Tech Blog

So today I was working at a site that has a single Exchange 2010 server that forfills all the Exchange roles (I know….) which happened to fall on its ass.

First thing I did was check the Exchnage services which were in a state of “starting” which is never good and then I went to the registry and found:

MSExchange ADAccess, EventID 2141
Process STORE.EXE (PID=2996). Topology discovery failed, error 0x8007077f

MSExchange ADAccess, EventID 2142

Process MSEXCHANGEADTOPOLOGYSERVICE.EXE (PID=1760). Topology discovery failed, error 0x8007077f

Here’s a few screen shots:

As well as a few more related to AD.

After some investigation I found out that a new DC in a new site had been created for some DFS replication amongst other things.

As the system could start the Microsoft Exchange Active Directory Topology service (until it failed and is restarted by dependent services), Exchange’s other services were also triggered, leading to almost indefinitely restarting services as configured in their corresponding service recovery actions sections.

So next up is to look at Active Directory Sites and Services:

And as you can see from the screen shot the subnets are missing, which is going to cause issues as the new DC is on a different subnet.

When Exchange can’t determine in which site a computer belongs, the function DSGetSiteName, used to retrieve the current site, returns an error 1919 0x77f (ERROR_NO_SITENAME) which in turn kills off Exchange.  You can test this by running nltest /dsgetsite in a command prompt or by having a look at  HKLM\System\CurrentControlSet\Services\Netlogon\Parameters\DynamicSiteName.

To solve the issue you can do any of the following:

1. Making the site association static using a registry key, which isn’t a best practice. If you must, set registry key HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters\SiteName(REG_SZ) to the desired site name;
2. Adding proper subnet definitions;
3. Remove the new site.

Finally give Exchange a  bounce and BOOM.

Note that the NetLogon service determines site association membership at startup and every 15 minutes. The Microsoft Exchange Discovery Topology service maintains this information by caching the information in the msExchServerSite attribute of the Exchange server object, in order to reduce load on active directory and DNS. Therefore, you might need to wait or restart Microsoft Exchange Discovery Topology if you want to renew site association membership.

So today we had a requirement to start using Outlook Anywhere (Outlook over RPC) on our Exchange 2010 server, the setup is dead easy:

Logon to your CAS server,

Install the server feature “RPC over HTTP Proxy”,

Open the Exchange Management consol and go to Server Configuration and Client Access, Click Enable Outlook Anywhere,

Use your domain (you dont need HTTP/S), choose your authentication and if you need to offload your certificate to another server:

Thats the Exchange bit done.

Next change your DNS:

Locally and externally you need two things; an A record and a SRV record both need to point at Autodicsover.DOMAIN.ORG, here’s two examples from 123 reg:

Finally make sure 443 is allow through your Firewall.

Last but not least test with:

https://testconnectivity.microsoft.com

Ok so now onto the UPN bit, in my case my email differed from my domain i.e. my domain is bohemian.local and my email domain is bohemiangrove.co.uk.

What this means is when logging on via Outlook I get prompted to type domain and password:

If you’d rather not do this then you need to add your email domain as a UPN suffix.

To do this, on a DC open: Active Directory Domains and Trusts

rom the displayed context menu, click Properties.

On the properties box that appears, in the Alternative UPN suffixes field, specify the desired alternate UPN suffix for the domain and click Add.

Apply and ok. Finally open Active Directory Users and Computer

Find a user and under User logon name section, choose the alternate UPN suffix from the drop-down list that was created earlier in Active Directory Domains and Trusts snap–in.

Then test Outlook Anywhere using the users email as the username.

Recently put together some technical questions for a interview, thought I’d share some of them with you:

VMWare
Explain about your production environment? How many cluster’s, ESX, Data Centres, H/w etc ?
How does VMotion works? What’s the port number used for it?
How does HA works? Port number? How many host failure allowed and why?
How do DRS works? Which technology used? What are the priority counts to migrate the

VM’s?
How do snap shot’s works?
What are the common issues with snapshots?
What’s the difference between ESX and ESXi?
Storage team provided the new LUN ID to you? How will you configure the LUN in VC?
What would be the block size (say for 500 GB volume size)?
What are notable files that represent a VM?
What is a template in VMware

Network
What is a MAC Address?
What are the main advantages and disadvantages of Fibre-Optic-based networks?
What are the OSI Layers
What is the difference between TCP and UDP?
What is a TCP Session?
What is ICMP?
What is the (default) class type of 195.152.12.1?
How does a TCP connection establish a connection
What is ARP?
Name 5 common Ports?
Explain how the HTTPS hand shake works
What is a VLAN ?
What is VLAN Tagging? Why?

