Archive for July, 2008

Cluster Administration from PowerShell and the Infamous Back Tick

Of course we all know by now how powerful PowerShell is. “It slices, it dices, it makes julienne fries, whatever those are!” to quote Ron Popeil

One of the cool things with PowerShell is that you can call some external programs. While waiting for some hardware to arrive on a project, I was scripting the setup of a two node Single Copy Cluster (SCC) install of Exchange 2007. One thing you want to do with an Exchange SCC cluster in 2007 is assign dependencies for resources. Say you have a mailbox database called “First Storage Group/Mailbox Database”, and it resides on the cluster resource called “Disk S:”. Well, when the cluster starts up, it should wait for “Disk S:” to be online before trying to bring the “First Storage Group/Mailbox Database” resource online. It only makes sense, right?

Back to my project. So I’m able to script the creation of the storage groups using something like

New-StorageGroup SG1 -SystemFolderPath G:\SG1 -LogFolderPath K:\SG1

from there, I create a new database

New-MailboxDatabase -Name DB1 -StorageGroup SG1 -EdbFilePath G:\SG1

I set some configuration on the new database

get-mailbox | set-mailboxdatabase -DeletedItemRetention 14.00:00:00 -MailboxRetention 30.00:00:00 -IssueWarningQuota unlimited -ProhibitSendQuota unlimited -ProhibitSendReceiveQuota unlimited -PublicFolderDatabase "Second Storage Group\Public Folders" -RetainDeletedItemsUntilBackup:$true -MountAtStartup$true

Life is good. Now, I need to assign the cluster dependencies for the new database resource. But first, the database needs to be unmounted to assign the dependency. So, we precede the cluster command with:

get-mailboxdatabase | dismount-database

Then we can do the dependencies. From a command prompt,

Cluster cluster1 res "SG1/DB1 (MbxCluster1)" /AddDep:"Disk S:"

would work beautifully. It would assign the “Disk S:” cluster resource as a dependency for the new database. But PowerShell wouldn’t accept that syntax, telling me

“Too many command line parameters have been specified for this operation…”

Seems PowerShell doesn’t like the special characters there, and they need to be escaped with a back tick (on an English keyboard, that’s the key to the left of the “1″). After some noodling around, and the help of Ross and Scott, this seems to work:

Cluster cluster1 res ` "SG2`/DB3 `(MbxCluster1`) `" `/adddep: `"Disk S: `"

Not the cleanest of lines, but I’m able to keep everything within a single PowerShell script. Normally, I would have given up and just manually done the dependency configuration, except that this project will involve dozens of databases, and, like many engineers, I’m lazy. Plus, I should know this limitation for the future, as it streamlines the setup of the cluster.

We can now mount the databases with

get-mailboxdatabase | mount-database

I use those broad commands to essentially handle all of the databases, since the script sets them all up at the same time.

Note: I know, we should not have databases with no quota limits on them. But this is a GroupWise to Exchange 2007 migration. So I leave them unlimited till the migration is complete (to avoid migration problems), and then I’ll clamp them down for safety.

As you can see, we can essentially setup all of the SGs and DBs, and assign the cluster config all from within PowerShell. If you’re looking for a great book on PowerShell for Exchange 2007, check out Professional Windows PowerShell for Exchange Server 2007 Service Pack 1 @ It’s an easy read, but quite informative.

New Rollups for Exchange 2007 Released

Microsoft has released the following update rollups for Exchange Server 2007:

The above update rollups will also be released to Microsoft update, but there is no ETA at this time.

Fixes for security issue

A security issue has been identified in Exchange Server 2007 as documented in

If you’re running Exchange Server 2007 RTM, you need to apply Update Rollup 7 for Exchange 2007 RTM to address the security issue.

If you’re running Exchange Server 2007 SP1, you need to apply Update Rollup 3 for Exchange 2007 SP1 to address the security issue.

Remember, you only need to download the latest update for the version of Exchange that you’re running. RTM updates can’t be installed on SP1 and vice versa.

