Friday, April 25, 2014

Exchange 2010 rollup update installations for lazy people

Hey folks,

It is a wonderful cloudy Friday morning. So in this short posts I will share with you some of the commands I used to install RU5 for Exchange 2010 SP3.

I used this command for silent RU installation:

msiexec /update Exchange2010-KB2917508-x64-en.msp /qn /L* RU5InstallLog.txt .

First of all., it silently executes RU5 installation on server which allows you to have a cup of tea, rather than pressing Next button every time. Or even better you can use Group Policy in your AD or SCCM to automatically publish RU5 installation.

Pleas note /L* RU5InstallLog.txt parameter. This doesn't keep you blind on how your installation goes. But rather creates a log file which you can check for the details of your installation.

And finally msiexec /update Exchange2010-KB2917508-x64-en.msp /qn /L*v RU5InstallLog.txt creates a verbose log which is necessary if your installation is failing and you need to troubleshoot it as I did in

Enjoy! Happy Friday!

Reporting and Filtering Magic for ActiveSync in a Large Environment

Hi folks,

I was working on the reporting of ActiveSync devices that are used by Exchange users.

Client has provided me a script which wouldn't work crushing with the error as on this screenshot.

I was working based on this article . This perfectly works for a small environment or when Get-CASMailbox command is submitted without -ResultSize Unlimited parameter which is needed in the environment with more than 1000 mailboxes. In their production environment with more than 30K mailboxes this was a disaster and creating a variable for client mailboxes was failing with the same kind of error.

According to some of the articles in the internet this error could be fixed by tweaking web.config file for PowerShell virtual directory on Exchange servers which I didn't really want to do as I prefer not to mess with default config unless really needed and also raising change applying it across all Exchange estate wasn't really attractive to me because of long change management process (and don't forget Microsoft's recommendation that all Exchange servers should be configured in standard fashion across all the estate).

I tried using pipelining results of Get-CASMailbox -ResultSize Unlimited to Where-Object command with the filter. So my command started looking like Get-CASMailbox -ResultSize Unlimited |Where-Object {$_.HasActiveSyncDevicePartnership -eq 'True'} |Get-Mailbox
However this also didn't do magic and the evil "Remote client exceeded allowed maximum" would still appear.

To resolve it I decided to experiment a little bit. First of all it's worthy to know that Get-CASMailbox returns name for a mailbox which can be a good which I used as a value for the  Mailbox parameter of the Get-ActiveSyncDevice. I still used Get-CASMailbox -ResultSize Unlimited |Where-Object {$_.HasActiveSyncDevicePartnership -eq 'True'}. However this time I didn't pipeline it, but rather feed into the $EASUser variable which I used as an input for the Get-ActiveSyncDeviceStatistics command. And since client needed particular information about ActiveSync device, namely when it last talked to server, its type and ID and whether it can be remotely wiped.

So I ended up with the code as below (you can customize second line

$EasUser=Get-CASMailbox -ResultSize Unlimited |Where-Object {$_.HasActiveSyncDevicePartnership-eq 'True'}
$EasUser | foreach {Get-ActiveSyncDeviceStatistics -Mailbox $_.Name | select identity,LastSuccessSync,devicetype,deviceid,isremotewipesupported} |Export-Csv D:\MessagingMetricsReports\ActiveSyncUsageReport.csv

It resulted in the nice Excel Spreadsheet like this which was later sent to the happy customer. However since my production environment has more than 30K mailboxes and some users have more than a single ActiveSync device the file size was about 4 MB, so don't be scared if you get your report that big.

Wednesday, April 23, 2014

Mailbox Database Reporting Headache

Hi folks,

This morning I woke up with the terrible headache. Even sleeping one more hour wasn't very helpful, thus I came to the office.

Another headache was awaiting me. Preparing data for monthly messaging report which has been handed over to me.

One of the reports was the hardest. Preparing report on how mailbox databases are used. In particular client needs a unified report which includes information of the mailbox databases size, white space size and the number of users that actually provisioned to these databases and use all of this space.

