Exchange2007:Message Routing in a Coexistence Environment

www.1ask2.com
Exchange 2003 organization



You should install the first Exchange 2007 server in VANCOUVER Site.

All Exchange 2007 servers belong to Exchange Routing Group (DWBGZMFD01QNBJR). When you install the first Exchange 2007 in VANCOUVER SITE, the routing group connector (two-way) between Exchange Routing Group (DWBGZMFD01QNBJR) and VANCOUVER routing group is created.

All messages that are relayed between Exchange 2007 and Exchange 2003 are routed through the initial routing group connector.


An Exchange 2007 is introduced into Burnaby Site. Tim's mailbox is hosted in Exchange 2003 of burnaby site. Chris's mailbox is hosted in Exchange 2007 of Burnaby Site.

When Tim sends mail to Chris, it will be routed through VANCOUVER Site and come back.


To avoid such excessive routing hops, you can create another routing group connector that connects the single Exchange 2007 routing group to the Burnaby routing group.


To avoid routing loop, modify the registry to suppress link state. Routing loop is a potential situation. It only occurs in a complex environment.
To suppress link state updates on Exchange 2003 or Exchange 2000

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\RESvc\Parameters.
Right-click Parameters and select New DWORD value. Name the new DWORD value SuppressStateChanges--value:1

Restart computer


New-RoutingGroupConnector -Name "RGC Burnaby Vancouver" -SourceTransportServers "Ex2007Burnaby.contoso.com" -TargetTransportServers "Ex2003Burnaby.contoso.com" -Cost 1 -bidirectional $true -PublicFolderReferralsEnabled $true



After a new routing group connector is created between Burnaby Routing Group and Exchange Routing Group, Tim sends mail directly to Chris without going through VANCOUVER SITE. However, if you want that message sent by Chris to TIM is routed without going through VANCOUVER SITE, you are better to assign the same cost for both routing group connectors.

The lowest cost routing path across routing group connectors is always used, and the Active Directory IP site link cost to reach the first routing group connector is only considered when two routing paths across routing group connectors have the same cost.
In the following diagram, all exchange 2007 servers are in same Exchange Routing Group, even though they are in different site.

All Exchange 2007 servers are in the same routing group: Exchange Routing Group.

Logical diagram of the routing groups communication:

Messages among Exchange 2007 servers are based on AD sites.

Messages from Exchange 2003 servers to Exchange 2007 and messages from Exchange 2007 to Exchange 2003 are based on Routing Group Connectors (RGC).

Example: A hub transport server in Site A delivers a message to Routing Group B.

Three possible routing paths exist.

Option 1:

RGC-1 and RGC 1-2 (10+10)

Option 2:

RGC-2 (10). The source mailbox is in Site A. Best routing path based on Routing Group Connector cost does not count the AD IP Site Link cost. The message travels from HUB Transport server in Site A to Hub Transport Server in Site B. Site B delivers the message to Routing Group B.

Option 3:

RGC-3 and RGC 2-3 (10+10)

The source mailbox is in Site A. Best routing path based on Routing Group Connector cost does not count the AD IP Site Link cost. The message travels from HUB Transport server in Site A to Hub Transport Server in Site C. Site C delivers the message to Routing Group C and then to Routing Group B.

Best route: option 2.
===

Routing loop

There are two reasons. If there are 2 or more connectors between two routing groups and primary connector is down, Exchange 2003 will pick the alternate connector (route). Exchange 2003 uses the minor link state method to notify each other about a down link. However, Exchange 2007 does not use the link state. Without knowing a routing group connector down, Exchange 2007 continues to route messages to the down connector.

Let me modify the cost of Routing Group Connectors.

Messages from Site A to routing group B.

Best route is RGC-3 (cost 5) + RGC 2-3 (cost 10).

However, RGC 2-3 is down. Because of the minor link state update, all Exchange 2003 servers know the RGC 2-3 down. However, Exchange 2007 servers don't have any knowledge of down link. Exchange 2007 servers still use the RGC-3 and RGC 2-3 route. When messages reach the Routing Group C, Routing Group C selects the RGC 1-3 path because the RGC 2-3 path down. When Routing Group A gets the messages, it routes them through RGC-1 connector because it has the lower cost.

