Category Archives: UC&C

Exchange 2013 Cumulative Update 3 released

I thought it might be fun to write an annotated version of the Exchange team blog post announcing the availability of CU3 for Exchange Server 2013. So here goes…

The Exchange team is announcing today the availability of our most recent quarterly servicing update to Exchange Server 2013.  Cumulative Update 3  for Exchange Server 2013 and updated UM Language Packs are now available on the Microsoft Download Center.  Cumulative Update 3 includes fixes for customer reported issues, minor product enhancements and previously released security bulletins.   A complete list of customer reported issues resolved in Exchange Server 2013 Cumulative Update 3 can be found in Knowledge Base Article KB2892464.

Translation: “We’re getting the hang of this cumulative update model. Notice that we gave you a list of bug fixes in this release, just like y’all asked for last time, although we’re not saying that this is a comprehensive list of every bug fixed in the CU.

We would like to call attention to an important fix in Exchange Server 2013 Cumulative Update 3 which impacts customers who rely upon Backup and Recovery mechanisms to protect Exchange data.  Cumulative Update 3 includes a fix for an issue which may randomly prevent a backup dataset taken from Exchange Server 2013 from restoring correctly.  Customers who rely on Backup and Recovery in their day-to-day operations are encouraged to deploy Cumulative Update 3 and initiate backups of their data to ensure that data contained in backups may be restored correctly.  More information on this fix is available in KB2888315.

Translation: “Backups are sooooo 2005. Why are you even doing them instead of using Exchange native data protection? DAGs and JBOD, baby. Just make sure you have at least 3 database copies. But if you are, well, take another backup right quick to make sure you can restore later.” [ Note that I am manfully resisting the urge to ask how this issue slipped through testing. --PR]

In addition to the customer reported fixes in Cumulative Update 3, the following new enhancements and improvements to existing functionality have also been added for Exchange Server 2013 customers:

  • Usability improvements when adding members to new and existing groups in the Exchange Administration Console
  • Online RMS available for use by non-cloud based Exchange eployments
  • Improved admin audit log experience
  • Windows 8.1/IE11 no longer require the use of OWA Light

Translation: “Who doesn’t like new features?  We promised to deliver new features on-premises, and we did, so yay us! However, notice how we avoided saying ‘on-premises’, instead using the clumsy ‘non-cloud based’ term instead.

More information on these topics can be found in our What’s New in Exchange Server 2013, Release Notes and product documentation available on TechNet. Cumulative Update 3 includes Exchange related updates to Active Directory schema and configuration.  For information on extending schema and configuring the active directory please review the appropriate TechNet documentation.   Also, to prevent installation issues you should ensure that the Windows PowerShell Script Execution Policy is set to “Unrestricted” on the server being upgraded or installed.  To verify the policy settings, run the Get-ExecutionPolicy cmdlet from PowerShell on the machine being upgraded.  If the policies are NOT set to Unrestricted you should use the resolution steps in KB981474 to adjust the settings.

Translation: “Because we love you and want you to be happy, we’ve included a schema update to keep your Active Directory looking shiny and fresh. Remember, we can push schema updates in CUs now. Sorry if this means your organizational change control process means you have to delay installing the CU for months while you wait for the change to be assessed and approved.

Our next update for Exchange Server 2013, Cumulative Update 4, will be released as Exchange Server 2013 Service Pack 1.  Customers who are accustomed to deploying Cumulative Updates should consider Service Pack 1 to be equivalent to Cumulative Update 4 and deploy as normal.

Translation: “CU4 will be so awesome that it’s really a service pack, if you like service packs, but if you don’t, then it’s not. Because every CU can include both features and fixes now, we have lots of flexibility to choose when to deploy features. Part of the reason we changed the servicing model was to get people away from the ‘wait for SP1′ attitude, so if SP1 is really just CU4, that helps show there’s no reason to wait.

Reminder:  Customers in hybrid deployments where Exchange is deployed in-house and in the cloud, or who are using Exchange Online Archiving with their in-house Exchange deployment are required to maintain currency on Cumulative Update releases.

Translation: “Surprise! Since you can’t control what release your Office 365 tenant is running, if you’re in hybrid mode (or want to be), you now must commit to remaining on the current CU. If that’s a problem because of schema changes, well, good luck with that. I suppose if enough people complain we might start pre-announcing which CUs will contain schema changes so you can plan ahead.

