[There's a reason that Yoda is the unofficial mascot of SBS.  Size indeed matters not.] February 2014 - Posts - THE OFFICIAL BLOG OF THE SBS DIVA

February 2014 - Posts

Next up ... http://www.msexchange.org/articles-tutorials/exchange-server-2013/migration-deployment/planning-and-migrating-small-organization-exchange-2007-2013-part3.html

Logon Statistics

We'll start on the Exchange Server and use Get-LogonStatistics to grab a snapshot of connected clients. This is a good quick method of checking the build numbers against those shown above; but as it only captures information about currently logged on clients, it's unlikely this will give you a full picture.

In our small server, we normally do Exchange migrations after hours or over the weekend so the number of logged on clients is probably only iPhones and iPads. 

Get-MailboxServer |% { Get-LogonStatistics -Server $_ } `
| Where {$_.ClientVersion -match "^\d{2}\."} `
| Select UserName,ClientVersion | Sort -Unique -Property UserName `
| Export-Csv .\UserLogins.csv -NoTypeInformation

Now here's a tool I've never used before....

Microsoft Assessment and Planning Toolkit

Another approach that complements the above, is to use the Microsoft Assessment and Planning Toolkit. The MAP toolkit can be used for many purposes, and in particular can collect and document your existing Outlook client estate.

After downloading and installing the MAP toolkit from the Microsoft Downloads website, navigate to the Desktop tab and scroll down to the Office 2013 Readiness section. We'll use this to report on the current Office versions in use along with other relevant information that will help if you wish to upgrade clients to the latest version of Office. To begin, select Collect inventory data:

Let's download this and see what it does.

and we download it

Okay so this isn't 4.5.1 but it's still enough of a newer .net on an older platform that I'm going to skip this tool.  I'll walk around the office and see if folks are on what version of Outlook, or I'll get it from my RMM tool or you can even use Spiceworks to let you know what you've got on each desktop...none of these need .net 4.5

Next up seeing what clients we got... http://www.msexchange.org/articles-tutorials/exchange-server-2013/migration-deployment/planning-and-migrating-small-organization-exchange-2007-2013-part4.html

Blogging my way (starting over) through a proof of concept migration from SBS 2008 to Essentials 2012 R2 series will be a SMB kitchen project whitepaper.  More about the SMBKitchen project at - http://www.thirdtier.net/enterprise-solutions-for-small-business 

Posted Fri, Feb 28 2014 22:16 by bradley | with no comments
Filed under:

Exchange Server 2013 SP1 Transport Service issues with CodeTwo Exchange Rules 2013/PRO | CodeTwo Squad Blog:
http://www.codetwo.com/blog/exchange-server-2013-sp1-transport-service-issues-with-codetwo-exchange-rules-2013pro/

(bottom line this impacts anything with transport rules)

Posted Fri, Feb 28 2014 22:06 by bradley | with no comments
Filed under:

Next up ... http://www.msexchange.org/articles-tutorials/exchange-server-2013/migration-deployment/planning-and-migrating-small-organization-exchange-2007-2013-part3.html

Now up public folders....

Quoting again...

"Public Folder Infrastructure

In previous versions of Exchange, a public folder migration could certainly be a pain, but it was a rather straightforward procedure (unless you needed to troubleshoot) as the key method was to replicate the current public folders to the new Exchange servers, then remove the original replica.

With Exchange 2013, we'll migrate our Public Folder infrastructure to Modern Public Folders. This means the approach is different, and for larger organizations has additional planning concerns due to the removal of the multi-master model, that while troublesome, allowed users in different sites to access a local copy of the Public Folder they were using.

Our small example site doesn't have such concerns, but we'll take a quick snapshot using the Exchange Management Shell to ensure we know the sizes we'll need to migrate, and in the case you have multiple Public Folder databases, list the replicas.

Get-PublicFolder -Recurse `
|Where {$_.Identity.ToString() -ne "\NON_IPM_SUBTREE"} `
|Select Identity,@{N="Replicas";E={[String]::Join(";", $_.Replicas)}}, `
MailEnabled,@{N="Size MB";E={(Get-PublicFolderStatistics $_).TotalItemSize.Value.ToMB()}} `
|Export-CSV .\PublicFolderOverview.CSV -NoTypeInformation

I personally think that SMBs have more complications in public folders as we'll stick things in there and forget why we need it.

"If you don't use Public Folders, or can easily move away from them, there's no requirement to implement them with Exchange 2013. As the Outlook 2003 client is no longer supported, there is no client dependency.

Clients

We've collected data about our Exchange Server and some high level information about the mailboxes on it that we'll feed into the design, so now we'll look at what's connecting to Exchange 2007 and see if we've got any work to do.

