tag:blogger.com,1999:blog-169938471545180482024-02-19T15:47:55.056+01:00Somewhere in a cloud....binary.mindset....Rune Bakkenhttp://www.blogger.com/profile/00109589528216477991noreply@blogger.comBlogger29125tag:blogger.com,1999:blog-16993847154518048.post-63564082580573082702012-09-19T21:44:00.001+02:002012-09-19T21:58:11.473+02:00Could not load type 'Microsoft.Exchange.Management.Security.AdfsFederationAuthModule'<br />
<div class="MsoNormal" style="margin: 0cm 0cm 8pt;">
<span lang="EN-US" style="mso-ansi-language: EN-US;"><span style="font-family: Calibri;">After
installing Exchange 2013 Beta, I got the following error when entering the new
web based management console.<o:p></o:p></span></span></div>
<br />
<div class="MsoNormal" style="margin: 0cm 0cm 8pt;">
<i style="mso-bidi-font-style: normal;"><span lang="EN-US" style="color: #bfbfbf; mso-ansi-language: EN-US; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: #BFBFBF; mso-style-textfill-fill-themecolor: background1; mso-themecolor: background1; mso-themeshade: 191;"><span style="font-family: Calibri;">Could not load type
'Microsoft.Exchange.Management.Security.AdfsFederationAuthModule'. <o:p></o:p></span></span></i></div>
<br />
<div class="MsoNormal" style="margin: 0cm 0cm 8pt;">
<i style="mso-bidi-font-style: normal;"><span lang="EN-US" style="color: #bfbfbf; mso-ansi-language: EN-US; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: #BFBFBF; mso-style-textfill-fill-themecolor: background1; mso-themecolor: background1; mso-themeshade: 191;"><span style="font-family: Calibri;"><span style="mso-spacerun: yes;"> </span>Description: An unhandled
exception occurred during the execution of the current web request. Please
review the stack trace for more information about the error and where it
originated in the code. <o:p></o:p></span></span></i></div>
<br />
<div class="MsoNormal" style="margin: 0cm 0cm 8pt;">
<span lang="EN-US" style="mso-ansi-language: EN-US;"><span style="font-family: Calibri;">To resolve
this I installed the following features:<o:p></o:p></span></span></div>
<br />
<div class="MsoListParagraph" style="margin: 0cm 0cm 8pt 36pt; mso-list: l0 level1 lfo1; text-indent: -18pt;">
<!--[if !supportLists]--><span lang="EN-US" style="mso-ansi-language: EN-US; mso-ascii-font-family: Calibri; mso-bidi-font-family: Calibri; mso-fareast-font-family: Calibri; mso-hansi-font-family: Calibri;"><span style="mso-list: Ignore;"><span style="font-family: Calibri;">-</span><span style="font-size-adjust: none; font-stretch: normal; font: 7pt/normal "Times New Roman";">
</span></span></span><!--[endif]--><span lang="EN-US" style="mso-ansi-language: EN-US;"><span style="font-family: Calibri;">Windows
Identity Foundation 3.5<o:p></o:p></span></span></div>
<br />
<div class="MsoNormal" style="margin: 0cm 0cm 8pt;">
<span lang="EN-US" style="mso-ansi-language: EN-US;"><span style="font-family: Calibri;">Do a IIS
reset, and it should work.</span></span><br />
<span lang="EN-US" style="mso-ansi-language: EN-US;"><span style="font-family: Calibri;"></span></span><br />
<span lang="EN-US" style="mso-ansi-language: EN-US;"><span style="font-family: Calibri;">WIF3.5 is a requirements for Exchange 2013, but is not installed as part as the installation. This might be a bug in the beta. The link below describes the requirements:</span></span><br />
<a href="http://technet.microsoft.com/en-us/library/bb691354(v=exchg.150).aspx">http://technet.microsoft.com/en-us/library/bb691354(v=exchg.150).aspx</a></div>
Rune Bakkenhttp://www.blogger.com/profile/00109589528216477991noreply@blogger.com0tag:blogger.com,1999:blog-16993847154518048.post-87793750321125011122012-09-14T00:35:00.000+02:002012-09-17T18:21:12.723+02:00Enterprise Vault Client and Outlook 2013<br />
<div class="MsoNormal" style="margin: 0cm 0cm 8pt;">
