Exchange 2013 HA Design

Similar Messages

• Exchange 2013 deployment design recommendations?

  We are planning on upgrading from Exchange 2010 to 2013.  
  Currently, we have 2 Exchange servers.  One server with mailbox and hub transport in our local office with users.  The CAS is in a remote data center.  So, whenever either server is down or being restarted, all mail stops.
  We have received licenses for three Exchange 2013 servers.  What is the best way to set these up so there is high availability whenever any one of the three servers is offline.  Also, since we will still have the licenses for our existing two Exchange
  2010 servers, will there be any benefit in keeping those in this scenario?
  I have attached a diagram of our current layout and we want to revamp it.

  Hi 
  The current setup of your environment is not Microsoft recommended solution as there is no HA set up for mailbox hub as well as CAS 
  My recommendation for exchange 2013
  You can have CAS servers deployed one in each datacenter 
  Below thing can be thought for DAG Config
  In order to increase the service level which is to have one site alive when the other site is down, its
  better to Move the file share witness server to a server that does not belong to neither site but it needs to have reliable network communications between both sites.
  So if any of two sites fails, the DAG will have a quorum and it can remain operational. The databases will
  not be dismounted and service and data access will not be disrupted.
  If in case if you don't have 3 sites you can follow below( again this is not best recommended HA )
  Put the FSW in the primary Data Center and set the DAG to DAC mode so you can easily do a data center
  switchover in case the primary fails.
  http://technet.microsoft.com/en-us/library/dd351049(v=exchg.150).aspx
  Remember to mark as helpful if you find my contribution useful or as an answer if it does answer your question.That will encourage me - and others - to take time out to help you Check out my latest blog posts on http://exchangequery.com Thanks Sathish
  (MVP)

• Exchange 2013 Allows Room/Resource Double Booking (By Design!)

  Since upgrading to Exchange 2013 we have noticed a significant increase in users complaining about room double bookings.  After a fair bit of testing we were able to narrow the behaviour down to a reproducible scenario.
  First things first - we have AllowConflicts set to false on all room and resource mailboxes, so that is not the issue.
  The problem manifests if the start date of a recurring meeting series is more than six months in the past.
  This is the scenario which we can reproduce:
  Find (or create) a meeting room which is configured to not allow booking conflicts (AllowConflicts:False)
  Book one or more meetings in the room (or look for existing meetings)
  Create a recurring meeting (or use an existing meeting)
  with a start date which is more than six months in the past which will conflict with one or more of the bookings created or found in step 2.
  The room will accept all instances of the new recurring meeting, even those which conflict with other bookings.
  A variation of the scenario is to extend an existing recurring meeting series:
  Find (or create) a meeting room which is configured to not allow booking conflicts (AllowConflicts:False)
  Find (or create) a recurring meeting with a start date which is more than six months in the past
  and which will end soon.
  Book one or more meetings in the room in the same time slot as the recurring meeting
  for dates past the end of the recurring meeting series.
  Extend the recurring meeting from step 2 past the meetings from step 3.
  The room will accept all instances of the extended meeting series, even those which conflict with other bookings.
  This is new behaviour in Exchange 2013 - in Exchange 2010 these scenarios worked and Exchange didn't allow double bookings.
  We opened a case with Microsoft and were eventually told that this new behaviour is 'by design'.  We even appealed to the customer advocacy group and the Exchange product team still refuse to acknowledge this as a bug.  As a workaround  it
  was suggested that we reduce the booking window horizon to 180 days, but this does not resolve the issue. 
  We are not happy; our users are not happy.
  I'm posting here to share our findings with other Exchange users who may be seeing this issue, and to ask you to please share your experience and, if possible, contact Microsoft so that the product group might reconsider their position on this behaviour.
  Ben Lye

  So it seems like I should have been a little clearer - the scenarios above are for reproduction.  I know that nobody normally creates a recurring meeting with the start date in the past - that step was just to emulate an existing meeting which was created
  more than six months ago.
  The current explanation from Microsoft is that Exchange 2013 only checks the first six months of a recurring meeting series for conflicts, so another way to encounter (or reproduce) this issue is this:
  Find (or create) a meeting room which is configured to not allow booking conflicts (AllowConflicts:False)
  Book a new recurring meeting which starts today and has an end date at least six months in the future.
  Create a new single meeting instance in the same time slot as the recurring meeting, but after the end of the recurring meeting series.
  Extend the meeting series beyond the date of the single meeting instance
  The room will accept the update to the series and the room will be double booked.
  Ben

