Category Archives: UC&C

2011-06-09 · 23:14

The Conversation Action Settings folder

I recently got a query from a Mac-using coworker:

When looking at my email account, I see an extra folder called Conversation Action Settings. Is this something I can safely dispose of?

If you’re used to using Outlook on Windows, you may never have seen this folder. In fact, you might not have seen it if you are a WIn Outlook user, because it’s only present on Exchange 2010 mailboxes. Outlook 2007 doesn’t display it, but Outlook 2011 for Mac OS X does, as does Apple’s Mail.app. This has engendered a lot of discussion about what the folder is and whether it’s safe to get rid of it.

So let me answer those points in reverse order. Yes, it’s safe to remove the folder… but if you do so, it’s just going to come back again. I expect that Apple will update Mail.app in Mac OS X “Lion” to hide the folder; they’ve done similar work to hide other Exchange/Outlook-specific folders in the past.

It’s arguably more interesting to talk about what’s in the folder in the first place. The Conversation Actions folder holds (drum roll)… conversation actions. These actions tell Exchange 2010 (and compatible clients, which for now means “OWA 2010” and “Outlook 2010”) what to do with message items under specific circumstances.

One action is the now-famous “ignore” button (see Clint Boessen’s description if you’re not hip to this very useful feature.) When you hit the mute button, Outlook creates a conversation action that automatically moves messages in the target thread to your Deleted Items folder. It can do this because Exchange 2010 automatically tags incoming messages with a conversation ID. Related messages (like replies or forwards of an existing message) get the same conversation ID. It uses a variety of heuristics to do this, and in general they work well to keep related messages together even when people do things like change the subject line mid-thread.

The other data items stored in this folder are Outlook 2010 Quick Steps. I love this feature and use it heavily; in fact, it’s one of the things I miss most when I’m using OWA 2010 and Outlook 2011.

If you’re not using a client that supports these features, then there won’t be anything in the Conversation Action Settings folder. However, just as nature abhors a vacuum, so does Exchange, so if you delete the folder expect to see it come back.

There’s more on conversation actions, and some other interesting Exchange 2010 and Outlook 2010 features, in this article.

1 Comment

Filed under UC&C

Tagged as ,

2011-05-19 · 22:21

HP E5000 videos finally released

You may remember that back in February Tony, Brian, and I shot some videos with Hewlett-Packard’s new E5000 messaging appliance. You might even have been wondering, as we have, where on earth those videos had gotten to. In an age where people routinely post unedited video on YouTube within seconds of an event, and where even highly-polished videos can be built and uploaded in a day, it seems that these videos took an awfully long time.

I was happy to see e-mail from Don Wilson at HP telling us that the final version of the videos are now available. Our two days of filming ended up providing material for six videos:

  • Introduction to HP E5000 Hardware, featuring lots of oohing and aahing over the E5000’s chassis. Although HP’s Dean Steadman is in this video, I don’t think you can see the bandage he had to put on after an unlucky encounter with a sharp edge on the E5000 prototype. Too bad; we had great fun mocking him because of it.
  • HP E5000: Complete and Optimized: a roundtable discussion of why HP designed the E5000 the way they did, and what they were attempting to accomplish with it.
  • HP E5000: Simple and Cost Efficient, in which we explore the thorny question of how you get support for something that combines an operating system and application from Microsoft with HP’s hardware.
  • HP E5000: Resilient/Highly Available, in which we explore whether you can safely use the word “appliance” to describe the E5000 (I voted that yes, we in fact could.)
  • HP E5000: Large Low Cost Mailboxes. Do you want to go back to 100MB mailboxes? Neither do Microsoft’s Jeff Mealiffe or HP’s Karl Robinson, both of whom join our roundtable discussion of ways to deliver large, cheap mailboxes to sate users’ unceasing demands.
  • HP E5000: Installation & Startup, in which HP’s Karl Robinson and I walk through the out-of-the-box setup process. (Hint: we skip the boring parts, like installing Exchange.)

Although I might be biased in saying so, the videos are short enough to remain interesting, and the E5000 is quite an interesting piece of equipment. I invite you to check out the videos and let us know what you think. If you liked them, tell me; if you didn’t, tell Tony.

Leave a comment

Filed under UC&C

2011-04-13 · 10:19

Exchange ActiveSync logo program launches

Great news: the Exchange team at Microsoft has launched a logo compliance program for Exchange ActiveSync devices.

Many years ago, I worked at Intergraph when they were in the process of going all-in with Windows NT. This was a risky move for them, because up to that point all of Intergraph’s revenue came from the sale of UNIX-based software and hardware. INGR owned its own microprocessor (the Clipper, which was revolutionary for its time), made its own workstations, and in general had a pretty solid vertically-integrated business model. But I digress.

