Exchange 2013 Front-End Back-End

One of the major changes in 2013 is the new architecture. Exchange 2013 only has two server roles:

  • Client Access Server role;
  • Mailbox Server role;

The other server roles that were available in Exchange 2007 and Exchange 2010 still exist, but are now known as Services. The Client Access Server (CAS15) consists of the Client Access Front-End (café) and the Front-End Transport (FET). The Mailbox Server role consists of the Mailbox Service, Unified Messaging Service, Client Access service (ambiguous naming I’m afraid) and the Hub Transport Services. The only exception is the Edge Transport Server role. When Exchange 2013 goes to RTM there won’t be an Edge Transport Server, this will be released with SP1 of Exchange 2013.

Continue reading Exchange 2013 Front-End Back-End

Migrationwiz – Exchange migration in the cloud

When migrating one Exchange organization to another organization you have to do quite some work. The traditional methods include a lot of scripting, or a 3rd party tool like Quest or BinaryTree to migrate one Exchange environment to another.

Migrationwiz is a product that can perform the migration from the cloud, they offer E-mail migrations as a service. This migration can be from any messaging platform to any messaging platform, but for this blog I’ll focus on a migration from one Exchange platform to another Exchange platform (in different datacenters).

image

Continue reading Migrationwiz – Exchange migration in the cloud

Insufficient Access Rights

During an Exchange 2003 to Exchange 2010 migration I ran into an issue where the mailbox could not be moved to Exchange 2010 because of an “Insufficient Access Rights” error:

[PS] C:\Windows\system32>get-mailbox -Identity “Joe Sixpack” | New-MoveRequest -TargetDatabase dB01 -BadItemLimit:25 -AcceptLargeDataLoss:$true

Continue reading Insufficient Access Rights

msExchQueryBaseDN and Exchange 2010

In the old days when using Exchange 2007 for hosting scenarios you would use the Configuring virtual organizations and address list segregation in Exchange 2007 whitepaper. In Exchange 2007 the msExchQueryBaseDN property on a mailbox was used to limit the search scope of users in OWA. The typical setting of this property is the OU where the users would reside in Active Directory.

The msExchUseOAB property on a mailbox is used to select an Offline Address Book in a hosting environment (where multiple OAB exist of course). This way the user would receive the OAB of his particular organization.

Continue reading msExchQueryBaseDN and Exchange 2010

Change OWA Logon Page in TMG

Normally when you use OWA you see the initial logon page where the credentials are asked like Domain\User name:

image

When you want to use the UPN (in most cases identical to the e-mail address) you can set this on the OWA Virtual Directory in the Exchange Management Console:

image

When you select “Use forms-based authentication” and select “User principal name (UPN)” the initial login page changes accordingly:

image

When using TMG2010 in front of Exchange 2010 things are different. The logon form is now generated by TMG, and the Exchange server itself is set to basic authentication. By default the TMG logon page for Exchange is set to show the Domain\Username format and unfortunately there’s no easy way to change the logon page to show something different.

Please note that although the default page shows Domain\Username you still can use the UPN to logon!

To change the logon page to show a different text (or change the layout completely) you have to change the HTML pages. These pages can be found on the TMG server in directory C:\Program Files\Microsoft Forefront Threat Management Gateway\Templates\CookieAuthTemplates\Exchange\HTML. The various languages files can be found in subdirectories here, for example the Dutch language component can be found in subdirectory nls\nl. Open the strings.txt file, search for the L_UserName_Text string and change its value.

image

Restart the TMG Firewall service and open Outlook Web App. You’ll see that the logon page has now changed:

image