Planning Tech

Well if you gone this far you should be in good condition, and tell you the truth all the Hard stuff is behind us and now you should work with the Exchange2007 GUI and it’s much more easier.

Remember that we need to install the Exchange 2007 on both Nodes, Node1 will be used as the Active and Node2 will be the Passive .

Setting up the Active node

Log-in to Node1 with Domain Admins permeations and brows to the Exchange 2007 directory (I hope that you already copy the Exchange directory on both nodes for easy access)and run the “Setup.exe” to start the Exchange2007 wizard.

Now you should see the Wizard on your screen ,follow the following steps :

Step 1: Install.NET frameworks 2.0 ->  don’t break your head and simply install it .

Step 2: Install the MMC console -> read step 1.

Step 3:Install Microsoft Command Shell(MSH) -> If you gone this far you should be able to handle it yourself .

Step 4: Install Microsoft Exchange ->  Finally!!! You may said , here we going to install the Active copy in our CCR environment, a new wizard will open with the following configuration :

Error Reporting -> Click YES and press next (Believe me it will save you a lot of time in case you have future problems in your environment).

Installation Type -> Chose the “Custom” options because we need to install unique role ,Next.

Server Role Selection -> here you should choose “Active Clustered Mailbox Role”, next.

Cluster Settings-> here we have some additional configuration we need to choose

Select Cluster Type :

Chose CCR (First option).

Clustered Mailbox Server Name :

 The name you specify here will be the name that your Outlook clients will need to specify when they set their mailboxes .

Clustered Mailbox Server IP Address :

Here you need to give a Unique(Exclude this address if you using DHCP server ) IP address from your Public Segment

Path:

Keep the default path .

Setting up the Passive node

Well it’s easy all you need to do is to connect to Node2 and perform the same steps as we did in the Active Node . The only thing you need to do different is to choose passive and not active when the Cluster Wizard become online  .

First before we can precede you first need to understand what the hell is Majority Node…? Well first you need to download the following update from Microsoft and install it “MS KB 921181” after you install it you can get the ability to use File Share Witness that use outside your Cluster (you can share files that kelps outside the cluster we build between Node1 and Node2).this KB require in our situation because we use the HUB server when we create the Cluster.

Configuring the File Share Witness:

First you need to know that Microsoft recommends creating the share on the Exchange2007 that’s olds the HUB role in your Active Directory (and off course the same AD that you going to deploy the Cluster).

Log on to your Exchange 2007 that’s holds the HUB role and create new folder (no matter where you create it BUT Use drive with space!)Called “MS_FSQ_XCH07CLUSTER” (You can set another name if you like).

Now we need to set the Shares and Permeations on this folder:

1. Create share on this folder (Share the folder with the default name don’t change it!).
2. Give permeations to the Domain administrator or the Cluster user we created in the last steps (or not…test environment…)…

Note!

The permeations need to be Full Control.

Setting up the folder on Node1

Here we need to set the attribute on the server to point the folder we create one step before pay attention:

Log-on to Node1 and open Command Line, Type:

Cluster res “Majority Node Set” /priv MNSFileShare=\\ServerName\Folder name(MS_FSQ_XCH07CLUSTER) 

Now after you set the syntax as I explain you will get an error massage says “ The properties where started but not all changes will take effect until the next time the resources is brought online “

That’s o.k. all we need to do is to force the changes we just configure and look how it simple to do :

All we need to do is first move the Cluster Group to the other node. Why..?

Because when the cluster moves the group the group going to be in offline state and after the transfer she will come back to be in online mode.

Syntax(Command Line) :

Cluster Group “cluster group” /move

After you press ENTER the cluster moves the group into NODE2!

Confirm Configuration:

Now you need to check the new settings you just configure , so it’s very simple to do .

On the command line Type the following syntax :

Cluster res “majority Node Set” /priv

Now you need to see a list of resources with their values, all we need is the first resource configured with the share folder we set on proviso steps .

