Archive

Archive for July, 2012

Microsoft Exchange 2013 Preview Installation Step by Step Video

July 25, 2012 15 comments

Hi Guys, Smile in this article I have step down the Exchange 2013 preview installation process…

 

Introduction

Microsoft Exchange 2013 preview consists only 2 roles, name as Client Access Server Role and Mailbox Server Role

New Feature in Exchange Server 2013


  1. Only Client Access Server role and Mailbox Server role is included with the new release.
  2. New customized Outlook 2013 and Outlook Web App (OWA) user interface.
  3. Users can offline access for OWA.
  4. No more Centralized administrator console (EMC), all the administration is done through new web based Exchange Administration Center and Exchange PowerShell (V 3.0).
  5. Data loss prevention capabilities that can be integrated in to Transport Rules.
  6. Improvement to HA features.
  7. Public folders are now stored in the Database and can take advantage of HA.

    Client Access Server Role


    Responsible to accept all the traffic coming from all clients such as Microsoft Office Outlook, Web App, Mobile Devices and ect. and deliver mails to other mail hosts in the internet.

    CAS only perform authentication, redirection and proxy services, there is no interpretation done by the CAS role. Connections to the Client Access server are stateless which means that there is no need to maintain affinity between a client and an individual Client Access server for subsequent connections because all data processing and transformation occurs on the Mailbox server. Because of this change Exchange 2013 preview requires Layer 4 load balancing, Layer 4 load balancing is protocol-unaware and balances traffic based on IP address and TCP/UDP port. 

    http://networksandservers.blogspot.com/2011/03/balancing-iii.html 

     

    Mailbox Server Role


    Stores mailbox data and perform processing for various client connections. You can make this role HA with DAG (Database Availability Group).

    It is possible to install Exchange 2013 preview on one or more Active Directory sites but you must install at least one mailbox server and client access server or server which consist both server roles. Many functions in Exchange 2013 Preview, such as client connectivity and the Exchange Administration Center, won’t work until both Mailbox and Client Access servers are installed in an Active Directory site.

    Mailbox servers house the mailbox data for the organization and perform data rendering and other operations. Mailbox servers can be grouped into back-end clusters which consist of database availability groups (DAG). Mailbox servers perform the following functions:

    • Host mailbox databases.
    • Provide email storage.
    • Host public folder databases.
    • Calculate email address policies.
    • Conduct multi-mailbox searches.
    • Provide high availability and site resiliency.
    • Provide messaging records management and retention policies.
    • Handle connectivity because clients don’t connect directly to the Mailbox servers.
    • Provide all core Exchange functionality for a given mailbox where that mailbox’s              database is currently activated.
    • Fails over mailbox access when a database fails over.

     

    Step 1 : Identify Exchange 2013 Preview System Requirement


    Please refer the below Microsoft KB Link

    http://technet.microsoft.com/library/aa996719(EXCHG.150)

     

    Step 2 : Active Directory Preparation for Exchange 2013 Preview


    If your active directory environment resides on Microsoft Windows server 2008 R2 you have to install below software’s,

    I’m installing Exchange Server 2013 Preview on Windows Server 2012 Server so I do not need to install mentioned software’s… Smile

     

    Click below link to access the Video Tutorial

    video_icon

    Active Directory Preparation for Exchange 2013 Preview – Video DEMO

     

    Step 3 : Install Exchange Server 2013


    Click below link to access the Video Tutorial

    video_icon

    Exchange 2013 Preview Installation Step By Step – Video DEMO

    System Prerequisites for Mailbox Server or Mailbox/Client Access Server (combined):

    First, on the computer you are going to install Exchange Server 2013, run the following commands (PowerShell) to install the required Roles and Features:

     

    Windows Server 2012:

    Install-WindowsFeature AS-HTTP-Activation, Desktop-Experience, NET-Framework-45-Features, RPC-over-HTTP-proxy, RSAT-Clustering, Web-Mgmt-Console, WAS-Process-Model, Web-Asp-Net45, Web-Basic-Auth, Web-Client-Auth, Web-Digest-Auth, Web-Dir-Browsing, Web-Dyn-Compression, Web-Http-Errors, Web-Http-Logging, Web-Http-Redirect, Web-Http-Tracing, Web-ISAPI-Ext, Web-ISAPI-Filter, Web-Lgcy-Mgmt-Console, Web-Metabase, Web-Mgmt-Console, Web-Mgmt-Service, Web-Net-Ext45, Web-Request-Monitor, Web-Server, Web-Stat-Compression, Web-Static-Content, Web-Windows-Auth, Web-WMI, Windows-Identity-Foundation

