Archive for Exchange
Third Tier offering Technical Training at SMBNation PreDay Event!
Posted by: | CommentsI’ve been dying to announce this. I’m so excited! We’re doing a pre-day event at SMBNation in Vegas on October 21st. Make your flights accordingly. Very soon we will be posting a registration form. You must register in advance so keep an eye out for it.
Speakers are our own fabulous staff: Dave Shackelford, Cliff Galiher, Eriq Neale and Wayne Small
Our content has been selected by the guys to reflect the growing concern over compliance, business continuity, manageability and issues surrounding these that our customers are contacting us for help with. Case studies and examples will abound and they guys will show you how to configure the products they will be working with which including Exchange, Sharepoint, Terminal Services and Hyper-V. Expect the sessions to be intense with advanced material. Your brain will be exploding by the end of the day.
I’ll be posting more and more specifics about the content as the event gets closer. Let’s have a look at what Eriq is going to cover first:
Configuring and Using Remote Desktop Services Remote Apps – A Love Story
Many people have heard of Remote Desktop Services Remote Apps (formerly Terminal Server Remote Apps) but either haven’t had an opportunity to implement the solution or just are not sure how to. In this session, Eriq Neale will show how to configure RDS Remote Apps on a Remote Desktop Server and then go over several real-world deployment scenarios. We will also go over how to set up RDS Remote Apps to work with Remote Web Workplace on an SBS Server. Eriq will include case studies on when and why this technology is used.
Configuring RDS Remote Apps
Publishing an Application through RDS Remote Apps
Publishing an Application with multiple configuration options through RDS Remote Apps
Publishing an RDS Remote App through Remote Web Workplace
Please make your flights accordingly and plan to join us for a full day of intense training on October 21st.
Shout Out to Hewlett Packard, Symform and Storagecraft. Without awesome vendors that get the small business space and are willing to invest in partner education, this event would not be possible.
—
Connect with us now…
We’re Third Tier. We provide advanced Third Tier support for IT Professionals. 
Get Support 
Blog 
Twitter 
Facebook 
LinkedIN
Public Folder problem caused by Client-side Outlook Security update
Posted by: | CommentsJust a heads up. If any of your clients have a user that complains that they can’t access public folders, they may be having a problem with a recent client-side Outlook 2007 security update. If they attempt to access public folders and are getting this error:
Cannot expand the folder. The attempt to log on to Microsoft Exchange has failed
It’s likely that they recently installed KB980376. As of today, the only known fix is to uninstall that security update from the client machine so that they can get into public folders.
Connecting an iPhone 4 to Exchange
Posted by: | CommentsYes, it’s June 24, and the new iPhones have been hitting the streets, and a number of people have been updating their previous iPhone models to the iPhone OS 4 (IOS4). As we’ve done for the previous versions, here are instructions for connecting your iPhone 4 to an Exchange server.
- From the Home screen (or whichever screen you’ve moved the icon to), click the Settings icon.
- In the Settings screen, click Mail, Contacts, Calendars
- Click Add Account
- Click Microsoft Exchange
- Enter the information in the account screen:
- Enter your e-mail address *exactly* as the default account is set (for example, if your outbound e-mail address is Jonathan.Dough@smallbizco.net, enter it exactly that way – do not enter jonathan.dough@smallbizco.net).
- Enter your internal domain name (if needed)
- Enter your account name (this is the name used to log into your computer, it may or may not match your e-mail address)
- Enter your account password
- Enter a description for the account (Exchange will be the name if you do not put anything into the description field
- Once you have verified that the information entered is correct, click Next.
- You may see a warning that your server identity cannot be identified. This is expected if the server is Exchange 2003 or if the Autodiscover record for the server has not been set up properly. If you see this message, click Continue.
- If you did get the previous message that the phone could not verify the identity of the server, you will need to enter the name of the server. This will be the same address you enter to get to Outlook Web Access (i.e., if you use https://remote.smallbizco.net/owa as the address for your Outlook Web Access server, then enter remote.smallbizco.net in the Server field).
