Install Exchange Server 2007 into existing Exchange Server 2003 organization--coexistence

Environment and requirements of KINGPC

• domain controller of OYCO.COM


• DNS server with OYCO.COM domain created


• Exchange Server 2003


• Exchange Organization: OYCO INC

Musts for coexistence with Exchange Server 2007

1. must install Exchange Server 2003 SP2


2. must change the Exchange Organization Mode to Native, which means there is no Exchange Server 5.5 in your organization.


3. Must raise the OYCO.COM domain to Windows 2000 Native function level or Windows Server 2003 Function level. I raised it to Windows Server 2003 function level.


4. To have more features, I raised the forest function level to Windows 2003.

Member server QUEEN

Preparation for installation of Exchange Server 2007

• Windows Server 2003 R2 64 bit with SP2. Exchange Server 2007 offers only 64-bit version for production environment. The 32-bit Exchange Server 2007 is for studying purpose.


• Download and Install the .NET Frameworks 2.0


• Download and Install the hotfix for .NET Frameworks 2.0--
  NDP20-KB926776-X64.exe from http://go.microsoft.com/fwlink/?linkid=74465


• download and Install Windows PowerShell 1.0 English-Language Installation Package for Windows Server 2003 x64 Edition (KB926139)


• Install IIS but not NNTP and SMTP services (which is different from Exchange 2000/2003)


• If you want to install Outlook 2007 in QUEEN computer for testing, you must configure the NIC default gateway pointing to the KINGPC. If not doing so in this environment, outlook will not connect the email account.

Prepare the Active Directory Scheme

You must run the Exchange Server 2007 setup.exe from QUEEN computer to prepare the AD scheme. Because the KINGPC is 32-bit version, it cannot run 64-bit version setup.exe. At QUEEN command prompt,

c:\>setup /preparead /organizationname:"OYCO INC"

Then, install the Exchange Server 2007 in QUEEN computer. I choose the typical installation type because I only have one computer for Exchange Server 2007.

MSmerge_Contents, MSmerge_genhistory, MSmerge_tombstone

Pay attention to the GENERATION column

INSERT SalesOrderDetail (SalesOrderID,OrderQty,ProductID,SalesOrderDetailID)
VALUES( 43660,2,775,15)
INSERT SalesOrderDetail (SalesOrderID,OrderQty,ProductID,SalesOrderDetailID)
VALUES( 43660,7,770,51)
INSERT SalesOrderDetail (SalesOrderID,OrderQty,ProductID,SalesOrderDetailID)
VALUES( 43660,7,770,14)

DELETE FROM SalesOrderDetail
WHERE SalesOrderDetailID=15

DELETE FROM SalesOrderDetail
WHERE SalesOrderDetailID=51

Run Merge Agent:

Only one insert --net result replicated.
A generation is a collection of changes that is delivered to a Publisher or Subscriber. Generations are closed each time the Merge Agent runs; subsequent changes in a database are added to one or more open generations.

The merge metadata tables, such as MSmerge_genhistory, MSmerge_tombstone, and MSmerge_contents, are located in the same database as the articles you are publishing; whereas the metadata tables of transactional publication are located in distribution database. When backing up a database, the merge metadata is automatically backed up. This is not the case for transactional replication databases.

Dynamic Filter--Join Filter

Computer Name: queen

Database: EComm --Publisher
Table structure
Data inside three tables:

Create a Merge publication (JoinCondition) with the following join filter:

Database: subData

Create a subscription to the publication (JoinCondition) with the Merge Agent security: QUEEN\Administrator

As shown below, only related data is pushed to the subscriber.

Dynamic Filter SUSER_SNAME(), HOST_NAME()

Environment:

Windows Server 2003 computer name: queen
Local Users: Administrator, John, Simon
To simplify, both John and Simon are members of Local Administrators group.

SQL Server 2005 installed
Three databases: AdventureWorks (case sensitive), aData, and bData

A table dbo.DOCS in AdventureWorks is shown:


Create a Merge Publication, Add Filter as shown below:
Create a subscription and make user the Merge Agent security use QUEEN\Administrator.SUSER_SNAME() will return QUEEN\Administrator, or QUEEN\John, or QUEEN\Simon, etc. If your table has Queen\Administrator, queen\john, etc, subscription will be empty because the AdventureWorks is case-sensitive.

