Exchange 2010/2013 hybrid changesTimothy HeeneyNovember 2013Office 365 Support Webcast

2

• We are recording today’s session, and will have the slide show presentation and the video recording on the original blog post and the Office 365 Community. You can find the video recording on our Video Channel - http://www.youtube.com/microsoftoffice365

• Questions can be asked at the end of the presentation through the Lync Meeting Console.

• We are recording today’s session, please understand that you may be captured in the recording. If you do not wish to be recorded, please do not type in the Lync IM Window or please leave the meeting.

Welcome to the webcast

Management SurfacesIntroduction

Hybrid Coexistence Feature Comparison

4

FeatureSimpl

eHybrid

Mail routing between on-premises and cloud (recipients on either side)

Mail routing with shared namespace (if desired) on both sides

Unified GAL

Free/Busy and calendar sharing cross-premises

Out of Office understands that cross-premises is “internal” to the organization

Mailtips, messaging tracking, and mailbox search work cross-premises

OWA redirection cross-premise (single OWA URL for both on-premises and cloud)

Single tool to manage cross-premises Exchange functions (including migrations)

Mailbox moves support both onboarding and offboarding

No outlook reconfiguration or OST resync required after mailbox migration

Preserve auth header (ensure internal email is not spam, resolve against GAL, etc.)

Centralized mail flow , ensures that all email routes inbound/outbound via on-prem

Hybrid Coexistence Feature Example

5

Cross-Premises Free/Busy and Calendar Sharing

Creates the look and feel of a single, seamless organization for meeting scheduling and management of calendars

Works with any supported Outlook client

Hybrid Coexistence Feature Example

Cross-Premises MailTips

Correct evaluation of “Internal” vs. “External” organization context

Allows awareness and correct Outlook representation of MailTips

6

Hybrid Coexistence Feature Example

Cross-Premises Mail Flow

Preserves internal organizational headers(e.g. auth header)

Message is considered “trusted” and resolve the sender to rich recipient information in the GAL (not SMTP address)

Restrictions specified for that recipient are honored7

Hybrid Coexistence Feature Example

8

Single OWA URL

Ensures a good end-user experience as mailboxes are moved in-and-out of the cloud since OWA URL remains unchanged (points to on-premises “hybrid” CAS)

Log in experience can be improved by adding domain name into your cloud URL so that you can access your cloud mailbox without the interruption of Go There page

9

Hybrid Mailbox moves

• This provides:• Ability to onboard an offboard mailbox• Full data fidelity• Very limited cross premises delegation for calendar

• However:• Not enabled by default• Technically does not rely on HCW• Should use latest tools for migration (discussed later)

Hybrid Improvements

Flexible EOP Connection and Internet Mail RoutingSupport for updating MX and directing all inbound Internet mail to EOP at any stage of the hybrid deployment – before, during or after hybrid configuration.

Improved Centralized Mail TransportAdded flexibility and capability – centralized mail transport is supported even when pointing MX to EOP.

Integrated Mailbox Migration and Move WizardOne wizard regardless of scenario – hybrid, staged, cutover, or IMAP.

Adaptive HCWHCW adapts to individual setup requirements and presents only necessary questions. Automatically gathers information whenever possible.

Integrated Support for EdgeHCW supports configuring Exch2010 Edge Transport servers directly within the wizard.

Enhanced Secure MailSimpler to configure and no longer dependent on static IP addresses in the connector configuration.

10

Deployment

Hybrid Deployment Process

Sign up for Office

365

Register your

domains with

Office 365

Deploy Office 365 Directory

Sync

Install Exchange 2013 CAS

& MBX Servers

(Edge opt)

Publish the CAS Server(Assign

SSL certificate, firewall

rules)

Run the Hybrid Wizard

Exchange specific deployment tasks

General Office 365 deployment tasks

Demo

Exchange 2013 Tenant Compatibility • Exchange Server 2013 is supported against a Wave 15

Exchange Online tenant. Tenants that are still running on the Wave 14

release of Exchange Online are not compatible with Exchange Server 2013 on-premises

• Exchange Server 2013 Setup and Hybrid Configuration Wizard include a tenant version check to prevent you getting into a bad state

• The setup check occurs once during the PrepareAD phase

Exchange 2010 Hybrid support• Exchange Server 2010 SP3 is compatible with Wave 14

and Wave 15 tenants• Exchange Server 2010 based hybrid deployments will

continue to support Exchange 2003 coexistence with the wave 15 service

• Once the new Office 365 service is launched, unless you are migrating from Exchange 2003, Exchange Server 2013 based hybrid is recommended for all new deployments.

