Deploying 2x Exchange Server 2013 CAS server email traffic high availability during patching & reboot

Hi people,
What is the best way to utilize VMware technology to host 2x the Exchange Server 2013 CAS role VM in my production VM to ensure that the email traffic is not halted during server patching ?
Previously in Exchange Server 2007 I am using Windows NLB (IGMP Multicast) on my ESXi 4.1, now with ESXi 5.1 and 2013 I wonder if there is any better way to make sure that the server failover does not disrupt the mail flow between the Smarthost and the CAS server role.
Thanks

Hey AlbertWT,
Can you clarify exactly what you mean when you say "server patching?" Do you mean patching at the ESXi host level or something within the guest?
As you probably know Exchange 2013 CAS no longer needs NLB or even a hardware load balancer. Due to changes in the architecture, even simple DNS round robin is "enough" to load balance the CAS role. NLB has its own set of headaches which you are probably all too familiar with so getting rid of that can help remove a lot of complexity from the situation.
If you can clarify what you mean by "server patching" and "server failover" in your post I think that would be helpful for me to give you a more definitive answer.
Matt
http://www.thelowercasew.com

Similar Messages

Exchange server 2013 CAS server high availability

Hi
I have exchange server 2010 sp3(2 MB, 2Hub/Cas) servers.
Planning to migrate to exchange server 2013.( 2 cas servers and 2 mbx servers).
I dont want to go all traffic single so i am keeping the role separate..
In exchange 2010 i achieved hub/CAS high availability through NLB.
In exchange 2013 how to acheive this...
Please share your suggestions with document if possible...

Here ya go:
http://technet.microsoft.com/en-us/library/jj898588(v=exchg.150).aspx
Load balancing
and
http://technet.microsoft.com/en-us/office/dn756394
Even though it says 2010, it applies to 2013 vendors as well.
Twitter!: Please Note: My Posts are provided “AS IS” without warranty of any kind, either expressed or implied.

Lync Server 2010迁移升级Lync Server 2013时Lync Server控制面板无法打开Lync Server 2013

Lync Server 控制面板打开Lync Server 2010正常，打开Lync Server 2013报错未授权：授权失败。前端服务器日志显示如下：
日志名称:          Lync Server
来源:            LS Remote PowerShell
日期:            2014/4/1 10:40:41
事件 ID:         35005
任务类别:          (3500)
级别:
错误
关键字:
经典
用户:
暂缺
计算机:           lync13fe01.byd.com
描述:
远程 PowerShell
无法从存储中读取 RBAC 角色信息。
远程 PowerShell
在尝试读取用户的 RBAC 角色信息时遇到问题。Retry failed。异常: SqlConnectionException。失败原因:
用户 'DL\LYNC13fe01$' 登录失败。。堆栈跟踪:
在 Microsoft.Rtc.Management.Store.Sql.XdsSqlConnection.ReadDocItems(ICollection`1 key)
在 Microsoft.Rtc.Management.ScopeFramework.AnchoredXmlReader.Read(ICollection`1 key)
在 Microsoft.Rtc.Management.WritableConfig.AnchoredXmlSchemaCache.get_Item(ScopeClass scopeClass)
在 Microsoft.Rtc.Management.Authorization.OcsRunspaceConfiguration.GetRolesFromStore(ManagementConnection connection)
原因:
发生失败可能是由于读取管理存储时出现某个权限问题。
解决方法:
确保服务器是加入域的计算机且能够查询 Active Directory。
事件 Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
    <Provider Name="LS Remote PowerShell" />
    <EventID Qualifiers="52652">35005</EventID>
    <Level>2</Level>
    <Task>3500</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2014-04-01T02:40:41.000000000Z" />
    <EventRecordID>7400</EventRecordID>
    <Channel>Lync Server</Channel>
    <Computer>lync13fe01.byd.com</Computer>
    <Security />
</System>
<EventData>
    <Data>Retry failed</Data>
    <Data>SqlConnectionException</Data>
    <Data>用户
'DL\LYNC13fe01$' 登录失败。</Data>
    <Data>
在 Microsoft.Rtc.Management.Store.Sql.XdsSqlConnection.ReadDocItems(ICollection`1 key)
在 Microsoft.Rtc.Management.ScopeFramework.AnchoredXmlReader.Read(ICollection`1 key)
在 Microsoft.Rtc.Management.WritableConfig.AnchoredXmlSchemaCache.get_Item(ScopeClass scopeClass)
在 Microsoft.Rtc.Management.Authorization.OcsRunspaceConfiguration.GetRolesFromStore(ManagementConnection connection)</Data>
</EventData>
</Event>

Hi,
This forum is only English Supported.
Did you use the same account to open Lync Server 2013 control panel with Lync Server 2010 Control Panel?
If not, please check the account that is assigned to the CsAdministrator role.
On your Lync Server 2013 Front End Server, open IIS, expand Lync Server Internal Web Site. Click cscp, then click Browse *:443 in Actions panel to check if you can open Lync Server 2013 Control Panel.
Check your Domain Controller is available. You can ping it on Lync Server 2013 Front End Server.
Lisa Zheng
TechNet Community Support

Exchange 2013 - CAS Server Multi Namespace & Site Deployment

Hello,
I am
currently designing the new Excahnge 2013 environment that I am looking to deploy by the end of the month. And I have come up with two designs on what could be deployed. The first being an active/passive design with a single namespace across two sites.
One site being the primary site and the other being the secondary DR site in a single DAG. Now this is a common design and similar setups are documented in detail online on many blogs and such.
Where my trouble is with the second design I have come up with which is an active/active model using a multi namespace across the same two sites utilizing two DAGs. The idea here being the first
site is the corporate head office which would only contain those users. While the second site would contain everyone else not based out of the head office. The goal being to cut out internal users from connecting all of the way into the primary site when they
are external to it.
Now the way in which the network is setup between the two sites. Accessing the internet from the primary site requires you to go through the secondary. So for the second design my idea would
be for external Outlook, OWA and ActiveSync connections would connect into the secondary site for it to then proxy over to the primary. Now I am used to how Excahnge 2010 did its proxying and if the ExternalUrl property was blank is knew to proxy to the other
site. Is that still the case with Excahnge 2013 or it does not care at all and I can just populate both the internal/external url properties for all of the CAS servers at the primary site?
Now assuming I do populate both the internal/external url property in Excahnge 2013 for the primary site. And for this example I am going to use mail01.domainname.com for the primary site and
mail02.domainname.com for the second. To get Outlook, OWA and ActiveSync to connect for users of the primary site externally would it be as simple as having that external internet DNS entry for mail01.domainname.com point to the same IP as mail02.domainname.com
would be? With mail02.domainname.com pointing to a externally accessible load balancer for the second site.
Now applying the above logic and assuming as long as you hit a CAS server. And it will find your mailbox for you does that mean I can could also use the same namespace in both locations for
say OWA and ActiveSync? So the idea being we want to keep using webmail.domainname.com for OWA access. So if I set that URL for both the primary and secondary site as long as I hit a CAS server in the secondary site. It will be able to connect over to the
mailbox in the primary site for OWA?
Nicholas

