Tag: Server 2003

Exchange 2010 Client Access Throttling

Environment:
Windows 2008 R2 – Exchange 2010 RTM 
Later  I installed SP1 & Rollup 2 for SP1

Outlook 2003 Service Pack 3 Clients
Issue:
During normal working hours users randomly was unable to access their mailboxes when they launched their Outlook client.

The users were receiving the following Outlook message:
Outlook error

“Unable to open your default e-mail folders. The Microsoft Exchange Server computer is not available. Either there are network problems or the Microsoft Exchange Server computer is down for maintenance.”
It was also reported that some users had issues expanding additional mailboxes. (Delegate Mailboxes )
The following Outlook message appeared.

set of folders

Or users have issues opening Shared Calendars.

Solution:
http://support.microsoft.com/kb/2299468

With Get-ThrottlingPolicy you can see the value of RCAMaxConcurrency

(Exchange 2010 RTM default value 20) (Exchange 2010 SP1 default value 214748364)

I changed RCAMaxConcurrency to 214748364 and the problem is fixt:

Get-ThrottlingPolicy | set-ThrottlingPolicy -RCAMaxConcurrency 214748364

Publish Exchange 2010 With TMG (Forefront Threat Management Gateway)

When you want you use Forefront Threat Management Gateway to publish Exchange 2010 you must do the following things

1. Get a SAN Certificate.

I my case I have the following URL’s registered with the certificate.
webmail.wardvissers.nl
autodiscover.wardvissers.nl
legacy.wardvissers.nl
casarray.wardvissers.local

image

2. Import the Certificate in to Exchange 2010. 
How to check HERE

3. Create on the Exchange 2010 Server a Client Access Array.
How you must do it I spoke it Configuring Client Access Array. I this case a used casarray.wardvissers.local for the client acces array.

4. Setting the internal & external url’s

Set-ClientAccessServer -Identity ward-ex01 -AutoDiscoverServiceInternalUri https://casarray.wardvissers.local/Autodiscover/Autodiscover.xml

Set-WebServicesVirtualDirectory -Identity “ward-ex01\EWS (Default Web Site)” -InternalUrl https://casarray.wardvissers.local/ews/exchange.asmx -ExternalUrl https:// webmail.wardvissers.nl/ews/exchange.asmx

Set-OABVirtualDirectory -Identity “ward-ex01\oab (Default Web Site)” -InternalUrl http:// casarray.wardvissers.local/oab -ExternalUrl https://webmail.wardvissers.nl/oab

Enable-OutlookAnywhere -Server ward-ex01 -ExternalHostname “webmail.wardvissers.nl” -ClientAuthenticationMethod “Basic”-SSLOffloading:$False

Set-ActiveSyncVirtualDirectory -Identity “ward-ex01\Microsoft-Server-ActiveSync (Default Web Site)” -InternalURL https://casarry.wardvissers.local/Microsoft-Server-Activesync
-ExternalURL https://webmail.wardvissers.nl/Microsoft-Server-Activesync

Set-ECPVirtualDirectory –Identity ward-ex01\ECP (default web site) -InternalURL https://casarry.wardvissers.local/ECP -ExternalURL https://webmail.wardvissers.nl/ECP

5. Configure Exchange 2010 for basic authentication

Set-OwaVirtualDirectory -id ward-ex01\* -BasicAuthentication $true -WindowsAuthentication $true -FormsAuthentication $false

set-WebServicesVirtualDirectory -Identity “ward-ex01\EWS (Default Web Site)” -WindowsAuthentication $true -BasicAuthentication $true

set-EcpVirtualdirectory –Identity ward-ex01\ECP (default web site) -BasicAuthentication $true -WindowsAuthentication $true -FormsAuthentication $false

set-OabVirtualDirectory -Identity “ward-ex01\oab (Default Web Site)” -WindowsAuthentication $true -BasicAuthentication $true

set-ActiveSyncVirtualDirectory -Identity “ward-ex01\Microsoft-Server-ActiveSync (Default Web Site)” -BasicAuthentication $true

6. Import the SAN certificate in to the TMG server.

1. Click Start –> Run –> Type MMC
2. Click File –> add remove Snap-in –> Certificates –> ADD –> Computer account-> Next –> finish-> ok
3. Click Personal –> certificates
4. Right Click certificates –> all task –> import –> next –> select the *.pfx file –> next –> Password –> next –> next –> Finish

