Presentation is loading. Please wait.

Presentation is loading. Please wait.

MEC 2014 4/5/2017 7:36 PM © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks.

Similar presentations


Presentation on theme: "MEC 2014 4/5/2017 7:36 PM © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks."— Presentation transcript:

1 MEC 2014 4/5/2017 7:36 PM © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

2 Ready, set, deploy! Exchange Server 2013
4/5/2017 7:36 PM DMI313 Ready, set, deploy! Exchange Server 2013 Brian Day Sr. Program Manager Microsoft © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

3 Preamble… … err not quite.
Tech Ready 15 4/5/2017 Preamble… We the Admins of Contoso, in Order to form more perfect Collaboration, maintain Support, insure internal Compliance, provide for the common End User, promote the general Welfare, and secure the Blessings of Perry to ourselves and our Posterity, do ordain and establish this deployment project for Exchange Server. … err not quite. © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

4 Session Goals Not to walk you through a deployment step-by-step.
Tech Ready 15 4/5/2017 Session Goals Not to walk you through a deployment step-by-step. Visit some of the different stages of a deployment and avoid speed bumps. Help you build a list of relevant sessions over the next few days. © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

5 What phases will I journey through?
Tech Ready 15 4/5/2017 What phases will I journey through? Envision: Establish a project vision, define & analyze requirements, and develop a solution architecture & high level design Plan: Develop the detailed design and create the functional specification Build: Test environment build, validation of solution, develop the detailed build guide. Stabilize: Production pilot to remediate any issues and establish approved processes before full deployment. Deploy: Complete the overall deployment and transition to day to day operations. © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

6 Non-Internet facing site
Upgrading to Exchange Server 2013 From an existing Exchange Server 2010 environment autodiscover.contoso.com mail.contoso.com Intranet site E2010 Servers E2010 HUB E2010 CAS E2010 MBX Internet facing site Non-Internet facing site

7 Non-Internet facing site
Upgrading to Exchange Server 2013 From an existing Exchange Server 2010 environment autodiscover.contoso.com mail.contoso.com Intranet site E2010 Servers E2013 CAS E2013 CAS E2010 HUB E2010 CAS E2013 MBX E2013 MBX E2010 MBX Internet facing site Non-Internet facing site

8 Exchange Design Concepts and Best Practices
Speaker: Boris Lokhvitsky Date: Wednesday, April 2 Time: 10:15 AM - 11:30 AM Room: L4: Ballroom G Session Type: Interactive Session Code: ARC.IN.302

9 Before the main event 4/5/2017 7:36 PM
© 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

10 What goodies should we collect?
Don’t mount that horse just yet, cowboy! Have you gathered your tools yet? Exchange Server Deployment Assistant Exchange Best Practices Analyzer Remote Connectivity Analyzer (aka ExRCA) Where does he get such wonderful toys? –Joker

11 Exchange Server Deployment Assistant
Future Scenarios Multi-forest Current Exchange 2013 & Cloud Scenarios On-premises deployments New installation of Exchange Server 2013 Upgrade from Exchange 2007 or 2010 to Exchange 2013 Upgrade from mixed Exchange 2007 and Exchange 2010 to Exchange 2013 Hybrid deployments (On-premises + Office 365) Exchange 2013 on-premises with Exchange Online Cloud-only Scenarios Exchange Cut-over Exchange Staged Exchange IMAP Third-party IMAP Access it here:

12 Demo Exchange Server Deployment Assistant 4/5/2017 7:36 PM
© 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

13 Exchange Best Practices Analyzer
Session Best Practices Analyzer - Next Generation Speaker: Mark Heneen Date: Tuesday, April 1 Time: 1:30 PM - 2:45 PM Room: MR 11a Session Type: Interactive Session Code: MNG.IN.201

14 Remote Connectivity Analyzer
Start healthy! Are we even working today? Autodiscover ActiveSync Exchange Web Services Outlook Anywhere Inbound/Outbound SMTP POP/IMAP Download the MSI to run locally! Run it here:

