Archive for Exchange
User can’t log into OWA
Posted by: | CommentsSometimes a strange situation crops up in which a user can access his Exchange 2003 email from an Outlook client without trouble, but can’t successfully log into Outlook Web Access. You will get the standard, “You could not be logged on to Outlook Web Access” error message.
Chances are this user recently had a password change, or maybe the users account was deleted and then recreated again. But you’ve checked everything: the password, the OWA feature turned on for that user, the ability to log on with other user accounts, the temporary internet files cache, IISRESET. But nothing works–no matter which workstation you use to access OWA, you can’t log on as that user.
If you really press on and actually reboot the server, you find that the problem is resolved, but you are left uneasy. What actually happened, and why did it take a server reboot to fix it? Very unsatisfactory.
The problem is actually related to how IIS caches credentials when it uses Forms Based Authentication. If you change a user password or delete and recreate a user account, sometimes IIS has a different SID/password cached for that user and any attempts to authenticate will fail until that cache is emptied. An IISRESET will not resolve the problem, but a reboot will.
But there’s another way to resolve this without a reboot.
1. Open up the Exchange System Manager and drill down into the Server section and down into Protocols.
2. Open the HTTP folder and get properties on Exchange Virtual Server.
3. Go into the Settings tab and uncheck the Enable Forms Based Authentication checkbox. Apply it.
4. Go to the command-line and do an IISRESET.
5. Now go and recheck the Enable Forms Based Authentication checkbox.
That’s it. You should be able to log into OWA with that user now.
Dave Shackelford Named Exchange MVP
Posted by: | CommentsThird Tier is proud to announce that Dave Shackelford has been honored by Microsoft with the MVP (Most Valuable Professional) award for 2010.
Microsoft Most Valuable Professionals (MVPs) are exceptional technical community leaders from around the world who are awarded for voluntarily sharing their high quality, real world expertise in offline and online technical communities. Microsoft MVPs are a highly select group of experts that represents the technical community’s best and brightest, and they share a deep commitment to community and a willingness to help others. For more information on the MVP program, visit http://mvp.support.microsoft.com/.
Dave was awarded for the Exchange Server category. His MVP profile can be found at https://mvp.support.microsoft.com/profile=B058C0A5-2970-4645-BEA1-A7EAECEA9C2A
Exchange 2007 Back Pressure Stops Incoming Mail Delivery
Posted by: | CommentsThere are several reasons why due to back pressure that your incoming email might stop. I ran into one of them today on my very own SBS 2008 server. How embarrassing…so I thought I would blog about it.
In the morning when I got up and checked my email I was shocked to see only 3 new emails instead of the usually 30+. I wiped the blur from my eyes and noticed that all three email were from my own internal network. I first checked the usual suspects. Is my Internet up? Did my IP address change? Is my MX record still there? Is my firewall working correctly? Yes, yes, yes and yes. Time to look at the event logs and the Exchange server. Exchange server says my stores are mounted and Outlook says so too.
The event log had a story to tell. Fortunately for me the event log on this server is very clean otherwise I could have easily overlooked the error message that led me to the solution because it only occurs one time. It’s Event ID 15006 Source MSExchangeTransport.
The Microsoft Exchange Transport service is rejecting message submissions because the available disk space has dropped below the configured threshold.
Resource utilization of the following resources exceed the normal level:
Queue database logging disk space ("C:\Program Files\Microsoft\Exchange Server\TransportRoles\data\Queue\") = 97% [Medium] [Normal=95% Medium=97% High=99%]
Physical memory load = 92% [limit is 94% before message dehydration occurs.]Back pressure caused the following components to be disabled:
Inbound mail submission from the Internet
Mail submission from the Pickup directory
Mail submission from the Replay directoryThe following resources are in the normal state:
Queue database and disk space ("C:\Program Files\Microsoft\Exchange Server\TransportRoles\data\Queue\mail.que") = 96% [Normal] [Normal=95% Medium=97% High=99%]
Version buckets = 0 [Normal] [Normal=80 Medium=120 High=200]
Private bytes = 3% [Normal] [Normal=71% Medium=73% High=75%]
As you can see the message is pretty detailed and tell you exactly what the problem is, except be sure to read the whole thing. At the top is says that transport service has stopped and is rejecting message submissions because the available disk space has dropped below the configure threshold. While it’s true the disk space was an issue it wasn’t enough to create the stop. Physical memory load was the problem. And the solution was, as Eriq pointed out in a earlier blog post and screencast, to reduce the amount of memory that Sharepoint and Monitoring databases are allowed to use on the server.
Read Eriq’s blog post here: http://www.thirdtier.net/2009/08/setting-the-maximum-memory-usage-on-the-sharepoint-database/
And what his screencast demonstrating the procedure here: http://www.thirdtier.net/screencasts/limit-sharepoint-database-memory-usage/
Note that after applying the fix, I had to restart the Exchange Transport service to get my incoming to start flowing again.
