Implementing Exchange Server 2013

Implementing Exchange Server 2013
MEC 2014 5/14/ :18 AM Implementing Exchange Server 2013 April 2014 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

About the Presenters Brian Shiers Brian Day
Senior Product Marketing Manager Office Deployment, Adoption & Readiness Team Microsoft Corporation Brian Day Senior Program Manager Brian Shiers at Technet

Course Topics Planning for Exchange Server 2013
01 | Upgrade and Deploy Exchange Server 2013 02 | Plan it the right way: Exchange Server 2013 Sizing 03 | Exchange Server 2013 Virtualization Best Practices 04 | High Availability and Site Resilience 05 | Outlook Connectivity

Upgrade and Deploy Exchange Server 2013
5/14/ :18 AM Upgrade and Deploy Exchange Server 2013 Brian Shiers – Sr. Product Marketing Mgr., Microsoft Brian Day – Sr. Program Manager, Microsoft © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Preamble… … err not quite.
Tech Ready 15 5/14/2018 Preamble… We the Admins of Contoso, in Order to form more perfect Collaboration, maintain Support, insure internal Compliance, provide for the common End User, promote the general Welfare, and secure the Blessings of Perry to ourselves and our Posterity, do ordain and establish this deployment project for Exchange Server. … err not quite. © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Session Goals Not to walk you through a deployment step-by-step.
Tech Ready 15 5/14/2018 Session Goals Not to walk you through a deployment step-by-step. Visit some of the different stages of a deployment and avoid speed bumps. Learn from best practices in deployment. © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

What phases will I journey through?
Tech Ready 15 5/14/2018 What phases will I journey through? Envision: Establish a project vision, define & analyze requirements, and develop a solution architecture & high level design Plan: Develop the detailed design and create the functional specification Build: Test environment build, validation of solution, develop the detailed build guide. Stabilize: Production pilot to remediate any issues and establish approved processes before full deployment. Deploy: Complete the overall deployment and transition to day to day operations. © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Non-Internet facing site
Upgrading to Exchange Server 2013 From an existing Exchange Server 2010 environment autodiscover.contoso.com mail.contoso.com Intranet site E2010 Servers E2010 HUB E2010 CAS E2010 MBX Internet facing site Non-Internet facing site

Upgrading to Exchange Server 2013 From an existing Exchange Server 2010 environment autodiscover.contoso.com mail.contoso.com Intranet site E2010 Servers E2013 CAS E2013 CAS E2010 HUB E2010 CAS E2013 MBX E2013 MBX E2010 MBX Internet facing site Non-Internet facing site

Before the main event 5/14/2018 11:18 AM
© 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

What goodies should we collect?
MEC 2014 5/14/ :18 AM What goodies should we collect? Don’t start sprinting! Have you gathered your tools yet? Exchange Server Deployment Assistant Exchange Best Practices Analyzer Remote Connectivity Analyzer (aka ExRCA) Where does he get such wonderful toys? –Joker “ ” © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Exchange Server Deployment Assistant
MEC 2014 5/14/ :18 AM Exchange Server Deployment Assistant Current Exchange 2013 & Cloud Scenarios On-premises deployments New installation of Exchange Server 2013 Upgrade from Exchange 2007 or 2010 to Exchange 2013 Upgrade from mixed Exchange 2007 and Exchange 2010 to Exchange 2013 Hybrid deployments (On-premises + Office 365) Exchange 2013 on-premises with Exchange Online Cloud-only Scenarios Exchange Cut-over Exchange Staged Exchange IMAP Third-party IMAP © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Demo Exchange Server Deployment Assistant Microsoft Office365
5/14/2018 Demo Exchange Server Deployment Assistant © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Exchange Best Practices Analyzer
MEC 2014 5/14/ :18 AM Exchange Best Practices Analyzer Launch from EAC with SP1 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Remote Connectivity Analyzer
MEC 2014 5/14/ :18 AM Remote Connectivity Analyzer Start healthy! Are we even working today? Autodiscover ActiveSync Exchange Web Services Outlook Anywhere Inbound/Outbound SMTP POP/IMAP Download the MSI to run locally! © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