Looping:

Exchange2007:Internal And External delivery of System Messages

www.1ask2.com
Pre-Exchange 2007, when exchange generates DSN messages, the sender is "System Administrator".
In Exchange 2007, system-generated internal messages (DSN messages, Journal reports, Quota messages, Agent-generated messages) are sent out by Microsoft Exchange Recipient object. From the outlook, you should see the sender from Microsoft Exchange.

Get-OrganizationConfig format-list *recipient*
ForeignForestRecipientAdminUSGSid:
MicrosoftExchangeRecipientEmailAddresses : {SMTP:MicrosoftExchange329e71ec88ae4615bbc36ab6ce4109e@TLCTest.local}
MicrosoftExchangeRecipientReplyRecipient:
MicrosoftExchangeRecipientPrimarySmtpAddress: MicrosoftExchange329e71ec88ae4615bbc36ab6ce41109e@TLCTest.local
MicrosoftExchangeRecipientEmailAddressPolicyEnabled:True

If you want to modify Microsoft Exchange Recipient address, Set-OrganizationConfig cmdlet should be used.

External Postmaster is configured per transport server.

get-transportserver select name,*externalPost*

Name ExternalPostmasterAddress
TLCSV167:
TLC25 :Postmaster@test.com

TLCSV167 transport server does not have a externalPostmasterAddress.

TLC25 has email address Postmaster@test.com.

Both TLC25 and TLCSV167 transport servers are in the same organization.

Exchange2007:TransientFailureRetryCount, TransientFailureRetryInterval,OutboundConnectionFailureRetryInterval

Outbound connection failure retry interval (minutes)

Use this field to specify the retry interval for subsequent connection attempts to a remote server where earlier connection attempts as specified by the transient failure retry attempts and the transient failure retry interval have failed.

Transient failure retry interval (seconds) :300

Transient failure retry attempts :6

The relationship among the above three parameters are shown below:

Exchange2007:Edge Transport role--source server

www.1ask2.com

Network Layout

At EdgeTransportServer:

New-EdgeSubscription -FileName c:\subscription.xml

copy subscription.xml to TransportServer computer

At TransportServer:

New-EdgeSubscription -filename "C:\subscription.xml" -CreateInternetSendConnector $true - CreateInboundSendConnector $true -site "Default-First-Site-Name"

Start-EdgeSynchronization

The two send connectors are pushed to Edge Transport.
get-sendconnector [pipe] format-list Name, AddressSpaces, SourceTransportServers
Name: EdgeSync - Default-First-Site-Name to Internet
AddressSpaces: {smtp:*;100}
SourceTransportServers : {edgecomputer}

Name: EdgeSync - Inbound to Default-First-Site-Name
AddressSpaces: {smtp:--;100}
SourceTransportServers : {edgecomputer}

What does the two dashes (smtp:- -) represent?

It represents the smart hosts. It actually represents all Transport Servers in the subscribed site. In the diagram, it has only one transport server. If there are transport servers in the site, the -- represents the both transport servers.

Hub Transport servers that are added to an Active Directory site after an Edge Subscription has been established do not participate in the EdgeSync synchronization process. However, they are automatically added to the list of smart hosts for the inbound Send connector. If more than one Hub Transport server is located in the subscribed Active Directory site, inbound connections will be load balanced across the smart hosts.

The source transport server property is important.

If you change SourceTransportServers : {edgecomputer} to SourceTransportServers : {TransportServer}, the send connector will not be synchronized to the Edge Transport server.

To illustrate further, I create a send connector in Transport Server and I want it to be synchronized to Edge Transport server.