—
So who wrote this blog and what do they do for a living anyway?
We’re Third Tier. We provide advanced Third Tier support for IT Professionals. 
Get Support 
Blog 
Twitter 
Facebook 
LinkedIN
Scott Roberts has 12+ years at Microsoft under his belt and is currently the Test Lead for the Exchange CXP [Sustained Engineering] team here in Redmond. For over 5 years, he has been on the Exchange CXP team and before that he was the tester for DSAccess and other Directory related tools. Scott was also responsible for manually testing IMAP/SMTP/POP3 for an older Microsoft Product called MCIS.
Scott lives in Redmond and has resided in Washington for over 12 years. He is looking to attend several of the Washington State user groups over the next year to answer any questions that may arise around servicing, tools, Microsoft Update, and other related areas so that he can ensure that the CXP team properly understands the customer scenarios that are out there.
If you are a user group leader in the northwest and would like to get connected with Scott for possible presentations, drop me a note with your email address and I'll make sure it gets over to Scott. Possible topics he'll consider for group meetings include:
1. Servicing via Microsoft Update, WSUS, SMS/Systems Center, 3rd Party
2. Silent install versus UI based install
3. Servicing Cluster Scenarios
4. Servicing E14 DAG Scenarios
5. E12 specific servicing pain points
6. E14 Rollup 1 experience
7. Servicing SBS
For those of you in the Bellevue area tonight, head on over to the Puget Sound Small Business Server User Group meeting in Lincoln Square. Check out http://www.pssbs.org/about/ for directions.
Connecting to Exchange 2007 from Snow Leopard Mail Client
Posted by: | CommentsWith the release of Mac OS 10.6 (aka “Snow Leopard”), Apple has incorporated the ability to connect the Mail, iCal, and Address Book apps natively with Exchange 2007. Unfortunately, support for this is NOT available for Exchange 2003 servers. Here’s how to set up Apple Mail:
- Open the Mail app.
- From the Mail menu, select Preferences (or press Apple-; to open Preferences).
- Select the Accounts tab in the Preferences window.
- Click the Add button (the “+” button in the lower left corner of the Accounts window).
- Enter the Full Name, Email Address, and Password for the Exchange account (NOTE: the e-mail address needs to match the default e-mail address on the Exchange account. In other words, if your outbound e-mail shows your address as Jonathan.Dough@smallbizco.net, then enter it exactly that way. Entering it as jonathan.dough@smallbizco.net may cause problems) and click Continue.
- If your Exchange server is correct set up for Autodiscover, the server will be found and automatic configuration will be attempted. Also, if your mail server is using a private SSL certificate, you may see one or more prompts about not being able to identify the server. If you have concerns, contact the team responsible for your mail server. Otherwise, click Continue or Connect if you see these prompts, but understand that you may be putting some account information at risk by doing so.
- If your e-mail address does not match your login name (i.e., the address is Jonathan.Dough@smallbizco.net, but the login is jonathandough), you will be prompted to enter your login credentials. Change the username to match the username you use to sign into Outlook Web Access, then click Continue.
- Once the account setup has confirmed the connection to the server, you will be prompted to set up your Address Book contacts and iCal calendars. Uncheck these boxes if you do not want to synchronize your iCal calendars with your Exchange calendars or your Address Book contacts with your Exchange contacts. Click Create when finished.
- Close the Accounts window when complete.
Now you will see a set of mail folders for your Exchange account under the Mailboxes section of Apple Mail. It may take some time for the folders to synchronize if you have quite a bit of mail on the server.
NOTE 1: When setting up Apple Mail to communicate with your Exchange 2007 server in this way, you are working directly with the information that is on the server, NOT on a local copy that has been downloaded on your Mac. That means that if you delete an e-mail from Apple Mail, it is immediately deleted from the server and will NOT be available to any other mail clients you may be using to access the information on your Exchange server (i.e., Outlook on a PC or a mobild phone that has native Exchange connectivity).
NOTE 2: If you have done an in-place upgrade from a previous version of Mac OS 10 to 10.6, there is a change that iCal may not be able to synchronize with the Exchange server. I have run into this issue and have not yet been able to find a solution, but others have not encountered this problem, so it’s unclear what the exact cause is at this point.
Complications from an SBS 2008 Migration
Posted by: | CommentsWe ran across an interesting complication during an SBS 2003 to SBS 2008 migration. We run extensive checks on our SBS 2003 servers before performing migrations and this has always served us well. You may have even heard me talk on the various tasks we undertake and tests that we run. In this case we had a local client with an SBS 2003 server that we did not install. Further the previous hardware had failed causing the server to shutdown abruptly over and over again and we had imaged this SBS 2003 server onto new hardware about a year prior. Everything seemed fine with it though and the previous year had gone smoothly with this server.
