Skype for Business Edge server deployment and Hybrid integration with Skype for Business Online

In the last Skype for Business post I have upgraded my Lync 2013 to Skype for Business (Click here to go to that post). in this article I am going to install Edge server for Skype for Business to the same Lync Environment where I have done the Upgrade to Skype for Business.

 

Configuring Edge Server

Setup NETBIOS

In order to configure Skype 4 Business Edge, we’ll have to change the Netbios to give it the name of our Domain but we won’t join it to the domain.

clip_image001[8]

clip_image002[8]

Setup NICs

Edge Server must have 2 NICs, one Local NIC will point out to the Front end server but must not have Default gateway so traffic can only flow through the DMZ out to the internet and back in. but still it must be able to ping to the FE from Edge and vice versa.

DMZ network can have 1 DMZ address (Public Address to be NATTED to) or 3 DMZ addresses for public IP addresses with standard HTTPS ports.

clip_image003[8]

clip_image004[8]

Configure Hostnames

Edit the Edge server’s host file to include Lync FE and DC’s IP addresses and Hostname

image

Install Prerequisites

  • Microsoft .Net Framework 3.5

clip_image001[10]

Now I will go back to Skype for Business FE server, I’ll launch the topology builder and add new Edge server

I will add the first Edge pool which contains of a single Edge server

clip_image002[10]

Next, you will have to choose if you want to enable federation with partners or other service providers …e.g. (Google)

clip_image003[10]

I am intending to use a single Public IP address with a different ports (nonstandard) since this is a lab. For production it’s recommended to use 3 public IP addresses for Access Edge, AV and WebConf services.

clip_image004[10]

Next I will choose the last option which says that the Edge pool is translated by NAT. I will configure my firewall to NAT ports to the Edge’s DMZ IP addresses from the Public so I am choosing this option.

clip_image005[8]

clip_image006[8]

This is the FQDN’s the default configuration .. It’ll only use a single FQDN for all services if you’re going to use a single public IP address with a different ports.

IMPORTANT NOTE

When you use a single IP address with a different ports, the Access Edge port will normally change to 5061 (Not 443 like in the _sip._tls.domain.com) SRV record which will cause failure if you forgot to change this port to match the one in your Topology’s Access Edge settings.

Next I’ll have to enter my Edge server’s Local IP address.

clip_image007[8]

clip_image008[8]

Next I will be asked to enter the DMZ’s IP address which the wizard calls (Private External IP address)

clip_image001[12]

Here I am going to place the NAT IP address which is my Public IP address.

clip_image002[12]

Next I’ll have to choose which Lync FE pool will be used as the next hop to the Edge pool. In this case I’ll be choosing my main pool since the second is only for resilience purpose.

clip_image003[12]

Then I’ll associate the mediation pool for Edge server for external media traffic. I can assign both in this case.

clip_image004[12]

Now I’ll click on Finish and right click on the Site name’s properties to enable the SIP federation and XMPP federation then Publish the topology.

clip_image005[10]

clip_image006[10]

clip_image007[10]

clip_image008[10]

Now I will setup Azure Active Directory Sync on my DC server in order to sync the required users for the test purpose.

My domain is adeo.local so I want to change the UPN for users to match the synced domain. (Adeo-office365.ga) and moh10ly.com

clip_image009[8]

Installing Azure Active Directory Sync

Now I will install the prerequisites which consist of the following

clip_image010[8]

Net framework 4.5.2 is required for AADS but it’s already installed on my server

clip_image011[8]

Next I will install Microsoft Online Service Sign in assistant

clip_image012[8]

Next I will install Azure AD Module

clip_image001[14]

Finally Azure AD Sync

clip_image002[14]

Before moving forward, I’ll have to go to the Office 365 portal and activate DirSync

clip_image003[14]

Then use a global admin credentials from O365.

clip_image004[14]

Adding the forest using an enterprise admin user account

clip_image005[12]

clip_image006[12]

Due to the fact that my domain adeo-office365.ga’s public dns host doesn’t have SRV configuration because it’s hosted by the famous free domain service (Freenom) so I’ll have to add my original domain moh10ly.com as Lync (S4B) requires SRV records to point to the on-premises lync.

clip_image007[12]

clip_image008[12]

clip_image001[16]

clip_image002[16]

clip_image003[16]

I will only sync one OU, so I will untick the Sync now box and click on Finish

clip_image004[16]

I will go to the following path

“C:Program FilesMicrosoft Azure AD SyncUIShell” and create a shortcut for the GUI application of AADS on the desktop

“C:Program FilesMicrosoft Azure AD SyncUIShellmiisclient.exe”

clip_image005[14]

To get this GUI app to work, you will have to sign out of your account and sign back in as your username will be added to the local administrators and have the authority to open it

Log off, log back in

clip_image006[14]

Next I will go to the connectors tab and double click on the ADDS connector (Adeo.local)

clip_image007[14]

I will go to the Configure Directory Partitions and under Credentials I’ll choose “Alternate credentials for this directory partition” then enter my on-premises AD Enterprise admin credentials

clip_image008[14]

I’ll click on Containers

clip_image001[18]

I’ll untick the DC=Adeo,Dc=Local box and only choose Dirsync OU then click OK and apply

clip_image002[18]

Before I start syncing my AD , I will go to Skype for Business Server and add my domain moh10ly.com as a SIP domain

clip_image003[18]

Next I am going to change the FQDN of the SIP access edge for public domain to moh10ly.com and the default port for the Access Edge to 443 and publish the topology

clip_image004[18]

clip_image005[16]

I needed to finally check if all my FE servers are replicating. So then I can move to Edge server to install Lync components

clip_image006[16]

On the Edge server, I’ll use ISO for Skype 4 business to install the setup

clip_image007[16]

clip_image008[16]

First thing I’ll install the local Configuration Store

I’ll click on Run and then I’ll be asked to import the configuration file which I’ll must export from Lync FE (Skype 4 b FE) server

clip_image009[10]

In this case, I’ll go to Lync FE and open Lync Management shell and enter the following Cmdlet

Export-CsConfiguration -FileName c:top.zip

clip_image010[10]

This cmdlet will export a file to the root C drive . I’ll copy this file to the edge server.

clip_image011[10]

I’ll click next to continue, this should start installing the local store

clip_image012[10]

clip_image013[8]

clip_image014[8]

