Monday, October 18, 2010

Rehoming System Attendant (SA) mailbox on Exchange 2010

If the dabase is deleted where the System attendant (SA) i placed, Microsoft has a fine article for Re homing the SA mailbox, in Exchange 2007.
The article called "The System Attendant homeMDB attribute is missing" is here:
http://technet.microsoft.com/en-us/library/dd535374(EXCHG.80).aspx

It's a refference from the Best practise analyzer which will tell if there's a server where the SA is missing a homemdb value.

But I havent found an article for Exchange2010, where the path to the databases are slightly different.

In Adsi Edit you should instead use this path:

  • Configuration [Domaincontroller.contoso.com]
  • CN=Configuration,DC=contoso,DC=com
  • CN=Services
  • CN=Microsoft Exchange
  • CN=
  • CN=Administrative Groups
  • CN=Exchange Administrative Group (ID)
  • CN=Databases

The new path is is obviously because the Storage groups are gone in Exchange 2010, and the databases are now global instead of dedicated to a server.

Tuesday, October 5, 2010

Exchange 2010 Sp1 Experiences

Hi,
SP1 has been out for a month now - and here's my experiences so far.
Please comment, if you have any :-)

Of course SP1 is unavoidable because of all the new features and bugfixes.
But had a litte trouble after the upgrades.

Every Nokia mobile running Mail For Exchange (MFE/Mail4Exchange) had problems.
Some could be solved running a Full Resync, several times, but most had to delete the MFE profile and recreate it.
This was with various Nokia models, and most of them was running newest version of MFE.
This is most likely a Nokia problem, but will still prevent me from installing SP1 for customers with a lot of Nokia users.

The only other "problem" i had, was that Backup Exec required to be updated to "Backup Exec 2010 R2", and this of cource requires you to buy a new license, unless you have subscription on the product

Beside from that I haven't experienced anything that's not in the Exchange teams own blog:

Friday, September 24, 2010

Cannot add server to OAB distributionlist

The problem is that you cannot add a server to the OAB distributionlist, when one of the CAS (Client Access Server) are offline.

When opening the OAB, you'll wait for a LOONG time, and then get an error.

Now this is a rather large installation, but only one of the servers are offline:


When trying to press the "Add" button you'll get the following error:

Well the only solution, besides turning the machine on, that is turned of, is to set it with Powershell.

The thing to notice, is if you set the offline addressbook by using:
Set-OfflineAddressBook -Identity "\Default Offline Address Book" -VirtualDirectories "NEWSERVERNAME\OAB (Default Web Site)"
...then this NEWSERVER will be the only server in the offline addressbook's virtual directory!

So what I did, was to grab the existing Vdirs, and add the new one like this:
get-offlineaddressbook | fl
Then copy the existing  "VirtualDirectories"
They will be like this:
{SERVERNAME1\OAB (Default Web Site), SERVERNAME2\OAB (Default Web Site)}
Then run:
Set-OfflineAddressBook -Identity "\Default Offline Address Book -VirtualDirectories "SERVERNAME1\OAB (Default Web Site)", "SERVERNAME2\OAB (Default Web Site)","NEWSERVERNAME\OAB (Default Web Site)"
Notice the way I put the quotes. I didn't think it was the obvious way to do it, but it works :-)

If you only got one OfflineAddressBook you can run:
(you wont need to enter the identity)
Get-OfflineAddressBook| Set-OfflineAddressBook -VirtualDirectories "SERVERNAME1\OAB (Default Web Site)", "SERVERNAME2\OAB (Default Web Site)","NEWSERVERNAME\OAB (Default Web Site)"




The errors in text:
Error found when loading objects, please use command-line to query or edit full list. Error:
The task wasn't able to connect to IIS on the server SERVERNAME. Make sure that the server exists and can be reached from this computer: The RPC server is unavailable.
It was running the command: 'SERVERNAME\OAB (Default Web Site)' | Get-OabVirtualDirectory.

An IIS directory entry couldn't be created. The error message is The remote procedure call failed and did not execute.
HResult = -2147023169 It was running the command 'Get-OabVirtualDirectory'

Thursday, September 16, 2010

Blackberry BIS issue, when running UAG

We have a scenario, where we started publishing Exchange 2010 (and Exchange 2007) with UAG (Unified Acces Gateway)
After that Blackberry BIS (Hosted Blackberry) users stopped working.
When trying to set up their account, we got an error that the Password was not correct.

We got some errors in the Apllication eventlog, but the didn't help.
Microsoft UAG, is running on top of Micrsoft TMG ( formerly ISA server), and we use that several places, without any problems. So we figured, that is had to be the UAG that caused the problem.

