|
Gyshall posted:Like I said, I work for idiots who refuse to change this workflow at all. Not my call. I'm open to suggestions of how to do this or similar software that I can use to do this as well. Booze, lots of booze. Hell even a mail enabled sharepoint list would be better than a single shared mailbox. Jesus Christ.
|
#
?
Jan 12, 2012 20:56
|
|
|
|
| # ? Apr 25, 2024 21:04 |
|
|
Linux Nazi posted:Exchange 2007 / 2010? Sadly, Exchange 2003. We'll upgrade sometime this year, I hear.
|
|
#
?
Jan 13, 2012 17:14
|
|
|
Windows Server 2003 SBS is the OS in question here. For the most part it has worked just fine. I'm technically the Exchange admin insofar as I know how to set up a new user and do some GPO stuff. Other than that I almost never have to log into the machine at all. Twice in the last week Exchange has "forgotten" the CALs that were installed. The first time it happened the C: drive had filled up and I chalked it up to that. Last night it happened again and there is plenty of drive space. Nothing is in the logs except alerts that we are approaching our CAL limit and then alerts that there is no license available for X user. There is no AV on the machine (that was the reason given on a site I found with the same problem) and MS's solution is to reinstall the licenses (thanks, I would never have guessed that) Does anybody know why this is happening? If I have to come into work again with people jumping me as I walk in the door all "bloo, bloo I can't get ooooon, I can't get my email!" I'm going to go Columbine in here.
|
|
#
?
Jan 18, 2012 16:03
|
|
|
Exchange 2003 gievs no fuks about CALs. You never actually install licensing for it. Sounds to be like the problem you are running into is a common problem with SBS 2003 and the licstr.cpa file. I bet if you simply google "licstr.cpa" you will see a slew of posts about problems just like your own. It's very common. The correction I normally take (you know, besides ridding yourself of SBS 2003) is to re-install your licensing, and then use the SBS server manager utility to perform a backup of the licensing. Sometimes I have to perform a restore soon after the correction, but it would normally stop after that. It's been forever ago since I had to dick with SBS 2003, but I remember there being a few KB articles about dealing with this specific problem. SBS 2003 is trash. Maybe point out the whole "tyool 2012" thing to the decision makers and put a bug up their rear end to upgrade. Newer versions of SBS are also trash and should be avoided.
|
|
#
?
Jan 18, 2012 19:03
|
|
|
Linux Nazi posted:Exchange 2003 gievs no fuks about CALs. You never actually install licensing for it. Well, thanks for setting me right on what to look for. Unfortunately the only reason I found this might happen is low drive space, doesn't account for last night though. And there doesn't seem to be a solution other than restore from backup, re-install or dick around with the auto backup Exchange makes. I just restored from backup which takes a second, but still blows as a solution. Yeah, SBS does suck, but in all honesty it's worked pretty flawlessly with minimal interaction for it's entire lifetime.
|
|
#
?
Jan 18, 2012 20:01
|
|
|
I need some enlightenment on Information Stores. More specifically: What are the advantages, disadvantages, or limitations when it comes to having one information store, or a few smaller ones? (Exch 2010) The IT company I work for has starting a hosted exchange service for some smaller companies we support. I am not the one who set it up or even manages it... I was just curious. As far as I can tell it's currently configured with almost all default settings. Is dumping all the mailboxes into "First Storage Group" acceptable in this situation? It's very unlikely there will be more than 250 mailboxes stored on this server. It just seems weird putting all these different companies mailboxes into the same store.
|
|
#
?
Jan 19, 2012 03:37
|
|
|
It's a little sloppy, but it really isn't anything to move mailboxes to a new database if you start experiencing performance issues with the current one. The "limit" is 2TB, but I never allow any of mine to grow past the 400GB mark. Mostly I would want to make sure that you have proper limits defined, that the database is redundant, that the storage that houses the database is properly configured. Things of that nature.
|
|
#
?
Jan 19, 2012 15:33
|
|
|
The big benefit to creating different information stores is being able to do things like
If it's likely you'll treat every company exactly the same, you could get away with putting them all in the same store.
|
|
#
?
