Wednesday, October 26, 2016

A File I/O error occurred while accessing ". VMWare Converter



I like VMWare converter as it save a lot of time when it come to P2V or V2V.
Recently I faced a strange error
 
I checked that I ran the application as Administrator and have full permission on the machine and on the vCenter.
To make long story short.
It was a DNS Settings on the nic interface Issue
even I used vCenter IP address insted of name, but it seems that the converter is doing a reverse lookup for a reason, maybe some certificate validation.
anyway.
once I updated the DNS settings on the nic, the converter continue normal and was sucess

Monday, October 24, 2016

Enter Maintenance Move For ESXi Standard using PowerCLI

I dont know why ESXi Standard Edition had some dummy limitation.
Like when i wana place a server in maintenance mode, I have to manually move all the VM to another server and then it can go to maintenance mode.
its really something silly, as its a very basic feature. anyway
I made a quick script that can migrate all VMHost to another and place the server in maintenance mode.
the script also will do basic check to see if the destination server can handle the load

param(
[parameter(mandatory=$True)]$FromVMHostName,
[parameter(mandatory=$True)]$ToVMHostName
)

try{
    if ($global:DefaultVIServer.count -eq 0){
        write-host "Please Connect to vCenter using Connect-VIServer first" -ForegroundColor Green
       }

    write-host "Performing Server Basic Readiness"
    [int]$FreeRAMOnDestServer=(Get-VMHost -Name $ToVMHostName -ErrorAction Stop).MemoryTotalGB - (Get-VMHost -Name $ToVMHostName -ErrorAction Stop).MemoryUsageGB
    [int]$UsedRAMOnSourceServer=(Get-VMHost -Name $FromVMHostName -ErrorAction Stop).MemoryUsageGB
    if ($FreeRAMOnDestServer -le $UsedRAMOnSourceServer){
    Write-Host "No enough memory on the destination server for migration to complete" -ForegroundColor Red
    Break
    }


    $VmOnHost=Get-VM -ErrorAction Stop| where{$_.host -like $FromVMHostName}
    $I=0
        foreach ($sVM in $VmOnHost){
   
        Write-Progress -Activity "Migrating VM... Please Wait" -Status "Moving $sVM To $ToVMHostName" -PercentComplete ($I/$VmOnHost.Count*100
        Move-VM -VM $sVM.Name -Destination $ToVMHostName
        $I++
        }


    }

    Catch [exception]{
        Write-Host $_.Exception.message
    }


Finally{

if ((Get-VM | where{$_.host -like $FromVMHostName}).count -eq 0){Set-VMHost $FromVMHostName -State Maintenance}

}


If you have any comment or update for this. let me know in the comment
also give a thumb up if you like :)

Monday, May 2, 2016

VMWare PowerCLI - Connecting to Esxi Server and get ESXi hosts Part 2

In part 1 Getting command and remote connection, I write about how to import PowerCLI modules to be able to execute commands.
Now I will write about how to connect, and where.
Depend on the requirement, you may want to connect to ESXi host or vCenter in order to perform an operation.
Most of the operation can be executed direct after connecting to vCenter, but incase and for a reason vCenter is not available you might connect direct with ESXi Host insted of connecting to vCenter.
Lets assume that we want connect to vCenter and get all the host in all the clusters.
We can use the following commands

#Import Vmware Module
Add-PSSnapin VMware.VimAutomation.Core
#We Will ask the user to write the username and password for vSphere, you can comment this line if your
#vCetner is joined to the domain and you are connected to a domain joined computer
$viCredential = Get-Credential -Message "Please Write your vCenter username and password"
#This command will be used to connect to Esxi Server or vCenter
#You can remote the -Credential $viCredential, if your using domain joined computer and your vCenter is
#Joined to the domain
Connect-VIServer MyvCenterServer -Credential $viCredential
#Get all the Servers in the vCenter in all clustered
Get-VMHost | Format-Table -AutoSize name, NumCpu, ConnectionState
#Close the remote connection
Disconnect-VIServer * 