What other toys are there?
MEC 2014 5/14/ :18 AM What other toys are there? Server Profile Analyzer (For Exchange 2007 migrations only) Exchange 2013 Server Role Requirements Calculator Jetstress LoadGen Exchange Client Network Bandwidth calculator v2 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Which way to the starting line?
5/14/ :18 AM Which way to the starting line? © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Preparing for Exchange Server 2013
Active Directory Minimum Requirements At least one Windows Server Global Catalog in each AD site with Exchange installed At least one writable Domain Controller in each AD site with Exchange Servers installed AD Forest Functional Level must be Windows Server 2003 or higher 2003 SP2 or higher* *Use of Windows Server 2012 R2 requires a supported Exchange version

Operating Systems Prerequisites for Exchange Installs Windows Server 2008 R2 SP1 64-bit Standard or Enterprise editions Standard edition ok for CAS-only & non-DAG MBX Enterprise edition necessary for DAG joined MBX Windows Server 2012 or 2012 R2 64-bit Standard or Datacenter editions 2012 R2 is only supported with 2013 Service Pack 1 or later .NET framework 4.5 (4.5.1 strongly recommended, may even become a requirement) Windows Management Framework 3.0 Unified Communications Managed API (UCMA) 4.0 Other expected OS roles/features (IIS etc…)

Recent Windows Server 2012 R2 Support Updates 2013 SP1 or later 2013 CU3 or earlier 2010 SP3 RU5 or later 2007 SP3 RU13 Install on 2012 R2 2012 R2 DCs and a 2012 or lower DFL/FFL 2012 R2 DCs and a 2012 R2 DFL/FFL

Outlook Recommendations Office 365 ProPlus – Current bits Outlook – SP1 & latest public update recommended Outlook – SP2 & latest public update recommended Outlook – SP3 & latest public update recommended Outlook – Not supported WebDAV based clients must be upgraded to Exchange Web Services compatible versions: Outlook for Mac 2011 or Entourage 2008 for Mac Web Services Edition Browser recommendations (not minimums) Internet Explorer: IE11 or IE10 Firefox: Latest or N-1 Chrome: Latest or N-1 Safari: Latest or N-1

Preparing for Exchange Server 2013 Ready the existing Exchange organization
Patch existing Exchange servers to… Exchange 2010 SP3 RU5 or later recommended Exchange 2007 SP3 RU13 or later recommended This includes Edge Transport servers Extend the AD schema for Exchange Server 2013 setup /PrepareSchema Prepare the Exchange organization and local domain for Exchange Server setup /PrepareAD Prepare any remaining domains that will have mail enabled objects, Exchange servers, or Global Catalog servers Exchange will utilize Local domain setup /PrepareDomain Remote domains one at a time setup /PrepareDomain:FQDN.of.domain Or do them all at once setup /PrepareAllDomains

An OAB modification before installing the first Exchange servers. Exchange 2013 creates a new default OAB for the org. Avoid clients downloading the new default OAB by specifying the existing OAB on all legacy DBs prior to installing Exchange 2013 [PS] C:\>Get-OfflineAddressBook | FT Name,IsDefault,ExchangeVersion -AutoSize Name ---- Default Offline Address Book Default Offline Address Book (Ex2013) True 0.20 ( ) False 0.1 ( ) IsDefault Exchange Version [PS] C:\Windows\system32>Get-MailboxDatabase | FT NAME, *offline*,exchangeversion -AutoSize Name ---- Mailbox Database 0.10 ( ) Exchange Version OfflineAddressBook \Default Offline Address Book

Deploying the first servers
5/14/ :18 AM Deploying the first servers © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Exchange Server 2013 SP1 Setup
Install both MBX and CAS Servers CAS is auth/proxy only MBX executes the PowerShell commands Use the latest CU package No more SP then RU install Exchange 2013 Setup GUI or command line Updated to reflect Exchange 2013 roles Command line parameters New required parameter for license terms acceptance After the Fact You cannot remove individual roles in Exchange 2013 Setup.exe /mode:install /roles:c,m,mt /IAcceptExchangeServerLicenseTerms

Exchange Server 2013 Setup What causes the dreaded certificate prompt?
What may show up after setup completes if you are not careful? Any guesses? What causes the dreaded certificate prompt? Outlook making HTTP calls Outlook Anywhere MAPI/HTTP Autodiscover queries EWS calls OAB Downloads From King of migrations! Roooooar… To Jester of service desk calls.