<span lang="EN-US" style="mso-ansi-language: EN-US;"><span style="font-family: Calibri;">Today I
needed an attachment in my Outlook 2013, but the attachment was archived with
Enterprise Vault. And I’m quite feed up for the need to use OWA to get my
attachments.<o:p></o:p></span></span></div>
<br />
<div class="MsoNormal" style="margin: 0cm 0cm 8pt;">
<span lang="EN-US" style="mso-ansi-language: EN-US;"><span style="font-family: Calibri;">As we all
know, Symantec are quite slow to support new software, and to release updates
and betas to support new software like Office 2013.<o:p></o:p></span></span></div>
<br />
<div class="MsoNormal" style="margin: 0cm 0cm 8pt;">
<span lang="EN-US" style="mso-ansi-language: EN-US;"><span style="font-family: Calibri;">So I
decided to install the EV client 10.0.0 on my Win8 computer with Office 2013. A walk in the park </span></span><span lang="EN-US" style="font-family: Wingdings; mso-ansi-language: EN-US; mso-ascii-font-family: Calibri; mso-ascii-theme-font: minor-latin; mso-char-type: symbol; mso-hansi-font-family: Calibri; mso-hansi-theme-font: minor-latin; mso-symbol-font-family: Wingdings;"><span style="mso-char-type: symbol; mso-symbol-font-family: Wingdings;">J</span></span><span lang="EN-US" style="mso-ansi-language: EN-US;"><o:p></o:p></span></div>
<br />
<div class="MsoNormal" style="margin: 0cm 0cm 8pt;">
<span lang="EN-US" style="mso-ansi-language: EN-US;"><span style="font-family: Calibri;">This is the
way I did it:</span></span></div>
<ol>
<li><div class="MsoNormal" style="margin: 0cm 0cm 8pt;">
<span lang="EN-US" style="mso-ansi-language: EN-US;"></span><span lang="EN-US" style="mso-ansi-language: EN-US;"><span style="font-family: Calibri;">Get hold of the .msi file for the Outlook EV Client</span></span></div>
</li>
<li><div class="MsoNormal" style="margin: 0cm 0cm 8pt;">
<span lang="EN-US" style="mso-ansi-language: EN-US;"></span><span lang="EN-US" style="mso-ansi-language: EN-US;"><span style="font-family: Calibri;">Edit the .msi in Orca, and find the following tables: <o:p></o:p></span></span></div>
</li>
<li><div style="text-align: left;">
<span style="background-color: white;">Table: <span lang="EN-US" style="mso-ansi-language: EN-US;"><span style="font-family: Calibri;"><strong>InstallUISequence</strong> and remove the following row: <em>ErrOutlook11NotInstalled<o:p></o:p></em></span></span></span></div>
</li>
<li><div style="text-align: left;">
<span lang="EN-US" style="mso-ansi-language: EN-US;"><span style="font-family: Calibri;"><span style="background-color: white;">Table: <strong>ReqLocator</strong> and change the following keys to <em>Software\Microsoft\Office\15.0\Outlook</em> (Should be 2 entries)<o:p></o:p></span></span></span></div>
</li>
<li><div style="text-align: left;">
<span lang="EN-US" style="mso-ansi-language: EN-US;"><span style="font-family: Calibri;">Save .msi</span></span></div>
</li>
<li><div style="text-align: left;">
<span lang="EN-US" style="mso-ansi-language: EN-US;"></span><span lang="EN-US" style="mso-ansi-language: EN-US;"><span style="font-family: Calibri;">Install .msi with privileges</span></span></div>
</li>
<li><div style="text-align: left;">
<span lang="EN-US" style="mso-ansi-language: EN-US;"></span><span lang="EN-US" style="mso-ansi-language: EN-US;"><span style="font-family: Calibri;">Start Outlook and verify that the plugin is visible in Outlook</span></span></div>
</li>
<li><div style="text-align: left;">
<span lang="EN-US" style="mso-ansi-language: EN-US;"></span><span lang="EN-US" style="mso-ansi-language: EN-US;"><span style="font-family: Calibri;">You are now able to restore the archived e-mails. Nothing else works, so OWA is still neded to search the Archive :(</span></span></div>
</li>
</ol>
<span lang="EN-US" style="mso-ansi-language: EN-US;"></span><br />
<div class="MsoListParagraph" style="margin: 0cm 0cm 8pt 36pt; mso-list: l0 level1 lfo1; text-indent: -18pt;">
