Performing a Non-Disruptive Disk and Shelf Firmware upgrade on a NetApp FAS2040

I received a mail from NetApp this morning, pointing my attention to KB ID 7010014.  In a nutshell, there is a drive firmware upgrade available which the lowers the drive failure rates.  AutoSupport has also been nagging me about out of date DS4243 shelf firmware, so I thought this would be a perfect opportunity to upgrade it all in in one go.  It goes without saying that the upgrades must to have zero impact on client access.  The process below was run on Data Ontap Release 8.1 7-Mode.

Update the Disk Qualification Package

1. Download the latest DQP from the NetApp support site
2. Extract the files and copy it to the /etc folder on your filer, overwriting the existing files

Update the Disk Shelf Software

1. Download the appropriate disk shelf software upgrade from the NetApp support site
2. Extract and copy it to the /etc/shelf_fw folder on your filer
3. Run the options shelf.fw.ndu.enable command and verify it is set to on
   • If not, enable it with the options shelf.fw.ndu.enable on command
4. Execute the storage download shelf command to update the shelf firmware and enter yes when prompted

Update the Disk Firmware

1. Download the latest disk firmware from the NetApp support site
2. Verify the following, otherwise you will not be able to do a non-disruptive upgrade
   • Aggregates need to be RAID-DP or mirrored RAID4
   • You need to have functioning spares
3. Run the options raid.background_disk_fw_update.enable command and verify it is set to on
   • If not, enable it with the options raid.background_disk_fw_update.enable on command
4. Extract and copy the disk firmware to the /etc/disk_fw folder on your filer
5. The upgrade should start automatically in a couple of minutes
6. Repeat for both controllers

Verifying the upgrade

Execute the sysconfig –v command to verify successful installation
And there we go, we have non-disruptively upgraded the firmware and disk drives in our filer!

Migrating CIFS Shares to a new NetApp Filer

What better way to kick off the festive season than a with a storage migration (only being slightly ironic!).  A customer uses their existing NetApp kit to provide block storage to vSphere hosts and CIFS shares to Windows clients and they wanted me to do a swap out upgrade.  Migrating the vSphere data is a cinch nowadays, what with Storage vMotion and all, so I’ll just document the CIFS stuff.

1. First you’ll need to setup a SnapMirror relationship of the CIFS volume between the source and destination filers (no faffing around with robocopy and the like)
2. Make a backup copy of the /etc/cifsconfig_shares.cfg file
3. Execute cifs terminate on the source filer (downtime starts here)
4. Update (quiesce if necessary) and break the SnapMirror relationship
5. Take the source filer offline
6. Assign the source filer’s IP to the new filer
7. Reset the source filer’s account in Active Directory (if applicable)
8. Execute cifs setup on the new filer
1. It goes without saying that you will assign the source filer’s hostname to the destination filer, as well as join it to the AD (assuming the source filer was joined)
9. Execute cifs terminate on the destination filer and replace the cifsconfig_shares.cfg with the backup copy you made in step 2
10. Execute cifs restart on the destination filer
11. Test client access

Directly Connecting a Brocade 815 HBA to a EMC VNX5300

I’m busy with a project which involves getting two ESXi hosts hooked up to a VNX5300 configured in block mode.  The order we placed with Dell specified Emulex 12000 HBA’s, but Dell got creative and shipped Brocade 815’s instead.  Only problem was that they didn’t work when directly connected to the front-end ports on the VNX.  I’m documenting the symptoms here as well, so that the next person does not have to battle for two days.

The Symptoms

When directly connecting the HBA’s to the VNX fiber ports the following events pop up in the SP event logs

• EV_VirtualArrayFeature::_mergeInternalObjects() - No parent for HBA,
• EV_TargetMapEntry::GetHostInitiatorPort() - NULL HBAPort pointer

Running NaviSECCli.exe -Address 172.20.10.27 port -list –sfpstate outputs the following:

SP Name:             SP A
SP Port ID:          1
SP UID:              50:06:01:60:BE:A0:72:F9:50:06:01:61:3E:A0:72:F9
Link Status:         Up
Port Status:         Online
Switch Present:      NO
SFP State:           Online

This tells us that things are fine on a physical layer, but not much else is happening higher up the stack.

