your Exchange 2007 is nearing its first birthday, there is a good chance you will soon come across some event log warnings concerning the expiry of an internal transport certificate. If you ignore these, users will start chasing you!! Outlook 2007 is now popping an expired certificate warning dialog.
With so many changes, it is easy to overlook some of the less shiny Exchange 2007 improvements, especially if you haven't been using earlier Exchange versions. Exchange 2007 automatically installs a self-signed certificate. Amongst other benefits, this certificate immediately secures OWA access enabling users to login to their mailbox using HTTPS.
One may replace this with the one issued by a Certification Authority. In any case earlier Exchange users will certainly appreciate that starting from the security of a self-signed certificate is much better than starting from the no security of port 80 HTTP.
One Year Later...
Those choosing to continue working with the self-signed certificate will have the opportunity to appreciate how time flies!! In fact Exchange will remind you of its first anniversary with events of the type:
Event Type: Warning Event Source: MSExchangeTransportEvent Category: TransportService Event ID: 12018Date: 13/04/2008Time: 09:01:00User: N/AComputer: EXSERVERDescription:The STARTTLS certificate will expire soon: subject: exserver.domain.local, hours remaining: 157700393E5D76615E855A773CFA08AB5842DFB0. Run the New-ExchangeCertificate cmdlet to create a new certificate.
Event Type: WarningEvent Source: MSExchangeTransportEvent Category: TransportService Event ID: 12017Date: 13/04/2008Time: 09:01:00User: N/AComputer: EXSERVERDescription:An internal transport certificate will expire soon. Thumbprint:157700393E5D76615E855A773CFA08AB5842DFB0, hours remaining: 295
The events are informative enough to point you to the right direction for resolving the issue i.e. calling the New-ExchangeCertificate cmdlet. Exchange is also kind enough to alert you days in advance. In the above event example we have 295 hours left, approximately 12 days.
You do check the event logs right? If not, or you simply ignore these events someone else will remind you! Most commonly Outlook 2007 users will be amongst the first to start knocking at your door. If the certificate expires, opening Outlook will cause an annoying dialog saying:
exserver.domain.localInformation you exchange with this site cannot be viewed or changed by others.However, there is problem with the site's security certificate…
Generating a New Certificate
Solving the problem is simple. To begin let see the currently installed certificate by running: Get-ExchangeCertificate List
Note that here I am taking screen shots from a test machine whose certificate is not about to expire! Some properties worth noticing include:
NotAfter - shows the certificate expiry date
Services - shows that the certificate applies to IMAP, POP, IIS and SMTP
Thumbprint - will use this to identify and make changes to this certificate
Creating a new certificate is just a matter of running the cmdlet:New-ExchangeCertificate
This will warn you about overwriting the SMTP certificate.
To be honest the first time I ran into this, I thought that was it. After all there were no more event log warnings. However this is not the case. Rerunning Get-ExchangeCertificate we see that the IIS service is still using the old certificate. This means Outlook users will still be knocking at our door.
We need to move the IIS service using Enable-ExchangeCertificate. To do this we need the thumbnail value of the newly created certificate. In my case I used this command: Enable-ExchangeCertificate -Thumbprint F7A8F1B443A0E7266C72CDE0603302C07B856076 -Service IIS
With the new certificate in place we may now remove the old certificate using Remove-ExchangeCertificate with the thumbprint value of the old certificate: Remove-ExchangeCertificate -Thumbprint 157700393E5D76615E855A773CFA08AB5842DFB0
References
Outlook 2007 and Exchange 2007 Certificate issue
terça-feira, 29 de julho de 2008
Event ID 6014 Timeout Error
Fix for Forefront Update Timeout Errors
I use Microsoft Forefront Security for Exchange Server on my Exchange 2007 Edge server.Recently I noticed the following error in the Application Event log:
Event Type: Error
Event Source: GetEngineFiles
Event Category: Engine Error
Event ID: 6014
Date: 2/9/2008
Time: 10:08:43 AM
User: N/A
Computer: GATEWAY
Description:Microsoft Forefront Server Security encountered an error while performing a scan engine update.Scan Engine: Kaspersky5Update Path: http://forefrontdl.microsoft.com/server/scanengineupdate/x86/Kaspersky5Proxy Settings: DisabledError Code: 0xC0001F58Description: The operation timed out.Followed immediately by:
Event Type: InformationEvent Source: GetEngineFiles
Event Category: General
Event ID: 2017
Date: 2/9/2008
Time: 10:08:43 AM
User: N/A
Computer: GATEWAY
Description:Forefront Server Security has rolled back a scan engine.Scan Engine: Kaspersky5This was happening every 5 minutes after Event ID 2034, which reports that Microsoft Forefront Server Security is attempting a scan engine update of the Kaspersky5 scan engine.To solve this error make the following change to the registry on the server running
Forefront:
Open Regedit
Navigate to the following key:
HKLM\SOFTWARE\Wow6432Node\Microsoft\Forefront Server Security\Exchange Server
Click New DWORD Value
Type EngineDownloadTimeout, and then press ENTER
Right-click the new value and select Modify
Select Decimal as the base, enter 600 in the Value data box, and then click OK. This setting causes the scan engine download process to time out after 600 seconds (10 minutes, instead of 5 minutes)
Exit Regedit
Note: You do not have to restart Forefront Server services or Exchange Server services after you change this registry entry.