If you have installed s Server 2003 Enterprise with Service Pack 1 on the node, you need to download the Microsoft .NET Framework Version 2.0 Redistributable Package (x86), since it’s only a standard Windows component .

After we configured our Cluster we now need to install Exchange 2007 in Active and Passive Nodes, before we can do it we must first install the needed Windows Components on Node1 and Node2:

Open Control Panel -> Add\Remove Programs –Windows Components.

Now navigate and install the following components:

Install IIS with the following components:

1. WWWS – World Wide Web Service.
2. Enable Network COM+ access.
3. Internet Information Services.

Before we begin I want to speak about the environment that I use before choosing the CCR option on production environment.

My test environment created on Esxi servers so you can gees that I’m talking about Virtualization here but that will be discus on another post …

Here we have the Full configuration:

1. I created my Domain-Controller in a new Forest, This DC run the DNS role and Active Directory.

Server Name: DC2003

IP_ 192.168.12.100

OS: Server 2003 standard 32-Bit

1. Exchange 2007 contain all the roles(Not the Edge role!) with SP1

Server Name: XCH2007

IP_192.168.12.88.

OS: Server 2003 standard 32-Bit

Exchange Server 2007 32-Bit

1. Node 1 – this node will function as the Active Node in our CCR environment.

Server Name: Node1

IP_192.168.12.200

OS: Server 2003 Enterprise 32-Bit

Exchange Server 2007 32-Bit

1. Node 2 – this node will function as the Passive Node in our CCR environment.

Server Name: Node2

IP_192.168.12.201

OS: Server 2003 Enterprise 32-Bit

Exchange Server 2007 32-Bit

1. I install one XP system just to check the CCR configuration after we finish configured it on our environment.

Now I will start to explain about the building of the CCR cluster Step by Step to help you understand every step of the way so follow carefully it’s not as heard as its look.

In this chapter I will give you all the knowledge you need to know how create the cluster in your organization.

Note!

Before you proceed you need to remember that you need to create the cluster with Domain admin credentials.

Log-in to your first node (node1) and open the Cluster Wizard with 2 options:

Start -> Administrative Tools ->Cluster Administrator

Or you can use the command line with the following syntax:

Start -> Run -> an Type: Cluster.exe /create /wizard

Now you start to work with the Cluster Wizard so pay attention by following those easy steps:

Figure 1: in the first figure you need to create a new cluster so chose “Create New Cluster”    

Figure 2: Click Next.

Figure 3: Create name and Domain

Domain: here you need to insert your domain name

For example: Planning.Local

Cluster Name: you can choose every name that you want.

For Example: PlanningClustering

Note!

The name that you provide here is NOT the name that your users will connect!

Figure 4: Select Computer

Here you need to specify the firs Node in your architecture, in our case we simply add NODE1.

Figure 5: Analyzing Configuration

Let the wizard do its stuff until you can proceed, pay attention that you will get two errors in the last two options, please ignore them it’s o.k.

The explanation you may ask is that we configured our CCR replication topology based on Mailbox server that not configured to share the same disks subsystems.

Figure 6: IP Address

Here you need to give an IP address that enabled you to access using the Cluster Management Tools.

In our case we can give the following IP address

192.168.12.144

Figure 7: Cluster Service Account

Here you can specify new account you that handle your Cluster Environment, but as you will learn simply add your Domain Administrator Credentials.

Figure 8: Proposed Cluster Configuration

Here you can see the entire configuration that we create until now .But you also need to make the next step:

Chose “Quorum” and chose “Majority Node Set”

After you chose it the Cluster Wizard will start configuring the cluster Services and Resources.

Figure 9: Finish!

Now you have your cluster environment and we can proceed to the next step that help us adding NODE2 to the Cluster we just created.

Adding NODE2 to the Cluster:

Open your new cluster:

Start -> Administrative Tools -> Cluster….

