MSExchange.org Monthly Newsletter of September 2011 Sponsored by: Metalogix

Welcome to the MSExchange.org Newsletter by Henrik Walther, Exchange MVP, MCA: Messaging (Exchange Ranger) Apprentice, MCTS Windows Server 2008, MCITP Exchange 2007, MCSE 2003 Messaging/Security. Each month we will bring you interesting and helpful information on Exchange Server. We want to know what all *you* are interested in hearing about. Please send your suggestions for future newsletter content to: henrik@msexchange.org

Key eDiscovery Issues to Consider in 2011 written by Osterman Research

This white paper focuses on the key practices and technologies that organizations should pursue as they seek to improve their e-discovery practices and technologies.

Click here for more details and registration info

1. The Not So Well-Known OWA 2010 SP1 Failback URL Option

Welcome to the September 2011 edition of the MSE Newsletter! This month I want to talk about a not so well-known but quite cool site resilience feature that was introduced with Exchange 2010 SP1. With Exchange 2010 SP1, we have the option of configuring a so called OWA failback URL. The OWA failback URL is intended for customers that are deploying an Exchange 2010 site resilient solution with at least two Internet-facing datacenters and that provide OWA access from the Internet.

Those of you who have read my Designing a Site Resilient Exchange 2010 Solution and Planning, Deploying, and Testing an Exchange 2010 Site-Resilient Solution sized for a Medium Organization series may have noticed that, I didn't really talk much about the OWA Failback URL feature. When it comes to the Designing a Site Resilient Exchange 2010 Solution series, the reason is simple. Exchange 2010 SP1 hadn't RTM'd back when I wrote this article. In regards to the Planning, Deploying, and Testing an Exchange 2010 Site-Resilient Solution sized for a Medium Organization, it was simply because I forgot to include it.

Since the OWA failback URL depending on the specific scenario can be quite an interesting configuration to perform in the environment, I thought it would make sense to cover it in this month's MSE Newsletter. I'll also make sure both of the above mentioned articles series will be updated with information about why and how the OWA failback should be configured in an Exchange 2010 SP1 site resilient solution that consists of at least two Internet-facing datacenters.

Why use the OWA failback URL?

So when performing a datacenter switchover from the primary datacenter to the failover datacenter, one of the steps is to update internal and external DNS records that point to the failover datacenter, so that Exchange clients connect to the failover datacenter. For more details see my Planning, Deploying, and Testing an Exchange 2010 Site-Resilient Solution sized for a Medium Organization articles series (more specifically part 12).

A time comes where the organization will want to switch Exchange services back to the primary datacenter (see part 13 of the my Planning, Deploying, and Testing an Exchange 2010 Site-Resilient Solution sized for a Medium Organization articles series for details).

As most of you probably know, changing a DNS record isn't instantaneous. That is depending on the time to live (TTL) value set for the particular DNS record, it can take several minutes or hours before the update is reflected. To work around this issue, it's recommended to configure Exchange specific DNS records with a TTL of 5 minutes. Duing so will make the DNS record update effective relative quickly depending on factors such as the DNS zone used by external clients, the AD site topology used on the internal network and the DNS client cache on the workstation used by the end-users.

When it comes to Outlook Web App (OWA), another factor to include is the Internet browser cache on internal as well as external client machines. What I mean here is that the Internet browser isn't controlled by the DNS client cache on the machine. Instead most Internet browsers have a so called browser cache. For instance, the cache time-out value for Internet Explorer is 30 minutes by default (can be changed with a registry key - for more info click here).

This means that even though the DNS cache on a client machine has been updated to point to the correct IP address after a datacenter switchover, the Internet browser may still point to the wrong IP address for up to 30 minutes after the DNS cache has been updated.