Now perform a manual scanner update in Forefront:
Open Forefront Server Security Administrator
Click Scanner Updates under Settings
Select the appropriate scan engine that was previously timing out. In my case, Kaspersky Antivirus Technology
Click the Update Now button on the right side of the screen
Check the Application event log to ensure that the scan engine has updated properly (Event ID 2012).
quinta-feira, 24 de julho de 2008
Planning for Large Mailboxes with Exchange 2007
Hoje achei um artigo muito interessante para quem precisa gerenciar MailBox muito grande, segeu o Link abaixo!
http://technet.microsoft.com/en-us/exchange/cc671168.aspx
Marcus Nepomuceno
Analista de Infra-Estrutura
http://technet.microsoft.com/en-us/exchange/cc671168.aspx
Marcus Nepomuceno
Analista de Infra-Estrutura
terça-feira, 15 de julho de 2008
Description of Update Rollup 3 for Exchange Server 2007
Description of Update Rollup 3 for Exchange Server 2007
View products that this article applies to.
Article ID : 935999
Last Review : January 17, 2008
Revision : 7.1
SUMMARY
Microsoft has released Update Rollup 3 for Microsoft Exchange Server 2007. This article contains the following information about the update rollup:
• The issues that the update rollup fixes
• How to obtain the update rollup
• The prerequisites to install the update rollup
• Whether there are any known issues
INTRODUCTION
Issues that the update rollup fixes
Update Rollup 3 for Exchange Server 2007 fixes the issues that are described in the following articles in the Microsoft Knowledge Base:
• 931328 (http://support.microsoft.com/kb/931328/) An integer is added to the end of the legacyExchangeDN attribute of a newly created mailbox in Exchange 2007
• 930468 (http://support.microsoft.com/kb/930468/) The attachment is not displayed when you use Outlook 2003 to open an e-mail message that contains an attachment
• 931842 (http://support.microsoft.com/kb/931842/) Error message when the sender or the receiver of a meeting request has a double-byte character set (DBCS) display name in Exchange Server 2007: "The requested property was not found"
• 932207 (http://support.microsoft.com/kb/932207/) Error message when a user tries to open a forwarded message to accept or to deny a resource request in Exchange Server 2007: "Cannot open the free/busy information"
• 932515 (http://support.microsoft.com/kb/932515/) You receive a 5.2.0 non-delivery report (NDR) message when you send an e-mail message to an Exchange 2007 server that is running the Isinteg.exe tool in a dismounted mailbox store
• 934887 (http://support.microsoft.com/kb/934887/) DBCS characters are converted into two question marks in a forwarded e-mail message in Exchange 2007
• 936337 (http://support.microsoft.com/kb/936337/) Error message when you run the Test-ExchangeSearch cmdlet across domains in an Exchange 2007 environment: "The operation could not be performed because of a service"
• 932905 (http://support.microsoft.com/kb/932905/) A POP3 mail client may receive an error code, and event ID 1009 is logged on an Exchange 2007 mail server
• 934402 (http://support.microsoft.com/kb/934402/) The synchronization session of the mobile device fails, and you receive error code "0X85010015" when you try to synchronize a mobile device by using Exchange ActiveSync in Exchange Server 2007
• 935412 (http://support.microsoft.com/kb/935412/) The outgoing message always displays the name of the sender even though the administrator configured the message to hide the name in Exchange Server 2007
• 934259 (http://support.microsoft.com/kb/934259/) Certain IMAP clients cannot open the bodies of e-mail messages when users access their mailboxes on an Exchange Server 2007 server
• 932605 (http://support.microsoft.com/kb/932605/) A user cannot log on when the user accesses the mailbox of an Exchange 2003 IMAP4 back-end server through an Exchange 2007 server that is serving in a CAS role
• 933261 (http://support.microsoft.com/kb/933261/) The nickname of a mail user must be unique in a forest if you use the original release version of Exchange 2007
• 935202 (http://support.microsoft.com/kb/935202/) You cannot move a mailbox across forests in an Exchange 2007 organization
• 936747 (http://support.microsoft.com/kb/936747/) The Availability service may use a large amount of memory and the corresponding w3wp.exe process has a high memory usage in Exchange Server 2007
MORE INFORMATION
Service pack information
