29 March 2016

Move mailboxes in Exchange 2013 faster


Moving mailboxes from Exchange 2010 to 2013 is slow, very slow.
I came across a post somewhere that had some tips.

Not all of these tips we're working for me so i picked the one that worked best for me:
-Priority Emergency

The one thing that is was missing is moving an entire database with "Emergency" priority, so here's how i do it:
Get-Mailbox -Database databasename | New-MoveRequest -Priority Emergency 
-BadItemlimit 51 -AllowLargeDataLoss -AllowLargeItems


After this the mailboxes are distributed evenly across all databases by size and number.

Moving mailboxes from Exchange 2007 or 2010 to Exchange 2013 can often go very slowly, even when the network and server resources are fast and abundant! The Exchange Mailbox Replication Service (MRS) has extensive resource throttling enabled by default in order to prevent mailbox moves from choking out the rest of the users. Because of this you may see mailboxes with a status of RelinquishedWlmStall and if you look at the details of the Get-MoveRequestStatistics report you will see mailboxes have a lot of time sitting idle under the TotalStalledDueToWriteThrottle counter.

Microsoft tech support suggests making changes to the “MSExchangeMailboxReplication.exe.config” file located at “C:\Program Files\Microsoft\Exchange Server\V15\Bin”. The values to look at, along with their default settings are:

MaxActiveMovesPerSourceMDB=”20″
MaxActiveMovesPerTargetMDB=”20″
MaxActiveMovesPerSourceServer=”100″
MaxActiveMovesPerTargetServer=”100″
MaxTotalRequestsPerMRS=”100″

ExportBufferSizeKB=”512″

We typically like to set these values so that about 10 mailboxes can be moved simultaneously. The ExportBufferSizeKB we’ve used in the past is “10240”. The Exchange Mailbox Replication Service should be restarted after these changes.

The other suggestion Microsoft has made is to disable content indexing on the target database so that the search index scanner isn’t overwhelmed by all the new messages needing to be indexed. You’ll want to set it back once the migration is complete.

Set-MailboxDatabase “DB1” -IndexEnabled:$False
In our experience however, these first two suggestions do NOT have tremendous impact on the overall speed. The following two options have proven to be the most effective for us.

Use the “-priority emergency” parameter on the mailbox moves. This will give the move the highest priority in the MRS queue. For example:

New-MoveRequest -Identity “user@domain.com” -TargetDatabase “DB1” -Priority emergency
If the priority flag and the MRS config editing doesn’t make the moves fast enough for you, then disable MRS throttling altogether! To do this, change the “MRS” REG_DWORD key from 1 to 0 under this registry path:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\MSExchange ResourceHealth

Then restart the Exchange Mailbox Replication service. Now your mailboxes will move without any throttling policy. Once the mailbox migration is complete change the value back to 1 to re-enable MRS resource monitoring.

08 March 2016

Let's Encrypt for use with IIS

There's this great thing going on in the CA world and its called "Let's Encrypt".

Let’s Encrypt is a new Certificate Authority:
It’s freeautomated, and open

That says it all, do you want to encrypt your website, email traffic remote desktop server connections and what have you this is the change to do so, and the best part is it's free.

Okay there's a little catch, it's not really user friendly, well Windows friendly to be exact.

But there's a strong community and the support will get better in time.
For now you have to do it this way, well i did it this way:

Download the Let's Encrypt Windows Tool pre-release here:

https://github.com/Lone-Coder/letsencrypt-win-simple/releases

Extract to a folder and leave it there, the certificate is valid for 90 days max and the tool renews the certificate every 60 days.

Make sure you have a hostheader configured on your IIS website.

Create a the following dir in your webroot, for instance:

C:\Inetpub\wwwroot\Website1

Here you have to create in a command box or Powershell:

".well-known\acme-challenge"

Don't forget the dot in front of well. Windows can't create folder that starts with a dot so do it from commandline.

Then you have to create a web.config file in the acme-challenge folder which contains:

<?xml version="1.0" encoding="UTF-8"?>

<configuration>
  <system.webServer>
    <staticContent>
      <mimeMap fileExtension="." mimeType="text/json" />
    </staticContent>
  </system.webServer>
  <system.web>
    <authorization>
      <allow users="*" />
    </authorization>
  </system.web>
</configuration>

After this you go to the IIS manager, go to Server - Sites - Your website - Handler mappings.
Make sure you select "view ordered list" from the right pane.
And move "StaticFile" above ExtensionlessUrlHandler*.

After this you run the Tool and if all goes well, you will have a 3rd party certificate trusted by all common browsers that gives you a green bar or green Lock sign depending on which browser you use.

Every 60 days the certificate is renewed by Scheduled task automatically.

Good luck, and safe browsing :-)

Source 1
Source 2
Source 3
Source 4