Next I’ll request a certificate for Internal NIC For edge server

clip_image015[8]

clip_image016[8]

clip_image017[8]

I’ll take the CSR (Certificate sign request) code and get a certificate from my local CA

clip_image018[8]

I’ll open MMC and add Certificates console and import the PKCS certificate

clip_image001[20]

clip_image002[20]

After importing the certificate I’ll assign it to the internal NIC by clicking on Assign to the Edge Internal

clip_image003[20]

clip_image004[20]

clip_image005[18]

clip_image006[18]

Once we assign the certfiicate to the internal edge. The replication service for Edge and FE will start working

clip_image007[18]

Now I’ll import my Public Certificate to Edge Server’s DMZ NIC

I already imported my public certificate, now I’ll go to the S4B wizard and assign it there

clip_image008[18]

clip_image009[12]

Unlike IN lync 2013 when you Click on Start service in the Wizard all services start on their own but on Skype for business you ‘ll have to start the services manually by yourself.

clip_image010[12]

So Instead I used the service console to start the services.

Now I’ll go back to the FE And enable remote connectivity to Skype for Business from outside and make sure that replication works fine by checking the Topology or from cmdlet

clip_image011[12]

clip_image012[12]

clip_image013[10]

Setting up Hybrid integration with Skype online for Business (O365)

https://technet.microsoft.com/en-us/library/jj205126.aspx

https://technet.microsoft.com/en-us/library/jj204669.aspx

In order to allow Hybrid environment to function properly, we’ll have to federate our Skype for Business on-premises’s Edge server as microsoft says below

Federation allows users in your on-premises deployment to communicate with Office 365 users in your organization. To configure federation, run the following cmdlets in the Skype for Business Server Management Shell:

From <https://technet.microsoft.com/en-us/library/jj205126.aspx>

On the front end server, we’ll run the following CMDlet

Set-CSAccessEdgeConfiguration -AllowOutsideUsers 1 -AllowFederatedUsers 1 -UseDnsSrvRouting -EnablePartnerDiscovery $true

clip_image014[10]

Next cmdlet will create a new public federated provider for skype for business online.. However it already exists so we must delete it from control panel or the cmdlet will fail with the following message

clip_image015[10]

I’ll delete the hosted provider “Skype for Business Online”

clip_image016[10]

I’ll try the cmdlet again after deleting the provider ..

New-CSHostingProvider -Identity SkypeforBusinessOnline -ProxyFqdn “sipfed.online.lync.com” -Enabled $true -EnabledSharedAddressSpace $true -HostsOCSUsers $true -VerificationLevel UseSourceVerification -IsLocal $false -AutodiscoverUrl https://webdir.online.lync.com/Autodiscover/AutodiscoverService.svc/root

clip_image017[10]

Since it worked already, I will go back to the control panel and make sure it is enabled

clip_image018[10]

Next is : Configure your Skype for Business Online tenant for a shared SIP address space

Note:

To configure a shared SIP address space, establish a remote PowerShell session with Skype for Business Online, and then run the following cmdlet:

We’ll have to download skype for business online powershell

https://onedrive.live.com/redir?resid=82488EABA4ACDB15!38849&authkey=!AKW6Ln4Rkn6QuUI&ithint=file{308b10a016e19a1cd6a208cbc3961927e16fc6766a4020d3c4ef54ea17925f0f}2cexe

After launching the PowerShell module as an administrator I’ll run the following cmdlet

Import-Module SkypeOnlineConnector

clip_image019[8]

Now I’ll connect to my Office 365 tenant

clip_image020[8]

$cred = Get-Credential

$CSSession = New-CsOnlineSession -Credential $cred

Import-PSSession $CSSession -AllowClobber

clip_image021[8]

Now I’ll configure the shared sip address

Set-CsTenantFederationConfiguration -SharedSipAddressSpace $true

From <https://technet.microsoft.com/en-us/library/jj205126.aspx>

clip_image001[22]

To double check my configuration I will see if the SharedSipAddresSpace is enabled or not

Get-CsTenantFederationConfiguration

clip_image002[22]

To double check that the hybrid configuration is setup properly we can use the Skype for business on-premises Hybrid UI wizard from the Home Menu under “Connection to Skype for Business Online”

clip_image003[22]

Using the Skype for Business 2015 User interface to setup Hybrid configuration:

After you sign in it does automatically logs you in and configure the three following options

  1. Federation for the Edge server
  2. Federation with Office 365.
  3. Shared SIP address space.

clip_image004[22]

clip_image005[20]

Now I will configure my DNS Settings as recommended by Microsoft for the Hybrid Integration scenario

DNS Settings

When creating DNS SRV records for hybrid deployments, the records, _sipfederationtls._tcp.<domain> and _sip._tls.<domain>, should point to the on-premises Access Proxy.

From <https://technet.microsoft.com/en-us/library/jj205403.aspx>

  1. Update some DNS records to direct all SIP traffic to Skype for Business on-premises:
  • Update the lyncdiscover.contoso.com A record to point to the FQDN of the on-premises reverse proxy server.
  • Update the _sip._tls.contoso.com SRV record to resolve to the public IP or VIP address of the Access Edge service of Skype for Business on-premises.
  • Update the _sipfederationtls._tcp.contoso.com SRV record to resolve to the public IP or VIP address of the Access Edge service of Skype for Business on-premises.
  • If your organization uses split DNS (sometimes called “split-brain DNS”), make sure that users resolving names through the internal DNS zone are directed to the Front End Pool.

From <https://support.office.com/en-us/article/Configure-Skype-for-Business-Server-2015-Hybrid-b06ee805-4349-4519-82fb-b06ed57c0bd0>

According to Microsoft’s configuration of the Public DNS, you will have to configure only the SRV records to point to your edge server however, running a simple wireshark on your Skype for business client machine you can notice the following:

clip_image006[20]

Microsoft Lync / Skype client first requires the Lyncdiscover / Lyncdiscoverinternal record in order to see where the user is located… then gets redirected to webdir.online.lync.com which is the Cname value to the Lyncdiscover Cname in the public DNS and tries to login the user through Login.microsoftonline.com then finds no user there and logs in using the SRV eventually in the end as in the below snapshot which I’ve used Wireshark for to monitor the DNS traffic that the Lync Client requests upon login request.

clip_image007[20]

NOTE:

What have me confused here is that Microsoft says only SRV records must be pointing to your On-premises Lync/Skype for Business Edge server.. So you must enter something else other than SIP.domain.com (Which in normal cases might be the common name of your Edge certificate) for the value of the SRV Record since the SIP.domain.com and Lyncdiscover.domain.com must be pointing to Office 365.