15 What other toys are there?
Also touching on: MessageStats.ps1 GetLogFileUsage.ps1 Processor Query Tool Server Profile Analyzer (For Exchange 2007 migrations only) Exchange 2013 Server Role Requirements Calculator Session Session Plan it the right way - Tame the beast - Exchange Server 2013 sizing scenarios Exchange server calculator tips and tricks Wizard: Jeff Mealiffe Speaker: Brian Day Date: Wednesday, April 2 Time: 1:00 PM - 2:15 PM Room: MR 11a Session Type: Interactive Session Code: ARC.IN.305 Date: Tuesday, April 1 Time: 1:30 PM - 2:45 PM Room: Ballroom E Session Type: Breakout Session Code: ARC.308

16 You have more? Session Session LoadGen JetStress
Jetstress Notes From the Field How to uncover the secrets of Disk Latency Speaker: Neil Johnson Speaker: Alessandro Goncalves Date: Tuesday, April 1 Time: 3:00 PM - 4:15 PM Room: MR 19ab Session Type: Breakout Session Code: DMI.314 Date: Wednesday, April 2 Time: 4:45 PM – 6:00 PM Room: MR 19ab Session Type: Breakout Session Code: MNG.302

17 Seriously. I can’t handle this much fun.
Client network connectivity bandwidth calculator v2 Session Exchange Client Network Bandwidth calculator v2 Neither can he! Speaker: Neil Johnson Date: Wednesday, April 2 Time: 2:45 PM – 4:00 PM Room: MR 19ab Session Type: Breakout Session Code: DMI.303

18 Which way to the starting line?
4/5/2017 7:36 PM Which way to the starting line? © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

19 Preparing for Exchange Server 2013
Active Directory Minimum Requirements At least one Windows Server 2003 SP2 or higher* Global Catalog in each AD site with Exchange installed *Use of Windows Server 2012 R2 requires a supported Exchange version At least one writable Domain Controller in each AD site with Exchange Servers installed AD Forest Functional Level must be Windows Server 2003 or higher For the latest information see:

20 Preparing for Exchange Server 2013
Operating Systems Prerequisites for Exchange Installs Windows Server 2008 R2 SP1 64-bit Standard or Enterprise editions Standard edition ok for CAS-only & non-DAG MBX Enterprise edition necessary for DAG joined MBX Windows Server 2012 or 2012 R2 64-bit Standard or Datacenter editions 2012 R2 is only supported with 2013 Service Pack 1 or later .NET framework 4.5 (4.5.1 strongly recommended, may even be come a requirement) Windows Management Framework 3.0 Unified Communications Managed API (UCMA) 4.0 Other expected OS roles/features (IIS etc…)

21 Preparing for Exchange Server 2013
Recent Windows Server 2012 R2 Support Updates 2013 SP1 or later 2013 CU3 or earlier 2010 SP3 RU5 or later 2007 SP3 RU13 Install on 2012 R2 2012 R2 DCs and a 2012 or lower DFL/FFL 2012 R2 DCs and a 2012 R2 DFL/FFL

22 Preparing for Exchange Server 2013
Outlook Recommendations Office 365 ProPlus – Current bits Outlook – SP1 & latest public update recommended Outlook – SP2 & latest public update recommended Outlook – SP3 & latest public update recommended Outlook – Not supported WebDAV based clients must be upgraded to Exchange Web Services compatible versions: Outlook for Mac 2011 or Entourage 2008 for Mac Web Services Edition Browser recommendations (not minimums) Internet Explorer: IE11 or IE10 Firefox: Latest or N-1 Chrome: Latest or N-1 Safari: Latest or N-1

23 Exchange Server 2010 SP2 Exchange Server 2003
Support Expires April 8th 2014 Upgrade to Service Pack 3 Extended Support Expires April 8th 2014 Exchange 2013 cannot coexist with 2003

24 Preparing for Exchange Server 2013
Ready the existing Exchange organization Patch existing Exchange servers to… Exchange 2010 SP3 RU5 or later recommended Exchange 2007 SP3 RU13 or later recommended This includes Edge Transport servers Extend the AD schema for Exchange Server 2013 setup /PrepareSchema Prepare the Exchange organization and local domain for Exchange Server 2013 setup /PrepareAD Prepare any remaining domains that will have mail enabled objects, Exchange servers, or Global Catalog servers Exchange will utilize Local domain setup /PrepareDomain Remote domains one at a time setup /PrepareDomain:FQDN.of.domain Or do them all at once setup /PrepareAllDomains

