Inter-Organization Replication Tool Inter-Organization Replication Tool 1 Introduction The Inter-Organization Replication tool was first released as part of Microsoft® Exchange Server 5.5 Service Pack 3 (SP3), with an updated version for Microsoft® Exchange Server 2003. The tool is used to replicate free/busy information and public folder content between Exchange organizations. It allows for the coordination of meeting, appointments, contacts, and public folder information between disjointed Exchange organizations. The tool consists of two programs: the Replication Configuration program (exscfg.exe), and the Replication service (exssrv.exe). The Replication Configuration program creates a configuration file for setting the replication frequency, logging options, folders to be replicated, and accounts to be used. The Replication service, using a configuration file created by the Replication Configuration program, continuously updates information from one server (designated as the Publisher) to one or more Exchange servers (designated as Subscribers). Schedule+ Free/Busy information is replicated from Publisher to Subscriber only. Because of this, you must have two free/busy sessions to bi-directionally update free and busy information. Public folders can be replicated from Publisher to Subscriber or bi- directionally. You can configure the replication frequency, as well as the logging of message and folder replication, and how much processing power you want devoted to the replication process. Why Multiple Exchange Organizations? Multiple Exchange organizations can exist within an enterprise. This can occur in the following situations: A merger or acquisition of a company that has a separate Exchange organization occurs. Servers are added to a different Exchange organization that may or may not be merged with the parent organization. Earlier versions of Exchange must share folder and free/busy information with Exchange servers in different organizations using Exchange 5.5 or later versions. Exchange servers are administered separately in different organizations because of geographical constraints. A company has a business partner where they have an agreement to share information without actually connecting their Exchange servers together through an Exchange organizational structure. When an Exchange topology that includes two or more organizations exists, the Inter- Organization Replication tool can be used to replicate free/busy and public folder information. Sharing information between companies requires tight integration with network security and detailed management of information sharing. The Inter-Organization Replication tool enables detailed management of intra-organizational content access and security for files transported outside the Exchange organization's security layer. The Inter- Organization Replication tool enables this functionality by: Limiting the interaction of foreign organizations to a specific folder or folders. Preventing administrators of foreign organizations from seeing the structure of your public folder system, or users who have not been granted permission to replicate free/busy information. Inter-Organization Replication Tool 2 Security Whenever information is accessed on an Exchange server from another domain or organization, there is the potential for a security breach. The Inter-Organization Replication tool ensures that the privacy of the shared information is maintained while being duplicated between Exchange organizations. Additionally, secondary information, such as the number and names of folders on the opposite Exchange server, are not available to either system administrator. These are also visible only while you are creating a configuration file to determine the folders to replicate between. System Requirements The following are the system requirements for computers that are running the Replication Configuration tool and Replication service: Microsoft® Windows® 2000 Server with Service Pack 3 or later versions, or Microsoft® Windows Server™ 2003 Exchange 2000 Standard or Enterprise Edition with Service Pack 3 or later versions, or Exchange 2003 Standard or Enterprise Edition Network Requirements A MAPI-capable Local Area Network (LAN) connection between Exchange organizations is required to use the Inter-Organization Replication tool. Installation Installing the Inter-Organization Replication tool for use with Exchange Server consists of the following steps: 1. Preparing the Publisher 2. Preparing the Subscriber 3. Installing the Inter-Organization Replication tool files 4. Creating a Replication Configuration file 5. Setting up the Replication service Preparing the Publisher Server The first step in configuring the Inter-Organization Replication tool is to prepare an Exchange server to be a Publisher. The Publisher collects information from an Exchange organization, packages it, and sends it to Subscriber Exchange servers outside the Exchange organization based on a schedule you create. The Publisher can be considered as the source server the information is being replicated from. To prepare the Publisher, you must create a service account and mailbox for the tool to use during the replication process. You also must assign the appropriate permissions to that service account and mailbox, and create a public folder for the tool to use during replication. Inter-Organization Replication Tool 3 It is important to understand that the service account and mailbox that you create must be listed as an owner of each public folder and subfolder you want to replicate, on either the Publisher or the Subscriber. This enables the tool to replicate anonymous and default permissions from one organization to the other. Use Microsoft® Office Outlook® or Exchange System Manager to change the ownership and the permissions of public folders. For free/busy replication, you will have editor permissions on the free/busy folder, which is sufficient to prepare the Publisher for this scenario. To prepare the Publisher server for Inter-Organization Replication 1. Create a Windows NT account and an associated Exchange mailbox for the tool to use as a MAPI service account. 