As you can see the main steps are
1- Make sure that you have the module or import then as I explained in part 1
2- Connect-VIServer is used to connect with ESXi host or with the vCenter, in my case I will connect with vCenter
you can remove the -Credential $viCredential if your Esxi hosts and vCenter are joined to the domain and the computer you are using is domain joined computer.
Get-VMHost can be used to get Esxi hosts piping this command to Format-Table it mean that we want to have custom properties in the returned table.
-Autosize will make the columns close to each other.
name, NumCpu, ConnectionState, are properties we want show in the table.
The output will be something like this

Name              NumCpu ConnectionState
----              ------ ---------------
esxi01.lab.local     32       Connected
esxi02.lab.local     32       Connected
esxi03.lab.local     32       Connected
esxi04.lab.local     32       Connected
esxi05.lab.local     32       Connected
esxi06.lab.local     32       Connected
esxi07.lab.local     32       Connected
esxi08.lab.local     32       Connected
esxi09.lab.local     32       Connected
esxi10.lab.local     32       Connected
esxi11.lab.local     32       Connected
esxi12.lab.local     32       Connected
esxi13.lab.local     32       Connected
esxi14.lab.local     32       Connected
esxi15.lab.local     32       Connected
esxi16.lab.local     32       Connected

Disconnect-viserver * will disconnect all the open session to all VI Servers (ESXi host or vCenter).

If you want to show different properties in the table, you can Pipe Get-VMHost to get-member
so the command will be like Get-VMHost | get-member
Just Run the command above after you connect to vCetner, the result will be like the following

Name                  MemberType
----                  ----------
ConvertToVersion          Method
Equals                    Method
GetHashCode               Method
GetType                   Method
IsConvertableTo           Method
LockUpdates               Method
ToString                  Method
UnlockUpdates             Method
ApiVersion              Property
Build                   Property
Client                  Property
ConnectionState         Property
CpuTotalMhz             Property
CpuUsageMhz             Property
CustomFields            Property
DatastoreIdList         Property
DiagnosticPartition     Property
ExtensionData           Property
FirewallDefaultPolicy   Property
HyperthreadingActive    Property
Id                      Property
IsStandalone            Property
LicenseKey              Property
Manufacturer            Property
MaxEVCMode              Property
MemoryTotalGB           Property
MemoryTotalMB           Property
MemoryUsageGB           Property
MemoryUsageMB           Property
Model                   Property
Name                    Property
NetworkInfo             Property
NumCpu                  Property
Parent                  Property
ParentId                Property
PowerState              Property
ProcessorType           Property
State                   Property
StorageInfo             Property
TimeZone                Property
Uid                     Property
Version                 Property
VMSwapfileDatastore     Property
VMSwapfileDatastoreId   Property
VMSwapfilePolicy      Property

You can add any Property value to the pipe, lets assume u wana get a list of VMHost in a table and view only PowerState,Name,ProcessorType        

#Import Vmware Module
Add-PSSnapin VMware.VimAutomation.Core
#We Will ask the user to write the username and password for vSphere, you can comment this line if your
#vCetner is joined to the domain and you are connected to a domain joined computer
$viCredential = Get-Credential -Message "Please Write your vCenter username and password"
#This command will be used to connect to Esxi Server or vCenter
#You can remote the -Credential $viCredential, if your using domain joined computer and your vCenter is
#Joined to the domain
Connect-VIServer MyvCenterServer -Credential $viCredential
#Get all the Servers in the vCenter in all clustered
Get-VMHost | Format-Table -AutoSize PowerState, Name, ProcessorType
#Close the remote connection
Disconnect-VIServer * 