I had 2 obstacles. First of all the way Get-MailboxDatabase command outputs information about mailbox database size and white space size like on this screenshot

It is nice but absolutely useless if you want to process data in MS Excel. So in order to output information about size only in digits you need to use expressions like these: @{N="AvailableNewMailboxSpace GB";E={$_.AvailableNewMailboxSpace.ToGB()}} and @{N="DatabaseSize GB";E={$_.DatabaseSize.ToGB()}}  for white space and total database space respectively.

Additionally my client needed the number of mailboxes in the database which is even trickier. After some exercises that even increased my headache I came up with this expression: @{N="Mailboxes Count";E={(get-mailbox -database $}}

And of course I wanted my report to look nicer as databases are arranged in the alphabetical order. Which was pretty easy to achieve by using Sort-Order Name command.

As a result I have got the following code:

$DBs = get-mailboxdatabase -Status |Sort-Object Name
$DBs | Select-Object name,@{N="AvailableNewMailboxSpace GB";E={$_.AvailableNewMailboxSpace.ToGB()}},@{N="DatabaseSize GB";E={$_.DatabaseSize.ToGB()}},@{N="Mailboxes Count";E={(get-mailbox -database $}} | export-csv D:\MessagingMetricsReports\SpaceMbxNumberReport.csv -NoTypeInformation

Which in turn produced a report like this:

And of course the names are sanitized for the sake of ethics.

Now it's time for me to have some aspirin, as my headache is still there. However I have got the script which can produce me the nice report any time I want it.

And of course any other database related attributes can be added to the code if more info is needed in the report.

Tuesday, April 22, 2014

Exchange 2010 Update Rollup Fails with error 1603

Hi folks,

Today when working on a simple task as installing Update Rollup 5 for Exchange 2010 SP3 I ran into a funny issue. On one of my lab servers it was failing with the error 1603.

After some googling i encountered this article . Following it does the magic, however notice couple tricks here. For Exchange 2010 RU to produce verbose logging run command like:

msiexec /update Exchange2010-KB2917508-x64-en.msp /qn /L*v RU5InstallLog.txt

You will need to replace name of MSP file in the command with the appropriate name

Also look in the log file for the appropriate MSP file. It may differ from the one specified in the article (it actually applies for Exchange 2007). In my case it was Exchange2010-KB2866475-x64-en.msp which corresponds to RU2 for Exchange 2010 SP3.

So I ended up downloading RU2 for Exchange 2010 SP3 and dripping it to C:\Windows\installer folder which the article has been suggested. However this wasn't successful as well.

I looked through the log again and discovered that the installer tried to look for c:\Exchange2010-KB2866475-x64-en.msp. I have ended up running command prompt as admin and copy the file there. After which the installation has successfully completed. And, of course, since it is RU, the installation sometimes takes ages. Weird placement for update files, isn't it.

One of the lessons learned. Keep your Exchange install and update files in the folder where you have put them originally as installer will go to those locations whenever you attempt to change something about the server setup.

Thursday, April 17, 2014

Reporting IP Addresses for Exchange Servers

Hi folks,

Let me share another case which made even more sure that PowerShell is really power shell.

My customer was looking to standardize DNS client settings across its Exchange servers. As the first step they wanted me to provide them with the information on how DNS settings are currently configured on Exchange boxes. Since Windows 2008 R2 Powershell is not as a rich as in Windows 2012, I had to do some head scratching and googling.

As a result I ended up having the script which connects to every Exchange server and output them in the nice Excel file format like CSV.

I had to overcome one thing though as when I was that values for such important parameters like IPSubnet or  DefaultIPGateway and most importantly  DNSDomainSuffixSearchOrder were outputted into CSV as ugly. "System.String[]". I overcame this by using expression like this @{Name="IPAddress";Expression={$_.IPAddress}} for each important network configuration parameter and in particular for DNSDomainSuffixSearchOrder which was my target.

Another caveat here is that Edge servers are not members of the AD and hence execution of Get-WmiObject against them will fail if we simply run it, so I had to filter them out from the Get-ExchangeServer command by the {$_.ServerRole -ne "Edge"} filter.

