Speed up Exchange Management Shell and Exchange Management Console in lab environment

If there is no internet connection in your lab environment, the "Exchange Management Shell" and "Exchange Management Console" of Exchange 2010 start-up are very slow.

To solve this scenario, we can change the following settings.

For Exchange 2010 (No-Internet access)

1. At the Exchange Server, launch "Internet Explorer".

2. On the menu, click "Tools > Internet Options".

3. Select "Advanced" tab.

4. Un-check "Check for publisher's certificate revocation".

5. Click "OK".

6. Close "Internet Explorer".

7. Right-click "Exchange Management Shell" in the "Start" menu, select "Properties".

8. Next to "Target".

9. Replace "-auto" by the CAS FQDN name.

10. Click "OK".

11. Launch "Exchange Management Console".

12. Right-click "Microsoft Exchange On-Premises (<Server Name>)", select "Properties".

13. Select "Specify a server to connect to ", click "Browse" to select a CAS Server.

14. Click "OK".

For Exchange 2007 (No-Internet access)

1. You just un-check "Check for publisher's certificate revocation" in Internet Explorer.

At Internet connection environment, you can change the following settings to speed up "Exchange Management Shell" and "Exchange Management Console".

For Exchange 2010 (Internet access)

1. Launch "Registry Editor".

2. Navigate to "HKLM\SOFTEWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config".

3. At right pane, create the following "Reg_DWORD".

ChainUrlRetrievalTimeoutMilliseconds

This registry setting defines the default timeout for a single CRL retrieval. If this value is set to 0 or if this value is undefined, the default value that is used is 15,000 milliseconds.

Decreasing the amount of time to allow CRL retrieval can significantly improve performance when internet access is poor or non-existent. Setting the value to 200 (milliseconds) may be a reasonable timeout.

ChainRevAccumulativeUrlRetrievalTimeoutMilliseconds

This registry setting defines the cumulative timeout for all CRL retrievals. If this value is set to 0 or if this value is undefined, the default value that is used is 20,000 milliseconds.

Decreasing the amount of time to allow all CRL retrievals can significantly improve performance when internet access is poor or non-existent. Setting the value to 500 (milliseconds) may be a reasonable timeout.

4. Modify the value of "ChainUrlRetrievalTimeoutMilliseconds" to 200 decimal.

5. Modify the value of "ChainRevAccumulativeUrlRetrievalTimeoutMilliseconds" to 500 decimal.

6. Close "Registry Editor".

7. Right-click "Exchange Management Shell" in the "Start" menu, select "Properties".

8. Next to "Target".

9. Replace "-auto" by the CAS FQDN name.

10. Click "OK".

11. Launch "Exchange Management Console".

12. Right-click "Microsoft Exchange On-Premises (<Server Name>)", select "Properties".

13. Select "Specify a server to connect to ", click "Browse" to select a CAS Server.

14. Click "OK".

For Exchange 2007 (Internet access)

1. Repeat steps 1 - 6 in Exchange 2007 environment.

Reference:

Speed up EMC and Powershell when working on a LAB

http://exchangemaster.wordpress.com/2010/06/06/speed-up-emc-and-powershell-when-working-on-a-lab/

Configuring Exchange Servers without Internet Access

http://blogs.technet.com/b/exchange/archive/2010/05/14/3409948.aspx

This posting is provided “AS IS” with no warranties, and confers no rights!

Exchange 2010 Remote Management Shell

Remote Shell in Microsoft Exchange Server 2010 enables you to manage your server running Exchange 2010 from a remote computer, either on your network or from the Internet. A User must be enabled for remote shell before the user can user it.

Prerequisites

Install Windows Management Framework: Windows Management Framework contains Windows PowerShell and WinRM.

Join your computer to a Windows domain: If you want to user your current network credentials, the domain you're joined to must be trusted by the domain where the Exchange server resides. Your domain doesn't need to be trusted if you manually specify credentials that are valid in the remote domain.

