Tech Blog

If you ever get this annoying message when opening an Email Address book policy:

The specified e-mail address policy couldn't be edited. E-mail address polices created with legacy versions of Exchange must be upgraded using the 'Set-EmailAddressPolicy' task, with the Exchange 2010 Recipient Filter specified.

This means the policies were created with old versions of Exchange, in my case Exchange 2003, you can find them all, looking for the word Legacy:

Get-EmailAddressPolicy | Select Identity, RecipientFilterType, RecipientFilter, LDAPRecipientFilter | FL

As you can this will show the ldap query too, the problem is if you run the Set-EmailAddressPolicy against this then you’ll break it, all custom filters (LDAP queries) will be reset to “mailnickname=*” which can result significant email outages.

So how to fix it.

Download this PS script: https://gallery.technet.microsoft.com/office/7c04b866-f83d-4b34-98ec-f944811dd48d

Choose a policy to convert, copy the query from above and run the following:

.\ConvertFrom-LdapFilter.ps1 "(&(mailNickname=*)(objectCategory=person)(objectClass=user)(objectClass=user)(objectCategory=person)(mailNickname=*)(msExchHomeServerName=*)(objectCategory=user)(mail=rob.D@EMAIL.com))"

So now we have this:

( ( Alias -ne $null ) -and ( ObjectCategory -like 'person' ) -and ( ObjectClass -eq'user' ) -and ( ObjectClass -eq 'user' ) -and ( ObjectCategory -like 'person' ) -and ( Alias -ne $null ) -and ( ServerLegacyDN -ne $null ) -and ( ObjectCategory -like 'user' ) -and ( WindowsEmailAddress -eq 'rob.D@EMAIL.com' ) )

Now finially lets run the Set-EmailAddressPolicy (NOTE THE {} at the beginning and end, not a ” :

Set-EmailAddressPolicy -Identity "migrate-test" -RecipientFilter {( ( ( Alias -ne $null ) -and ( ( ObjectCategory -like 'person' ) -and ( ObjectClass -eq 'user' ) -and ( recipientType-eq 'UserMailbox' ) ) ) -and ( ObjectCategory -like 'user' ) -and ( WindowsEmailAddress -eq 'rob.D@EMAIL.com' ) )

Done, F5 it in Exchange console and see if you can open it!!

Had a  crazy problem recently, a company Contoso.com was using Exchange 2010 (CAS, Hubs and Mailbox servers) with all the latest patches and roll-ups and had users on their domain using Outlook Anywhere perfectly.

The problem was their sub domain SubDomain.Contoso.com is also big company, they have their own Exchange 2010 servers  (CAS, Hubs and Mailbox servers) with all the same patches and roll-ups except they’re “downstream” of Contoso.com.  The problem is all users in SubDomain.Contoso.com couldn’t use Outlook Anyhwere, i.e. RPC proxy redirection wasn’t working:

The setup:

So all in all it was weird, we checked everything, firewall blocks, routing problems etc etc, even https://testconnectivity.microsoft.com/

So finally we logged a call with MS and after some lengthy troubleshooting they found the underlying issue:

https://support.microsoft.com/en-us/kb/2725008,

Although the article relates to Exchange 2010 sp2 RU3 it was still applicable in this scenario (SP3 RU15).

Applying the fix documented in method 2 resolved the issue.

“Disable preferred site enforcement
To resolve this issue, disable preferred site enforcement. To do this, create the following DWORD registry value:

Key:

HKLM\System\CurrentControlSet\Services\MSExchangeRPC\ParametersSystem

Value Name: EnablePreferredSiteEnforcement
Data Type: REG_DWORD
Value: 0”

Annoying but at least its fixed.

Want to record exactly what happens when you’re using the Exchange Management Shell? Use the Start-Transcript cmdlet. Anything that you do after you run this cmdlet will be recorded to a text file that you specify. To stop recording your session, use the Stop-Transcript cmdlet.

