One thing that I found is a bit frustruating the lack of documentation regarding Entourage connectivity to Exchange mailboxes in co-existence scenario.
The first challenge actually happened a few weeks when our team has deployed Exchange 2007 CAS farm to replace our existing Exchange 2003 FE. We found that by default when deploying CAS role, it will enable legacy virtual directories to support OWA for exchange 2003 mailboxes but not WebDAV to support Entourage. Thus, our team had to set it manually via GUI or ADSI IIS provider in powershell. Big thanks to Nathan Winters and his article to elaborate on this.
The second challenge came when a mailbox was migrated to Exchange 2007 CMS. Entourage 2004/2008 started to display "Unexpected Error (170)". My initial research kept pointing me to KB947802, however that was not the problem as I verified that HTTP protocol settings exist in AD. The actual solution to the error message ended up KB931350. It appears Entourage users must now enter a fully qualified URL to their mailbox https://domain.com/exchange/user@domain.com. This does not look too apealing at all. It's time to change the user docs!
Monday, February 18, 2008
Saturday, February 9, 2008
ActiveSync caveat in Exchange 2007 co-existence scenario
In Exchange 2003 FE/BE configuration, Active Sync default virtual directory authentication is set to basic. Admins have to rely to transport level security, such as IPSEC, to secure proxying credentials from frontends to backends.
By introducing CAS role as a replacement for FE, our group immediately ran into problems. The toughest problem was actually to set "Integrated Authentication" because ds2mb service will overwrite our attempt to set it in IIS snap-in. We found this KB, thanks to my co-worker, and that enabled us to set the correct authentication option.
By introducing CAS role as a replacement for FE, our group immediately ran into problems. The toughest problem was actually to set "Integrated Authentication" because ds2mb service will overwrite our attempt to set it in IIS snap-in. We found this KB, thanks to my co-worker, and that enabled us to set the correct authentication option.
Wednesday, February 6, 2008
Migration WorkShop: How do I set up Journaling?
I've only experimented with journaling in Exchange 2003, so I do not have too much experience with this. However, curiosity was killing me. In 2003 environment, journaling is enabled per mailbox store basis. The similar functionality is available in 2007 using standard Journaling:
Enable Journaling: Set-MailboxDatabase
Disable Journaling: Set-MailboxDatabase
If you want to find out more about premium Journaling, which requires enterprise CALs, then waltz over here.
Migration WorkShop: Can Exchange Security Groups be moved to another OU or Domain?
As the Microsoft White Paper, here, points out that the Exchange Universal Groups (USG) are added to otherWellKnownObjects AD mutli-valued attribute. This means that AD will maintain the location of the groups, their distinguished name. Therefore, it should be safe to move the groups to another OU or even another domain.
Subscribe to:
Posts (Atom)