Then we discovered, that BIS is using UPN's (User Principal Name = user@domain.local), even though we use "domain\user" in the web interface.

And UAG is not set up to use UPN as standard.
We changed that by using this article:
http://technet.microsoft.com/en-us/library/ee809087.aspx

That helped, the BIS users now works, and we don't get any error in the eventlog :-)

Note:
The errors we got in the application eventlog on the UAG server:
(bg is the username, for the BIS users)


Log Name:      Application
Source:        Microsoft Forefront UAG
Date:          14-09-2010 10:29:30
Event ID:      67
Task Category: None
Level:         Warning
Keywords:      Classic
User:          N/A
Computer:      XXXX.XXX.XX
Description:
A request from source IP address x.x.x.x on trunk owa; Secure=1 for application Internal Site of type InternalSite failed. The URL /InternalSite/logon.asp contains an illegal path. The rule applied is Default rule. The method is GET.


Log Name:      Application
Source:        Microsoft Forefront UAG
Date:          14-09-2010 10:29:28
Event ID:      51
Task Category: None
Level:         Warning
Keywords:      Classic
User:          N/A
Computer:      XXXX.XXX.XX
Description:
A request from source IP address x.x.x.x on trunk owa; Secure=1 for application Exchange services of type ExchangePub2010 failed because the  method used PROPFIND is not valid for requested URL /exchange/bg.


Log Name:      Application
Source:        Microsoft Forefront UAG
Date:          14-09-2010 10:29:27
EventID:      51
Task Category: None
Level:         Warning
Keywords:      Classic
User:          N/A
Computer:      XXXX.XXX.XX
Description:
A request from source IP address x.x.x.x on trunk owa; Secure=1 for application Unknown application name of type Unknown application type failed because the  method used PROPFIND is not valid for requested URL /bg.

Friday, September 10, 2010

Iphone 4 cannot send messages, but recives fine - with Exchange 2010

We had a problem, with Iphone ( Iphone4 ) users on Exchange 2010 SP1, published with UAG ( Unified Access Gateway server, includes TMG(Treath Management Gateway))
The Phones could synchronize mail, but only when recieving mail. When sending mails, nothing happened - no errors, and no indication that the mails was not send.

Exchange team, has a blog with "known issues" with Exchange 2010 SP1:
http://msexchangeteam.com/archive/2010/09/01/456094.aspx
If you see bullet 7, there's a solution - but this didn't help us.

Then we saw, on other blogs, that we were not the only one with this problem - but none with solutions.

This problems, was solved, by updating the Iphone via Itunes...
We have found no description of the update, or any indication by Apple, that the problem should have been solved with a update.
But this was the case for us - hope this helps some of you with this problem.

But please notice, that the issue on the Exchange team blog, should be solved also - the update is not enough if the remote domain, is not made according to the blog.

Friday, September 3, 2010

Restore deleted public folder in Exchange 2010

Recently I had to recover a deleted Publicfolder.
Like I have done before, I started Exfolders -great tool, and makes it easy to recover a deleted Publicfolder.

But this was deleted 3 weeks ago, and deletion settings, was set to the default 14 days.

Ok, so I have to do a restore, and have lots of successful backups.
So no problem - I thought.

Thought I could just use a Recovery Database (RDB), like I do with a mailboxdatabase.
But this is not possible with a Publicfolderdatabase...

OK, then what to do?
The supported solution, from Microsoft, is to restore the PF-database to another exchange org.

So create an environment, with a DC, and an Exchagne2010 server.
Then restore the database to this server, and export the public folder with Outlook.



So the learning is, set the deletion setting on the Public folder database to a longer period...
At least that's what I'm going to do in the future.

Link to Exfolders, in case this could help you:
http://msexchangeteam.com/archive/2009/12/04/453399.aspx
http://msexchangeteam.com/files/12/attachments/entry453398.aspx

Link to RDB article, stating it's not possible to use RDB for Public folder databases:

Localized language in NDR's, in Exchange 2010

Hi,
In Exchange 2010, there's a configuration parameter called "ExternalDsnLanguageDetectionEnabled"
In my situation, it meant that most of the error messages, the so called NDR's (Non Delivery Reports) or DSN's (Delivery Status Notification) was sent in Danish.
In an international Company, this is not what we want.

So I had to change the default language of the NDR's to be English instead of Danish.
 
This can be done by using the set-transportconfig command.
I did this:
get-transportconfig | set-transportconfig -ExternalDsnLanguageDetectionEnabled $false -ExternalDsnDefaultLanguage en-us -InternalDsnLanguageDetectionEnabled $false -InternalDsnDefaultLanguage en-us

So the autmatic language detection is turned of, and the default language is set to English

Please notice, in Exchange 2007, you can use set-transportserver instead.

