Mất hơn 2 tuần migrate Exchange 2003 sang 2010 xong và háo hức setup các hot features của Exchange 2010 để giới thiệu với bà con gần xa. Một trong số đó là Online Archive. Không còn pst file nữa, quá đã...haha.
Cho dù phải bấm bụng order thêm Enterprise CAL thì feature này cũng đáng đồng tiền bát gạo. Tạo riêng một mailbox db, enable online archive, vô OWA test thử, NOKIA..:-)...uống 1 ly cafe cho tỉnh táo cái đã để chuẩn bị document và email cho các users thì..... phát hiện nó chưa hề xuất hiện trong Outlook 2010 của mình, bộ Office 2010 Std mới implemented vài tháng trước....hmm
Đào bới các website về licensing thì té ngửa ra rằng feature này chỉ xuất hiện khi sử dụng Office 2010 phiên bản Pro Plus mà chỉ có em Volume Licensing mới có thoi nhehoặc phải sử dụng Outlook OEM or retail...:-(.
Má ơi đúng là lừa đảo kiểu Bill Gates cho dù ....Bill đã nghỉ hưu lâu rồi.
Nếu bạn là dân hay sử dụng đồ chùa thì không nói làm gì nhưng đã là dân sành điệu đã bỏ tiền ra mua chịu hàng hiệu :-) mà còn bị lừa thì đúng là đau còn hơn bò đá :-(. Đúng là không thể trách được tại sao người ta hay dùng crack...
Chính sách licence của Bill đã đủ phức tạp lắm lắm rồi mà còn cố ý cheat các khách hàng của mình nữa...bó tay thật...
18 Oct 2011
Exchange 2010 mailboxes can not send to 2003 mailboxes
PROBLEM
Now we installed a new Exchange 2010 server in the same domain as the exchange 2003 server and installed the CAS, Mailbox and Hub roles. Next we about to move 70 mailboxes to the new Exchange 2010 server. Everything looks fine, users with mailboxed on the Exchange 2003 server can send mail to users on Exchange 2010 server. But the users with mailboxes on Exchange 2010 server can't send mail to mailboxes on exchange 2003. These messages stay in the 'SmtpRelayToTiRg' queue with error : 451 4.4.0 Primary Target IP address responded with: "451 5.7.3 Cannot Achieve Exchange Server authentication"
~~~~~
SOLUTION 2
http://forums.microsoft.com/TechNet/ShowPost.aspx?PostID=1087732&SiteID=17
Integrated Windows Authentication was not turned on, on my Default SMTP Virtual Server.....WORKED FOR ME
~~~~
Now we installed a new Exchange 2010 server in the same domain as the exchange 2003 server and installed the CAS, Mailbox and Hub roles. Next we about to move 70 mailboxes to the new Exchange 2010 server. Everything looks fine, users with mailboxed on the Exchange 2003 server can send mail to users on Exchange 2010 server. But the users with mailboxes on Exchange 2010 server can't send mail to mailboxes on exchange 2003. These messages stay in the 'SmtpRelayToTiRg' queue with error : 451 4.4.0 Primary Target IP address responded with: "451 5.7.3 Cannot Achieve Exchange Server authentication"
~~~~~
SOLUTION 1
I installed a Windows 2007 Exchange server in to my 2003 environment this week. All went well apart from that the mail sending from the 2007 test mailboxes ended up in a queue called smtprelaytotirg. The error message given being 451 4.4.0 Primary Target IP Address Responded with (501 5.5.4 Auth Command Cancelled).
This queue is basically where 2007 is failing to deliver because it can’t route correctly.
The resolution in this case for me was easy. All the connectors were in place as they should be, but the transport for SMTP on the original master 2003 Exchange server had limited access to certain IP addresses.
I added the IP address for the new Exchange 2007 server and bang, 20 mins later the queue is empty.
Just a minor hurdle :) Oh, the other one to watch out for is making sure it can resolve either by IP or FQDN for the SMTP server, it’ll fail on netbios or just a single name. Anyone still relying on WINS needs shot in the face with a screw driver.
~~~~~I installed a Windows 2007 Exchange server in to my 2003 environment this week. All went well apart from that the mail sending from the 2007 test mailboxes ended up in a queue called smtprelaytotirg. The error message given being 451 4.4.0 Primary Target IP Address Responded with (501 5.5.4 Auth Command Cancelled).
This queue is basically where 2007 is failing to deliver because it can’t route correctly.
The resolution in this case for me was easy. All the connectors were in place as they should be, but the transport for SMTP on the original master 2003 Exchange server had limited access to certain IP addresses.
I added the IP address for the new Exchange 2007 server and bang, 20 mins later the queue is empty.
