Date post: | 24-Dec-2015 |
Category: |
Documents |
Upload: | kevin-higgins |
View: | 216 times |
Download: | 3 times |
Exchange 2010/2013 hybrid changesTimothy HeeneyNovember 2013Office 365 Support Webcast
2
• We are recording today’s session, and will have the slide show presentation and the video recording on the original blog post and the Office 365 Community. You can find the video recording on our Video Channel - http://www.youtube.com/microsoftoffice365
• Questions can be asked at the end of the presentation through the Lync Meeting Console.
• We are recording today’s session, please understand that you may be captured in the recording. If you do not wish to be recorded, please do not type in the Lync IM Window or please leave the meeting.
Welcome to the webcast
Management SurfacesIntroduction
Hybrid Coexistence Feature Comparison
4
FeatureSimpl
eHybrid
Mail routing between on-premises and cloud (recipients on either side)
Mail routing with shared namespace (if desired) on both sides
Unified GAL
Free/Busy and calendar sharing cross-premises
Out of Office understands that cross-premises is “internal” to the organization
Mailtips, messaging tracking, and mailbox search work cross-premises
OWA redirection cross-premise (single OWA URL for both on-premises and cloud)
Single tool to manage cross-premises Exchange functions (including migrations)
Mailbox moves support both onboarding and offboarding
No outlook reconfiguration or OST resync required after mailbox migration
Preserve auth header (ensure internal email is not spam, resolve against GAL, etc.)
Centralized mail flow , ensures that all email routes inbound/outbound via on-prem
Hybrid Coexistence Feature Example
5
Cross-Premises Free/Busy and Calendar Sharing
Creates the look and feel of a single, seamless organization for meeting scheduling and management of calendars
Works with any supported Outlook client
Hybrid Coexistence Feature Example
Cross-Premises MailTips
Correct evaluation of “Internal” vs. “External” organization context
Allows awareness and correct Outlook representation of MailTips
6
Hybrid Coexistence Feature Example
Cross-Premises Mail Flow
Preserves internal organizational headers(e.g. auth header)
Message is considered “trusted” and resolve the sender to rich recipient information in the GAL (not SMTP address)
Restrictions specified for that recipient are honored7
Hybrid Coexistence Feature Example
8
Single OWA URL
Ensures a good end-user experience as mailboxes are moved in-and-out of the cloud since OWA URL remains unchanged (points to on-premises “hybrid” CAS)
Log in experience can be improved by adding domain name into your cloud URL so that you can access your cloud mailbox without the interruption of Go There page
9
Hybrid Mailbox moves
• This provides:• Ability to onboard an offboard mailbox• Full data fidelity• Very limited cross premises delegation for calendar
• However:• Not enabled by default• Technically does not rely on HCW• Should use latest tools for migration (discussed later)
Hybrid Improvements
Flexible EOP Connection and Internet Mail RoutingSupport for updating MX and directing all inbound Internet mail to EOP at any stage of the hybrid deployment – before, during or after hybrid configuration.
Improved Centralized Mail TransportAdded flexibility and capability – centralized mail transport is supported even when pointing MX to EOP.
Integrated Mailbox Migration and Move WizardOne wizard regardless of scenario – hybrid, staged, cutover, or IMAP.
Adaptive HCWHCW adapts to individual setup requirements and presents only necessary questions. Automatically gathers information whenever possible.
Integrated Support for EdgeHCW supports configuring Exch2010 Edge Transport servers directly within the wizard.
Enhanced Secure MailSimpler to configure and no longer dependent on static IP addresses in the connector configuration.
10
Deployment
Hybrid Deployment Process
Sign up for Office
365
Register your
domains with
Office 365
Deploy Office 365 Directory
Sync
Install Exchange 2013 CAS
& MBX Servers
(Edge opt)
Publish the CAS Server(Assign
SSL certificate, firewall
rules)
Run the Hybrid Wizard
Exchange specific deployment tasks
General Office 365 deployment tasks
Demo
Exchange 2013 Tenant Compatibility • Exchange Server 2013 is supported against a Wave 15
Exchange Online tenant. Tenants that are still running on the Wave 14
release of Exchange Online are not compatible with Exchange Server 2013 on-premises
• Exchange Server 2013 Setup and Hybrid Configuration Wizard include a tenant version check to prevent you getting into a bad state
• The setup check occurs once during the PrepareAD phase
Exchange 2010 Hybrid support• Exchange Server 2010 SP3 is compatible with Wave 14
and Wave 15 tenants• Exchange Server 2010 based hybrid deployments will
continue to support Exchange 2003 coexistence with the wave 15 service
• Once the new Office 365 service is launched, unless you are migrating from Exchange 2003, Exchange Server 2013 based hybrid is recommended for all new deployments.