7. Publish OWA

1. Publish Exchange Web Client Access

2. Exchange Publishing rule name: OWA 2010
image

3. Choose Exchange Server 2010 & Outlook Web Access

image

4. Next ( I have only Single TMG Server)
image

5. Next
image

6.Internal Site Name: Client Access Array name. My Case casarray.wardvissers.local
image

7. Public Name: webmail.wardvissers.nl
image

8. At this moment I have no Web Listener so we gone create them

image

9. Weblister Name: HTTPS
image

10. Next
image

11. I choise for All Networks (and local host) because the Server has one NIC.
image

12. Select the Certificate that you just imported.
image image
image
13. Choise for LDAP (Active Directory)
image
14. SSO Domain name: my case wardvissers.nl (External Domain name)
image
15. Finish
image

16. Next
image

17. Next
image

18. Next
image

19. Finish
image

8. Publish Active Sync

1. Publish Exchange Web Client Access

2. Exchange Publishing rule name: Active Sync 2010
image

3. Exchange Server 2010 & Exchange ActiveSync
image

4. Next
image

5. Next
image

6. Internal Site name: CasArray name
image

7. Public Name: I my case webmail.wardvissers.nl
image

8.Choise the HTTPS web listerner
image

9. Next
image

10. Next
image

11. Finish
image

Next Time I will publish how to deploy a Legacy Exchange Server 2003 & 2007 with TMG

Rollup 2 for Exchange Server 2007 Service Pack 3


Today the Exchange Team released Rollup 2 for Exchange Server 2007 Service Pack 3 KB2407025. This update raises Exchange 2007 version number to 8.3.137.3.

The List with fixes:
972186 Some functions do not work if you install Security Configuration Wizard on a Windows Server 2008 SP2-based Exchange Server 2007

979046 Attachments are empty when you save them by using OWA after you have applied the update of KB 958881 on an Exchange Server 2007

980038 The Microsoft Exchange System Attendant service crashes intermittently in the Oabgen.dll module on an Exchange Server 2007 server

981602 Event ID: 4999 is frequently generated in a mixed Exchange Server 2007 and Exchange Server 2003 environment

982476 The Imap4.exe process crashes intermittently on an Exchange Server 2007 server

982478 Notes URL links in a plain text message are not clickable when you open this message by using OWA in an Exchange Server 2007 environment

2028675 The MSExchangeFDS.exe process occupies lots of memory if there are thousands of OABs created on an Exchange Server 2007 server

2029086 Some characters of an email message are displayed in an incorrect text size when you access your mailbox by using OWA in Exchange Server 2007

2032216 The Microsoft Exchange Information Store service crashes on an Exchange Server 2007 server when you start it or try to mount certain databases

2121536 Exchange Server 2007 cannot index a message

2201236 The "All Day" field is marked with "No" when you access a meeting request that has a duration time that is more than 24 hours by using a mobile client through ActiveSync in an Exchange Server 2007 environment

2203212 Certain mailboxes cannot be moved from an Exchange Server 2007 server to an Exchange Server 2010 server

2210042 A sub contact folder is still visible after you set the "PR_ATTR_HIDDEN" attribute to "True" in an Exchange Server 2007 environment

2230824 The Microsoft.Exchange.POP3.exe process or the Microsoft.Exchange.Imap4.exe process may crash after you enable protocol logging for POP3 or IMAP4 on an Exchange Server 2007 server

2249814 You receive misleading information when you run the "New-TestCasConnectivityUser.ps1" script on an Exchange Server 2007 server

2263342 "The operation failed" error message in Outlook client when a user sends a recurring meeting request with an email message attachment in an Exchange Server 2007 SP2 environment

2276439 (http://support.microsoft.com/kb/2276439/ ) The Microsoft.Exchange.IMAP4.exe process crashes when an IMAP4 client retrieves a meeting request that includes exception attachments in an Exchange Server 2007 environment

2280234 "Your POP3 server has not responded in 60 seconds." error message when a POP3 client connects to an Exchange Server 2007 Client Access server to access an Exchange Server 2003 mailbox

2282570 "550 5.1.3" NDR message when an Exchange Server 2007 user sends an email message to a recipient

