Exchange 2007 to 2010 Part 1 – Update Exchange 2007 to SP3

This page is part 1 of the 3 stage Exchange upgrade series of articles. It deals with updating an Exchange 2007 SP1 environment to SP3. You will need to be a schema administrator to complete all steps below. As with any schema updates I strongly recommend that you perform these steps on a proof of concept (POC) domain before applying to a live system.

Our environment contained a mirrored mailbox server, standby server and CAS / hub transport server. The clustered mailbox server is called MAIL and the mailbox nodes are NODE01 and NODE02. This guide assumes NODE01 is the current primary node.

The steps are:

1. Download Windows Installer 4.5 from to C:\Temp\Exch2007SP3 on each Exchange server.

2. Download Exchange Server 2007 Service Pack 3 from to a central location.

3. Extract Exchange Server 2007 Service Pack 3 (E2K7SP3EN64.exe).

4. Copy the extracted files to a domain controller* (running directly from a domain controller is preferred as if there a network loss during schema update this could damage your domain).

5. From Schema Operations Master open an Administrative command prompt to central location from Step 3 and run:

setup /PrepareSchema

This will extend the schema.

6. Again from the Schema Operations Master use the command prompt at the same location to run:

setup /PrepareAD

This will prepare Active Directory for the Service pack update.

7. Log on to Standby Server (best to work on least critical server first).

8. If not already installed, install Windows Installer 4.5 from C:\Temp\Exch2007SP3.

9. Restart

10. Restart Remote Registry Service.

11. Stop any backup and antivirus Services.

12. Copy entire folder from the central location in Step 2 to C:\Temp\Exch2007SP3

13. Run Setup.exe. As pre-requisites are installed it should be a simple Next > Next installation.

14. Once install has completed, restart server.

15. Check all Automatic services are running.

16. Run Exchange Routine Checks to ensure Exchange is functioning correctly.

17. Log on to CAS / HT server and complete steps 8 – 16 (for me the SP3 update took just over 30 minutes per server).

18. Log on to passive mailbox node (NODE02) (you can run Get-ClusteredMailboxServerStatus to check which is the active node).

19. Complete steps 8 to 16 above.

20. Open an administrative command prompt and run C:\Temp\Exch2007SP3\ /m:upgrade (this upgrades the mailbox node version).

21. Once install has completed, reboot passive mailbox node.

22. Log on to (Primary) mailbox node NODE01.

23. Open an Exchange Management Shell window and run:

Stop-ClusteredMailboxServer -id MAIL -StopReason “Upgrade to Service Pack 3”

This will stop the Clustered Mailbox Server instance.

24. Still in the EMS window run:

Move-ClusteredMailboxServer -id MAIL -TargetNode NODE02 -MoveComment “Service Pack 3” -Confirm:$false

This will move the CMS instance.

25. Open an administrative command prompt and run:

C:\Temp\Exch2007SP3\ /upgradeCMS

This will upgrade the CMS instance.

26. Now run:

Start-ClusteredMailboxServer -id MAIL -Confirm:$false

To start the CMS instance.

27. Check all Automatic services are running.

28. Run Exchange Routine Checks to ensure Exchange is functioning correctly.

29. Log on to NODE01 (now passive node).

30. Complete steps 8 to 13 above (don’t restart just yet!).

31. Open an administrative command prompt and run C:\Temp\Exch2007SP3\ /m:upgrade

32. Once install has completed, reboot NODE01.

33. Check all Automatic services are running.

34. Run Exchange Routine Checks to ensure Exchange is functioning correctly.

35. Connect to WSUS server. Approve Exchange 2007 SP3 Rollup Update 6. **

36. Connect to Exchange servers, install Windows updates and reboot.

37. Open Exchange Management Console. Navigate to Server Configuration > Mailbox.

38. Check that all server versions are Version 8.3 (Build 83.6).

39. Right-click on mail in upper centre pane and select Manage Clustered Mailbox Server.

40. Follow the wizard to move CMS back to NODE01 (or alternatively run Move-ClusteredMailboxServer -id MAIL -TargetNode NODE01 -MoveComment “Moving the node back” -Confirm:$false from an EMS window).

