Category Archives: OTHER

Step-by-Step guide to create federated sharing between on-premises Exchange 2013 and Office 365 Organization

Recently I was working on a project for a customer and I thought to share the problem and solution so in future it will help my blog readers.

Problem

My client has an on-premises Microsoft exchange 2013. Recently they are acquiring a company. This company is using Office 365. The both companies like to see calendar free/busy information when they schedules meetings etc.

Solution

Exchange 2013 offers a feature called “federation trust”. Federation trust will create trust relationship between on-premises exchange server and Azure active directory authentication system. Then it can use to create federated sharing with other federated organizations to share calendar free/busy information. The same method can use to create federated sharing between on-premises exchange server and office 365.

What you need?

Before start the configuration we need to have following ready,
1)    Exchange administrator Privileges for on-premises exchange setup
2)    Global administrator privileges for Office 365 portal
3)    Access to DNS Zones to add TXT record for the on-premises exchange domain ( it is public dns entry )
4)    Auto discovery should be fully functioning with on-premises exchange setup. If you got problem with it need to fix before start this configuration as you will end up with one way calendar free/busy info sharing.

Configuration on on-premises Exchange 2013

1)    Log in to EAC as exchange administrator
2)    Go to organization > sharing

ex1

3)    Then click on enable (if you not using any federation trusts already) and start the federation trust wizard. It is straight forward setup and once wizard completes click on close.
4)    Then under the federation trust click on modify

ex2

5)    In new window Sharing-Enabled Domains, next to step 1 click on brows
6)    In Select Accepted Domains, select the primary domain name of the on-premises exchange setup and click OK
7)    This will create a federation trust with Azure AD authentication system. Please make note of the TXT record in the windows. Then add it to DNS zone (it should resolve via public dns). Make sure this record is created correctly as you will not be able to verify domain ownership with Azure AD authentication system. Sometime DNS propagation can take up to 24 hours and it’s all depend on your DNS provider. Once record is created click on Update
8)    Once it’s done it will looks like following. It creates unique federation trust namespace and will register with Azure AD authentication system.

ex3

9)    If you got additional domains, click on + mark to add. Once done click on update and exit from the window.

ex4

10)    Now we need to add office 365 domain and allow them to see the free busy information. To do that on same sharing window, under the Organization sharing click on + mark

ex5

11)    In new window, fill the info about the office 365 domain and set the sharing permissions as you desired. But I highly recommend to use same permissions in both ends to avoid issues. Of policies mismatch it may work on one-way only.  Once changes are done click on save.

ex6

12)    That’s it, it completes the federation trust setup on on-premises exchange 2013 end.

Configuration on Office 365 end

1)    Log in to Office 365 portal and click on exchange admin center

ex7

2)    In EAC go to the Organization

ex8

3)    Under the organization sharing click on + to add on-premises exchange domain

ex9

4)    In new window add the info about on-premises domain and also set sharing permissions, once done click on save.

ex10

Now it’s all done, it’s time for testing.
Some time you may notice the even after setup office 365 users may not be able to see the calendar free/busy info while it work from the other end. So best way to start troubleshooting this problem is to follow this troubleshoot link https://support.microsoft.com/en-us/help/10092/troubleshooting-free-busy-issues-in-exchange-hybrid-environment

But I have notice sometime you need to restart IIS on on-premises exchange 2013 CAS to get this working.

Hope this help and if you have any questions feel free to contact me on rebeladm@live.com

Windows 7 and Windows Server 2008 R2 SP1

Windows 7 and Windows Server 2008 R2 SP1 helps keep your PCs and servers on the latest support level. It also provides ongoing improvements to the Windows Operating System (OS), by including previous updates delivered over Windows Update as well as continuing incremental updates to the Windows 7 and Windows Server 2008 R2 platforms based on customer and partner feedback. This enables organizations to deploy a single set of updates.

Windows 7 and Windows Server 2008 R2 SP1 will help you:

  • Keep your PCs supported and up-to-date
  • Get ongoing updates to the Windows 7 platform
  • Easily deploy cumulative updates at a single time
  • Meet your users' demands for greater business mobility
  • Provide a comprehensive set of virtualization innovations
  • Provide an easier Service Pack deployment model for better IT efficiency

 

Setup prerequisites

The following conditions are prerequisites for the installation of SP1:

  • Your current operating system must be the Release to Manufacturing (RTM) version of Windows 7 or Windows Server 2008 R2 (build 7600).
  • Users updating through Windows Update/WSUS must install the Servicing Stack Update (SSU) that handles the installation and removal of software updates, language packs, and optional Windows features. This update is necessary to successfully install or uninstall the service pack; it also improves the performance and reliability of the service pack installation. This update is part of the standalone update package and will be offered as a separate package on Windows Update.

Service Pack 1 size

In order to make the improvements detailed in this document, various individual files and components have been updated. Also, the language-neutral design of Windows necessitates that the service pack be able to update any possible combination of the basic languages supported by Windows 7 with a single installer, so language files for the 36 basic languages are included in the standalone installer.

For System Administrators, there is a standalone installation package available. However, most home and small business users will receive SP1 through Windows Update. Windows Update utilizes an efficient transfer mechanism to download only the bytes that are needed, resulting in a download that ranges in size from 44 megabytes (MB) to 96 MB depending on the system architecture.