One of the products I worked on was called Product Model Review. It allowed multiple engineers to walk through the same 3-D model at the same time over a LAN or Internet connection. Everyone saw whatever the "driver" was looking at, and the driver could pull up product data from an associated product data modeling (PDM) database. It was hot stuff at the time; it was one of Intergraph’s first shipping Windows NT apps, too. I wanted to do something unique with it, so I grabbed a copy of the "Designed for Windows NT" logo requirements (sadly, I can’t find them online) and got started.

Some of the requirements were simple, some weren’t applicable, and some were really, really hard. In the end, though, I was able to make the program logo-worthy, although INGR never submitted it for formal testing. Naturally I thought of this experience when I saw the announcement of the new EAS program.

Exchange ActiveSync has become the de facto standard for mobile device sync. Microsoft’s competitors– Apple and Google in mobile devices, IBM Lotus in messaging software– use it, which is a pretty good sign of its standard-ness. Microsoft has done a good job of evangelizing and licensing the protocol (something that I’m sure caused a bit of hate and discontent among the Windows Mobile team as they saw Exchange sync, a major competitive advantage at the time, migrating to other devices).

The problem with EAS, though, is that licensing the protocol doesn’t mean that vendors will implement it properly. If you look back on my first review of iOS EAS support, for example, you can see that Apple missed several key EAS features. They did somewhat better in iOS 3.x, and have gotten better still in iOS 4, but there are still holes. The same is true for the various ODM and third-party implementations of EAS for Android, Symbian, and so on. It’s great to have a standard, don’t get me wrong, but it’s more great (great-er? more greatic?) if you can see who follows the standard and to what degree.

Microsoft made a stab at this problem last year with the release of a table showing EAS feature support by vendor. However, the table didn’t really provide enough information for companies that wanted to specify devices for their employees, and it was difficult to compare and contrast features among different firmware revisions of different devices.

Enter the EAS logo program. Vendors will use the test plan to check their devices for compliance, then submit them to a third-party test lab for certification. The announcement outlines some specific EAS features that ODMs and software vendors must support, including preserving reply/forward state, correctly supporting HTML mail, and dealing with calendar invitations properly.

Device management policies are not discussed much in the announcement (apart from the requirement to support remote wipe and password policies.) Because Windows Phone 7 is listed as fully compliant, that gives you some idea of exactly which policies are required, though I have not yet found a complete test matrix online. For example, WP7 doesn’t support policies that disable Bluetooth, SMS, or the onboard device camera, so I’m guessing that these are not yet part of the logo test plan.

The logo program is especially topical right now because an increasing number of enterprises are throwing up their hands in frustration and allowing employees to pick their own mobile devices instead of trying to enforce a corporate standard. The latest example is Clorox, but there are many other places where the new standard is "bring your own device." Having a logo certification program will help simplify device management for the Exchange admins while helping end users avoid the awful feeling of buying a device and then finding out it won’t work properly.

I have a list of questions about the logo, and the associated requirements, that I’ll be discussing with the Exchange team at TEC 2011 next week. Expect more on this in a future UPDATE column once I get some actual answers.

Leave a comment

Filed under UC&C

2011-03-05 · 10:02

Preparing the content for Maestro round 2

This week Microsoft held the 2011 MVP Summit, which Tony ably summarized here. I wasn’t able to attend, which is a real shame, as seeing my MVP peers and the many Microsoft Exchange team members who come to the summit to teach, debate, and gather information from and with the MVPs is usually one of the highlights of my year. However, despite the fact that Tony, Brian, and I were not able to sit down together, we are still making good progress on developing the revised content for the 2011 series of Maestro events.

For the 2010 event’s, we focused on covering Exchange 2010 SP1. We are continuing that focus for the 2011 event, even though common sense tells us that SP2 will likely be forthcoming sometime this year. Microsoft has not said anything publicly about the release schedule for, or the likely contents of, SP2, so it doesn’t make sense for us to try to include it in our planning. What we can do, however, is refocus on some areas of SP1 that have proved to be particularly interesting from a technical standpoint or particularly challenging for people who are deploying Exchange 2010.

For my part, that means rethinking the way we approach the material covering the client access server. CAS is a complicated topic. There’s just no getting around that fact, but based on feedback from attendees and the kinds of questions I see posted in online fora, I think we can do a more focused job of covering the things that people have the most difficulty understanding. This is especially true for people who are migrating from Exchange 2003, which is a much less complicated client access story. (Having said that, I am not planning on stealing Greg Taylor’s elephant jokes. I don’t have the accent for it!)