The Fix

First we need to upgrade the HBA firmware to version 3.1.  There are various OS specific ways to do it, easiest is probably to download the livecd from Brocade.  Since this HBA is not on the ESXi 5.1 HCL we need to install the driver.  You need to install at least the v3.1   I include the steps for the sake of completeness

1. Enable SSH on your ESXi host
2. Use scp for Windows or the following command from a linux / max host:  scp brocade_driver_esx50_v3-1-0-0.tar root@<ip address>:/tmp
3. SSH into your ESXi host and navigate to the /tmp folder with cd /tmp
4. Execute tar xf brocadedriveresx50_v3-1-0-0.tar
5. Execute ./brocade_install_esxi.sh
6. Wait for the installation to finish (takes about 1 – 2 mins) and reboot host once done

Now we need to configure the HBA for direct connection, or more technically,  FC-AL mode

1. SSH into your ESXi host and navigate to /opt/brocade/bin/ by entering cd /opt/brocade/bin/
2. ./bcu port --topology 1/0 loop
3. ./bcu port —disable 1/0
4. ./bcu port —enable 1/0
5. ./bcu port --topology 2/0 loop
6. ./bcu port —disable 1/0
7. ./bcu port —enable 1/0

Your ESXi host should now show up as a host on the VNX where you can add it to a storage group and assign LUNs.

NetApp Command Line Cheat-Sheet

I recently had the opportunity to work on a NetApp storage implementation project.  As always I really wanted to get my hands dirty, so I tried to learn as much about their CLI as possible.  It also helps when the NetApp System Manager GUI has got crazy bugs like Bug ID 548923, which prevents you from doing any FC related configs.  Anyhow, here is a list of commands which should get you up and running in no time.  I compiled this from a couple of web sources.

The Basics

setup (Re-Run initial setup)
halt (Reboots controller into bootrom)
reboot (Reboots the connected controller)
sysconfig -a (Dumps the system configuration)
storage show disk (shows physical information about disks)
passwd (Changes the password for the current user)
sasadmin shelf (shows a graphical layout of your shelves with occupied disk slots)
options trusted.hosts x.x.x.x or x.x.x.x/nn (hosts that are allowed telnet, http, https and ssh admin access. x.x.x.x = ip address, /nn is network bits)
options trusted.hosts * (Allows all hosts to the above command)

Diagnostics
Press DEL at boot up during memory test followed by boot_diags and select all
priv set diags (Enter diagnostics CLI mode from the Ontap CLI)
priv set (Return to normal CLI mode from diagnostics mode)

Software
software list (Lists software in the /etc/software directory)
software delete (Deletes software in the /etc/software directory)
software update 8.1RC2_e_image.zip -r (Install software. The -r prevents it rebooting afterwards)

Aggregates
aggr create aggregate_name (Creates an Aggregate)
aggr destroy aggregate_name (deletes an Aggregate)
aggr offline aggregate_name (takes an Aggregate offline)
aggr online aggregate_name (brings an Aggregate online)
aggr status (shows status of all aggregates)
aggr status aggregate_name (show status of a specific Aggregate)
aggr show_space aggregate_name (shows specific aggregate space information)

Volumes
vol create volume_name (Creates a volume)
vol status (gives the status of all volumes)

Snapshots
snap create volume_name snapshot_name (create a snapshot)
snap list volume_name (List snapshots for a volume)
snap delete volume_name snapshot_name (delete a snapshot on a volume)
snap delete -a volume_name (Deletes all snapshots for a volume)
snap restore -s snapshot_name volume_name (Restores a snapshot on the specified volume name)
options cifs.show_snapshot on (Sets snapshot directory to be browse-able via CIFS)
options nfs.hide_snapshot off (Sets snapshot directory to be visible via NFS)

SnapMirror
options snapmirror.enable on (turns on SnapMirror. Replace on with off to toggle)
vol restrict volume_name (Performed on the Destination. Makes the destination volume read only which must be done for volume based replication)
snapmirror initialize -S srcfiler:source_volume dstfiler:destination_volume (Performed on the destination. This is for full volume mirror. For example snapmirror initialize -S filer1:vol1 filer2:vol2)
snapmirror status (Shows the status of snapmirror and replicated volumes or qtree’s)
snapmirror status -l (Shows much more detail that the command above, i.e. snapshot name, bytes transferred, progress, etc)
snapmirror quiesce volume_name (Performed on Destination. Pauses the SnapMirror Replication. If you are removing the snapmirror relationship this is the first step.)
snapmirror break volume_name (Performed on Destination. Breaks or disengages the SnapMirror Replication. If you are removing the snapmirror relationship this is the second step followed by deleting the snapshot)
snapmirror resync volume_name (Performed on Destination. When data is out of date, for example working off DR site and wanting to resync back to primary, only performed when SnapMirror relationship is broken)
snapmirror update -S srcfiler:volume_name dstfiler:volume_name (Performed on Destination. Forces a new snapshot on the source and performs a replication, only if an initial replication baseline has been already done)
snapmirror release volume_name dstfiler:volume_name (Performed on Destination. Removes a snapmirror destination)

