Replication Rights Agreement

Document Sample
Replication Rights Agreement Powered By Docstoc
					Inter-Organization Replication
            Tool
Inter-Organization Replication Tool                                                     1


       Introduction
       The Inter-Organization Replication tool was first released as part of Microsoft® Exchange
       Server 5.5 Service Pack 3 (SP3), with an updated version for Microsoft® Exchange
       Server 2003. The tool is used to replicate free/busy information and public folder content
       between Exchange organizations. It allows for the coordination of meeting, appointments,
       contacts, and public folder information between disjointed Exchange organizations.
       The tool consists of two programs: the Replication Configuration program (exscfg.exe), and
       the Replication service (exssrv.exe). The Replication Configuration program creates a
       configuration file for setting the replication frequency, logging options, folders to be
       replicated, and accounts to be used. The Replication service, using a configuration file
       created by the Replication Configuration program, continuously updates information from
       one server (designated as the Publisher) to one or more Exchange servers (designated as
       Subscribers). Schedule+ Free/Busy information is replicated from Publisher to Subscriber
       only. Because of this, you must have two free/busy sessions to bi-directionally update free
       and busy information. Public folders can be replicated from Publisher to Subscriber or bi-
       directionally. You can configure the replication frequency, as well as the logging of
       message and folder replication, and how much processing power you want devoted to the
       replication process.

       Why Multiple Exchange Organizations?
       Multiple Exchange organizations can exist within an enterprise. This can occur in the
       following situations:
          A merger or acquisition of a company that has a separate Exchange organization
           occurs.
          Servers are added to a different Exchange organization that may or may not be merged
           with the parent organization.
          Earlier versions of Exchange must share folder and free/busy information with
           Exchange servers in different organizations using Exchange 5.5 or later versions.
          Exchange servers are administered separately in different organizations because of
           geographical constraints.
          A company has a business partner where they have an agreement to share information
           without actually connecting their Exchange servers together through an Exchange
           organizational structure.
       When an Exchange topology that includes two or more organizations exists, the Inter-
       Organization Replication tool can be used to replicate free/busy and public folder
       information. Sharing information between companies requires tight integration with
       network security and detailed management of information sharing. The Inter-Organization
       Replication tool enables detailed management of intra-organizational content access and
       security for files transported outside the Exchange organization's security layer. The Inter-
       Organization Replication tool enables this functionality by:
          Limiting the interaction of foreign organizations to a specific folder or folders.
          Preventing administrators of foreign organizations from seeing the structure of your
           public folder system, or users who have not been granted permission to replicate
           free/busy information.
Inter-Organization Replication Tool                                                  2

       Security
       Whenever information is accessed on an Exchange server from another domain or
       organization, there is the potential for a security breach. The Inter-Organization Replication
       tool ensures that the privacy of the shared information is maintained while being duplicated
       between Exchange organizations. Additionally, secondary information, such as the number
       and names of folders on the opposite Exchange server, are not available to either system
       administrator. These are also visible only while you are creating a configuration file to
       determine the folders to replicate between.

       System Requirements
       The following are the system requirements for computers that are running the Replication
       Configuration tool and Replication service:
          Microsoft® Windows® 2000 Server with Service Pack 3 or later versions, or Microsoft®
           Windows Server™ 2003
          Exchange 2000 Standard or Enterprise Edition with Service Pack 3 or later versions, or
           Exchange 2003 Standard or Enterprise Edition
       Network Requirements
        A MAPI-capable Local Area Network (LAN) connection between Exchange organizations
          is required to use the Inter-Organization Replication tool.