Jan 19, 2012 15:48
|
|
|
Ugh. Our company's Security officer has decided that for PCI compliance, we need to encrypt at least one of our Exchange 2007 databases before our upcoming audit. I'm running a clustered environment with shared (SAN) storage so the easy answer of "Bitlocker" is not an option. Also, our SAN group is part of a different business unit so they aren't going to lift a finger to help implement encryption on their end, so I'm limited to working from the Exchange servers themselves. Ultimately this breaks down to at least two questions: 1. Any Exchange admins been through a PCI audit? Will an auditor really want to see that the database is encrypted? Seems like a lot of effort to secure the one part of the email system that isn't that vulnerable to begin with. 2. Any Exchange admins encrypting your databases? How are you doing it? Has there been any negative impact? 3. Oh god it's been so stable and uptime has been phenomenal and all the users are happy and I never get paged in the middle of the night please don't make me gently caress with it.
|
|
#
?
Jan 19, 2012 21:03
|
|
|
Actually, I recommend keeping your 2010 stores/databases as large as possible. Every new store you introduce also introduces another maintenance thread, which consumes IOPS constantly throughout the day. I read a great article from NetApp about their SAN testing with Exchange 2010. They had to host something like 20 TB of mail and get a certain level of performance/latency out of it to be certified by Microsoft. When they were using all 500 GB databases (so 40 in total), they couldn't meet Microsoft's requirements for latency, because of all of the maintenance threads consuming IOPS. When they consolidated databases and shrunk down to 10 databases of 2 TB each, they passed the test with flying colors. Exchange 2010 is designed to constantly utilize your disks for maintenance rather than trying to cram a LOT of IOPS into a maintenance window. Every database you add means that another maintenance thread starts as well.
|
|
#
?
Jan 19, 2012 23:16
|
|
|
Thanks everyone for the feedback on the Information Stores. Lots of good details to research! For the amount of usage this server will be getting it seems like one is more than enough. It will also simplify the backup process and won't eat up too much system resources.
|
|
#
?
Jan 20, 2012 02:17
|
|
|
Is there any way I can modify the login page of OWA so users don't have to type "DOMAIN\" before their username? I tell them over and over again and they just cant be hosed to remember. I'm sick of getting emails about it, and we only have one domain.
|
|
#
?
Jan 24, 2012 15:54
|
|
|
LmaoTheKid posted:Is there any way I can modify the login page of OWA so users don't have to type "DOMAIN\" before their username? I tell them over and over again and they just cant be hosed to remember. I'm sick of getting emails about it, and we only have one domain. Set-OwaVirtualDirectory -identity "owa (Default Web Site)" -DefaultDomain bigdongs.local With a little planning, a more graceful solution for the whole user and domain problem is to add a UPN suffix for their mail domain, and set that suffix as the user's login suffix. So if your mail domain is bigdongs.com, add that as a domain suffix and then set all of your mail users to use it. Then they can use their e-mail address to log into webmail, their workstation, smartphones etc. You can add a suffix at any time, but the planning comes in the form of matching up their login credentials with what their e-mail prefix is. So if users login as bsmith, but their e-mail address is bob.smith@bigdongs.com, then simply adding the suffix won't work at that point, a little more retro work is involved, but easily scripted.
|
|
#
?
Jan 24, 2012 16:30
|
|
|
Linux Nazi posted:Set-OwaVirtualDirectory -identity "owa (Default Web Site)" -DefaultDomain bigdongs.local Thanks for the info, I'm going to go with the first option but ill look into UPN suffixes. The previous admin set up the domain as "domain.com" and we have a few users with separate domain names for their email, bu tthey still log into the same domain. So I have no clue how that applies to UPN. Off to readin' I go!
|
|
#
?
