Having an Exchange Hybrid Management server is still an official requirement from Microsoft to support organizations using Exchange Online with identities managed by the on-prem Active directory. So, if you are moving your entire “legacy” datacenter to Azure, it means having your Hybrid Exchange in Azure for management going forward.
I was doing this the other day and decided to see how small I could make it without too much hassle as time was limited.
The goal was to have a relatively cheap VM in Azure, hosting the last “on-premise” Hybrid Exchange Server 2016 (not 2019 as that costs money). And not caring so much about it being “snappy.”
Preface
For these notes to be useful, you are expected to have a general knowledge of Exchange Hybrid Topology, and a functioning Azure VNET with connectivity to on-prem is required.
Note that there are no detailed steps in this guide as things change around in Azure way too often, and security is very individual. I just wrote this article to share some experiences that could be of use to the MS IT Pro community; feel free to add comments that provide more knowledge to other readers.
Choosing the Right VM
The requirements for Exchange Server 2016 Hybrid are quite extreme. So if we are to keep things on the cheap, a B4ms is the “right” size. Since we need the Mailbox role, a VM with 2cores and 8GB RAM will start puking right away.
Nevertheless, this is what I was aiming to do – run an Exchange Server 2016 on a B2ms general-purpose server in Azure. Using only standard HDD to keep things cheap.
This is a very cheap option. If not the cheapest one for running a 2core 8GB RAM VM in Azure.
Disk sizing
In the spirit of building on the cheap, I choose to use Standard HDD (LRS) all around.
The default Windows Server 2016 Datacenter image from the Azure marketplace is 127GB. I added a 64GB data disk just for the Exchange Servers program files, without host caching for robustness.
Building on the cheap
NB: Keep in mind that if you use the Exchange Hybrid server for a ton of management stuff, you might end up with a higher cost for the Standard HDD than a 64GB Premium SSD disk due to the way transactions on the disks are billed. Premium SSD is billed at a fixed cost, Standard HDD is billed per transaction. So keep an eye on those transaction costs!
Installing the Hybrid Exchange in Azure
During the initial VM provisioning, I choose the B4ms VM size to avoid problems during the installation of Exchange Server 2016.
A word of warning here, though; I did try the installation with the smaller B2ms size! But it puked out on me halfway through and threw some weird, useless PowerShell warning when I tried to restart the installation. If that happens to you, note that it might be because all exchange services are marked as stopped and disabled. But for some reason, the Installer cannot handle not being able to disable services that are already disabled. The solution is to start any “Microsoft Exchange” service that will start and rerun the installer to satisfy its requirement to disable all services during repair of the broken install.
You can download the latest CU from this link. It contains the full Exchange Server installation. And after you finish the install, nothing more is needed except following up with Windows Update after installing the service.
I won’t go through the steps for installing the actual Exchange Server, just note that you need the following options set:
- Roles: Mailbox, Management
- File paths:
- Change C:\Program Files\Microsoft\Exchange Server\V15
- To: F:\Exchange Server\V15
You can change F: to whatever drive letter you configured for the data disk (yeah you need to go into disk manager and initialize that disk, otherwise it’s not gonna do you much good).
This is what my disk layout looks like after all is said and done:
Yes, I could have added a smaller disk image for the OS, but that’s the beauty of Standard HDD; you only get billed for the disk’s actual storage consumption. If I had chosen Premium SSD instead, I would have opted for the 64GB “Small Disk” image.
Resizing the Azure VM
So I managed to get the Exchange Server running on a larger VM size and have confirmed that everything works as expected:
- Public certificates are installed and assigned to services (not needed for minimal hybrid, though).
- Traffic is flowing as it should.
- The server is visible to the rest of the Exchange Organization.
- I have rerun the Hybrid Configuration Wizard to move the hybrid mail flow to the new server.
Now I need to make sure it would not puke if I resize the VM to a B2ms in Azure…
A small amount of prepping was required!
Page file
To accept my wish of running on a smaller VM, I needed to rely on the good old page file, which I know is bad, but in my case, it was of no real consequence.
I configured the Page file to fit on the temporary “physical” disk that the VM has, which for my target VM size, was 16GB. To be sure, I set it at a little less (15000MB):
While I was inside the “Performance Options,” I also checked that the “Visual Effects” were set to the most performant.
Log files
Exchange Servers 2013+ are notorious for their heavy use of logging, and I knew that sooner or later, my tiny Hybrid Exchange VM would get filled up with (in my case) useless log files.
I set up a basic scheduled task to run as SYSTEM once a day. The action it would perform is to execute a small PowerShell script that I put in F:\scripts.
You can grab a copy of the script, with the paths defined as per this blog post, here:
ExchangeOnlineScripts/invoke-logPurge.ps1 at main ยท mardahl/ExchangeOnlineScripts (github.com)
Conclusion
After doing all of the above, I could resize the VM to a B2ms size, and it loaded up just fine with no complaints about low memory, and the performance is acceptable for the management tasks that the server was intended for.
I hope you found some inspiration in the above for running your Hybrid Exchange in Azure, and as always, I welcome constructive comments and a follow on Twitter, so I know you are out there reading.
Great, thanks for this article. Just a question, I am ok using B4ms size and using the free license hybrid Exchange 2016 copy but we have a lot of SMTP relay traffic coming from our printers and some apps and going to Office 365 and some external via O365. Will all that work in Azure as a VM? MS is notorious in blocking port 25 on its VMs but we have an enterprise contract. any insights on this? Main thing being SMTP relay traffic.
Fo relaying you can consult this document:
https://docs.microsoft.com/en-us/azure/virtual-network/troubleshoot-outbound-smtp-connectivity#:~:text=The%20Azure%20platform%20will%20block%20outbound%20SMTP%20connections,It%20is%20possible%20to%20have%20this%20block%20removed.
I would let all relayed traffic go through the Office 365 send-connector, or a parallel send-connector in case you do updates with the HCW.
This way the world will see your traffic originating form O365.
So, it is possible ๐