Just a minor hurdle :) Oh, the other one to watch out for is making sure it can resolve either by IP or FQDN for the SMTP server, it’ll fail on netbios or just a single name. Anyone still relying on WINS needs shot in the face with a screw driver.
SOLUTION 2
http://forums.microsoft.com/TechNet/ShowPost.aspx?PostID=1087732&SiteID=17
Integrated Windows Authentication was not turned on, on my Default SMTP Virtual Server.....WORKED FOR ME
~~~~
Unable to assign "Send As" rights to Organization Units in Microsoft Exchange Server 2010
http://btsc.webapps.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB21225
Configuring the Microsoft Exchange Server 2010 permissions for the administrator account fails with insufficient permissions for the Users container, or any Organization Unit, even when logged in as a domain administrator. Assigning Send As rights to specific users, or groups, works successfully.
PowerShell Command: Add-ADPermission -InheritedObjectType User -InheritanceType Descendents -ExtendedRights Send-As -User "BESAdmin" -Identity "CN=Users,DC=example,DC=com"
Active Directory operation failed on example.com. This error is not retriable. Additional information: Access is denied.
Active directory response: 00000005: SecErr: DSID-031521D0, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
+ CategoryInfo : WriteError: (0:Int32) [Add-ADPermission], ADOperationException
+ FullyQualifiedErrorId : DA172DD1,Microsoft.Exchange.Management.RecipientTa sks.AddADPermission
PowerShell Command: Add-ADPermission -InheritedObjectType User -InheritanceType Descendents -ExtendedRights Send-As -User "BESAdmin" -Identity "CN=Users,DC=example,DC=com"
Active Directory operation failed on example.com. This error is not retriable. Additional information: Access is denied.
Active directory response: 00000005: SecErr: DSID-031521D0, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
+ CategoryInfo : WriteError: (0:Int32) [Add-ADPermission], ADOperationException
+ FullyQualifiedErrorId : DA172DD1,Microsoft.Exchange.Management.RecipientTa sks.AddADPermission
~~~~~~~
~~~~~~~
Blackberry offers an alternative for running that powershell command
1. Open Active Directory Users and Computers.
2. Select the View menu and ensure Advanced Features is checked.
3. Right-click the Domain Name or Organizational Unit where Send As permissions are needed and select Properties.
4. Click the Security tab.
5. Click Advanced at the bottom on the Security tab.
6. Select Add and enter your Blackberry Service Account name (for example, BESadmin) and select OK.
7. When the permissions screen appears, change Apply onto: to User Objects (or Descendant User Objects on Microsoft Windows Server 2008).
8. In the permissions box, scroll down and check the Allow box beside Send As and press OK.
9. Press Apply and OK to exit.
it worked for me...
1. Open Active Directory Users and Computers.
2. Select the View menu and ensure Advanced Features is checked.
3. Right-click the Domain Name or Organizational Unit where Send As permissions are needed and select Properties.
4. Click the Security tab.
5. Click Advanced at the bottom on the Security tab.
6. Select Add and enter your Blackberry Service Account name (for example, BESadmin) and select OK.
7. When the permissions screen appears, change Apply onto: to User Objects (or Descendant User Objects on Microsoft Windows Server 2008).
8. In the permissions box, scroll down and check the Allow box beside Send As and press OK.
9. Press Apply and OK to exit.
it worked for me...
~~~~~~~~
17 Oct 2011
Adjusting Exchange 2003 mail flow settings for Exchange 2010
Adjusting Exchange 2003 mail flow settings for Exchange 2010
When bringing Exchange 2010 server into an existing Exchange 2003 environment, you can't initially send and receive Internet mail via the hub transport server. This is because Microsoft recommends that you place an edge transport server between the Internet and your back-end Exchange server.
An edge transport server is actually a hardened Exchange server that sits on the network perimeter. It maintains message hygiene as SMTP mail flows in and out of an Exchange organization. The edge transport server also shields back-end Exchange servers from direct Internet exposure.
Using an edge transport server is a good idea, but it's not a requirement. Given the current economic climate, I expect that a lot of organizations implementing Exchange 2010 will initially forgo the edge transport server to save money. If you decide to do this, you'll have to configure your hub transport server to send and receive Internet mail.
Note: If you decide not to use an edge transport server, I recommend that you place your mailbox server role on a different Exchange Server, if possible.
To prepare your hub transport server to send and receive Internet mail, create a send connector. The send connector allows the hub transport server to send mail directly to the Internet.
To create a send connector, follow these four steps:
- Open the Exchange Management Console and navigate to Organization Configuration -> Hub Transport.
-
- Go to the Actions pane and click on the New Send Connector link.
-
- When the New Send Connector Wizard opens, set the connector's use to Internet.
-
- Click Next and set the address to *.