These issues are fixed by Microsoft Exchange Server 2007 Service Pack 1 (SP1). Microsoft released Exchange Server 2007 SP1 on November 29, 2007. To obtain this service pack, visit the following Microsoft Web site:
http://www.microsoft.com/downloads/details.aspx?FamilyId=44C66AD6-F185-4A1D-A9AB-473C1188954C (http://www.microsoft.com/downloads/details.aspx?FamilyId=44C66AD6-F185-4A1D-A9AB-473C1188954C)For more information about the issues that are fixed in Exchange Server 2007 SP1, click the following article number to view the article in the Microsoft Knowledge Base:
946138 (http://support.microsoft.com/kb/946138/) Issues that are fixed in Exchange Server 2007 Service Pack 1
Update rollup information
Update Rollup 3 for Exchange Server 2007 has been replaced by a later update rollup. You must download and install the latest update rollup. Note Update rollups for Exchange Server 2007 are not detected on clustered Exchange Server 2007 systems by Microsoft Update. For more information about how to obtain the latest update rollup for Exchange Server 2007, click the following article number to view the article in the Microsoft Knowledge Base:
937052 (http://support.microsoft.com/kb/937052/) How to obtain the latest update rollup for Exchange 2007 For more information about the Exchange 2007 servicing model, click the following article number to view the article in the Microsoft Knowledge Base:
937194 (http://support.microsoft.com/kb/937194/) The product service strategy for Exchange Server 2007
Prerequisites
The following list contains prerequisites for the update rollup for Exchange Server 2007:
•Exchange Server 2007 must be installed on the computer before you apply this update rollup.
•You must remove interim updates for Exchange Server 2007 before you apply this update rollup.
•Review the issues in the "Known issues" section before you apply this update rollup.
Restart requirement
The required services are automatically stopped and then restarted when you apply this update rollup.
Known issues
Certain Exchange Server services are disabled if you use Microsoft Update to deploy the update rollup or if you deploy the update rollup in silent mode. This known issue occurs only if a file that is updated by the update rollup is being used. This section contains more information about this issue.
Symptoms
You use Microsoft Update to apply Update Rollup 3 for Exchange Server 2007. Or, you apply the update rollup in silent mode. When you do this, certain services in Exchange Server 2007 are stopped and are disabled. Events that resemble the following are logged in the Application log:
Type: Error Source: MsiInstaller Category: None Event ID: 11306 Description: Product: Microsoft Exchange Server -- Error 1306. Another application has exclusive access to the file ' PathOfFile '. Please shut down all other applications, then click Retry. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. Data: 0000: 7b 32 34 42 32 43 31 36 {24B2C16 0008: 34 2d 44 45 36 36 2d 34 4-DE66-4 0010: 34 46 45 2d 42 34 36 38 4FE-B468 0018: 2d 41 34 36 44 39 44 35 -A46D9D5 0020: 45 36 42 33 31 7d E6B31}
Type: Error Source: MsiInstaller Category: None Event ID: 1023 Description: Product: Microsoft Exchange Server - Update 'Update Rollup 3 for Exchange Server 2007 (KB935999)' could not be installed. Error code 1603. Additional information is available in the log file Drive :\ FileName.log. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. Data: 0000: 7b 32 34 42 32 43 31 36 {24B2C16 0008: 34 2d 44 45 36 36 2d 34 4-DE66-4 0010: 34 46 45 2d 42 34 36 38 4FE-B468 0018: 2d 41 34 36 44 39 44 35 -A46D9D5 0020: 45 36 42 33 31 7d 20 7b E6B31} { 0028: 44 43 46 35 41 46 45 32 DCF5AFE2 0030: 2d 45 38 30 41 2d 34 32 -E80A-42 0038: 46 42 2d 41 36 30 44 2d FB-A60D- 0040: 41 33 42 37 35 45 38 45 A3B75E8E 0048: 43 33 39 34 7d 20 31 36 C394} 16 0050: 30 33 03
Type: Information Source: MsiInstaller Category: None Event ID: 11729 Description: Product: Microsoft Exchange Server -- Configuration failed. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. Data: 0000: 7b 32 34 42 32 43 31 36 {24B2C16 0008: 34 2d 44 45 36 36 2d 34 4-DE66-4 0010: 34 46 45 2d 42 34 36 38 4FE-B468 0018: 2d 41 34 36 44 39 44 35 -A46D9D5 0020: 45 36 42 33 31 7d E6B31} Additionally, you receive an error message that resembles the following if you use Microsoft Update to apply the update rollup:
Error Code: 0x80070643
Cause
This issue occurs if a silent installation of the update rollup encounters a "File in use" scenario. In this scenario, a file that is updated by the update rollup is being used.
