Exchange 2013 & 2016 quarterly updates out

Today, 9/20/2016 Microsoft release CU14 for Exchange 2013 and CU3 for 2016.

EHLO Blog post: Released: September 2016 Quarterly Exchange Updates

Exchange 2013 | Download CU14 | KB3177670

Exchange 2016 | Download CU3 | KB3152589

Exchange 2016 Key Updates

  • Windows Server 2016 Support
    • Also includes .Net 4.6.2 support, on Windows 2016 Only currently
    • .Net 4.6.2 support will be required by March 2017, which will be supported on Windows 2008 R2 and higher by then
  • Local indexing for search or “Read from Passive” support – Starting with CU3 the local DB, passive or active, will be used to index the content in the DB for search. Before CU3 servers hosting passive copies had to query the active copy of the DB to create the local search index. This change may result in up to a 40% reduction in bandwidth. This may also speed up failovers since the passive copy no longer need to query the active copy and make local updates before being made active. Lagged copies will still need to communicate coordinate with the active copy.
  • A data loss scenario was addressed with Public Folder migration (KB3161916)
  • AD scheme is updated with CU3
  • Pre-requisite install behavior changed so server is not placed in off-line monitoring state at the start of the install, now this is only done once the pre-requisite checks are done and the install of binaries is started

 

There are no key updates in Exchange 2013 CU14.

PS: Exchange 2007 End of Life (EOL) is now only seven months away, 4/11/2017, after this date 2007 will not longer be covered under extended support. Read more here. If you are still on 2007 you need to be migrating off of it NOW!

Posted in Exchange, Microsoft, Technical | Tagged , | Leave a comment

Calendar Sharing across Devices w/ Exchange

Starting in Exchange 2010 you have been able to share your calendar, if enabled at the organization level, with anyone on the Internet anonymously. This can still be done today with Exchange 2016 and Office 365 in the ICS (iCAL), which can be used by most email\calendar clients, and HTML formats.

Personally, I use this support so I can view my wife and two teenager’s calendars and they can view my personal and work calendar. From a professional standpoint, this would be great for a manager to view his team member’s calendars or an admin assist to be able to view their manager’s calendar, from their mobile devices. The ActiveSync protocol, used by most mobile devices, does not support delegated mailbox or calendar access. So access team member or other people’s calendars from mobile devices has to be setup manually.

For this to work your Exchange or EXO instance must be setup for Internet calendar publishing. This can be done via PowerShell or EAC. See the steps in this TechNet article for EMS and ECP directions, ECP steps below. This support can also be enabled between Exchange\O365 orgs and to certain domains if you want to limit the support to partners, for example. In my case I have an Anonymous sharing rule so anyone, that I give the URL to can access our calendars.

To Enable individual calendar sharing, in ECP for Exchange 2013+ or EXO, at the org level

  1. Open ECP and goto the organization menu
  2. Under “Individual Sharing” click the + (plus) button
  3. Give the sharing policy a name, like Anonymous calendar sharing
  4. Under “Define sharing rules for this policy” click the + (plus) to create a new Sharing Rule
    1. Choose Sharing with a specific domain
    2. Enter “Anonymous” for the domain name, to allow anyone to be able to access the calendars shared by user
      Note: This rule only allows users to share their calendars but does not share them for them automatically, this is still an action the users have to take.

      1. Check Share your calendar folder
      2. Then choose the level of calendar info to share, for anonymous I recommend free/busy with time only or free/busy with time, subject, and location.
        Note: If you choose All attachment and details in the meeting body will also be shared
  5. Click Save
    sharing-settings

Now that calendar sharing is enabled, users will need to Opt-In if they want someone to be able to access their calendar anonymous from the Internet.

Enabling sharing for a user and get their ICS URL for the calendar

These steps are for Exchange 2016; this can also be done in Exchange 2010 & 2013 but the steps vary.

These steps should be carried out by the end user.

