Exchange 2010

Convert Exchange 2003 Email Address book Policies to Exchange 2010 Email Address book polices

Posted by robd on May 24, 2017
exchange, exchange 2010 / 2 Comments

If you ever get this annoying message when opening an Email Address book policy:

This means the policies were created with old versions of Exchange, in my case Exchange 2003, you can find them all, looking for the word Legacy:

As you can this will show the ldap query too, the problem is if you run the Set-EmailAddressPolicy against this then you’ll break it, all custom filters (LDAP queries) will be reset to “mailnickname=*” which can result significant email outages.

So how to fix it.

Download this PS script: https://gallery.technet.microsoft.com/office/7c04b866-f83d-4b34-98ec-f944811dd48d

Choose a policy to convert, copy the query from above and run the following:

So now we have this:

Now finially lets run the Set-EmailAddressPolicy:

Done, F5 it in Exchange console and see if you can open it!!

Tags: , ,

Outlook Anywhere Authentication Issue

Posted by robd on December 01, 2016
exchange, exchange 2010 / 1 Comment

Had a  crazy problem recently, a company Contoso.com was using Exchange 2010 (CAS, Hubs and Mailbox servers) with all the latest patches and roll-ups and had users on their domain using Outlook Anywhere perfectly.

The problem was their sub domain SubDomain.Contoso.com is also big company, they have their own Exchange 2010 servers  (CAS, Hubs and Mailbox servers) with all the same patches and roll-ups except they’re “downstream” of Contoso.com.  The problem is all users in SubDomain.Contoso.com couldn’t use Outlook Anyhwere, i.e. RPC proxy redirection wasn’t working:

outlookanywhere

The setup:

rpc-over-https

 

So all in all it was weird, we checked everything, firewall blocks, routing problems etc etc, even https://testconnectivity.microsoft.com/

So finally we logged a call with MS and after some lengthy troubleshooting they found the underlying issue:

https://support.microsoft.com/en-us/kb/2725008,

Although the article relates to Exchange 2010 sp2 RU3 it was still applicable in this scenario (SP3 RU15).

Applying the fix documented in method 2 resolved the issue.

“Disable preferred site enforcement
To resolve this issue, disable preferred site enforcement. To do this, create the following DWORD registry value:

Key:

HKLM\System\CurrentControlSet\Services\MSExchangeRPC\ParametersSystem


Value Name: EnablePreferredSiteEnforcement
Data Type: REG_DWORD
Value: 0”

 

Annoying but at least its fixed.

Tags: , , , ,

Exchange 2010 – Change the language of folder names in Outlook

Posted by robd on July 19, 2016
exchange 2010, powershell / No Comments

So We had a shared mailbox that was originally opened in Finland and as such the inbox was named postilaatikkoon and sent items was named Lähetetyt.

So I thought I’d jump into OWA and change the language there, well it turns out that has nothing to do with Folder names.

So after some research I found I could use:

But the mailbox is shared so doesn’t have a enabled user to logon with so I found this Exchange PowerShell command:

Job done.

Tags: , , ,

ActiveSync after Migration to Exchange 2013

Posted by robd on April 10, 2016
exchange 2010, Exchange 2013 / No Comments

A friend came across this issue while migrating from Exchange 2010 to 2013.  Users were unable to receive/send email from their mobile device after migration.  This continues for up to 4 hours or so then starts working out of the blue.

 

It’s actually a bug with certain versions of Exchange 2013.

 

To fix, simply recycle the following App Pools in IIS on the CAS server:

 

  • MSExchangeAutodiscoverAppPool
  • MSExchangeSyncAppPool

 

A fix is in place for CU5, so if you are on that version or higher this fix “shouldn’t” apply…….

Tags: , , ,

Exchange 2010 – View Entire Forest

Posted by robd on December 11, 2015
Active Directory, exchange 2010, powershell / No Comments

So today I was trying to running some cross domain PowerShell commands on Exchange but kept getting the following error:

Which basically means the Domain Controller your referencing can only see your sub domain and nothing higher.  So to resolve run this before the command:

Tags: , , ,

Outlook Anywhere with Additonal UPN suffix

Posted by robd on February 03, 2015
Active Directory Sites and Services, exchange 2010 / 1 Comment

So today we had a requirement to start using Outlook Anywhere (Outlook over RPC) on our Exchange 2010 server, the setup is dead easy:

Logon to your CAS server,

Install the server feature “RPC over HTTP Proxy”,

Open the Exchange Management consol and go to Server Configuration and Client Access, Click Enable Outlook Anywhere,

Use your domain (you dont need HTTP/S), choose your authentication and if you need to offload your certificate to another server:

Website1

Thats the Exchange bit done.

Next change your DNS:

Locally and externally you need two things; an A record and a SRV record both need to point at Autodicsover.DOMAIN.ORG, here’s two examples from 123 reg:

Website2 Website3

Finally make sure 443 is allow through your Firewall.