Exchange Server 2010 also uses a default receive connector to receive Internet mail. The hub transport server expects to receive mail from an edge transport server, not directly from the Internet. Because of this, the receive connector is configured to block all unauthenticated inbound SMTP traffic.
Since most Internet mail is not authenticated, you must configure the receive connector to allow anonymous SMTP connections. To do so:
- Open the Exchange Management Console and navigate to Server Configuration -> Hub Transport Server.
-
- Right-click on the receive connector and select Properties. Windows will display the receive connector's properties sheet.
-
- Go to the Permission Groups tab and select the Anonymous Users check box.
-
- Click OK.
Typically, the MX record for your domain will point to a firewall, which will reroute inbound SMTP traffic to an internal server. Therefore, you must reconfigure the firewall port forwarding to send SMTP traffic to the edge transport server or to the newly configured hub transport server.
Converting recipient policies to Exchange 2010 email address policies
Most Exchange organizations' internal domain names are different than the external domain names. For example, my primary external domain name is brienposey.com, but my Exchange servers reside on an internal domain named production.com. In this case, you must use recipient policies to define the appropriate external email addresses for your users.
Microsoft has replaced recipient policies with email address policies in Exchange Server 2007 and Exchange 2010. This means that when migrating from Exchange 2003, you'll need to convert your recipient policies into email address policies.
Doing so is quite simple. Open the Exchange Management Shell and enter the following command:
Get-EmailAddressPolicy | where {$_.RecipientFilterType –eq "Legacy"} | Set-EmailAddressPolicy –IncludeRecipients AllRecipients
This EMS command compiles a list of all mailboxes that use a legacy recipient policy. The command then converts the recipient policy into an email address policy.
http://searchexchange.techtarget.com/Adjusting-Exchange-2003-mail-flow-settings-for-Exchange-2010
16 Oct 2011
14 Oct 2011
RoutingGroup cmd
New-RoutingGroupConnector -Name "RGC 2003-2010" -SourceTransportServers "exchange2010FQDN" -TargetTransportServers "Exchange2003FQDN" -Cost 10 -Bidirectional $true -PublicFolderReferralsEnabled $true
6 Oct 2011
Configuring Pass-through Disks in Hyper-V
Jeff Hughes
http://blogs.technet.com/b/askcore/archive/2008/10/24/configuring-pass-through-disks-in-hyper-v.aspx
A question the CORE Team gets asked frequently deals with configuring Hyper-V Guest with Pass-through disks. In this blog I will cover this topic.
Pass -through Disk Configuration
Hyper-V allows virtual machines to access storage mapped directly to the Hyper-V server without requiring the volume be configured. The storage can either be a physical disk internal to the Hyper-V server or it can be a Storage Area Network (SAN) Logical Unit (LUN) mapped to the Hyper-V server. To ensure the Guest has exclusive access to the storage, it must be placed in an Offline state from the Hyper-V server perspective. Additionally, this raw piece of storage is not limited in size so, hypothetically, it can be a multi-terabyte LUN.
After storage is mapped to the Hyper-V server, it will appear as a raw volume and will be in an Offline state (depending on the SAN Policy (Figure 1-1)) as seen in Figure 1.
Figure 1: Raw disk is Offline
Figure 1-1 SAN Mode determination using diskpart.exe
I stated earlier that a disk must be Offline from the Hyper-V servers' perspective in order for the Guest to have exclusive access. However, a raw volume must first be initialized before it can be used. To accomplish this in the Disk Management interface, the disk must first be brought Online. Once Online, the disk will show as being Not Initialized (Figure 2).
Figure 2: Disk is Online but Not Initialized
Right-click on the disk and select Initialize Disk (Figure 3).
Figure 3: Initialize the disk
Select either an MBR or GPT partition type (Figure 4).
Figure 4: Selecting a partition type
Once a disk is initialized, it can once again be placed in an Offline state. If the disk is not in an Offline state, it will not be available for selection when configuring the Guest's storage.
In order to configure a Pass-through disk in a Guest, you must select Attach a virtual disk later in the New Virtual Machine Wizard (Figure 5).
Figure 5: Choosing to attach a virtual disk later
If the Pass-through disk will be used to boot the operating system, it must be attached to an IDE Controller. Data disks can take advantage of SCSI controllers. In Figure 6, a Pass-through disk is attached to IDE Controller 0.
Figure 6: Attaching a pass-through disk to an IDE Controller
Note: If the disk does not appear in the drop down list, ensure the disk is Offline in the Disk Management interface (In Server CORE, use the diskpart.exe CLI).
Once the Pass-through disk is configured, the Guest can be started and data can placed on the drive. If an operating system will be installed, the installation process will properly prepare the disk. If the disk will be used for data storage, it must be prepared in the Guest operating system before data can be placed on it.