VMWare PowerCLI - Getting command and remote connection Part 1

Recently we purchase VMware ESXi 6.0 Standard Edition, we did not go for Enterprise Plus edition which have the DRS and other nice feature due to budgets issue.
In my environment we have 16 ESXi host configured as 3 cluster
- Production
- DMZ
- MGMT (vCenter - SRM - vOps)
After installing ESXi, it come the boring part which is doing the configuration 16 time for each host as we dont have DRS
The Configuration include the following:
  • vSwitch
    • NIC Teaming Policy
    • VMKernel
    • Security Profiles
  • Virtual PortGroup
    • I have a lot.. 
  • NTP Configuration
  • Start and stop services
And other details, doing this on server by server is a real time wasting, luckily VMWare have PowerCLI which is a Powershell module for ESXi, you can download and read about it here
As any other module or new module I have to work with the first thing to do is to import the module and discover its commands.
Run the following command on the computer were you install PowerCLI

    Get-Module -ListAvailable -Name vmware* | select name


The result will return the following modules


Name
----
VMware.VimAutomation.Cis.Core
VMware.VimAutomation.Cloud
VMware.VimAutomation.Core
VMware.VimAutomation.HA
VMware.VimAutomation.License
VMware.VimAutomation.PCloud
VMware.VimAutomation.SDK
VMware.VimAutomation.Storage
VMware.VimAutomation.Vds
VMware.VimAutomation.vROps
VMware.VumAutomation


The main module we will use it VMware.VimAutomation.Core, which include almost everything we need
you can import the module using PowerShell_ISE 

Once you import the module you will be able to see the module name in the module list, by selecting it all the command will appear in the list which will make your life easier.
Or if you want you can use the PowerCLI itself to access the ESXi Command and list them by using
get-command -Module VMware.VimAutomation.Core

Now you are ready to go :)

If you dont have PowerCLI installing in your computer and u wana import the command from remote server that have ESXi modules installed, you can use the following script

$RemoteCLI = New-PSSession -ComputerName PowerCLIServer
Invoke-Command -Session $RemoteCLI -ScriptBlock { Import-Module VMware.VimAutomation.Core }
Import-PSSession $RemoteCLI

Now you have ESXi Powershell modules and you can use then to execute and ESXi command

In My Next Post I will write about also basic understanding for PowerCLI and how to start using its commands

Hope this help

Like it, Share it, or comment on what you want
Hope this help as a start yet more interesting information are coming.
 

Friday, April 17, 2015

You need to type your username and password when browsing website directly from the IIS Server, but from another client computer it work normally

You are in your office, you login to Windows Server that host IIS, and browse a hosted website which is Windows Authentication Enabled using the configured host header "Lets say the website Host Header is CompanyProtal".
You are prompted to type your username and password.
You open your client computer and try to access the same site by using the configured host header, and the site work correctly without having to write your username and password.

In a close look to Windows Security Event Log you will see a failed login event recorded
Event Type: Failure Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 537
Date: Date
Time: Time
User: NT AUTHORITY\SYSTEM
Computer: Computer_Name
Description: Logon Failure:
Reason: An error occurred during logon
User Name: User_Name
Domain: Domain_Name
Logon Type: 3
Logon Process: Ðùº
Authentication Package: NTLM
Workstation Name: Computer_Name
Status code: 0xC000006D
Substatus code: 0x0
Caller User Name: -
Caller Domain: -
Caller Logon ID: -
Caller Process ID: -
Transited Services: -
Source Network Address: IP_Address
Source Port: Port_Number

If you try to bind the site with IP address (Not loopback address)it will work as expected.

So whats going on?
This issue occurs if you install Microsoft Windows XP Service Pack 2 (SP2) or Microsoft Windows Server 2003 Service Pack 1 (SP1). Windows XP SP2 and Windows Server 2003 SP1 include a loopback check security feature that is designed to help prevent reflection attacks on your computer. Therefore, authentication fails if the FQDN or the custom host header that you use does not match the local computer name.

So do you need it?
The recommendation is yes, but for some reason you may need to turn it off, maybe some websites are communicating on the server using the some custom host header.

How to Disable it.
Like most of Microsoft tweaks, its a registry value that you change.

There are 2 type to workaround:
1- Recommended which to specify the host names
2- Totally disable the loopback check (Not recommended).

