A joint Microsoft and EMC event I’m speaking at.

Outlook Web Access URL simplify – Redirect OWA

This is a very frequently discussed topic, so much so that I along with other recently asked if something could be built into a future version of Exchange to do this out of the box.

Well after asking another Exchange MVP Pat Richard pointed me to a script that he had written which does all that is needed.

Interestingly there is a little more needed than you might think!

IIS 7 and 7.5 which come with Server 2008 and Server 2008 R2 respectively both have a redirect feature which is used as part of Exchange client access to provide for legacy clients.

We can make use of it to allow for OWA redirect from the root site however that requires a bunch of SSL changes. We must turn off the requirement for SSL on the root site to allow the redirect of http://mail.domain.com to https://mail.domain.com/owa.

However doing that in the GUI for the root of the site will also uncheck the require SSL for a bunch of sub-sites (like OWA)! Not what we want at all. Clearly you can go through a manually set things how they should be but using the script Pat provides it is all done for you!

One final thing the script does is set permissions on the OAB web.config file which is created as part of the redirect process.

Oh, and finally it takes a backup before it starts!

To get the script look at Pats blog post here.

For a lot more info on the redirect subject in general including more on the Offline Address Book (OAB) problem check out Henrik’s post here:

So having done this anyone hitting the default website of the CAS server will be redirected to the correct URL.

Finally, in a future post I will investigate how this might change when publishing with ISA/TMG.

Cheers

Nathan

Script to set InternalURL and ExternalURL for all Exchange 2010 Virtual Directories

I’ve been working recently on a series of articles describing how to get Exchange 2010 up and running on a single server.

The aim is to provide small IT shops or those getting started with Exchange 2010 a place to come where they can find out all about the steps needed to get a server operational without having to first wade through the massive help file!

That’s not to say the help file isn’t useful. It is! very very useful. It’s just rather large and intimidating.

In the course of this article, I’ve found that although Exchange 2010 makes more available in the GUI than Exchange 2007 did, there is still not the automation that would make things easy.

For example, when you create a new certificate in the nice new GUI, you enter a whole bunch of information which could then be used to set the relevant URL settings on the multitude of Exchange related virtual directories needed to make things like OWA work properly.

So I started to dig around and found a great script. It started out on the Exchange Ninjas site for Exchange 2007:

http://www.exchangeninjas.com/set-allvdirs

Then another chap got involved and started updating for Exchange 2010:

http://virtualbarrymartin.me/2009/12/29/how-to-setup-exchange-2010-to-use-a-single-certificate-for-internal-and-external-use/

However, he missed a couple of bits, like leaving in the UM virtual directory and not entering the ActiveSync or PowerShell directories. He also didn’t set the OAB to require or not SSL based upon the use of a public certificate.

I’ve fixed those bits and now present the following script which can set all relevant Exchange 2010 virtual directory URLs (both Internal and External) based around a single Exchange 2010 server being connected to the Internet to provide service for a site.

Over time I will probably add more functionality like the ability to set OWA logon type to the email address format (UPN) rather than domain\username.

Hope you find this useful, and more than happy to hear of any improvements that could be made.

Cheers

Nathan

# Script to allow you to set all virtual directories to a common name like mail.company.com

Start-Transcript

# Variables

[string]$EASExtend = “/Microsoft-Server-ActiveSync”
[string]$PShExtend = “/powershell”
[string]$OWAExtend = “/OWA”
[string]$OABExtend = “/OAB”
[string]$SCPExtend = “/Autodiscover/Autodiscover.xml”
[string]$EWSExtend = “/EWS/Exchange.asmx”
[string]$ECPExtend = “/ECP”
[string]$ConfirmPrompt = “Set this Value? (Y/N)”
[string]$NoChangeForeground = “white”
[string]$NoChangeBackground = “red”

Write-host “This will allow you to set the virtual directories associated with setting up a single SSL certificate to work with Exchange 2010.”
Write-host “”
[string]$base = Read-host “Base name of virtual directory (e.g. mail.company.com)”
write-host “”

# =============================================
# Validate if a third party trusted certificate is being used
# because BITS used by OAB downloads won’t use untrusted certificates
[string]$set = Read-host “Is the certificate being used an internally generated certificate? (Y/N)”
Write-host “”

if ($set -eq “Y”)    {
    [string]$OABprefix = “http://”
    [boolean]$OABRequireSSL = $false
}    else    {
    [string]$OABprefix = “https://”
    [boolean]$OABRequireSSL = $true
}

# =============================================
# Build the OAB URL and set the internal Value

Write-host “Setting OAB Virtual Directories” -foregroundcolor Yellow
write-host “”

$OABURL = $OABprefix + $base + $OABExtend

[array]$OABCurrent = Get-OABVirtualDirectory

Foreach ($value in $OABcurrent) {
    Write-host “Looking at Server: ” $value.server
    Write-host “Current Internal Value: ” $value.internalURL
    Write-host “New Internal Value:     ” $OABUrl
    [string]$set = Read-host $ConfirmPrompt
    write-host “”

    if ($set -eq “Y”)    {
        Set-OABVirtualDirectory -id $value.identity -InternalURL $OABURL -RequireSSL:$OABRequireSSL
    } else {
        write-host “OAB Virtual Directory internal value NOT changed” -foregroundcolor $NoChangeForeground -backgroundcolor $NoChangeBackground
    }

    Write-host “Looking at Server: ” $value.server
    Write-host “Current External Value: ” $value.externalURL
    Write-host “New External Value:     ” $OABUrl
    [string]$set = Read-host $ConfirmPrompt
    write-host “”

    if ($set -eq “Y”) {
        Set-OABVirtualDirectory -id $value.identity -ExternalURL $OABURL -RequireSSL:$OABRequireSSL
    } else {
        write-host “OAB Virtual Directory external value NOT changed” -foregroundcolor $NoChangeForeground -backgroundcolor $NoChangeBackground
    }
}

# ============================================
# Build the Autodiscover URL and set the SCP Value

Write-host “Setting Autodiscover Service Connection Point” -foregroundcolor Yellow
write-host “”

$SCPURL = “https://” + $base + $SCPExtend

[array]$SCPCurrent = Get-ClientAccessServer

Foreach ($value in $SCPCurrent) {
    Write-host “Looking at Server: ” $value.name
    Write-host “Current SCP value: ” $value.AutoDiscoverServiceInternalUri.absoluteuri
    Write-host “New SCP Value:     ” $SCPURL
    [string]$set = Read-host $ConfirmPrompt
    write-host “”
    if ($set -eq “Y”)    {
         Set-ClientAccessServer -id $value.identity -AutoDiscoverServiceInternalUri $SCPURL
    }    else {
        write-host “Autodiscover Service Connection Point internal value NOT changed” -foregroundcolor $NoChangeForeground -backgroundcolor $NoChangeBackground
    }
}

# =============================================
# Build the EWS URL and set the internal Value

Write-host “Setting Exchange Web Services Virtual Directories” -foregroundcolor Yellow
write-host “”

$EWSURL = “https://” + $base + $EWSExtend

[array]$EWSCurrent = Get-WebServicesVirtualDirectory

Foreach ($value in $EWSCurrent) {
    Write-host “Looking at Server: ” $value.server
    Write-host “Current Internal Value: ” $value.internalURL
    Write-host “New Internal Value:     ” $EWSUrl
    [string]$set = Read-host $ConfirmPrompt
    write-host “”

    if ($set -eq “Y”)    {
        Set-WebServicesVirtualDirectory -id $value.identity -InternalURL $EWSURL
     } else {
        write-host “Exchange Web Services Virtual Directory internal value NOT changed” -foregroundcolor $NoChangeForeground -backgroundcolor $NoChangeBackground
     }

    Write-host “Looking at Server: ” $value.server
    Write-host “Current External Value: ” $value.externalURL
    Write-host “New External Value:     ” $EWSUrl
    [string]$set = Read-host $ConfirmPrompt
    write-host “”

    if ($set -eq “Y”)    {
        Set-WebServicesVirtualDirectory -id $value.identity -ExternalURL $EWSURL
    } else {
        write-host “Exchange Web Services Virtual Directory external value NOT changed” -foregroundcolor $NoChangeForeground -backgroundcolor $NoChangeBackground
    }
}

# =============================================
# Build the PowerShell URL and set the internal Value

Write-host “Setting UM Virtual Directories” -foregroundcolor Yellow
write-host “”

$PShURL = “http://” + $base + $PShExtend

[array]$PShCurrent = Get-PowerShellVirtualDirectory

foreach ($value in $PShCurrent) {
    Write-host “Looking at Server: ” $value.server
    Write-host “Current Internal Value: ” $value.internalURL
    Write-host “New Internal Value:     ” $PShUrl
    [string]$set = Read-host $ConfirmPrompt
    write-host “”

    if ($set -eq “Y”) {
        Set-PowerShellVirtualDirectory -id $value.identity -InternalURL $PShURL
    } else {
        write-host “PowerShell Virtual Directory internal value NOT changed” -foregroundcolor $NoChangeForeground -backgroundcolor $NoChangeBackground
    }

    Write-host “Looking at Server: ” $value.server
    Write-host “Current External Value: ” $value.externalURL
    Write-host “New External Value:     ” $PShUrl
    [string]$set = Read-host $ConfirmPrompt
    write-host “”

    if ($set -eq “Y”) {
        Set-PowerShellVirtualDirectory -id $value.identity -ExternalURL $PShURL
    } else {
        write-host “PowerShell Virtual Directory external value NOT changed” -foregroundcolor $NoChangeForeground -backgroundcolor $NoChangeBackground
    }
}

# =============================================
# Build the ECP URL and set the internal Value

Write-host “Setting ECP Virtual Directories” -foregroundcolor Yellow
write-host “”

$ECPURL = “https://” + $base + $ECPExtend

[array]$ECPCurrent = Get-ECPVirtualDirectory

foreach ($value in $ECPCurrent) {
    Write-host “Looking at Server: ” $value.server
    Write-host “Current Internal Value: ” $value.internalURL
    Write-host “New Internal Value:     ” $ECPUrl
    [string]$set = Read-host $ConfirmPrompt
    write-host “”

    if ($set -eq “Y”) {
        Set-ECPVirtualDirectory -id $value.identity -InternalURL $ECPURL
    } else {
        write-host “ECP Virtual Directory internal value NOT changed” -foregroundcolor $NoChangeForeground -backgroundcolor $NoChangeBackground
    }

    Write-host “Looking at Server: ” $value.server
    Write-host “Current External Value: ” $value.externalURL
    Write-host “New External Value:     ” $ECPUrl
    [string]$set = Read-host $ConfirmPrompt
    write-host “”

    if ($set -eq “Y”) {
        Set-ECPVirtualDirectory -id $value.identity -ExternalURL $ECPURL
    } else {
        write-host “ECP Virtual Directory external value NOT changed” -foregroundcolor $NoChangeForeground -backgroundcolor $NoChangeBackground
    }
}

# =============================================
# Build the OWA URL and set the internal Value

Write-host “Setting OWA Virtual Directories” -foregroundcolor Yellow
write-host “”

$OWAURL = “https://” + $base + $OWAExtend

[array]$OWACurrent = Get-OWAVirtualDirectory

foreach ($value in $OWACurrent) {
    Write-host “Looking at Server: ” $value.server
    Write-host “Current Internal Value: ” $value.internalURL
    Write-host “New Internal Value:     ” $OWAUrl
    [string]$set = Read-host $ConfirmPrompt
    write-host “”

    if ($set -eq “Y”) {
        Set-OWAVirtualDirectory -id $value.identity -InternalURL $OWAURL
    } else {
        write-host “OWA Virtual Directory internal value NOT changed” -foregroundcolor $NoChangeForeground -backgroundcolor $NoChangeBackground
    }

    Write-host “Looking at Server: ” $value.server
    Write-host “Current External Value: ” $value.externalURL
    Write-host “New External Value:     ” $OWAUrl
    [string]$set = Read-host $ConfirmPrompt
    write-host “”

    if ($set -eq “Y”) {
        Set-OWAVirtualDirectory -id $value.identity -ExternalURL $OWAURL
    } else {
        write-host “OWA Virtual Directory external value NOT changed” -foregroundcolor $NoChangeForeground -backgroundcolor $NoChangeBackground
    }
}

# =============================================
# Build the EAS URL and set the internal Value

Write-host “Setting EAS Virtual Directories” -foregroundcolor Yellow
write-host “”

$EASURL = “https://” + $base + $EASExtend

[array]$EASCurrent = Get-ActiveSyncVirtualDirectory

foreach ($value in $EASCurrent) {
    Write-host “Looking at Server: ” $value.server
    Write-host “Current Internal Value: ” $value.internalURL
    Write-host “New Internal Value:     ” $EASUrl
    [string]$set = Read-host $ConfirmPrompt
    write-host “”

    if ($set -eq “Y”) {
        Set-ActiveSyncVirtualDirectory -id $value.identity -InternalURL $EASURL
    } else {
        write-host “EAS Virtual Directory internal value NOT changed” -foregroundcolor $NoChangeForeground -backgroundcolor $NoChangeBackground
    }

    Write-host “Looking at Server: ” $value.server
    Write-host “Current External Value: ” $value.externalURL
    Write-host “New External Value:     ” $EASUrl
    [string]$set = Read-host $ConfirmPrompt
    write-host “”

    if ($set -eq “Y”) {
        Set-ActiveSyncVirtualDirectory -id $value.identity -ExternalURL $EASURL
    } else {
        write-host “EAS Virtual Directory external value NOT changed” -foregroundcolor $NoChangeForeground -backgroundcolor $NoChangeBackground
    }
}
Stop-Transcript

Exchange 2010 Storage Improvement

In the last couple of weeks I’ve been putting together a couple of presentations for the Dimension Data Next Generation Messaging launch which is focussed on moving people on from Exchange 2003.

The webcasts will be online soon and when they are I will put up a link.

However, in the mean time here are some of the resources I used whilst preparing the deck/session on Exchange 2010 Storage Improvements.

The biggest thanks, help came from Matt Gossage and his presentation from TechED US 2009. Matt is the Product Manager responsible for storage at Microsoft and did a great job explaining things!

http://www.msteched.com/online/view.aspx?tid=37c931bf-db0c-40d6-9cd5-8a3fb468ac8d

Obviously also inspired by that presentation was Mahmoud Magdy who works for Enow Consulting. He put together a three article series on Exchange 2010 storage here:

http://www.enowconsulting.com/ese/2010/01/understanding-exchange-2010-storage.html

http://www.enowconsulting.com/ese/2010/01/understanding-exchange-2010-storage_19.html

http://www.enowconsulting.com/ese/2010/03/understanding-exchange-2010-storage.html

On top of the above there are clearly numerous resources some of the most useful were:

Mailbox Server Storage Design:

http://technet.microsoft.com/en-us/library/dd346703.aspx

The Exchange 2010 Large Mailbox Vision Whitepaper

http://www.microsoft.com/downloads/details.aspx?FamilyID=e3303d34-af6c-4108-861b-dc05f9cf3e76&displaylang=en

Dude, Where’s my single instance?

http://msexchangeteam.com/archive/2010/02/22/454051.aspx

All in all hopefully that is a useful list and that you might also find my deck below useful.

Cheers

Nathan

Virtualizing Exchange

Hi,

Not much insight here I know, but I was researching this topic for a friend today and thought the collection of links might at least be useful!

Microsoft Virtualization: Best Choice for Exchange Server

http://msexchangeteam.com/archive/2009/09/03/452309.aspx

Should You Virtualize Exchange 2007 SP1?

http://technet.microsoft.com/en-us/library/dd535371(EXCHG.80).aspx

Exchange 2010 System Requirements

http://technet.microsoft.com/en-us/library/aa996719.aspx

Microsoft Support Policies and Recommendations for Exchange Servers in Hardware Virtualization Environments

http://technet.microsoft.com/en-us/library/cc794548(EXCHG.80).aspx

TechNet Webcast – Microsoft Virtualisation Best Practices for Exchange Server (Level 300)

https://msevents.microsoft.com/CUI/WebCastEventDetails.aspx?culture=en-US&EventID=1032428204&CountryCode=US

Cheers

Nathan

My UK TechDays Presentation – Exchange 2010 IPC

Hi,

As promised here is the first of my posts following up my presentation at UK TechDays 2010.

The topic of the talk was Exchange 2010 Information Protection and Compliance.

The whole day went very well and I believe, it was a full house at approx. 380 people. Even at the end of my slot, the last of the day, there were still well over half the audience left!

Key questions that were raised after my session were around the use of Transport rules and the flexibility they offer, the use of MailTips as a user prompt based on message content and what the future holds for Exchange Hosted Services archive.

Over the next couple of weeks I will be posting further articles on setup of the demo labs for my presentation and will try and address the above questions too!

For now, here are my slides:

I’m Presenting on Exchange 2010 Protection and Compliance at Microsoft UK TechDays 2010

Hi,

Given by the lack of posts over the weekend you might think I was taking it easy having a nice Easter weekend!

Well no! I was working somewhat manically with Exchange 2010 and Windows Server 2008 R2 Active Directory Rights Management.

I spent the best part of 3 days working to build the demos I will need for my slot at TechDays UK which is being held next week starting April 12th in various locations around London.

For more info the basic home page is here: http://www.microsoft.com/uk/techdays/default.aspx

I think it is pretty much booked up but the good news is that the sessions will be videoed and available for streaming after the event.

My slot covers all things Information Protection and Compliance in Exchange 2010 so I will be covering Personal Archive, Retention policies, Legal hold and Multi-Mailbox Search and also Info Rights Management, Transport Rules, Moderation and MailTips.

For more about my slot see the link here and look at Tuesday!

http://www.microsoft.com/uk/techdays/default.aspx

Cheers

Nathan

Exchange 2010 IRM Journal Decryption Documentation error

Hi,

I’ve been playing around with AD RMS and Exchange 2010 integration and believe  have come across a documentation error.

First a quick summary of the feature from the help file:

Enabling journal report decryption allows the Journaling agent to attach a decrypted copy of a rights-protected message to the journal report. Before you enable journal report decryption, you must add the Federated Delivery mailbox to the super users group configured on your Active Directory Rights Management Services (AD RMS) server.

In the follow doc which describes how to configure (enable/disable) journal report decryption:

http://technet.microsoft.com/en-us/library/dd638092.aspx

The command to enable journal report decryption is wrong:

It currently reads:

Set-IRMConfiguration -JournalReportEncryptionEnabled $true

I believe it should read

Set-IRMConfiguration -JournalReportDecryptionEnabled:$true

Microsoft have logged the bug so hopefully there will be an updated copy soon!

Cheers

Nathan