Update: Here is a list of the fixes included in rollup 3:

  1. 937436 Error message when an Exchange 2007-based user sends a meeting request to a resource that is located in a Lotus Domino resource reservation database: “Error autoprocessing message
  2. 941770 How to disable the “Sent by Microsoft Exchange Server 2007” branding sentence in an Exchange Server 2007 DSN message
  3. 945453 You cannot log on to Outlook Web Access in an Exchange Server 2007 environment, and you receive an error message: “HTTP Error 403.4
  4. 947573 It takes a long time for the Exchange Management Console to load in an Exchange Server 2007 organization that was deployed in a multiple-domain environment
  5. 949206 The e-mail address of a contact does not appear in the Outlook Address Book after you use Exchange Web Services to edit the contact in Exchange Server 2007 with Service Pack 1
  6. 949549 Error message when you import a .pst file by running the Import-Mailbox cmdlet in Exchange Server 2007: “Unable to make connection to the server
  7. 949778 The icons that represent TIFF attachments may not be shown correctly if the e-mail message is viewed by using Outlook Web Access 2007 in an Exchange Server 2007 environment
  8. 950153 A storage group may not mount after you move the resources from the active node to the passive node while the backup is in progress in Exchange Server 2007
  9. 950674 Web services sends meeting request information that has an incorrect time if a delegate modifies an appointment in an Exchange Server 2007 environment
  10. 951263 The heading of the “State” column is translated incorrectly in the German version of the Exchange Management Console in Exchange Server 2007
  11. 951293 Error message when you enter logon credentials after an Outlook Web Access session times out in Exchange Server 2007: “Server Error in ‘/ExchWeb/bin’ Application
  12. 953539 The W3wp.exe process may intermittently stop responding, and event ID 1000 is logged in Exchange Server 2007 Service Pack 1
  13. 950120 You cannot control the behavior of attachments on mobile devices by using the ActiveSync policy in Exchange Server 2007 Service Pack 1
  14. 951094 You cannot run the New-X400AuthoritativeDomain cmdlet successfully in an Exchange Server 2007 environment if an X.400 address contains a space character
  15. 953747 MS08-039: Vulnerabilities in Outlook Web Access for Exchange Server could allow elevation of privilege
  16. 950930 You cannot resolve a sender name or a recipient name when the name belongs to an alternative domain tree in Exchange Server 2007
  17. 950758 OVA announces “Unrecognized caller” in an Exchange Server 2007 environment even though Outlook and Outlook Web Access correctly resolve the caller address
  18. 951563 External e-mail message senders receive an NDR when you select the Turkish language setting on a computer that is running Exchange Server 2007 Service Pack 1

Also, several people have had problems installing rollup 3. Make sure when you install it, you use an account with appropriate rights. It’s a good idea to use the account used when Exchange was installed. In some instances, if the account you’re using doesn’t have sufficient rights, the rollup might still say it installed completely, and the logs may even verify this. But it might not be the case. updateowa.ps1 needs local admin rights and at least the rights to read the AD down to the Exchange Object level. servicecontrol.ps1  needs to query the AD to discover the roles installed on the server. Reinstalling this rollup with the correct account generally resolved the problem. Thanks to Scott Schnoll for notifying us of this.

Installation Notes:

If you haven’t installed Exchange Server yet, you can use the info at Quicker Exchange installs complete with service packs and rollups to save you some time.

Microsoft Update can’t detect rollups for Exchange 2010 servers that are members of a Database Availability Group (DAG). See the post Installing Exchange 2010 Rollups on DAG Servers for info, and a script, for installing update rollups.

Update Rollups should be applied to Internet facing Client Access Servers before being installed on non-Internet facing Client Access Servers.

If you’re installing the update rollup on Exchange servers that don’t have Internet access, see “Installing Exchange 2007 & 2010 rollups on servers that don’t have Internet access” for some additional steps.

Quicker, Easier Exchange Installs, Complete with Service Packs and Rollups!

Update 02-25-2010: The method defined below is NOT supported for UPGRADING servers, such as new service packs and rollups. This method is ONLY for NEW installations.