2. Deploy Exchange 2013 servers
Install both E2013 MBX and CAS servers
Set an ExternalUrl and enable the MRSPRoxy on the Exchange Web Services vdir
Exchange 2013 hybrid deploymentfrom an existing Exchange 2007 or 2010
E2010 or 2007 Hub
Internet facing site
Intranet site
Exchange 2010 or 2007
Servers
1. Prepare
Install Exchange SP and/or updates across the ORGPrepare AD with E2013 schema
4. Publish protocols externallyCreate public DNS A records for the EWS and SMTP endpoints
Validate using Remote Connectivity Analyzer
5. Switch autodiscover namespace to E2013 CAS
Change the public autodiscover DNS record to resolve to E2013 CAS6. Run the Hybrid Configuration Wizard
E2013 CAS
3. Obtain and Deploy CertificatesObtain and deploy certificates on E2013 MBX and CAS servers
Clients
autodiscover.contoso.commail.contoso.com
1 2
3
45
6
E2010 or 2007 CAS
E2010 or
2007 MBX
E2013 MBX
SP/RU
SP/RU
Office 365
7. Move mailboxes
EWSSMTP
7
In the Background
Set-hybridConfiguration/OrgRelationship AutoD• New parameter called “AutoD:” domain• Allows you to control the domain name used for
autodiscover for the EWS endpoint…• Works with Exchange 2010 sp3 RU1+• Set-HybridConfiguration –Domains
“autod:Contoso.com”,”Foo.com"• Why?
What if you had tons of domains? A hoster? Wanted to force the org relationship to a specific path for EWS calls?
ExchangeDelegation who???
• No longer require a unique name to be created manually
• Sample of what is used now: “FYDIBOHF25SPDLT.contoso.com”
Tiny Tenant mode
• Get-OrganizationConfig | FL IsDehydrated
• Enable-OrganizationCustomization
Tenant Hydration• Creating Exchange configuration objects in Active Directory• Creating container for management role objects• Creating container for Exchange role policies• Creating built-in Exchange Roles• Creating built-in Exchange role assignments• The default sharing policy is being created• Creating default data classification configuration• Creating Default Message Classifications container• Creating Information Rights Management IRM configuration container• Configuring global mailbox settings• Creating global containers for Mailbox server role• Creating retention policy tag for Group Self-Service Approval Application• Configuring global mailbox settings• Creating retention policy for arbitration mailbox• Creating mailbox plan objects• Creating out of box default MRM policy tags• Create out of box additional MRM policy tags• Setting PublicFolderMailboxCountQuota
What the heck is the Service domain?
• In SP1 we required the use of a service.contoso.com domain for hybrid This caused confusion Do I need autodiscover? What name should I choose? Major pain point for our customers
• Now when Directory Synchronization is activated a new domain is created on the fly such as contoso.mail.onmicrosoft.com This allows for us to configure mailflow through the
wizard This allows us to automate the service domain
processes
Stored in Active Directory • CN=Hybrid Configuration,CN=Hybrid
Configuration,CN=E14SP2,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=e14sp2,DC=contoso,DC=com
• Get-HybridConfigurationThe HCW run in 2 stages first we run set to store the configuration in AD then we run Update to apply the changes
Logging and Troubleshooting
Logging for all changes made• <Exchange Install Directory>\Logging\Update-
HybridConfiguration
• Small sample
[10/10/2011 2:11:49] INFO:Cmdlet: Get-WebServicesVirtualDirectory --Processing Time: 281.2608. [10/10/2011 2:11:49] INFO:Running command: Set-WebServicesVirtualDirectory -Identity 'E14SP2-E2K10\EWS (Default Web Site)' -MRSProxyEnabled 'True' [10/10/2011 2:11:49] INFO:Cmdlet: Set-WebServicesVirtualDirectory --Start Time: 10/9/2011 10:11:49 PM. [10/10/2011 2:11:50] INFO:Cmdlet: Set-WebServicesVirtualDirectory --End Time: 10/9/2011 10:11:50 PM. [10/10/2011 2:11:50] INFO:Cmdlet: Set-WebServicesVirtualDirectory --Processing Time: 1062.5408. [10/10/2011 2:11:50] INFO:Running command: Set-OrganizationRelationship -MailboxMoveEnabled 'True' -FreeBusyAccessEnabled 'True' -FreeBusyAccessLevel 'LimitedDetails' -ArchiveAccessEnabled 'True' -MailTipsAccessEnabled 'True' -MailTipsAccessLevel 'All' -DeliveryReportEnabled 'True' -TargetOwaURL 'http://outlook.com/owa/e14sp2.gtrcloudtraining.com' -Identity 'On Premises to Exchange Online Organization Relationship' [10/10/2011 2:11:50] INFO:Cmdlet: Set-OrganizationRelationship --Start Time: 10/9/2011 10:11:50 PM. [10/10/2011 2:11:51] INFO:Cmdlet: Set-OrganizationRelationship --End Time: 10/9/2011 10:11:51 PM. [10/10/2011 2:11:51] INFO:Cmdlet: Set-OrganizationRelationship --Processing Time: 78.128.