So Lets start
Method 1: Specify host names (Preferred method if NTLM authentication is desired)
https://support.microsoft.com/en-us/kb/896861

  1. Go to HKLM\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0.
  2. Right-click MSV1_0 and select New->Multi-String Value.
  3. Type “BackConnectionHostNames” as the name and press Enter.
  4. Right-click the newly created entry and select Modify.
  5. In the Value data box, type the host name or the host names for the sites that are on the local computer, and then click OK
  6. Quit Registry Editor, and then restart the IISAdmin service.



Method 2:
This method will totally disable the loopback back and its not recommended in your production, you may use it in development or testing environment 
  1. Click Start, click Run, type regedit, and then click OK.
  2. In Registry Editor, locate and then click the following registry key:
  3. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
  4. Right-click Lsa, point to New, and then click DWORD Value.
  5. Type DisableLoopbackCheck, and then press ENTER.
  6. Right-click DisableLoopbackCheck, and then click Modify.
  7. In the Value data box, type 1, and then click OK.
  8. Quit Registry Editor, and then restart your computer
Or use Powershell Command 

New-ItemProperty HKLM:\System\CurrentControlSet\Control\Lsa -Name "DisableLoopbackCheck" -value "1" -PropertyType dword


Hope that help


Wednesday, February 4, 2015

Read and Export Folder ACL using Powershell

Good day
I have a small old file server with 2 TB of users data and I dont which users have which permission on the folder structure.
There are some tools but most of them are paid, but even in some paid tools I wont be able to do some filtering like exclude Inherided Folder or do not include some certain account like "System or Creator Owner...", so why to buy anything when there is PowerShell
I wrote a script that will read all the folder tree and then export it to csv file
This script have 4 Parameters

.PARAMETER $PathToScan Write the Folder Path you want to scan

.PARAMETER $PathToSaveResult
After Finish scanning the Script will save result to CSV, Please write the full path to store the result

.PARAMETER $IncludeInheritedFolder
Whether or not to include Inherited Objects, Accpted values $True or $False

.PARAMETER $SysBuiltin
Whether to include System account "NT Authority and Builtin" accounts, Accpted values $True or $False

To use the Script:

GetACL.ps1 -PathToScan C:\FolderToScan -PathToSaveResult C:\MyOutput.csv -IncludeInheritedFolder $TRUE or $FALSE -SysBuiltin $TRUE or $FALSE


Always make sure you are running the lastest version of PowerShell and .Net Framework

param
    (
        [Parameter(Mandatory = $true,
             HelpMessage = 'Write the Folder Path you want to scan')]
             [ValidateNotNullOrEmpty()]
        [string]
        $PathToScan,
        [Parameter(Mandatory = $true,
             HelpMessage = 'After Finish scanning the Script will save result to CSV, Please write the full path to store the result')]
             [ValidateNotNullOrEmpty()]
        [string]
        $PathToSaveResult,
        [Parameter(Mandatory = $true,
             HelpMessage = 'Whether or not to include Inherited Objects, Accpted values $True or $False ')]
             [ValidateNotNullOrEmpty()]
        [bool]
        $IncludeInheritedFolder,
        [Parameter(Mandatory = $true,
             HelpMessage = 'Whether to include System account "NT Authority and Builtin" accounts, Accpted values $True or $False')]
            [ValidateNotNullOrEmpty()]
        [bool]
        $SysBuiltin
    )
    
$Folderslist = Get-ChildItem $PathToScan -Recurse -Directory #Read all the folder details with the subtree
$Myobj = New-Object -TypeName PSObject #Create an object to save the returned result

Add-Member -InputObject $Myobj -MemberType NoteProperty -Name Username -Value $null 
Add-Member -InputObject $Myobj -MemberType NoteProperty -Name AccessType -Value $null
Add-Member -InputObject $Myobj -MemberType NoteProperty -Name Righttype -Value $null
Add-Member -InputObject $Myobj -MemberType NoteProperty -Name Path -Value $null
Add-Member -InputObject $Myobj -MemberType NoteProperty -Name Inherited -Value $null

foreach ($singleFolder in $Folderslist) #To read Each Folder Details from $Folderslist
{
    try
    {
        
