exchange 2010

How to perform a Dial Tone Recovery - Exchange 2010

So lets imagine the below scenario:

"You have a single exchange server environment and all your users are on one mailbox server and the server abruptly shuts down due to some hardware issue and when it comes back up the exchange database cannot be mounted and it is in a dirty shutdown state and the log files which are required are missing..... (One messed up situation to be in right?)

But thankfully you have a full backup from last night and we can use that to restore the database but in the mean time you want users to have temporary email access so that they can at-least send and receive emails while you recover the failed database in the background and that my friends calls for a Dial tone recovery!

What I will show you is how you can recover a failed database in the background while the users have temporary access to a new database and once the old database is restored we will merge all the information together (If the last sentence does not make any sense.. doesn't matter just follow the below procedure!) 

  •  As you can see below the database by the name of "EXW" is dismounted and I don't have the log files to mount it successfully, so what I am going to do is go to the database location and copy out the files from there and also copy the log files to an alternate location (We will require the log files at a later stage)

 After the database and the log file folders are empty, try and mount the database and test email flow. So now you have a situation where the users can connect to  the server and send/receive emails but cannot access the old information, so lets work on restoring the old database from backup.

  • Create a Recovery Database using powershell with the below command

New-MailboxDatabase -Recovery -Name RecoveryDB -Server <servername> -EdbFilePath <path> -LogFilePath <path>

  • Verify that the recovery database is created and dismounted using the exchange console (Dont mount this database as yet)
  • Then go to your backup application and restore the failed database from the last good backup which was completed and re-direct the files to the newly created recovery database folder and also dont select the option to replay the log files after the restore has been completed. (We will perform the soft recovery manually)
  • After the database has been successfully restored along with the log files it will be in a "Dirty Shutdown" state you can check that by using the ESEUTIL command and also you can see the state as "Dirty Shutdown" and the Logs which are required for this database.

Eseutil /mh <drag and drop the recovered edb file in command shell>

  • Next what you need to do is replay the log files in the database to bring it to a clean shutdown but there is something else which has to be taken into account. The backup which was restored was from last night and the server crashed lets say sometime in the afternoon the following day so there would be some emails which were sent and recived after the full backup was completed and we have those log files with us (Remember in STEP 1 I asked you to copy the log files of the failed database to an alternate location)
  • So copy those log files in the location where the database was restored from backup
  • After that open up the shell and and issue the below command to perform a soft recovery

Eseutil /R E00 /l<path to the log files> /d<path to the database file> /i /a

  • Once the soft recover has been completed perform an eseutil /mh on the recovered database file and see if its in a clean shutdown (If everything went well it should be)
  •  Rename the recovered database file to the filename you have used while creating to Recovery Database in a the earlier step (I had created the recovery database with the file name as "Recover.edb")
  • Also make sure under the properties of the Recovery Database in the EMC the value for "This database can be overwritten by a restore is checked"
  • Mount the recovery database using the EMC and once it successfully mounts you can dismount it.

So now we are in a situation where the users are accessing the temporary database to send and receive email without having access to all the old information ofcourse and you have successfully restored the failed database from backup and also replayed all the log file in it upto the point of failure to get it as up to date as you possibly can.

Now what you need to do is basically switch the temporary database files and the recovery database files between each other. So go ahead and dismount the production database (The users will face and outage when you do this but if you follow what I say correctly then outage will be minimal)

  • Once the Production database is dis-mounted copy the database and the log files to a safe location on your server
  • Next rename the dismounted recovery database file which in my case is "Recover.edb" to the name which matches the production database file (Mine is Exw.Edb) and place it under the folder of the production database.
  • Mount the Production database and once completed the users can connect to it again and this time they will have access to ALMOST all the old information before the failure.
  • Now we need to merge the new information from the temporary database that we had mounted back to the production database so that the recovery process is complete.
  • Rename the temporary database file to the name of the recovery database file (In our case since we had mounted a blank database and used the file name "EXW.EDB" to act as the temporary database... we need to rename this to "RECOVERY.EDB")
  • Once you change the name of place the file in the location of the recovery database you should be able to mount it successfully
  • Now you need to merge the information and for that you are going to use to RESTORE-MAILBOX command using the EMS.

Get-Mailbox - Database EXW | Restore-Mailbox -RecoveryDatabase RDB

Once the below command has been completed you will see the below events in the application log for each user.

  • You can now dismount and delete the recovery database and run a full backup of your exchange database immediately!!  

So this ends your restoration process and you can now go ahead and continue browsing for point less information on the internet!

-Alstar

GAL Segmentation with Address Book Policy - Exchange 2010 SP2 and later

Alright today I had to work on a situation where some external client users were suppose to be given email accounts in our company with legitimate email addresses.

The only difference was that they would have their own GAL and would not be able to see all the users in the "Default Address Book" which houses all the full time employees but those project users should be visible in the default GAL. So here is what I have tested in my lab and by the looks of things it does work and here is how it is done!

First off I created 5 Project Users and placed them in a specific OU so that I could differentiate between the full time users and the project users. 

I logged on as Project User 1 using Outlook 2010 and I could see all the users in the Address Book. Please note that for the sake of this explanation Administrator and Ali Hassan are the full time employees.

CREATE NEW GAL

Now we have the setup in place lets go ahead and create a new project "Global Address List" using powershell because you cant create a new GAL using the EMC also we are going to assign the value of "ProjectX" to custom attribute 1 so that its easy to differentiate these project users.

