Issue while configuring CCR with FSW (File Share Witness)

I want to share with you one of the issues that I found during Exchange Server 2007 – CCR Implementation. The issue appears while trying to configure FSW (File Share Witness) for the CCR, I don’t know if anyone faced this issue or problem before during his testing of CCR , but in case you didn’t , and you faced the same issue, I am sharing the solution of this issue with you in order to get over and solve this issue.

What is FSW ?


CCR uses the new File Share Witness feature introduced in an update to the Windows 2003 SP1 to act as the witness node instead of implementing a third node in the cluster for that purpose. Microsoft always recommends to install the FSW on one of the Hub servers. Also in site resilience implementation MS recommend to pre-provision another FSW on the Hub server that is hosted in the backup site and to be used to speed up the process of bringing up the backup site in case of disasters, and in order to facilitate such process of bringing up the other FSW and as a best practices MS recommend to use a CNAME record that is pointing to the server hosting the FSW so in case of disasters you just need to change the CNAME record to point to the other server hosting the standby FSW, easy task. so in general you will create the CNAME record in the DNS that will be pointing to the FSW server, and the issue is in this procedure.

So where is the problem???


sometimes when you try to use the CNAME record to populate the FSW or even to test the access to the FSW share using the CNAME you will got this error:

\\CName_Of_FSW

”You were not connected because a duplicate name exists on the network. Go to System in Control Panel to change the computer name and try again”


For example, if you deployed FSW on a HUB Server called (SRV-E2K7HUP-01) and you added a CNAME Record under the Active Directory called FSW, and you tried to access this CNAME from any of the CCR Nodes under this network, by running file://fsw/ from Rum Command, you will get the above mentioned error, and you will not be able to proceed, cause you need to configure Windows Cluster for the Two CCR Nodes with file://fsw.domain/MNS_FileShare_Name. and both CCR nodes needs to access this shared folder.

The Solution:

To solve this problem you have to disable the Strict Name Checking, from the Registry of the server that hosts the FSW (which is in our case the HUP Server SRV-E2K7HUP-01):

• Start Registry Editor (Regedt32.exe).
  
  
• Locate and click the following key in the registry: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanmanServer\Parameters.
  
  
• On the Edit menu, click Add Value, and then add the following registry value:
  
  Value name: DisableStrictNameChecking
  Data type: REG_DWORD
  Radix: DecimalValue: 1
  
  
• You have to restart the server after that.
  
  
• After Restarting the server make sure that you can access the C-Name of the FSW Hosting Server from the Run command on both CCR Nodes.

Please let me know if anyone faced this problem before and could solve it with the same above steps, and if you could not test this on a CCR Environment, please try it now, so you will be familiar with the steps shown above.

I hope the above information is useful to you, and hope to bring again another more issues which might help you with Exchange Server 2007.

MS Exchange Server 2007 – Active Directory Preparation

How to Prepare Active Directory for Exchange Server 2007 Installation:

As we all know, Microsoft Exchange Server 2007 uses the Active Directory directory service to store and share directory information with Microsoft Windows, so without Active Directory directory Services, you will not be able to have any version of Exchange Server 200x installed under your network. If you have already Active Directory deployed under your production network and you want to deploy Exchange Server 2007, then continue reading this article to know how to prepare Active Directory Domain Infrastructure for Exchange Server 2007 Deployment and Installation, but If you have NOT yet deployed Active Directory, stop reading this article and go and deploy Active Directory First then come here again to continue : ).

In order to be able to install and deploy MS Exchange Server 2007 under your production or testing lab environment, you need to first prepare your Active Directory for Exchange Server 2007 before doing any kind of Exchange Server 2007 installation. Here I will try to explain how to prepare the Active Directory directory service and domains for installing Microsoft Exchange Server 2007.

As I mentioned on my previous article posted previously in my blog under the name of “Microsoft Exchange Server 2007 Requirements” you have to make sure that you have met all Exchange Server 2007 Hardware, Infrastructure, and System Requirements before you proceed with Active Directory Preparation Steps mentioned on this article.

