Many, many years ago I had a domain controller installed on a rather naughty IBM server. This server, as it turned out later, had some bad firmware on the drives which would cause occasional system oddities such as blue screening, hanging on boot, etc. I let it go for too long, but the issues were vague and infrequent; many a techie know the rut one can get into when it’s safer to leave well enough alone. That line of thinking is always a catch-22 and the server’s issues finally came to a head when it crashed the right files and my domain controller no longer thought that it was a domain controller.
What about backups you say? Well we had our handy-dandy untested disaster recovery backup from Arcserve, which turned out to require a special boot disk that needed to be made from the server in question before the disaster (this later turned out to be bogus anyway as I later found that even under the best lab circumstances I couldn’t get their worthless product to work). I was in a pinch so I called Microsoft support and somehow, over the course of the night, they were able to get the trashed Active Directory operational again. The call spanned between two shifts so the guy I talked to at the end of the call was not the same one from the beginning.
Compare that experience to my recent experience with my Exchange 2013 setup where, it appears, no one in the eastern hemisphere was given proper training on the issues that this product is prone to having. No one calls back in time, despite the use of cut-rate help, and if your support rep has an end of shift they may abadon you until the next morning. Don’t bother with web/phone support unless you’ve exhausted the list below.
- First and foremost, Exchange 2013 as released was a beta product. Cumulative update 1, made it seem like it was usable, but please be sure to install CU2 if you want a product that comes close to behaving! Before installing CU2 the ‘RPC over HTTP’ function was sketchy and I would get prompted for authentication when making a new profile, external users would work while internal ones would not, and running tests would result in ‘500 http’ web server errors in OWA and ‘X-CasErrorCode: ServerLocatorError’ when running the connectivity tester.
- After installing cumulative update 2 on two different servers, it failed to start both the transport service and the frontend transport service (while making sure to start ‘manual’ processes that we don’t use like unified messaging).
- The new Exchange control panel is a marvel to behold, and crap at the same time (much like Microsoft’s whole product portfolio at this point in time). If everything works it’s great, but when it comes time to set ‘internaluri’ and whatnot to the virtual directories it’s best to get familiar with the get/set functions for these in Powershell.
- Please make a note that the ‘Microsoft Exchange Service Host’ service has a nasty habit of resetting/changing the RPC folder settings in IIS. On one server it would change the backend RPC to point to the frontend folder and on another it would turn off all the SSL on the RPC folders. Why does it do this? No one knows, though Microsoft did tell me that this can be effectively managed if you go to the registry key ‘HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSExchangeServiceHost\RpcHttpConfigurator’ and set ‘PeriodicPollingMinutes’ to zero. However, if the server reboots, be sure to double check these settings again.
- Amateur mistake, but remember when migrating mailboxes keep in mind that it will eat up double the disk space of the source mailboxes until a backup can roll the logs off. Please note that backing up with DPM 2010 apparently does not count as a backup. (Also note that, for whatever reason, mailboxes get a 5-10% size boost when going from Exchange 2010 to 2013).
- Setup will make the proper ‘receive’ connectors, but not the send connector. When making it through the Exchange control panel, I had to uncheck ‘‘ so that my send connector would work properly.
- Another note is that within IIS, if you are not able to access Exchange properly through Outlook (but Outlook Web Access works), then it might also be that you are missing the ‘Negotiate’ provider for Windows Authentication. Just add/check it by right clicking on Windows Authentication under the virtual directories->Authentication applet and clicking advanced.
- One site had issues with Outlook hanging on the new message notification and a general slowness in trying to do anything else. Were it not for the niggling issues from the migration I might have turned on to the culprit sooner: Kaspersky.
- Of course I wonder how many places still run their single Exchange server in-house. I’d imagine that it’s getting to be a pretty lonely existence. If this is your situation: migrating a single Exchange 2007/2010 server to Exchange 2013, I should point out an issue with the SSL certificate. Chances are if you have one Exchange server, you have one, simple commercial SSL certificate as well, though even if you cheap out and use self-signing this issue still might apply. The issue is that once the users are migrated, and you then migrate the certificate, the Outlook profiles will need to be rebuilt – for every user. I am guessing that there are at least two possible work-arounds, though I haven’t tested them. One is to get a certificate with a different name, this way Outlook knows that it’s a different server and to re-do it’s security settings. Another idea is that it might be possible to migrate everyone to the new server, let Outlook catch the settings change (this part does work) and then move the certificate later (sketchy on how Outlook will behave here). The main issue with this is remote e-mail support since the old server cannot proxy to the new one (I believe?). Otherwise, without changing the profiles, end users will just get logon/credential prompts and not be able to access their e-mail.