As a result I have ended up with a nice script as this one:

Get-ExchangeServer | Where-Object {$_.ServerRole -ne "Edge"} |foreach {Get-WmiObject -Class Win32_NetworkAdapterConfiguration -Filter IPEnabled=TRUE -ComputerName $_.Name} |Select-Object DNSHostName,Description,@{Name="IPAddress";Expression={$_.IPAddress}},@{Name="IPSubnet";Expression={$_.IPSubnet}},@{Name="DefaultIPGateway";Expression={$_.DefaultIPGateway}},@{Name="DNSServerSearchOrder";Expression={$_.DNSServerSearchOrder}},@{Name="DNSDomainSuffixSearchOrder";Expression={$_.DNSDomainSuffixSearchOrder}} |export-csv D:\scripts\Exchange_IP_Config_Reporting.csv

Which provides me with output as below (IP addresses and hostnames are not included for the sake of professional ethics)

This resulted in a happy customer which can make a decision on how DNS settings are to be configured.

Good Exchange 2013 books

Hi folks,

Looks like it took ages for good Exchange 2013 books to be published after release of this product. There are still no good books for 70-341 and 70-342 exams.

However, in October 2013 MS press has published 2 books in Exchange 2013 Inside Out series. One is written by Tony Redmond and another one by Paul Robichaux.

I have finished first book and highly recommend it, though it misses a subject of DAG autoreseeding feature which can be read in Technet. However, Tony quite clearly explains all the nuts and bolts of a new Mailbox server role with some good practical examples and PowerShell scripts.

Currently I'm in the 2nd chapter of Paul's book that covers new CAS role along with transport and UM. It is also quite a good reading, though I miss Tony's style and tons of script examples there. But it's still a good reading.

These are Amazon links where you can order these books (it's not advertisement, just a friendly advise)

Creating and configuring Receive Connectors in Couple Steps

Hi folks,

As you probably know Exchange server 2007 and later is managing receive connectors on a per server basis, rather than per organization. Thus if you need to create receive connector you need to do the same operation on each hub transport server (mailbox server in Exchange 2013). 

I needed to create a receive connector for an application on all hub servers in my lab environment for tests that listens on the port 465 and accepts traffic from subnet (where application servers reside) with the explanatory name which would distinguish it from the rest of receive connectors.

It doesn't really work for a lazy person like me. So I have played a little bit with PowerShell to simplify this operation and reduce it to 2 steps. 

In my lab setup I have 3 CAS/HUB servers and 1 edge server. Get-TransportServer outputs all transport servers including Edge servers. Therefore I went on and rather used Get-ExchangeServer command by filtering output by CAS/HUB role. I have piped output into the cycle that runs New-ReceiveConnector command against the output. Therefore my final command that worked looks like that:

Get-ExchangeServer |Where-Object {$_.ServerRole -eq "ClientAccess, HubTransport"} |  foreach {New-ReceiveConnector -Name ‘Connector Name’ -Usage 'Custom' -Bindings '' -Fqdn ‘’ -RemoteIPRanges '' -Server $_.Name}

The other part of the task was to configure permissions for the created receive connector to configure authentication for Exchange Users (as a user needs to be authenticated to be able to send emails via this connector) and there was a requirement for IPsec authentication for the traffic sent to this connector. Instead of going around from server to server and ticking multiple boxes I have ended up with one command that collects all the connectors with the name as specified in the previous steps and then configures the appropriate permissions for each of the connector on each server,

Get-ReceiveConnector| where {$_.Name -like ‘Connector Name’ } |Set-ReceiveConnector -PermissionGroups 'ExchangeUsers','ExchangeServers' -AuthMechanism 'Tls','ExternalAuthoritative'

Thus I ended up with 3 connectors on 3 hub transport servers in my lab environment which listen on port 465, accept traffic from the particular subnet and with the necessary permissions and authentication settings. 

And it took me only 5 minutes to create them automatically in running only 2 strings of the code.
My dear friends,

Finally I have found time to start my own blog in the internet. By this blog I want to share my IT skills and interesting tips and tricks that I have discovered while working in IT world.

I am a Senior Windows Engineer in IPsoft. My professional skills lay mainly with Microsoft's technologies such as Active Directory Domain Service, Exchange Server and I'm currently working on building up my Lync skills.

You are more than welcome to visit my blog to read about my developments, lab and production experience and literature that I find good for any IT guy reading.

Sincerely Your,

Farhad Mahmudov