Configuring URL Redirection in Exchange 2016

Introduction

Configuring URL redirection in Exchange 2016 is not a mandatory task that you need to perform once you’ve installed and configured your exchange 2016 server. It’s an optional configuration that you can configure to give your end users a facility to load Exchange 2016 OWA login page without remembering a complete URL of web emails. In this blog post we are going to configure Exchange 2016 URL redirection to facilitate our users to load web emails with HTTP protocol.

Once you install the new Cumulative Update to the server, it will revert the IIS configurations to default configuration and your redirection will not work. You have to reconfigure URL redirection in Exchange 2016 after you install CU update.

Configuring URL Redirection in Exchange 2016

We are going to redirect mail.msclou.com to https://mail.cloudtalks.com/owa. Configuring URL Redirection in Exchange 2016 requires you to perform the following steps in IIS.

  • Login to the Exchange Server with administrative privileges
  • Go to IIS Manager -> Default Web Site and select SSL Certificate to modify the settings. Uncheck the “Require SSL” option and click Apply. By default “Require SSL” is checked.

1

 

2

  • Navigate to “Exchange Back End” website in IIS. Select the SSL Certificate and click on edit. Uncheck “Require SSL” option from SSL settings. Click Apply to save the settings. By default “Require SSL” is checked.

3

 

4

  • Once we are done with SSL certificate settings, next step is to modify the “HTTP Redirect” settings. Navigate to “Default Web Site” and select “HTTP Redirect” from right side window and click on Edit
  • Enter the URL of your OWA virtual directory. In my case it’s https://mail.mscloudtalks.com/owa and check the option “Only redirect requests to content in this directory (not subdirectories)” and select the status code of 302 from drop down menu.

5

  • Now, navigate to all other virtual directories in “Default Web Site” and remove the option of “Redirect request to this destination”. This option will be applied to all sub virtual directories as they’re inhering the configuration information from root.
  • Under ECP virtual directory, make sure you modify the SSL setting to check the option of “Require SSL” for security purpose.

6

  • Redo the same for “Exchange Back End” website. Navigate to “Exchange Back End”. Select HTTP Redirect and click on modify and enter the URL https://mail.mscloudtalks.com/owa and select status code 302 from drop down menu. Make sure Only redirect requests to content in this directory (not subdirectories)” checkbox is selected.
  • Now, navigate to all other virtual directories in “Exchange Back End” and remove the option of “Redirect request to this destination”. This option will be applied to all sub virtual directories as they’re inhering the configuration information from root.
  • Under ECP virtual directory, make sure you modify the SSL setting to check the option of “Require SSL” for security purpose.

You need to modify these settings on all client access servers in your organization.

  • Restart the IIS service for changes to take place.

For more information on Exchange 2016, please go through the following blog posts.

Exchange 2013 Email Stuck in Draft

Recently I was troubleshooting an interesting mail flow issue where the users were not able to send or receive email. Apparently everything was working fine on Exchange server but users were not able to send or receive any email internally and externally. Customer did everything to troubleshoot the issue and even thought to setup a new exchange 2013 server and move services over to new server. You can imagine mail flow was broken for some reason. When i was being asked to troubleshoot the issue. I had a technical session with the customer to understand the problem in detail and i got a typical response.

Riaz whenever we had this issue, we restart exchange server 2 or 3 times and everything start working again.

Well, being a Consultant i was expecting such response. Anyhow, i asked the customer when they noticed this issue and they told me whenever we try to upgrade our Exchange server to latest CU, setup failed and we started to face this issue. I have discussed the issue of Exchange 2013 CU upgrade here.

When i started to troubleshoot the issue, i noticed that everything on Exchange server was working fine like services, ECP, EMS, OWA, Autodiscover, Outlookanywhere etc. I logged in to OWA as a normal user account and sent an email to internal and external recipient and email straight away went to Draft folder. This makes me think of why this email didn’t hit Exchange server. As you know in Exchange 2013 Mailbox Transport service and the Transport service work together to process messages sent by end users. Below diagram shows the process of mail flow in Exchange 2013.

