Exchange 2016 Preview is out!

Quick post, plan on coming out with a What’s New & Cool post when I can find some time.

Just posted to the Exchange Team blog here: http://blogs.technet.com/b/exchange/archive/2015/07/22/announcing-exchange-server-2016-preview.aspx. Below is a summary of the content from this EHLO Blog post

You can download Exchange 2016 preview here and see the introduction to Exchange 2016 from Ignite here.

Here some key changes & new features in 2016

  1. Simplified architecture -> Only one role
    • In most environment it was recommended to deploy all-in-one servers starting with Exchange 2013 and now this is the only option. Check out this Exchange 2016 architecture overview by Ross Smith for more details
  2. Improved reliability
    • Failovers are now 33% faster than 2013, part of this is due changes in how the passive node works
    • Passive node will use the local DB copies to perform index updates, this reduces network overhead by 40% and decreases failover time
    • Replay Lag Manager is enabled by default, see this great blog post by Tony Redmond: The underappreciated Exchange Replay Lag Manager. This feature is in 2013, but disabled by default
  3. Faster and improved search
    • Multiple changes have been made to significantly improve server side search performance
    • Outlook 2016, even when in cached mode, will also utilized the server side search to improve Outlook search performance
    • The search UI in both OWA and Outlook 2016 has been made more intuitive and search results are influenced based on people you communicate with, your mailbox content, and search history
  4. OWA – Outlook Web App improvements
    • There is a big focus to make OWA work across the many different devices and form factors out there and it shows in 2016
    • New features include: Sweep, Pin, Undo, inline reply, ability to propose new time for meeting invites, a new single-line inbox view, improved HTML rendering, better formatting controls, ability to paste inline images, new themes, and emojis, to name a few
  5. Auto-expanding archives
    • For users who have VERY large archiving mailboxes, when they hit 100GB Exchange 2016 will automatically deploy auxiliary archive mailboxes 50GB at a time. These additional mailboxes will all be merged into one from a client perspective, similar to the way modern Public Folders work in Exchange 2013 and higher
  6. Enhanced Data Loss Prevention (DLP)
    • Building on the DLP support in Exchange 2013, 30 new sensitive information types have been added
    • DLP can now be configured in transport using a 3rd party classification system
  7. Faster and more scalable eDiscovery
    • Building on the overhaul of the search architecture to support asynchronous and distributing the work across multiple servers results will be returned much faster
    • Public Folder support added, including for retention hold
    • Unlimited mailboxes searches, via cmdlet, are also supported now
  8. Hybrid improvements
    • Support has been improved in multiple ways
  9. Greater extensibility
    •  Both Outlook desktop and OWA both support a better Add-In model
Posted in Exchange | Tagged | Leave a comment

I got married 5/15/2015 15:15 and life has been very busy for the last year…

This past year has been VERY busy, well the past three have, and I’ll blame this on the three children I’m now helping to raise. Well worth the time investment!

Two of those are Rose’s, my partner/companion/wife as of 5/15/2015. We have been together for 3.5 years and she has two children: Alex 8 and Elizabeth 12. In addition, my niece Autumn, 16, moved it with us two years ago. So the previous bachelor pad has mostly been turned into a family & kids zone :)

If you’re curious you can view pictures of our wedding here on Facebook or Flickr here (pro pics) or here for friends & personal pictures of the wedding, party, and preparation.

I also changed jobs in Sept 2014, when I joined Commvault Systems as a Solutions Specialist focusing on Microsoft Infrastructure (AD, Exchange, SharePoint, SQL, server) technologies. In this role I work with sales and customers to help them understand how Commvault works with Microsoft solutions and to how to best deploy both to meet their data management and regulatory & other organizational requirements for data retention, reporting, eDiscovery, and more.

So to my blog hasn’t been updated much this year, so I apologize for that.

