Wednesday, August 8, 2007

Exchange 2007 Monitoring with MOM 2005... Case of the missing cmdlet!

Being that I work with "THE" John Hann (MOM MVP), there never was any question as to which management product I would use to watch over my Exchange servers. And, so, we finally installed the MOM agents on them and watched the events roll in....

For a nice read and a detailed description of how to get MOM 2005 working with Exchange 2007 and what MOM will do for you, check out Anderson Patricio's article series at MSExchange.org:
Monitoring Exchange Server 2007 using MOM 2005 - Part 1, Part 2, and Part 3

Well, in the events, we come to find that the MOM scripts are failing in trying to test connectivity to OWA, ActiveSync, and the like. So as directed I run a PowerShell script called New-TestCasConnectivityUser.ps1 from the Exchange 2007 scripts directory. This creates a system test mailbox for just this purpose. However, the messages continue to come in and now direct you to run a cmdlet called Set-CasConnectivityCredentials in order "to store this user's credentials for use in testing the Client Access services." Sounds easy enough, except this cmdlet seems not to exist, anywhere......

After basic troubleshooting on the issue (like making sure I spelled it correctly), I start digging in to figure exactly what is going on and why it's calling for a missing cmdlet. I decide to run a couple of the test- cmdlets manually that MOM is having a problem with. Upon doing so, it basically tells me that it has authentication issues with the user I created via the script. I end up checking the account in Active Directory and find it locked out. I unlock it and yet the test cmdlets still fail. And now when all else fails, I do what the error in the cmdlet output tells me to do, which in this case is to run the script again to verify the user exists.... Which of course makes no sense because it created it successfully and I can see it in AD, but I do what it says anyway. So when I re-run it, it does a reset on the credentials of the test account created previously. And wouldn't you know that fixes the problem!! Now the test- cmdlets will run when done manually and after clearing the events in MOM, they don't come back!

The point here isn't that the solution was that difficult to find or figure out, but rather it is difficult to understand what direction you're supposed to go in when you're being told by the product itself, in this case MOM, what to do but are completely unable to do so because it doesn't exist. Lesson learned is: Sometimes you just have to think outside of the box, the MOM alert box that is.....

Thursday, August 2, 2007

Excited about Exchange 2007 SP1?

I know I am, and you should be too. Why? Because it really adds to the feature set and functionality of the RTM version. Like what? Well, the OWA improvements are going to be fantastic. And then there is the new cluster model for Standby Cluster Replication, or SCR, which will be a great feature for disaster recovery scenarios.

For more info on some of the features, check this writeup at the Exchange Team blog:
Talking Exchange 2007 SP1....

But one feature that I think is really going to help on the install of Exchange 2007 are the changes in the AD requirements for the setup and domain prep processes. Basically, the setup process would fail if it couldn't reach a domain in the forest, or if it ended up trying to talk to any Win2k DC/GC in a domain even when there was an available Win2K3 SP1 DC/GC available. This was even in domains where you weren't even trying to prepare them!?! With E2007 SP1, however, it will simply ignore these "problems." These scenarios and the SP1 improvements are described in detail here: A Setup Prerequisite Change in Exchange 2007 SP1

Boy do I wish the RTM version had worked like that!!! This was something that caused some major headaches in trying to get E2007 installed in my AD environment. Now, as it just so happened, we were already in the works on doing an AD infrastructure upgrade anyway. We were able to expedite that process and were finally able to get our AD prepped and Exchange installed. Of course in the middle of all that, when we did the schema updates it broke replication between the remaining Win2k servers and the 2003. It's a known issue and is addressed with a hofix as described here: http://support.microsoft.com/kb/824873/en-us. I throw this out there so you can be aware of this as a potential side effect you could encounter.... For us the install worked out OK in the end. But there are going to be many environments where for either technical or monetary reasons the AD environment cannot be adjusted so quickly.

This really begs the question then as to whether someone considering Exchange 2007, either as a new install or a migration from 2003, should do it now or wait for at least SP1???? I can't answer that, it's totally dependent on your environment and circumstances. All I can say on the matter is that even though my install of Exchange 2007 brought many challenges, I am very glad we moved forward on it as early as we did. I'd do it all over again if given the chance! But that doesn't make me any less excited about SP1....