Hello Angela,
I need some clarification to your reply as it has left me a little more confused. Where you start by saying “all client requests will firstly access the internet-facing server”.
Are you talking about when the client is connecting in externally or when the client is internal? As this would make it seem like in my second design where only the secondary site would have internet facing CAS. That clients in the primary site internally
would connect over to the secondary site then be proxyed back to the primary.
Then for the separate namespace portion of your reply. I am assuming you mean the secondary site form my example which will have the internet-facing CAS server? If that is
the case my public DNS entry would be mail02.domain.com only but then how would the client from the primary site who use mail01.domain.com which is not on an internet facing CAS server. Then figure out they can connect in on mail02.domain.com externally from
the internet?
And when you talk about both sites using the same namespace. And using two public DNS entries pointing to the CAS servers in both datacenters. Is that not just going to do
DNS round robin? As described in this technet blog?
http://blogs.technet.com/b/exchange/archive/2014/02/28/namespace-planning-in-exchange-2013.aspx
Or is it because both datacenters will be hosting active mailboxes. Will the clients query each CAS server till it finds one in its site? I do also plan to deploy a load balancer with my CAS servers. So I would think that would cancel our using the two public
DNS option.
Nicholas

Exchange server 2013 CAS High Availability

Dear All,
Next weekend i need to build Exchange CAS 2013 HighAvailbility can somebody help me please.
we don't have any load balancers we may use windows NLB (or) is there any way to build without load balancers and Windows NLB.
If possible i need step by step guide deploying cas 2013 HA.How do i redirect users to different cas server i need to have this control if one fails.
Thanks & Regards, Santosh Chowdary Vasireddy System Administrator Prolifcs DHFLVC Silicon Towers, 5th Floor, Survey #14, Kondapur, Hyderabad – 500 032. Work +91 40 3999 1999 Ex.1656 l Cell +91 9849277255 l [email protected] A Global
Provider of IBM, Microsoft and Testing Solutions Award Winner for Technical Excellence, BPM, SOA, Portal and Governance

There are a few options for load balancing.
DNS Round Robin is one of the way to go without any load balancing solution.
http://blogs.technet.com/b/exchange/archive/2014/03/05/load-balancing-in-exchange-2013.aspx
The article above talks about each option and their advantages and disadvantages.
To enable round robin for Windows Server
Click Start, click All Programs, click Administrative Tools, and then click DNS.
Expand DNS, right-click the DNS server you want to configure, and then click Properties.
Click the Advanced tab, select Enable round robin and Enable netmask ordering, and then click OK.
Picked up from : http://technet.microsoft.com/en-us/library/gg398251.aspx
The link below is the way Microsoft has configured Load balancing and entire exchange architecture.
http://blogs.technet.com/b/exchange/archive/2014/04/21/the-preferred-architecture.aspx
Please be aware that, all the above needs careful planning before implementing. There are advantages as well as downsides to each of them.

New Exchange 2013 CAS server in existing Exchange 2007 Organization

Dear Friends,
We have exchange 2007 SP3 with CU13 installed with single copy cluster for database and 1 OWA server for CAS/HT. We will migrate from current to Exchange 2013SP1. As we want to have HA, we have installed 2 new Exchange 2013 SP1 CAS server on widnows 2012
R2 after preparing our organisation for Exchange 2013. The setup went smooth without any error and successfully installed CAS with management tools. After installation it ask to reboot the server which we did. Now after reboot, we are not able to run Exchange
Management Sell. It never connects to the new server. In our old 2007 EMS also doesn't list any exchange 2013 server. We are also not able to connect to new CAS servers with below URL:
https://servername/ecp/?ExchClientVer=15
Its says site under maintenance. Please advise what to check. We were thinking of deploying CAS 1st and make it co-exist with Exchange 2007 before deploying Exchange 2013 mailbox server which will be setup in DAG. What are we doing wrong.
Thanks in advance!!

Dear Friends,
We have exchange 2007 SP3 with CU13 installed with single copy cluster for database and 1 OWA server for CAS/HT. We will migrate from current to Exchange 2013SP1. As we want to have HA, we have installed 2 new Exchange 2013 SP1 CAS server on widnows 2012
R2 after preparing our organisation for Exchange 2013. The setup went smooth without any error and successfully installed CAS with management tools. After installation it ask to reboot the server which we did. Now after reboot, we are not able to run Exchange
Management Sell. It never connects to the new server. In our old 2007 EMS also doesn't list any exchange 2013 server. We are also not able to connect to new CAS servers with below URL:
https://servername/ecp/?ExchClientVer=15
Its says site under maintenance. Please advise what to check. We were thinking of deploying CAS 1st and make it co-exist with Exchange 2007 before deploying Exchange 2013 mailbox server which will be setup in DAG. What are we doing wrong.
Thanks in advance!!
If you have only the 2013 CAS installed and not the mailbox role, then nothing will really work. Remember, in 2013, the mailbox role does all the work, the CAS is simply a proxy for the most part.
Twitter!: Please Note: My Posts are provided “AS IS” without warranty of any kind, either expressed or implied.

Exchange Server 2013 SP1 - Internal Email Flow slowness

Hi Fellows,
I have a brand new implementation of Exchange Server 2013 SP1 with three mailbox servers and 3 CAS servers.
I am facing a considerable slow transportation of email internally. although there are just 3 mailboxes on the infrastructure at the moment.
When a user sends email to himself or other two accounts, delivery takes from 15 seconds to 35 seconds to be delivered.
Experience is same even if the email is sent from OWA, ActiveSync or Outlook.
Header analysis shows the message exchange between mailbox servers is taking time. any clue?
Decreasing Tarpit interval on Mailbox server receive connectors will be helpful?
Network communication, Storage performance, Server performance are all as good as we love to.
Thanks.
J.A

Hello,
When a user send message to a internal user in a AD site, the connector will not be used. I recommend you use message tracking to check the issue occur on server side or transport process. Please use queue viewer to check if there is mail traffic.
Cara Chen
TechNet Community Support

Exchange 2013 CAS server returned '500 Message rejected'

Hi, all.
Exchange 2013 with CAS server and 2 mailbox servers. Health checks are all 100% healthy.
One of our users cannot receive email from an external user. Our CAS server keeps rejecting the message. I can trace the message and see that it did indeed hit our servers, and was rejected. But I cannot find out WHY it was rejected.
Here is the Delivery Report from the EAC:
Delivery Report for               NAME ‎([email protected])
Failed
3/30/2015 1:41 PM <CAS servername>
The message couldn't be delivered.
[{LRT=};{LED=500 Message rejected};{FQDN=};{IP=}]
The external user gets this NDR:
<our local CAS servername> gave this error:
Message rejected
In the Diagnostic information for administrator section:
<our local CAS servername> returned '500 message rejected'
followed by the Original message headers. I think I'm looking for some more verbose logging to see what rule or configuration rejected the message. Any help would be greatly appreciated!
Thanks!
Dan

My main question: how can I see what triggered my CAS server to reject this message with error 500?
Our user can receive email from other external senders ok. It seems to be just this one sender having trouble.
Our transport rules are not complex, and I see no rules that would block this sender or domain.
We use Exchange Online Protection. The message gets through EOP and hits our CAS server. The CAS server rejects the message - it never gets to the Client.
The CAS server gives the error 500 - but that's all I can find. I need a command or somewhere to look to see what triggered the 500 error.
I've posted the NDR received by the sender and scrubbed our identifying information.
Rcn.com looks like the sender's online forwarding host - the spf record for senderdomain.net points back to rcn.com. I've run an spf record check and it passes, so I do not believe that is the issue.
Here is the NDR:
From: [email protected]
To: [email protected]
Sent: Monday, March 30, 2015 1:41 PM
Subject: Undeliverable: Hello from FirstName
CAS1.our_internal_domain.local rejected your message to the following email addresses:
FirstName LastName ([email protected])
A problem occurred while delivering your message to this email address. Try sending your message again. If the problem continues, please contact your email admin.
CAS1.our_internal_domain.local gave this error:
Message rejected
Diagnostic information for administrators:
Generating server: BY1PR0501MB1112.namprd05.prod.outlook.com
[email protected]
CAS1.our_internal_domain.local
Remote Server returned '500 Message rejected'
Original message headers:
Received: from BLUPR05CA0049.namprd05.prod.outlook.com (10.141.20.19) by
BY1PR0501MB1112.namprd05.prod.outlook.com (25.160.103.146) with Microsoft
SMTP Server (TLS) id 15.1.118.21; Mon, 30 Mar 2015 17:40:54 +0000
Received: from BL2FFO11FD027.protection.gbl (2a01:111:f400:7c09::115) by
BLUPR05CA0049.outlook.office365.com (2a01:111:e400:855::19) with Microsoft
SMTP Server (TLS) id 15.1.125.19 via Frontend Transport; Mon, 30 Mar 2015
17:40:54 +0000
Received: from smtp.rcn.com (69.168.97.78) by
BL2FFO11FD027.mail.protection.outlook.com (10.173.161.106) with Microsoft
SMTP Server (TLS) id 15.1.130.10 via Frontend Transport; Mon, 30 Mar 2015
17:40:54 +0000
Return-Path: [email protected]
X_CMAE_Category: , ,
X-CNFS-Analysis: v=2.0 cv=PMSNCIWC c=1 sm=1 a=gRQJo8bc1j9+0GSSRogFxg==:17 a=NTyKUL13AAAA:8 a=ML7w5Z3_AAAA:8 a=3H5rcUylbt2uBKgiyYQA:9 a=wPNLvfGTeEIA:10 a=XQfDMMe_SRUA:10 a=SEXQnC1BqQAA:10 a=7ZjHjvgxCjAA:10 a=Wcs1mLwGzyUA:10 a=sBa8ZLUje9YA:10 a=k-GqB2yPh3IA:10
a=N4kHG9ehtKzd7-3o534A:9 a=_W_S_7VecoQA:10 a=gRQJo8bc1j9+0GSSRogFxg==:117
X-CM-Score: 0
X-Scanned-by: Cloudmark Authority Engine
X-Authed-Username: ZHAtZm1hQHJjbi5jb20=
Authentication-Results: smtp02.rcn.cmh.synacor.com
[email protected]; sender-id=neutralourdomain.com; dkim=none
(message not signed) header.d=none;ourdomain.com; dmarc=pass action=none
header.from=senderdomain.net;
Authentication-Results: smtp02.rcn.cmh.synacor.com [email protected]; spf=neutral; sender-id=neutral
Authentication-Results: smtp02.rcn.cmh.synacor.com smtp.user=sender; auth=pass (LOGIN)
Received-SPF: neutral (smtp02.rcn.cmh.synacor.com: 69.72.92.252 is neither permitted nor denied by domain of senderdomain.net)
Received: from [69.72.92.252] ([69.72.92.252:2689] helo=FirstNameLastName)
        by smtp.rcn.com (envelope-from <[email protected]>)
        (ecelerity 3.6.2.43620 r(Platform:3.6.2.0)) with ESMTPA
        id 58/6E-17115-4AA89155; Mon, 30 Mar 2015 13:40:53 -0400
Message-ID: <011A7DBF0D954F62987032D45778AF29@FirstNameLastName>
From: FirstName LastName <[email protected]>
To: FirstName LastName <[email protected]>
Subject: Hello from FirstName
Date: Mon, 30 Mar 2015 13:40:49 -0400
MIME-Version: 1.0
Content-Type: multipart/alternative;
        boundary="----=_NextPart_000_0007_01D06AEF.223E4A60"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.5931
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.6157
X-EOPAttributedMessage: 0
Received-SPF: Pass (protection.outlook.com: domain of senderdomain.net designates
69.168.97.78 as permitted sender) receiver=protection.outlook.com;
client-ip=69.168.97.78; helo=smtp.rcn.com;
Authentication-Results: spf=pass (sender IP is 69.168.97.78)
[email protected];
X-Forefront-Antispam-Report:
        CIP:69.168.97.78;CTRY:US;IPV:NLI;EFV:NLI;SFV:SKN;SFS:;DIR:INB;SFP:;SCL:-1;SRVR:BY1PR0501MB1112;H:smtp.rcn.com;FPR:;SPF:None;LANG:en;
X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:BY1PR0501MB1112;
X-Exchange-Antispam-Report-Test: UriScan:;
X-Exchange-Antispam-Report-CFA-Test:
        BCL:0;PCL:0;RULEID:(601004);SRVR:BY1PR0501MB1112;BCL:0;PCL:0;RULEID:;SRVR:BY1PR0501MB1112;
X-OriginatorOrg: ourdomain.onmicrosoft.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 30 Mar 2015 17:40:54.1243
(UTC)
X-MS-Exchange-CrossTenant-Id: c92ecf05-92f8-42f4-a246-24bee4988793
X-MS-Exchange-CrossTenant-FromEntityHeader: Internet
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY1PR0501MB1112
Dan

Exchange 2013 CAS server connection to Exchange 2010 Mailbox server

Hi Guys,
I have a quick question i am planning to upgrade my infra from Exchange 2010 to Exchange 2013 and i have come across a small question, my infra looks likes below
3 Exchange server (CAS+ HT + MBX roles) Exchange 2010
1 Exchange server MBX role For journlaing Exchange 2010
1 CAS for internet owa access Exchange 2010
Now i will be installing exchange 2013 CAS on 2 box and MBX on 3 box
will decomm the 3 exchange box which has (CAS+ HT + MBX roles) and 1 CAS which we use for owa access.
will keep the Journaling server as it is will not be decomming it as of now.
My question is is will i be able to connect to the journaling mailbox's which are hosted on exchange 2010 journaling server without actually having any 2010 cas server, will exchange 2013 cas directly help me to connect to the journal mailbox or would i need
to add CAS role on Exchange 2010 journaling server and enable outlook anywhere configure the directories with the url's to make it working.
Please suggest on the same.
BR/Deepak

Hi TheLearner,
Thank you for your question.
Exchange 2013 didn’t connect to the journal mailbox directly when we access it by outlook/OWA. The journal mailbox will connect the former Exchange 2010 CAS. Or we could migrate Journaling mailbox to Exchange 2013. Because Exchange 2010 could communicate
with Exchange 2010 by RPC, but Exchange 2013 could communicate with Exchange 2013 by HTTPS.
If there are any questions regarding this issue, please be free to let me know.
Best Regard,
Jim
Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected]
Jim Xu
TechNet Community Support

Exchange Server 2013 not receiving emails

I have a new Exchange 2013 mail server installation (no migration - completely new domain and everything). For some reason the server is not accepting mail from the Internet. My router is indicating it is forwarding SMTP packets to the Exchange
server's IP address, but nothing shows up in the message queues or users mailboxes. The event viewer is giving me no clues. No errors. This is a simple installation - one Server 2012 DC and the Exchange server. One Exchange server in
a domain environment. The receive connector looks correct. It is using port 25 and I indicated to use the IP address of the Exchange server network card. Any ideas as to how to configure the receive connector? Thanks!

Greylisted is an anti spam check done on exchange. However to me this would meanone of two things.
1: The inbound email domain is listed not your exchange server. Your Exchange server seems to be set up to only allow inbound mail from specific domains perhaps instead of * (All).
2: More likely i think is that your domain is not set up in Exchange.
In order to test the product you probably want to create your own domain, and that is easily done in the Exchange Admin Center by clicking the Mail Flow item
and then Accepted Domains in the tab area and finally the Add… icon, <o:p></o:p>
Type in the information and click Save,
the new domain will show up on the List View.<o:p></o:p>
For reference you can check if your domain is blacklisted here: http://mxtoolbox.com/blacklists.aspx but i am sure this is not your issue.
Martin

SharePoint Server 2013 single server installation licenses and system requirements

We are thinking of setting up a SharePoint Server 2013 for the following features to be accessed by our test team (<100 users)
Our requirements are as follows -
Total user access <100 users(starts with 50 and may be go upto 100)
Mainly Access to TeamSite(Document library), WiKi, BI reports view(SSRS Reports integration)
We have a Visual Studio Ultimate license that covers SQL Server 2012 and Share Point server 2013.
We have also got a Amazon EC2 machine access to create a Xlarge box with Microsoft recommended Cores, Memory, storage for SINGLE INSTALLATION of SharePoint Server 2013 and SQL server database on Windows Server 2012
My queries are as follows
Are the licenses above sufficient to go ahead with setting up the SP Server? or do i need any other licenses ?
I would like to create local LDAP in amazon without connecting to the company active directory. Would this be possible? We have users from other locations(different countries) providing services to our company and we would like them to access this portal
to share and access docuemnts without any network issue etc..
Are there any known firewall issues with EC2 machines for share point deployment
System requirements for single server installation (with or without BI reports)
Please note this implementation is only for internal use by the test team and is not critical. Not a production implementation.
Is there any better solution?
Much appreciate your help
Thanks
Vara

MSDN subscription licenses for SharePoint aren't, as far as i know, for use as production devices. This means that whilst you can use it for testing and development you can't use that license for the SharePoint server that you'll all be using.
As such I think you will need to buy a SharePoint 2013 server license. The same goes for SQL, Windows etc.
There is also the question of user licenses, ie. CALs. I don't remember if those come included as part of an MSDN subscription.
2) Possibly. As long as Amazon can host a domain for you it should be possible.
3) Pass. Microsoft prefer you to use Azure and most of my training and experience is with that.
4) High. 4 cores, 24GB of RAM minimum.
http://technet.microsoft.com/en-us/library/cc262485.aspx#hwforwebserver
You'll either need a 2XLarge or a memory orientated box, in which case you won't have much storage space.
Internal team infrastructure is still important. If you're using it enough to make it worth having then you need it there and running.
Have you considered using Office 365?

Problem: Mixed Exchange 2007 / 2013 CAS Servers with wildcard certificates in Europe and non-wildcard Certficate in China

Hi,
we have following problem. We have a mixed multi-domain one-forest AD environment. We also have still a mixed exchange 2007 / 2013 environment. We also have different CAS Servers for 2007 SP3 (RU15) and 2013 (CU8) in europe and one 2007 SP3 (RU15) CAS Server
in China, because of bad connection to Europe. For the Migration to 2013 in Europe we installed a wildcard-certificate *.xyz.com and used the Set-OutlookProvider EXPR -CertPrincipalName msstd:*.xyz.com, so the wildcard certificate is accepted. Everything in
Europe works fine, inside and outside also between exchange 2007 and 2013 (both CAS Server 2013 and 2007 use the same wildcard certificate). But since the change of the Set-OutlookProvider EXPR we are facing problems with our CAS Server in China, because this
server has a different non-wildcard certificate and a different domain name (cas-server.xyz-china.com instead xyz.com). Now we have the problem that this Chinese CAS server the Outlook Anywhere does not work anymore and prompts always for the username. As
I see it is because of the EXPR change. Is it possible to set the the Outlook-Provider EXPR per Cas-Server ? (They also have their own Autodiscover on this front-end server). Because I see that the Outlook-Provider can only be stored forest-wide.
If not the other solution would be to register the chinese cas server in our xyz.com domain and use the same wildcard certificate on this system right ?
Any help would be appreciate….

Yes setting the EXPR value is most likely the cause of your issue. When you set this value you are telling Outlook to only accept connections from connections that have the cert with the subject name you specify here.
Unfortunately, based on my experience I believe this is an organization wide setting and cannot be configured on a CAS by CAS basis (If I'm wrong someone please keep me honest :)).
So the only option would you have is to change all the URLs to be on *.xyz.com domain. There's no need to change the domain the server actually resides on. The other option would be to purchase a UCC Cert with all the names you need and apply
to all your CAS servers and reset the EXPR value.
Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread

Host Integration Server 2013 Cumulative Update 2 (CU2) is available

This cumulative update package for Microsoft Host Integration Server 2013 contains hotfixes for issues that were fixed after the release of Host Integration Server 2013.
Important This cumulative update package includes all the component packages. However, the cumulative update package updates only those features that are currently installed on the system.
Download Link :
http://support.microsoft.com/kb/2929767
Many Thanks to the Product and Support TEAM ! You’ve done a great job !
Steve Melan - BCEE My Blog : http://stevemelan.wordpress.com

Hello Jason,
In your case I recommend you to use the Standard License as you are only using Host Integration Server 2013.
Then you will need for your architecture to license 16 Cores.
1 Core BizTalk 2013 License costs : about $2500
Total : 40.000€
As HIS 2013 is very performant, you can also use for instance only 1 CPU with 4 or 6 Core with higher Frequency per Server.
Here's a good article explaining the licensing model of BizTalk 2013 : http://blogs.biztalk360.com/understand-biztalk-server-2013-licensing/
Q: What license limitation should I consider with the BizTalk branch edition?
A: You may Run Instances of the software on Licensed Servers only at the endpoint of your internal network (or edge of your organization) to connect
business events or transactions with activities processed at that endpoint; provided, the Licensed Server may not:
 act as
the central node in a “hub and spoke” networking model,
 centralize enterprise-wide
communications with other servers or devices; or
 automate business processes
across divisions, business units, or branch offices.
You may not use the server software, including the Master Secret Server, on a server that is part of a networked cluster or in an operating system environment
that is part of a networked cluster of OSEs on the same server.
Best Regards,
Steve Melan - BCEE My Blog : http://stevemelan.wordpress.com

Some Outlook clients getting internal FQDN of newly installed Exchange 2013 CAS server as Outlook Anywhere Proxy address

Hello Folks,
I have this problem and is making me crazy if anyone have any idea please shed some light on this:-
1. Working Outlook 2010 and 2013 clients with webmail.xyz.com as Outlook Anywhere proxy address.
2. Installed new Exchange 2013 server (server02)with CAS and Mailbox role, Exchange install wizard finished and server is rebooted.
3. Server came up online started changing internal and external FQDN's of Virtual Directories and Outlook Anywhere to webmail.xyz.com
4. As soon as Fqdn's changed some outlook clients create support request that Outlook suddenly white's out and after reopening it is giving error cannot connect to exchange. upon checking Clients Exchange Proxy address is set to http://server02.xyz.com,
even though OA/OWA/ECP/OAB/EWS/Autodiscover/ActiveSync FQDN's Point to webmail.xyz.com, on all servers if i create new outlook profile for same user it picks up correct settings through autodiscover and connects fine, this is happening to about 20% of outlook
clients every time i am introducing new Exchange 2013 server in Organization. we have around 2000 users and planning on installing 4 exchange servers to distribute load and everytime changing outlook profile of close to 150-200 users is not possible.
Any help is greatly appreciated.
Thanks
Cool

Here are the EXCRA results
Here IP (x.x.x.x) returned is my Load Balancer IP (Webmail.xyz.com).
Connectivity Test Successful with Warnings
Test Details
    Testing Outlook connectivity.
    The Outlook connectivity test completed successfully.
       Additional Details
    Elapsed Time: 9881 ms.
       Test Steps
       The Microsoft Connectivity Analyzer is attempting to test Autodiscover for [email protected].
    Autodiscover was tested successfully.
       Additional Details
    Elapsed Time: 2063 ms.
       Test Steps
       Attempting each method of contacting the Autodiscover service.
    The Autodiscover service was tested successfully.
       Additional Details
    Elapsed Time: 2063 ms.
       Test Steps
       Attempting to test potential Autodiscover URL https://xyz.com:443/Autodiscover/Autodiscover.xml
    Testing of this potential Autodiscover URL failed.
       Additional Details
    Elapsed Time: 186 ms.
       Test Steps
       Attempting to resolve the host name xyz.com in DNS.
    The host name couldn't be resolved.
       Tell me more about this issue and how to resolve it
       Additional Details
    Host xyz.com couldn't be resolved in DNS InfoNoRecords.
Elapsed Time: 186 ms.
    Attempting to test potential Autodiscover URL https://autodiscover.xyz.com:443/Autodiscover/Autodiscover.xml
    Testing of the Autodiscover URL was successful.
       Additional Details
    Elapsed Time: 1876 ms.
       Test Steps
       Attempting to resolve the host name autodiscover.xyz.com in DNS.
    The host name resolved successfully.
       Additional Details
    IP addresses returned: x.x.x.x
Elapsed Time: 338 ms.
    Testing TCP port 443 on host autodiscover.xyz.com to ensure it's listening and open.
    The port was opened successfully.
       Additional Details
    Elapsed Time: 173 ms.
    Testing the SSL certificate to make sure it's valid.
    The certificate passed all validation requirements.
       Additional Details
    Elapsed Time: 318 ms.
       Test Steps
       The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server autodiscover.xyz.com on port 443.
    The Microsoft Connectivity Analyzer successfully obtained the remote SSL certificate.
       Additional Details
    Remote Certificate Subject: CN=webmail.xyz.com, Issuer: CN=VeriSign Class 3 Secure Server CA - G3, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US.
Elapsed Time: 219 ms.
    Validating the certificate name.
    The certificate name was validated successfully.
       Additional Details
    Host name autodiscover.xyz.com was found in the Certificate Subject Alternative Name entry.
Elapsed Time: 1 ms.
    Certificate trust is being validated.
    The certificate is trusted and all certificates are present in the chain.
       Test Steps
       The Microsoft Connectivity Analyzer is attempting to build certificate chains for certificate CN=webmail.xyz.com, OU=Terms of use at www.verisign.com/rpa (c)05,.
    One or more certificate chains were constructed successfully.
       Additional Details
    A total of 1 chains were built. The highest quality chain ends in root certificate CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign,
Inc.", C=US.
Elapsed Time: 36 ms.
    Analyzing the certificate chains for compatibility problems with versions of Windows.
    Potential compatibility problems were identified with some versions of Windows.
       Additional Details
    The Microsoft Connectivity Analyzer can only validate the certificate chain using the Root Certificate Update functionality from Windows Update. Your certificate may not be trusted on Windows if the "Update Root Certificates" feature
isn't enabled.
Elapsed Time: 5 ms.
    Testing the certificate date to confirm the certificate is valid.
    Date validation passed. The certificate hasn't expired.
       Additional Details
    The certificate is valid. NotBefore = 1/3/2013 12:00:00 AM, NotAfter = 11/16/2015 11:59:59 PM
Elapsed Time: 0 ms.
    Checking the IIS configuration for client certificate authentication.
    Client certificate authentication wasn't detected.
       Additional Details
    Accept/Require Client Certificates isn't configured.
Elapsed Time: 289 ms.
    Attempting to send an Autodiscover POST request to potential Autodiscover URLs.
    The Microsoft Connectivity Analyzer successfully retrieved Autodiscover settings by sending an Autodiscover POST.
       Additional Details
    Elapsed Time: 756 ms.
       Test Steps
       The Microsoft Connectivity Analyzer is attempting to retrieve an XML Autodiscover response from URL https://autodiscover.xyz.com:443/Autodiscover/Autodiscover.xml for user [email protected].
    The Autodiscover XML response was successfully retrieved.
       Additional Details
    Autodiscover Account Settings
XML response:
<?xml version="1.0"?>
<Autodiscover xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">
<Response xmlns="http://schemas.microsoft.com/exchange/autodiscover/outlook/responseschema/2006a">
<User>
<DisplayName>Test Exch1</DisplayName>
<LegacyDN>/o=DOMAIN/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=add423106fbb47d5bf237462f52b8dab-Test Exch1</LegacyDN>
<DeploymentId>4ec753c9-60d9-4c05-9451-5b24e2d527a7</DeploymentId>
</User>
<Account>
<AccountType>email</AccountType>
<Action>settings</Action>
<Protocol>
<Type>EXCH</Type>
<Server>[email protected]</Server>
<ServerDN>/o=DOMAIN/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/[email protected]</ServerDN>
<ServerVersion>73C0834F</ServerVersion>
<MdbDN>/o=DOMAIN/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/[email protected]/cn=Microsoft Private MDB</MdbDN>
<ASUrl>https://webmail.xyz.com/ews/exchange.asmx</ASUrl>
<OOFUrl>https://webmail.xyz.com/ews/exchange.asmx</OOFUrl>
<OABUrl>https://webmail.xyz.com/OAB/6a6a06ad-4717-4636-bd98-0b4fa3aaf4a5/</OABUrl>
<UMUrl>https://webmail.xyz.com/ews/UM2007Legacy.asmx</UMUrl>
<Port>0</Port>
<DirectoryPort>0</DirectoryPort>
<ReferralPort>0</ReferralPort>
<PublicFolderServer>webmail.xyz.com</PublicFolderServer>
<AD>DC-03.domain.xyz.com</AD>
<EwsUrl>https://webmail.xyz.com/ews/exchange.asmx</EwsUrl>
<EmwsUrl>https://webmail.xyz.com/ews/exchange.asmx</EmwsUrl>
<EcpUrl>https://webmail.xyz.com/ecp/</EcpUrl>
<EcpUrl-um>?rfr=olk&p=customize/voicemail.aspx&exsvurl=1&realm=domain.xyz.com</EcpUrl-um>
<EcpUrl-aggr>?rfr=olk&p=personalsettings/EmailSubscriptions.slab&exsvurl=1&realm=domain.xyz.com</EcpUrl-aggr>
<EcpUrl-mt>PersonalSettings/DeliveryReport.aspx?rfr=olk&exsvurl=1&IsOWA=<IsOWA>&MsgID=<MsgID>&Mbx=<Mbx>&realm=domain.xyz.com</EcpUrl-mt>
<EcpUrl-ret>?rfr=olk&p=organize/retentionpolicytags.slab&exsvurl=1&realm=domain.xyz.com</EcpUrl-ret>
<EcpUrl-sms>?rfr=olk&p=sms/textmessaging.slab&exsvurl=1&realm=domain.xyz.com</EcpUrl-sms>
<EcpUrl-photo>PersonalSettings/EditAccount.aspx?rfr=olk&chgPhoto=1&exsvurl=1&realm=domain.xyz.com</EcpUrl-photo>
<EcpUrl-tm>?rfr=olk&ftr=TeamMailbox&exsvurl=1&realm=domain.xyz.com</EcpUrl-tm>
<EcpUrl-tmCreating>?rfr=olk&ftr=TeamMailboxCreating&SPUrl=<SPUrl>&Title=<Title>&SPTMAppUrl=<SPTMAppUrl>&exsvurl=1&realm=domain.xyz.com</EcpUrl-tmCreating>
<EcpUrl-tmEditing>?rfr=olk&ftr=TeamMailboxEditing&Id=<Id>&exsvurl=1&realm=domain.xyz.com</EcpUrl-tmEditing>
<EcpUrl-extinstall>Extension/InstalledExtensions.slab?rfr=olk&exsvurl=1&realm=domain.xyz.com</EcpUrl-extinstall>
<ServerExclusiveConnect>off</ServerExclusiveConnect>
</Protocol>
<Protocol>
<Type>EXPR</Type>
<Server>webmail.xyz.com</Server>
<ASUrl>https://webmail.xyz.com/ews/exchange.asmx</ASUrl>
<OOFUrl>https://webmail.xyz.com/ews/exchange.asmx</OOFUrl>
<OABUrl>https://webmail.xyz.com/OAB/6a6a06ad-4717-4636-bd98-0b4fa3aaf4a5/</OABUrl>
<UMUrl>https://webmail.xyz.com/ews/UM2007Legacy.asmx</UMUrl>
<Port>0</Port>
<DirectoryPort>0</DirectoryPort>
<ReferralPort>0</ReferralPort>
<SSL>On</SSL>
<AuthPackage>Ntlm</AuthPackage>
<EwsUrl>https://webmail.xyz.com/ews/exchange.asmx</EwsUrl>
<EmwsUrl>https://webmail.xyz.com/ews/exchange.asmx</EmwsUrl>
<EcpUrl>https://webmail.xyz.com/ecp/</EcpUrl>
<EcpUrl-um>?rfr=olk&p=customize/voicemail.aspx&exsvurl=1&realm=domain.xyz.com</EcpUrl-um>
<EcpUrl-aggr>?rfr=olk&p=personalsettings/EmailSubscriptions.slab&exsvurl=1&realm=domain.xyz.com</EcpUrl-aggr>
<EcpUrl-mt>PersonalSettings/DeliveryReport.aspx?rfr=olk&exsvurl=1&IsOWA=<IsOWA>&MsgID=<MsgID>&Mbx=<Mbx>&realm=domain.xyz.com</EcpUrl-mt>
<EcpUrl-ret>?rfr=olk&p=organize/retentionpolicytags.slab&exsvurl=1&realm=domain.xyz.com</EcpUrl-ret>
<EcpUrl-sms>?rfr=olk&p=sms/textmessaging.slab&exsvurl=1&realm=domain.xyz.com</EcpUrl-sms>
<EcpUrl-photo>PersonalSettings/EditAccount.aspx?rfr=olk&chgPhoto=1&exsvurl=1&realm=domain.xyz.com</EcpUrl-photo>
<EcpUrl-tm>?rfr=olk&ftr=TeamMailbox&exsvurl=1&realm=domain.xyz.com</EcpUrl-tm>
<EcpUrl-tmCreating>?rfr=olk&ftr=TeamMailboxCreating&SPUrl=<SPUrl>&Title=<Title>&SPTMAppUrl=<SPTMAppUrl>&exsvurl=1&realm=domain.xyz.com</EcpUrl-tmCreating>
<EcpUrl-tmEditing>?rfr=olk&ftr=TeamMailboxEditing&Id=<Id>&exsvurl=1&realm=domain.xyz.com</EcpUrl-tmEditing>
<EcpUrl-extinstall>Extension/InstalledExtensions.slab?rfr=olk&exsvurl=1&realm=domain.xyz.com</EcpUrl-extinstall>
<ServerExclusiveConnect>on</ServerExclusiveConnect>
<EwsPartnerUrl>https://webmail.xyz.com/ews/exchange.asmx</EwsPartnerUrl>
<GroupingInformation>Default-First-Site-Name</GroupingInformation>
</Protocol>
<Protocol>
<Type>WEB</Type>
<Port>0</Port>
<DirectoryPort>0</DirectoryPort>
<ReferralPort>0</ReferralPort>
<Internal>
<OWAUrl AuthenticationMethod="Basic, Fba">https://webmail.xyz.com/owa/</OWAUrl>
<Protocol>
<Type>EXCH</Type>
<ASUrl>https://webmail.xyz.com/ews/exchange.asmx</ASUrl>
</Protocol>
</Internal>
<External>
<OWAUrl AuthenticationMethod="Fba">https://webmail.xyz.com/owa/</OWAUrl>
<Protocol>
<Type>EXPR</Type>
<ASUrl>https://webmail.xyz.com/ews/exchange.asmx</ASUrl>
</Protocol>
</External>
</Protocol>
<Protocol>
<Type>EXHTTP</Type>
<Server>webmail.xyz.com</Server>
<ASUrl>https://webmail.xyz.com/ews/exchange.asmx</ASUrl>
<OOFUrl>https://webmail.xyz.com/ews/exchange.asmx</OOFUrl>
<OABUrl>https://webmail.xyz.com/OAB/6a6a06ad-4717-4636-bd98-0b4fa3aaf4a5/</OABUrl>
<UMUrl>https://webmail.xyz.com/ews/UM2007Legacy.asmx</UMUrl>
<Port>0</Port>
<DirectoryPort>0</DirectoryPort>
<ReferralPort>0</ReferralPort>
<SSL>On</SSL>
<AuthPackage>Ntlm</AuthPackage>
<EwsUrl>https://webmail.xyz.com/ews/exchange.asmx</EwsUrl>
<EmwsUrl>https://webmail.xyz.com/ews/exchange.asmx</EmwsUrl>
<EcpUrl>https://webmail.xyz.com/ecp/</EcpUrl>
<EcpUrl-um>?rfr=olk&p=customize/voicemail.aspx&exsvurl=1&realm=domain.xyz.com</EcpUrl-um>
<EcpUrl-aggr>?rfr=olk&p=personalsettings/EmailSubscriptions.slab&exsvurl=1&realm=domain.xyz.com</EcpUrl-aggr>
<EcpUrl-mt>PersonalSettings/DeliveryReport.aspx?rfr=olk&exsvurl=1&IsOWA=<IsOWA>&MsgID=<MsgID>&Mbx=<Mbx>&realm=domain.xyz.com</EcpUrl-mt>
<EcpUrl-ret>?rfr=olk&p=organize/retentionpolicytags.slab&exsvurl=1&realm=domain.xyz.com</EcpUrl-ret>
<EcpUrl-sms>?rfr=olk&p=sms/textmessaging.slab&exsvurl=1&realm=domain.xyz.com</EcpUrl-sms>
<EcpUrl-photo>PersonalSettings/EditAccount.aspx?rfr=olk&chgPhoto=1&exsvurl=1&realm=domain.xyz.com</EcpUrl-photo>
<EcpUrl-tm>?rfr=olk&ftr=TeamMailbox&exsvurl=1&realm=domain.xyz.com</EcpUrl-tm>
<EcpUrl-tmCreating>?rfr=olk&ftr=TeamMailboxCreating&SPUrl=<SPUrl>&Title=<Title>&SPTMAppUrl=<SPTMAppUrl>&exsvurl=1&realm=domain.xyz.com</EcpUrl-tmCreating>
<EcpUrl-tmEditing>?rfr=olk&ftr=TeamMailboxEditing&Id=<Id>&exsvurl=1&realm=domain.xyz.com</EcpUrl-tmEditing>
<EcpUrl-extinstall>Extension/InstalledExtensions.slab?rfr=olk&exsvurl=1&realm=domain.xyz.com</EcpUrl-extinstall>
<ServerExclusiveConnect>On</ServerExclusiveConnect>
</Protocol>
<Protocol>
<Type>EXHTTP</Type>
<Server>webmail.xyz.com</Server>
<ASUrl>https://webmail.xyz.com/ews/exchange.asmx</ASUrl>
<OOFUrl>https://webmail.xyz.com/ews/exchange.asmx</OOFUrl>
<OABUrl>https://webmail.xyz.com/OAB/6a6a06ad-4717-4636-bd98-0b4fa3aaf4a5/</OABUrl>
<UMUrl>https://webmail.xyz.com/ews/UM2007Legacy.asmx</UMUrl>
<Port>0</Port>
<DirectoryPort>0</DirectoryPort>
<ReferralPort>0</ReferralPort>
<SSL>On</SSL>
<AuthPackage>Ntlm</AuthPackage>
<EwsUrl>https://webmail.xyz.com/ews/exchange.asmx</EwsUrl>
<EmwsUrl>https://webmail.xyz.com/ews/exchange.asmx</EmwsUrl>
<EcpUrl>https://webmail.xyz.com/ecp/</EcpUrl>
<EcpUrl-um>?rfr=olk&p=customize/voicemail.aspx&exsvurl=1&realm=domain.xyz.com</EcpUrl-um>
<EcpUrl-aggr>?rfr=olk&p=personalsettings/EmailSubscriptions.slab&exsvurl=1&realm=domain.xyz.com</EcpUrl-aggr>
<EcpUrl-mt>PersonalSettings/DeliveryReport.aspx?rfr=olk&exsvurl=1&IsOWA=<IsOWA>&MsgID=<MsgID>&Mbx=<Mbx>&realm=domain.xyz.com</EcpUrl-mt>
<EcpUrl-ret>?rfr=olk&p=organize/retentionpolicytags.slab&exsvurl=1&realm=domain.xyz.com</EcpUrl-ret>
<EcpUrl-sms>?rfr=olk&p=sms/textmessaging.slab&exsvurl=1&realm=domain.xyz.com</EcpUrl-sms>
<EcpUrl-photo>PersonalSettings/EditAccount.aspx?rfr=olk&chgPhoto=1&exsvurl=1&realm=domain.xyz.com</EcpUrl-photo>
<EcpUrl-tm>?rfr=olk&ftr=TeamMailbox&exsvurl=1&realm=domain.xyz.com</EcpUrl-tm>
<EcpUrl-tmCreating>?rfr=olk&ftr=TeamMailboxCreating&SPUrl=<SPUrl>&Title=<Title>&SPTMAppUrl=<SPTMAppUrl>&exsvurl=1&realm=domain.xyz.com</EcpUrl-tmCreating>
<EcpUrl-tmEditing>?rfr=olk&ftr=TeamMailboxEditing&Id=<Id>&exsvurl=1&realm=domain.xyz.com</EcpUrl-tmEditing>
<EcpUrl-extinstall>Extension/InstalledExtensions.slab?rfr=olk&exsvurl=1&realm=domain.xyz.com</EcpUrl-extinstall>
<ServerExclusiveConnect>On</ServerExclusiveConnect>
</Protocol>
</Account>
</Response>
</Autodiscover>HTTP Response Headers:
request-id: 9d325a80-f1fd-4496-ac48-2be6bb782c28
X-CalculatedBETarget: Server01.domain.xyz.com
X-DiagInfo: Server01
X-BEServer: Server01
Persistent-Auth: true
X-FEServer: Server01
Content-Length: 11756
Cache-Control: private
Content-Type: text/xml; charset=utf-8
Date: Mon, 25 Aug 2014 19:12:25 GMT
Set-Cookie: X-BackEndCookie=S-1-5-21-1293235207-2459173341-1304346827-14544=u56Lnp2ejJqBypqcnsfJx5nSy8ucnNLLnJzP0sfKz8/Sy5nHmsiamZrMyZrLgYHPxtDNy9DNz87L387Gxc7Nxc3J; expires=Thu, 25-Sep-2014 00:12:26 GMT; path=/Autodiscover; secure; HttpOnly
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Elapsed Time: 756 ms.
    Autodiscover settings for Outlook connectivity are being validated.
    The Microsoft Connectivity Analyzer validated the Outlook Autodiscover settings.
       Additional Details
    Elapsed Time: 0 ms.
    Testing RPC over HTTP connectivity to server webmail.xyz.com
    RPC over HTTP connectivity was verified successfully.
       Additional Details
    HTTP Response Headers:
request-id: 835acf95-78b7-40ae-b232-117318d1577e
Server: Microsoft-IIS/8.5
WWW-Authenticate: Basic realm="webmail.xyz.com",Negotiate,NTLM
X-Powered-By: ASP.NET
X-FEServer: Server01
Date: Mon, 25 Aug 2014 19:12:26 GMT
Content-Length: 0
Elapsed Time: 7817 ms.
       Test Steps
       Attempting to resolve the host name webmail.xyz.com in DNS.
    The host name resolved successfully.
       Additional Details
    IP addresses returned: x.x.x.x
Elapsed Time: 107 ms.
    Testing TCP port 443 on host webmail.xyz.com to ensure it's listening and open.
    The port was opened successfully.
       Additional Details
    Elapsed Time: 180 ms.
    Testing the SSL certificate to make sure it's valid.
    The certificate passed all validation requirements.
       Additional Details
    Elapsed Time: 303 ms.
       Test Steps
       The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server webmail.xyz.com on port 443.
    The Microsoft Connectivity Analyzer successfully obtained the remote SSL certificate.
       Additional Details
    Remote Certificate Subject: CN=webmail.xyz.com, OU=Terms of use at www.verisign.com/rpa (c)05, Issuer: CN=VeriSign Class 3 Secure Server CA - G3, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign,
Inc.", C=US.
Elapsed Time: 224 ms.
    Validating the certificate name.
    The certificate name was validated successfully.
       Additional Details
    Host name webmail.xyz.com was found in the Certificate Subject Common name.
Elapsed Time: 0 ms.
    Certificate trust is being validated.
    The certificate is trusted and all certificates are present in the chain.
       Test Steps
       The Microsoft Connectivity Analyzer is attempting to build certificate chains for certificate CN=webmail.xyz.com, OU=Terms of use at www.verisign.com/rpa (c)05,
    One or more certificate chains were constructed successfully.
       Additional Details
    A total of 1 chains were built. The highest quality chain ends in root certificate CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign,
Inc.", C=US.
Elapsed Time: 34 ms.
    Analyzing the certificate chains for compatibility problems with versions of Windows.
    Potential compatibility problems were identified with some versions of Windows.
       Additional Details
    The Microsoft Connectivity Analyzer can only validate the certificate chain using the Root Certificate Update functionality from Windows Update. Your certificate may not be trusted on Windows if the "Update Root Certificates" feature
isn't enabled.
Elapsed Time: 5 ms.
    Testing the certificate date to confirm the certificate is valid.
    Date validation passed. The certificate hasn't expired.
       Additional Details
    The certificate is valid. NotBefore = 1/3/2013 12:00:00 AM, NotAfter = 11/16/2015 11:59:59 PM
Elapsed Time: 0 ms.
    Checking the IIS configuration for client certificate authentication.
    Client certificate authentication wasn't detected.
       Additional Details
    Accept/Require Client Certificates isn't configured.
Elapsed Time: 298 ms.
    Testing HTTP Authentication Methods for URL https://webmail.xyz.com/rpc/[email protected]:6002.
    The HTTP authentication methods are correct.
       Additional Details
    The Microsoft Connectivity Analyzer found all expected authentication methods and no disallowed methods. Methods found: Basic, Negotiate, NTLMHTTP Response Headers:
request-id: 835acf95-78b7-40ae-b232-117318d1577e
Server: Microsoft-IIS/8.5
WWW-Authenticate: Basic realm="webmail.xyz.com",Negotiate,NTLM
X-Powered-By: ASP.NET
X-FEServer: Server01
Date: Mon, 25 Aug 2014 19:12:26 GMT
Content-Length: 0
Elapsed Time: 296 ms.
    Attempting to ping RPC proxy webmail.xyz.com.
    RPC Proxy was pinged successfully.
       Additional Details
    Elapsed Time: 454 ms.
    Attempting to ping the MAPI Mail Store endpoint with identity: [email protected]:6001.
    The endpoint was pinged successfully.
       Additional Details
    The endpoint responded in 0 ms.
Elapsed Time: 1007 ms.
    Testing the MAPI Address Book endpoint on the Exchange server.
    The address book endpoint was tested successfully.
       Additional Details
    Elapsed Time: 2177 ms.
       Test Steps
       Attempting to ping the MAPI Address Book endpoint with identity: [email protected]:6004.
    The endpoint was pinged successfully.
       Additional Details
    The endpoint responded in 906 ms.
Elapsed Time: 918 ms.
    Testing the address book "Check Name" operation for user [email protected] against server [email protected].
    The test passed with some warnings encountered. Please expand the additional details.
       Tell me more about this issue and how to resolve it
       Additional Details
    The address book Bind operation returned ecNotSupported. This typically indicates that your server requires encryption. The Microsoft Connectivity Analyzer will attempt the Address Book test again with encryption.
NSPI Status: 2147746050
Elapsed Time: 825 ms.
    Testing the address book "Check Name" operation for user [email protected] against server [email protected].
    Check Name succeeded.
       Additional Details
    DisplayName: Test Exch1, LegDN: /o=DOMAIN/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=add423106fbb47d5bf237462f52b8dab-Test Exch1
Elapsed Time: 433 ms.
    Testing the MAPI Referral service on the Exchange Server.
    The Referral service was tested successfully.
       Additional Details
    Elapsed Time: 1808 ms.
       Test Steps
       Attempting to ping the MAPI Referral Service endpoint with identity: [email protected]:6002.
    The endpoint was pinged successfully.
       Additional Details
    The endpoint responded in 953 ms.
Elapsed Time: 949 ms.
    Attempting to perform referral for user /o=DOMAIN/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=add423106fbb47d5bf237462f52b8dab-Test Exch1 on server [email protected].
    We got the address book server successfully.
       Additional Details
    The server returned by the Referral service: [email protected]
Elapsed Time: 858 ms.
    Testing the MAPI Address Book endpoint on the Exchange server.
    The address book endpoint was tested successfully.
       Additional Details
    Elapsed Time: 626 ms.
       Test Steps
       Attempting to ping the MAPI Address Book endpoint with identity: [email protected]:6004.
    The endpoint was pinged successfully.
       Additional Details
    The endpoint responded in 156 ms.
Elapsed Time: 154 ms.
    Testing the address book "Check Name" operation for user [email protected] against server [email protected].
    Check Name succeeded.
       Additional Details
    DisplayName: Test Exch1, LegDN: /o=DOMAIN/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=add423106fbb47d5bf237462f52b8dab-Test Exch1
Elapsed Time: 472 ms.
    Testing the MAPI Mail Store endpoint on the Exchange server.
    We successfully tested the Mail Store endpoint.
       Additional Details
    Elapsed Time: 555 ms.
       Test Steps
       Attempting to ping the MAPI Mail Store endpoint with identity: [email protected]:6001.
    The endpoint was pinged successfully.
       Additional Details
    The endpoint responded in 234 ms.
Elapsed Time: 228 ms.
    Attempting to log on to the Mailbox.
    We were able to log on to the Mailbox.
       Additional Details
    Elapsed Time: 326 ms.

Moving witness server to CAS server two Exchange 2013 servers with a DAG

Inherited a situation where there is one Exchange 2007 Build 83.6 server running on Win2008R2, acting as witness, and hub transport and yes is a file server too. In addition there is relays, email and service accts that need to be moved to Exchange
2013.
Presently there are two Exchange 2013 cu3 servers that are part of a DAG that also run on Win 2008r2... We wish to add another node to the DAG, and move the witness to another server.
Do I need to also add a CAS Exchange 2013 server to replace the Ex 2007 server?
Can this server also act as the Witness?
What would be the best practices for this senario. All of these machines are VM's.

Inherited a situation where there is one Exchange 2007 Build 83.6 server running on Win2008R2, acting as witness, and hub transport and yes is a file server too. In addition there is relays, email and service accts that need to be moved to Exchange
2013.
Presently there are two Exchange 2013 cu3 servers that are part of a DAG that also run on Win 2008r2... We wish to add another node to the DAG, and move the witness to another server.
Do I need to also add a CAS Exchange 2013 server to replace the Ex 2007 server?
Can this server also act as the Witness?
What would be the best practices for this senario. All of these machines are VM's.
With an odd number of nodes, the File Share Witness will not be used, but you can still define it.
Any server ( any including any non-Exchange server) can serve as the FSW as long as its not a mailbox server n the DAG and it has the Exchange Trusted SubSystem group in the local admin group on that server.
Since you are using VMs, ensure the FSW isn't on the same host as a MBX DAG member.
Not sure what you mean by adding a CAS Exchange 2013 server. Do you mean you have not installed the CAS role yet for 2013? If so, then absolutetly you need one.
Twitter!: Please Note: My Posts are provided “AS IS” without warranty of any kind, either expressed or implied.

Deploying 2x Exchange Server 2013 CAS server email traffic high availability during patching & reboot

Similar Messages

Maybe you are looking for