- You may receive a second warning that the server identity cannot be verified. This will be the case if your Exchange server has an invalid or untrusted SSL certificate. The iPhone can continue to communicate with the server using this certificate, and that communication is still secured. If this is the first, or second, time you get this warning, click Continue.
- If you receive a message that the Exchange account cannot be verified, click OK and make sure you have entered the account information correctly. This error will most often appear if a password has not been entered correctly or if the Domain information is incorrect.
- Once the account has been validated, select which Exchange features you wish to synchronize with your phone, then click Save.
- After creating the account, you can go back into the account settings to change the items you wish to synchronize, or to modify other synchronization options.
At this point, your iPhone will start to synchronize information with your Exchange account. Depending on the data connection speed of the iPhone and your server, along with how much data you have in your mailbox to synchronize, this process may take some time.
Giving one user access to another’s mailbox via PowerShell
Posted by: | CommentsThere are plenty of reasons why you might want to give one user access to another user’s mailbox. The first user may be in the hospital, or under HR review, or maybe they’ve been dropping the ball lately and management need to make sure that certain projects have been followed up on. It’s not really our job to care. The fact is, Bill in management has requested that you give Paul Stanley access to Gene Simmon’s mailbox, and for various reasons, logging on to Gene’s mailbox to set these permissions up is not a good option. For one, you’d only be able to delegate access to certain primary folders, not to the whole mailbox, and second, you’d have to know Gene’s password to do that. Because you are a smart admin, you tell Bill you can take care of it easily from the server. And here’s how you do it with Exchange 2007 or Exchange 2010:
Using this powershell command, you can give one user the permission to open and view another user’s entire mailbox. They won’t be able to send mail from that mailbox though, unless you add the SendAs permission:
Add-MailboxPermission user1 -User user2 -AccessRights fullaccess
So if you wanted to give Paul Stanley access to Gene Simmons’ mailbox, you would do this:
Add-MailboxPermission gsimmons -user pstanley -AccessRights fullaccess
To add sending functionality, you would do this:
Add-MailboxPermission gsimmons -User pstanley -AccessRights sendas
Make sure you run the Exchange Management Shell as Admin (escalated) or you may not get the results you were expecting.
If you want to verify the permissions you’ve given Paul, you can run this command:
Get-MailboxPermission gsimmons -User pstanley | fl
After you tell Bill that you’ve taken care of it, he asks you what Paul is supposed to do to view the mailbox. You send him the following instructions:
In Outlook, go into Tools -> Account Settingss and open up the properties on your Exchange email account. Choose More Settings, and when you get to the tabbed window, choose the Advanced tab.
On the Advanced tab, you will see the option to open additional mailboxes. Click Add and type the name of the user whose mailbox you want to open. In this case, Paul could type “Gene Simmons” or “gsimmons”. OK all the way out, and you should see another root mailbox for Gene Simmons added to Paul’s Outlook.
And yes, this can be done in the Exchange Management Console, but PowerShell is quicker!
User can’t log into OWA
Posted by: | CommentsSometimes a strange situation crops up in which a user can access his Exchange 2003 email from an Outlook client without trouble, but can’t successfully log into Outlook Web Access. You will get the standard, “You could not be logged on to Outlook Web Access” error message.
Chances are this user recently had a password change, or maybe the users account was deleted and then recreated again. But you’ve checked everything: the password, the OWA feature turned on for that user, the ability to log on with other user accounts, the temporary internet files cache, IISRESET. But nothing works–no matter which workstation you use to access OWA, you can’t log on as that user.
If you really press on and actually reboot the server, you find that the problem is resolved, but you are left uneasy. What actually happened, and why did it take a server reboot to fix it? Very unsatisfactory.
The problem is actually related to how IIS caches credentials when it uses Forms Based Authentication. If you change a user password or delete and recreate a user account, sometimes IIS has a different SID/password cached for that user and any attempts to authenticate will fail until that cache is emptied. An IISRESET will not resolve the problem, but a reboot will.
But there’s another way to resolve this without a reboot.