After the cluster administration lunch follow the next step to add Node2:

Click on your cluster name to expand the tree,

Select New -> Node

A new wizard will open that help you proceed, so let’s work it out:

Figure 1: Next

Figure 2: Select computers

Here we need to add the next machine that will be the second node, in our case we need to chows “Node2” and Next.

Figure 3: Analyzing Configuration

Here the wizard will determined the Cluster configuration, simply wait till it finishes and then click next.

Figure 4: Cluster Service Account 

Simply add the same credentials you add when configuring Node1 (Domain Administrator in our case).

Figure 5: Proposed Cluster Configuration

Here you can see the entire configuration that we create until now.

All done now you can tell your manager you finish creating the first part of the project and she can deliver the big money in the next salary.

As I explain before we create two servers that will be configured as our NODES, now we need to set another LAN card to create backup for the first LAN card the NODE already have. It’s not hard to configure so please follow and execute:

Note!

I will explain how to set the NIC’S on node1 and when you do it please notice that you need to do it also on node2!!!!

Open you’re Network Connection and add another NIC, now you need to name them as you wish but remember that it’s very important to understand the configuration because we need to set priority on them.

I called the PUBLIC and PRIVETE:

Public – This is our Default NIC and will be use for External communication (set with default getaway).

Private – This is our additional NIC and will be use with another segment for internal communication use only!

Now we need to set the priority of the Nics:

Go to Advanced -> Advanced Settings-> now you must set the public NIC to be first on the binding order.

Note!

1. Public.
2. Private.
3. Remote Access Connection.

Note!

If you already installed Exchange2007 Service Pack 1” you can skip the following step

Go to the private NIC and disabled the “File and Printer Sharing for Microsoft Networks”.

Now let’s set the Nics Static addresses:

Node1 Public Nic:

IP address                             : 192.168.12.200

Subnet                                   : 255.255.255.0

Default gateway                 : 192.168.12.254

Dns Server                           : 192.168.12.100

Node1 Private Nic:

IP address                             : 192.168.11.2

Subnet                                   : 255.255.255.0

Default gateway                 : None!!!!

Dns Server                           : None!!!!

After we finish to configure the static ip’s its time to set the additional settings:

Advanced -> Dns Tab -> Now all you need to do is to UNMARK two features:

1. Register these connections addresses in DNS.
2. Use this connection’s DNS suffix.

Advanced -> Wins Tab and set the following:

1. Unmark “Enable LMHOST lookup.
2. Chose “Disable NetBIOS over TCP/IP.

Node2 Public Nic:

IP address                             : 192.168.12.201

Subnet                                   : 255.255.255.0

Default gateway                 : 192.168.12.254

Dns Server                           : 192.168.12.100

Node2 Private Nic:

IP address                             : 192.168.11.4

Subnet                                   : 255.255.255.0

Default gateway                 : None!!!!

Dns Server                           : None!!!!

After we finish to configure the static ip’s its time to set the additional settings:

Advanced -> Dns Tab -> Now all you need to do is to UNMARK two features:

1. Register these connections addresses in DNS.
2. Use this connection’s DNS suffix.

Advanced -> Wins Tab and set the following:

1. Unmark “Enable LMHOST lookup.
2. Chose “Disable NetBIOS over TCP/IP.

Note!

We configures the Private network to communicate between the two nods using bits, when the bits stops the nodes know one of the fails and take is services.

All set. If you follow all the above and test your configuration (Pings and stuff) you can proceed to the next step.

 
Disaster Recovery
Recovering Deleted Items

• Users can recover their deleted items via Outlook/OWA Deleted Item Recovery.

In Outlook:

Open outlook -> Tools-> Recover Deleted Items.

•Deleted Items recovery period is 14 days by default.

•To change this limits:
Server Configuration->Mailbox->Mailbox Store-Properties-> limits tab.

