Inter-Organization Replication Tool
Topic Last Modified: 2011-05-25
Released/Updated July 2009
This topic describes the Inter-Organization Replication tool, which was first released as part of Microsoft Exchange Server 5.5 Service Pack 3 (SP3), with an updated version for Microsoft Exchange 2003. The tool is also compatible with Exchange Server 2007 and with Microsoft Exchange Server 2010 Service Pack 1 (SP1).
The Inter-Organization Replication tool is used to replicate free/busy information and public folder content between Exchange organizations. It enables the coordination of meetings, appointments, contacts, and public folder information between disjointed Exchange organizations.
The tool consists of two programs: the Replication Configuration program (Exscfg.exe) and the Replication service (Exssrv.exe). The Replication Configuration program creates a configuration file for setting the replication frequency, logging options, folders to be replicated, and accounts to be used. The Replication service uses a configuration file that is created by the Replication Configuration program to continuously update information from one server (designated as the Publisher) to one or more Exchange servers (designated as Subscribers).
Schedule+ free/busy information is replicated from Publisher to Subscriber only. Because of this, you must have two free/busy sessions to bidirectionally update free/busy information. Public folders can be replicated bidirectionally between Publisher and Subscriber. You can configure the replication frequency, the logging of message and folder replication, and how much processing power you want devoted to the replication process.
This topic includes the following information:
Multiple Exchange Organization Scenarios
Security
Deployment Phases
Planning
Preparation
Installation and Configuration
Testing
Planning Phase
Preparation Phase
Preparing the Publisher Server
Preparing the Subscriber Server
Adding Availability Address Space in an Exchange 2007 or Exchange 2010 Organization
Configuring Exchange 2007 or Exchange 2010 in a Single-Server Exchange Organization
Installation and Configuration Phase
System Requirements
Network Requirements
Installing the Inter-Organization Replication Tool
Running the Inter-Organization Replication Tool
How to Share Free/Busy Data Among More Than Two Exchange Organizations
Testing Phase
- Common Issues
Multiple Exchange Organization Scenarios
Multiple Exchange organizations can exist in an enterprise. Reasons to have multiple Exchange organizations include the following:
A merger with or acquisition of a company that has a separate Exchange organization occurs.
Servers are added to a different Exchange organization that may be merged with the parent organization.
Legacy versions of Exchange must share public folder and free/busy information with Exchange servers in different organizations.
Exchange servers are administered separately in different organizations because of geographical constraints.
A company has a business partner, and the two organizations agree to share information without actually moving their Exchange servers together in an Exchange organizational structure.
When an Exchange topology that includes two or more organizations exists, the Inter-Organization Replication tool can be used to replicate free/busy and public folder information.
Return to top
Security
The Inter-Organization Replication tool helps to bring about the sharing of intra-organizational public folder content while preventing direct remote access to your public folder system for users from a foreign Exchange organization. Sharing information between companies requires tight integration with network security and detailed management of replicated content. Each participating company should perform a detailed evaluation of their public folder environment to determine which public folders are appropriate for sharing with an external organization.
The Inter-Organization Replication tool uses the security credentials of mailbox-enabled user accounts to authenticate to the public folder store from each participating organization. The logon credentials for these shared user accounts must be kept secure. Otherwise, there is potential for a security breach. The Inter-Organization Replication tool helps make sure that the privacy of shared information is maintained during replication. However, the burden of correctly securing the replicated data is the sole responsibility of the Exchange administrators in the Subscriber organization.
Deployment Phases
Deploying the Inter-Organization Replication tool in an Exchange environment typically involves the following phases.
Return to top
Planning
Determine which organization will host the Inter-Organization Replication service.
Determine which Exchange administrator will be responsible for creating configuration files.
Determine which type of data (public folder or free/busy content) has to be replicated.
To replicate free/busy information, determine how mail-enabled contacts will be created in each organization.
Determine replication direction (one-way or two-way) for the content.
Determine how to handle replication of permissions and deletion of content.
Preparation
Create mail-enabled contacts for each user in the partner organization.
Prepare the Publisher server.
Prepare the Subscriber server.
Add Availability Address Space for pure Exchange 2007 organizations with Office Outlook 2007 clients.
Configure Exchange 2007 in a single-server Exchange Organization.
Installation and Configuration
Meet system and network requirements for installing and running the Inter-Organization Replication tool.
Install the Inter-Organization Replication tool by using the correct service account.
Use the Configuration tool to create replication sessions for replicating content.
Return to top
Testing
Use Microsoft Outlook to send and accept meeting requests with users from the partner organization.
Wait for the replication interval to occur, and look for any replication errors.
Examine updated free/busy information for users in the partner organization.
For public folders, create new content, and then check the Subscriber organization after replication occurs.