2265306 The Exchange Information Store service stops responding when you perform a search operation on an Exchange Server 2007 mailbox in Outlook

2282746 The "Private" sensitivity status of an occurrence of a recurring meeting request is lost when you edit the occurrence in OWA in an Exchange Server 2007 environment

2286782 The response details are still included in the response email message when you set the "EnableResponseDetails" property to "False" in an Exchange Server 2007 environment

2290105 A shared document cannot be open by using OWA after you install Exchange Server 2007 SP3 on an Exchange Server 2007 server

2290159 The POP3 service crashes on an Exchange Server 2007 server

2344372  You cannot move mailboxes to an Exchange Server 2007 server

2362371 You receive a "Success" response when using the Test-Mailflow command on an invalid or nonexistent external email address in an Exchange Server 2007 environment

2384754 "Unable to identify local server row in Replication state table for this FID" error message when you run the Information Store Integrity Checker tool on an Exchange Server 2007 server

2387915 The ESEBack component does not support ETL tracing on an Exchange Server 2007 server

2388057 The Exchange Transport service crashes on Exchange Server 2007 servers in a mixed Exchange Server 2007 and Exchange Server 2010 environment

2394731 An HTML attachment of a shared mailbox cannot be saved when you set the "BypassOwaHTMLAttachmentFiltering" setting to "True" in an Exchange Server 2007 environment

2424499 Exchange Server 2007 does not support to assign a mailbox with the "Send on behalf" permission of a security group in the EMC or in the EMS

2427297 The created time and the modified time of an attachment are incorrect when you save an email message on an Exchange Server 2007 mailbox

2430674 The "Leave message intact" method in a Folder Assistant rule does not work when you post an item by using OWA in an Exchange Server 2007 environment

Download the hotfix HERE

Microsoft Exchange Server 2010 Best Practices Covers SP1

Exchange 2010 Best Practices

If your are an Exchange Admin I can recommend the following book Microsoft Exchange Server 2010 Best Practices. It covers SP1. It  contains the following Chapters.

Part I  Preparing for Exchange Server 2010

Chapter 1: Introducing Exchange Server 2010

Chapter 2: Exchange Deployment Projects

Chapter 3: Exchange Environmental Considerations

Part II  Designing Exchange Server 2010

Chapter 4: Client Access in Exchange 2010

Chapter 5: Routing and Transporting

Chapter 6: Mailbox Services

Chapter 7: Edge Transport and Messaging Security

Chapter 8: Automated Message Processing, Compliance, and Archiving

Chapter 9: Unified Messaging

Chapter 10: Federated Delegation

Chapter 11: Designing High Availability

Chapter 12: Backup, Restore, and Disaster Recovery

Chapter 13: Hardware Planning for Exchange Server 2010

Part III  Upgrading to Exchange Server 2010

Chapter 14: Upgrading from Exchange Server 2003 and Exchange Server 2007

Part IV  Deploying and Managing Exchange Server 2010

Chapter 15: Preparing for a Deploying Exchange Server 2010

Chapter 16: Managing Exchange

Chapter 17: Operating and Troubleshooting Exchange Server 2010

This book is also not a preparation guide for Exam 70-662: TS: Microsoft Exchange Server 2010, Configuring, or Exam 70-663: Pro: Designing and Deploying Messaging Solutions with Microsoft Exchange Server 2010, even though when you apply the knowledge and experience covered in this book, it will help you to pass these exams.

Rollup 1 for Exchange Server 2010 SP1

Microsoft released Rollup 1 for Exchange Server 2010 SP1 that fixes the following things.

2028967 Event ID 3022 is logged and you still cannot replicate a public folder from one Exchange Server 2010 server to another

2251610 The email address of a user is updated unexpectedly after you run the Update-Recipient cmdlet on an Exchange Server 2010 server

978292  An IMAP4 client cannot send an email message that has a large attachment in a mixed Exchange Server 2010 and Exchange Server 2003 environment

982004 Exchange Server 2010 users cannot access the public folder

983549 Exchange Server 2010 removes the sender’s email address from the recipient list in a redirected email message

983492 You cannot view updated content of an Exchange Server 2010 public folder

Download Rollup 1 for Exchange Server 2010 SP1 HERE

Windows Cannot Find GPEdit.MSC

I get this error on a Windows 2003 R2 x64 machine when I wanted to use the Group Policy Management Console.

image

Solution is really simple:

1- Browse to "%windir%\system32\" and copy gpedit.msc
2- Browse to "%windir%\syswow64\" and paste gpedit.msc
Now it works again Smile

Exchange 2010 Autodiscovery Issues

Two weeks ago a build my first production Exchange 2010 cluster. The Exchange 2010 web services are causing a lot of issues to people, and my self not any more.

