The Microsoft Certified Master Programme is borne out of what used to be known as Ranger training, a Microsoft only programme designed to equip their best technical staff with the best training available with the goal of improving the quality and configuration of Exchange deployments in the wild.  In 2008 Microsoft split the Ranger programme into two streams, Master and Architect.  The Master stream is aimed at people who are delivering Exchange solutions on a daily basis, it is the raw technical side of the Ranger programme, the Architect stream (for which being Master is a pre-requisite to apply) is around showing both raw technical ability and the softer skills such as project management and leadership.

I was fortunate enough to be offered the chance to attend the MCM programme a year or so ago following a discussion internally within Risual on how our consulting team can both further their skill sets and ultimately deliver superior services to our customers.  At that time Exchange 2007 was the current Exchange server product, with Exchange 2010  coming later that year, with that in mind I decided to defer the process until 2010 had launched.  Fast forward to April of this year and I began the application process, this consists of a number of stages, some of them more clear cut than others – there are some pre-requisite MCITP exams you need to have passed, you also need to submit your CV and some project documentation that you have produced, the aim here is to establish if applicants have the right level and type of experience to succeed on the programme.

Once you’ve been accepted into the programme (it took around a month start to finish for my application with contact back and forth), you need to pay the fee ($15,000 in the case of Exchange) and choose your rotation date.  As I had selected a rotation in September (it took about 6 months of pre-planning to find a rotation date which didn’t clash with customer or personal commitments) all went quiet at that point, this is your cue to step up on the reading & lab work (step up, not start – if you don’t already proactively stay immersed with Exchange whenever possible MCM probably isn’t for you).  With respect to pre-reading I focussed on the CHM & the big Exchange blogs (EHLO, Tim McMichael etc), I also picked up the excellent Microsoft Exchange Server 2010 Best Practices book (I’d almost go so far as to say that this book should be on the the official pre-reading list, there’s very little it doesn’t cover in sufficient depth) however actually doing it is what’s going to give you the skills you need – be that lab or customer work – I spent a lot of time trying the new functionality with Exchange 2010 – CAS Arrays, DAG etc…. 

As your rotation draws nearer you will start to be in contact with the team more and more, they will help with things like accommodation and provide you with joining instructions for the first day.  I opted to stay in a corporate apartment with two other people on the course, for me this was an excellent move for many reasons, staying with people who are all going through the same process means you can talk over the days content when you finish class for the day, pick each other up when things don’t go so well & have some company for the three weeks that you’ll be there – as someone who stays in hotels often this is a big one.

The course is three weeks in length based in Microsoft’s Redmond campus, starting on a Monday morning, finishing on a Saturday after the qualification lab (more on that later), home for me is the UK & I’ve been to the west coast of the US before for holidays, Jetlag is something I struggle with & with this in mind I opted to fly out on the Wednesday of the previous week to get shot of the jet lag, this also gave me a few days to get some more reading in, I stayed in Seattle and when not frantically revising got some sightseeing in.  This was a good move – it took me until Saturday to get into a normal sleeping pattern & feeling human again. 

On the Sunday I met up with Nic and Joel whom I was sharing an apartment with & we headed to Redmond, the anticipation from all of us was immense – nothing quite like a combination of excitement and fear to spark a good conversation! 

Day one started at 7:30am with breakfast followed by a gentle introduction session from David the Exchange MCM PM, our group of 17 consisted of mostly Microsoft employees with 6 external partners like myself. 

Each section was taught by one or more subject matter experts – some internal Microsoft people from the product group, PSS or DSEs, some external people who simply know the product so well they are an ideal person to deliver the content.  The content was delivered principally using PowerPoint with regular whiteboard, demonstrations and lab exercises.

Following the introduction until Wednesday lunchtime was Transport in more depth than you can imagine, day one finished at 10:30pm, this set the pace for the rest of the week – the latter half of the week was given over to CAS & as with Transport the pace was unrelenting and the depth huge.  We were generally in the classroom 12-14 hours each day, with regular short breaks to grab a drink, David also kept us well stocked with Cliff bars, never had them before but they seemed to keep you going when you’re flagging!

Evenings were generally given over to dinner on the run & revising the days material, the first weekend the whole class got together to revise the transport and CAS material ready for the first of three tests, scheduled for 8am on Monday morning – don’t have any illusions of long dinners, drinking all night or sightseeing at the weekends, you don’t have time & you wont be able to get Exchange & the tests off your mind anyway! 