25 Preparing for Exchange Server 2013
An OAB modification before installing the first Exchange 2013 servers. Exchange 2013 creates a new default OAB for the org. Avoid clients downloading the new default OAB by specifying the existing OAB on all legacy DBs prior to installing Exchange 2013 [PS] C:\>Get-OfflineAddressBook | FT Name,IsDefault,ExchangeVersion -AutoSize Name ---- Default Offline Address Book Default Offline Address Book (Ex2013) True 0.20 ( ) False 0.1 ( ) IsDefault Exchange Version [PS] C:\Windows\system32>Get-MailboxDatabase | FT NAME, *offline*,exchangeversion -AutoSize Name ---- Mailbox Database 0.10 ( ) Exchange Version OfflineAddressBook \Default Offline Address Book

26 Deploying the first servers
4/5/2017 7:36 PM Deploying the first servers © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

27 Exchange Server 2013 SP1 Setup
Install both MBX and CAS Servers CAS is auth/proxy only MBX executes the PowerShell commands Use the latest CU package No more SP then RU install Exchange 2013 Setup GUI or command line Updated to reflect Exchange 2013 roles Command line parameters New required parameter for license terms acceptance After the Fact You cannot remove individual roles in Exchange 2013 Setup.exe /mode:install /roles:c,m,mt /IAcceptExchangeServerLicenseTerms

28 Exchange Server 2013 Setup What causes the dreaded certificate prompt?
What may show up after setup completes if you are not careful? Any guesses? What causes the dreaded certificate prompt? Outlook making HTTP calls Outlook Anywhere MAPI/HTTP Autodiscover queries EWS calls OAB Downloads From King of migrations! Roooooar… To Jester of service desk calls.

29 Exchange Server 2013 Setup How do I prevent certificate pop-ups? Proper site & subnet definitions in Active Directory Install CAS to a deployment AD site first and then move it Proper AutodiscoverSiteScope and AutodiscoverServiceInternalUri values Minimize the time virtual directories are at defaults [PS] C:\>Get-ClientAccessServer | Sort-Object WhenCreated | FT Identity,WhenCreated,*SiteScope,*uri -AutoSize Identity WhenCreated CON-E2K7-001 CON-E2K10-001 CON-E2K13-001 CON-E2K13-101 CON-E2K13-102 CON-E2K13-002 AutoDiscoverSiteScope AutodiscoverServiceInternalUri 1/7/2014 1:21:15 PM {Boston} https://bos.mail.corp.contoso.com/Autodiscover/Autodiscover.xml 1/8/2014 5:27:49 PM {Boston} https://bos.mail.corp.contoso.com/Autodiscover/Autodiscover.xml 1/16/2014 3:21:32 PM {Boston} https://bos.mail.corp.contoso.com/Autodiscover/Autodiscover.xml 1/16/2014 8:41:46 PM {Seattle} https://autodiscover.corp.contoso.com/Autodiscover/Autodiscover.xml 1/16/2014 9:22:43 PM {Seattle} https://autodiscover.corp.contoso.com/Autodiscover/Autodiscover.xml 1/17/ :21:35 AM {Boston} https://bos.mail.corp.contoso.com/Autodiscover/Autodiscover.xml

30 Exchange Server 2013 Setup What other unexpected thing may happen after setup completes if you are not careful? Ooohhhh lookie some new 2013 boxes! More options!  Cross-site mail flow… so many paths… so many options. E2010 HUB E2010 HUB E2010 MBX E2010 MBX E2010 HUB E2010 HUB E2013 CAS E2013 MBX Boston AD Site Austin AD Site

31 4/5/2017 7:36 PM Certificates © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

32 Certificates End to end certificate wizard in the Exchange Administration Center (EAC) Export and import with private key to all other CAS right from the UI Assign services right from the UI EAC notifications when a certificate is about to expire First notification will be shown 30 days prior to expiration Subsequent notifications will be provided every 24 hours

