Friday, October 22, 2010

File Server Resource Manager migration - Filescrn

Today I'm working on a Win2003 File Cluster upgrade to Win2008R2 Cluster.
The customer are using the File Screening feature in Windows 2003 R2, and would like to have the templates, file groups and file screens on the new 2008R2 cluster.

To do this migration, you have to have at least one cluster disk in your 2008R2 cluster.
On Win2003R2:
  • Start command prompt and do the following commands
  • filescrn filegroup export /path:C:\temp\filegroupname.xml /filegroup:NameOfFilegroupToExport
  • filescrn template export /path:C:\temp\templatename.xml /filegroup:NameOfTemplateToExport

If you know try to import these files into 2008R2, you'll get the following error message:

The version of the configuration file you are trying to import is not supported.
You cannot import configuration files with database versions earlier than 2.0.

To resolve this, open the .xml files you exported and change the
  to

You are now able to import the files on the 2008R2 server.

To import on 2008R2, do as follow:
  • Start command prompt and do the following commands:
  • filescrn filegroup import /path:C:\temp\filegroupname.xml /filegroup:NameOfFilegroup
  • filescrn template import /path:C:\temp\templatename.xml /filegroup:NameOfTemplate
Your templates and filegroups should now be configures as they were in the 2003 cluster.

All you have to do now is to create the screening rules, associate a template to a volume, and your good to go.

After this configuration has been made, do a cluster failover and verify that the configuration is correct on the other nodes in the cluster.
Posted by at 2 comments:
Labels: , ,

Thursday, October 21, 2010

Exchange 2010 - Lotus Notes - Transporter Suite - Directory Sync

Im doing a Exchange 2010 migration from Exchange 2003. The customer are using the Exch2003 Notes Connector, and we have to move this solution so we can remove the Exchange 2003 solution.
As we all know, Microsoft has statet that they don't want to create a new Transporter Suite which was shipped for Exchange 2007 to support Exchange 2010. We have chosen to use the Transporter Suite, but to do this in a supported way, we installed a Exch2007 Mailbox /CAS server.
My customer uses the Notes connector for Directory import with a partner, and are not used for migration between Notes and Exchange.

To use the Transporter Suite in a Exchange 2010 environment for directory syncronization, you have to do as follow:
  • Install an Exchange 2007 server holding MBX and HUB or CAS in your environment.
  • Install Lotus Notes version 7.1 or higher (I used 8.x) in "this user only". Transporter Suite does not like multiple notes.ini files
  • Make sure your server can do name resolution to Notes server, and that the ports are open.
  • Create a new connector with the settings you want regarding notes server, Notes addressbook name, domain name, what to syncronize to Notes.
  • Get GUID from legacy connector (powershell)
  • Get GUID from new connector (powershell)
  • Delete legacy Notes Connector from AD (Adsiedit.msc)
  • Create a OU where you want the users to be created in AD. If you do an upgrade from Exchange 2003 skip this.
  • Give the computer account running the Transporter Suite Account Operator permissions / FC on the OU where notes contacts should be created
  • If your Notes hosts multiple SMTP domains, you have to edit the file dominotoexchangerules.tbl. This file does some matching against the SMTP domain you specify on your connector. If the SMTP domain does not match, you get a lot of Notes users with primary SMTP addresses with / and % which gives a lot of errors. If the match failes, it adds the Notes internal address and adds the domain specified which gives you for sure an unsupported  SMTP address.
    I changed the following fields to just put the Notes InternetEmailAddress as primary SMTP on the Contact object.
    TA=InetAddr
    PriSMTP=InetAddr
    SecSMTP= Deleted
  • Run Full import to AD and Full Import to Notes
  • Only neccary if you are upgrading legacy connector:
    Run the following command to upgrade/ take overship of existing Connector contacts:
    Start-DominoDirectoryConnector -Identity newconnectorGUID -TakeOwnership -LegacyConnectorID
  • All your Notes Contacts should now ha primary e-mail as a legal SMTP address, and not notes user id or notes interal address.
  • Uninstall Notes connector tool on Exchange 2003.
Since the new transport suite uses SMTP for routing you could create a SMTP send connector to send the mail to the specific servers if necessary. But since SMTP is enabled, you could relay on the MX on internet to deliver the mail for you.

This is my solution to using Transporter Suite in Exchange 2010 environment.
Posted by at No comments:
Labels: ,

Thursday, October 7, 2010

Direct Access - UAG - 2003 File Cluster Access

At a customer who has deployed DA, we have a strange problem.
The clients using DA suddenly got disconnected from the networks share on a 2003 FileCluster.
This could be only seconds after they connected, that they got a red cross on the network drive. when accessing the drive, they either got an error saying it could not connect, or it connected as normal. If the error message was thrown, they tried again, and got connected.

After a lot of troubleshooting, the explanation was found. When one user is connected to the fileshare over DA its OK, when a new user connects to the fileshare, the new connection resets the old one. This is because the UAG server is using NAT64 the UAG server is responsible for terminating the DA sessions and transalating them to Ipv4. More info here: http://blogs.technet.com/b/edgeaccessblog/archive/2009/09/08/deep-dive-into-directaccess-nat64-and-dns64-in-action.aspx.

If the fileserver had been 2008 servere this would not have been an issue, since DA would not use NAT64, and IPv6 could have been used for the entire session.

Due to NAT64 the UAG server needs to create a sessions for each DA user to the 2003 file cluster share. This is not supported in  SMB1 http://support.microsoft.com/kb/301673,
but is supported in SMB2.
Microsoft gives you 2 option, block port 445 and use Netbios, or upgrade the file cluster to 2008, which support SMB2.


*************UPDATE*****************
Microsoft has confirmed this issue, and are working on a hotfix KB2444558 that will fix this issue.
This issue can also affect the authentication between DA and 2003 domain controllers, since this also uses SMB. 
The expected release date is week 48.
*******************************************
Posted by at No comments:
Labels: , ,
Subscribe to: Posts (Atom)