Open TCP port 80: TCP port 80 must be open between your computer and the remote Exchange 2010 server, and the port must be allowed through Windows Firewall on the Exchange 2010 server.

Use the Shell to enable remote shell for a user

To enable remote shell for a user, you need to enable the feature by Exchange PowerShell.

1. At Exchange Server, log in as Domain Administrator.

2. Launch "Exchange Management Shell".

3. Enter the following cmdlet to enable remote shell for a user:

Set-User <User Name> -RemotePowerShellEnabled $True

Remark: By default, all users are enabled remote shell.

Modify the Execution Policy

1. At a domain workstation, log in as Domain Administrator.

2. Launch "Windows PowerShell".

3. Enter the following cmdlet to check the Execution Policy of Windows PowerShell:

Get-ExecutionPolicy

By default, the Execution Policy of Windows PowerShell is "Restricted".

4. Enter the following cmdlet to modify Execution Policy to "RemoteSigned".

Set-ExecutionPolicy RemoteSigned

Using current credential connents to a remote Exchange 2010 server

1. At PowerShell, enter the following cmdlet to open the connection:

$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http://<fqdn of Exchange 2010 server>/PowerShell. -Authentication Kerberos

Remark: The "ConnectionUri" also supports https address, but the server must be installed the certificate which is assigned by trusted certification authority.

2. Enter the following cmdlet to import the server-side PowerShell session:

Import-PSSession $Session

Now, you can perform Exchange cmdlets in this PowerShell session.

Remark: If the Execution Policy doesn't change to "RemoteSigned", when you perform "Import-PSSession $Session", you will get the following error.

3. To disconnect the remote session, enter the following cmdlet:

Remove-PSSession $Session

Using the other user credential connents to a remote Exchange 2010 server

1. At PowerShell, enter the following cmdlet to insert user credential:

$UserCredential = Get-Credential

2. Enter the domain user name and password.

3. Click "OK".

4. Enter the following cmdlet to open the connection:

$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http://<fqdn of Exchange 2010 server>/PowerShell. -Authentication Kerberos -Credential $UserCredential

5. Enter the following cmdlet to import the server-side PowerShell session:

Import-PSSession $Session

References

Connect Remote Exchange Management Shell to an Exchange Server

http://technet.microsoft.com/en-us/library/dd297932.aspx

Troubleshooting the Exchange Management Shell

http://technet.microsoft.com/en-us/library/dd351136.aspx

Enable Remote Exchange Management Shell for a User

http://technet.microsoft.com/en-us/library/dd298084.aspx

Disconnect Remote Exchange Management Shell from an Exchange Server

http://technet.microsoft.com/en-us/library/dd335206.aspx

This posting is provided “AS IS” with no warranties, and confers no rights!

Enabling redundant cluster networks for log shipping and seeding of Cluster Continuous Replication in Windows Server 2008 R2

Lab environment
Cluster FQDN: cs01.contoso.com
Computer FQDN: Ex02.contoso.com
Redundant Computer FQDN: Ex02rep.contoso.com
Roles: CCR Active Mailbox Server
Operating System: Windows Server 2008 R2 Enterprise
Network: 172.16.2.2 (Public), 172.16.2.12 (Redundant)

Computer FQDN: Ex03.contoso.com

Redundant Computer FQDN: Ex03rep.contoso.com

Roles: CCR Passive Mailbox Server

Operating System: Windows Server 2008 R2 Enterprise

Network: 172.16.2.3 (Public), 172.16.2.13 (Redundant)

When I try to enable the redundant cluster network of Cluster Continuous Replication in Windows Server 2008 R2, I found the following error:

The addition host names cannot work. However, the resource groups were added in Failover Cluster Manager.

