Today I setup two brand new Exchange 2016 Servers running CU6. Created IP-Less DAG and multiple databases. I noticed that the databases Content Index State was Failed. I tried the usual

Get-MailboxDatabaseCopyStatus * | where {$_.ContentIndexState -eq “Failed”}

Get-MailboxDatabaseCopyStatus * | where {$_.ContentIndexState -eq “Failedandsuspended”}

Get-MailboxDatabaseCopyStatus * | where {$_.ContentIndexState -eq “Failed”} | Update-MailboxDatabaseCopy -CatalogOnly

Get-MailboxDatabaseCopyStatus * | where {$_.ContentIndexState -eq “Failedandsuspended”} | Update-MailboxDatabaseCopy -CatalogOnly

NONE of those worked.

RESOLUTION:

I changed the databases activation preferences from 1 to 2 on each of the hosting servers. Shortly after the databases began to crawl and then showed healthy.

Advertisements

Configuring Remote Desktop Passthrough Authentication

  1. Create a new GPO named RDP-Passthrough
  2. Edit the policy and navigate to “Computer Configuration->Policies->Administrative Templates->Windows Components->Remote Desktop Services->Remote Desktop Session Host->Security
  3. Set the “Require Use of specific security layer for remote connections” to enabled and choose “Negotiate” as the security layer
  4. In that same policy navigate to “Computer Configuration->Policies->Administrative Templates->System->Credentials Delegation
  5. Enable the setting “Allow delegating default credentials” and add your servers to the list. Examples below
    1. TERMSRV/192.168.1.100
    2. TERMSRV/*.domain.com
    3. TERMSRV/*
  6. Next select “Allow delegating default credentials with NTLM-only server authentication and list the same items you listed in Step 5
    1. TERMSRV/192.168.1.100
    2. TERMSRV/*.domain.com
    3. TERMSRV/*
  7. Save the policy and link it to any OU that has the servers in which you want Passthrough authentication configured.

Used this script to take ownership of profile folders and restore users access so it doesn’t break the roaming profile

takeown /F E:\Share\Profiles\USER /R /D Y
icacls “E:\Share\Profiles\USER” /reset /T
icacls “E:\Share\Profiles\USER” /grant:r “DOMAINNAME\Domain Admins”:(OI)(CI)F
icacls “E:\Share\Profiles\USER” /grant:r “System”:(OI)(CI)F
icacls “E:\Share\Profiles\USER” /grant:r “DomainName\User”:(OI)(CI)F
icacls “E:\Share\Profiles\USER” /setowner “DomainName\User” /T

Migrating users from an Exchange 2010 SBS server to Exchange 2016 I noticed that after one mailbox had completed the user was prompted to quit and restart outlook. But after the user did that nothing happened and their profile was still connected to the Exchange 2010 server. I tried to create a new profile but it wouldn’t complete giving me the infamous message

“Action cannot be completed. The connection to microsoft exchange is unavailable”

After double and triple checking my URL’s SCPs etc… I found that recycling the “MSExchangeAutodiscoverAppPool” service on the Exchange 2016 Server resolved the problem.

  1. Open IIS on the Exchange 2016 Server
  2. Click on Application Pools
  3. Right Click on “MSExchangeAutodiscoverAppPool”
  4. Choose Recycle

You can either recycle the app pool each time you migrate a mailbox or check out the MS KB that guides you through setting it up to recycle every minute.

https://www.iis.net/configreference/system.applicationhost/applicationpools/add/recycling

 

I wanted to take the time and write a migration guide for 2008 WSUS to 2016. This will involve using the Windows Internal Database on both WSUS Servers

Items needed

  1. SQL Server Management Studio 2008R2
    1. This will need to be installed on the 2008 WSUS Server
  2. SQL Server Management Studio 2012
    1. This will need to be installed on the 2016 WSUS Server

Migration Steps for 2008 WSUS

  1. Run SQL Management Studio AS ADMINISTRATOR
    1. For the Server Name use – \\.\pipe\mssql$microsoft##ssee\sql\query
    2. Click on Connect
    3. WSUS-SQL1
  2. Find the SUSDB and back it up. Select “Copy-only Backup” and add a location destination with enough space to store it then click OK
    1. WSUS-SQL2
    2. WSUS-SQL3
  3. Once the backup is finished copy it over to the new 2016 WSUS Server
  4. Copy the WSUS content from the 2008 server to the 2016 server. I did this by running a robocopy script from the 2008 server
    1. robocopy.exe E:\WSUS \\2016-wsus\E$\wsus *.* /E /B /XO /ZB /NP /log:c:\service\WSUSlog.txt /R:2 /W:5 /MT:64 /SEC /SECFIX /A-:SH
  5. Once that data is finished copying over you are done with the 2008 WSUS Server.