Planning Phase
Proper planning is critical for successful replication of public folder content or free/busy information between Exchange organizations. Before you install the Inter-Organization Replication tool, the Exchange administrators from each company should work together to develop a deployment plan that addresses the following questions:
Do you have to replicate free/busy information between the organizations?
Is replication of free/busy information needed for only one organization or both?
Is replication only for users in specific administrative groups (sites) or for all users?
How will you create mail-enabled contacts for every user of free/busy information in the other organization?
Do you have to replicate public folder content between the organizations?
Which public folders have to be replicated from each organization?
Will changes that are made to the replicated public folder content in the Subscriber organization be replicated back to the Publisher organization?
Do you replicate the deletion of folders or content to the Subscriber organization?
How will the replicated public folder data in the Subscriber organization be secured?
Which organization will be responsible for hosting the Inter-Organization Replication tool?
Who will be responsible for creating and maintaining the configuration files for replication sessions?
Will network traffic from the Inter-Organization Replication tool be inhibited by firewall devices?
These are some of the concerns that you should address in the planning phase before deploying the Inter-Organization Replication tool.
Return to top
Preparation Phase
To replicate free/busy information between Exchange organizations, the Inter-Organization Replication tool requires a mail-enabled contact in the partner organization to represent the mailbox-enabled user account in the source organization. The primary SMTP address of the mailbox is the unique key that is used to match mailboxes to mail-enabled contacts.
This is typically accomplished by using tools or applications that provide global address list (GAL) synchronization between the organizations. Microsoft provides this functionality in the following applications:
Microsoft Identity Lifecycle Manager 2007. For more information, see Microsoft Identity Lifecycle Manager 2007 FP1 Product Overview.
Microsoft Forefront Identity Manager. For more information, see Forefront Identity Manager 2010.
You may also decide to manually create these mail-enabled contacts. However, the drawback to this approach is that this is a static change. Therefore, any update to the mailbox-enabled user account in one forest will not update the contact in the other forest.
Preparing the Publisher Server
The first step to prepare an Exchange server to be a Publisher. The Publisher server collects information from an Exchange organization and packages it. Then, the Publisher sends the information to the Subscriber Exchange servers outside the Exchange organization based on a schedule that you create. The Publisher can be considered the source server from which the information is being replicated.
To prepare the Publisher server, you must create a service account and mailbox account for the Inter-Organization Replication tool to use during the replication process. The mailbox should reside on the Publisher server. You must also assign the appropriate permissions to the service account and the mailbox and create a public folder for the tool to use during replication.
Important
The service account and mailbox account that you create must be listed as owners of each public folder and subfolder that you want to replicate, on either the Publisher or the Subscriber. This lets the Inter-Organization Replication tool replicate anonymous and default permissions from one organization to the other. You can use Microsoft Office Outlook or Exchange System Manager to change the ownership and permissions of public folders. For free/busy replication, you will have editor permissions on the free/busy folder. This is sufficient to prepare the Publisher for this scenario.
Return to top
To prepare the Publisher server for inter-organization replication in Exchange 2003 organizations
Create a Windows NT account and an associated Exchange mailbox for the tool to use as a MAPI service account. Create the mailbox on a mailbox store on the Publisher server. Make sure that the Display Name is unique in the Active Directory forest.
For every public folder and every schedule+free/busy system folder that is to be replicated between organizations, use Exchange System Manager to make sure that a replica exists on the Publisher server.
You can use Outlook or Exchange System Manager to add the service account mailbox that you created as an owner for every top-level public folder and subfolder you want to replicate. You do not have to change the default permissions on the Schedule+ Free/Busy folders.
You can use Exchange System Manager to create a public folder named ExchsyncSecurityFolder in the root public folder and to grant Folder Visible permissions to the service account mailbox that you created. Do not specify any default or anonymous permissions on this folder. It is used by the Replication service for additional security and must be present on both the Publisher and Subscriber servers.
You can use Outlook to log on to the MAPI service account to initialize the mailbox on the server. This step verifies that your permissions and access are correct.
For Exchange Server 2007 or Exchange 2010, management is performed by using either the Exchange Management Console or the Exchange Management Shell. You can use either management tool to perform the following steps. Outlook and Public Folder DAV-Based Administration (PFDAVAdmin) may also be used to create and add permissions to public folders.
Return to top
To prepare the Publisher server for inter-organization replication in Exchange 2007 or Exchange 2010 organizations
Create a Windows NT account and an associated Exchange mailbox for the tool to use as a MAPI service account. Create the mailbox on a mailbox store on the Publisher server. Make sure that the Display Name is unique in the Active Directory forest. For more information, see New-Mailbox.
Create a new public folder database on the Publisher server if a public folder store does not already exist:
New-PublicFolderDatabase -name "<Public Folder Database Name>" -storagegroup "<Storage Group Name>"For more information, see New-PublicFolderDatabase.