Overall, I’m looking forward to seeing CU3 be widely deployed. It seems to be a stable and solid release based on my experience with it. The new features will be welcome, and I am heartened to see the team continuing to hit their release cadence.

Leave a comment

Filed under UC&C

Exchange 2013 SP1 coming in early 2014

Microsoft today announced that Service Pack 1 for Exchange 2013 is coming in “early 2014”. The announcement has a few interesting nuances:

  • The Edge Server role is coming back. Not by popular demand, as far as I can tell; I presume this is being introduced to pacify a few large, noisy customers who are using Edge, because I haven’t seen any signs that customers are demanding it. I would not expect to see significant feature improvements or investments in this role, either in SP1 or going forward.
  • S/MIME for OWA support is coming. This has been known for some time; as yet we don’t know the specific details of which browsers will be supported.
  • SP1 will require a schema update. I will have more to say about this in the very near future.

Interestingly, SP1 is essentially CU4: it is applied in the same way as other CUs, and if you skip SP1 and install CU5 later on, you’ll get all the fixes and features included in SP1. The Lync team is doing the same thing with their CUs; the old rule that only service packs could include new features is dead and buried.

1 Comment

Filed under UC&C

iOS 7 Exchange ActiveSync problems revisited

Back in September I posted an article about a problem that occurred when synchronizing iOS 7 devices against Exchange 2010 SP2. The wheels of justice grind slowly, but Microsoft has released a KB article and accompanying hotfix that describe the symptoms precisely.

I also got an odd report from a large enterprise customer; they had several hundred iOS 7.0.2 devices, all on Verizon in one specific region, that were having synchronization problems. The issue here turned out to be a network configuration issue on Verizon’s network that required some action from them to fix.

Now you’re probably starting to see the value in solutions like those from BoxTone

 

 

 

3 Comments

Filed under UC&C

The future of importing large quantities of Exchange data to Office 365?

It wouldn’t be accurate to say “you can’t”, but Microsoft doesn’t make it easy.

Whether you’re moving mailboxes or PST data to Office 365, your imports are throttled; that is, Microsoft imposes a limit on how fast you can move information into their data centers. The exact speed of your import process will vary according to a variety of factors, including what protocol (IMAP4, MAPI, or EWS) you’re using, what migration tool you’re using, and how many concurrent threads it can spin up, how busy the data center you’re importing into is, and the mix of item sizes in the mailboxes or PSTs you’re importing.

The problem with this throttling is that it’s largely opaque. Although Microsoft publishes “observed data,” my own observations have shown that migration throughput can vary widely based on these factors and a bunch of others besides, possibly including the phase of the moon and whether you have recently said anything disparaging about Microsoft anywhere on the Internet.

Recently I had a customer who wanted to migrate 30TB of PST data to Exchange Online Personal Archives. While this might sound ridiculous, it makes perfect sense given that Office 365 E4 plans include an unlimited-size Personal Archive for each mailbox. That’s a hard deal to beat… if you can figure out how to get the data in. At one point, in a fit of frustration we asked Microsoft whether we could just send them a bunch of disk drives containing the PSTs. “Of course not,” they said (with “silly boy” being the unspoken coda to that phrase). But it turns out that Azure is now providing bulk import of data by sending disks to them: the Windows Azure Import/Export Service is now in preview. With any luck, we’ll see a similar service from Office 365 in the not-too-distant future. And when it happens, remember, Andy Tanenbaum had the idea first.

3 Comments

Filed under Office 365, UC&C

2-factor Lync authentication and missing Exchange features

Two-factor authentication (or just 2FA) is increasingly important as a means of controlling access to a variety of systems. I’m delighted that SMS-based authentication  (which I wrote about in 2008), has become a de facto standard for many banks and online services. Microsoft bought PhoneFactor and offers its SMS-based system as part of multi-factor authentication for Azure, which makes it even easier to deploy 2FA in your own applications.