Migration Steps for 2016 WSUS

  1. Install SQL Server Management Studio 2012
  2. Install WSUS, and specify a content directory. Reboot (In my case E:\WSUS was the same on both servers)
  3. Run SQL Server Management Studio AS ADMINISTRATOR and for the Server Name use the following and click on connect
    1. \\.\pipe\mssql$microsoft##ssee\sql\query or \\.\pipe\MICROSOFT##WID\tsql\query
    2. Note – If you cannot connect to the database start the “Windows Internal Database Service”.
  4. Detach the SUSDB from SQL, and restore the 2008 WSUS database that you backed up earlier.
    1. Find the SUSDB and right click on it, choose tasks, detach. Select the box under Drop Connections so that it is checked and hit OK.
    2. Right click on databases and choose Restore Databases. Select Device and browse to the location of “SUSDB-2008-Backup.bak”
      1. NOTE – If you get an error about no backup directory. Create a backup directory location like E:\MyBckDir . Then open the registry editor and browse to HKLM\SOFTWARE\Microsoft\Microsoft SQL Server\MSWIN8.SQLWID\MSSQLSERVER . Then create a new String Value named BackupDirectory. Double click it and type the location of the backup directory you created. Once done it should allow you to restore a database.
        1. WSUS-SQL10
      2. WSUS-SQL4
    3. Click on Files in the left hand pane and select the box “Relocate all files to folder”
      1. WSUS-SQL5
    4. Click on Options in the left hand pane and select “Overwrite the existing database (WITH REPLACE)” . Then click OK
      1. WSUS-SQL6
    5. This may not complete all the way and you will get a few errors about schema verification failed, etc…. These are normal and we are going to address them. If the Restore Database Screen does not go away and shows error, just click on cancel and proceed.
    6. You will now see the SUSDB listed with (Recovery)
    7. Open a new command prompt choosing “Run as Administrator” and type the following
      1. cd “C:\Program Files\Update Services\Tools”
      2. Then run WSUSUtil.exe postinstall CONTENT_DIR=E:\WSUS
      3. WSUS-SQL7
    8. Once the command has finished running Open Powershell ISE as administrator. Then add the following lines and execute
      1. $updateserver = Get-WsusServer
        $config = $updateserver.GetConfiguration()
        $config.ServerId = [System.Guid]::NewGuid()
        $config.save()
      2. WSUS-SQL8
    9. Once that is done, switch back over to the elevated command prompt and run the following
      1. wsusutil postinstall
      2. WSUS-SQL9
    10. Now that this is done we should have restored access back to the database and open the WSUS console and see all the updates in place just like the old server.
    11. You can now decommission the 2008 WSUS server by uninstalling the roles. If you are getting rid of that server completely you can rename the new 2016 WSUS server to the old 2008 WSUS Servers name, or keep the new name and modify all of your Group Policies to point to the new WSUS Server.
      1. One important note – if you are not renaming the WSUS server to the same name as the 2008 WSUS then wait until right before close to update the Group Policies with the new WSUS name. Then instruct all of your users to reboot their computers before they leave for the day and leave them on for the night. The reason being is I have done this during business hours and the SVCHOST.exe process consumes a ton of resources on the desktops dragging them to a crawl. I believe this is because the desktops are re-indexing everything with the new 2016 WSUS Server.

When decommissioning a Small Business Server you need to remove the SBS client software from all computers. To remove this software by the masses you can follow the steps below

  1. Open a new notepad and copy and paste the following to silently remove the client software
    1. MsiExec.exe /X {E4FF4DF1-F99C-49AC-B398-BE0887432846} /qn
  2. Save the file as “SBS-Client.REM.bat”
  3. Create a new Group Policy Object and Link it to the top level domain.
  4. Edit the GPO and go to ComputerConfiguration,Windows Settings, Scripts, Startup
  5. Click show files and copy the “SBS-Client.REM.bat” file created earlier then close the file explorer window that came up
  6. Now click on Add in the Startup Properties Screen and select the “SBS-Client.REM.bat” then click OK twice
  7. Close the Group Policy Management Editor and the GPO should look like this
  8. SBS-Client-Removal-1
  9. Tell your users to reboot their computers and it should uninstall automatically.

To remove Exchange from an SBS server during the process of decommissioning make sure all your mailboxes are moved to another server or Office365.

Open an Elevated EMS and perform the following
#Remove default Public folders
Get-PublicFolder “\” -Recurse -ResultSize:Unlimited | Remove-PublicFolder -Recurse -ErrorAction:SilentlyContinue

#Remove system Public folders
Get-PublicFolder “\Non_Ipm_Subtree” -Recurse -ResultSize:Unlimited | Remove-PublicFolder -Recurse -ErrorAction:SilentlyContinue

#Remove Offline Address Book
Get-OfflineAddressBook | Remove-OfflineAddressBook

#Remove send connectors
Get-SendConnector | Remove-SendConnector

#Remove Public Folder database (SBS 2011/Exchange 2010 Only)
Get-PublicFolderDatabase | Remove-PublicFolderDatabase

#Remove arbitration mailboxes (SBS 2011/Exchange 2010 Only)
Get-Mailbox -Arbitration | Disable-Mailbox -Arbitration DisableLastArbitrationMailboxAllowed

#Remove mailboxes
Get-Mailbox | Disable-Mailbox

Once that is complete you should be able to uninstall Exchange either through Add Remove Programs or opening an elevated command prompt and changing the directory to the Exchange installation folder (i.e. “C:\Program Files\Microsoft\Exchange Server\v14\Bin). Then running “setup.com /uninstall”

Once that is complete you can proceed with removing AD, and decommissioning the rest of the SBS.