GRANIKOS

Nun ist es doch passiert. Seit dem 13. Oktober 2020 ist der Extended Support für Exchange Server 2010 endgültig beendet. Manche Exchange Administratoren werden dem Ende von Exchange Server 2010 nachtrauern. Als letzte Exchange Version alter Bauart, bot Sie eine MMC-basierte Verwaltungsoberfläche. Mit dem Nachfolger Exchange Server 2013 wurde die UI-basierte Verwaltung per Webbrowser und dem Exchange Admin Center Pflicht. Der Wegfall der der Exchange Management Console (EMC) wird noch heute als größtes Manko der modernen Exchange Versionen genannt. Exchange Server 2010 war der notwendige Zwischenschritt, um technologische Lösungen einzuführen, die uns noch heute in Exchange Server 2019 begegnen. manche Funktionen haben allerdings den Namen geändert. Welche Veränderungen brachte Exchange Server 2010? Moderne Hochverfügbarkeit Mit Exchange Server 2010 wurden die Datenbankverfügbarkeitsgruppen (DAG) eingeführt. Damit wurden die mit Exchange Server 2007 eingeführten Cluster-Varianten CCR, SCR und LCR bereits wieder ersetzt. Die Schwächen der 2007er Cluster-Varianten hatte Microsoft im Betrieb des BPOS-Clouddienstes kennengelernt. Sie skalierten nicht und boten keinen ausreichenden Schutz vor dem Ausfall mehrerer Systeme.   Shadow Redundancy Neben der verbesserten Hochverfügbarkeit in der Bereitstellung von Postfächern, fehlte eine funktionierende Hochverfügbarkeit ...

Für eine ausfallsicheren Betrieb der Azure AD Pass-Through Authentifizierung (PTA) ist der Betrieb von mehreren Authentifizierungsagenten empfohlen. Als Empfehlung gilt der Betrieb von mindestens drei PTA-Agenten. Nach dem Herunterladen und der Installation des PTA-Agenten kann die finale Registrierung bei Azure AS u.U. fehlschlagen. Dieses Problem tritt hauptsächlich in Netzwerkinfrastrukturen auf, in denen die Nutzung eines Proxy-Servers für ausgehenden Verbindungen zu den Microsoft 365 Endpunkte Pflicht ist. Die Gründe für einen Fehler bei der Registrierung sind entweder ein falsch konfigurierter Proxy oder fehlende Einträge in der Internet Explorer Zonenkonfiguration für die vertraute Websites. Wenn dieser Fehler in Ihrer Umgebung auftritt, empfehlen ich Ihnen, die Installation des PTA-Agenten und die Registrierung bei Azure AD in zwei getrennten Schritten durchzuführen. Um diese Schritte durchführen zu können, benötigen Sie ein Azure AD Benutzerkonto, das Mitglied der Rolle "Global Administrator" ist. Laden Sie zuerst den aktuellen Release des PTA-Agentern herunter: https://aka.ms/getauthagent Kopieren Sie die Installationsdatei auf den Server, auf dem der PTA-Agent betrieben werden soll Öffnen Sie ein administratives Kommandozeilenfenster und installieren Sie die Software im Silent-Modus ohne automatische Registrierung des Agenten: AADConnectAuthAgentSetup.exe REGISTERCONNECTOR="false" /q Öffnen Sie eine ...

I was involved in a troubleshooting request for a hybrid mail flow issue. Before I take a closer look at the issue, let's talk about the hybrid setup. Hybrid Setup A managed service provider runs separated on-premises Exchange Organizations for various clients. Also, the service provider runs it's own Exchange Organization in a hybrid setup with Exchange Online (EXO) utilizing centralized mail flow. Let's name the managed service provider Varunagroup, using the primary domain varunagroup.de. The on-premises IT-Infrastructure consists of the following email components: Centralized Third-Party Email Gateway Solution with two nodes TLS certificates in use mx01.varunagroup.de mx02.varunagroup.de   Varunagroup on-premises Exchange Organisation Hybrid setup with Exchange Online Hybrid mail flow using Edge Transport Servers TLS certificate in use smtpo365.varunagroup.de Centralized mail flow with EXO inbound connector configured by HCW  Tenant name: varunagroup.onmicrosoft.com Internet Send Connector with address space '*' uses the centralized Third-Party gateways as smart hosts    Multiple separated on-premises Exchange Organization hosted for SPLA-clients ...

I am honored to speak at TeamsFest 2020.  TeamsFest 2020 is a TeamsFest is a 100% free, 100% community-driven conference dedicated to Microsoft Teams. It aims to bring together exceptional technical talent and thought leaders to democratize knowledge about Microsoft Teams, encourage participation in the Microsoft Teams community, and give those who are struggling financially an opportunity to attend a first-class Teams conference. My session will cover the requirements for implementing an Exchange Hybrid configuration with Exchange Online when utilizing on-premises mailboxes with Microsoft Teams.   Date 7th October 08:00h - 18:30h (CEST)   Links TeamsFest 2020 Registration TeamsFest Overview and agenda   See you at TeamsFest 2020!    

