EBS by S.R

June 25, 2008

SCR IN EBS!!! Step By Step instructions: Setup Part1;

Filed under: EBS — WITS-SR @ 2:57 am
Tags: ,

Will post 2 blogs; The first will be on setup; the 2nd will be on failing over.

Install the 2nd Exchange on a clean windows 2008 standard

For this blog we have named the Messaging server “exchange” and the standby server “exchange-bu”

dcpromo and make this server a member dc

change the time zone to match the other servers; by default the server will be at Pacific time zone

Run Windows Update patch

install Windows power Shell

Install IIS

specifically IIS Management Console; IIS 6 Metabase Compatibility; IIS 6 Management Console; IIS7 Dynamic Content Compression; IIS7 Basic Authentication; IIS 7 Windows Authentication; IIS 7 Digest Authentication. Ensure WWW service is running, otherwise you will get this error


Install Exchange using the “Typical Exchange Server installation”

make sure that the install path match the Messaging server for example “C:\Program Files\Microsoft\Exchange Server”


Your screen will move along to


The Hub Transport Role can take over 10 minutes to install.

Once the install has completed make sure to run windows update to update Exchange to the latest release

the 2 servers always have to have matching builds.

Check the event viewer for event 1032 “No Credentials was found for security_server.domain.local

If you see this follow these steps.


1. Remove Edge Certificate from an exchange server using the Remove-EdgeSubscription command in powershell (when prompted for identity, enter name of security server, then select “y” when prompted).

2. Restart Microsoft Exchange Transport Service on all servers.

3. On security server in powershell, create a new Edge subscription using the command New-EdgeSubscription -filename “c:\subscription.xml”

4. Put subscription.xml into a shared folder.

5. On one of the exchange servers (hub), in Exchange Management Console, click on Organizational Configuration >> Hub Transport on the left hand tree. Then click on the Edge Subscriptions tab.

6. Right click in windows and select “New Edge Subscription”, and select subscription.xml.

7. Run command on the exchange server Start-EdgeSynchronization, in powershell.


  • In TMG firewall policy go to “Allow Microsoft exchange EdgeSync Traffic from messaging server” and add in the exchange-bu server
  • In TMG firewall policy go to ” Allow Outbound SMTP Mail Traffic to Security Server” and add in the exchange-bu server


  • Add the “Windows PowerShell” to the Exceptions list on both exchange servers under Windows Firewall settings
  • On “exchange-bu” set “Microsoft Exchange Transport” service to manual and stop the service


1. run on exchange Enable-StorageGroupCopy -identity “First Storage Group” -StandbyMachine exchange-bu -ReplayLagTime 0.1:0:0

2. run on exchange Enable-StorageGroupCopy -identity “Second Storage Group” -StandbyMachine exchange-bu -ReplayLagTime 0.1:0:0

3. run on exchange : Suspend-StorageGroupCopy -Identity “exchange\First Storage Group” -StandbyMachine “exchange-bu”

4. run on exchange: Suspend-StorageGroupCopy -Identity “exchange\Second Storage Group” -StandbyMachine “exchange-bu”

5. run on backup exchange: Update-StorageGroupCopy -Identity “exchange\First Storage Group” -StandbyMachine “exchange-bu”

You should see the a similar screen to this (this can take some time to start if the database is over 30 gigs)


6. run on backup exchange: Update-StorageGroupCopy -Identity “exchange\Second Storage Group” -StandbyMachine “exchange-bu”

7. run on backup exchange: Resume-StorageGroupCopy -identity:”exchange\First storage Group” -standbymachine “exchange-bu”

8. run on backup exchange: Resume-StorageGroupCopy -identity:”exchange\Second Storage Group” -standbymachine “exchange-bu”

9. Run commands to Test Replication Health (on backup)

a. Get-StorageGroupCopyStatus “exchange\First Storage Group” -StandbyMachine “exchange-bu”

b. Get-StorageGroupCopyStatus “exchange\Second Storage Group” -StandbyMachine “exchange-bu”

c. Test-ReplicationHealth

Should get back passed on all tests



You can check the following link for some errors you might come across; http://msexchangeteam.com/archive/2008/05/28/448929.aspx


June 23, 2008

Update on BackupExec EBS Install

Filed under: EBS — WITS-SR @ 12:45 pm

On June 15th we created a blog on installing Backupexec in a EBS environment; https://workitsafe.wordpress.com/2008/06/15/backupexec-12-and-ebs/ subsequently we started getting a job failures with an E0008488 error code, a hotfix was released which addresses this issue;

It can be downloaded from here http://support.veritas.com/docs/304586


June 19, 2008

When offline files on client machines fail after a SBS migration to EBS

Filed under: EBS — WITS-SR @ 2:40 pm

We found that on some of our XP and Vista workstations after the migration to SBS there were still some errors as the machines were looking to the old SBS for its offline files.