• Exchange 2010 /2013 DAG Design

  Hi All,
  I Have Gone through some Articles and Blogs where i read about the DAG Design and Member server placement in Site Resiliency Scenarios..
  I just want to know what and how many DAG Designs we can propose to Customers.
  As per my knowledge and study i came across -
  (A) Active/Passive Model with Shared Namespace (Single DAG)
  (B)  Active/Passive model with different namespaces (Single DAG)
  (C) Active/Active Model with Different Namespaces (2 DAGs).
  I am Just Curious to know is there any other model DAG that can be proposed apart from above mentioned Designs in terms of both Namespace and Database Active copy Location.
  Also can you also put some light and clarify whether we can have
  Active/Active Model with Shared Namespace (Single DAG). I have read it is supported in exchange 2013, if so can we do the same in Exchange 2010 as well. If not what makes this design different in exchange 2010 v/s exchange 2013. How can we
  achieve this design in exchange 2013?
  I got a good article on above scenarios
  here but I have some terms or paragraphs bit
  confusing. Please help me to understand the bold lines in below paragraph.
  Since we typically only have active users connecting to the primary datacenter (at least the majority of the users connect to this datacenter unless a site failover occurs),
  the autodiscover record (autodiscover.exchangelabs.dk) in external DNS points to the load balancer in the primary datacenter. The internal “AutoDiscoverServiceInternalUri” on the CAS servers in the primary datacenter has been configured with a value of https://mail.exchangelabs.dk/autodiscover/autodiscover.xml,
  and the same goes for the CAS servers in the failover datacenter. Now you could choose to point the AutoDiscoverInternalUri on CAS servers in the failover datacenter at “https://failover.exchangelabs.dk/autodiscover/autodiscover.xml” but
  you can easily up on in a situation where SCP’s aren’t reachable during a site failover. Also, cross-site traffic caused by Autodiscover have a minor impact on the WAN link since autodiscover requests consists of small XML based text files.
  Also in
  Active/Passive model with different namespaces (Single DAG) or  Active/Active Model with Different Namespaces (2 DAGs) model do we still repoint EWS,OA,EAS
  etc. web service records in public DNS. If yes what should be their value (please refer
  Complete Site failover Segment in Above URL)
   it would be very helpful if you could provide any detailed Design diagram as mentioned in URL to understand the things better. or any Technet Articled with well
  description
  Thanks in advance 
  Regards
  Aanand Singh
  Regards, Aanand Singh

  Hello,
  The sentence " you
  can easily up on in a situation where SCP’s aren’t reachable during a site failover. Also, cross-site traffic caused by Autodiscover have a minor impact on the WAN link since autodiscover requests consists of small XML based text files."  I
  understand that if site failover occurs,as long as the CAS servers are available in the primary datacenter, clients will continue to connect to the CAS servers in this datacenter. The CAS servers will not be used in the failover datacenter.
  Consider WAN outage, we recommend you deploy Active/Active Model with Different Namespaces (2 DAGs).
  Besides, I recommend you configure DNS to round-robin between the VIPs of the load balancers in each datacenter to realize single namespace.
  Here are some articles for your reference.
  http://technet.microsoft.com/en-us/library/dd979781(v=exchg.141).aspx
  http://blogs.technet.com/b/scottschnoll/archive/2012/11/01/storage-high-availability-and-site-resilience-in-exchange-server-2013-part-3.aspx
  http://blogs.technet.com/b/exchange/archive/2013/01/25/exchange-2013-client-access-server-role.aspx
  Cara Chen
  TechNet Community Support

• SBS2008: Move email from Exchange 2007 to new server with Exchange 2013

  We have an old server (SBS2008) and plan to buy a new server with (Server 2012). I need to move all the exchange emails, contacts & calendars to the new server. We will no longer use the old server. 
  Is there a document or migration tool that will help me understand how to move this data form the old exchange server to the new one? 
  Old Server:
  SBS2008 running Exchange 2007
  New Server:
  Server 2012
  Exchange 2013
  Any help is appreciated!