For every public folder and every Schedule+Free/Busy system folder that is to be replicated between organizations, make sure that a replica exists on the Publisher server. For more information, see Set-PublicFolder.
Add the service account mailbox that you created as an owner for every top-level public folder and subfolder that you want to replicate. You do not have to change the default permissions on the Schedule+ Free/Busy folders.
Add-PublicFolderClientPermission -User <ServiceAccount> -AccessRights:Owner -Identity "<Top-Level Public Folder>"For more information, see Add-PublicFolderClientPermission.
Create a public folder named ExchsyncSecurityFolder in the root public folder, and then grant Folder Visible permissions to the service account mailbox that you created. Do not specify any default or anonymous permissions on this folder. It is used by the Replication service for additional security and must be present on both the Publisher and Subscriber servers. To create a new top-level public folder named ExchsyncSecurityFolder, use the following Management Shell cmdlet:
New-PublicFolder -Name "ExchsyncSecurityFolder"For more information, see New-PublicFolder.
To set the appropriate permissions on the ExchsyncSecurityFolder, use the following Management Shell cmdlets:
Add-PublicFolderClientPermission -User <ServiceAccount> -AccessRights:FolderVisible -Identity "\ExchsyncSecurityFolder" Remove-PublicFolderClientPermission -User Default -AccessRights:Author -Identity "\ExchsyncSecurityFolder" Remove-PublicFolderClientPermission -User Anonymous -AccessRights:CreateItems -Identity "\ExchsyncSecurityFolder"For more information, see Add-PublicFolderClientPermission and Remove-PublicFolderClientPermission.
You can use Outlook to log on to the MAPI service account to initialize the mailbox on the server and to verify that your permissions and access are correct.
Return to top
Preparing the Subscriber Server
A Subscriber is an Exchange server to which you want to replicate information by using the Inter-Organization Replication tool. To configure a Subscriber, you must create a Windows NT account and an associated Exchange mailbox that the tool can use as a service account. Additionally, you must create the top-level public folders that the tool needs for the replication process. A replica of every free/busy folder in the subscriber organization should exist on the Subscriber server if you are replicating free/busy data.
To prepare the Subscriber server for inter-organization replication for Exchange 2003 organizations
Create a Microsoft Windows NT account and an associated Exchange mailbox for the tool to use as a service account. Make sure that the Display Name is unique in the Active Directory forest.
You can use Outlook or Exchange System Manager to create a top-level folder for every part of the folder hierarchy you are replicating. You do not have to create subfolders on the Subscriber server. The tool will create subfolders automatically.
Using Outlook or Exchange System Manager, grant Publishing Editor permission for each top-level folder to the service account mailbox that you created.
If you are replicating free/busy data, use Outlook or Exchange System Manager to add a replica of every free/busy folder in the Subscriber organization to the Subscriber server.
Using Outlook or Exchange System Manager, create a public folder named ExchsyncSecurityFolder off the root public folder and grant Folder Visible permissions to the service account mailbox that you created. Do not specify any default or anonymous permissions on this folder. It is used by the Replication service for additional security and must be present on both the Publisher and Subscriber servers.
Using Outlook, log on to the MAPI service account to initialize the mailbox on the server and to verify that your permissions and access are correct.
Note
A server can be both a Publisher and a Subscriber if you are replicating both ways.
Return to top
For Exchange 2010 or Exchange 2007, management is performed by using either the Exchange Management Console or the Exchange Management Shell. Use either management tool to perform the following steps. Outlook and Public Folder DAV-Based Administration (PFDavAdmin) may also be used to create public folders and configure permissions on public folders.
To prepare the Subscriber server for inter-organization replication in Exchange 2007 or Exchange 2010 organizations
Create a Windows account and an associated Exchange mailbox for the Inter-Organization Replication tool to use as a service account. Make sure that the Display Name is unique in the Active Directory forest. For more information, see New-Mailbox.
Create a new public folder database on the Subscriber server if a public folder store does not already exist.
New-PublicFolderDatabase -name "<Public Folder Database Name>" -storagegroup "<Storage Group Name>"For more information, see New-PublicFolderDatabase.
You can use Outlook to log on to the MAPI service account and initialize the mailbox on the server to verify that your permissions and access are correct.
Create a top-level folder for every part of the folder hierarchy that you are replicating. You do not have to create subfolders on the Subscriber server. The tool will create subfolders automatically.
New-PublicFolder -Name <Top-Level Folder>For more information, see New-PublicFolder.
If you are replicating free/busy data, add a replica of each free/busy folder in the Subscriber organization to the Subscriber server.
For more information, see Set-PublicFolder.
Grant Publishing Editor permission for each top-level folder to the service account mailbox that you created.
