I recently decided to move my personal domain (cgoosen.com), to Microsoft Exchange Online and I thought it would be appropriate to share my experience. I had previously been using my web hosting providers mail service and when I starting having some unusual mail delivery problems I took that as a sign to do what I have been meaning to do for some time now.

Microsoft Exchange Online is Microsoft's own hosted enterprise messaging solution based on Microsoft Exchange Server 2007. There are a number of reasons why I chose Exchange Online instead of just going with an Exchange Server based solution from a Microsoft partner, the main reason is that I anticipate this solution will continue to grow in popularity, especially once it is upgraded to Exchange 2010 and more organizations start making use of “Hybrid” installations.

I live in Australia, which meant that I had to purchase my Exchange Online services from Telstra Business instead of going directly to Microsoft. Once I had signed up, I was sent a link to the Microsoft Online admin panel.

At this point, the only Telstra involvement is that they are billing me around $3.50 US per month more that if I was able to go direct to Microsoft and I personally don’t see the value they are adding. Just my opinion!

Once I had signed in, I was presented with a list of “Tasks I need To Do”

The first step is to “Add your domain to Microsoft Online Services”. You also need to decided if you would like Exchange Online to be authoritative for your domain or not.

As you would expect, you need to validate that you actually own that domain, this is done by creating a DNS CNAME record on your primary DNS server. Mine only took a couple of minutes.

The next step is to enable inbound messaging and change your MX record.

The final step is to create some user accounts and assign services to them. The services available depend on the licenses you have purchased.

User accounts can be created manually of if you have a large amount of accounts to create, these can be imported from a .CSV file. There are sample and template .CSV files available for download if you are unsure of the format.

The entire process was so simple and I was up and running in less than 30 minutes. I would recommend keeping your existing mailboxes in place for at least 48 hours to allow the new MX record to full replicate.

In Part 1 of the series I talked about Forefront Threat Management Gateway (TMG) 2010 and how it allows administrators to consolidate their perimeter infrastructure into a single, secure point of entry for email and other messaging related services.

In this part of the series, it’s time to start getting our hands dirty so to speak and start the installation process. Microsoft recommends the following installation order:

1. Install Active Directory Lightweight Directory Services (AD LDS).
2. Install the Exchange Server Edge Transport Transport role.
3. Install Forefront Protection 2010 for Exchange Server.
4. Install TMG 2010

In Part 2, we will start by installing Exchange Server Edge. For more information, on the minimum system requirements, see Microsoft TechNet

To get started, I have already installed Windows Server 2008 R2.

It is important to ensure that you have a Primary DNS suffix set, to set this,

1. Right-click My Computer, and then click Properties. The System Properties dialog box will appear.
2. Click the Computer Name tab.
3. Click Change. The Computer Name Changes dialog box will appear.
4. Click More. The DNS Suffix and NetBIOS Computer Name dialog box will appear.
5. Enter the appropriate DNS suffix for the domain.
6. Select the Change primary DNS suffix when domain membership changes check box.
7. Click OK to save the changes, and then click OK to exit the Computer Name Changes dialog box.
8. Click OK to close the System Properties dialog box, and then restart the computer for the change to take effect.

The first step is to install Active Directory Lightweight Directory Services (AD LDS), I have elected to do this via the “Add Roles Wizard” in “Server Manager”. If you do not already have .NET Framework 3.5.1 installed, it will prompt you to install this feature as well.

Once this part of the installation has completed, it is time to install the Exchange Server Edge Transport Role. Once you launch Exchange Server 2010 setup, you can click Step 3 and choose your Exchange language option, I’m going to be installing only languages on the DVD. Then click “Step 4: Install Microsoft Exchange”

Read the introduction window of the setup wizard and click “Next”. Read and accept the License Agreement and click “Next” again. Make your selection on the “Error Reporting” window and Click “Next”. Select “Custom Exchange Server Installation” on the “Installation Type” window, verify the installation path and click “Next”

On the “Server Role Selection” window, select “Edge Transport Role”

Read about the “Customer Experience Improvement Program” and make your selection about joining. Then click “Next”  Verify that all Readiness Checks are successful and click “Install” to proceed with the installation.