Jan 24, 2012 16:45
|
|
|
LmaoTheKid posted:Thanks for the info, I'm going to go with the first option but ill look into UPN suffixes. The previous admin set up the domain as "domain.com" and we have a few users with separate domain names for their email, bu tthey still log into the same domain. So I have no clue how that applies to UPN. Off to readin' I go! If your internal domain and mail domain are the same, then you don't need to add a UPN suffix. The internal domain is the default suffix. In your case, if your e-mail addresses match your login name, then users can already just use their e-mail address to sign into things. So if you have a user named bob smith and his login name is bsmith, and his e-mail address is bsmith@domain.com, then he can be told to just log into OWA with his email address without any changes. For people with other mail domains, you can pipe a simply query to identify those users, something like: code:
|
|
#
?
Jan 24, 2012 17:01
|
|
|
Is there a way to allow one account to send as several other valid exchange address without having to edit each one? Background: We have an application that's designed to email out via SMTP using one centralized account, but needs to display the email of the user who initiated the email. The user list is fairly fluid, so I don't want to have to do manual send-as permissions each time a new user is added.
|
|
#
?
Jan 26, 2012 17:13
|
|
|
Not really an exchange guy, but if it is sending via good old fashioned SMTP the program can set the mail from and return path stuff itself so you shouldn't need any exchange permissions.
|
|
#
?
Jan 26, 2012 17:40
|
|
|
Looks like you're right! Our non-exchange SMTP server we were using actually only allows you to set mail from using the authenticated account (unless explicitly disabled). I assumed 2010 might actually do that as well, but it look like it doesn't.
|
|
#
?
Jan 26, 2012 18:36
|
|
|
I'm getting ready to plan out an Exchange 2003 to 2010 upgrade and I've got a question about address books. Back in Exchange 5.5 we used to be able to create custom address books based on attribute filters and then deny permissions to view the default address book, causing the custom address book to be the default. In Exchange 2003, doing this caused Outlook clients to have all kinds of issues. Escalating to Microsoft was fruitless so for the past 7 years I've had a ton of people who can see each other in the GAL that definitely shouldn't be able to. Does Exchange 2010 have the ability to hide the default address book and assign custom books as default without blowing up the client? If so, can someone point me in the right direction to research? Thanks.
|
|
#
?
Jan 26, 2012 22:18
|
|
|
Spamtron7000 posted:I'm getting ready to plan out an Exchange 2003 to 2010 upgrade and I've got a question about address books. Back in Exchange 5.5 we used to be able to create custom address books based on attribute filters and then deny permissions to view the default address book, causing the custom address book to be the default. In Exchange 2003, doing this caused Outlook clients to have all kinds of issues. Escalating to Microsoft was fruitless so for the past 7 years I've had a ton of people who can see each other in the GAL that definitely shouldn't be able to. What a strange question. I don't think you can outright rid yourself of the default GAL, but you could certainly adjust the RecipientFilter properties so nothing is populated, it would just remain empty. e: Actually yeah, you can create multiple GALs, and define them however you like. There's a flag for "IsDefaultGlobalAddressList" you set for True on whichever list populates to your liking. Blame Pyrrhus fucked around with this message at 22:54 on Jan 26, 2012 |
|
#
?
Jan 26, 2012 22:50
|
|
|
Linux Nazi posted:What a strange question. Thanks. That sounds great. I can see how it sounds like a strange question so I'll describe my requirements. We run a hosted Exchange environment for many different small companies who are affiliated with the parent company (my company) but not affiliated with one another. We have an SPLA agreement with Microsoft to support this. I really hate that the members of the small companies can see each other - in fact sometimes it's bad for business because they like to get together and bash us behind our backs 
|
|
#
?
Jan 26, 2012 23:44
|
|
|
Spamtron7000 posted:Thanks. That sounds great. I can see how it sounds like a strange question so I'll describe my requirements. We run a hosted Exchange environment for many different small companies who are affiliated with the parent company (my company) but not affiliated with one another. We have an SPLA agreement with Microsoft to support this. I really hate that the members of the small companies can see each other - in fact sometimes it's bad for business because they like to get together and bash us behind our backs Actually, GAL separation is in Exch2010 SP2. http://blogs.technet.com/b/exchange/archive/2011/01/27/3411882.aspx http://blogs.technet.com/b/manjubn/archive/2012/01/05/exchange-2010-sp2-addressbook-policies-best-practices.aspx
|
|
#
?