Delivery Method

Recommended Usage

Download size (x86)

Download size (x64)

Download size (ia64)

Standalone Package

  • Computers without internet access
  • System Administrators

About 537 MB

About 903 MB

About 511 MB

Windows Update

  • Most home users
  • Many business customers

About 44 MB (Windows 7)

  • About 74 MB (Windows 7)
  • About 96 MB (Windows Server 2008 R2)

n/a

Integrated DVD

  • New PCs
  • Fresh Windows installations
  • Vista upgrades

n/a

n/a

n/a

 

Changes specific to Windows Server 2008 R2

Dynamic Memory

Constraints on the allocation of physical memory represents one of the greatest challenges organizations face as they adopt new virtualization technology and consolidate their infrastructure. With Dynamic Memory, an enhancement to Hyper-V™ introduced in Windows Server 2008 R2 SP1, organizations can now make the most efficient use of available physical memory, allowing them to realize the greatest possible potential from their virtualization resources. Dynamic Memory allows for memory on a host machine to be pooled and dynamically distributed to virtual machines as necessary. Memory is dynamically added or removed based on current workloads, and is done so without service interruption.

Virtual machines running a wide variety of operating systems can use Dynamic Memory; for a complete list, see the "Dynamic Memory Evaluation Guide" at http://go.microsoft.com/fwlink/?LinkId=192444. The guide also discusses Dynamic Memory settings and usage in detail.

Microsoft RemoteFX

Businesses are increasingly looking to leverage the efficiency and cost savings that can come from a virtualized desktop infrastructure. With the addition of Microsoft RemoteFX in Windows Server 2008 R2 SP1, a new set of remote user experience capabilities that enable a media-rich user environment for virtual desktops, session-based desktops and remote applications is introduced. Harnessing the power of virtualized graphics resources, RemoteFX can be deployed to a range of thick and thin client devices, enabling cost-effective, local-like access to graphics-intensive applications and a broad array of end user peripherals, improving productivity of remote users.

RemoteFX can function independently from specific graphics stacks and supports any screen content, including today's most advanced applications and rich content (including Silverlight and Adobe Flash), ensuring that end users maintain a rich, local-like desktop experience even in a virtualized thin-client environment.

RemoteFX also adds mainstream USB device support to virtual desktop computing, including support for USB drives, cameras and PDAs connected to the client device. RemoteFX also provides a platform for hardware and software partners to enhance RemoteFX capabilities in a variety of possible host, client and network configurations.

To use RemoteFX, the virtualization server must be running Windows Server 2008 R2 with SP1, the virtual machine must be running Windows 7 Enterprise with SP1 or Windows 7 Ultimate with SP1, and the remote client computer must be running either Windows Server 2008 R2 with SP1 or Windows 7 with SP1. To connect to the virtual machine, the remote client computer requires an updated version of Remote Desktop Services (included in the service pack for all editions of Windows 7).

Enhancements to scalability and high availability when using DirectAccess

DirectAccess is a new feature in the Windows 7 and Windows Server 2008 R2 operating systems that gives users the experience of being seamlessly connected to their corporate network any time they have Internet access. In Windows Server 2008 R2 SP1, improvements have been made to enhance scalability and high availability when using DirectAccess, through the addition of support for 6to4 and ISATAP addresses when using DirectAccess in conjunction with Network Load Balancing (NLB).

Support for Managed Service Accounts (MSAs) in secure branch office scenarios

SP1 enables enhanced support for managed service accounts (MSAs) to be used on domain-member services located in perimeter networks (also known as DMZs or extranets).

Support for increased volume of authentication traffic on domain controllers connected to high-latency networks

As a greater volume of IT infrastructure migrates to cloud-based services, there is a need for higher thresholds of authentication traffic to domain controllers located on high-latency networks (such as the public Internet). SP1 allows for more granular control of the maximum number of possible concurrent connections to a domain controller, enabling a greater degree of performance tuning for service providers.

Enhancements to Failover Clustering with Storage

SP1 enables enhanced support for how Failover Clustering works with storage that is not visible for all cluster nodes. In SP1, improvements have been made to the Cluster Validation and multiple Failover Cluster Manager wizards to allow workloads to use disks that are shared between a subset of cluster nodes.

Changes specific to Windows 7

Additional support for communication with third-party federation services

Additional support has been added to allow Windows 7 clients to effectively communicate with third-party identity federation services (those supporting the WS-Federation passive profile protocol). This change enhances platform interoperability, and improves the ability to communicate identity and authentication information between organizations.

Improved HDMI audio device performance

A small percentage of users have reported issues in which the connection between computers running Windows 7 and HDMI audio devices can be lost after system reboots. Updates have been incorporated into SP1 to ensure that connections between Windows 7 computers and HDMI audio devices are consistently maintained.

Corrected behavior when printing mixed-orientation XPS documents

Prior to the release of SP1, some customers have reported difficulty when printing mixed-orientation XPS documents (documents containing pages in both portrait and landscape orientation) using the XPS Viewer, resulting in all pages being printed entirely in either portrait or landscape mode. This issue has been addressed in SP1, allowing users to correctly print mixed-orientation documents using the XPS Viewer.