Monday, December 27, 2010
Oracle Calendar / Exchange Free/Busy
If any sites currently in an OCS to Exchange migration with us want to try out Outlook based Free/Busy queries into Oracle Calendar, please drop your Sumatra contact a line.
We are looking for "informed consent experimental subjects."
Monday, December 20, 2010
Quotas and Live @ Edu Migrations
One went into BPOS (one of the dumbest acronyms EVER!) which is in reality Exchange 2007, which does NOT have submission quotas. (So now you know where this is heading)
The other site went into Live @ Edu which, despite their having had their submission quotas removed for purposes of migration, found the quotas very much in place.
So this is about what you'll see if one of your users hits submission quota in a migration.
In this example we kept inserting meetings until we hit quota. So one went in fine (you see the guest list and responses) and one did NOT (it says "Invitations haven't been sent for this meeting").
Once your submission quota rolls over (and when is that exactly?) you can send this and it'll go out like a regular meeting invitation. Not fatal in a migration, but we agree, it is darned annoying.
Thursday, December 09, 2010
EWS, Outlook Live, Exchange Release Levels, OWA, and WTF?
The subject started out as Holidays but morphed into the more general one of All Day Events (ADEs).
Using EWS, it is possible to insert ADEs and we do LOTS of them in the course of a migration.
BUT, some combination of EWS, Exchange release levels, and OWA are currently giving our usually stable process conniption fits.
Start off with inserting an ADE under either Exchange 2007 rules (with deprecated Time Zone, rules, but bear with us for a moment here) into Live@Edu (not that we have a client trying to do this exactly now or anything like that).
In Outlook attached to Live @ Edu they will appear correctly (as below) if you specify Exchange 2007 SP1. But it will appear as a two day banner if you specify Exchange 2010.
JUST to keep thing really really interesting, viewing the EXACT SAME ADEs in OWA shows the 2007 SP1-defined ADE showing up correctly, and the 2010-defined ADE spanning THREE days:
If your head does not hurt you have not been paying attention.
SO, for the time being while running a holiday insertion with our tools, specify Exchange 2007 SP1. Everything will be hunky-dory.
Don't believe us? Here's the VB .net code (we use Exchange Web Services Managed API v1.1. )
Public Function ewsBuildAllDayEvent() As String
Try
Dim myUserEmail As String = "user10@test.com"
Dim myEWSURL As String = "https://sn1prd0202.outlook.com/EWS/Exchange.asmx"
Dim myExchangeVersion As ExchangeVersion = ExchangeVersion.Exchange2007_SP1
Dim myLogon As String = "admin@test.com"
Dim myPassword As String = "Gu3ssWh0"
'create Service
service = New ExchangeService(myExchangeVersion)
service.Url() = New Uri(myEWSURL)
service.Credentials = New WebCredentials(myLogon, myPassword)
service.ImpersonatedUserId = New ImpersonatedUserId(ConnectingIdType.SmtpAddress, myUserEmail)
'build appointment
Dim appointment = New Microsoft.Exchange.WebServices.Data.Appointment(service)
appointment.subject = "MyTestADE"
appointment.Start = CDate(Now.ToShortDateString)
appointment.End = CDate(DateAdd(DateInterval.Day, 1, Now))
If myExchangeVersion = ExchangeVersion.Exchange2007_SP1 Then
appointment.StartTimeZone = System.TimeZoneInfo.FindSystemTimeZoneById("Eastern Standard Time")
Else
appointment.StartTimeZone = System.TimeZoneInfo.FindSystemTimeZoneById("Eastern Standard Time")
appointment.EndTimeZone = System.TimeZoneInfo.FindSystemTimeZoneById("Eastern Standard Time")
End If
appointment.LegacyFreeBusyStatus = LegacyFreeBusyStatus.Busy
appointment.isalldayevent = True
appointment.Save(SendInvitationsMode.SendToNone)
Return "OK"Catch ex As Exception
Return ("ERROR: " & ex.Message)
End TryEnd Function
Monday, December 06, 2010
Migrating Email? Check out this blog
We do not touch email since we're calendaring guys and enough other people handle email.
But when we see a site that specializes in it and conceptualizes migrations in ways that we ourselves espouse, we just need to let you know.
Such a site is MigrationWiz.
I hate the name (any male who has been a teenager in the USA smirks when the word "wiz" shows up anywhere), but their analyses of email migration are right on.
Thursday, December 02, 2010
Asynchronous Programming
They told us about a new Asynchronous Programming module (http://msdn.microsoft.com/en-us/vstudio/async.aspx.) I'm very interested in this because many customers in Sumatra's Education market segment are migrating to Exchange in the Cloud -- Microsoft's
Live@EDU. When inserting lots of data, the variability of "network speed" makes insertion times difficult to predict. We explored changing the Sumatra code to run on multiple threads, but concluded it added more complexity to the code and didn't address the underlying bottleneck: network latency.
What I find interesting about this CTP is that the new async calls have the potential to work around latency issues without increasing code complexity. We'll be testing this in our labs in the next few weeks!
Thursday, November 18, 2010
Exchange 2010 SP1 Managed API 1.1 released
Friday, November 12, 2010
Exchange 2010 Mapping Users - A Brief Guide
We design the process so that by the time you've created your intermediate database you should already have the email addresses for these users in the Users table.
So the brief rules are:
- Do NOTHING for OCS email addresses that are the same as in Exchange
- Add entries to the User_Adjusted_Maps table to map OCS accounts that have different Exhcange addresses
- Run the following queries Q_Build_CustIDs_From_MMUserids, Q_Build_CustIDs_AdjustMMUsersids, Q_1_Make_User_Map, FInd duplicates for MM_Exchange_User_Map
- Look at the results in MM_Exchange_User_Map
- Repeat until all of your accounts are done.
A few other things to keep in mind.
