Thursday, June 5, 2014

Did You Know: Exchange 2013 CU5 & My OAB. #MSExchange #iammec #MSTechEd

Exchange 2013 introduced a major change in how the offline address book (OAB) was created over legacy versions. The OAB is now generated by a special arbitration mailbox (SystemMailbox{bb558c35-97f1-4cb9-8ff…) and not a generation server. The release of Exchange 2013 CU5 brings about further enhancements to the OAB. As an administrator, it is important to understand the CU5 changes as additional post installation planning may be required in your environment to ensure the proper end-user experience.

As a way of review, the OABGeneratorAssistant now controls the generation of the OAB (Workload Management Policy) and ensures that proper throttling of resources takes place. The name of the organization mailbox that is responsible for the OAB can be found using the command below.

Get-Mailbox -Arbitration | where-Object {$_.PersistedCapabilities -Like "*OabGen*"} | FL Name,Persisted*

We can also see that the OAB is no longer tied to a specific OAB generation server in the example below.

These changes in 2013 allowed for each OAB generation mailbox to hold a copy of all OAB’s defined in the environment. This architecture brought about high availability for the OAB, but also introduced additional challenges.

The introduction of CU5 addresses these challenges by changing the OAB distribution model. Now, each OAB generation mailbox will only contain one OAB (not all OABs). The one-to-one mapping of OABs and OAB generation mailboxes allows for specific placement of the OAB through the AutoDiscover URL and reduces the number of scenarios where the client initiates a full OAB download. When your environment is upgraded to CU5, all OABs will be stored in the arbitration mailbox (SystemMailbox{bb558c35-97f1-4cb9-8ff…).

It is important to note, that if there were multiple OAB generation mailboxes deployed in the environment, after the upgrade to CU5, all clients will initiate a full OAB download. The reason for this is that the OAB has now been moved to the SystemMailbox (even if you had multiple OAB generation mailboxes) and is a new OAB to the client. If you did not have multiple OAB generation mailboxes and stayed with the ‘default’ then the clients would not need to initiate a full download.

Once CU5 is installed on all your 2013 servers, you will probably need to dedicate your existing OABs to specific OAB generation mailboxes. Before we get into this, let’s walk through the CU5 install process.

Installation of CU5

When installing any new cumulative update (CU) or service pack (SP) the selection of which servers are updated first can be very important. As a rule of thumb, I like to tell my clients that the Client Access Server (CAS) should be upgraded first. Sometimes there are little gotchas that can disrupt the end-user experience if mailbox servers are updated prior to CAS. With CU5, all your CAS servers should be updated prior to your mailbox servers due to the way the Offline Address Book (OAB) is generated. If there are several OAB generation mailboxes in your environment, and the mailbox servers are updated to CU5 prior to the CAS servers, then clients could potentially be routed to generation mailboxes that do not have a copy of the OAB and encounter a failed OAB download.

You will need to remove any UM language packs that have been installed on the server. The removal of all installed UM language packs can be accomplished by using the following command from the command prompt on your first CAS server: setup.exe /RemoveUMLanguagePack:<language pack name>

Next, we will need to extend Active Directory (AD) by preparing the schema, configuration partition and domain for CU5 by running the following from a command prompt:

Setup.exe /PrepareSchema /IAcceptExchangeServerLicenseTerms
Setup.exe /PrepareAD /IAcceptExchangeServerLicenseTerms
Setup.exe /PrepareDomain /IAcceptExchangeServerLicenseTerms

Once these commands are completed, we should verify the Exchange schema version. For CU 5, the Exchange schema version will be 15300.

In order to check the Exchange schema version, log into to a domain controller and open up a command prompt. Use the repadmin command to verify the rangeUpper.

repadmin /showattr * “cn=schema,cn=configuration,dc=contoso,dc=local” /atts:ObjectVersion

Before Setup.exe /PrepareSchema:

After Setup.exe /PrepareSchema:

Now, from our 2013 CAS server, lets start the setup of CU5 by running the setup command.

Setup.exe /Mode:Upgrade /IAcceptExchangeServerLicenseTerms

Go through and run the Setup.exe /Mode:Upgrade command on all your CAS servers then start on your mailbox servers.

If you have Database Availability Groups (DAG) within your environment then additional consideration is required. Each DAG member that is upgraded will need to be put in maintenance mode during the install to ensure activation is blocked.

From the first DAG member that needs to be upgraded to CU5, open up an EMC instance. Go to the $exscripts directory and launch the StartDAGServerMaintenance.ps1 script.

StartDAGServerMaintenance.ps1 -Server SRV3.contoso.local

Once the DAG member has been upgraded to CU5, launch the StopDAGServerMaintenance.ps1 script to bring this box out of maintenance mode.

StopDAGServerMaintenance.ps1 -Server SRV3.contoso.local

Repeat these steps for each DAG member within the environment. The version for 2013 CU5 is Version 15.0 (Build 913.22). You can verify this by using the following command.

Get-ExchangeServer | fl name,admindisplayversion

Update Existing OABs

Now that CU5 is installed on all servers within the environment, you may need to correlate your existing OABs to specific OAB generation mailboxes. This can be accomplished using the following commands.

Set-OfflineAddressBook "OAB North America"  –GeneratingMailbox "CN= OAB North America,CN=Users,DC=contoso,DC=local"

Once this is complete the OAB will need to be updated using the command below.

Update-OfflineAddressBook " OAB North America "

Create New OAB

If you are in the situation where you only have one OAB generation mailbox, and want to break the OAB out to additional regional-based mailboxes (regional or in same site), you will need to create new arbitration mailboxes. Let’s say we want to create a new OAB for just North American users. We would accomplish this by using the following commands.

New-Mailbox -Arbitration -Name "OAB North America" -Database mbx01 -UserPrincipalName OABNorthAmerica@contoso.local –DisplayName "OAB North America"

Set-Mailbox -Arbitration OABNorthAmerica -OABGen $true

New-OfflineAddressBook -Name "OAB_NA" –GeneratingMailbox "CN=OAB North America,CN=Users,DC=contoso,DC=local" –AddressLists "Default Global Address List"

In order to ensure this new arbitration mailbox has the ability to generate an OAB, we need to run the update command.

Update-OfflineAddressBook "OAB_NA"

In the regional example, we would need to go through this process for each desired location (EMEA, APAC etc). Keep in mind these arbitration mailboxes also need to reside on servers in the desired location in order for AutoDiscover to deliver the proper OAB URL.

 Final Thoughts

The changes in CU5 affect how the OAB operates and is generated. It is important that administrators understand the implications of this and how it can affect their environments.  If you currently have multiple OAB generation mailboxes in the environment, then you will need to take manual steps to reconfigure these properly after CU5 is installed. Specifically, you will need to follow the steps above under the Update Existing OAB heading. These OABs will need to be associated with a different OAB generation mailbox. The one-to-one mapping that CU5 introduces will help to reduce the number of full OAB downloads. But there is some upfront work that will need to be completed to get there.

Just when you thought your work was done until the next major release…

No comments:

Post a Comment