I also want to change the approach I take to RBAC to include more demonstrations; we’ll probably also revamp the RBAC lab a bit. Although RBAC is a tremendously useful feature, it really does require some experimentation and hands on usage to really make it click for most people.

Finally, although I am pretty pleased with the way the unified messaging coverage stands right now, I would like to include some more demos and labs. With that in mind, I will be approaching a few hardware vendors to see if we can get them to loan us some demo hardware. Ideally, I would like to have an optional lab for UM that has students set up an UM topology that allows them to experience the thrill that comes when the phone rings and you hear “Welcome to Exchange unified messaging.”

Once we finish wrangling over the exact contents of the course, we’ll post an updated agenda on the Penton registration website. We’ve also followed the lead of practically every other company and event in the entire world and set up a Facebook page for the 2011 Maestro series. I hope that we will see attendees who have registered and people who are considering it congregate around this page to share comments and feedback. For events like this, when the attendees get a chance to communicate before the event, increases the value to them by increasing the interpersonal connectivity of their time in the classroom. (That is one of the major advantages of the way the MCM Exchange training is currently done, something which I will have more to say about in a future post.)

Leave a comment

Filed under UC&C

2011-02-23 · 16:37

Exchange Maestro: the 2011 version

Good news: the official registration site for the 2011 Exchange Maestro events is now open for business.

We have three upcoming events: San Diego on 3-5 May, London on 13-15 June, and Greenwich, CT on 26-28 October. (Tony answers the question "why Greenwich?", as well as some other notes, here.)

As someone who’s been presenting deeply technical multi-day events for a number of years, the second time is always the hardest. Fred Brooks called this the second-system effect: the first time you design something complex, you learn a great deal, and the things you learn often emerge the second time around… not always with positive results.

In this case, Tony, Brian, and I have a lot of solid feedback from our attendees, so we know what the Boston and Anaheim attendees would like to see changed in future events. We also have some ideas about where the larger Exchange community and marketplace are going; this helps us update the content so that it remains timely and relevant. We will have no problem updating and improving the content; I hope in particular to add some unified messaging-related labs to give attendees more hands-on time.

Speaking of hands-on, one of the most consistent pieces of feedback we got was there weren’t enough hours in the day to do the labs and cover the lecture material. This is by design; we want attendees to work on the labs on their own during breaks and at night, coming to us with questions when they arise, then take the labs back to their workplace where they can dig into them without having to divide their attention between the material we’re presenting and the labs. The whole point of these workshops is that they are richly technical, so it’s important that attendees be able to focus 100% on the new material.

A couple of eagle-eyed readers (hello, Mr. McBee) noted that the London Maestro event is co-located, and overlaps the schedule of, the new Connections Powered by Microsoft event. It was significantly less expensive for us to combine the logistics for the two shows; shipping, customs, food and beverage services, and so on, but I want to make clear that there’s no overlap of content between the two events.

Think of the Connections series like a visit to your local food court. You can shop around and have a little of this plus a little of that… a couple of sessions on Exchange, maybe a little Lync on the side, a smidgen of Windows, and SharePoint for dessert. Maestro is, by contrast, like a six-course dinner at a fine restaurant: a richer, deeper, more complex experience that, admittedly, takes more time and money. The two complement each other nicely, but both stand alone.

To abandon the restaurant analogy, the content that we’ll be presenting at Maestro is both broader and technically deeper than the sessions available at Connections. That’s because Tony and I are able to use our knowledge of Exchange and the broader industry to pick out the most useful, most interesting, and least-known aspects of Exchange 2010 design, deployment, and operations and present them to you on a platter, so to speak. (All right; I didn’t entirely abandon the analogy…)

Registration is open now for the San Diego and Greenwich events, and we expect it to open shortly for London as well. Stay tuned for future details, including a few neat new steps we’re taking to help those interested in the Maestro classes get the most out of their attendance…

4 Comments

Filed under UC&C

2011-02-20 · 15:24

Introducing the E5000 messsaging system

This week I had the unique opportunity to spend some quality time with two of my favorite people: Tony Redmond and Brian Desmond. The occasion was that we were invited by Hewlett-Packard and Microsoft to take an advance look at their new E5000 messaging system before its formal unveiling. Our goal was to spend some time with the program managers on the E5000 team learning about the system and experimenting with it a bit. The kicker: the whole process was videotaped.

Of course, nothing is as simple as it first seems. Tony, Brian, and I thought that “videotaped” meant “hand-held camcorders.” We were in for a rather rude surprise when we were greeted by Jenny, our makeup artist:

IMG_0248

She wasn’t rude in the least, but boy, were we surprised to see her. Jenny quickly got our makeup on and onto the set, where we found no fewer than four large, dolly-mounted video cameras, each with a camera operator, plus a sound guy, a director, and assorted other studio folks. We very quickly got used to their presence and sat down with Dean Steadman and Karl Robinson of Hewlett-Packard and Jeff Mealiffe of Microsoft to talk about the specifics of the E5000 series.