Cluster
cf enable (enable cluster)
cf disable (disable cluster)
cf takeover (take over resources from other controller)
cf giveback (give back controller resources after a take over)

Autosupport
options autosupport.support.enable on (Turns Autosupport on, toggle with off)

Hot Spares
vol status -r (Gives list of spare disks)

Disks
disk show (Show disk information)
disk show -n (Show unowned disks)

Luns
lun setup (runs the cli lun setup wizard)
lun create -s 10g -t windows_2008 -o noreserve /vol/vol1/lun1 (creates a lun of 10GB with type Windows 2008, sets no reservation and places it in the following volume or qtree)
lun offline lun_path (takes a lun offline)
lun online lun_path (brings a lun online)
lun show -v (Verbose listing of luns)

Fiber FCP
fcadmin config -t target 0a (Changes adapter from initiator to target)
fcadmin config (lists adapter state)
fcadmin start (Start the FCP service)
fcadmin stop (Stop the FCP service)
fcp show adapters (Displays adapter type, status, FC Nodename, FC Portname and slot number)
fcp nodename (Displays fiber channel nodename)
fcp show initiators (Show fiber channel initiators)
fcp wwpn-alias set alias_name (Set a fiber channel alias name for the controller)
fcp wwpn-alias remove -a alias_name (Remove a fiber channel alias name for the controller)
igroup show (Displays initiator groups with WWN’s)

Cifs
cifs setup (cifs setup wizard)
cifs restart (restarts cifs)
cifs shares (displays cifs shares)
cifs status (show status of cifs)
cifs domain info (Lists information about the filers connected Windows Domain)
cifs testdc ip_address (Test a specific Windows Domain Controller for connectivity)
cifs prefdc (Displays configured preferred Windows Domain Controllers)
cifs prefdc add domain address_list (Adds a preferred dc for a specific domain i.e. cifs prefdc add netapplab.local 10.10.10.1)
cifs prefdc delete domain (Delete a preferred Windows Domain Controller)
vscan on (Turns virus scanning on)
vscan off (Turns virus scanning off)
vscan reset (Resets virus scanning)

HTTP Admin
options httpd.admin.enable on (enables web admin)

SIS (Deduplication)
sis status (Shows SIS status)
sis config (Shows SIS config)
sis on /vol/vol1 (Turns on deduplication on vol1)
sis start -s /vol/vol1 (Runs deduplication manually on vol1)
sis status -l /vol/vol1 (Displays deduplication status on vol1)
df -s vol1 (View space savings with deduplication)
sis stop /vol/vol1 (Stops deduplication on vol1)
sis off /vol/vol1 (Disables deduplication on vol1)

DNS
dns flush (Flushes the DNS cache)
/etc/resolv.conf (edit this file to change your dns servers)

Handy naviseccli Commands

I have been meaning to document this for ages.  I often find myself supporting clients who are located on the other side of a horribly slow WAN / VPN / 2 Cans and a piece of string link.  Slow as in even Navisphere Express times out in the web browser.  That’s when a ninja-admin such as myself whips out his command-line fu.  All commands below are to be entered on a single line and substitute %username% and %password%

Physical Container-Front End Ports Speeds

naviseccli –h <ip address> port –list -sfpstate
naviseccli –h <ip address> –set sp a –portid 0 2
naviseccli –h <ip address> backendbus –get –speeds 0

SP cache details
naviseccli -scope 0 -user %username% –password %password% -address <ip address> getcache

Get all the details of the LUN’s on the array
naviseccli -scope 0 -user %username% –password %password% -address <ip address> getlun

Review IO Ports on an array
naviseccli -h <ip address> -user %username% –password %password% -scope 0 ioportconfig -list |more

All details from the Array
naviseccli -scope 0 -user %username% -password %password%-address <ip address> getall

SP Reboot and Shutdown GUI
naviseccli –h <ip address> rebootsp
naviseccli –h <ip address> resetandhold

Apart from being faster than the GUI, knowing the naviseccli commands also allows you to incorporate them in scripts, pipe the output etc.  In other words it’s a very nice string to have in your bow!