<span lang="EN-US" style="mso-ansi-language: EN-US;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg2yIwKSdsdqadN9W5bu-cO66gtpUoJMWEjvQtSqTRgamig-sgLE7mB6P0kLHU2QLNBs9bbWwQzybNMyX1Oh8iTpG0whEubazdhphxJFY16WHanZ5vNeNflgF6H2944a1MbMlTIwd6DfQ/s1600/Capture.PNG" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="81" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg2yIwKSdsdqadN9W5bu-cO66gtpUoJMWEjvQtSqTRgamig-sgLE7mB6P0kLHU2QLNBs9bbWwQzybNMyX1Oh8iTpG0whEubazdhphxJFY16WHanZ5vNeNflgF6H2944a1MbMlTIwd6DfQ/s320/Capture.PNG" width="320" /></a><span lang="EN-US" style="mso-ansi-language: EN-US; mso-ascii-font-family: Calibri; mso-bidi-font-family: Calibri; mso-fareast-font-family: Calibri; mso-hansi-font-family: Calibri;"><span style="mso-list: Ignore;"><span style="font-size-adjust: none; font-stretch: normal; font: 7pt/normal "Times New Roman";"> </span></span></span></span></div>
<span lang="EN-US" style="mso-ansi-language: EN-US;">
</span><div class="MsoListParagraphCxSpLast" style="margin: 0cm 0cm 8pt 36pt; mso-list: l0 level1 lfo1; text-indent: -18pt;">
</div>
<span lang="EN-US" style="mso-ansi-language: EN-US;">
</span><br />
<div class="MsoListParagraphCxSpLast" style="margin: 0cm 0cm 8pt 36pt; mso-list: l0 level1 lfo1; text-indent: -18pt;">
</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg2yIwKSdsdqadN9W5bu-cO66gtpUoJMWEjvQtSqTRgamig-sgLE7mB6P0kLHU2QLNBs9bbWwQzybNMyX1Oh8iTpG0whEubazdhphxJFY16WHanZ5vNeNflgF6H2944a1MbMlTIwd6DfQ/s1600/Capture.PNG" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"></a><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg2yIwKSdsdqadN9W5bu-cO66gtpUoJMWEjvQtSqTRgamig-sgLE7mB6P0kLHU2QLNBs9bbWwQzybNMyX1Oh8iTpG0whEubazdhphxJFY16WHanZ5vNeNflgF6H2944a1MbMlTIwd6DfQ/s1600/Capture.PNG" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"> </a></div>
<br />
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg2yIwKSdsdqadN9W5bu-cO66gtpUoJMWEjvQtSqTRgamig-sgLE7mB6P0kLHU2QLNBs9bbWwQzybNMyX1Oh8iTpG0whEubazdhphxJFY16WHanZ5vNeNflgF6H2944a1MbMlTIwd6DfQ/s1600/Capture.PNG" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"></a><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg2yIwKSdsdqadN9W5bu-cO66gtpUoJMWEjvQtSqTRgamig-sgLE7mB6P0kLHU2QLNBs9bbWwQzybNMyX1Oh8iTpG0whEubazdhphxJFY16WHanZ5vNeNflgF6H2944a1MbMlTIwd6DfQ/s1600/Capture.PNG" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"> </a><br />
<br />
<br />
<div class="MsoListParagraphCxSpLast" style="margin: 0cm 0cm 8pt 36pt; mso-list: l0 level1 lfo1; text-indent: -18pt;">
<span lang="EN-US" style="mso-ansi-language: EN-US;"><span style="font-family: Calibri;"><o:p></o:p></span></span> </div>
<br />
<br />
Rune Bakkenhttp://www.blogger.com/profile/00109589528216477991noreply@blogger.com0tag:blogger.com,1999:blog-16993847154518048.post-50660106429709917672011-09-15T16:32:00.000+02:002011-09-15T16:32:54.088+02:00UAG NLB VIP error code 0xC0040352Today I troubleshoot a UAG NLB installation. Creating the array was no problem, but I was unable to assign the external VIP on in the NLB. But I was able to assing it to the internal NIC....<br />
The error that was given to me was:<br />
<br />
<span class="st">NLB Settings could not be configured (<strong>0xC0040352</strong>). </span><br />
<br />
<span class="st">After some troubleshooting, I found this page: <a href="http://technet.microsoft.com/en-us/library/dd126855.aspx">http://technet.microsoft.com/en-us/library/dd126855.aspx</a></span><br />
<span class="st">which gave an description of the error message:</span><br />
<br />
<span class="st"><em>"The specified virtual IP address VirtualIpAddress is not contained in the NetworkName network, in which the Network Load Balancing cluster resides."</em></span><br />
<br />
<span class="st">I ran the network assignment wizard again and verified that the external nic was tagged as external, and the internal nic was tagged as internal, and that the IP addresses was correct.</span><br />