1. Open up the Exchange System Manager and drill down into the Server section and down into Protocols.
2. Open the HTTP folder and get properties on Exchange Virtual Server.
3. Go into the Settings tab and uncheck the Enable Forms Based Authentication checkbox. Apply it.
4. Go to the command-line and do an IISRESET.
5. Now go and recheck the Enable Forms Based Authentication checkbox.
That’s it. You should be able to log into OWA with that user now.
Dave Shackelford Named Exchange MVP
Posted by: | CommentsThird Tier is proud to announce that Dave Shackelford has been honored by Microsoft with the MVP (Most Valuable Professional) award for 2010.
Microsoft Most Valuable Professionals (MVPs) are exceptional technical community leaders from around the world who are awarded for voluntarily sharing their high quality, real world expertise in offline and online technical communities. Microsoft MVPs are a highly select group of experts that represents the technical community’s best and brightest, and they share a deep commitment to community and a willingness to help others. For more information on the MVP program, visit http://mvp.support.microsoft.com/.
Dave was awarded for the Exchange Server category. His MVP profile can be found at https://mvp.support.microsoft.com/profile=B058C0A5-2970-4645-BEA1-A7EAECEA9C2A
Exchange 2007 Back Pressure Stops Incoming Mail Delivery
Posted by: | CommentsThere are several reasons why due to back pressure that your incoming email might stop. I ran into one of them today on my very own SBS 2008 server. How embarrassing…so I thought I would blog about it.
In the morning when I got up and checked my email I was shocked to see only 3 new emails instead of the usually 30+. I wiped the blur from my eyes and noticed that all three email were from my own internal network. I first checked the usual suspects. Is my Internet up? Did my IP address change? Is my MX record still there? Is my firewall working correctly? Yes, yes, yes and yes. Time to look at the event logs and the Exchange server. Exchange server says my stores are mounted and Outlook says so too.
The event log had a story to tell. Fortunately for me the event log on this server is very clean otherwise I could have easily overlooked the error message that led me to the solution because it only occurs one time. It’s Event ID 15006 Source MSExchangeTransport.
The Microsoft Exchange Transport service is rejecting message submissions because the available disk space has dropped below the configured threshold.
Resource utilization of the following resources exceed the normal level:
Queue database logging disk space ("C:\Program Files\Microsoft\Exchange Server\TransportRoles\data\Queue\") = 97% [Medium] [Normal=95% Medium=97% High=99%]
Physical memory load = 92% [limit is 94% before message dehydration occurs.]Back pressure caused the following components to be disabled:
Inbound mail submission from the Internet
Mail submission from the Pickup directory
Mail submission from the Replay directoryThe following resources are in the normal state:
Queue database and disk space ("C:\Program Files\Microsoft\Exchange Server\TransportRoles\data\Queue\mail.que") = 96% [Normal] [Normal=95% Medium=97% High=99%]
Version buckets = 0 [Normal] [Normal=80 Medium=120 High=200]
Private bytes = 3% [Normal] [Normal=71% Medium=73% High=75%]
As you can see the message is pretty detailed and tell you exactly what the problem is, except be sure to read the whole thing. At the top is says that transport service has stopped and is rejecting message submissions because the available disk space has dropped below the configure threshold. While it’s true the disk space was an issue it wasn’t enough to create the stop. Physical memory load was the problem. And the solution was, as Eriq pointed out in a earlier blog post and screencast, to reduce the amount of memory that Sharepoint and Monitoring databases are allowed to use on the server.
Read Eriq’s blog post here: http://www.thirdtier.net/2009/08/setting-the-maximum-memory-usage-on-the-sharepoint-database/
And what his screencast demonstrating the procedure here: http://www.thirdtier.net/screencasts/limit-sharepoint-database-memory-usage/
Note that after applying the fix, I had to restart the Exchange Transport service to get my incoming to start flowing again.
—
So who wrote this blog and what do they do for a living anyway?
