Monthly Archives: January 2010

Can’t mount Public Folders

For a couple of months ago i had a really hard problem while demoting an old Exchange 2003 after a transition to Exchange 2007.
I couldn’t uninstall it and had to do it the hard way with disable services, delete them from registry and delete files etc.

After the operation the Exchange 2007 server couldn’t mount the Public Folder database store.

But found a solution well hidden on a forum and I want to share it with you J
it’s kind of copy and paste on this.

Open adsiedit.msc

Select Configuration-Configuration-Services-Microsoft Exchange-Orgname-Administrative Groups-Exchange Administrative Group.

Now we were missing the ‘Folder Hierarchies’ folder – how I still am unsure of. All we had to do was recreate it as follows:

Create the “Folder Hierarchies” under the Exchange Administrative Group

1. Right click on Exchange Administrative Group

2. Select New Object

3. Select msExchPublicFolderTreeContainer for the class and click Next

4. Enter the following for the value: Folder Hierarchies, click Next

5. Click Finish

 
 

Create Public Folder Tree Object

1. Right click CN=Folder Hierarchies -> New Object

2. Selected msExchPFTree for the class

3. For the value we entered, “Public Folders” and clicked next

4. Clicked on the “More Attributes” button, selected msExchPFTreeType and set the value to 1. Note: This is very important that this value is set to a value of 1 as this tells Exchange that this is a MAPI Tree

5. Click Ok and then finish

 
 

Populate msExchOwningPFTreeBL attribute object of the PF Stores in the organization

(Since this attribute is not directly editable, you have to follow the below steps to do this for each PF store)

1. Get properties of the newly created “Public Folders” Tree object in ADSIEdit.

2. Copy the distinguishedname value to the clipboard and then click cancel.

3. Navigate to the Storage group that contains the Public Folder Store for this server and get properties of the public folder database object in the folder.

4. Locate the msExchOwningPFTree attribute and paste in the value that was copied to the clipboard in step 2. Click OK.

5. Restart the Information Store Service

6. Now try to mount the PF store and see if we can access it fine now.

 
 

Soon as the Information Store service was restarted it came online. Thankfully…

Receive Connector; Create, manage and troubleshoot

Some companies do not like the idea of displaying the server name in SMTP connections.
We can change the banner information used by a Receive Connector using the cmdlet.
Set-ReceiveConnector ‘<Connector Name>’ -Banner “220 Mail Server”

We can control the number of protocol errors in a single session. The default value is 5, to configure it to 2 we can use the following cmdlet:
Set-ReceiveConnector ‘<Connector Name>’ -MaxProtocolErrors 2

When you suspect you have a problem with the receive connector it’s a good idea to start the verbose logging and check the logs, they are default placed in:
“C:\Program Files\Microsoft\Exchange Server\TransportRoles\Logs\ProtocolLog”

To achieve this, it can be done either in EMC; under Server configuration, HUB Transport, select server and the Receive Connector or it can be done with EMS;
Set-ReceiveConnector -Identity ‘<Connector Name>‘ -ProtocolLoggingLevel Verbose

In most case the default permission when creating an internal relay connector works well, but observe that sometimes it won’t work, then use the verbose logging to check.
Get-ReceiveConnector ‘<Connector Name>’ | Get-ADPermission

To give higher permissions the command; Set-ADPermission can be used or use Adsiedit.msc, find the Receive Connector and give the user/group the missing permissions.
Make sure to select; 

  • Submit Messages to Server
  • Submit Messages to any Recipient
  • Bypass Anti-Spam
  • Accept routing Headers

For the connections that won’t work in the normal way, create a new connector and don’t choose any permission, also start the verbose logging.
Then use adsiedit after creating a group in AD with the users that should be able to relay/use the connector.

Of course anonymous can also be chosen but it’s not very secure!

Thanks for reading!