  Hi Dave,
  It can be done, and as Larry suggested you will consider two Server 2012 installs in order to achieve an environment that looks like your current SBS roles; Exchange 2013 on an Active Directory controller isn't a good long-term solution (SBS did this for
  you in the past).
  For your size operation, a virtual server host, with a Windows Server 2012 license, and two virtual machines would probably be a suitable design model.  In this manner, you have Server 2012 license that permits 1 +2 licenses (one host for virtualization,
  up to 2 Virtual Machines on same host).
  There's no migration tool. That comes with experience and usually trial and error. You earn the skills in this migration path, and for the average SBS support person you should plan on spending 3x (or more) your efforts estimate in hours planning your migration. 
  You can find a recommended migration path at this link to give you an idea of the steps, but its not exactly point by point going to cover you off for an sbs2008 to server 2012 w/exchange 2013 migration.  But the high points are in here. If it looks
  like something you would be comfortable with then you should research more.
  http://blogs.technet.com/b/infratalks/archive/2012/09/07/transition-from-small-business-server-to-standard-windows-server.aspx
  Specific around integrating Exchange 2013 into an Exchange 2007 environment, guidance for that can be found here:
  http://technet.microsoft.com/en-us/library/jj898582(v=exchg.150).aspx
  If that looks like something beyond your comfort level, then you might consider building a new 2012 server with Exchange 2013 environment out as new, manually export your exchange 2007 mailbox contents (to PST) and then import them into the new mail server,
  and migrate your workstations out of old domain into new domain.  Whether this is more or less work at your workstation count is dependent upon a lot of variables.
  If you have more questions about the process, update the thread and we'll try to assist.
  Hopefully this info answered your original question.
  Cheers,
  -Jason
  Jason Miller B.Comm (Hons), MCSA, MCITP, Microsoft MVP

• Large Mail.que database in Exchange 2013

  [Background]
  Since Exchange 2013 is released, some user may come across the following situations:
  The space of disk C is used up.
  The transport service stops processing messages.
  The Mailbox server is crash.
  In this case, the issue can be resolved with checking with the mail.que file which is in the following path on the Mailbox server:
  C:\Program Files\Microsoft\Exchange Server\V15\TransportRoles\data\Queue
  [Symptom]
  The Mail.que file on all Exchange 2013 servers grows very large and it’s even over 20 GB.
  [Cause]
  It’s a by design behavior.
  Different from the previous Exchange server, Safety Net which has the same function with the Transport dumpster in Exchange 2013 takes up the volume of the mail.que file and
  it’s the feature which is responsible for the large size of the mail.que in Exchange 2013.
   And here is a reference about the feature Safety Net in Exchange 2013:
  http://technet.microsoft.com/en-us/library/jj657495(v=exchg.150).aspx
  [Workarounds]
  1. Allocate large space for the Exchange 2013 installation or increase the volume for Exchange 2013.
  These articles will also provide further detail of size calculating:
  http://blogs.technet.com/b/exchange/archive/2013/05/14/released-exchange-2013-server-role-requirements-calculator.aspx
  http://blogs.technet.com/b/exchange/archive/2013/05/06/ask-the-perf-guy-sizing-exchange-2013-deployments.aspx
  (See section: “Transport storage requirements”)
  2. Moved queue database to another drive by using
  Move-DatabasePath
  3. Reduce the SafetyNetHoldTime and MessageExpirationTimeouton values to one day (default values are 2 days). And these commands can be in use:
  Set-TransportConfig SafetyNetHoldTime 1.00:00:00
  Get-TransportService | Set-TransportService -MessageExpirationTimeout 1.00:00:00
  Please click to vote if the post helps you. This can be beneficial to other community members reading the thread.

  [Background]
  Since Exchange 2013 is released, some user may come across the following situations:
  The space of disk C is used up.
  The transport service stops processing messages.
  The Mailbox server is crash.
  In this case, the issue can be resolved with checking with the mail.que file which is in the following path on the Mailbox server:
  C:\Program Files\Microsoft\Exchange Server\V15\TransportRoles\data\Queue
  [Symptom]
  The Mail.que file on all Exchange 2013 servers grows very large and it’s even over 20 GB.
  [Cause]
  It’s a by design behavior.
  Different from the previous Exchange server, Safety Net which has the same function with the Transport dumpster in Exchange 2013 takes up the volume of the mail.que file and
  it’s the feature which is responsible for the large size of the mail.que in Exchange 2013.
   And here is a reference about the feature Safety Net in Exchange 2013:
  http://technet.microsoft.com/en-us/library/jj657495(v=exchg.150).aspx
  [Workarounds]
  1. Allocate large space for the Exchange 2013 installation or increase the volume for Exchange 2013.
  These articles will also provide further detail of size calculating:
  http://blogs.technet.com/b/exchange/archive/2013/05/14/released-exchange-2013-server-role-requirements-calculator.aspx
  http://blogs.technet.com/b/exchange/archive/2013/05/06/ask-the-perf-guy-sizing-exchange-2013-deployments.aspx
  (See section: “Transport storage requirements”)
  2. Moved queue database to another drive by using
  Move-DatabasePath
  3. Reduce the SafetyNetHoldTime and MessageExpirationTimeouton values to one day (default values are 2 days). And these commands can be in use:
  Set-TransportConfig SafetyNetHoldTime 1.00:00:00
  Get-TransportService | Set-TransportService -MessageExpirationTimeout 1.00:00:00
  Please click to vote if the post helps you. This can be beneficial to other community members reading the thread.
  You cant move the queue database with move-databasepath. You have to follow this method:
  http://technet.microsoft.com/en-us/library/bb125177(v=exchg.150).aspx
  Twitter!: Please Note: My Posts are provided “AS IS” without warranty of any kind, either expressed or implied.

