Saturday, December 13, 2008

Microsoft HMC 4.5 Deployment Walkthrough - Does it Work


Microsoft's HMC 4.5 Deployment Walkthrough is an excellent document and I could say that it does work.

I found some minor little errors in the doc but none that were significant enough for a person with a good level of experience with the various Microsoft products to be able to recognize and get past.
There are doubters of course as to whether or not the deployment walkthrough actually will guide someone through installing their hosted Exchange 2007 environment. I did not build hosted communications or hosted sharepoint, only hosted Exchange.

My deployment did not match the deployment walkthrough exactly. And this fact is a testament to how well Microsoft has put together this iteration and release of the hosted messaging and collaboration. I build the infrastructure with the following servers, and believe me more will be added, but at this moment after just completing the install and applying my real SAN cert (not the SSL certs I generated on my own internal root certificate CA server).

Particularly in the domain controller department, I sped through the deployment by using only one domain controller. I'll be adding another this week and preparing for our first customers. I have 9 servers in total with a build out expected in the near future to include more servers to expand and increase performance and redundancy. Very soon and firstly, within a day or so I will have reached 10 servers for this HMC 4.5 deployment by simply adding another domain controller which is an absolute must and critical that it's deployed as soon as possible. Running with one DC is a recipe for a disaster (as we all know). When that server is added to the environment, the number of servers will be a consolidated 10 (ten) servers for this hosted Exchange HMC 4.5 solution deployment.

This is a consolidated hosted messaging and collaboration HMC 4.5. It was an accident that I created it as such and did start my work building the HMC 4.5 deployment from the consolidated HMC 4.0 deployment guide (an unofficial guide). I have for servers the following (names and roles to be added later):

There have been some grunting and groaning about Microsoft's deployment walkthrough document but I have to say it worked. The deployment walkthrough and in a consolodated design worked. This is my first install of the messaging and collaboration solution of any version. My HMC 4.5 deployment works with a minimum of servers (that will be scaled out to accommodate real production use). Overall, except for some minor issues the document does what's expected; provide a guide and example of a hosted solution installation and deployment. They cannot in a single document explain SQL, Exchange inner workings, or even the provisioning system in detail. This also make handy use of weeding out those who should not yet be deploying. A very experienced person with Microsoft products will find many of the steps easy to accomplish but a not so seasoned person will find the document and steps to accomplish the tasks not so helpful because every step of let's say, making changes or additions in active directory, are not explained or spelled out.

I saw that as I was working through the doc. I could see points that would make people give up because they can take a left turn during the walkthrough deployment and it will cost them dearly. I had one of those nearly deathly turns with the deployment of SQL report server. This is an area that I am familiar with but don't work with this particular product everyday and it showed as I worked through the deployment steps I had to verify to myself several times before taking action that it was the right thing to execute or do. My report server component of SQL installed without the databases it needed. Who knows why? Before this deployment I had another going that I scrapped for other reasons but the report server databases installed. In this round, they did not. I kept the abandoned deployment and used the datebase from that installation by exporting it and importing it. Although I believed I did the same thing as the first install and I was reading and working from the same Microsoft walkthrough deployment guide document, the install was different. I managed to get myself through the problem but several days were certainly lost.

Perhaps in another post I can mention my experience with the SAN (Subject Alternate Name) Unified Communications cert.

This deployment is not for everyone and everyone should not be deploying it. The document for the walkthrough deployment from Microsoft is excellent. Sure, there could have been more detail but the document is not meant to provide every step along the way. Microsoft has to assume and expect there will be some level of expertise and knowledge induced into the installation by the installer, Microsoft can't and should not put it into one single document. I wish I had noted the minor errors I found in the doc so I could send them to Microsoft for document correction. Again, without enough or the right amount of knowledge, those little errors could be devastating. For the smokey room conspirator theory folks who may be reading this post, who think Microsoft is evil, here's something to think about; perhaps Microsoft put those little errors in the document by design, ...hmmm... , purposefully weed out companies from the hosted game ... a selective or survival of the fittest process.

Microsoft did a great job with the HMC 4.5 document. Using it I was able to deploy a hosted Exchange 2007 server environment. I absolutely do not claim to be an expert in the multi-tenant Exchange environment but I surely have more than a foot in the door of learning and experiencing much more about it.

