Microsoft Professional Advisory Services is a support option that provides short-term, proactive, consultative support beyond break-fix product maintenance needs. This includes working with the same technician for assistance with issues like product migration, code review, or new program development and is a remote, phone-based support option. This service is typically used for shorter engagements, and is designed for developers and IT professionals who do not require the traditional onsite consulting or sustained account management services that are available from other Microsoft support options.

For additional information on Microsoft Advisory Services, including on how to engage, refer to this Microsoft web page:

http://support.microsoft.com/gp/AdvisoryService (http://support.microsoft.com/gp/AdvisoryService)

Configuring Cross-Forest Availability for Exchange 2003 and/or Exchange Server 2007.

This scenario is intended to assist the customer with configuring the Availability service across multiple forests for Exchange Server 2003 and/or 2007. The Cross-forest Availability scenarios are broken down into two groups of possible scenarios: Trusted Forests and Untrusted Forests. During the scoping process the Support Engineer will assist the customer in determining the best scenario to follow.

Assumptions

The Configuring Cross-Forest Availability Pro Advisory Scenario makes the following assumptions:

• The current Exchange environments are healthy and configured per Microsoft’s Best Practice Recommendations as determined by a full Exchange Best Practice Analyzer health check in both forests.
• Any pre-existing configuration or other issues that might prevent a successful configuration will be resolved prior to beginning work on the Pro Advisory Scenario as scoped.  It is highly recommended that the customer perform the ExBPA health check and resolve any issues prior to beginning work on the Advisory Case Scope.
• Should the customer request assistance with bringing the current environment to a healthy state, separate break-fix Support Incidents will need to be opened to address each subordinate issue.  Further, should any issues arise while performing agreed upon scoped tasks in Trusted or Untrusted scenarios; a maximum of thirty (30) minutes will be spent troubleshooting.  If the issue is not resolved in these thirty (30) minutes, a new break-fix Support Incident will need to be opened at the customer’s expense to address the problem.  The Advisory Support Engineer may work the Support Incident at their discretion.
• Unless you intend to test the functionality by manually creating contact objects in each forest, it is also assumed that Directory (GAL) Synchronization between the two forests has already been configured using Microsoft Identity Integration Server 2003 (MIIS) or Microsoft Identity Lifecycle Manager 2007 (MILM) and is fully functional.

Questions to determine the appropriate scenario:

• Is this a new deployment of cross-forest availability?
  • Yes: Proceed
  • No: Has this ever worked?
    • Yes: Break/fix and not subject to Advisory
    • No: Proceed
• Will the Availability service be configured across forests that are trusted or untrusted?
  • Trusted: Requires Trusted scenario
  • Untrusted: Requires Untrusted scenario
• Has Directory Synchronization between forests been configured?
  • Yes: Proceed
  • No: Pro advisory is not appropriate for this customer until directory synchronization between forests is complete. This step should be completed beforehand with the assistance of MCS or a Microsoft Partner who has experience with Microsoft Identity Integration Server 2003 (MIIS) or Microsoft Identity Lifecycle Manager 2007(MILM).
• Are there any Exchange 2003 servers deployed in either forest?
  • Yes: Solution will require the Microsoft Exchange Server Inter-Organization Replication (IOREPL) tool.
  • No: Proceed
• Are there any Exchange 2010 servers deployed in either forest?
  • Yes: The current version of IOREPL does not work with Exchange 2010 RTM. If the other forest is running Exchange 2003 you will be unable to replicate free/busy between the two Exchange organizations unless you already have a legacy Exchange server in the Exchange 2010 organization.
    
    Note The current version of IOREPL is compatible with Microsoft Exchange Server 2010 Service Pack 1 (SP1). For more information about IOREPL and Exchange Server 2010 SP1, see IORepl and Exchange 2010 SP1 (http://blogs.technet.com/b/exchange/archive/2011/03/28/iorepl-and-exchange-2010-sp1.aspx) .
    
    Note For more information about the versions of Microsoft Exchange Server that can be used with IOREPL, see Exchange Server Supportability Matrix
    
  • No: Proceed

Master Scoping Questions:
Master Scoping Questions apply to each scenario. This data should be collected regardless of scenario agreed upon by the customer.

