Sunday, August 30, 2015

Active Manager In Exchange Server 2013 (PAM and SAM) Primary and Stand-By.

Hello Today I am going to Give you Explanation of Active Manager

Microsoft Exchange Server 2013 includes a component called Active Manager that manages the high availability platform that includes the database availability group (DAG) and mailbox database copies. Active Manager runs inside the Microsoft Exchange Replication service (MSExchangeRepl.exe) on all Mailbox servers. On Mailbox servers that aren't members of a DAG, there is a single Active Manager role: Standalone Active Manager. On servers that are members of a DAG, there are two Active Manager roles: Primary Active Manager (PAM) and Standby Active Manager (SAM). PAM is the Active Manager role in a DAG that decides which copies will be active and passive. PAM is responsible for getting topology change notifications and reacting to server failures. The DAG member that holds the PAM role is always the member that currently owns the cluster quorum resource (default cluster group). If the server that owns the cluster quorum resource fails, the PAM role automatically moves to a surviving server that takes ownership of the cluster quorum resource. In addition, if you need to take the server that hosts the cluster quorum resource offline for maintenance or an upgrade, you must first move the PAM to another server in the DAG. The PAM controls all movement of the active designations between a database's copies. (Only one copy can be active at any specified time, and that copy may be mounted or dismounted.) The PAM also performs the functions of the SAM role on the local system (detecting local database and local Information Store failures).
The SAM provides information on which server hosts the active copy of a mailbox database to other components of Exchange that are running an Active Manager client component (for example, Client Access or Transport services). The SAM detects failures of local databases and the local Information Store. It reacts to failures by asking the PAM to initiate a failover (if the database is replicated). A SAM doesn't determine the target of failover, nor does it update a database's location state in the PAM. It will access the active database copy location state to answer queries for the active copy of the database that it receives.

NoteNote:
Exchange 2013 isn't a clustered application. Instead, it uses the cluster library functions implemented in clusapi.dll for cluster, group, cluster network (heartbeating), node management, cluster registry, and a few control code functions. In addition, Active Manager stores current mailbox database information (for example, active and passive data, and mounted data) in the cluster database (also known as the cluster registry). Although the information is stored directly in the cluster database, it isn't accessed directly by any other components.
 In Exchange 2013, the Microsoft Exchange Replication service periodically monitors the health of all mounted databases. In addition, it also monitors the Extensible Storage Engine (ESE) for any I/O errors or failures. When the service detects a failure, it notifies Active Manager. Active Manager then determines which database copy should be mounted and what it requires to mount that database. In addition, it tracks the active copy of a mailbox database (based on the last mounted copy of the database) and provides the tracking results information to the Client Access server to which the client is connected.

Best Copy Selection

When a failure occurs that prevents access to the active copy of a replicated mailbox database, Active Manager takes several steps to recover from the failure by selecting the best possible passive copy of the affected database to activate. This process was known as best copy selection (BCS) in Exchange 2010, and it's now known as best copy and server selection (BCSS) in Exchange 2013. The general process occurs in the following order:
  1. Managed availability or Active Manager detects a failure, or an administrator initiates a targetless switchover.
  2. The PAM runs the BCSS internal algorithm.
  3. A process called attempt copy last logs (ACLL) occurs, which tries to copy any missing log files from the server that hosted the active database copy prior to the failure or switchover.
  4. After the ACLL process has completed, the value of the AutoDatabaseMountDial for the Mailbox servers hosting copies of the database is compared with the copy queue length of the database being activated. At this point, either:
    • The number of missing log files is equal to or less than the value of AutoDatabaseMountDial, in which case Step 5 occurs.
    • The number of missing log files is greater than the value of AutoDatabaseMountDial, in which case Active Manager will try to activate next best available copy, if there is one.
  5. The PAM issues a mount request to the Microsoft Exchange Information Store via remote procedure call (RPC). At this point, either:
    • The database mounts and is made available to clients.
    • The database doesn't mount, and PAM performs steps 3 and 4 on the next best copy (if one is available).
In Exchange 2010, the BCS process evaluated several aspects of each database copy to determine the best copy to activate. These included:
  • Copy queue length
  • Replay queue length
  • Database status
  • Content index status
In Exchange 2013, Active Manager runs through all of the same BCS checks and phases, but it now also includes the use of a constraint of the decreasing order of health states. Specifically, BCSS includes several new health checks that are part of the built in managed availability monitoring components in Exchange 2013. There are four new additional checks performed by Active Manager (listed in the order in which they are performed):
  1. All Healthy   Checks for a server hosting a copy of the affected database that has all monitoring components in a healthy state.
  2. Up to Normal Healthy   Checks for a server hosting a copy of the affected database that has all monitoring components with Normal priority in a healthy state.
  3. All Better than Source   Checks for a server hosting a copy of the affected database that has monitoring components in a state that's better than the current server hosting the affected copy.
  4. Same as Source   Checks for a server hosting a copy of the affected database that has monitoring components in a state that's the same as the current server hosting the affected copy.
If BCSS is invoked as a result of a failover that's triggered by a monitoring component (for example, via a Failover responder), an additional mandatory constraint is enforced where the target server's component health must be better than the server on which the failover occurred. For example, if a failure of Microsoft Office Outlook Web App triggers a failover via a Failover responder, BCSS must select a server hosting a copy of the affected database on which Outlook Web App is healthy.