<span class="st">Still no go!</span><br />
<br />
<span class="st">I stated the TMG config tool, and under networks I found that on the internal Network that and IP range for 1-127 was added with all the defined internal networks.</span><br />
<br />
<span class="st">I cleaned up all the addresses that not is internal, saved the config, and started the UAG NLB wizard again.</span><br />
<br />
<span class="st">It now worked like a charm!</span>Rune Bakkenhttp://www.blogger.com/profile/00109589528216477991noreply@blogger.com0tag:blogger.com,1999:blog-16993847154518048.post-13718412261833361752011-03-30T18:26:00.001+02:002011-03-30T18:29:32.769+02:00Generate Computer names in MDT 2010/SCCM - UpdateI've created an advanced stored procedure. The new stored procedure build on the last one that has the OU assignment , but the new one gives you the possibility to have different prefix on you computers based on location. It is also possible to have custom sequence for each location, so all your computers on location A could be named PC-Location(A)-Type*-Sequence(00001), PC-Location(A)-Type*-Sequence(00002), and PC-Location(B)-Type*-Sequence(00001),PC-Location(B)-Type*-Sequence(00002).<br />
<br />
If you want to have computer type (Desktop,laptop,VM) in your computer name. You can easily add the following in the stored procedure:<br />
<br />
In the IF @isvm/isdesktop/islaptop sequences add the following:<br />
Set <span style="color: red;">@type</span>=’L’ or ‘D’ or ‘V’ <br />
(If you want the computer names for laptops to contain an L to identify that its a laptop, D for desktop and V for Virtual.<br />
<br />
You also have to add the following in the Set @newname<br />
set @newname = @prefix '+' <span style="color: red;">@type</span> '+' etc.....<br />
<br />
These changes have to be made on all three IF statements for each computer type, a total of 6 entries. 2 per IF statement.<br />
<br />
The files can be downloaded here:<br />
<a href="http://cid-214999a8ebe4fcb4.office.live.com/browse.aspx/.Public/SCCM?uc=0">http://cid-214999a8ebe4fcb4.office.live.com/browse.aspx/.Public/SCCM?uc=0</a>Rune Bakkenhttp://www.blogger.com/profile/00109589528216477991noreply@blogger.com1tag:blogger.com,1999:blog-16993847154518048.post-70142252791214657872011-03-29T17:15:00.000+02:002011-03-29T17:15:57.258+02:00Access is denied Windows 7 Offline files (CSC)These last couple of days I’ve been troubleshooting offline files in Windows 7. At a customer we are building a new OU structure and new GPO policies for Windows 7 (the old ones are old Win2000/xp, and really need to be updated).<br />
<br />
The new GPO for Windows 7 is defined to allow offline files, transparent caching, when to synchronize and encryption of offline files and are linked on the computers OU. The user GPO has the automatically offline redirected folders. <br />
<br />
Today, the Windows 7 computers are configured with Offline files, and everything is working as normal. (Pretty much the same configuration as we have created, but they are created for WinXP)<br />
<br />
When we move a computer and user to the new OU structure and the new GPOs are applied, we get an “access is denied” when we try to edit files in the CSC Cache. We are able to create files, but not able to edit them… When we move the computer back to the old OU and GPO everything works normal.<br />
<br />
If we turn off encryption of offline files in the new OU structure everything works normal, and creating and editing is fine.<br />
<br />
After digging around, I found that the DRA (Data Recovery Agent) certificate (Default created when installing a domain) had expired in 2003…. (time to renew...)<br />
<br />