  1. Open the OWA Calendar options
    1. In OWA, goto the Setting “gear” and choose Options
      owa-options
    2. In Outlook 2013+, goto your calendar and right click on it and choose Publish This Calendar
      outlook-publish
  2. Once in OWA, expand Calendar and choose Publish calendar
    owa-publish
  3. Under “Select permissions” choose Limited details or Availability only then click Save
  4. Note: Users can only share details up to the level set at the org policy level earlier
  5. After clicking Save two URLs will be displayed
    1. The HTML one will use OWA to display a read-only version of that person’s calendar
    2. ICS is the iCAL format that can be shared with others so they can view the calendar in their email clients
  6. Email\share the ICS URL with those you want to be able to view your calendar in their email client

Adding a shared calendar to an iOS device

Give the long URL, you will want to email the ICS URL to those that you want to share it with. In my environment I setup custom short URL for ours, like calendar.company.com/Jason, and one for my wife and each of our teenagers.

  1. Copy the ICS URL on the iOS device that are setting up access to another calendar on
  2. Goto Settings\Mail, Contacts, Calendars
  3. Click Add Account
  4. Choose Other
  5. Choose Add Subscribed Calendar
  6. Paste the ICS URL and click Next
  7. Enter a friendly name for the calendar when prompted, the other fields can be left blank
  8. This calendar should now show up in the Calendars app

Adding a shared calendar to in Outlook

These steps are only needed for calendars outside of the Exchange org your mailbox is in, also not required if there is an org sharing relationship setup between your org and theirs.

  1. Goto Outlook Calendar
  2. Right click on Other Calendars and choose Add Calendar\From Internet…
    outlook-add
  3. Paste in the ICS URL

Adding a shared calendar to in Google Calendar

  1. Goto https://calendar.google.com
  2. Next to “Other calendars” click the down arrow and choose Add by URL
    google-add
  3. Paste in the ICS URL, which should have been sent to the Gmail user via email

Using the steps above, you have enabled anonymous calendar sharing and given users the ability to share their calendar with anyone on the Internet. Furthermore, I covered how to add a calendar shared from Exchange\OWA to iOS, Outlook, and Gmail.

Posted in Exchange, Microsoft, Technical | Tagged | Leave a comment

Exchange 2016 CU2 and 2013 CU13 are out

Microsoft released the latest update to Exchange 2013 and 2016 on 6/21/2016. No major changes, but the DAG auto rebalancing and finally .NET 4.6.1 support are much desired changes. The new DAG feature is important to larger environments and the .NET support is important since 4.6.1 is an automatically suggested update and will cause issues on Exchange, unless you update to CU2\CU13 before install it.

EHLO Blog Post on this: https://blogs.technet.microsoft.com/exchange/2016/06/21/released-june-2016-quarterly-exchange-updates/

Tony Redmon’s post: https://www.itunity.com/article/excitement-good-news-exchange-quarterly-updates-3412

Key Changes

Other Changes

  • 2016: Get-ExchangeServer cmdlet updated to include rule definitions. Not a big deal, since 2016 servers will either be a Mailbox of Edge server
  • 2016: Self-signed certificates will now use SHA-2

2016 CU2 Key Fixes

2013 CU13 Key Fixes

Posted in Exchange, Microsoft, Technical | Tagged , | Leave a comment

20 Years on Exchange and 30 years on email

I don’t recall the exact date, but when I worked at Digital Equipment Corporation (DEC), 1994-1996, I got a beta version of Exchange 4.0 in late 1995. Having worked with MS:Mail, VMS Mail (ALL-IN-1), and several other email systems I really wanted to see the new mail server from Microsoft.

So using my DEC AXP150, running a true 64-bit processor in 1995!, test box running Windows NT 3.51 64-bit. I installed my 1st version of Exchange 4.0 beta (64-bit also) and started down the path of being a Microsoft Exchange consultant and expert.

Initially, this was just a test system but our team of ~30 quickly moved it for our primary communications. We were on the Microsoft PC Apps support team and really didn’t like the character only messaging systems we had been using. Within a few months, it expanded to the PC hardware support and other teams and when I left DEC, in early 1996, we had over 200 mailboxes on two different Alpha based Exchange 4.0 beta servers. When I was leaving DEC I chatted with our corporate IT staff about their planned roll-out of Exchange, which had Tony Redmond (fellow Exchange MVP) on the team. It wasn’t until around early 2000s that Tony and I reconnected and realized we had talked about Exchange about 10 years earlier when we were both at DEC.

At home, where I ran a 12 node BBS and mini ISP, I continued to run NetScape Mail until Exchange 5.0 came out with OWA support in 1997.