Exchange 2013 Email Stuck in Draft

In Exchange, OWA automatically store a copy of message in Draft Folder when you compose an email. When you submit an email using OWA it’s being sent to Mailbox submit agent that process outbound message by giving it to Transport services running on mailbox server via SMTP connection. OWA keeps your message in Draft folder until it’s being successfully delivered.

Why Exchange 2013 email stuck in Draft? Well, there are few reasons that can cause this particular behavior with your exchange server. Few of those reasons are as below.

  • Transport or Mailbox transport service isn’t running on mailbox server hosting user mailbox
  • Problem with transport pipeline that prevents outbound message
  • Issue with DNS
  • Transport Service is in maintenance mode

When i started the troubleshooting of this issue, I did the basic Transport troubleshooting steps to verify transport services are running on exchange server and we don’t have any space issue or back pressure on transport queue that can cause this issue. Next step was to verify name resolution is working fine. To do so, we need to make sure that you have appropriate internal and external DNS binding is configured for your Exchange server. To verify your DNS binding, login to Exchange Admin Center and navigate to EAC>Servers>Select Server and click on Edit and go to DNS.

Exchange 2013 Email Stuck in Draft

You can also check your internal and external DNS server by running the EMS cmdlet. If you notice that external DNS is setup then make sure you can resolve names using external DNS. In my case, DNS was working fine.

Get-TransportServer | fl InternalDNSServers, ExternalDNSServers, Identity

2

Once you’ve verified that your DNS is setup properly. Next step is to verify that your Exchange transport services is working fine. Apparently if you look at your transport services in services.msc console you will see the services are running. To verify it’s not in maintenance mode, run the cmdlet Get-ServerComponentState and verify that all components are in “Active” state. If your components are “Inactive” then run the following cmdlet to bring them in active state. In my case, servercomponentstate was InActive.

5

Set-ServerComponentState -Identity “ServerName” -Component ServerWideOffline -State Active -Requester Maintenance

4

Rerun the cmdlet Get-ServerComponentState -Identity “ServerName” to verify all components are in Active State.

3

In my case, removing the transport service from Maintenance mode fixed the issue and all emails in Draft folder were being sent successfully. The reason why transport services were in maintenance mode because customer did an attempt to perform Exchange 2013 CU12 upgrade and whenever you perform your Exchange upgrade, it set the services in maintenance mode to avoid any interruption.

 

Exchange 2013 CU12 Upgrade Error: Retention Tag

Issue

Today I was working with one of my customer where i ran into an issue with Exchange 2013 CU update. Customer already had Exchange 2013 CU5 deployed and we were trying to install Exchange 2013 CU12. When we ran the Exchange 2013 CU12 setup, we got the following error message on first step of Exchange 2013 CU12 deployment.

Error:
The following error was generated when “$error.Clear();
$tagConstant = [Microsoft.Exchange.Management.SystemConfigurationTasks.RetentionPolicyTagConstant];
$rptNames = $tagConstant::PersonalOneYearMoveToArchive,`
$tagConstant::DefaultTwoYearMoveToArchive,`
$tagConstant::PersonalFiveYearMoveToArchive,`
$tagConstant::PersonalNeverMoveToArchive;
$rptTypes = ‘Personal’, ‘All’, ‘Personal’, ‘Personal’;
$rptMCs = ‘*’, ‘*’, ‘*’, ‘*’;
$rptAges = ‘365’, ‘730’, ‘1825’, ‘0’;
$tagGuidMap = $tagConstant::RetentionTagGuidMap;
for($i=0; $i -lt $rptNames.Length; $i++)
{
[Guid] $retentionId = $tagGuidMap[$rptNames[$i]];
$archiveRPT = Get-RetentionPolicyTag -IncludeSystemTags -DomainController $RoleDomainController | where {$_.Name -eq $rptNames[$i] -or $_.RetentionId -eq $retentionId};
if ( !$archiveRPT )
{
Write-ExchangeSetupLog -Info “Retention policy tag ‘$($rptNames[$i])’ does not exist, create new.”
if( $i -ne $rptNames.Length-1 )
{
new-RetentionPolicyTag -Name $rptNames[$i] -Type $rptTypes[$i] -SystemTag:$false -RetentionEnabled:$true -RetentionAction MoveToArchive -AgeLimitForRetention $rptAges[$i] -MessageClass $rptMCs[$i] -DomainController $RoleDomainController -RetentionId $retentionId;
}
else
{
new-RetentionPolicyTag -Name $rptNames[$i] -Type $rptTypes[$i] -SystemTag:$false -RetentionEnabled:$false -RetentionAction MoveToArchive -MessageClass $rptMCs[$i] -DomainController $RoleDomainController -RetentionId $retentionId;
}
}
else
{
if ( $archiveRPT.SystemTag -eq $true )
{
Write-ExchangeSetupLog -Info “Retention policy tag ‘$($rptNames[$i])’ exist and it is a system tag, set it to non-system tag.”
Set-RetentionPolicyTag -Identity $archiveRPT.Identity -SystemTag:$false;
}
}
}