Customers have been demanding 2FA for Lync, Exchange, and other on-premises applications for a while now. Exchange supports the use of smart cards for authentication with Outlook Anywhere and OWA, and various third parties such as RSA have shipped authentication solutions that support other authentication factors, such as one-time codes or tokens. Lync, however, has been a little later to the party. With the July 2013 release of Lync Server 2013 CU2, Lync supports the use of smart cards (whether physical or virtual) as an authentication mechanism. Recently I became aware that there are some Lync features that aren’t available when the client authenticates with a smart card– that’s because the client authenticates to two different endpoints. It authenticates to Lync using two-factor authentication, but the Lync client can’t currently authenticate to Exchange using the same smart card, so services based on access through Exchange Web Services (EWS) won’t work. The docs say that this is “by design,” which I hope means “we didn’t have time to get to it yet.”

The result of this limitation means that Lync 2013 clients using 2FA cannot use several features, including

  • the Unified Contact Store. You’ll need to use Invoke-CsUcsRollback to disable Lync 2FA users’ UCS access if you’ve enabled it.
  • the ability to automatically set presence based on the user’s calendar state, i.e. the Lync client will no longer set your presence to “out of office”, “in a meeting,” etc. based on what’s on your calendar. Presence that indicates call states such as “in a conference call” still works.
  • integration with the Exchange-based Conversation History folder. If you’ve configured the use of Exchange 2013 as an archive for Lync on the server side, that still works.
  • Access to high-definition user photos
  • The ability to see and access Exchange UM voicemail messages from the Lync client

These limitations weren’t fixed in CU3, but I am hopeful that a not-too-distant future version of the client will enable full 2FA use. In the meantime, if you’re planning on using 2FA, keep these limitations in mind.

1 Comment

Filed under General Tech Stuff, UC&C

Need Windows licensing help? Better call Paul

No, I’m not giving it. That would be like me giving advice on how to do a pencil drawing, or what wine goes with In-N-Out Burger.

A year or so ago, I had a very complex Windows licensing questions that Microsoft was unable to answer. More to the point, no two Microsoft people were able to give me the same answer. I did a little digging and found Paul DeGroot of Pica Communications, author of the only book on Microsoft licensing that I know of. Paul quickly and clearly answered my question, and a couple of rounds of follow-up questions after that. Armed with his information, I was able to solve the particular problem I was having in a less expensive, less painful way than just buying all the licenses. As I was cleaning out my inbox, I found our discussion and remembered, guiltily, that I meant to mention Paul’s services earlier. Under the banner “better late than never” consider this a belated, and strong, recommendation.

Leave a comment

Filed under General Tech Stuff, UC&C

Off to Exchange Connections 2013!

Off to Las Vegas I go! I am en route to Exchange Connections 2013, where I’ll be presenting 3 sessions: one on Exchange ActiveSync with the folks from BoxTone, one on Exchange 2013 and Lync 2013 integration, and one on Exchange 2013 unified messaging. I also plan to have breakfast, lunch, dinner, coffee, beer, snacks, or cuddles (well, OK, probably not cuddles) with as many members of the Exchange product group, MVP community, and world at large as possible. If you’re there, by all means please come by and say hello! (and if you want to go lift weights together, even better!)

Sadly, my book won’t be on sale there because it is still being printed. However, I’ll be giving away a copy or two in each of my sessions, so if you’re feeling lucky, come on by.

In related news, registration opened for the 2014 edition of the Microsoft Exchange Conference, or MEC. I am ridiculously excited about the return of the return of MEC, and not just because it’s in Austin and I might finally get to meet some of my Dell coworkers. The product group has been sharing a bit of what they’ve got planned with the MVPs and I can say, with conviction, that it will be just as good, if not better than, MEC 2012.

But back to now. Somewhat unusually, I am flying United, connecting through Houston both ways. Normally I wouldn’t, but scheduling dictated it and with luck I’ll be in Houston long enough to have some of my favorites (plus: Channel 9!)  Then it’s a ridiculously short return to Huntsville– basically, long enough to change suitcases and grab my running shoes– before I head to Vermont to run the Leaf Peepers 5K with my lovely sister (note: subscribe to her blog; you’ll be glad you did), thence to Hoboken to meet with customers.

See you at the show!

