NT Konferenca 2010

May 19, 2010 at 9:39 AM2102


Samo še nekaj dni nas loči do letošnje NT konference 2010, ki se bo odvijala od 24. do 27. maja v Portorožu.

Kaj bom predaval?

  • Prehod na Exchange Server 2010
    Europa D, torek 10:15 - 11:30
    Sašo Erdeljanov (avtenta.si)
  • Delavnica: Disaster recovery: Exchange Server 2010 in Data Protection Manager 2010
    Aurora 2, sreda 13:30 - 16:00
    Sašo Erdeljanov (avtenta.si), Matej Malerič (avtenta.si)
  • MVP panel
    MSTech (Pečina), sreda 16:30 - 17:30

Exchange predavanja

  • Tips & Tricks: Exchange Server 2010
    Europa B, torek 11:45 - 12:30
    Scott Schnoll (Microsoft Corporation)
  • Exchange Server 2010 High Availability Deep Dive
    Europa D, sreda 08:45 - 09:45
    Scott Schnoll (Microsoft Corporation)

Letos bomo na @NTkonferenca uporabljali twitter s temo pogovora #NTK10.

Posted in: Microsoft | NTK


POW #14 – Uninstall Exchange Server 2007 CCR

April 14, 2010 at 12:46 PM2102

Sooner or later you will migrate yourself to Exchange Server 2010 and will find yourself in need to uninstall Exchange Server 2007 CCR… ;)

Before beginning with uninstall procedure make sure that you moved everything away to new servers (Mailboxes, OAB generation,…)!

Uninstall Exchange Server 2007 from Pasive node

  • Login to pasive node and check whether Exchange CMS is located on active node with Get-ClusteredMailboxServerStatus cmdlet from Exchange Management Shell.
  • Open a Command Prompt window and change path to %ProgramFiles%\Microsoft\Exchange Server\bin.
  • Run Setup /mode:uninstall

Evict pasive node from Windows Cluster

  • Open a Command Prompt window.
  • Stop the Cluster service by running following command

    net stop clussvc
  • After the Cluster service has been stopped, evict the node by running the following command: Cluster <ClusterName> node <NodeName> /evict.

    Cluster CN-WC01 node CN-CCR02 /evict


Remove CMS from Active Node and uninstall Mailbox role

  • Login to active node and run command prompt
  • Change path to C:\Program Files\Microsoft\Exchange Server\Bin (this is default location)
  • Run: Setup.com /mode:uninstall /removeCMS /CMSName:CN-EC01


The last step is to Destroy Windows Cluster (Right click on the cluster name then choose More Actions > Destroy Cluster in Windows Server 2008 or follow KB282227 for Windows Server 2003). :)

KB282227 - How to uninstall the Cluster service on a Windows Server 2003 cluster

Posted in: Exchange | Microsoft | Cluster


POW #13 – Exchange Server 2007 SP2 (Part 3)

April 1, 2010 at 9:49 PM2102

POW_Blue_SIn previous parts we looked into necessary procedures for preparing Active Directory and upgrading HUB/CAS/MBX roles (or single Exchange Server with HUB, CAS and Mailbox role installed) to Service Pack 2.

In this part we will go trough necessary steps for successful upgrade of Exchange 2007 Cluster Continuous Replication (CCR) Cluster to Service Pack 2.

Installing Service Pack 2

Upgrading CCR Cluster to SP2 is different from upgrading non-clustered Mailbox Role to SP2 in many ways. Notice that in previous parts we were using both GUI and unattended mode but only option for cluster upgrade is using unattended mode.


Required permissions

What are the minimal permissions you need for successful upgrade? Exchange Server Administrator membership and Local Administrator on servers is required.

Demo infrastructure

For the demo purposes we will use Active node named CN-CCR01, passive node named CN-CCR02 and exchange cluster named CN-EC01.

Upgrade steps for Passive Node (CN-CCR02)

  • Move all Cluster Groups to active node (CN-CCR01).
  • Set Windows Firewall/Internet Connection Sharing (ICS) service to Manual or Automatic and start it. This service is disabled by default. During upgrade procedure this allows setup to add firewall exceptions for Exchange Server services. You can stop and disable this service after upgrade!
    It also works if you leave Windows Firewall/Internet Connection Sharing disabled but no firewall exceptions for Exchange Server services are created during setup. I recommend that you start Windows Firewall/ICS service during setup and than stop/disable it if you are not using Windows Firewall service!
  • Stop any services that have open handles to performance counters (for example: Performance Logs and Alerts, MOM agents,...) - performance counters are changed during upgrade procedure.
  • Stop, and then restart the Remote Registry service.
  • From command prompt run setup.com /m:upgrade from folder with SP2 setup files.
  • pow13_2

  • After successful upgrade reboot Passive Node (CN-CCR02).
  • Log on to server after reboot and open Exchange Management Shell.
  • Use the Stop-ClusteredMailboxServer cmdlet to stop the clustered mailbox server.