To recover items older than 20 days we need to:
Toolbox -> Database Recovery Management->open tool (from the right):

Welcome : Enter the name for this activity ->Next.
    
Select a task:

 At first we need to create the recovery storage group.
Create recovery storage group->Chose the mailbox database- > First Storage Group -> Create Recovery storage group.
Note!

After we created this Recovery Storage Group we will see new options in the welcome screen like the Marge and Swap options.

After we created the recovery storage group we need to restore the backup.

Open Ntbackup -> Restore -> information store->Logs and Mailbox.

After the restore we can recover our lost e-mails, to do it we first need to follow this steps:

Mount our Recovery Storage Group -> on welcome screen chose the “Mount or Dismount Database->chose the Recovery storage group database and mount it.

After our Recovery is mounted Go to the welcome screen and chose “Marge a copy mailbox content” ->  checked that the  Recovery storage group is marked ->Gather merge information->set filter if you want (Examples: specific dates)->Perform pre-merge tasks-> now we going to see all users mailboxes and we can chose what to restore
->perform merge actions.
    

•  A backup older then the server setting can be restored if they were on backup.
-  Process for this similar to mailbox recovery.

Mailbox recovery process
• Use the Recovery Management Tool.
• Build a Recovery Storage Group.
• Restore the source database from backup to the new Recovery Storage Group.
• Mount the restored database in Recovery Storage Group.
• Select mailbox merges options.
• Run extraction -> import of all mail items.
To recover an entire deleted mailbox a new mailbox can be created and the restored data can be merged into it.
Recently deleted (last 30 days) mailboxes can be reconnected using the disconnected Mailbox Tool in the EMC.
Recovering a corrupted store
• We have two options for recovery
- LCR/SCR copy of database.
- Restore database from an Exchange backup.

LCR recovery

•  Take corrupted store offline if needed :
Server Configuration -> Dismount Database-> Yes.

• Run Restore-StoregeGroupCopy –Identity “First Storage Group” (Tell the server that we want to stop the LCR replication and that we want to go live with the LCR copy).

Open Command Shell and type:
Restore-StoregeGroupCopy –Identity “First Storage Group”.
- Swap mount points to make LCR copy the live one.
In other words replace the LCR and Store files like we did in exchange 2003.
• Mount the database copy.

Recovery backup from the original server
Here we overwritten the production database without recovery storage group
• Dismount the target database.
• Server Configuration -> Dismount Database-> Yes.
• Set the database for overwritten.
Note!
In case we have RSG we first need to remove it because the restore can accidently goes to the RSG and not to our production environment.

• Select the Exchange backup (Mailbox and Logs) and restore and run it.
Note!

If the restore unable to execute we can check Events and see Event: 9638 that says that the database in use.

Mail database can be restored on a separate server

• Remember that databases are portable!
• Restores can be made to any Exchange 2007 mailbox server in the organization.
- Target Storage Groups will need a new mailbox database created first (With the same name of the original SG).
- Restore .edb file and logs to the SG data directory.
- Mount the mailbox database in the EMC.
- Run this cmdlet to properly associate the mailboxes with the new server:
Get-Mailbox –database “oldserver\dbname” |Move-Mailbox –TargetDatabase “newserver\dbname” –ConfigurationOnly: $True
- Outlook 2007 clients will automatically reconfigure to find mailbox.
• Public Folder databases cannot be restored to another server.

How to recover after a fried/drowned/stolen server
• Build a new server with the same name and join it to the domain
- Reset the computer account in the AD before joining the replacement.
- Create identical partitions/disks (Size can be larger).
- Install required Windows components and Exchange role prerequisites (IIS…).
• Run Exchange setup.exe from the command line using the /M: RecoverServer switch.
- Will restore all roles and basic configs (things found in Org-level config).
- Will not restore certs, databases, receive connectors (We need to create them manually), etc. (server level).
• Create new Storage Recovery Groups.
• Recover mail and public folder databases from backup.
- For recoveries from Ntbackup, media will have to be cataloged (on Ntbackup ->Tools ->Catalog backup file) prior to restore.
- If public folders were replicated, recovery from backup won’t be necessary.
• Another recovery path if recovery is to the original hardware:
- Reinstall Windows 2003 server and bring up to proper patch level (Service packs\IIS…Asp.net….).
- Install needed Windows components and prerequisites.
- Restore all Exchange Program Directories and System state.
- Restore databases to proper location.

