Archive

Archive for the ‘Exchange’ Category

Exchange 2010 versioning

April 28th, 2016 No comments

From some update there is no relevant information about version in Exchange 2010 SP3. Let’s try it in Powershell:

It says it’s 123.4 build which should coresponds to plaint Microsoft Exchange Server 2010 SP3 (Exchange Update Rollup numbers). This is not corrent information, because those servers have UR installed.

Using EMC I can see:

Which are also incorrect information about server versions. I suppose it’s just nicer output of Powershell cmdlet 🙂

Best way to find out it’s to use EMC console on server and use “About”:

You will get information which are correct:

It’s Update Rollup 11 for Exchange Server 2010 SP3.

It’s really bad that you cannot find Exchange version of all your Exchange servers in one place (Powershell or EMC). Let’s hope they will fix it in new Update Rollup 🙂

That’s all fokls for today.

Categories: Exchange, Microsoft Tags:

Exchange 2010 move request failure

April 15th, 2015 No comments

I migrated from Exchange 2003 to Exchange 2010 and since then I was receiving following event:

 rep02

Event says:”The Microsoft Exchange Mailbox Replication service was unable to process a request due to an unexpected error”. Which means server cannot finish some request. In order to solve a problem I was looking for some replication settings. I found none. Then I looked into domain using ADSIEdit. I looked into:

CN=MailboxExportRequests, CN=MailboxReplication, CN=TeamSK, CN=Microsoft Exchange, CN=Services, CN=Configuration, DC=domain, DC=local

and I found there some old orphan move requests:

List of orphaned requests

When I used Get-MoveRequest cmdlet there was none move request displayed. So I’ve deleted those old move requests using ADSIEdit and there was no more bothering event on Exchange server.

Have a nice day,

 

Quickie: Exchang database migration over 24 hours

December 9th, 2013 No comments

Over the weekend I was setting up Exchange 2010 database copies using DAG. Those databases were huge (total of 3,5 TB). Line between primary and backup datacenter was 100Mbps. This migration ran over 24 hours for couple databases. When I checked the status I saw job was running 23 hours and 20 minutes:

When I have checked status in about hour and half I saw interesting time:

This happened on all databases which ran over 24 hours 🙂 So it looks like Microsoft engineers haven’t think about job running more than 24 hours 🙂

That’s all from weekend,

Powershell script to change User Principal Name to Primary SMTP Address

October 2nd, 2013 No comments

When you install Exchange in environment you want to allow users to log into mails using their e-mail address. If your domain name is different from your e-mail domain, you have to add UPN suffix first. More abour it HERE. Then you need to change User Principal Name into Primary SMTP Address. I wrote little script to do so:

Get-Mailbox |
  ForEach-Object{
   Write-Host “For: ” + $_.SamAccountName
   Write-Host ”   – change UPN from: ” + $_.UserPrincipalName + ” to: ” + $_.PrimarySmtpAddress
   Set-ADUser -Identity $_.DistinguishedName -UserPrincipalName $_.PrimarySmtpAddress
 }

Have a nice day,

Categories: Exchange, Microsoft, Powershell Tags: ,

Quickie: Too many events 106 in Exchange 2010

August 22nd, 2013 No comments

At one Microsoft Exchange 2010 server I was receiving too many events number 106:

Event 106

This event basically describes problem with some performance counter. I had problems with about 10 performance counters and I didn’t want to deal with them separatelly. Exchange 2010 has definition its performance counters stored in directory “C:\Program Files\Microsoft\Exchange Server\V14\Setup\Perf\”. There are XML files which define performance counters. Before you can manipulate with performance counters you need to run Exchange Management Shell and run in it following command:

add-pssnapin Microsoft.Exchange.Management.PowerShell.Setup

This Snap-in allows you to use two Cmd-lets:  Remove-PerfCounters and New-PerfCounters. So let’s do two things which help us to get rid of events 106:

Deregister all performance counters for Exchange:

[PS] C:\Program Files\Microsoft\Exchange Server\V14\Setup\Perf>dir *.xml | foreach { Remove-PerfCounters -DefinitionFileName $_.Name }

Register all performance counters for Exchange:

[PS] C:\Program Files\Microsoft\Exchange Server\V14\Setup\Perf>dir *.xml | foreach { New-PerfCounters -DefinitionFileName $_.Name }

Since I reregistrered all performance counter definitions into Exchange 2010 server I have no problem with event 106.