Posted in Personal | Tagged | Leave a comment

New Drive Shipping Technology in Microsoft Exchange Server 2016

4/2: The post below was posted as an April fools joke :)

Repost from:
https://www.facebook.com/groups/MSEX2013/permalink/1031304146898702/
by Boris Lokhvitsky

In the modern messaging world, there is a clear and apparent trend for increasing volume of messaging data communicated, accumulated and stored in Microsoft Exchange mailboxes. Growing mailbox capacity expedites adoption for large 6TB and 8TB hard drives used in the storage solutions for Microsoft Exchange. This also creates significant challenges for database replication, which is a cornerstone technology providing data redundancy and high availability to Exchange mailboxes. Despite the high bandwidth networks becoming more and more common for most customers, even 10 Gbps networks have challenges processing bandwidth intensive Exchange database replication and indexing.

It is an easy though not obvious math exercise to realize that the process of offline data shipping using hard drives as a carrier is capable to achieve much higher data throughput than any currently available network technologies can provide. For example, shipping just 1,000 8TB hard drives across the United States using UPS service takes only 5 business days (and could be further expedited using rush delivery option), which translates into the bandwidth of ~150 Gbps – far exceeding the capability of the most advanced WAN links available today!

Inspired by this consideration, Microsoft Exchange team started working to implement drive shipping as the new data replication technology. As you know, we already work on implementing drive shipping in Office 365 as an efficient mechanism to import PST files, which is provided as part of Azure Import Export Service:
http://www.msexchange.org/…/drive-shipping-and-network-base…

Today, we are happy to announce that in the upcoming Microsoft Exchange Server 2016 we will completely switch to the drive shipping technology. It will replace transaction log shipping currently used in Exchange DAGs for database replication. New replication process will be still controlled by Microsoft Exchange Replication service, which is completely reworked and now integrated with U.S. Postal Service (via postal.dll component) and with leading courier delivery services such as FedEx and UPS.

Only 3.5 inch SATA II/III hard drives are currently supported for use with the drive shipping service. Hard drives larger than 8TB are not supported. For import jobs, only the first data volume on the drive will be processed. The data volume must be formatted with NTFS.

Service agreement with existing Office 365 customers will include necessary supply of the drives required for drive shipping. For the on premises customers, Enterprise license for Exchange 2016 will include one-year service agreement with leading U.S. courier delivery services – FedEx and UPS.

Our product roadmap does not stop there. Microsoft is currently working to implement the new drive shipping transport protocols based on drone delivery. If successful, the drone delivery architecture might also replace the outdated and inefficient SMTP protocol currently still being used for e-mail transmission.

We hope that all customers realize the benefits and advantages of the new drive shipping technology and start enjoying new functionality coming in Exchange Server 2016!

by Boris Lokhvitsky
April 1, 2015

Posted in Exchange | Tagged | 2 Comments

KB3002657 v2 release for Windows 2003 – Fixes authentication issues on 2003 DCs

For details on this issue see my blog post here: Warning: KB3002657 can break authentication, with Exchange and other apps & devices

Microsoft added this note to the MS15-027 post

V2.0 (March 16, 2015): To address a connectivity issue with update 3002657 when installed on supported editions of Windows Server 2003, Microsoft released update 3002657-v2 for all supported editions of Windows Server 2003. Customers who have not already installed the 3002657 update should install update 3002657-v2 to be fully protected from this vulnerability. To avoid the possibility of future detection logic problems, Microsoft recommends that customers running Windows Server 2003 who have already successfully installed the 3002657 update also apply update 3002657-v2 even though they are already protected from this vulnerability. Customers running other Microsoft operating systems are not affected by this rerelease and do not need to take any action. See Microsoft Knowledge Base Article 3002657 for more information.