    Stop-ClusteredMailboxServer CN-EC01 -StopReason "SP2 Upgrade."
  • pow13_3

  • Use Move-ClusteredMailboxServer cmdlet to move the clustered mailbox server (CMS) from Active Node (CN-CCR01) to Passive Node (CN-CCR02). You must run this from Passive Node (CN-CCR02).
    Move-ClusteredMailboxServer CN-EC01 -TargetMachine CN-CCR2 -MoveComment "SP2 Upgrade."
  • From command prompt run setup.com /upgradecms from folder with SP2 setup files.
  • pow13_4

    Upgrade steps for Active Node (CN-CCR01)

    • Set Windows Firewall/Internet Connection Sharing (ICS) service to Manual or Automatic and start it. This service is disabled by default. During upgrade procedure this allows setup to add firewall exceptions for Exchange Server services. You can stop and disable this service after upgrade!
    • Stop any services that have open handles to performance counters (for example: Performance Logs and Alerts, MOM agents,...) - performance counters are changed during upgrade procedure.
    • Move Windows Cluster "Cluster Group" to Passive Node
      Cluster group "cluster group" /move


  • Stop, and then restart the Remote Registry service.
  • From command prompt run setup.com /m:upgrade from folder with SP1 setup files.
  • Reboot node after successful upgrade.
  • You can disable Windows Firewall/Internet Connection Sharing (ICS) now.
  • Move Cluster Group and CMS back to Active Node (CN-CCR01).
  • Edited on 1.4.2010…

    I’m sorry but somehow I managed to “lost” this post and it was not published before… :)

    Posted in: Exchange | Microsoft | POW


    POW #12 – Exchange Server 2007 SP2 (Part 2)

    January 25, 2010 at 2:43 PM2102


    This is the second part of upgrading procedure for Exchange Server 2007 SP2. In the fist part we looked into necessary steps for getting Windows ready and Active Directory ready for Exchange Server 2007 SP2.


    Installation order

    There is nothing specific in the installation order of Exchange Server 2007 Service Pack 2. You should stick with standard installation order for Exchange Server 2007:

    1. Upgrade all Client Access Servers
    2. Upgrade all HUB Transport Servers
    3. Upgrade all EDGE Transport Servers (can be upgraded later but not before HUB Transport Servers)
    4. Upgrade all Mailbox Servers
    5. Upgrade all Unified Messaging Servers

    In multi site environment upgrade site by site in the above order (not for example all Client Access Server across multiple sites! and than next role). Upgrade internet facing site(s) first.

    Non-Clustered Exchange Servers

    Before proceeding with SP2 installation make sure that any 3rd party application is compatible with SP2 (for example: antivirus software, backup software, archive software,…) and upgrade them if necessary.

    Run setup.exe from location with extracted SP1 files.


    If you know what you are doing, then click Install, otherwise PLEASE click Plan and read about Service Pack 2. After clicking on Install you receive window describing new features in SP1.


    Click Next and accept License Agreement. If all prerequisites are OK you can click Upgrade. Otherwise read carefully and resolve issues.


    Note: although screenshots are taken from installation on Edge server all steps are the same if you are installing it on non-clustered servers.

    Review installation steps and click Finish, if everything is OK. If there are errors or warnings, review and resolve them.

    Posted in: Exchange | Microsoft | POW


    POW #11 – KB973917 and repeated login prompts

    January 12, 2010 at 10:39 AM2102

    I have seen some issues in the last month regarding repeated login prompts after installing Hotfix KB973917. Hotfix KB973917 is actually not a security Hotfix but it implements Extended Protection for Authentication in Internet Information Services (IIS).

    KB973917 - Description of the update that implements Extended Protection for Authentication in Internet Information Services (IIS)

    This article describes a non-security update that implements Extended Protection for Authentication in Internet Information Services (IIS).

    When Extended Protection for Authentication is enabled, authentication requests are bound to both the Service Principal Names (SPN) of the server to which the client tries to connect and to the outer Transport Layer Security (TLS) channel over which Integrated Windows Authentication happens.