Last but not least test with:

https://testconnectivity.microsoft.com

Ok so now onto the UPN bit, in my case my email differed from my domain i.e. my domain is bohemian.local and my email domain is bohemiangrove.co.uk.

What this means is when logging on via Outlook I get prompted to type domain and password:

hmsg1hmsg2 hmsg4

If you’d rather not do this then you need to add your email domain as a UPN suffix.

To do this, on a DC open: Active Directory Domains and Trusts

rom the displayed context menu, click Properties.

1

On the properties box that appears, in the Alternative UPN suffixes field, specify the desired alternate UPN suffix for the domain and click Add.

2

Apply and ok. Finally open Active Directory Users and Computer

Find a user and under User logon name section, choose the alternate UPN suffix from the drop-down list that was created earlier in Active Directory Domains and Trusts snapin.

3

 

Then test Outlook Anywhere using the users email as the username.

 

Tags: , ,

Service Pack 3 for Exchange 2010

Service Pack 3 for Exchange 2010

So I only recently got around to installing SP3 for Exchange 2010 (I’ve been on holiday for a few weeks and what not) and thought I’d share my experience around the experience!

Now you may or may not know this service pack updates the Active Directory Scheme which basically means when you install this update you must be a Schema or Enterprise Admin to run the installation!!

Now if like me your Exchange Server sits on a completely separate domain to your Root Active Directory servers you’ll need to do a little planning.

For example I have a domain, let’s call it BohemianGrove.co.uk and a sub domain called Corp.BohemianGrove.co.uk.  BohemianGrove.co.uk is where my root Active Directory Domain Controllers are installed which means that’s where the Schema settings are stored for Exchange, these settings then filter down to sub domains which in my case is where my Exchange servers are installed i.e Corp.BohemianGrove.co.uk.

All this means in regards to this update is I’ll need to run Setup.com /prepareAD from BohemianGrove.co.uk as an Enterprise Admin before I run the update from the actual Exchange servers.

Exchange_Adprepare

So from the above you can see that all went very smoothly luckily for me (I won’t write about how I tried to run the SP2 update two or three times which produced soooo many errors)!  From here I waited 20 mins for the Schema update to replicate down, although you can force a update via Active Directory Sites and Services.

 

Next came the update for the servers but please note, install the update on the roles in this order:

Client Access servers,

Hub Transport (My HT and CAS roles are on the same server),

Edge Transport servers,

Mailbox servers,

Unified Messaging servers (I don’t have any, does anyone?),

 

Before I start talking about the install I should mention that you should only install the update on nodes or DAG servers that arnt active i.e. you need to fail an active server to a passive server and run the update, then fail back.  Here’s a very quick how to do this:

 

CAS/Hub Transport –

–  Stop the active node in the cluster via Network Load Balancing Manager by right clicking a node and click Clicking Control Host then Stop (or DrainStop if your worried users are connected still),

– In Network Load Balancing Manager right click the same node and choose properties and set the Default state to STOPPED, this will stop the node auto joining the cluser when once it reboots,

– Finally run the update, reboot the server and re-start the Default state.

– Do the above to the next node.

 

Mailbox Server  with a DAG –

–  Find the active database plus where the PAM role is and make a note:

–          Check the cluster group:

–          The above is just an initial check to ensure that the environment is in a situation where it is ready for manual failover.  The next set of instructions will fail the DB over to the passive server, prevent DB automounts, and reconfigure the cluster.

–          Run DAG Maintenance script (run from C:\Program Files\Microsoft\Exchange Server\V14\Scripts):

(please note overrideMinimumTwoCopies, this is because I only have two servers in my DAG).

–          This fails the active DB over to MB02. A quick check of the Management Console will show this is correct.

–          Rerunning the PAM holder and Cluster owner commands will show the second server as the master,

–          You can now conduct your tasks on this server with no Exchange downtime,

–          Once your tasks are complete, it’s time to fail the services back,

–          From Exchange Powershell, run; (From C:\Program Files\Microsoft\Exchange Server\V14\Scripts)

–          There is no output from this script as it simply allows us to now make changes. Fail databases back

–          Switch Cluster Master cluster group

–          Finally run both the PAM and Cluster query commands to ensure both roles are back with the active server,

 

So run the install:

Extract_Binary

 

Upgrade

Exchang Start

 

The install will check if you’ve updated the schema and if your servers, click Upgrade and the install will start, be warned it can take a while to install, mine took about 30 mins which seemed to be mostly the language pack:

Readiness

Install

Fortunately for me the install went smoothly on all my servers but just be careful to only run the update on servers that are not active.  Also note that once you update a server with a database on you cant fail that database to a none updated server.

Finally make sure you run Exchange 2010 SP3 Rollup 3 as this will fix a heap of issues with Exchange 2010 SP3.