        $Access = Get-Acl -Path $singleFolder.PSPath | select $singleFolder.PSPath -ExpandProperty access #Read the Access property which hold the users ACL
        
        foreach ($single in $access) #As $Access are array, we need to read objects 1 by 1 and store them in $MyObj
        {
            
            $Myobj.Path = Convert-Path $singleFolder.PSPath 
            
            If ($SysBuiltin -like "True") { $Myobj.Username = $single.IdentityReference } #If $SysBuiltin Param was $True then Include all the value in the $access.IdentityReference "IdentityReference is the user object"
            if (($SysBuiltin -like "False") -and (($single.IdentityReference -like "NT AUTHORITY*") -or ($single.IdentityReference -like "BUILTIN\*") -or ($single.IdentityReference -like "*CREATOR OWNER*"))) { continue } #if SysBuiltin Param was $False then do not include these users or group
            
            $Myobj.AccessType = $single.FileSystemRights #What Kind of Access IdentityReference "User / Group Have"
            $Myobj.Inherited = $single.IsInherited #Store the Inheritance value
            
            If ($IncludeInheritedFolder -like $true) { $Myobj.Inherited = $single.IsInherited } 
            if (($IncludeInheritedFolder -like $false) -and ($single.IsInherited -like $true)) { continue } #If $IncludeInheritedFolder was $False, Do not parse retured result with Inherited items
            $Myobj.Righttype = $single.AccessControlType
            $Myobj.Username = $single.IdentityReference
            
            Export-Csv -InputObject $Myobj -Append -Path $PathToSaveResult -NoTypeInformation -Encoding UTF8 #Save the result to the Path as in $PathToSaveResult
        }
    }
    Catch #Catch Any Error and write it
    {
        Write-Host $Error[-1].Exception
        
    }
    
}

Saturday, January 31, 2015

Notepad++ Send a message to the world #JeSuisCharlie

Good day
Notepad++ is a free (as in "free speech" and also as in "free beer") source code editor and Notepad replacement that supports several languages. Running in the MS Windows environment, its use is governed by GPL License.
Today I updated my Notepad++, Once I open the installation finished, and I ran Notepad++ I got a message written on Notepad++ that says

Freedom of expression is like the air we breathe, we don't feel it, until people take it away from us.

For this reason, Je suis Charlie, not because I endorse everything they published, but because I cherish the right to speak out freely without risk even when it offends others.
And no, you cannot just take someone's life for whatever he/she expressed.

Hence this "Je suis Charlie" edition.
- #JeSuisCharlie

This version of Notepad++ have Je suis Charlie in the about


One more thing about Notepad++ is, you will see Notepad++ in windows 10 as a replacement for Windows Notepad.

Sunday, November 30, 2014

Block Outlook from connecting to Public Folder

In some cases, you may need to prevent outlook to connect to Exchange Public Folder.
I had a case where Outlook 2010/2013 is connecting to a remote exchange server, connecting to public folder cause some connection delay.
These client dont need to use Exchange Public Folder, so its better to disable Public Folder Connection.

Now you have 2 options:
1- Delete Public Folder.
2- Prevent Outlook from connecting to public folder

Today I will talk about how to prevent outlook 2010/2013 from connecting to Public Folder.

