Friday, October 30, 2015

Automatic Installation of Exchange 2013/2016

Hi folks,

I would love to share with you a quick and easy way for installing Exchange 2013/2016 servers automatically. It can be achieved by using this script that can be downloaded from the TechNet Gallery. Here is the author's site where he explains about using of the script and all its parameters in more details.

To successfully perform automatic installation you will need to create a folder, let's say D:\ExInstall. You will need to download Office 2010 Filter PackOffice 2010 Filter Pack SP1 and UCMA 4.0 and store them into that folder. Additionally you will need to place this script in to the same folder. Alternatively you may need Internet access from the server on which you are installing Exchange. If one of these components is not found in the installation folder script will try to connect to internet and download installation files from there and then execute it.

After this you will need to create subfolder, let's call it Exch2013. You will need to extract Exchange 2013 or 2016 binaries there.

As long as Windows 2012 R2 components are concerned, they will also be automatically installed as the part of this installation, so no need to worry for them.

As soon as everything is in place, the final thing that is needed is administrative account under which you will need to perform Exchange installation. If you are installing a new server into existing Exchange 2013/2016 organization you will need to be a member of Organization Management group. Please note that this script also extends schema and AD, so if you are introducing a first Exchange 2013/2016 server into existing 2010 organization or performing a greenfield installation you will also need to have permission to update AD and schema. This will require membership in Domain Admins and Schema Admins groups. If schema is prepared before you execute the install script will notice it and skip this step.

During the installation the script also sets local PowerShell policy for script execution to Not Configured which is one of the prereqs for successful Exchange 2013/2016 installation.

Finally it's worthy to mention that the script creates 2 files in the installation folder:

- Install-Exchange15.ps1_20150918122654.log
- Install-Exchange15.ps1_state.xml

The first one of the is used as log for the installation process and the second one is the installation state. They're very useful when you re-run your installation due to some kind of interruption as well as they give you a good picture of what is happening during the script execution which can be very necessary for troubleshooting.

Below is the sample code which installs multi-role (CAS and MBX) Exchange 2013 server along with all prerequisites to the folder where you want it to be installed. At the end of the installation it also registers URL for Autodiscover SCP which saves yet another step for Exchange deployment:

.\Install-Exchange15.ps1 -InstallMultiRole -InstallPath 'D:\ExInstall' -InstallFilterPack -SourcePath 'D:\ExInstall\Exch2013' -TargetPath 'C:\Program Files\Microsoft\Exchange Server\V15' -SCP https://mail.contoso.com/Autodiscover/Autodiscover.xml -AutoPilot -Verbose

I won't explain every single parameter as all of them are clearly described in the author's article shared above.

During the execution script will bounce a server as many times as needed to complete installation of components and continue at the point of stop after the restart.

Enjoy.

Uninstalling Exchange 2010 and IIS Metabase Error

Hi folks,

I would love to share with you about my recent adventure. I was working on the project which required uninstall of Exchange 2010. When uninstalling a server with the CAS role I faced the following error:


Looking it up in Google pointed me to the cases when people were trying to install Exchange 2010 (which is running the same installation program as in uninstall). Most of them like this one were pointing that some of Exchange prerequisites, especially IIS related were missing.

From the first glance all was fine IIS was available and all the components were around. I could clearly see in the Server Manager or when running Get-WindowsFeature cmdlet (please don't forget to import Server Manager PowerShell module if you're running this cmdlet in Windows 2008 R2). However when opening Server Manager I paid attention to the Roles Summary section which showed red cross next to the Web Server (IIS).


Digging further revealed that the IISADMIN service was stopped and disabled.



The solution was very simple. Set startup type for the service to Automatic and start this service. This can be done either by using services.msc console or by running the following 2 commands:

Get-Service IISADMIN |Set-Service -StartupType Automatic

Start-Service IISADMIN

After IIS admin has started I clicked on the Retry button to check prerequisites again and I have got so long desired state:



So my final advice would be when uninstalling Exchange 2010 not to stop and/or any of the services on which Exchange is depending. All you need is simply have it drained of connections and removed from all the load balancers so that no client access traffic comes to it. Un-installation program will do all the magic for you.