If this is the case and the end-user tries to access his mailbox using OWA, he will still be pointed to the failover datacenter and will be asked to enter his credentials. After having done so, Exchange will look up his mailbox and find out that it's active in the primary datacenter and tell him to instead use "https://primary.domain.com/owa" to access his mailbox. This is default Exchange 2010 redirect behavior between Internet-facing datacenters. The end-user will do so but because the Internet browser believes the IP address hasn't been updated, the end-user will be brought back to the failover datacenter and once again be asked to enter his credentials. Basically the end-user will have been caught in a loop until the Internet browser cache times out.

Configuring an OWA Failback URL

To rectify this rather annoying issue, you as an Exchange administrator can configure a failback URL on the OWA virtual directory (see Figure 1).

Figure 1

The FQDN used for the failback URL must be included in the Exchange UC/SAN certificate as it's used by OWA to perform an HTTPS redirect to the other datacenter.

Figure 2

To set a OWA failback URL, use the following command:

Set-OwaVirtualDirectory -Identity "EX01\OWA (Default web Site)" -FailbackUrl "https://failback-1.exchangeonline.dk/owa"

Figure 3

Remember you should configure a failback URL for both datacenters. The failback URL for the failover datacenter could for instance be named "https://failback-2.exchangeonline.dk/owa". In addition, bear in mind you must configure DNS records for the failback URLs in both external and internal DNS. Lastly, these records should never be changed during a datacenter switchover since the whole idea is to have a DNS record that hasn't been updated.

Ok so if we have configured a failback URL of "https://failback-1.exchangeonline.dk/owa" in the primary datacenter, if the end-user's Internet browser cache hasn't been updated, Exchange will detect the loop and tell the client machine to use OWA failback URL FBA page with a continue link the end-user can click on. When doing so, the OWA failback URL configured on the OWA virtual directory will be used to get the client machine to connect to the correct datacenter.

That was all I had to share with you this month!

Until later,
Henrik Walther
Technology Architect/Writer/Vendor
MCM: Exchange 2007 | MVP: Exchange Architecture

Note:
Should you have any ideas for content in future editions of the MSExchange.org newsletter, you are more than welcome to shoot me an e-mail at Henrik@msexchange.org

2. Order Henrik Walther's Exchange Server 2007 book

Key eDiscovery Issues to Consider in 2011 written by Osterman Research

This white paper focuses on the key practices and technologies that organizations should pursue as they seek to improve their e-discovery practices and technologies.

Click here for more details and registration info

3. MSExchange.org Learning Zone Articles of Interest

We have a great group of articles in the Learning Zone that will help you get a handle on your most difficult configuration issues. Here are just a few of the newer and more interesting articles:     

• Monitoring Exchange 2007 / 2010 with Powershell (Part 3)
• Product Review: Mimecast Unified Email Management 
• Enabling Forms-based Authentication for External and Internal OWA 2010 Users in Exchange 2010 published using Forefront TMG 2010 (Part 2)
• Single Item Recovery (Part 2)
• Deploying Lync Server 2010 (Part 3)
• Monitoring Forefront Protection 2010 for Exchange with Operations Manager 2007 R2
• Monitoring Exchange 2007 / 2010 with Powershell (Part 2)
• Enabling Forms-based Authentication for External and Internal OWA 2010 Users in Exchange 2010 published using Forefront TMG 2010 (Part 1)

4. KB Articles of the Month

Below you can find the Exchange 2010, 2007, and 2003 related KB articles that were published since the last MSE newsletter.

Exchange Server 2010

• "80004005-501-4B9-560" synchronization error logs are generated in the Sync Issues folder in Outlook in a Business Productivity Online Suite Dedicated environment
• An Exchange Server 2010 database is present without a backup
• Quarantined mailboxes detected on Microsoft Exchange Server 2010
• You receive the error "Junk e-mail validation error" in Outlook Web App for Exchange Server 2010
• Mailbox database will not mount on startup
• Debug Tracing is Enabled
• You cannot delete an Outlook mailbox folder that begins with a special character in its name in an Exchange Server 2010 environment
• The body of a message is shown incorrectly as an attachment if you try to use an application in an Exchange Server environment to send a message that includes attachments
• Multi-site data replication support for Exchange Server
• XADM: Non-delivery reports to a distribution list or to a public folder in Exchange server are not supported
• Services for Exchange Server 2007 or Exchange Server 2010 cannot start automatically after you install Exchange Server 2007 and Exchange Server 2010 on a global catalog server
• An event ID 1005 error message is logged, and Microsoft Exchange System Attendant does not respond
• You cannot open your mailbox on an Exchange Server 2010 server by using Outlook
• Event ID 106 is logged when you start the RPC Client Access service on Exchange Server 2010
• Error message when you import a third-party certificate into Exchange Server 2010: "The certificate status could not be determined because the revocation check failed"
• "Changes to the distribution list membership cannot be saved" error message when you try to remove members from an Exchange Server 2010 distribution list
• Exchange 2010 RTM lifecycle is ending
• 2601, 2604, and 2501 MSExchange ADAccess Event IDs when a Microsoft Exchange server restarts
• [SDP 3][b90d31e3-8043-46ce-86f0-27ce770cb224] Exchange 2010 Calendar Diagnostic Log Collector 

Exchange Server 2007

• The body of a message is shown incorrectly as an attachment if you try to use an application in an Exchange Server environment to send a message that includes attachments
• Multi-site data replication support for Exchange Server
• Troubleshooting OWA when the contents frame displays ?Loading?
• How to register Filter Pack IFilters with Exchange Server 2007
• Custom Address Lists are not shown in the GAL in Microsoft Office Outlook
• PowerShell commands for the Exchange 2007 Edge server role do not work as expected after you uninstall an update rollup or an interim update on the Edge server
• Mail flow to certain domains does not work when you run Exchange Server 2007 on a Windows Server 2008-based computer
• How to enable additional Exchange information store logging
• How can I recover items that I have "hard deleted" in Outlook?
• Error message when you try to reinstall Exchange 2007: "Could not find the default Administrative Group 'Exchange Administrative Group (FYDIBOHF23SPDLT)'"
• XADM: Non-delivery reports to a distribution list or to a public folder in Exchange server are not supported
• The Microsoft Exchange System Attendant service does not start on a computer that is running Exchange Server 2007 after you rename a Windows Server 2003 domain
• Services for Exchange Server 2007 or Exchange Server 2010 cannot start automatically after you install Exchange Server 2007 and Exchange Server 2010 on a global catalog server
• How to remove and to reinstall IIS on a computer that is running Exchange Server
• Error message when you run the "clean-mailboxdatabase" cmdlet on an Exchange Server 2007 computer by using an account that is lacking Exchange Organization Administrator permissions: "Exchange is unable to clean the database that you spe...
• An event ID 1005 error message is logged, and Microsoft Exchange System Attendant does not respond
• Resource delegates in Exchange 2007 receive all the meeting request details despite a resource configuration that intends to restrict this information
• 2601, 2604, and 2501 MSExchange ADAccess Event IDs when a Microsoft Exchange server restarts