41. Run Exchange Routine Checks to ensure Exchange is functioning correctly.

42. Test send and receive of external mail.


* A Windows Server 2008 Core Domain controller will not work as .NET 2.0 needs to be installed, this is possible on an R2 Server Core install but not on plain 2008.
** When I did this I had to manually install Rollup Update 7 as WSUS did not pull it down. Since writing this guide Update Rollup 8-v2 has been released.

Posted in Guides Tagged with: ,

Exchange 2007 to 2010 Part 2 – Install Exchange 2010 Client Access Server

This page is part 2 of the 3 stage Exchange upgrade series of articles. It deals with provisioning a new virtual machine (VM) on a Hyper-V 2008 Host. The VM will be a Client Access Server (CAS) running Windows Server 2008 R2, it will function as the first Exchange 2010 server in a current Exchange 2007 environment.

Building a server on Hyper-V isn’t complicated, but the steps are included here in order to demonstrate the entire process taken to set up a Microsoft Federation Gateway (and because I took the time to document it originally!).

For the purposes of this article, the Hyper-V host is HYPERV01 and the CAS server is to be EXCHANGE2010CAS

The steps are:

1. Create a new virtual machine on HYPERV01. The name is to be EXCHANGE2010CAS and it will run Windows 2008 R2 with a 40Gb C: and 4Gb RAM, it will be connected to an External network.

Microsoft recommendations are at least 10GB of NTFS formatted disk for OS, 200Mb free space, 1.2GB for Exchange and 500MB for Hub message queue database. (See and for more details on Exchange 2010 in a virtualised environment and hardware pre-requisites).

2. Set IP address.

3. Ensure firewall is on and check connectivity.

4. Add machine to Domain. Restart.

5. Install .NET Framework 3.5 SP1, Windows Remote Management (WinRM), PowerShell v2

6. Open Powershell with elevated rights and run the following 3 cmdlets:

  • Import-Module ServerManager
  • Add-WindowsFeature NET-Framework,RSAT-ADDS,RSAT-AD-PowerShell -IncludeAllSubFeature,Web-Server,Web-Basic-Auth,Web-Windows-Auth,Web-Metabase,Web-Net-Ext,Web-Lgcy-Mgmt-Console,WAS-Process-Model,RSAT-Web-Server,Web-ISAPI-Ext,Web-Digest-Auth,Web-Dyn-Compression,NET-HTTP-Activation,RPC-Over-HTTP-Proxy -Restart
  • Set-Service NetTcpPortSharing -StartupType Automatic

(See for a list of pre-requisites).

7. Install Exchange 2010 SP2 Update Rollup 5-v2 (there is a somewhat confusing guide on this process at, select CAS and HT roles. Chose to join an existing organisation. Extend schema if necessary (this shouldnít be needed as schema was extended under Part 1.

8. Install Microsoft Office 2010 Filter Pack.

9. Log on to WSUS server and approve any Exchange 2010 Windows Updates.

10. Install required Windows Updates. Restart.

11. Run Get-exchangeserver from Exchange Management Shell (EMS) on a current Exchange 2007 CAS to ensure the new server is listed as part of the Exchange infrastructure.

12. Run Exchange Routine Checks to ensure Exchange is functioning correctly.

13. Update any custom GPOs or groups that you have set up for managing your Exchange Servers.

Posted in Guides Tagged with: ,

Exchange 2007 to 2010 Part 3 – Autodiscover / certificates / federation creation

This page is the third and final step in the 3 stage Exchange upgrade series of articles. It deals with setting up (or updating) autodiscover, creating certificates and finally creating a Microsoft Federated Gateway. It assumes you have completed Step 1 and Step 2 and run ISA 2007 Servers as your firewall.

Steps 37 onwards assume that the external organisation has completed the same steps from their end (they would also need to complete all steps here).

The steps are:

1. Contact your ISP to add external DNS entry for to point to the external IP for your ISA Server.

Once this has been completed and has replicated you can proceed to step 2.

