Recover an Exchange 2010 SP1 Server

Posted on December 29, 2010 by Ward

Recover a Lost Exchange Server

1. Install the proper operating system and name the new server with the same name as the lost server. Recovery won’t succeed if the server on which recovery is being performed doesn’t have the same name as the lost server.

2. Join the server to the same domain as the lost server.

3. Install the following 2008 R2 HotFixes

The following hotfixes are required for the Client Access server for Windows Server 2008 R2:

Install the update described in Knowledge Base article 979099, An update is available to remove the application manifest expiry feature from AD RMS clients. Without this update, the AD RMS features may stop working.
Install the hotfix described in Knowledge Base article 982867, WCF services that are hosted by computers together with a NLB fail in .NET Framework 3.5 SP1. For more information, see these MSDN Code Gallery pages:
- For additional background information, see KB982867 – WCF: Enable WebHeader settings on the RST/SCT.
- For the available downloads, see KB982867 – WCF: Enable WebHeader settings on the RST/SCT.
Install the update described in Knowledge Base article 979744, A .NET Framework 2.0-based Multi-AppDomain application stops responding when you run the application.
Install the update described in Knowledge Base article 983440, An ASP.NET 2.0 hotfix rollup package is available for Windows 7 and for Windows Server 2008 R2. For more information, see these MSDN Code Gallery pages:
- For additional background information, see KB983440 – Win7 rollup package (PR for QFE 810219).
- For the available downloads, see KB983440 – Win7 rollup package (PR for QFE 810219).
Install the update described in Knowledge Base article 977020, FIX: An application that is based on the Microsoft .NET Framework 2.0 Service Pack 2 and that invokes a Web service call asynchronously throws an exception on a computer that is running Windows 7.

4. Set-Service NetTcpPortSharing -StartupType Automatic

5. RUN –> E:\Setup.com /m:recoverserver /InstallWindowsComponents

Exchange 2010 Client Access Throttling

Posted on December 27, 2010 by Ward

Environment:
Windows 2008 R2 – Exchange 2010 RTM
Later I installed SP1 & Rollup 2 for SP1

Outlook 2003 Service Pack 3 Clients
Issue:
During normal working hours users randomly was unable to access their mailboxes when they launched their Outlook client.

The users were receiving the following Outlook message:

“Unable to open your default e-mail folders. The Microsoft Exchange Server computer is not available. Either there are network problems or the Microsoft Exchange Server computer is down for maintenance.”
It was also reported that some users had issues expanding additional mailboxes. (Delegate Mailboxes )
The following Outlook message appeared.

Or users have issues opening Shared Calendars.

Solution:
http://support.microsoft.com/kb/2299468

With Get-ThrottlingPolicy you can see the value of RCAMaxConcurrency

(Exchange 2010 RTM default value 20) (Exchange 2010 SP1 default value 214748364)

I changed RCAMaxConcurrency to 214748364 and the problem is fixt:

Get-ThrottlingPolicy | set-ThrottlingPolicy -RCAMaxConcurrency 214748364

Rollup 2 for Exchange Server 2007 Service Pack 3

Posted on December 15, 2010 by Ward

Today the Exchange Team released Rollup 2 for Exchange Server 2007 Service Pack 3 KB2407025. This update raises Exchange 2007 version number to 8.3.137.3.

The List with fixes:
972186 Some functions do not work if you install Security Configuration Wizard on a Windows Server 2008 SP2-based Exchange Server 2007

979046 Attachments are empty when you save them by using OWA after you have applied the update of KB 958881 on an Exchange Server 2007

980038 The Microsoft Exchange System Attendant service crashes intermittently in the Oabgen.dll module on an Exchange Server 2007 server

981602 Event ID: 4999 is frequently generated in a mixed Exchange Server 2007 and Exchange Server 2003 environment

982476 The Imap4.exe process crashes intermittently on an Exchange Server 2007 server

982478 Notes URL links in a plain text message are not clickable when you open this message by using OWA in an Exchange Server 2007 environment

2028675 The MSExchangeFDS.exe process occupies lots of memory if there are thousands of OABs created on an Exchange Server 2007 server

2029086 Some characters of an email message are displayed in an incorrect text size when you access your mailbox by using OWA in Exchange Server 2007

2032216 The Microsoft Exchange Information Store service crashes on an Exchange Server 2007 server when you start it or try to mount certain databases

2121536 Exchange Server 2007 cannot index a message

2201236 The "All Day" field is marked with "No" when you access a meeting request that has a duration time that is more than 24 hours by using a mobile client through ActiveSync in an Exchange Server 2007 environment