If Oracle Calendar Server IDs are THE SAME as Exchange:
- Make sure the Primary SMTP or UPN is defined as login@mydomain.com
If Oracle Calendar Server IDs are DIFFERENT from Exchange:
- MAP the differences (Tables)
- Build the mapping table
- Overlay the changes
Once you've got all your users mapped you can just edit the mapping table. But please exercise proper handling and care with it. You do not want to be wondering which version to use when starting yoru migration at midnight on a Friday.
Wednesday, November 10, 2010
UNICPOUTU unreliable in some Oracle Calendar Environments
Sometimes though this gets more difficult when there's bugs in the legacy system.
One of our clients (shout out to Matt in North Carolina!), discovered some data missing from the UNICPOUTU export in their Solaris environment.
Quel horreur!
It's been mentioned a little on the OCS boards, but nobody is making a big deal about it and it is unlikely Oracle is going to fix it to make breaking your OCS habit any easier.
Thus far we've seen this ONLY with OCS 10.x on Solaris (all the 9.0.4 migration systems look absolutely peachy and we've been doing 10.x for years with no issues). We suspect it's with the very latest and is more prone to happen when the export is constrained by date (so export everything and let us segment it in our tools).
So as always, keep an eye out.
Monday, November 08, 2010
Putting Holidays into Live @ Edu Server-Side
Note that this is an All Day Event (and you can specify if the time is to be shown BUSY or FREE):
While this is an appointment we've put into every calendar without any muss or fuss. You could use the same technology to do that for anything else you want (Shareholder's Meetings, Fire Drills, as your business and imagination dictate).
Any of you who have been through a migration with us know why we keep the "(Migrated)" tags, but you can decide to not use them.
This is scriptable so you can create holidays as you provision users if you have an automated system for so doing.
A few other things to keep in mind:
- This runs as an EWS application from a 32-bit workstation. So all your credentials are completely under your control. If there's demand to run this as an online service we'll listen.
- We take the default time zone of your server for all insertions. If you have users in multiple time zones and want to do this contact us -- that would be a different version.
- You can specify a single user, a list of users, or an LDAP query to handle your insertion.
Friday, November 05, 2010
Handling Conference Rooms in a migration into Exchange
Put all resources in one or more OUs for ease of administration.
PRIOR to migration:
- ENABLE all of the resource accounts via Active Directory Users and Computers
- HIDE the accounts from the GAL
- Configure resources NOT to AutoAccept meetings
AFTER the migration
- Disable the accounts and add them to the GAL
- Configure the resource for AutoAccept (if you desire first-come-first-served functionality) or
- Use group-policy settings for managed rooms and resources
Wednesday, November 03, 2010
Exchange 2010 Permissions for Migration
It's the permission you need to give your service account to execute a full-state calendar migration.
Create a managementRoleAssignment:
new-ManagementRoleAssignment
-Name:_suImp8
-Role:ApplicationImpersonation
-User:'mysvcaccount@mydomain.com'
If you have to ask where you're doing this, please go to your Exchange Administrator.
Sunday, October 31, 2010
Exchange 2010 - Throttling During a Migration
So -- when doing a migration of about any non-trivial size into 2010 you're going to have to set a new throttling policy here called "SuPolicy":
New-ThrottlingPolicy SuPolicy
Set-ThrottlingPolicy SuPolicy -RCAMaxConcurrency $null
-RCAPercentTimeInAD $null
-RCAPercentTimeInCAS $null
-RCAPercentTimeInMailboxRPC $null
-EWSMaxConcurrency $null
-EWSPercentTimeInAD $null
-EWSPercentTimeInCAS $null
-EWSPercentTimeInMailboxRPC $null
-EWSMaxSubscriptions $null
-EWSFastSearchTimeoutInSeconds $null
-EWSFindCountLimit $null
Set-Mailbox myserviceaccount@mydomain.com -ThrottlingPolicy SuPolicy
Wednesday, October 20, 2010
ResourceWatch Online Capability Beta
No surprise we've been developing this capability.
If you go to our on-line beta, you'll be able to generate a really cool report on your conference room or resource use.
We've used it on ICS format files from Exchange 'natch, but Oracle Calendar seems to work just as well. We're using Microsoft SilverLight, so working with anything other than Internet Explorer we do not guarantee, but if it works for you just let us know.
Saturday, October 16, 2010
Microsoft Expands Effort to Protect Nonprofit Groups
Microsoft Expands Effort to Protect Nonprofit Groups - NYTimes.com
GO MICROSOFT!
Wednesday, October 06, 2010
BlackBerry Enterprise Server - Stay on Top of It!
How to Enable BlackBerry Enterprise Server 5.0 Sp1 and SP2 to use Microsoft Exchange Web Services is required reading.
Here's the issue: BES still relies on CDO 1.2.1, which is a little like a 2011 model year hybrid still needing a Model T crank. BES requires pretty much the same kinds of permissions we do in order to act on calendar objects in Exchange, so after migrating if you flip on BES and notice issues with setting up or responding to meeting invitations as a Delegate -- the first place to look is your BES configuration.
Sunday, September 19, 2010
Shared calendar items are shown incorrectly in Exchange 2007 (Fixed in SP3 RU1)
Unfortunately, the calendar events are often shown at the wrong time.
Microsoft KB 976100 offered a hotfix for this issue. It was also included in the Exchange 2007 SP3 Rollup 1 (KB 2279665)
For clients who share calendars -- apply this rollup.
Friday, September 17, 2010
Exchange 2010 Calendar Permissions Using PowerShell
Their earlier article on setting Outlook Delegate permissions with RBACs is also worth reading for sites migrating into 2010.
Many thanks!
Wednesday, September 15, 2010
Dilbert on the importance of Conference Rooms
We normally see this as the attempted "great conference room land rush" during migrations, which you can avoid by hiding your resources in the GAL for the migration period.
Tuesday, September 14, 2010
Circumvent Outlook Rules in Exchange 2010
Had they migrated to Exchange 2010, this would not have been necessary because Exchange 2010 allows you to manage rules using these six commandlets: Get-InboxRule, Set-InboxRule, Remove-InboxRule, Disable-InboxRule, Enable-InboxRule and New-InboxRule.