2. Update static Autodiscover internal DNS entry to Exchange 2010 CAS created in Step 2. Test Outlook autodiscover on a workstation that has had DNS updated (ipconfig /flushdns).

3. If you do not have a Subject Alternative Name (SAN) field in the e-mail certificate from your certificate provider then you will need to obtain new one, specifying audtodiscover. as Subject Alternative Name (SAN).

4. Install Cert on ISA Servers.

5. Log on to ISA Server.

6. Open ISA Server management.

7. Right-click the current rules you use for OWA and select Copy.

8. Right-click the same rule and select Paste.

9. Look at Properties of new rule.

10. Under General tab rename to Outlook Autodiscover (or something that is relevant to yoru current naming system). Update Description.

11. Under Paths tab remove all and add /autodiscover/*

12. Under Public Name tab ensure only is listed.

13. Go to Actions > New > Exchange Web Client Access Publishing Rule

14. Name the rule Federation Autodiscover. Hit Next.

15. Select Exchange Server 2007 with Outlook Anywhere ticked. Hit Next.

16. Publish a single Web site. Hit Next.

17. Under Paths tab remove all /autodiscover/* and add /ews/mrsproxy.svc, /ews/exchange.asmx/wssecurity, /autodiscover/autodiscover.svc/wssecurity and /autodiscover/autodiscover.svc.

18. Under Public Name tab ensure only is listed.

19. Create test exchange mail account of [email protected]

20. Test autodiscover from . Choose Outlook Autodiscover and use account created in Step 19.

21. Log on to EXCHANGE2010CAS.

22.Open the Exchange Management Console (EMC) and select the Organization Configuration node.

23. In the Actions pane, select New Federation Trust.  The New Federation Trust wizard will run.

24. Click New to form the new trust with the Microsoft Federation Gateway.  The wizard will create a new self-signed certificate called Exchange Delegation Federation with the subject name of Federation.  The Federation and SMTP services will be assigned to this certificate, but it will not change the default SMTP certificate.  The Microsoft File Distribution service will automatically copy and install this self-signed certificate to all of your Exchange 2010 client access servers.

25. Click Finish to close the wizard.

26. Open Exchange Management Shell (EMS).

27. Type Get-FederatedDomainProof -DomainName (this will return a long “proof” which looks something like: whTGGuUq0D3000000OCp+yuXumHYBR5NooooooWB7sZZo0NSmHwo2DR0ooooookyCjHtSU26Vy7rkK000000Fw==)

28. Type Get-FederatedDomainProof -DomainName (again this will return a long proof similar to the one above)

29. Request your ISP create 2 DNS TXT entries. They are with the Data field being the proof retrieved in Step 27, and with the Data field being the proof retrieved in Step 28.

Once this has been completed and has replicated you can proceed to step 30.

30. In the EMC on EXCHANGE2010CAS navigate to Hub Transport in the Organization Configuration node.

31. Click the Accepted Domains tab and click New Accepted Domain in the Actions pane.

32. Enter Exchange Federated Delegation for the Name and enter for the Accepted Domain, then click New.  (This new authoritative accepted domain will never be used by users – it is only used by the federated trust.). Click Finish.


33. Click the Organization Configuration node and select the Microsoft Federation Gateway trust under the Federation Trust tab. Click Manage Federation in the Actions pane.  You will see the current federation certificate status.  You can click Show distribution state to check that the federation certificate is installed on all Exchange 2010 client access servers.

34. Click Next to bring up the Manage Federated Domains window.

35. Click Add and select the Microsoft Federated Trust accepted domain you created in Step 19.


36. Click Next and Manage to configure Microsoft Federated Trust.  When the configuration is successful you will see the federation trust has an Application Identifier and Application URI.