2. Using Microsoft Outlook or Exchange System Manager, add the service account mailbox that you created as an owner for every top-level folder and subfolder you want to replicate. 3. Using Exchange System Manager on an Exchange 2000 or Exchange 2003 organization or using Outlook on an Exchange 5.5 organization, create a public folder named ExchsyncSecurityFolder in the root public folder and grant Folder Visible permissions to the service account mailbox that you created. Do not specify any default or anonymous permissions on this folder; it is used by the Replication service for additional security and must be present on both the Publisher and Subscriber servers. 4. Using Outlook, log on to the MAPI service account to initialize the mailbox on the server to verify that your permissions and access are correct. Preparing the Subscriber Server A Subscriber is an Exchange server where you want to replicate information to using the Inter-Organization Replication tool. To configure a Subscriber, you must create a Windows NT account and an associated Exchange mailbox that the tool can use as a service account. Additionally, you must create the public folders that the tool needs for the replication process. To prepare the Subscriber server for Inter-Organization Replication 1. Create a Microsoft®Windows NT® account and an associated Exchange mailbox for the tool to use as a service account. 2. Using Outlook or Exchange System Manager, create a top-level folder for every part of the folder hierarchy you are replicating. The tool will create subfolders automatically. 3. Using Outlook or Exchange System Manager, grant Publishing Editor permission for each top-level folder to the service account mailbox that you created. 4. Using Outlook or Exchange System Manager, create a public folder named ExchsyncSecurityFolder off the root public folder and grant Folder Visible permission to the service account mailbox that you created. Do not specify any default or anonymous permissions on this folder; it is used by the Replication service for additional security and must be present on both the Publisher and Subscriber servers. 5. Using Outlook, log on to the MAPI service account to initialize the mailbox on the server and to verify that your permissions and access are correct. Note A server can be both a Publisher and Subscriber if you are replicating both ways. Inter-Organization Replication Tool 4 Installing the Inter-Organization Replication Tool Files The Inter-Organization Replication Tool, which can be downloaded from http://go.microsoft.com/fwlink/?linkId=25097, consists of two files: Exscfg.exe, the Microsoft Exchange Replication Configuration program Exssrv.exe, the Microsoft Exchange Replication service To use the files 1. Create a working directory for the tool to use, for example, C:\IORepl. 2. Copy/Install the files Exssrv.exe and Exscfg.exe to your working directory. The computer where the Inter-Organization Replication tool is installed must have Exchange 2003 Administrator tools or Exchange 2000 SP3 Administrator tools installed. Running the Inter-Organization Replication Tool To set up replication, you must create a configuration file. The configuration file will contain replication sessions. Each session will be either a free/busy session or a public folder session. Note It is recommended that you make connections between servers where the public folders being replicated are homed on the same server where the IOrepl connection is made. This is where the public folder store is on the same Exchange server specified by the IOrepl connection, and the mailbox used for the MAPI connections is also on the Exchange same server. To create a configuration file for free and busy replication 1. Double-click Exscfg.exe. 2. On the Session menu, click Add. 3. In the Add Session dialog box, select Schedule+ Free/Busy Replication. Figure 1 The Add Session dialog box Note Selecting File and then NEW creates a new configuration, not a new session. Inter-Organization Replication Tool 5 1. Type a display name (Title) for the session. Figure 2 The Free/Busy Session Configuration dialog box 1. Type the Publisher and Subscriber server names, and the service account mailboxes that you created for each. 2. Click Advanced and type the Windows NT domain, service account, and password for each Publisher and Subscriber accounts. Figure 3 The Advanced Information dialog box 1. Click Schedule and create a replication schedule that fits your requirements. The minimum time for replication is every 5 minutes. By default, Outlook publishes free/busy data every 15 minutes therefore it is recommended that you do not set your replication interval lower than 15 minutes. Inter-Organization Replication Tool 6 Figure 4 The Session Schedule Configuration dialog box 1. Choose the sites for which you want to replicate free and busy information. The default is all sites available. Note If you have sites or administrative groups that do not have public folder referrals or affinity, be sure to select the sites yourself and not select those sites that are unavailable through public folder referral or site affinity. 