Download KB3002657 v2 here: x86 | x64 | Itanium

Posted in Technical, Windows | Tagged , , | 1 Comment

Exchange 2013 CU8, 2010 SP3 UR9, & 2007 SP3 UR16 Released

3/23 Update: AD Schema changes are not made if already running 2013 CU7
3/19 Update: Added info on Public Folder scalability improvements

Exchange 2013 CU8, 2010 SP3 CU9, and 2007 SP3 UR16 were released on 3/17/2015

2013 CU8 | Download | KB3030080 | EHLO Post
2010 SP3 UR9 | Download | KB3030085| EHLO Post
2007 SP3 UR16 | Download | KB3030086| EHLO Post
Some of the above KBs may not be available yet, but should be within 24 hours

Key changes in 2013 CU8

  1. Public Folders
    1. Scalability improvements
      1. Up to 1 million Public Folders on 2013, a 400% increase from CU7!
        • Still limited to 100 PF Mailboxes and 100,000 Folders per PF Mailbox
      2. Up to 500,000 legacy (2007 or 2010) Public Folders being migrated to 2013
    2. Support for accessing Calendar & Contacts folders in OWA
    3. Adding favorite folders in Outlook
    4. Improved throughput and migration experience to 2013
      • Throughput is increased via multiple moves being carried at once, one per target Public Folder mailbox
  2. ActiveSync redirection to Office 365, after mailboxes are moved from on-premises to O365
    • Both Exchange 2013 CU8 and 2010 SP3 UR9 include this support
  3. Updates to AD schema
    • Only if running 2013 CU6 or earlier, CU7 & CU8 have the same schema updates

Also see Tony Redmond’s post on this “boring” update: Exchange 2013 CU8 appears. Instant boredom ensues – but for the best possible reason which is a good thing :)

Exchange 2010 & 2103 ActiveSync with hybrid deployments improvements

With Exchange 2013 Cumulative Update 8 and Exchange 2010 SP3 RU9, improvements have been made to Exchange ActiveSync in a hybrid deployment with Office 365. Previously, when a mailbox was moved from an on-premises Exchange server to Office 365, the user’s mobile device would stop syncing with their mailbox. To resolve this issue, the user would need to reconfigure it, to point to m.outlook.com, or recreate the email account on their device.  With the release of Exchange 2013 CU8 and Exchange 2010 SP3 RU9, Exchange will now automatically redirect the mobile device, if it supports this, to Office 365 when the mailbox is moved. With only a few exceptions, the user no longer needs to manually set up their device for mail to keep working. In addition to Exchange 2013 CU8, automatic redirection is supported in the following scenarios:

  • Exchange 2007 on-premises organizations (not supported)
  • Exchange 2010 on-premises organizations where the following is true:
    • All Exchange 2010 Client Access servers are running at least Exchange 2010 SP3 UR9
    • A hybrid deployment was configured using the Exchange Hybrid Configuration wizard
  • Mix Exchange 2010 and Exchange 2013 on-premises organizations where the following is true:
    • A hybrid deployment was configured using the Exchange Hybrid Configuration wizard
    • All Client Access servers have been replaced with either Exchange 2013 CU8 Client Access servers (with at least one Exchange 2013 CU8 Mailbox server) or Exchange 2010 SP3 UR9 Client Access servers

If your organization meets the requirements listed above, mobile devices should automatically be redirected to Office 365 when a user’s mailbox is moved, without any additional configuration. For the best experience, make sure your users’ mobile devices are running the latest versions of their operating systems and e-mail clients. Some mobile devices, such as those running the Android operating system, might not correctly interpret the Exchange ActiveSync 451 redirection instructions sent by Exchange. For these devices, users will still need to manually reconfigure or recreate their email account on the device. If you have questions about whether a device supports Exchange ActiveSync 451 redirection, contact the device manufacturer.

Changes coming in CU9, that were initially on the list for CU8

OWA logoff behavior will change in CU9, see this EHLO article for more details: OWA Forms Based Auth Logoff Changes in Exchange 2013 Cumulative Update 9. This does affect clients using TMG, so read this article to be prepared for the changes coming in CU9.

Also coming in CU9, is the ability to have Sent Items from a shared mailbox to got the shared mailbox Sent Items folder vs. the sending user’s. See this EHLO article for more details: Want more control over Sent Items when using shared mailboxes?

Exchange 2007 SP3 UR16 only change is an update to time zones.

