April 2012 - Posts
Today I got a weird issue that took me quite a long time to figure it out and I would like to share with you guys. Everything started when a brand new DAG was deployed and everything went just fine during the installation process however during the initial testing I noticed a RPC averaged latency performance counter really high.
In the figure below you can see how bad was it and I the server had just a few users that were part of my pre-pilot phase.
I’ve done a couple of tests, as follows:
- First, I ran the Get-MailboxDatabaseCopyStatus and everything was golden
- I moved the databases to a single node, and then noticed that the utilization kept the same
- I restarted the RPC Client access and the same issue were the performance counter didn’t change (expected)
- I restarted the Information Store and then the performance counter went to 0 but as soon as I moved any DB the number would increase again.
- I ran Test-ReplicationHealth and no issues at all
- I use PAL tool to analyse performance and the disks were just fine
- I ran netstat to see the connections and nothing was outstanding
- Exchange Best Practices Analyzer
In this environment that I was working they have a LTM (Local Traffic Manager) and then I noticed that I could access the Domain Controller (\\unc) however I couldn’t ping. I double check and there was a SNAT and a Virtual Server were in place, the missing piece was the ability to ping the Domain Controllers, so in a F5 we should go to System / Configuration / Local Traffic and change the default behaviour of the box to All traffic in the SNAT Packet Forwarding setting.
After performing that change I moved the databases around and the RPC averaged latency came back to 0
If you are using a load balancer and your design decision was to use Kerberos instead of NTLM for the CAS Array and you are a couple of good reasons for that you may want also to create a procedure to change the password for the Computer and then update the Client Access Server that use that account.
During the deployment probably you used a script like this one to set the password, right?
RollAlternateServiceAccountPassword.ps1 –ToArrayMembers ArrayName.domain.local –GenerateNewPasswordFor domain.fqdn\ASAAccount$
If you want to change that password every month for example we can run the following cmdlet:
RollAlternateServiceAccountPassword.ps1 -CreateScheduledTask "Exchange-ASA" –ToArrayMembers ArrayName.domain.local –GenerateNewPasswordFor domain.fqdn\ASAAccount$
The result of the cmdlet above is a creation of a new .cmd script file will be created on the Scripts folder and the name will be based on the parameter –CreateScheduleTask.
Another change introduced by the previous cmdlet is a new task entry on the server. I would recommend for the sake of simplicity and security to perform a couple of changes..
- First is to change the schedule to run in a monthly basis and we can select every first Sunday of the month and schedule the time for something like 1AM
- Second is to change the security options and use a specific account just for that task. This account must be member of the Exchange Organization group.
Now, we can run the task to make sure that everything works properly and in order to help the troubleshooting process, we can always check the results of the operation on the folder RollAlternateServiceAccountPassword that can be found on X:\Exchange-Installation-Folder\V14\Logging
For each run of the script a couple of log files will be generated and they will help you to identify what is going on in the process.
Technorati Tags: Kerberos,Alternate,Service,Account,Load,Balance,NTLM,Exchange,Server
Windows Live Tags: Kerberos,Alternate,Service,Account,Load,Balance,NTLM,Exchange,Server
WordPress Tags: Kerberos,Alternate,Service,Account,Load,Balance,NTLM,Exchange,Server
In Today’s post we are going over the process to allow a user to send message as a Distribution Group in Exchange Server 2010.
The first step is to find out which group we will be assigning the permission and it can be easily done through Get-DistributionGroup name* and using wildcard it’s easy to narrow down the results to get just the name that we are looking for.
Now, that we have the name we just need to assign the permission using the following cmdlet
Add-ADPermission<Group-Name> -ExtendedRights Send-as –User “DOMAIN\Username”
Time to do some testing.. Let’s open a new session in Outlook Web App and then create a new message, let’s click on Options and select the option Show From
Now we will have the From field available on the new message, click on it, and click on Other e-mail address.
In the new page select the group that we have just assigned the permission and click okay, in the new message page the results will be similar to the one shown below.
The results for the end-user can be seen on the figure below, where the user who received the message has the information that the message was sent by the group.
If you are using Outlook for testing, don’t worry, just click on Options and them select From button and you will be able to do the same testing.