To do so you will need to create/edit a small registry value called
Name: HasPublicFolders
Value: 0
Type: DWORD

The Path for this value is HKEY_CURRENT_USER\Software\Microsoft\Exchange\Setup
If the Setup Key is not exist, then simply create it and then create the DWORD value


You can automatically create the key and the value using the following CMD line

reg add HKCU\Software\Microsoft\Exchange\Setup /f /v HasPublicFolders /t REG_DWORD /d 0 

The line is explained as the following
REG: is the cmd registry controling tool 
ADD: parameter to tell the reg tool that you are adding / creating a key or a value
HKCU...: The path of the key you want to create the value under, if the key is not exist then it will be created
/f : To force overwrite the value if exist
/v: Value Name
/t: Type of the value
/d: parameter after the /d is the value of the entry, in this case it is 0

for more information about REG tool you click here (http://technet.microsoft.com/en-us/library/cc732643.aspx)


Hope you like it, feel free to leave you comment below and share it with your friend to support me :)

Thursday, November 6, 2014

Windows Network Load Balance, Unicast or Multicast ?

WNLB (Windows Network Load Balance) is a clustering technology offered by Microsoft as part of all Windows 2000 /2003 /2008 /2012 Server family operating systems.
WNLB or NLB for short, is commonly used in small networks and some medium business companies.
It is very easy to be implemented, some clicks and you are ready to go.
Once you open WNLB you can right click on the root console and then connect to an existing cluster or simply create a new one.
If you need to connect to an existing cluster you can simply type the cluster IP and here you go, as long as you have the required permission.
If you want to create a new cluster, you can follow the wizard, its a straightforward process, just add the host IP address or name and write the Virtual IP (VIP) and  you are almost done.
While configuring the cluster, you will be presented with a simple innocent selection.

The Cluster Operation Mode, Unicast, Multicast or IGMP Multicast.

Which one to select?

The answer is depend network topology, each one has its pros and cons, and at then end of this post you will be able to make the right decision (hopefully).

Unicast: Simply and easy way to implement WNLB, it work as the following:
Each WNLB cluster node will replace its real MAC Address with a new MAC address which is generated by WNLB, because of this, WNLB cluster nodes will NOT be able to communicate with each other, as all of them have the same MAC address, so no packet (which is going to the other node) will not even leave the server ( as the destination MAC address is the same as the source MAC address).
So in this case you will need to have two network interface for the cluster to work, one will be for the WNLB Cluster (you can make it the client facing interface) and another interface for the WNLB Nodes communication.
Even when you configure your WNLB to operate in Unicast Mode which have only 1 interface, you will get a warning message telling that this is not recommended.

One other problem you will face when your cluster is operating on unicast mode is,Switch Flooding.
To understand switch flooding you need to know how client and the cluster are communicating.

Lets say we got the following network


The Client Computer need to connect to a web service running the cluster.
The Client will send a ARP request asking for the MAC address for 10.6.0.168.

As the switch and the client don't have the MAC address for this IP , the Switch will send (flood) the packet to all ports.
The Traffic reach one WNLB host, the Cluster Node will reply back using a MASKED MAC.


As you can see from the picture above, the MAC address is masked as MS-NLB-VirtServer_0.
In this case, the switch will never learn on which port is the MAC address for 10.6.0.168.

For every traffic passing for WNLB the switch will flood the traffic to all ports, Why?

Microsoft did this to ensure that all the traffic keep reaching all the cluster nodes, so the Switch will not assign a single interface for the NLB, thus preventing other nodes from sharing the load.

What is the impact?
A lot of unnecessary traffic reaching all other host on the switch and more processing for the switch and the hosts on the switch (As the hosts other than WNLB hosts on the switch will drop all the packet that are not sent to them).

How to Fix?
Use HUB insted of swtich, HUBs will always flood the traffic, or simply isolate the WNLB to a separate VLAN.
And the most advance solution, buy Load Balancer, they will offer a much better way to manage load balance

When to use Unicast?
Unicast is simple to implement, as other WNLB Operation mode may require some hardware configuration modification (or even hardware replacement).