Windows Outlook clients supported by Exchange must meet minimum requirements, and for Exchange 2013 that means they must be either:

  • Outlook 2013 (Build 15.0.4420.1017 or higher)
  • Outlook 2010 Service Pack 1 with at least the November 2012 update (Build 14.0.6126.5000 or higher)
  • Outlook 2007 Service Pack 3 with at least the November 2012 update (Build 12.0.6665.5000 or higher)

Remember, Exchange 2007 supports clients as old as Outlook 2002, but in general, we'd expect the majority of older clients to only be as old as Outlook 2003.

Exchange 2013 also supports Mac clients, including Outlook 2011 and Entourage Web Services addition. Apple's Mac Mail also connects, and naturally you may expect to find ActiveSync, POP3 and IMAP clients if these protocols are enabled. Outside of Exchange, we also have BES users in our environment; however we'll collect information about these separately when we examine the BES server in a later section."

Let's make this really really clear here.  You need to be on outlook 2007 or higher.  Outlook 2010 and higher is really preferred.  You can't use Outlook 2003 to connect to Exchange 2013.

Blogging my way (starting over) through a proof of concept migration from SBS 2008 to Essentials 2012 R2 series will be a SMB kitchen project whitepaper.  More about the SMBKitchen project at - http://www.thirdtier.net/enterprise-solutions-for-small-business 

Posted Fri, Feb 28 2014 21:41 by bradley | with no comments
Filed under:

Next up ... http://www.msexchange.org/articles-tutorials/exchange-server-2013/migration-deployment/planning-and-migrating-small-organization-exchange-2007-2013-part3.html

Send and Receive Connector Configuration

Send Connectors help your Exchange organization know where to route outbound email destined for non-local recipients, and Receive Connectors provide SMTP connectivity for other Exchange Servers, SMTP clients and inbound external mail.

We'll collect information about the configuration here to ensure that we know what Send Connectors we'll be switching across to Exchange 2013, so that any changes elsewhere (such as IP restrictions for relaying) can be actioned; and make sure we understand the Receive Connector configuration that we'll need to re-create and apply to Exchange 2013.

Examine each Send Connector, by navigating to Organization Configuration>Hub Transport and choosing the Send Connectors tab. You'll see each Send Connector listed.

Record details of each Send Connector, including which Exchange Servers are currently specified as Source Servers. You'll find that information by choosing Properties for each Send Connector.


Since we have a single server here, we won't need to re-create the send connectors; but we'll need to examine the configuration of where they send to and ensure they are allowed to connect. The details we've recorded are shown below:

Send Connector

Source Servers

Address Space

Windows SBS Interneet Send SBSTESTSERVER

SBSTESTSERVER

*

 

Next, we'll collect information to ascertain if any Receive Connectors have Anonymous relay permissions granted via Active Directory permissions.

We'll perform this using the Exchange Management Shell using the snippet below:

Get-ReceiveConnector | Get-ADPermission | Where {$_.ExtendedRights -like "*Ms-Exch-SMTP-Accept-Any-Recipient*" -and $_.Deny -eq $False -and $_.User -like "*NT AUTHORITY\Anonymous Logon*"} | fl Identity

After running the commands, if there are no anon relays, you'll see no input

Then, examine each Receive Connector, within Server Configuration>Hub Transport and select the first server you wish to record details for:

 

Open each Receive Connector, and record details both from the PowerShell output, and from each connector's Properties tab, as shown in the example table below.

Server

Receive   Connector

Max   Message Size (KB)

IP/Port

Accept   Mail From

Authentication

Permission   Groups

Anonymous   Relay

SBSTESTSERVER

Default SBSTESTSERVER

10240

192.168.1.5/25

192.168.1.0-192.168.1.255

- TLS

-Basic authentication

  - Offer basic authentication only after starting TLS

- Exchange Server Authentication

- Integrated Windows authentication

- Exchange users

- Exchange servers

- Legacy Exchange Servers

No

SBSTESTSERVER

Windows SBS Fax SharePoint Receive SBSTESTSERVER

10240

127.0.0.1/25

127.0.0.1-127.0.0.1

- Basic Authentication

-Anonymous users

- Exchange users

No

SBSTESTSERVER

Windows SBS Internet Receive SBSTESTSERVER

10240

192.168.1.2/25

0.0.0.0-192.168.1.2

192.168.1.2-192.168.1.2

192.168.1.2-255.255.255.255

- TLS

- Anonymous users

No

Obviously adjust this table for how you have your IP addresses setup and what you see in your server migration

Next up public folders....