Exchange Server 2013 Setup How do I prevent certificate pop-ups?
Proper site & subnet definitions in Active Directory Install CAS to a deployment AD site first and then move it Proper AutodiscoverSiteScope and AutodiscoverServiceInternalUri values Minimize the time virtual directories are at defaults [PS] C:\>Get-ClientAccessServer | Sort-Object WhenCreated | FT Identity,WhenCreated,*SiteScope,*uri -AutoSize Identity WhenCreated CON-E2K7-001 CON-E2K10-001 CON-E2K13-001 CON-E2K13-101 CON-E2K13-102 CON-E2K13-002 AutoDiscoverSiteScope AutodiscoverServiceInternalUri 1/7/2014 1:21:15 PM {Boston} 1/8/2014 5:27:49 PM {Boston} 1/16/2014 3:21:32 PM {Boston} 1/16/2014 8:41:46 PM {Seattle} 1/16/2014 9:22:43 PM {Seattle} 1/17/ :21:35 AM {Boston}

Exchange Server 2013 Setup What other unexpected thing may happen after setup completes if you are not careful? Cross-site mail flow… so many paths… so many options. Ooohhhh lookie some new 2013 boxes! More options!  E2010 HUB E2010 HUB E2010 MBX E2010 MBX E2010 HUB E2010 HUB E2013 CAS E2013 MBX Boston AD Site Austin AD Site

5/14/ :18 AM Certificates © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Certificates End to end certificate wizard in the Exchange Administration Center (EAC) Export and import with private key to all other CAS right from the UI Assign services right from the UI EAC notifications when a certificate is about to expire First notification will be shown 30 days prior to expiration Subsequent notifications will be provided every 24 hours

Certificates - Best Practices
Minimize the number of certificates A unified namespace means the same cert should be used on all CAS in the site resilient datacenter pair Use a “Subject Alternative Name” (SAN) certificate Minimize number of hostnames Use “Split DNS” for Exchange hostnames if using the same auth type inside and out This is not a requirement, some customers may have unique environments where different names would be helpful. Don’t list machine hostnames in certificate hostname list* *The UM service may be your exception to this rule due to telephony systems having to talk direct to it, but you can easily use an internally issued certificate here. Use Load Balanced (LB) CAS arrays for intranet and Internet access to servers

Certificates - Best Practices Using a wildcard certificate
Did your Outlook Providers look like this previously when using a wildcard cert? Name CertPrincipalName EXCH EXPR msstd:*.contoso.com WEB Outlook Anywhere settings are now dynamically generated off of both the EXCH and EXPR Outlook Providers for separate internal and external settings for clients to utilize. As a result of this update both of the EXCH and EXPR Outlook providers must be wildcard ready in order to use a wildcard certificate. Name CertPrincipalName EXCH msstd:*.contoso.com EXPR msstd:*.contoso.com WEB

Demo That flat out faaaaabulous certificate wizard. 5/14/2018 11:18 AM

Demo That flat out fabulous certificate wizard Microsoft Office365
5/14/2018 Demo That flat out fabulous certificate wizard © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Rejigger the lines! (aka… namespace switchover night)

Name change night! autodiscover.contoso.com mail.contoso.com Intranet site E2010 Servers E2013 CAS E2013 CAS E2010 HUB E2010 CAS E2013 MBX E2013 MBX E2010 MBX Internet facing site Non-Internet facing site

Exchange 2007 URLs Legacy URL considerations for the following OWA EWS OAB

Switching to CAS 2013 Drop TTL of any DNS records you will be changing in advance Re-test via Remote Connectivity Analyzer one last time Reconfigure Virtual Directory Settings of Legacy Systems if necessary Reconfigure Outlook Anywhere on Legacy Systems if necessary Move systems into the production AD sites if necessary Update Publishing methods (Load Balancer, Reverse Proxy, etc…) if necessary Update DNS records Test via Remote Connectivity Analyzer once DNS updates propagate

Time out! You did this in your lab already, right?

Script it as much as you can.
Prepare your virtual directory change scripts in advance. Huemans ah errar prone. Prepare a back-out script just…. in…. case.