(If the TXT records you created in Steps 27 & 28 are incorrect or have not propagated yet to the Microsoft Federated Gateway server, you will get the following error: Proof of domain ownership has failed. Make sure that the TXT record for the specified domain is available in DNS. The format of the TXT record should be “ IN TXT hash-value” where “” is the domain you want to configure for Federation and “hash-value” is the proof value generated with “Get-FederatedDomainProof -DomainName”.
The proof of domain ownership is not valid or is missing.)

Now that the federated trust has been created and then validated by the MFG, you can create organization relationships. These are the federation sharing policies that determine what is shared with whom.

37. Click the Organization Relationships tab on the Organization Configuration node in the EMC.

38. Click New Organization Relationship in the Actions pane.  The New Organization Relationship wizard will start.

39. Enter External Company Organization Relationship (or whatever unique name you choose, this is not externally relevant).

40. Select the Enable free/busy information access checkbox and specify Free/busy access with time, plus subject and location.


41. Add domains and to federate with, then click Next and include ALL domains at the external company that you wish to see Free/Busy information for.

42. Click New.  The organization relationship has been successfully configured should be listed under the Organization Relationships tab.  Sharing Enabled and Calendar Enabled will show as True.

43. Complete Steps 38-42 for any other organisations you need to federate with.

44. Ensure other agencies have created the Organization Relationship at their end, test viewing free / busy info.


(As a side note, after creating the Mail Federation Gateway I found that the Exchange 2010 CAS box showed Application Log error:

4002 Error “MSExchange Availability”

“Process 4780: ProxyWebRequest IntraSite from [email protected] to failed. Caller SIDs: NetworkCredentials. The exception returned is Microsoft.Exchange.InfoWorker.Common.Availability.ProxyWebRequestProcessingException: System.Net.WebException: The request failed with HTTP status 401: Unauthorized.”

I thought that EWS was a strange request for the Mail Cluster so ran


To see if the MAIL cluster had been accidentally configured as a CAS.

I got a response and could see that although MAIL wasn’t set up as a CAS, one of the Exchange 2007 boxes (EXCHANGE2007-02) had as its internal EWS URL (the MAIL cluster had no CAS roles installed). I then ran

get-webservicesvirtualdirectory -server EXCHANGE2007-02 | fl

to discover that the full path was

Finally I ran

set-webservicesvirtualdirectory -id “ EXCHANGE2007-02\EWS (Default Web Site)” -InternalUrl

to update the “InternalURL” field. This resolved the issue.)

Posted in Guides Tagged with: , , ,

Add additional DNS server to Windows Server 2008 Core NIC configuration

An issue occurred at a previous employer whereby a Server 2008 (Core) Hyper-V server had been set up with only a primary DNS server on both NICs. This may have resulted in an issue if the DNS server went down (or even if it was rebooted). I raised a change to add a secondary DNS server and have documented the steps here to show how a simple admin task can often go awry.

My change documentation included 4 simple steps:

1. Log on to server VMHOST03.

2. At the command prompt type

netsh interface ipv4 add dnsserver name=”LAN HOST VM1″ address= index=2

3. Then

netsh interface ipv4 add dnsserver name=”LAN HOST VM2″ address= index=2

4. Finally run ipconfig /all to be sure the DNS server entry has been appended to the current list and has not overwritten the current entry.

However, the implementation was not as straightforward as I hoped, as error “The filename, directory name, or volume label syntax is incorrect.” kept coming back. After much tribulation I discovered that the issue was with the name of the NICs (I assume the spaces in the name of the NICs was the problem). It also turned out that the NICs and their descriptions were set wrongly; Ethernet adapter LAN HOST VM1 had a description of PhysicalNIC2 and Ethernet adapter LAN HOST VM2 had a description of PhysicalNIC1. With this in mind I decided to change LAN HOST VM1 to NIC2 with the command:

netsh int set int name=”LAN HOST VM1″ newname=NIC2

and LAN HOST VM2 to NIC1 with the command:

netsh int set int name=”LAN HOST VM2″ newname=NIC1

I then ran the command

netsh interface ipv4 add dnsserver name=NIC1 address= index=2

and then

netsh interface ipv4 add dnsserver name=NIC2 address= index=2

This was successful and the relevant portion of the ipconfig /all output then displayed:

Ethernet adapter NIC2:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : PhysicalNIC2
Physical Address. . . . . . . . . : 00-23-7D-FC-B4-87
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::6565:51d6:775c:642b%11(Preferred)
IPv4 Address. . . . . . . . . . . :
Subnet Mask . . . . . . . . . . . :
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . :
Primary WINS Server . . . . . . . :
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter NIC1:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : PhysicalNIC1
Physical Address. . . . . . . . . : 00-23-7D-FC-B4-86
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::f865:2dee:3c72:1def%10(Preferred)
IPv4 Address. . . . . . . . . . . :
Subnet Mask . . . . . . . . . . . :
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . :
NetBIOS over Tcpip. . . . . . . . : Enabled

Posted in Guides Tagged with: , ,

Exchange Routine Checks

It is recommended to have a daily automated (or manually triggered) task to check the status of your Exchange infrastructure. One of the many benefits of Windows PowerShell is the ability to easily script some quite complex tasks.

Microsoft have made a lot of documentation available on the recommended steps you should take in order to keep on top of any potential Exchange issues, most relevant would be Exchange Server 2007 or Exchange Server 2010. You can also use the guide here as a template to interrogate your Exchange 2010 infrastructure.

Posted in Guides Tagged with:

Create a test copy of a live website with database back-end

This guide describes the process followed to create a copy of a logging system called TalkBox, however the steps should be similar for any database system with a web front-end. Obviously you shouldn’t make any changes to a live system.

The steps for the database restore are related to SQL Server Enterprise Manager on SQL Server 2000, newer versions of SQL Server follow similar procedures but the terminology may be slightly different.

There are 2 main steps required to complete this process: 1. Making a copy of the database, and 2. Replicating the website.

To make a copy of the database:

1. Connect to database server.

2. Locate backup file (or backup the database if no file exists), make note of the backup file size. Ensure disk you plan to create database on has enough free space for the restore.

3. Open SQL Server Enterprise Manager and authenticate.

4. Navigate to Microsoft SQL Servers > SQL Server Group > (Local) Windows NT and Right-click on Databases, select All Tasks and then Restore Database.

5. Select From Device, Select devices and then Add and input the filename of the most recent database backup. Press OK, OK and then change the Restore as Database field to the name of the new database (in my example it was talkBox_test).

6. Press OK to restore database to new location.

To make a copy of the web front-end:

1. Connect to web server.

2. Open IIS and browse to ComputerName > Web Sites

3. Right-click on the Web Site you wish to copy and go to Properties > Home Directory. Make a note of the local path.

4. Right-click again and go to All Tasks > Save Configuration to a File.

5. Browse to the path obtained in Step 3. Check the properties of the folder and make a note of the size, ensure the disk has enough space for another copy of this folder.

6. Create a new directory with the name of the website you are creating. Copy contents of old directory into this folder (in my example the contents of D:\inetpub\TalkBox were copied to D:\inetpub\TalkBoxTest).

7. Check NTFS permissions of the new folder and change them to ensure they match those of the old folder.

8. Update the 3rd line of file SERVERNAME\WebSiteFolderLocation\ConfigXML\Config.xml (in my example this file is \\Server01\D$\inetpub\TalkBoxTest\ConfigXML\Config.xml) so the parameter appdb label=”Database” matches the name specified in the Restore as Database field in Step 5 of the database restore above (in my example this line now reads talkbox_test).

9. Go back into IIS, right-click on ComputerName > Web Sites and select New > Web Site (from File). Choose the file you saved in Step 4. Read file and then press OK and then Create a new site. The website will appear as a website with the same name and will be stopped.

10. Right-click on the new website you have created and go to Properties.

11. Under the Web Site tab, update Description so it relects the name of the new site, then click Advanced and change the host header values so they reflect the new name of the website

12. Under the Home Directory tab, change the local path to that of the path from Step 6. Press Apply and then OK.

13. Right-click and Start the website.

Finally create a new CNAME record in the Forward Lookup Zone in DNS to map the name of the website to the FQDN of the server.