Blogging my way (starting over) through a proof of concept migration from SBS 2008 to Essentials 2012 R2 series will be a SMB kitchen project whitepaper.  More about the SMBKitchen project at - http://www.thirdtier.net/enterprise-solutions-for-small-business 

Posted Thu, Feb 27 2014 22:55 by bradley | with no comments
Filed under:

Check it out....

Windows Server 2012 R2 Essentials technical training series now available on Microsoft Virtual Academy - The Windows Server Essentials and Small Business Server Blog - Site Home - TechNet Blogs:
http://blogs.technet.com/b/sbs/archive/2014/02/26/windows-server-2012-r2-essentials-technical-training-series-now-available-on-microsoft-virtual-academy.aspx

Posted Wed, Feb 26 2014 22:20 by bradley | with no comments
Filed under:

Next up ... http://www.msexchange.org/articles-tutorials/exchange-server-2013/migration-deployment/planning-and-migrating-small-organization-exchange-2007-2013-part3.html

Mailbox Quotas

Quota limits for mailboxes are by default defined at a Mailbox Database level. We'll therefore collect details about the limits currently in place. Within the Exchange Management Console, navigate to Server Configuration>Mailbox and view each respective Database properties as shown below: 

 I removed them from my server and thus why there are no settings

From the Database Properties dialog window, record the Warning, Send and Send/Receive Limits as shown above

As the database limits are shown in Kilobytes, we can divide the values by 1024 (for example 1048576 KB divided by 1024 equals 1024 MB) and then record the values as shown below:

Storage Group

Mailbox Database

Issue Warning

Prohibit Send

Prohibit Send/Recieve

MailboxDatabase

MailboxDatabase

None

None

None

 

 

To record any exceptions from these defaults we need to be aware of, we'll then open up the Exchange Management Shell and run the following command to display a list of users with overrides set and the values of those overrides.

Remember SBS has one up on the template level as well

So if you took that off (like many of us do) your output of the command below

Get-Mailbox -ResultSize Unlimited | Where {$_.UseDatabaseQuotaDefaults -eq $False} | Select Name,Prohibit*,Issue*

Will look like this:

More on the SBS quotas .. http://blogs.technet.com/b/sbs/archive/2008/10/28/how-do-i-change-message-size-limits-in-exchange-2007.aspx

We can then record that information in a table as shown below:

Name

ProhibitSendQuota

ProhibitSendReceiveQuota

IssueWarningQuota

SBSAdmin

20000MB

2Gb

1948MB

Susan

unlimited

unlimited

unlimited

Susanb

unlimited

unlimited

unlimited

 

 

 

 

Next up ...send receive connectors....

Blogging my way (starting over) through a proof of concept migration from SBS 2008 to Essentials 2012 R2 series will be a SMB kitchen project whitepaper.  More about the SMBKitchen project at - http://www.thirdtier.net/enterprise-solutions-for-small-business 

Posted Wed, Feb 26 2014 21:20 by bradley | with no comments
Filed under:

If you haven't checked out some of Robert's tools... check them out!

Windows Server Essentials – Configuration Troubleshooter | Title (Required):
http://titlerequired.com/2014/02/14/windows-server-essentialsconfiguration-troubleshooter/

Essentials 2012 Manage DNS AutoDiscovery | Title (Required):
http://titlerequired.com/2014/02/14/essentials-2012-manage-dns-autodiscovery/

TechNet Password Expiry Email Notification:
http://gallery.technet.microsoft.com/Password-Expiry-Email-177c3e27

Posted Tue, Feb 25 2014 22:59 by bradley | with no comments
Filed under:

Back on our proof of concept project for migrating from a SBS 2008 to Essentials... and in the meantime good news - Exchange 2013 sp1 is out which means Exchange 2013 is now finally (about time) and officially supported on 2012 R2.  So while I'm still reviewing my existing setup, I'm going to download Server 2012 R2 and Exchange 2013 sp1 and get ready to build a new member server.

But let's get back to where I was inventorying our setup on SBS 2008.

http://www.msexchange.org/articles-tutorials/exchange-server-2013/migration-deployment/planning-and-migrating-small-organization-exchange-2007-2013-part2.html

I was right at the Exchange profile analyzer section (and obviously taking this from someone in the UK that spells it Analyser)

Exchange Profile Analyser

The EPA tool allows us to scan mailboxes within the existing environment to determine some very important values that will assist with sizing the environment. When we size Exchange 2013, we'll need to know the average message size and the average number of messages sent and received each day. We can collect this data using this tool.

