Deploying Lync Server 2013

In a earlier blog post I explained the basics of Lync Server 2010 and how to install Lync Server 2010, including a Lync Edge Server and a reverse proxy to publish the accompanying web services.

Microsoft has recently released Lync Server 2013 so it’s time to have a closer look at installing this version. Like the previous articles this article explains how to install a green field environment so there’s no ‘old’ version installed. In the previous blogs I have been working with Lync Server 2010 Standard edition, this blog is based on the Enterprise Edition of Lync Server 2013. There are multiple differences between Standard and Enterprise: Continue reading Deploying Lync Server 2013

The bookmark is invalid

We still have an HMC 4.5 (Hosted Messaging and Collaboration) environment running. HMC has a different approach when it comes to Exchange 2007 compared to ‘native’ Exchange 2007. Everything you want to do has to go through the MPS (Microsoft Provisioning Server) which takes care of all Exchange related management jobs.

Recently a number of users called in complaining about Outlook not being able to create a new profile. The error message that was returned is “The bookmark is invalid”.

This issue is caused by the Outlook client not being able to connect to the Address List. This is more confusing since you can see the Address List information when logged on via OWA. But this is because OWA uses a different technique (in Exchange 2007!) for accessing address lists then the Outlook client.

When checking the appropriate mailbox info you get the following information:

[PS] C:\Windows\system32>get-mailbox | select name,address* | fl
Name :
AddressListMembership : {\Default Global Address List, \All Users}
[PS] C:\Windows\system32>

While a normal functioning mailbox would show:

[PS] C:\Windows\system32>get-mailbox | select name,address* | fl
Name :
AddressListMembership : {\ AL, \ GAL, \All Users, \Default Global Address List}
[PS] C:\Windows\system32>

Somehow the mailbox lost its Address List membership. This is caused by the fact that when manipulating a mailbox using normal cmdlets in Exchange 2007 some HMC specific settings are not set, including the AddressListMembership property.

This can happen with the following cmdlets, but maybe with more cmdlets though:

  • Update-AddressList
  • Update-GlobalAddressList
  • Move-Mailbox
  • Set-Contact
  • Set-Mailbox
  • Set-CASMailbox
  • Set-DistributionGroup

The following functions should NOT be used directly in the Exchange Management Shell, but should be performed via the MPS:

  • Enable-Mailbox
  • Disable-Mailbox
  • Enable-MailContact
  • Disable-MailContact
  • Enable-DistributionGroup
  • Disable-DistributionGroup
  • Move-OfflineAddressBook

I assume this was a known issue at Microsoft since there actually is a RepairExchangeObject procedure in the “Managed Email 2007” namespace.

Create an XML that contains the following (after editing for your own environment of course):

<!--The domain controller to use for Active Directory actions.-->
<!--Specifies the LDAP path of the user, group, or contact.-->
<!--Specifies the path of the hosted organization that contains the AL, GAL, and OAB as well-known-objects. By default it is the LDAP parent container of the object.-->  
  <execute namespace="Managed Email 2007" procedure="RepairExchangeObject" impersonate="1">  
  <before source="data" sourcePath="preferredDomainController" destination="executeData" mode="move" />  
  <before source="data" sourcePath="path" destination="executeData" mode="move" /></p>  <p><before source="data" sourcePath="owningOrganization" destination="executeData" mode="move" />  
  <after source="executeData" destination="data" mode="merge" />  

Now run using provtest (provtest.exe fix.xml /x2) and check the Address List Membership again when done (maybe wait for replication to complete).

Special thanks to Kip Ng (ex MSFT) since I actually found the answer on his excellents blog:

Exchange 2010 SP2 Address Book Policies

In Exchange 2010 a new feature will be available called Address Book Policies which makes it possible to use multiple Address Books in Exchange 2010, completely separated from each other. It is sometimes referred to as multi-tenancy for Exchange 2010 although this is not entirely true. In this article I’d like to explain a bit more.

Address List Segregation

For Exchange 2007 Microsoft has a whitepaper available that describes how to implement Address List Segregation to achieve multiple Address Lists completely invisible for each other. In other words, users in the Address List don’t see other Address Lists and users, like the Fabrikam Address List or the Tailspintoys Address List. In Exchange 2007 this is implemented using Access Control Lists (ACL’s) to set permissions for specific Address Lists. This works fine for Exchange 2007 but Exchange 2010 uses a different technique called the Address Book Service running on the Client Access Server. Therefore, if using (or trying to use) the Address List Segregation whitepaper on Exchange 2010 things will horribly break. Continue reading Exchange 2010 SP2 Address Book Policies

SMTP load balancing with F5 LTM

In my previous blog I explained how to configure the F5 LTM for use with Exchange 2010 CAS servers. To do this properly it is recommended to use a template (iApp) because of the amount of work (and thus complexity).

Load balancing SMTP is much easier. The only things that need to be configured are:

  • Service Monitor for monitoring the SMTP service on the Exchange 2010 Hub Transport Servers;
  • A Pool containing the Exchange 2010 Hub Transport servers;
  • A VIP for the SMTP service with a listener on the public network.

To create a new Service Monitor select the Local Traffic and click the + symbol next to monitors. Give the new monitor a name like SMTP_Monitor and if needed adjust the service health monitoring interval. Continue reading SMTP load balancing with F5 LTM

Load Balancing Exchange 2010 with F5 LTM

In a earlier blogpost on load balancing Exchange 2010 I explained how to achieve this with a Kemp Loadmaster. In this blogpost I’d like to demonstrate how to configure this with an F5 Local Traffic Manager (LTM). This is actually part I of what I’ve demo’ d in the MEC 2012.

The configuration looks like this. There are two multi-role servers configured with a Database Availability Group (DAG). There’s a File Share Witness (FSW) configured on server FS01. The F5 itself is installed in a two arm configuration, so the VIP for the clients is on a different subnet then the Exchange Server.


Continue reading Load Balancing Exchange 2010 with F5 LTM