1. Click OK to add the session to the configuration file and then save. Note For each mailbox in the Publisher server that you want to replicate free and busy information to, a corresponding custom recipient must exist on the Subscriber server. The primary Simple Mail Transfer Protocol (SMTP) address of the mailbox is the unique key that is used to match mailboxes to custom recipients. Log files (located in the working directory you created when installing the files) report when the service starts or stops, any errors it encounters, and statistical information for each session (for example, number of messages and folders replicated). To create a configuration file for public folder replication 1. Double-click Exscfg.exe. 2. On the Session menu, click Add. 3. In the Add Session dialog box, select Public Folder(s) Replication. Figure 5 The Add Session dialog box 1. In the Public Folder Session Configuration dialog box, type a display name (Title) for the session. Inter-Organization Replication Tool 7 Figure 6 The Public Folder Session Configuration dialog box 1. In the Maximum Tasks box, select the number of threads to be used for replication by using the up and down arrows. Click Schedule and in the Schedule dialog box, enter the time, day, and frequency for the replication session. If you want the tool to write a log during the replication process, click Logging and set the appropriate parameters. 2. Type the Publisher and Subscriber server names, and the service account mailboxes that you created for each. 3. Click Advanced and type the Windows NT domain, service account, and password for each Publisher and Subscriber accounts. Figure 7 The Advanced Information dialog box 1. Click Folder List to select which folders to replicate. In the Session Folder List dialog box, select the folder or folder hierarchy on the Publisher that you want to replicate, and then select the destination folder on the Subscriber. 2. Click the arrow button once to replicate public folder information only from the Publisher to the Subscriber. Click again to toggle bidirectional replication. You can also toggle on if subfolders replicate, deletions replicate, and default or anonymous permissions replicate. Inter-Organization Replication Tool 8 Figure 8 The Session Folder List dialog box 1. Click OK to add the session to the configuration file and save. Note The number of threads should be less than or equal to the number of sites to replicate information for. If you use higher task number values, performance can be negatively affected. Log files (located in the working directory you created when installing the files) report when the service starts or stops, any errors it encounters, and statistical information for each session (for example, number of messages and folders replicated). To set up the Replication service 1. Double-click Exssrv.exe. The first time that you run Exssrv.exe, click Install. 2. In the Installation dialog box, type the Windows NT account name and password for the account that will run the service. The account should have the rights to log on locally and can run as a service. The account should be entered as domain\username. Inter-Organization Replication Tool 9 Figure 9 The Installation dialog box 1. Type the path and file name of the configuration file you created. 2. Specify whether you want the service to automatically start automatically when you turn on the computer. 3. After you have installed the Service, click Start or start it from Control Panel. Note The working directory is the directory where the tool will put log files, and where the configuration file (exchsync.ini) will be with the Exchange 2003 version of the tool. Connectivity between Foreign Networks Working with the Inter-Organization Replication tool frequently requires that two foreign networks must communicate. This can include name resolution and firewall configuration changes to allow for the tool to work. Name Resolution The Inter-Organization Replication tool uses name resolution to find each Exchange server, therefore NetBIOS name resolution will be required across the networks. This can be done by using either WINS or an LMHOSTS file. See your WINS documentation on how to do this. Using an LMHOSTS file may be easier to maintain because you will need to have it only on the servers that are replicating. The LMHOSTS file is on Windows NT machines in the directory <system root>\system32\drivers\etc. The <system root> is usually c:\WINNT unless it was changed during the installation of Windows NT. The LMHOSTS file has no "dot" extension so when it is modified ensure that it still has no extension. Be aware that when using an editor such as Notepad, an extension of .txt tends to be added. Firewalls Inter-Organization Replication Tool 10 All communication between the Publisher and Subscriber Exchange servers uses remote procedure call (RPC). This is done through the TCP/IP port 135. An Exchange server monitors port 135 for connections to the RPC endpoint mapper service. When an Exchange server starts, it assigns two random ports (above 1024) to use to communicate the responses and information back from the Exchange store and the directory. Because the ports are random, it is difficult to establish communication because these ports cannot be "opened" on the firewall or proxy server. Changes to each Exchange server need to be made to statically assign the two random ports. By assigning static ports for communication, we can configure routers and firewalls to enable TCP/IP connections between Exchange servers and clients over the static ports. Exchange communication is discussed in Microsoft Knowledge Base articles 155831 and 176466. The two random ports can be made static by modifying the registry of each server. 