First, we'll need to assign the correct permissions to allow the EPA to read data from the mailboxes within the environment. To allow EPA to scan all mailboxes on our single Exchange Server, we'll use the following set of commands at the Exchange Management Shell to set permissions against all Mailbox Databases on the server. In our case we'll use E12M01 as the server name and Administrator as the username, so replace those values with appropriate ones for your environment:

Get-ExchangeServer E12M01 | Add-ADPermission -user Administrator -AccessRights ExtendedRight -ExtendedRights "Send-As"

Get-ExchangeServer E12M01 | Add-ADPermission -user Administrator -AccessRights ExtendedRight -ExtendedRights "Receive-As"

In my case it's SBSTESTSERVER

So my commands will be

Get-ExchangeServer SBSTESTSERVER | Add-ADPermission -user Administrator -AccessRights ExtendedRight -ExtendedRights "Send-As"

Get-ExchangeServer SBSTESTSERVER | Add-ADPermission -user Administrator -AccessRights ExtendedRight -ExtendedRights "Receive-As"

Click start

Exchange management shell and right mouse click and click on Run As Administrator

Next, we'll download the Exchange Profile Analyser from the Microsoft website. We can install this tool on an administrative workstation or for our example, we'll install the tool on the local, single Exchange Server for simplicity.

After install using the default options, launch the Exchange Profile Analyser. After launch, choose Connect to Active Directory and press, next. Then, we'll choose to connect to Active Directory using the current user credentials

And we install it on the box

 

We connect to AD using the existing user

 

The current Exchange topology will be loaded by the EPA.

Before beginning the scan, we'll then set options including leaving Logging/Stats Options as-is with Information selected, and Output Statistics for Individual Mailbox left unselected, and select our Exchange 2007 Servers.

We'll then ensure scanning over a period of time that is representative. For example, if it's currently during the summer holidays and we only scan a couple of weeks, our data may be incorrect because end users are on holiday and therefore sending less mail. Or if we are only scanning a period of time that represents then busiest period, for example the week that coincides with the year end, then our average figures may be skewed too high. A period of perhaps three to six months therefore may be a good starting figure to consider.

Exchange BPA

Sadly the Exchange Best Practices Analyser, and it's sibling the Exchange 2010 Pre-Deployment Analyser are no longer a part of Exchange 2013, but that isn't to say that they are not useful. We'll use the output from the Exchange BPA to help identify whether there's any well known underlying issues we need to be aware of and correct before moving forward with the Exchange 2013 deployment.

To launch the BPA, open the Exchange Management Console and navigate to the Toolbox. Then select Exchange Best Practices Analyser:

There are some things to ignore...

At least on my virtual box anyway...

Next up checking for mailbox quotas.. http://www.msexchange.org/articles-tutorials/exchange-server-2013/migration-deployment/planning-and-migrating-small-organization-exchange-2007-2013-part3.html

Blogging my way (starting over) through a proof of concept migration from SBS 2008 to Essentials 2012 R2 series will be a SMB kitchen project whitepaper.  More about the SMBKitchen project at - http://www.thirdtier.net/enterprise-solutions-for-small-business 

Posted Tue, Feb 25 2014 22:09 by bradley | with no comments
Filed under:

Released: Exchange Server 2013 Service Pack 1 - Exchange Team Blog - Site Home - TechNet Blogs:
http://blogs.technet.com/b/exchange/archive/2014/02/25/exchange-server-2013-service-pack-1-available.aspx

Okay I'll admit I was slightly dragging my feet on the proof of concept migration blogging project because I was HOPING that sp1 for Exchange 2013 would come out that brings support of Exchange 2013 to the 2012 R2 platform.  So now I can use 2012 R2 as the platform of choice for deployment.

Windows Server 2012 R2 support – Exchange 2013 SP1 adds Windows Server 2012 R2 as a supported operating system and Active Directory environment for both domain and forest functional levels. For the complete configuration support information refer to the Exchange Server Supportability Matrix. This matrix includes details regarding Windows Server 2012 R2 support information about earlier versions of Exchange

Posted Tue, Feb 25 2014 12:11 by bradley | with no comments
Filed under:

So you have a client that still has a SBS 2003 and they want to RWW into a Windows 8.1 machine?

You need to uncheck a box

Go into the control panel, system, remote connections and UNCHECK the "Allow connections only from computers running Remote Desktop with Network Level Authentication"

Once you do that, you can remote into the workstation.

Posted Sun, Feb 23 2014 17:55 by bradley | with no comments
Filed under:

http://blogs.technet.com/b/sbs/archive/2014/02/21/deploying-windows-server-2012-r2-essentials-in-an-existing-active-directory-environment.aspx

http://blogs.technet.com/b/sbs/archive/2014/02/17/deploying-windows-server-2012-r2-standard-datacenter-with-windows-server-essentials-experience-role-in-an-existing-active-directory-environment.aspx

A couple of things to keep in mind at the present time - which are not well documented (IMHO).