Creating a Hyper-V Cluster after the fact, or, how to preserve and add existing VMs to a Cluster.

I was faced with an interesting challenge recently. a Client was running two standalone Hyper-V hosts with about 4 VMs each running on a Storage Area Network(SAN).  I installed the SAN previously to provide increased IO performance for their SCADA (Citect, for those taking notes) system. 

This was essentially a very effective proof of concept as far as the client was concerned and they wished to take advantage of the more advanced features offered by Clustered Hyper-V (stuff like live migration etc.).

This posed a challenge, because we needed to convert the LUNs occupied by the VM’s to highly available Cluster Shared Volumes (CSV’s).  In Hyper-V, a VM needs to be hosted on a CSV in order to be made highly-available.  So off I went trying to figure out a non disruptive way to convert all my LUNs to CSV, without losing any data.  This is what I came up with.

1. Shut down your VM(s)
2. Open Disk Management on your Hyper-V host and remove drive letter from LUN hosting the VM
3. Open Failover Cluster Manager (FCM) –> Storage –> Add Disk –> Select Disk from Step 2 –> Click OK
4. Still in FCM - Go to Cluster Shared Volume - Add Storage – select the disk you added in Step 3
5. Open up Hyper-V Manager on the same host (notice the VM status is critical because you removed the drive letter).  Remove the VM
6. Create a new VM, opt to store it under the %systemdrive%\ClusterStorage folder which was created automatically when you performed Step 4.  VERY IMPORTANT – Do not add any disks to the VM!
7. Right click the VM you created in Step 6 and choose Edit Settings.  Add the original VM’s disks (boot drive to be added to IDE controller 0).  The existing VHD’s will be found in %systemdrive%\ClusterStorage
8. Open FCM – Go to Services and Applications – in the Action pane select Configure a Service or Application –> select Virtual Machine –> Check the VM created in Step 6 –> Complete Wizard
9. Ensure that the VM is connected to the correct network in Hyper-V Manager
10. Because we are connecting a new NIC to the VM you will have to re-specify the IP address inside the VM once the VM has started up

Rinse and repeat for all existing VMs you want to make highly available.  The Microsoft way would be to export the VM’s and import it again.  Nothing wrong with that, apart from the fact that it takes a lot of time and storage to do, depending on the size of the VM.  My way is quick and easy and it works!

Partial/No Redundancy on iSCSI Datastores

Expensive fiber SANs are not price-compatible with a lot of my clients, therefore a lot of my time is spent in iSCSI environments.  I’ve noticed in all instances that the Multipathing Status for all my iSCSI datastores are Partial/No Redundancy when viewed on the Storage Views tabs in vCenter.  This bothers me because I always go to great lengths to ensure that I set up my iSCSI multipathing correctly.

I therefore breathed a big sigh of relief when I discovered that this behaviour is a bug as confirmed by VMware Technical Support. The rule for displaying the “Multipathing Status” is as follows:

Full Redundancy – If you have 2 separate adapters and 2 separate paths to the datastore
Partial/No Redundancy – If there is one path which is Up
Unknown – If there is at least one path with an “Unknown” status
All Paths Down – No way to reach the datastore

You will always only have one adapter when using a software iSCSI Initiator, this implies a single point of failure which gives us the dreaded “Partial/No Redundancy” status.  So as things stand now software iSCSI will always be displayed with a degraded status.  Methinks VMWare should develop separate rules / algorithms for fiber and iSCSI SANs…

The Overheating EVA

I had a "interesting" experience recently, namely had a EVA 4400 overheating due to environmental issues (fancy-talk for Aircon failure).  The client phoned me, complaining that half of their Hyper-V VM's are not running.  Further investigation revealed that the CSV's were offline.  Hmmm, this was getting serious.  I logged into Command View and saw that most of my VDisks were faulted, this was due in no small matter to the fact that all the drives in one of my shelves were faulted.

Event Logs

I had a look at the relevant EVA logs and discovered the following relevant entries:

•  Temperature within an HSV300 controller becoming too hot.
  View corrective actions.  Corrective action code: 2e
•  A drive enclosure temperature sensor out of range condition has been reported by one of the drive enclosure link modules.
• A physical disk drive has disappeared.
  View corrective actions.  Corrective action code: 42
• A Volume has transitioned to the MISSING state.
  View corrective actions.  Corrective action code: bf

What Happened

In retrospect it was a fairly simple sequence of events, as evidenced by the entries above.  The Air Conditioner failed, which caused the temperature within the Drive Shelf to rise (this is the HSV300 controller referred to in the event log).  To prevent damage to itself, the drive then switched itself off, which prompted the log entry about the physical drive disappearing.