We fully patched it. We defragmented the Exchange database. We ran the BPA. We updated the NIC drivers. We fixed up a journal wrap problem. We ran dcdiag to test DNS-AD integration. We ran gpupdate. We ran repadmin to test AD sync. We ran the BPA again and it told us that the server held none of the FSMO roles. !***!&*($&#*(&$*!!!!! Yikes. We verified all of them in the GUI. We verified all them using command prompt tools and it came back as holding all of the FSMO roles. Still the BPA persisted in claiming that it did not, so we postponed the migration while we gathered our thoughts. After consulting with everyone we could think of that was an expert in AD, it was concluded that if the AD itself knew that the server held the roles and all of the usual tests came back good that the BPA must be on drugs. The migration was scheduled.
We took a backup. We took an image. We mounted the image onto our virtual server. We started and finished the migration. We migrated the mailboxes, moved the data and generally progressed through the to do list smoothly. Then we noticed the event log in the SBS 2003 server. It said that a recent DC Promo was unable to complete and AD replication was halted until it finished. Sure enough when we tried to add a user as a test, the user did not sync between the servers. AD was not replicating. Testing AD pointed to a problem with the objects in the Computer OU and DNS-AD integration tests said that it was unable to find the PDC. It claimed records were missing that were not missing. Rather than turn back to an SBS 2003 server that no one was able to determine why the BPA said didn’t hold the FSMO roles, we decided our options were to press forward to try to fix the AD or create a new domain. Since everything was working, from the user perspective, we decided we had a bit of time to work on fixing AD before our 21 day migration period was up. Work began.
Moving forward with the migration we got to the point were we decided to uninstall Exchange 2003 and attempt a demotion of the SBS 2003 server. The uninstall of Exchange 2003 went along fine. However when we tried to demote the SBS 2003 server it informed us it thought it was the last replication of DNS in active directory. Hard stop.
To troubleshoot Active Directory we checked schema version on both the server and found it was set to 44. Good but we needed them to replicate with each other. So, we deleted the connection objects on both of the servers. Went into DSSITE on both servers and told it to check replication topology. Waited for some time and we got the connection object back. We forced replication and it was successful! Problem solved.
We thought, problem solved. Shortly thereafter we got a call from the client, Outlook was reporting Disconnected. A look at Exchange 2007 showed that all of the mailboxes were gone! But the good news was that the mailbox store was still the right size so we knew that they were in there. We just needed to connect to them. Exchange Command shell: get-mailboxdatabase |clean-mailboxdatabase to have all disconnect mailboxes show up in the Console then in the console, go to disconnectted mailbox, right click each mailbox and choose connect. Do this for each users mailbox and another problem solved.
Are we done yet? No, yet another issue reared it’s ugly head. Users with large mailboxes were getting a message that their mailbox was too big and they were blocked from sending or receiving email. <sigh> Look at the Mailbox size limitation in the SBS Console and it still held our settings to allows for larger mailboxes for the Standard User Role. Reapply the role. No change. Back into the Exchange Management Console we go. Here we set the mailbox size for the users directly.
No further problems have presented themselves so we believe that we have successfully migrated an SBS 2003 with AD problems over to SBS 2008. Overall it was a good learning experience for the technician involved and now we know that the BPA is never on drugs. Apparently it knows things about AD that AD doesn’t even know about itself.
—
So who wrote this blog and what do they do for a living anyway?
We’re Third Tier. We provide advanced Third Tier support for IT Professionals. Get Support Blog Twitter Facebook LinkedIN
Unable to use Out Of Office or AutoDiscover
Posted by: | CommentsWe had an interesting issue the other day. After an upgrade to Exchange 2007 and Office 2007 users reported that they were unable to create an Out Of Office message. When attempting to do so, Outlook would claim that the Exchange server was unavailable. It was a real mystery since the Exchange server was available; they were sending and receiving email just fine. A further clue presented itself when we found that this issue only effected users on the Terminal Server. Users working from Desktop computers did not experience this problem.
During our investigation of the problem we noticed that on the terminal server Outlook was also unable to resolve the autodiscover record while on the desktops they were. We weren’t sure of the link between these two clues but pushed forward to resolve the autodiscover issue. We verified that all of the autodiscover records were correct.
We resorted to Internet research and found 1 conversation thread where someone noted that autodiscover was unable to resolve when you have a proxy server and the browser is not configured to exempt the internal domain from the proxy. This was indeed the problem. This business did run a proxy server. The browser in the terminal server did not have the exemption for the local domain, while the desktop browsers did because they were being autoconfigured by a local firewall client. Once this entry was made, Out Of Office and Autodiscover worked.