I just recently finished testing Outlook Anywhere functionality with the 4.5 HMC Exchange environment using a fictitious organization but a real domain using real DNS servers. The functionality works pretty darn good. Once again, Microsoft did an excellent job with the document and deployment guide walkthrough. The clients find the autodiscover redirect site then get sent to the autodiscover site within the hosted solution. Once there, they get their configuration data, logon, and up come the mailbox. It's fantastic the way Microsoft has put this together.

If during the testing phase of the deployment you have issued certificates to the autodiscover web site and internally to your Exchange servers using a root CA authority you built and is not a public root CA. A tip I could give to people who might be at this part of their deployment walkthrough and testing their Outlook Anywhere capabilities is to be sure to import the root CA certificate into the trusted root store for the user at the remote computer looking to connect with Outlook Anywhere. The symptoms are that Outlook finds the autodiscover web site, the user logs on, all seems well but the mailbox for the user does not load. A message similar to the following. "the profile is not configured" or " be sure you can connect to your exchange mailbox" .

The deployment guide actually states that Outlook Anywhere will not work without certs installed and applied to the web sites involved, and this I proved but a temp work around that will only be good for testing is to import the root certificate of the certificate authority server into the users root certificate store. It does not have to be the computer certificate store. This will allow the mail box to load into Outlook for the remote test user but until the real certificate is used (a public SAN UC SSL certificate), the user will be constantly prompted for a password. So Microsoft is right, without certificates the solution will not work for a real deployment of Hosted Exchange HMC 4.5.


Link to this site and/or post please if you've found it at all useful. Use the following URLs, thank you.

Thursday, August 07, 2008

You do not have permission to send to this recipient. Relay access denied.

You do not have permission to send to this recipient.

You do not have permission to send to this recipient. Relay access denied

I had this message come up in NDR reports for every account that was trying to send email out of a local domain to an Internet email recipient (basically everyone not in your company). There are indeed many sites that present a reason and solution for this but not many at all present the obvious that may have occurred on the Exchange server that's causing this problem.

If there are many hands in the pot at an office you support and suddenly you have an Microsoft Exchange server that's acting up and now on can send email and the message is similar to the following:

You do not have permission to send to this recipient. For assistance, contact your system administrator. : Relay access denied

The relay access is denied is the key to solving this email sending problem with Exchange. This doesn't mean that the server is blacklisted or is an open relay or somehow has been compromised and this message is in fact coming from your email server. the email never makes out of the Exchange box itself. You could waste time in logs trying to determine why it's bouncing but the simple solution is that the domain users have been denied, or stated differently, have been prevented from sending email.
The solution for this is not as complicated although there could be some other problems that led someone to tamper with these settings in the first place and maybe set them improperly. In Exchange 2003, if your getting "You do not have permission to send to this recipient" "Relay access denied", check that your users have permission to send. This setting can be found in Exchange System Manager under Default SMTP virtual server. Right click the virtual server and choose properties. The click the Access tab at the top.

Then Click the Authentication button.

Then click the Users button.

Make sure you enable Relay Permission for your users. In the case where I was getting these NDRs, the Authenticated users group was displayed with the Relay Permission enabled but that wasn't enough. I added the Domain Users group and enabled relay for the group. Save your changes and give it a try.

Saturday, April 05, 2008

Servers, Workstations and Networks, oh MY!: Netgear PS121 Print Server - USB to LAN

Servers, Workstations and Networks, oh MY!: Netgear PS121 Print Server - USB to LAN

I'm the only that thinks these desktop to network print server aren't bad. This is a very nice adition to any small home network or small company network. Although the cost of network printers, that is, printers that come with a built in network card have dropped, it re-asuring to know that the printers already owned by an individual or a small company that are connected via USB to a computer in the office can easily be converted to a network printer and more easiliy sharable and accesable to the other computers on the network.

Thursday, March 20, 2008

Barracuda Email Spam Filter

I have to admit that I'm a fan of software based anti-spam applications versus appliance. I've used Network Associates and Symantecs software programs to block and stop spam from reaching Exchange email servers. The Barracuda spam filter is an appliance that I've installed on numerous occasions and have found that the installation is always less complicated than those applications that need to be installed directly on an email server.

For those of you that have the pleasure of having to install applications on Exchange box, you know you have to take that deep breadth and get a little psyched because as you know, anything could go wrong.