Installation


       Installing the Inter-Organization Replication tool for use with Exchange Server consists of
       the following steps:
       1. Preparing the Publisher
       2. Preparing the Subscriber
       3. Installing the Inter-Organization Replication tool files
       4. Creating a Replication Configuration file
       5. Setting up the Replication service
       Preparing the Publisher Server
       The first step in configuring the Inter-Organization Replication tool is to prepare an
       Exchange server to be a Publisher. The Publisher collects information from an Exchange
       organization, packages it, and sends it to Subscriber Exchange servers outside the
       Exchange organization based on a schedule you create. The Publisher can be considered as
       the source server the information is being replicated from.
       To prepare the Publisher, you must create a service account and mailbox for the tool to use
       during the replication process. You also must assign the appropriate permissions to that
       service account and mailbox, and create a public folder for the tool to use during
       replication.
Inter-Organization Replication Tool                                                  3

       It is important to understand that the service account and mailbox that you create must be
       listed as an owner of each public folder and subfolder you want to replicate, on either the
       Publisher or the Subscriber. This enables the tool to replicate anonymous and default
       permissions from one organization to the other. Use Microsoft® Office Outlook® or
       Exchange System Manager to change the ownership and the permissions of public folders.
       For free/busy replication, you will have editor permissions on the free/busy folder, which is
       sufficient to prepare the Publisher for this scenario.
  To prepare the Publisher server for Inter-Organization Replication
       1. Create a Windows NT account and an associated Exchange mailbox for the tool to use
          as a MAPI service account.
       2. Using Microsoft Outlook or Exchange System Manager, add the service account mailbox
          that you created as an owner for every top-level folder and subfolder you want to
          replicate.
       3. Using Exchange System Manager on an Exchange 2000 or Exchange 2003 organization
          or using Outlook on an Exchange 5.5 organization, create a public folder named
          ExchsyncSecurityFolder in the root public folder and grant Folder Visible permissions to
          the service account mailbox that you created. Do not specify any default or anonymous
          permissions on this folder; it is used by the Replication service for additional security
          and must be present on both the Publisher and Subscriber servers.
       4. Using Outlook, log on to the MAPI service account to initialize the mailbox on the server
          to verify that your permissions and access are correct.
       Preparing the Subscriber Server
       A Subscriber is an Exchange server where you want to replicate information to using the
       Inter-Organization Replication tool. To configure a Subscriber, you must create a
       Windows NT account and an associated Exchange mailbox that the tool can use as a
       service account. Additionally, you must create the public folders that the tool needs for the
       replication process.
  To prepare the Subscriber server for Inter-Organization Replication
       1. Create a Microsoft®Windows NT® account and an associated Exchange mailbox for
          the tool to use as a service account.
       2. Using Outlook or Exchange System Manager, create a top-level folder for every part of
          the folder hierarchy you are replicating. The tool will create subfolders automatically.
       3. Using Outlook or Exchange System Manager, grant Publishing Editor permission for
          each top-level folder to the service account mailbox that you created.
       4. Using Outlook or Exchange System Manager, create a public folder named
          ExchsyncSecurityFolder off the root public folder and grant Folder Visible permission to
          the service account mailbox that you created. Do not specify any default or anonymous
          permissions on this folder; it is used by the Replication service for additional security
          and must be present on both the Publisher and Subscriber servers.
       5. Using Outlook, log on to the MAPI service account to initialize the mailbox on the server
          and to verify that your permissions and access are correct.
          Note
          A server can be both a Publisher and Subscriber if you are replicating both ways.
Inter-Organization Replication Tool                                                  4

       Installing the Inter-Organization Replication Tool Files
       The Inter-Organization Replication Tool, which can be downloaded from
       http://go.microsoft.com/fwlink/?linkId=25097, consists of two files:
          Exscfg.exe, the Microsoft Exchange Replication Configuration program
          Exssrv.exe, the Microsoft Exchange Replication service
  To use the files
       1. Create a working directory for the tool to use, for example, C:\IORepl.
       2. Copy/Install the files Exssrv.exe and Exscfg.exe to your working directory.
       The computer where the Inter-Organization Replication tool is installed must have
       Exchange 2003 Administrator tools or Exchange 2000 SP3 Administrator tools installed.

