Tag Archives: halt

What are the steps for an Exchange certificate renewal?

An expired Exchange certificate can bring your messaging platform to a halt, but it’s easy enough to check and replace the expired certificate.

When mail stops flowing, Outlook access breaks and the Exchange Management Console/Shell gives errors, then it might be time to see if an Exchange certificate renewal is in order.

Exchange adds a certificate by default with your protocols during its installation, including Simple Mail Transfer Protocol and Internet Information Services (IIS). Many companies do not allow access to Outlook on the web, so mail is only accessible internally. This limits the Exchange Server capabilities as Microsoft designed it to be accessible from anywhere on any device.

For companies that choose to limit Exchange’s functionality, the IT staff often opts to use the default certificate, which has a five-year life span. In five years, IT might forget about the Exchange certificate renewal until they receive countdown emails warning that it will expire. If nobody sees these emails and the certificate expires, then problems will start, as Exchange services that require a valid certificate might not work.

To check a certificate’s status, run the following PowerShell command:

Get-ExchangeCertificate | fl

Assign a new certificate for Exchange 2010

If Exchange breaks due to an expired certificate, then you might want to push for a quick fix by issuing a certificate to an internal certificate authority. This won’t work because the certificate authority will not sign the certificate.

If you start to panic as help desk tickets start to flood in, this is when trouble typically happens. You might try to adjust the settings in IIS, but this can break Exchange. However, the fix is simple.

Run the New-ExchangeCertificate command to initiate the Exchange certificate renewal process. This PowerShell cmdlet will create a new self-signed certificate for Exchange 2010. The command prompts you to replace the existing certificate. Click Yes to proceed.

Exchange certificate replacement
Execute the PowerShell New-ExchangeCertificate cmdlet to build a new self-signed certificate for Exchange 2010.

Next, assign the services from the old certificate to the new one and perform an IISReset from an elevated command prompt to get Exchange services running again.

Finally, ensure the bindings in IIS are set to use the new certificate.

Reduce downtime with Azure Site Recovery service

The Azure Site Recovery service uses Microsoft’s cloud platform to prevent a halt in operations when issues arise. Azure Site Recovery moves workloads to and from different data centers — as well as both public and private clouds — to keep key services online and available.

What is Azure Site Recovery?

The Azure Site Recovery service has two elements:

  • The software and connections move VMs and services between two private data centers — either owned or rented by your organization — including Hyper-V and VMware VMs.
  • The Azure public cloud service acts as a data center stand-in and provides hot site disaster recovery capabilities. The Azure Site Recovery service also supports the hypervisors on Hyper-V and VMware vSphere. Azure Site Recovery does not work with the Xen hypervisor.

New Azure portal offers advanced management

At one time, administrators needed PowerShell to set up Azure Site Recovery  to use Azure Resource Manager style deployments. IT shops can now use the new Azure portal to set up a new Azure Site Recovery environment, including a recovery vault.

This update enables IT to specify different VM sizes within the same account and set up fine-grained access to each resource based on user roles. Only the new portal supports fresh deployments, but it also can manage and support any existing deployments that began via the “classic” portal.

How to set up Azure Site Recovery

In addition to an Azure subscription, the organization needs an Azure storage account that holds data replicated from on-premises servers.

Log into the new portal to create a Recovery Services vault inside the storage account. Select New > More Services > Monitoring + Management > Backup and Site Recovery (OMS) to create VMs with replicated data; these failed-over Azure VMs also need access to an Azure network.

VMware shops will need a local VM to run the configuration server role that coordinates the data and communication with Azure and also handles the data replication processes. This VM is the process server and functions as a replication gateway — it caches, compresses and encrypts replication data, then sends it to Azure. The process server discovers other VMs and adds them to a replication configuration. The configuration server also acts as the master target server, which handles the replication after a disaster concludes and roles shift from Azure back to the on-premises locations.

The Azure Site Recovery service also supports the hypervisors on Hyper-V and VMware vSphere. Azure Site Recovery does not work with the Xen hypervisor.

Windows and Hyper-V shops need either System Center Virtual Machine Manager in the on-premises environment to manage the VMs or the Site Recovery Provider that communicates with the service over the internet. They also must install the Recovery Services agent on non-Virtual Machine Manager hosts to manage data replication.

How does it work?

From there, the Azure Site Recovery service does most of the grunt work. It manages replication based on pre-programmed cycles of 1 minute, 2 minutes, 15 minutes and so on. After the initial seeding, Azure Site Recovery performs delta replication to save bandwidth. You can set up “exclude disks” to avoid replication of temporary files and page files.

Remember to set up a recovery plan that instructs the services where VMs go, on what schedule and in what order; this creates a recipe to follow if a disaster or business interruption occurs. You can then trigger a failback once the interruption concludes and return services to their normal operation and location.

Powered by WPeMatico