    Link: KB973917

    You can find many solutions in the wild – from uninstalling hotfix, enabling Kernel Mode Authentication on IIS Virtual Directories (Autodiscover, EWS, OAB and RPC). The real solution is installing Rollup 9 for Exchange Server 2007 SP1.

    Update Rollup 9 for Microsoft Exchange Server 2007 Service Pack 1

    Update Rollup 9 for Exchange Server 2007 SP1 was released on July 16, 2009. These issues are fixed in Microsoft Exchange Server 2007 Service Pack 2 (SP2). So if you are using SP2 you are on a safe side. :)


    Posted in: Exchange | Microsoft


    Nova učinkovitost - novi val tehnologij v 7 slovenskih mestih

    September 30, 2009 at 7:44 PM2102

    Pa še eno vabilo… tudi tokrat v ne-angleškem jeziku… :)



    Vabimo vas, da se nam pridružite na dogodku Nova učinkovitost – novi val tehnologij v 7 slovenskih mestih. Tehnologijo in prednosti, ki jih pri­naša, vam bo približal kot še nikoli, saj bomo obiskali kar 7 slovenskih mest – Koper, Kranj, Ljubljano, Maribor, Mursko Soboto, Novo Gorico in Novo mesto. Najnovejše tehnologije bodo tako prišle dobesedno na vaš prag. Na prijetnih dogodkih z omejenim številom prostih mest boste spoznali izdelke Windows 7, Windows Server 2008 R2 in Exchange Server 2010 ter razvijalske tehnologije na novih platformah

    Ob uradnem datumu predstavitve operacijskega sistema Windows 7 smo za skupnost strokovnjakov in razvijalcev za informacijske tehnologije pripravili posebne dogodke, ki bodo z bogatimi in privlačnimi vsebinami predstavili najnovejši namizni operacijski sistem Windows 7. Dogodki na različnih lokacijah bodo potekali vzporedno, ob istem času. Obenem pa vam želimo zagotoviti čim več informacij tudi o drugih dveh izdelkih, ki bosta nedvomno vplivala na vaše delo – strežniški operacijski sistem Windows Server 2008 R2 in sporočilni sistem Exchange Server 2010.

    Slovenski strokovnjaki za informacijske tehnologije vam bodo v vašem domačem mestu predstavili prednosti, ki jih novi izdelki prinašajo v informa­cijska okolja podjetij vseh velikosti. Prav tako boste lahko spremljali prenose izbranih predavanj. Na dogodkih boste imeli priložnost spoznati predavatelje in predstavnike Microsoftovih partnerjev, prav tako pa je to enkratna prilož­nost za navezovanje stikov z drugimi strokovnjaki.

    Več informacij o dogodku vam bomo posredovali v prihodnjih dneh.

    Posted in: Microsoft


    Pregled IT novosti sporočilnega sistema Microsoft Exchange Server 2010

    September 30, 2009 at 7:31 PM2102

    Vabim vas, da se udeležite tehničnega seminarja na tematiko Exchange Server 2010. Prilagam izvorno vabilo…



    Vabimo vas na tehnični seminar Pregled IT novosti sporočilnega sistema Microsoft Exchange Server 2010.

    O upravljanju, namestitvi in vzdrževanju novega Exchange strežnika bo iz svojih izkušenj predaval Sašo Erdeljanov, strokovjnak in slovenski MVP (Most Valuable Professional) za področje sporočilnih sistemov.

    Sašo bo na seminarju predstavil nove zmožnosti Exchange 2010, izboljšave glede na prejšnje različice, nove tehnologije, ki pripomorejo k bolj učinkovitemu sporočilnemu sistemu, ter dobre razloge, zakaj bi IT strokovnjak izbral novi strežnik za boljšo podporo sporočanju v svoji infrastrukturi.

    Skupaj smo za vas pripravili dva termina, da si boste lažje organizirali svoj čas:

    - 19. 10. 2009, Ljubljana (Predavalnica Microsofta) in

    - 29. 10. 2009, Maribor (Microsoft Center inovacij).

    Enodnevni seminar je namenjen IT strokovnjakom in IT vodjem, ki želijo in potrebujejo nova znanja o prihajajočih sistemih za bolj učinkovito vpeljavo novih tehnologij v svoje IT okolje.

    Predavanje bo v slovenščini, materiali pa bodo zaradi velikega števila tujih izrazov v angleščini.



