Comments : 0

Automate Patch Management with WSUS

Posted by Vishal Vasu | Posted on 02-06-2009

Category : Microsoft Windows Server

Tags: , ,

Patching the Windows Operating System in an organization with multiple desktops and many flavors of operating systems is a mammoth task. It is vital for any Systems Administrator to ensure all systems are properly patched and updated to safe guard against virus, worms, and Trojans. The biggest challenge in running Windows Update on individual machines is the inconvenience of visiting each desktop and approving the updates manually. Moreover, the amount of bandwidth used at each desktop to download the updates is huge not to forget the lack of centralized reporting.

So why do we need a centralized patch management policy? Well, the answer is simple – the systems are prone to risks and threats when exposed to the Internet or medias like USB pen drives, wireless networks and devices, etc. We all, at some point, might have experienced or read about the havoc caused by Blaster or the Sasser worms. Today software vendors have stepped up the releases of emergency and critical updates in a formalized manner to encounter these threats. Microsoft’s Patch Tuesday is a good example that highlights that. To learn more about this program, click here.

WSUS from Microsoft is a boon to Network and System Administrators in this scenario. WSUS (Windows Server Update Services) is basically designed to run on a company’s network and automate the process of patching. This free product from Microsoft does a fair job of streamlining the overall patch management process of an organization with centralized reporting. For a Network or System Administrator it is just a simple task of installing the WSUS server on a system and then configures all Desktops to use the WSUS server for software updates. This can be easily achieved by creating a group policy and linking the policy to the correct OU using Group Policy Editor. The Desktops would automatically announce their current status to the WSUS server with details like which patches are needed to be installed, which patches have failed to install, which patches have been successfully installed, etc.

In a nutshell, WSUS seems to be a good product especially when there is no price tag attached to it and starting with WSUS 3.0 the reports have also improved over its predecessor.

Comments : 0

Moving Mailboxes from Exchange 2003 to Exchange 2007 SP1

Posted by Vishal Vasu | Posted on 15-05-2009

Category : Exchange Server

Tags: , ,

In the first part of this series, we discussed how to Install Exchange Server 2007 SP1 in a coexistence environment with Exchange 2003. For those who missed the article, they can view the same by clicking here.

Now that we have installed the Exchange Server 2007 SP1 in the organization, it’s time to move the user Mailboxes to Exchange 2007. Moving mailboxes is a very easy task and can be accomplished by using the Exchange Management Console or by using the PowerShell commands from command line. In this post I’m going to use the Exchange Management Console.

So, let’s open the Exchange Management Console and in the tree on the left, navigate to the Recipient Configuration and expand it. Under the node, select Mailbox.

Here we can see in the results pane that now we are able to see all the mailboxes that we have on our Exchange 2003 server and they are all marked as Legacy Mailboxes. This means that all the mailboxes are still on the Exchange 2003 Server and need to be moved to Exchange 2007.

In this example, we will move the Administrator mailbox. So we choose the account, right-click it and choose Move Mailbox.

The next screen provides us options as to where we want to move the mailbox and here we need to choose the mailbox database. I assume here that the Storage Groups and Mailbox Database are already created on Exchange Server 2007. If not, then that’s the first thing that you need to do.

 

In my example, I’m going to move the Administrator mailbox to the General Mailbox Database.

 

There now that we have selected the Mailbox Database, Exchange 2007 automatically appends it with the Server Name and the Storage Group. Click Next to proceed.

 

On the next screen we are presented with lot of options as what should be done if the Move Mailbox process encounters any errors or finds any corrupt messages in the mailbox. Either we can Skip the entire mailbox move or we can allow Exchange Server to move the mailbox and simply Skip the corrupted messages. Moreover, if we go ahead with that option, we can even define how many corrupted messages should be skipped before the Move Mailbox stops the process. Since, I would not like to skip any messages, I’ll choose “Skip the Mailbox” and move further.

 

Next we are presented with the scheduling screen which allows us to schedule the Move Mailbox process. This helps in particular when you are in a production environment with heavy traffic and want to schedule this unattended during off-peak hours. Moving mailboxes does not take much time and is entirely dependent on the number of items in the mailbox. Even in a production environment, while moving mailboxes, the user will hardly notice any issues and after moving the mailbox, the user may simply need to restart Outlook to get everything working again.

In the scheduling option, you can choose to move the mailboxes during off peak hours and also you have a choice to cancel the running task if the move mailbox task runs for certain hours. I’ll chose “Immediately” and move ahead in this example.

 

That’s the last screen that we see before we actually tell exchange to move the mail box. It allows you to do a quick round up of what we have selected and what options have been set. Once we have reviewed the options, click on “Move”.

While the mailbox is being moved, we can see the progress, the number of items found, the number of items moved, etc. If you select multiple mailboxes, note that by default Exchange 2007 moves only 4 mailboxes at a time. The remaining mailboxes will be shown as “Pending”.  Lot of checks are performed in the background by the Exchange Server during this process.

 

 

If all goes well, the final screen that we see is the confirmation showing us the status of the Move Mailbox process. Click on “Finish” to close the wizard. That’s it to Moving Mailboxes from Exchange 2003 to Exchange 2007.

Comments : 4

Installing Exchange Server 2007 SP1 on Windows Server 2008 for coexistence with Exchange Server 2003

Posted by Vishal Vasu | Posted on 09-05-2009

Category : Exchange Server, Microsoft Windows Server

Tags: , ,

In this article I’ve tried to explain how to install or upgrade an organization running on Exchange Server 2003 to Exchange Server 2007 SP1 on a Windows 2008 Server. In the next post I’ll be talking about some post install configurations and then after how to remove Exchange 2003 from the organization once everything is migrated to Exchange 2007.