Running the Inter-Organization
Replication Tool


       To set up replication, you must create a configuration file. The configuration file will
       contain replication sessions. Each session will be either a free/busy session or a public
       folder session.
       Note
       It is recommended that you make connections between servers where the public folders
       being replicated are homed on the same server where the IOrepl connection is made. This
       is where the public folder store is on the same Exchange server specified by the IOrepl
       connection, and the mailbox used for the MAPI connections is also on the Exchange same
       server.
  To create a configuration file for free and busy replication
       1. Double-click Exscfg.exe.
       2. On the Session menu, click Add.
       3. In the Add Session dialog box, select Schedule+ Free/Busy Replication.




       Figure 1 The Add Session dialog box

           Note
           Selecting File and then NEW creates a new configuration, not a new session.
Inter-Organization Replication Tool                                             5

       1. Type a display name (Title) for the session.




       Figure 2 The Free/Busy Session Configuration dialog box

       1. Type the Publisher and Subscriber server names, and the service account mailboxes
          that you created for each.
       2. Click Advanced and type the Windows NT domain, service account, and password for
          each Publisher and Subscriber accounts.




       Figure 3 The Advanced Information dialog box

       1. Click Schedule and create a replication schedule that fits your requirements. The
          minimum time for replication is every 5 minutes. By default, Outlook publishes
          free/busy data every 15 minutes therefore it is recommended that you do not set your
          replication interval lower than 15 minutes.
Inter-Organization Replication Tool                                                   6




       Figure 4 The Session Schedule Configuration dialog box

       1. Choose the sites for which you want to replicate free and busy information. The default
          is all sites available.
          Note
          If you have sites or administrative groups that do not have public folder referrals or
          affinity, be sure to select the sites yourself and not select those sites that are
          unavailable through public folder referral or site affinity.

       1. Click OK to add the session to the configuration file and then save.
          Note
          For each mailbox in the Publisher server that you want to replicate free and busy
          information to, a corresponding custom recipient must exist on the Subscriber server.
          The primary Simple Mail Transfer Protocol (SMTP) address of the mailbox is the unique
          key that is used to match mailboxes to custom recipients.

       Log files (located in the working directory you created when installing the files) report
       when the service starts or stops, any errors it encounters, and statistical information for
       each session (for example, number of messages and folders replicated).
  To create a configuration file for public folder replication
       1. Double-click Exscfg.exe.
       2. On the Session menu, click Add.
       3. In the Add Session dialog box, select Public Folder(s) Replication.




       Figure 5 The Add Session dialog box

       1. In the Public Folder Session Configuration dialog box, type a display name (Title)
          for the session.
Inter-Organization Replication Tool                                                  7




       Figure 6 The Public Folder Session Configuration dialog box

       1. In the Maximum Tasks box, select the number of threads to be used for replication
          by using the up and down arrows. Click Schedule and in the Schedule dialog box,
          enter the time, day, and frequency for the replication session. If you want the tool to
          write a log during the replication process, click Logging and set the appropriate
          parameters.
       2. Type the Publisher and Subscriber server names, and the service account mailboxes
          that you created for each.
       3. Click Advanced and type the Windows NT domain, service account, and password for
          each Publisher and Subscriber accounts.




       Figure 7 The Advanced Information dialog box

       1. Click Folder List to select which folders to replicate. In the Session Folder List dialog
          box, select the folder or folder hierarchy on the Publisher that you want to replicate,
          and then select the destination folder on the Subscriber.
       2. Click the arrow button once to replicate public folder information only from the
          Publisher to the Subscriber. Click again to toggle bidirectional replication. You can also
          toggle on if subfolders replicate, deletions replicate, and default or anonymous
          permissions replicate.
Inter-Organization Replication Tool                                                   8




       Figure 8 The Session Folder List dialog box

       1. Click OK to add the session to the configuration file and save.
          Note
          The number of threads should be less than or equal to the number of sites to replicate
          information for. If you use higher task number values, performance can be negatively
          affected.