• Is it possible to only allow given MAC addresses to access ActiveSync in Exchange 2013?

  We are designing a new Exchange 2013 environment for a client and one of their requests was to only allow known mobile devices to access ActiveSync.
  I can see that you can allow or block remote devices based on IP Address, model, etc. but we'd need to allow devices based on their MAC Addresses.
  Is it possible to use the built-in features of Exchange 2013 or IIS ARR to provide this feature?
  Cheers for now
  Russell

  We are designing a new Exchange 2013 environment for a client and one of their requests was to only allow known mobile devices to access ActiveSync.
  I can see that you can allow or block remote devices based on IP Address, model, etc. but we'd need to allow devices based on their MAC Addresses.
  Is it possible to use the built-in features of Exchange 2013 or IIS ARR to provide this feature?
  Cheers for now
  Russell
  No, but you can use DeviceId.
  The ActiveSyncAllowedDeviceIDs parameter specifies one or more Exchange ActiveSync device IDs that are allowed to synchronize with the mailbox. A device ID is a text string that uniquely identifies the device. Use the
  Get-MobileDevice cmdlet to see the devices that have Exchange ActiveSync partnerships with the mailbox.
  To enter multiple values and overwrite any existing entries, use the following syntax:
  <value1>,<value2>.... If the values contain spaces or otherwise require quotation marks, you need to use the following syntax:
  "<value1>","<value2>"....
  To add or remove one or more values without affecting any existing entries, use the following syntax:
  @{Add="<value1>","<value2>"...; Remove="<value1>","<value2>"...}.
  https://technet.microsoft.com/en-us/library/bb125264(v=exchg.150).aspx
  Twitter!: Please Note: My Posts are provided “AS IS” without warranty of any kind, either expressed or implied.

• What is the best backup plan for Archive Databases in Exchange 2013?

  Hi,
  We have Exchange 2013 with Hybrid setup with O365.
  We have On premise exchange 2013 servers with 3 copies of primary Database & Single Copy of Archival DBs.
  Now we have to frame backup policy with Symantec Backup Exec which has to backup our primary & Archival DBs
  In 2007 exchange, before migration to 2013, we had policy of DBs - Weekly Full backup & Monthly Full Backup
  Please suggest what would be the best possible backup strategy we can follow with 2013 DBs.
  That too, especially for Archiving DBs
  Our Archiving Policy are - 3 category - Any emails older than 6 month OR 1 Year OR 2 Year should go to Archive mailbox.
  Keeping this in mind how to design the backup policy ? 
  Manju Gowda

  Hi Manju,
  you do not find best practice different from the common backup guidelines, as there is no archive db specific behaviour. Your users may move items to their archive at any time as well as your retention policies may move items that machted the retention policies
  at any time. The result is frequently changing content to both, mailbox and archive mailbox databases, so you need to backup both the same way. You also may handle archives together with mailboxes together in the mailbox db 
  Please keep in mind that backup usually means data availability in case of system failure. So you may consider to do a less frequent backup with your archive db with dependency to the "keep deleted items" (/mailboxes) setting on your mailbox database.
  Example:
  keep deleted items: 30 days
  backup of archive db: every 14 days
  restore procedure:
  * restore archive DB content
  * add difference from recover deleted items (or Backup Exec single item recovery) for the missing 14 days.
  So it depends more on your process than on a backup principle.
  Regards,
  Martin