[PS] D:\>get-sendconnector [pipe] format-list Name, AddressSpaces, SourceTransportServers
Name : EdgeSync - Default-First-Site-Name to Internet

AddressSpaces : {smtp:*;100}

SourceTransportServers : {edgecomputer}

Name: EdgeSync - Inbound to Default-First-Site-Name

AddressSpaces : {smtp:--;100}

SourceTransportServers : {edgecomputer}

Name : TelusSmartHost

AddressSpaces : {SMTP:*.telus.com;1}

SourceTransportServers : {USA}

The {USA} is the Transport Server. After I change it to {edgecomputer}, the TelusSmartHost will be pushed to EdgeComputer.

The COST is from 1 to 100. The lower the value, the best route it is.

Exchange2007:Move mail.que to another transport server

In this network, Internet speed is 1Mbps, whereas the LAN has 1Gbps. When users send mail, it will be in mail.que, first. And then, transport servers deliver it.

Scenario

TransportServer1 computer gets a problem. The transport service wouldn't start. All messages accumulated in TransportRoles\Data\Queue\mail.que has not been delivered. It either cannot be fixed or will take more than two days to solve it.

Luckily, the TransportServer2 is running. New messages can be delivered even though it is overloaded.

TransportServer2 can deliver the messages in the mail.que of TransportServer1. How?

At TransportServer1:

Net Stop MSExchangeTransport

Copy all files in the folder (TransportRoles\Data\Queue\) of TransportServer1 and save them to a folder of TransportServer2, e.g. TempQueue.

At TransportServer2:

TempQueue:

This folder will have the following files from TransportServer1.

Still at Transport server2.

Repair the mail.que database;

Exchange Management Shell,
CD C:\TempQueue
Eseutil /r Trn /d. /8

offline defragmentation of the queue database by using Eseutil;
Eseutil /d mail.que

The Transport server will not accept the new mail but send out all messages in its own mail.que.
Net Pause MSExchangeTransport

From queue viewer utility, you could see that all messages are delivered or not.
After all messages are delivered,

If the mail.que is over two days, you must do the following. If you don't, messages are not delivered and NDR will be sent back. By default, expiration time is 2 days.

Set-TransportServer -MessageExpirationTimeout longertime

Net Stop MSExchangeTransport

Copy c:\TempQueue\*.* to c:\Program Files\Microsoft\Exchange Server\TransportRoles\data\Queue

Net Start MSExchangeTransport

All messages will be delivered.

Net Stop MSExchangeTransport

Delete all files in the directory c:\Program Files\Microsoft\Exchange Server\TransportRoles\data\Queue

Net Start MSExchangeTransport

A fresh mail.que will be automatically created.


============
Observation

We can use the ESEUTIL utility to fix some problems of mail.que.

Scenario:
An Exchange transport server has a fragmented queue database that grows so large that it consumes all available hard disk drive space.

The transport server is working but the performance is bad because of the fragmented queue.

Net Stop MSExchangeTransport

Exchange Management Shell,
CD C:\Program Files\Microsoft\Exchange Server\TransportRoles\data\Queue
Eseutil /r Trn /d. /8

offline defragmentation of the queue database by using Eseutil;
Eseutil /d mail.que

Net Start MSExchangeTransport

========
How do you change the path for the mail.que?
EdgeTransport.exe.config file
look for key="QueueDatabasePath"

Exchange2007:Hard Recovery and Soft Recovery

Hard recovery

A transaction log replay process that occurs after restoring a database from an online backup.
Soft recovery

A transaction log replay process that occurs when a database is remounted after an unexpected stop, when transaction logs are replayed into an offline file copy backup of a database, or when logs are replayed into a Volume Shadow Copy Service (VSS) backup set.

I don't have a clue about the definitions.

Let me show you the difference between Hard recovery and soft recovery.

For most, both Hard recovery and soft recovery talk about log files.

Then, NTBackup: Full, differential, and incremental.

Transaction logs

Each storage group has its own set of transaction log files. Periodically, the information in the transaction log is committed—that is, it is written into the storage group’s database file. Not all logs are committed right away. However, committed log is not deleted.

Transaction logs are deleted only when you do a full online backup of all the databases in the storage group.

You should not delete transaction log files manually.