33 Certificates - Best Practices
Minimize the number of certificates A unified namespace means the same cert should be used on all CAS in the site resilient datacenter pair Use a “Subject Alternative Name” (SAN) certificate Minimize number of hostnames Use “Split DNS” for Exchange hostnames if using the same auth type inside and out This is not a requirement, some customers may have unique environments where different names would be helpful. Don’t list machine hostnames in certificate hostname list* *The UM service may be your exception to this rule due to telephony systems having to talk direct to it, but you can easily use an internally issued certificate here. Use Load Balanced (LB) CAS arrays for intranet and Internet access to servers

34 Certificates - Best Practices
Using a wildcard certificate Did your Outlook Providers look like this previously when using a wildcard cert? Name CertPrincipalName EXCH EXPR msstd:*.contoso.com WEB Outlook Anywhere settings are now dynamically generated off of both the EXCH and EXPR Outlook Providers for separate internal and external settings for clients to utilize. As a result of this update both of the EXCH and EXPR Outlook providers must be wildcard ready in order to use a wildcard certificate. Name CertPrincipalName EXCH msstd:*.contoso.com EXPR msstd:*.contoso.com WEB

35 Demo That flat out faaaaabulous new certificate wizard.
4/5/2017 7:36 PM Demo That flat out faaaaabulous new certificate wizard. © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

36 Rejigger the lines! (aka… namespace switchover night) 4/5/2017 7:36 PM
© 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

37 Non-Internet facing site
Name change night! autodiscover.contoso.com mail.contoso.com Intranet site E2010 Servers E2013 CAS E2013 CAS E2010 HUB E2010 CAS E2013 MBX E2013 MBX E2010 MBX Internet facing site Non-Internet facing site

38 Exchange 2007 URls Legacy URL considerations for the following OWA EWS
OAB

39 Switching to CAS 2013 Drop TTL of any DNS records you will be changing in advance Re-test via Remote Connectivity Analyzer one last time Reconfigure Virtual Directory Settings of Legacy Systems if necessary Reconfigure Outlook Anywhere on Legacy Systems if necessary Move systems into the production AD sites if necessary Update Publishing methods (Load Balancer, Reverse Proxy, etc…) if necessary Update DNS records Test via Remote Connectivity Analyzer once DNS updates propagate

40 Time out! You did this in your lab already, right?

41 Script it as much as you can.
Prepare your virtual directory change scripts in advance. Huemans ah errar prone. Prepare a back-out script just…. in…. case.

42 Switching to CAS 2013 Outlook Anywhere
TechReady13 4/5/2017 Switching to CAS 2013 Outlook Anywhere 1. Enable Outlook Anywhere on all legacy CAS Utilize the ‘mail.contoso.com’ namespace for all CAS so traffic flows through 2013 in all cases. mail.contoso.com RPC/HTTP Layer 7 LB Layer 4 LB 2. IIS Authentication Methods IIS Auth must have NTLM enabled on all legacy CAS RPC/HTTP E2010 CAS E2007/ E2013 CAS E2010 CAS E2007/ HTTP PROXY HTTP PROXY 3. DNS Cutover if an IP change takes place Use a low TTL on the existing records a few days in advance of the cutover. OA Enabled OA Enabled OA Enabled Disabled Client Auth: Basic Client Auth: Basic Client Auth: IIS Auth: Basic IIS Auth: Basic IIS Auth: NTLM NTLM NTLM Basic auth for clients is merely for example. If you prefer NTLM, then use NTLM. RPC RPC RPC E2010 MBX E2007/ E2013 MBX E2010 MBX 2007/ Internet facing site Intranet facing site © 2011 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

43 MAPI/HTTP Session Session Outlook Connectivity: Current and Future
Speakers: Venkat Ayyadevara Rafiq El Alami, and Guy Groeneveld Date: Wednesday, April 2 Time: 10:15 AM – 11:30 AM Room: Ballroom F Session Type: Breakout Session Code: USX.207

44 Publishing Sessions Session Session
Publishing Exchange – Which TLA Should You Choose? WAP and ARR – TMG Alternatives? Speakers: Georg Hinterhofer, Roop Sankar Speaker: Greg Taylor Date: Tuesday, April 1 Time: 3:30 PM – 4:15 PM Room: Ballroom F Session Type: Breakout Session Code: ARC.202 Date: Wednesday, April 2 Time: 8:30 AM – 9:45 AM Room: MR 18bc Session Type: Breakout Session Code: USX.305