We found the safest way to repair the issue was to follow this kb http://support.microsoft.com/kb/230738 for XP

In Folder Options, on the Offline Files tab, press CTRL+SHIFT, and then click Delete Files. The following message appears:

The Offline Files cache on the local computer will be re-initialized. Any changes that have not been synchronized with computers on the network will be lost. Any files or folders made available offline will no longer be available offline. A computer restart is required.
Do you wish to re-initialize the cache?
Click Yes two times to restart the computer.


In Vista based on these kb’s http://support.microsoft.com/kb/937475 which points to http://blogs.technet.com/filecab/archive/2006/12/12/moving-the-offline-files-cache-in-windows-vista.aspx 

takeown /r /f c:\windows\csc

deleted what in the csc folders, the started the rebuild

June 17, 2008

/Remote in EBS does not allow you to connect when you migrate from SBS2003

Filed under: EBS — WITS-SR @ 8:31 pm

EBS “Remote Web Workplace” security group is now located in the domain/users folder.

The SBS2003 Remote Web Workplace located in domain/MyBusiness/Security Groups is not going to work and the user will get the error


As soon as you add them to the correct group this issue is resolved.

June 16, 2008

Forefront and .zip files

Filed under: EBS — WITS-SR @ 8:50 pm

Our Goal was to block most inbound .ZIP files, allow all outbound .zip attachments and prevent Forefront from stripping these allowed attachments during the daily manual scan.

These are the steps we followed to accomplish this.

This can all be done from the management server

Open Forefront Server Security Administrator;

Click on Filtering;File

We deleted *.zip from the “Default Filter Set (Filter set Template)

We added *.Zip to the “Transport Scan Job”

looks similar to this


Then click on Filtering/Filter Lists/Allowed senders

Add a new allowed group; save then click on Edit; add the allowed domains or users

Click on Filtering/Allowed Senders; Click on Transport Scan Job; You should see your group created in the Senders list.

You now Enable in the List State; and check Skip Scanning for “File Filtering”

test and you should have success.


Chris Grillone posts EBS Extreme makeover

Filed under: EBS — WITS-SR @ 3:49 am

Chris Grillone Product Manager at Microsoft  posts EBS Extreme makaover


Setup in replacement mode

Filed under: EBS — WITS-SR @ 3:36 am

Oliver Sommer has a blog on “Setup in replacement mode”

June 15, 2008

BackupExec 12 and EBS

Filed under: EBS — WITS-SR @ 8:35 pm

After some pain points we have configured "Symantec BackupExec 12" to successfully backup "EBS Exchange 2007" using GRT (Granular Restore technology).

· Install BackupExec on a Windows 2003 server (instructions below are for 32bit)

· Install the remote agent directly from the \program files\Symantec\Backup Exec\Agents\Raws32

· you will install both the Exchange Management tools and the MAPI/CDO tools following these links

· http://www.microsoft.com/downloads/details.aspx?familyid=6BE38633-7248-4532-929B-76E9C677E802&displaylang=en

· http://www.microsoft.com/downloads/details.aspx?familyid=E17E7F31-079A-43A9-BFF2-0A110307611E&displaylang=en

· Windows power shell 1.0 installation package can be downloaded from http://support.microsoft.com/kb/926139

· make sure to install "Update Rollup 2 for Exchange Server 2007 Service Pack 1" on both servers located at http://www.microsoft.com/downloads/details.aspx?familyid=99DA32E0-D9E3-4156-AABF-8369BF96E3E7&displaylang=en

· Make sure to use a new dedicated user that is not "administrator" "admin" or if the first 5 characters match another user. http://seer.entsupport.symantec.com/docs/288777.htm & http://seer.entsupport.symantec.com/docs/256537.htm

· If existing jobs have been created make sure to change the credentials to the new user in the "options\Resource credentials"

Should be all set to go


June 13, 2008

EBS Certificates to upgrade Mobile devices

Filed under: EBS — WITS-SR @ 5:34 pm

We have found that the when inserting the EBS certificates into a outlook html email, even though it will be blocked on the outlook client, the mobile phone will see them.

This therefore allows for a detailed instructional email to be sent to the users and for them to seamlessly upgrade the phones without having to get the certificates manually imported to their device.




EBS saves the day

Filed under: EBS — WITS-SR @ 4:25 pm

The Five Towns Area in L.I had a power failure this past Wednesday .

Our client in the TAP program has a robust battery power backup system in place, we were notified via email as soon as they lost power, and we managed to shutdown all non crucial servers to save the runtime.

In EBS you can setup failover DHCP which we had implemented, we shutdown management and 1 TS server, and all servers that do not run LOB,  We feel that the granular control we have over the domain will show its benefits many times over during the life cycle of this release.


Next Page »

Blog at WordPress.com.