This was quickie for today 🙂

Exchange 2010 and aditional Active Directory sub-domain/child domain

April 13th, 2013 No comments

We had Active Directory domain called DOMAIN.LOCAL. There was Exchange 2010 installed. It was fully functional. After some time I added new sub-domain/child domain SUB.DOMAIN.LOCAL and migrated users with mailboxes from DOMAIN.LOCAL to SUB.DOMAIN.LOCAL.

Problem

When users from SUB.DOMAIN.LOCAL logged into OWA they received following view:

OWA Error

Error stated: Exception message: Could not find any available Domain Controller in domain DC … so problem is probably in the way Exchange locates domain controllers. When users clicked F5 or refreshed website, he could see his e-mails normally.

There was also event 2130 logged on Exchange server saying Exchange Active Directory Provider could not find an available domain controller in the domain.

Solution

When you want to install Exchange into Active Directory domain, you need to prepare forest and also domain before you install it. You use setup.com (from installation DVD of Exchange) with some switches (for example /PrepareSchema, /PrepareAD,…). So new added domain SUB.DOMAIN.LOCAL to existing AD Forest was not prepared for Exchange implementation. I ran following command setup.com /PrepareDomain:SUB.DOMAIN.LOCAL:

PrepareDomain

If you have more then one domain to prepare for Exchange, you can use command setup.com /PrepareAllDomains.

The best way to run /PrepareDomain or /PrepareAllDomains is:

  • to be logged domain controller with role Schema Admin
  • to be member of Enterprise Admins group
  • to be member of Schema Admins group

I hope you will not make same mistake as I did 🙂

 

Exchange read-only mailbox rights

April 11th, 2013 No comments

Couple of days I’ve got question from my friend if there is way to setup Exchange mailbox to be Read-only for other users in company. I never needed it, because when someone else needed to access other’s mailbox, I just set FullAccess rights on mailbox and everythin worked fine.

Testing scenario

Exchange 2010

Tester user called Tester with following content of mailbox:

Tester mailbox

Tester user called Tester02 wich wants to access whole mailbox of user Tester, but Read-only.

When I set Reviewer for user Tester02 on mailbox Tester under Outlook:

Reviewer permissions

Problem

When I connect Tester’s mailbox into Tester02’s Outlook profile I can see following:

Inbox view

So I can see only Inbox. I don’t see any folder underneath it. We can check this permissions also using Powershell:

Get-MailboxFolderPermission

When we look on mailbox folder permissions underneath Inbox, for example “Inbox\My friends” folder, we can see following:

Permission on subfolder

This means that mailbox folder permissions are not inherited. So we can set permission per folder. So let’s test to add permission to folder Inbox and subfolder “My friends”:

Set-Folder Permissions

and now we can see also subfolders under account Tester02:

Accessible subfolders

This means that using Outlook or powershell commandlet Add-MailboxFolderPermission can set permissions only on one folder and these settings are not inherited! This is really weird. I couldn’t find any setting to allow inheritance.

Another way to set permissions of mailbox folders is set permissions on whole mailbox. This can be set by users which have rights to manage exchange mailboxes. Let’s look on powershell cmd-let Add-MailboxPermission. This cmdlet allows you to set just following access rights: FullAccess, SendAs, ExternalAccount, DeleteItem, ReadPermision, ChangePermision and ChangeOwner. Neither one of these rights define Read-only access to mailbox.

Solution

So there is no easy way to share whole mailbox between users in read-only manner. Only way I can think of is to run some powershell script. For example:

Add-MailboxFolderPermission tester -User tester02 -AccessRights Reviewer

 

ForEach($folder in (Get-MailboxFolderStatistics -Identity tester) )

{

$fname = “tester:” + $folder.FolderPath.Replace(“/”,”\”);

Add-MailboxFolderPermission $fname -User tester02 -AccessRights Reviewer

}

where “tester” is account with shared mailbox and “tester02” is account which want to access shared mailbox.

After this powershell commands are done, Tester02 can see Tester’s mailbox:

 

Shared mailbox accessible

 

But when user Tester creates new folder in his mailbox, user Tester02 will not see it unless user Tester sets permissions on new mailbox folder.

I hope guys from Microsoft will solve this issue in next release of Exchange. 🙂

 

Quickie: Remove Domain Controller role from Exchange 2007 server

January 29th, 2013 No comments

Last night I removed Domain Controller Role from Exchange 2007 server and we had problem in the morning with Exchange Outlook Web Access (OWA). We couldn’t log in at all. Symptomps:

  • Form based authentification was enabled, but Basic was proposed to clients instead
  • When users logged in they received 440 Login Timeout error

After couple minutes of googling I found this article which solved problem.

IMHO when computer was demoted from domain controller role it created local SAM database and didn’t use domain created accounts IUSR_ComputerName and IWAM_ComputerName.