The first thing is that the Essentials wizards will only work when there is one and only one DC.  All those thoughts and plans of a multiple DC SMB deployment using either Essentials or Essentials role?  Yeah no can do right now.  Bugged.  Have no idea of a ETA for a fix.

The second thing is that these wizards also can only be run when the Essentials IS the domain controller.  So If you had the plan to make the Essentials role a member server and still offer up a RWA like experience... well you can.. .but just as long as the one and only DC is also that 2012 R2 server with the Essentials role - or it's an Essentials sku. (see http://social.technet.microsoft.com/Forums/windowsserver/en-US/ed131f6a-9f81-41af-8e85-ef73ed3321cd/essentials-experience-on-member-server-office-365-integration?forum=winserveressentials for a bit more discussion)

If you add an Essentials server to an existing domain and it's in the member server role only - it will only backup clients.

Posted Fri, Feb 21 2014 23:31 by bradley | 1 comment(s)
Filed under:

http://redmondmag.com/articles/2014/01/13/godaddy-hosted-360-email.aspx

Just for grins I wanted to see how Godaddy set up Office 365 - was it really Office 365 or something else.  How automatic of a set up was the offering.. if you bought the domain name as part of the Office 365 package it would seem to me that they'd know what DNS settings to do right?

It appears not as they give you the settings you are supposed to do:

And before anyone says anything...yes I bought smbdiva.com because it was available, believe it or not!

 

Let's get your mail going to the right place

Before we can get your account up and running, you'll need to follow these steps to direct your mail to the right place for smbdiva.com

  1. Log on to your hosting provider or third-party domain name system manager (usually the same place you bought your domain)
  2. Locate the CNAMEs and set the following:
    • Name: autodiscover
    • Target: autodiscover.outlook.com
    • Name: sip
    • Target: sipdir.online.lync.com
    • Name: lyncdiscover
    • Target: webdir.online.lync.com
    • Name: email
    • Target: email.secureserver.net
    • Name: msoid
    • Target: clientconfig.microsoftonline-p.net
  3. Locate the MX and set the following:
    • Host: @
    • Priority: 0 Target: smbdiva-com.mail.protection.outlook.com
  4. Locate the SRV and set the following:
    • Port:
    • Protocol: Name: Service: Priority: Weight: Target:
      443 _tls @ _sip 0 0 sipdir.online.lync.com
    • Port:
    • Protocol: Name: Service: Priority: Weight: Target:
      5061 _tcp @ _sipfederationtls 0 0 sipfed.online.lync.com
  5. Locate the TXT and set the following:
    • Name: @ TXT Value: MS=ms73364951
    • Name: @ TXT Value: v=spf1 include:spf.protection.outlook.com -all

Note: Making these changes means you'll stop receiving email to any account previously set up on this domain. Learn more »


I love how they say "log into your domain provider"... uh that would be you!

The other thing I noted is that they did NOT tell me to remove the existing MX record.

Priority 10 MX record that is pointing to mailstore1.secureserver.net

Now I had some issues trying to get a Lync meeting so I'm not convinced this is still set up right.

Another item of interest is that if you go to a normal Office 365 login page and type in your domain it redirects you to the godaddy sign in

 Flipping the domain over to  the public sharepoint site also isn't working and as a workaround you are given the manual info:

Add these DNS records for www.smbdiva.com at your DNS hosting provider.

Need help adding the records? See step-by-step instructions for creating these records at popular DNS hosting providers.
Type Priority Host name Points to address TTL
CNAME - www.smbdiva.com        netorg22482.sharepoint.com        3600

 

Nor do they tell you you need to remove this

Not as polished of a process as I was expecting

Posted Fri, Feb 21 2014 23:12 by bradley | with no comments
Filed under:

it's finally out.  You can download it here:

HPIP160.2014_0113.271.iso

https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/psi/swdHome/?sp4ts.oid=5379532&spf_p.tpst=swdMain&spf_p.prp_swdMain=wsrp-navigationalState%3DswEnvOID%253D4108%257CswLang%253D%257Caction%253DlistDriver&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken

Posted Wed, Feb 19 2014 22:08 by bradley | 1 comment(s)
Filed under:

http://www.msexchange.org/articles-tutorials/exchange-server-2013/migration-deployment/planning-and-migrating-small-organization-exchange-2007-2013-part2.html

Okay I don't suck at PowerShell as much as I thought I did.  It appears there's a slight problem with that script on 2007 servers.  If I go back to a prior version it runs just fine.  I found the prior version from this blog post:  http://www.stevieg.org/2011/06/exchange-environment-report/

Yeah not much to see is there?

Which also reminds me I need to check to see if Exchange 2013 automatically places limits on the mailbox sizes when installed.  I'm guessing it doesn't as that was something to watch out for as we migrated before.