Technorati Tags: Send as,permission,Distribution,Group,Exchange,DistributionGroup,ADPermission,ExtendedRights,Outlook,Options,From
Windows Live Tags: Send as,permission,Distribution,Group,Exchange,DistributionGroup,ADPermission,ExtendedRights,Outlook,Options,From
WordPress Tags: Send as,permission,Distribution,Group,Exchange,DistributionGroup,ADPermission,ExtendedRights,Outlook,Options,From
Exchange Team released a new set of Rollup Updates for Exchange Server 2010 and 2007, as follows:
Cheers, Technorati Tags: Exchange,Server,Rollup,Updates,Hello,Folks,Team,Update,Service,Pack,Cheers,Anderson,Patricio,Portuguese,Twitter,andersonpatricio Windows Live Tags: Exchange,Server,Rollup,Updates,Hello,Folks,Team,Update,Service,Pack,Cheers,Anderson,Patricio,Portuguese,Twitter,andersonpatricio WordPress Tags: Exchange,Server,Rollup,Updates,Hello,Folks,Team,Update,Service,Pack,Cheers,Anderson,Patricio,Portuguese,Twitter,andersonpatricio
In this post we are going over a couple of points that you should be aware when using extensions with Lync and I hope it can help you to solve some incoming calls issues when using Lync and extensions at user level when using a Media Gateway.
Lync and E.164 recomendation…
Microsoft recommendation is to use E.164 when assigning numbers on Lync which means a regular phone in Toronto 416-333-6666 would be something like tel:+14163336666 using E.164.
We can also take advantage of extensions using a single main number to all users and that can be done easily by adding ;ext=XXXX extensions where XXXX is your 4 digit extension and you can use as low as 1 digit if you want to. So an E.164 using extensions (in my case my extension will be 1234) would be like this:
Just to make sure that we are on the same page, the string above you are going to configure in the user’s properties as shown in the figure below.
Scenario and the issue
Let’s say that we have a scenario where the PBX and Lync have a media gateway in the middle and in this scenario let’s say that is an AudioCodes.
Let’s also say that your audiocodes is passing the phone number with + and the full number +14163336661234 and if you look at the logs on the Lync Server the error message is that the user can’t be found which is totally true and there is nothing wrong there. We need to adjust the gateway and Lync to understand each other.
The issue here is that the gateway is sending the number with + and when Lync sees the magical +, then Lync assumes that is normalized and try to find the user right away and then you have the error on the logs and call is not completed. Usually is almost right away.
There are a few workarounds for that but since in our scenario we have a Audiocodes/MediaGateway an easy fix is to make sure that we remove the + when sending to Lync, this way the information sent would be something like 141633366661234 which has the 11 digits for the number and extra 4 for normalization.
Now the responsibility of this relationship is on Lync’s turf and what we have to do is to create a normalization rule, before getting there let’s do a recap what we have right now:
Coming from AudioCodes: 141633366661234
My user’s attribute: tel:+14163336666;ext=1234
Okay now we have an idea what we should do, first of all we need to add the +, also the first 11 numbers are going to be static since we have extensions for all users using the main phone number. The second step is to use the 4 digits extension and add the ;ext=1234 at the end of the static number.
Let’s open Lync Server Control Panel, click on Voice Routing, double click on the desired Dial Plan and click New on the the Associated Normalization Rules. In the new page, define a name and click on Edit button. You can use the syntax below to adapt to your environment.
Just in case type in the format that is coming from the MediaGateway on the Dialed number to test and make sure that the Lync expected format is being displayed.
Make a call from your PBX and if everything is fine your Lync client should be ringing right now.
Note: When using extensions make sure that the assigned main number is always used with extension. For example: don’t use +14163336666;ext=1234 for an user and then try to use +14163336666 for the UM or something like that. There are different ways and configuring the main number to route to a specific location at media gateway may be a good solution. I will cover this in a future post.
If you are not sure if the issue is the extension there is a really easy way to test it. Just assign a whole new E.164 number to an user in Lync and then test the call from your PBX through the media gateway, if that rings you are golden and it most likely that the problem is at the extension level.
In some cases the administrator may want to delete content of a mailbox located in Exchange Server 2010. The first step is to create the search query that you want to use and you can use your own Outlook to get the string right. In the following example we are making sure that any message sent or received prior to 01-January-2012 and if the results are the expected you can save the query.
The second step is to use the Search-Mailbox and use the string that we tested above with the –SearchQuery attribute and –DeleteContent. The syntax is described below and also the cmdlet in action is shown in the figure below.
Search-mailbox –Identity <Mailbox> -SearchQuery "received:<01/01/2012 and sent:<01/01/2012" –DeleteContent
Note: If the Search-Mailbox is not available for your current user. Please, logged as Organization Management member run the following cmdlet New-ManagementRoleAssignment –Role “Mailbox Import Export” –User <Mailbox> and then close the Exchange Management Shell and open it again.