I utilized the existing PKI and created a new DRA and tried again. But I still got the “Access is denied” when the computer was placed in the new OU and got the new GPOs.<br />
<br />
Since the default DRA had expired in 2003 and the computer associated with the private key has been recycled to car parts, I deleted it from the Domain Policy. So only the new DRA certificate was available.<br />
<br />
When the client got the new GPO with only one valid DRA, everything worked like a charm.<br />
<br />
During the troubleshooting I saw some status issues in the sync center. When I got the “access is denied” messages I saw that in Sync Center->Manage Offline Files->Encryption had a statuslike <em>"not all of the offline files are encrypted."</em><br />
<br />
After the DRA fix up was done, the status of Encryption was like <em>"all offline files is encrypted"</em>!<br />
<br />
Why it worked with the old policies I haven’t quite understood.Rune Bakkenhttp://www.blogger.com/profile/00109589528216477991noreply@blogger.com0tag:blogger.com,1999:blog-16993847154518048.post-76705650792313308572011-03-15T22:15:00.005+01:002011-03-21T21:15:35.116+01:00Generate Computer names in MDT 2010/SCCM based on prefix and a sequence number including OU assignmentI must admit MDT and SCCM works nice together, but it lacks some features like auto generating names(sequentially) and dynamically assigns clients to OU based on multiple criteria’s (at least what I know…)<br />
<div></div>What I’ve been struggling with the last days are to auto generate names to unknown computers being installed with a new Win7 image. I came across <a href="http://www.deployvista.com/Home/tabid/36/EntryID/120/language/en-US/Default.aspx">http://www.deployvista.com/Home/tabid/36/EntryID/120/language/en-US/Default.aspx</a><br />
Which solved my naming issue… Good work Johan Arwidmark:)<br />
<br />
But I still had one issue left; the OU structure is more complex than just location or type. I need to put the computers in an OU structure based on location and type of client.<br />
The OU structure is like this; OU=ComputerType,OU=Computers,OU=Location, DC=domain,DC=local. <br />
To resolve this issue, I’ve expanded the stored procedure Johan created, and created an extra table to store the following info:<br />
<ul><li>Location – The name of you Location example: New York</li>
<li>Gateway IP – The same as MDT. What Gateway identifies the New York location</li>
<li>Shortname – The shortname of location for use in computername example: NY</li>
<li><span style="color: red;">BaseOU</span> – the OU string for this location: OU=Computers,OU=New York,OU=Locations,DC=domain,DC=local</li>
</ul>To populate the information you want to use for generation, you have to use SQL Management Studio to add information to the table.<br />
<br />
In addition you need to change the MachineObjectOU column in the MDT settings table to more than 50 characters. I used 255 since I know my OU paths aren’t longer than that. But in my case 50 characters are too short.<br />
<br />
Based on the information above the stored procedure will create a computer name sequentially in the following format PCLOCATIONSEQUENCE, example PCNY00001. The computer account will also be created in the OU=Laptop,+<span style="color: red;">BaseOU </span>or OU=Desktop,+<span style="color: red;">BaseOU</span> or OU=VM,+<span style="color: red;">BaseOU</span> based on the %islaptop%, %isdesktop% or %isvm% parameters in MDT.<br />
<br />
To change the naming convention for the computer name, edit the stored procedure to change the order or add hyphens (-) for segmentation.<br />
<br />
In the MDT/SCCM task sequence you need to use the %OSDDomainOUName% and not the %machineobjectOU%<br />
<br />
I’m not a SQL guy, so the code might be a mess, but it’s working. I’ll try to rewrite the procedure to optimize the code. But I don’t know when it will be finished.<br />
<br />
Download files here:<br />