Enjoy!

Monday, October 26, 2015

How Busy Are Your CAS Servers

Hi folks,

I'd love to share with you a script on how to retrieve how busy are your CAS servers with the client connections for different client access protocol.

All you need to do is to connect to each client access server and retrieve information from the appropriate performance counters related to client access servers. Below is the sample script which includes every CAS protocol except for ActiveSync, as I was not able to find the appropriate counter.

For the remaining protocols you will need the following code to retrieve number of users.

Get-ClientAccessServer |foreach {Get-Counter "Web Service(_Total)\Current Connections" -ComputerName $_.Name}
Get-ClientAccessServer |foreach {Get-Counter "MSExchange OWA\Current Unique Users" -ComputerName $_.Name}
Get-ClientAccessServer |foreach {Get-Counter "RPC/HTTP Proxy\Current Number of Unique Users" -ComputerName $_.Name}
Get-ClientAccessServer |foreach {Get-Counter "MSExchange RpcClientAccess\User Count" -ComputerName $_.Name}
Get-ClientAccessServer |foreach {Get-Counter "\MSExchangeImap4(_total)\Current Connections" -ComputerName $_.Name}
Get-ClientAccessServer |foreach {Get-Counter "\MSExchangePOP3(_total)\Connections Current" -ComputerName $_.Name}

As an option you can add Export-Csv or Out-File cmdlets to output the data to text files.

Enjoy!

Wednesday, October 21, 2015

Two Necessary Steps to Make Your Anti-Malware Updates Working Behind Proxy

Hi folks,

As you all well aware Microsoft replaced Forefront Protection for Exchange (FPE) on Exchange 2013 with the integrated anti-malware. On the first glance it appears as FPE integrated into Exchange. As long as its configuration is concerned anti-malware is almost like an appliance since there's not much to configure.

I found this article extremely helpful in configuring and troubleshooting proxy settings for Exchange 2013 anti-malware updates.

There are 2 areas of configuration to ensure that updates are successfully happening: file system and proxy settings.

First we will attend file system. Browse with File Explorer the folder where Exchange is installed (for example C:\Program Files\Microsoft\Exchange\V15\FIP-FS\Data\Engines\amd64\Microsoft\bin). When accessing FIP-FS directory (and some other subdirectories) File Explorer displays a dialog box that prompts you with the following: "You don’t currently have permission to access this folder. Click Continue to permanently get access to this folder". After clicking Continue you are able to browse directory contents. Check NTFS security permissions for this directory and ensure that NETWORK SERVICE has  "Full Control" permissions.

Secondly, if you are running behind proxy you will need to configure proxy settings on your Exchange server. First you need to make sure that your Exchange servers can connect to http://forefrontdl.microsoft.com/server/scanengineupdate via proxy server without authentication. After this is configured we need to configure it on the Exchange server level. Please note that anti-malware totally ignores proxy settings configured via Internet Explorer properties or unauthenticated proxy configured by using netsh command (yet the latest will still be needed to check CAS certificates URLs).

You will need to configure proxy settings for your anti-malware by executing the following commands:

Add-PsSnapin Microsoft.Forefront.Filtering.Management.Powershell

Set-ProxySettings -Enabled $true -Server 192.168.0.1 -Port 80

(of course you will need to replace the values with yours)

After this you will need to execute the following command to manually kick downloads:

cd $exscripts
.\Update-MalwareFilteringServer.ps1 -Identity SERVER1.CONTOSO.COM

Make sure that you type server FQDN rather than the hostname after the Identity parameter.

If download is successful you will get event 6033 as follows.



You can also browse to C:\Program Files\Microsoft\Exchange\V15\FIP-FS\Data\Engines\amd64\Microsoft\bin (or whatever is your Exchange installation folder) and ensure that new update files are there.

I hope you will find it helpful for your endeavors.

Enjoy.