Exchange 2007
• Exchange 2007 integration Add-AvailabilityAddressSpace -AccessMethod
InternalProxy -ProxyUrl https://Exchange2010CAS.Contoso.com/ews/exchange.asmx -ForestName Fourthcoffee.com –UseServiceAccount $True
This allows for 2007 users to work out of the box
Exchange 2003• Not HCW Related
(New-RemoteMailbox behavior)• Before SP2
Exchange Admin Group was the LegDN
• Now the External Admin Group is the LegDN for Remote Mailboxes by default
What did NOT change in 2013?
• Still need to have exchange 2013 published/tested• Federation trust is still registered with the business instance of the
MFG.• We still need the federated trust verification txt file created to verify
domain ownership. • We still prefer autodiscover to discover the resource endpoints for the
organizational relationships.• We still leverage the E14Rocks nomenclature when you review the
federation trust. (FYDIBOHF25SPDLT.domain.com)• Still use organization relationships
What does HCW do in Exchange 2013?
http://technet.microsoft.com/en-us/library/hh529921(v=exchg.150).aspx#BKMK_HybridConfigProcess
Demo
Cross premises Free Busy for non-internet facing siteExchange Server 2010 Coexistence – requires External URL to be set…
Layer 4 LB
mail.contoso.com
Cloud FB request
Internet facing site
E2013 MBX
E2013 CAS
Intranet site
E2010 MBX
E2010 CAS
HTTPPROXY
Cross site proxy request
Set 2010 URL to: `mail.contoso.com
TargetSharingEPR• SOAP request will include the following element:
• <ext:RequestServerVersion Version="Exchange2012" xmlns:ext="http://schemas.microsoft.com/exchange/services/2006/types" />
• When an Exchange 2010 CAS server receives the EWS call, it will throw an HTTP 500 response • Autodiscover response will have the following element:• <h:ServerVersionInfo MajorVersion="14" MinorVersion="3"
MajorBuildNumber="123" MinorBuildNumber="3" • 2010 soap:
• <ext:RequestServerVersion Version="Exchange2009" xmlns:ext="http://schemas.microsoft.com/exchange/services/2006/types" />
Remove the TargetSharingEPR settings in the Organization Relationship http://support.microsoft.com/kb/2838688
OWA redirection• Hybrid OWA redirection does not work as expected, this is being
addressed in cu3• This is not an issue on 2010 hybrid environments• http://support.microsoft.com/kb/2890814
EAP concerns (should I run the HCW)
• Some customers are concerned that the EAP will overwrite users when HCW is run• What if the EAP is not applied• Will it revert the users primary email address…
• There is a new values we use with HCW• When we run update-EmailAddressPolicy we use the
“UpdateSecondaryAddressesOnly” parameter• This prevents the users Primary SMTP address from
getting overwritten with settings in the EAP
Domain Proof missing
From 2010 sp3 ru2 you will see the domain proof missing… use Shell Get-FederatedDomainProof
Cannot add additional domain
From 2010 sp3 ru2 you will not be able to add additional domains to a federation trust from the UI, you have to use the shell as a workaround
Move fails without a trace
• The Move fail to initiate but there is no error• This occurs for many reason Bad password, MRS disabled, publishing
issues• Use PowerShell or EAC to perform the hybrid moves
EMC issues
• You will not be able to manage up-level objects, this means 2010 EMC cannot manage org settings for a wave 15 tenant.
• Use EAC instead for org management
Helpful links• Deployment guidance
• Exchange Deployment Assistant• Troubleshooting articles
• General Hybrid troubleshooting• Guided Walkthroughs
• Hybrid Free Busy• Client Connectivity• Mailflow
Lesson review
• Exchange 2010 sp1 no HCW • Exchange 2010 sp2+ has HCW
53
• Please answer the survey questions posted at the end of this meeting.
• Let us know what sessions you want! Email Josh Topal at [email protected].
• Feel free to give feedback too.
Feedback
Management SurfacesQ&A and Feedback
© 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.