Notice that the Start-Transcript cmdlet overwrites the destination text file by default. If you want to append your session to an existing file, use the Append parameter:

Start-Transcript c:\MySession.txt -Append

EDIT: Dropbox kept blocking my account for over use so I’ve had to move the ISO files to Sync.com but if anyone has an better solutions or someone out there wouldn’t mind hosting them and sharing the infinite glory that is my blog then please let me know.  Thanks

So I’ve recently had to uninstall a huge Exchange 2003 infrastructure made up of EX03 standard and EX03 Enterprise, my biggest hardship was finding the media to run the uninstall process. Well after looking through old CD’s in dusty man caves I found both and thought I’d them:

Exchange 2003 Standard (EN_EXCH2003_Standard.ISO)

https://ln.sync.com/dl/b908f7f50#8a68abz5-hb3ee76j-6zgyn9h2-439cphzh

Exchange 2003 Enterprise (EN_EXCH2003_ENT.ISO)

https://ln.sync.com/dl/e06b43690#w3bpwncn-ba858tt6-k5uwtuim-nciygrjf

As always anything you download off the internet make sure your scan it first for viruses etc.

Recently put together some technical questions for a interview, thought I’d share some of them with you:

VMWare
Explain about your production environment? How many cluster’s, ESX, Data Centres, H/w etc ?
How does VMotion works? What’s the port number used for it?
How does HA works? Port number? How many host failure allowed and why?
How do DRS works? Which technology used? What are the priority counts to migrate the

VM’s?
How do snap shot’s works?
What are the common issues with snapshots?
What’s the difference between ESX and ESXi?
Storage team provided the new LUN ID to you? How will you configure the LUN in VC?
What would be the block size (say for 500 GB volume size)?
What are notable files that represent a VM?
What is a template in VMware

Network
What is a MAC Address?
What are the main advantages and disadvantages of Fibre-Optic-based networks?
What are the OSI Layers
What is the difference between TCP and UDP?
What is a TCP Session?
What is ICMP?
What is the (default) class type of 195.152.12.1?
How does a TCP connection establish a connection
What is ARP?
Name 5 common Ports?
Explain how the HTTPS hand shake works
What is a VLAN ?
What is VLAN Tagging? Why?

AD & DNS
What are the FSMO roles
What is a Global catalogue server
How do you manually create SRV records in DNS
How would you fix a broken DC that reps between site
What’s a conditional forwarder
How do I clear the DNS cache on the DNS server?
What is WINS and when do we use it?
Where is the AD database held?
Trying to look at the Schema, how can I do that?
What are GPOs?

Exchange
What roles does Exchange 2010 use?
What is a DAG
What does this line of Power Shell mean: get-mailbox  | ft Name

SQL
What is a full and basic backup
How would you restore a SQL server to another environment
How would you backup a SQL server

So a customer recently had issues where their users were typing the wrong URL and then complaining that they couldn’t log in.

To try and help (and can you really help users who don’t know their own URL?, I mean come on you work there a minimum of 37 hours a week) this issue I suggested adding a simple logo to the OWA home page, i.e. go from:

To

So I logged onto each of the four Exchange 2010 Client Access Servers navigated to:

 C:\Program Files\Microsoft\Exchange Server\V14\ClientAccess\Owa

And then chose the folder that matched the version of Exchange in our case: 14.342.3 (to check open Exchange 2010 console and click help and About Exchange Server 2010):

 C:\Program Files\Microsoft\Exchange Server\V14\ClientAccess\Owa\14.2.342.3\

Next I found the logo file I needed to modify, specifically:    lgntopl.gif

Edited the gif to look like the above (well not exactly like that) and replaced the on each Client access server.

Navigated to the web and BAM…… didn’t work!

So next I checked the exchange console > Server Configuration > Client access

And noticed the version was actually on Build 247.5, so decided to swap the gif in the matching location:

 C:\Program Files\Microsoft\Exchange Server\V14\ClientAccess\Owa\14.2.247.5\

And BAM, still didn’t work!!

Well at this point I was annoyed….

So remembered (and called myself various names) that we have a Threat Management Gateway that presents OWA to the internet.

So after a quick search on the TMG and a few clicks of the Exchange OWA web listener I found:

 C:\Program Files\Microsoft Forefront Threat Management Gateway\Templates\CookieAuthTemplates\Exchange\HTML

Swapped the gif file and BAM, still didn’t work!! ARRRRGGGHHH

Here’s the clincher, I had to restart the TMG service!! Unfortunately TMG caches these pages and restarting the service is the only way to clear the cache as far as I know.

So BAM it works!!  🙂

So anyone who looks after Exchange 2010 and allows users to connect their iPhones and or iPads will know the fun and games of mail going missing, calendars loosing invites or not matching their outlook calendars (most the above can be fixed by recreating the users mail profile on the ipad or in Outlook)….