Workaround
To work around this issue, view the Application log events that are mentioned in the "Symptoms" section to determine the file that is being used. Then, make sure that the file is not being used when you install the update rollup. Additionally, recover the original state of the Exchange Server services. To do this, use one of the following methods:
•If this is the first time that you experience this issue, run the ServiceControl.ps1 AfterPatch command from the Exchange Management Shell.
•If this is not the first time that you experience this issue, use the Services tool to manually configure the Startup type setting of the services. Perform this procedure before you install the update rollup.
REFERENCES
For more information about software update terminology, click the following article number to view the article in the Microsoft Knowledge Base:
824684 (http://support.microsoft.com/kb/824684/LN/) Description of the standard terminology that is used to describe Microsoft software updates
APPLIES TO
• Microsoft Exchange Server 2007 Enterprise Edition
• Microsoft Exchange Server 2007 Standard Edition
View products that this article applies to.
Article ID : 935999
Last Review : January 17, 2008
Revision : 7.1
SUMMARY
Microsoft has released Update Rollup 3 for Microsoft Exchange Server 2007. This article contains the following information about the update rollup:
• The issues that the update rollup fixes
• How to obtain the update rollup
• The prerequisites to install the update rollup
• Whether there are any known issues
INTRODUCTION
Issues that the update rollup fixes
Update Rollup 3 for Exchange Server 2007 fixes the issues that are described in the following articles in the Microsoft Knowledge Base:
• 931328 (http://support.microsoft.com/kb/931328/) An integer is added to the end of the legacyExchangeDN attribute of a newly created mailbox in Exchange 2007
• 930468 (http://support.microsoft.com/kb/930468/) The attachment is not displayed when you use Outlook 2003 to open an e-mail message that contains an attachment
• 931842 (http://support.microsoft.com/kb/931842/) Error message when the sender or the receiver of a meeting request has a double-byte character set (DBCS) display name in Exchange Server 2007: "The requested property was not found"
• 932207 (http://support.microsoft.com/kb/932207/) Error message when a user tries to open a forwarded message to accept or to deny a resource request in Exchange Server 2007: "Cannot open the free/busy information"
• 932515 (http://support.microsoft.com/kb/932515/) You receive a 5.2.0 non-delivery report (NDR) message when you send an e-mail message to an Exchange 2007 server that is running the Isinteg.exe tool in a dismounted mailbox store
• 934887 (http://support.microsoft.com/kb/934887/) DBCS characters are converted into two question marks in a forwarded e-mail message in Exchange 2007
• 936337 (http://support.microsoft.com/kb/936337/) Error message when you run the Test-ExchangeSearch cmdlet across domains in an Exchange 2007 environment: "The operation could not be performed because of a service"
• 932905 (http://support.microsoft.com/kb/932905/) A POP3 mail client may receive an error code, and event ID 1009 is logged on an Exchange 2007 mail server
• 934402 (http://support.microsoft.com/kb/934402/) The synchronization session of the mobile device fails, and you receive error code "0X85010015" when you try to synchronize a mobile device by using Exchange ActiveSync in Exchange Server 2007
• 935412 (http://support.microsoft.com/kb/935412/) The outgoing message always displays the name of the sender even though the administrator configured the message to hide the name in Exchange Server 2007
• 934259 (http://support.microsoft.com/kb/934259/) Certain IMAP clients cannot open the bodies of e-mail messages when users access their mailboxes on an Exchange Server 2007 server
• 932605 (http://support.microsoft.com/kb/932605/) A user cannot log on when the user accesses the mailbox of an Exchange 2003 IMAP4 back-end server through an Exchange 2007 server that is serving in a CAS role
• 933261 (http://support.microsoft.com/kb/933261/) The nickname of a mail user must be unique in a forest if you use the original release version of Exchange 2007
• 935202 (http://support.microsoft.com/kb/935202/) You cannot move a mailbox across forests in an Exchange 2007 organization
• 936747 (http://support.microsoft.com/kb/936747/) The Availability service may use a large amount of memory and the corresponding w3wp.exe process has a high memory usage in Exchange Server 2007
MORE INFORMATION