2. Deploy Exchange 2013 servers

Install both E2013 MBX and CAS servers

Set an ExternalUrl and enable the MRSPRoxy on the Exchange Web Services vdir

Exchange 2013 hybrid deploymentfrom an existing Exchange 2007 or 2010

E2010 or 2007 Hub

Internet facing site

Intranet site

Exchange 2010 or 2007

Servers

1. Prepare

Install Exchange SP and/or updates across the ORGPrepare AD with E2013 schema

4. Publish protocols externallyCreate public DNS A records for the EWS and SMTP endpoints

Validate using Remote Connectivity Analyzer

5. Switch autodiscover namespace to E2013 CAS

Change the public autodiscover DNS record to resolve to E2013 CAS6. Run the Hybrid Configuration Wizard

E2013 CAS

3. Obtain and Deploy CertificatesObtain and deploy certificates on E2013 MBX and CAS servers

Clients

autodiscover.contoso.commail.contoso.com

1 2

3

45

6

E2010 or 2007 CAS

E2010 or

2007 MBX

E2013 MBX

SP/RU

SP/RU

Office 365

7. Move mailboxes

EWSSMTP

7

In the Background

Set-hybridConfiguration/OrgRelationship AutoD• New parameter called “AutoD:” domain• Allows you to control the domain name used for

autodiscover for the EWS endpoint…• Works with Exchange 2010 sp3 RU1+• Set-HybridConfiguration –Domains

“autod:Contoso.com”,”Foo.com"• Why?

What if you had tons of domains? A hoster? Wanted to force the org relationship to a specific path for EWS calls?

ExchangeDelegation who???

• No longer require a unique name to be created manually

• Sample of what is used now: “FYDIBOHF25SPDLT.contoso.com”

Tiny Tenant mode

• Get-OrganizationConfig | FL IsDehydrated

• Enable-OrganizationCustomization

Tenant Hydration• Creating Exchange configuration objects in Active Directory• Creating container for management role objects• Creating container for Exchange role policies• Creating built-in Exchange Roles• Creating built-in Exchange role assignments• The default sharing policy is being created• Creating default data classification configuration• Creating Default Message Classifications container• Creating Information Rights Management IRM configuration container• Configuring global mailbox settings• Creating global containers for Mailbox server role• Creating retention policy tag for Group Self-Service Approval Application• Configuring global mailbox settings• Creating retention policy for arbitration mailbox• Creating mailbox plan objects• Creating out of box default MRM policy tags• Create out of box additional MRM policy tags• Setting PublicFolderMailboxCountQuota

What the heck is the Service domain?

• In SP1 we required the use of a service.contoso.com domain for hybrid This caused confusion Do I need autodiscover? What name should I choose? Major pain point for our customers

• Now when Directory Synchronization is activated a new domain is created on the fly such as contoso.mail.onmicrosoft.com This allows for us to configure mailflow through the

wizard This allows us to automate the service domain

processes

Stored in Active Directory • CN=Hybrid Configuration,CN=Hybrid

Configuration,CN=E14SP2,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=e14sp2,DC=contoso,DC=com

• Get-HybridConfigurationThe HCW run in 2 stages first we run set to store the configuration in AD then we run Update to apply the changes

Logging and Troubleshooting

Logging for all changes made• <Exchange Install Directory>\Logging\Update-

HybridConfiguration

• Small sample

[10/10/2011 2:11:49] INFO:Cmdlet: Get-WebServicesVirtualDirectory --Processing Time: 281.2608. [10/10/2011 2:11:49] INFO:Running command: Set-WebServicesVirtualDirectory -Identity 'E14SP2-E2K10\EWS (Default Web Site)' -MRSProxyEnabled 'True' [10/10/2011 2:11:49] INFO:Cmdlet: Set-WebServicesVirtualDirectory --Start Time: 10/9/2011 10:11:49 PM. [10/10/2011 2:11:50] INFO:Cmdlet: Set-WebServicesVirtualDirectory --End Time: 10/9/2011 10:11:50 PM. [10/10/2011 2:11:50] INFO:Cmdlet: Set-WebServicesVirtualDirectory --Processing Time: 1062.5408. [10/10/2011 2:11:50] INFO:Running command: Set-OrganizationRelationship -MailboxMoveEnabled 'True' -FreeBusyAccessEnabled 'True' -FreeBusyAccessLevel 'LimitedDetails' -ArchiveAccessEnabled 'True' -MailTipsAccessEnabled 'True' -MailTipsAccessLevel 'All' -DeliveryReportEnabled 'True' -TargetOwaURL 'http://outlook.com/owa/e14sp2.gtrcloudtraining.com' -Identity 'On Premises to Exchange Online Organization Relationship' [10/10/2011 2:11:50] INFO:Cmdlet: Set-OrganizationRelationship --Start Time: 10/9/2011 10:11:50 PM. [10/10/2011 2:11:51] INFO:Cmdlet: Set-OrganizationRelationship --End Time: 10/9/2011 10:11:51 PM. [10/10/2011 2:11:51] INFO:Cmdlet: Set-OrganizationRelationship --Processing Time: 78.128.