We’re Third Tier. We provide advanced Third Tier support for IT Professionals. Get Support Blog Twitter Facebook LinkedIN
Scott Roberts has 12+ years at Microsoft under his belt and is currently the Test Lead for the Exchange CXP [Sustained Engineering] team here in Redmond. For over 5 years, he has been on the Exchange CXP team and before that he was the tester for DSAccess and other Directory related tools. Scott was also responsible for manually testing IMAP/SMTP/POP3 for an older Microsoft Product called MCIS.
Scott lives in Redmond and has resided in Washington for over 12 years. He is looking to attend several of the Washington State user groups over the next year to answer any questions that may arise around servicing, tools, Microsoft Update, and other related areas so that he can ensure that the CXP team properly understands the customer scenarios that are out there.
If you are a user group leader in the northwest and would like to get connected with Scott for possible presentations, drop me a note with your email address and I'll make sure it gets over to Scott. Possible topics he'll consider for group meetings include:
1. Servicing via Microsoft Update, WSUS, SMS/Systems Center, 3rd Party
2. Silent install versus UI based install
3. Servicing Cluster Scenarios
4. Servicing E14 DAG Scenarios
5. E12 specific servicing pain points
6. E14 Rollup 1 experience
7. Servicing SBS
For those of you in the Bellevue area tonight, head on over to the Puget Sound Small Business Server User Group meeting in Lincoln Square. Check out http://www.pssbs.org/about/ for directions.
Connecting to Exchange 2007 from Snow Leopard Mail Client
Posted by: | CommentsWith the release of Mac OS 10.6 (aka “Snow Leopard”), Apple has incorporated the ability to connect the Mail, iCal, and Address Book apps natively with Exchange 2007. Unfortunately, support for this is NOT available for Exchange 2003 servers. Here’s how to set up Apple Mail:
- Open the Mail app.
- From the Mail menu, select Preferences (or press Apple-; to open Preferences).
- Select the Accounts tab in the Preferences window.
- Click the Add button (the “+” button in the lower left corner of the Accounts window).
- Enter the Full Name, Email Address, and Password for the Exchange account (NOTE: the e-mail address needs to match the default e-mail address on the Exchange account. In other words, if your outbound e-mail shows your address as Jonathan.Dough@smallbizco.net, then enter it exactly that way. Entering it as jonathan.dough@smallbizco.net may cause problems) and click Continue.
- If your Exchange server is correct set up for Autodiscover, the server will be found and automatic configuration will be attempted. Also, if your mail server is using a private SSL certificate, you may see one or more prompts about not being able to identify the server. If you have concerns, contact the team responsible for your mail server. Otherwise, click Continue or Connect if you see these prompts, but understand that you may be putting some account information at risk by doing so.
- If your e-mail address does not match your login name (i.e., the address is Jonathan.Dough@smallbizco.net, but the login is jonathandough), you will be prompted to enter your login credentials. Change the username to match the username you use to sign into Outlook Web Access, then click Continue.
- Once the account setup has confirmed the connection to the server, you will be prompted to set up your Address Book contacts and iCal calendars. Uncheck these boxes if you do not want to synchronize your iCal calendars with your Exchange calendars or your Address Book contacts with your Exchange contacts. Click Create when finished.
- Close the Accounts window when complete.
Now you will see a set of mail folders for your Exchange account under the Mailboxes section of Apple Mail. It may take some time for the folders to synchronize if you have quite a bit of mail on the server.
NOTE 1: When setting up Apple Mail to communicate with your Exchange 2007 server in this way, you are working directly with the information that is on the server, NOT on a local copy that has been downloaded on your Mac. That means that if you delete an e-mail from Apple Mail, it is immediately deleted from the server and will NOT be available to any other mail clients you may be using to access the information on your Exchange server (i.e., Outlook on a PC or a mobild phone that has native Exchange connectivity).
NOTE 2: If you have done an in-place upgrade from a previous version of Mac OS 10 to 10.6, there is a change that iCal may not be able to synchronize with the Exchange server. I have run into this issue and have not yet been able to find a solution, but others have not encountered this problem, so it’s unclear what the exact cause is at this point.