Posted in Guides Tagged with: ,

Managing Exchange 2007 and 2010 Servers from the same machine

As the Exchange 2007 and 2010 technologies are markedly different, you can only manage Exchange 2007 servers from the Exchange 2007 Exchange Management Console (EMC) and Exchange 2010 servers from the Exchange 2010 EMC. Fortunately you can install both the Exchange 2007 and Exchange 2010 Management tools on the same machine.

This should only be performed on a workstation, as installing conflicting management tools on an Exchange server can cause issues. This guide has been tested on Windows XP and Windows 7 workstations.

You will need install disks for Exchange 2007 and Service Pack 2 for Exchange 2010 in order to complete this successfully. The process will run faster if you copy the contents of the install disks to a local folder such as C:\Temp\. The instructions below assume you have copied the Exchange 2007 setup files to C:\Temp\Exchange 2007\ and the Exchange 2010 Service Pack files to C:\Temp\Exchange 2010\.

The first step is to install the Exchange 2007 Management Tools.

1. Run C:\Temp\Exchange 2007\Setup.exe as Administrator.

2. Accept the license agreement > Next > Next.

3. Custom Exchange Server Installation > Next.

4. Management Tools > Next > Install > Finish > Close.

Once this is completed you can move on to install the Exchange 2010 Management Tools.

1. Run C:\Temp\Exchange 2010\SP2\Setup.exe as Administrator.

2. Select Choose Exchange language option then Install only languages from the DVD.

3. Hit Step 4: Install Microsoft Exchange

4. Wait for the files to copy and then Next > Accept the terms > Next > Next > Custom > Next.

5. Select Management Tools > Next > Install.

6. Wait for software to install then hit Finish

If for any reason you update the service pack on the servers, you will need to upgrade your client machine too.


This article has been created with the assistance of page

Posted in Guides Tagged with: ,

Manually synchronising WSUS

This guide was created to be used on a Windows Server 2003 machine with the WSUS role installed.

There should be an automatic synchronisation of WSUS updates which runs every morning. However when planning on installing Windows Updates on servers you may wish to run a manual update to ensure the most recent patches are pulled down.

To do so:

1. Log on to your WSUS server.

2. Click on WSUS on the desktop or run Start > Run > Adminstrative Tools > Microsoft Windows Server Update Services

3. Go to Update Services > ServerName > Synchronizations.

4. Right-click on Synchronizations and choose Synchronize Now.

Posted in Guides Tagged with:

Obtain RAM information from a Windows machine without opening the case

This guide will work on all machines running Windows XP or newer.

To get DIMM location and capacity (in bytes) of all memory sticks in a machine run:

wmic MEMORYCHIP get banklabel, capacity, caption, devicelocator, partnumber

at a command prompt.

Posted in Guides Tagged with:

Using Robocopy to manually manage backups

This guide was created for a call logging system which generated thousands of audio files every day. It ran on an old Windows XP PC and all of the files were saved to a local disk. There was a manual copy process in place to archive all files older than 3 months to a NAS box, but I found a Robocopy batch job to be far more efficient (as WIndows Explorer crashes when dealing with thousands of files). In the future I would like to fully automate the script, so that the month values don’t need to be amended.

The audio files were stored under folder D:\Temp\recordings\, the NAS box has IP First of all move all files to be backed up into their own folder:

1. Navigate to D:\Temp\recordings with a command prompt.

2. Run MKDIR 01-Jan (or whatever the month you need to archive is).

Then use ROBOCOPY to move the required files into the folder created:

3. ROBOCOPY “D:\Temp\recordings” “D:\Temp\recordings\01-Jan” /MOV /MINAGE:91 /MAXAGE:125 

(you will have to work out how many days have elapsed since the month you are archiving has passed).

Finally archive the files off to the NAS box:

4. ROBOCOPY “D:\Temp\recordings\01-Jan” “\\\Archive\01-Jan” /MOV


You can find more information at technet or by running Robocopy /?

Posted in Guides Tagged with: