmailAddresses”;Expression={$_.EmailAddresses |Where-Object {$_.PrefixString -ceq “smtp”} | ForEach-Object {$_.SmtpAddress}}} | Export-CSV c:\exportsmtp.csv -NoTypeInformation

This can prove useful to do at the start of an Exchange deployment, ensuring you have a copy of the email addresses in use at the start of the project. It can also be useful for auditing purposes. This script will work in Exchange 2007, 2010 or 2013.

Exchange 2013 CU6 – Hybrid Configurations and Hardware Load Balancing…

Exchange 2013 CU6 was released at the end of August, and it’s fair to say it wasn’t Microsoft’s most elegant CU release ever. If you are already using a Hybrid Configuration, the following problems are faced after installation:

– You cannot use the On Premise Exchange Admin Center to create new Office 365 mailboxes, move mailboxes to Exchange Online, or create In-Place Archive mailboxes.

– You also cannot perform administration of Office 365 through the EAC, because when you click on the Office 365 management tab, it takes you to a marketing page for Office 365 rather than the 365 login page.

There has been a script released by Microsoft to fix this behaviour, which is available here: http://support.microsoft.com/kb/2997355/en-us

It’s lucky that this script is available, because Microsoft made some changes to Exchange Online in the last few weeks. These changes mean that if you now attempt to create or manage a Hybrid Configuration in Exchange 2013 CU5 or older, you will see the following error:

Subtask CheckPrereqs execution failed: Check Tenant Prerequisites

Deserialization fails due to one SerializationException: 

Microsoft.Exchange.Compliance.Serialization.Formatters.BlockedTypeException: The type to be (de)serialized is not allowed: Microsoft.Exchange.Data.Directory.DirectoryBackendType

This can be resolved by, you guessed it, upgrading to Exchange 2013 CU6. Just remember to run the script which I linked to above after installation!

Another problem which a colleague of mine witnessed a few days back was related to CU6 and CAS Load Balancing. If you use a hardware load balancer such as a Kemp or NetScaler, and you install CU6, you will need to make some configuration changes to your availability monitors. Application aware load balancers will monitor Exchange Server 2013 using the Default Web Site in IIS, and a design change has been made in CU6 which will cause the load balancer to mark the Exchange 2013 server as down.

If you attempt to access the Default Web Site of an Exchange 2013 CU6 CAS server, it will return a status 302 and redirect you to the OWA site. A load balancer will see this and mark the server as being down. To resolve this problem, configure your load balancer to monitor https://CASFQDN/protocol/healthcheck.htm. For example, to monitor OWA you would use https://CASFQDN/owa/healthcheck.htm. The KB for this issue is here: http://support.microsoft.com/kb/3002351

Exchange Server 2013 CU6 has been a bit of a box of tricks so far, but if you are about to modify or create a Hybrid Configuration, then you MUST upgrade in order to be successful. Hopefully this article will help you in your quest for Hybrid greatness!

Exchange 2013 – File Share Witness on an Azure VM

My last TechEd session of the year was on Exchange 2013 HA and Site Resilience. This session came with an exciting announcement. As of January 1st 2015, Microsoft will support using an Azure IaaS VM as a File Share Witness for an on-premises DAG. This provides the ability for deployments with a 2 datacenter DAG solution to add a FSW in a 3rd datacenter, providing the ultimate in Site Resiliency for Exchange Database Availability Groups. It’s worth pointing out that this is not the same as a Cloud Witness in the new Windows Server Technical Preview. The Exchange team have not yet decided whether they will do the work to make sure the Cloud Witness feature will be supported in Exchange 2013. The high level steps for doing this will be as follows: – create Azure networking and establish VPN (if not already in place) – configure Azure VMs (directory server and file server) – configure Exchange 2013 to use Azure FSW This is exciting news and is sure to be a guaranteed hit for those with a DAG stretched over 2 datacenters as it allows Quorum to be maintained when a single Datacenter is lost.