Add-PublicFolderClientPermission -User <ServiceAccount> -AccessRights:PublishingEditor -Identity "\<Top-Level Folder>"For more information, see Add-PublicFolderClientPermission.
Create a public folder named ExchsyncSecurityFolder in the root public folder and grant Folder Visible permissions to the service account mailbox that you created. Do not specify any default or anonymous permissions on this folder. It is used by the Replication service for additional security and must be present on both the Publisher and Subscriber servers. To create a new top-level public folder named ExchsyncSecurityFolder, use the following Management Shell cmdlet:
New-PublicFolder -Name "ExchsyncSecurityFolder"For more information, see New-PublicFolder.
To set the appropriate permissions on the ExchsyncSecurityFolder, use the following Management Shell cmdlets:
Add-PublicFolderClientPermission -User <ServiceAccount> -AccessRights:FolderVisible -Identity "\ExchsyncSecurityFolder" Remove-PublicFolderClientPermission -User Default -AccessRights:Author -Identity "\ExchsyncSecurityFolder" Remove-PublicFolderClientPermission -User Anonymous -AccessRights:CreateItems -Identity "\ExchsyncSecurityFolder"For more information, see Add-PublicFolderClientPermission and Remove-PublicFolderClientPermission.
Using Outlook, log on to the MAPI service account to initialize the mailbox on the server and to verify that your permissions and access are correct.
Note
A server can be both a Publisher and a Subscriber if you are replicating both ways.
Return to top
Adding Availability Address Space in an Exchange 2007 or in an Exchange 2010 Organization
For Office Outlook 2007 users to view the free/busy information of mailbox users on a legacy Exchange server (pre-Exchange 2010 or pre-Exchange 2007 to view free/busy information of users who are using a legacy Outlook (pre-Office Outlook 2007) client in another forest, you must configure the Availability service by using the Add-AvailabilityAddressSpace cmdlet. You will have to run this cmdlet only one time on any server in the Exchange 2010 or Exchange 2007 forest.
Run the following command to set public folder free/busy availability:
Add-AvailabilityAddressSpace -ForestName <Legacy Exchange SMTP domain name> -AccessMethod PublicFolder
For example, run:
Add-AvailabilityAddressSpace -ForestName Contoso.com -AccessMethod PublicFolder
Configuring Exchange 2007 or Exchange 2010 in a Single-Server Exchange Organization
Additional configuration is required if the Subscriber server is the only Exchange 2007 or Exchange 2010 server in the organization and if the server has all the Exchange server roles installed.
DAV requests made by the Availability service to the Schedule+ Free/Busy public folder in the organization are sent to the /public virtual directory by using HTTP, not HTTPS.
By default, when the Client Access server role is installed, the virtual directories are configured to require Secure Sockets Layer (SSL). In a single-server environment, this will prevent the Availability service from retrieving the free/busy information from public folders. Therefore, Outlook 2007 users in this organization will see hash marks instead of free/busy data when they try to query free/busy data in the other organization.
There are three workarounds for this scenario:
Install another Exchange 2007 server, and then move the Client Access server role to it.
Disable "Require SSL" for the /public virtual directory in Internet Information Services (IIS) Manager.
Set a registry parameter on the Outlook 2007 client computers to force them to bypass the Availability service and instead query public folders directly for all free/busy information.
For more information, see the Exchange Team Blog article Configuring Interorg Free/Busy in a single server Exchange organization.
Return to top
Installation and Configuration Phase
There are several installation requirements that you must meet before deploying the Inter-Organization Replication tool. A common misconception is that each Exchange organization that acts as a Publisher should host its own running instance of the Inter-Organization Replication tool. Although this may be an acceptable configuration, only one running instance of the tool is required.
System Requirements
Computers that will host the Inter-Organization Replication Configuration tool and the Replication service should be joined to a Windows domain and must meet the following operating system requirements:
Microsoft Windows 2000 Server Service Pack 3 or a 32-bit version of Windows Server 2003 with any service pack.
Windows Server 2008 is not supported.
Additionally, Exchange Server or the Exchange Management Tools must be installed.
For example, you can install the Inter-Organization Replication Configuration tool on the following configurations:
On a server that is running Exchange Server 2003 with Service Pack 2
On a non-Exchange server that has the Exchange 2003 System Management Tools
Also, note the following:
Installation of this Inter-Organization Replication tool on a computer that is hosting an Exchange 2007 server role is not supported.
Installation of the Inter-Organization Replication tool on a computer that has the MAPI/CDO library is not supported.
You should not install the Inter-Organization Replication tool on any computer that has ever had any version of Outlook installed.
A trust relationship is not required between the participating Exchange organizations.
If you are replicating information to a server that is running Exchange 2010 Service Pack 1 (SP1), the Exchange 2010 SP1 server must have at least the Mailbox role and the CAS role installed.
One of the replication endpoints must be an Exchange 2003-based public folder server.
