Exchange DAG Database Offline Copy

This is mainly about copying large database to remote site with limited WAN bandwidth. Typically this is needed when an organization require DR site for Exchange but the number of users and/or changes on Exchange environment are relativly small.
For instance, an organization with (1,000+) mailboxes has a (35) Mbps WAN link to one of their offices. However, they can only allocate (18) Mbps for Exchange replication. Although daily changes usually do not exceed (25) GB, which is okay with such WAN link, the initial seeding of the databases (2+) TB cannot be done over WAN link.

I have done this several times in the past few years, but recently while I was doing it for one of our clients I noticed there was no refernce for it on the net. I found something for Exchange 2010 which is close to the procedure I’m having here, but I believe the followin steps are more accurate.

The last time this is applied was on Windows Server 2016 Standard and Exchange 2016 Standard. Yet it was tested with Windows Server 2008R2, 2012, 2012R2, and 2016 along with Exchange Server 2013 and 2016 both Standard and Enterprise editions.

The procedure basically must done within limited timeframe, and it cannot be done when servers on primary site have limited disk space and rely mainly on backup to keep free space.
During the process, the backup appliction will not be able to reset any logs until the new copy at DR site is up and running by getting into sync and healthy status for all databases.
Please make sure to read the full procedure then setup your plan accordingly.

Preparing:
1. DAG already extended and the server at DR site is joined.
2. No database copies on DR site created yet.
3. Have external storage attached, ready, and accessible from database owner(s).
4. Schedule and announce downtime.
It is important to calculate the size of databases and amount of time it needs to be copied to external storage.
5. Initiate backup to reset logs, or easier, run following procedure directly before you start execution
https://as7ablog.com/kinan/?p=347

Execution:
a. Add database copies to the DR server using PowerShell preventing seeding of data

Add-MailboxDatabaseCopy -SeedingPostponed -MailboxServer ExchMBX-DR -Identity ExchDatabaseName

This will create the database folders on DR server without contents.
Repeat the above command for all databases, but only for one server at DR.
Do NOT create copy on other servers at DR.
b. Dismount the databases on owner servers. Dismount each database on its own server.
c. Copy databases and logs from owner server(s) to the external storage.
You may need to stop “Information Store” service to get proper access to all files.
d. Start “Information Sotre” service if you have stopped it, then mount databases back.
e. Ship the external storage to DR site, connect and access it from Exchange server.
f. Stop “Information Store” service on DR server.
g. Copy data from external storage to respective path for each database.
h. Start ” Information Store” service.
i. Run powershell command to resume and copy delta logs from main site

Resume-MailboxDatabaseCopy ExchDatabaseName\ExchMBX-DR

Repeat the above command for all databases in DR.
j. Be patient and keep monitoring the status until it get healthy.
k. Run backup again and verify if logs are being reset.

0

ADFS With Sophos XG Firewall

It’s basically simple process.
You may even use the Exchange ready-made firewall publishing policy as base for this one.
This is for SFOS 17.X

So, let’ move on:

1.      I assume you already have the SSL certificate installed properly on the XG box.

2.      Need to add the ADFS server to have a name under "Hosts andServices"

3.      Create new "Web Server" entry and use the host you added in step 1

4.      Create new protection policy with these settings:

a.       Set “Mode” to “Monitor”. You may use “Reject” if you’re concerned.

b.      Enable “Block clients with bad reputation”.

c.       Enable “Common threat filter”.

5.      Create new business rule with these settings:

a.       Hosted address “#Port2” assuming it’s the WAN port.

b.      Enable “HTTPS”.

c.       Select the SSL certificate, and add the URL under “Domains”.
For example “adfs.as7ablog.com”.

d.      Under “protected server(s)” select the ADFS server.

e.       Select the “Any IPv4” under “Access permission”.

f.        Select the protection policy you’ve created on step 4.

g.      Select the intrusion prevention policy if you like to.

h.      Enable "Pass host header"

0

Microsoft Teams Starts with White Page

If you search for this issue, you’ll find many results on the net regarding different reasons.

But, if you didn’t get into a result solving your case, you may need to check your user profile. If it’s not located on the default location or moved like I did in this article you’ll end up with above issue.

You can check this https://docs.microsoft.com/en-us/microsoftteams/known-issues for more details.

However, a workaround can be done by logging to another account that has the profile done properly, then copy the Teams folder from %userprofile%\AppData\Local\Microsoft to another location and create a shortcut for the Teams.exe file.
Although this will solve the startup issue as well as most of the functions, it won’t solve the download issue. Because the download folder is part of the profile.
So, you’ll need to right-click Downloads folder, select properties, and finally redirect the file location to the exact current location instead of using Symlink.

HTH some1,

0

Move Single User Profile to Another Location Manually

Yes,

There seems to be lack of such details on the Internet. All articles I came across were manipulating Windows registry in order to redirect the location of “C:\Users” folder.

Only this article mentioned the solution I wanted
https://www.easeus.com/pc-transfer/move-users-folder-to-another-drive-windows-10.html

Now, basically as it suggested, create a symbolic link of the folder. If you don’t know about symbolic links, please google it.
You’ll need to perform the following steps from another administrator account on the same computer, and make sure the targeted user is signed out, or even better you have fresh OS boot before you start these steps.

So first step is to create a new folder in the new location/path and assign the right permissions (usually full control for the profile owner, the system, and the local administrators group).

Second step, move all contents from old location to the new location. Probably you will not be able to move the symbolic links inside the profile’s folder. Don’t worry, we will re-create them.

Third step, rename the old profile folder (something like MyAccount ==> MyAccount.old).

Fourth step, create link to new location using the old name. To do that, open command line in elevated mode (click on start, type “cmd”, right click on “Command Prompt”, select “Run As Administrator”) and then execute the following command:
mklink /D “Name of old folder” “Full or relative path to new location and folder”
Example:
mklink /D “MyAccount” “E:\Encrypted Folder\MyNewProfileFolder”

Now, what is remaining is the symbolic links inside the profile by navigating to the new location, then execute the following commands based on path

Under Documents folder:
mklink /J “My Music” E:\Encrypted Folder\MyNewProfileFolder\Music
mklink /J “My Pictures” E:\Encrypted Folder\MyNewProfileFolder\Pictures
mklink /J “My Videos” E:\Encrypted Folder\MyNewProfileFolder\Videos

Under profile folder root:
mklink /J “Application Data” “E:\Encrypted Folder\MyNewProfileFolder\AppData\Roaming”
mklink /J “Cookies” “E:\Encrypted Folder\MyNewProfileFolder\AppData\Local\Microsoft\Windows\INetCookies”
mklink /J “Local Settings” “E:\Encrypted Folder\MyNewProfileFolder\AppData\Local”
mklink /J “My Documents” “E:\Encrypted Folder\MyNewProfileFolder\Documents”
mklink /J “NetHood” “E:\Encrypted Folder\MyNewProfileFolder\AppData\Roaming\Microsoft\Windows\Network Shortcuts”
mklink /J “PrintHood” “E:\Encrypted Folder\MyNewProfileFolder\AppData\Roaming\Microsoft\Windows\Printer Shortcuts”
mklink /J “Recent” “E:\Encrypted Folder\MyNewProfileFolder\AppData\Roaming\Microsoft\Windows\Recent”
mklink /J “SendTo” “E:\Encrypted Folder\MyNewProfileFolder\AppData\Roaming\Microsoft\Windows\SendTo”
mklink /J “Start Menu” “E:\Encrypted Folder\MyNewProfileFolder\AppData\Roaming\Microsoft\Windows\Start Menu”
mklink /J “Templates” “E:\Encrypted Folder\MyNewProfileFolder\AppData\Roaming\Microsoft\Windows\Templates”

Of course, you need to replace values as need on your computer.
HTH,

0

Exchange Comulative Update Failure

Hay,

During Exchange 2016 or Exchange 2013 server from one CU to another, you may run into strange set of errors.

Funny though, when you track those errors down you will probably end up removing OS patches and updates that actually needed and, even worse, that will not solve your issue.

I’m talkiing about tons of erros directly after the registry entries in the log file, something like:
Process execution failed with exit code 1072
and
Id=MailboxComponent___05b48d0df742416f87cbe69d27751979

Will, in my case, I had to do three things:

1. Re-confirm Schema, Forest, and Domain preparation is done using the “Setup” file from the CU I’m installing.
2. Un-install backup agent that is integrated with Exchange (in my case it was Veeam).
3. Run the setup time after time till it successfully completed. One server required (5) times, the other needed only (3).

Don’t forget to re-install the backup agent.

HTH some1

0