Now, here are the steps required to prepare your Active Directory for Exchange Server 2007 Deployment and Installation under you Organization:

1. Prepare Exchange Legacy Permissions

If you have Exchange Server 2003 or Exchange 2000 Server running under your Exchange Organization, then open a Command Prompt window from , and then run one of the following commands:

• To prepare legacy Exchange permissions in every domain in the forest that contains the Exchange Enterprise Servers and Exchange Domain Servers groups, run:
  
  setup /PrepareLegacyExchangePermissions
  
  
• To prepare legacy Exchange permissions in a specific domain, run
  
  setup /PrepareLegacyExchangePermissions:
  

Permission required to run these commands:

• To run this command to prepare every domain in the forest, you must be a member of the Enterprise Admins group.
  
  
• To run this command to prepare a specific domain, you must be a member of the Exchange Organization Administrators group and you must be a member of the Domain Admins group in the domain that you will prepare.
  
  
• If you do not specify a domain, the domain in which you run this command must be able to contact all domains in the forest.
  
  
• After you run this command, you must wait for the permissions to replicate across your Exchange organization before continuing to the next step. If the permissions have not replicated, the Recipient Update Service on your Exchange Server 2003 or Exchange 2000 Server computers could fail. The amount of time that replication takes depends on your Active Directory site topology.
  
  
• To track the progress of Active Directory replication, you can use the Active Directory Replication Monitor tool (replmon.exe), which is installed as part of the Microsoft Windows Server 2003 Support Tools Setup. By default, it is located at "%programfiles%\support tools\." Add your domain controllers as monitored servers so that you can track the progress of replication throughout the domain
  
  

2. Prepare Active Directory Schema

From a Command Prompt window, run the following command:

setup /PrepareSchema

Very Important Note: You must NOT run this command in a forest in which you do not plan to run setup /PrepareAD. If you do, the forest will be configured incorrectly, and you will not be able to read some attributes on user objects. So, if you didn’t follow the steps here correctly, Don’t Blame meJ.

Permission required to run these commands:

• This command connects to the schema master and imports LDAP Data Interchange Format (LDIF) files to update the schema with Exchange 2007 specific attributes.
  
  
• To run this command, you must be a member of the Schema Admins group and the Enterprise Admins group.
  
  
• You must run this command on a computer that is in the same domain and the same Active Directory site as the schema master.
  
  
• If you have not completed Step 1, setup /PrepareSchema will perform the PrepareLegacyExchangePermissions step. To complete the PrepareLegacyExchangePermissions step, the domain in which you run this command must be able to contact all domains in the forest.
  
  
• After you run this command, you should wait for the changes to replicate across your Exchange organization before continuing to the next step. The amount of time this takes is dependent upon your Active Directory site topology.
  

3. Prepare Active Directory directory Service

From a Command Prompt window, run the following command:

setup /PrepareAD [/OrganizationName: ]

What does this command do ?

• This command configures global Exchange objects in Active Directory, creates the Exchange Universal Security Groups (USGs) in the root domain, sets permissions on the Exchange configuration objects, and prepares the current domain. The global objects reside under the Exchange organization container. If no Exchange organization container exists, you must specify an organization name by using the /OrganizationName parameter. The organization container will be created with the name that you specify.
  
  
• This command creates the Exchange 2007 Administrative Group called Exchange Administrative Group (FYDIBOHF23SPDLT). It also creates the Exchange 2007 Routing Group called Exchange Routing Group (DWBGZMFD01QNBJR).
  
  Very Important Notes:
  
  Do not move Exchange 2007 servers out of Exchange Administrative Group (FYDIBOHF23SPDLT) and do not rename Exchange Administrative Group (FYDIBOHF23SPDLT) by using a low-level directory editor. Exchange 2007 must use this administrative group for configuration data storage. We do not support moving Exchange 2007 servers out of Exchange Administrative Group (FYDIBOHF23SPDLT) or renaming of Exchange Administrative Group (FYDIBOHF23SPDLT).
  
  Do not move Exchange 2007 servers out of Exchange Routing Group (DWBGZMFD01QNBJR) and do not rename Exchange Routing Group (DWBGZMFD01QNBJR) by using a low-level directory editor. Exchange 2007 must use this routing group for communication with earlier versions of Exchange . We do not support moving Exchange 2007 servers out of Exchange Routing Group (DWBGZMFD01QNBJR) or renaming of Exchange Routing Group (DWBGZMFD01QNBJR).
  
  
• This command creates the Unified Messaging Voice Originator contact in the Microsoft Exchange System Objects container of the root domain.
  