<a href="http://cid-214999a8ebe4fcb4.office.live.com/browse.aspx/.Public/SCCM">http://cid-214999a8ebe4fcb4.office.live.com/browse.aspx/.Public/SCCM</a><br />
<br />
Run the scripts on you MDT database and add the following configure to your current Customsettings.ini:<br />
<br />
[Settings]<br />
Priority=IdentifyComputer, CSettings<br />
<br />
[CSettings]<br />
SQLServer=SERVERNAME<br />
Database=MDTDATABASENAME<br />
Netlib=DBNMPNTW<br />
SQLShare=DeploymentShareProd$<br />
Table=ComputerSettings<br />
Parameters=UUID, AssetTag, SerialNumber, MacAddress<br />
ParameterCondition=OR<br />
<br />
[IdentifyComputer]<br />
SQLServer=SERVERNAME<br />
Database=MDTDATABASENAME<br />
Netlib=DBNMPNTW<br />
SQLShare=DeploymentShareProd$<br />
StoredProcedure=IdentifyComputer<br />
Parameters=MacAddress, DefaultGateway,Islaptop,IsDesktop,IsVM<br />
ParameterCondition=AndRune Bakkenhttp://www.blogger.com/profile/00109589528216477991noreply@blogger.com1tag:blogger.com,1999:blog-16993847154518048.post-70584913049928530682011-01-31T09:34:00.002+01:002011-03-18T14:13:43.295+01:00Routing Group Connector - Loop condition 2010Today I’ve been troubleshooting a looping condition on a Exchange 2003 -> 2010 transition. The mail flow from Exchange 2010 -> 2003 is working fine, and with a new SMTP connector for internet mail the Exch2010 is able to send to the internet. <br />
<br />
But one thing does not work, and that is mail flow between the Exc2003 and Exc2010. No NDRs, nothing is reported back from the system, but the mails are located in the “Messages queued for deferred delivery”queue. When the SMTP service is stopped, I receive a NDR for the messages saying it’s a loop:<br />
<br />
<em><span style="font-size: x-small;">Your message did not reach some or all of the intended recipients. </span></em><br />
<em><span style="font-size: x-small;">Subject: Test 11 </span></em><br />
<em><span style="font-size: x-small;">Sent: 5/01/2010 3:34 PM </span></em><br />
<em><span style="font-size: x-small;">The following recipient(s) could not be reached: </span></em><br />
<em><span style="font-size: x-small;">user@domainname.com on 5/01/2010 3:34 PM </span></em><br />
<em><span style="font-size: x-small;">A configuration error in the e-mail system caused the message to bounce between two servers or to be forwarded between two recipients. Contact your administrator. </span></em><br />
<em><span style="font-size: x-small;"><mail.domainname.com #5.3.5=""></span></em><br />
<br />
The exchange 2003 organization does not have other routing group connectors, and is not using Smarthost for outgoing emails. The Exc2010 RoutingGroupConnector created during install has been deleted and recreated to see if that did the trick, but it didn’t.<br />
<br />
It turns out that the Exc2003 cluster had 2 SMTP virtual servers, where as one was stopped due to some old errors, and the on the routinggroupconnector this was the SMTP server used. I could not find any powershell parameters to define a different SMTP virtual server, so I had to use ADSIEDit to change the default SMTP virtual server on the connector. Thanks to <a href="http://www.google.no/url?sa=t&source=web&cd=1&sqi=2&ved=0CBcQFjAA&url=http%3A%2F%2Fwww.microsoft.com%2Fdownloads%2Fdetails.aspx%3Ffamilyid%3Dc5a8afbf-a4da-45e0-adea-6d44eb6c257b&ei=5HNGTbaNFcaSOpWe6YgC&usg=AFQjCNFjS3rc552ZhGmDzxsvXS5B7H6atg&sig2=-KLe2fGynHArgOd8VddYUQ">Winroute</a> for giving me a red cross on the RoutingConnector, and sending me in the direction of multiple SMTP servers.<br />
<br />
