Archive

Archive for April, 2014

Lync 2013 Edge server installation failed on partial installation – Error (An error occurred while applying SQL script for the feature RTCdatabaseStore)

April 29, 2014 3 comments

Many of us would have fall under such situation when you are trying to install Lync 2013 Edge serer role again on any previous failed installation. So what happened. In the previous installation, Lync 2013 setup created RTCdatabase instance which may failed to rewrite while you again run the setup.

We have been seen this issue in one of the EDGE server located in Lync LAB and fixed it by remove old RTC instances and reran setup again

1: Below screen show that Lync 2013 edge setup is failed and not able apply SQL script for the feature RTCDatabaSstore.

1

2: We tried to connect SQL instance of Edge server from one of the SQL backed console using “SQL Management Studio” and deleted them one by one.

2

3:   I understand that in production environment you can not connect edge server from internal SQL server as its sit in   perimeter network. So you can install one dummy SQL server in same Subnet where Edge server is localized and remove the RTC local database.

3

4: Run the setup again from lync 2013 deployment wizard which would go smoothly.

4

I hope it could help someone have faced such issue 🙂 🙂  !!!!

Writer : Amit Shah (Lync Expert)

Team (MessagingSchool)

Categories: Uncategorized

SSL Certificates Installation for Exchange Server 2013 using local PKI

Managing certificates in an Exchange Server deployment is one of the most important administrative tasks. In Exchange 2013, certificate management functionality is provided in the Exchange Administration Console (EAC), the new Exchange 2013 administrative user interface. In Exchange 2013, the focus is on minimizing the number of certificates that an administrator must manage, minimizing the interaction the administrator must have with certificates, and allowing management of certificates from a central location.

Client Access server certificates:

The Client Access server in Exchange 2013 is a stateless thin server designed to accept incoming client connections and proxy them to the correct Mailbox server

 Mailbox server certificates:

Difference between Exchange 2010 and Exchange 2013 is that the certificates that are used on the Exchange 2013 Mailbox server are self-signed certificates. Because all clients connect to an Exchange 2013 Mailbox server through an Exchange 2013 Client Access server, the only certificates that you need to manage are those on the Client Access server. The Client Access server automatically trusts the self-signed certificate on the Mailbox server, so clients will not receive warnings about a self-signed certificate not being trusted, provided that the Client Access server has a non-self-signed certificate from either a Windows certification authority (CA) or a trusted third party. There are no tools or cmdlets available to manage self-signed certificates on the Mailbox server. After the server has been properly installed, you should never need to worry about the certificates on the Mailbox server.

You can use the following cmdlets to manage digital certificates on an Exchange Client Access server:

  • Import-ExchangeCertificate   This cmdlet is used to import certificates to a server. You can import a CA-signed certificate (to complete a pending certificate signing request (CSR)) or a certificate with a private key (PKCS #12 files, generally with a .pfx extension, previously exported from a server along with the private key).
  • Remove-ExchangeCertificate   This cmdlet is used to remove certificates from a server.
  • Enable-ExchangeCertificate   This cmdlet is used to assign services to a certificate.
  • Get-ExchangeCertificate   This cmdlet is used to retrieve an Exchange certificate based on a variety of criteria.
  • New-ExchangeCertificate   This cmdlet is used to create a new self-signed certificate or a CSR.

——————————————————————————————————————————————–

Here, I am going to update default self-signed certificate of CAS server from Internal PKI Certificate Authority. This server is installed with the Client Access and Mailbox server roles.

Server is located in non internet-facing Client Access server, So I am using internal PKI (CA is installed on local DC) to install the certificate.

Note : If your CAS server is internet facing Client Access Server then you must use third part CA to acquire the SSL certificate like VeriSign, Digicert etc.

In My LAB, I have Server named as below

  • PUNDC01 (Domain Controller, DNS & PKI)
  • PUNMail (Exchange 2013 server with MBX+CAS Role)

Generate Certificate Request:

  1. Login to Exchange Admin Center with Exchange Administrator credential

EAC
2. Click the “+” button to start the new Exchange certificate wizard. Choose to create a new certificate request and click Next to continue.

Certificate1

3. Select “Create a request for a certificate from a certificate authority” and click Next to continue.

CreateNewCert

4.Give the new certificate a friendly name and click Next to continue.

Name

5.Leave Blank and click Next to continue. Although wildcards are supported for Exchange they are not supported for some interoperability scenarios with other server products

Blank

6.Select Exchange Server Name to store the certificate request

6

7.Click the Edit button and enter the domain name that clients will be using to connect to each service, This is dependent upon your organization requirement and naming to access services.

7

8. As I have mentioned, this is non internet facing server so I just used default.

8

9.Here, enter your organization details and click Next to continue.

9

10.Enter a valid UNC path else you will get error as shown below.

10

11.Enter a valid UNC path to store the certificate request file, and click Finish

11

12.Explore the location and make sure “Cert.REQ” file is created. Open file in notepad and verify content.

12

Generate Certificate with PKI:

1.Open CA service Web console using URL http://CAServer/CertSRV and select “Request a Certificate” under select a task

13

2.Select “advanced Certificate Request”

14

3.Open “Cert.REQ” file is which is created in section 11. Open file in notepad copy content and pate. Make sure no blank space is left. Select Template “Web Server” and hit to “Submit”

15

4.Select “DER encoded” and download the certificate

16

5.Open certificate and verify SAN Name

17

Assign Certificate to Exchange Server:

Go Back to Exchange Admin Center and click on The pending certificate request. Select certificate and assign it to server.

19

You are done now !!!! 🙂 🙂

For more details, click here

Categories: Exchange 2013

DsGetSiteName failed: Status = 1919 0x77f (Installing Exchange 2013 SP1)

April 18, 2014 1 comment

I ran Exchange 2013 SP1 Setup in my LAB from a windows 2012 member server, received the following error message at the Readiness Checks dialog box:

“The Computer does not belong to a valid active Directory site. Check the site and subnet definitions”.

1Readiness Checks Error

Used Nltest.exe utility with the nltest /dsgetsite option, the Nltest.exe utility generated the following output:

DSGetSiteName failed: Status = 1919 0x77f ERROR_NO_SITENAME

2Error

To resolve this issue, I have followed below steps to make sure my windows 2012 Member server is healthy and part of valid site

  1. Check the DNS settings on the member server is pointed to valid internal DNS servers.

To change the DNS settings:

  1. Right-click My Network Places, and then click Properties in the shortcut menu to open the Network and Dial-up Connections dialog box.
  2. Right-click Local Area Connection, and then click Properties in the shortcut menu.
  3. Click Internet Protocol (TCP/IP), and then click Properties.
  4. Change the preferred DNS server.

     2. Check the AD replication is working properly between your domain controller. Push a force replication.

How to do force replicate between Domain Controller :  http://technet.microsoft.com/en-us/library/cc816926(v=ws.10).aspx

  1. I ran the “NLTest” command for member server agai and see its working fine now.

3

4.  In few cases if you are not part od AD team and above setting does not help the issue, you can manually change the netlogon settings in member server for site name and fix as a work around.

From regedit, drill down the following:

HKLM\System\CurrentControlSet\Services\Netlogon\Parameters

Once you click Parameters, add a string word called “SiteName

Add the current site name to the entry and exit regedit.

Run command “nltest /Server:punlync2010 /dsgetsite” and verify output

Categories: Exchange 2013

MS Announce official death of Exchange Server 2003

Exchange2003

Categories: Exchange 2013