Service pack information
These issues are fixed by Microsoft Exchange Server 2007 Service Pack 1 (SP1). Microsoft released Exchange Server 2007 SP1 on November 29, 2007. To obtain this service pack, visit the following Microsoft Web site:
http://www.microsoft.com/downloads/details.aspx?FamilyId=44C66AD6-F185-4A1D-A9AB-473C1188954C (http://www.microsoft.com/downloads/details.aspx?FamilyId=44C66AD6-F185-4A1D-A9AB-473C1188954C)For more information about the issues that are fixed in Exchange Server 2007 SP1, click the following article number to view the article in the Microsoft Knowledge Base:
946138 (http://support.microsoft.com/kb/946138/) Issues that are fixed in Exchange Server 2007 Service Pack 1
Update rollup information
Update Rollup 3 for Exchange Server 2007 has been replaced by a later update rollup. You must download and install the latest update rollup. Note Update rollups for Exchange Server 2007 are not detected on clustered Exchange Server 2007 systems by Microsoft Update. For more information about how to obtain the latest update rollup for Exchange Server 2007, click the following article number to view the article in the Microsoft Knowledge Base:
937052 (http://support.microsoft.com/kb/937052/) How to obtain the latest update rollup for Exchange 2007 For more information about the Exchange 2007 servicing model, click the following article number to view the article in the Microsoft Knowledge Base:
937194 (http://support.microsoft.com/kb/937194/) The product service strategy for Exchange Server 2007
Prerequisites
The following list contains prerequisites for the update rollup for Exchange Server 2007:
•Exchange Server 2007 must be installed on the computer before you apply this update rollup.
•You must remove interim updates for Exchange Server 2007 before you apply this update rollup.
•Review the issues in the "Known issues" section before you apply this update rollup.
Restart requirement
The required services are automatically stopped and then restarted when you apply this update rollup.
Known issues
Certain Exchange Server services are disabled if you use Microsoft Update to deploy the update rollup or if you deploy the update rollup in silent mode. This known issue occurs only if a file that is updated by the update rollup is being used. This section contains more information about this issue.
Symptoms
You use Microsoft Update to apply Update Rollup 3 for Exchange Server 2007. Or, you apply the update rollup in silent mode. When you do this, certain services in Exchange Server 2007 are stopped and are disabled. Events that resemble the following are logged in the Application log:
Type: Error Source: MsiInstaller Category: None Event ID: 11306 Description: Product: Microsoft Exchange Server -- Error 1306. Another application has exclusive access to the file ' PathOfFile '. Please shut down all other applications, then click Retry. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. Data: 0000: 7b 32 34 42 32 43 31 36 {24B2C16 0008: 34 2d 44 45 36 36 2d 34 4-DE66-4 0010: 34 46 45 2d 42 34 36 38 4FE-B468 0018: 2d 41 34 36 44 39 44 35 -A46D9D5 0020: 45 36 42 33 31 7d E6B31}
Type: Error Source: MsiInstaller Category: None Event ID: 1023 Description: Product: Microsoft Exchange Server - Update 'Update Rollup 3 for Exchange Server 2007 (KB935999)' could not be installed. Error code 1603. Additional information is available in the log file Drive :\ FileName.log. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. Data: 0000: 7b 32 34 42 32 43 31 36 {24B2C16 0008: 34 2d 44 45 36 36 2d 34 4-DE66-4 0010: 34 46 45 2d 42 34 36 38 4FE-B468 0018: 2d 41 34 36 44 39 44 35 -A46D9D5 0020: 45 36 42 33 31 7d 20 7b E6B31} { 0028: 44 43 46 35 41 46 45 32 DCF5AFE2 0030: 2d 45 38 30 41 2d 34 32 -E80A-42 0038: 46 42 2d 41 36 30 44 2d FB-A60D- 0040: 41 33 42 37 35 45 38 45 A3B75E8E 0048: 43 33 39 34 7d 20 31 36 C394} 16 0050: 30 33 03
Type: Information Source: MsiInstaller Category: None Event ID: 11729 Description: Product: Microsoft Exchange Server -- Configuration failed. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. Data: 0000: 7b 32 34 42 32 43 31 36 {24B2C16 0008: 34 2d 44 45 36 36 2d 34 4-DE66-4 0010: 34 46 45 2d 42 34 36 38 4FE-B468 0018: 2d 41 34 36 44 39 44 35 -A46D9D5 0020: 45 36 42 33 31 7d E6B31} Additionally, you receive an error message that resembles the following if you use Microsoft Update to apply the update rollup:
Error Code: 0x80070643
Cause
This issue occurs if a silent installation of the update rollup encounters a "File in use" scenario. In this scenario, a file that is updated by the update rollup is being used.