     

    For Windows Server 2008 R2:

    Add-WindowsFeature Desktop-Experience, NET-Framework, NET-HTTP-Activation, RPC-over-HTTP-proxy, RSAT-Clustering, RSAT-Web-Server, WAS-Process-Model, Web-Asp-Net, Web-Basic-Auth, Web-Client-Auth, Web-Digest-Auth, Web-Dir-Browsing, Web-Dyn-Compression, Web-Http-Errors, Web-Http-Logging, Web-Http-Redirect, Web-Http-Tracing, Web-ISAPI-Ext, Web-ISAPI-Filter, Web-Lgcy-Mgmt-Console, Web-Metabase, Web-Mgmt-Console, Web-Mgmt-Service, Web-Net-Ext, Web-Request-Monitor, Web-Server, Web-Stat-Compression, Web-Static-Content, Web-Windows-Auth, Web-WMI

     

    After you’ve installed the operating system roles and features, install the following software in the order shown:

     

    Windows Server 2012 Windows Server 2008 R2
    Microsoft Unified Communications Managed API 4.0, Core Runtime 64-bit Microsoft .NET Framework 4.5 RC
    Microsoft Office 2010 Filter Pack 64 bit Windows Management Framework 3.0
    Microsoft Office 2010 Filter Pack SP1 64 bit Microsoft Unified Communications Managed API 4.0, Core Runtime 64-bit
      Microsoft Office 2010 Filter Pack 64 bit
      Microsoft Office 2010 Filter Pack SP1 64 bit
      Microsoft Knowledge Base article KB974405 (Windows Identity Foundation)
      Knowledge Base article KB2619234 (Enable the Association Cookie/GUID that is used by RPC over HTTP to also be used at the RPC layer in Windows 7 and in Windows Server 2008 R2)
      Knowledge Base article KB2533623 (Insecure library loading could allow remote code execution)

     

    If you are installing Exchange 2013 on Windows Server 2008 R2 you have to do below additional steps

    Register ASP.NET with .NET Framework 4.5 in Internet Information Services (IIS)   This must be done after you’ve completed the process described earlier in “Uninstall Microsoft Visual C++ 11 Beta Redistributable (x64)”, but before you run Exchange 2013 Preview Setup. To register ASP.NET with .NET Framework 4.5 in IIS, do the following:

    1. Open a Windows Command Prompt.
    2. Run the following command:
      %SystemDrive%\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_regiis.exe -ir –enable

    IISReset

    In my next post I will show you how to use Exchange Server 2013 Administration Panel…. Smile 

    Categories: Exchange

    Disable Single Sign On ~~ Convert the federation domain to a standard domain with the PS:cmdlets and Reverse the domain federated authentication settings for the Office 365 accounts.

    July 14, 2012 19 comments

    office365 Logo

    Hi Guys, Smile

    Below article provides you step by step guide how to convert the federation domain to standard domain with the PS cmdlets and reverse the domain federated authentication settings for the O365 accounts.

    When you configure Single Sign On also known as identity federation with O365 you convert an existing domain from Standard Authentication to Federated Authentication, when you do this the users who are associated with the federated domain can no longer access O365 directly. 

    You may have different requirements to covert your domain from Federated Authentication to Standard Authentication. As you can see there are some easy steps to be followed,

     

    Log in to your ADFS server and open Online Services Module for Windows PowerShell and enter below shell command,

    $cred=Get-Credential 

    clip_image002

    Once you are prompted with a Windows PowerShell Credential Request enter an Admin Username and Password

    clip_image004

    Once the credentials are validated enter below shell command, the purpose of entering this to connect to Microsoft Online Service with stored credentials

    Connect-MsolServices – Credential $cred

    clip_image006

    In this command, the placeholder <AD FS 2.0 server name> represents the name of the primary AD FS 2.0 server.

    Set-MsolADFSContext –Computer <AD FS 2.0 server name>

    clip_image008

    It is time to convert your domain from From Federated to Standard Authentication, enter below Shell command, This command removes the Rely Party Trust information from the Office 365 authentication system federation service and the on-premises AD FS 2.0 federation service. The -PasswordFile parameter indicates the path of the text file that contains the newly created temporary password of each formerly federated user’s account.