My 1st email system I ever setup was actually about 30 years ago, in 1986 when I was sysop on multiple  WWIV BBSs that were integrated into the FidoNet. Back in those days you could still send an email around the county or world, but it would take many days to get to some locations. We were limited to 300 baud, or about 300 characters per sec, and long distance phone calls were expense, but the rates dropped in the middle of the night. So Fido net would store and queue up message during the day, then at a schedule time when long distance was cheaper it would call a BBS in another city. This process would repeat until your message got from your BBS to the user on the target BBS. It was common for a message to take days to get across the county initially, but hubs were setup and Delphia & Compuserve start providing quicker routing in the early 90s.

Today, we commonly see single emails that were many times the size of our entire mailboxes in Exchange 4.0. We started out with 10MB mailbox I believe on Exchange 4.0 at DEC, now I host mailbox for friends and family on Exchange 2016 out of my house that have a 10GB limit by default🙂

Posted in Exchange, Technical | Tagged | 2 Comments

Odd Transport Issue: Mail Stuck in internal queues

A week or so ago I started to notice messages getting stuck in the queues on one of my Exchange 2013 servers. My troubleshooting included restarting services, applying the latest CU, statically setting IPv6 address, and looking though logs but I was unable to find the issue. What I did see in the logs, at the end of this post, were connection rejected and DNS errors that looked related to IPv6. So in an effort to see if IPv6 was really the issue I setup static IPv6 addresses on the Exchange servers, but that didn’t help. After exhausting many other things and getting tired of copying the mail.que files from one server to another to get the messages delivered, I finally called PSS\Microsoft Support.

PSS started out by checking basic name resolution, which was working. Then check IP and DNS settings on the NICs, where were fine. Then they checked for static DNS server settings on the transport services, I didn’t think of that and should have!

This is where they found the problem. Somehow the IPv6 address for the DNS servers was set on the backend transport service on my IZSRVEX01 server, the one were the queues were backing up. Messages both to be delivered to the Internet, via O365, and to internal mailboxes, even if on the local server, were getting stuck.

Here are the cmdlets PSS ran to find these settings:

Get-TransportService | ft  name, *DNSAdapterGuid
Get-FrontendTransportService | ft  name, *DNSAdapterGuid

On IZSRVEX01 the InternalDNSAdapterGuid value was set to something other than all zeros. So PSS cleared the values with this cmdlet:

Get-TransportService | ? {$_.Name -NotLike "*EDGE*"} | Set-TransportService -InternalDNSAdapterGuid 00000000-0000-0000-0000-000000000000 -ExternalDNSAdapterGuid 00000000-0000-0000-0000-000000000000

I’m not sure how these got set, the best wild guess I can make it that it got set somehow when moving VMs between Hyper-V servers. When doing this I’ve seen virtual NICs get lost and have had to reconfigure them, but still not sure why this would cause transport service to have a static IPv6 address set.

What makes troubleshooting this difficult is that starting with Exchange 2013 there is the Front-End (FE) transport services, which the *- FrontendTransportService cmdlets apply to and the Back-End (BE) transport service, which the *-TransportService cmdlets apply to. By default, the BE transport services do not have logging enable also. After I enabled logging, which I normally enable via a Transport configuring script, I did find which log had errors this should have led me to checking the DNS settings on the transport services, but I missed that.

Errors found using cmdlets

Using the [Get-Queue] cmdlet:

Identity    MessageCount NextHopDomain           Status LastError

——–    ———— ————-           —— ———

IZSRVEX01\4          115 edgesync – home to o365  Retry 451 4.4.0 DNS query failed. The error was: DNS query failed with error ErrorRetry

IZSRVEX01\5          497 mailboxes                Retry 451 4.4.0 DNS query failed. The error was: DNS query failed with error ErrorRetry

You can see above that message, that messages to both the EDGE server, which then delivers to Office 365, and to the “mailboxes” database were suck.

Below are further signs of the issues and log entries.