We then started seeing volumes transitioning to the missing state, i.e. our VDisks went missing.  Hardly surprising considering that the drives containing them switched themselves off.

Resolution

1. Restored Air Conditioning (goes without saying I guess)
2. Powered off the EVA and all attached disk shelves
3. Powered on disk shelves and waited for the Numeric ID LED's at the back to display the proper IDs.
4. Powered up the Controller
5. Lo and behold!  All the previously failed physical disks came on-line, meaning that my missing VDisks also made a most welcome return
6. Unfortunately my Hyper-V Hosts still couldn't access the Vdisks, so I had to unpresent and re-present them via Command View.  I assume the EVA assigned new WWN's to the LUNs.
7. I re-scanned for storage from the Disk Management MMC on the Hyper-V Hosts
8. Brought the Disks and CSV's online via cluster manager
9. Started up the VM's

Conclusion

This was quite a harrowing experience, obviously.  What struck me as ridiculous is that HP does not have *ANY* thermal shutdown logic / capabilities on the EVA controller itself.  It keeps on trucking till the drives themselves fail, causing a very ungraceful failure of the VDisks.  There is also no guarantee that your drives and VDisks will come back online.  In essence - if your EVA overheats there is a distinct possibility that you lose your Data.  Caveat Emptor...

Back to Basics - Create a LUN and present it as a Cluster Shared Volume

You know when you do something and you think to yourself "Oi, I should really document this"?  And then you go "Nahhh, this is easy peasy lemon squeezy - I won't forget" and a month later you have to repeat the task and wonder of wonders, you did forget.  Well Goddammit - never will I have to wonder again how to create a LUN on a HP EVA 4400 SAN and use said LUN (or Vdisk in vHP's vVirtual vSpeak vWhere vEverything vStarts vWith a vStupid vV). vWhere...er I mean where was I.  Ahh yes, lets create a vDisk...

Create a vDisk on the EVA SAN

1. Log into Command View (what a cool name, sounds like you can bomb some backwater country into the Stone Age with a mere misplaced mouse-click)
2. Expand your Virtual Disks Folder
3. Click Create vDisk
4. Name your disk, then give it a size and RAID level
5. Click Create vDisk

Present the vDisk to your Hosts

1. Navigate to your newly created vDisk and click the Presentation tab
2. Click Present and select all hosts to present the vDisk to.  For some obscure reason every 4400 I've worked on would only allow me to present to four hosts / HBA's at a time, anything more and it errors out

Initialise and format the vDisk

1. Open the Disk Management MMC on one of your SAN-connected Hyper-V hosts
2. Right-click the Disk Management node and click Rescan on the context menu
3. Right-click on the newly appeared unallocated disk and select Bring Online
4. Right-click the disk and click Initialize
5. Right-click (how's that middle finger doing?) on the unallocated storage and click Create Simple Volume
6. Complete the wizard, but do not assign a drive letter

Create a Cluster Shared Volume using our vDisk

1. Open Failover Cluster Manager
2. Go to the Storage node and click Add a Disk in the Actions pane
3. Select the disk you wish to add and click OK
4. Right-click the Disk and click Properties - now give it a descriptive name.  Because I say so
5. Go to Cluster Shared Volumes and click Add Storage in the Actions pane
6. Select the disks you wish to add and click OK
7. The CSV will now magically appear in your ClusterStorage namespace.  Navigate there and give it a descriptive name
8. You've just greated a CSV full of win, which can now host a highly-available VM! 

How to Expand a VHD on Hyper-V 2008 R2

This is a fairly basic task that needs to be done fairly frequently, but I've never documented it anywhere so it always takes me 10 minutes longer than what it should. The client where I had to do this today happens to run a HP EVA 4400 Fiber SAN, so I will include the instructions for the EVA side of things as well. Without further ado...