• Exchange 2013 SP1 readiness check failing

  Trying to install our first Exchange 2013 SP1 server on Windows 2012 R2 in our datacentre, the readiness check fails with:
  Error:
  The Active Directory schema isn't up-to-date, and this user account isn't a member of the 'Schema Admins' and/or 'Enterprise Admins' groups.
  For more information, visit: http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.SchemaUpdateRequired.aspx
  There are many more errors relating to Enterprise admin rights etc.
  Please note that:
  My account is Domain admin, Schema admin and Enterprise admin member, it always has been.
  I tried the built-in AD Administrator which of course is part of the groups as well, no difference.
  Active Directory is at 2008 R2 for domain and forest functional levels.
  I tried rejoining the new Exchange designated server to the domain
  I've installed RSAT-ADDS, the Managed API 4.0 and all the other windows roles via powershell
  There is a local domain controller that is a global catalog server on the new Exchange server subnet
  I tried running the Exchange Setup on a different server on the same subnet as where the active 2010 Exchange server resides as well as the FSMO AD role holder resides, this works fine. I even did the AD prep from there no problem, that made no difference
  on the datacentre server
  AD replicates fine between the FSMO role holder and the Datacentre (no errors in dcdiag or repadmin /showrepl)
  This error is in the event log:
  The description for Event ID 4027 from source MSExchange ADAccess cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.
  If the event originated on another computer, the display information had to be saved with the event.
  The following information was included with the event:
  ExSetupUI.exe
  6724
  Get Servers for domain.local
  TopologyClientTcpEndpoint (localhost)
  3
  System.ServiceModel.EndpointNotFoundException: Could not connect to net.tcp://localhost:890/Microsoft.Exchange.Directory.TopologyService. The connection attempt lasted for a time span of 00:00:02.0475315. TCP error code 10061: No connection could be made because the target machine actively refused it 127.0.0.1:890. ---> System.Net.Sockets.SocketException: No connection could be made because the target machine actively refused it 127.0.0.1:890
  at System.Net.Sockets.Socket.DoConnect(EndPoint endPointSnapshot, SocketAddress socketAddress)
  at System.Net.Sockets.Socket.Connect(EndPoint remoteEP)
  at System.ServiceModel.Channels.SocketConnectionInitiator.Connect(Uri uri, TimeSpan timeout)
  --- End of inner exception stack trace ---
  Server stack trace:
  at System.ServiceModel.Channels.SocketConnectionInitiator.Connect(Uri uri, TimeSpan timeout)
  at System.ServiceModel.Channels.BufferedConnectionInitiator.Connect(Uri uri, TimeSpan timeout)
  at System.ServiceModel.Channels.ConnectionPoolHelper.EstablishConnection(TimeSpan timeout)
  at System.ServiceModel.Channels.ClientFramingDuplexSessionChannel.OnOpen(TimeSpan timeout)
  at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
  at System.ServiceModel.Channels.ServiceChannel.OnOpen(TimeSpan timeout)
  at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
  Exception rethrown at [0]:
  at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
  at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
  at System.ServiceModel.ICommunicationObject.Open()
  at Microsoft.Exchange.Net.ServiceProxyPool`1.GetClient(Boolean useCache)
  at Microsoft.Exchange.Net.ServiceProxyPool`1.TryCallServiceWithRetry(Action`1 action, String debugMessage, WCFConnectionStateTuple proxyToUse, Int32 numberOfRetries, Boolean doNotReturnProxyOnSuccess, Exception& exception)
  the message resource is present but the message is not found in the string/message table

  So I decided to re-install the OS, worked perfectly now. Only difference from before would be:
  SCCM hasn't pushed SCEP 2012 to the new build of the same server yet
  The original server was installed in a different AD site and then it was physically mode and reassigned to an new AD site and subnet
  I might have installed the pre-reqs in a slightly different order (RSAT-ADDS, all the IIS etc things via powershell
  and then the UCM API 4.0. (saw few comments that the order of how you install them matters in other forums).
  10 or so Microsoft Windows updates haven't installed on the new OS build yet.
  Other than that, its identical. But if its not broken don't fix it, perhaps the above can help someone else though. 