    Convert-MSOLDomainToStandard –DomainName <federated domain name> –SkipUserConversion:$true -PasswordFile c:\userpasswords.txt

    clip_image010

    Here we go… Smile we just finished the conversion.. now you are good to go… in the below steps I will guide you how to reset the authentication setting for the domain and for each user account to use standard authentication with O365.

    Set-MSOLDomainAuthentication -Authentication Managed -DomainName <federated domain name>

    image

    For this demonstration I will get Susan Baker user name (Directory Synched) to run the below command,

    image

    For the string value you have enter the username with UPN

    Convert-MSOLFederatedUser -UserPrincipalName <string>

    image

     

    So once the conversion done this will provide the user name and temporary password as above. Now you can go to Microsoft Online Portal and enter the converted username and temp password as below, and follow other instructions in the screen previews,

     

    image

    image

    image

    image

    Categories: Office365

    Installing and Configuring Active Directory Federation Services for use with Single Sign On and Directory Synchronization– OFFICE365

    July 12, 2012 14 comments

    office365

    Hi Guys… Below article deliver very clear installation configuration steps you need to carry out during the Active Directory Federation process in Office 365. For your reference I have attached some error screenshots which may occur during the installation. Smile

    Before configure Active Directory Federation Services you have to consider below requirement,

    Each on-premises active directory user that will be synchronized online must have user principal name suffix which matched the domain which will be federated.

    Create New New Host Record (A or AAA)

    The purpose of creating this Host record in side the internal DNS server because we need to tell to the system that if applicant inside the corporate network will need to resolve in someway sts.valakulu.net will need to point not outside the organization but to the ADFS sever.

    image

     

    Create new Domain Certificate

    image

     

    image

     

    image

     

    image

     

    image

     

    image

     

    image

     

    Install and Configure ADFS 2.0 Setup

    You can download ADFS 2.0 using below URL. I think most of you guys might think we don’t we install ADFS role which binds to Windows Server 2008 R2 roles section. The reason for that is to achieve the required milestones in this activity you need to have ADFS 2.0, Windows Server 2008 and 2008 R2 have ADFS 1.1 version.

    http://www.microsoft.com/en-us/download/details.aspx?id=10909

     

    image

     

    image

     

    image

     

    image

     

    image

     

    image

     

    Once the installation done, click AD FS 2.0 Federation server configuration wizard link and continue according to the below instructions.

     

    image

     

    image

     

    image

     

    image

     

    image

     

    image

     

    image

     

    image

     

    Add and Verify federated domain in O365

    To download the Microsoft Online Services Sing in In Assistant log in to Microsoft Online Portal using admin credentials.

    image

    Admin overview –> downloads –> how to manually install updates –> Download Microsoft Online Services Sign in assistant 64 bit version.

     

    Install Microsoft Online services sign in assistant setup

    image

     

    image

     

    image

     

    Install Microsoft Online services module for windows PowerShell

    Log in to O365 portal using an admin account –> Users –> Single Sign on Setup –> Install Microsoft Online services module for windows PowerShell –> Download 64bit version (This will very according to your requirement)

     

    image

     

    Installation steps…

    image

     

    image

     

    image

     

    image

     

    image

     

    Add a Federated Domain

    Complete federation via PowerShell

    Command

    Description

    $Cred=Get-Credentials

    This will prompt for O365 credentials and store them in a variable

    Connect-MsolService –Credetial $cred

    Connect to O365 using stored credentials

    Set-MSOLAdfscontext –Computer <AD FS 2.0 Primary Server>

    Specify the local AD FS 2.0 Server

    Convert-MSOLDomainToFederated-Domainname <Domain.com>

    Convert the standard local domain to an identity federated domain

    Get-MSOLFederationProperty

    Show Identity federation properties.

    My suggestion is to use the PowerShell on the ADFS server because this will avoid potential problems related to the firewall connectivity and so on…

    The third command which I mentioned in the table should use if you run the PowerShell command not on the ADFS server. That is why strongly recommend install and run PowerShell command directly on the ADFS server.

    image

     

    Enter the user credentials you would use to sign in to Microsoft Online Services. This is your user name created for Microsoft Online Services Management. If you do not have your Microsoft Online Account Information, you need to obtain those credentials before continuing.

     

    image

     

    Here you will connect to online service and pass the previously stored credentials right in to the command by referencing the $cred variable.

     

    image

     

    Note : I need to highlight one thing for your information if you already add your domain name to the cloud you do not need to enter the below command. When you enter the below PowerShell command you will get an error saying as “The domain already exists as a standard authentication domain”.

