Saturday, December 13, 2008

Microsoft HMC 4.5 Deployment Walkthrough - Does it Work





Share/Save/Bookmark




Microsoft's HMC 4.5 Deployment Walkthrough is an excellent document and I could say that it does work.


I found some minor little errors in the doc but none that were significant enough for a person with a good level of experience with the various Microsoft products to be able to recognize and get past.
There are doubters of course as to whether or not the deployment walkthrough actually will guide someone through installing their hosted Exchange 2007 environment. I did not build hosted communications or hosted sharepoint, only hosted Exchange.

My deployment did not match the deployment walkthrough exactly. And this fact is a testament to how well Microsoft has put together this iteration and release of the hosted messaging and collaboration. I build the infrastructure with the following servers, and believe me more will be added, but at this moment after just completing the install and applying my real SAN cert (not the SSL certs I generated on my own internal root certificate CA server).


Particularly in the domain controller department, I sped through the deployment by using only one domain controller. I'll be adding another this week and preparing for our first customers. I have 9 servers in total with a build out expected in the near future to include more servers to expand and increase performance and redundancy. Very soon and firstly, within a day or so I will have reached 10 servers for this HMC 4.5 deployment by simply adding another domain controller which is an absolute must and critical that it's deployed as soon as possible. Running with one DC is a recipe for a disaster (as we all know). When that server is added to the environment, the number of servers will be a consolidated 10 (ten) servers for this hosted Exchange HMC 4.5 solution deployment.


This is a consolidated hosted messaging and collaboration HMC 4.5. It was an accident that I created it as such and did start my work building the HMC 4.5 deployment from the consolidated HMC 4.0 deployment guide (an unofficial guide). I have for servers the following (names and roles to be added later):


There have been some grunting and groaning about Microsoft's deployment walkthrough document but I have to say it worked. The deployment walkthrough and in a consolodated design worked. This is my first install of the messaging and collaboration solution of any version. My HMC 4.5 deployment works with a minimum of servers (that will be scaled out to accommodate real production use). Overall, except for some minor issues the document does what's expected; provide a guide and example of a hosted solution installation and deployment. They cannot in a single document explain SQL, Exchange inner workings, or even the provisioning system in detail. This also make handy use of weeding out those who should not yet be deploying. A very experienced person with Microsoft products will find many of the steps easy to accomplish but a not so seasoned person will find the document and steps to accomplish the tasks not so helpful because every step of let's say, making changes or additions in active directory, are not explained or spelled out.


I saw that as I was working through the doc. I could see points that would make people give up because they can take a left turn during the walkthrough deployment and it will cost them dearly. I had one of those nearly deathly turns with the deployment of SQL report server. This is an area that I am familiar with but don't work with this particular product everyday and it showed as I worked through the deployment steps I had to verify to myself several times before taking action that it was the right thing to execute or do. My report server component of SQL installed without the databases it needed. Who knows why? Before this deployment I had another going that I scrapped for other reasons but the report server databases installed. In this round, they did not. I kept the abandoned deployment and used the datebase from that installation by exporting it and importing it. Although I believed I did the same thing as the first install and I was reading and working from the same Microsoft walkthrough deployment guide document, the install was different. I managed to get myself through the problem but several days were certainly lost.


Perhaps in another post I can mention my experience with the SAN (Subject Alternate Name) Unified Communications cert.





This deployment is not for everyone and everyone should not be deploying it. The document for the walkthrough deployment from Microsoft is excellent. Sure, there could have been more detail but the document is not meant to provide every step along the way. Microsoft has to assume and expect there will be some level of expertise and knowledge induced into the installation by the installer, Microsoft can't and should not put it into one single document. I wish I had noted the minor errors I found in the doc so I could send them to Microsoft for document correction. Again, without enough or the right amount of knowledge, those little errors could be devastating. For the smokey room conspirator theory folks who may be reading this post, who think Microsoft is evil, here's something to think about; perhaps Microsoft put those little errors in the document by design, ...hmmm... , purposefully weed out companies from the hosted game ... a selective or survival of the fittest process.

Microsoft did a great job with the HMC 4.5 document. Using it I was able to deploy a hosted Exchange 2007 server environment. I absolutely do not claim to be an expert in the multi-tenant Exchange environment but I surely have more than a foot in the door of learning and experiencing much more about it.


I just recently finished testing Outlook Anywhere functionality with the 4.5 HMC Exchange environment using a fictitious organization but a real domain using real DNS servers. The functionality works pretty darn good. Once again, Microsoft did an excellent job with the document and deployment guide walkthrough. The clients find the autodiscover redirect site then get sent to the autodiscover site within the hosted solution. Once there, they get their configuration data, logon, and up come the mailbox. It's fantastic the way Microsoft has put this together.

If during the testing phase of the deployment you have issued certificates to the autodiscover web site and internally to your Exchange servers using a root CA authority you built and is not a public root CA. A tip I could give to people who might be at this part of their deployment walkthrough and testing their Outlook Anywhere capabilities is to be sure to import the root CA certificate into the trusted root store for the user at the remote computer looking to connect with Outlook Anywhere. The symptoms are that Outlook finds the autodiscover web site, the user logs on, all seems well but the mailbox for the user does not load. A message similar to the following. "the profile is not configured" or " be sure you can connect to your exchange mailbox" .