  
• This command prepares the local domain for Exchange 2007.
  To run this command, you must be a member of the Enterprise Admins group.
  
  
• If you have Exchange Server 2003 servers in your organization, you must be an Exchange Full Administrator to run this command.
  
  
• The Exchange organization name cannot contain the following characters: ~ (tilde), ` (grave accent), ! (exclamation point), @ (at sign), # (number sign), $ (dollar sign), % (percent sign), ^ (caret), & (ampersand), * (asterisk), () (parentheses), _ (underscore), + (plus sign), = (equal sign), {} (braces), [] (brackets), (vertical bar), \ (backslash), : (colon), ; (semicolon)," (quotation mark), ' (apostrophe), <> (angle brackets), , (comma), . (period), ? (question mark), / (slash mark), White spaces at the beginning or end.
  
  
• You must run this command on a computer that is in the same domain and the same Active Directory site as the Schema Master.
  
  
• If you have not completed Step 1, setup /PrepareAD will perform the PrepareLegacyExchangePermissions step. To complete the PrepareLegacyExchangePermissions step, the domain in which you run this command must be able to contact all domains in the forest. If you are also a member of the Schema Admins group, and if you have not completed Step 2, setup /PrepareAD will perform the PrepareSchema step.
  
  
• After you run this command, you should wait for the changes to replicate across your Exchange organization before continuing to the next step. The amount of time this takes is dependent upon your Active Directory site topology.

To verify that this step completed successfully, make sure that there is a new organizational unit (OU) in the root domain called Microsoft Exchange Security Groups. This OU should contain the following new Exchange USGs:

• Exchange Organization Administrators
• Exchange Recipient Administrators
• Exchange View-Only Administrators
• Exchange Servers
• ExchangeLegacyInterop

When you install Exchange 2007, Setup will add the Exchange Organization Administrators USG as a member of the local Administrators group on the computer on which you are installing Exchange. Be aware that the local Administrators group on a domain controller has different permissions than the local Administrators group on a member server. If you install Exchange 2007 on a domain controller, the users who are Exchange Organization Administrators will have additional Windows permissions that they do not have if you install Exchange 2007 on a computer that is not a domain controller.

4. Prepare other specific Domains (if exists).

From a Command Prompt window, run one of the following commands:

• Run setup /PrepareDomain to prepare the local domain. Note that you do not need to run this in the domain where you ran Step 3. Running setup /PrepareAD prepares the local domain.
  
  
• Run setup /PrepareDomain: to prepare a specific domain.
  
  
• Run setup /PrepareAllDomains to prepare all domains in your organization.
  

These commands perform the following tasks:

• Sets permissions on the Domain container for the Exchange Servers, Exchange Organization Administrators, Authenticated Users, and Exchange Mailbox Administrators.
  
  
• Creates the Microsoft Exchange System Objects container if it does not exist, and sets permissions on this container for the Exchange Servers, Exchange Organization Administrators, and Authenticated Users.
  
  
• Creates a new domain global group in the current domain called Exchange Install Domain Servers. It also adds the Exchange Install Domain Servers group to the Exchange Servers USG in the root domain.
  

Note the following:

• For domains that are in an Active Directory site other than the root domain, /PrepareDomain might fail with the following messages:
  
  "PrepareDomain for domain has partially completed. Because of the Active Directory site configuration, you must wait at least 15 minutes for replication to occur, and run PrepareDomain for again."
  
  "Active Directory operation failed on . This error is not retriable. Additional information: The specified group type is invalid.Active Directory response: 00002141: SvcErr: DSID-031A0FC0, problem 5003 (WILL_NOT_PERFORM), data 0The server cannot handle directory requests."
  
  If you see these messages, wait for or force Active Directory replication between this domain and the root domain, and then run /PrepareDomain again.
  
• To run setup /PrepareAllDomains you must be a member of the Enterprise Admins group.
  
  
• To run setup /PrepareDomain, if the domain that you are preparing existed before you ran setup /PrepareAD, you must be a member of the Domain Admins group in the domain. If the domain that you are preparing was created after you ran setup /PrepareAD, you must be a member of the Exchange Organization Administrators group, and you must be a member of the Domain Admins group in the domain.
  