Tony’s writeup gives a good summary of our discussions. Going in, I was of the opinion that having a solution that combines two DAG nodes in a single physical enclosure was useful, but that it was lacking in three key areas: it still needs load balancing; it introduces the potential for the E5000 to be a single point of failure, and it doesn’t include Exchange server licenses so it isn’t really a complete solution.

However, once I had a chance to talk things over with Dean, Jeff, and Karl, I started to come around.

First, load balancing. Yes, you still need it. In this respect the E5000 is no different than any other set of Exchange 2010 servers. I’d love to see load balancing integrated into a future revision of the E5000 series, as I think the customers who will be most interested in the idea of an all-in-one appliance are least likely to want to deal with the complexities of CAS load balancing.

Second, HA. It’s true that if you put an E5000 in your server rack that a site-level failure (including mains power, fire, flood, and so on) can kill both nodes at once– but this is no different than the situation faced by the majority of Exchange 2003 sites now, the very customers at which the E5000 is targeted. Replacing a set of Exchange 2003 servers with a set of E5000s means that customers can not only take advantage of Exchange 2010’s I/O improvements to reduce the total number of servers, but that they can also use DAGs to reduce the risk of data loss from a disk, controller, or server failure. Where business reasons require protection against site-level failure, it’s a simple matter to drop one or more additional E5000s in a remote site and join them to the existing DAG. The more I think about it, the more I like the idea of using building block-style hardware like E5000s as the basis of building remote sites. There’s quite a benefit to standardization of hardware, software, and operations.

Third, license bundling. Because the E5000 will primarily be sold through HP’s channel partners, I’d expect that customers who need Exchange server licenses or CALs will be able to order them at the same time as their E5000 units. The E5000 Quick Deployment tool won’t proceed with installation until you enter a valid Exchange PID. This is required because some models of the E5000 line will be configured with more than 5 databases, and to prevent unpleasantness the installer wants to verify that the PID is for the Enterprise Edition of Exchange. Making things a bit more complicated, from a business standpoint, Exchange server licenses have never been previously bundled in the way that Windows Server licenses have. I’m hopeful that we’ll see the option to bundle all the needed licenses in with the product. (In fact, I had a great discussion with the Microsoft folks about the desirability of an in-app purchasing system for CALs– imagine being able to buy additional CALs or server licenses as easily as you buy songs on iTunes or points on Xbox LIVE.)

The deployment experience is quite smooth; all of the questions normally spread throughout the Exchange setup process are consolidated onto a single page. Once you answer them, the setup tool does the rest. Bear in mind that you have to complete installation on the first blade before you can do anything with the second blade. Don’t give in to the temptation of starting setup on blade 2 before it’s done on blade 1. Trust me on this.

However, if you want to do things like pull out disk drives or even blades while the E5000 is running, go right ahead. I got to experiment with doing exactly this and it was quite a lot of fun. Bear in mind that there are two hot spares allocated for each blade, so if you pull a spare nothing will happen. However, pulling a data drive triggers a rebuild of the mirror pair containing the affected DAG, and then pulling another drive causes a DAG failover, just as you’d expect.

Tony, Brian, and I left the HP folks with quite a bit of feedback on every aspect of the E5000, but that’s why they asked us to come. The basic product is quite solid, and I expect it to be warmly received in its target market of organizations with 500-3000 mailboxes. It’s definitely a major upgrade over what customers in that segment have with Exchange 2003. On to March 1st, the official release date!

2 Comments

Filed under UC&C

2011-01-20 · 14:44

A little more on group metrics

About a year ago (wow, how time flies!) I wrote about group metrics generation in Exchange 2010. In that article, I posted a link to an article that EJ Dyksen of Microsoft wrote about MailTips troubleshooting. I was reminded of that article when I noticed event ID 14039 in my event log– it was claiming that the last group metrics file generated was more than a month old. "That’s not right," I thought. "I’d better verify that group metric generation is enabled."

Only, the EMS parameter for group metrics generation has changed. You now have to use Set-MailboxServer -ForceGroupMetricsGeneration $true. This is documented, but I had to hunt for it, grumble. Sure enough, group metrics generation was turned off on my mailbox servers, I suspect erroneously. Interestingly, the problem cropped up the day after we started our two-week Christmas break… a day or so after I applied a rollup to the servers. I smell a rat…

Technorati Tags:

Comments Off on A little more on group metrics

Filed under UC&C

Tagged as ,

2010-12-15 · 16:34

Of NICs and DAGs in Exchange 2010

Tony posted a blog article discussing the tradeoffs inherent in choosing a number of NICs for your Exchange 2010 DAG members. While I don’t disagree outright with anything he said, I think there are some additional factors that are worth mentioning.