Note: The Service Packs and Update Rollups mentioned here are no longer current, but the process is still the same. Simply substitute the latest SP and UR packages when using this process.

One of the very slick features built into the setup routines of Exchange Server 2007 is the ability to install Exchange with service packs and rollups already applied. Microsoft has previously provided this feature in operating system installations via it’s slipstreaming process, but the Exchange 2007 method is even easier.

The Exchange Server 2007 Service Pack 1 download is a full install, so you can install Exchange directly from that download, instead of having to install Exchange first, then the service pack. This alone will save you some time. But we can shorten this up further by incorporating the latest Rollup package into the install as well.

When you look at the file structure of an Exchange 2007 RTM DVD, you see something like:


But when you download the SP1 file and expand it, you’ll notice that the \UM and \Forefront folders don’t exist. That’s because those components are not part of the SP1 download. The SP1 Unified Messaging language packs are available as a separate download. Due to their size, I can certainly understand why Microsoft provides them as separate downloads. You can also download an updated version of Forefront including the latest service pack via a separate download. The rest of the file is a full, complete set of Exchange installation

The clue here is the \Updates folder. The latest rollup, which, as of this time is Service Pack 1 Rollup 2, can be installed at the same time by placing the rollup .msp file in the \Updates folder of your installation point. By doing that, the setup routine will automatically apply the rollup as it installs Exchange.

If you’re doing unattended installations, you can also specify the directory containing updates using the /UpdatesDir switch. For more information on unattended installs, see How to Install Exchange 2007 in Unattended Mode

If you do a lot of Exchange installs, you might want to put together a full DVD by downloading the SP1 file, the rollup file, Forefront, and the UM language packs and tossing them onto a DVD or thumbdrive, recreating the original folder structure. An interesting note in that the Exchange autoplay program checks for the existence of the Forefront folder to determine if the install option should be displayed on the menu.

I also include the 32bit SP1 download so I can install the management tools on workstations, as well as the 32 and 64 bit versions of the prerequisites, .Net Framework 2.0 Service Pack 1 (32 bit)(64 bit), Management Console 3.0 (32 bit), and PowerShell. This gives me a full set of everything needed to install Exchange server, right on a thumbdrive, without having to resort to lengthy downloads.

As we can see, we don’t need to sit and watch the blue bars go by as we wait for files to download. We can speed up the time it takes to deploy Exchange.

One Liners: Exporting Distribution List Membership to Excel

July 3, 2008 13 comments

Exchange 2013 logo 128x128At least three times in the past couple of weeks, I’ve been asked how to dump the members of a DL to Excel for reporting.

Fortunately, it’s a very simple task using two PowerShell cmdlets, Get-DistributionGroupMember and Export-Csv.

Remember than in PowerShell, we can pipe the results of one command as input into another. So first, we get the membership of a list, then we send it to the CSV file for Excel. What we wind up with is:

Get-DistributionGroupMember -identity "testdl" | Export-Csv C:\MyFile.Csv

Where testdl is our distribution group, and myfile.csv is the resulting CSV file.

We can clean that up a little by using the -NoTypeInformation switch during the export-csv cmdlet so that we don’t get the top line of type information.

Get-DistributionGroupMember -identity "testdl" | Export-Csv C:\MyFile.Csv -NoTypeInformation

That gives us a nice clean CSV file that we can then further manipulate as needed in Excel.

If you’d like to learn a lot more about PowerShell and Exchange 2007, check out Professional Windows PowerShell for Exchange Server 2007 SP1 from Wrox. It’s a great reference book.

ISA 2006 SP1 Released – Now Supports SAN Certificates!

Not really Exchange related, per se, but Microsoft has released Service Pack 1 for Internet Security and Acceleration (ISA) 2006. The one feature that was greatly anticipated by those using Exchange 2007 is support for Subject Alternative Name certificates.

Previously, ISA 2006 could only support the common name (CN), or the first alternative name in a SAN cert. Now, we can leverage all of the names in the cert.

See KB article 943462 for more information on the service pack and the download page to grab the bits.