Upgrade Windows Standard to Enterprise

Note. When Exchange is installed on this particular server you can use this procedure only in a lab environment. To change an Exchange server is not a supported scenario!

When installing an Exchange 2010 environment in my lab I discovered that the Fail Over Clustering bits were not available on my planned DAG members. It turned out that I installed Windows 2008 R2 Standard Edition instead of Enterprise Edition. Even worse, Exchange Server 2010 SP2 was already installed as well.

On TechNet there’s an article that explains how to Upgrade Windows 2008 R2 without using the installation media (i.e. reinstall Windows 2008 R2 from scratch) using DISM, the Deployment Image Servicing and Management Tool.

The supported upgrade paths are:

  • Windows Server 2008 R2 Standard -> Windows Server 2008 R2 Enterprise -> Windows Server 2008 R2 Datacenter
  • Windows Server 2008 R2 Standard Server Core -> Windows Server 2008 R2 Enterprise Server Core -> Windows Server 2008 R2 Datacenter Server Core
  • Windows Server 2008 R2 Foundation -> Windows Server 2008 R2 Standard

To determine the installed version of Windows you can use:

DISM /online /Get-CurrentEdition

To determine possible versions you can upgrade to:

DISM /online /Get-TargetEditions

clip_image001

To upgrade to a higher version of Windows, you can use:

DISM /online /Set-Edition:<Version> /ProductKey:XXXXX-XXXXX-XXXXX-XXXXX-XXXXX

The product key is your normal Windows Server product key, but if you’re facing difficulties with your key you can use a temporary setup key from Microsoft as per http://technet.microsoft.com/en-us/library/ff793421.aspx.

So if you want to upgrade a Standard Edition to an Enterprise Edition you can perform this step:

DISM /online /Set-Edition:ServerEnterprise /ProductKey:489J6-VHDMP-X63PK-3K798-CPX3Y

clip_image002

After rebooting the server version now is an Enterprise Edition:

clip_image003

Don’t forget to activate your server with a proper license key of course.

Note. The server that needs to be upgraded cannot be a Domain Controller. In order to upgrade the DC needs to be demoted, upgraded and promoted again.

 

More information can be found on:

KM Client Setup keys: http://technet.microsoft.com/en-us/library/ff793421.aspx

Upgrading Windows Server 2008 R2 without media http://blogs.technet.com/b/server_core/archive/2009/10/14/upgrading-windows-server-2008-r2-without-media.aspx

Building Hosted Exchange – Part IV

In my earlier blog posts Building Hosted Exchange Part I (overview), Building Hosted Exchange Part II (Active Directory) and Building Hosted Exchange Part III (Exchange and ABP’s) we’ve created a simple Exchange 2010 organization that’s capable of hosting multiple organizations, separated from each other and each having their own Address Books. But as outlined in the Microsoft guidance document there’s more involved, especially when it comes to global settings that are identical for all users (in all organizations) or global settings that can reveal unwanted information.

Global Exchange configuration
When building a hosted Exchange 2010 SP2 environment a number of Exchange configuration settings have to be taken into account.

There are certain global settings that are valid for the entire organization and are therefore set on an organization level and not on a tenant level. Example of these configurations (this is not a complete list!) are Exchange ActiveSync settings, Exchange Web Services, OWA policies, Throttling policies, anti-virus and anti-spam checking, postmaster settings and the autodiscover settings.

For every configuration setting you have create a global settings and apply these to all users. Of course it is possible to create multiple settings like multiple OWA policies and apply these to various users, but this will become more and more complex rapidly.

Global URL’s and Autodiscover

In a hosting environment customers have to be aware that their mailboxes are on a shared platform, and that services are accessible on a common platform. OWA for example is accessible via https://webmail.provider.com/owa, autodiscover is available via https://autodiscover.provider.com and the Exchange Web Services are available via https://webmail.provider.com/ews/exchange.asmx. It is not possible to easily implement multiple URL’s for each customer (i.e. tenant). So all users, in all organizations have to use these settings. Regardless.

For more information regarding the Autodiscover redirect and SRV records (useful for hosters) check the blog post Autodiscover Redirect and SRV option. Each organization should use either the Autodiscover Redirect option or Autodiscover SRV record for the organization’s Autodiscover functionality to function properly.

Anti-virus and Anti-Spam

Anti-virus and anti-spam are a global settings, these are either enabled or disabled. Also the Edge Transport Server plays an important role in a hosted Exchange 2010 SP2 environment. Since SMTP routing between organizations in the Exchange environment can be an issue (Exchange treats them as internal messages but from a tenant point of view these are external messages) a custom solution have to be built.

Exchange also has the ability to set different out-of-messages for internal recipients and external recipients. This is a nice feature, but only available on a global basis. This means that inter-tenant OOF messages (different tenants) are actually internal messages while they should be external messages. I’ll discuss this particular topic in more detail in part V of this series.

image

Figure 1. User1 get an internal out-of-office from a user in another tenant!

Throttling Policies

In a hosting environment you have to take care about users consuming too much resources. Throttling policies can be used to prevent this. For example, if you implement a Blackberry solution a throttling policy is implemented by default.

