MOM & SCOM – Exchange 2007 Availability Testing

This article will provide procedures for creating Test Accounts for Exchange 2007 Availability Testing.   Setting up test accounts makes it easier for executing builtin Exchange 2007 availability tests (for certain tests) without providing credentials, additionally these accounts are required for MOM 2005 and SCOM 2007 availability testing for the Exchange 2007 Management Pack.

Symptom:

Microsoft Operations Manager 2005 implementation is generating numerous service/connectivity failures for the Exchange 2007 environment. These tests include:

Test Cmdlet	Description
ActiveSync (Test-ActiveSyncConnectivity)	The Test-ActiveSyncConnectivity cmdlet lets you perform a full synchronization against a specified mailbox to test the configuration of Microsoft Exchange ActiveSync.
Outlook Web Access (Test-OWAConnectivity)	The Test-OwaConnectivity cmdlet can be used to test the connectivity of all Exchange 2007 Outlook Web Access virtual directories on a Client Access server or to test connectivity of a single Exchange 2007 Outlook Web Access URL.
Web Services (Test-WebServicesConnectivity)	Perform basic operations to verify the functionality of Exchange Web Services on a Microsoft Exchange Server 2007 computer that has the Client Access server role installed.
Unified Messaging (Test-UnifiedMessagingConnectivity)	The Test-UMConnectivity cmdlet can be used to test the operation of a Unified Messaging (U M)

Note: There are many more built-in Exchange 2007 health cmdlets, however the for mentioned cmdlets are the only ones that utilize and require a test account to be created.

Cause:

The Microsoft Exchange Server 2007 Management Pack for Operations Manager runs Exchange Management Shell cmdlets to monitor the Exchange environment. In order for these tests to run successfully against the Exchange 2007 environment, test accounts must be created which the “Test-*” cmdlets will run under for Exchange. If the test accounts are not created, MOM/SCOM alerts will be generated. It is recommended that these accounts be created for each Exchange 2007 Mailbox Server role (Mailbox & Public Folder) to enable MOM 2005 and the future deployment of SCOM 2007 to run these service health tests successfully.

Solution:

To remediate the service health failures thrown within MOM, test accounts must be created for each Exchange 2007 Mailbox Server Role. This section will detail the process for creating these accounts as well as the validation process following completion.

Requirements

The account that will be used to create the test accounts must meet the following requirements.

Group Membership	Target Location
Administrators	Mailbox/Public Folder Servers
Exchange Server Administrator Role	Exchange Organization
<group> Rights to Create Active Directory User	Active Directory. Default location is CN=Users container, however it can be modified within the script executed to create the accounts within a particular Organizational Unit. Script Modification will be discussed later in the document.

Virtual Directory Configuration

Verify Outlook Web Access is configured with an Internal and External URL. This can be done either within the Exchange Management Console or Exchange Management Shell. Below is the command to pull the configuration for the OWA virtual directory.

get-owavirtualdirectory | where{$_.name -eq "OWA (Default Web Site)"} | fl name,server,internalURL,externalURL

Sample Output:

If an Internal and External URL exists, proceed to “Create Test Accounts” section. Otherwise follow the procedure below for assigning a Internal/External URL.

Example (Set External URL)

To set an external URL, you need to run the Set-OwaVirtualDirectory Exchange Management Shell command. The syntax of the command is:

set-owavirtualdirectory “con01\owa (Default Web Site)" -externalurl:https://webmail.contoso.com/owa

Create Test Accounts

To create the test mailbox, log on to an Exchange 2007 server with a user account that is an Exchange Mailbox administrator.

Verify Script File Configuration

Before executing the “New-TestCASConnectivityUser.ps1”, verify that the following line of code within the script reflects the desired OU location for creating the test accounts. As stated earlier the default container is “Users”, and this may not be the desired location for the account. To modify the script file’s code follow the steps below, otherwise proceed to next section.

Note: If multiple mailbox servers exist, then it will be easiest to execute the Test Account creation process against ALL the mailbox servers, from just one Exchange 2007 management console.