$deleteRptNames = $tagConstant::OneWeekDelete,`
$tagConstant::OneMonthDelete,`
$tagConstant::SixMonthDelete,`
$tagConstant::OneYearDelete,`
$tagConstant::FiveYearDelete,`
$tagConstant::NeverDelete;
$deleteRptTypes = ‘Personal’, ‘Personal’, ‘Personal’, ‘Personal’, ‘Personal’, ‘Personal’;
$deleteRptMCs = ‘*’, ‘*’, ‘*’, ‘*’, ‘*’, ‘*’;
$deleteRptAges = ‘7’, ’30’, ‘180’, ‘365’, ‘1825’, ‘0’;
for($i=0; $i -lt $deleteRptNames.Length; $i++)
{
[Guid] $retentionId = $tagGuidMap[$deleteRptNames[$i]];
$deleteRPT = Get-RetentionPolicyTag -IncludeSystemTags -DomainController $RoleDomainController | where {$_.Name -eq $deleteRptNames[$i] -or $_.RetentionId -eq $retentionId};
if ( !$deleteRPT )
{
Write-ExchangeSetupLog -Info “Retention policy tag ‘$($deleteRptNames[$i])’ does not exist, create new.”
if( $i -ne $deleteRptNames.Length-1 )
{
new-RetentionPolicyTag -Name $deleteRptNames[$i] -Type $deleteRptTypes[$i] -SystemTag:$false -RetentionEnabled:$true -RetentionAction DeleteAndAllowRecovery -AgeLimitForRetention $deleteRptAges[$i] -MessageClass $deleteRptMCs[$i] -DomainController $RoleDomainController -RetentionId $retentionId;
}
else
{
new-RetentionPolicyTag -Name $deleteRptNames[$i] -Type $deleteRptTypes[$i] -SystemTag:$false -RetentionEnabled:$false -RetentionAction DeleteAndAllowRecovery -MessageClass $deleteRptMCs[$i] -DomainController $RoleDomainController -RetentionId $retentionId;
}
}
}

$dumpsterRPTName = $tagConstant::RecoverableItemsFourteenDaysMoveToArchive;
[Guid] $retentionId = $tagGuidMap[$dumpsterRPTName];
$dumpsterRPT = Get-RetentionPolicyTag -DomainController $RoleDomainController | where {$_.Name -eq $dumpsterRPTName -or $_.RetentionId -eq $retentionId};
if (!$dumpsterRPT)
{
New-RetentionPolicyTag -Name $dumpsterRPTName -Type RecoverableItems -RetentionAction MoveToArchive -AgeLimitForRetention 14 -DomainController $RoleDomainController -RetentionId $retentionId;
}
else
{
Write-ExchangeSetupLog -warning “Was not able to create new RecoverableItems tag because a tag with the name ‘$dumpsterRPTName’ already exists. Please run ‘new-RetentionPolicyTag -Type RecoverableItems’ to create a RecoverableItems tag.”
}