The deployment guide actually states that Outlook Anywhere will not work without certs installed and applied to the web sites involved, and this I proved but a temp work around that will only be good for testing is to import the root certificate of the certificate authority server into the users root certificate store. It does not have to be the computer certificate store. This will allow the mail box to load into Outlook for the remote test user but until the real certificate is used (a public SAN UC SSL certificate), the user will be constantly prompted for a password. So Microsoft is right, without certificates the solution will not work for a real deployment of Hosted Exchange HMC 4.5.



Share/Save/Bookmark




Link to this site and/or post please if you've found it at all useful. Use the following URLs, thank you.

http://remotesupportpc.blogspot.com/

http://remotesupportpc.blogspot.com/2008/12/microsoft-hmc-45-deployment-walkthrough.html












11 comments:

Anonymous said...

Nice post, thank you. I was looking for some source and information to in the least confirm that a consolidated HMC 4.5 is possible. There's one for HMC 4.0 but not for this version.

Anonymous said...

thanks.

comoputer help said...

Hosted Messaging and Collaboration 4.5 offers Office Communicator Server and enhanced messaging services. Nice information about HMC 4.0. well job for it support services. thanks

Anonymous said...

I'm fighting through a HMC 4.5 deployment now. I will say that the documentation leaves a little bit to be desired, especially if you are deploying 2008 DC's. So far so good. We'll see if it actually works for us. :)

WebBanshee said...

Hi, we just built 2 HMC 4.5 platforms recently.A test and a production platform.I say honestly this was the first time for me i got involved with HMC.The doucmentation is definitely on of the best from microsoft.Yes true there are minor errors ( i did not write them down as well and i wish i did : ) ).What i have experienced (after a lot of small and bigger problems), you need to be clear with your server environment, the certificates (that was all new for me, but very interesting, i am happy i can take part in that) loadbalancer (if you use one) etc.

HMC 4.5 is not like installing Win RAR, but the documentation is helpfull and step by step.With experience in an administrative environment it is a partner during the installation process.

Regards

Tony said...

Hi

I am one of the writers of HMC 4.5 documents. Could you please let me know the errors/issues inside so that we can update accordingly?

Thanks!

Tony said...

Hi

I am one of the HMC 4.5 document writers. Could you please let me know the issues inside the document?

Thanks!

Puppet said...

Hi webbanshi. I looked at your site and see that you have deployed HMC 4.5. Congratulations! It's not an easy task and the deployment and post support really dips into all experience you can throw in from past Microsoft exchange, server, server applications involved like SQL Operations manager,etc. and client side encounters. I saw your latest post regarding calendar sharing in OWA. That question comes up so often. There's an add-on to permit calendar sharing in OWA but I dare not try to install it in a hosted environment. One day with a lab in place I could try the add-on. I think it will make too many changes for me to stomach in one shot. If it blows up OWA then it will be a nightmare for many paying customers using the platform for email.


Tony, I had written some of the errors I found in the document down. It seems so long ago now. I don;t throw much out like that type of information so if the notes surface sometime I will gladly post them. Picture the almost typical buried in worked with too many project IT desk piled high with stuff, CD,books, papers, notebooks, etc. Although I try to keep my space neat and clean, organization does suffer. I didn't write them all down as I should have. After a few of them I thought I would not get through it all and just focused on working through issues as they arose. The errors were not sever and experience and knowing what the doc was talking about pulled me through as I was able to discern was was actually meant by an incorrect line, server name, reference, instruction, etc.

WebBanshee said...

Hi Puppet , Thx. Yep it took us about 4 weeks to set up the two platforms.(as you certainly now, there is always something unexpected happening - like certificate problems, my favorites are after the two latest rollups in jan/feb the SmtpDomainCacheTask and the CategorizerOverrideAgent.(#@Xđ!!).Since i did not rollup straight away the second one, started with the first roll up, i experienced problems because this two msi packages were 32bit (so on a 64bit server it is ofcourse installed in the worng path (Program Files (x86)), doing then the second rollup the location stays the same.We needed to uninstall/reinstall them through exchange powershell.Things are working fine now, but still some problems appear in the eventlog.Like SmtpDomainCache Task can still not create chache files properly when running the scheduled task.And a certificate which is certainly there in personal will not be recognized.Gave it access thorugh exchange powershell but did not help)

From my angel it would be the best to permit calendar sharing in OWA : )) But this would be worst case from customer and reseller site as the mail services have the most wight for them.And they share everything what just can be shared : ))

WebBanshee said...

Sorry there was a typo, i ment from my side it would be best to profibit calendar sharing in OWA , but that is of course not practicable as the customers need it and many of them live with this feature.

Regards

WB

IT services said...

The information you have mentioned is truly great. I like your blog very much. Thanks for posting it.