       Log files (located in the working directory you created when installing the files) report
       when the service starts or stops, any errors it encounters, and statistical information for
       each session (for example, number of messages and folders replicated).
  To set up the Replication service
       1. Double-click Exssrv.exe. The first time that you run Exssrv.exe, click Install.
       2. In the Installation dialog box, type the Windows NT account name and password for
          the account that will run the service. The account should have the rights to log on
          locally and can run as a service. The account should be entered as domain\username.
Inter-Organization Replication Tool                                                 9




       Figure 9 The Installation dialog box

       1. Type the path and file name of the configuration file you created.
       2. Specify whether you want the service to automatically start automatically when you
          turn on the computer.
       3. After you have installed the Service, click Start or start it from Control Panel.
              Note
              The working directory is the directory where the tool will put log files, and where
              the configuration file (exchsync.ini) will be with the Exchange 2003 version of the
              tool.

       Connectivity between Foreign Networks
       Working with the Inter-Organization Replication tool frequently requires that two foreign
       networks must communicate. This can include name resolution and firewall configuration
       changes to allow for the tool to work.
       Name Resolution
       The Inter-Organization Replication tool uses name resolution to find each Exchange server,
       therefore NetBIOS name resolution will be required across the networks. This can be done
       by using either WINS or an LMHOSTS file. See your WINS documentation on how to do
       this.
       Using an LMHOSTS file may be easier to maintain because you will need to have it only on
       the servers that are replicating. The LMHOSTS file is on Windows NT machines in the
       directory <system root>\system32\drivers\etc. The <system root> is usually
       c:\WINNT unless it was changed during the installation of Windows NT. The LMHOSTS file
       has no "dot" extension so when it is modified ensure that it still has no extension. Be aware
       that when using an editor such as Notepad, an extension of .txt tends to be added.
       Firewalls
Inter-Organization Replication Tool                                                10

       All communication between the Publisher and Subscriber Exchange servers uses remote
       procedure call (RPC). This is done through the TCP/IP port 135. An Exchange server
       monitors port 135 for connections to the RPC endpoint mapper service.
       When an Exchange server starts, it assigns two random ports (above 1024) to use to
       communicate the responses and information back from the Exchange store and the
       directory. Because the ports are random, it is difficult to establish communication because
       these ports cannot be "opened" on the firewall or proxy server. Changes to each Exchange
       server need to be made to statically assign the two random ports. By assigning static ports
       for communication, we can configure routers and firewalls to enable TCP/IP connections
       between Exchange servers and clients over the static ports.
       Exchange communication is discussed in Microsoft Knowledge Base articles 155831 and
       176466. The two random ports can be made static by modifying the registry of each
       server.
  155831 Summary of Steps
       1. Start Registry Editor (Regedt32.exe).
       2. Under the HKEY_LOCAL_MACHINE subtree, locate the following subkey:
             System\CurrentControlSet\Services\MSExchangeDS\Parameters
       3. Add the following entry for the Microsoft Exchange Directory service:
             Name: TCP/IP port
             Value: REG_DWORD
           DATA: <port number to assign>
          Note
          It is recommended that you assign ports from the 5000 through 65535 (decimal) range.

       1. Locate the following subkey:
             System\CurrentControlSet\Services\MSExchangeIS\ParametersSystem.
       2. Add the following entry for the Exchange store:
             Name: TCP/IP port
             Value: REG_DWORD
           DATA: <port number to assign>
          Note
          It is recommended that you assign ports from the 5000 through 65535 (decimal) range.

       1. Quit Registry Editor.
       After the changes have been made, the Exchange server services must be stopped and
       restarted to reflect the new communication ports. Also, routers and firewalls will have to be
       configured to enable TCP/IP communications to be made using these ports and port 135.
       When an Exchange 2003 server starts, it selects only a random port for the Exchange
       store, because the directory is now Microsoft Active Directory® directory service. Client
       communication with an Exchange server requires a different configuration. The
       configuration is described in Microsoft Knowledge Base articles 270836 and 298369.
       Summary of the Knowledge Base articles
Inter-Organization Replication Tool                                               11

  Make these changes on the Exchange 2003 server
       1. Start Registry Editor (Regedt32.exe).
       2. Locate and then click the following registry key:
              HKEY_LOCAL_MACHINE\System\CurrentControlSet\Serv ices\MSExchangeSA\Param
               eters
       3. Add the following entry for the Microsoft Exchange SA RFR Interface:
              Name: TCP/IP Port
              Value: REG_DWORD
            Data Value: Port number to assign
           Note
           Port assignments should be in the 1024 through 5000 (decimal) range.