Once the installation process completes successfully, click “Finish”

To summarise, in this part of the series I prepared a Windows Server 2008 R2 server by firstly ensuring that it had a Primary DNS suffix set, and installed Active Directory Lightweight Directory Services (AD LDS) and .NET Framework 3.5.1. I then proceeded to install the Exchange Server Edge Transport Role.

In Part 3 I’ll install Forefront Protection 2010 for Exchange Server.

November 2009 was an exciting time.. not only did I turn another year older, but, Microsoft launched both Exchange Server 2010 and Forefront Threat Management Gateway (TMG) 2010. Both of these products were eagerly awaited and while the new features and great benefits of Exchange Server 2010 have already been (and will continue to be!) discussed, I am excited to talk about how TMG 2010 now allows administrators to consolidate their perimeter infrastructure into a single, secure point of entry for email and other messaging related services.

What is Forefront Threat Management Gateway (TMG) 2010? TMG is essentially the next generation of ISA server (we’ve all come to know and love ISA 2006 since it’s release in late 2006) but with a few fantastic changes. The first of these is that, as with Exchange Server, it is 64bit only. Other new features include URL Filtering, Web antivirus/anti-malware protection and many more.

I mentioned earlier in the introduction that TMG 2010 allows administrators to consolidate their perimeter infrastructure into a single, secure point of entry, this is done by combining with a couple of other great technologies. It is now possible to install Exchange Edge, Forefront Protection for Exchange Server (FPES) and TMG 2010 on the same server. Management of the Exchange Server Edge, FPES  and TMG 2010 services are all integrated into the TMG Management console greatly reducing management complexity and overhead.

In this 6 part series, I’ll go through the process of installing Exchange Server Edge, FPES and TMG 2010 on the same server. The series will consist of the following posts:

• Part 1 – The Introduction
• Part 2 – Installing Exchange Server Edge
• Part 3 – Installing Forefront Protection 2010 for Exchange Server
• Part 4 – Installing Forefront Threat Management Gateway 2010
• Part 5 – Putting it all together
• Part 6 – Publishing Outlook Web App

This series is intended to be a detailed “how to” so I’ll make use of a lot of screen shots of each of the steps of the process. There are many areas (especially when configuring Exchange Server) where making use of the Powershell or Exchange Management Shell (EMS) may be quicker, but I have opted to use the MMC throughout.

Here is a brief overview of the environment I’ll use throughout this series, the environment is my lab environment. Here is a high level diagram of the environment, I’ll discuss each server in a little more detail below:

tltmg01.testlab.local: Windows 2008 R2 x64 with 2 NICS (Internal & External) – This is the Forefront TMG 2010 server with Exchange Server 2010 Edge and Forefront Protection 2010 for Exchange Server installed.

tlex01.testlab.local: Windows 2008 R2 x64 – This is the Exchange 2010 Hub Transport and Client Access server.

tlex02.testlab.local: Windows 2008 R2 x64 – This is the Exchange 2010 Mailbox server

tldc01.testlab.local: Windows 2008 x64 – This is a Domain Controller and Global Catalog. This server also acts as a DNS server and is the Enterprise Root Certificate Authority.

Some things to look out for.. there are a few important things to look out for when deploying this solution for the first time, there are:

• Time Sync – make sure the time on your Exchange servers and TMG/Exchange Edge is perfectly in sync
• DNS – Mis-configuring DNS is a very common mistake in ISA/TMG deployments. There are many schools of thought here, but regardless of which one you follow, it is important to note that DNS entries are not NIC specific so make sure you assign a DNS server to either the internal OR external NIC. Your TMG/Exchange Edge server must be able to resolve names internally either through DNS or host entries
• Workgroup – Since we will be installing Exchange Server Edge, our TMG server will NOT be a domain member. It is important to put sufficient thought into how you will configure authentication for both reverse and forward proxy since AD authentication will not work
• Primary DNS suffix – The TMG/Exchange Edge will need it’s Primary DNS suffix manually set as it will not be a part of the domain

Just a short post, hope this will help someone by making Exchange 2010 even easier to deploy. Open Powershell with elevated rights and run the following 3 cmdlets:

• Import-Module ServerManager
• Add-WindowsFeature NET-Framework,RSAT-ADDS,Web-Server,Web-Basic-Auth,Web-Windows-Auth,Web-Metabase,Web-Net-Ext,Web-Lgcy-Mgmt-Console,WAS-Process-Model,RSAT-Web-Server,Web-ISAPI-Ext,Web-Digest-Auth,Web-Dyn-Compression,NET-HTTP-Activation,RPC-Over-HTTP-Proxy –Restart
• Set-Service NetTcpPortSharing -StartupType Automatic

Microsoft yesterday published Microsoft Security Bulletin MS10-024. This security update resolves one publicly disclosed vulnerability and one privately reported vulnerability in Microsoft Exchange and Windows SMTP Service. The more severe of these vulnerabilities could allow denial of service if an attacker sent a specially crafted DNS response to a computer running the SMTP service.

KB976323 provides detailed information on the security update for Windows SMTP Service, for Exchange Server specific information, see the following links:

• For Exchange 2000 Server see KB976703 or download here
• For Exchange Server 2003 SP2 see KB976702 or download here
• For Exchange Server 2007 SP1 see KB981407 - Update Rollup 10 or download here
• For Exchange Server 2007 SP2 see KB981383 - Update Rollup 4 or download here
• For Exchange Server 2010 see KB981401 - Update Rollup 3 or download here

The Microsoft Exchange Team yesterday announced the upcoming release of Exchange 2010 Service Pack 1 (SP1). As one would expect, SP1 will include fixes and tweaks including a roll-up of the roll-ups released to date. There will also be several feature enhancements, here is an overview of some of these:

• Improvements to the Multi-Mailbox Search: search preview, search result de-duplication & annotation of reviewed items.
• Outlook Web App: Improved reading experience, users will also be able to share their calendars to anonymous viewers via the web (assuming you enable this), the reading pane can be placed on the bottom or the right side.
• Mobility: Support for send-as, full implementation of conversation view, and more..
• Several new management UI enhancements including: RBAC role management in ECP, Configure MailTips in ECP, Configure Transport Rules in ECP, Configure Database Availability Group (DAG) IP Addresses and Alternate Witness Server in EMC, Recursive public folder settings management (including permissions) in EMC

While these are all great feature improvements, I thought I would call out the two that I am very excited about. There are two things that always come up when I talk to customers about Exchange Server 2010 and the integrated archiving capabilities. The first is the lack of ability to provision a user's personal archive to a different mailbox database from their primary mailbox. The second is that users are unable to access their personal archives from Outlook 2007. The good news is that SP1 will enable the support of both these. Thanks guys!

Exchange 2010 SP1 is due for release later this year.

Microsoft have announced official support for the Microsoft Office Communications Server 2007 R2 member server role on a server that has a Windows Server 2008 R2 operating system installed. Now for the fine print.. the following scenarios are currently not supported on Windows Server 2008 R2:

• Group Chat will not function in a Windows 2008 R2 forest or when Group Chat member servers are joined to a Windows 2008 R2 domain. Some issues with changes in Windows 2008 R2 require a Group Chat Client and Group Chat Admin Tools hotfix, scheduled for mid-April 2010.
• Deploying Group Chat on Windows 2008 R2 is currently not supported.
• Upgrading the operating system to Windows Server 2008 R2 for an existing installation of OCS 2007 R2 is not supported.
• Installing 32-bit OCS 2007 R2 administration tools on 64-bit Windows 2008 R2 is not supported.Development with Speech Server 2007 Developer Edition and deployment of the Speech Server 2007 role are not supported on Windows Server 2008 R2.

For more information, see KB 982021

Exchange 2010 includes improvements in performance, reliability, and high availability that enable organizations to run Exchange on a wide range of storage options. Building on improvements to disk input/output (IO) that were introduced in Exchange 2007, the latest version of Exchange requires less storage performance and is more tolerant of storage failures.

The Microsoft Exchange Team recently posted the “Top 10 Exchange Storage Myths” and I thought I would share a lot of that excellent content here

Myth #1: Exchange requires expensive, high-performing storage . I can't afford large mailboxes!
Reality: Exchange 2010 enables you to implement large, low-cost mailboxes. It performs well on less expensive disks and supports a range of storage options. See the Large Mailbox Vision Whitepaper.

Myth #2: Exchange 2010 doesn't support storage area networks (SANs).
Reality: Exchange 2010 doesn't support network-attached storage (NAS) (maybe the similar spelling confuses people ?), but it does support a large range of storage options including SAN and DAS. Depending on your high availability model, storage can be configured using RAID or RAID-less (JBOD) storage. Different customers will require different solutions based on their requirements, but everyone has the ability to deploy large mailboxes at low cost.

Myth #3: I already have a SAN (or I just bought one), so it doesn't make sense to implement DAS. By the way, my SAN can use those less expensive SATA disks too.
Reality: This one is not really a myth, but it is often misunderstood. SAN deployment may make sense for customers as long as you are able to deploy large mailboxes at low cost. Remember that Exchange supports a range of storage options including SAN and DAS. If you are looking to take advantage of multiple independent copies of databases, then consider the full cost of your storage solution.

Myth #4: JBOD configurations are not practical because the re-seed process after a disk failure takes too long, and this generates too much operational overhead.
Reality: Microsoft IT uses a JBOD configuration very successfully and it can be a very low cost solution. However, a level of operational maturity is required to manage the environment appropriately. There are a multitude of factors that can affect seeding throughput rates, and internally in our JBOD architecture we see between 35-70 GB/hour.

Myth #5: Large mailboxes perform badly with Outlook.
Reality: Exchange 2010 supports up to 100,000 items per folder, up from 20,000 in Exchange 2007. In addition to this, Outlook 2007 SP1 Feb09 update, Outlook 2007 SP2 & Outlook 2010 provide good performance for Cached Exchange Mode for mailboxes up to 10 GB in size, and even larger (25GB) using faster disks like 7.2K drives or SSD. Larger Mailboxes? The Exchange 2010 store was improved to support very large mailboxes (100 GB+) in online mode and with OWA. You can also use the Exchange 2010 personal archive to reduce mailbox size for Cached Exchange Mode clients.

Myth #6: When I migrate to Exchange 2010 my database size will explode because Exchange 2010 doesn't have single instance storage (SIS).
Reality: Exchange storage planning guidance has always dictated designing the storage without SIS in mind. SIS reduces Exchange Server's ability to do sequential data access, and the changes made help to provide the 70% IO reduction. Exchange 2010 does provide 20% database compression for HTML/Plain Text Messages. For more details about Exchange 2010 and SIS, see previous post — Dude, Where's My Single Instance?.

Myth #7: My Exchange guy knows nothing about storage - it needs to be managed by the storage experts. Less expensive storage is too hard/time-consuming/expensive to manage.
Reality: We know from the many organizations we have talked to who are using DAS (including Microsoft's own deployment), that they have not needed any additional people to manage less expensive exchange storage, nor have they increased their operational costs. When storage is expensive, you can spend a lot of time and resources optimizing for your storage investment. Using less expensive storage enables you to take a conservative approach and enables you to over-provision. The storage is then never touched except for firmware/driver updates or disk failures. You can use server management staff to manage the storage since the tasks are very similar (driver, firmware updates).

Myth #8: I can't backup large Exchange databases.
Reality: With the ability to have multiple copies of each database, along with features such as single item recovery and lagged copy support, you might not need to use traditional backups. You can also look at reducing the number of backups to weekly or bi-monthly full backups, you can backup from passive database copies, and you can use DPM "express" backups to save space.

Myth #9: We need a 3rd party archiving solution because Exchange data needs expensive storage and we need to put archived data on less expensive storage.
Reality: You can put all Exchange data on less expensive storage, not just the archive data. Co-locate hot and cold data to efficiently utilize large low cost disks and simplify management by using a single storage type.

Myth #10: All Exchange storage designs must follow the Exchange Mailbox Role Requirements Calculator verbatim, otherwise they will not be supported.
Reality: The Exchange Mailbox Role Requirements Calculator (Exchange 2010 / Exchange 2007) provides design guidelines but does not have anything to do with supportability. The Exchange Solution Reviewed Program (ESRP) - Storage also has information from our storage partners.

For more information on large mailboxes, be sure to check out the Large Mailbox Vision Whitepaper.

The last three weeks have seen the release of a couple of update rollups. The first of these was Update Rollup 2 for Exchange Server 2010 RTM.  Article ID: 979611 describes all issues that the update rollup fixes.

Article ID: 979784 describes Update Rollup 3 for Exchange Server 2007 Service Pack 2 which was released on 18/03/2010. This update rollup does not apply to Exchange Server 2007 RTM or to Exchange 2007 Service Pack 1. The series of update rollup packages for Exchange Server 2007 SP2 is independent of the corresponding series of update rollups for Exchange Server 2007 RTM or Exchange 2007 SP1. For a list of update rollups that apply to Exchange Server 2007 RTM or to Exchange Server 2007 SP1, see How to Obtain the Latest Service Pack or Update Rollup for Exchange 2007

Important information for customers who install the update rollup on computers that are not connected to the Internet:

When you install the update rollup on a computer that is not connected to the Internet, you may experience long installation times. Additionally, you may receive the following message:

"Creating Native images for .Net assemblies."

This behavior is caused by network requests that connect to the http://crl.microsoft.com/pki/crl/products/CodeSigPCA.crl Web site. The network requests look up the certificate revocation list for each assembly that native image generation (NGen) compiles to native code. However, the Exchange Server is not connected to the Internet. Therefore, each request must wait to time-out before it moves on. To fix this problem, turn off the “Check for publisher’s certificate revocation” security option on the server that is being upgraded. To do this, follow these steps:

1. In Internet Explorer, select Tools, select Internet Options, and then click the Advanced Tab.
2. In the Security section, click to clear the Check for publisher's certificate revocation check box.
3. Click OK to close the Internet Options dialog box.

When setup is complete, recheck the “Check for publisher’s certificate revocation” check box.

Microsoft recently released the Exchange Pre-Deployment Analyzer. The Exchange Pre-Deployment Analyzer performs an overall topology readiness scan of your environment. When you run the Exchange Pre-Deployment Analyzer, it provides a detailed report that will alert you if there are any issues within your organization, which could prevent you from deploying Exchange 2010.

The checks performed by ExPDA are similar to the pre-requisite checks implemented (ExBPA) in the Exchange 2010 Setup program. However, unlike Exchange 2010 setup, this tool focuses only on overall topology readiness and not the ability to run Exchange 2010 on the local computer. The scan also performs a deep analysis of each existing Exchange 2003/2007 server to verify that it has the necessary updates and configuration in-place to support Exchange 2010.

For more information about the Exchange Pre-Deployment Analyzer (ExPDA), visit The Microsoft Exchange Team blog here

To download ExPDA, click here