Best copy selection process

With respect to database failures (not protocol failures), Active Manager in Exchange 2013 performs the same checks as it did in Exchange 2010. Active Manager begins the best copy selection process by creating a list of database copies that are potential candidates for activation. Any database copies that are unreachable or are administratively blocked from activation are ignored and not used during the selection process. The order of the list depends on the value of the AutoDatabaseMountDial:
  • If the AutoDatabaseMountDial is configured with any value other than Lossless on all servers that host a copy of the database, Active Manager sorts the resulting list using the copy queue length as the primary key. The calculation is based on LastLogInspected (from the copy's point of view), so the list of potential copies is sorted by the highest value for LastLogInspected (which will be the copy with the lowest copy queue length). If necessary, Active Manager sorts the list a second time, using the value for activation preference as a secondary key to break any tie conditions where two or more passive copies have the same copy queue length. The copy with the lowest activation preference value has the higher priority on the list.
  • If the AutoDatabaseMountDial is configured with a value of Lossless on any server that hosts a copy of the database, Active Manager sorts the resulting list in ascending order by using the value for activation preference as the primary key. In addition, when an administrator performs a lossless server or database switchover without specifying a target, Active Manager also sorts the resulting list in ascending order by using the value for activation preference as the primary key.
Next, Active Manager attempts to locate a mailbox database copy on the list that has a status of Healthy, DisconnectedAndHealthy, DisconnectedAndResynchronizing, or SeedingSource, and then evaluates the activation potential of each of the copies on the list by using an order set of ten criteria. Active Manager determines if any of the candidates for activation meet the first set of criteria:
  • It has a content index with a status of Healthy.
  • It has a copy queue length less than 10 log files.
  • It has a replay queue length less than 50 log files.
If none of the database copies meet the first set of criteria, Active Manager tries to locate a database copy that meets the second set of criteria:
  • It has a content index with a status of Crawling.
  • It has a copy queue length less than 10 log files.
  • It has a replay queue length less than 50 log files.
If none of the database copies meet the second set of criteria, Active Manager tries to locate a database copy that meets the third set of criteria:
  • It has a content index with a status of Healthy.
  • It has a replay queue length less than 50 log files.
If none of the database copies meet the third set of criteria, Active Manager tries to locate a database copy that meets the fourth set of criteria:
  • It has a content index with a status of Crawling.
  • It has a replay queue length less than 50 log files.
If none of the database copies meet the fourth set of criteria, Active Manager tries to locate a database copy that meets the fifth set of criteria:
  • It has a replay queue length less than 50 log files.
If none of the database copies meet the fifth set of criteria, Active Manager tries to locate a database copy that meets the sixth set of criteria:
  • It has a content index with a status of Healthy.
  • It has a copy queue length less than 10 log files.
If none of the database copies meet the sixth criteria, Active Manager tries to locate a database copy that meets the seventh set of criteria:
  • It has a content index with a status of Crawling.
  • It has a copy queue length less than 10 log files.
If none of the database copies meet the seventh set of criteria, Active Manager tries to locate a database copy that meets the eighth set of criteria:
  • It has a content index with a status of Healthy.
If none of the database copies meet all of the eighth set of criteria, Active Manager tries to locate a database copy that meets the ninth set of criteria:
  • It has a content index with a status of Crawling.
If none of the database copies meet the ninth set of criteria, Active Manager tries to activate any database copy with a status of Healthy, DisconnectedAndHealthy, DisconnectedAndResynchronizing, or SeedingSource (the tenth set of criteria). If it can't find any database copies that meet the tenth set of criteria, it isn't able to automatically activate a database copy.
After one or more copies are located that meet one or more sets of criteria, the ACLL process runs to copy any log files from the original source to the potential new active copy. After the ACLL process has completed, the PAM issues a mount request and either the database mounts and is made available to clients or the database doesn't mount and the PAM searches for the next best copy (if one is available).


