Monday, December 31, 2012

Check DAG Status

With Exchange 2010 and Database Availability Groups [DAGs], Microsoft greatly increases high availability and resilience in Exchange. But now, it is not only important to make sure your active mailbox databases are healthy and working fine, but it is also crucial to ensure your passive databases are healthy and ready to be mounted in case of necessity.

Microsoft System Center Operations Manager does a great job monitoring Exchange, but if you simply like to check for yourself, there are many cmdlets available. Two of the most important ones and most frequently used, in my opinion are the Get-MailboxDatabaseCopyStatus and Test-ReplicationHealth cmdlets.

Get-MailboxDatabaseCopyStatus will show status information about your databases that are part of a DAG. Using the following cmdlet, you can check all the databases in all the DAGs present in your environment:
(Get-DatabaseAvailabilityGroup) | ForEach {$_.Servers | ForEach {Get-MailboxDatabaseCopyStatus -Server $_}}

Using the Test-ReplicationHealth cmdlet will allow you to check all aspects of the replication and replay status, providing you with a complete overview of a Mailbox server in a DAG. This way, administrators can proactively monitor the continuous replication and the continuous replication pipeline, the availability of the Active Manager and the health and status of the underlying cluster service, quorum and network components.
(Get-DatabaseAvailabilityGroup) | ForEach {$_.Servers | ForEach {Test-ReplicationHealth -Server $_}}

Wednesday, December 12, 2012

Exchange Server Vulnerability Could Allow Remote Code Execution

Unfortunately, there seems to be another vulnerability in Exchange Server WebReady Document Viewing feature, this time with the third-party code Oracle Outside In libraries.

This security update resolves publicly disclosed vulnerabilities and one privately reported vulnerability in Microsoft Exchange Server.

The most severe vulnerabilities are in Microsoft Exchange Server WebReady Document Viewing and could allow remote code execution in the security context of the transcoding service on the Exchange server if a user previews a specially crafted file using Outlook Web App.
The transcoding service in Exchange that is used for WebReady Document Viewing is running in the LocalService account. The LocalService account has minimum privileges on the local computer and presents anonymous credentials on the network.

This security update is rated Critical for all supported editions of Exchange Server 2007 and 2010!

For more information and to download the update, please see Microsoft Security Bulletin MS12-080 - Critical

Exchange Server 2010 SP2 Update Rollup 5 v2 Released

Similar to what happened with Update Rollup 4, this one was released a few weeks ago but was almost immediately withdrawn due to a bug that affected DAGs...

Now version 2 has been released. For a full description of this RU, please check KB2785908  and to download it click here.

As with every RU or SP, Microsoft has updated the useful Exchange Server and Update Rollups Build Numbers wiki page.

I haven’t applied it on my lab yet, but will let you know as soon as I do.

Monday, December 10, 2012

Mailbox Size Increases when Transitioning to Exchange 2013

If you are transitioning from Exchange 2007/2010 to Exchange 2013, we will see that the reported size of the mailboxes will increase around 30 to 40%! Don’t be alarmed just yet. The actual space used by the mailbox database will not increase by 30% as this only refers to the attribution of space used by each individual mailbox.

Basically, Exchange 2013 now includes in the mailbox size attribute all the properties of items in a mailbox, thus providing a more accurate calculation of space taken by items in a mailbox and, therefore, the whole mailbox itself.

The problem with this is that, during a migration, users might exceed their mailbox quota when their mailbox is moved to Exchange 2013 and be prevented from sending and/or receiving e-mails...

So, in order to prevent this from happening, I suggest increasing everyone’s mailbox quota by 40% prior to their move. You can either do this at the mailbox database level if your users are using the database quotas, or individually on a per-user basis.

For example, if you want to increase by 40% the ProhibitSendQuota value for all users that are not using the database quota defaults, you can use the following cmdlet:
Get-Mailbox -ResultSize Unlimited -Filter {UseDatabaseQuotaDefaults -eq $False} | Where {$_.ProhibitSendQuota -ne "unlimited"} | ForEach {Set-Mailbox $_ -ProhibitSendQuota "$($($_.ProhibitSendQuota).Value.ToMB() * 1.4)MB" -WhatIf}

However, don’t forget to set the IssueWarningQuota or ProhibitSendReceiveQuota if you are using them! Note that this is not the best method as users might end up with a quota of 1523MB for example when the ideal value would be 1500MB...

Tuesday, December 4, 2012

Exchange 2013 Visio Stencil

Microsoft has recently released the new Visio Stencil for the entire Office 2013 suite. It contains more than 300 icons (servers, applications and services), mainly focused around Lync, SharePoint, and Exchange technologies and features.

To download it, please go here.