Expanding a existing LUN on an HP EVA 4400 SAN

1. Log into Command View (HP's delightfully named SAN configuration solution)
2. Navigate to the the Virtual Disks folder, more specifically to the Vdisk you want to expand
3. Click the Vdisk, and wait 10 seconds for the incredibly laggy Command View interface to catch up
4. Type your new, preferred size in the box cunningly labelled "Capacity"
5. Click "Save"

Expanding a VHD

1. Use Cluster Resource Manager to determine who owns the Disk Resource you wish to expand
2. Once identified, go to "Disk Management" on the owner
3. Right-click the Disk Management node, and select "Rescan Disks". The un-allocated space should show up now
4. Right-click the volume you wish to expand and select "Extend Volume". Click Next 2 times and finally Finish
5. Fire up SCVMM and shut down the VM whose VHD you want to expand
6. Click the "Hardware Configuration" tab, and select the Disk you want to expand
7. Check the "Expand this disk" checkbox and enter the desired size
8. Click OK

This should take care expanding the VHD, but this does not mean the underlying OS will automatically make use of the added capacity, no sirrreeee. In my case the VM was running Windows 2008 Server R2, and this is what I had to do....

Using Diskpart to Extend a Partition

1. Click Start, type CMD and press Enter
2. In the resulting Command Prompt, type "Diskpart"
3. Select the correct drive and partition to perform the extend operation on. In my case it was Disk 1, Partition 1. The correct commands in my case were "Select disk 1" and "Select Partition 1". The "List disk" and "List partition" commands, surprisingly enough, will list your existing disks and partitions
4. Now that we've got the correct disks and partitions selected, we simply give the "Extend" command. This will extend the disk using all the contiguous free space available

And with that done, you should be the proud Admin of a newly extended VHD!

Exchange 2010 SAN / UCC Certificates Installation

So, I recently completed a Exchange 2003 to Exchange 2010 migration for a mid-sized client. There were a (of course) couple of hiccups, which I will detail as soon as I get my stuff in order. With that said, here's what I learned about UCC certificates (more specifically GoDaddy UCC Certs).

THE BASICS:

This client had 2 separate DNS namespaces, the AD DNS was clientabc.local, the external DNS was clientabc.com. Internally the Exchange server was called cabc-exc-001, externally it was mail.clientabc.com. So let's get down to the 3 commandments.

1. Any name by which your server will be accessed needs to be included on the certificate. In my case it was the following: mail.clientabc.com, cabc-exc-001.clientabc.local and finally clientabc.com
2. Make the common name the server's external DNS alias, eg. mail.clientabc.com
3. If you use the Autodiscover server (which you should, it RAWKS) you should add that to your UCC certificate. In my case: autodiscover.clientabc.com and autodiscover.clientabc.local

Generating the Certificate Request:

1. Fire up your EMC and click "Manage Databases" on the homepage
2. Click "Server Configuration", then click on "New Exchange Certificate" in the actions pane
3. You'll be prompted for a "Friendly Name". This is purely descriptive, so call it something descriptive.
4. On the "Domain Scope" dialog, do not select the "wildcard" option
5. Next up is the "Exchange Configuration" menu. Check the boxes for the services you plan to secure. The wizard will recommend names, ensure they're correct for your environment, keeping in mind our 3 commandments
6. On the next screen you'll be allowed to enter your Org info
7. Et viola! Click on the "Browse" button to save all hard work from above into a .req file
8. The contents of the .req file must now be submitted to your Certificate vendor of choice (I used Godaddy).
9. Once you've completed that you should be able to download your certificate. Once that is done it's on the next section.
10. It's of course also possible to do all of the above via the EMS. Using my example the command would be: "New-ExchangeCertificate -GenerateRequest -KeySize 2048 -SubjectName "c=NA, s=Erongo, l=Swakopmund, o=ClientABC, ou=Information Technology, cn=mail.clientabc.com" -DomainName cabc-exc-001.clientabc.local, autodiscover.clientabc.com, autodiscover.clientabc.local, clientabc.com -PrivateKeyExportable $True"
    

Installing Your UCC Certificate

1. Download and save the certificate from your provider
2. Now install any intermediary certificate, following instructions provided by your chosen CA. THIS IS CRUCIAL! Install this before you install your actual certificate.
3. Now start up the EMC again and click "Manage Databases" on the homepage. Click "Server Configuration", then select your certificate.
4. In the Action Pane, click on "Complete Pending Request"
5. Browse to your downloaded certificate, and click Open, Complete and Finish.
6. From the Action Pane, click "Assign Services to Certificate", select your server from the list and click Next
7. Select the necessary services, then click Next, Assign and Finish
8. Alternatively we can import our certificate with a EMS command: Import-ExchangeCertificate -path c:\certreq\mail.clientabc.com.crt -friendlyname "Your Friendly Name"
9. Then assign the services like so: Enable-exchangecertificate –services IIS –thumbprint

To make sure everything takes, you can restart the Exchange Transport Service. And that, as they say, is that!