A check point file is used to indicate which transaction log entries have been written to a database file.

Checkpoint file—E00.chk is for first storage group; E01.chk is for second storage group; etc.

When the transaction log files are deleted?

Before any full backup is performed,
After full backup is performed, some log files are deleted.After sending messages to the mailboxes in the staff mail store:

After incremental backup, some log files are deleted:

After sending messages to the mailboxes in the staff mail store:

After differential backupàlog files are not deleted:

The result of the backup—incremental and differential backups include only the transaction logs

To restore a mail store, you must follow the order: full backup, incremental …
If there is more than one store in the storage group, you can select which store to be restored; however, you still need to follow the backup order to restore the incremental or differential backups.

Because the differential or incremental backups include only the log files, to bring the restore database to a consistent state, you must replay the log files included in incremental backups or differential backups. That replay is referred to HARD RECOVERY.

If you tick "Last Restore Set" option when you restore the last backup set, when NTbackup restore process complete, HARD RECOVERY will automatically start. All the log files from incremental backups or differential backups are replayed.

If you fail to trigger hard recovery from the backup application, you must run hard recovery manually from the command prompt with Eseutil before a restored database can be mounted. You forget to tick "Last Restore Set".

You can start the hard recovery using ESEUTIL /C.

After the hard recovery, the database is in clean shutdown state. You can mount it. As you see, the hard recovery occurs when the database is in unmounted state.

SOFT Recovery--when the database is re-mounted.

Log directory has log files not backed up.

Scenario 1:

The database is in dirty shutdown state. When you re-mount it, the uncommitted log files will be committed (chk file has the records).--soft recovery

Scenario 2:

After hard recovery, you can mount the database. The log directory includes a lot of log files that have not backed up. If you still use the same log directory for your storage group, you can move the chk file away from the log folder, the log files will be replayed into the database. If the soft recovery does not start, you can manually start it as eseutil /R. Please run the command directly from the log directory.

============

When you cannot mount the database, ESEUTIL /P (repair) and ESEUTIL /D (defrag) can be used. Before using it, back up the database and log files.

After ESEUTIL /P and ESEUTIL /D, run Isinteg -s servername -fix -test alltests

ESEUTIL works on physical level, tables, indexes, etc

Isinteg works on application level, relations among tables, indexes, etc.

When you run Database Troubleshooter from Exchange Management Console, it starts both ESEUTIL and ISINTEG.

Exchange2007: Move a mailbox database from one server to another

www.1ask2.com
Two Servers: TLC25 and TLCSV167

I will move Telus Storage Group\Telus Database from TLCSV167 to TLC25\First Storage Group\Telus Database.

Clean Shutdown the TLCSV167\Telus Storage Group\Telus Database;

Dismount-Database -Identity 'TLC25\First storage group\Telus database'

New-MailboxDatabase -StorageGroup 'TLC25\First Storage Group' -Name 'Telus Database'

(don't use the Exchange Management console to create the new database)

Set-MailboxDatabase 'TLC25\First Storage Group\Telus Database' -AllowFileRestore:$true

Copy everything under TLCSV167\Telus Storage Group to TLC25\First Storage Group

Mount-Database -Identity 'TLC25\First storage group\Telus database'

Get-Mailbox -Database 'TLCSV167\Telus Storage Group\Telus Database' (pipe) Where {$_.ObjectClass -NotMatch '(SystemAttendantMailbox (pipe) exOleDbSystemMailbox)'} (pipe)Move-Mailbox -ConfigurationOnly -TargetDatabase 'TLC25\First Storage Group\Telus database'

All outlook 2007 clients and OWA clients will automatically connect the new server: TLC25.

Outlook 2003 clients must be re-configured.

=======

Clean Shutdown State?

It is related to transaction log files. Data is first written to transaction log files, and later committed to database. The *.chk file records the point between committed and uncommitted. Clean Shutdown a database will commit all uncommitted log records. So the database is detached from the log file stream. You can mount the database again without performing any recovery operation.