If a Pass-through disk, being used to support an operating system installation, is brought Online before the Guest is started, the Guest will fail to start. When using Pass-through disks to support an operating system installation, provisions must be made for storing the Guest configuration file in an alternate location. This is because the entire Pass-through disk is consumed by the operating system installation. An example would be to locate the configuration file on another internal drive in the Hyper-V server itself. Or, if it is a cluster, the configuration file can be hosted on a separate cluster providing highly available file services. Be aware that Pass-through disks cannot be dynamically expanded. Additionally, when using Pass-through disks, you lose the capability to take snapshots, and finally, you cannot use differencing disks with Pass-through disks.
Note: When using Pass-through disks in a Windows Server 2008 Failover Cluster, you must have the update documented in KB951308: Increased functionality and virtual machine control in the Windows Server 2008 Failover Cluster Management console for the Hyper-V role installed on all nodes in the cluster.
This completes our discussion. I hope you will find this information useful and share it with your colleagues.
Chuck Timon
Senior Support Escalation Engineer
Microsoft Enterprise Platforms Support
http://blogs.technet.com/b/askcore/archive/2008/10/24/configuring-pass-through-disks-in-hyper-v.aspx
A question the CORE Team gets asked frequently deals with configuring Hyper-V Guest with Pass-through disks. In this blog I will cover this topic.
Pass -through Disk Configuration
Hyper-V allows virtual machines to access storage mapped directly to the Hyper-V server without requiring the volume be configured. The storage can either be a physical disk internal to the Hyper-V server or it can be a Storage Area Network (SAN) Logical Unit (LUN) mapped to the Hyper-V server. To ensure the Guest has exclusive access to the storage, it must be placed in an Offline state from the Hyper-V server perspective. Additionally, this raw piece of storage is not limited in size so, hypothetically, it can be a multi-terabyte LUN.
After storage is mapped to the Hyper-V server, it will appear as a raw volume and will be in an Offline state (depending on the SAN Policy (Figure 1-1)) as seen in Figure 1.
Figure 1: Raw disk is Offline
Figure 1-1 SAN Mode determination using diskpart.exe
I stated earlier that a disk must be Offline from the Hyper-V servers' perspective in order for the Guest to have exclusive access. However, a raw volume must first be initialized before it can be used. To accomplish this in the Disk Management interface, the disk must first be brought Online. Once Online, the disk will show as being Not Initialized (Figure 2).
Figure 2: Disk is Online but Not Initialized
Right-click on the disk and select Initialize Disk (Figure 3).
Figure 3: Initialize the disk
Select either an MBR or GPT partition type (Figure 4).
Figure 4: Selecting a partition type
Once a disk is initialized, it can once again be placed in an Offline state. If the disk is not in an Offline state, it will not be available for selection when configuring the Guest's storage.
In order to configure a Pass-through disk in a Guest, you must select Attach a virtual disk later in the New Virtual Machine Wizard (Figure 5).
Figure 5: Choosing to attach a virtual disk later
If the Pass-through disk will be used to boot the operating system, it must be attached to an IDE Controller. Data disks can take advantage of SCSI controllers. In Figure 6, a Pass-through disk is attached to IDE Controller 0.
Figure 6: Attaching a pass-through disk to an IDE Controller
Note: If the disk does not appear in the drop down list, ensure the disk is Offline in the Disk Management interface (In Server CORE, use the diskpart.exe CLI).
Once the Pass-through disk is configured, the Guest can be started and data can placed on the drive. If an operating system will be installed, the installation process will properly prepare the disk. If the disk will be used for data storage, it must be prepared in the Guest operating system before data can be placed on it.
If a Pass-through disk, being used to support an operating system installation, is brought Online before the Guest is started, the Guest will fail to start. When using Pass-through disks to support an operating system installation, provisions must be made for storing the Guest configuration file in an alternate location. This is because the entire Pass-through disk is consumed by the operating system installation. An example would be to locate the configuration file on another internal drive in the Hyper-V server itself. Or, if it is a cluster, the configuration file can be hosted on a separate cluster providing highly available file services. Be aware that Pass-through disks cannot be dynamically expanded. Additionally, when using Pass-through disks, you lose the capability to take snapshots, and finally, you cannot use differencing disks with Pass-through disks.
Note: When using Pass-through disks in a Windows Server 2008 Failover Cluster, you must have the update documented in KB951308: Increased functionality and virtual machine control in the Windows Server 2008 Failover Cluster Management console for the Hyper-V role installed on all nodes in the cluster.
This completes our discussion. I hope you will find this information useful and share it with your colleagues.
Chuck Timon
Senior Support Escalation Engineer
Microsoft Enterprise Platforms Support
Subscribe to:
Posts (Atom)