Bottom line: I always recommend– and practically require– two NICs in all DAG members. Why? The answer is threefold, but to get there we have to do a bit of digging.

It’s important to understand that DAG members process two distinct types of network traffic: "MAPI traffic" to and from CAS servers (and AD, and pretty much everything else) and "replication traffic" to and from other DAG members. (See this TechNet topic for more on the distinction between the two.) First, the way DAGs handle network traffic is that you can specify separate networks for replication traffic and normal traffic. It’s perfectly supported to put both types of traffic on the same NIC. However, if you segregate the traffic onto two separate NICs, you get a bonus– think of it like a saving throw against failover. A failure of the MAPI network will trigger a DAG failover, but a failure of the replication network will merely move replication traffic onto the MAPI network without a failover.

With that in mind, here’s why I think you should plan on using two (or possibly more) NICs in your DAG members.

First, you get additional protection against several potential points of failure. Provided that you’ve designed your environment properly, having two NICs means that you’re protected against failure of a single cable, switch port, or switch. (This assumes, of course, that you haven’t just plugged every DAG member into the same physical switch!) Even if you’re using the tried-and-true method of linking two DAG servers together with a simple crossover cable, having a second NIC insulates you against failure of that cable.

Second, you gain flexibility. All other factors being equal, I’d rather have the ability to shift MAPI or replication traffic to a different physical path when necessary.

Third, the vast majority of modern servers (where by "modern" I mean those sold since the release of Exchange 2007) already include at least two, and often four, onboard NICs. Many IT staffers are suspicious of the quality of onboard NICs due to various problems with chipsets and drivers of old, but I have seen many perfectly stable and well-functioning Exchange environments using modern NICs and drivers so this seems like a legacy concern to me.

Tony makes an important point when he says that companies who have the ability to notice and respond to outages quickly will be OK running a single NIC. I don’t disagree, but I’d point out that even such companies would rather not have outages in the first place. Admittedly, a failure of the MAPI NIC in a DAG member will trigger a failover, but it’s a simple matter at that point to reconfigure the network to use the replication NIC if need be, or to replace or repair the failed NIC if it makes more sense to do so.

If it costs you literally nothing extra to gain the additional benefits of flexibility and protection, in my opinion you’d be well advised to grab those benefits with both hands.

Comments Off on Of NICs and DAGs in Exchange 2010

Filed under UC&C

Tagged as ,

2010-11-18 · 12:05

Exchange Server Cookbook script archive

A long time ago… well, OK, it wasn’t that long ago. Anyway, back in 2005 (ed note: that was a long time ago!) Missy, Devin, and I (along with Tom Meunier) wrote the Exchange Server Cookbook for O’Reilly. I maintained a web site for it for a few years, but as interest in the book waned, so did my efforts to maintain the site.

I find that I still use it a few times a week as I work on various Exchange 2003 content. Devin was kind enough to gather up the scripts into an archive, and I’m finally posting it. Feel free to share and adapt these, but please give us credit; it was rather a lot of work.

Get the script archive

Comments Off on Exchange Server Cookbook script archive

Filed under UC&C

2010-10-19 · 18:16

Exchange Maestro Anaheim days 1 & 2

I had to skip a day of recap postings thanks to a bit of extracurricular work, but better late than never…

Day 1 began right on time, with our attendees eager to get started. We made several structural changes to the course, mostly in the area of reordering material. Tony led off with an architectural session, followed by my presentation on the new Exchange management tools (now including remote PowerShell, formerly the subject of its own session). After a delicious lunch of Mexican food (including mariachi music, serapes instead of tablecloths, and some really excellent decorations), Tony presented the store content and I followed up with the CAS material. We ran a bit long in the afternoon, so I had to stop before I finished with the CAS material so that we’d have time for labs.

Day 1’s highlight was that my friend Alice, a former co-worker from 3Sharp, brought me a Disneyland turkey leg! In Boston, I’d mentioned to Tony, Brian, and Melissa that I wanted to go to Disneyland and find one of the famous Disney turkey legs. Word apparently got out, and Alice, bless her heart, made a trip to Disneyland– her first ever– to see the sights and bring me back some of that oh-so-tasty smoked poultry awesomeness. I was shocked to see it; it’s one of the nicest things anyone’s ever done for me. Thanks, Alice!

We closed out day 1 with dinner at Roy’s here in Anaheim with our sponsors from Microsoft and Hewlett Packard. Dinner was quite good, as was the company, but I was out later than I wanted to be so it was hard to get rolling this morning.