 

Quickie: Exchange Empty Submission queue

January 14th, 2013 No comments

Today I was solving problem with open relay Exchange server. I came to server and it was full of SPAM e-mail messages. I needed to clean all this mess from Submission queue. I used following command:

Get-Message -Filter {FromAddress -eq “<>”} -Server MAILSERVER | Remove-Message

That’s all folks 🙂

 

Exchange not seeing all domain controllers from AD

November 30th, 2012 No comments

I had to solve interesting problem today at one of our customer. Here is a short preview of customer’s environment:

AD Topology

Customer has following 5 sites:

  • Site1 – containing 1 DC
  • Site2 – containing 1 DC (one has PDC FSMO role)
  • Site3 – containing 2 DCs. Let’s call this central site.
  • Site4 – containing 2 DCs. This site represents one datacenter (datacenter 1)
  • Site5 – containing 2 DCs. This site represents one datacenter (datacenter 2)

All domain controllers are Global Catalogs. Replication was set manually. It’s configured to be in star topology with median in Site3. For each connection was defined newInter-Site Transport in AD Sites.

AD Topology

AD Topology

Replication works fine. Exchange servers are able to resolve all domain controler. I have checked this using DNS and also nltest.

Exchange Topology

There are four Exchange 2012 servers. Two are CAS/HUB servers put into CAS Array. CAS Servers and CAS Array IP addresses belong to Site4 IP Subnet. And two Mailbox server that are put into DAG. Both mailbox server and DAG IP addresses are in Site4. Problem is that one CAS/HUB and one Mailbox server are physically located in Site4 and one CAS/HUB and one Mailbox server are located physically in Site5. Between Site4 and Site5 are L2 networks for CAS/HUB and Mailbox server.

Exchange topology

Exchange topology

Everything works fine. All IP subnets are assigned to Site4 which means all Exchange servers use primary Global Catalog functionality from domain controller from Site4. Idea from network/security guys was to allow Exchange servers to use Global Catalog just from domain controllers located in datacenters – Site4 and Site5. So firewalls don’t let Exchange server to use Global Catalog from other domain controller besides those located in Site4 and Site5.

Problem

Problem appeared when domain controllers in Site4 went down. Exchange servers didn’t want to start and mount databases.

When we looked into Events we could see event 2080 which stated that Exchange AD Topology service sees just four domain controllers:

  • Two in-site domain controllers from same site IP subnet are in (Site4)
  • Two out-of-site domain controllers. Controllers only from central site Site3

Exchange didn’t use those out-of-site domain controllers, because firewalls blocked it – regarding network/security guys recomendations. Question was why exchange servers didn’t see and use other domain controllers? It sees and uses only those four domain controllers (two in same AD site and two from central site).

After couple of minutes discusing with my coleague we find out that Exchange copies AD topology and it uses domain controllers in following way:

  • Primary uses domain controllers in same site as Exchange services are located – in-site DC
  • Secondary uses only domain controller which are directly replicating with domain controllers from primary site  – out-of-site DC

My colleague tried to convince me to believe it’s good idea and Exchange tries to protect you from some problems. But I don’t see any point of Exchange not contacting all domain controllers and contacing only domain controllers in the site and contacting domain controlers which replicate with domain controllers in site. I don’t see a poing of Exchange not trying to connect to Global Catalogs in Site1, Site2 and Site5. So this is the way Exchange looks for Global Catalog servers by design.

Proof of problem 🙂

I’ve done couple testing scenarios.

Exchange servers in Site4

  • In-site DCs: DCs from Site4
  • Out-of-site DCs: DCs only from Site3

Exchange servers in Site5

  • In-site DCs: DCs from Site5
  • Out-of-site DCs: DCs only from Site3

Exchange servers in Site1

  • In-site DCs: DC from Site1
  • Out-of-site DCs: DCs only from Site3

Exchange servers in Site3

  • In-site DCs: DCs from Site3
  • Out-of-site DCs: all DCs from all sites

This is really proof of problem with Exchange locating DCs.

 

Solution

To solve this issue we could make two things:

  • Create new AD Site only for all Exchange IP Subnets and add two domain controllers into this new created AD Site. One DC would be located in physical location 1/datacenter 1 (with CAS1 and MBX1 servers) and other DC would be located in physical location 2/datacenter 2 (with CAS2 and MBX2 servers).
  • Create new AD Inter-site Transport between Site4 and Site5.

We decided to create new AD Inter-site Transport.

I still don’t understand why Exchange doesn’t use all domain controllers in AD domain as I would think it would 🙁