I read the article from the following link to solve my problem:

http://blogs.technet.com/b/timmcmic/archive/2010/07/13/continuous-replication-hostnames-fail-to-create-or-function-correct-with-exchange-2007-sp3-cluster-continuous-replication-ccr-on-windows-2008-r2.aspx?CommentPosted=true#commentmessage

When the replication service first starts up <or> the configuration time expires the replication service enumerates all network names on the cluster to determine which are valid endpoints for log shipping.  This is initially based on two cluster private properties stamped on each name, MSExchange_NetName and MSExchange_UseNetworkForLogCopying. Each of these should have a value of 1 on a network name utilized as a continuous replication host name.

On the surface it would appear that there is nothing preventing this name from operating correctly as a continuous replication host name.  After performing some internal tracing it was determined that the replication service is also implementing another check on a network name resource to ensure that it can be satisfactorily utilized for replication – is Kerberos enabled for the network name.  The replication service performs this check by reviewing a private property of a network name resource – requirekerberos and ensuring it has a value of 1.

In Windows 2003 network name resources could be enabled for Kerberos at the administrators discretion.  In Windows 2008 and Windows 2008 R2 all network names must be Kerberos enabled.  In Windows 2008 requireKerberos is a valid private property and can be programatically set.  In Windows 2008 R2 the requireKerberos property has been deprecated and can be no longer be programmatically set.  Without the requireKerberos property in Windows 2008 R2 the enable-continuousreplicationhostname commandlet fails with the previously documented error.

To work around this issue and allow the replication host names created with the enable-continuousreplicationhostname command to function the following steps can be performed:

1. Using the Exchange Management Shell invokes the enable-continuousreplicationhostname cmdlet. Allow the command to create the resource group, network name and IPv4 resource.

2. Verify with Failover Cluster Manager that the resource group, network name and IPv4 resource were created and are online.

3. Manually set requireKerberos utilizing either cluster.exe or Failover Cluster PowerShell extensions (preferred)

Cluster.exe

1. At EX02, log in as Domain Administrator.

2. Launch "Command Prompt", enter the following commands to add "requirekerberos" parameter:

cluster cs01 res "Network Name (Ex02rep)" /prive requirekerberos=1:DWORD

cluster cs01 res "Network Name (Ex03rep)" /prive requirekerberos=1:DWORD

Remark: "requirekerberos" is all lowercase.

3. Enter the following commands to take the continuous replication hostname groups offline:

cluster cs01 group "Ex02rep_group" /offline
cluster cs01 group "Ex03rep_group" /offline

4. Enter the following commands to take the continuous replication hostname groups  online:

cluster cs01 group "Ex02rep_group" /online
cluster cs01 group "Ex03rep_group" /online

5. Enter the following commands to restart the Microsoft Exchange replication service:

net stop msexchangerepl
net start msexchangerepl

Remark: You have to restart the Microsoft Exchange replication service in both servers.

PowerShell

1. At EX02, log in as Domain Administrator.

2. Launch "PowerShell", enter the following cmdlet to import failover cluster powershell extension:

Import-Module FailoverClusters

3. Enter the following cmdlets to add "requirekerberos" parameter:

Get-ClusterResource "Network Name (Ex02rep)" | Set-ClusterParameter -Create requirekerberos 1Get-ClusterResource "Network Name (Ex03rep)" | Set-ClusterParameter -Create requirekerberos 1

Remark: "requirekerberos" is all lowercase.

4. Enter the following cmdlets to take the continuous replication hostname groups  offline:

Stop-ClusterGroup -Cluster cs01 -Name Ex02rep_group

Stop-ClusterGroup -Cluster cs01 -Name Ex03rep_group

5. Enter the following cmdlets to take the continuous replication hostname groups  online:

Start-ClusterGroup -Cluster cs01 -Name Ex02rep_group

Start-ClusterGroup -Cluster cs01 -Name Ex03rep_group

6. Enter the following cmdlet to restart the Microsoft Exchange replication service:

Restart-Service msexchangerepl

Remark: You have to restart the Microsoft Exchange replication service in both servers.

At this time you can utilize either cluster.exe or powershell to verify that the requirekerboros key has been created with a value of 1.