2203212 Certain mailboxes cannot be moved from an Exchange Server 2007 server to an Exchange Server 2010 server

2210042 A sub contact folder is still visible after you set the "PR_ATTR_HIDDEN" attribute to "True" in an Exchange Server 2007 environment

2230824 The Microsoft.Exchange.POP3.exe process or the Microsoft.Exchange.Imap4.exe process may crash after you enable protocol logging for POP3 or IMAP4 on an Exchange Server 2007 server

2249814 You receive misleading information when you run the "New-TestCasConnectivityUser.ps1" script on an Exchange Server 2007 server

2263342 "The operation failed" error message in Outlook client when a user sends a recurring meeting request with an email message attachment in an Exchange Server 2007 SP2 environment

2276439 (http://support.microsoft.com/kb/2276439/ ) The Microsoft.Exchange.IMAP4.exe process crashes when an IMAP4 client retrieves a meeting request that includes exception attachments in an Exchange Server 2007 environment

2280234 "Your POP3 server has not responded in 60 seconds." error message when a POP3 client connects to an Exchange Server 2007 Client Access server to access an Exchange Server 2003 mailbox

2282570 "550 5.1.3" NDR message when an Exchange Server 2007 user sends an email message to a recipient

2265306 The Exchange Information Store service stops responding when you perform a search operation on an Exchange Server 2007 mailbox in Outlook

2282746 The "Private" sensitivity status of an occurrence of a recurring meeting request is lost when you edit the occurrence in OWA in an Exchange Server 2007 environment

2286782 The response details are still included in the response email message when you set the "EnableResponseDetails" property to "False" in an Exchange Server 2007 environment

2290105 A shared document cannot be open by using OWA after you install Exchange Server 2007 SP3 on an Exchange Server 2007 server

2290159 The POP3 service crashes on an Exchange Server 2007 server

2344372 You cannot move mailboxes to an Exchange Server 2007 server

2362371 You receive a "Success" response when using the Test-Mailflow command on an invalid or nonexistent external email address in an Exchange Server 2007 environment

2384754 "Unable to identify local server row in Replication state table for this FID" error message when you run the Information Store Integrity Checker tool on an Exchange Server 2007 server

2387915 The ESEBack component does not support ETL tracing on an Exchange Server 2007 server

2388057 The Exchange Transport service crashes on Exchange Server 2007 servers in a mixed Exchange Server 2007 and Exchange Server 2010 environment

2394731 An HTML attachment of a shared mailbox cannot be saved when you set the "BypassOwaHTMLAttachmentFiltering" setting to "True" in an Exchange Server 2007 environment

2424499 Exchange Server 2007 does not support to assign a mailbox with the "Send on behalf" permission of a security group in the EMC or in the EMS

2427297 The created time and the modified time of an attachment are incorrect when you save an email message on an Exchange Server 2007 mailbox

2430674 The "Leave message intact" method in a Folder Assistant rule does not work when you post an item by using OWA in an Exchange Server 2007 environment

Download the hotfix HERE

Blog 2 years online

Posted on December 10, 2010 by Ward

On 24 july 2008 I started my blog.

In two years time a get al lot of visitors.

Some stats till now in totally:

Hits 556.775
Unique visits 308636

Hits (bots) Hits 164201
Unique visits 93724

This year a get al lot of new visitors:

Hits (+282069) 2009: 137353 2010: 419422 still growing

Unique visits (+190172) 2009: 59232 2010: 249404 still growing

I’m very pleased with this numbers. I means for me that I do a good job.

I Red heart blogging.

Still writing nice about nice Stuff. I have not enough time to write every thing.
Next week have some days off. I will write some nice articles. Please if you have Questions let me now.

With kings regards,

Ward Vissers

Data Protection Manager 2010 Operations Guide

Posted on October 4, 2010 by Ward

Microsoft released a nice manual for monitoring and managing DPM servers and tape libraries, and protected computers that are running Microsoft Exchange Server, Microsoft SQL Server, Windows SharePoint Services, Microsoft Virtual Server, or the Hyper-V role in Windows Server 2008 or Windows Server 2008 R2. This guide also provides instructions for setting up protection of data on desktop computers that are connected to the network, and portable computers that are connected to the network intermittently, and for setting up disaster recovery.

Download the Manual

Exchange 2010 SP1 Prerequisites

Posted on September 2, 2010 by Ward

Some day’s ago Microsoft Releases Exchange 2010 SP1. When you install Exchange 2010 SP1 you need to install some hotfixes. The Exchange Team have made a nice over view witch hotfixes you need for the OS.

