Ilantz's Weblog

Hi,

With Exchange 2013 deployments already in place, I’ve wanted to share with you all some “new” behaviors, tips and more to help you prevent headaches and issues 🙂

With regards to two previously posts – Prevent Outlook Anywhere (aka RPC over HTTP) from being automatically configured in Exchange 2007 with autodiscover and also Authentication pop ups and annoyances with Exchange 2007 / 2010 and Outlook Anywhere – this post is some sort of a follow-up.

With Exchange 2013, Outlook Anywhere (aka RPC over HTTP/s) is the default method for Outlook clients connections – that is no more direct RPC connections to the servers for Outlook clients. Exchange 2013 will essentially require you to utilize Autodiscover and Outlook Anywhere to actually get your Outlook client connected. This is the main reason for writing this post. This information will come useful if you are getting ready or already started to deploy Exchange 2013, I’ll try to keep it simple and write this down as a list of things to consider so this will be rather easy to all.

1. If you followed my post about how to prevent Outlook Anywhere from being configured and removed the EXPR outlook provider, start with restoring it. Run the following powershell command to restore it:
   New-OutlookProvider -Name:EXPR
2. If you’re using any additional methods to configure Outlook Clients or Outlook Anywhere like, static XML files, Registry settings or Group Policy settings make sure to revise or even remove them. See also http://support.microsoft.com/kb/2212902
3. Pay attention to publishing guides for Exchange 2013 – see Publishing Exchange Server 2013 using TMG and also Exchange 2013 Client Access Server Configuration
4. When enabling Outlook Anywhere on Exchange 2013 notice the following:
   1. Retain the current External authentication method (Basic,NTLM) your internal authentication method should always be NTLM.
      Get-OutlookAnywhere –Server (hostname) | Set-OutlookAnywhere -InternalHostname "mail.domain.com" -InternalClientAuthenticationMethod Ntlm -InternalClientsRequireSsl $true -ExternalHostname "mail.domain.com" -ExternalClientAuthenticationMethod Basic -ExternalClientsRequireSsl $true -IISAuthenticationMethods NTLM,Basic -ssloffloading:$false
   2. Enable NTLM on the IIS /rpc directory of your Exchange 2007/2010 servers
      Get-OutlookAnywhere | ?{ $_.AdminDisplayVersion -notlike "Version 15.*"} | Set-OutlookAnywhere -IISAuthenticationMethods NTLM,Basic
5. Plan the CertPrincipalName value you will use, that is the certificate Subject Name that your clients will use to populate the msstd:server.domain.com value – both internally and externally (reminding you to see the note above). My personal best practice is to use the same Subject Name on the certificate you will use on your External TMG/UAG/Juniper/F5 reverse proxy and your internal server or servers.
   Once you are aware of this value you can configure your Outlook Provider accordingly (you can refer to this post for more information on the subject).
6. If you installed a wildcard certificate on your Exchange 2013 server – you must perform the following:
   1. Update your EXPR setting – Set-OutlookProvider EXPR -CertPrincipalName msstd:*.company.com
   2. Update your EXCH setting (yes!) – Set-OutlookProvider EXCH -CertPrincipalName msstd:*.company.com
7. Don’t freak out when you see Exchange 2013 “new” server name – it’s value is actually the Mailbox GUID value, and will be unique for all users. This means that – you must use the Autodiscover wizard to configure outlooks from now on, Email, password and click next.
   If you have full mailbox access to a different mailbox – that’s great- just type it’s email address and enter whatever you want for password. (will work only inside the LAN…)
8. Don’t forget to update your Outlook clients – or else they will not connect to Exchange 2013 – see Exchange 2013 System Requirements for the exact information.

That’s it for now, while deployments continue I will update this topic with new “gotchas”.

Hope this helps anyone out there.
Ilantz

Hi Again,

I’ve encountered a situation today with an Exchange 2003 to 2010 migration, The Exchange 2003 Back-End server was missing the virtual directories in IIS, but this issue had an interesting twist … both vdirs were missing also in the Active Directory !

Missing or corrupt virtual directories with Exchange are common and can be easily solved with KB 883380 – How to reset the default virtual directories that are required to provide Outlook Web Access, Exchange ActiveSync, and Outlook Mobile Access services in Exchange Server 2003

Exchange Server setup creates each virtual directory in the AD forest configuration partition under services, microsoft Exchange, administrative groups, administration group name, server name, protocols, http, virtual server name (usually 1).

In this case, both ActiveSync and OMA virtual directories were missing from Active Directory and as a result were also missing from the System Manager MMC, so performing a Repair Setup or the Reset virtual directories method will render useless.. both will not write anything new to the AD.. we had to re-create the two virtual directories both in AD and the IIS, so using System Manager, we try to create a new virtual directory, but the ActiveSync and OMA is greyed out !

With some searching I’ve reached a solution that worked perfectly (dated back to 2007 from the Microsoft Exchange newsgroup), this will enable the options within the System Manager and allow us to re-create the virtual directories and restore order 🙂

1. Using ADSIEDIT locate the Exchange 2003 server container – services, microsoft Exchange, administrative groups, administration group name and right click the server name to open it’s properties.
2. Locate the Heuristics attribute and note the current value (just in-case…) our value in this case was 805310468.
4. Change the value to 270012416 , click apply and ok.
5. Refresh the Exchange System Manager or close and re-open it.
6. Now, locate the server name within the tree, expend it, expend protocols, expend HTTP, expend the virtual server name and right click to create a new Virtual Directory. You should now be able to recreate the Microsoft-Server-ActiveSync and OMA virtual directory.

Note – This will also reset your RPC over HTTP and other “server specific” settings that you configured on the server using the System Manager GUI. so make sure to note all configurations under the server properties page and re-enable any changes after setting the value.

Credits – http://microsoft.newsgroups.archived.at/public.exchange.setup/200702/07021815421.html

I hope this helps anyone struggling with this,

Ilantz

Hi,

I’ve just encountered this issue during a LAB for migrating Exchange 2010 to Exchange 2013, migration batches were getting stuck in Syncing, in addition I noticed two annoying warning messages in the application log of the server with Event ID 1009 and Event ID 1013 with source MSExchangeFastSearch

I’ve looked in the migration report using:
Get-MigrationUserStatistics -IncludeReport -Identity ilantz@lab.com | fl
......
4/28/2013 7:44:46 AM [EX2013] The job is currently stalled due to 'Content Indexing' lagging behind on resource 'CiAgeOfLastNotification(Mailbox Database
.....

So, indeed the Content Indexing which was failing and keeping the migration back… nothing special here, Exchange 2010 had this issue as well …
Quick search showed a very odd solution to this…

Quoting http://support.microsoft.com/kb/2807668 – Content Index status of all or most of the mailbox databases in the environment shows “Failed”

This issue may occur if the search platform tries to check its membership in a security group that is named “ContentSubmitters.” This group is not created by the search platform or by Exchange Server 2013 and is therefore not usually present. Although the check usually fails silently, without any consequences, an exception sometimes occurs. This causes the search component to fail.

Wow … well 🙂 .. hope this will be fixed with CU2.. go with Method 1 in the KB, worked like a charm here.

ilantz