I tried using the Public IP address of my Edge server just to check if my on-premises user will connect without any issue however I did have an issue with the Certificate saying “There was a problem verifying the certificate from the server”.

clip_image008[20]

Luckily the Public certificate that I had on my edge server had multiple SANs (Subject Alternative Names) and one of them was WAC.moh10ly.com which I was intending to use for the WAC Server (Office Web Apps Server) and then I created an A record on my public DNS WAC.moh10ly.com that points to my Edge server’s Public IP address…. although the Wac.moh10ly.com is not a common name but it worked and I was able to federate with Office 365 users and was able to move users from on-premises to office 365 and back to on-premises as demonstrated later in the article.

“When creating DNS SRV records for hybrid deployments, the records, _sipfederationtls._tcp.<domain> and _sip._tls.<domain>, should point to the on-premises Access Proxy.”

From <https://support.office.com/en-us/article/Configure-Skype-for-Business-Server-2015-Hybrid-b06ee805-4349-4519-82fb-b06ed57c0bd0>

clip_image009[14]

Now I have changed all the SRV records to direct to the new A record

clip_image010[14]

And finally deleted the A sip record and created a new CNAME record that points to sipdir.online.lync.com

clip_image011[14]

clip_image012[14]

I have already a user synced from my local AD to the cloud (office 365) that’s not enabled for Skype for business on-premises .. Once this user is synced and have been assigned a license it should be directly enabled for Skype for Business Online and I should be able to sign in to it without any issue.

Note:

In order for both users (homed online and On-premises) to see eachother’s presence the synced user must be enabled on the On-premises Server before moved to the cloud or else the presence and M will fail.

Time to test, I was able to sign in to the Online homed user (admin) and now I’ll be adding the on-premises homed user to the list to check the presence, IM ..etc

clip_image001[24]

Here I added the user admin to my other account Mohammed.hamada and vice versa.

clip_image002[24]

The Presence appears to be working fine for user homed on-premises as it shows when I changed it to “busy, be right back..etc” on the cloud user’s Client however the Office 365 homed user’s presence takes time to change on the on-premises user’s list and the IM doesn’t seem to work properly as messages sometimes doesn’t go through and fail.

Sending a message from the on-premises User (Mohammed Hamada) to (ADMIN)

clip_image003[24]

Now sending an IM from Admin to Mohammed Hamada

clip_image004[24]

To make sure that the issue is not within my on-premises server, I will use a different Skype for Business online account and see if IM work both ways.

This is my other user.. The presence information seems to work properly and now I’ll test the IM

clip_image005[22]

IM between my On-premises and another user on another Office 365 tenant seems to be working fine back and forth as in the below snapshots so the issue might be related to Office 365 tenant which I am using for this test (could be related to trial version)

I am going to open a case with MS and see why this issue happens since my on-premises work fine with other tenants.

clip_image006[22]

clip_image007[22]

Now It’s time to move users from and to cloud and on-premises to check how easy, flexible or hard this process is.

I currently have 2 users, one on cloud and one synced and homed online (Office365)

clip_image008[22]

In order to move users, you can go to Users tab after the hybrid config is finished and find the user you want to move then click on Actions and chose to move the users to the Skype for Business Online as in the below snapshot

Note:

Before you move the user to Office 365, you must assign license to the user or else the move will fail.

clip_image009[16]

clip_image010[16]

clip_image011[16]

clip_image012[16]

clip_image013[12]

You can move the user back from Office 365 to your on-premises Skype for Business server with the same process exactly except that you’ll have to choose which pool you need to move the user to.

Checking where the user is hosted from Skype for business Management shell

The Hosting Provider will show you where the user is working from now.

clip_image014[12]

clip_image015[12]

clip_image016[12]

Hope this has been helpful

References:

https://technet.microsoft.com/en-us/library/jj204967.aspx

https://technet.microsoft.com/en-us/library/jj205403.aspx

https://technet.microsoft.com/en-us/library/jj205126.aspx

https://technet.microsoft.com/en-us/library/jj204669.aspx

https://support.office.com/en-us/article/Configure-Skype-for-Business-Server-2015-Hybrid-b06ee805-4349-4519-82fb-b06ed57c0bd0

https://channel9.msdn.com/Events/Ignite/2015/BRK4129

Preparing, Installing and Configuring Exchange 2016 with DAG on Windows 2016


So Exchange 2016 preview version came on MSDN and I decided to give it a try along with the DAG …

Previously in Exchange 2013 I used to have an issue with the fast search on DAG as in some cases it used to stop and cause the original database and copy to report not healthy.

Here I wanted to Install exchange 2016 on new windows edition along with configuring DAG and observe the database’s indexing status.

So to start, I used the available Microsoft Technet related to Exchange 2016.

I’ll launch Powershell as adminsitrator an start by installing the requested software

Install-WindowsFeature RSAT-ADDS

From <https://technet.microsoft.com/en-us/library/bb691354{308b10a016e19a1cd6a208cbc3961927e16fc6766a4020d3c4ef54ea17925f0f}28v=exchg.160{308b10a016e19a1cd6a208cbc3961927e16fc6766a4020d3c4ef54ea17925f0f}29.aspx?f=255&MSPPError=-2147217396>

clip_image001

Windows 2012/2012R2

Install-WindowsFeature AS-HTTP-Activation, Desktop-Experience, NET-Framework-45-Features, RPC-over-HTTP-proxy, RSAT-Clustering, RSAT-Clustering-CmdInterface, RSAT-Clustering-Mgmt, RSAT-Clustering-PowerShell, Web-Mgmt-Console, WAS-Process-Model, Web-Asp-Net45, Web-Basic-Auth, Web-Client-Auth, Web-Digest-Auth, Web-Dir-Browsing, Web-Dyn-Compression, Web-Http-Errors, Web-Http-Logging, Web-Http-Redirect, Web-Http-Tracing, Web-ISAPI-Ext, Web-ISAPI-Filter, Web-Lgcy-Mgmt-Console, Web-Metabase, Web-Mgmt-Console, Web-Mgmt-Service, Web-Net-Ext45, Web-Request-Monitor, Web-Server, Web-Stat-Compression, Web-Static-Content, Web-Windows-Auth, Web-WMI, Windows-Identity-Foundation