Tags: , , , , ,

MAPI Connections to Exchange 2010

Posted by robd on August 19, 2013
exchange 2010, Office 2010, powershell / 5 Comments

So had a bunch of errors on my Exchange 2010 server today, namely:

Event ID 9646 MSExchangeIS

The error doesn’t give much away but basically what its saying is:

A user with GUID “ccd83bc42-1bff-459e-9db2-558cc68478b9” has more than 500 open folders in a single session, because exchange only allows 500 open folder connections (for a cached mailed) at a time its going to screw with the user and in our case not automatically update the users folders in Outlook 2010.  Please note this is different from open MAPI connections to the mailbox.

Note this has been edited with help from Mark Daley who stated:

the objtfolder is an ‘Open Item Limit’ ie the limit of the number of folders that are being opened in a single session, not the number of connections being made to the mailbox which is a session limit See (http://technet.microsoft.com/en-us/library/ff477612(v=exchg.141).aspx). This limit is the total for the session so if a user has 250 folders in their own mailbox and say 300 in a shared mailbox then the limit will be breached. The other thing that should be explained in that this is only likely to occur when the mailboxes are cached (shared and non-shared) as it is the consequence of caching that is causing the limit to be breached because each folder is opened / counted during the mailbox sync process. Therefore turning off caching mode for either the primary mailbox or just the shared mailbox is another fix for this issue.

 

You may be wondering how a user could have more than 500 connections, well in our case the user had two mailboxes attached to their own mailbox and all the folders (inbox, outbox etc) together added up to more than 500 folders.

You can scan a mailbox with Power Shell to determine the number of folders:

So lets say you see the errors on your Exchange 2010 server but don’t know who’s having the issue, you find Users MAPI GUID’s by running the following Power Shell command:

Once you know who the user is what can you do, well there’s four options in my mind:

1) Tell the user to re-organise the folder structure,

2) Remove some of the extra Mailboxes from a users mail profile if possible (you could add a extra profiles to Outlook, making Outlook prompt on start up),

3) Do not cache the mailbox in Outlook or simply do not cache the additional mailbox in Outlook.

4) Change Exchange 2010 to allow more than 500 folder to be open at a single time for cached mailboxes!

 

To proceed with 4) you’d need to do the below but be warned if large quantities of users connected with plus of 500 folders your server performance will suffer drastically:

Log onto all your mailbox servers and create the following registry key:

  1. Click Start, click Run, type regedit, and then click OK.
  2. Expand the following registry subkey:
    \\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSExchangeIS\ParametersSystem
  3. Right-click ParametersSystem, point to New, and then click Key.
  4. Type MaxObjsPerMapiSession, and then press ENTER to name the new sub key.
  5. Right-click MaxObjsPerMapiSession, click New, and then click DWORD Value.
  6. Enter the object type as specified in the event description, and then press ENTER.
  7. Right-click the object type that you entered, and then click Modify.
  8. In the Value data box, type the number of objects to which you want to limit this entry, and then click OK.

 

Tags: , , , , , , , , , ,

Exchange 2010 Outlook Web App (OWA) – Logo Change

Posted by robd on May 03, 2013
exchange, exchange 2010, Outlook Web App, OWA / No Comments

So a customer recently had issues where their users were typing the wrong URL and then complaining that they couldn’t log in.

To try and help (and can you really help users who don’t know their own URL?, I mean come on you work there a minimum of 37 hours a week) this issue I suggested adding a simple logo to the OWA home page, i.e. go from:

3

To

4

So I logged onto each of the four Exchange 2010 Client Access Servers navigated to:

And then chose the folder that matched the version of Exchange in our case: 14.342.3 (to check open Exchange 2010 console and click help and About Exchange Server 2010):

5

Next I found the logo file I needed to modify, specifically:    lgntopl.gif

Edited the gif to look like the above (well not exactly like that) and replaced the on each Client access server.

Navigated to the web and BAM…… didn’t work!

So next I checked the exchange console > Server Configuration > Client access

6

And noticed the version was actually on Build 247.5, so decided to swap the gif in the matching location:

7

And BAM, still didn’t work!!

Well at this point I was annoyed….

So remembered (and called myself various names) that we have a Threat Management Gateway that presents OWA to the internet.

So after a quick search on the TMG and a few clicks of the Exchange OWA web listener I found:

Swapped the gif file and BAM, still didn’t work!! ARRRRGGGHHH

Here’s the clincher, I had to restart the TMG service!! Unfortunately TMG caches these pages and restarting the service is the only way to clear the cache as far as I know.

So BAM it works!!  🙂

Tags: , ,

Excess Exchange 2010 activity

Posted by robd on February 15, 2013
Apple, exchange 2010 / No Comments

So Apple have released a fix for the recent issue with over logging issue on Exchange 2010.

Here’s the link: http://support.apple.com/kb/TS4532

But for the lazy here’s their fix:

  1. Go to Settings > Mail, Contacts, Calendars
  2. Select the Exchange account from your Accounts list.
  3. Turn the switch for Calendars to OFF.
  4. Wait ten seconds.
  5. Turn the switch for Calendars back to ON.

Tags: , , ,

Copy Protected by Chetan's WP-Copyprotect.