       1. Add the following entry for the Microsoft Exchange Directory NSPI Proxy Interface:
              Name: TCP/IP NSPI Port
              Value: REG_DWORD
              Data Value: Port number to assign
       2. Locate and then click the following registry key:
              HKEY_LOCAL_MACHINE\System\CurrentControlSet\Serv ices\MSExchangeIS\Parame
               tersSystem
       3. Add the following entry for the Microsoft Exchange Information Store Interface:
              Name: TCP/IP Port
              Type: REG_DWORD
              Data Value: port number to assign
       4. Quit Registry Editor.
       Restart the Exchange 2003 computer for these changes to take effect.
  Make these changes on the global catalog server
       1. Start Registry Editor (Regedt32.exe).
       2. Locate and select the following key in the registry:
              HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters
       3. On the Edit menu, click Add Value, and then add the following registry value:
              Value name: TCP/IP Port
              Data type: REG_DWORD
              Radix: click Decimal
            Value data: Enter the required port number (in decimal)
           Note
           Port assignments should be in the 1024 through 5000 (decimal) range.

       1. Quit Registry Editor.
Inter-Organization Replication Tool                                                12

       Restart the global catalog server so that the static mapping will be read when the Name
       Service Provider Interface (NSPI) is initialized. After you have completed these steps,
       configure the packet filter (or firewall) to enable TCP/IP connections to be made to these
       ports, as well as to port 135. Remember that you have to open the firewall for both the
       Exchange server and the global catalog server.

       Frequently Asked Questions
       1. Can I install the service through terminal services?
             Yes. When you install the service, it creates an exchsyn.ini file in the created
              working directory. This enables the tool to work the same way whether you are
              using Terminal server or working on the console.
       2. Do I have to run the service on an Exchange server?
             No. It will work on a stand-alone system with the Exchange 2003 or Exchange 2000
              Exchange System Manager.
       3. When I run the service, it generates a 115 Error event and fails. Why?
             A 115 Error event indicates that the ExchsyncSecurityFolder cannot be located.
              Verify that the name is the same and there are no trailing or leading spaces in the
              name.
       4. When I run the service, it generates a 116 Error event and fails. Why?
             A 116 Error event indicates you have a security problem; the account you are using
              does not have access to the ExchsyncSecurityFolder or a free/busy folder. Verify
              that the folders are visible and that the account used has access to read and write
              to the folders.
       5. When I run the service, it generates a 118 Error event and fails. Why?
             A 118 Error event is a communications error. The tool has been unable to contact
              the server in question. Check for correct name resolution, network connectiv ity
              (trace route and ping), and make sure you have the correct version of MAPISVC.INF
              and that it is not damaged.
       6. When I run the service, it generates a 120 Error event and fails. Why?
             A 120 Error event is a communications error. We have been able to contact the
              remote server but we did not make a connection. Again, check network connectiv ity
              (trace route and ping) to ensure that there was no packet loss. Verify that you have
              the correct user name and password for the service account mailbox.
       7. Can I use the tool to connect an Exchange 5.5 organization to an Exchange 2003
          organization?
             Yes. You must use the Exchange 2003 version of the Inter-Organization Replication
              tool.
       8. The service is using the credentials of the service to log on rather then the credentials
          specified in the configuration file. Why?
             When setting credentials in the configuration file, make sure to select the
              Advanced tab, and then enter the correct credentials. This will force the tool to
              use the correct credentials instead of the service account credentials.
       9. The tool will not replicate and reports the following error in the log file, "ERROR:
          Unable to import message change…". Message previously existed but has been deleted.
          Why?
Inter-Organization Replication Tool                                                     13