45 It’s an Edge case… 4/5/2017 7:36 PM
© 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

46 Edge Setup on Exchange 2013 SP1
One pre-req Active Directory Lightweight Directory Services (ADLDS) Go no further! Only install the ADLDS feature, Edge will take care of the rest during install. Windows PowerShell Copyright (C) 2013 Microsoft Corporation. All rights reserved. PS C:\Users\Administrator> Install-WindowsFeature ADLDS Success Restart Needed Exit Code True No Success Feature Result {Active Directory Lightweight Directory Se... WARNING: To create a new AD LDS instance on server, log on to the destination server and then run the Active Directory Lightweight Directory Services Setup Wizard. For more information, see PS C:\Users\Administrator>

47 Edge Setup on Exchange 2013 SP1
The ‘other’ pre-req you may hit Make sure your machine has a FQDN if it is not joined to a management domain. Performing Microsoft Exchange Server Prerequisite Check Configuring Prerequisites Prerequisite Analysis COMPLETED FAILED The fully qualified domain name of the computer is missing or empty. Setup cannot continue. For more information, visit: >/ms.exch.setupreadiness.FqdnMissing.aspx

48 Edge Setup on Exchange 2013 SP1
Adding a FQDN for non-domain joined machines Head on over to the Computer Name settings, it is hidden under the ‘More…’ section.

49 Edge Setup on Exchange 2013 SP1
Create your Edge Subscription file New-EdgeSubscription –File C:\EdgeServerSubscription.xml Make sure the file is in a location your mailbox server can access for the next step. [PS] C:\>New—EdgeSubscription -FileName c:\edgesubscription.xml Confirm If you create an Edge Subscription, this Edge Transport server will be managed via EdgeSync replication. As a result, any of the following objects that were created manually will be deleted: accepted domains, message classifications, remote domains, and Send connectors. After creating the Edge Subscription, you must manage these objects from inside the organization and allow EdgeSync to update the Edge Transport server. Also, the InternalSMTPServers list of the TransportConfig object will be overwritten during the synchronization process. EdgeSync requires that this Edge Transport server is able to resolve the FQDN of the Mailbox servers in the Active Directory site to which the Edge Transport server is being subscribed, and those Mailbox servers be able to resolve the FQDN of this Edge Transport server. You should complete the Edge Subscription inside the organization in the next“1440” minutes before the bootstrap account expires. [Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help (default is "Y"): y [PS] C:\>

50 Edge Setup on Exchange 2013 SP1
Import your Edge Subscription file (this would be a one-liner) New-EdgeSubscription -FileData ([byte[]]$(Get-Content -Path “C:\EdgeServerSubscription.xml” -Encoding Byte -ReadCount 0)) -Site “Seattle” [PS] C:\Windows\system32> New-EdgeSubscription -FileData ([byte[]]$(Get-Content -Path "C:\EdgeServerSubscription.xml"-Encoding Byte -ReadCount 0)) -Site "Seattle" Name ---- Site Domain CON—E2K13—EDG01 corp.contoso.com/... corp.contoso.com WARNING: EdgeSync requires that the Mailbox servers in Active Directory site Seattle be able to resolve the IP address for CON—E2K13—EDG01.corp.contoso.com and be able to connect to that host on port [PS] C:\Windows\system32>

51 Edge Setup on Exchange 2013 SP1
Edge is now known to the org Edge server shows up in server list. The two send connectors are generated (Note: SourceTransportServers is the name of the edge subscription, which is the name of the first Edge server used when the connectors are created.) [PS] C:\>Get-ExchangeServer | Sort-Object Name | FT Name,ServerRole,AdminDisplayVersion -AutoSize Name ---- ServerRole CON-E2K10-001 AdminDisplayVersion CON-E2K13-001 CON-E2K13-002 CON-E2K13-101 CON-E2K13-102 CON-E2K13-EDG01 CON-E2K7-001 Mailbox, ClientAccess, UnifiedMessaging, HubTransport Version 14.3 (Build 123.4) Mailbox, ClientAccessVersion 15.0 (Build ) Edge 15.0 (Build ) Mailbox, ClientAccess, UnifiedMessaging, HubTransport Version 8.3 (Build 83.6) [PS] C:\Windows\system32>Get-SendConnector | ft identity,sourcetrans* -AutoSize Identity SourceTransportServers EdgeSync – Seattle to Internet {CON-E2K13-EDG01} EdgeSync – Inbound to Seattle {CON-E2K13-EDG01} [PS] C:\Windows\system32>