Next up is the Exchange profile analyzer....

Blogging my way (starting over) through a proof of concept migration from SBS 2008 to Essentials 2012 R2 series will be a SMB kitchen project whitepaper. More about the SMBKitchen project at - http://www.thirdtier.net/enterprise-solutions-for-small-business

Posted Tue, Feb 18 2014 19:35 by bradley | with no comments
Filed under:

http://www.msexchange.org/articles-tutorials/exchange-server-2013/migration-deployment/planning-and-migrating-small-organization-exchange-2007-2013-part2.html

Next up, lets run a little inventory script.

Download it from here: http://gallery.technet.microsoft.com/exchange/Generate-Exchange-2388e7c9

One slight little hiccup is the need for PowerShell 2.0. 

The installation of PowerShell 2.0 on SBS 2003 (if you are migrating from that can be done - http://www.sbsfaq.com/?p=3040

Also can be done on SBS 2008 - http://support.microsoft.com/kb/968929

And there's some posts that say that supposedly 2008 sp2 has it but I don't it does as My PowerShell was still reporting itself as V1 not v2.

I had to go through my aging memory banks to remember that it was PowerShell 3 that had issues on SBS 2008, not PowerShell 2 - http://blogs.technet.com/b/sbs/archive/2012/12/15/windows-management-framework-3-0-applicability-on-windows-small-business-server-2008-2011-standard.aspx

"From an Exchange Management Shell, navigate to the directory you've downloaded and extracted the script to. Then to generate a simple one-time report, execute the command with the following parameters:

.\Get-ExchangeEnvironmentReport -HTMLReport .\Report.html"

We also need to remember to set the PowerShell execution policy in order to run this

http://technet.microsoft.com/en-us/library/ee176961.aspx

Changing the Windows PowerShell Script Execution Policy

The Set-ExecutionPolicy cmdlet enables you to determine which Windows PowerShell scripts (if any) will be allowed to run on your computer. Windows PowerShell has four different execution policies:

  • Restricted - No scripts can be run. Windows PowerShell can be used only in interactive mode.

  • AllSigned - Only scripts signed by a trusted publisher can be run.

  • RemoteSigned - Downloaded scripts must be signed by a trusted publisher before they can be run.

  • Unrestricted - No restrictions; all Windows PowerShell scripts can be run.

To assign a particular policy simply call Set-ExecutionPolicy followed by the appropriate policy name. For example, this command sets the execution policy to RemoteSigned:

You may want to flip it to RemoteSigned or Unrestricted and then set it back to Restricted.

I also copied the script to the c:\scripts folder to make it easy on myself. And made sure I right mouse clicked on the file and "unblocked" it so it would run.

All set and here we go.......

...or maybe not.

...and right about here is where we find I live in SBS land and not in normal server land because this lovely inventory tool that supposedly works in all environments is failing on this part of the PowerShell

        $IntNames = [system.String]::Join(",",$IntNames)
        $ExtNames = [system.String]::Join(",",$ExtNames)

it doesn't like, as it says Exception calling "Join" with "2" arguments(s):  "Value cannot be null"

Hmm... and I can't tell why it's failing.  Let me go ask folks who know a heck of a lot more PowerShell than I do as I haven't a bloody clue as to what it wants or what it's lacking.

Okay enough for tonight, stay tuned for tomorrow night's edition of "How Susan realizes she totally sucks at PowerShell"

Blogging my way (starting over) through a proof of concept migration from SBS 2008 to Essentials 2012 R2 series will be a SMB kitchen project whitepaper.  More about the SMBKitchen project at - http://www.thirdtier.net/enterprise-solutions-for-small-business 

Posted Mon, Feb 17 2014 22:45 by bradley | with no comments
Filed under:

Using this as a guide - http://www.msexchange.org/articles-tutorials/exchange-server-2013/migration-deployment/planning-and-migrating-small-organization-exchange-2007-2013-part2.html

Using these we'll make sure we understand the Exchange environment we have

The Exchange Management Console

  • The Exchange Management Shell for basic data collection and export
  • Exchange Environment Report Script
  • Exchange Profile Analyser
  • Exchange Best Practices Analyser
  • IIS Log Analysis
  • Windows Server Update Services reporting
  • I'll begin by following this guidance:

    "We'll begin by using the Exchange Management Console (EMC) to collect information about Internal and External URLs for Outlook Web App, The Offline Address Book and ActiveSync. For each service, navigate to the relevant tab within Server Configuration>Client Access then double click the listed Virtual Directory:"

    Click on Start, then on the Exchange Management console, then on the UAC prompt

    Go to client access, then to Outlook Web access tab.