Despite my sluggishness, day 2 began promptly at 0900, where I started with the remainder of the CAS coverage. In Boston, we had separate presentations for the CAS role and for client settings and management options, but we decided to combine them to save time. That strategy backfired badly, as I ended up running 30 minutes long. I then compounded that problem by running 40 minutes long on my RBAC session. In fairness, I got a lot of good questions from our attendees, so I didn’t mind going a bit long, but Tony and I had some catching up to do on the remaining sessions: the mailbox replication service (MRS), transport, and compliance. By day’s end, we had no margin left for lab time, so we’ll have to catch up a bit tomorrow.

On day 2, the most memorable quote was Tony’s solemn assertion that “we kill lingering orphans after 24 hours.”

He was talking, of course, about mailbox move requests as part of his session on the mailbox replication service (MRS). We were also surprised and delighted to get a nifty calendar from one of our students who’s active in the Back-Country Horsemen of Idaho. The calendar features some beautiful Idaho scenery, plus: horses! It will go up in a place of honor in my office as soon as I get home.

During a bit of intra-day-2 downtime, I was able to finish the final technical edit pass on chapter 17 of Tony’s book. That ends my involvement with this revision; it’s been a great learning experience to have the opportunity to pore over 16 months’ worth of Tony’s research and experimentation with Exchange. I’ve learned quite a lot from him, and I congratulate him on finishing such a large project– it’s roughly twice as long as the longest book I’ve ever written by myself.

Now it’s off to a class dinner at PF Chang (table for 25, stat!), then a rare evening off (provided I finish tech-editing a magazine article that I owe my editors…)

Comments Off on Exchange Maestro Anaheim days 1 & 2

Filed under UC&C

Tagged as

2010-10-18 · 08:01

Anaheim Exchange Maestro day 1, pre-show

Clearly the only way I will be able to get a word in before Tony is to write about each day before it starts!

I arrived last night in Anaheim after a long (and expensive!) cab ride from LAX, preceded by a flight on Horizon from SJC. We were on a Bombardier Q400, which I’d never flown before. It’s a turboprop, but feels inside like a CRJ-class jet. It was not uncomfortable, and it wasn’t too noisy, so I’ll score that as a win.

The hotel assigned me to an absolutely huge guest room overlooking the pool. Given that it’s in the mid-60s, this is not the benefit you might assume. I was a bit startled to hear a series of loud boom! sounds starting about 9:30. This turned out to be the nightly Disneyland fireworks show; apparently the launch area is close by the hotel. Sadly, I couldn’t see the actual fireworks, but I’ll try to find a better vantage point tonight.

The hotel meeting facilities are about a million times nicer than the Doubletree we used in Boston. I was greeted this morning with a spacious, well-lit room, with a proper whiteboard. The entire corner of the room is occupied by a rather grand buffet of breakfast choices, which I appreciate; I love a good breakfast.

Today we have about 30 attendees, including my friend and former 3Sharpie Alice Goodman. Tony and I have been busy updating our slides to reflect feedback from the Boston attendees, and Brian has done a superb job of updating the lab instructions. The largest change is that the session on remote PowerShell has been removed, and its material integrated with the sessions on Exchange management tools and RBAC. There’s no reduction in the material covered; it’s just been reorganized to make things flow better.

The biggest piece of feedback from Boston is one we can’t do anything about; sadly there’s nothing we can do to make the labs any faster. We are trying to figure out a cost-effective way to help future attendees get SSDs to use with the labs. Their increased speed would help a great deal.

Now I’m off to finish my breakfast and get my game face on for another big day!

2 Comments

Filed under UC&C

Tagged as

2010-10-15 · 15:13

Exchange Maestro, day 3

We wrapped up the Boston Exchange Maestro event today, and it was quite good! (Except that I had hoped to finish my summary before Tony got his writeup done… perhaps I’ll have better luck next time.)

Tony kicked the morning off with an optional 8am session on migration considerations. As much of the class is still on Exchange 2003, this was well-attended. There’s a wide variety of environments out there, and I enjoyed hearing the attendees’ specific questions about exactly how to accomplish specific tasks in their environment.

I then gave a longer-than-expected presentation on Exchange scalability. It took more than the 90 minutes I’d allotted, and there were still many areas of the topic that I didn’t get to delve into. In particular, I would like to have enough time to walk through more of the details of the Exchange 2010 mailbox role storage calculator. There’s way more there than I can cover in such a limited amount of time, though we did have some interesting discussions around storage provisioning.