Well, let us first list the directories that are used in the Exchange web service:

EWS is used for OOF, Scheduling assistance and free+busy Lookup.
OAB provides offline address book download services for client.
Autodiscover is used to provide users with autodiscover service.
EAS provides ActiveSync services to Windows Mobile based devices.
OWA provides outlook web access for users.
ECP provides Exchange control panel feature for Exchange 2010 users only.

Issues that might be resolved using the troubleshooting steps here:

You cannot set the OOF using outlook client, you receive the server not available error.
You cannot view free/busy information for other users.
You cannot use scheduling assistance, also you might receive not free/busy information data retrieved.
You cannot download Offline Address book errors.
You cannot use autodiscover externally.
Certificate mismatch error in autodiscover, users prompted to trust certificate in outlook 2007/2010.

First let us start by settings the right virtual directory configuration required for Exchange 2010 to work correctly:
Configure External and Internal URLs for OWS, ref: http://technet.microsoft.com/en-us/library/bb310763.aspx

You have to configure the internal URL to be the server name. In case you have multiple cas/hub servers configured in a NLB then can use the nlb cluster name for the internal url. 
External URL will be the URL used by users to access webmail e.g. https://webmail.wardvissers.nl/owa 

Configure the autodiscover internal URL, ref: http://technet.microsoft.com/en-us/library/bb201695.aspx

You will use the powershell cmdlet : Set-ClientAccessServer –Identity <CAS Server Name> -AutoDiscoverServiceInternalUri: <Internal URL>, this FQDN must match the URL included in the certificate. If you have NLB cluster then you put the internal name here like nlbek10.wardvissers.local

If you cannot use autodiscover.wardvissers.nl internally (you have a domain name of domain.local and you must use it), you will get a certificate miss match error, you will have to include the internal name in the SAN certificate if you purchase an external SAN certificate. 

You cannot set autodiscover external URL since outlook will try to access https://autodiscover.wardvissers.nl/autodiscover/autodiscover.xml, this behavior is by design and cannot be changed.

Best Practice: Use SAN Certificates

Depending on how you configure the service names in your Exchange deployment, your Exchange server may require a certificate that can represent multiple domain names. Although a wildcard certificate, such as one for *.wardvissers.nl, can resolve this problem, many customers are uncomfortable with the security implications of maintaining a certificate that can be used for any sub-domain. A more secure alternative is to list each of the required domains as SANs in the certificate. By default, this approach is used when certificate requests are generated by Exchange.

Best Practice: Use the Exchange Certificate Wizard to Request Certificates

There are many services in Exchange that use certificates. A common error when requesting certificates is to make the request without including the correct set of service names. The certificate request wizard in the Exchange Management Console will help you include the correct list of names in the certificate request. The wizard lets you specify which services the certificate has to work with and, based on the services selected, includes the names that you must have in the certificate so that it can be used with those services. Run the certificate wizard when you’ve deployed your initial set of Exchange 2010 servers and determined which host names to use for the different services for your deployment.

Which Names you must include when you use a third party SAN certificate, ref http://technet.microsoft.com/en-us/library/dd351044.aspx:
External:
webmail.wardvissers.nl
autodiscover.wardvissers.nl
legacy.wardvissers.nl (If you migrating from 2003 to 2010)
Internal:
autodiscover.wardvissers.local
legacy.wardvissers.local
nlbek10.wardvissers.local(Internal NLB CAS/HUB Cluster)
casarray.wardvissers.local(I use this address for the casarray. It has the same ip as the nlbek10)

Enable the Change Password feature with Outlook Web Access on a Windows 2003 Exchange 2007 Server

First Step create the IISADMPWD virtual directory, do the following:

  1. Click Start, point to Programs, point to Administrative Tools, and then click Internet Services Manager.  
  2. Right-click the default Web site, point to New, and then click Virtual Directory. image
  3. In the Virtual Directory Creation wizard, type IISADMPWD in the Alias box, and then click Next.
    image 
  4. In the Directory box, type c:\windows\system32\inetsrv\iisadmpwd or the location where your hard disk is your default hard disk, and then click Next.
    image
  5. Verify that only the Read and Run script check boxes are selected, such as the ASP check box, click Next, and then click Finish.
    image  image
  6. Verify that the IISADMPWD virtual directory has only basic authentication is set
    image
  7. If you use Windows 2003/IIS 6.0, verify that the application pool is set to MSExchangeOWAAppPool
    image 
  8. Register the IISpwchg.dll file in the Iisadmpwd directory:
    Click Start, and then click Run.
    In the Open box, type the following, and then press ENTER:
    regsvr32 c:\windows\system32\inetsrv\iisadmpwd\iispwchg.dll
  9. Configure the PasswordChangeFlags property in the metabase to make sure that the Password Change functionality is enabled:
    Click Start, and then click Run.
    In the Open box, type cmd, and then press ENTER.
    Locate the C:\Inetpub\Adminscripts directory.
    Type the following command, and then press ENTER:
    cscript.exe adsutil.vbs set w3svc/passwordchangeflags 1

    0: This is the default value. This value indicates that you must use a Secure Sockets Layer (SSL) connection when you change the password.
    1: This value permits password changes on non-secure ports. This value is useful if SSL is not enabled.
    2: This value disables the Password Change functionality.
    4: This value disables the advance notification of password expiration.

  10. Do not forget to enable Active Server Pages.
    image 
    Source http://support.microsoft.com/kb/297121

Rollup 4 for Exchange Server 2010

The Exchange team has released Update Rollup 4 for Exchange Server 2010 RTM (KB 982639)

KB 982639 lists all the fixes included in this rollup. Here are some of the product improvements and critical bug fixes we’d like to call out starting with 5 improvements we made to prevent crashes in very unique scenarios.

  • KB 980852 The RpcClientAccess process on an Exchange Server 2010 server crashes when you access a mailbox by using a MAPI application
  • KB 979801 An error message is generated in Exchange Server 2010 when you use Exchange Troubleshooting Assistant
  • KB 980364 The Exchange Transport service on an Exchange Server 2010 server crashes when a certain message is processed
  • KB 980353 A MAPI application that is used to access Exchange Server 2010 mailboxes crashes when the application accesses an address book
  • KB 979790 An IMAP4 client crashes when accessing an Exchange Server 2010 mailbox

We corrected a few replication issues some of you encountered.

  • KB 980149 The Add-MailboxDatabaseCopy command fails when it is used to add a database copy to a Database Availability Group in an Exchange Server 2010 environment
  • KB 981961 Event ID 4033 is logged and the Free/Busy replication from an Exchange Server 2003 server to an Exchange Server 2010 server fails
  • KB 979921 You cannot replicate a public folder from one Microsoft Exchange Server 2010 server to another, and Event ID 3079 is logged on the target server

Important:
Microsoft Update does not detect Update rollups on Exchange Server 2010 Mailbox servers that are part of a database availability group (DAG).

Download Rollup 4 for Exchange 2010 HERE

When trying to activate you get 0xC004F074 with description "The Key Management Server (KMS) is unavailable"

Error:
image

The KMS host that is used is very probably a Windows Server 2008 KMS host that cannot standard activate Windows 7 and 2008 R2 machines.

When you do not have Windows Server 2008 R2 KMS host key have then you must have a Volume License agreement so that your request your Windows 7 and Windows 2008 R2 kms keys.

Resolution

Step 1:
-If the KMS host a Windows Server 2003 SP2 machine is you have the update from the KB article KB968915 install and restart the machine.
-If the KMS host a Windows Server 2008 SP2 machine is you have the update from the KB article KB968912 install and start the new machine.
-If the KMS host one Windows Server 2008 R2 machine is you have to install any further update.

Step 2:
You the new KMS host key import now. The commands are as follows:

1. Uninstall KMS license Key on host – slmgr.vbs /upk

2. Install Windows Server 2008 R2 KMS license key – slmgr.vbs /ipk <Your Key>

3. Activate KMS server online: slmgr.vbs /ato

4. Net Stop slsvc

5. Net Start slsvc

The clients can now activate

Translate »