HI,

While creating a stack, itt fails with the error: Parameter RDGWCIDR failed to satisfy constraint: CIDR block parameter must be in the form x.x.x.x/x

Any idea on how to solve it?

thanks

Based on anecdotal evidence, need to introduce a reboot after UCMA runtime installation otherwise Exchange installation can fail.

In the following text:
`

Refer to the GitHub repository to view source files, report bugs, submit feature ideas, and post feedback about this Partner Solution. To comment on the documentation, refer to `Feedback.``

The link to the Github page is broken.
https://aws-quickstart.github.io/quickstart-microsoft-exchange/

I wasn't able to figure out what text file contains the URL,

I get the following error when running the quick start for existing VPC in Canada central region.
'Command failure in C:\cfn\scripts\Create-Folder.ps1 on line 22 Exception: System.Management.Automation.RemoteException: An item with the specified name C:\exchinstall already exists.' for uniqueId: i-076ea9009f88b7bdf

It worked fine in the us-west-1 region.

Multiple attempts in the last 24 hours to perform the deployment failed due to an issue with the Edge nodes. This is the first error that appears in the CloudFormation log is this for the ExchangeStack:

WaitCondition received failed message: 'Command failure in C:\cfn\scripts\Install-ExchangeEdgeServer.ps1 on line 44 Exception: System.Management.Automation.RemoteException: This command cannot be run due to the error: The system cannot find the file specified.' for uniqueId: i-0d1dd0403e9f05efe

Line 44 is:

Invoke-Command -Authentication Credssp -Scriptblock $InstallExchPs -ComputerName $env:COMPUTERNAME -Credential $LocalAdminCreds

I verified that the values for EdgeNode1NetBIOSName and EdgeNode1NetBIOSName were the default values.

This is in the us-west-2 region.

Please let me know if any other information is needed to troubleshoot this.

I got error when creating it using the new VPC template,
The error is that the EXCH could not join into the domain WORKGROUP of the AD.
Do i need additional settings outside the template for it to join the domain?
Or it should connect to the domain automatically by the script in it?

Thanks

UPDATE: I found the issue, my password should contain 1 symbol but the symbol make the script fail, i could overcome the issue by adding "Password" so the script was ignoring the symbol

(Sorry for using an issue to ask this)
We're thinking about using this to deploy an Exchange test environment, but we'd like to use Exchange 2016. Do you have any plans to do that as part of this project or if not, is there anything we should watch for in having a go?
Thanks!

Request via #35

Before the stack can create I receive this error:

Error: CREATE_FAILED: ["Parameter validation failed: parameter value eu-north-1a for parameter name AvailabilityZones does not exist, parameter value eu-north-1b for parameter name AvailabilityZones does not exist"]

Error returning when using this template during CI via Jenkins. This works locally but there is not much information online on why this is happening or how to resolve.

I have attempted to use other availability zones to no avail.

Microsoft's licensing changes removes a user's ability to run Windows Server with a BYOL license on production workloads.
The option to install on Dedicated Hosts/Dedicated Instances needs to be removed.

This feature request is to deploy without edge nodes or to allow for non-Edge nodes to receive and send email directly from the internet. On a deployment using this template I had to bypass the edge nodes due to restrictions on relaying messages. Also, edge nodes are also difficult to manage and add additional cost to the deployment. It seems that the only advantage to edge nodes is that it in theory protects against a deployment where ports 25 or 587 are exposed to the entire internet AND a bug is discovered that allows an Exchange server to become compromised purely from SMTP traffic. Most, maybe almost all, Exchange deployments these days are firewalled to only allow SMTP traffic inbound from specific IP ranges (anti-spam service, application, partner organization, etc), so the edge node deployment really is an edge case for very large Exchange deployments.

When attempting to create the exchange stack on a new VPC I'm getting these 2 errors on ExchangeNode1 and FileServer:
API: ec2:RunInstances Not authorized for images: [ami-033df17da30f7ea72]
API: ec2:RunInstances Not authorized for images: [ami-09d7f402df5fd27aa]

I'm guessing this is because the Windows Server AMI was updated recently, but hasn't been added to the template yet.

Just curious if there is a timeframe on the update for this, or if there is anything I can change manually to get this to work.

In line 628 of the exchange.template, the following line defines the download link for Exchange 2013:

 '2013': https://download.microsoft.com/download/9/4/1/94166586-5D17-414A-97DA-CCD069BC11A2/Exchange2013-x64-cu21.exe

This URL is no longer valid. The current rollup is cu23 at:

https://download.microsoft.com/download/7/F/D/7FDCC96C-26C0-4D49-B5DB-5A8B36935903/Exchange2013-x64-cu23.exe

Other than changing the net addresses etc. I am running the exchange quick start mostly right out of the box. I had it working fine the other day and then when I went to the various GitHub sites to grab the latest scripts so that they would launch from my S3 instead of hitting the microsoftquickstart S3 bucket I run into this:
16:26:05 UTC-0600 CREATE_FAILED AWS::CloudFormation::WaitCondition ExchangeNode2WaitCondition WaitCondition received failed message: 'Command failure in C:\cfn\scripts\Configure-ExchangeDAG.ps1 on line 91 Exception: System.Management.Automation.RemoteException: No snap-ins have been registered for Windows PowerShell version 4.' for uniqueId: i-0110313f7d7d8080c

Do I have a mismatched AMI maybe? or a script error not yet rolled out? This maybe an easy fix as my Exchange and PowerShell mojo is still weak. I come from a linux aws world afterall.
Thanks,
Robert

Hi there,

Not sure if this is the right way to contact the dev's of this template but figured I would try here anyway.

I'm trying to setup a basic, default install using this template. I am keeping all the parameters as default (except the mandatory ones) but it takes over 4 hours for the deployment to complete. It seems the ExchangeStack is taking the longest time (over 2 hours). On the quickstart page it says it should take around 90 minutes so I feel I am maybe missing something.

I wonder if maybe I need to change any parameters to be able to speed this up or if you have any other advice?

Thanks in advance.

Edge subscriptions are failing because we are allowing only UDP but the edge subscription relies on secure LDAP which is TCP. Only UDP packets are allowed by the security group.

Could you please change udp to tcp in the templates?

Thanks.

templates/exchange-old.template - lines 2982-2986

                    "IpProtocol": "udp",
                    "FromPort": "50636",
                    "ToPort": "50636",
                    "CidrIp": {
                        "Ref": "PrivateSubnet1CIDR"

templates/exchange.template 0 lines 1760-1781

EXCHEdgeSecurityGroup:
	Condition: DeployEdge
	Type: AWS::EC2::SecurityGroup
	Properties:
	  GroupDescription: Enable communications for Exchange Edge Transport Servers
	  VpcId: !Ref VPCID
	  SecurityGroupIngress:
	  - Description: Edge Server directory synchronization
		IpProtocol: udp
		FromPort: 50636
		ToPort: 50636
		CidrIp: !Ref PrivateSubnet1CIDR
	  - Description: Edge Server directory synchronization
		IpProtocol: udp
		FromPort: 50636
		ToPort: 50636
		CidrIp: !Ref PrivateSubnet2CIDR
	  - Description: Edge Server directory synchronization
		IpProtocol: udp
		FromPort: 50636
		ToPort: 50636
		CidrIp: !Ref PrivateSubnet3CIDR

At least for Exchange 2016, the C:\Windows\Temp folder fills up on Exchange mailbox servers deployed via this QuickStart. The log files show errors with Unified Messaging. In Services.msc the Unified Messaging service keeps attempting to start.

Would it be possible to disable the installation of the Unified Messaging service or to at least provide the option in the template to do so?