Jan 27, 2012 00:36
|
|
|
What load balancers do those of you with Exchange 2010 use? Right now we have a single server with combined HT/CAS/MB roles and I want to add a second identical server and go to a DAG. We have VMware so I'd sooner go with one virtual appliance load balancer than a single physical apppliance. Kemp and loadbalancer.org seem to be coming out on top so far - loadbalancer.org slightly more so because they seem cheaper and quite clearly document how to set it up with Exchange 2010.
|
|
#
?
Jan 29, 2012 20:54
|
|
|
I'm confused as to why you would spend >$1500 on a load balancer when you can do DAG right in Exchange?
|
|
#
?
Jan 29, 2012 21:07
|
|
|
Nitr0 posted:I'm confused as to why you would spend >$1500 on a load balancer when you can do DAG right in Exchange? Because you can't use Windows NWLB needed for a CAS array on a server that has the Microsoft Clustering Services needed to do a DAG, and I don't want two additional servers just to load balance the CAS array.
|
|
#
?
Jan 29, 2012 21:51
|
|
|
Bitch Stewie posted:Because you can't use Windows NWLB needed for a CAS array on a server that has the Microsoft Clustering Services needed to do a DAG, and I don't want two additional servers just to load balance the CAS array. Keep in mind that the NLB really doesn't have anything to do with the CAS array, the CAS array is strictly defined for MAPI connectivity, and is built out separately. CAS array members are advertised as available for RPC connections, and the client connects to whichever one is available. The FQDN doesn't even have to match what you designate for the NLB. If you use a hardware balancer you are likely going to have to configure static ports for the RPC CA services. For exchange purposes, NLB really only addresses HTTP(S) and SMTP connections. (to elaborate, if you have MAPI connections also coming in a hardware balancer, you will need to configure static ports for the RPC connections so that the balancer can make sense of it, by default the MAPI services will select a random port to use, and this normally works because of how the CAS array functions. That is: not like a NLB cluster, but a client determined direct connection among the available CAS array members.) How I do it, is I normally run 2 NLB member CAS/HT VMs in front of my DAG member servers. The VMs don't need to have much in the way of resources, and configuration really doesn't take anything. Microsoft NLB clustering works perfectly fine for both HT and CAS fail-over / balancing, with no extra configuration required. The VMs I end up building barely require managing, since they are essentially utility boxes. poo poo, I could probably restore them from a 6 month old backup. Blame Pyrrhus fucked around with this message at 01:11 on Jan 30, 2012 |
|
#
?
Jan 29, 2012 23:37
|
|
|
Be careful with doing a clustered CAS/HT front-end server if you're still running Outlook 2003, I ran into an issue with it that required Outlook 2003 SP3 which wasn't compatible with some business apps and so we had to kill the cluster.
|
|
#
?
Jan 30, 2012 07:54
|
|
|
Linux Nazi posted:How I do it, is I normally run 2 NLB member CAS/HT VMs in front of my DAG member servers. The VMs don't need to have much in the way of resources, and configuration really doesn't take anything. It's just a box + license count thing though, purely IMO. If I can have a single load balancer virtual appliance fronting a pair of combined HT/CAS/MBX servers that seems an acceptable and reasonably simple approach. I'd be interested to know of any gotchas though? The documentation for loadbalancer.org does state that you have to tie the RPC endpoint to a static port - what it doesn't explain is if there is any downside in doing this.
|
|
#
?
Jan 30, 2012 16:38
|
|
|
Bitch Stewie posted:It's just a box + license count thing though, purely IMO. IIRC there's a problem with public folder connections and static RPC ports, but if you are moving to a DAG you can no longer utilize public folders anyways. This is also why you do not have to worry about Outlook 2003, it requires public folders to operate, and public folders cannot be made highly available, or be included in a DAG. So you will be removing any Outlook 2003 clients prior to building it out. Honestly the way you are going about it is actually less simple, building out 2 VMs and installing Exchange with the required roles would take maybe 5 hours total, and can be accomplished in a production environment with no impact until you've got everything configured and are ready to make the cut-over. It certainly won't cost as much as a hardware balancer. Remember, you get (with some restrictions) 4 VM installs per Server 2008 Enterprise license. So you may have some licenses available for the guest VMs already.
|
|
#
?