Command

Cluster cs01 res "Network Name (Ex02rep)" /priv

Cmdlet

Get-ClusterResource "Network Name (Ex02rep)" | Get-ClusterParameter

As a result, the redundant host names of CCR were added.

RequireKerberos Reference:

http://technet.microsoft.com/en-us/library/cc772544(WS.10).aspx

This posting is provided “AS IS” with no warranties, and confers no rights!

Simplify the Outlook Web Access URL

Assuming the Client Access Server role is installed in Windows Server 2008 or Windows Server 2008 R2.

1. At Client Access Server, log in as Domain Administrator.
2. Launch "IIS Manager", expand "<Server Name> > Sites > Default Web Sites".
3. At right pane, double-click "HTTP Redirect".
4. Check "Redirect requests to this destination".
5. Type "https://<FQDN>/owa".
6. Check "Only redirect requests to content in this directory (not subdirectories)".
7. Next to "Status codes", select "Found (302)".

Figure 1: HTTP Redirect setting

9. Click "Apply".

10. Restart the IIS service.

This posting is provided “AS IS” with no warranties, and confers no rights!

Set the Forms-Based Authentication Private and Public Computer Cookie Time-out Value

You can modify the Public and Private time-out value of OWA by Registry Editor.

1. At Exchange Server with Client Access Server role, log in as Domain Administrator.
2. Launch "Registry Editor", navigate to "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlerSet\Services\MSExchange OWA".
3. Right-click "MSExchange OWA", select "New > DWORD (32-bit) Value".
4. Type "PrivateTimeout", press [Enter].
5. Double-click "PrivateTimeout".
6. Select "Decimal", next to "Value data", type a new value.

Remark: A value is in minutes between 1 nd 43,200 for a maximum of 30 days.

7. Click "OK".
8. Right-click "MSExchange OWA", select "New > DWORD (32-bit) Value".
9. Type "PublicTimeout", press [Enter].
10. Double-click "PublicTimeout".
11. Select "Decimal", next to "Value data", type a new value.
12. Click "OK".

Figure 1: The registry value of Public and Private timeout

13. Launch "Exchange Management Shell", enter "Restart-Service MSExchangeFBA".

Remark: You can use the following cmdlets to configure abive settings:

Set-ItemProperty 'HKLM:\SYSTEM\CurrentControlSet\Services\MSExchange OWA' -name PublicTimeout -value <amout of time> -typpe dword

Set-ItemProperty 'HKLM:\SYSTEM\CurrentControlSet\Services\MSExchange OWA' -name PrivateTimeout -value <amout of time> -typpe dword

Reference:

http://technet.microsoft.com/en-us/library/bb124819.aspx

http://technet.microsoft.com/en-us/library/bb124787.aspx

This posting is provided “AS IS” with no warranties, and confers no rights!

Increase Exchange 2010 default move request

By default, Exchange 2010 support moves 2 mailboxes at the same time. To modify this default settings, you have to navigate to "<Exchange Installation Path>\Program Files\Microsoft\Exchange Server\V14\Bin". Using Notepad opens "MSExchangeMailboxReplication.exe.config" file.

Remark: This file is saved in Client Access Role servers.

1. Navigate to the "MRSConfiguration" session.

Figure 1: MRSConfiguration

2. Modify the following items to increase move request.

MaxActiveMovesPerSourceMDB = "50"

MaxActiveMovesPerTargetMDB = "50"

MaxActiveMovesPerSourceServer = "200"

MaxActiveMovesPerTargetServer = "200"

MaxTotalMovesPerMRS = "400"

Figure 2: Updated MRSConfiguration

3. Save and Close the "MSExchangeMailboxReplication.exe.config".

4. Launch "Exchange Management Shell", enter "Restart-Service MSExchangeMailboxReplication".

Now, the Exchange 2010 server can moves 50 mailboxes from source mailbox database to target mailbox database, and moves 200 mailboxes from source server to target server.

Reference:
http://technet.microsoft.com/en-us/library/ff963524.aspx

This posting is provided “AS IS” with no warranties, and confers no rights!