Switching to CAS 2013 Outlook Anywhere
TechReady13 5/14/2018 Switching to CAS 2013 Outlook Anywhere Enable Outlook Anywhere on all legacy CAS Utilize the ‘mail.contoso.com’ namespace for all CAS so traffic flows through 2013 in all cases. IIS Authentication Methods IIS Auth must have NTLM enabled on all legacy CAS DNS Cutover if an IP change takes place Use a low TTL on the existing records a few days in advance of the cutover. mail.contoso.com RPC/HTTP Layer 7 LB Layer 4 LB RPC/HTTP E2010 CAS E2007/ E2013 CAS E2010 CAS E2007/ HTTP PROXY HTTP PROXY OA Enabled OA Enabled OA Enabled Disabled Client Auth: Basic Client Auth: Basic Client Auth: IIS Auth: Basic IIS Auth: Basic IIS Auth: NTLM NTLM NTLM RPC RPC RPC E2010 MBX E2007/ E2013 MBX E2010 MBX 2007/ Basic auth for clients is merely for example. If you prefer NTLM, then use NTLM. Internet facing site Intranet facing site © 2011 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

It’s an Edge case… 5/14/2018 11:18 AM

Edge Setup on Exchange 2013 SP1
One pre-req Active Directory Lightweight Directory Services (ADLDS) Go no further! Only install the ADLDS feature, Edge will take care of the rest during install. Windows PowerShell Copyright (C) 2013 Microsoft Corporation. All rights reserved. PS C:\Users\Administrator> Install-WindowsFeature ADLDS Success Restart Needed Exit Code True No Success Feature Result {Active Directory Lightweight Directory Se... WARNING: To create a new AD LDS instance on server, log on to the destination server and then run the Active Directory Lightweight Directory Services Setup Wizard. For more information, see PS C:\Users\Administrator>

The ‘other’ pre-req you may hit Make sure your machine has a FQDN if it is not joined to a management domain. Performing Microsoft Exchange Server Prerequisite Check Configuring Prerequisites Prerequisite Analysis COMPLETED FAILED The fully qualified domain name of the computer is missing or empty. Setup cannot continue. For more information, visit: >/ms.exch.setupreadiness.FqdnMissing.aspx

MEC 2014 5/14/ :18 AM Edge Setup on Exchange 2013 SP1 Adding a FQDN for non-domain joined machines Head on over to the Computer Name settings, it is hidden under the ‘More…’ section. © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Create your Edge Subscription file New-EdgeSubscription –File C:\EdgeServerSubscription.xml Make sure the file is in a location your mailbox server can access for the next step. [PS] C:\>New—EdgeSubscription -FileName c:\edgesubscription.xml Confirm If you create an Edge Subscription, this Edge Transport server will be managed via EdgeSync replication. As a result, any of the following objects that were created manually will be deleted: accepted domains, message classifications, remote domains, and Send connectors. After creating the Edge Subscription, you must manage these objects from inside the organization and allow EdgeSync to update the Edge Transport server. Also, the InternalSMTPServers list of the TransportConfig object will be overwritten during the synchronization process. EdgeSync requires that this Edge Transport server is able to resolve the FQDN of the Mailbox servers in the Active Directory site to which the Edge Transport server is being subscribed, and those Mailbox servers be able to resolve the FQDN of this Edge Transport server. You should complete the Edge Subscription inside the organization in the next“1440” minutes before the bootstrap account expires. [Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help (default is "Y"): y [PS] C:\>

Import your Edge Subscription file (this would be a one-liner) New-EdgeSubscription -FileData ([byte[]]$(Get-Content -Path “C:\EdgeServerSubscription.xml” -Encoding Byte -ReadCount 0)) -Site “Seattle” [PS] C:\Windows\system32> New-EdgeSubscription -FileData ([byte[]]$(Get-Content -Path "C:\EdgeServerSubscription.xml"-Encoding Byte -ReadCount 0)) -Site "Seattle" Name ---- Site Domain CON—E2K13—EDG01 corp.contoso.com/... corp.contoso.com WARNING: EdgeSync requires that the Mailbox servers in Active Directory site Seattle be able to resolve the IP address for CON—E2K13—EDG01.corp.contoso.com and be able to connect to that host on port [PS] C:\Windows\system32>