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhWVPAhgPAIseRjODVH__rF9Zyaj6_wwMzlxZRMR2sUHwv38zogF_vX2azDnMEjiaC29MUjyrSgM20H2M0k-LEaDktbZl7pK7FMR4auYLKUhqDhIvWyI15MNZlG8Q2QAKgi6qmJOz4lJQ/s1600/routinggroup.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="370" s5="true" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhWVPAhgPAIseRjODVH__rF9Zyaj6_wwMzlxZRMR2sUHwv38zogF_vX2azDnMEjiaC29MUjyrSgM20H2M0k-LEaDktbZl7pK7FMR4auYLKUhqDhIvWyI15MNZlG8Q2QAKgi6qmJOz4lJQ/s640/routinggroup.jpg" width="640" /></a></div><div style="border-bottom: medium none; border-left: medium none; border-right: medium none; border-top: medium none;"><br />
</div>After changing this and wait for the Exchange to pick up the config from AD, mail flow is now working both ways between Exc2003<->Exch2010.Rune Bakkenhttp://www.blogger.com/profile/00109589528216477991noreply@blogger.com1tag:blogger.com,1999:blog-16993847154518048.post-57107979420391287702010-11-12T00:18:00.002+01:002011-03-18T14:13:20.799+01:00MapiExceptionNoSupport: IExchangeFastTransferEx.TransferBuffer failed hr=0x80040102, ec=-2147221246These last couple of days I've been migrating a customer from Exchange 2003 to Exchange 2010 SP1.<br />
All users were moved successfully, except one. On this user we got some strange error messages in the move-requeststatistics command and on the HUB transport responsible for the move.<br />
The complete error message is posted at the bottom.<br />
<br />
On this user the move-request failed after just some MB, and the troubleshooting begun. <br />
These are the steps I took:<br />
<ul><li>Use Exmerge on 2003 for .pst migration - Failed. The error message in the exmerge logfile is as follow: <br />
<em><span style="font-size: x-small;">Error copying messages from folder '\Inbox' (MAPI_W_PARTIAL_COMPLETION) [22:14:27] Trying to copy messages in folder '\Inbox', individually. To avoid duplicates in the target store, messages will be merged and not copied into the target store. [22:14:27] Error getting Contents Table. (CopyMessagesToDestFolder) </span></em></li>
<li>Migration to another Exchange 2003 mailbox store - OK</li>
<li>Migration to Exchange 2010, gives the error message below.</li>
<li>Export to .pst from Outlook - OK</li>
</ul>The solution for me was to use <a href="http://www.microsoft.com/downloads/en/details.aspx?FamilyId=635BE792-D8AD-49E3-ADA4-E2422C0AB424&displaylang=en">PFDAVAdmin</a> and to reset the DACL on the mailbox. Tried the Check DACL state, before the Fix, and it said it was ok. But apparently not.<br />
<br />
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEie816HSA8S_1spotcvtxltmfB4yBHRtCPrMHE-Pu3gJWuVcJHkYW0DXUlWbtJ0w8SHXSIS4A30WKKoTAmXw9DCWSLCGpAxBjLAv4a7vo2DEjgp-zfPMnPW3XbPIkjM5R0r2ixMo9saEA/s1600/pfdav.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="320" px="true" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEie816HSA8S_1spotcvtxltmfB4yBHRtCPrMHE-Pu3gJWuVcJHkYW0DXUlWbtJ0w8SHXSIS4A30WKKoTAmXw9DCWSLCGpAxBjLAv4a7vo2DEjgp-zfPMnPW3XbPIkjM5R0r2ixMo9saEA/s320/pfdav.JPG" width="297" /></a></div><br />
When the DACL was reset, the move-request went successfull.<br />
<br />
<u>Complete Error message:</u><br />
Request domain.fqdn/OU/name' (f71639ea-0868-4527-b71e-7b6311359e98) failed.<br />
Error code: -2147221246<br />
MapiExceptionNoSupport: IExchangeFastTransferEx.TransferBuffer failed (hr=0x80040102, ec=-2147221246)<br />
Diagnostic context:<br />
Lid: 55847 EMSMDBPOOL.EcPoolSessionDoRpc called [length=470]<br />
Lid: 43559 EMSMDBPOOL.EcPoolSessionDoRpc returned [ec=0x0][length=645][latency=0]<br />
Lid: 23226 --- ROP Parse Start ---<br />
Lid: 27962 ROP: ropFXDstCopyConfig [83]<br />
Lid: 27962 ROP: ropTellVersion [134]<br />
Lid: 27962 ROP: ropFXDstPutBufferEx [157]<br />
Lid: 17082 ROP Error: 0x80040102<br />
Lid: 31329 <br />
Lid: 21921 StoreEc: 0x80040102<br />
Lid: 27962 ROP: ropExtendedError [250]<br />
Lid: 1494 ---- Remote Context Beg ----<br />
Lid: 1238 Remote Context Overflow<br />
Lid: 32762 dwParam: 0x3FD60040<br />
Lid: 30106 StoreEc: 0x471 <br />
Lid: 18842 StoreEc: 0x471 <br />
Lid: 20234 <br />
Lid: 3625 StoreEc: 0x471 <br />
Lid: 25066 <br />