So Monday of week two came around, everyone on time and looking like they hadn’t slept, not just me then…  the test was delivered by the Prometric engine that is familiar to anyone who has taken an MCP exam, that is where the similarity ends however, every question is hard – they are designed to test your understanding of the material often using complex scenarios.  You get your results instantly, wait until the two hours is up and then dive straight into week two, which is all around mailboxes and storage, ranging from the disk architecture your mailbox databases are stored on, through to how Exchange databases are logically structured then finally the mailbox role itself.  Every night we would try and revisit the days content, pulling out what we felt might get tested, sometimes we were right, often we were not!  That weekend was much like the previous, two days of solid revision preparing for Monday’s test.

The week two test was in the same format as the previous one, again once the two hours was up we started on the week three material, which started with UM, then into HA, sizing / capacity planning finishing off with slightly less technical material around operational methods (ITIL etc..).  Friday of the final week was given over to revision, with the final exam being sat that afternoon. 

After the exam the entire group got together and begun preparation for the qualification lab, this is a six hour lab session where you will be given a series of tasks, all of them very simple in themselves, of course nothing will work and you will need to go on a rapid troubleshooting spree.  The lab is open book, you may use the internet, notes etc… the only thing not permitted is connecting to another lab / exchange environment, with this in mind the group spent a few hours getting all the tricks they’d picked up over the years and places to look & we got them written down – this was hugely valuable, both as a revision exercise for the Saturday but also in the lab I had commands at my fingertips to perform common tasks – a timesaver.

So Saturday came around, this was the final piece of the puzzle, we started at 8:30am, ran till lunchtime, stopped for 30 minutes then went back and finished the six hours.  I actually enjoyed the lab (strange as it sounds), it reflects the work I do most of, because of this I found it easier than the written exams.  Unlike the exams you don’t get an instant pass / fail, however you will be told the approximate pass mark and you will therefore have a reasonable idea of how you did, I came out of the lab feeling good about it – I’d completed all apart from one task and felt I’d done enough to pass it.

With the lab out of the way, we went out, had a big steak & a few drinks before retiring for the night (I feel somewhat sorry for our waiting staff, there was a lot of pent up emotion after the last three weeks coming out!), I flew out on the Sunday evening so after packing played a tourist in Seattle for the day & headed for home, some of my fellow candidates went back to work on the Monday, it took me a few days to get back into normal life – MCM is like a bubble, my parents ended up calling my girlfriend asking if I was alive as I’d all but fallen off the face of the planet, even fitting in a call home (factoring in the time difference if you’re coming from outside of the US) is very difficult.

So how did I do?  I passed two out of the three exams and passed the qualification lab.  This left me with a retake, these are be completed at home – if you are in this situation (most people will come home needing to do some form of retake) you book a time with your PM and they will get you up to speed on the process.  I re-took that exam today and am delighted to say I passed it.

So is it worth the money, the time away from work & the effort?  Absolutely – I was extremely fortunate to be in a rotation with such fantastic candidates, as a group we were constantly challenging the material which drove the discussions deeper and really helped my understanding of the content, that group of peers doesn’t stop when you finish the course and pass your exams, infact it gets better – once qualified you’re added as a member of the ‘Ranger DL’ containing all certified Masters / Rangers, what better group of people could you want to ask questions or test theory’s, there are a host of other benefits (which I’m still finding out about ).

Another key point which has stuck in my head is the need to be not only proficient in all of the Exchange roles (this includes Edge and UM!) but also in the surrounding and supporting technologies, AD is obviously a big one – know how to check replication, be fast with ADSI edit / LDP, also be proficient with ISA / TMG, I’m fortunate in that I use ISA / TMG a lot in customer engagements – why wouldn’t you, it’s an excellent way to expose Exchange to the outside world, it is also used heavily in the MCM training – if you’re not competent with it, you’ll struggle with some parts of the training and end up focussing on ISA rather than learning about Exchange.  Studying for and taking the ISA 2006 (I don’t believe there is a TMG MCITP as yet) exam would be a good way to get a good level of competence.

Wow, that was a long one!  Normal service will be resumed shortly!!

Exchange 2010 Outlook Web Access now offers integration with OCS R2 in much the same way as Office 2010 (for those of you that have used it), in that you can now see your OCS buddy list. Whilst this can be really useful in Outlook Web Access some of the steps to get this working can be a little tricky and need to be done in a particular order.