Using the [Get-Queue -Identity IZSRVEX01\5 | FL]:

RunspaceId            : 42ba65c4-de75-4a73-81c3-8c97f9a5a314
DeliveryType          : SmtpDeliveryToMailbox
NextHopDomain         : mailboxes
TlsDomain             :
NextHopConnector      : 500b24dd-bda7-49e5-816d-5e9ea8d9360b
Status                : Retry
MessageCount          : 1
LastError             : 451 4.4.0 DNS query failed. The error was: DNS query failed with error ErrorRetry

 

From BE connectivity transport, default path: C:\Exchange Server\V15\TransportRoles\Logs\Hub\Connectivity\CONNECTLOG<date>.LOG

2016-01-18T18:56:56.592Z,08D32039214A4CB4,SMTP,edgesync – home to o365,>,DNS server returned ErrorRetry reported by 255.255.255.255. [Domain:Result] = IZSRVEDGE01.altered.com:ErrorRetry; IZSRVEDGE02.altered.com:ErrorRetry;

2016-01-18T18:56:56.592Z,08D32039214A4CB4,SMTP,edgesync – home to o365,-,Messages: 0 Bytes: 0 (The DNS query for  ‘SmtpRelayWithinAdSiteToEdge’:’edgesync – home to o365′:’54fa82f8-4b9d-49fe-acbd-2f968f11a3cd’ failed with error : ErrorRetry)

From C:\Program Files\Microsoft\Exchange Server\V15\TransportRoles\Logs\Hub\ProtocolLog\SmtpSend

2016-01-21T18:40:50.468Z,Intra-Organization SMTP Send Connector,08D322903B262F35,1,,[da8:6c3:ce53:a890::42]:2525,*,,”Failed to connect. Winsock error code: 10061, Win32 error code: 10061, Error Message: No connection could be made because the target machine actively refused it [da8:6c3:ce53:a890::42]:2525″

Posted in Exchange, Technical | Tagged | Leave a comment

Latest Update for Exchange 2007-2016 are out!

As my tech associate Tony Redmond said on his blog, http://windowsitpro.com/blog/lots-exchange-premises-updates-install, “Lots of Exchange on-premises updates to install.” He is right, Microsoft just released updates to Exchange 2007, 2010, 2013, and 2016 today! Not many environments are running all four, but I know of many that are running 2010 mainly and have started to migrate to 2013, but have now switched to 2016 so they have all three versions running in their enterprise.

Exchange 2016 CU1 | KB3134844 | Download
Exchange 2013 CU12 | KB3108023 | Download
Exchange 2010 SP3 RU13 | KB3141339 | Download
Exchange 2007 SP3 RU19 | KB3141352 | Download

2016 CU1 & 2013 CU12 will both update the AD schema, so coordinate with you AD team before attempting to install.

The updates to 2007 and 2010 includes security improvements, mainly changing S/MIME to use SHA-2 vs. SHA-1.

The CU1 download for Exchange 2016 is an ISO and future CUs will probably be also, it’s also very large at 6.4GB vs. 2013 CU12 at 1.7GB. Since it’s an ISO you will need to mount or extract the files to install 2016 CU1.

2016 CU1 and 2013 CU12 both remove the mailbox anchoring support added in CU11 and 2016 RTM. See Tony’s post here on what the issues were with this: http://windowsitpro.com/blog/exchange-mailbox-anchoring-runs-stormy-waters.

.NET Framework 4.6.1 still should NOT be used on Exchange 2013 and 2016 servers, another post from Tony on this topic: http://windowsitpro.com/blog/exchange-says-no-net-framework-461. We hope this is resolved in the next CUs for 2013 & 2016!

Posted in Exchange, Technical | Tagged , | Leave a comment

Why I’m Supporting Bernie Sanders

I’ve been following Bernie for a couple of years. When he announced he was running for President in May I was ecstatic since I knew he would bring some attention to major issues, but I admit I didn’t think he would get a huge following. I was right on the first point and wrong on the second.

The Iowa caucuses were just held and Bernie won by far. Technically he lost by .03%, or by one of six coin tosses* that ALL went in favor of Hillary; which there is a 1.56% chance of happening. He won because he proved he is a viable candidate.