From <https://technet.microsoft.com/en-us/library/bb691354{308b10a016e19a1cd6a208cbc3961927e16fc6766a4020d3c4ef54ea17925f0f}28v=exchg.160{308b10a016e19a1cd6a208cbc3961927e16fc6766a4020d3c4ef54ea17925f0f}29.aspx?f=255&MSPPError=-2147217396>

Windows 2016 (Windows Server)

Install-WindowsFeature Net-HTTP-Activation, Desktop-Experience, NET-Framework-45-Features, RPC-over-HTTP-proxy, RSAT-Clustering, RSAT-Clustering-CmdInterface, RSAT-Clustering-Mgmt, RSAT-Clustering-PowerShell, Web-Mgmt-Console, WAS-Process-Model, Web-Asp-Net45, Web-Basic-Auth, Web-Client-Auth, Web-Digest-Auth, Web-Dir-Browsing, Web-Dyn-Compression, Web-Http-Errors, Web-Http-Logging, Web-Http-Redirect, Web-Http-Tracing, Web-ISAPI-Ext, Web-ISAPI-Filter, Web-Lgcy-Mgmt-Console, Web-Metabase, Web-Mgmt-Console, Web-Mgmt-Service, Web-Net-Ext45, Web-Request-Monitor, Web-Server, Web-Stat-Compression, Web-Static-Content, Web-Windows-Auth, Web-WMI, Windows-Identity-Foundation

clip_image002


1- (Extending Schema)


Setup.exe /PrepareSchema /IAcceptExchangeServerLicenseTerms

From <https://technet.microsoft.com/en-us/library/bb125224(v=exchg.160).aspx#Step1>

clip_image003

2- (Preparing AD)


Setup.exe /PrepareAD /OrganizationName:”<organization name>” /IAcceptExchangeServerLicenseTerms

From <https://technet.microsoft.com/en-us/library/bb125224(v=exchg.160).aspx#Step1>
Setup.exe /PrepareAD /OrganizationName:TEST /IAcceptExchangeServerLicenseTerms

clip_image004

3- Prepare one domain in the forest or all domains


Setup.exe /PrepareDomain:<FQDN of the domain you want to prepare> /IAcceptExchangeServerLicenseTerms

From <https://technet.microsoft.com/en-us/library/bb125224(v=exchg.160).aspx#Step1>

clip_image005
 
To prepare all domains run the following cmd
 
Setup.exe /PrepareAllDomains /IAcceptExchangeServerLicenseTerms
 
From <https://technet.microsoft.com/en-us/library/bb125224(v=exchg.160).aspx#Step1>
 
Before moving on you will have to fulfill the Software Prerequisites which is attached below.. It’s the same as in Exchange 2013.
 
clip_image007
 
clip_image008
clip_image009
clip_image010
clip_image011
 
Now I will start the Exchange Installation from the Setup, You can follow the setup till the end as in the following screenshots:
 
clip_image001[4]
clip_image002[4]
clip_image003[4]
clip_image004[4]
clip_image005[4]
clip_image006
clip_image007[4]
clip_image008[4]
clip_image009[4]
clip_image010[4]
clip_image011[4]

Now I will create DAG and replicate DBs and notice FastSearch logs


Since this is a LAB and I only have 2 nodes (DAG must have an odd number for Failover), so I am going to use the DC server as my FSW (Which is highly not recommended for Production Environment).

In order for the FSW on DC to work, you will have to add your DC to the Exchange Trusted Subsystem group

clip_image001[6]

Here I added the DC as a member of the group

clip_image002[6]

Normally file server feature is already added to the server by default, but to make sure I’ll run the following command

clip_image003[6]

It’s already there

Now I’ll go back to Exchange servers and add a second NIC for Replication..

I usually rename each NIC so I know which is which, the default NIC belongs to the MAPI traffic and the other one is the replication NIC.

clip_image004[6]

I will configure the Replication NICs on both exchange servers to disable the “Register this connection’s addresses in DNS”

clip_image005[6]
clip_image006[4]

Checking ping between Exchange servers on the Replication NIC

clip_image007[6]

Now I will create the CNO Object (Cluster Name Object) in the Active directory for the DAG

clip_image008[6]
clip_image009[6]

I will disable the object

clip_image010[6]

Double click on the DAG object and go to Security tab and add Exchange servers

clip_image011[6]

Now configure the security for the Exchange members to full

clip_image012

Apply and close…

Now on the DC I will create the FSW’s folder and give it full permission to the Trusted Subsystem group and exchange servers

clip_image013
clip_image014

Click apply and go back to EAC and I’ll start configuring the DAG

clip_image015

Microsoft says that one of the enhancements that have been added to Exchange 2016 is that DatabaseAvailabilityGroupIpAddresses is no longer required when creating a DAG.

By default, the failover cluster will be created without an administrative access point, as this is the recommended best practice.

From <http://blogs.technet.com/b/exchange/archive/2015/05/05/exchange-server-2016-architecture.aspx>

So in this case we won’t need to assign any IP address to the DAG…

clip_image016

I’ll click on save and see what happens

clip_image017

Navigating to the administrators group on AD, The Exchange subsystem group is not added so I’ll add it.

clip_image018
clip_image019

Now I will add Exchange servers as members to the DAG

clip_image020
clip_image021
clip_image022

Upon adding the Exchange members to DAG I got the following error

A server-side database availability group administrative operation failed. Error The operation failed. CreateCluster errors may result from incorrectly configured static addresses. Error: Windows Failover Clustering isn’t installed on ‘EXCH2K16.test.com’.. [Server: EXCH2K16.test.com]
error
A server-side database availability group administrative operation failed. Error The operation failed. CreateCluster errors may result from incorrectly configured static addresses. Error: Windows Failover Clustering isn’t installed on ‘EXCH2k1602.test.com’.. [Server: EXCH2k1602.test.com]

clip_image023

So I checked the following,
1- Firewall
2- CNO’s security settings.