E2K3 Public Folder Management – SSL certificate server name is incorrect error

I was in a transition from Exchange 2003 to Small Business 2008 with Exchange 2007 when this came up. The SSL certificate on the Exchange 2003 server is wrong (wrong FQDN/CN, unknown CA, and it is expired). I could not manage the public folder hierarchy using Exchange System Manager.

Depending on what I was trying to do, I got this error:

The SSL certificate server name is incorrect.
ID no: c103b404 Exchange System Manager

I also saw this error:
The token supplied to the function is invalid
ID no 80090308

Lots of newsgroup and web discussion forms pointed to this KB article indicating that the problem might be related to SSL being required on the /ExAdmin virtual directory. “You receive an SSL Certificate error message when you view public folders in Exchange System Manager” http://support.microsoft.com/kb/324345 I checked that and it was NOT the case.

Finally found some instructions in a newsgroup that worked. This requires ADSIEDIT and a little bit of Exchange configuration editing.

  1. Run ADSIEDIT
  2. Navigate to the following object: CN=Configuration, then CN=Services, CN=Microsoft Exchange, CN=, CN=Administrative Groups, CN=First Administrative Group, CN=Servers, CN=Protocols, CN=HTTP, CN=1, CN=Exadmin
  3. Display the properties of the CN=Exadmin object
  4. Locate the msExchSecureBindings attribute, highlight it and click Edit button
  5. If it has a value of :443:, select that value in the Values list, click Remove.
  6. Click OK twice and then close ADSIEDIT

Give this a few minutes to replicate through Active Directory and try it again!

How to change the database size limit in Exchange 2003

Start Regedit. Start > Run > regedit

Navigate to your private database. You can find it under:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSExchangeIS\\Private-GUID.

Right click and create; New DWORD Value

Create the DWORD with name: Database Size Limit in GB with the value 75.
This sets the Maximum size limit to 75GB to the database.

That’s maximum for Exchange 2003 Standard Edition, Enterprise is unlimited.

Restart the Microsoft Exchange Information Store for the change to take effect, this is done through the services pannel: Start > Run > services.msc.
Find the Microsoft Exchange Information Store and restart it.

How to Configure Glitch Retry Interval in Exchange Server 2003

 

If Exchange Server 2003 tries to route a message to a heavily loaded external SMTP system such as a virus firewall, it can receive a Server Busy error. In these situations, the Exchange transport goes into a state known as ‘glitch retry’. In this state, Exchange Server 2003 waits 60 seconds before attempting to resend the message, and it repeats this process three times before resorting to other actions. If external SMTP servers are consistently busy, reduce the glitch retry wait time to prevent mass message queuing.

To configure the glitch retry interval in Exchange Server 2003

  1. Open a registry editor, such as Regedit.exe or Regedt32.exe.
  2. Navigate to: HKLM\System\CurrentControlSet\Services\SMTPSvc.
  3. Right-click SMTPSvc and select New | Key.
  4. Name the new key Queuing.
  5. Right-click Queuing and select New | DWORD Value.
  6. Name the new DWORD value GlitchRetrySeconds.
  7. Double-click GlitchRetrySeconds to edit its value data.
  8. Change the Base to Decimal.
  9. In the Value data field, enter the number of seconds that Exchange Server 2003 should wait before attempting to resend a message.
  10. Click OK to save the change, and then close the Registry Editor.
  11. Restart the Simple Mail Transfer Protocol (SMTP) service for the change to take effect.

Can’t send mail to internal Distribution Lists

 

For some weeks ago i discovered a strange behavior at a customer site when creating a usual Distribution Group in Exchange 2007.
Of course when it was created I thought everything went OK.

A week after I realized that the group never has worked because the object ‘legacyExchangeDN’ was empty/missing.

In my lab environment i checked it and manually created the object in the production environment and tried it. It worked!

To check these kinds of object settings I used AD Explorer (http://technet.microsoft.com/en-us/sysinternals/bb963907.aspx)
or you can use ADSIedit.msc (included in Support Tools in 2003 or by default in 2008).

