Mobile phones continue to synchronize via ActiveSync, after account is disabled

It turns out, if you change password on an AD user, the user can still synchronize his mobile devices.

 OWA(Outlook Web App) won't work, and I'm not sure with Outlook Anywhere.

 I thought this should not be possible, but I could see that a user still synchronized his Mobile device, after password change.

 It seems that expiring and/or disabling the account neither works.

 I found that others was having this problem to, and the only solution found on the web, was to restart the IIS service on the CAS servers.

 So it appears that that IIS server keeps creating new tokens for Exchange traffic, even after account is disabled.

 However, I found that disabling OWA and ActiveSync on the mailbox under "Mailbox features" did the trick.

 The device was unable to synchronize, within a minute after I disabled the 2 features.

Rehoming System Attendant (SA) mailbox on Exchange 2010

If the dabase is deleted where the System attendant (SA) i placed, Microsoft has a fine article for Re homing the SA mailbox, in Exchange 2007.
The article called "The System Attendant homeMDB attribute is missing" is here:
http://technet.microsoft.com/en-us/library/dd535374(EXCHG.80).aspx

It's a refference from the Best practise analyzer which will tell if there's a server where the SA is missing a homemdb value.

But I havent found an article for Exchange2010, where the path to the databases are slightly different.

In Adsi Edit you should instead use this path:

• Configuration [Domaincontroller.contoso.com]
• CN=Configuration,DC=contoso,DC=com
• CN=Services
• CN=Microsoft Exchange
• CN=
• CN=Administrative Groups
• CN=Exchange Administrative Group (ID)
• CN=Databases

The new path is is obviously because the Storage groups are gone in Exchange 2010, and the databases are now global instead of dedicated to a server.

Exchange 2010 Sp1 Experiences

Hi,
SP1 has been out for a month now - and here's my experiences so far.
Please comment, if you have any :-)

Of course SP1 is unavoidable because of all the new features and bugfixes.
But had a litte trouble after the upgrades.

Every Nokia mobile running Mail For Exchange (MFE/Mail4Exchange) had problems.
Some could be solved running a Full Resync, several times, but most had to delete the MFE profile and recreate it.
This was with various Nokia models, and most of them was running newest version of MFE.
This is most likely a Nokia problem, but will still prevent me from installing SP1 for customers with a lot of Nokia users.

The only other "problem" i had, was that Backup Exec required to be updated to "Backup Exec 2010 R2", and this of cource requires you to buy a new license, unless you have subscription on the product

Beside from that I haven't experienced anything that's not in the Exchange teams own blog:

http://msexchangeteam.com/archive/2010/09/01/456094.aspx

Cannot add server to OAB distributionlist

The problem is that you cannot add a server to the OAB distributionlist, when one of the CAS (Client Access Server) are offline.

When opening the OAB, you'll wait for a LOONG time, and then get an error.

Now this is a rather large installation, but only one of the servers are offline:


When trying to press the "Add" button you'll get the following error:

Well the only solution, besides turning the machine on, that is turned of, is to set it with Powershell.

The thing to notice, is if you set the offline addressbook by using:
Set-OfflineAddressBook -Identity "\Default Offline Address Book" -VirtualDirectories "NEWSERVERNAME\OAB (Default Web Site)"
...then this NEWSERVER will be the only server in the offline addressbook's virtual directory!

So what I did, was to grab the existing Vdirs, and add the new one like this:
get-offlineaddressbook | fl
Then copy the existing  "VirtualDirectories"
They will be like this:
{SERVERNAME1\OAB (Default Web Site), SERVERNAME2\OAB (Default Web Site)}
Then run:
Set-OfflineAddressBook -Identity "\Default Offline Address Book -VirtualDirectories "SERVERNAME1\OAB (Default Web Site)", "SERVERNAME2\OAB (Default Web Site)","NEWSERVERNAME\OAB (Default Web Site)"
Notice the way I put the quotes. I didn't think it was the obvious way to do it, but it works :-)

If you only got one OfflineAddressBook you can run:
(you wont need to enter the identity)
Get-OfflineAddressBook| Set-OfflineAddressBook -VirtualDirectories "SERVERNAME1\OAB (Default Web Site)", "SERVERNAME2\OAB (Default Web Site)","NEWSERVERNAME\OAB (Default Web Site)"




The errors in text:
Error found when loading objects, please use command-line to query or edit full list. Error:
The task wasn't able to connect to IIS on the server SERVERNAME. Make sure that the server exists and can be reached from this computer: The RPC server is unavailable.
It was running the command: 'SERVERNAME\OAB (Default Web Site)' | Get-OabVirtualDirectory.