Quick note, each of the following steps will need to be completed on all Exchange 2010 CAS Servers in your organisation.

Firstly, download the Microsoft Office Communications Server 2007 R2 Web Service Provider:

http://www.microsoft.com/downloads/details.aspx?familyid=CA107AB1-63C8-4C6A-816D-17961393D2B8&displaylang=en

Secondly, if you are running your CAS Servers on Windows 2008 R2 you will need the ‘UcmaRedist.msp’ patch:

http://www.microsoft.com/downloads/details.aspx?FamilyID=B3B02475-150C-41FA-844A-C10A517040F4&displaylang=en

Run the CWAOWASSPMain.msi and install it (default location is C:Web Services Provider Installer).

Copy UcmaRedist.msp to the C:Web Services Provider Installer folder.

You will now need to install the files in that folder in the following order:

vcredist_x64.exe

UcmaRedist.msi

(run an elevated Command prompt (run as Admin))

Browse to C:Web Services Provider Installer folder and install the following:

CWAOWASSP.msi

UcmaRedist.msp

You can now confirm that the installation has completed correctly by browsing to and checking for the following registry key:

HKLMSystemCurrentControlSetServicesMS Exchange OWAInstantMessaging.

If the InstantMessaging key does not exist under MS Exchange OWA then ensure you ran the CWAOWASSP.msi from an elevated command prompt.

Hopefully by this point you will have installed a FQDN Certificate off your internal CA for your CAS Server(s), if not, you will need to. OCS works entirely on Certs and checks the FQDN of the Server(s) you add against the cert that it is operating with – basically, the self-signed certificated that Exchange installs with will not with OCS.

Once you have a cert from your internal CA that matches the FQDN of your Server you will need to launch Exchange Powershell and run the following command:

Get-ExchangeCertificate | fl

Details you will require:

(Keep this screen open as you will need the information from the certificate registered for IIS in the next step.)

Now browse to C:Program FilesMicrosoftExchange ServerV14ClientAccessOWA and edit the ‘web.config’ file with notepad.

You will need to complete the following sections:

IMPoolName

IMCertificateIssuer

IMCertificateSerialNumber (this needs to in two octet sets as per below)

example:

Now you need to enable the CAS Server to use OCS for IM, to do this run the following from the Exchange Powershell:

Get-OwaVirtualDirectory | Set-OwaVirtualDirectory –InstantMessagingType OCS

Once the command has completed you will need to perform an ‘IISReset’

Now, connect to your OCS R2 Server and bring up the Front-End properties of the pool and select the Host Authorisation tab. Click Add.

Add the host name as the FQDN of the CAS Server(s) that are being configured for IM (this will be need to be the same as the FQDN certificate registered on the CAS servers for IIS). Tick the boxes for ‘Throttle as Server’ and ‘Treat as Authenticated’.

Once you have restart the OCS R2 Front-End Service it should all be working.

After downloading and attempting to install the French language pack for Exchange 2010 UM I was less than pleased to the receive an error:

It took me a few moments to digest what was occurring but after reading the error (always a good start) and looking through the Exchange setup logs ([ERROR] Could not find a part of the path ‘C:SupportUM,Language,Packsfr-FR’), it would appear that if the Language Pack is in a folder that contains spaces it will not install.

If you look at the error above you will note that the spaces in my folder name have been replaced by comma’s ‘,’.

Resolution

Remove the spaces in the folder containing the Language Pack

Neil Cruickshanks

Two of the many significant changes coming with Exchange 2010 are the change to DAG’s and to terminate MAPI connections at the Client Access Layer. 

Under Exchange 2007 an Outlook user has the server name configured to that of the mailbox (server / cluster) name, under Exchange 2010 with the concept of DAG’s you no longer connect to the exchange mailbox server directly, your server name is one of your Client Access Servers.  In its out of the box configuration its not very fault tolerant, if the client access server is unavailable the client wont be able to connect.  Client Access Arrays along with load balancing (can be NLB, Forefront TMG or another solution) are the way to tackle this issue.

In this example I have a Forefront TMG (beta 3 – I’ve not upgraded to the RC yet…) server exposed to the internet, behind this I have two Exchange 2010 servers both running Hub, Client Access and Mailbox roles.  There is also a supporting AD, DNS, Certificate infrastructure etc… however I’ve not shown it in the interests of keeping this simple, thanks to Visio it looks like this:

I am publishing the following external names:

autodiscover.contoso.com – Exchange autodiscover

mail.contoso.com – OWA, OA, EWS, ECP, EAS

As we want to load balance / provide fault tolerance for our Exchange 2010 services we have a web farm created with Exch2010.contoso.com & Exch2010-2.contoso.com using HTTP / HTTPS GET requests to verify connectivity. 