Edge is now known to the org Edge server shows up in server list. The two send connectors are generated [PS] C:\>Get-ExchangeServer | Sort-Object Name | FT Name,ServerRole,AdminDisplayVersion -AutoSize Name ---- ServerRole CON-E2K10-001 AdminDisplayVersion CON-E2K13-001 CON-E2K13-002 CON-E2K13-101 CON-E2K13-102 CON-E2K13-EDG01 CON-E2K7-001 Mailbox, ClientAccess, UnifiedMessaging, HubTransport Version 14.3 (Build 123.4) Mailbox, ClientAccessVersion 15.0 (Build ) Edge 15.0 (Build ) Mailbox, ClientAccess, UnifiedMessaging, HubTransport Version 8.3 (Build 83.6) [PS] C:\Windows\system32>Get-SendConnector | ft identity,sourcetrans* -AutoSize Identity SourceTransportServers EdgeSync – Seattle to Internet {CON-E2K13-EDG01} EdgeSync – Inbound to Seattle {CON-E2K13-EDG01} [PS] C:\Windows\system32> SourceTransportServers is the name of the edge subscription, which is the name of the first Edge server used when the connectors are created. Note:

Edge Support, and Mail Flow Transition
Edge Transport Edge Transport 2007/2010 are compatible with Exchange 2013 CU1 or later Edge Transport 2013 SP1 is compatible with 2013 SP1, 2010 SP3 RU5, and 2007 SP3 RU13 Legacy Edge Transport servers require the same 2010 SP3 or 2007 SP3 RU10 updates before deploying Exchange An existing 2010 Edge Subscription must be re-created after SP3 is applied so the version number is seen by Exchange 2013 within the AD configuration partition or else setup will fail at the pre-req check. Mail Flow Transition Exchange Server 2013 can accept inbound anonymous mail from the Internet and re-route to the correct 2013 or legacy mailbox(es) Leave MX record(s) pointing to legacy Exchange early on, unless you deploy Edge 2013 first Move MX record(s) to point to 2013 once approximately 50% of users are moved to 2013

MEC 2014 5/14/ :18 AM Online Readiness Edge Transport with… EOP standalone or Hybrid mail flow © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Curb Kerb Appeal… 5/14/2018 11:18 AM

Kerberos Authentication
Kerberos is preferred to help remove NTLM authentication bottlenecks in large Exchange environments. Kerberos is not enabled by default in Exchange 2013 and requires manual configuration. OAB virtual directories are already Applications within IIS in Exchange 2013, no need to convert them as you did in Exchange 2010. Enabling Kerberos in Exchange 2013 results in setting Negotiate as the authentication type for Outlook Anywhere’s (/rpc) virtual directory InternalClientAuthenticationMethod and MAPI/HTTP’s (/mapi) virtual directory IISAuthenticationMethod.

To Kerb or not to Kerb… Note: Exchange 2013 proxies connections to 2007/2010 resources utilizing NTLM authentication. Yes. Enable Kerberos for /rpc & /mapi vDirs Are you pure 2013? No. Yes. No. Do you have legacy public folders? Yes. Do you have CU5 deployed?* No. Migrate public folders to Exchange 2013 * Tentative plan, plans may change.

A little bit of everything in a complex environment…. NTLM 2013 Primary Mailbox 2007 Public Folders 2010 Shared Mailbox 2013 Shared Mailbox Kerberos

Exchange 2013 requires only http ServicePrincipalNames due to all client traffic being HTTP. No longer necessary are exchangeAB, exchangeRFR, or exchangeMDB SPNs for a 2013-only ASA [PS] C:\>SetSpn –L EXASA213 Registered ServicePrincipalNames for CN=EXASA2013,CN=Users,DC=corp,DC=contoso,DC=com: http/bos.mail.corp.contoso.com http/aus.mail.corp.contoso.com http/mail.corp.contoso.com http/autodiscover.corp.contoso.com [PS] C:\>