    Note the Internal URL as well as the External url

    In our example it's both https://remote.sbs2essentials.com/owa for both

    Then go to the Offline Address book tab, right mouse click on properties

    it's https://remote.sbs2essentials.com/OAB

    "Next, we'll collect the value used for Outlook Anywhere. Right click the Server Name in the EMC, and choose Properties"

    In the case of a SBS 2008 it should be the same, but it's wise to double check.  remote.sbs2essentials.com

    Next up some PowerShell:

    "There's a couple for URL values we aren't able to collect from the EMC, so we'll need to open the Exchange Management Shell and use a couple of commands to return the information we need. First, lets grab the Internal URL and External URL for Exchange Web Services:

    Get-WebServicesVirtualDirectory | fl Name, InternalURL, ExternalURL  "

    Click on PowerShell for Exchange, don't forget to right mouse click and run as admin

    Now copy and paste the command

    Get-WebServicesVirtualDirectory | fl Name, InternalURL, ExternalURL 

    Remember over a HyperV you can click on clipboard and then it will copy over the commands

     

    The result will come back when you hit enter

     

    In our case it's

    InternalUrl : https://remote.sbs2essentaisl.com/EWS/Exchange.asmx

    ExternalUrl: https://remote.sbs2essentaisl.com/EWS/Exchange.asmx

    "We'll also need to retrieve the Service Connection Point value used for the Exchange Server. This value (or values for multiple servers) is the AutoDiscover URL that is provided to Outlook clients that are domain joined:"

    Get-ClientAccessServer | fl Server,*URI

    "Finally we'll examine the SSL certificates and subject alternative names in use. You can if you wish view these details by accessing the server directory, or simply by visiting the Internal and External URLs from the LAN and externally examining the Subject Alternative Names recorded on the certificate:"

    In our example we just have our domain name.

    In our example our autodiscover is up at our DNS hoster as a srv record.

    "Record the names listed on the certificates, and then verify the names listed are actually in DNS. If they aren't listed in either internal or external DNS then that means the names aren't actually in use and we can consider ignoring them. For example, to check internal Active Directory-integrated DNS, we'll access a Domain Controller and open DNS Management. Navigate to the domain and verify each Subject Alternative Name (and FQDN) listed."

    Click on start, administrative tools, then DNS and review the setup

    In the case of SBS we have a split DNS

    We have a DNS setting for our domain name - remote.sbs2essentials.com

    and then we have our internal domain name of .local

     

    as you can see here:

    "Finally we'll revisit the Exchange Management Console and view the name used - if any - for services including POP and IMAP. Navigate to Server Configuration, then select the respective IMAP and POP tabs and select the properties for each service. Record the x509 certificate subject name from the Authentication tab as shown below."

    Again it's our remote.sbs2essentials.com.

    And if anyone is still using the pop connector and they are migrating to ON PREMISES Exchange... honey we need to talk.  You should long ago have killed that off.

    "To determine whether you need to consider either IMAP or POP namespaces, we'll check the service startup settings for both. Open the Services Management Console via Start>Run then entering services.msc and scroll down to find the Microsoft Exchange POP3 and Microsoft Exchange IMAP services as shown below."

    In our case we're not using IMAP or POP3.

    After collection the namespaces, we'll record them as shown below:

    Service

    Internal URL

    External URL / FQDN

    OWA

    https://remote.sbs2essentials.com/OWA

    https://remote.sbs2essentials.com/OWA

    OAB

     https://remote.sbs2essentials.com/OAB

     https://remote.sbs2essentials.com/OAB

    EWS

    https://remote.sbs2essentials.com/EWS/Exchange.asmx

    https://remote.sbs2essentials.comEWS/Exchange.asmx

    Outlook Anywhere

    N/A

    remote.sbs2essentials.com

    POP3

    N/A

    remote.sbs2essentials.com

    SCP

    https://autodiscover.remote.sbs2essentials.com/Autodiscover/Autodiscover.xml

     

     

    Next up the Exchange Environment Report

    Blogging my way (starting over) through a proof of concept migration from SBS 2008 to Essentials 2012 R2 series will be a SMB kitchen project whitepaper.  More about the SMBKitchen project at - http://www.thirdtier.net/enterprise-solutions-for-small-business 

    Posted Sun, Feb 16 2014 22:30 by bradley | with no comments
    Filed under:

    Many consultants throw the baby out with the bathwater...and they often have justifiable reasons for doing so.  When you don't know what the other consultants have done along the way, many a consultant have found that a new server/a new domain controller means that you start fresh.  The process included determining what ya got, attempting to figure out how someone (badly) set it up before, recreating it with your new domain plan, ensuring you ask the boss if there are any things he does uniquely that he's forgotten to tell you (until you find out after the domain cut over) and you soothe any ruffled feathers after the fact.