Hotfix	Download	Windows Server 2008	Windows Server 2008 R2	Windows 7 & Windows Vista
979744 A .NET Framework 2.0-based Multi-AppDomain application stops responding when you run the application	MSDN or Microsoft Connect	Windows6.0-KB979744-x64.msu (CBS: Vista/Win2K8)	Windows6.1-KB979744-x64.msu (CBS: Win7/Win2K8 R2)	N. A.
983440 An ASP.NET 2.0 hotfix rollup package is available for Windows 7 and for Windows Server 2008 R2	Request from CSS	Yes	Yes	N.A.
977624 AD RMS clients do not authenticate federated identity providers in Windows Server 2008 or in Windows Vista. Without this update, Active Directory Rights Management Services (AD RMS) features may stop working	Request from CSS using the “View and request hotfix downloads” link in the KBA \| US-English	Select the download for Windows Vista for the x64 platform.	N.A.	N.A.
979917 Two issues occur when you deploy an ASP.NET 2.0-based application on a server that is running IIS 7.0 or IIS 7.5 in Integrated mode	Request from CSS using the Hotfix Request Web Submission Form or by phone (no charge)	Yes	N. A.	N. A.
973136, FIX: ArgumentNullException exception error message when a .NET Framework 2.0 SP2-based application tries to process a response with zero-length content to an asynchronous ASP.NET Web service request: “Value cannot be null”.	Microsoft Connect	Windows6.0-KB973136-x64.msu	N.A.	N. A.
977592 RPC over HTTP clients cannot connect to the Windows Server 2008 RPC over HTTP servers that have RPC load balancing enabled.	Request from CSS	Select the download for Windows Vista (x64)	N.A.	N. A.
979099 An update is available to remove the application manifest expiry feature from AD RMS clients.	Download Center	N. A.	Windows6.1-KB979099-x64.msu	N. A.
982867 WCF services that are hosted by computers together with a NLB fail in .NET Framework 3.5 SP1	MSDN	N. A.	Windows6.1-KB982867-v2-x64.msu (Win7)	X86: Windows6.1-KB982867-v2-x86.msu (Win7) x64: Windows6.1-KB982867-v2-x64.msu (Win7)
977020 FIX: An application that is based on the Microsoft .NET Framework 2.0 Service Pack 2 and that invokes a Web service call asynchronously throws an exception on a computer that is running Windows 7.	Microsoft Connect	N. A.	N. A.	x64: Windows6.1-KB977020-v2-x64.msu X86: Windows6.1-KB977020-v2-x86.msu

Some of the hotfixes would have been rolled up in a Windows update or service pack. Given that the Exchange team released SP1 earlier than what was planned and announced earlier, it did not align with some of the work with the Windows platform. As a result, some hotfixes are available from MSDN/Connect, and some require that you request them online using the links in the corresponding KBs. All these updates may become available on the Download Center, and also through Windows Update.

These hotfixes have been tested extensively as part of Exchange 2010 SP1 deployments within Microsoft and by our TAP customers. They are fully supported by Microsoft.

The TechNet article Exchange 2010 Prerequisites is updated with the hotfixes and install the prerequisites required for your server version (the hotfixes are linked to in the above table).

You can use the Install the Windows Server 2008 SP2 operating system prerequisites on a Windows 2008 R2 server. Only you have to run the following powershell command: Import-Module ServerManager

Installed Exchange 2010 SP1 on a Windows 2008 R2 Server with problems. I feels that the MMC is faster. Tomorrow upgrading a DAG/NLB cluster to Exchange 2010 SP1.

Your account in Microsoft Exchange Server does not have have permissions to synchronize with your current settings 0×85010004 or Eventid 1053 Exchange ActiveSync doesn’t have sufficient permissions to create the user container under Active Directory user "Active Directory operation failed on domain controller.

Posted on August 25, 2010 by Ward

Error: Your account in Microsoft Exchange Server does not have have permissions to synchronize with your current settings.

Eventlog:

Exchange ActiveSync doesn’t have sufficient permissions to create the "CN=ward,OU=Users,DC=wardvissers,DC=local" container under Active Directory user "Active Directory operation failed on DC2008-03.ad.local. This error is not retriable. Additional information: Access is denied.
Active directory response: 00000005: SecErr: DSID-031521D0, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
".
Make sure the user has inherited permission granted to domain\Exchange Servers to allow List, Create child, Delete child of object type "msExchangeActiveSyncDevices" and doesn’t have any deny permissions that block such operations.