Error occurs due to firewall being enabled on the DC (Where the FSW is )

clip_image024

I disabled the firewall and gave full permission to the Exchange trusted system to the DAG object

clip_image025

After that I signed out of Exchange servers, signed back in.. Deleted DAG and recreated it… that didn’t work either

Tried using Exchange management shell but it didn’t work too

clip_image026
clip_image027

Checking the log coming in the description, I find out the log is complaining about not finding DAG while trying to resolve it.

clip_image028

Also the log says that it has installed Failover cluste rbut still the cluster can’t find FQDN called DAG.

So I will have to configure DAG in the dns and give it an IP of my first Exchange server

clip_image029
clip_image030

Checking DAG resolving from Exchange server

clip_image031

As the log says, restart is required after installing failover cluster so I’ll restart Exchange servers and then retry to add Exchange servers to the dag.

After restarting the server, It seems that things are working

clip_image032
clip_image033

The second server gave the following error


The Microsoft Exchange Replication service does not appear to be running on “EXCH2k1602”. Make sure that the server is operating, and that the services can be queried remotely.

Apparently the error is correct, After restarting the server it turned out that most of the second Exchange server’s services were not working..

To be honest I didn’t ask myself why did not the services started since I am using a preview version of Exchange 2016 and Windows as well so I manually started all the services.

clip_image034

Interestingly while checking services, I noticed new services e.g. (DAG Management, Compliance Audit, Notifications broker)

After starting the services, now I tried to add the second server again to the DAG.

clip_image035
clip_image036

So eventually, DAG doesn’t need an IP address but still a DNS value needs to be created for the NCO object and needs to have an IP assigned to it which will be the Exchange server IP address..

clip_image037

Next: I will add a database copy and see how it’s improved and do I need to restart the IS service as in Exchange 2013.

clip_image038
clip_image039

I will leave all the default values and add the second server for the database to be copied on. Unlike Exchange 2013 in most of the times the database would fail first and gives an error ..

In 2016 it starts directly seeding the database to the second Exchange server that’s member of the DAG.

clip_image040
clip_image041
clip_image042
 
On the second Server where the database has been copied to, I checked the Logs and Fastsearch was throwing errors as usual since database logs are not copied … as soon as the database logs finished copying the fastsearch will return ok and the database will appear as Healthy in EAC.
 
clip_image043

Fastsearch finally reported that indexing started on the newly copied DB.

clip_image044
The database copy should now report healthy in the EAC.
clip_image045
 
Hope you find this useful.
In the next article I will publish the Exchange server online to check the rest of the functionalities.

Export and import PST to Office 365 Exchange online mailboxes

Microsoft has launched a new feature that allows administrators to import PST to Exchange online directly through the portal.

 

In this article I’ll guide you through the steps of uploading one PST file and import it to a user’s mailbox. Although the steps are identical to Microsoft’s TechNet article but it’s more detailed and with screenshots. As I was personally reading and following the article at some point I got confused as to what which shared folder is the article speaking of and little tiny bits that are not detailed since Microsoft combines two methods in the same page “Ship data on Physical Drives and Upload files over the network”

 

So to achieve this, you’ll have to first sign in to your Office 365 portal. Open Exchange admin center and follow the below steps:

 

  1. Granting Permission

 

Grant your self-importing PST permission to users by navigating to Exchange admin center -> Permissions> Double click on Compliance Management

Under Roles: click on + and add Mailbox Import Export role

Click on + Under Members and add your user account

clip_image001[5]

 

2. `Copy Secure URL and secure storage account key

 

To get the Azure secure storage account key and URL you will have to go back to the Office 365 portal and then click on Import tab on the left pane

Then click on the Key sign below

 

clip_image002[4]

 

When you click on it, you will be able to retrieve the key and the URL by clicking on Copy Key and URL .

 

clip_image003[4]

 

The copy is pretty long and you’ll have to notice that sometimes you might get confused and copy only the appearing portion of it in the field… if you do so and copied that in the Azcopy command or Azure storage explorer you might get an error …

Here’s my Secure Storage account key that I am using on a trial version of Office 365.

 

KA9Z00rEYa1JlqGE4wO222MnsN5ywT0elOgLeNht/fSMIJPe2134hEChuuDJ5mfdknq8ts0+cez6uUvFzcQd6g==

 

The URL has an important part which you will be using in Azure Storage Explorer tool in order to login and browse your Tenant’s storage which you’ll use to upload PST to.

The URL will appear as following.. You will need to copy the part highlighted in bold

https://d49d7ae0e38a4d8e9c93565.blob.core.windows.net/ingestiondata/

 

You have to copy this in red in to the storage account name

d49d7ae0e38a4d8e9c93565

 

3. Copying PST files to Azure Folder using Azcopy command or Azure Storage Explorer (You can use Azure Storage Explorer too)

 

In order to upload PST files to Azure, you have two methods. The first is using Azcopy command which is pretty easy and straightforward (but still CMD dependent) or you can use the GUI Application which is Azure Storage explorer

To download azcopy, you can use the following link

 

http://az635501.vo.msecnd.net/azcopy-3-2-0/MicrosoftAzureStorageTools.msi

 

Or download them from the Import page as well under Resources:

 

clip_image004[4]

 

Once the tool is installed. Right click on it and open it as administrator

 

The following command will take all the files inside my local folder path C:UsersMohammedDesktopupload

It will create a folder in Azure’s default folder ingestiondata called “Server01/PSTshareR1/”

 

It will use the destkey that I have retrieved from Office 365 Import window. And will leave all the logs in your local drive c:PSTuploadUploadlog.log

 

AzCopy /Source:C:UsersMohammedDesktopupload /Dest:https://d49d7ae0e38a4d8e9c93565.blob.core.windows.net/ingestiondata/SERVER01/PSTshareR1/

/Destkey:KA9Z00rEYa1JlqGE4wO222MnsN5ywT0elOgLeNht/fSMIJPe2134hEChuuDJ5mfdknq8ts0+cez6uUvFzcQd6g== /S /V:C:PSTUploadUploadlog.log

 

clip_image005[4]

 

To make sure that files are uploaded. I will open Azure Storage Explorer 6 (Preview) and click Add Account on top

On add storage account window I will use the blob name that I have got from the URL earlier and storage secure key in the storage account key below and click on save.

 

clip_image006[4]

 

Once I click that I will get a list of directories .. The default directory which is used by Office 365 is the “Ingestiondata” folder .. There our files will be uploaded.