The high point of the day was our group work. Tony, playing the role of a hard-nosed corporate CIO, gave the attendees a high-level description of an Exchange 2003 environment with 12,000 users and a simple set of requirements. Their task was to break into groups and develop high-level designs, then present them. We were joined by two consultants from HP’s services organization who circulated around and helped the groups identify the key points required for their designs. At the end of an hour, Tony and I had the attendees mail us their presentations, then I chose three teams to present their designs for Tony’s scrutiny. Our presenters showed a great deal of mental agility in answering Tony’s sometimes-pointed questions.

The low point of the day was finding a live roach in my sandwich. As Tony points out, this can indeed happen at almost any hotel; however, we had a long string of problems here, ranging from noisy construction work during our classes (which Melissa quickly stopped) to numerous A/V problems to getting kicked out of the room earlier than we’d planned. This sort of thing does happen from time to time, but I think and expect that we’ll have better luck in Anaheim.

One of the most valuable things about this training is that we’re trying to move the emphasis away from the purely technical. The general level of training for Exchange is fairly low: the official Microsoft curriculum is too limited, and the variance in instructor quality too great. We wanted to deliver training with more technical depth and an exploration of the business issues behind Exchange 2010 deployment. I feel like we did that here, and we’re both looking for opportunities to sharpen that message in our future events.

Tomorrow I have an early-morning flight back to San Jose, where I’m looking forward to spending some time with the boys. Sunday night I head down to Anaheim for our next event, which I’m looking forward to quite a bit.

5 Comments

Filed under UC&C

Tagged as

2010-10-14 · 17:34

Exchange Maestro, day 2

If this is Thursday, it must be time for Thursday Trivia– Maestro style!

Tony’s produced another excellent writeup, this time featuring the second day of our Maestro training festivities (activities? either one works) here in Boston. A few additional notes come to mind.

First, I must confess to a degree of envy for the beautiful Nikon lens that Tony has been using to take pictures, although I would quite like it if he would take pictures of something other than me. I suppose you can’t have everything you wish for. (Ed. note: the actual lens Tony is using is this one. The one I linked to in the preceding sentence is the rough equivalent for my camera, which is why I got them mixed up.)

The RBAC session went quite well, though it ran longer than I wanted to. RBAC is one of the key areas where Exchange 2010 differs significantly from Exchange 2007. Most Windows administrators are so used to the standard Windows security model, which uses discretionary access control, that the concept of access control based on roles seems very foreign. When I teach RBAC, there are a few principles that I focus on to help keep the most important things at the forefront. First, RBAC role assignments are additive. If I assign you three different roles, you will have the ability to do anything that any of those roles allow. This is a big change from the standard Windows model, with its rules about most restrictive permissions.

Second, I often liken RBAC to sculpting using stone. When you create a new role, you can only take away from the entries that the parent role holds. A child role cannot contain role entries that were never present in the parent. This, again, is quite unlike the standard Windows model.

Third, understanding how the “triangle of power” works is key to understanding RBAC. I will probably include a quick review in tomorrow morning’s review session.

After I finished RBAC, Tony embarked on a lengthy disquisition on the mailbox replication service. This is another major difference in Exchange 2010, and he covered it thoroughly. After a quick lunch of hotel Italian, I covered the high points of the Exchange 2010 transport system. I think the students were probably glad to be on more familiar ground, as the transport system still has a lot in common with previous versions.

The afternoon labs went quite well. I was able to help one student fix a nagging problem with the CAS servers in his production system, resulting in him being able to use Outlook 2011 with his Exchange 2007 system. He was happy, as was I. It’s always very rewarding to be able to teach people things that they can immediately apply to their work environments. After all, that’s why we are here. Abstract knowledge is wonderful, but concrete, practical knowledge is better in my book.

(Speaking of book: Tony’s Exchange 2010 Inside Out is due to be released December 1. In related news, I am no longer the holdup in its production!)

One of the interesting things about this class is that we give the students a reasonably complex virtual environment to work with. This has its challenges, including the requirement for students to bring fairly powerful laptops. However, when I compare this class to other classes I have taught where the instructors provided the equipment, I like this model better. Students are confident in the quality of the equipment because it’s theirs. None of the instructor staff has had to spend any significant amount of time helping students with hardware issues, something that often happens when using rental equipment or equipment provided by a venue. In addition, students can take the lab environments with them when they leave for the day, so if they want to work on the more at home, or next week when they are back in their offices, they can easily do so.

After the class was over, we left the hotel with fellow MVP Lee Benjamin to have dinner at a nearby restaurant. The food was quite good, the service was excellent, and the vintage clothing worn by the waitstaff was remarkable in its variety, a most welcome change from the doll clothing worn by weight staffs at most other restaurants. On the way back to Lee’s car, I spotted a plaque marking the location of the first long distance telephone call. I thought that was worth a picture, and the results are below or did I am pleased with how well the brick turned out using the built-in flash on my iPhone.