$policyName = [Microsoft.Exchange.Management.Common.RecipientConstants]::DefaultArchiveAndRetentionPolicyName;
$defaultArchivePolicy = Get-RetentionPolicy -DomainController $RoleDomainController | where {$_.Name -eq $policyName};
if ( !$defaultArchivePolicy )
{
Write-ExchangeSetupLog -Info “Retention policy ‘$($policyName)’ does not exist, create new.”
new-RetentionPolicy -Name $policyName -RetentionPolicyTagLinks $rptNames[0],$rptNames[1],$rptNames[2],$rptNames[3],$dumpsterRPTName,$deleteRptNames[0],$deleteRptNames[1],$deleteRptNames[2],$deleteRptNames[3],$deleteRptNames[4],$deleteRptNames[5]  -DomainController $RoleDomainController;
}
” was run: “Microsoft.Exchange.Configuration.Tasks.ManagementObjectNotFoundException: No retention policy tag with name ‘Default 2 year move to archive’ was found in the Active Directory.  Make sure the retention policy tag name is spelled correctly.
at Microsoft.Exchange.Configuration.Tasks.DataAccessTask`1.GetDataObject[TObject](IIdentityParameter id, IConfigDataProvider session, ObjectId rootID, OptionalIdentityData optionalData, Nullable`1 notFoundError, Nullable`1 multipleFoundError, ExchangeErrorCategory errorCategory)
at Microsoft.Exchange.Management.Tasks.NewRetentionPolicy.<InternalValidate>b__0(RetentionPolicyTagIdParameter x)
at System.Linq.Enumerable.WhereSelectArrayIterator`2.MoveNext()
at System.Linq.Enumerable.<DistinctIterator>d__81`1.MoveNext()
at System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext()
at System.Linq.Buffer`1..ctor(IEnumerable`1 source)
at System.Linq.Enumerable.ToArray[TSource](IEnumerable`1 source)
at Microsoft.Exchange.Management.Tasks.NewRetentionPolicy.InternalValidate()
at Microsoft.Exchange.Configuration.Tasks.Task.<ProcessRecord>b__b()
at Microsoft.Exchange.Configuration.Tasks.Task.InvokeRetryableFunc(String funcName, Action func, Boolean terminatePipelineIfFailed)”.

Solution

Looking at the error message we can see that exchange CU12 deployment was checking the default parameters of Exchange 2013 deployment and unable to find Retention policy with the name of “Default 2 year move to archive“. When i looked at Exchange 2013 Admin Center, we found that the policy tag is missing under retention tag.

The solution to this problem is to create a retention tag with the name of Default 2 year move to archive. Once the tag is created, make sure AD is replicated and then try again. It will fix your issue with CU12 deployment.

 

Configuring Exchange 2016 Edge Transport Server

Introduction

Once you have installed the Exchange 2016 Edge Transport Server. Next step is to configure your Edge Transport Server for Mail flow and other policies that you would like to implement to your Exchange organization. If you have not installed your Edge Transport Server yet, you can install the Exchange 2016 Edge Transport Server by following the steps mentioned here

Edge Transport Server Role is optional in Exchange 2016. It’s up to you to use Edge Transport Server Role for SMTP Mail flow or use 3rd party appliance from Barracuda, IronPort etc.

Configuring Exchange 2016 Edge Transport Server

Configuration of Exchange 2016 Edge Transport Server is based on Exchange Management Shell. Just Like Exchange 2013, Exchange 2016 Edge Transport Server do not have Graphical interface available.

Verify Edge Services

Before you start Edge Server configuration, test the edge transport server installation by running the Exchange Management Shell cmdlet Test-ServiceHealth Configuring Exchange 2016 Edge Transport Server  

  • Verify Transport Agents are enabled.

2  

  • You can disable or change the priority of any transport agent that you want. To disable a transport agent, run the EMS cmdlet Disable-TransportAgent -Identity “Agent Name”

You need to restart MSExchangeTransport Service whenever you disable or enable Transport Agent.

  • Verify Edge Transport server components state

3

  • Verify default Receive Connector on Edge server

45 Once you have verified Edge Transport Server. Next step is to create Edge Subscription.

Edge Subscription

  • To create Edge Transport Subscription, run the following cmdlet

6

Carefully Read the message before you confirm. Once the edge subscription is created with Mailbox Servers then your edge server will be managed via EdgeSync replication.