You can create another subscription for bData database with Merge Agent security: QUEEN\John. You will find the records with QUEEN\John are replicated.

Interesting observation:

Insert a record into the Subscription:You can see the record added. However after the Cycle of Merge Agent runs, the new record is not shown in the subscription. It shows in the Publisher.

Same thing happens for bData.
Pay attention to the DocumentID number, which has the Identity property. Each subscription uses different range. The Identity is automatically managed by replication process.

I didn't create real scenario to use HOST_NAME() (computer name). You should have a table with a computername column.

Cluster, Resource, and Resource Group

Affect the Group setting of a resource

As shown, the Restart is selected. If the resource fails, the Cluster service attempts to restart it and all its dependent resources. If the resouce fails again, the Cluster service attempts to restart it again. Because the Affect the Group is selected, which has the Threshold:3 and period:900 seconds, if within 900 seconds the resource fails 3 times, the resouce is brought offline. It causes the Resouce Group failure. The resource group will be moved to the other node, which has the ownership of the resource group. The Cluster Service on that node will bring all the resource online.

Again, if a resource in that group fails 3 times within 900 seconds, it causes the whole resource group to be moved to the other node. This back and forth cannot be forever. The screenshot below shows the settings.

The Default Failover setting of a Resouce Group has Threshold:10 and period:6 hours. Within 6 hours, if a resouce group fails over 10 times back and forth, the whole resouce group is brought offline--failed state.

Exchange Clustering

The four shared SCSI drives (one partition includes the whole space) are assigned the following drive letters:W, X, Y, and Z.

The domain VIP.Com has one domain controller: DC and two members: Node1 and Node2. Node1 and Node2 run Windows Server 2003 Enterprise Edition. All Servers have IIS, ASP.NET, SMTP, NNTP installed. You run ForestPrep and DomainPrep on DC only. I will set up a cluster with Node1 and Node2.

Shutdown Node2; Node1 is running.

Setting up the Windows Cluster with clusterName: KINO with Quorum Disk W:

Start the Node2 server; and add it to the cluster KINO. Rename Group 0 to Horse Group; Group 1 to Snake Group; Group 2 to DTC Group.
You must install Exchange Server 2003 enterprise edition into both nodes of the Cluster.

Create a Microsoft Distributed Transaction Coordinator resource: MSdtc. The MSDTC resource depends upon Network Name resource and physical disk resource. Microsoft recommends that a independent disk should be used.

Create an IP resource and Network Name resource for Horse Group and Snake Group.

As you notice, the four Resource Groups have their own IP address resource and Network Name resource. In cluster, a Virtual Server is defined as a Resource Group, IP address, and Network Name.

Run Cluster Application Wizard to create the Exchange System Attendant resource, which automatically creates all other Exchange resources. Select the Horse Group as the Virtual Server. When you specify the Resource Name--HorseAttendant, please don't forget to configure the Advanced Properties --the Attendant resource has the dependency of Network Name and Physical Disk. For Horse Group, the only physical disk is the Disk X. The Exchange Data directory is automatically pointed to the Disk X.

Run the Cluster Application Wizard again. This time selects the Snake Group as the virtual Server. Assign the Attendant Resource Name as SnakeAttendant, which depends on Network Name and Physical Disk Y. The Exchange Data Directory is automatically pointed to the Disk Y.
The result resources are shown below:

Observation:

I create a four virtual servers: Cluster Group, Horse Group, Snake Group, and DTC Group. I configure an EVS on Horse Group and an EVS on Snake Group. Please don't configure an EVS on Cluster Group, because it has the Cluster Quorum Disk. You should separate the Quorum resource and MS DTC resource from the actual application resource.

To conserve the physical disk, you can delete the DTC Group and configure the MS DTC resource to depend on the quorum disk, even though this is not the best practice.

The Message Transfer Agent (MTA) exists only at the first EVS. Each cluster can have only one MTA resource, as shown above.