One approach is to use "Get-InboxRule" to find all enabled, server-side rules. Disable those rules (remember which rules you disabled so you can re-enable them after the migration.)
We came up with another approach: Add a new rule that has the "highest" priority, have that rule do nothing, then say "stop processing rules." After the migration, remove that rule.
Here's how we approached it for one user, say, Zyg:
• New-inboxrule -mailbox:zyg@mailbox.sumatra.com -name:"_sumatraHiPriorityRule" -Priority "0" -StopprocessingRules:$true -Confirm:$false
and then to remove:
• Remove-inboxrule -mailbox zyg@cod.sumatra.local -Identity:"_sumatraHiPriorityRule" -Confirm:$False
Caveats:
- Note the priority zero (0) makes this rule the highest-priority rule. All others drop down one.
- We are ignoring the power-rule-user scenario: the user exceeds Exchange's inbox rule memory size buffer limit (it's 32KB) (or about 40-50 rules.) Obviously when you're at the limit you can't add any more rules. We don't have a suggestion except to say "look" for disabled rules and ask the end user if a few could be removed.
- The "-force" parameter - removes disabled rules AND all Outlook client-side rules.
- new-InboxRules doesn't accept pipelined userlist from "get-mailbox -filter {isResource -eq $false}". What happens if you have 5,000 accounts? Stay tuned ---
Friday, September 10, 2010
Sumatra Utilities - Holidays for the remainder of 2010
So Exchange Admins in the USA can server-side insert Columbus Day, Thanksgiving, Christmas, and New Years, and Canadian users can do Thanksgiving and Remembrance Day, and UK users can do bank holidays from now until the end of the year and... OK OK you get the idea.
This version will only insert data up to January 2011. This version works with both Exchange 2007 and Exchange 2010, and will not work for hosted Exchange (i.e., Live @ Edu). Hosted sites working with us on migrations already have versions that will insert holidays.
To download the ZIP file just click here. If you want to read through the documentation first, please do.
Look for an update from us in October about what we'll do with server-side Exchange holidays in 2011.
If you are looking to private label or distribute and support the Utilities holiday insertion tool we'd be happy to discuss that.
Sunday, September 05, 2010
Exchange 2010 SP1 - ErrorRecord: Database is mandatory on UserMailbox error
We planned to upgrade our Exchange 2010 servers to SP1 this labor day weekend to take advantage of these calendar-related improvements:
- Outlook Web App Improvements
- Calendar Repair Assistant supports more scenarios than were available in Exchange 2010 RTM.
- Mailbox Assistants are now all throttle-based (changed from time-based in Exchange 2010 RTM).
- Internet calendar publishing allows users in your Exchange organization to share their Outlook calendars with a broad Internet audience.
- Importing and exporting .pst files now uses the Mailbox Replication service and doesn't require Outlook.
(fyi be prepared to install hotfixes before installing SP1!)
But what happens when it fails on the mailbox role with these two errors?
- ErrorRecord: Database is mandatory on UserMailbox. Property Name: Database
- Microsoft.Exchange.Data.DataValidationException: Database is mandatory on UserMailbox. Property Name: Database
It seems we had to upgrade active directory (i.e, run setup.com /ps, then /p, and then /pad)
But that threw an error "Setup previously failed while performing the action "BuildToBuildUpgrade"
There are two fixes to this problem. The FIRST Fix - edit the registry (seems like that's always part of a fix), and SECOND remove a few system mailboxes:
Edit the registry. Under the key HKLM\Software\Microsoft\ExchangeServer\v14\MailboxRole you will find two keys - Watermark and Action. Export the mailbox role settings, then delete the two keys. Now re-run setup.com /ps, then /p, and then /pad. )I tried running the setup GUI, but it didn't completely upgrade AD.)
The SECOND fix: Now we're back to the initial "Database is mandatory on UserMailbox" problem. Launch AD Users & Computers, and delete the discovery mailbox, system mailbox(es)
Finally, if you are deploying Exchange 2010 for the first time, Exchange 2010 SP1 is a full install package. Pat Richard's Exchange2010Prereqs.ps1 script simplifies installation.
>>Update After I brought the servers back online and started writing this post, I found Brian Day's post in Technet (...wish I had found it earlier!)
--RussTuesday, August 17, 2010
Migrating from Exchange to Live@Edu - NOT a no-brainer
Disillusionment Time!
There are two things you need to be aware of at the outset:
- Live @ Edu has limits compared to on-premises hardware (and this affects migrations disproportionately)
- Going from on-premises hardware to Live @ Edu is just as major a migration as going from (say) Oracle Calendar Server to Live @ Edu.
Now let's talk about going from on-premises to Live @ Edu:
First the voice of experience, in this case a user going from E2K7 to Live @ Edu:
http://nzschooltech.blogspot.com/2010/04/migrating-from-exchange-2007-to-liveedu.html
Yes, you CAN devise and execute your own migration process. But but do not plan on it being either simple or fast.
Second, we have the voice of authority, Microsoft, warning about this:
http://outlookliveanswers.com/forums/p/519/4961.aspx#4961
So Microsoft is working the IMAP mail migration angle (be sure to test how long it takes), but calendars, contacts, tasks are not included.
Third, we have the voice of Sumatra:
If someone is moving your calendars, ask if the meetings come over live with guest lists and responses intact.
Our general recommendation: If you're looking at migrating from a legacy system and considering going into Live @ Edu sometime down the road -- all indications are that it is better to make your end-point decision FIRST. It will save you tons of work down the road.
Wednesday, August 11, 2010
Disable Meeting Forward Notifications
When migrating calendars and re-creating their state, Ms. Calendars finds it very useful to disable meeting forward notifications. Otherwise, Ms. Calendars does not know where the heck the darned invitations are or what has happened to them and has no reasonable way in this level of reality to respond to them appropriately.
To do so:
Disable External Meeting Forward Notifications for a Single User
Set-RemoteDomain -MeetingForwardNotificationEnabled $false
Disable Internal Meeting Forward Notifications for a Single User
Set-MailboxCalendarSettings -Identity user email@yourdomain.com
-RemoveForwardMeetingNotifications $true
Thursday, August 05, 2010
Google Wave is gone?