Jan 30, 2012 23:56
|
|
|
Linux Nazi posted:IIRC there's a problem with public folder connections and static RPC ports, but if you are moving to a DAG you can no longer utilize public folders anyways. This is also why you do not have to worry about Outlook 2003, it requires public folders to operate, and public folders cannot be made highly available, or be included in a DAG. So you will be removing any Outlook 2003 clients prior to building it out. You can have Public Folders and have a DAG, your PFs just won't fail over (which may or may not be acceptable).
|
|
#
?
Jan 31, 2012 01:02
|
|
|
madsushi posted:You can have Public Folders and have a DAG, your PFs just won't fail over (which may or may not be acceptable). Well yeah, I just never would consider a configuration with it as highly available. Basically it's tyool 2012, rid yourself of Outlook 2003 and all public folders at the earliest opportunity.
|
|
#
?
Jan 31, 2012 02:24
|
|
|
The Public Folder point is something I'd appreciate any info on. I know you can't DAG Public Folders like a mailbox database but you just have replicas for that AIUI don't you? As much as I'm not trying to be a cock and disregard good advice, I really just don't want two servers to front a CAS array - sorry but I think that's just one of the retarded things Microsoft did with Exchange 2010 - doubtless it works but 4 servers, just.. no
|
|
#
?
Jan 31, 2012 19:04
|
|
|
Bitch Stewie posted:The Public Folder point is something I'd appreciate any info on. I know you can't DAG Public Folders like a mailbox database but you just have replicas for that AIUI don't you? Outlook 2003 works with MAPI CAS arrays, but when you are planning high availability in Exchange 2010 you phase out Outlook 2003 in preparation for the clustered DAG. In 2010, your mailbox database is a singular database lives on multiple DAG member servers, so let's say that mailbox database is named "MailDB01" and lives on 2 DAG member mailbox servers, "EXMB01" and "EXMB02". Now let's say you have a Public folder database, which is required for Outlook 2003. That database is named "PubDB01" and since it cannot be included in a DAG, it simply lives by itself on "EXMB01". You realize you need to make this data redundant, so you replicate the public folders to a new public folder database on "EXMB02" named "PubDB02". But... you need to assign a single public folder database to the single mailbox database. Which one do you assign? It can't be both. If you assign PubDB01 to the mailbox database, and then the server housing it dies, it cuts off Outlook 2003 users. You cannot assign PubDB01 to a copy of the mailbox database on EXMB01 and then PubDB02 to the copy that resides on EXMB02. quote:As much as I'm not trying to be a cock and disregard good advice, I really just don't want two servers to front a CAS array - sorry but I think that's just one of the retarded things Microsoft did with Exchange 2010 - doubtless it works but 4 servers, just.. no When you start dealing with scalability and availability, you really need to stop thinking in terms of "number of servers". "4 servers" for a basic fault tolerant exchange environment is nothing. If you are looking to avoid management headaches, it's going to be a lot easier to wrap your head around than 2 servers and an ill-fitting load balancing scheme. I mean I just don't see the difference in 1 VM with mailbox, ht, and cas roles installed, vs 2 VMs with 1 mailbox role holder and 1 ht / cas role holder.
|
|
#
?
Jan 31, 2012 19:35
|
|
|
Thanks, that makes a little more sense. Outlook 2003 is a non-issue as we have about 3 Outlook 2003 machines left in the business, and in the event of an outage that takes out a server, they're irrelevant basically. If I did want to do this using Windows VM's what exactly would I need? We use Datacenter on our VM's so Windows licensing isn't an issue, additional copies of Exchange is, though that is offset against not needing a LB. I need to understand more of the reasons not to go the loadbalancer route as however irrational, I do have an aversion to adding Windows boxes (we already suffer from VM sprawl as it's so loving easy to stand up "just one more").
|
|
#
?