If you run both EVSs on the same node, the maximum 4 storage groups can exist. A node can only run 4 EVSs, each has only one storage group.

Note:Exchange 2000 and Exchange Server 2003 are not supported in a clustered configuration where the cluster nodes are domain controllers.

Do you notice how many IP addresses are used? 2xNode+EVSs+DefaultCluster+DTC.

On a cluster that is dedicated to Exchange, it is recommended that the MSDTC resource be added to the default Cluster Group. It is further recommended that the 'Affect the Group' option be unchecked for the MSDTC resource. This prevents a failure of the MSDTC resource from affecting the default cluster group.

Service Master Key, Database Master Key, Certificate , Asymmetric Key, and Symmetric key

When a database master key is created, a copy of it is encrypted by a password and stored in the database. The other copy of it is encrypted by the Service Master Key and stored in the MASTER database.

USE AData
CREATE MASTER KEY ENCRYPTION BY PASSWORD='v@nada1';

USE AdventureWorks
CREATE MASTER KEY ENCRYPTION BY PASSWORD='v@nada1';

When a Database Master Key is needed to encrypt or decrypt a certificate, the Database Master Key is automatically opened from MASTER database using Service Master Key. It is not necessary to use the OPEN MASTER KEY statement to decrypt the Database Master Key.

To see which database's has its copy of master key encrypted by the Service Master Key, you could run the statement:
use adata
ALTER MASTER KEY DROP ENCRYPTION BY SERVICE MASTER KEY

With above statement, the MASTER database does not have a copy of the database master key of aData encrypted by KEY derived from SQL Server Service account and its password.

I create another database BData without the Database Master Key.

In BData, you cannot create a certificate because it needs the Database Master Key to encrypt it. However, you can use the passphrase to encrypt a text. The following batch has no problem:
USE BData
DECLARE @txt nvarchar(100),@key nvarchar(100)
DECLARE @encryptedData varbinary(200)
DECLARE @decryptedData nvarchar(100)
SET @txt='what are you doing?'
SET @key='V@ncouver'
SET @encryptedData=EncryptByPassPhrase(@key,@txt)
SET @decryptedData=DecryptByPassPhrase(@key,@encryptedData)
SELECT @encryptedData as 'Encrypted Text', @decryptedData as 'Decrypted Text'
=====
=====
Run the following batch --no problem--Database Master Key is automatically retrieved from the copy of MASTER database

USE AdventureWorks
CREATE CERTIFICATE C1 WITH SUBJECT='CDI COLLEGE'
GO

DECLARE @txt nvarchar(100),@key nvarchar(100)
DECLARE @encryptedData varbinary(200)
DECLARE @decryptedData nvarchar(100)
SET @txt='what are you doing?'
SET @encryptedData=EncryptByCert(Cert_id('C1'),@txt)
SET @decryptedData=DecryptByCert(Cert_id('C1'),@encryptedData)
SELECT @encryptedData as 'Encrypted Text', @decryptedData as 'Decrypted Text'

===
===
You must explicitly open the Database Master Key to create the Certificate and encrypt and decrypt the data.

USE AData
OPEN MASTER KEY DECRYPTION BY PASSWORD='v@nada1'
GO
CREATE CERTIFICATE C1 WITH SUBJECT='CDI COLLEGE'
GO
DECLARE @txt nvarchar(100),@key nvarchar(100)
DECLARE @encryptedData varbinary(200)
DECLARE @decryptedData nvarchar(100)
SET @txt='what are you doing?'
SET @encryptedData=EncryptByCert(Cert_id('C1'),@txt)
SET @decryptedData=DecryptByCert(Cert_id('C1'),@encryptedData)
SELECT @encryptedData as 'Encrypted Text', @decryptedData as 'Decrypted Text'
CLOSE MASTER KEY

=====
=====
If you detach a database from instance A and attach it to instance B, and you want a copy of database master key to be stored in MASTER database, you run the following:
use AData
OPEN MASTER KEY DECRYPTION BY PASSWORD='c@nada1'
GO
ALTER MASTER KEY ADD ENCRYPTION BY SERVICE MASTER KEY
GO
SELECT [name],is_master_key_encrypted_by_server FROM sys.databases
GO