Complications from an SBS 2008 Migration
Posted by: | CommentsWe ran across an interesting complication during an SBS 2003 to SBS 2008 migration. We run extensive checks on our SBS 2003 servers before performing migrations and this has always served us well. You may have even heard me talk on the various tasks we undertake and tests that we run. In this case we had a local client with an SBS 2003 server that we did not install. Further the previous hardware had failed causing the server to shutdown abruptly over and over again and we had imaged this SBS 2003 server onto new hardware about a year prior. Everything seemed fine with it though and the previous year had gone smoothly with this server.
We fully patched it. We defragmented the Exchange database. We ran the BPA. We updated the NIC drivers. We fixed up a journal wrap problem. We ran dcdiag to test DNS-AD integration. We ran gpupdate. We ran repadmin to test AD sync. We ran the BPA again and it told us that the server held none of the FSMO roles. !***!&*($&#*(&$*!!!!! Yikes. We verified all of them in the GUI. We verified all them using command prompt tools and it came back as holding all of the FSMO roles. Still the BPA persisted in claiming that it did not, so we postponed the migration while we gathered our thoughts. After consulting with everyone we could think of that was an expert in AD, it was concluded that if the AD itself knew that the server held the roles and all of the usual tests came back good that the BPA must be on drugs. The migration was scheduled.
We took a backup. We took an image. We mounted the image onto our virtual server. We started and finished the migration. We migrated the mailboxes, moved the data and generally progressed through the to do list smoothly. Then we noticed the event log in the SBS 2003 server. It said that a recent DC Promo was unable to complete and AD replication was halted until it finished. Sure enough when we tried to add a user as a test, the user did not sync between the servers. AD was not replicating. Testing AD pointed to a problem with the objects in the Computer OU and DNS-AD integration tests said that it was unable to find the PDC. It claimed records were missing that were not missing. Rather than turn back to an SBS 2003 server that no one was able to determine why the BPA said didn’t hold the FSMO roles, we decided our options were to press forward to try to fix the AD or create a new domain. Since everything was working, from the user perspective, we decided we had a bit of time to work on fixing AD before our 21 day migration period was up. Work began.
Moving forward with the migration we got to the point were we decided to uninstall Exchange 2003 and attempt a demotion of the SBS 2003 server. The uninstall of Exchange 2003 went along fine. However when we tried to demote the SBS 2003 server it informed us it thought it was the last replication of DNS in active directory. Hard stop.
To troubleshoot Active Directory we checked schema version on both the server and found it was set to 44. Good but we needed them to replicate with each other. So, we deleted the connection objects on both of the servers. Went into DSSITE on both servers and told it to check replication topology. Waited for some time and we got the connection object back. We forced replication and it was successful! Problem solved.
We thought, problem solved. Shortly thereafter we got a call from the client, Outlook was reporting Disconnected. A look at Exchange 2007 showed that all of the mailboxes were gone! But the good news was that the mailbox store was still the right size so we knew that they were in there. We just needed to connect to them. Exchange Command shell: get-mailboxdatabase |clean-mailboxdatabase to have all disconnect mailboxes show up in the Console then in the console, go to disconnectted mailbox, right click each mailbox and choose connect. Do this for each users mailbox and another problem solved.
Are we done yet? No, yet another issue reared it’s ugly head. Users with large mailboxes were getting a message that their mailbox was too big and they were blocked from sending or receiving email. <sigh> Look at the Mailbox size limitation in the SBS Console and it still held our settings to allows for larger mailboxes for the Standard User Role. Reapply the role. No change. Back into the Exchange Management Console we go. Here we set the mailbox size for the users directly.
No further problems have presented themselves so we believe that we have successfully migrated an SBS 2003 with AD problems over to SBS 2008. Overall it was a good learning experience for the technician involved and now we know that the BPA is never on drugs. Apparently it knows things about AD that AD doesn’t even know about itself.
—
So who wrote this blog and what do they do for a living anyway?
We’re Third Tier. We provide advanced Third Tier support for IT Professionals. Get Support Blog Twitter Facebook LinkedIN