Darn -- now I'll never be able to figure out what it's good for.
Wednesday, July 21, 2010
Outlook Live: Bulk E-Mail and Daily Recipient Rate Limits
Bulk E-Mail and Daily Recipient Rate Limits
Because when you re-create calendaring state as we do in a migration you are very likely to find some people who are hitting into this limit.
We sometimes do get the question: Why do you need to send messages if you are migrating calendars?
(We do, oh we really do!)
The answer: because calendaring in Exchange is a message-based protocol (Duh). Single appointments do not fall under this limit, but meetings DO. And remember, with meetings there's the invitation AND the response.
Saturday, July 17, 2010
Outlook Live and Outlook On-Premises Differences
And like discovering land mines you're only going to know when you step on one of them.
Such is the case with Throttling Policies and the EWSFindCountLimit.
What does this have to do with calendar migrations? Just in our UNDO function (a prudent safeguard which many of you seem to find comforting).
Our QA team discovered weird behavior in Live @ Edu that does not exist in on-premises Exchange when we were trying to UNDO several test insertions at once. The default limit in ESWFindCOuntLimit is 1000 items (and this in our case includes things in the Deleted folder).
So some of our higher-end users were not being UNDO-ne.
We're fixing that and preparing for the next landmine.
Stay tuned.
Tuesday, July 06, 2010
Inserting into Live @ Edu vs. inserting into on premises hardware
And we then inserted the same database into our Exchange environment. That took 12 minutes (not surprising, we have good hardware and not an enterprise-level load)
Then we inserted the same data into Outlook Live @ Edu. It took 71 minutes.
Just to be sure we were not doing something really wrong we ran it twice and got the same manatee-like languid pace. We're used to measuring migrations with a clock, not a calendar.
We're sure we're not processor bound on our client system. The question is whether we're processor-bound on the server (likely) or network-bound (not as likely). The results are in any event troubling for anyone wanting to do a bulk calendar migration.
But wait -- there's even MORE BAD NEWS FOR calendar migrations!
According to Message, Mailbox, and Recipient Limits (tip 'o the hat to Duncan in London), there are limits of 30 messages per minute and 500 recipients per day. And the logs from London's test runs indicate they are already hitting this limit.
Taking calendar data over in a full-state method we re-create all of these and it is not unusual for the even moderately-scheduled user to hit these limits.
Stay tuned. We're working on creative solutions.
There is a ray of hope, though. This thread indicates others are running into the same absurd limits and Microsoft MAY be willing to make exceptions (check out the procedure at the end).
We suggest you folks who want to do a full-state calendar migration contact your Microsoft Rep and ask them if they can get these limits removed for the duration of your migration.
Wednesday, June 23, 2010
International characters going into Live at Edu migrations
Thursday, June 03, 2010
Setting Permissions for a Live @ Edu Migration
OKAY, you are serious about getting out of Oracle Calendar and into the Exchange Cloud. So you need to know how to set up your permissions on your Live @ EDU Admin account so that the migration application has access to all accounts to do what it needs.
You only need to do this once and you can remove these (rather generous but necessary) permissions after you have verified the integrity of your data and removed the Keyword.
- Setup live@edu:
- Your domain must be Org-owned (you'll be setting RBACs….)
- Create a service account, e.g. deleg8@livetest.YOURDOMAIN.com
- Your domain must be Org-owned (you'll be setting RBACs….)
- On your PC, connect your local instance of Windows PowerShell to Outlook Live
- Prerequisites:
- You'll need Windows PowerShell 2.0.
- Get it here: http://support.microsoft.com/kb/968929
- If you have windows XP x86 must upgrade to SP3+;
- If you have windows XP x64 use the windows server 2003 x64 version
- Get it here: http://support.microsoft.com/kb/968929
- Launch PowerShell: Start > All Programs > Accessories > Windows PowerShell > Windows PowerShell right-hand click and "Run-As administrator"
- Set the credentials for your Windows Live ID and Password for your Outlook Live account, then define a session
- $LiveCred = Get-Credential
- $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell/ -Credential $LiveCred -Authentication Basic -AllowRedirection
- If it fails to execute, then:
- Set-ExecutionPolicy RemoteSigned
- …. Or unrestricted if you are brave
- Set-ExecutionPolicy RemoteSigned
- Start a session to import the Outlook Live commands into your session.
- Import-PSSession $Session
- Setup RBAC impersonation using built-in role "ApplicationImpersonation"
- Import-PSSession $Session
- $LiveCred = Get-Credential
- Define RBAC impersonation in Powershell:
- New-ManagementRoleAssignment -Name EWSImpersonation -Role ApplicationImpersonation -User deleg8@livetest.YOURDOMAIN.com
- After you are done, disconnect Windows PowerShell from Outlook Live:
- Remove-PSSession $Session
- Remove-PSSession $Session
- New-ManagementRoleAssignment -Name EWSImpersonation -Role ApplicationImpersonation -User deleg8@livetest.YOURDOMAIN.com
Wednesday, June 02, 2010
Oracle Calendar to Exchange Live at Edu - the Video
We put together an ad hoc committee to create the clearing for the conversation for possibility..... ah heck.... we just put some software up and did it.
Michael Moore has nothing to be afraid of.
You can also view it off our main site at http://www.sumatra.com/ocs-to-exchange.wmv
The melodious voice you hear is Zyg (whose role in Sumatra is the moody "Ben Affleck" character in contrast to Russ's "Matt Damon" persona).
Interested in trying it out? Our contact page is here.
Tuesday, June 01, 2010
Migrating Oracle Calendar Server into the Microsoft Exchange Cloud
and if we look at his calendar in Sumatra's LIVE@ edu test system we see the exact same thing (minus the color which you cannot port anyway).
Some of you will notice the one appointment that's not there, which led us into looking at timing issues in Live @ Edu. We found that changing our CAS and EWS URLs for the insertion to remove the "PSH" part removed the issue.