Note
Although replication may work among pure Exchange 2010 or Exchange 2007 organizations, this configuration has not been tested. Therefore, it is an unsupported configuration.
Return to top
Network Requirements
The following network requirements exist to use the Inter-Organization Replication tool:
A MAPI-capable Local Area Network (LAN) connection must exist between Exchange organizations.
Name resolution should be configured so that the Exchange servers that are used by the Inter-Organization Replication tool can be resolved remotely by NetBIOS name and by Fully Qualified Domain Name.
Firewall rule exceptions are required if a firewall exists between the Exchange organizations.
Working with the Inter-Organization Replication tool frequently requires that two foreign networks communicate. This can include name resolution and firewall configuration changes to allow for the tool to work.
Name Resolution
The Inter-Organization Replication tool uses name resolution to find each Exchange server. Therefore, NetBIOS name resolution is required across the networks. This can be accomplished by using Windows Internet Name Service (WINS), an LMHOSTS file, or Domain Name System (DNS).
Firewalls
All communication between the Publisher and Subscriber Exchange servers uses remote procedure calls (RPC). This is done through TCP/IP port 135. An Exchange server monitors port 135 for connections to the RPC endpoint mapper service.
When Exchange Server 2003 starts, it assigns random ports to use to communicate the responses and information back from the Exchange store and the System Attendant. Because the ports are random, it is difficult to establish communication. These ports cannot be "opened" on the firewall or proxy server. Changes to each Exchange server have to be made to statically assign the random ports.
By assigning static ports for communication, you can configure routers and firewalls to enable TCP/IP connections between Exchange servers and clients over the static ports. The configuration is described in the following Microsoft Knowledge Base articles:
Return to top
How to assign static ports on the Subscriber server
Start Registry Editor.
Locate and then click the following registry key:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSExchangeSA\Parameters
Add the following entry for the Microsoft Exchange SA RFR Interface:
Name: TCP/IP Port
Value: REG_DWORD
Data Value: <Port number>
Note
Port assignments should be in the 1024 through 5000 (decimal) range.
Add the following entry for the Microsoft Exchange Directory NSPI Proxy Interface:
Name: TCP/IP NSPI Port
Value: REG_DWORD
Data Value: <Port number>
Locate and then click the following registry key:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSExchangeIS\ParametersSystem
Add the following entry for the Microsoft Exchange Information Store Interface:
Name: TCP/IP Port
Type: REG_DWORD
Data Value: <Port number>
Exit Registry Editor.
Note
You must restart the Exchange server for these changes to take effect. If you plan on enabling bidirectional replication, the previous steps should also be performed on the Publisher server.
Return to top
If the Exchange server is also a global catalog server
Start Registry Editor.
Locate and then click the following registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters
On the Edit menu, click Add Value, and then add the following registry value:
Value name: TCP/IP Port
Data type: REG_DWORD
Radix: Decimal
Value data: <Port number> (in decimal)
Note
Port assignments should be in the 1024 through 5000 (decimal) range.
Restart the global catalog server so that the static mapping will be read when the Name Service Provider Interface (NSPI) is initialized.
After you have completed these steps, configure the packet filter (or firewall) to enable TCP/IP connections to be made to these ports, as well as to port 135.Exit Registry Editor.
Installing the Inter-Organization Replication Tool
To download the Inter-Organization Replication tool, see Exchange 2003 Downloads. The tool consists of two files:
Exscfg.exe, the Microsoft Exchange Replication Configuration program
Exssrv.exe, the Microsoft Exchange Replication service
To use the files:
Create a working directory for the tool to use, such as C:\IORepl.
Copy or install the Exssrv.exe and Exscfg.exe files to this working directory.
Return to top
Running the Inter-Organization Replication Tool
To set up replication, you must create a configuration file. The configuration file will contain replication sessions. Each session will be either a free/busy session or a public folder session.
Note
We recommend that you make connections between servers where the public folders being replicated contain a local replica on the same server where the IOrepl connection is made. In this case, the public folder store is on the same Exchange server that is specified by the IOrepl connection. The mailbox used for the MAPI connections is also on the same Exchange server.
How to create a configuration file for free/busy replication
Double-click Exscfg.exe.
On the Session menu, click Add.
In the Add Session dialog box, select Schedule+ Free/Busy Replication.
Note
Selecting File and then NEW creates a new configuration, not a new session.
The Free/Busy Session Configuration screen has the following four sections that must be configured for the ExchSync session to work correctly:
Session
Publisher Organization
Subscriber Organization
Publisher Site Filter
How to set up the session
Type a display name (Title) for the session.
Include the organization names and replication direction. For example, use Organization A to Organization B.
Click Schedule, and create a replication schedule that fits your requirements. The minimum time for replication is every five minutes.