             At some point, the free/busy messages in the Subscriber organization for the
              Publishing organization users were deleted. Because we are using the public folder
              APIs for this replication, it will not allow these messages to be replicated back in
              because they have the same message ID. For replication to continue, new free/busy
              messages must be created in the Publishing organization. This can be done by
              using the fbscrubber tool to clear out all the free/busy information in the publishing
              organization, and then making a change to every user's calendar so that it so it
              updates the free/busy information again.
              Note
              If you have two-way replication occurring, do not remove the free and busy
              messages for the custom recipient of the other organization because you will re-
              create the problem but in the reverse direction.

       10.    Free/busy information for new custom recipient in the subscribing organization does
          not get updated. Why?
             The tool tracks changes and which users it has replicated information for in the
              past, so it does not need to replicate everything every time. If a mailbox in the
              Publishing organization does not match a custom recipient in the Subscribing
              organization, it is marked not to replicate this mailbox again. If a new custom
              recipient is created for this user in the Subscribing organization after this, it still will
              not replicate as it was already marked. This information is kept in a "dat" file in the
              working directory. If you delete this "dat" file, the Inter-Organization Replication
              tool will perform a complete synchronization the next time and pick up the new
              custom recipient.
       11.    Will the tool replicate only free/busy information for the local Exchange site?
             No. The tool can be used to replicate information from downstream sites by
              contacting only a single publisher server. However, there are issues that can result
              if there are problems contacting the downstream server that contains the free/busy
              information. Try to use Outlook on a computer in the same network segment as the
              IORepl server. Log on the MAPI service account and see if you can see free/busy
              information for users at the downstream site. You may have to change public folder
              affinity or referrals to enable your MAPI account to read free/busy information from
              the downstream server. You should also ensure that the network for the
              downstream server, and the downstream server itself, are reliable. If there are
              issues with any of these items, it is best to add a replica of the free/busy
              information to the local publisher server to avoid network issues.
       12.   Can I use the tool to connect more than two Exchange organizations for free and
          busy information?
             Yes. You can do this with the "Publish custom recipient free/busy data" switch
              (Exchange 2000 SP1 or later versions). You can configure a hub and spoke
              configuration with the organizations. Here is an example of which sessions you
              would need to configure three organizations, with Org2 being the hub:
                     One going from Org2 to Org1 that includes custom recipients
                     One going from Org1 to Org2
                     One going from Org2 to Org3 that includes custom recipients
                     One going from Org3 to Org2
             Ensure that the tool is configured as a hub and spoke and that no rings exist.
       13.    What are the .ini settings for exssrv.exe?
Inter-Organization Replication Tool                                            14

             Exposed though the graphical user interface:
                 char g_szAccountKey[]      = "Account";
                 char g_szAutomaticKey[]     = "Automatic";
                 char g_szWorkDirectoryKey[] = "Directory";
                 char g_szConfigFileKey[]   = "Config";
             Not exposed though the graphical user interface:
                 char g_szDebugKey[]        = "Debug";
                 char g_szHangKey[]         = "Hang";
                 char g_szHangOnStartKey[] = "HangOnStart";
                 char g_szNowKey[]          = "Now";
                 char g_szTimeoutKey[]       = "ThreadTimeout";
                 char g_szReplicateRawNTSDKey[]           = "ReplicateRawNTSD";
                 char g_szDebugFileKey[]     = "DebugFile";
       14.    When I upgrade from an earlier version, the tool no longer works. Why?
             Make sure that you delete the old exchsync.ini file (should be in %systemroot%)
              and open exssrv.exe. Click Remove and add the missing information again. Click
              OK when complete. This will create the new exchsync.ini file in the working
              directory you created earlier.

				
DOCUMENT INFO
Shared By:
Categories:
Stats:
views:40
posted:7/13/2011
language:English
pages:16
Description: Replication Rights Agreement document sample