With an appliance there is much less pressure in regards of worrying that you'll lose a sever in the process. Just rack and configure ip addressing and your off. With some tweaks, the appliance is doing it's job. The one thing I absolutely do not like about this spam appliance in particular, and there could be others that don't suffer from the same lack of feature, is that it has no integration at all with Active Directory.

Saturday, February 16, 2008

VMware Boot From ISO Image


One of the nice features of VMware workstation is the feature that gives the user of the the software the ability to boot from an ISO image. This is a great feature and another display of some of the great thought put into this application.

If the computer on which VMWare workstation doesn't have a DVD player for example, the ISO image stored on the hard-drive of the host computer or on a network drive can be used to start the installation. The ISO image is read and if it's the installation media for Vista for example, the installation begins.

The guest operating system once installed and during the installation doesn't even "know" that's it's being run virtualized. This is a wonderful feature of VMWare workstation and I often find myself asking why didn't this solution come out many years ago as it's a terrific aid for testing and support of applications. With seperate operating sytems, virtual of course, tests can be run much easier as there's realy no restore to perform or drive swapping like in the old days to bring the system back to a state for a re-test.

Computer remote support software

Conferencing And Collaboration - With LiveMeeting

Microsoft LiveMeeting has a new version and some great new features to go with it.

Sign-up for a demo:

LiveMeeting Demo

Read White Paper:

Conferencing and Collaboration White Paper

LiveMeeting 2007 also has an Outlook add-on that allows you to send invitations in Outlook for online conferences. Microsoft LiveMetting is part of Microsoft's 365 Online Cloud application offering.

Remote support on the web is can also be found in a cloud based or Internet based access for clients and technicians. Software applications have changed so much that the cloud or SaaS providers can offer all applications that were once only found locally installed on the enterprise or small medium business network own hardware. Vitalization and multi-tenant applications and server services such as Active Directory and other services such as Microsoft Exchange email mailboxes.
Web based remote support software which began as a customer premisss installed application for computer remote control changed to a hosted solution very rapidly. Self hosted are installed applications for support still exist and flourish because the need to have a closed app, that it with no Internet access, is still la requirement in many offices which limit access to the Internet by many of their users. The most substantial difference is that once web based remote support required many firewall and router changes to be effected. That applied also to basic computer remote control access as well.
As time went on,. there has been a lesser need to change firewalls or router configuration for Internet based remote support software to function. This has created a huge technical support industry for just supporting the technical industry. This is a form of technology supporting technology. Remote support software has made a huge difference in how small and medium businesses are supported and with cloud computing taking one more and more of the daily hardware architecture for many businesses, remote support software is the way they are supported. Cloud based hardware or IaaS, Infrustucture as a Service, is part of the cloud solutions and remote support software often is built into many of these solutions.

Although Microsoft does not characterize or market their Microsoft Meeting product as web based remote support software, the software has the ability to help people assist each other. It has screen sharing capabilities and meant for online conferencing and online meetings but the fact that remote access and computer sharing options are available, web based remote support software is a feature of the application, possible and works very well. It's would be a solution that's not only useful for online collaboration but also for technical support when needed although it's primary function and purposed is not for remote support.

Computer & Networking News and Reviews: Remote Support Software Solution

Computer & Networking News and Reviews: Remote Support Software Solution

Microsoft LiveMeeting

I had the luck to see not only a demo of Microsoft's newley updated online application for collaboration, conferencing, and support but it was used for real in a support session whilst wowrking with a client to resollve some applciation issues on one of their server.

The application was a document imaging and database application purchased in an effort to help the office go paperless and their were some issues that were being logged and tracked. After some time had elapst, the support group for the application wanted to login to the server remotely to take a look and to apply some fixes to help resolve the problem the customer was having with their desktop software.

The issue was feezing and without the use of the applciation is full force roll-out yet, this was considerably odd behavior. The computer support company logged in using Livemeeting from Microsoft and we gave them access tot he server for remote support. the software worked grweat and very quick, the support group was able to access all aspects of the server and we still maintained control of the server's desktop keyboard and mouse movements too.

Sign-up for a demo:

LiveMeeting Demo

Read White Paper:

Conferencing and Collaboration White Paper

Conferencing, Collaboration and Support

Supporting Technology with Technology.

Supporting Technology with Technology

Microsoft LiveMeeting has a new version and some great new features to go with it.

Sign-up for a demo:

LiveMeeting Demo

Read White Paper:

Conferencing and Collaboration White Paper