• Exchange 2013 - Prevent Outlook Clients From Connecting To A CAS Server In A Different AD Site

  Hi all,
  I could really do with your help!
  We have 3 physical sites, A, B & C, with sites A & B having a really fast low latency links between them, so from an AD point of view they are 1 site.  Site C has links to both sites A & B, but the link is a lot slower.
  We have an exchange design with 3 servers (one located at each physical site) that will form a DAG spread over the 3 physical sites.  Ideally we will separate the CAS and mailbox server roles out and have them controlled by a hardware load balancer,
  however we can have both roles on the same server if required.
  What we want, is to prevent is a situation where an outlook client in site C connects to a CAS server in site A/B with the mail being hosted on a mailbox server in site C therefore traversing the network twice to get its mail.
  From doing the Microsoft training course, my understanding is that in Exchange 2013, the CAS server only proxy's the request on to the mailbox server and does not redirect the request to the CAS server in the site where the mailbox server resides.
  I have seen information online stating that a single namespace is the way to go as long as your site links/network bandwidth is good, but nothing to help with our scenario.
  Has anyone else come across this situation and how did you get round it?
  Thanks in advance :)

  Hi Johnson,
  Based on my knowledge, Outlook Client will connect to the CAS server which in local first.
  Please check whether the CAS server that in site C is healthy.
  If the CAS server in site C is healthy, please disable the CAS Load Balance for testing.
  Also found a useful blog for your reference:
  Exchange 2013 Client Access Server Role
  http://blogs.technet.com/b/exchange/archive/2013/01/25/exchange-2013-client-access-server-role.aspx
  Thanks
  Mavis
  Mavis Huang
  TechNet Community Support

• Exchange 2013 CAS-MBX recipient validation rejects entire message if any of recipients are invalid

  Hi,
  How can I enable recipient validation work in this design:
  2 Exchange 2013 servers with CAS and MAILBOX roles both, DAG and Hardware Load balancer for HTTP and SMTP traffic.
  From Exchange documentation:
  http://technet.microsoft.com/en-us/library/bb125187%28v=exchg.150%29.aspx
  Although the Recipient Filter agent is available on Mailbox servers, you shouldn't configure it. When recipient filtering on a Mailbox server detects one invalid or blocked recipient in a message that contains other valid recipients, the message is rejected.
  If you install the anti-spam agents on a Mailbox server, the Recipient Filter agent is enabled by default. However, it isn't configured to block any recipients. For more information, see
  Enable Anti-Spam Functionality on Mailbox Servers.
  If You have a setup like this:
  Install antispam agents:
  Identity Enabled Priority
  Transport Rule Agent True 1
  Malware Agent True 2
  Text Messaging Routing Agent True 3
  Text Messaging Delivery Agent True 4
  Content Filter Agent True 5
  Sender Id Agent True 6
  Sender Filter Agent True 7
  Recipient Filter Agent True 8
  Protocol Analysis Agent True 9
  Have Recipient validation enabled:
  Name                  Enabled RecipientValidationEnabled----                  ------- --------------------------RecipientFilterConfig    True                      True
  Have AcceptedDomain AddressBook enabled:
  DomainName DomainType AddressBookEnabled
  contoso.com Authoritative True
  Then You have a situation, where a single invalid recipient on an incoming email message would reject the entire message! I guess this is because the recipient filtering happens on the mailbox server.
  So .. HOW? Is it possible without Edge servers? Have I missed something?
  I hope this feature isn't "missing by design", because it will be very difficult to explain to the client, that such an expensive product cannot do what any mail server can - reject unknown recipients before taking E-Mail data. There are a lot
  of issues with this feature missing (possible DDOS with max attachments, or spoofed sender e-mail address that is a spamtrap, so NDR from Exchange would get You to SBL, etc.).
  Sincerely,
  Vince

  Hello Vince,
  Thank you for your post.
  This is a quick note to let you know that we are performing research on this issue.
  Thanks,
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
  [email protected]
  Simon Wu
  TechNet Community Support

• Exchange 2013 MBX in DAG along with Hyper-V and Failover Cluster

  Hi Guys! I've tried to find out an answer of my question or some kind of solution, but with no luck that's why I am writing here. The case is as follows. I have two powerful server boxes and iSCSI storage and I have to design high availability
  solution, which includes SCOM 2012, SC DPM 2012 and exchange 2013 (two CAS+HUB servers and two MBX servers).
  Let me tell you how I plan to do that and you will correct me if proposed solution is wrong.
  1. On both hosts - add Hyper-V role.
  2. On both hosts - add failover clustering role.
  3. Create 2 VMs through failover cluster manager, VMs will be stored on a iSCSI LUN, the first one VM for SCOM 2012 and the second one for SCDPM 2012. Both VMs will be added as failover resource.
  4. Create 4 VMs - 2 for CAS+HUB role and 2 for MBX role, VMs will be stored on a iSCSI LUN as well.
  5. Create a DAG within the two MBX servers.
  In general, that's all. What I wonder is whether I can use failover clustering to acheive High Availability for 2 VMs and at the same time to create DAG between MBX-servers and NLB between CAS-servers?
  Excuse me for this question, but I am not proficient in this matter.

