Thursday, September 29, 2016

Creating GPO Report Using PowerShell

Hi folks,

Just wanted to share with you about a nice method for creating HTML reports for more than one server by using PowerShell. In pre-Windows 2012 environment there was a nice command gpresult /h filename.htm. One drawback of it that it is local.

I recently needed to generate GPO report on multiple Exchange server. This is where the Get-GPResultantSetOfPolicy cmdlet came to help. You can read about this cmdlet here.

The below command ran Get-GPResultantSetOfPolicy against all Exchange servers that were piped by using Get-ExchangeServer command and for each of them generates a report that contains server name:

Get-ExchangeServer EXCH* |foreach {Get-GPResultantSetOfPolicy -computer $_.Name -reporttype html -path D:\InfoSec\Reports\$_.Name.html}

I hope you will find it useful.


Wednesday, September 28, 2016

Some Adventures with Exchange Monitoring

Hi folks,

Just wanted to share with you about my recent adventure. As you well know when you are installing CU on Exchnage 2013/16 server you will need to place this server on maintenance mode before the installation and resume it back to production afterwards. I have already published here about a nicer way of doing it.

Recently I have performed installation of CU on my estate and when running scripts that restores my server to a production mode I noticed that some of the components, namely CAS front end components ended up in the Inactive state.

No matter what I did they failed to activate.

Thisthis and also this blog posts became my starting points. However running commands against each of Inactive components would not help whatsoever. However what I noticed that the free disk space on the C drive was less than 10%. It was about 10 GB which was enough for Windows OS to run but not to Exchange. I have identified a lot of rubbish on my C drive that occupied its valuable space and deleted it. Thus I have recovered more than 50% of free space. After which running below commands against each of server components succeeded:

Set-ServerComponentState SERVER01 -Component AutoDiscoverProxy -State Active -Requester HealthAPI
Set-ServerComponentState SERVER01 -Component ActiveSyncProxy -State Active -Requester HealthAPI
Set-ServerComponentState SERVER01 -Component EcpProxy -State Active -Requester HealthAPI
Set-ServerComponentState SERVER01 -Component EwsProxy -State Active -Requester HealthAPI
Set-ServerComponentState SERVER01 -Component OwaProxy -State Active -Requester HealthAPI
Set-ServerComponentState SERVER01 -Component OabProxy -State Active -Requester HealthAPI
Set-ServerComponentState SERVER01 -Component RpsProxy -State Active -Requester HealthAPI
Set-ServerComponentState SERVER01 -Component RwsProxy -State Active -Requester HealthAPI
Set-ServerComponentState SERVER01 -Component PRCProxy -State Active -Requester HealthAPI

This drew me to conclusion that this was one of the protective measures of Exchange server monitoring component which runs on backgrounds to ensure that all services are healthy and tries to automatically fix them, It simply wouldn't allow server to start when free disk space on system drive was below a certain threshold. I may need to read more about it as this component is quite mysterious and nothing much you can read about it or do about it, except some overrides.

Alternatively you can reactivate all components on server by running the below 2 commands:

Set-ServerComponentState SERVER01 -Component ServerWideOffline -State Inactive -Requester HealthAPI

Set-ServerComponentState SERVER01 -Component ServerWideOffline -State Active-Requester HealthAPI

After which you should get something as below:


Tuesday, September 27, 2016

Seeing Exchange 2010 Databases in Exchange 2013/16 EMS

Hi folks,

Just wanted to share with you about quick way to deal with Exchange 2010 databases in Exchange 2013/16 management shell. Of course you should not try to change their settings via the later version EMS, as it's MS's golden rule that you manage Exchange with its own tools. However you may need this command to retrieve some of the settings from your 2010 databases in order to configure the same for your 2013/16 databases. Or retrieve mailboxes in these DB for further move to the latter version.

The command below will allow you to retrieve Exchange 2010 DBs info from the Exchange 2013/16 MS:

Get-MailboxDatabase -Identity DB00* -IncludePreExchange2013

Above sample retrieves all Exchange 2010 mailbox databases that start with DB00. If you don't include IncludePreExchange2013 you will get Exchange 2013/16 databases only or your AD will complain that it doesn't have this information.


Friday, September 23, 2016

Another Way of Managing Page File From PowerShell

Hi folks,

In one of my previous posts I shared with you how to use PowerShell to configure virtual memory on your server.

However lately I have found another nicer way of managing paging file on your server by means of this Page File Module which you can download from MS TechNet gallery.

Before using commands from page file management module you will need to unzip it to a folder, let's call it C:\PowerShell\PageFile. After this you will need to load this module to your PowerShell session as below:

cd C:\PowerShell\PageFile
Import-Module .\AdjustVirtualMemoryPagingFileSize\AdjustVirtualMemoryPagingFileSize.psm1

This module has the following 2 commands:

You will need the Set-OSCVirtualMemory cmdlet that is the part of this module to configure size and location of the paging file.