155831 Summary of Steps 1. Start Registry Editor (Regedt32.exe). 2. Under the HKEY_LOCAL_MACHINE subtree, locate the following subkey: System\CurrentControlSet\Services\MSExchangeDS\Parameters 3. Add the following entry for the Microsoft Exchange Directory service: Name: TCP/IP port Value: REG_DWORD DATA: <port number to assign> Note It is recommended that you assign ports from the 5000 through 65535 (decimal) range. 1. Locate the following subkey: System\CurrentControlSet\Services\MSExchangeIS\ParametersSystem. 2. Add the following entry for the Exchange store: Name: TCP/IP port Value: REG_DWORD DATA: <port number to assign> Note It is recommended that you assign ports from the 5000 through 65535 (decimal) range. 1. Quit Registry Editor. After the changes have been made, the Exchange server services must be stopped and restarted to reflect the new communication ports. Also, routers and firewalls will have to be configured to enable TCP/IP communications to be made using these ports and port 135. When an Exchange 2003 server starts, it selects only a random port for the Exchange store, because the directory is now Microsoft Active Directory® directory service. Client communication with an Exchange server requires a different configuration. The configuration is described in Microsoft Knowledge Base articles 270836 and 298369. Summary of the Knowledge Base articles Inter-Organization Replication Tool 11 Make these changes on the Exchange 2003 server 1. Start Registry Editor (Regedt32.exe). 2. Locate and then click the following registry key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSExchangeSA\Param eters 3. Add the following entry for the Microsoft Exchange SA RFR Interface: Name: TCP/IP Port Value: REG_DWORD Data Value: Port number to assign Note Port assignments should be in the 1024 through 5000 (decimal) range. 1. Add the following entry for the Microsoft Exchange Directory NSPI Proxy Interface: Name: TCP/IP NSPI Port Value: REG_DWORD Data Value: Port number to assign 2. Locate and then click the following registry key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSExchangeIS\Parame tersSystem 3. Add the following entry for the Microsoft Exchange Information Store Interface: Name: TCP/IP Port Type: REG_DWORD Data Value: port number to assign 4. Quit Registry Editor. Restart the Exchange 2003 computer for these changes to take effect. Make these changes on the global catalog server 1. Start Registry Editor (Regedt32.exe). 2. Locate and select the following key in the registry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters 3. On the Edit menu, click Add Value, and then add the following registry value: Value name: TCP/IP Port Data type: REG_DWORD Radix: click Decimal Value data: Enter the required port number (in decimal) Note Port assignments should be in the 1024 through 5000 (decimal) range. 1. Quit Registry Editor. Inter-Organization Replication Tool 12 Restart the global catalog server so that the static mapping will be read when the Name Service Provider Interface (NSPI) is initialized. After you have completed these steps, configure the packet filter (or firewall) to enable TCP/IP connections to be made to these ports, as well as to port 135. Remember that you have to open the firewall for both the Exchange server and the global catalog server. Frequently Asked Questions 1. Can I install the service through terminal services? Yes. When you install the service, it creates an exchsyn.ini file in the created working directory. This enables the tool to work the same way whether you are using Terminal server or working on the console. 2. Do I have to run the service on an Exchange server? No. It will work on a stand-alone system with the Exchange 2003 or Exchange 2000 Exchange System Manager. 3. When I run the service, it generates a 115 Error event and fails. Why? A 115 Error event indicates that the ExchsyncSecurityFolder cannot be located. Verify that the name is the same and there are no trailing or leading spaces in the name. 4. When I run the service, it generates a 116 Error event and fails. Why? A 116 Error event indicates you have a security problem; the account you are using does not have access to the ExchsyncSecurityFolder or a free/busy folder. Verify that the folders are visible and that the account used has access to read and write to the folders. 5. When I run the service, it generates a 118 Error event and fails. Why? A 118 Error event is a communications error. The tool has been unable to contact the server in question. Check for correct name resolution, network connectivity (trace route and ping), and make sure you have the correct version of MAPISVC.INF and that it is not damaged. 