To verify that this step completed successfully, confirm the following:

• You have a new global group in the Microsoft Exchange System Objects container called Exchange Install Domain Servers. To view the Microsoft Exchange System Objects container in Active Directory Users and Computers, on the View menu, click Advanced Features. The Exchange Install Domain Servers group is used if you install Exchange 2007 in a child domain that is an Active Directory site other than the root domain. The creation of this group allows you to avoid installation errors if group memberships have not replicated to the child domain.
  
  
• The Exchange Install Domain Servers group is a member of the Exchange Servers USG in the root domain.
  
  
• On each domain controller in a domain in which you will install Exchange 2007, the Exchange Servers USG has permissions on the Domain Controller Security Policy\Local Policies\User Rights Assignment\Manage Auditing and Security Log policy.

Microsoft Exchange Server 2007 Requirements

Hardware Requirements

Microsoft maintains a list of minimum hardware requirements to install Exchange Server 2007. Microsoft recommends the following minimum hardware requirements for Exchange Server 2007:

Processor:

• Intel Extended Memory 64 Technology (Intel EM64T). or
• AMD Opteron or AMD Athlon 64 processor, which supports AMD64 platform.

Memory:

• 2GB of RAM per server plus 5MB per user minimum.
  

Disk space:

• At least 1.2GB on the hard disk where Exchange Server 2007 will be installed.
• 200MB on the system drive
  

Paging file size:

• Page File Size should be equal to the amount of RAM in the Server plus 10 MB.
  

Note:

• That Inter Itanium IA64 Processors are NOT SUPPORTED.
• These hardware requirements from Microsoft are the bare minimum and should not be used in best-practice scenarios. In addition, hardware requirements can change because of features and functionality required by the company, for example, the implementation of Unified Messaging voice mail services or clustering on an Exchange 2007 server can require more memory

Infrastructure Requirements for Exchange Server 2007

Exchange Server 2007 has the following infrastructure requirements:

• The Schema Master Domain Controller must have Windows Server 2003 SP 1 or Windows Server 2003 R2 Installed.
• Global Catalog Server used by Exchange Server 2007 must be running Windows Server 2003 SP 1 or Windows Server 2003 R2 Installed.
• Active Directory Domain Functional Level must be Windows 2000 Native or higher for all domains in the Active Directory Forest where you will install Exchange Server 2007 or have mailbox-enabled users.
• Forest Functional Level must be Windows Server 2003 Functional Level.
• No Microsoft Exchange Server 5.5 Servers should be in the Exchange Organization and the Exchange Organization must be in Native Mode.
• Domain Name System (DNS) is configured correctly in the Active Directory Forest.
• Active Directory is prepared for the Exchange Server 2007.
• WINS is not required anymore for Exchange Server 2007 Installation, operation and management.
  

Exchange Server 2007 System Requirements

Exchange 2007 has the following requirements for Installation:

• Windows Server 2003 – 64-Bit (or Windows Server 2003 R2 – 64-Bit) as Operating System.
• .Net Framework 2.0
• Microsoft Management Console (MMC) v 3.0
• Microsoft PowerShell v 1.0.
• Windows Security Updates.
  

For each and every Exchange Server 2007 which will be deployed under the Production network, all the above software and updates must be installed prior to install Exchange Server 2007. You will not be able to proceed with Exchange Server 2007 Installation on any server if one of the system requirements was not installed on the server.

What's New in Microsoft Exchange Server 2007

Microsoft Exchange Server 2007 is the latest release of the messaging and communications system from Microsoft built on the Windows operating system. At its core, Microsoft Exchange Server 2007 is an email, calendaring, and address book system that runs on a centralized Windows Server 2003 server system. However with the release of Exchange 2007, now the sixth major release of Exchange in the 12-year history of the product, Microsoft has made significant improvements in the areas of security, reliability, scalability, mobility, and unified communications. In this Article, We will list some of the New Features of Microsoft Exchange Server 2007, not a comprehensive list of all the new features in Exchange 2007, but It is intended to help you start testing and running Exchange 2007. For a complete list of all the new and improved features, see the Following Microsoft Site “Features of Exchange Server 2007”.

• Exchange Management Console: The Exchange Management Console is one of two new administrative interfaces for Exchange 2007 and is based on Microsoft Management Console (MMC) 3.0. The Exchange Management Console is required to install and manage Exchange 2007. The Exchange Management Console combines all management tasks into one user interface. By using the Exchange Management Console, you can manage all Exchange servers, recipients, and organizational components in your Exchange 2007 organization.