Because my account has domain admins rights the security settings will be reset every hour by
AdminSDHolder

Each Active Directory domain has an object called AdminSDHolder, which resides in the System container of the domain. The Admin-SDHolder object has a unique Access Control List (ACL), which is used to control the permissions of security principals that are members of built-in privileged Active Directory groups (what I like to call “protected” groups). Every hour, a background process called SDPROP runs on the domain controller that holds the PDC Emulator operations master role. It compares the ACL on all security principals (users, groups and computer accounts) that belong to protected groups against the ACL on the AdminSDHolder object. If the ACL lists aren’t the same, the ACL on the security principal is overwritten with the ACL from the Admin–SDHolder object. In addition, inheritance is disabled on the security principal.

Temporally Solution:

1. Active Directory Users and Computers

2. Enable Advanced Features

3. Search the User and go to the Security tab.

4. Advanced

5. Include Inheritable permissions from the Object’s parent

Source: Blog

Remote Desktop Services Component Architecture Poster

Posted on August 24, 2010 by Ward

This poster provides a visual reference for understanding key Remote Desktop Services technologies in Windows Server 2008 R2. It explains the functions and roles of Remote Desktop Session Host, Remote Desktop Virtualization Host, Remote Desktop Connection Broker, Remote Desktop Web Access, Remote Desktop Gateway, RemoteFX and Remote Desktop Licensing.

To Download: Click on the picture.

Exchange 2007/2010 Performance settings on vSphere.

Posted on August 19, 2010 by Ward

When install a Exchange 2007 or Exchange 2010 Server on vSphere there are some settings that will increase de performance.

- Use de VMXNET 3 Adapter
- Use per Disk a SCSI Controller
- Store the Log & Database files on physical Lun on a SAN
- Use the LSI LOGIC SAS controller for Windows 2008 & 2008 R2
- Use the VMware Paravirtual SCSI (PVSCSI) Controller for Every physical Raw Device Mapping (RDM).

Another TIP. Exchange 2007 & Exchange 2010 needs a lots of Memory. When choosing the size for the OS partition, swap file need also al lot of space.

MDT 2010 Importing automatically the right driver

Posted on July 19, 2010 by Ward

Microsoft Deployment Toolkit 2010 has some nice improvements to handle drivers. I will describe how I like to manage drivers in MDT 2010.

Some time I wrote i article about how to get the Name & Model from a computer. This is very important when you want to import only the right drivers automatically.

First we have to build the ‘Out-of-Box Drivers’ folder structure and import drivers. I have subdirectories for each architecture, brand and model. This is what my folder tree looks like:

However, you can build your own structure, as long as you respect the proper model & brand (make) name of the vendors.

Build Out-of-Box Drivers tree

To build up the folder structure you have to know the model name of your hardware. To retrieve the proper computer name execute at powershell command prompt: ‘Get-WmiObject -Class win32_computersystemproduct | fl Name,Model,UUID,Identifyingnumber,Vendor’, to get the exact name WMI queries to determine the computer model. In my case the computer name is “Latitude D830”.

Now that we have drivers imported in our Deployment Share, it’s time to move on.

1. DriverGroups

DriverGroups existed in MDT 2008 already, although the MDT Team added subdirectory support in MDT 2010.

At deployment phase MDT uses WMI to query the proper computer model and only the current model drivers will be injected. In order to get this working properly, you have to use the EXACT model name in your Out-of-Box Driver tree.

Inject the correct drivers in your Task Sequence

Add a new step in your Task Sequence to inject the correct drivers. MDT will query the computer name and inject the drivers which corresponds with the computer name from the Out-of-Box folder structure, right before applying the image at deployment.

I use ‘DriverGroup_001’ as Task Sequence Variable, and Win7×64\%Make%\%Model% as value for my Windows 7 x64. You have to adapt this to your Out-of-Box tree.

As I use a DriverGroup I’ve disabled the ‘Inject Drivers’ task.

Customsettings.ini

As my Task Sequence handles everything, there isn’t anything needed here.

If you don’t like to use a new Task in your TS, you can add DriverGroup variables in customsettings.ini like this:

DriverGroup_001=%Make%\%Model%

DriverGroup_002=Printers

2. Selection Profiles

New in MDT 2010 are DriverSelectionProfiles. These are easy for new MDT admins, very straight forward and easy to use.

Overview:

First you have to create a Profile (or use one of the default profiles):

You can even select Packages and Applications, use it for “bad drivers” aka driver setup packs.

Select what drivers you want to add to the profile;

After making the profiles you can use them in your Task Sequences. The default ‘Inject Drivers’ settings are on the left, the customized one on the right:

You can add Selection Profiles for drivers/packages or whatever you want. Just add an extra step in your task sequence like above.

Customsettings.ini

As with DriverGroups you can choose to handle the DriverSelectionProfile in customsettings.ini or in your TS.

Example:

DriverSelectionProfile=Dell Latitude D520 x64