Exchange Q & A: Outlook Anywhere, IPv6, Remote Connectivity Analy

Source: Internet
Author: User
Tags fully qualified domain name

Q: We just deployed Exchange 2008 on a Windows Server 2007-based Server in our Organization. Everything works normally, with only one exception: even if Outlook Anywhere is previously called RPC over HTTP according to the guidelines in the Exchange 2007 document on Microsoft Technet ), however, no matter how we try, we cannot connect to the Exchange 2007 client from the Outlook 2007 client on the Internet to access the server. We confirm that the SAN certificate is trusted by the client, and TCP port 443 on the firewall connected to the client to access the server is also on. Have you ever encountered this problem?

A: Actually, I have met. You mentioned that Exchange 2007 is installed on a Windows Server 2008-based Server. When installing a client access Server on a Windows Server 2008 Server, note that Outlook Anywhere cannot run properly if IPv6 is enabled on the Server. Because IPv6 is enabled by default when you install Exchange 2007 SP1 on Windows Server 2008, you must confirm that it is disabled. I have read several cases to solve the problem.

For details about why Outlook Anywhere and IPv6 on Windows Server 2008 conflict with each other, and how to disable IPv6 on Windows Server 2008 without interrupting Exchnage 2007, I suggest you read the blog post of the Microsoft Exchange team at msexchangeteam.com/archive/2008/06/20/449053.aspx. Exchange 2007 SP1 Rollup 4 should be used to solve this problem.

Q: Currently, I am implementing Outlook Anywhere and Exchange ActiveSync in the message Environment Based on Exchnage 2007, I want to know if there is a way to test whether Outlook Anywhere can run as expected on the other end of our peripheral network. In addition, I want to confirm that the automatic discovery service is correctly configured in the environment. Can you give me some advice?

A: Yes. You can test whether Outlook Anywhere is running normally. Two Microsoft employees, Shawn McGrath of the Exchange product team and Brad Hughes of the Product Support Service, created a Web-based tool called Exchange Server Remote Connectivity Analyzer (ExRCA ). You should use this toolFigure 1) As a prototype, but I have not encountered any program errors or abnormal behavior. This tool can perform Outlook 2007 automatic discovery and RPC/HTTP connectivity tests, as well as test whether Exchange ActiveSync and inbound SMTP mail flows run as expected. Although ExRCA is not currently supported by Microsoft, I strongly recommend using it to perform various remote connectivity tests on Exchange 2007.

Figure 1Exchange Server Remote Connectivity Analyzer start pageClick to get a larger image)

Q: Our organization uses Exchange Server 2007 and is currently planning to deploy the backup continuous replication (SCR. We want to prepare a second set of data for each mailbox database created on a non-cluster Exchange 2007 SP1 mailbox server in another site. We have read a lot of SCR information from the Exchange 2007 document on Microsoft Technet, but still have questions that cannot be answered: If the SCR target is activated, is the result the same as the-ConfigurationOnly parameter specified by Move-Mailbox and all user mailboxes in a specific Mailbox database? In other words, only the location of the Exchange Server in Active Directory is changed.

A: Since you use a non-clustered mailbox server, also known as an independent mailbox server, as the source SCR server, you are correct. Because you want to activate SCR copies on other servers, you need to use database portability. This means that the user mailbox in each mailbox database will change in the Exchange Server location in Active Directory.

If the source SCR server in the Exchange 2007 environment is based on the cluster continuous replication (CRS) or single copy cluster (SCC), and if the passive node is used as the SCR target in the Failover cluster, you can activate the SCR target with the same name, but the location of the Exchange Server in Active Directory is not changed.

Q: we have just completed the deployment of Exchange Server 2007 in our enterprise environment and want to know if we can configure six Exchange 2007 security groups when preparing a forest and a domain for the Exchange 2007 installation, created by the Exchange 2007 installer) Move to another organizational unit, not to the Microsoft Exchange Security Group OU created in the root domain.