Exchange2007:Move-Mailbox -ConfigurationOnly

www.1ask2.com

Move-mailbox -configurationOnly to direct the mailbox to a functional server. The mailbox content is not moved.

Exchange Server 1: TLC25
Exchange Server 2: TLCSV167

TLCSV167\First Storage Group\Test database hosts mailboxes: test1 and test2. The good thing is that the database is already backed up.

Weird thing occurs. TLCSV167 whole server cannot be restored.

create a new mailbox database (dial tone) on TLC25 as:
TLC25\First Storage Group\Test database

From TLC25 computer, run the commandlet:

Get-MailBox -Database 'TLCSV167\First Storage Group\test database' (pipe) Move-Mailbox -ConfigurationOnly -TargetDatabase 'TLC25\First Storage Group\Test database'

Database Recovery Management Tool
Create a Recovery Storage Group for the 'TLC25\First Storage Group';

Using the backup/restore utility to restore the 'Test database' from TLCSV167 backup.

Mount the Recovery Storage Group\Test database;

Get-MailboxDatabase -server tlc25 -status (pipe) format-list Name, StorageGroup,mounted
Name : Mailbox Database
StorageGroup : TLC25\First Storage Group
Mounted : True
Name : test database
StorageGroup : TLC25\First Storage Group
Mounted : True

And then, you can directly run the merge or copy wizard.
Or, do the dial tone swap first and then merge or copy wizard.

Office 2007 clients and OWA can automatically discover the configuration change because of the AutoDiscover service. However, for Office 2003 clients, you must reconfigure their profiles.

Exchange2007:backup and restore MapiExceptionCallFailed: Unable to mount database

Telus Storage Group has two mailbox databases: telus database and Shaw database

Because the Shaw Database has status MOUNTED, restore process will fail.


Dismount the Shaw database:

The restore process will succeed. However, when you try to mount the database, it is possible you get the error message: "MapiExceptionCallFailed: Unable to mount database". Why?

Two things:

The temporary location D:\temp is not empty.

And the Last Restore Set is not checked.

Because the backup is the last one, I make sure the D:\temp is empty and select "Last Restore Set". After the restore process completes, I could mount the database.

Exchange2007:Dial tone recovery--failed database

Database backup is very important.

Server Name: TLCSV167

Get-MailboxDatabase -status format-list name,storagegroup,mounted

Name : Mailbox Database
StorageGroup : TLCSV167\First Storage Group
Mounted : True

Name : Telus Database
StorageGroup : TLCSV167\Telus Storage Group
Mounted : False

The Telus Database fails and cannot be mounted.

====

Dial tone

mkdir c:\backup

Move everything under Telus Storage Group to c:\backup folder

Mount a empty database: telus database ------dial tone

Exchange Management Console

Right Click on Telus Database --Mount

Click YES button



Mailbox users who belong to Telus Storage Group\Telus Database can send and receive e-mail now--very fast, except they don't have the access to the old mail, for now.

We can use the tool to restore the old mail.

Restore the database from backup:


As noticed, the data goes to Recovery Storage Group.

Mount-mailboxdatabase 'Recovery Storage Group\Telus database'

Get-MailboxDatabase -status format-list name,storagegroup,edbfilepath, mounted
Name : Mailbox Database

StorageGroup : TLCSV167\First Storage Group

EdbFilePath : C:\Program Files\Microsoft\Exchange Server\Mailbox\First Storage Group\Mailbox Database.edb

Mounted : True

Name : Telus Database

StorageGroup : TLCSV167\Telus Storage Group

EdbFilePath : C:\Program Files\Microsoft\Exchange Server\Mailbox\Telus Storage Group\RSG20080722160745\Telus Database.edb

Mounted : True

Name : Telus Database

StorageGroup : TLCSV167\Recovery Storage Group

EdbFilePath : C:\Program Files\Microsoft\Exchange Server\Mailbox\Telus Storage Group\Telus database.edb

Mounted : True

After the swap, the path of Telus Storage Group\Telus Database has changed. Why do you swap? Why don't you directly perform the merge or copy task? For a big database, running the merge or copy wizard will take a long time.