• Exchange Management Shell: The Exchange Management Shell is a new task-based command line shell and scripting language for system administration. You can use the Exchange Management Shell to perform every task that the Exchange Management Console can perform and additional tasks that cannot be performed in the Exchange Management Console.





• Unified Messaging: Exchange 2007 includes support for Unified Messaging (UM). Unified Messaging combines multiple messaging infrastructures into a single messaging infrastructure. Therefore, Exchange 2007 users who are enabled for Unified Messaging can receive all voice mail, e-mail, and fax messages in their Exchange 2007 mailboxes and can access their mailboxes from a variety of devices. These devices include mobile devices and cellular, analog, or digital telephones.

• Performance improvements: Exchange 2007 supports deployment on a 64-bit architecture for improved performance and capacity. Because of the move from a 32-bit architecture to a 64-bit architecture, the Enterprise Edition of Exchange Server 2007 now supports a larger number of storage groups and databases per server. Exchange 2007 lets you create as many as 50 storage groups per server. Although a storage group can contain as many as 5 databases, there is a limit of 50 databases per server.
  

32 bit = 232 or 4 gigabytes of addressable memory
64 bit = 264 or 16 exabytes of addressable memory

• Availability: When multiple Exchange 2007 computers that are running the Hub Transport server role are deployed in a site, mail flow between Hub Transport servers and Mailbox servers is automatically load balanced and does not require any additional configuration by the administrator. If a Hub Transport server (formerly known as a bridgehead server) is unavailable because of a failure or regularly scheduled maintenance, failover to the other Hub Transport servers is automatic.

• High availability: for Mailbox servers Exchange 2007 includes three Inbox features that provide high availability for Mailbox servers: Local continuous replication (LCR), cluster continuous replication (CCR), and single copy clusters (SCC). The continuous replication features use log shipping to create a second copy of a production storage group. In an LCR environment, the second copy is located on the same server as the production storage group. In a CCR environment, the second copy is located on the passive node in the cluster.
  


• Messaging Policy and Compliance Features: Exchange 2007 includes many new messaging compliance features. You can use the policy and compliance features of Exchange 2007 to apply rules to messages that are sent and to enforce retention requirements for stored data. The new Messaging Records Management (MRM) feature in Exchange 2007 helps users and organizations retain the messages that they need for business or legal reasons.

• Security and Protection: Exchange 2007 includes several improvements to the suite of anti-spam and antivirus features that were introduced in Microsoft Exchange Server 2003. In Exchange 2007, the anti-spam and antivirus features provide services to block viruses and spam, also known as unsolicited commercial e-mail, at the network perimeter.
  
  

• Autodiscover: To optimize bandwidth, when a remote user connects to an Exchange 2007 computer that has the Client Access server role installed, the Client Access server that accepts the initial request locates the user's mailbox. After the user's Mailbox server is located, the client request is redirected to the Client Access server that is nearest to the user's Mailbox server.

• Extensibility and Programmability: Exchange 2007 includes a new set of services, known as Exchange Web Services, which enable developers to interact with Exchange mailboxes and contents by using standard HTTP. Exchange Web Services provides access to the mailboxes of authenticated users and the items in their mailboxes.

Introducing Server Roles in MS Exchange Server 2007

Exchange Server 2007 has a new architecture based on server roles. Server roles organize Exchange Server 2007 services and features into preset server configurations. While Exchange Server 2003 provided primitive server roles in the form of back-end servers and front-end servers, Exchange Server 2007 has more granular divisions.

There are five server roles in Exchange Server 2007:

• Mailbox: Hosts mailbox databases, which contain user mailboxes and public folders.


• Client Access: Allows browser-based, remote, and mobile clients to communicate with Exchange Server through Outlook Anywhere (RPC/HTTP), Outlook Web Access, ActiveSync, POP3, or IMAP4.


• Hub Transport: Provides message transport services within the organization. All messages flow through the hub transport, allowing organization-wide enforcement of policies.


• Unified Messaging: Provides telephony capabilities including voice mail, fax receiving, automated attendant, and Outlook Voice Access.


• Edge Transport: Serves as an e-mail gateway, helping to block spam and viruses at the network perimeter before they reach internal mail servers.