• Clone an Edge role server’s configuration for later restoring.
Recommendations
• Document your configuration for disaster recovery purposes.
• Use the database Troubleshooter tool if you have database which fail to mount.
• Learn to use ESEUTIL to do VERY occasional offline defrags and repairs.
- It’s found in the Exchange Server\Bin directory.
- Many of the ESEUTIL operations are integrated into the Recovery Tool wizards.
• Delete RSG files when you are done with them.
• DO PROPER BACKUPS!

What you need to know about backing up Exchange
• A standard on line file backup of exchange databases will not be easily recoverable – because when we create the   backup the exchange still makes process! And in recovery we not always get the full backup as we hope.*
• An “image” backup of a server with Exchange is not usually a good backup solution. (*).
• Only an off-line file-level backup of DB and logs can capture data store accurately.
• An “Exchange-aware” backup :
- Can capture data properly while DB is on-line.
- Must be done for log file maintenance to be done.
• NTbackup and many 3rd-party backup solutions are “Exchange-aware”.
• Microsoft uses NTBackup to back up data in its clustered Exchange 2007 environment.
Recoverability point = Proper backup + logs since that backup

What to back up:
• Your mail and public folder databases – in Exchange –aware fashion(NTbackup)  -
• System state (and/or have multiple domain controllers) – Backups Active Directory (NTDS) and IIs database that hosts many configuration of exchange database(OWA\Remote Access)
• Data under the following path:
“Program Files\Microsoft\Exchange Server\”
• Exclude the First \Second Storage Group Folders under the mailbox directory.

C:\program files\Microsoft\exchange server \mailbox
Using NTbackup

We will see all local drives with the exchange “Microsoft Exchange Server” information store   .
What we need to backup…?
1. Microsoft Information Store-> First Storage group (Mailbox Database) & Second Storage Group (Public Folders).
2. C:\Programfiles\Microsoft\ExchangeServer – backup all!!!! Exclude First Storage Group.
3. System State tab.
VSS – Volume Shadow Copy (Very important!)
• There are actually two types of Exchange backups :
- Streaming (Legacy) – create live backup copy and takes more time the exchange database.
- VSS (bleeding edge) – new tech in enterprise Environment , he stops all Wrath process of the Exchange dunning the backup process and quickly copy the database , the restore process  takes faster. We need SCASI disks and Raid 10 with Stripe drives.
• Exchange-Aware VSS works with Exchange to pause database operations temporarily.
• Process normally only takes few seconds.
• Restores can be applied very rapidly.
• VSS can be run against the passive LCR copy of database to further minimize disruption.
• VSS requires fast disk access.

• Microsoft System center’s  Data Protection Manager support VSS snapshots re: Exchange

- So do products made by IBM, Commvault, EMC and other Enterprise vendors.

How to configure Local Continuous Replication for data protection
• LCR creates passive copy of the active database.
- Initial “seeding” copies the existing DB.
- Transaction logs copied to the LCR directory are applied to the passive database.

!!!With LCR we have the same database we have in production environment in offline mode so when we have crises we can use the offline copy that will be the same to the one we have in production environment!!!!!!

• Configure the LCR to create the database copy on another drive (Internal or External).
• Replicating Storage Groups can only contain a single database.
• Public folder stores cannot be replicated with this method – has its own mechanism so if we want to create redundancy the best solution will be to provide replication to another server that holds this database.
• Consider using mount points to make recovery simpler
- Moving the database files:

Server Configuration -> Mailbox ->First Storage Group ->Mailbox Database->Move database path->Chose different location to store database.