Source :- Microsoft Technet Website.

How to Change Safety Net Time Value in Exchange 2013

To check the safety net hold time run the below command
Get-TransportConfig | ft name,Safety*

In-order to change the value run the below command
Set-TransportConfig –SafetyNetHoldTime 10.00:00:00
You will get the warning once you run the above command. So you need to ensure that the safety net hold time is a value lesser than the replay lag time. Keep this in mind that  you need to plan this according to your lag copies. You need not worry about this if you do not have any lag copies.


These values can be changed from the EAC as well

Inroder to change the value through EAC perform the following steps
Open EAC- Click on mail flow tab – Click on receive connectors
Click on more and click on organizational transport settings


Below you have the option to change the value of the safety net hold time as shown
Hope this article will help to change the safety net value in Exchange 2013.

Saturday, August 22, 2015

(DAG)Content Index State Failed of Mailbox Database In Exchange Server 2013 (Solutiuon)

Hello,
Today I was doing DAG(Database Availability Group ) Lab in my environment and when i was added a database in a Dag then it showed me Content Index state Failed so I got a Solution !!!
That I am going to Share with you all ...

I have one DC1 (Adatum.com)
one - CAS
Two - Mailbox Server (MBX1,MBX2)
Just go MBX1 and type services.msc in Run menu then select Both services started from Microsoft Exchange search and then Stop them and minimize services console .
Now goto c:\program file\microsoft\exchange\v15\mailbox and then select your mailbox database and open it
Then delete the folder with very length value like guid (3chdjhjd-dsds3ds-dshd4hdn-dsdsd.....)
Again Start both services from minimize service console and refresh your database from EMC and verify it should be fixed with in few seconds or minutes depending your databse size.

Do this task on all Mailbox servers to solve it .

Enjoy !!!!!!!!!!!!!!!!!!!!!!!!!!!!


OR

To manually update the ContentIndexState from a healthy node simply run the following command:

Update-MailboxDatabaseCopy "database\server" -CatalogOnly

In my case the database I want to update was "DB1" on server "LON-MBX1" so I ran:

Update-MailboxDatabaseCopy "DB1\LON-MBX1" -CatalogOnly


Friday, August 21, 2015

MS OUTLOOK POP3 Configuration in Exchange Server 2013

Hello ,
Today I have configured outlook with POP3 configuration as in Image in Exchange Server 2013 .

I have DC- DC1- Adatum.com-2012R2
CAS1- Client Access Server - Adatum.com - 2012R2
MBX1- Mailbox Server _ Adatum.com - 2012R2

Note:-  You have to start POP3 Service from services.msc console on CAS1 and POPBackend Service ON MBX1.
Then open MS Outlook and configure as in below Image .



Displaying image.png

Tuesday, August 4, 2015

Interesting/Good News - Windows 10 Offline Install, Without Waiting in Queue for Global Windows Rollout by Microsoft


So it is really simple and easy steps to Upgrade your PC to Windows 10 without waiting for Online Windows Updates OS rollout.


This is one more step for Offline Installation but kind of tricky complex.

http://www.zdnet.com/article/how-to-turn-your-windows-10-upgrade-into-an-iso/


And you can simply download a MS tool from following link, and do the installation/upgrade followed by steps given on Microsoft site.

https://www.microsoft.com/en-us/software-download/windows10

IMP - Please make a note that it is only supported and compatible for WINDOWS 7 SP1, Windows 8.1 Pro, Starter, Home and single versions/editions.

For Windows 10 Enterprise, you need to contact your company local support team.





For Fresh ISO 

https://www.microsoft.com/en-us/evalcenter/evaluate-windows-10-enterprise

Install System Center 2012 R2 Virtual Machine Manager Step by Step Guide.

Hello ,
Today I was teaching/practicals on Microsoft SCVMM 2012R2 with Roshan Bhavsar (roshanbhavsar04@gmail.com).