I normally recommend to monitor e-mail usage by customers and only if needed implement a throttling policy.

Exchange Control Panel

The Exchange Control Panel offers some self-service possibilities to users, but the drawback is that ECP gives the possibility to change Group Membership in an unwanted manner. The best option is to disable the Manage My Organization feature in ECP using the OMECPDisabled registry key. Check this TechNet article on how to use this specific key: Disable the Exchange Control Panel.

image

Figure 2. The OMECPDisabled registry key.

Update. This Technet Article is not entirely correct. The registry key is ok, but it should be applied on the Client Access Server and when set an IISRESET needs to be performed. No actions needed on the Mailbox Server and restarting the Information Store is not needed either.

Mail Tips

Mail Tips are a useful feature in an enterprise environment. If an e-mail is created using Outlook 2010 or OWA 2010 some information regarding the message, transport or recipients can be shown beforethe actual message is sent.

The problem is that this is an Exchange wide setting. Exchange sees all users in the Exchange platform as internal users, even across multiple tenants. Therefore it is possible for a user in customer1.com to see information via Mail Tips from another users in customer2.com. Which of course can be a security breach.

image

Figure 3. Information via Mail Tips from a user in another tenant!

The only way to avoid this is to turn off Mail Tips entirely.

Conclusion

It is possible to create a multi-tenant Exchange environment manually but it requires quite an amount of work. You have to secure Active Directory, create multiple tenants in Active Directory and secure these as well, create users and groups in each tenants and mailbox enable them.

Furthermore you have to be aware that there are several settings in an Exchange environment that are set on a global level and are identical for each tenant. The last drawback is message routing and OOF message routing that needs to be taken care of to prevent unwanted information exchanged between users in different tenants. This will be the topic of my next blog.

UC Technical Rollup May 2012

Attached the May 2012 Unified Communications Technical Rollup. It contains information regarding Microsoft Exchange, OCS/Lync, Outlook, Forefront and other Microsoft UC related techologies, documents, newsletters, knowledgebase articles, new downloads, webcasts etc.

Lync for Mobile Devices and Autodiscover Article

Do you want to learn more about the mobility capabilities of Microsoft Lync Server 2010, Lync Online, and Lync mobile apps? Watch this webcast to hear about enabling the mobility service on the server, deployment considerations, management, and security. We demonstrate the key types of communication that Lync 2010 supports, such as instant messaging, presence, audio conferencing, and phone calls. Additionally, we discuss security, management, and deployment considerations.

The Lync 2010 mobile clients combine instant messaging, conferencing, and calling features in a single application that’s both familiar to Lync users and optimized for mobile productivity. This helps your mobile workers stay connected, communicate, and conference while on the go.

TechNet Webcast: Lync for Mobile Devices (Level 200)

There’s also a related whitepaper kind of article written by Greg Anthony on this particular topic:

Microsoft Lync Server 2010 Autodiscover Service–not to be confused with Exchange Autodiscover Service–is a new Lync Server service introduced in the Lync Mobility feature update that was released in Cumulative Update for Lync Server 2010: November 2011. This article provides more depth about Lync Autodiscover, its purpose, and how mobile clients utilize its functionality

Introduction
The Lync Autodiscover Service is a component that the Lync Mobile client queries to find a user’s home pool URLs for the various Lync Server Web Services, such as Autodiscover, Mobility, Reach (Lync Web Access), Meet, Address Book Service, and Distribution List Expansion. In a nutshell, Autodiscover provides information to a Lync Mobile client so that the client can connect, authenticate to the user’s home pool, and access Lync provided resources.

While Lync SIP clients currently use DNS service locator records (SRVs), this service provides a process for the Lync Mobile application to utilize over HTTP and HTTPS.

Architecture
Lync Autodiscover Service is installed as part of Lync Web Services as shown in Figure 1.

Figure 1. Lync Autodiscover

It is installed on both the Lync Server external and internal web sites.

Read More on the Microsoft TechNet site

MEC is Back! Microsoft Exchange Conference

image

By now you should already have noticed, after 10 years the ‘lost conference’ is back! Microsoft is organizing the Microsoft Exchange Conference in Orlando, Florida from September 24th to September 26th.

Three days of in-depth Exchange “15” sessions, directly from the Exchange Product Team. There will also be a serious presence of Exchange MVP’s and Exchange MCM’s as well. For more information, and to register visit the MEC 2010 website.

Now, Microsoft is also organizing the annual TechEd conferences in Orlando and in Amsterdam, but with less content when it comes to Exchange. There are six Exchange only sessions in Orlando and there are five Exchange only sessions in Amsterdam (I’m not looking at related products like FOPE and Office 365) and all sessions are based on Exchange 2010 SP2, no Exchange “15″ sessions at TechEd! The difference is that MEC has full attention from the product group and Microsoft will unveil Exchange “15” here. If you are an Exchange admin of consultant and looking to the future, MEC is the place to be. For more general sessions and other Microsoft IT Pro sessions you better go to TechEd.