Jan 31, 2012 20:55
|
|
|
Bitch Stewie posted:Thanks, that makes a little more sense. Outlook 2003 is a non-issue as we have about 3 Outlook 2003 machines left in the business, and in the event of an outage that takes out a server, they're irrelevant basically. As it was explained to me by our Synnex guy, you need 1 exchange server license per role per instance of exchange per site. So 1 license will cover 1 HT, 1 CAS, and 1 mailbox role. If you split this between 2 VMs, one with a mailbox role, and one with a HT and CAS role, this is covered with 1 license if they are all within the same AD site. The mailbox role for the DAG is just configured as a usual cluster configuration, a front-end and back-end network. Set aside the IP you are going to use for the DAG, and make sure DNS is populated with all of the correct information blah blah blah. For the HT/CAS machines, I generally install a thin VM with 2 interfaces each. 1 for general utilization and 1 for the NLB membership. Typically these systems don't have anything larger than a 30GB HDD defined, and like I said, they are pretty static. If you are using Hyper-V you need to make sure that MAC spoofing is enabled on the VM's NLB NICs. If you are using VMWare you don't have to make any special considerations. Typically you just build a new NLB cluster using the NLB manager, and then build out the CAS array. Define all of the URLs appropriately (using the FQDN you assign to the NLB cluster) There's nothing you need to do to tie the mailbox servers in with the CAS or HT VMs, it's all AD integrated. When you are ready to cut over you will want to populate the send connectors appropriately. Issue a SSL cert with all of the correct SAN information to either of the CAS servers, does not matter which. Once it's configured just export that cert and import it into the other CAS server. When you configure the DAG it will automatically select a HT system as a quorum. You can add the other as a secondary quorum if you like.
|
|
#
?
Jan 31, 2012 22:41
|
|
|
Also I wouldn't worry about "VM sprawl", just make sure everything is clearly identifiable and monitored. You need what you need, it can't be helped.
|
|
#
?
Jan 31, 2012 22:43
|
|
|
Linux Nazi posted:As it was explained to me by our Synnex guy, you need 1 exchange server license per role per instance of exchange per site. So 1 license will cover 1 HT, 1 CAS, and 1 mailbox role. If you split this between 2 VMs, one with a mailbox role, and one with a HT and CAS role, this is covered with 1 license if they are all within the same AD site. This is not correct. You need a separate Exchange license for each installation of Exchange server, regardless of which roles you are using on each server. If you have 4 VMs with each hosting a different role, you still need 4 Exchange licenses.
|
|
#
?
Feb 1, 2012 01:16
|
|
|
Linux Nazi posted:As it was explained to me by our Synnex guy, you need 1 exchange server license per role per instance of exchange per site. So 1 license will cover 1 HT, 1 CAS, and 1 mailbox role. If you split this between 2 VMs, one with a mailbox role, and one with a HT and CAS role, this is covered with 1 license if they are all within the same AD site. I'm 99% sure your guy is wrong on that one and that it's 1 license per box regardless of 1 role or all roles. That's why there's obviously a financial as well as an administrative implication of bringing up another pair of boxes.
|
|
#
?
Feb 1, 2012 09:08
|
|
|
What are peoples thoughts on multi-tenant panels for Exchange 2010, such as Machpanel? How are you handling your multi-tenant infrastructure now that /hosting has been deprecated?
|
|
#
?
Feb 2, 2012 02:48
|
|
|
|
| # ? Apr 25, 2024 21:04 |
|
|
Our clients with Office 2007 are Small Business edition (we don't use Access), and the few Office 2010 installations are Standard edition for the same reason. We're on Exchange 2007 at the moment and I'm trying to figure out what licenses I would need to use the personal archive feature of Exchange 2010, because gently caress PSTs. It seems that I need to upgrade everyone to Office 2010 Professional Plus in order to have it work, is that right? Also, we need both Std and Ent CALs for Exchange 2010.
|
|
#
?
Feb 2, 2012 16:48
|
|