What are our options? Re-use the Exchange 2010 ASA (if one exists) with new human-known credentials Pro: One ASA for both Exchange 2010 and Exchange 2013 in the org Con: The credentials are now known to administrators instead of machine generated. Create a new ASA for 2013 Pro: Can utilize RollAlternateServiceAccountPassword.ps1 against 2013 multi-role servers Con: Service Principal Names must be moved from the 2010 ASA (if one exits) to the new ASA for any hostname you will be moving from 2010 to 2013

A couple current caveats to be aware of as of SP1 RollAlternateServiceAccountPassword.ps1 Cannot be used to copy ASA credentials from 2010 CAS role to 2013 CAS role Cannot be used to create a new ASA on CAS-only 2013 servers Can be used to create a new ASA on multi-role 2013 servers Set-ClientAccessServer -AlternateServiceAccountCredential Only works on multi-role 2013 servers

Exchange Server 2013 Public Folders
The last thing you migrate. 2007/2010 users cannot access 2013 Public Folders 2013 users can access 2007/2010 Public Folders Cutover migration, you cannot gradually move Public Folders from legacy to 2013 Consider PF limits when migrating

OABs Downloads Do you have or play to have multiple OABGen capable mailboxes? Know that client OAB downloads from different OABGen mailboxes triggers a full download even if it is the same OAB being downloaded. How to find your OABGen mailbox(es) [PS] C:\>Get-Mailbox –Arbitration | Where {$_.PersistedCapabilities –like "*OAB*"} | FL Name,Database,Persis* Name Database PersistedCapabilities : SystemMailbox{bb558c35-97f1-4cb9-8ff7-d53741dc928c} : 2013DB-001 : {OrganizationCapabilityUMGrammarReady, OrganizationCapabilityPstProvider, : OrganizationCapabilityMessageTracking, OrganizationCapabilityMailRouting, : OrganizationCapabilityClientExtensions, OrganizationCapabilityGMGen, : OrganizationCapabilityOABGen, OrganizationCapabilityUMGrammar} : OABGen02 : 2013DB-003 : {OrganizationCapabilityOABGen}

OAB Downloads How does this happen to clients? You may have OABGen mailboxes in different or same AD sites. [PS] C:\>Get-MailboxDatabase Name ---- Servers 2013DB {CON-E2K13-001} 2013DB {CON-E2K13-001} 2013DB {CON-E2K13-101} 2013DB {CON-E2K13-102} 2013DB {CON-E2K13-101} 2013DB {CON-E2K13-002} [PS] C:\>Get-Mailbox –Arbitration | Where {$_.PersistedCapabilities –AutoSize Name ---- OABGen02 Database 2013DB-003 SystemMailbox{bb558c35-97f1-4cb9-8ff7-d53741dc928c} 2013DB-001 [PS] C:\> [PS] C:\>Get-ExchangeServer | Where {$_.AdminDisplayVersion –like "*15*"} | Name,Site Name ---- CON-E2K13-001 Site CON-E2K13-002 CON-E2K13-101 CON-E2K13-102 CON-E2K13-EDG01 corp.contoso.com/Configuration/Sites/Boston corp.contoso.com/Configuration/Sites/Seattle

OAB Downloads Could we place different OABGen mailboxes in DBs only replicated locally? No, in this example the DAG spans two sites and user mailboxes will move between sites. Site A Site B OABGen-01 OABGen-02 DAG-001

OAB Downloads Recommendation: Keep one OABGen mailbox per organization. Site A Site B OABGen-01 DAG-001 or Site A Site B OABGen-01 DAG-001 Recommended due to site resiliency gains.

Quota Calculations Mailbox and Public Folder data moved from legacy Exchange to Exchange 2013 will appear to grow due to more accurate calculations within the DB. Expectation is 30%-40% increase in quota hit, but will vary based on the content types May want to increase the quotas of any user using ~75% or more of their quota prior to moving them to 2013 The database size on disk does NOT increase

Certificate Based Authentication for ActiveSync
Available in Exchange 2013 Cumulative Update 5

5/14/ :18 AM © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION. © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Implementing Exchange Server 2013

Similar presentations

Presentation on theme: "Implementing Exchange Server 2013"— Presentation transcript:

Similar presentations

About project

Feedback

Log in

Auth with social network:

Implementing Exchange Server 2013

Similar presentations

Presentation on theme: "Implementing Exchange Server 2013"— Presentation transcript:

Similar presentations

About project

Feedback