Tuesday, August 31, 2010

Exchange 2010 and High availability

Ok, we know the Exchange 2010 HA design is more flexable, and has a lot of new features.
But we have now "tested" it in live inveronment.
Consider this scenario:
4 mailbox servers i 2 DAG's
One dag, contains a server in London, and a server in Denmark(datacenter)
The other dag contains a server in newcastle, and a server in Denmark(datacenter)
All part of the same exchange org.

Well we had to move 20 users from newcastle to London.
Because this can be done as a online move in E2010, we did it in the middle of the day - shouldn't cause a problem...
But then the mailserver in newcastle went down because a technician accidentally unplugged the power cord ...
The users failed over to the mailbox server in Denmark, without noticing.
After powering the mailbox server in Newcastle up again, we set the Newcastle database as active again.
After that, the online mailbox move resumed, and finished.
The users didn't barely notice at all :-)

I thought that was pretty cool.

Monday, August 30, 2010

SP1 for Exchange 2010 is finally out :-)

Check it out at:
http://msexchangeteam.com/archive/2010/08/25/455861.aspx

Tuesday, May 11, 2010

Recipe for installing Exchange 2010

I have now installed enough exchange2010 servers, to have made a little document, on how to do it.
It's very simple, but here's a howto, with a configuration script, on things I know I always want's to configure.
So I hope some you can use this, no matter if you need to install one server, or many.

First, install prerequisites using this MS article:
http://technet.microsoft.com/en-us/library/bb691354.aspx

E.G. when installing mb, cas and hub roles on server 2008 R2, you'll run, in PowerShell (remember to start it as Administrator):
Import-Module ServerManager
Add-WindowsFeature NET-Framework,RSAT-ADDS,Web-Server,Web-Basic-Auth,Web-Windows-Auth,Web-Metabase,Web-Net-Ext,Web-Lgcy-Mgmt-Console,WAS-Process-Model,RSAT-Web-Server,Web-ISAPI-Ext,Web-Digest-Auth,Web-Dyn-Compression,NET-HTTP-Activation,RPC-Over-HTTP-Proxy -Restart 
Set-Service NetTcpPortSharing -StartupType Automatic
Then install the Exchange server.

When installed there's always lot of things to configure. These is different, after what scenario it's installed in.
But I found, that I always need to configure these, after installing the certificate.
The following edit, the url's for the different iis dirs.
So edit, to the correct servernames, and run in powershell:

Get-OabVirtualDirectory -server SERVERNAME | Set-OabVirtualDirectory -InternalUrl https://INTERNALHOSTNAME.DOMAIN.NET/OAB -ExternalUrl https://EXTERNALHOSTNAME.DOMAIN.NET/OAB 
Get-WebServicesVirtualDirectory -server SERVERNAME | Set-WebServicesVirtualDirectory -InternalUrl https://INTERNALHOSTNAME.DOMAIN.NET/EWS/Exchange.asmx -ExternalUrl https://EXTERNALHOSTNAME.DOMAIN.NET/EWS/Exchange.asmx
Get-OwaVirtualDirectory -server SERVERNAME | Set-OwaVirtualDirectory -InternalUrl https://INTERNALHOSTNAME.DOMAIN.NET/owa -ExternalUrl https://EXTERNALHOSTNAME.DOMAIN.NET/owa
Get-EcpVirtualDirectory -server SERVERNAME | Set-EcpVirtualDirectory -InternalUrl https://INTERNALHOSTNAME.DOMAIN.NET/ecp -ExternalUrl https://EXTERNALHOSTNAME.DOMAIN.NET/ecp
Get-ActiveSyncVirtualDirectory -server SERVERNAME | Set-ActiveSyncVirtualDirectory -InternalUrl https://INTERNALHOSTNAME.DOMAIN.NET/Microsoft-Server-ActiveSync -ExternalUrl https://EXTERNALHOSTNAME.DOMAIN.NET/Microsoft-Server-ActiveSync
Get-ClientAccessServer SERVERNAME | Set-ClientAccessServer -AutoDiscoverServiceInternalUri https://INTERNALAUTDISCOVER-URL.DOMAIN.NET/Autodiscover/Autodiscover.xml
enable-OutlookAnywhere -Server 'SERVERNAME' -ExternalHostname 'EXTERNALHOSTNAME.DOMAIN.NET' -DefaultAuthenticationMethod 'Basic' -SSLOffloading $false
Input is welcome, if you need more details.