AD & DNS
What are the FSMO roles
What is a Global catalogue server
How do you manually create SRV records in DNS
How would you fix a broken DC that reps between site
What’s a conditional forwarder
How do I clear the DNS cache on the DNS server?
What is WINS and when do we use it?
Where is the AD database held?
Trying to look at the Schema, how can I do that?
What are GPOs?

Exchange
What roles does Exchange 2010 use?
What is a DAG
What does this line of Power Shell mean: get-mailbox  | ft Name

SQL
What is a full and basic backup
How would you restore a SQL server to another environment
How would you backup a SQL server

Service Pack 3 for Exchange 2010

So I only recently got around to installing SP3 for Exchange 2010 (I’ve been on holiday for a few weeks and what not) and thought I’d share my experience around the experience!

Now you may or may not know this service pack updates the Active Directory Scheme which basically means when you install this update you must be a Schema or Enterprise Admin to run the installation!!

Now if like me your Exchange Server sits on a completely separate domain to your Root Active Directory servers you’ll need to do a little planning.

For example I have a domain, let’s call it BohemianGrove.co.uk and a sub domain called Corp.BohemianGrove.co.uk.  BohemianGrove.co.uk is where my root Active Directory Domain Controllers are installed which means that’s where the Schema settings are stored for Exchange, these settings then filter down to sub domains which in my case is where my Exchange servers are installed i.e Corp.BohemianGrove.co.uk.

All this means in regards to this update is I’ll need to run Setup.com /prepareAD from BohemianGrove.co.uk as an Enterprise Admin before I run the update from the actual Exchange servers.

So from the above you can see that all went very smoothly luckily for me (I won’t write about how I tried to run the SP2 update two or three times which produced soooo many errors)!  From here I waited 20 mins for the Schema update to replicate down, although you can force a update via Active Directory Sites and Services.

Next came the update for the servers but please note, install the update on the roles in this order:

Client Access servers,

Hub Transport (My HT and CAS roles are on the same server),

Edge Transport servers,

Mailbox servers,

Unified Messaging servers (I don’t have any, does anyone?),

Before I start talking about the install I should mention that you should only install the update on nodes or DAG servers that arnt active i.e. you need to fail an active server to a passive server and run the update, then fail back.  Here’s a very quick how to do this:

CAS/Hub Transport –

–  Stop the active node in the cluster via Network Load Balancing Manager by right clicking a node and click Clicking Control Host then Stop (or DrainStop if your worried users are connected still),

– In Network Load Balancing Manager right click the same node and choose properties and set the Default state to STOPPED, this will stop the node auto joining the cluser when once it reboots,

– Finally run the update, reboot the server and re-start the Default state.

– Do the above to the next node.

Mailbox Server  with a DAG –

–  Find the active database plus where the PAM role is and make a note:

get-databaseavailabilitygroup -identity DAG1 -status | fl name,primaryActiveManager

–          Check the cluster group:

Cluster group

–          The above is just an initial check to ensure that the environment is in a situation where it is ready for manual failover.  The next set of instructions will fail the DB over to the passive server, prevent DB automounts, and reconfigure the cluster.

–          Run DAG Maintenance script (run from C:\Program Files\Microsoft\Exchange Server\V14\Scripts):

.\StartDagServerMaintenance.ps1 -servername SERVERMB01 –overrideMinimumTwoCopies

(please note overrideMinimumTwoCopies, this is because I only have two servers in my DAG).

–          This fails the active DB over to MB02. A quick check of the Management Console will show this is correct.

–          Rerunning the PAM holder and Cluster owner commands will show the second server as the master,

–          You can now conduct your tasks on this server with no Exchange downtime,

–          Once your tasks are complete, it’s time to fail the services back,

–          From Exchange Powershell, run; (From C:\Program Files\Microsoft\Exchange Server\V14\Scripts)

.\StopDagServerMaintenance.ps1 -servername SERVERMB01

–          There is no output from this script as it simply allows us to now make changes. Fail databases back

.\RedistributeActiveDatabases.ps1 -DagName DAG1 –BalanceDbsByActivationPreference

–          Switch Cluster Master cluster group

"cluster group" /move

–          Finally run both the PAM and Cluster query commands to ensure both roles are back with the active server,

So run the install:

The install will check if you’ve updated the schema and if your servers, click Upgrade and the install will start, be warned it can take a while to install, mine took about 30 mins which seemed to be mostly the language pack:

Fortunately for me the install went smoothly on all my servers but just be careful to only run the update on servers that are not active.  Also note that once you update a server with a database on you cant fail that database to a none updated server.

Finally make sure you run Exchange 2010 SP3 Rollup 3 as this will fix a heap of issues with Exchange 2010 SP3.