Well to top this off iOS 6.1 seems to cause a sync loop on the Exchange mailbox server causing excessive transaction logs (thousands of logs in 15 minutes) which can lead to a very dead exchange server.

To combat this you’ll need to find the device and then turn off active sync for that user, or another route would be to block all iOS 6.1 devices from establishing a connection.  Edit: some people say removing the exchange mail profile from the iOS device and re-adding it solves the issue!!

To find the users, I’d first run a report of who has and hasn’t updated their devices by running a script that I’ve previous mentioned:

http://bohemiangrove.co.uk/exchange-2010-with-apple-ios-6/

Output:

Alternatively if you’re scared of PowerShell or maybe a admin has blocked you for using it because you’ve been a naughty boy or girl you could use Log Parser Studio which is like a plugin for Log Parser!!  So install Log Parser on a CAS server and run Log Parser Studio, then point the tool at the IIS logs.  Finally use one of the built in search tools such as ActiveSync Report [Top 20] to find the which device has produced large amounts of hits and hence caused all the transaction logs!

So know you have a list of users who have iOS 6.1 you could disable active sync for each user via the Exchange control panel.

Or if you’d rather block all the iOS 6.1 and any future 6.1 devices you could run this the following PowerShell command that will create an Active Sync rule.

New-ActiveSyncDeviceAccessRule -QueryString "iOS 6.1 10B142" -Characteristic DeviceOS -AccessLevel Block

Note, if you don’t warn users they may complain about their devices not accepting passwords or similar!!

I recently read a brilliant blog by Michael B. Smith which you can read here which talks about the flaws of Exchange 2013, all his options are absolutely valid and justified but here’s my take on some of them:

OWA

• Help -> About is gone – MEH
• It’s very slow. – Easily improved
• No S/MIME support – Thank god
• No Public Folder support, either for legacy public folders or modern public folders. – Who uses PFs anymore
• No distribution list moderation – Will miss this
• No way to move the reading pane – Odd
• Built-in spell-check is gone. IE 10 provides spell-check natively, but earlier versions of IE do not. A third-party add-in or an alternate browser is required. – THIS IS STUPID

Client Connectivity

• No BES support – No one seems to like BES anymore
• Outlook 2003 is no longer supported. – GOOD
• Direct MAPI access to the Exchange server is no longer supported.  RPC/HTTP (Outlook Anywhere) is required. – This will be annoying
• Outlook now reports that the server is it connected to is <<guid>>@<<active-directory-domain>>. This is intentional, if misguided. – Agreed

Installation and Architecture

• Cannot uninstall individual roles from a server, must uninstall all of Exchange – This is BALLS
• Install is painfully slow – I didnt find this
• The Hub Transport role is gone. There is now a Front End Transport service on CAS servers and Mailbox Transport services on Mailbox servers. – I don’t mind this as I never had a separate HT server for any installation
• The Unified Messaging role is gone. There is a now a Unified Messaging Call Router service on CAS servers and a Unified Messaging service on Mailbox servers. – Never installed it, UT is way too expensive!
• Documentation is minimal at best – This will change with time but agree it annoying
• Cannot be installed along with Exchange 2007 or Exchange 2010 – Really, that ridiculous!
• Exchange 2013 Edge server is not available – Interesting!
• Forefront Protection for Exchange is gone – Fail, I like Forefront

Exchange Management

• The Exchange Management Console is gone as is the Exchange Control Panel. They are mainly replaced by the Exchange Administration Center (EAC); which is completely web based. – I appreciate this is different but makes life easier in the long run.
• If you are attempting to use EAC with IE 10, you need KB2761465 (released on December 11, 2012). – Silly!
• The Exchange Best Practices analyzer is no more. – Urgh, this was always really useful when looking at new sites setups!
• The Exchange Mail Flow Troubleshooter is no more. – Shame, liked this.
• The Exchange Performance Troubleshooter is no more. – Shame, liked this.
• The Exchange Routing Log Viewer is no more. – Never used it personally
• Antispam cannot be managed from the Exchange Administration Center; it must be managed using PowerShell in the Exchange Management Shell – Thats annoying and I like powershell
• System Center Data Protection Manager (DPM) version required for backups of Exchange 2013 is SC DPM 2012 SP1 – for now maybe