1 Comment

Filed under Travel, UC&C

Odd iOS 7.0x Exchange ActiveSync problem

from the oops-they-may-have-done-it-again department…

I just got an e-mail from a former coworker reporting a problem with synchronizing some, but not all, iOS 7.0.x devices with Exchange 2010 SP2. There are four users (Alex, Eric, James, and Peter, let’s say) with shiny new iPhone 5s devices. Two of them get the same error when syncing: the Provision verb is returning a status of 110 and throwing an exception from Microsoft.Exchange.Security.Compliance.MessageDigestForNonCryptographicPurposes.HashCore. This seems to point to a problem with crypto negotiation with the devices, but I haven’t been able to look at a trace of the conversation between the device and the server to check.

James’ device works fine. Alex’s device works fine. Peter’s device does not work, either with his own account or Alex’s. Eric’s device does not work with his account; no other accounts have been tested. This seems to indicate that the problem is not (necessarily) with the account. Peter and Eric have both wiped their devices, deleted their Exchange accounts, rebooted the devices, and done all the other stuff you might try when faced with this problem, but to no avail.

This Apple support forum thread seems to indicate that a few others who have the same problem, but none of the recommended fixes have worked for Alex or Peter. My working theory is that this is due to an unwanted interaction of some kind between Exchange 2010 SP2 and iOS 7.x, but I can’t prove that yet. As far as I can tell, Exchange 2013 CU2 doesn’t have the same problem.

I’m posting this in hope that it might come to the attention of anyone else who’s having a similar problem so I can get a sense of its scope and nature.

More news when there is news…

7 Comments

Filed under UC&C

Keeping up: Office 365 OnRamp changes

Microsoft Exchange Server 2013 Inside Out: Clients, Connectivity, and UM (colloquially known as “the book”) is now in production! I’ve reviewed all the page proofs, corrected the few composition and layout mistakes I found, and returned the proofs to the editorial staff so they can turn PDFs into paper. It’s pretty exciting, although thanks to my tardiness the book won’t be ready in time to be sold at Exchange Connections (about which, more tomorrow.) However, I’ve been assured that Tony’s book on Mailbox and HA will be available there.

About a month ago, I wrote this in the Office 365 chapter:

One of the difficulties inherent in writing about cloud services is that they can change rapidly and often. The screen shots of Office 365 in this chapter reflect its appearance and function as of late 2013, but it’s likely that some of the underlying Office 365 code will change, so don’t be surprised if what you see on screen doesn’t exactly match what you read here.

As if to reinforce that point, today Microsoft has changed the OnRamp tool that you use to assess your organizational readiness for Office 365. The readiness review portion of the tool seems to have disappeared, leaving the checklist portion (which is similar in intent to the Exchange Deployment Assistant, another topic covered in the chapter). I haven’t found where the readiness review went, but I’m fairly sure it still exists somewhere in the maze of Office 365 tools.

The moral of this story? Although Microsoft likes to mock Google’s habit of suddenly introducing changes to end users without warning, they are starting to develop the same habit, except it mostly affects administrators. I hope this particular change was just a slip and not a harbinger of the way toolset changes will be handled in the future. (The secondary moral: man, it’s going to be a challenge to keep up with Office 365 updates in anything I write in the future!)

Leave a comment

Filed under UC&C

Do mailbox quotas matter to Outlook and OWA?

Great question from my main homie Brian Hill:

Is there a backend DB reason for setting quotas at a certain size? I have found several links (like this one) discussing the need to set quotas due to the way the Outlook client handles large numbers of messages or OST files, but for someone who uses OWA, does any of this apply?

Short answer: no.

Somewhat longer answer: no.

The quota mechanism in Exchange is an outgrowth of those dark times when a large Exchange server might host a couple hundred users on an 8GB disk drive. Because storage was so expensive, Microsoft’s customers demanded a way to clamp down on mailbox size, so we got the trinity of quota limits: prohibit send, prohibit send and receive, and warn. These have been with us for a while and persist, essentially unchanged, in Exchange 2013, although it is now common to see quotas of 5GB or more on a single mailbox.

Outlook has never had a formal quota mechanism of its own, apart from the former limit of 2GB on PST files imposed by the 32-bit offsets used as pointers in the original PST file format. This limit was enforced in part by a dialog that would tell you that your PST file was full and in part by bugs in various versions of Outlook that would occasionally corrupt your PST file as it approached the 2GB size limit. Outlook 2007 and later pretty much extinguished those bugs, and the Unicode PST file format doesn’t have the 2GB limit any longer. Outlook 2010 and 2013 set a soft limit on Unicode PSTs of 50GB, but you can increase the limit if you need to.

Outlook’s performance is driven not by the size of the PST file itself (thought experiment: imagine a PST with a single 10GB item in it as opposed to one with 1 million 100KB messages) but by the number of items in any given folder. Microsoft has long recommended that you keep Outlook item counts to a maximum of around 5,000 items per folder (see KB 905803 for one example of this guidance). However, Outlook 2010 and 2013, when used with Exchange 2010 or 2013, can handle substantially more items without performance degradation: the Exchange 2010 documentation says 100,000 items per folder is acceptable, though there’s no published guidance for Exchange 2013. There’s still no hard limit, though. The reasons why the number of items (and the number of associated stored views) are well enumerated in this 2009 article covering Exchange 2007. Some of the mechanics described in that article have changed in later versions of Exchange but the basic truth remains: the more views you have, and/or the more items that are found or selected by those views, the longer it will take Exchange to process them.

If you’re wondering whether your users’ complaints of poor Outlook performance are related to high item counts, one way to find out is to use a script like this to look for folders with high item counts.

Circling back to the original question: there is a performance impact with high item count folders in OWA, but there’s no quota mechanism for dealing with it. If you have a user who reports persistently poor OWA performance on particular folders, high item counts are one possible culprit worth investigating. Of course, if OWA performance is poor across multiple folders that don’t have lots of items, or across multiple users, you might want to seek other causes.

Leave a comment

Filed under UC&C

Microsoft Certified Systems Master certification now dead

I received a very unwelcome e-mail late last night:

Microsoft will no longer offer Masters and Architect level training rotations and will be retiring the Masters level certification exams as of October 1, 2013. The IT industry is changing rapidly and we will continue to evaluate the certification and training needs of the industry to determine if there’s a different certification needed for the pinnacle of our program.

This is terrible news, both for the community of existing MCM/MCSM holders but also for the broader Exchange community. It is a clear sign of how Microsoft values the skills of on-premises administrators of all its products (because all the MCSM certifications are going away, not just the one for Exchange). If all your messaging, directory, communications, and database services come from the cloud (or so I imagine the thinking goes), you don’t need to spend money on advanced certifications for your administrators who work on those technologies.

This is also an unfair punishment for candidates who attended the training rotation but have yet to take the exam, or those who were signed up for the already-scheduled upgrade rotations, and those who were signed up for future rotations. Now they’re stuck unless they can take, and pass, the certification exams before October 1… which is pretty much impossible. It greatly devalues the certification, of course, for those who already have it. Employers and potential clients can look at “MCM” on a resume and form their own value judgement about its worth given that Microsoft has dropped it. I’m not quite ready to consign MCM status to the same pile as CNE, but it’s pretty close.

The manner of the announcement was exceptionally poor in my opinion, too: a mass e-mail sent out just after midnight Central time last night. Who announces news late on Friday nights? People who are trying to minimize it, that’s who. Predictably, and with justification, the MCM community lists are blowing up with angry reaction, but, completely unsurprisingly, no one from Microsoft is taking part, or defending their position, in these discussions.

As a longtime MCM/MCSM instructor, I have seen firsthand the incredible growth and learning that takes place during the MCM rotations. Perhaps more importantly, the community of architects, support experts, and engineers who earned the MCM has been a terrific resource for learning and sharing throughout their respective product spaces; MCMs have been an extremely valuable connection between the real world of large-scale enterprise deployments and the product group.

In my opinion, this move is a poorly-advised and ill-timed slap in the face from Microsoft, and I believe it will work to their detriment.

18 Comments

Filed under FAIL, UC&C

Microsoft releases new OWA apps for iPhone, iPad

Well, this is gonna be fun: Microsoft just released a new native mail/calendar/contacts app (which they’re calling “OWA”) for the iPhone and iPad. A few quick notes:

  • It is only supported with Office 365 wave 15 mailboxes. It may, or may not, work against on-premises Exchange 2013 mailboxes. (Update 130716 1509: Microsoft has in fact committed to on-prem support, but haven’t said when.)
  • It is a native app, with separate versions for iPhone (iPhone 4 and later) and iPad (iPad 2 and later). Both versions require iOS 6. Making a native app rather than just a bound web control means that the app can include some other cool features.. including gesture controls and voice control.
  • It supports Information Rights Management (and, yay, reading signed S/MIME messages). Oh, and it supports delegate access too. Oh, and online Personal Archives… and shared calendars, too!
  • No support for public folders, I’m afraid.
  • It uses Exchange Web Services, not EAS; to the Exchange CAS and mailbox roles, OWA on a device looks almost exactly like OWA in a browser.
  • VOTING BUTTON SUPPORT YES REALLY WOO HOO.
  • It has full offline functionality, powered by a local sqlite database.
  • When you request a remote wipe, the wipe request removes the app and all the data from its device but leaves the rest of the device untouched. This is a huge feature.

Of course, I’ll have full coverage of the app (and how to administer and manage it) in the clients chapter of Exchange 2013 Inside Out: Clients, Connectivity, and Unified Messaging. Until then, grab the client and play with it! I was able to download, install, and use it on my iPad3 without any trouble, but the App Store refused to allow me to download it to an iPhone 4. Stay tuned…

 

1 Comment

Filed under UC&C

Changing the Lync 2013 XMPP listening port

After being asked whether it was possible to change the port on which the Lync 2013 edge role listens for XMPP traffic, I spent some time searching the intertubes for answers, all to no avail. Then I got sidetracked and forgot about it; meanwhile, the person who’d originally asked came back with the answer:

  1. Log in to a Lync front-end server using an account that has CSAdministrator permissions
  2. Run
    Set-CsEdgeServer -Identity fqdn of edge -XMPPInternalPort portYouWant
  3. Restart the Lync Server XMPP Translating Gateway Proxy service.

Voila! Your Lync edge server will now use the port you specify.

Leave a comment

Filed under UC&C

Leaving messages for non-UM-enabled users

Recently I got a good question from a coworker. He was working with a customer who was piloting Exchange Unified Messaging, and the customer was a little confused by a poorly-documented behavior of Exchange UM.

Consider that you have four test users who are UM-enabled: Alex, Brian, Carole, and David. You also have four users with Exchange mailboxes who are not UM-enabled: Magdalena, Nick, Oscar, and Pete.

The customer reported that he could dial the default automated attendant, or into Outlook Voice Access, and use dial by name to call Alex, Brian, Carole, or David.

However, he had Exchange configured to allow callers to leave voice mail messages without ringing the phone first (what I call “the coward setting”; it’s controlled with Set-UMDialPlan –SendVoiceMsgEnabled:$false). He was able to leave messages for Magdalena and the other non-UM-enabled users, which surprised him and generated the question.

This does seem odd. It’s easy to understand why you can leave a message for the first four users: they are UM-enabled, so they have extensions to which Exchange can transfer the call. But why can you leave a UM message for a user who isn’t UM-enabled? It’s because leaving a voice mail directly for a user doesn’t involve ringing an extension, so not having an extension assigned isn’t an obstacle. When you select that user for a message, UM will play the greeting (which is almost certainly going to be the system-generated TTS version of the user name, as a non-UM-enabled user probably will not have recorded a greeting) and record the message, then deliver it through the standard path.

The More You Know…

1 Comment

Filed under UC&C

Does Test-OutlookConnectivity work?

I’m going to have to go with “no, it does not” as my answer, but you can try it for yourself.

First off, the cmdlet documentation says you can specify a probe type, but not what the probe types are. This is an unfortunate oversight, considering that you can’t use the cmdlet without it. However, a little more digging turns up a troubleshooting article that says you can do it like this:

[PS] C:\>Test-OutlookConnectivity -ProbeIdentity 'OutlookMailboxDeepTestProbe' -MailboxId paul@betabasement.com -Hostname betabasement.com

Sadly, when I do that, all I get is an error:

WARNING: Could not find assembly or object type associated with monitor identity 'Outlook.Protocol\OutlookMailboxDeepTestProbe\PAO-EX01'. Please ensure that the given monitor identity exists on the Server.

This duplicates results reported by fellow MVPs Paul Cunningham, Brian Ricks, and others; I’m mentioning it here to help make the community aware of the issue, in the hope that it will soon be fixed in CU2. If you’ve been able to get it to work, please let me know in the comments.

3 Comments

Filed under UC&C