Troubleshooting Exchange Hybrid Deployments
Download as PPTX, PDF2 likes1,066 views
The document discusses troubleshooting Exchange hybrid deployments, focusing on architecture, common issues, and components involved such as directory synchronization and Active Directory Federation Services (ADFS). It highlights challenges in synchronization, cryptic error messages, and the need for specialized tools for effective troubleshooting. Additionally, it emphasizes the importance of monitoring various components like identity and Exchange federation to ensure smooth operations.
Troubleshooting Exchange Hybrid Deployments
- 1. Troubleshooting Exchange Hybrid Deployments Michael Van Horenbeeck A W A R D W I N N I N G E X C H A N G E M A N A G E M E N T
- 2. Michael Van Horenbeeck A W A R D W I N N I N G E X C H A N G E M A N A G E M E N T • Exchange Server MVP & MCSM • Director of Product Research at ENow Software • Active in the industry for the past 13 years • Frequent speaker at international conferences • Blogs at www.vanhybrid.com • Member of The UC Architects podcast
- 3. Agenda • Hybrid deployment – architecture overview • Common issues and misconceptions • Moving mailboxes: the good, the bad and the ugly • Keeping ADFS alive • DirSync • What’s next? • Q&A A W A R D W I N N I N G E X C H A N G E M A N A G E M E N T
- 4. Hybrid Deployment Components of a Hybrid deployment (Architecture Overview) A W A R D W I N N I N G E X C H A N G E M A N A G E M E N T
- 5. What is a hybrid deployment? “Two distinct cross-premises Exchange organizations, combined to ‘act’ as a single organization through a series of customizations in both environments” A W A R D W I N N I N G E X C H A N G E M A N A G E M E N T
- 6. Hybrid Architecture MICROSOFT DATA CENTER INTERNET PERIMETER O (CAS) RGANIZATIONAL RELATIONSHIP / OAUTH (INTRA-ORG CONNECTOR) A W A R D W I N N I N G E X C H A N G E M A N A G E M E N T EXCHANGE 2013 EXCHANGE 2013 (MBX) ACTIVE DIRECTORY OFFICE 365 TENANT EXCHANGE ONLINE TENANT NETWORK INTERNAL NETWORK EXCHANGE ON-PREM ORG. AZURE AD ADFS PROXY ADFS ACTIVE DIRECTORY DIRSYNC SERVER ONLINE PROTECTION HYBRID MAIL FLOW SMTP EXCHANGE ONLINE AUTHENTICATION SERVICE EXTERNAL USER (O365) SYNC HTTP(S) HTTPS HTTPS OWA USER (O365) HTTPS MAIL FLOW AUTHENTICATION SYNCHRONIZATION APP. ACCESS (HTTP(S)) INTERNAL USER (O365) EXCHANGE USER HTTPS INTERNAL OWA USER (O365)
- 7. Hybrid Building Blocks Federation DirSync Secure Transport Mailbox Moves • Free/Busy • Mailtips • Message Tracking • eDiscovery • … • Unified GAL • X500 (Mailbox Moves) • Online Archiving A W A R D W I N N I N G E X C H A N G E M A N A G E M E N T • TLS encryption • Header Preservation • Cert-based security • Centralized mail flow • Mailbox Replication Service (MRS) • Online Moves • Fast / Reliable
- 8. Common issues & misconceptions A W A R D W I N N I N G E X C H A N G E M A N A G E M E N T
- 9. DirSync • Not synchronizing…at all. • Synchronizing but is having issue with a subset of accounts due to: • Duplicates • Illegal characters (corrupted items etc…) A W A R D W I N N I N G E X C H A N G E M A N A G E M E N T
- 10. How DirSync works DirSync Active Directory METAVERSE A W A R D W I N N I N G E X C H A N G E M A N A G E M E N T
- 11. DEMO A W A R D W I N N I N G E X C H A N G E M A N A G E M E N T
- 12. Active Directory Federation Services • Error messages can be cryptic… • Troubleshooting is not easy • You only have “half” of the story • Different authentication flows • 3rd party tooling really needed to help figuring out what happen(s)(ed) A W A R D W I N N I N G E X C H A N G E M A N A G E M E N T
- 13. DEMO A W A R D W I N N I N G E X C H A N G E M A N A G E M E N T
- 14. Troubleshooting AD FS Summary • Not easy • Use tools like e.g. Fiddler • Enable Debug Logging in Event Viewer • Pair AD FS Proxy w/ ADFS for easier troubleshooting • Understanding different authentication flows is important A W A R D W I N N I N G E X C H A N G E M A N A G E M E N T
- 15. Exchange Federation •Many components to take a look at • Microsoft Federation Gateway trust • Organization Relationship (local) • Organization Relationship (remote) •Domain Federation Information • Autodiscover A W A R D W I N N I N G E X C H A N G E M A N A G E M E N T
- 16. How Exchange Federation works A W A R D W I N N I N G E X C H A N G E M A N A G E M E N T
- 17. DEMO A W A R D W I N N I N G E X C H A N G E M A N A G E M E N T
- 18. Avoid Troubleshooting Why monitoring makes sense in a clouded world… A W A R D W I N N I N G E X C H A N G E M A N A G E M E N T
- 19. What components do I need to monitor? • Directory Synchronization • Identity Federation (if applicable) • Exchange Federation • Certificates • Connectivity A W A R D W I N N I N G E X C H A N G E M A N A G E M E N T Featured as Messaging and Unified Communications Award Finalist
- 20. About ENow Software Download Mailscape for Exchange Online Free Trial: bit.ly/Mailscape-Hybrid A W A R D W I N N I N G E X C H A N G E M A N A G E M E N T
- 21. Q&A Thank you! www.enowsoftware.com A W A R D W I N N I N G E X C H A N G E M A N A G E M E N T
Editor's Notes
- #16: http://social.technet.microsoft.com/wiki/contents/articles/24544.how-to-avoid-syncing-accidental-deletes-to-the-cloud-directory.aspx