  • Copy the XML file from Edge Transport Server to your mailbox Server.
  • Run the following cmdlet on your mailbox server

7 Carefully read the warning message and make sure you have a local DNS entry and Port 50636 opened on your local LAN for Edge and Mailbox server.

  • Start the edge sync service from Services.MSC

This cmdlet completes the edge subscription setup for your Exchange 2016. Next Step is to verify the Edge Server subscription.

Verify Edge Subscription

  • To verify the edge subscription, run the following cmdlets

8 9

Configure the Internal SMTP Servers if you want to bypass any of your server from Edge Sender ID and Connection Filtering agent.

For more information on Exchange 2016. Please look at following topics.

Install Exchange 2016 Edge Transport server

Introduction

Edge Transport servers minimize the attack to your exchange organization by handling all Internet-facing mail flow. Edge Transport Server can be used to provide SMTP relay and smart host services for Exchange organization. Edge Transport role performs anti-spam filtering and applies security and email policies to messages in transport. Always Install Exchange 2016 Edge Transport server in the perimeter network and outside of the Active Directory forest.

Renaming a server after Edge Transport Role installation isn’t supported.

Install Exchange 2016 Edge Transport Server

Before we install Exchange 2016 edge Transport Server role make sure that the following pre-requisties are met for edge transport server.

Edge Transport Network Requirement

  • You have allowed port 25 traffic from Internet to your Edge Transport Server.
  • You have configured the Network ports between Edge Transport Server and Exchange 2016 Server. Network ports required for Edge Transport server to communicate with Exchange 2016 are as below.
    • Port 25 and 2525 for SMTP Mail flow
    • Port 53 for DNS Resolution
    • Port 3389 for Remote Desktop
    • Port 50389 for LDAP needs to be opened locally for LDAP binding
    • Port 50636 for Secure LDAP to provide directory synchronization from Mailbox servers to AD LDS

Edge Transport Installation

Follow the steps to install the edge transport server.

  • Login to Edge Transport Server as local Administrator
  • Set the Edge Server DNS Prefix by Navigating to My Computer –> Properties –> Click on Change under computer name, domain, workstation settings –> Under Computer Name, click on Change –> More –> and set the DNS Prefix. In my case it’s mscloudtalks.com. This process requires you to restart your computer

Install Exchange 2016 Edge Transport server

Install Exchange 2016 Edge Transport server

  • Configure NIC to set the DNS server to point to your local DNS server.

Edge Server Installation

  • Install AD LDS on Edge Transport Server Role by running the windows powershell cmdlet “Install-WindowsFeature ADLDS”

ADLDS

4

  • Install .Net Framework 4.5.2. If you’re using Windows Server 2012R2 then it’s already been installed.
  • Create “A” record in your DNS that point to Edge Transport Server.

IP

  • Run the Exchange 2016 Setup as Administrator. I always recommend to Check for Updates. If you don’t want to check select “Don’t Check for updates right now” and click next

1.1

 

  • Setup will start the process of copying Exchange files for installation.

1.2

  • Once the copy process is completed, Setup will start the initial setup preparation.

1.3

 

  • Once the initialization is completed. Exchange Setup will start, Click on Next to continue.

 

 

10

 

  • Read and accept the license agreement and click Next

11

 

  • Use Recommended Settings for Exchange to automatically check online for solutions when encountering errors and provide feedback to Microsoft and click Next.

12

 

  • Select Edge Transport Server Role and “Automatically Install Windows Server Roles and Feature that are required to install Exchange Server” check box and click Next

13

 

Edge Transport Server role cannot coexist with Mailbox Server Role.

  • Select the installation path, In my case i’m installing it in C Drive as it’s my test lab.

14

 

  • Once the “Readiness Checks” are completed, Click on Install

 

15

 

  • Exchange 2016 Edge Server Installation process will start. Wait for the 9 step installation to be completed before you can configure your Exchange 2016 Edge Transport Server.

16

  • Once the Edge Server installation is completed, click on Finish to complete the process.

20

 

Once the Edge Transport Server role Installation is completed, the next steps are to configure the Edge Server for Exchange 2016 Mail Flow and set the policies.

For more information on Exchange 2016. Please look at following topics.

 

1 2