We also need to transfer the logs directory to a different path:
Server Configuration -> Mailbox ->First Storage Group ->Move Storage group path-> Chose different location to store database.
-Setting up the NTFS volume mount points.

Note!
LCR will increase your processor overhead due to log/database activity.

 To configure LCR we need to go to:

Server Configuration -> Mailbox ->First Storage Group ->Enable Local Continues Replication -> Wizard will open ->
Introduction  :  just verify Storage group name and mailbox store

Set Paths  :  Set the new location of the Database and Logs.

Mailbox Database : set the new location of the Database and Logs.

Enable   : Next

Completion  : Finish.
  
       Note!
      In LCR folder we will see two new folders:
      Ignored Logs: Here the LCR stores problematic logs that came too late or doesn’t mount to the store.
      Inspector   : all logs pass this folder before mounting it to the database.
     
SCR (Standby Cluster Replication)
• Like LCR, but the passive database exists on a remote Exchange 2007 mailbox server.
• Multiple remote server targets can be configured for a single store.
• Target servers must be in the same AD.
• Configurable delay in log replication to block logical corruption.
• If original mailbox store goes offline, a passive copy can be made active.
• Require Exchange 2007 SP1.

Recommendations
• Set up LCR for cheap additional protection, but use a separate disk or set of disks.
• Do exchange backups.
• Protect your logs.
• Don’t forget system state backups – we must use it because it’s creating backup of Active-Directory.
• Test your backups by doing practice recoveries.
• Take daily backups unless you have LCR set up, in which case you can do them weekly.

Using Receive Connectors

• The default receives connectors only allow internal delivery.
• A receive connector will have to be created if there is no Edge server.
• Receive connectors can be created to handle TLS connections from remote servers.
• Unlike send connectors, receive connectors are SERVER-based.

Send Connectors configuration
Server Configuration -> Hub Transport ->
-By default we will see our server Default connector – only inbound connections and to create connections between Hub transport in TLS connection.

-Client Receive connector is established to enable Outlook clients to access.

-From Outside – we need to create it if we don’t have an Edge server to enable connection from outbound. We need to configured it the external connector
Settings Limits

•Limits are set at the Organization level.

Organization Configuration -> Hub Transport -> Global Settings – > Properties.
- Max Receive – The size of mails user can receive.
- Maximum Send – The size of mails user can send.
- Maximum number of recipient – The size of mails user can send E-mail to.
- Maximum size per storage group (18 for example) – every 18 MB the outlook will empty the delete Items box.

Massage Delivery Tab – for example if we have CRM protocol and we add the CRM ip to this box the cause will be that all filters will be DISABELD on that Machine.

• Get properties on Transport Settings under Global Settings.
• Transport Dumpster settings are cluster-related.

Working with Queues
• Queue Viewer   is found in the Toolbox.
• Queue is no longer kept as individual files in a folder, but in an ESE database – the same database of exchange (Edb and Logs)
• There are five types of queues :
- Submission – This is the default place that massages goes through (Inside\outside).
- Mailbox delivery – mails between two mailboxes in the same site.
- Remote Delivery – external source.
- Poison Message – all massages kept when server crushed and then we have reboot the server will not try to send them and crush again.
- Unreachable – items that we cannot establish the connector rout to them.

Note!
If for example we send E-mail to external provider (Hotmail\Gmail) and we receive error massage says “The ip you using is not authorized to send e-mails directly to our servers”.
Here we can use Smart Host to resolve this problem and not be recognized as a spammer.
Organization Configuration -> Send Connectors -> Outbound -> Network -> Add Smart Host (Pinup\Symantec Mail relay) -> Smtp.dad.com -> allow basic autantication
Toolbox -> Queue Viewer