 

clip_image007[4]

 

https://azure.microsoft.com/en-us/documentation/articles/storage-use-azcopy/

 

4. Create CSV File to import PST

 

Assuming you have 150 PST files that you want to upload and import into users which already have been enabled on Exchange online … In order to do so you will have to prepare a CSV file that looks like the below sample

 

To provide an explanation of what each column stands for .. Microsoft has written a table that clears the dust but some parts were not even clear for me like the FilePath as in the TechNet article it gets you confused with the “Ship data on Physical hard drives” since it uses your drive to upload data directly to Azure through the Import tool on Office 365 portal.

 

image

 

From <https://technet.microsoft.com/library/ms.o365.cc.IngestionHelp.aspx?v=15.1.166.0&l=1&f=255&MSPPError=-2147217396>

Note:

The friendly path here is the path of the folder you have created in Azure through the Azcopy command

AzCopy /Source:C:UsersMohammedDesktopupload /Dest:https://d49d7ae0e38a4d8e9c93565.blob.core.windows.net/ingestiondata/SERVER01/PSTshareR1/

/Destkey:KA9Z00rEYa1JlqGE4wO222MnsN5ywT0elOgLeNht/fSMIJPe2134hEChuuDJ5mfdknq8ts0+cez6uUvFzcQd6g== /S /V:C:PSTUploadUploadlog.log

 

clip_image008[4]

 

So the CSV File is ready.

 

 

In Azure Storage Explorer I doubled check if the PST files has finished uploading and it’s there.

clip_image009[4]

 

5. Using the Upload Files over the network

 

Back to Office 365 portal, go to Import and click on the + Sign and select Upload files over the network

 

clip_image010[4]

 

Select I have access to the mapping file as well

 

clip_image011[4]

 

Click on + and upload the CSV file that you have prepared for the mapping

Next File is imported, Click on “By checking this box, you agree to the terms and conditions of this service.

 

clip_image012[4]

 

As soon as you accept and click next the Import is going to check path, email, folder and will start the import process.

 

clip_image013[4]

clip_image014[4]

 

Email before importing

 

clip_image015[4]

 

Imported started, folder has been created

 

clip_image016[4]

 

Importing is done

 

clip_image017[4]

clip_image018[4]

 

Importing is done

Reference

 

https://technet.microsoft.com/library/ms.o365.cc.IngestionHelp.aspx?v=15.1.166.0&l=1&f=255&MSPPError=-2147217396#BKMK_CreateAnewMappingtoupload

https://azure.microsoft.com/en-us/documentation/articles/storage-use-azcopy/

Windows 10 powershell’s Linux sudo apt-get install like CMDlet with Chocolately app

Windows 10 has arrived finally and with it came lot of new features, and one of my favorite new features is that you can finally install applications through powershell just like Linux OS’s terminal window command (apt-get install).

Although the command is still pretty new and lack many repositories where you can find and install applications from…. there’s already some people who are working on adding sources of applications which you can test initially before Microsoft asks product companies to start making their own repositories so Powershell can trust these sites and applications.

One of the sites that are working on providing Windows 10 with repositories is https://chocolatey.org/ which provides hundreds of softwares that can be installed through PS.

To install Chocolately repository simply do the following

Open powershell as an administrator and paste the following cmdlet

@powershell -NoProfile -ExecutionPolicy Bypass -Command “iex ((new-object net.webclient).DownloadString(‘https://chocolatey.org/install.ps1’))” && SET PATH={308b10a016e19a1cd6a208cbc3961927e16fc6766a4020d3c4ef54ea17925f0f}PATH{308b10a016e19a1cd6a208cbc3961927e16fc6766a4020d3c4ef54ea17925f0f};{308b10a016e19a1cd6a208cbc3961927e16fc6766a4020d3c4ef54ea17925f0f}ALLUSERSPROFILE{308b10a016e19a1cd6a208cbc3961927e16fc6766a4020d3c4ef54ea17925f0f}chocolateybin

clip_image001

Then this
iex ((new-object net.webclient).DownloadString(‘https://chocolatey.org/install.ps1’))

clip_image002

From
https://chocolatey.org/

As soon as you have installed chocolately, you will get a new huge list of applications that can be installed with a very simple and short cmdlet as in the below screenshots.

The good things about these cmdlets is it can be used to deploy an app for a huge number of clients by simply running the script through GPO or batch file.

I am going to install VLC and Google drive on my computer using these cmdlet …

Find-Package

clip_image003
clip_image004

Install-package

clip_image005
clip_image006
clip_image007

Checking if the app is really installed or not?

clip_image008

——————————————

Find and install google drive package

Downloading

clip_image009

Installing

clip_image010

clip_image011

If an application doesn’t install, how to troubleshoot it?

If for instance you were trying to install a package or app and that doesn’t work or get stuck then you can navigate to the Chocolately directory and delete any package that you tried to install but were suspended for any reason.

c:Chocolatelylib

clip_image012

You can simply delete the whole directory or the file that ends with extension .nupkg and try again to install…

clip_image013

Hope you find this useful

Exchange 2013 ECP (Admin Panel Page) Fails with 500 Unexpected error after running Hybrid Configuration Wizard with Office 365

Symptoms

After you attempt to try Hybrid Configuration Wizard between Exchange 2013 SP1 and Exchange online (Office 365) .. You are unable to login to your OWA/ECP Page and instead you get an error:

 

clip_image001

 

Once you look at your event viewer you notice it records the event ID 4 with the following error

 

clip_image002

 

Cause:

The HCW or “Hybrid Configuration Wizard” In Exchange 2013 (CU6 or 8) might cause some changes to your CAS folder in the following path and file

“c:Program FilesMicrosoftExchange ServerV15ClientAccessecpDDI”` the file name is RemoteDomains.xaml and multiply some variables which causes ECP to fail and report that error.