He is been working in TomTom Pune and came here (www.koenig-solutions.com) for training of Windows Server 2012R2 Designing,Planning and Implementing with SCVMM.

So Today We have started 20413 - Designing and Implementing a Server Infrastructure, but it does not have installation part of SCVMM so firstly we have started with Installation that I am going to share with you .

In My Lab environment  I have One Hyper-v Host with 16GB RAM and I have created few VMs as
DC1,SVR1,SVR2 and Windows8.1 ,All are member of Koenig.com Domain but I will use only DC1 and SVR1.

How to break Windows Server 2008 R2 / Windows 7 Password

Hello ,
Here are very simple steps to break password from your Operating System DVD or ISO file .


Step 1: Boot the system with the official windows OS DVD

Step 2: Select the language, currency and keyboard type and click next

Step 3: On the windows click “Repair Your Computer”

Step 4: On Next Windows Selected the installed instance of the windows server 2008 for 

Which you want to re set the administrator password and press next

Step 5: On next window click on “Command prompt”

Step 6: Type the following commands on command prompt (typical command prompt

 Will be : [X:\Sources>]

 D: Press Enter ( If Windows is installed on C Drive then on the above 

 cd Windows\System32

 move Utilman.exe Utilman.exe.bak

 copy cmd.exe Utilman.exe

 Restart the system without DVD

 Now At the login Windows press (WIN + U)

 A command prompt will appear

 Type “net user administrator P$$w0rd”. (complex password)

Step7: Now you can logon to the system with new administrator password

Step8: It's over just need to reboot on the DVD again to put back Utilman.exe as before 

command prompt it will be found on Drive D)

Saturday, August 1, 2015

Active Directory Quotas (Active Directory quotas are limits on the number of objects that a security principal can create ) .

Active Directory quotas are limits on the number of objects that a security principal (that has been delegated the Create Child Objects or Delete Child Objects permission) can own and create. You can use quotas to mitigate the risk of a denial-of-service attack against a directory service. For example, you can restrict the owner of the Accounting organizational unit (OU) in your organization to creating no more than 100 new user accounts.
If a security principal that has been delegated the permission to create objects in the directory is compromised and there are no quota limitations in place, a rogue attack on the directory service can create objects until the disk that houses the NTDIS.dit file on the domain controller runs out of space. By implementing quotas, you can limit the number of objects that a security principal can create in the directory, which helps insulate the directory from a denial-of-service attack through the creation of a very large number of objects.
Example
To set a quota limit of 10 on the security principal user object Mohit Singh in the IT OU of the Koenig.com directory partition, use the following command:
dsadd quota -part "dc=Koenig,dc=com" -qlimit 10 -acct "CN=Mohit Singh,OU=IT,DC=koenig,DC=com"
At the completion of this command, the user Mohit is limited to creating 10 objects in the Koenig.com directory partition.






Quota container

Quota objects are stored in the NTDS Quotas container under the domain, application, and configuration naming contexts. To view the NTDS Quotas container in the Active Directory Users and Computers snap-in, you must enable Advanced Features on the View menu. The NTDS Quotas container is of the object class msDS-QuotaContainer. There are two special attributes that you can set on the NTDS Quotas container:
  • msDS-DefaultQuota
  • msDS-TombstoneQuotaFactor
Values that you can assign to these attributes are described in the following sections: Default quotas and Tombstone objects.

Default quotas

You can set a default quota for every security principal in a given partition. To set a default quota for all security principals in a partition, you must modify the msDS-DefaultQuota attribute of the NTDS Quotas container.
By default, the msDS-DefaultQuota is not set. If there is no value for this attribute or if the attribute has a value of -1, security principals in the given partition (that have been delegated the Create and Delete Child permissions) can create and delete an unlimited amount of objects in the partition for which they have these permissions.

Tombstone objects

Tombstone objects, which are created when you delete an object from a partition, count toward a security principal’s quota limit. You can define the percentage by which tombstone objects count against a security principal’s quota limit by modifying the NTDS Quotas container’s msDS-TombstoneQuotaFactor attribute.
The msDS-TombstoneQuotaFactor attribute is the percentage factor (a value between 1 and 100) by which tombstone objects count against a security principal’s quota limit. By default, the value is set to 100. For example, if you leave the default value unchanged and a security principal has a quota limit of two, the user can create one object and delete another object, which creates a tombstone object. If the user creates an object and then deletes the same object, the quota limit is only reduced by one. By contrast, if you set the value of this attribute to 50, the user can create one new object and delete two objects, because creating a tombstone object only counts as half the value of creating one “live” object.