• What is the name, server role and version for each Exchange server in Forest A including Service Pack level and rollup level? Server role in Exchange 2003 parlance would be either front-end or back-end. Server role in Exchange 2007/2010 would be Mailbox, Hub Transport and/or Client Access Server.
• What is the version of the operating system including Service Pack level for the Exchange servers in Forest A?
• What version, or versions, of the Outlook client (including Service Pack level) will users be running in Forest A?
• What is the name, server role and version for each Exchange server in Forest B including Service Pack level and rollup level?
• What is the version of the operating system including Service Pack level for the Exchange servers in Forest B?
• What version, or versions, of the Outlook client (including Service Pack level) will users be running in Forest B?
• Are there any network devices between the Outlook clients and the Exchange server, i.e. routers, firewall, etc. within either forest and/or between forests?
• Is the Exchange Autodiscover service already configured and working within each forest?
• Is the Exchange Autodiscover service already configured and working between each forest?
• Is free/busy currently working between Outlook users within each forest?
• What kind of certificate is currently installed on the Internet-facing CAS server in Forest A, i.e. Exchange self-signed, 3rd party certificate, or internal PKI?
• If the current certificate on the Internet-facing CAS server in Forest A is a single-name certificate, what is the common name (Issued To) of the certificate?
• If the current certificate on the Internet-facing CAS server in Forest A is a Subject Alternative Name (SAN) certificate, what are the DNS names appearing on the certificate, i.e. both the common name and the other DNS names.
• What kind of certificate is currently installed on the Internet-facing CAS server in Forest B, i.e. Exchange self-signed, 3rd party certificate, or internal PKI?
• If the current certificate on the Internet-facing CAS server in Forest B is a single-name certificate, what is the common name (Issued To) of the certificate?
• If the current certificate on the Internet-facing CAS server in Forest B is a Subject Alternative Name (SAN) certificate, what are the DNS names appearing on the certificate, i.e. both the common name and the other DNS names.
  

Advisory case based on Scenario 1: Configuring Availability Service Between Two Trusted Forests

Scope

• Run the appropriate cmdlets to define the access method and associated credentials that are used to exchange free/busy data across two trusted forests.
• Run Export-AutodiscoverConfig to export the SCP object to the target forest –or- configure DNS as needed.
• Export the root certificate from each CAS server and install it on the other CAS server (Optional: if using self-signed or Windows PKI certificates).
• Install, configure and run IOREPL to replicate free/busy information between public folders in each Exchange org (Optional: if one forest is running Exchange 2003 servers).

Choosing this offering entitles the customer to assistance with performing the necessary steps so that end-users will be able to view free/busy information across two trusted forests. Those steps include configuration of the AvailabilityAddressSpace using Exchange Management Shell, configuration of Autodiscover between forests using the Exchange Management Shell or DNS, and implementation of the appropriate certificate solution.

Advisory case based on Scenario 2: Configuring Availability Service Between Two Untrusted Forests

Scope

• Run the appropriate cmdlets to define the access method and associated credentials that are used to exchange free/busy data across two untrusted forests.
• Configure DNS for the Autodiscover service in each forest.
• Need to issue new self-signed cert which includes SAN for autodiscover.target.com (Optional: if using self-signed certificate on Internet-facing CAS server)
• Install, configure and run the IOREPL to replicate free/busy information between public folders in each Exchange org (Optional: if one forest is running Exchange 2003 servers).

Choosing this offering entitles the customer to assistance with performing the necessary steps so that end-users will be able to view free/busy information across two untrusted forests. Those steps include configuration of the AvailabilityAddressSpace using Exchange Management Shell, configuration of Autodiscover between forests using DNS, and implementation of the appropriate certificate solution.

Below is a list of self-help resources or this scenario. These resources may also be used by Microsoft Support Engineers during an Advisory Services engagement.

Start here:

• Configure the Availability Service for Cross-Forest Topologies
  http://technet.microsoft.com/en-us/library/bb125182.aspx (http://technet.microsoft.com/en-us/library/bb125182.aspx)
• Configure the Autodiscover Service for Multiple Forests
  http://technet.microsoft.com/en-us/library/aa996849.aspx (http://technet.microsoft.com/en-us/library/aa996849.aspx)
• Exchange 2007 Autodiscover Service White Paper
  http://technet.microsoft.com/en-us/library/bb332063.aspx (http://technet.microsoft.com/en-us/library/bb332063.aspx)
• Deploy Exchange 2010 in a Cross-Forest Topology
  http://technet.microsoft.com/en-us/library/aa998597.aspx (http://technet.microsoft.com/en-us/library/aa998597.aspx)
  

Miscellaneous:

• What does Exchange 2007 Availability Service do?
  http://msexchangeteam.com/archive/2006/10/23/429296.aspx (http://msexchangeteam.com/archive/2006/10/23/429296.aspx)
• Configuring Interorg Free/Busy in a single server Exchange Server 2007 organization
  http://msexchangeteam.com/archive/2008/12/04/450228.aspx (http://msexchangeteam.com/archive/2008/12/04/450228.aspx)

Note This is a "FAST PUBLISH" article created directly from within the Microsoft support organization. The information contained herein is provided as-is in response to emerging issues. As a result of the speed in making it available, the materials may include typographical errors and may be revised at any time without notice. See Terms of Use (http://go.microsoft.com/fwlink/?LinkId=151500) for other considerations.