Workaround
To work around this issue, view the Application log events that are mentioned in the "Symptoms" section to determine the file that is being used. Then, make sure that the file is not being used when you install the update rollup. Additionally, recover the original state of the Exchange Server services. To do this, use one of the following methods:
•If this is the first time that you experience this issue, run the ServiceControl.ps1 AfterPatch command from the Exchange Management Shell.
•If this is not the first time that you experience this issue, use the Services tool to manually configure the Startup type setting of the services. Perform this procedure before you install the update rollup.
REFERENCES
For more information about software update terminology, click the following article number to view the article in the Microsoft Knowledge Base:
824684 (http://support.microsoft.com/kb/824684/LN/) Description of the standard terminology that is used to describe Microsoft software updates
APPLIES TO
• Microsoft Exchange Server 2007 Enterprise Edition
• Microsoft Exchange Server 2007 Standard Edition
How to Configure the Availability Service for Cross-Forest Topologies
Exchange 2007
How to Configure the Availability Service for Cross-Forest Topologies
Applies to: Exchange Server 2007, Exchange Server 2007 SP1 Topic Last Modified: 2007-03-28
This topic explains how to use the Exchange Management Shell to configure the Availability service for cross-forest topologies. The Availability service improves information workers' free/busy data by providing secure, consistent, and up-to-date free/busy information to computers that are running Microsoft Office Outlook 2007. By default, this service is installed with Microsoft Exchange Server 2007. In cross-forest topologies where all connecting client computers are running Outlook 2007, the Availability service is the only method of retrieving free/busy data.
Note:
You cannot use the Exchange Management Console to configure the Availability service for cross-forest topologies.
You can use the Availability service in cross-forest topologies across trusted or untrusted forests. The type of free/busy information is determined by whether the cross-forest free/busy data is configured as a per-user or an organization-wide service. Per-user free/busy information is possible only in a trusted cross-forest topology and makes it possible for the Availability service to make cross-forest requests on behalf of a particular user. This also allows a user in a remote forest to grant detailed free/busy information to a cross-forest user.
However, with organization-wide free/busy data, the Availability service can make cross-forest requests only on behalf of a particular organization. With organization-wide free/busy data, a user's default free/busy information is returned, and it is not possible to control the level of free/busy information that is returned to users in the other forest.
Configuring Windows for Cross-Forest Topologies
To configure Microsoft Windows for a cross-forest topology, you must install and configure GAL Synchronization (GALSync). For complete information about how to install and configure the GALSync feature in Microsoft Identity Integration Server (MIIS) 2003, see the following resources:
Microsoft Identity Integration Server 2003 Scenarios
Microsoft Identity Integration Server 2003
If you are running Office Outlook 2003 or earlier, you must use the Microsoft Exchange Inter-Organization Replication tool to synchronize free/busy data across multiple forests. For more information about the Microsoft Exchange Inter-Organization Replication tool, see Microsoft Exchange Server Inter-Organization Replication.