What is the MAC Address for Unicast?
In Layer3: The MAC address for unicast NLB is 02-db-xx-xx-xx-xx, where xx-xx-xx-xx is the IP address of the host
In Layer 2: The MAC Address for Unicast NLB is 02-PP-xx-xx-xx-xx, where PP is the host priority and xx-xx-xx-xx is the host IP Address

Multicast

In multicast mode, NLB assigns a layer-2 multicast address to the cluster adapter instead of changing the adapter’s station address. Multicast allows inter-host communication because it adds a layer two multicast address to the cluster instead of changing it. This makes inter-host communication possible as the hosts retain their original unique MAC addresses and already have unique dedicated IP addresses. However, in multicast mode, the ARP reply sent out by a host in the cluster, in response to an ARP request, maps the clusters Unicast IP Address to its multicast MAC Address. Such a mapping in an ARP reply is rejected by some routers so administrators must add a static ARP entry in the router mapping the Cluster IP Address to its MAC Address.

Multicast is way more better for people using VMWare as VMWare recommend

Cons:
It does not work automatically on all network equiment (ex. Cisco)
Will require to add static ARP entry on the router to be able to connect with the cluster.

Pros:
No Switch flooding
No need for additional NIC on each host

What is the MAC Address for Multicast?
It will start with 03-bf-xx-xx-xx-xx

Recommendation ?
- The highest recommendation is to go for hardware load balance (Kemp - F5 ...).
- Dont go for Unicast, stay with Multicast.
- I faced a very strange problem with RDP that keep disconnecting, once I changed the NLB to Multicast, everything went OK.

This is what going on with Windows Network load Balance.
Hope you like this post, dont forget to support me with some likes :)

Sunday, September 14, 2014

Exchange 2010 / 2013 Server Single Instance Storage.... is gone

Exchange Single Instance Storage (SIS)

What is SIS

SIS creates a single instance of messages sent to multiple recipients within the same database. Simply said, the first one gets a copy of the message in his or her mailbox, others get a referral to the message.

Why it was used?

In old days where Storage were really limited, most of the mailboxes reside on a single database, and even the Disk Disk performance was not that good and the good performance disk was really expansive, so SIS saved a lot of Disk IO and space.

So what is the benefit:

This Really save a lot of space and Disk IO on the database.
Exchange SIS was used on all version of Exchange from the beginning till Exchange 2007, In exchange 2007 SIS will only be enabled to the attachments only, which wont offer much regarding for performance or disk space saving.

Why its being removed?

Starting the disk price are getting low and storage now are cheap.
Users mailboxes are distributed between several database.
Microsoft had enhanced ESE performance more than all other previous version of Exchange, so SIS will not be the performance saving anymore.
Microsoft ESE now compress the message Body and header by default which will be a better saving.

What about Attachments, are they compress too?

The answer is NO, There is no need to compress the attachment for:
1- compressing and decompressing will be CPU intensive
2- Most of the attachments are already in compressed state (Zip - PDF - Docx - JPG)

Is compression the answer to replacing single instancing all together?

The answer to that question is that it really does depend. There are certain scenarios where SIS may be viable:

Environments that only send Rich-Text Format messages. The compression algorithms in Exchange 2010 do not compress RTF message blobs because they already exist in their most compressible form.
Sending large attachments to many users. For example, sending a large (30 MB+) attachment to 20 users. Even if there were only 5 recipients out of the 20 on the same database, in Exchange 2003 that meant the 30MB attachment was stored once instead of 5 times on that database. In Exchange 2010, that attachment is stored 5 times (150 MB for that database) and isn’t compressed. But depending on your storage architecture, the capacity to handle this should be there. Also, your email retention requirements will help here, by forcing the removal of the data after a certain period of time.
Business or organizational archives that are used to maintain immutable copies of messaging data benefit from single instancing because the system only has to keep one copy of the data, which is useful when you need to maintain that data indefinitely for compliance purposes.

Community thinks?

- Even if disk are cheap, we still need to take care of it insted of wasting the space for having several copy of the email !

Yes, sure but content compression should offer a good disk saving.
- And what about attachment?
Simply if you really have it as an issue, you will need use Sharepoint or third party email attachment management.

- What is the Compression MS used
- From Here
- Wikipedia

If you like this post, please feel free to comment, like and share it