Three publishing rules have been configured as follows:

All publish to the web farm containing the two Exchange servers.  Again in the interests of keeping this simple I’ve not gone into SSL offload & authentication delegation – best practice would have multiple listeners – FBA for OWA, NTLM for OA etc… but I’ve got one public IP so one listener it is!

To configure a client access array the following steps need completing (I’ve not documented the usual steps you would go through to configure your internal and external URL’s – you set these up as usual):

• Create a client access array

Creating the client access array is simple, all that is needed is to specify an FQDN (an internal name which doesn’t resolve on the internet is fine – the name doesn’t get registered in DNS) and name, in this case I used cas.contoso.com (original eh!) and the AD site the array will serve:

New-ClientAccessArray cas.contoso.com -FQDN cas.contoso.com -Site Default-First-Name-Site

This will create your new array & place all Exchange servers with the client access role in the site specified into your array.

• Configure mailbox databases to use the client access array – this information is then passed back to the client via autodiscover.

When the mailbox database has the RPCClientAccessServer field completed this specifies either a client access server or client access server array to be returned to the client through autodiscover. 

Simple enough to do, this is the command I used:

Set-MailboxDatabase testdb -RpcClientAccessServer cas.contoso.com

Once this has been set, allow a few minutes for replication & client connections will start to be directed to cas.contoso.com from autodiscover & existing clients will begin to update their configuration – the Exchange Server field in outlook will become cas.contoso.com.

So should one of your client access servers go offline TMG will send the connection to another server in the farm and the client will continue to work as it has as CAS array name specified rather than an individual server.

There is documentation on technet about this, however it’s still quite vague – as you would expect at this stage, more will come in due course.

Exchange… awesome product! 

Just found this gem of information on Anderson Patricio’s blog, something which stumped me when setting up some 2010 HA demo’s. 

Exchange 2010 allows you to create a highly available implementation with just two servers (excluding edge), you can combine mailbox, hub and client access on one box, do this twice & use a DAG to replicate the databases & you have highly available Exchange (you can use Forefront TMG to load balance). 

The Exchange 2010 DAG functionality replaces the CCR / SCR technology in Exchange 2007, like CCR DAG requires a file share witness to prevent split brain syndrome.  Typically in Exchange 2007 you would place this on a Hub transport server (having manually created the share & permissions), Exchange 2010 has a wizard to create the FSW on a remote server for you which is handy, however as I found out when I tried to use it against a non Exchange server it didn’t work, I manually created the FSW – putting it down to a Beta / RC bug, however it would appear that you need to add the Exchange Trusted Subsystem group to the local administrators group on the target server to allow the FSW wizard to work.

Rob

Recently I was tasked with performing a mass update on a large HMC / multi tenant style Exchange 2007 implementation.  The update itself was a reasonably simple one – prevent Outlook clients who were not running in cached mode from connecting to their mailboxes (as an aside the reasoning for this was the need to prevent clients with desktop search applications from having a negative performance impact on mailbox servers), the PowerShell cmdlet to do this is ‘Set-CasMailbox’.

In our test environment I executed the following in an Exchange PowerShell session:

Get-CasMailbox -OrganizationalUnit ‘PlatformUsers’ -resultsize unlimited | Set-CasMailbox -MAPIBlockOutlookNonCachedMode:$true

This had the desired effect however took quite some time to run, so looking for a way of speeding this up I stumbled upon the UseRusServer option.  Including this the above command now looks like this:

Get-CasMailbox -OrganizationalUnit ‘PlatformUsers’ -resultsize unlimited | Set-CasMailbox -MAPIBlockOutlookNonCachedMode:$true -UseRusServer <servername>

By using this command Exchange doesn’t have to look for a server running the Recipient Update Service, this makes the process a lot faster (by some rough timings in this environment somewhere between 7-10 times faster) it also meant I had control over which server was used to perform the update against, I chose a server responsible for OAB generation, Exchange could have chosen a mailbox server holding user mailboxes, there likely wouldn’t have been a performance impact but why take the risk.

In the live environment this change affected around 400,000 accounts, so the performance improvement was worth having!

Rob