52 Edge Support, and Mail Flow Transition
Edge Transport Edge Transport 2007/2010 are compatible with Exchange 2013 CU1 or later Edge Transport 2013 SP1 is compatible with 2013 SP1, 2010 SP3 RU5, and 2007 SP3 RU13 Legacy Edge Transport servers require the same 2010 SP3 or 2007 SP3 RU10 updates before deploying Exchange An existing 2010 Edge Subscription must be re-created after SP3 is applied so the version number is seen by Exchange 2013 within the AD configuration partition or else setup will fail at the pre-req check. Mail Flow Transition Exchange Server 2013 can accept inbound anonymous mail from the Internet and re-route to the correct 2013 or legacy mailbox(es) Leave MX record(s) pointing to legacy Exchange early on, unless you deploy Edge 2013 first Move MX record(s) to point to 2013 once approximately 50% of users are moved to 2013

53 Online Readiness Edge Transport with…
EOP standalone or Hybrid mail flow

54 Curb Kerb Appeal… 4/5/2017 7:36 PM
© 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

55 Kerberos Authentication
Kerberos is preferred to help remove NTLM authentication bottlenecks in large Exchange environments. Kerberos is not enabled by default in Exchange 2013 and requires manual configuration. OAB virtual directories are already Applications within IIS in Exchange 2013, no need to convert them as you did in Exchange 2010. Enabling Kerberos in Exchange 2013 results in setting Negotiate as the authentication type for Outlook Anywhere’s (/rpc) virtual directory InternalClientAuthenticationMethod and MAPI/HTTP’s (/mapi) virtual directory IISAuthenticationMethod.

56 To Kerb or not to Kerb… Note: Exchange 2013 proxies connections to 2007/2010 resources utilizing NTLM authentication. Yes. Enable Kerberos for /rpc & /mapi vDirs Are you pure 2013? No. Yes. No. Do you have legacy public folders? Yes. Do you have CU5 deployed?* No. Migrate public folders to Exchange 2013 * Tentative plan, plans may change.

57 Kerberos Authentication
A little bit of everything in a complex environment…. NTLM 2013 Primary Mailbox 2007 Public Folders 2010 Shared Mailbox 2013 Shared Mailbox Kerberos

58 Kerberos Authentication
Exchange 2013 requires only http ServicePrincipalNames due to all client traffic being HTTP. No longer necessary are exchangeAB, exchangeRFR, or exchangeMDB SPNs for a 2013-only ASA [PS] C:\>SetSpn –L EXASA213 Registered ServicePrincipalNames for CN=EXASA2013,CN=Users,DC=corp,DC=contoso,DC=com: http/bos.mail.corp.contoso.com http/aus.mail.corp.contoso.com http/mail.corp.contoso.com http/autodiscover.corp.contoso.com [PS] C:\>

59 Kerberos Authentication
What are our options? Re-use the Exchange 2010 ASA (if one exists) with new human-known credentials Pro: One ASA for both Exchange 2010 and Exchange 2013 in the org Con: The credentials are now known to administrators instead of machine generated. Create a new ASA for 2013 Pro: Can utilize RollAlternateServiceAccountPassword.ps1 against 2013 multi-role servers Con: Service Principal Names must be moved from the 2010 ASA (if one exits) to the new ASA for any hostname you will be moving from 2010 to 2013

60 Kerberos Authentication
A couple current caveats to be aware of as of SP1 RollAlternateServiceAccountPassword.ps1 Cannot be used to copy ASA credentials from 2010 CAS role to 2013 CAS role Cannot be used to create a new ASA on CAS-only 2013 servers Can be used to create a new ASA on multi-role 2013 servers Set-ClientAccessServer -AlternateServiceAccountCredential only works on multi-role 2013 servers