Exchange 2007

• Exchange 2007 integration Add-AvailabilityAddressSpace -AccessMethod

InternalProxy -ProxyUrl https://Exchange2010CAS.Contoso.com/ews/exchange.asmx -ForestName Fourthcoffee.com –UseServiceAccount $True

This allows for 2007 users to work out of the box

Exchange 2003• Not HCW Related

(New-RemoteMailbox behavior)• Before SP2

Exchange Admin Group was the LegDN

• Now the External Admin Group is the LegDN for Remote Mailboxes by default

What did NOT change in 2013?

• Still need to have exchange 2013 published/tested• Federation trust is still registered with the business instance of the

MFG.• We still need the federated trust verification txt file created to verify

domain ownership. • We still prefer autodiscover to discover the resource endpoints for the

organizational relationships.• We still leverage the E14Rocks nomenclature when you review the

federation trust. (FYDIBOHF25SPDLT.domain.com)• Still use organization relationships

What does HCW do in Exchange 2013?

http://technet.microsoft.com/en-us/library/hh529921(v=exchg.150).aspx#BKMK_HybridConfigProcess

Demo

Cross premises Free Busy for non-internet facing siteExchange Server 2010 Coexistence – requires External URL to be set…

Layer 4 LB

mail.contoso.com

Cloud FB request

Internet facing site

E2013 MBX

E2013 CAS

Intranet site

E2010 MBX

E2010 CAS

HTTPPROXY

Cross site proxy request

Set 2010 URL to: `mail.contoso.com

TargetSharingEPR• SOAP request will include the following element:

• <ext:RequestServerVersion Version="Exchange2012" xmlns:ext="http://schemas.microsoft.com/exchange/services/2006/types" />

• When an Exchange 2010 CAS server receives the EWS call, it will throw an HTTP 500 response • Autodiscover response will have the following element:• <h:ServerVersionInfo MajorVersion="14" MinorVersion="3"

MajorBuildNumber="123" MinorBuildNumber="3"  • 2010 soap:

• <ext:RequestServerVersion Version="Exchange2009" xmlns:ext="http://schemas.microsoft.com/exchange/services/2006/types" />

Remove the TargetSharingEPR settings in the Organization Relationship http://support.microsoft.com/kb/2838688

OWA redirection• Hybrid OWA redirection does not work as expected, this is being

addressed in cu3• This is not an issue on 2010 hybrid environments• http://support.microsoft.com/kb/2890814

EAP concerns (should I run the HCW)

• Some customers are concerned that the EAP will overwrite users when HCW is run• What if the EAP is not applied• Will it revert the users primary email address…

• There is a new values we use with HCW• When we run update-EmailAddressPolicy we use the

“UpdateSecondaryAddressesOnly” parameter• This prevents the users Primary SMTP address from

getting overwritten with settings in the EAP

Domain Proof missing

From 2010 sp3 ru2 you will see the domain proof missing… use Shell Get-FederatedDomainProof

Cannot add additional domain

From 2010 sp3 ru2 you will not be able to add additional domains to a federation trust from the UI, you have to use the shell as a workaround

Move fails without a trace

• The Move fail to initiate but there is no error• This occurs for many reason Bad password, MRS disabled, publishing

issues• Use PowerShell or EAC to perform the hybrid moves

EMC issues

• You will not be able to manage up-level objects, this means 2010 EMC cannot manage org settings for a wave 15 tenant.

• Use EAC instead for org management

Helpful links• Deployment guidance

• Exchange Deployment Assistant• Troubleshooting articles

• General Hybrid troubleshooting• Guided Walkthroughs

• Hybrid Free Busy• Client Connectivity• Mailflow

Lesson review

• Exchange 2010 sp1 no HCW • Exchange 2010 sp2+ has HCW

53

• Please answer the survey questions posted at the end of this meeting.

• Let us know what sessions you want! Email Josh Topal at v-joshto@Microsoft.com.

• Feel free to give feedback too.

Feedback

Management SurfacesQ&A and Feedback

© 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.