    09:00 – 10:30

    Novosti v Exchange Server 2010

    10:30 – 10:45


    10:45 – 12:15

    Arhitektura in RBAC

    12:15 – 13:15


    13:15 – 14:45

    Prehod na Exchange Server 2010

    14:45 – 15:00


    15:00 – 16:30

    Arhiviranje in visoka razpoložljivost

    16:30 – 17:00

    Vprašanja in odgovori

    Posted in: Microsoft


    POW #9 – Exchange Server 2007 Edge & DNS Server

    September 2, 2009 at 6:50 PMSaso Erdeljanov



    I noticed that some of the users are running Exchange Server 2007 Edge and public DNS Server on the same server.


    There are some issues with services failing at start up if following is true:

    • Exchange Server 2007, Exchange Server 2007 SP1, Exchange Server 2010 (Edge Role).
    • Windows Server 2003, Windows Server 2008, Windows Server 2008 R2.
    • DNS Server role is installed.
    • Hotfix KB951746 is installed.

    You receive following error and all Exchange services are stopped.


    Log Name:      System
    Source:        Service Control Manager
    Date:          14.7.2009 10:19:36
    Event ID:      7023
    Task Category: None
    Level:         Error
    Keywords:      Classic
    User:          N/A
    Computer:      EDGE.exchange.pri
    The Microsoft Exchange ADAM service terminated with the following error:
    An attempt was made to access a socket in a way forbidden by its
    access permissions.

    So let’s start troubleshooting… ;-)

    If we take a look with netstat we can see that DNS Service (dns.exe) is using 50636 port.


    Exchange Server uses Active Directory Lightweight Directory Services (AD LDS), previous known as Active Directory Application Mode (ADAM), for storing Exchange (Organization)configuration. By default, the Edge Transport server uses the non-standard port 50636 for EdgeSync (Secure LDAP). We can check that with dsdbutil.

    • Open cmd.exe, type dsdbutil and press Enter.
    • Type list instances and press Enter.


    Issue is with hotfix KB951746 (MS08-037: Description of the security update for DNS in Windows Server 2008, in Windows Server 2003, and in Windows 2000 Server (DNS server-side): July 8, 2008).

    After security update KB951746 is installed on Windows Server 2008 (RTM/SP2), this issue occurs because the DNS server’s method of port allocation changes, and this change could prevent AD LDS from obtaining the port that it requires to function correctly.

    By default, after security update KB951746 is installed, the DNS server randomly allocates 2,500 UDP ports in the ephemeral port range. This is new behavior that is introduced by this update. A conflict may occur if one of these randomly allocated ports is a port that an AD LDS instance has to use.

    We can check the size of socket pool with dnscmd:



    Background information

    To comply with Internet Assigned Numbers Authority (IANA) recommendations, Microsoft has increased the dynamic client port range for outgoing connections in Windows Vista and in Windows Server 2008. The new default start port is 49152, and the default end port is 65535.

    We can check ephemeral port range in Windows Server 2008 witch netsh.


    This is a change from the configuration of earlier versions of Microsoft Windows that used a default port range of 1025 through 5000.

    In Windows Server 2003 or in Windows 2000 Server, the value of the MaxUserPort registry entry defines the ephemeral port range. The range is from 1024 to the value that is defined by the MaxUserPort registry entry.
    After you install security update 953230 on Windows Server 2003 and down-level platforms, the following conditions are true:

    • If the value of the MaxUserPort registry entry is set, the ports are allocated randomly from the [1024, MaxUserPort] range.
    • If the value of the MaxUserPort registry entry is not set, the ports are allocated randomly from the [49152, 65535] range.

    In Windows Server 2008:

    • Ephemeral port allocation and the MaxUserPort registry entry:
      In Windows Server 2008 or in Windows Vista, the value of the MaxUserPort registry entry signifies the number of ephemeral ports. The range is from the [start port, start range + MaxUserPort]. The default start port is port 49152.
    • Effective ephemeral port range:
      Ephemeral port allocation occurs in the [49152-65535] port range before you install security update 953230 on Windows Server 2008. This port allocation behavior does not change after you install security update 953230.

    Solution for Windows Server 2003

    We need to reserve Ephemeral port range for Exchange Server 2007 Edge AD LDS instance. We need to specify reserved ports in registry.

    • Start regedit.exe
    • Locate following registry key:
    • Create New Multi-String Value with name ReservedPorts
    • Enter following values for EDGE Ports that we want to exclude:


    • Reboot server

    Solution for Windows Server 2008

    Although we can change port range in Windows Server 2008 there is simple trick that does the job. We can change DNS Server service startup type to Automatic (Delayed Start).