Friday, May 7, 2010

Iisreset /noforce times out in exchange 2007 and exchange 2010

On a lot of Exchange 2007 and Exchange 2010 installations, I get timeout when running:
 "Iisreset /noforce" 
You can just run the command againg, and if it times out, run it once more, untill it completes.
BUT it's annoying and you have to monitor the command, to make sure IIS is not down more that necessary.
So I have begun just to run it as follows:
"iisreset /noforce /timeout:600"
 10 minutes is usually enough time, for iis to restart :-)


Timeout error:
Attempting stop...
Restart attempt failed.
The service did not respond to the start or control request in a timely fashion. (2147943453, 8007041d)

Thursday, May 6, 2010

The operation can't be performed on the default e-mail address policy.

When Editing the default Email address policy in Exchange 2010, I always get the error:
The operation can't be performed on the default e-mail address policy. 

(Full details in the bottom)

My workaround, is to copy the details, with ctrl-c, and paste it in notepad, and edit the command, so you'll only set the needed.
E.g. I here needed to add a  domain, and make it the reply domain. So I will run the following in Powershell (remember to run powershell as administrator):
set-EmailAddressPolicy -EnabledEmailAddressTemplates 'smtp:@ADdomain.local','SMTP:@newdomain.net' -Identity 'Default Policy'

The Full error code is, when adding a domain, and setting it as default:
Error:
The operation can't be performed on the default e-mail address policy.

Exchange Management Shell command attempted:
set-EmailAddressPolicy -ConditionalDepartment @() -ConditionalCompany @() -ConditionalStateOrProvince @() -ConditionalCustomAttribute1 @() -ConditionalCustomAttribute2 @() -ConditionalCustomAttribute3 @() -ConditionalCustomAttribute4 @() -ConditionalCustomAttribute5 @() -ConditionalCustomAttribute6 @() -ConditionalCustomAttribute7 @() -ConditionalCustomAttribute8 @() -ConditionalCustomAttribute9 @() -ConditionalCustomAttribute10 @() -ConditionalCustomAttribute11 @() -ConditionalCustomAttribute12 @() -ConditionalCustomAttribute13 @() -ConditionalCustomAttribute14 @() -ConditionalCustomAttribute15 @() -RecipientContainer $null -EnabledEmailAddressTemplates 'smtp:@ADdomain.local','SMTP:@Newdomain.net' -Name 'Default Policy' -Identity 'Default Policy'

Thursday, April 8, 2010

Database failover on Exchange 2010

When a Database fail-over occurs in a DAG, the database will remain active on the new active node, until this node fails, or "ActiveServer", on the database, is changed manually.
This is a problem for me, on site servers. If they are rebooted, it is important, that the database becomes active on the site server, when it's up again.

Therefore, I have made a script, that I run from "Scheduled tasks"
Remember, that the user, that executes the script, must be member of "organization administrators"(or corresponding exchange group), local admin group for the server and have "log on as a batch job rights"


Make a scheduled task, that runs "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe c:\PSscripts\MoveDB.ps1"

I have set the script to run every morning, but could also be a startup script, but the there should be put a delay in the script.


The Powershell script, will be run from the powershell.exe, that does not know the Exchange PS commands, so I start the script with adding the exchange snapin.

The 2 liner script:
Add-PSSnapin microsoft.Exchange.Management.PowerShell.E2010
Get-MailboxDatabase DBname | where { $_.server -notlike "siteserver-servername" } | Move-ActiveMailboxDatabase -ActivateOnServer 'siteserver-servername' -MountDialOverride 'None' -Confirm:$false -TerminateOnWarning | fl >> "C:\PSscripts\MoveDB2.LOG"

Tuesday, March 30, 2010

Cannot mount database when creating a new mailbox database

When creating a new mailbox database, on Exchange 2010, I get the error:
Couldn't mount the database that you specified. Specified database: DBname; Error code: An Active Manager operation failed. Error: The Microsoft Exchange Replication service may not be running on server servername. Specific RPC error message: Error 0x6d9 (There are no more endpoints available from the endpoint mapper) from cli_MountDatabase.

After  couple of minutes, it's possible to mount the Database manually.

I  experience this everytime a create new mailbox database.
Only sollution, is to uncheck "mount this database", and then manually mount it afterwards ;-)

Friday, March 26, 2010

Setup Wizard for Update Rollup X for Exchange server 2010 (KBxxxxxx) ended prematurely

When installing Update Rollup's for Exchange 2010, on a server 2008 with AUC enabled, I get this error:
Setup Wizard for Update Rollup X for Exchange server 2010 (KBxxxxxx) ended prematurely












Of course disabling AUC is not the best option, and I discovered that this works:
Open CMD as administrator (right click, choose run as administrator) and start the "Exchange2010-KBxxxxx-x64-en.msp" from the command prompt.