So, the solution to why users are unable to use Out Of Office in Outlook 2007 is that the Internal domain is not listed in Internet Explorer as exempt from proxy.
—
So who wrote this blog and what do they do for a living anyway?
We’re Third Tier. We provide advanced Third Tier support for IT Professionals. Get Support Blog Twitter Facebook LinkedIN
Connecting iPhone 3.x to Exchange
Posted by: | CommentsI originally posted instructions for configuring an iPhone 2.0 device to an Exchange server back when the iPhone 3G was originally released. While those instructions still hold for the most part, the iPhone interface has changed somewhat, so here’s an updated post with pics for connecting the iPhone 3.x OS to an Exchange server.
- From the Home screen (unless you’ve relocated the icon) open the Settings app.
- Click the Mail, Contacts, Calendars item in the list.
- Click Add Account.
- Click Microsoft Exchange at the top of the list.
- Enter your e-mail account information.
For the Email field, enter your default e-mail address exactly as it appears on your outgoing messages. This is important: if your outgoing e-mail address is Jon.Dough@smallbizco.net, you must match it exactly. If you enter jon.dough@smallbizco.net, you may encounter issues with calendar items. You may not need to enter the Domain field, but do enter it if you know what it is. Your username and password should match what you enter to access Outlook Web Access or your network account. If you do not know this information, you will need to get it from your system administrator. - Once you have entered the account information, click Next. The iPhone will attempt to connect to your mail server. You may be prompted to enter the name of the mail server if it could not be found automatically. This is the same as the server you use to access Outlook Web Access. If your Outlook Web Access server is https://remote.smallbizco.net/owa, then you need to enter remote.smallbizco.net as the mail server. Then click Next.
- If the iPhone cannot correctly validate the security certificate on your mail server (this may be the case if your Exchange server is running on Small Business Server 2003 or 2008), you will be asked what to do about the connection. If you know you have entered the correct information about your mail server, click Accept. If not, click Cancel.
- Choose which items from the Exchange server you want to sync with your iPhone. If you already have your contacts or calendar synchronizing with another source, you may want to hold off on selecting those to avoid a potential loss of data.
- Click Done when finished.
The iPhone will now start the initial connection to the Exchange server and synchronize the selected information.
Entourage for Exchange Web Services Released
Posted by: | CommentsToday, Microsoft released an update to the Office 2008 suite that allows Entourage (the Exchange e-mail client) to connect to Exchange 2007 servers using Exchange Web Services instead of WebDAV. This update provides improvements in the calendar interface and allows Entourage to sync tasks, notes, and categories with Exchange server. While Entourage still lags terribly behind Outlook 2001 for Mac in terms of feature compatability with Exchange server, this update provides a much-awaited set of improvements for the Mac e-mail client.
Entourage 2008 Web Services edition requires Office 2008 with the 12.2.1 update installed. Unfortunately, Microsoft does not make the updates for Office for Mac cumulative, so if you install Office 2008 from the original media, you must first install Office 2008 SP1, then Office 2008 SP2, then the 12.2.1 Update before you will be able to install Entourage Web Services Edition. All of these downloads are available at the Mactopia download site, http://www.microsoft.com/mac/downloads.
Detailed information about how Entourage Web Services works and tips for how to upgrade to Entourage Web Services can be found at the Microsoft Mac IT Pros site, http://www.microsoft.com/mac/itpros/default.mspx.
Testing Exchange Connectivity
Posted by: | CommentsI was reading TechNet Magazine and it prompted me to remember about an excellent tool for testing exchange. Until I read the TechNet article, I actually didn’t realize that the tool belonged to Microsoft. It’s http://www.testexchangeconnectivity.com and it is now officially called the Microsoft Exchange Server Remote Connectivity Analyzer – Beta. They’ve upgraded a few things since I first used it.
Here’s what you get:
When the results come back for each test you get a nice listing of the path it took to perform the test and a listing WITH explanation of any failures including links to support and technet articles describing how to resolve the issue that was discovered.
Here’s an example. In this example, I asked that the Microsoft Exchange ActiveSync Connectivity Test be performed with AutoDiscover. The results are detailed and below is an example of an error condition that it discovered including the link for information tips on resolving the problem. In my case, I do not allow port 80 connections to my server, so this error is expected.
The Microsoft Exchange Server Remote Connectivity Analyzer is a well thought out tool that is excellent for verifying an installation or troubleshooting a problematic one. Keep this one in the toolkit.
—
So who wrote this blog and what do they do for a living anyway?
We’re Third Tier. We provide advanced Third Tier support for IT Professionals.
Get Support 
Blog 
Twitter 
Facebook 
LinkedIN