 

Error:

Current user: ‘Domain.local/User’

Request for URL ‘https://ex2k1301.Domain.local:444/ecp/default.aspx(https://mail.Domain.com/ecp/)‘ failed with the following error:

System.Web.HttpUnhandledException (0x80004005): Exception of type ‘System.Web.HttpUnhandledException’ was thrown. —> System.Reflection.TargetInvocationException: Exception has been thrown by the target of an invocation. —> System.Data.DuplicateNameException: A column named ‘TargetDeliveryDomain’ already belongs to this DataTable.

at System.Data.DataColumnCollection.RegisterColumnName(String name, DataColumn column)

at System.Data.DataColumnCollection.BaseAdd(DataColumn column)

at System.Data.DataColumnCollection.AddAt(Int32 index, DataColumn column)

at Microsoft.Exchange.Management.DDIService.AutomatedDataHandlerBase.CreateColumn(DataTable table, Dictionary`2 rbacMetaData)

at Microsoft.Exchange.Management.DDIService.AutomatedDataHandlerBase..ctor(Service profileBuilder)

at Microsoft.Exchange.Management.DDIService.AutomatedDataHandlerBase..ctor(String schemaFilesInstallPath, String schema)

at Microsoft.Exchange.Management.DDIService.WSListDataHandler..ctor(String schemaFilesInstallPath, String resourceName, String workflowName, DDIParameters parameters, SortOptions sortOptions)

at Microsoft.Exchange.Management.DDIService.DDIServiceHelper.GetListCommon(DDIParameters filter, SortOptions sort, Boolean forGetProgress)

— End of inner exception stack trace —

at System.RuntimeMethodHandle.InvokeMethod(Object target, Object[] arguments, Signature sig, Boolean constructor)

at System.Reflection.RuntimeMethodInfo.UnsafeInvokeInternal(Object obj, Object[] parameters, Object[] arguments)

at System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)

at Microsoft.Exchange.Management.ControlPanel.WebServiceReference.GetList(DDIParameters filter, SortOptions sort)

at Microsoft.Exchange.Management.ControlPanel.OrganizationCache.LoadTargetDeliveryDomain(AddValueHandler addValue, LogErrorHandler logError)

at Microsoft.Exchange.Management.ControlPanel.OrganizationCache.TryGetValue[T](String key, T& value)

at Microsoft.Exchange.Management.ControlPanel._Default.RenderMetroTopNav()

at ASP.default_aspx.__RendermainForm(HtmlTextWriter __w, Control parameterContainer)

at System.Web.UI.Control.RenderChildrenInternal(HtmlTextWriter writer, ICollection children)

at System.Web.UI.HtmlControls.HtmlForm.RenderChildren(HtmlTextWriter writer)

at System.Web.UI.HtmlControls.HtmlContainerControl.Render(HtmlTextWriter writer)

at System.Web.UI.Control.RenderControlInternal(HtmlTextWriter writer, ControlAdapter adapter)

at ASP.default_aspx.__Render__control1(HtmlTextWriter __w, Control parameterContainer)

at System.Web.UI.Control.RenderChildrenInternal(HtmlTextWriter writer, ICollection children)

at System.Web.UI.Page.Render(HtmlTextWriter writer)

at System.Web.UI.Control.RenderControlInternal(HtmlTextWriter writer, ControlAdapter adapter)

at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)

at System.Web.UI.Page.HandleError(Exception e)

at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)

at System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)

at System.Web.UI.Page.ProcessRequest()

at System.Web.UI.Page.ProcessRequest(HttpContext context)

at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()

at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)

at System.Web.UI.Page.HandleError(Exception e)

at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)

at System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)

at System.Web.UI.Page.ProcessRequest()

at System.Web.UI.Page.ProcessRequest(HttpContext context)

at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()

at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)

System.Reflection.TargetInvocationException: Exception has been thrown by the target of an invocation. —> System.Data.DuplicateNameException: A column named ‘TargetDeliveryDomain’ already belongs to this DataTable.

at System.Data.DataColumnCollection.RegisterColumnName(String name, DataColumn column)

at System.Data.DataColumnCollection.BaseAdd(DataColumn column)

at System.Data.DataColumnCollection.AddAt(Int32 index, DataColumn column)

at Microsoft.Exchange.Management.DDIService.AutomatedDataHandlerBase.CreateColumn(DataTable table, Dictionary`2 rbacMetaData)

at Microsoft.Exchange.Management.DDIService.AutomatedDataHandlerBase..ctor(Service profileBuilder)

at Microsoft.Exchange.Management.DDIService.AutomatedDataHandlerBase..ctor(String schemaFilesInstallPath, String schema)

at Microsoft.Exchange.Management.DDIService.WSListDataHandler..ctor(String schemaFilesInstallPath, String resourceName, String workflowName, DDIParameters parameters, SortOptions sortOptions)

at Microsoft.Exchange.Management.DDIService.DDIServiceHelper.GetListCommon(DDIParameters filter, SortOptions sort, Boolean forGetProgress)

— End of inner exception stack trace —

at System.RuntimeMethodHandle.InvokeMethod(Object target, Object[] arguments, Signature sig, Boolean constructor)

at System.Reflection.RuntimeMethodInfo.UnsafeInvokeInternal(Object obj, Object[] parameters, Object[] arguments)

at System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)

at Microsoft.Exchange.Management.ControlPanel.WebServiceReference.GetList(DDIParameters filter, SortOptions sort)

at Microsoft.Exchange.Management.ControlPanel.OrganizationCache.LoadTargetDeliveryDomain(AddValueHandler addValue, LogErrorHandler logError)

at Microsoft.Exchange.Management.ControlPanel.OrganizationCache.TryGetValue[T](String key, T& value)

at Microsoft.Exchange.Management.ControlPanel._Default.RenderMetroTopNav()

at ASP.default_aspx.__RendermainForm(HtmlTextWriter __w, Control parameterContainer)

at System.Web.UI.Control.RenderChildrenInternal(HtmlTextWriter writer, ICollection children)

at System.Web.UI.HtmlControls.HtmlForm.RenderChildren(HtmlTextWriter writer)

at System.Web.UI.HtmlControls.HtmlContainerControl.Render(HtmlTextWriter writer)

at System.Web.UI.Control.RenderControlInternal(HtmlTextWriter writer, ControlAdapter adapter)

at ASP.default_aspx.__Render__control1(HtmlTextWriter __w, Control parameterContainer)

at System.Web.UI.Control.RenderChildrenInternal(HtmlTextWriter writer, ICollection children)

at System.Web.UI.Page.Render(HtmlTextWriter writer)

at System.Web.UI.Control.RenderControlInternal(HtmlTextWriter writer, ControlAdapter adapter)

at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)

at System.RuntimeMethodHandle.InvokeMethod(Object target, Object[] arguments, Signature sig, Boolean constructor)