So why do I support Bernie? Here are my top five reasons

  1. He wants to get big money out of politics
    In 2012 $609 million were spent by super PACs to back their candidates; this election cycle this will exceed ONE BILLION! If this amount of money has to be spent to get people elected something is wrong. There are SO MANY other way this money could be spent to help others! Bernie is taking money from super PACs to help his campaign and isn’t endorsing any (but technical he can’t stop them either); his is funded by the people, with an average donation of only $27 dollars across over 3 million donations. Historically, 90% of Hillary’s top donors, since 1999, are corporations. Over her career this totals up to $9.3 million from her top 20 contributors or per this article she has gotten $44.1 million from Wall Street and financial firms. Bernie on the other had has gotten 95% of his contributions, since 1989, from unions (as of July 2015); the top 20 come out to $1.2 million. For the current presidential race 73% of Bernie’s funds have come from small individual donations verses 17% for Hillary. As of November, Bernie has gotten outside support of $25,044 vs Hillary’s $20,292,009. Bernie has also stated he will ONLY appoint Supreme Court justices who will make it a priority to overturn Citizens United. He also will fight to pass a constitutional amendment to regulate money in elections and will be fighting in others ways to get big money out of politics. Hillary hasn’t talked about doing any of this, so how hard to you think she will fight for getting big money out of politics when she has made millions speaking to the big money groups?
  1. He wants to address Income and Wealth Inequality
    Today the top .1% (1/10 of 1%) has almost as much wealth as the bottom 90%. We have more wealth inequality than all other major developed counties, this started in the 80s and ties back to point #1. Bernie is the only candidate who want to break up the big banks, most of which are larger now than they were when we bailed them out, vs Hillary who has been funded by them for her entire political career. Wall Street and the billionaire class have rigged the rules to their benefit. Yes, Bernie is for raising taxes but mainly on those making more than $250,000/year and large corporations; both of whom hide their income and use tax shelters to pay a very small to NEGATIVE (they get rebates) percent of taxes. Hear Bernie talk about this topic here.
  1. His personal integrity
    Bernie has been fighting for the rights of people since he was first elected in 1981 as the mayor of Burlington, VT, and into Congress in 1990. That entire time his views on our rights and his areas of focus have not changed. This includes fighting for equal rights for women, LBGT citizens, income inequality, universal healthcare, campaign finance reform, racial discrimination, mass surveillance, and more. Hillary on the other hand has changed her “views” many times over her career. She didn’t support gay marriage until 2013, she voted for the Patriot Act which allowed for legal violation of our right to privacy, she voted for and supported private prisons until Oct 2015, she was very soft on immigration reform until May 2015, and more. She was corrupted by big money a long time ago and will continue to support them. She has also stated she wanted to be President because it’s her time, but she has since changed her public message on this to almost parrot Bernie’s. She is also under investigations for setting up a personal email server and using it for State Department communications, including 22 classified emails, which is a federal offense and carries up to a ten year sentence. [2/8/2016 Article 1 | Hearing Date to be set 2/9] |  Email is what I do for a living, I’ve been designing email systems for 20 years and I’ve worked with the DoD and other classified systems. If this was anyone else, they would have been fired from their job and up on charges already. I challenge anyone to find anything Bernie has been investigated for, beside protesting for our rights, or any shady dealings in his past.
  1. He wants universal health care or Medicare for all
    We are the only “first world country” to not have healthcare for all. The Affordable Care Act/Obamacare was a good first step, but it was supported by private healthcare which should be a sign that it was still very pro-business. Currently the US spends $3 TRILLION a YEAR on health care, or about $9,000 per person, the highest of any country and we have a lower life expectancy then them. Under Bernie’s plan this would be reduced by $6 trillion over a ten-year period and save the typical middle class family about $5,000/year and business would save around $9,400/year per average employee! In addition, over 19 million still do not have health insurance today. We are one of the most prosperous counties in the world so we can all afford to help the sick! We are the 10th most prosperous country, behind almost all European counties who have universal healthcare. Maybe if we cut back a few percent on our military budget we could also fund universal healthcare that way.
  1. He is starting a major politic revolution
    The current political system is mostly controlled by big business, they pay lobbyist to lobby for their client’s best interests, in many cases even write the laws that Congress then votes on, and mass media further supports pro big money politics. This ties back to point #1 of course, but when Bernie wins the Democratic nomination he will bring a MUCH higher percent of younger votes out to vote in November. If Hillary gets it, many of these same people will be further disenchanted by “establishment” politics and won’t show up to vote. The more people who show up to vote the better Democrats do historically, so Bernie will be a stronger candidate against the Republicans. In Iowa Bernie got 84% of the vote of those 17-29, Hillary got 14% of them. But the main reason this is important is that we have got to change Congress to vote for the interest of the 99% not the 1%. The only way to do this is to vote many of them out. With Bernie’s election this process will start with the large liberal voter turn-out, but it will take many years to change Congress and probably more than one President. So by Bernie getting elected he will show that Americas want real change and will be blazing a path for other progressive candidates to follow