Click Logging to enable logging for this session. Log files (located in the working directory that you created when you install the files) report when the service starts or stops, any errors the service encounters, and statistical information, such as number of messages and folders replicated, for each session.
Return to top
How to set up the Publisher organization
In Server/Mailbox, type the Publisher server name and the service account mailbox that you created for this server.
Click Advanced, and then type the user name, password, and domain for the Publisher service account.
Note
Do not specify the user name in the form of <Domain><Username>. Specify the user name in the user name field and the domain name in the domain field.
How to set up the Subscriber organization
In Server/Mailbox, type the Subscriber server name and the service account mailbox that you created for this server.
Click Advanced, and type the user name, password, and domain for the Subscriber service account.
Note
Do not specify the user name in the form of <Domain><Username>. Specify the user name in the user name field and the domain name in the domain field.
How to set up the Publisher Site Filter
Click Site List to select the sites (Administrative Groups) for which you want to replicate free/busy information. By default, the All Sites check box is selected. Clear this box to enable the Logon button. Click the Logon button to enumerate the available sites in the Publisher organization. Clicking the Logon button verifies the following:
Publisher ExchSync service account credentials are correctly entered.
ExchSync service account can access Publisher free/busy folders.
Local DNS resolution is working correctly.
MAPI (RPC) connectivity to the Exchange server is not firewalled.
After you enumerate the available sites, either re-select the All Sites check box to replicate each of the free/busy folders available on the server or manually highlight each site’s free/busy folder that you want to replicate, and then click the arrow to move it under the Selected Sites. Click OK to finish.
Use the Publish custom recipient free/busy data option if you are replicating free/busy data among more than two Exchange organizations. For more information, see the “How to Share Free/Busy Data Among More Than Two Exchange Organizations” section.
Click OK to add the session to the configuration file, and then click Save.
Return to top
How to create a configuration file for public folder replication
Double-click Exscfg.exe.
On the Session menu, click Add.
In the Add Session dialog box, select Public Folder(s) Replication.
The Public Folder Session Configuration screen has the following four sections that must be configured for the ExchSync session to work correctly:
Session
Publisher Organization
Subscriber Organization
Folder List
How to set up the session
Type a display name (Title) for the session. Include the organization names and replication direction. For example, use Organization A to Organization B.
Click Schedule and create a replication schedule that fits your requirements. The minimum time for replication is every five minutes.
Click Logging to enable logging for this session. Log files (located in the working directory that you created when you install the files) report when the service starts or stops, any errors that the service encounters, and statistical information, such as the number of messages and folders replicated, for each session.
In the Maximum Tasks box, select the number of threads to be used for replication by using the arrows. To increase replication performance, use 2 or 4. Using higher values can adversely affect server performance.
Return to top
How to set up the Publisher organization
In Server/Mailbox, type the Publisher server name and the service account mailbox that you created for this server.
Click Advanced, and type the user name, password, and domain for the Publisher service account.
Note
Do not specify the user name in the form of <Domain><Username>. Specify the user name in the user name field and the domain name in the domain field.
How to set up the Subscriber organization
In Server/Mailbox, type the Subscriber server name and the service account mailbox that you created for this server
Click Advanced and type the user name, password, and domain for the Subscriber service account.
Note
Do not specify the user name in the form of <Domain><Username>. Specify the user name in the user name field and the domain name in the domain field.
How to set up the folder list
Click Folder List to select which folders to replicate. Click Logon for both the Publisher and Subscriber servers to enumerate the public folder tree for both organizations. Clicking Logon verifies the following:
Publisher ExchSync service account credentials are correctly entered.
The ExchSync service account can access Publisher free/busy folders.
Local DNS resolution is working correctly.
MAPI (RPC) connectivity to the Exchange server is not firewalled.
In the Session Folder List dialog box, select the public folder or folder hierarchy on the Publisher that you want to replicate, and then select the destination folder on the Subscriber.
Configure the remaining replication options for the public folder or folder hierarchy that you selected to replicate by toggling on or off the following options.
Arrow – By default, you are replicating public folders in one direction, from Publisher to Subscriber. Toggle this option between one-way and bidirectional replication.
Subfolders – This option enables subfolders of the selected folder to replicate (if selected, subfolders will automatically be created on the subscriber).
Deletions – This option allows for the deletion of a public folder to replicate from the Publisher organization to the Subscriber organization (and vice versa if you have enabled bidirectional replication).
Default – This option allows for the replication of the Default permission on the public folder from the Publisher organization to the public folder on the Subscriber organization.
Anonymous – This option allows for the replication of the Anonymous permission on the public folder from the Publisher organization to the public folder on the Subscriber organization.
Note
The remaining permissions on the public folders will not be replicated. The administrator in the Subscriber organization must add the permissions manually. To import or export existing permissions for many public folders, you can use the Public Folder DAV-based Administrator tool. For more information, see Microsoft Exchange Server Public Folder DAV-Based Administration Tool.