Exchange Server 2003

• Information about the new flag in the PR_STORE_SUPPORT_MASK property that indicates support for Unicode in Outlook
• Description of the support process for issues that are related to the "Outlook is retrieving data" message in Outlook 2002 and Outlook 2003
• You cannot access your mailbox on an Exchange Server 2003 front-end server by using Entourage 2004 for Mac
• Multi-site data replication support for Exchange Server
• Event 9175: The MAPI Call 'OpenMsgStore' Failed with the Following Error
• Troubleshooting OWA when the contents frame displays ?Loading?
• How to set up a migration server for Novell GroupWise and Exchange Server 2003 or Exchange 2000 Server
• XFOR: Telnet to Port 25 to Test SMTP Communication
• How to troubleshoot connectivity issues that are caused by RPC client protocol registry entries
• How to remove Exchange Server transaction log files
• How to manage Outlook Web Access features in Exchange Server 2003
• How to defragment with the Eseutil utility (Eseutil.exe)
• How to defragment Exchange databases
• XCON: Connector Delivery Restrictions May Not Work Correctly
• XCCC: "Server Error in '/OMA' Application" Error Message When You View the Outlook Mobile Access Web Site
• The Microsoft Exchange System Attendant service may not come online if the RootVer registry value is invalid on a server that is running Exchange Server 2003
• Server ActiveSync does not download all items during a synchronization session
• Messages remain in an outbound queue until a non-delivery report is generated when you send e-mail to a remote domain
• How to enable additional Exchange information store logging
• How can I recover items that I have "hard deleted" in Outlook?
• "Access Denied" Error Message When You Try to Use Outlook Web Access
• XADM: Non-delivery reports to a distribution list or to a public folder in Exchange server are not supported
• How to remove and to reinstall IIS on a computer that is running Exchange Server
• Error c1041724 Occurs When You Try to Mount a Database on an Exchange 2003 Server
• An event ID 1005 error message is logged, and Microsoft Exchange System Attendant does not respond
• Mail flow stops when you install the Microsoft POP3 Service on a server that is running Exchange Server 2003
• Exchange Server 2003 and Exchange 2000 Server information store maintenance and online defragmentation
• Event ID 9320 is logged when you generate an offline address book on a server that is running Exchange Server 2003 Service Pack 2
• A user receives an NDR that contains a 5.2.1 status code when the user tries to send an e-mail message to a public folder in Exchange Server 2003
• Exchange Server 2003 update rollup for Process Flow Documentation
• After you configure the Jerusalem time zone settings to match the transition dates for daylight saving time, meetings are moved ahead by one hour when a user accepts a meeting request by using a CDO program in Exchange Server 2003
• A software update for the Safe HTML filtering feature is available to enable you to use the POST method in HTML forms in Outlook Web Access for Exchange Server 2003
• How to change SMTP port 25 to another port in Microsoft Exchange Server
• How to troubleshoot missing and duplicate appointments in Outlook

Key eDiscovery Issues to Consider in 2011 written by Osterman Research

This white paper focuses on the key practices and technologies that organizations should pursue as they seek to improve their e-discovery practices and technologies.

Click here for more details and registration info

5. MSExchange.org News of the Month

• DAG: Beyond the "A"
• Exchange 2007 or 2010 EMC might fail to close with "You must close all dialog boxes before you can close Exchange Management Console"
• My Exchange 2010 Store is Bigger than Yours!
• ENow Releases Mailscape 4.6-providing new enhancements to help messaging administrators!
• Nominate yourself to the Office 365 Password Reset Beta
• Exchange Server 2010 SP2 and Support for Hosting Exchange
• Latest Exchange Queue & A Column in TechNet Magazine  
  

6. Ask Henrik Walther a question

QUESTION:

If you move a mailbox from a mailbox database hosted in an Exchange 2010 SP1 datacenter to a mailbox database in another datacenter and a different Client Access array is associated with each mailbox database, would you then need to manually update the Outlook profile afterwards? We have a mix of Outlook 2007 and 2010 clients.

ANSWER

So when moving a mailbox from a mailbox database with one RpcClientAccessServer value to a database with another RpcClientAccessServer value (both in-site and cross-site), the Outlook client will not be automatically updated with the new value unless the CAS server or array specified for the source database is made unavailable to the client. This is true for both Outlook 2007 and Outlook 2010.

Actually, I've seen more than once that a profile repair was necessary even though the source CAS server or array was unavailable.

This is because the RPC CA service doesn't respond with a ecWrongServer like previous versions of Exchange did.

Key eDiscovery Issues to Consider in 2011 written by Osterman Research

This white paper focuses on the key practices and technologies that organizations should pursue as they seek to improve their e-discovery practices and technologies.

Click here for more details and registration info

TechGenix Sites