Test-CASConnectivityUser.ps1 code modification:

1. Open the Exchange Management Shell, locate the Scripts directory under the installation path for Exchange 2007 (<drive> \Program Files\Microsoft\Exchange Server\Scripts) .



2. Enter from the command prompt
   
   [PS]> notepad New-TestCASConnectivityUser.ps1



3. Modify line: 46 Col: 197 to reflect the correct OU location for the test account to be created. The OU location is in the format <domain>\OU\OU….
   
   
   



4. Once the OU location has been inserted. Save the changes and copy to a network share that the other Mailbox servers can connect.



5. After updating and saving the file, proceed to the next section “Run New-TestCASConnectivtyUser.ps1”.

Run New-TestCASConnectivityUser.ps1 Script

If not already, log onto an Exchange 2007 Mailbox server with a user account that meets the requirements in the requirements section.

1. Open the Exchange Management Shell, locate the Scripts directory under the installation path for Exchange 2007 (<drive> \Program Files\Microsoft\Exchange Server\Scripts) .



2. To get a list of all Exchange 2007 Mailbox Server run the following command.
   
   [PS]> Get-MailboxServer

1. Once we have the list, you can begin to execute the script against each Exchange Mailbox Server .
   
   Note: The script execution process will be the same for each mailbox server, with the exception of the command line server parameter.



2. Enter the following command
   
   Note: In order for this to run successfully you have to PIPE a mailbox server into the command.
   
   
   
   
   
   Multiple servers





Get-MailboxServer  | New-TestCASConnectivityUser.ps1





 



One server at a time





Get-MailboxServer –id <ServerName> | New-TestCASConnectivityUser.ps1

When prompted enter a password for the account, and press Enter.

Note: Make the password same across the test accounts for simplicity.

1. When asked to Create Test User On: <ServerName>, verify the target mailbox server name is correct and press Enter to continue.
   
   
   
   
   
   




 




2. Following creation of the account, verify the account was actually created. Easiest way is to open the Exchange Management Console and verify the mailbox exists, and that it was created for the correct mailbox server.
   
   
   
   Note: The mailbox name will be in the format of: CAS_{GUID}. The GUID is like the first 16 characters of the mailbox server GUID.

Repeat this process for each Exchange 2007 Mailbox server that is to be tested.

Validation

Following account creation, the next step is to verify that the Test-* commands can be run successfully. Errors during testing could either point to improper Exchange service configuration or incorrect test account creation.

To validate proper configuration of Exchange Services and proper test account creation. Run the following tests and review results.

Note: Once the accounts are created MOM 2005 and SCOM 2007 will automatically pick up on them. Although this process will kick off automatically through monitoring, it is best to run the commands manually to see results first hand, and pursue remediation.

Test-ActiveSyncConnectivity

1. Run the following command to test Active Sync Connectivity.
   
    





Test-ActiveSyncConnectivity –MonitoringContext:$true –TrustAnySSLCertificate:$true –LightMode:$true 





 



2. Verify the “Results” column lists “Success”. If not then begin troubleshooting the problem.

Test-WebServicesConnectivity

1. Run the following command to test Exchange Web Services. 
   





Test-WebServicesConnectivity –MonitoringContext:$true –TrustAnySSLCertificate:$true –LightMode:$true

1. Verify the “Results” column lists “Success”. If not then begin troubleshooting the problem.

Test-OWAConnectivity

1. Run the following command to test Outlook Web Access connectivity.
   
   TEST INTERNAL URL
   
   
   





Test-OWAConnectivity –TestType:Internal –MonitoringContext:$true –TrustAnySSLCertificate:$true –LightMode:$true 

TEST EXTERNAL URL

Test-OWAConnectivity –TestType:External –MonitoringContext:$true –TrustAnySSLCertificate:$true –LightMode:$true 

1. Verify the “Results” column lists “Success”. If not then begin troubleshooting the problem.

If all tests pass for each Connectivity test, move on to monitoring MOM 2005 and SCOM 2007 and verify that the tests are executing and completing successfully.