Return to top
How to set up the Replication service
Double-click Exssrv.exe. The first time that you run Exssrv.exe, click Install.
In the Installation dialog box, type the Windows NT account name and password for the account that will run the service. The account should have the rights to Let Log on Locally and Logon as a Service.
Note
The account should be entered as <domain><username>.
Type the path and file name of the configuration file that you created.
Specify whether you want the service to start automatically when you start the computer. After you have installed the Service, click Start, or start it from the Services snap-in.
How to Share Free/Busy Data Among More Than Two Exchange Organizations
To share free/busy data with multiple Exchange organizations, a hub and spoke topology should be enabled to facilitate replication. GAL synchronization should be occurring between the organizations, and a mailbox-enabled user account in one Exchange organization should be represented by a mail-enabled contact in the other organizations.
Sessions created by using the hub server as the Publisher server must have the Publish custom recipient free/busy data check box enabled. Here is an example of which sessions that you would have to configure if you have three organizations and if Organization 2 is the hub server:
One session going from Organization 2 to Organization 1 that has the Publish custom recipient free/busy data check box enabled.
One session going from Organization 1 to Organization 2.
One session going from Organization 2 to Organization 3 that has the Publish custom recipient free/busy data check box enabled.
One session going from Organization 3 to Organization 2.
Return to top
Testing Phase
After you have configured the Inter-Organization Replication tool to replicate free/busy and/or public folder data, you will want to verify that data is indeed passing between the Exchange organizations.
How to test free/busy data
Select one mailbox-enabled user account (UserA) in Organization A to test with. To simplify testing, ensure that UserA’s mailbox store is pointing at the public folder store that is listed as the Publisher server in the configuration file.
Make sure UserA has a corresponding mail-enabled contact in the other organization and that the contact has an e-mail address that matches the primary SMTP address of UserA.
Log on as UserA in Organization A, create a calendar appointment or a meeting request for another user in Organization A, and then save the request.
Confirm that other users in Organization A can query UserA’s free/busy data, and see if they are busy during the time of the meeting.
Repeat these steps with UserB in Organization B.
Run Exscfg.exe to create free/busy replication sessions.
Start the Exchange Replication service, either by running Exssrv.exe and selecting Start or by starting the service in the Services snap-in.
Wait for the replication cycle to complete, and then review the output logs.
Log on as UserA, create a new meeting request, and then invite UserB. Confirm that UserB’s free/busy data is visible.
If you are replicating free/busy data in both directions, log on as UserB, create a new meeting request, and then invite UserA. Confirm that UserA’s free/busy data is visible.
Return to top
How to test public folder data
Run Exscfg.exe to create public folder replication sessions.
Start the Exchange Replication service, either by running Exssrv.exe and selecting Start or by starting the service in the Services snap-in.
Log on as UserA in the Publisher organization by using Outlook or Outlook Web Access.
Move to a public folder that is replicating, and then add content.
Wait for the replication cycle to finish, and then review the output logs.
Log on as UserB in the Subscriber organization by using Outlook or Outlook Web Access, and then confirm that the content is present.
Common Issues
Scenario A
When you configure a free/busy session configuration under Publisher Site Filter, you click Site List. You click to clear the All Sites option, and then you click Logon. This fails with the following error message:
“Unable to logon to Exchange Server using mailbox information.”
To troubleshoot this error, consider the following:
Have you correctly entered the user name, password and domain for the service account in the Advanced information for the Publisher organization? Do not specify the user name in the format of <domain>\<username> or user@domain.com.
Can you ping the Exchange server by using the NetBIOS name?
Is the public folder store mounted and available to all users?
Is the service account mailbox that is located on the Publisher server defined in the free/busy session configuration?
Do you have another mailbox-enabled user account that has the same Display Name as the service account?
Do you have a firewall between the organizations if you are trying to connect to a server in the remote forest? If this is the case, have you correctly assigned static ports on the Exchange servers and do you have the proper port exclusions set on the firewall? Collect a network trace, and see whether or not the firewall is dropping DCE-RPC packets.
Some firewalls may reject network traffic that originates from Windows Server 2003 Service Pack 1-based or Windows Vista-based computers. For more information, see Microsoft Knowledge Base article 899148, Some firewalls may reject network traffic that originates from Windows Server 2003 Service Pack 1-based or Windows Vista-based computers.
Return to top
Scenario B
When you try to install the Replication service, you receive the following error message, and the service creation does not work:
“Unable to create service.”
To troubleshoot this error message, consider the following:
- When you click the Install button to display the Installation window, did you correctly enter the service account information in the form of <domain>\<username>?