If your Outlook.com server is something like
PODnnnnnnPSH.outlook.com
use:
PODnnnnnn.outlook.com
instead on insertion.
... and Jimi's calendar comes out fine everywhere. So in case you find yourself missing some data, check the URL you're pointing to. We obviously don't have as much control over timing and performance in this scenario as we do in a native Exchange environment. So the first few who go live with our tech are going to be taking the earliest risks for timing and the eternal X-Factor.
Tuesday, May 25, 2010
From the trenches: Exchange to Gmail
CEO Of Company With 500 Employees: Here's Why We're Ditching Microsoft Outlook For Gmail
This is a corporation with only 500 users. The number of companies we've seen with enterprise size considering ditching Google is easy to summarize: Zero. There was one pathetic case we know of a company adopting Google then getting bought and having to drop it just as quickly, but my schadenfreude account is overdrawn this week.
Where we see a lot of Google Mail and Calendaring is in education and mainly for schools without a lot of endowment. Note to readers: yes, that word has two meanings.
Updated May 26 to add this link:
Microsoft has a blog posting: Why are Businesses Leaving Google Apps?
Pick your Kool-Aid.
Thursday, May 20, 2010
Add2Calendar Example from Facebook
Which I consider to be very cool.
Saturday, May 15, 2010
Macintosh and Exchange: maybe no longer the horror it has been
However, anecdotal evidence from some of our calendar buddies (Hi, Vince!) has given us indication of light at the end of the tunnel. Herewith is what we learned:
- If you want to use Apple mail, you should upgrade to OS X 10.6. Earlier versions were not all that good in terms of calendaring and mail. 10.6 has MUCH better mail handling.
- If you want to stay with Entourage, adopt the mantra "patch Entourage to the max" (12.2.3) then install the EWS patch: http://www.microsoft.com/mac/itpros/entourage-ews.mspx
- Go to Exchange 2010 (NOT 2007). OWA is MUCH better for Macintosh users in Exchange 2010. http://www.macworld.com/article/140257/2009/04/exchange2010_mac.html
- Finally, check out this link to the Mac 2011 Road Show: https://microsoft.crgevents.com/OfficeMac2011/Content/Home.aspx
There's a few other places migrating Exchange Admins should check out if your Windows-phobic execs conform to Jobsian non-conformity.
Exchange 2010: OWA has a good summary of Outlook Web Access via Safari on a Mac.
Entourage Mac for Exchange Servers: Tips and Reports has the most comprehensive list of Entourage / Exchange issues I've seen (and while there are a LOT of them most are for previous versions).
Thursday, May 13, 2010
ResourceWatch Error: The Service cannot be activated due to an exception during compilation
Exception: System.ServiceModel.ServiceActivationException: The service '/ResourceDataService.svc' cannot be activated due to an exception during compilation. The exception message is: Could not load file or assembly 'App_Web_aza-n8ud, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null' or one of its dependencies......
How odd----it's been running without issue for months.
There were two possible reasons for the failure:
- The virtual directory was renamed, or
- .Net Framework 3.5 was not installed
".Net Framework 3.5" The other reason this fails is because .Net Framework 3.5 is not installed. (This is easily checked, and if you didn't rename the virtual directory, this is likely the problem.)
In this case, the app was moved to a different box, the virtual directories remained the same, BUT, .Net framework was not installed.
Monday, May 10, 2010
Managing Automatic Meeting Responses in Outlook 2010
An Oracle Calendar System migration client called because his end users were complaining ..... "Now that we have migrated how can we disable those irritating meeting invitations and responses?"
Keep in mind -- this is not about the migration process. This is about what happens when Oracle Calendar users transition from OCS to Exchange,
I'm not sure anyone has an answer for complaining end users, but I did come across a blog posting from Microsoft's Outlook team that talks about how to deal with meeting responses in Outlook 2010. (you know, the "I accept", "I decline" messages.....). The post describes how to create a rule to deal with those responses:
- Keep meeting declines;
- Keep all responses if they have a comment;
- Otherwise, move tentative and accept messages into a sub folder (and out of the inbox!)
The net result is that Exchange and Outlook will look more like what an OCS user community has been conditioned to expect over the years.
Friday, May 07, 2010
OWA bug fix - Change the start time of a recurring meeting with exceptions now works
Rejoice! Microsoft fixed it. For Exchange 2010. There is no joy in Exchange 2007 land - the fix is not for your servers. See KB 980051.
I'll update this post once I know the hotfix number or the rollup version.
Wednesday, May 05, 2010
"Add2Calendar" an IE8 - Web Accelerator
I first learned about accelerators in an MSDN "Roadshow" put on by two Microsoft Developer Evangelists (Chris Bowen and Jim O'Neil.) They said it was simple to create one... I didn't believe them. I thought it was going to take several days to get started. It didn't. It was as simple as they said!
My accelerator parses highlighted text from the web browser, and return a calendar invitation "on-the-fly" that Outlook easily interprets. There are several ways of adding appointments to Outlook -- I chose iCalendar, since Outlook supports this open standard calendaring format.
What will the user see?
Here is an example of the accelerator in use. I received an email telling me about an upcoming Cambridge Science Festival event. The email directed me to "Boston.com" where I read the event details. I highlighted the event name and time, and right-hand clicked to launch the accelerator:
Here is what appeared in my calendar:
Voila! You can see Add2Calendar captured the event name, date and time, the event summary in the notes area, plus the URL of the event.
For the more technically inclined
This accelerator requires two components:
- An XML file to define how the browser communicates with that service, and
- A "URL-based service"
<?xml version="1.0" encoding="UTF-8"?>
<os:openServiceDescription
xmlns:os="http://www.microsoft.com/schemas/openservicedescription/1.0">
<os:homepageUrl>http://www.sumatra.com</os:homepageUrl>
<os:display>
<os:name>Add appointment with Sumatra's Add2Calendar</os:name>
<os:icon>http://www.sumatra.com/images/favicon.ico</os:icon>
<os:description>
Highlight something on a web page and add the item into your calendar
</os:description>
</os:display>
<os:activity category="Appointment">
<os:activityAction context="selection">
<os:execute method="post"
action="http://www.sumatra.com/add2calendar/">
<os:parameter name="sel" value="{selection}" type="text" />
<os:parameter name="docURL" value="{documentUrl}" type="text" />
</os:execute>
</os:activityAction>
</os:activity>
</os:openServiceDescription>
I created my URL-service using PHP. The accelerator passes two parameters back to the PHP code ($sel and $DocURL). If those variables are not null, the PHP code can determine if it should show the "add the accelerator to your browser" page, or parse the selection string and return an iCalendar file.