New-GlobalAddressList "Project X" -ConditionalCustomAttribute1 "ProjectX" -IncludedRecipients "AllRecipients"

 

      CREATE NEW ADDRESS LIST

After this you will have to create a new address list where these project users will show in, you need to go under the Organisation Configuration and Mailbox --> Address Lists and create this new project "Address List"

 

 Let's name the new Address List as PROJECTX-AL


Click on browse and select your domain and leave the radio box selected as "All Recipients Types"

Now let's set the Cutom Attribute value for this address list to "PROJECTX" so that only users with the assigned custom attribute are included in this list.

Schedule the changes immediately on the following screen and finish off the creation as below.

CREATE NEW ROOM LIST

Let's go ahead and now create a new room list called "ProjectX-Rooms" for these users using EMS

New-AddressList -Name ProjectX-Rooms -RecipientFilter {(Alias -ne $null) -and (CustomAttribute1 -eq "PROJECTX") -and (RecipientDisplayType -eq "ConferenceRoomMailbox") -or (RecipientDisplayType -eq "SyncedConferenceRoomMailbox")}

        CREATE OFFLINE ADDRESS BOOK

Now it's time to create a new offline address book for these users using the GAL we created for these users a while back which was named "Project X"

New-OfflineAddressBook -Name ProjectX-OAB -AddressLists "Project X"

 

    CREATE ADDRESS BOOK POLICY

Time to finally create the New Address Book Policy calling it "ProjectX ABP" using the EMC with all the information created so far..

Assign Custom Attribute to Project User Accounts

Now we need to assign the custom attribute 1 as "ProjectX" for all the project user accounts present, now for the purposes of this tutorial I had created only 5 users so I can go to the "General Tab" on the user accounts individually and set the custom attribute to 1 but what if we had 100 users! This manual way is not the best way unless you love wasting time!

So we are going to use the shell to perform this task, you already know that all our project users are stored in a specific project users OU which makes this task a little easier.

Get-Mailbox -OrganizationalUnit "project users" | Set-Mailbox -CustomAttribute1 "PROJECTX"

The command may vary depending on your setup but I am sure you get the idea...

Apply Address Book Policy To User Accounts

Now lets use the EMS to apply the Address Book Policy to all project user accounts.

Get-Mailbox -OrganizationalUnit "project users" | Set-Mailbox -AddressBookPolicy "Projectx abp"

 Now open up Outlook as the project user and have a look at the address book now and you will notice that now you can only see the custom GAL that we have created and the user who are visible in the GAL are only the Project Users!!

Test mail flow and all that cool stuff and we should be done!

Mission Accomplished! This Post will not self destruct in 10 seconds!

-Alstar

Setting up DAG on Windows 2012 - Exchange 2010

Ok, so I was trying to setup a DAG on my Exchange 2010 SP3 which was installed on Windows 2012, I could create the DAG without any issue and also I was successful in assigning it an IP address but when I tried to add my two DAG members I kept getting an error.

The File Share Witness that I used was a 2012 member server and not an Exchange Hub transport so I double-checked that if it was added in the "Exchange Trusted Sub-System" group in AD and also the "Exchange Trusted Sub-System" was added in  the local admin group on the server.

After a lot of looking around I found out that you have to Pre-Stage the CNO (Cluster Node Object) in Active Directory due to the Windows 2012 permission change and only then go ahead and create the DAG!

  • So I deleted the DAG from the Exchange 2010 EMC
  • In Active Directory User and Computers I created a new computer account called "DAG" and after creation I right clicked the object and selected "Disable"
  • I then added the "Exchange Truster Sub-System" group under the security permissions on the computer account I created and gave it full-control...alternatively if you don't want to add the "Exchange Trusted Sub-System" group on the DAG computer account you can also add the individual node computer accounts and assign them full control as well and it will work.
  • After this I created the DAG using the EMC and assigned it a IP address and this time when i tried adding the 2 DAG members I was successful!

Hope it helps!

-Alstar

 

Why cant I run New-MailboxExportRequest ?!

Here is another trick played by Microsoft on us! first they change the cmdlet from export-mailbox to New-mailboxexportrequest which applies to the import-mailbox cmdlet too and then even if you are a part of the Organisation Management role group and when you try and run the "New-MailboxExportRequest" its comes back with an error!

So it turns out you have to grant this particular permission seperately through the shell!

Example:

New-ManagementRoleAssignment -Role "Mailbox Import Export" -User <user name>

Then you can double check by running

Get-ManagementRoleAssignment -Role "Mailbox Import Export" | ft Identity

Hope  this helps!

-Alstar

Exchange 2010 Roll up 4 does not Install - Error Code 1603

So I downloaded the Exchange 2010 Roll up 4 released by Microsoft today and was trying to install it on my servers along with a little prayer that it wont mess up my databases which the last Roll up did for some users (Roll up 3!!).

Okay now I am all excited but when I start the installation after a while it would say "Rolling back actions" and fail (Booooo!) so I looked at the event logs and spotted the 1603 error code which I instantly thought will be some kind of a generic error message. So I looked up the Install log file and saw an "Access Denied" error while the installation was trying to stop the Exchange services and that was the issue!

So this time when I ran the install I did it from an "Elevated Powershell command prompt" and guess what it worked! That was simple!

Now I know for some of you guys out there the solution is not going to be as simple as this so let me know what issues you face and maybe I can help you figure it out!

 Tips: You can also give it a shot by disabling UAC from the contol panel under "Change User Account Settings" menu and you can manualy stop all the Microsoft Exchange Services and give it a try!

-Alstar