    You have to use the Convert Convert-MSOLDomainToFederated-Domainname <Domain.com> PowerShell command.

     

    image

     

    image

    Get and verify Identity federation properties

    Review the Microsoft Federation gateway settings. Here you are reviewing to see if the federation you have created was successful.

    image

    PS C:\Users\administrator.VALAKULU\Desktop> Get-MsolFederationProperty

    cmdlet Get-MsolFederationProperty at command pipeline position 1

    Supply values for the following parameters:

    DomainName: valakulu.net

    Source : ADFS ServerActiveClientSignInUrl : https://sts.valakulu.net/adfs/services/trust/2005/usernamemixed

    FederationServiceDisplayName : sts.valakulu.net

    FederationServiceIdentifier : http://sts.valakulu.net/adfs/services/trust

    FederationMetadataUrl : https://sts.valakulu.net/adfs/services/trust/mex

    PassiveClientSignInUrl : https://sts.valakulu.net/adfs/ls/

    PassiveClientSignOutUrl : https://sts.valakulu.net/adfs/ls/

    TokenSigningCertificate : [Subject] CN=ADFS Signing – sts.valakulu.net

    [Issuer]

    CN=ADFS Signing – sts.valakulu.net

    [Serial Number]

    16CC28999316649B4EC8A91A7F6468C9

    [Not Before]

    7/6/2012 11:30:26 AM

    [Not After]

    7/6/2013 11:30:26 AM

    [Thumbprint]

    3A9922C5F140F7A08F7E19FA563F0A298B38E1FE

    NextTokenSigningCertificate :

    PreferredAuthenticationProtocol :

    Source : Microsoft Office 365

    ActiveClientSignInUrl : https://sts.valakulu.net/adfs/services/trust/

    2005/usernamemixed

    FederationServiceDisplayName : sts.valakulu.net

    FederationServiceIdentifier : http://sts.valakulu.net/adfs/services/trust

    FederationMetadataUrl : https://sts.valakulu.net/adfs/services/trust/

    mex

    PassiveClientSignInUrl : https://sts.valakulu.net/adfs/ls/

    PassiveClientSignOutUrl : https://sts.valakulu.net/adfs/ls/

    TokenSigningCertificate : [Subject]

    CN=ADFS Signing – sts.valakulu.net

    [Issuer]

    CN=ADFS Signing – sts.valakulu.net

    [Serial Number]

    16CC28999316649B4EC8A91A7F6468C9

    [Not Before]

    7/6/2012 11:30:26 AM

    [Not After]

    7/6/2013 11:30:26 AM

    [Thumbprint]

    3A9922C5F140F7A08F7E19FA563F0A298B38E1FE

    NextTokenSigningCertificate :

    PreferredAuthenticationProtocol : WsFed

    Active Directory Synchronization

    DirSync Enable Coexistence

    • Provisions objects in Office 365 with same email addresses as the objects in the on-premises environment.
    • Provides unified Global Address List experience between on premises and O365.
    • Enables mail routing between on premises s and office 365 with a shared domain namespace.
    • Enables application coexistence for Microsoft Lync.
    • Enable Exchange coexistence scenario. (Simple and hybrid scenario).

    DirSync Enables Single Sign-On

    Enables “run state” administration and management of users, contacts and groups.

    Login to O365 admin portal using an admin account –> Users –> Active Directory Synchronization –> Setup

     

    image

     

    image

     

    image

    Note: Directory synchronization will take about 1-3 hours to replicate.

    Install Directory Synchronization Tool

    image

     

    image

     

    image

     

    image

     

    Synchronize Active Directory

    image

     

    Enter Microsoft Online Credentials.

    image

     

    You may get below error if you do not activate directory sync in Microsoft Online Portal.

     

    image

     

    Enter On-premises admin username and password

     

    image

     

    image

     

    image

     

    image

     

    image

     

    image

     

    Below you will see synced user with different icon…

     

    image

    If you want the changes made to the user account in the local active directory immediately synchronized with the O365 (Cloud), navigate to Directory Sync sever Microsoft Online Directory Sync folder. This will be performed by running a PowerShell script.

    C:\Program Files\Microsoft Online Directory Sync

    image

    Here we go…. we have just finished Configuring Active Directory Federation Service for Office 365. Now you good to go with online sync… Hope this post will useful for you guys.. Smile

    Categories: Office365