    If you do trust the domain (you set it up the last time) I'd still recommend an official AD migration. 

    But we need to understand what we got.

    So first we read:

    http://www.msexchange.org/articles-tutorials/exchange-server-2013/migration-deployment/planning-and-migrating-small-organization-exchange-2007-2013-part1.html

    In my testbed, we have less than 25 users but remember Essentials role (not the SKU but the role) is not limited to 25 users.  In fact it can go as high as 100 with 200 devices.  So if you are thinking about an existing SBS domain with greater than 25 users and think that you can't use Essentials you can- just as the role on the normal server, not on the sku.  Keep in mind that in either the sku or the role, you will need Exchange cals and Server cals to properly license.  And these days because I really do like offering up RDS gateway role access to iPads and what not, plan on RDS cals.  To help with the sticker shock on all of these things you have to buy that you didn't have to before, plan on 3 year spread payments via Open license.  It helps the medicine go down better.

     

    We have a single Exchange server (Exchange 2007) and a typical SMB firewall.  No TMG here (and it's discontinued anyway so it would be irrelevant regardless)

    Our mail hygiene is an external cloud product (see I use cloud!) of www.ExchangeDefender.com which also provides the network during the time of migration a hold and storage of email should (heaven forbid) anything happen in the process. 

    There are no Blackberry devices but there are obviously many iPhones and iPads as well as one Android device.

    There is a email footer software called PolicyPatrol (http://www.policypatrol.com/ - sign of the times they now support both Office 365 as well as Google apps to add email disclaimer signatures).  This email footer software adds the (annoying but required) tax information signature at the bottom of our emails as well as normal blurbs when the email does not contain tax information (the software is triggered by key words and works very nicely).

    We have a backup solution - and have tested it.

    In my instance, the Essentials server will implement the Application Request routing (ARR) that will allow for the ability to handle the 443 for both the remote web access as well as Exchange/OWA.  We won't have TMG handling this process as we don't have a TMG server.

    In our instance we'll me moving server roles and duties off of the SBS 2008 server and reusing that server for alternative needs, it's also the main non domain joined hyperV hoster and while I'm not comfy with it being in the main position, it still has some life left to be a secondary server that I won't trust as much as I use to.

    Next step discovery of the network...

    Blogging my way (starting over) through a proof of concept migration from SBS 2008 to Essentials 2012 R2 series will be a SMB kitchen project whitepaper.  More about the SMBKitchen project at - http://www.thirdtier.net/enterprise-solutions-for-small-business 

    Posted Sun, Feb 16 2014 21:51 by bradley | with no comments
    Filed under:

    *Kids don't try this at home*

    Yes, I'm doing something I shouldn't because I'm lazy and I think I can make sure my proof of concept domain is okay.  But to do this on a real server... not a wise move.  In particular rolling back to a snapshot (checkpoint on R2 - new name for it) on SBS 2011 will most likely mangle your SharePoint - I've personally mangled it because it gets the automatic password changing that the SharePoint script does on the box go wacko.

    http://blogs.technet.com/b/sbs/archive/2011/08/17/http-error-503-accessing-company-web-on-sbs-2011-standard.aspx

    I've personally seen that side effect when rolling back to a previous snapshot on a SBS 2011 test box.

    So bottom line don't do this....do it the right way on a production server and have a backup - preferably in multiple ways.  MS backup/Storagecraft/however many ways you can afford.

    Posted Thu, Feb 13 2014 22:27 by bradley | with no comments
    Filed under:

    I'm going to reboot my project a bit.

    I didn't do my due diligence and I want to showcase how it really should be done.  I failed to take the time to really inventory what I have because I already know what I have.  But to be fair to this blogging project I shouldn't assume that I do.

    So with my HP Microserver HyperV box at the ready we're going to roll back to where I started (kids don't do this on a production network - one should restore not cheat and use the HyperV snapshot (or whatever they decided to call it in R2 these days)

    And then we're going to follow THIS documentation -- http://www.msexchange.org/articles-tutorials/exchange-server-2013/migration-deployment/planning-and-migrating-small-organization-exchange-2007-2013-part5.html

    Not the Microsoft one.

    Stay tuned as we begin again.

    Posted Thu, Feb 13 2014 22:12 by bradley | with no comments
    Filed under:

    As I take a short break to do my patching write up for Patch Watch... I notice interesting comments on the Action pack blog announcement

    http://blogs.technet.com/b/msuspartner/archive/2014/01/29/the-new-microsoft-action-pack-subscription-debuts-february-24.aspx#pi139431=3

    So what do you think about the changes?

    Posted Wed, Feb 12 2014 22:12 by bradley | 7 comment(s)
    Filed under:
    More Posts Next page »