The PHP code creates a form with a button to add the accelerator to the browser. There is also javascript to check if the accelerator exists:
<script language=\"JavaScript\">
window.onload = function()
{
if (window.external.IsServiceInstalled ('http://www.sumatra.com/add2calendar/add2calendar.xml','Appointment'))
{
document.getElementById('btnAdd2Calendar').disabled = true;
alert("Sumatra Add2Calendar accelerator is already installed!");
}
}
</script>
<BODY>
<h1>Welcome to Sumatra's Add2Calendar Web Accelerator.</h1gt;<br>
<h2>Overview:</h2><p>Not all web sites have an "add this event to your calendar" button....
<br><br><br><Please click the button to add the accelerator to your browser.<br>
<button id="btnAdd2Calendar" onclick="window.external.AddService('http://www.sumatra.com/add2calendar/add2calendar.xml')">Install Sumatra's Add2Calendar Accelerator</button>
<p>Copyright © 2000-2010 Sumatra Development LLC. All rights reserved.<br>
Hopefully this gets you started!
The accelerator doesn't parse everything, yet. It's work in progress. If you use the accelerator, and you have comments (and issues, too!), please post or email us: info AT sumatra DOT com
Monday, April 26, 2010
Ampersands in email addresses
Yep. Bad karma all around.
In fact, you should not be using most special characters for object names, as Microsoft documents here for Exchange 2003 and here for Exchange 2007.
Friday, April 16, 2010
Exchange Calendar Issues fixed with Rollups
- Update Rollup 10 for Exchange Server 2007 SP1 (KB981407),
- Update Rollup 4 for Exchange 2007 SP2 (KB981383), and
- Update Rollup 3 for Exchange 2010 (KB981401).
I want to report the calendar-related issues that these rollups fix:
Exchange 2007 (SP1 and SP2) - No calendar-related fixes in this rollup
Exchange 2010
Note: Microsoft recommends that you Clear the 'Check for publisher’s certificate revocation' for Outlook users. For OWA users, this rollup overwrites any customizations made to your "logon.aspx" pages.Thursday, April 15, 2010
New one-step mapping method OCS to Exchange
Mapping OCS Users & Resources to Exchange Accounts
First, we assume that you have already imported the "users.txt", "resources.txt", and "foreign.txt" into the database using the xCalReader.
There is really only ONE step: Run the query Q_Build_MM_Exchange_User_Map_From_Users
THAT'S IT!
We urge you to review the mapping table "MM_Exchange_User_Map" to ensure all accounts have been mapped, and that all accounts have an email address.
What happens if I want to change the email address for a few users in the Users table?
Edit the table User_Adjusted_Maps. You must copy the userid, UserNum, and mmLogin from the Users table, although we recommend you copy ALL fields. This makes review easier because you know who the accounts belong to! Add the exchange alias (exch_alias) and exchange SMTP address (exch_email). In the following example, we changed Peter W's email to peterw@nl.th....
What happens if users do not have email in the Users table?
Look in the "Exchange_email_Src" tab for "***Missing Email***", or look for unusual email in the exchange_email tab.
Is there a "query" to copy all users with blank emails in the Users table to the User_Adjusted_Maps table?
Yes. It's called "Q_Add_Users_with_Missing_Emails_to_User_Adjusted_Maps"
You will have to add the Exchange Alias and Exchange email address, AND the Exchange type. The choices are "Individual" for a user or group calendar account, and "Resource" for a conference room.
I do not see that query in my database?
You must have database version Blank_Conversion_DB_v8.13.0.0413.mdb or greater
Meeting Maker sites migrating to Exchange
You can use the exact same queries and methods above, but make sure the email you want to have in Exchange is associated with the MM account you are migrating using MM Admin.
Tuesday, April 13, 2010
Web-Based Meeting Schedulers via Mashable
Mashable has a review of four web-based meeting schedulers.
4 Web-Based Meeting Schedulers Reviewed
I actually tried Tungle and found it more trouble than it was worth (but that was at least a year ago). And why on earth would anyone name an app Doodle?
Since we deal with corporations I do not think this any of these are going to be high on the agenda among our loyal readers -- but you should see what the twenty-somethings in your organization are going to be trying to integrate with Exchange.
Saturday, April 10, 2010
Migrating Large Oracle Calendar installations to Exchange by Subsets
Migrating Subsets of Larger Oracle Calendar Server Installations
April 9, 2010
Background: In re-creating meetings as live meetings from OCS, Sumatra uses the calendar of the meeting ORGANIZER as the definitive source for guest status. Since Exchange is a message-based system, it is crucial that in re-creating the calendar state calendar invitation come from the meeting owner. However, in the case where migrations must be done in phases, it is desirable to maintain as much as possible information from users external to the subset being migrated. This process deals with that.
As an example, let's say that we have an OCS installation in Europe that consists of about 2000 users in the Local users (NL) and 20,000 FOREIGN users (FR). Let's say the NL server is the first to migrate.
We have two issues, NL users as guests of meetings originated by FR users, and FR users as guests of meetings originated by NL users, as per the following table.
As Owner | |||
NL | FR | ||
As Guest | NL | OK | Case FR OWNER => insert as appointment in NL calendar? |
FR | Mail Contact | NOT YET MIGRATED |
Process Change xCalReader Phase
- Create an additional Users export file of the FOREIGN users and name it FOREIGN.TXT
- Use the following command to generate this file from the FOREIGN OCS server:
uniuser -ls -format "%s%:%g%:%uid%:%id%:%node-id%:%email%:" -n 1 -p jimmorrison >foreign.txt |
NOTE the additional %email% which will give us the email of that user as defined in OCS. We will need this information for the foreign users.
