Wednesday, 26 May 2010

Delay on Enterprise Vault Web Pages on first access each day.

After deploying a geographically dispersed cluster toward the end of last year, the next thing on my to do list, was to provide archiving services.

We use Symantec Enterprise Vault across the organisation, so I set about installing and configuring that. The installation went smoothly and all was working without any major issues.

The only issue reported by users was in regard to the search and browse vault web pages, usually viewed through Outlook were taking a long time to load for the first attempt each day.

I called Symantec Support and was pointed in the direction of the article below.

http://seer.entsupport.symantec.com/docs/324255.htm

In our case this didn’t apply. This article (http://seer.entsupport.symantec.com/docs/351109.htm) was closer to our solution, but still not our complete solution.

The runtime config below will be familiar to admins who run Exchange 2007 Servers where no internet access is available. For those who are not familiar with certificate signed code, at regular intervals a certificate revocation list will be checked to see if the certificate has been revoked. Where no internet access is available the delay occurs as the server attempts the connection anyway.

Symantec advised us to place the following inside the runtime tags inside the machine.config file. The reason this is different from the latter support article above is because were running the server on Windows 2008.

<runtime>
     <generatePublisherEvidence enabled="false"/>
</runtime>

This solved our delays nicely.

Monday, 24 May 2010

Convert Linked Mailboxes to User Mailboxes in Bulk

My organisation has gone through a massive migration project to unify Active Directories and Exchange organisations. As a result of these migrations a lot of mailbox migrations have resulted in a lot of mailboxes ending up as linked mailboxes even though their not.

The official TechNet article on this explains how to disconnect the mailbox and re-attach it to the user account correctly as a user mailbox. http://technet.microsoft.com/en-us/library/bb201749(EXCHG.80).aspx

Another way to make this appear to be corrected is to manually change the “Recipient Type” AD property on the affected mailboxes. This though, is unsupported.

Using the official method from Microsoft results in the loss of any specific mailbox information such as SMTP, x400 & x500 addresses, mailbox sizes and any other individual mailbox settings.

Only e-mail addresses and mailbox sizes were important to me (I must admit, I forgot about mailbox sizes at first).

I came up with the script below that would properly convert all Linked Mailboxes on a particular server to user mailboxes in a supported way. The script is very effective, but you will want to check out the list of considerations below before running it, they might lead you to amend the script slightly. You will have to modify the $exchangeserver and $userdomain variables though.

$exchangeserver = "exchccr1"
$userdomain = "domain\"

$linkedmailboxes = get-mailbox -server $exchangeserver -resultsize unlimited|where {$_.recipienttypedetails -eq "LinkedMailbox"}

foreach ($mailbox in $linkedmailboxes){
Disable-Mailbox -Identity $mailbox.displayname -confirm:$false
}

Get-MailboxDatabase -server $exchangeserver|Clean-MailboxDatabase

start-sleep -s 90

foreach ($mailbox in $linkedmailboxes){
$usernamestring = $userdomain + $mailbox.samaccountname
Connect-Mailbox -Identity $mailbox.exchangeguid -Database $mailbox.database -User $usernamestring
set-mailbox -identity $mailbox.displayname -emailaddresses $mailbox.emailaddresses
}

start-sleep -s 90

foreach ($mailbox in $linkedmailboxes){
set-mailbox -identity $mailbox.displayname -EmailAddressPolicyEnabled $mailbox.EmailAddressPolicyEnabled -emailaddresses $mailbox.emailaddresses -UseDatabaseQuotaDefaults $mailbox.UseDatabaseQuotaDefaults -ProhibitSendQuota $mailbox.ProhibitSendQuota -ProhibitSendReceiveQuota $mailbox.ProhibitSendReceiveQuota -IssueWarningQuota $mailbox.IssueWarningQuota
}

Some things to consider…

  • The filter on this script doesn’t consider legitimate linked mailboxes.
  • Only E-Mail addresses and mailbox sizes are re-applied to the freshly attached mailbox. More can be added to the script though.
  • You can’t attach a mailbox to a disabled account. The script won’t stop, but will error on disabled user accounts.
  • Don’t stop the script as it’s running, even if it’s choosing the wrong selection of accounts. It will mean more manual work after if you do.
  • Ensure you have "Exchange Server Administrator" permissions on the server you wish to run this script.
  • Ensure you have permissions to run the Clean-MailboxDatabase permissions on the server you wish to run this script (You don't get this by default with "Exchange Sever Administrator" permissions). If you're an admin in my 0rg, we can give you this permission if you if you don't have it already.

There you go, a script that will do all your linked mailboxes in one go. I’ve not been able to find another online, so I hope this helps you.

Monday, 17 May 2010

Upgrading Delegated Exchange 2007 Clusters to SP2 - FIX

Concerning a previous post “Upgrading Exchange 2007 Clusters to SP2 – Workaround”, Microsoft provided a fix for the issue of upgrading an Exchange 2007 Cluster using delegated privileges.

Microsoft provided us with a fix that allows this to happen without using the workaround described in the article above.

Download the file from here http://downloads.daiowen.co.uk/ExBPA.PreReqs.xml

How to use the XML…

  1. Copy all the E12SP2 setup files to local disk.
  2. Replace the original ExBPA.PreReqs.xml with the one available above.
  3. Run the setup from local disk.