  Hi,
  As far as I know, it’s supported to create DAG for mailbox server installed in hyper-v server.
  And since load balance has been changed for CAS 2013, it is more worth with DNS round robin instead of NLB. However, you can use NLB in Exchange 2013.
  For more information, you can refer to the following article:
  http://technet.microsoft.com/en-us/library/jj898588(v=exchg.150).aspx
  If you have any question, please feel free to let me know.
  Thanks,
  Angela Shi
  TechNet Community Support

• Exchange 2013 - CAS Server Multi Namespace & Site Deployment

  Hello,
  I am
  currently designing the new Excahnge 2013 environment that I am looking to deploy by the end of the month. And I have come up with two designs on what could be deployed. The first being an active/passive design with a single namespace across two sites.
  One site being the primary site and the other being the secondary DR site in a single DAG. Now this is a common design and similar setups are documented in detail online on many blogs and such.
  Where my trouble is with the second design I have come up with which is an active/active model using a multi namespace across the same two sites utilizing two DAGs. The idea here being the first
  site is the corporate head office which would only contain those users. While the second site would contain everyone else not based out of the head office. The goal being to cut out internal users from connecting all of the way into the primary site when they
  are external to it.
  Now the way in which the network is setup between the two sites. Accessing the internet from the primary site requires you to go through the secondary. So for the second design my idea would
  be for external Outlook, OWA and ActiveSync connections would connect into the secondary site for it to then proxy over to the primary. Now I am used to how Excahnge 2010 did its proxying and if the ExternalUrl property was blank is knew to proxy to the other
  site. Is that still the case with Excahnge 2013 or it does not care at all and I can just populate both the internal/external url properties for all of the CAS servers at the primary site?
  Now assuming I do populate both the internal/external url property in Excahnge 2013 for the primary site. And for this example I am going to use mail01.domainname.com for the primary site and
  mail02.domainname.com for the second. To get Outlook, OWA and ActiveSync to connect for users of the primary site externally would it be as simple as having that external internet DNS entry for mail01.domainname.com point to the same IP as mail02.domainname.com
  would be? With mail02.domainname.com pointing to a externally accessible load balancer for the second site.
  Now applying the above logic and assuming as long as you hit a CAS server. And it will find your mailbox for you does that mean I can could also use the same namespace in both locations for
  say OWA and ActiveSync? So the idea being we want to keep using webmail.domainname.com for OWA access. So if I set that URL for both the primary and secondary site as long as I hit a CAS server in the secondary site. It will be able to connect over to the
  mailbox in the primary site for OWA?
  Nicholas

  Hello Angela,
  I need some clarification to your reply as it has left me a little more confused. Where you start by saying “all client requests will firstly access the internet-facing server”.
  Are you talking about when the client is connecting in externally or when the client is internal? As this would make it seem like in my second design where only the secondary site would have internet facing CAS. That clients in the primary site internally
  would connect over to the secondary site then be proxyed back to the primary.
  Then for the separate namespace portion of your reply. I am assuming you mean the secondary site form my example which will have the internet-facing CAS server? If that is
  the case my public DNS entry would be mail02.domain.com only but then how would the client from the primary site who use mail01.domain.com which is not on an internet facing CAS server. Then figure out they can connect in on mail02.domain.com externally from
  the internet?
  And when you talk about both sites using the same namespace. And using two public DNS entries pointing to the CAS servers in both datacenters. Is that not just going to do
  DNS round robin? As described in this technet blog?
  http://blogs.technet.com/b/exchange/archive/2014/02/28/namespace-planning-in-exchange-2013.aspx
  Or is it because both datacenters will be hosting active mailboxes. Will the clients query each CAS server till it finds one in its site? I do also plan to deploy a load balancer with my CAS servers. So I would think that would cancel our using the two public
  DNS option.
  Nicholas

• Auto-Mapping Exchange 2013 Mailboxs in an Exchange 2010 Mailbox

  We're in the middle of migrating mailboxes from Exchange 2010 to Exchange 2013. Many of our users have Auto-Mapped mailboxes as well. In my testing, I've found that I cannot Auto-Map a mailbox that's on Exchange 2013 in a Exchange 2010 mailbox. I can manually
  add it and it works fine. Is this by design with this type of coexistence or is there a fix for it? Our current Exchange 2010 environment is at SP3 with UR2.
  Orange County District Attorney