- Place this file in the same directory as your USERS.TXT and UNICPOUTU export files. This means both of these files will be read and populated into the database at the same time before any calendar data.
- You will have a new option in xCalReader to ANNOTATE calendar items from Foreign (FR) users.
- Server NODE numbers MUST be different between the USERS.TXT and the FOREIGN.TXT files (see below – we want to assure that our created User ID numbers are unique – and NODE is one of the concatenated elements in this)
Notes In converting the users, invitations to NL users from FR users will be appointments in calendars. When the FR users who are OWNERS migrate, these will be overlayed with LIVE meeting data in Exchange. The user can then delete (or keep as they will) the appointment knowing that the meeting data will be updated with changes. |
Using a mail contact has the following requirements and repercussions:
We do not (*think*) French users must be on NL server as MailContacts. Valid regular email addresses should be enough to generate invitation from NL owners to FR guests– but we want to encourage you to try it. French users will then receive Outlook calendar invitations to their mail accounts. |
French users can accept/decline/ignore, Sumatra process does not create state for these users. |
NOTE: this means there will be the original OCS meeting and the new meeting in their calendars, but the new Exchange/Outlook one will be the one updated when a NL user makes changes. |
Code changes in xCalReader will act so as to
- Automatically read FOREIGN users
- Convert meetings from foreign users into appointments in guest calendars
- Allow for an administrator defined "Tag" for foreign user originated meetings.
Process Change User Mapping Phase
User mapping proceeds as documented, except the FOREIGN users will need to be mapped as well. We're documenting this and will forward ASAP.
Process Change SuExchange2007
Code changes in SuExchange2007 will act so as to
- Automatically validate foreign users
- Not generate error messages for foreign user validation
- Create FOREIGN users as guests
This will be transparent to current operation but will require testing.
Things we want you to be aware of
We already know we are not going to get access to any of your data – so we need you to be looking at it for us.
- Once both USERS.TXT and FOREIGN.TXT are in – we need you to make sure there are no duplicated USER IDs in the USER table. We can tell you how to do this if need be.
- We need you to test this first in miniature and then in full-scale as quickly as possible.
- We could really use sample data from you "users.txt" and "foreign.txt", plus a user's export file that has foreign user meetings (both as an owner, and as a guest)
Monday, March 22, 2010
Resource Forest Redux
We just re-wrote the sections on our migration manual dealing with Resource Forests in Exchange 2007/2010 -- here's the early version
- The "User Forest" - I started with an existing AD 2003 Domain - ad03.herring.sumatra.local (windows server 2003)
- Create a user account "Blarney Stone", alias = bstone in the herring.sumatra.local domain
- Create a user account "Blarney Stone", alias = bstone in the herring.sumatra.local domain
- The "Resource Forest" - a new VM: "Resource" forest domain called Sherwood: ex07res.sherwood.sumatra.local. The CAS server is "ex07res"
- In AD Domains & Trusts:
- Ensure DOMAIN AND FOREST levels are windows 2003
- Created a TWO-way: forest trust between the Resource & User forests (Sherwood to Herring) Note: A resource forest trust is a configured ONE-way trust between the Resource & User domains. If you do this, the service account won't be able to see AD, and thus won't be allowed to access anyone's mailbox.
- Ensure DOMAIN AND FOREST levels are windows 2003
Example of the TWO-WAY forest trust between the resource (Sherwood) and the user forest (Herring) (Shown from Active Directory Domains and Trusts)
- In AD Users & Computer on the RESOURCE FOREST ("sherwood"):
- Added the computer ex07res to built-in group windows authorization access group
- Create a service account deleg8 in the resource forest (A new USER account).
- Added the computer ex07res to built-in group windows authorization access group
- Use Exchange Management Console to:
- Create LINKED mailboxes "Blarney Stone" alias = bstone (in sherwood.sumatra.local) Linked to bstone (in herring.sumatra.local)
- Remember to reconfigure IIS to use SSL and have OWA default site property (in the server configuration) to use forms-based authentication
- Create LINKED mailboxes "Blarney Stone" alias = bstone (in sherwood.sumatra.local) Linked to bstone (in herring.sumatra.local)
- In AD Users & Computer on BOTH the RESOURCE FOREST ("sherwood") AND on the USER FOREST (herring):
- Right-hand click on the domain, get properties, and in the security tab Grant Deleg8 FULL ACCESS to AD. You'll have to go into advanced and set these permissions "for this object & all child objects". If you don't see the security tab, turn on Advanced Features under the View menu.
- Right-hand click on the domain, get properties, and in the security tab Grant Deleg8 FULL ACCESS to AD. You'll have to go into advanced and set these permissions "for this object & all child objects". If you don't see the security tab, turn on Advanced Features under the View menu.
Example of granting FULL Control to this object & all child objects (Deleg8 on Sherwood
(Shown from Active Directory Users & Computers)
- In Exchange Management Shell, on the Resource Forest (sherwood), run this against your CAS server, "ex07res"
- Add impersonation between the (resource forest) service account AND the user account:
- Add-AdPermission -Identity (Get-ExchangeServer -Identity "ex07res").Identity -User sherwood\deleg8 -ExtendedRights ms-Exch-EPI-May-Impersonate, ms-Exch-EPI-Impersonation, send-as, receive-as -accessrights genericall -inheritanceType All
- Add-AdPermission -Identity "Blarney Stone" -User sherwood\deleg8 -ExtendedRights ms-Exch-EPI-May-Impersonate, ms-Exch-EPI-Impersonation, send-as, receive-as -accessrights genericall -inheritanceType All
- Add-AdPermission -Identity (Get-ExchangeServer -Identity "ex07res").Identity -User sherwood\deleg8 -ExtendedRights ms-Exch-EPI-May-Impersonate, ms-Exch-EPI-Impersonation, send-as, receive-as -accessrights genericall -inheritanceType All
- Grant Full access to the (resource forest) service account AND the user account:
- Add-MailboxPermission -Identity "Blarney Stone" -User sherwood\deleg8 -ExtendedRights fullAccess -InheritanceType All
- In the Sumatra UI on a 32-bit machine:
- Run the code as the resource service account (sherwood\deleg8)
- I assume you've already granted that account local login rights, and made it a local administrator so you can read/write from the disk)
- I assume you've already granted that account local login rights, and made it a local administrator so you can read/write from the disk)
- The forest: "herring.sumatra.local"; the SMTP domain: "sherwood.sumatra.local"
- CAS server: ex07res (https://ex07res/ews/exchange.asmx)
- Access calendar using: IMPERSONATE
- Test user: bstone (SMTP address: bstone@sherwood.sumatra.local)
- Other Notes and Deviations from the Sumatra documentation:
- Something changed between Exchange 2007 RTM and SP1/SP2. we've had to change our process.