To configure paging file of the size of 16GB+10MB on the drive C you will need to run the following command:

Set-OSCVirtualMemory -InitialSize 16394 -MaximumSize 16394 -DriveLetter "C:"


Exchange CU Installation and NetBackup

Hi folks,

I want to share with you quickly about another error you may face when upgrading your Exchange 2013/16 server with Cumulative Updates. In my case it was that setup stopped with this error:

Setup can't continue with the upgrade because the monad (7452), monad (13944), monad (15320), monad (15356), monad (15416) has open files. Close the process, and then restart Setup

Of course process ID for monad on your server may be different. Investigation led me to this TechNet forum thread. It was pointing that Symantec NetBackup has been holding some of the files open which prevented successful proceeding with the installation. To solve this I have simply stopped all the NetBackup related services (of course you will need to negotiate it with your backup team) and restarted the installation process which completed successfully.


Wednesday, September 21, 2016

PowerShell Module for Managing Registry Remotely

Hi folks,

I have recently had an experience where I needed to change registry on more than one server. And of course after this change I wanted to be sure that the registry change has been successful. Of course this can be done by logging in to each of these servers, but I wanted a simple and nice way of reporting of this registry change.

My investigations led me to this site from where you can download remote registry management PowerShell module. From this page you can download this module in form of a ZIP file. When extracted, you will end up having the PSRemoteRegistry folder which contains all the files necessary for module. You will need to copy the whole folder (not just contents) to %WINDIR%\System32\WindowsPowerShell\v1.0\Modules.

As soon as it the folder has been copied you can launch module in PowerShell session:

Import-Module PSRemoteRegistry

This module includes not only commands for reporting registry keys and their values but also for creating and tweaking keys. For the sake of my work I needed only Get-RegKey command which would talk to all my Exchange servers and retrieve the registry key which I had just created along with its configured values and drop them nicely to a report that can be read in Excel.

Imagine a scenario that you need to migrate IRM from one AD RMS cluster to another. For users to access and process emails sent by the previous RMS cluster you will need to establish redirection of old AD RMS cluster URL to the new one. This is done by tweaking registry and fully described here.

I used good old New-Item and New-ItemProperty commands to create registry keys and properties. After they have been created I executed the following code against my all Exchange 2013 and 2016 servers from EMS:

Get-ExchangeServer -Identity $_.ServerName |where {$_.AdminDisplayVersion -like "Version 15*"} |Get-RegKey -ComputerName $_.Name -Key SOFTWARE\Microsoft\ExchangeServer\v15\IRM -Name LicenseServerRedirection |Get-RegValue |select ComputerName,Key,Value,Data,Type |Export-Csv D:\scripts\RMS\Redirection.csv

It first found my all Exchange 2013/16 servers in AD and then executed Get-Reg key against all of them along with the values that i needed to retrieve. The output was nicely placed to CSV file which I can now easily access and read.


Tuesday, September 6, 2016

Preparing ReFS Volumes for Exchange 2016 DAG

Hi folks,

According to the Exchange 2016 Preferred Architecture by Microsoft disk drives should be formatted  with ReFS with the integrity feature disabled. This file system is better for larger volumes of data and also has a lot of improvemets over NTFS on how it manages data. You can read more of it here.

Unfortunately formatting drives via GUI is not available in the Disk Manager GUI tool. And this is where PowerShell comes to our help.

Below I will share with you the commands I used to create volume mount points and format them with ReFS. This is the whole process of building DAG with AutoReseed.

First we will need to prepare directories structure for volume mount points that will be used by AutoReseed for volumes and for databases:

New-Item C:\Volumes -Type Directory
New-Item C:\Databases -Type Directory
New-Item C:\Volumes\Vol01 -Type Directory
New-Item C:\Volumes\Vol02 -Type Directory
New-Item C:\Volumes\Vol03 -Type Directory
New-Item C:\Databases\DB01 -Type Directory
New-Item C:\Databases\DB02 -Type Directory

Then we will create partitions. Against all volumes, including the spare one, you will need to run this command to create partition that uses the whole space:

New-Partition -DiskNumber X -UseMaximumSize

After partitions are created we will need to format volumes with ReFS with disable integration streams. This is not possible with the Disk Manager MMC console and therefore PowerShell is the best way to achieve it;

Get-Partition –Disknumber X –PartitionNumber 2 | Format-Volume –FileSystem ReFS –NewFileSystemLabel "ExchVol00$VolNum" -AllocationUnitSize 65536 -SetIntegrityStreams:$false –Confirm:$false

After volumes have been formatted you will need to add volume mount points to volume directory and directory that corresponds to each database that will be stored on this volume like below:

Add-PartitionAccessPath -DiskNumber X -PartitionNumber 2 -AccessPath C:\Volumes\Vol01
Add-PartitionAccessPath -DiskNumber X -PartitionNumber 2 -AccessPath C:\Databases\DB01
Add-PartitionAccessPath -DiskNumber X -PartitionNumber 2 -AccessPath C:\Databases\DB02

Don't also forget to configure spare volume without any mount points to databases:

Add-PartitionAccessPath -DiskNumber X -PartitionNumber 2 -AccessPath C:\Volumes\Vol03

I hope you will find it helpful for a small Exchange deployments, however for large Exchange deployments I would recommend you using scripts that are generated in the Exchange capacity calculator. It can be found on the Distribution tab of the calculator. All the buttons are self explanatory so I won't explain all of them here.


Friday, September 2, 2016

Convert IP-less DAG to IP-based DAG

Hi folks,

As you well know Exchange 2013 SP1 and later installed on Windows Server 2012 R2 supports DAG without IP address. You can read more about it here and here. It is much easier to configure as there is no dependency on the availability of the IP address and CNO object in the AD. According to Microsoft it also reduces surface of attack on the server.

One important notice for IP-less DAGs is that you should well plan it. Make sure that application that integrate with Exchange 2013 or 2016 can work with IP-less DAG. The problem is that you won't be able to convert from IP-less DAG to IP-based DAG on fly and vice versa. In order to convert DAG from IP-less to IP-based you will need to destroy IP-less DAG and create a new IP-based DAG.

You can still convert DAG from IP-less to IP-based while preserving user data. First you will need to activate all DBs in DAG on one of the Exchange servers by running the command as below:

Get-MailboxDatabase DB001 |Move-ActiveMailboxDatabase -ActivateOnServer SERVER01

After this you will need to remove all passive copies from other servers:

Remove-MailboxDatabaseCopy DB001\SERVER02 -Confirm:$false

If your DAG runs in Datacenter Activation Coordination mode (as any post-Exchange 2010 SP1):

Set-DatabaseAvailabilityGroup -Identity DAG01 -DatacenterActivationMode Off

After DAC mode is disabled you need to remove all servers from DAG by running the below command against each server:

Remove-DatabaseAvailabilityGroupServer -Identity DAG01 -MailboxServer SERVER02 -confirm:$false

After none of the servers left in the DAG you can kill it:

Remove-DatabaseAvailabilityGroup -Identity DAG01 -confirm:$false

Of course you will be building your Exchange 2013 or 2016 DAG on Windows 2012 R2 servers. To succeed you will need to prestage CNO for your DAG in  AD based on the instruction from this TechNet article. If this step has not been performed attempts to add mailbox servers to DAG will fail with the following error:

Please retry the operation. Error: The fully qualified domain name for node ‘XXXX’ could not be found.

When everything is ready you can create new DAG with the IP address by running a command similar to this one:

New-DatabaseAvailabilityGroup -Name DAG01 -WitnessServer -WitnessDirectory C:\Witness\DAG01 -DatabaseAvailabilityGroupIPAddresses,

Then you can add all of your servers to DAG by running the following commands against each of them:

Add-DatabaseAvailabilityGroupServer -Identity DAG01 -MailboxServer SERVER01 -Verbose

After all servers are added to DAG you will need to enable DAC mode:

Set-DatabaseAvailabilityGroup -Identity DAG01 -DatacenterActivationMode DagOnly

If you use AutoReseed you will need to configure DAG with the parameters needed for AutoReseed and number of DB copies per volume:

Set-DatabaseAvailabilityGroup DAG01 -AutoDagVolumesRootFolderPath "E:\ExchVols"
Set-DatabaseAvailabilityGroup DAG01 -AutoDagDatabasesRootFolderPath "E:\ExchDB"
Set-DatabaseAvailabilityGroup DAG01 -AutoDagDatabaseCopiesPerVolume 2

I have already posted about AutoReseed configuration and operations previously.

When DAG is ready you can add mailbox database copies to the remaining servers:

Add-MailboxDatabaseCopy  -Identity "DB001" -MailboxServer "SERVER02" -ActivationPreference 2
Add-MailboxDatabaseCopy  -Identity "DB001" -MailboxServer "SERVER03" -ActivationPreference 3

Finally, when your DAG is ready and all copies are healthy you can redistribute them based on the activation preferences so that the load spread evenly across your Exchange servers:

RedistributeActiveDatabases.ps1 -DagName DAG01 -BalanceDbsByActivationPreference -Confirm:$False

So your DAG has been rebuilt and data preserved.