A: Exchange 2000/2003 does not allow you to move an Exchange group to another OU in the forest, but Exchange 2007 does. You can see the six Exchange 2007 security groups created when preparing a forest for Exchange 2007, seeFigure 2) Has two unique attribute stamps. The first is a well-known GUID, and the second is a changeable distinguished name.

Figure 2Exchange Server 2007 Security GroupClick to get a larger image)

When the installer is running, the OtherWellKnownObjects attribute of the forest will add these two attributes separately, which ensures that Exchange can find a security group anywhere in the forest. Therefore, you can move the group to another domain in the forest at will! You can find other details in the ingenious Exchange 2007 permission: FAQ (technet.microsoft.com/bb310492) written by Ross Smith, which is included in the Exchange 2007 document on Microsoft TechNet.

Q: due to the reorganization in the Exchange 2007 message environment, we want to move the file sharing witness for each Exchange 2007 Cr mailbox server to another hub transport server. Can you provide some guidance on how to complete this operation in a supported way?

A: It is quite easy to move a file sharing witness from one Exchange 2007 hub transport server to another. You only need to follow the steps that have been followed by the configuration file sharing witness for the cluster mailbox server. The only difference is that you need to specify the server path. The corresponding steps are located in the "how to configure file sharing witness" section of the Exchange 2007 document on Microsoft TechNet, see technet.microsoft.com/bb124922 ).

By the way, you should know that if you use the CNAME record to point to your hub transport server during the configuration file sharing witness, the next task is to set the Fully Qualified Domain Name (FQDN) of the target host) to change the CNAME record to an alias, seeFigure 3).

Figure 3CNAME record pointing to the target host of the file sharing witnessClick to get a larger image)

However, remember that if you place the cluster nodes on another site, refer to msexchangeteam.com/archive/2008/04/03/448615.aspx for the site recovery Guide provided by the Exchange product team ). In general, the Exchange product team no longer recommends that you use CNAME records in the Exchange 2007 Geo-Cluster environment.

Q: We plan to improve the security settings of the Exchange 2007 message server in the Organization. Part of our security optimization plan is the volume of the encrypted Exchange database. We want to know whether we recommend or even support storing Exchange database files on a volume encrypted using an encrypted file system (EFS.

A: The answer is obviously no. Microsoft does not support placing Exchnage 2007 databases on EFS-based encrypted volumes. In fact,. edb,. log,. stm (Exchange 2000/2003),. dat,. eml, And. chk files do not support this approach. The main reason is that this type of encryption will produce additional system overhead, significantly affecting performance.

To further protect your Exchange 2007 data files, you should prevent unauthorized access to the Exchange computer and use the S/MIME Message format to encrypt message data. In addition, if you install Exchange 2007 on Windows Server 2008, consider using BitLocker to protect the volume.

Q: I just installed Exchange 2007 SP1 on a Windows Server 2008 Server that is also a domain controller. Because I do not use IPv6 in this environment, after installing Exchange 2007 SP1, I disable IPv6 under "network connection" and restart the server. When the connection is restored, the Exchange 2007 service cannot start any more. Error 214 recorded in application logs contains the following information:

Process MSEXCHANGEADTOPOLOGYSERVICE. EXE (PID = 1712). Topology discovery failed, error 0x80040a02 (DSC_E_NO_SUITABLE_CDC ).

A: I have read many reports about this situation. Although it is not appropriate to install any Exchange 2007 Server role on a Windows Server 2008 Server that also assumes the domain controller role, however, it should be fine to allow one or more Exchange 2007 server roles to run on the domain controller where IPv6 is disabled, especially in the test lab and elsewhere. The current solution is to re-enable IPv6 on the server. It is rumored that Exchange 2007 SP1 Rollup 4 will solve this problem.

Henrik WaltherIs a Microsoft certified Architect: Exchange 2007 and Exchange MVP, with more than 14 years of IT experience. He is a technical architect at Interprise Consulting, a Danish Microsoft infrastructure Gold partner, and is also a technical contributor to Biblioso Corporation, an American company specializing in document and localization services.

Original article address

Source: TechNet

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.