Before You Begin
To run the Get-ClientAccessServer cmdlet, the account you use must be delegated the following:
Exchange View-Only Administrator role
To run the Add-ADPermission cmdlet, the account you use must be delegated the following:
Exchange Organization Administrator role
To run the Add-AvailabilityAddressSpace cmdlet, the account you use must be delegated the following:
Exchange Organization Administrator role
To run the Set-AvailabilityConfig cmdlet, the account you use must be delegated the following:
Exchange Organization Administrator role
For more information about permissions, delegating roles, and the rights that are required to administer Exchange Server 2007, see Permission Considerations.
Procedure
To use the Exchange Management Shell to configure per-user free/busy data in a trusted cross-forest topology
On a Client Access server in the target forest, run the following commands to configure the Availability service for per-user free/busy data:
Copy CodeGet-ClientAccessServer Add-ADPermission -Accessrights Extendedright -Extendedrights "ms-Exch-
EPI-Token-Serialization" -User "\Client Access servers"
On the local Client Access server in the source forest, run the following command to define the access method and associated credentials:
Copy CodeAdd-AvailabilityAddressSpace -Forestname ContosoForest.com -AccessMethod PerUserFB -UseServiceAccount:$true
Note:
To configure bidirectional cross-forest availability, repeat these steps in the target forest.
For detailed syntax and parameter information, see the following cmdlet reference topics:
Get-ClientAccessServer
Add-ADPermission
Add-AvailabilityAddressSpace
Set-AvailabilityConfig
To use the Exchange Management Shell to configure organization-wide free/busy data in an untrusted cross-forest topology
On a Client Access server in the target forest, run the following command to set the organization-wide account on the availability configuration object to configure the access level for free/busy information:
Copy CodeSet-AvailabilityConfig -OrgWideAccount "Contoso.com\User"
Run the following commands to add the Availability address space configuration object for the source forest:
Copy Code$a = get-credential (Enter the credentials for organization-wide user in Contoso.com domain)
Add-AvailabilityAddressspace -Forestname Contoso.com -Accessmethod OrgWideFB -Credential:$a
If you choose to configure cross-forest availability with trust, and choose to use a service account (instead of specifying organization-wide or per-user credentials), you need to run the following command in the target forest to give Client Access servers in the source forest permission to serialize original user context.
To use the Exchange Management Shell to configure trusted cross-forest availability with a service account
Run the following command to configure trusted cross-forest availability with a service account:
Copy CodeGet-ClientAccessServer Add-ADPermission -Accessrights Extendedright -Extendedright "ms-Exch-EPI-Token-Serialization" -User "\Exchange servers"
Exchange 2007 and Exchange 2003 Cross-Forest Availability
For Outlook 2007 and Exchange 2007 users to view the free/busy information of Exchange Server 2003 users in another forest, you must configure the Availability service by using the Add-AvailabilityAddressSpace cmdlet. You will only need to run this command once on any server in the Exchange 2007 forest.
To use the Exchange Management Shell to configure Exchange 2007 and Exchange 2003 cross-forest availability
Run the following command to set public folder free/busy availability:
Copy CodeAdd-AvailabilityAddressSpace -ForestName Contoso.com -AccessMethod PublicFolder
Note:
To replicate free/busy information and public folder content between Exchange organizations you must use the Microsoft Exchange Inter-Organization Replication tool. For more information about the Microsoft Exchange Inter-Organization Replication tool, see Microsoft Exchange Server Inter-Organization Replication.
How to Configure the Availability Service for Cross-Forest Topologies
Applies to: Exchange Server 2007, Exchange Server 2007 SP1 Topic Last Modified: 2007-03-28
This topic explains how to use the Exchange Management Shell to configure the Availability service for cross-forest topologies. The Availability service improves information workers' free/busy data by providing secure, consistent, and up-to-date free/busy information to computers that are running Microsoft Office Outlook 2007. By default, this service is installed with Microsoft Exchange Server 2007. In cross-forest topologies where all connecting client computers are running Outlook 2007, the Availability service is the only method of retrieving free/busy data.
Note:
You cannot use the Exchange Management Console to configure the Availability service for cross-forest topologies.
You can use the Availability service in cross-forest topologies across trusted or untrusted forests. The type of free/busy information is determined by whether the cross-forest free/busy data is configured as a per-user or an organization-wide service. Per-user free/busy information is possible only in a trusted cross-forest topology and makes it possible for the Availability service to make cross-forest requests on behalf of a particular user. This also allows a user in a remote forest to grant detailed free/busy information to a cross-forest user.