My ‘legacyExchangeDN’ looks like this as an example:

/o=First Organization/ou=First Administrative Group/cn=Recipients/cn=Alla

Change Exchange 2007 OWA Automatic Logoff time

Sometimes it’s nice to change the default automatic logoff time for any reason.

Firstly, it is necessary that you understand the ‘Public’ and ‘Private’ options on the OWA logon page:

  • Public is the default option for security reasons. If you log in to OWA using this option, your username will not be saved and your session will terminate after 15 minutes.
  • Private is intended for private computers. Selecting this option will cause your username to be remembered for subsequent visits to the site (you must, however, retype your password each time). Your session will also timeout after 8 hours, not 15 minutes.

The server this change is going to be done is at the server that handles OWA, yes you’re right. It’s the CAS server.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSExchange OWA

The CAS looks for two DWORD entries within that key: PublicTimeout and PrivateTimeout. If one or both of these keys is not present, the session for which the key is omitted uses its default logoff value.

To modify the timeout in some way, you can edit or create one or both of the above keys. Set them as DWORD entries. When editing these values, choose the ‘Decimal’ option and enter a value from 1 to 43 200. The value is in minutes, meaning you can cause session to last anywhere from 1 minute up to a maximum of 30 days.

Having made the changes, restart IIS on the CAS server(s) for the changes to take effect. iisreset /noforce

Done!

Restore single user mailbox content using Exchange 2010 and DPM 2010 Beta

 

Prerequisites

  • An RDB must be created.
  • The database and log files containing the recovered data must be restored or copied into the RDB folder structure that was created when the RDB was created.
  • The database must be in a clean shutdown state. Because an RDB is an alternate restore location for all databases, all restored databases will be in a dirty shutdown state. You can use Eseutil /R to put the database in a clean shutdown state.

(Text copied from technet)

Step 1

Start up DPM 2010 and go to the Recovery section, select the appropriate database, also make sure to select a date very the user mailbox should be recovered from.
Right click the database and select “Recover”.


Check so that the date and time are correct and press “Next”.
Select “copy to network folder” and select “Next”.
Copy destination, select the appropriate server and folder press “Next”.

On the next selection window we got a very nice option to select, it’s called “Bring the database to a clean state after copying the files”.
Select that one and click “Next” and press “Recover” to start the job.
 

 

Step 2

Log onto mailbox server (or any of the Exchange 2010 servers), startup Exchange Management Shell and run the following command to create a Recovery Mailbox Database.
With this command we point out the database we just recovered in Step 1.

“New-MailboxDatabase -Name “RDB” -Server EX-MBX01 -EDBFilePath “E:\RDB\DPM_12-31-2009_18.0.59\MDB1\Program Files\Microsoft\Exchange Server\V14\Mailbox\Mailbox Database 0091898942\Mailbox Database 0091898942.edb” –Logfolderpath E:\RDB\DPM_12-31-2009_18.0.59\MDB1\Program Files\Microsoft\Exchange Server\V14\Mailbox\Mailbox Database 0091898942\ -Recovery”

To check the database user contents run the following command
“Get-MailboxStatistics –Database “RDB”

If you want to check the state of the database run the following command
“eseutil /mh ‘.\Mailbox Database 0091898942.edb'”

Step 3

Log onto mailbox server (or any of the Exchange 2010 servers), startup Exchange Management Shell and run the following command to restore the user mailbox.

“Restore-Mailbox -Identity jonand -RecoveryDatabase “RDB”

Confirm
Are you sure you want to perform this action?
Recovering mailbox content from mailbox ‘Jonas Andersson’ in the recovery database ‘RDB’ to the mailbox for ‘Jonas Andersson (Jonas.Andersson@testlabs.se)’. This operation may take a long time to complete.
[Y] Yes [A] Yes to All [N] No [L] No to All [?] Help (default is “Y”):

The following text is copied from TechNet (can also be very use full!)

This example bulk restores all the mailboxes in the mailbox database DB1 that are also present in the recovery database RDB.
“Get-Mailbox -Database DB1 | Restore-Mailbox -RecoveryDatabase “RDB”

Done!