Restricts Domain Users to add Computers in a Domain By Modifying This Value

MS-DS-Machine-Account-Quota attribute


The number of computer accounts that a user is allowed to create in a domain (Default is 10).

You must enable Advanced Features on the View menu. Then Select Domain and go to properties and click Attribute Editor then modify the value of ms-DS-Machine_account-Quota according to your need.

Configure Remote Management in Server Manager

In Windows Server® 2012 R2 and Windows Server® 2012, you can use Server Manager to perform management tasks on remote servers. Remote management is enabled by default on servers that are running Windows Server 2012. To manage a server remotely by using Server Manager, you add the server to the Server Manager server pool.
You can use Server Manager to manage remote servers that are running older releases of Windows Server, but the following updates are required to fully manage these older operating systems.
To manage servers that are running Windows Server 2012, Windows Server 2008 R2, or Windows Server 2008 by using Server Manager in Windows Server 2012 R2, apply the following updates to the older operating systems.
  • .NET Framework 4.5
  • Windows Management Framework 4.0. The Windows Management Framework 4.0 download package updates Windows Management Instrumentation (WMI) providers on Windows Server 2012, Windows Server 2008 R2, and Windows Server 2008. The updated WMI providers let Server Manager collect information about roles and features that are installed on the managed servers. Until the update is applied, servers that are running Windows Server 2012, Windows Server 2008 R2 or Windows Server 2008 have a manageability status of Not accessible.
  • The performance update associated with Knowledge Base article 2682011 allows Server Manager to collect performance data from Windows Server 2008 and Windows Server 2008 R2. This performance update is not necessary on servers that are running Windows Server 2012.
To manage servers that are running Windows Server 2008 R2 or Windows Server 2008, apply the following updates to the older operating systems.
  • .NET Framework 4
  • Windows Management Framework 3.0 The Windows Management Framework 3.0 download package updates Windows Management Instrumentation (WMI) providers on Windows Server 2008 and Windows Server 2008 R2. The updated WMI providers let Server Manager collect information about roles and features that are installed on the managed servers. Until the update is applied, servers that are running Windows Server 2008 or Windows Server 2008 R2 have a manageability status of Not accessible – Verify earlier versions run Windows Management Framework 3.0.
  • The performance update associated with Knowledge Base article 2682011 allows Server Manager to collect performance data from Windows Server 2008 and Windows Server 2008 R2.


To enable Server Manager remote management by using the Windows interface

  1. noteNote
    The settings that are controlled by the Configure Remote Management dialog box do not affect parts of Server Manager that use DCOM for remote communications.
    On the computer that you want to manage remotely, open Server Manager, if it is not already open. On the Windows taskbar, click Server Manager. On the Start screen, click theServer Manager tile.
  2. In the Properties area of the Local Servers page, click the hyperlinked value for the Remote management property.
  3. Do one of the following, and then click OK.
    • To prevent this computer from being managed remotely by using Server Manager (or Windows PowerShell if it is installed), clear the Enable remote management of this server from other computers check box.
    • To let this computer be managed remotely by using Server Manager or Windows PowerShell, select Enable remote management of this server from other computers.

To enable Server Manager remote management by using Windows PowerShell

  1. On the computer that you want to manage remotely, do one of the following to open a Windows PowerShell session with elevated user rights.
    • On the Windows desktop, right-click Windows PowerShell on the taskbar, and then click Run as Administrator.
    • On the Windows Start screen, right-click Windows PowerShell, and then on the app bar, click Run as Administrator.
  2. Type the following, and then press Enter to enable all required firewall rule exceptions.
    Configure-SMRemoting.exe -enable

To enable Server Manager remote management by using the command line

  1. On the computer that you want to manage remotely, open a command prompt session with elevated user rights. To do this, on the Start screen, type cmd, right-click theCommand Prompt tile when it is displayed in the Apps results, and then on the app bar, click Run as Administrator.
  2. Run the following executable file.
    %windir%\system32\Configure-SMRemoting.exe
  3. Do one of the following:
    • To disable remote management, type Configure-SMRemoting.exe -disable, and then press Enter.
    • To enable remote management, type Configure-SMRemoting.exe -enable, and then press Enter.
    • To view the current remote management setting, type Configure-SMRemoting.exe -get, and then press ENTER.