An IIS directory entry couldn't be created. The error message is The remote procedure call failed and did not execute.
HResult = -2147023169 It was running the command 'Get-OabVirtualDirectory'

Blackberry BIS issue, when running UAG

We have a scenario, where we started publishing Exchange 2010 (and Exchange 2007) with UAG (Unified Acces Gateway)
After that Blackberry BIS (Hosted Blackberry) users stopped working.
When trying to set up their account, we got an error that the Password was not correct.

We got some errors in the Apllication eventlog, but the didn't help.
Microsoft UAG, is running on top of Micrsoft TMG ( formerly ISA server), and we use that several places, without any problems. So we figured, that is had to be the UAG that caused the problem.

Then we discovered, that BIS is using UPN's (User Principal Name = user@domain.local), even though we use "domain\user" in the web interface.

And UAG is not set up to use UPN as standard.
We changed that by using this article:
http://technet.microsoft.com/en-us/library/ee809087.aspx

That helped, the BIS users now works, and we don't get any error in the eventlog :-)

Note:
The errors we got in the application eventlog on the UAG server:
(bg is the username, for the BIS users)

Log Name:      Application

Source:        Microsoft Forefront UAG

Date:          14-09-2010 10:29:30

Event ID:      67

Task Category: None

Level:         Warning

Keywords:      Classic

User:          N/A

Computer:      XXXX.XXX.XX

Description:

A request from source IP address x.x.x.x on trunk owa; Secure=1 for application Internal Site of type InternalSite failed. The URL /InternalSite/logon.asp contains an illegal path. The rule applied is Default rule. The method is GET.

Log Name:      Application

Source:        Microsoft Forefront UAG

Date:          14-09-2010 10:29:28

Event ID:      51

Task Category: None

Level:         Warning

Keywords:      Classic

User:          N/A

Computer:      XXXX.XXX.XX

Description:

A request from source IP address x.x.x.x on trunk owa; Secure=1 for application Exchange services of type ExchangePub2010 failed because the  method used PROPFIND is not valid for requested URL /exchange/bg.

Log Name:      Application

Source:        Microsoft Forefront UAG

Date:          14-09-2010 10:29:27

EventID:      51

Task Category: None

Level:         Warning

Keywords:      Classic

User:          N/A

Computer:      XXXX.XXX.XX

Description:

A request from source IP address x.x.x.x on trunk owa; Secure=1 for application Unknown application name of type Unknown application type failed because the  method used PROPFIND is not valid for requested URL /bg.

Iphone 4 cannot send messages, but recives fine - with Exchange 2010

We had a problem, with Iphone ( Iphone4 ) users on Exchange 2010 SP1, published with UAG ( Unified Access Gateway server, includes TMG(Treath Management Gateway))
The Phones could synchronize mail, but only when recieving mail. When sending mails, nothing happened - no errors, and no indication that the mails was not send.

Exchange team, has a blog with "known issues" with Exchange 2010 SP1:
http://msexchangeteam.com/archive/2010/09/01/456094.aspx
If you see bullet 7, there's a solution - but this didn't help us.

Then we saw, on other blogs, that we were not the only one with this problem - but none with solutions.

This problems, was solved, by updating the Iphone via Itunes...
We have found no description of the update, or any indication by Apple, that the problem should have been solved with a update.
But this was the case for us - hope this helps some of you with this problem.

But please notice, that the issue on the Exchange team blog, should be solved also - the update is not enough if the remote domain, is not made according to the blog.

Restore deleted public folder in Exchange 2010

Recently I had to recover a deleted Publicfolder.
Like I have done before, I started Exfolders -great tool, and makes it easy to recover a deleted Publicfolder.

But this was deleted 3 weeks ago, and deletion settings, was set to the default 14 days.

Ok, so I have to do a restore, and have lots of successful backups.
So no problem - I thought.

Thought I could just use a Recovery Database (RDB), like I do with a mailboxdatabase.
But this is not possible with a Publicfolderdatabase...

OK, then what to do?
The supported solution, from Microsoft, is to restore the PF-database to another exchange org.

So create an environment, with a DC, and an Exchagne2010 server.
Then restore the database to this server, and export the public folder with Outlook.



So the learning is, set the deletion setting on the Public folder database to a longer period...
At least that's what I'm going to do in the future.

Link to Exfolders, in case this could help you:
http://msexchangeteam.com/archive/2009/12/04/453399.aspx
http://msexchangeteam.com/files/12/attachments/entry453398.aspx

Link to RDB article, stating it's not possible to use RDB for Public folder databases:

http://technet.microsoft.com/en-us/library/dd876954.aspx