When the Recovery Storage Group\Telus Database and Telus Storage Group\Telus Database are on the same logical drive, the swap is instantaneous--the actual content does not move at all but only the path pointer.

Because the temporary mailbox database is small, running the merge or copy wizard will not cause the performance degradation.

Exchange2007:Multiple Global Address Lists and GlobalAddressList attribute

ADSIEDIT.msc

Microsoft Exchange

globalAddressList attribute has the following:

By default, the globalAddressList2 attribute is not configured. With the following setting, the new users which are members of Rogers global address list can be set up in OUTLOOK CLIENTS. The members of Rogers global address list don't belong to the Default Global Address List.

This is the best method.. I added more GALs in the globalAddressList2 but it didn't work. The OUTLOOK Client still cannot locate the address list.

What do I do?
For users from Shaw global address list, I add the Shaw GAL to the globalAddressList2. For users from Telus GAL, I kept only the Telus GAL in the globalAddressList2.
==========
The following method will be better.

By default, Default Global Address list includes all mail object. If one exchange organization hosts two or more companies, such as Shaw, Telus, and Rogers, you must modify the PurportedSearch filter of Default Global Address List. If not, all outlook clients will see all the mail objects.

Don't take the purportedsearch attribute lightly. When you set up a new outlook client, the user must be included in the default global address list.

What do I do? The PurportedSearch attribute must use the LDAP filter.

I learn the LDAP filter from the Exchange Management Console wizard.

new-DynamicDistributionGroup -Name 'Shaw Customers' -IncludedRecipients 'MailboxUsers' -ConditionalCompany 'Shaw' -OrganizationalUnit 'terrace.com/Shaw' -Alias 'ShawCustomers' -RecipientContainer 'terrace.com/Shaw'
//please remove the [ ]

Get-DynamicDistributionGroup 'Shaw Customers' [ ]format-list *Filter*
RecipientFilter : ((Company -eq 'Shaw' -and RecipientType -eq 'UserMailbox' ) -and -not(Name -like 'SystemMailbox{*') -and -not(Name -like 'CAS_{*'))
LdapRecipientFilter : (&(company=Shaw)(objectClass=user)(objectCategory=person)(mailNickname=*)(msExchHomeServerName=*)(!(name=SystemMailbox{*))(!(name=CAS_{*)))
RecipientFilterType : Precanned

From the DynamicDistributionGroup, I get the LDAP filter.

Using ADSIEDIT.msc tool

I copy the LdapRecipientFilter to the purportedsearch attribute of Default Global Address List and copy the RecipientFilter to msExchQueryFilter of Default Global Address list.
New mailbox user will have the company attribute set to SHAW. After it is configured in outlook, I change the company name to Telus, for example.

Don't forget to modify permissions for Global Address List. By default, Authenticated Users are granted READ and OPEN ADDRESS LIST. You should remove these two permissions.

I create a group for Telus, a group for Shaw, and a Group for Rogers. Telus group has the READ and OPEN ADDRESS LIST permissions to Telus global address list; shaw group has the READ and OPEN ADDRESS LIST permissions to Shaw global address list.

For outlook client in the Exchange 2007 computer, because the cache mode in OUTLOOK, global address list will not reflect the membership change right away. After I disable the cache mode and restart outlook, the global address list is correct. And then, enable the cache mode.

For outlook client in computer other than Exchange 2007, after you modify the company parameter and update-globaladdresslist, you should see the Global Address List reflecting the change!!!!!!!!!

Make sure your offline address list and global address list match each other. Telus users are hosted in telus database. Their offline address list includes all users from Telus. The Global Address List includes all users whose Company attribute is set to Telus. When you create mailboxes for Telus users, make sure the mailbox database is Telus database.

When you create a new mailbox for Telus user, specify the Company Attribute to TLC (because the purportedSearch is filtered to TLC, see above). So, the Default Global Address List includes the new mailbox user. After the outlook client is configured, set the company attribute to Telus for the mailbox user.