There are many other reasons I support Bernie, but these are the key ones. I am showing my support by volunteering as a Data Captain for Colorado House District 11 and a Caucus Captain for HD11 precinct number 625 in Longmont. I am also helping to run our local Bernie supporters group and I have donated to his campaign many times. I am using my blog, social media, and wear a Bernie button everywhere to start conversations whenever I’m out and about.

Bernie is the only candidate who is 100% trustworthy, hadn’t flip-flopped on issues over and over, believes in the separation of church and state, and mostly importantly is truly fighting for the 99%.

Also check out this link for why Bernie is a better choice than Hillary: http://benjaminstudebaker.com/2016/02/05/why-bernie-vs-hillary-matters-more-than-people-think/

You can get involved by going to http://map.berniesanders.com and finding a local meeting to get connected to local Bernie supporters. To see where Bernie stands on the issues goto: http://berniesanders.com/issues

Go Bernie!!!!
A fellow Exchange MVP has also endorsed Bernie on his blog, read his post here: http://paulrobichaux.com/2016/01/30/why-i-donated-to-the-sanders-campaign

Now with all of that said, Hillary is still a FAR better choice than any of the currently leading Republican Candidates. If Bernie doesn’t get the nomination Democrats still need to win this election!

Fellow Geeks check out https://www.facebook.com/groups/geeksforbernie/, just found it a bit after posting this article.

Great site for checking where each Democratic candidate stands on issues: http://bernievshillary.org. Pick the issues that are important to you and it will then ask you were you stand on questions related to those issues. It will then show you where the candidates stand today AND in the past.

Or summarized in a single graphic:
CTLdXUrU8AEK10H

Updates:
2/8: Judge Sets Hearing Date in Hillary Clinton E-mail Case
2/8: FBI formally confirms its investigation of Hillary Clinton’s email server
2/8: Great site for checking where each Democratic candidate stands on issues.

Pick the issues that are important to you and it will then ask you were you stand on questions related to those issues. It will then show you where the candidates stand today AND in the past. http://bernievshillary.org

2/4: Added link about PACs being setup for Bernie, even though he is against him. Besides denouncing them he can’t really prevent them. But so far the ones that have been setup are by Unions not billionaires.
http://www.theatlantic.com/politics/archive/2015/12/bernie-sanders-super-pac/420930/

2/4: Adding link after the “six coin tosses” comment to an article by NRP that there was more than six, but it didn’t include too much details or proof about their being more than six. So in trying to keep this post has truthful as possible here is the link with more details.
http://www.npr.org/2016/02/02/465268206/coin-toss-fact-check-no-coin-flips-did-not-win-iowa-for-hillary-clinton

2/4: Added reference to statement Hillary made last night in the Democratic Town Hall and the totals that the Washington Post came up with.

  • “In all, donors from Wall Street and other financial-services firms have given $44.1 million to support Hillary Clinton’s campaigns and allied super PACs, compared with $39.7 million in backing that former president Bill Clinton received from the industry.”
  • “Only about $75,000 of the $75 million Sanders has raised for his 2016 campaign has come from donors in the finance sector.”
  • “With the $21.4 million that Wall Street has given for her current White House bid, Clinton is on track to quickly exceed the nearly $23 million that she raised in her three previous campaigns combined from the PACs and employees of banks, hedge funds, securities firms and insurance companies.”

https://www.washingtonpost.com/news/powerpost/paloma/daily-202/2016/02/04/daily-202-hillary-clinton-makes-her-wall-street-problem-worse/56b23083981b92a22df007C1

https://www.washingtonpost.com/politics/clinton-blasts-wall-street-but-still-draws-millions-in-contributions/2016/02/04/05e1be00-c9c2-11e5-ae11-57b6aeab993f_story.html

Posted in Personal, Political | Tagged , | 4 Comments