Featured Post

Customizing the Sumatra Double Booking cmdlet

There are a simple ways to customize the Sumatra Double Booking cmdlet, and most of them involve a text editor. Let's look at the mess...

Friday, December 11, 2015

Apple iCalendar to Microsoft Exchange Calendar Migration Demonstration

I know we said we'd do a video in January but even if this technology has not been out of our lab yet it's been looking so good that we needed to share it before the end of the year.

Thus: server-to-server Apple iCalendar to Microsoft Exchange,  In this case Microsoft Office 365 but it's really the same thing.



We're reading the Apple PostgreSQL database.  We heard murmurs of Oracle being a secret option in some cases.  Oracle would be no problem.  As a previous posts indicated, we're taking as much functionality as we can and adapting it to the target Microsoft Exchange environment.

You'll see our application running on a Windows 7 virtual machine on the Macintosh desktop.  We found it far easier to use our existing Windows code base than to start anew.

There's a few things we've sloughed off until later (like attachments to meetings / appointments, and contacts) that we just need to bounce some ideas around on.  But it's very functional.

We're working on integrating our migration to Open Directory so it'll be even easier.

Again -- if you have a hundred users, unless you are very convincing on how you're going to be an excellent and loquacious test site, it's just as easy to do a client-side export and import. 

For email always use imapsync.

If you're an enterprise with at least a few hundred users and need to migrate, drop a line.

Wednesday, December 09, 2015

Can't send mail in Exchange 2016 OWA -- unsent mail in drafts folder

All was well in our Exchange 2016 environment until our recent scheduled server outage in which I applied the latest Microsoft security updates.  Then mail stopped flowing:  all messages ended up in the drafts folder.    When this happened earlier in the year, I restarted the transport services:




# Restart When mail won't flow  (gets stuck on OWA Drafts folder)
Restart-Service MSExchangeTransport
Restart-Service MSExchangeFrontEndTransport




No change.  Looking in the event logs, I see a mountain of red.  That is never a good thing!  I notice event id 3003 -- MS Exchange BackEndRehydration.  The NT Authority\System does not have token serialization permission. 







Something got tightened down or changed.  Our first suspect: permissions. According to Microsoft KB Article 2898571, this is often due to effective deny permissions on the ms-Exch-EPI-Token-Serialization user right on the computer object.  Groups that are DENIED ms-Exch-EPI-Token-Serialization user right are:
* Domain Admins
* Schema Admins
* Enterprise Admins
* Organization Management




Check the group membership via group policy (run this cmdlet:)
gpresult /scope computer /r





UGH!  the computer is now part of the Schema Admins security group.  I removed the computer from that group and everything is fine.




For the sake of completeness, the Exchange computer should be a member of these five groups:




  • Domain Computers
  • Exchange Install Domain Servers
  • Exchange Servers
  • Exchange Trusted Subsystem
  • Managed Availability Servers
  • Tuesday, December 01, 2015

    @Apple #iCalendar Full-State Migration to Microsoft @MSFTExchange / @Office365

    Well we got wind of someone large enough wanting to migrate from Apple Mac OS X Server iCalendar into Microsoft Exchange that we went ahead and actually.... you know.... wrote a conversion method.  It's kind of eerie how much Apple's scheduling solution functions almost exactly like Meeting Maker (down to adopting some down-right goofy functionality like the calendar-only inbox for comments and the "first weekend day" of the month recurrence pattern). But that was probably to be expected.

    We did this for El Capitan, so it's based on the iCalendar server being in a back end PostgreSQL database.  Making it work with an Oracle back-end would be no problem.  We read directly from the database and still allow user mappings and create live meetings on the Exchange side when we are done.

    This is not yet field-hardened so please do not contact us looking to go into production this weekend.  We won't let you make a decision that egregious.

    There's also the issue of how we instantiate Travel Time (it goes in as an appointment with a Free-Busy Status of "Out of Facility").  See our previous post.

    We've ignored Contacts for the moment.

    Some screen shots.

    So this on the Macintosh calendar:


    Will become this on Microsoft Exchange:


    And of course, meetings are really MEETINGS with guest responses.  So on the Macintosh when Jimi invites Jerry to a meeting and Jerry accepts:


    migrating this will carry it through to Exchange or Office 365 as a meeting:


    Travel Time, a feature not supported by Outlook or Exchange but loved in Apple calendaring we've implemented by inserting appointments with the appropriate durations in advance of calendar events.

    So this on Macintosh



    becomes this on Exchange:


    The sharp-eyed among you will note that this does something different from our previous post -- it kept the name of the "seed" event in the travel time description.  We experiment a lot with these things.  Any preferences?

    Keep an eye on this blog for one of our videos showing this in real-time.  Probably after New Year's.  We've got a lot of migrations going on in December.

    To give you an idea what the configuration for this looks like:

    You're going to need to map resources to SMTP addresses (not a big surprise I hope).  You'll also notice above we set up the capability to read from a different Postgres database which makes it easier to copy your Apple iCalendar database to a more powerful Windows environment for insertion.