While uninstalling Exchange Server 2003 (after a successfull migration to Exchange Server 2010) I ran into the dreaded “The server cannot be removed because” issue:
The server <servername> cannot be removed because:
– One or more users currently use a mailbox store on this server. These users must be moved to another mailbox store on a different server or be mail disabled before uninstalling this server.
Facility: Exchange System Manager
ID no: c103f492
Continue reading Exchange 2003 The server cannot be removed because…
When moving mailboxes from Exchange 2003 or Exchange 2007 to Exchange 2010 the move request finishes, but with a status of CompletedWithWarning:
The mailbox is moved to Exchange 2010, but the time to finish the actual migration takes a long time. The first reports of this issue I’ve seen came with Exchange 2010 SP2 RU3.
Continue reading MapiExceptionUnexpectedMailboxState: Unable to delete mailbox
Now that Microsoft TMG2010 no longer is available it’s time to look for other alternatives. Reverse proxy solutions is not a problem, there are various solutions for this. Microsoft itself has the ARR (Application Request Routing) on top of IIS available. This can perform reverse proxy, but for load balancing you still have to rely on NLB. Another drawback is that ARR does not do pre-authentication.
With the new software version for the Kemp LoadMaster series (V7) it is now possible to do reverse proxy and pre-authentication out of the box. The new module is called ESP or Edge Security Pack. The idea is the same as before, clients hit the Kemp LoadMasters and the requests are distributed across multiple Exchange Client Access Servers. But before the requests are sent to the Client Access Servers they are authenticated. Kemp uses an authentication provider for this, in a normal scenario this would an Active Directory Domain Controller.
The advantage of pre-authentication is evident. In case of a (brute force) attack the CAS servers are only bothered with normal authentication traffic, the attacks are handled by the Kemp and these never reach the CAS servers. ESP is specifically designed to handle this kind of traffic. With ESP the CAS servers only handle normal user authentication.
Continue reading Kemp Edge Security Pack for Exchange 2013