However, with organization-wide free/busy data, the Availability service can make cross-forest requests only on behalf of a particular organization. With organization-wide free/busy data, a user's default free/busy information is returned, and it is not possible to control the level of free/busy information that is returned to users in the other forest.
Configuring Windows for Cross-Forest Topologies
To configure Microsoft Windows for a cross-forest topology, you must install and configure GAL Synchronization (GALSync). For complete information about how to install and configure the GALSync feature in Microsoft Identity Integration Server (MIIS) 2003, see the following resources:
Microsoft Identity Integration Server 2003 Scenarios
Microsoft Identity Integration Server 2003
If you are running Office Outlook 2003 or earlier, you must use the Microsoft Exchange Inter-Organization Replication tool to synchronize free/busy data across multiple forests. For more information about the Microsoft Exchange Inter-Organization Replication tool, see Microsoft Exchange Server Inter-Organization Replication.
Before You Begin
To run the Get-ClientAccessServer cmdlet, the account you use must be delegated the following:
Exchange View-Only Administrator role
To run the Add-ADPermission cmdlet, the account you use must be delegated the following:
Exchange Organization Administrator role
To run the Add-AvailabilityAddressSpace cmdlet, the account you use must be delegated the following:
Exchange Organization Administrator role
To run the Set-AvailabilityConfig cmdlet, the account you use must be delegated the following:
Exchange Organization Administrator role
For more information about permissions, delegating roles, and the rights that are required to administer Exchange Server 2007, see Permission Considerations.
Procedure
To use the Exchange Management Shell to configure per-user free/busy data in a trusted cross-forest topology
On a Client Access server in the target forest, run the following commands to configure the Availability service for per-user free/busy data:
Copy CodeGet-ClientAccessServer Add-ADPermission -Accessrights Extendedright -Extendedrights "ms-Exch-
EPI-Token-Serialization" -User "
On the local Client Access server in the source forest, run the following command to define the access method and associated credentials:
Copy CodeAdd-AvailabilityAddressSpace -Forestname ContosoForest.com -AccessMethod PerUserFB -UseServiceAccount:$true
Note:
To configure bidirectional cross-forest availability, repeat these steps in the target forest.
For detailed syntax and parameter information, see the following cmdlet reference topics:
Get-ClientAccessServer
Add-ADPermission
Add-AvailabilityAddressSpace
Set-AvailabilityConfig
To use the Exchange Management Shell to configure organization-wide free/busy data in an untrusted cross-forest topology
On a Client Access server in the target forest, run the following command to set the organization-wide account on the availability configuration object to configure the access level for free/busy information:
Copy CodeSet-AvailabilityConfig -OrgWideAccount "Contoso.com\User"
Run the following commands to add the Availability address space configuration object for the source forest:
Copy Code$a = get-credential (Enter the credentials for organization-wide user in Contoso.com domain)
Add-AvailabilityAddressspace -Forestname Contoso.com -Accessmethod OrgWideFB -Credential:$a
If you choose to configure cross-forest availability with trust, and choose to use a service account (instead of specifying organization-wide or per-user credentials), you need to run the following command in the target forest to give Client Access servers in the source forest permission to serialize original user context.
To use the Exchange Management Shell to configure trusted cross-forest availability with a service account
Run the following command to configure trusted cross-forest availability with a service account:
Copy CodeGet-ClientAccessServer Add-ADPermission -Accessrights Extendedright -Extendedright "ms-Exch-EPI-Token-Serialization" -User "
Exchange 2007 and Exchange 2003 Cross-Forest Availability
For Outlook 2007 and Exchange 2007 users to view the free/busy information of Exchange Server 2003 users in another forest, you must configure the Availability service by using the Add-AvailabilityAddressSpace cmdlet. You will only need to run this command once on any server in the Exchange 2007 forest.
To use the Exchange Management Shell to configure Exchange 2007 and Exchange 2003 cross-forest availability
Run the following command to set public folder free/busy availability:
Copy CodeAdd-AvailabilityAddressSpace -ForestName Contoso.com -AccessMethod PublicFolder
Note:
To replicate free/busy information and public folder content between Exchange organizations you must use the Microsoft Exchange Inter-Organization Replication tool. For more information about the Microsoft Exchange Inter-Organization Replication tool, see Microsoft Exchange Server Inter-Organization Replication.
Assinar:
Comentários (Atom)