6. When I run the service, it generates a 120 Error event and fails. Why? A 120 Error event is a communications error. We have been able to contact the remote server but we did not make a connection. Again, check network connectivity (trace route and ping) to ensure that there was no packet loss. Verify that you have the correct user name and password for the service account mailbox. 7. Can I use the tool to connect an Exchange 5.5 organization to an Exchange 2003 organization? Yes. You must use the Exchange 2003 version of the Inter-Organization Replication tool. 8. The service is using the credentials of the service to log on rather then the credentials specified in the configuration file. Why? When setting credentials in the configuration file, make sure to select the Advanced tab, and then enter the correct credentials. This will force the tool to use the correct credentials instead of the service account credentials. 9. The tool will not replicate and reports the following error in the log file, "ERROR: Unable to import message change…". Message previously existed but has been deleted. Why? Inter-Organization Replication Tool 13 At some point, the free/busy messages in the Subscriber organization for the Publishing organization users were deleted. Because we are using the public folder APIs for this replication, it will not allow these messages to be replicated back in because they have the same message ID. For replication to continue, new free/busy messages must be created in the Publishing organization. This can be done by using the fbscrubber tool to clear out all the free/busy information in the publishing organization, and then making a change to every user's calendar so that it so it updates the free/busy information again. Note If you have two-way replication occurring, do not remove the free and busy messages for the custom recipient of the other organization because you will re- create the problem but in the reverse direction. 10. Free/busy information for new custom recipient in the subscribing organization does not get updated. Why? The tool tracks changes and which users it has replicated information for in the past, so it does not need to replicate everything every time. If a mailbox in the Publishing organization does not match a custom recipient in the Subscribing organization, it is marked not to replicate this mailbox again. If a new custom recipient is created for this user in the Subscribing organization after this, it still will not replicate as it was already marked. This information is kept in a "dat" file in the working directory. If you delete this "dat" file, the Inter-Organization Replication tool will perform a complete synchronization the next time and pick up the new custom recipient. 11. Will the tool replicate only free/busy information for the local Exchange site? No. The tool can be used to replicate information from downstream sites by contacting only a single publisher server. However, there are issues that can result if there are problems contacting the downstream server that contains the free/busy information. Try to use Outlook on a computer in the same network segment as the IORepl server. Log on the MAPI service account and see if you can see free/busy information for users at the downstream site. You may have to change public folder affinity or referrals to enable your MAPI account to read free/busy information from the downstream server. You should also ensure that the network for the downstream server, and the downstream server itself, are reliable. If there are issues with any of these items, it is best to add a replica of the free/busy information to the local publisher server to avoid network issues. 12. Can I use the tool to connect more than two Exchange organizations for free and busy information? Yes. You can do this with the "Publish custom recipient free/busy data" switch (Exchange 2000 SP1 or later versions). You can configure a hub and spoke configuration with the organizations. Here is an example of which sessions you would need to configure three organizations, with Org2 being the hub: One going from Org2 to Org1 that includes custom recipients One going from Org1 to Org2 One going from Org2 to Org3 that includes custom recipients One going from Org3 to Org2 Ensure that the tool is configured as a hub and spoke and that no rings exist. 13. What are the .ini settings for exssrv.exe? Inter-Organization Replication Tool 14 Exposed though the graphical user interface: char g_szAccountKey = "Account"; char g_szAutomaticKey = "Automatic"; char g_szWorkDirectoryKey = "Directory"; char g_szConfigFileKey = "Config"; Not exposed though the graphical user interface: char g_szDebugKey = "Debug"; char g_szHangKey = "Hang"; char g_szHangOnStartKey = "HangOnStart"; char g_szNowKey = "Now"; char g_szTimeoutKey = "ThreadTimeout"; char g_szReplicateRawNTSDKey = "ReplicateRawNTSD"; char g_szDebugFileKey = "DebugFile"; 14. When I upgrade from an earlier version, the tool no longer works. Why? Make sure that you delete the old exchsync.ini file (should be in %systemroot%) and open exssrv.exe. Click Remove and add the missing information again. Click OK when complete. This will create the new exchsync.ini file in the working directory you created earlier.
Pages to are hidden for
"Subscriber Data Management Outlook"Please download to view full document