There is no in-place upgrade supported with Exchange 2007 and so the only option is to upgrade to Exchange Server 2007 by adding it to the current Exchange 2003 organization and then moving all the resources from Exchange 2003 to Exchange 2007 and thereafter removing the Exchange 2003 Server. This means that we have no option but to perform a migration. So let’s get on with it.

Prerequisites

The first step is to prepare our new Windows 2008 server so that it is ready for Exchange Server 2007 installation. Please note that we are talking about the 64-bit version of Exchange Server 2007 SP1 as the 32-bit version is not supported in production environment.

We will need the following components installed before we proceed:

  • .Net Framework version 2.0 and 3.0
  • .Net Framework version 2.0 update or Service Pack 1
  • IIS 7 (various components)

 

  • Windows PowerShell
  •  
  • MMC -Microsoft Management Console 3.0 (installed by default so can be skipped)

The following components should not be installed (were required in Exchange 2003):

  • Network News Transfer Protocol (NNTP)
  • Simple Mail Transfer Protocol (SMTP)

Once we have installed the prerequisites, let’s proceed towards the installation.

Installation Process

We are going to install all Exchange Server Roles (HUB, CAS and MAILBOX) on one single box except for the Edge Transport Role. Let’s start by first preparing the Active Directory for Exchange 2007. Actually, the installer would do this automatically, but I like to perform this manually so that we can see what’s happening and understand it better. Here is what we will do before we run the installer of Exchange 2007:

  • Prepare the schema for legacy Exchange permissions. This is because we are migrating from Exchange 2003 in the current organization.
  • Prepare Schema
  • Prepare Active Directory
  • Prepare the Domain

The first thing that we do is to update the schema for legacy permissions. In order to do this we must login to the Domain Controller which is the Schema Master at the forest root and run the command from there.

Type Setup /PrepareLegacyExchangePermissions and press Enter.

 

This must be run as an Exchange Admin account and also ensure that you are in the local server’s Administrator group. The safest thing to do is to add the user account you are logged in with to the Enterprise Administrators Group, Schema Administrator Group and Domain Administrators Group. Also, the domain should be able to communicate with all other domains in the forest and we should all ample time for the replication to finish once this command is run.

Next, we will proceed towards updating the Schema from the Windows 2008 Server.  Type Setup /PrepareSchema and press Enter.

 

We can see that the task failed with an error on the server. This is because the Remote Server Administration Tools were not installed. We can do this using the GUI but I’ve used the command line. Type ServerManagerCmd -I RSAT-ADDS and press Enter.

 

Here we go, the Remote Server Administration Tools have been installed and we need to reboot our Windows 2008 server before proceeding further.

Once the server has rebooted, let’s try preparing the Schema once again. Type the command that we used earlier – Setup /PrepareSchema and press Enter.

 

This time the task completed without error. Let’s move on.

Type Setup /PrepareAD to proceed with the Active Directory preparation.

 

Once this is completed, move on with preparing the domain.

Type Setup /PrepareDomain and press Enter.
Note: this setup can be skipped if you do not have multiple domains within the forest.

 

Great, we are done with preparing our Active Directory for Exchange Server 2007 SP1 installation and now we can run the installer. If you have geographically dispersed domains, please allow enough time for replication to happen over the WAN links.

So, with the Active Directory now ready, we are ready to complete the installation. Start the setup. The first screen that we see is as under:

 

Since we have already taken care of the prerequisites, we can directly proceed to Step-4 i.e. Install Microsoft Exchange Server 2007 SP1. Click on it and we will be presented with the standard EULA.

 

Accept the License Agreement and click Next.

 

We now have a choice of a Typical Installation or a Custom Installation. Since I like to see what configuration options are available, I always tend to choose the Custom option. Also, for this example, we are going to install the Exchange server in the D: drive instead of the C: drive. You can change the path to your liking here. Once the selections are done, click Next.

The next screen allows us to choose which roles we want to install.

 

We will choose all the three main roles i.e. Mailbox Role, Client Access Role (CAS) and Hub Transport Role (HUB). I’m not choosing the Unified Messaging Role (UM) as I intend to do a separate article on this in the near future.

Once the selections have been done, click Next.

 

Here we go. The installer now prompts for the Mail Flow setting. Since we have an Exchange 2003 server we will need to browse and select the same so as to enable it as a Bridgehead server in the routing group. Once selected, click Next.

 

In the Readiness Check page, wait for all the readiness checks to complete and then click Install.

The installation process takes some time so it would be a good idea to sit back and relax over a cup of coffee. During the installation process, if we open up the System Manager on Exchange Server 2003, we will notice a new routing group.

 

Once the installation process completes, we now have a working environment of the new Exchange Server 2007 SP1. The process of installing Exchange 2007 on a Windows 2008 server is fairly simple.

To verify the installation, open the new Exchange Management Shell and type Get-ExchangeServer. A list of all Exchange 2007 server roles that we installed would be displayed. It is a good idea now to open up the Management Console of Exchange and run the Exchange Best Practices Analyzer. It will give a good idea about the deployment and would help in determining if the configuration has been done in accordance to the Microsoft best practices.

Next

  • Visitors Online

    • 01 visitor(s) online
    • powered by WassUp