This blog has been quiet for quite some time. I’m planning on adding more posts to it from now on.
In a hybrid mode with Exchange 2010 and when trying to send emails to on premises users the email was not getting delivered. No bouncebacks or errors, just no delivery.
I checked out the connector from 365 to on premises and when validating the connector by setting an email address of an on premises user, the validation failed with a STARTTLS error.
The problem was I had not assigned my webmail.domain.com certificate to the SMTP service in Exchange.
After assigning the certificate – Server Configuration – Right click the webmail.domain.com certificate – Assign to services – SMTP; email started being delivered to my on premises users.
I needed to run up a lab environment to test an Exchange 2010 hybrid. For this I needed certificates but I didn’t really want to purchase a SAN cert for what was to be a short period of testing.
This came to my rescue;
Creating an Exchange 2010 to Office 365 hybrid;
Login to your Office 365 tenancy – Admin – Exchange Admin – Hybrid – Configure
This downloads the hybrid configuration wizard (HCW). Do the above using IE, initially I used Chrome and I got an error when executing the exe after the download.
In first part the wizard detects the optimal Exchange server to use for the hybrid connection. In my case I only have a single Exchange 2010 server;
Enter your on premises account info to connect to Exchange (you can see I left the tickbox selected to use the credentials I was signed in with. And enter your global admin details for your 365 tenancy
The wizard collects some info and connects to Exchange on premises and Exchange online via PowerShell – then click next
I’ve chosen ‘Full Hybrid Configuration’ as I need fill free/busy, sharing and mail flow
Click ‘enable’ to create the federation trust
You will need to create a txt record in your DNS zone to prove domain ownership
After proving your domain ownership you are asked for information on the mail flow in the hybrid configuration. The default is good for my needs
You are then asked to select the hub transport server for the transport configuration. This is the server that weill host the send connectors for mail transport to Exchange online
You are then asked for the public IP of your hub transport servers. In my case this is a NAT to the internal Ex2010 server
You then need to choose your transport certificate. This needs to be a public cert
You then need to enter the FQDN of your Exchange org. This tells Office 365 where to send email bound for on premises users i.e. before users have been migrated. It creates an outbound connector in Exchange online.
On the next page you simply click update – in the background a number of powershell commands are run which do the all configuration work.
Microsoft have published new documentation on using ARM templates.
First impressions of this new documentation are good
Terraform – “Terraform enables you to safely and predictably create, change, and improve production infrastructure”
Using Terraform I was able to deploy a virtual machine, virtual networks, sql server and an sql database to Azure. It looks like a very useful tool for not only creating infrastructure via code in Azure but then also for adding/updating/removing pieces of that infrastructure (or deleting it entirely).
I only deployed a single VM with a single NIC but it seems simple enough to scale this number up, so with just a few lines of Terraform config we could deploy 100’s of virtual machines.
What Terraform does not do is any state configuration of those servers, so you’d end up with 100 vanilla Windows or Linux servers. So we would need another service to apply some configuration to the servers, something like Puppet, Chef or PowerShell DSC. These would be used to install software such as anti virus, monitoring agents, Octopus tentacles etc etc.
We have a hybrid Exchange setup with Exchange online. On premises is Exchange 2016.
Users who had been migrated to Exchange online could only see availability of other users and resources that were still on premises. A check of the organization relationship showed the following;
Run the below powershell on your on premises servers and look for the FreeBusyAccessLevel setting
Get-OrganizationRelationship | fl
FreeBusyAccessLevel : AvailabilityOnly
This was why migrated users could only see availabilty of on premises users and not any more detail. To change this use
Set-OrganizationRelationship -FreeBusyAccessLevel LimitedDetails
A single user in AD was not being synced to Azure AD via AAD Connect. All other users were syncing just fine. When looking at the account the attribute msExchRecipientTypeDetails was set to 2, which indicates a linked mailbox.
We used to use linked mailboxes but stopped doing so quite some time ago. Obviously this account got missed after we migrated all users into a single forest.
set-user -identity “useralias” -linkedmasteraccount $null
During an install of AAD Connect I received an error saying that there wasn’t an SPN set on the ADFS service account. Upon checking the user account I could see it did have an SPN set of host/sts.example.com.
Clicking retry on the ADFS install wizard got things going again and the install proceeded without any further problems.
Whilst promoting a Windows 2012R2 server to a domain controller it got as far as ‘Replicating the schema directory partition’ and then nothing else happened.
Now, this server has NetBios over TCPIP disabled which was causing the above problem. The quick answer to this is to use the long version of the username when entering the credentials for the domain controller promotion i.e. domainname.comadministrator and not domainadministrator
More info here https://support.microsoft.com/en-us/kb/2948052