Known Issues

If major issues come up with these updates I will add a section on Known issues later. For Known Issues and updates in 2013 CU7 see: Exchange 2013 CU7, 2010 SP3 UR8, 2007 SP3 UR15 released & Known Issues

Posted in Exchange, Technical | Tagged , , , | 1 Comment

Warning: KB3002657 can break authentication, with Exchange and other apps & devices

Last Updated: 3/17/15: Microsoft added this note to the MS15-027 post

V2.0 (March 16, 2015): To address a connectivity issue with update 3002657 when installed on supported editions of Windows Server 2003, Microsoft released update 3002657-v2 for all supported editions of Windows Server 2003. Customers who have not already installed the 3002657 update should install update 3002657-v2 to be fully protected from this vulnerability. To avoid the possibility of future detection logic problems, Microsoft recommends that customers running Windows Server 2003 who have already successfully installed the 3002657 update also apply update 3002657-v2 even though they are already protected from this vulnerability. Customers running other Microsoft operating systems are not affected by this rerelease and do not need to take any action. See Microsoft Knowledge Base Article 3002657 for more information.

Download KB3002657 v2 here: x86 | x64 | Itanium

The v1 KB3002657 update, which addresses issues in MS15-027,  breaks authentication for some applications and devices that use NTLM for authentication. This includes SMB/SMB2/SMB3, used for file shares and NAS, and other clients. It can also break IIS integrated authentication, even if set to Basic per some reports. Your issues will vary depending on Domain Controller version, 2003 seems to be affected the most, and server OS.  This vulnerability is also known as CVE-2015-0005.

Windows 2003 DCs using NTLM authentication is affected by this update. There have been reports of other OS versions being affected, but those have not been confirmed.

MS15-027: Vulnerability in NETLOGON Could Allow Spoofing:

This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow spoofing if an attacker who is logged on to a domain-joined system runs a specially crafted application that could establish a connection with other domain-joined systems as the impersonated user or system. The attacker must be logged on to a domain-joined system and be able to observe network traffic.

In most cases, after installing this update on a Windows 2003 DC, users will be prompted for authentication over and over, without success. With Exchange it seems to break OWA, Outlook Anywhere, and even mail delivery (server to server authentication) in some environments.

Workaround: Install v2 of KB3002657 or switch to Kerberos authentication if possible. Download v2: x86 | x64 | Itanium

See this articles for more details

I was 1st made aware of this issue on the Exchange 2013 Information Sharing Group on Facebook, but also came up in mailing list I follow. This update, KB3002657, causes authentication issues with SharePoint, Exchange, SQL, and more. Mainly it also breaks AD authentication against Windows 2003 domain controllers.

In addition, this update may break authentication with other systems\applications, for example the EMC Isilon and Dell FS Series NAS can fails to authenticate. Microsoft has included the following note on the KB:

SMB/SMB2/SMB3 clients may experience logon failures to an EMC Isilon cluster when they authenticate by using the NTLMSSP (NT LAN Manager Security Support Provider) provider. Data that resides on EMC Isilon clusters is unavailable to SMB/SMB2/SMB3 clients. This results in data unavailable (DU) failures. Authentication failures may also affect clients that try to access data through HTTP-based protocols such as RAN.

Workaround: Use the Kerberos protocol to authenticate Active Directory domain users.

Posted in Exchange, SharePoint, Technical, Windows | Tagged , , , , | 13 Comments

Microsoft Exchange 2010 end of mainstream support ended 1/13/14

If you are still running Exchange 2010 you now have limited support options, without an extended support contract. Microsoft will still provide security updates to it until 1/14/2020 and may provide other updates for 2010 SP3, but no guarantees on those, and only those with an Extended Hotfix Support contract are entitled to them officially.  “Mainstream” support ended on 1/13/2014, see Microsoft Support Lifecycle details on Exchange 2010 here. Pay support is still provided, but if you come across a bug/issue don’t expect a hotfix for it. The content in TechNet and other forums will still be available and is pretty solid after 5 years.

So if you’re organization is still on Exchange 2010 you need to be looking at migrating to Exchange 2013 or Office 365 ASAP!

From: http://support2.microsoft.com/gp/lifepolicy and see the Lifecycle support FAQ here.

Exchange Support

Posted in Uncategorized | 1 Comment