at System.Reflection.RuntimeMethodInfo.UnsafeInvokeInternal(Object obj, Object[] parameters, Object[] arguments)

at System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)

at Microsoft.Exchange.Management.ControlPanel.WebServiceReference.GetList(DDIParameters filter, SortOptions sort)

at Microsoft.Exchange.Management.ControlPanel.OrganizationCache.LoadTargetDeliveryDomain(AddValueHandler addValue, LogErrorHandler logError)

at Microsoft.Exchange.Management.ControlPanel.OrganizationCache.TryGetValue[T](String key, T& value)

at Microsoft.Exchange.Management.ControlPanel._Default.RenderMetroTopNav()

at ASP.default_aspx.__RendermainForm(HtmlTextWriter __w, Control parameterContainer)

at System.Web.UI.Control.RenderChildrenInternal(HtmlTextWriter writer, ICollection children)

at System.Web.UI.HtmlControls.HtmlForm.RenderChildren(HtmlTextWriter writer)

at System.Web.UI.HtmlControls.HtmlContainerControl.Render(HtmlTextWriter writer)

at System.Web.UI.Control.RenderControlInternal(HtmlTextWriter writer, ControlAdapter adapter)

at ASP.default_aspx.__Render__control1(HtmlTextWriter __w, Control parameterContainer)

at System.Web.UI.Control.RenderChildrenInternal(HtmlTextWriter writer, ICollection children)

at System.Web.UI.Page.Render(HtmlTextWriter writer)

at System.Web.UI.Control.RenderControlInternal(HtmlTextWriter writer, ControlAdapter adapter)

at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)

System.Data.DuplicateNameException: A column named ‘TargetDeliveryDomain’ already belongs to this DataTable.

at System.Data.DataColumnCollection.RegisterColumnName(String name, DataColumn column)

at System.Data.DataColumnCollection.BaseAdd(DataColumn column)

at System.Data.DataColumnCollection.AddAt(Int32 index, DataColumn column)

at Microsoft.Exchange.Management.DDIService.AutomatedDataHandlerBase.CreateColumn(DataTable table, Dictionary`2 rbacMetaData)

at Microsoft.Exchange.Management.DDIService.AutomatedDataHandlerBase..ctor(Service profileBuilder)

at Microsoft.Exchange.Management.DDIService.AutomatedDataHandlerBase..ctor(String schemaFilesInstallPath, String schema)

at Microsoft.Exchange.Management.DDIService.WSListDataHandler..ctor(String schemaFilesInstallPath, String resourceName, String workflowName, DDIParameters parameters, SortOptions sortOptions)

at Microsoft.Exchange.Management.DDIService.DDIServiceHelper.GetListCommon(DDIParameters filter, SortOptions sort, Boolean forGetProgress)

at System.Data.DataColumnCollection.RegisterColumnName(String name, DataColumn column)

at System.Data.DataColumnCollection.BaseAdd(DataColumn column)

at System.Data.DataColumnCollection.AddAt(Int32 index, DataColumn column)

at Microsoft.Exchange.Management.DDIService.AutomatedDataHandlerBase.CreateColumn(DataTable table, Dictionary`2 rbacMetaData)

at Microsoft.Exchange.Management.DDIService.AutomatedDataHandlerBase..ctor(Service profileBuilder)

at Microsoft.Exchange.Management.DDIService.AutomatedDataHandlerBase..ctor(String schemaFilesInstallPath, String schema)

at Microsoft.Exchange.Management.DDIService.WSListDataHandler..ctor(String schemaFilesInstallPath, String resourceName, String workflowName, DDIParameters parameters, SortOptions sortOptions)

at Microsoft.Exchange.Management.DDIService.DDIServiceHelper.GetListCommon(DDIParameters filter, SortOptions sort, Boolean forGetProgress)

Flight info: Features:[[Global.DistributedKeyManagement, False],[Global.GlobalCriminalCompliance, False],[Global.MultiTenancy, False],[Global.WindowsLiveID, False],[Eac.AllowMailboxArchiveOnlyMigration, True],[Eac.AllowRemoteOnboardingMovesOnly, False],[Eac.BulkPermissionAddRemove, True],[Eac.CmdletLogging, True],[Eac.CrossPremiseMigration, False],[Eac.DevicePolicyMgmtUI, False],[Eac.DiscoveryDocIdHint, False],[Eac.DiscoveryPFSearch, False],[Eac.DiscoverySearchStats, False],[Eac.DlpFingerprint, False],[Eac.EACClientAccessRulesEnabled, False],[Eac.GeminiShell, False],[Eac.ManageMailboxAuditing, False],[Eac.ModernGroups, False],[Eac.Office365DIcon, False],[Eac.OrgIdADSeverSettings, False],[Eac.RemoteDomain, False],[Eac.UCCAuditReports, False],[Eac.UCCPermissions, False],[Eac.UnifiedAuditPolicy, False],[Eac.UnifiedComplianceCenter, False],[Eac.UnifiedPolicy, False],[Eac.UnlistedServices, False],], Flights:[], Constraints:[[LOC, EN-US],[MACHINE, EX2K1301],[MODE, ENTERPRISE],[PROCESS, W3WP],[USER, Username(EditeD)@],[USERTYPE, BUSINESS],], IsGlobalSnapshot: False

 

Solution:

Looking in the path I have wrote above “MicrosoftExchange ServerV15ClientAccessecpDDI” and opening the file that I have mentioned “RemoteDomains.xaml” you can clearly see there are incorrect format that have been duplicated 3 times.

clip_image003

To make sure that this was the cause, I have another server with CU8 on it so I went and checked the same file which was in the same location to find the result different.

This is the server that works in another environment and doesn’t have any issue.

clip_image004

So, the solution was to remove the two duplicates and correct the format of the variable line… I corrected the first line that includes

<Variable DataObjectName=”RemoteDomain” Name=”TargetDeliveryDomain” Type=”{x:Type s:Boolean}” />

And deleted the other two identical lines.. then I saved the file and closed notepad.

clip_image005

Next: Open IIS on the same server and go to “Application Pools” right click on the affected pools and Recycle them.. You don’t need to reset IIS as the fix should work right away.

Recycle ECP Pool

clip_image006

After recycling checking if the pool is reporting started or not…

clip_image007

Next I open ECP and it works without an issue

clip_image008

 

Hope this helps Winking smile