  This issues is fixed in UR5 so suggest you to upgrade Exchange 2010 to SP3 UR5.
  Reference Thread: http://social.technet.microsoft.com/Forums/exchange/en-US/a2aa4163-f74b-401f-aec5-13324e6b29c8/exchange-2010-mailbox-not-able-to-access-automapped-exchange-2013-cu3-mailbox?forum=exchangesvradmin
  Blog |
  Get Your Exchange Powershell Tip of the Day from here

• Exchange 2010 coexist with exchange 2013

  Hi All ,
  Planning to have a coexistence scenario in my environment which is mentioned below
  Exchange 2010 - ambiguous url in place - OA enabled 
  For mapi/rpc traffic - mail.domain.in -  exchange 2010
  For https traffic - mail.domain.in - exchange 2010
  mail.domain.in will get resolved in to cas array in exchange 2010 .
  After coexistence On our side we are not going to move the mail.domain.in namespace to exchange 2013 , Instead of that we are going to use a new namespace in exchange 2013 for internal outlook anywhere and it will be outlookmail.domain.in and for the remaining
  exchange 2013 services like pop,imap,owa,active sync url's,external OA will be having mail.domain.in as same as exchange 2010 namespace.
  just consider outlookmail.domain.in is available on the san certificate installed in exchange 2013.
  Note : 
  On my ide I would assume Internal outlook 2010 mapi users will connect directly to exchange 2010 servers on the namespace mail.domain.in
  Likewise i would assume Internal outlook anywhere 2013 users will connect directly to exchange 2013 servers on the namespace outlookmail.domain.in
  Services like pop,imap,owa,active sync ,external OA connections for both exchange 2010 and exchange 2013 from the external world will be routed from firewall to exchange 2013 servers .Then https traffic for exchange 2010 mailbox users will be proxied to 2010
  exchange server via exchange 2013 server.
  question : I would like to know above mentioned scenario is possible or not ?
  On my side I know in my environment i am having ambiguous url's in place and at the same time i don't want the exchange 2010 internal outlook users to connect via exchange 2013 rpc over http even though OA is enabled on exchange 2010.
  So simply i can say i need my internal exchange 2010 mailbox users has to connect via tcp/ip.
  All of you tell me your valuable suggestions.
  Regards
  S.Nithyanandham

  Hi,
  Going Straight to the point... and answering your question...
  The scenario above IS possible For a while... But going ahead in the migration process, You'd face problems once the Exch2013 doesn't know how to handle MAPI connections:
  As per Exchange Team...
  In this scenario where both the MAPI/RPC and HTTP workloads are using the same FQDN you cannot successfully move the FQDN to CAS 2013 without
  breaking your MAPI/RPC client connectivity entirely. I repeat, your MAPI/RPC clients will start failing to connect via MAPI/RPC once
  their DNS cache expires after the shared FQDN is moved to CAS 2013.
  As their recommendation, and I would tell you too by experience, the best option is to really use different internal and external URLs for the clients to connect to.
  change your design to use a specific internal-only FQDN for MAPI/RPC clients. If you are in the middle of a 2010 deployment using an Ambiguous
  URL I recommend you change your ClientAccessArray FQDN to a unique name and update the mailbox database RpcClientAccessServer values
  on all Exchange 2010 mailbox databases accordingly. Fixing this item mid-migration to Exchange 2010 or even in your fully migrated environment will ensure any newly created or manually repaired Outlook profiles are protected, but it will not automatically
  fix existing Outlook clients with the old value in the server field. 
  So the overall for this first point is to enable the OA for all internal users, so as to ease the migration process in the future, even if for the time being its not necessary.
  Also another point you should take into consideration is the version of yours OLK versions, as the minimum supported are as per below:
  Outlook 2007: 12.0.6665.5000 (SP3 + the November 2012 Public Update or any later PU)
  Outlook 2010: 14.0.6126.5000 (SP1 + the November 2012 Public Update or any later PU)
  Outlook 2013: 15.0.4420.1017 (RTM or later)
  I don't know the size of you network, but it might be necessary for you to use an inventory tool in order to identify that.
  As advised, its really worthy to have a look at the following article, thus to clarify your view about this issue.
  Ambiguous URLs and their effect on Exchange 2010 to Exchange 2013 Migrations
  From <http://blogs.technet.com/b/exchange/archive/2013/07/17/3574451.aspx> 
  Hope it can help you!
  Cheers,
  Think before you ask, give detail as much as possible, then ask and you will get help! Always have in mind, people do not guess! :)