61 Exchange Server 2013 Public Folders
The last thing you migrate. 2007/2010 users cannot access 2013 Public Folders 2013 users can access 2007/2010 Public Folders Cutover migration, you cannot gradually move Public Folders from legacy to 2013

62 Public Folder Sessions
Modern Public Folder Migration & Office 365 Experts Unplugged: Public Folders & Site Mailboxes Speakers: Kanika Ramji & Siegfried Jagott Speakers: Alfons Staerk, Kanika Ramji, Shashi Singaravel, Siegfried Jagott, Brian Day Date: Monday, March 31 Time: 4:30 PM – 5:45 PM Room: MR 19ab Session Type: Breakout Session Code: DMI.310 Date: Tuesday, April 1 Time: 9:00 AM – 10:15 AM Room: MR 18d Session Type: Unplugged Session Code: USX.UN.303

63 OABs Downloads Do you have or play to have multiple OABGen capable mailboxes? Know that client OAB downloads from different OABGen mailboxes triggers a full download even if it is the same OAB being downloaded. How to find your OABGen mailbox(es) [PS] C:\>Get-Mailbox –Arbitration | Where {$_.PersistedCapabilities –like "*OAB*"} | FL Name,Database,Persis* Name Database PersistedCapabilities : SystemMailbox{bb558c35-97f1-4cb9-8ff7-d53741dc928c} : 2013DB-001 : {OrganizationCapabilityUMGrammarReady, OrganizationCapabilityPstProvider, : OrganizationCapabilityMessageTracking, OrganizationCapabilityMailRouting, : OrganizationCapabilityClientExtensions, OrganizationCapabilityGMGen, : OrganizationCapabilityOABGen, OrganizationCapabilityUMGrammar} : OABGen02 : 2013DB-003 : {OrganizationCapabilityOABGen}

64 OAB Downloads How does this happen to clients? You may have OABGen mailboxes in different or same AD sites. [PS] C:\>Get-MailboxDatabase Name ---- Servers 2013DB {CON-E2K13-001} 2013DB {CON-E2K13-001} 2013DB {CON-E2K13-101} 2013DB {CON-E2K13-102} 2013DB {CON-E2K13-101} 2013DB {CON-E2K13-002} [PS] C:\>Get-Mailbox –Arbitration | Where {$_.PersistedCapabilities –AutoSize Name ---- OABGen02 Database 2013DB-003 SystemMailbox{bb558c35-97f1-4cb9-8ff7-d53741dc928c} 2013DB-001 [PS] C:\> [PS] C:\>Get-ExchangeServer | Where {$_.AdminDisplayVersion –like "*15*"} | Name,Site Name ---- CON-E2K13-001 Site CON-E2K13-002 CON-E2K13-101 CON-E2K13-102 CON-E2K13-EDG01 corp.contoso.com/Configuration/Sites/Boston corp.contoso.com/Configuration/Sites/Seattle

65 OAB Downloads Could we place different OABGen mailboxes in DBs only replicated locally? No, in this example the DAG spans two sites and user mailboxes will move between sites. Site A Site B OABGen-01 OABGen-02 DAG-001

66 OAB Downloads or Recommended due to site resiliency gains.
Recommendation: Keep one OABGen mailbox per organization. Site A Site B OABGen-01 DAG-001 or Site A Site B OABGen-01 DAG-001 Recommended due to site resiliency gains.

67 Quota Calculations Mailbox and Public Folder data moved from legacy Exchange to Exchange 2013 will appear to grow due to more accurate calculations within the DB. Expectation is 30%-40% increase in quota hit, but will vary based on the content types May want to increase the quotas of any user using ~75% or more of their quota prior to moving them to 2013 The database size on disk does NOT increase

68 Certificate Based Authentication for ActiveSync
Coming in Exchange 2013 Cumulative Update 5

69 Pre-Release Programs Team Be first in line!
Go to the Pre-Release Programs Booth Tell us about your Office 365 environment/or on premises plans Get selected to be in a program Try new features first and give us feedback! Start now at:

70

71 4/5/2017 7:36 PM © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION. © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.


Download ppt "MEC 2014 4/5/2017 7:36 PM © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks."

Similar presentations


Ads by Google