- Microsoft's David Sterling said that EWS expects there to be some sort of AD object in the resource forest to represent the cross forest account, and unfortunately, a foreign security principal is not enough. He wrote out instructions here: http://msexchangeteam.com/archive/2008/04/18/448727.aspx. BUT it doesn't work because he recommends duplicating a SID between the User and Resource forests. That generates lots of AD errors for that service account, and breaks OWA access (as that service account).
- The tool to set permissions on the RESOURCE forest (Sherwood) MIGHT cause you problems because it does not explicitly set permission inheritance. So the permissions might allow you to validate against the mailbox, but NOT insert calendar data. Here was the tool: http://msexchangeteam.com/files/12/attachments/entry447730.aspx
- Something changed between Exchange 2007 RTM and SP1/SP2. we've had to change our process.
- Use the Get-Mailbox -resultsize unlimited add-mailboxpermission to set permissions for all accounts, e.g., Get-Mailbox -resultsize unlimited Add-AdPermission -User sherwood\deleg8 -ExtendedRights ms-Exch-EPI-May-Impersonate, ms-Exch-EPI-Impersonation, send-as, receive-as -accessrights genericall -inheritanceType All
PowerShell example of using get-mailbox (you might see warnings if you've already applied the ExtendedRights to some mailboxes.
- We set AD access on both the RESOURCE and the USER forests
- We were able to add a test item using impersonation. Delegation was not working.
- After the migration:
- Remove the service account's full access permissions in AD
- Set the trust back to a one-way trust
- Remove the service account
- Remove the service account's full access permissions in AD
- Other fun facts about resource forests:
- Full Disclosure: I am not a fan of Resource Forests. Yes, they offer additional security. At the cost of 4x the complexity. I apologize to you who have implemented them successfully and are happy Exchange Admins. I'm not alone in that opinion. How a resource forest can make you cry is Vermyndax's rant.
- It's easy to implement the Resource Forest in a way that causes the end user's lots of pain. For example:
- Every time the user logs in to Exchange, they have to enter their resource forest credentials. That's almost as bad as my car: it automatically locking the doors once the car starts moving. Great for safety. But, every time I want to exit the car, I either have to either unlock the door before I can open it, OR pull the door handle twice – the first time UNLOCKS the door, the second time OPENS the door. Great security design. Miserable user experience. But I digress. The way around this, by the way: You have to assign the account in the USER forest these additional rights:
- "Read Permissions",
- "Full Mailbox Access", and
- "Associated External Account"
- "Read Permissions",
- We had problems when some DELEGATES tried to access their boss' calendars and could not. We discovered those delegate mailboxes did not reside on the same server as their boss's mailbox. The solution: move the delegates mailbox!
- There were access problems for customers who have public folders (you need them if you have Outlook 2003, or if your organization uses public folders). I couldn't figure out how to solve the access problem. Thankfully Jim McBee "Mostly Exchange Web Log" AND Jesper Bernle's Exchange Server blog wrote about how to solve it. Jim McBee found and fixed issues with permissions and delegate mailboxes.
- Full Disclosure: I am not a fan of Resource Forests. Yes, they offer additional security. At the cost of 4x the complexity. I apologize to you who have implemented them successfully and are happy Exchange Admins. I'm not alone in that opinion. How a resource forest can make you cry is Vermyndax's rant.
Friday, March 19, 2010
Migrating by department. BION, somoene's doing it.
We've always told you though that if your user community mainly consisted of "islands" who tend to only meet internally you could get away with migrating a department (or island) at a time.
But nobody took us up on it.
UNTIL a university in upstate New York said "OK -- we'll try that."
Russ and Zyg sucked in their breath and said "All right then. But if things are not going well after the first few we're going to re-evaluate this, right?"
THREE separate group migrations into it, they seem to be going all right.
There's a few more to go and we're still looking at it, but the results so far are good and we want to give you a preliminary read on how they did it and what's making it work. We're also giving them the opportunity to add anything they want to share in this post.
- It's relatively small (about 500 users).
- They are able to identify very specific groups that meet together. The MM / Exchange administration team are doing this on their own without intense database analysis from us (which has helped keep their costs down).
- Once the island is migrated those users are removed from the Meeting Maker user list. Since they're islands, this isn't usually a problem. As Russ put it, "They burned their bridges after they crossed over."
- The migration team at the university gained experience early on in mapping users and after a proof of concept migrating their internal team they then proceeded to two other islands. Again, their motivation and competence here was key in keeping costs in control.
- After three separate island migrations things are looking good to complete the rest on a staggered schedule.
- The university adds that advance testing and end-user expectation communication made things go better.
- We at Sumatra are happy to give credit whenever our clients are more clever than we are.
So our moral: It is possible, but start small and keep an eye on it as you move forward.
What's this look like from an end-user's perspective? The same as it would in a full migration. They walk in one morning and user Meeting Maker. They walk in the next morning and they're on Exchange. BUT: Any MM users not in the migrated group are now not on their guest lists. That's the price you pay for this staggered approach. In the immortal acronym of Robert Heinlein as morphed by Milton Friedman, TANSTAAFL.