IMG_0062.JPG

Now I’m off to do a bit more editing work on Tony’s book, along with some last-minute changes to my slides for tomorrow. I’m covering exchange unified messaging, as well as server sizing, scaling, and planning. Should be a fun day!

Comments Off on Exchange Maestro, day 2

Filed under UC&C

Tagged as ,

2010-10-13 · 16:46

First day of Boston Exchange Maestro training

Tony beat me to it; while I was presenting during the latter portion of the day (and, I admit, catching up on e-mail) he was busy writing an excellent summary of our first day of the Exchange Maestro workshop here in Boston. As he pointed out, timing was one of the key issues that we had to struggle with. For events like this, there is always a tension between the amount of time you would like to have and the amount of time you do have. Exchange 2010 is complicated enough that we could easily, and very productively, spend a full week covering the topics we’ve selected for this three-day event. I feel that we have done a good job sticking to the schedule and managing our time well, but there’s so much material to cover that staying on the schedule can sometimes be challenging

Tony pointed out a couple of minor issues with the venue: for one thing, we got thrown out about 90 min. sooner than I thought we should have. Furthermore, during the morning, we were serenaded by the sounds of an ongoing bathroom renovation, complete with the dulcet tones of a reciprocating saw, some kind of rotary hammer, and other percussive power tools. Now, don’t get me wrong: I am a huge power tool fan and use them every chance I get. However, it’s fair to say that they were not the ideal accompaniment for our technical material. Fortunately, the hotel paused construction, and we will be moving to a different room for tomorrow and Friday– hopefully one with less ambient noise.

The attendees were engaged in asking questions, and they stayed busy with the labs. Tomorrow morning first thing I will be presenting on RBAC, a difficult topic to begin the day with. Hopefully the attendees will come with bright eyes and at peak alertness; they will need it. After RBAC, Tony will present on the mailbox replication service, followed by my presentation on the Exchange transport core. Rounding out the day, Tony will cover the retention and compliance aspects of Exchange 2010. That will be unknown territory for most of our attendees, so I expect that we all will be enlightened by the resulting discussions.

I would be remiss if I failed to point out the important contributions that Brian made during the day. In addition to making sure that the labs went smoothly, he made a number of very helpful suggestions about how we can better streamline the material to fit the allotted time, as well as catching a number of minor mistakes in our slide decks and accompanying presentations. It’s been great to have him here!

One thing that Tony failed to mention about today’s sessions is that he continually gave me a hard time about my progress (or lack thereof) in finishing the technical edits for his book. Don’t tell him, but I’m going to go work on it now so that I can finish it and avoid further harassment.

Comments Off on First day of Boston Exchange Maestro training

Filed under UC&C

Tagged as

2010-09-30 · 09:49

Padding oracle attacks and Exchange

In my Exchange Server UPDATE column last week, I described a security vulnerability known as the padding oracle attack and described how Microsoft’s ASP.NET framework is vulnerable to it. I left open the question of which versions of Exchange might be affected, and what Microsoft might plan to do about it. A week later, the answers are somewhat clearer.

Normally, Microsoft releases security patches on a regular monthly schedule: the second Tuesday of the month has become informally known as "Patch Tuesday" among many Windows administrators because that’s when Microsoft ships patches. However, from time to time they also release patches "out of band," or in between regularly scheduled patch releases. These out of band patches are typically reserved for serious problems, and the padding oracle attack definitely qualifies. Accordingly, Microsoft just released a patch for this vulnerability, which is described in Microsoft Security Bulletin MS10-070. Knowledge Base article 2418042 describes the patch installation process and identifies the multiple versions of the patch that exist for different operating systems and .NET Framework versions. (ed. note– seeing 7-digit KB article numbers makes me feel kind of old!)

What about Exchange? Well, this Exchange team blog post says that the team "…has not identified any issues related to the application of this patch on an Exchange server." That’s good news, as it indicates that Microsoft believes it’s OK to apply the patch. The post stops short of telling you to go off and install it everywhere, saying instead that you should install it on any Exchange server that has "an affected version of ASP.NET" At first I was confused that the post is tagged "Exchange 2007" and "Exchange 2010" but on rereading it closely, it’s clearly meant to apply to Exchange 2003 too.

If you don’t have a plan in place to push critical patches to your Exchange servers (preferably after validating them in your own environment), this would be a really good time to start on one. Happy patching!

Edited to correct the patch release date– it’s already out. Thanks to Bharat Suneja for catching my error.

Comments Off on Padding oracle attacks and Exchange

Filed under UC&C