Last updated: 2020-09-17   Problem The use of Exchange Edge Transport Servers requires the synchronization of user and configuration data from internal Exchange Servers to the Edge Transport Servers. The synchronization utilizes secure LDAP (EdgeSync) to transmit the data securely and is based on an Edge Subscription. When you create a new Edge Subscription on your internal Exchange Servers by importing the Edge Subscription XML-file, establishing the EdgeSync-connection might fail. You will find the following error in the application event log of the internal Exchange Server: Log Name: Application Source: MSExchange EdgeSync Event ID: 1035 Task Category: Synchronization Level: Error Keywords: Classic Description: EdgeSync failed to synchronize because it only supports Cryptographic API certificates. The local Hub Transport server's default certificate with thumbprint XYZ isn't a CAPI certificate. To set a CAPI certificate as the default certificate, use the Enable-ExchangeCertificate cmdlet with the Services parameter using the value of SMTP. When you encounter this error I recommend removing the Edge Subscription from the internal ...

Exchange Server uses Receive Connectors for providing SMTP endpoints for incoming connections. A modern Exchange Server provides a default connector on TCP port 25.  Sometimes you might have a requirement to create a new receive connector for selected incoming SMTP connections. A standard requirement is a receive connector for relaying messages to external recipients. This cannot (should not) be achieved using the default connector. Each connector uses the RemoteIPRanges attribute to store the list of IP addresses of remote systems that can connect to that connector. The default connector utilizes the full IPv4 and IPv6 addresses ranges. Your new receive connector requires at least a single IP address for a selected remote system that is supposed to connect to that receive connector. You can add a single IP address, address ranges, or IP addresses using CIDR notation. The attribute RemoteIPRanges is a multi-value attribute and has a limit of IP address entries that can be added.  The maximum number of address entries that you can add to that attribute varies. You can store approximately 1,300 entries. When you exceed the number of values you receive the ...

The Microsoft 365 Virtual Marathon took place on May 27-28 2020. The recording of my session "Exchange Hybrid - What, Why, and How" is available on YouTube.    Browse all recordings of the Microsoft 365 Virtual Marathon here: https://www.youtube.com/channel/UCrtmT6Ir1MIs0ZES7sKMmqA Enjoy!    

This is a post summarizing the configuration values for important Exchange-related Active Directory object attributes. Whenever you need to look up these values for troubleshooting, or editing the values manually. Note: You should not edit any of the values manually, just because you can. Edit any Exchange-related attributes, if you are familiar with the result of your changes.   RemoteRecipientType Attribute msExchRemoteRecipientType    1 ProvisionMailbox 2 ProvisionArchive (On-Premises Mailbox) 3 ProvisionMailbox, ProvisionArchive 4 Migrated (UserMailbox) 6 ProvisionArchive, Migrated ...

Microsoft 365 Groups are the backbone of various Microsoft 365 workloads. As you might know, each group utilizes a SharePoint site collection, and an Exchange shared mailbox. When you create a new Microsoft 365 group, SharePoint Online must store the associated site collection somewhere. SharePoint Online uses predefined paths to determine the storage location. These paths are called: Managed Paths. SharePoint Online uses two different pre-configured managed paths: /sites /teams With /sites as the default setting for the Microsoft 365 tenant. Whenever you create, e.g., a new team in Microsoft Teams, the associated site collection is stored in https://TENANTNAME.sharepoint.com/sites/TEAMNAME. As a SharePoint administrator, you see the site collection paths in the list of active sites in the SharePoint Admin Center.   But what can you do, if you want to store the associated site collections in the /teams managed path?   Changing the Managed Path The SharePoint Admin Center provides you with an option to change the managed path for sites, created by users.  Open the SharePoint Admin Center, navigate to Settings -> Site Creation.   Change the setting for Create team sites under to /teams/.   The description of this setting is misleading. ...

The Microsoft 365 Virtual Marathon is happening on May 27-28 2020. This is a free online event, providing you with 36 hours of non-stop sessions from speakers around the globe. You can join every time.  300+ Speakers 400+ Sessions Keynotes by Jeff Teper, Naomi Moneypenny, Bill Baer, Jon Levesque, Laurie Pottmeyer, and Michael Holste Sessions are primarily in Englisch, but there are session in six additional languages French, German, Japanese, Korean, Portuguese, and Spanish  Hashtag: #M365VM The virtual conference is a joint effort with SPC.   I speak at Microsoft 365 Virtual Marathon about: Exchange Hybrid - What, Why, and How Wednesday, May 27th 23:00h (CEST)   The marathon session plan is available here. Register now.   Link Register for Microsoft 365 Virtual Marathon   Enjoy!    

When you plan to implement an Exchange Hybrid Configuration between your on-premises Exchange Organization and Exchange online you have to choose between two variants and five operating modes. It is not as complicated as it sounds. I have written a blog post about the different options available.  The post is published in ENow's ESE blog. What are your Exchange Hybrid Options? Enjoy.    

Last updated: 2020-03-28 First posted: 2020-04-01 Once upon a time at an Exchange Conference near you, a member of the Exchange Product Group (PG) announced that the very last Exchange Server will go away when having an active Exchange hybrid setup. This was a hot topic for discussions at the Microsoft Exchange Conferences (MEC, @IamMEC) in 2012 and 2014, already. Since then the Exchange PG came up with a number of reasons why this is not possible. The question on when we will finally be able to remove the very last Exchange Server from the on-premises Exchange organization was asked every year at the Ignite Conference.    Current Situation Currently, the supported scenario for hybrid configurations between your on-premises Exchange organization and Exchange Online requires that you keep the last Exchange Server for creating, and managing Exchange related objects, even if those objects are located in Exchange Online.  The following diagram illustrates the current requirements: Domain Controller Servers, with the most recent Active Directory Schema Update for a supported Exchange Server version, and stored Exchange-extended AD objects. DirSync Server, with AAD Connect, synchronizing Exchange-extended AD objects stored in ...