    Solution for Windows Server 2008 R2

    Windows Server 2008 R2 DNS Server provides SocketPoolPortExclusionList that would allow us to exclude certain ports from DNS Server.

    Dnscmd /Config /SocketPoolPortExclusionList

    Exchange Server 2007 & Windows Server 2008 R2?

    I was warned that mentioning Windows Server 2008 R2 in post of Exchange Server 2007 could be misleading (Thanks to Miha Pihler!). Some quick facts about Exchange Server 2007 and Windows Server 2008 R2:

    • Exchange Server 2007 is NOT supported on Windows Server 2008 R2
    • You need to deploy Update Rollup 9 for Exchange Server 2007 SP1 or SP2 for Exchange Server 2007 if you intend to run DC/GC servers on Windows Server 2008 R2


    Posted in: DNS | Exchange | Microsoft | POW | Windows


    Microsoft Exchange Server 2010 Public Beta

    April 15, 2009 at 10:48 AM2102

    Microsoft today released the first public beta of upcoming Exchange Server 2010 (Code name Exchange 14).


    Microsoft Exchange® Server 2010 Beta helps IT Professionals achieve new levels of reliability with greater flexibility, enhanced user experiences, and increased protection for business communications.

    • Flexible and reliable - Exchange Server 2010 gives you the flexibility to tailor your deployment based on your company's unique needs and a simplified way to keep e-mail continuously available for your users.
    • Anywhere access - Exchange Server 2010 helps your users get more done by giving them the freedom to securely access all their communications - e-mail, voice mail, instant messaging, and more - from virtually any platform, Web browser, or device.
    • Protection and compliance - Exchange Server 2010 delivers integrated information loss prevention, and compliance tools aimed at helping you simplify the process of protecting your company's communications and meeting regulatory requirements.

    This software is intended for evaluation purposes only. You must accept the license terms before you are authorized to use this software. There is no product support for this trial software. You are welcome to participate in the forums to share your trial experiences with others and to ask for advice.

    System Requirements

    • Supported Operating Systems: Windows Server 2008; Windows Vista 64-bit Editions Service Pack 1
    • Operating System for Installing Management Tools: The 64-bit editions of Microsoft® Windows Vista® SP1 or later, or Windows Server® 2008.
    • PC - x64 architecture-based computer with Intel processor that supports Intel 64 architecture (formerly known as Intel EM64T) or AMD processor that supports the AMD64 platform

    Additional requirements to run Exchange Server 2010 Beta
    • Memory - Minimum of 4 gigabytes (GB) of RAM per server plus 5 megabytes (MB) of RAM recommended for each mailbox
    • Disk space
      • At least 1.2 GB on the drive used for installation
      • An additional 500 MB of available disk space for each Unified Messaging (UM) language pack that you plan to install
      • 200 MB of available disk space on the system drive
    • Drive - DVD-ROM drive, local or network accessible
    • File format - Disk partitions formatted as NTFS file systems
    • Monitor – Screen resolution 800 x 600 pixels or higher

    Exchange Server 2010 Beta Prerequisites
    If these required prerequisites are not already installed, the Exchange Server 2010 Beta setup process will prompt and provide links to the installation locations; Internet access will be required if the prerequisites are not already installed or available on a local network.
    • Microsoft® .NET Framework 3.5
    • Windows PowerShell v2
    • Windows Remote Management


    Microsoft Exchange Server 2010 Beta

    Posted in: Exchange | Microsoft


    POW #8 – DPM 2007 SP1 Error ID 3013

    April 10, 2009 at 12:31 PM2102

    If you installed Microsoft Data Protection Manager 2007 SP1 on Windows Server 2008 RTM you receive Error ID 3013 if you select Reporting from DPM Management console.


    DPM could not connect to SQL Server Reporting Services server because of IIS connectivity issues.

    On the computer on which the DPM database was created, restart the World Wide Web Publishing Service. On the Administrative Tools menu, select Services. Right-click World Wide Web Publishing Service, and then click Start.

    ID: 3013

    Problem resides in Reporting Services virtual directory in Internet Information Services (IIS) named ReportServer$MS$DPM2007$.

    Workaround is simple:

    • Run Internet Information Services (IIS) Manager, expand Web Sites, expand Default Web Site, and then click the virtual directory for the report server.
    • Under Features View, double-click Handler Mappings.
    • Under Actions, click Edit Feature Permissions.
    • Click to select the Scripts check box, and then click OK.