Scenario C
When you try to start the Replication service, you receive the following error message:
"Unable to login as a service. Make sure that your account has permission to log on as a service"
To troubleshoot this error message, consider the following:
- Has the account that you specified to start the Replication service been granted Allow logon on locally and Log on as a service rights on the server?
Scenario D
When you try to start the Replication service, you receive the following error message:
"Unable to access the Service Control Manager."
To troubleshoot this error message, consider the following:
Are you trying to run the service on a domain controller? If this is the case, can you install the Inter-Organization Replication tool on a member server and then start the Replication service?
Can you start the service by specifying credentials for a Domain Admin account? You do not have to start the Replication service with a service account if you already explicitly specified credentials in each of the replication sessions.
Return to top
Scenario E
When the Replication service runs, it generates a 115 error event in the Application log and fails.
To troubleshoot this error, consider the following:
- A 115 error event indicates that the ExchsyncSecurityFolder cannot be located. Verify that the folder is present and that the folder name is spelled correctly. Make sure that there are no trailing or leading spaces in the name. Make sure you have set the correct permissions on this folder (Service account has Folder Visible rights).
Scenario F
When the Replication service runs, it generates a 116 error event in the Application log and fails.
To troubleshoot this error, consider the following:
A 116 error event indicates a security problem. The account referenced in the error does not have access to the ExchsyncSecurityFolder, a free/busy folder, or a top-level public folder. Verify that:
The Service account has Folder Visible rights for the ExchsyncSecurityFolder.
The Service account has Owner rights for each of the top level public folders.
Default permissions on the free/busy folder are present – Default (Editor), Anonymous (None).
Return to top
Scenario G
When the Replication service runs, it generates a 118 error event and fails.
To troubleshoot this error, consider the following:
- A 118 error event is a communications error. The Inter-Organization Replication tool cannot contact the server in question. Check for correct name resolution and network connectivity (trace route and ping). Make sure that you have the correct version of MAPISVC.INF and that it is not damaged. Make sure that Outlook has never been installed. If Outlook has been installed, install the Inter-Organization Replication tool on another computer.
Scenario H
When the Replication service runs, it generates a 120 error event and fails.
To troubleshoot this error, consider the following:
- A 120 error event is a communications error. The Inter-Organization Replication tool can contact the remote server, but a connection was not made. Again, check network connectivity (trace route and ping) to make sure that there was no packet loss. Verify that you have the correct user name and password for the service account mailbox and that the account has not expired.
Scenario I
Free/busy information for a new mail-enabled contact in the Subscriber organization is not updated.
To troubleshoot this problem, consider the following:
The Inter-Organization Replication tool tracks changes and also which users it has replicated information for in the past. Therefore, the tool does not have to replicate everything every time. If a mailbox in the Publisher organization does not match a mail-enabled contact in the Subscriber organization, it is marked not to replicate this mailbox again. If a mail-enabled contact is subsequently created for this user in the Subscriber organization, it still will not replicate information as it was already marked. This information is kept in a "dat" file in the working directory.
To correct this problem, stop the Replication service, delete the "dat" files, and restart the Replication service. The Interorganization Replication tool will perform a complete synchronization the next time and then detect the new mail-enabled contact.
Return to top
Scenario J
The Inter-Organization Replication tool will not replicate information and reports the following error in the log file:
"ERROR: Unable to import message change [SK=<guid>] to folder ‘<Free/Busy System Folder>’ on server [<servername>], Message previously existed but has been deleted."
To troubleshoot this error, consider the following:
Do any of the Exchange organizations contain both Exchange 2003 and Exchange 2007 servers? If this is the case, what server is the Inter-organization Replication tool pointing to? If it is pointing to an Exchange 2003 public folder database in this organization, make sure that any Exchange 2007 servers that have public folder databases are running Exchange 2007 Service Pack 1 with Rollup Update 6 or a later version.
Some free/busy messages are not replicated from Exchange 2007 to Exchange 2003 servers after some mailboxes are migrated from Exchange 2003 to Exchange 2007 . For more information, see Microsoft Knowledge Base article 955443, Some free/busy messages are not replicated from Exchange 2007 to Exchange 2003 servers after some mailboxes are migrated from Exchange Server 2003 to Exchange Server 2007.
Did you delete the free/busy messages in the Subscriber organization for the Publisher organization users from the free/busy folder? Because you are using public folder APIs for this replication, the tool does not allow these messages to be replicated back in because they have the same message ID. For replication to continue, new free/busy messages must be created in the Publisher organization. Contact Customer Support for more help.
Scenario K
The Replication service is using service account credentials to log on instead of the credentials specified in the configuration file.
To troubleshoot this problem, consider the following:
- When you set credentials in the configuration file, make sure that you select the Advanced tab, and then enter the correct credentials. This will force the Inter-organization Replication tool to use the correct credentials instead of the service account credentials.
Return to top