Lid: 21970 StoreEc: 0x8004010F PropTag: 0x668F0040<br />
Lid: 21970 StoreEc: 0x8004010F PropTag: 0x674A0014<br />
Lid: 21970 StoreEc: 0x8004010F PropTag: 0x36138000<br />
Lid: 31473 StoreEc: 0x8004010F<br />
Lid: 39287 <br />
Lid: 17916 StoreEc: 0x80040102<br />
Lid: 32252 StoreEc: 0x80040102<br />
Lid: 7915 StoreEc: 0x80040102<br />
Lid: 20320 <br />
Lid: 4559 StoreEc: 0x80040102<br />
Lid: 21802 <br />
Lid: 19994 StoreEc: 0x80040102<br />
Lid: 20202 <br />
Lid: 3305 StoreEc: 0x80040102<br />
Lid: 32762 dwParam: 0x3FE00102<br />
Lid: 32762 dwParam: 0x675C0102<br />
Lid: 32762 dwParam: 0x67510003<br />
Lid: 26346 <br />
Lid: 4073 StoreEc: 0x80040102<br />
Lid: 28570 StoreEc: 0x80040102<br />
Lid: 29738 <br />
Lid: 3401 StoreEc: 0x80040102<br />
Lid: 1750 ---- Remote Context End ----<br />
Lid: 26849 <br />
Lid: 21817 ROP Failure: 0x80040102<br />
Lid: 22630 <br />
Context:<br />
--------<br />
Operation: IMapiFxProxy.ProcessRequest<br />
OpCode: TransferBuffer<br />
DataLength: 404<br />
--------<br />
Operation: IMapiFxProxy.ProcessRequest<br />
OperationSide: Target<br />
Primary (f71639ea-0868-4527-b71e-7b6311359e98)<br />
OpCode: TransferBuffer<br />
DataLength: 404Rune Bakkenhttp://www.blogger.com/profile/00109589528216477991noreply@blogger.com3tag:blogger.com,1999:blog-16993847154518048.post-55294318032385706522010-10-22T12:46:00.002+02:002011-03-18T14:16:52.552+01:00File Server Resource Manager migration - FilescrnToday I'm working on a Win2003 File Cluster upgrade to Win2008R2 Cluster.<br />
The customer are using the File Screening feature in Windows 2003 R2, and would like to have the templates, file groups and file screens on the new 2008R2 cluster.<br />
<br />
To do this migration, you have to have at least one cluster disk in your 2008R2 cluster.<br />
On Win2003R2:<br />
<ul><li>Start command prompt and do the following commands</li>
<li>filescrn filegroup export /path:C:\temp\filegroupname.xml /filegroup:NameOfFilegroupToExport</li>
<li>filescrn template export /path:C:\temp\templatename.xml /filegroup:NameOfTemplateToExport</li>
</ul><br />
If you know try to import these files into 2008R2, you'll get the following error message:<br />
<br />
<em>The version of the configuration file you are trying to import is not supported.</em><br />
<em>You cannot import configuration files with database versions earlier than 2.0.</em><br />
<br />
To resolve this, open the .xml files you exported and change the <br />
<em><header databaseversion="1.0"> to <header databaseversion="2.0"></em><br />
You are now able to import the files on the 2008R2 server.<br />
<br />
To import on 2008R2, do as follow:<br />
<ul><li>Start command prompt and do the following commands:</li>
<li>filescrn filegroup import /path:C:\temp\filegroupname.xml /filegroup:NameOfFilegroup</li>
<li>filescrn template import /path:C:\temp\templatename.xml /filegroup:NameOfTemplate</li>
</ul>Your templates and filegroups should now be configures as they were in the 2003 cluster.<br />
<br />
All you have to do now is to create the screening rules, associate a template to a volume, and your good to go.<br />
<br />
After this configuration has been made, do a cluster failover and verify that the configuration is correct on the other nodes in the cluster.Rune Bakkenhttp://www.blogger.com/profile/00109589528216477991noreply@blogger.com2tag:blogger.com,1999:blog-16993847154518048.post-41505267514630114622010-10-21T15:42:00.001+02:002011-03-18T14:12:24.205+01:00Exchange 2010 - Lotus Notes - Transporter Suite - Directory SyncIm doing a Exchange 2010 migration from Exchange 2003. The customer are using the Exch2003 Notes Connector, and we have to move this solution so we can remove the Exchange 2003 solution.<br />
As we all know, Microsoft has statet that they don't want to create a new Transporter Suite which was shipped for Exchange 2007 to support Exchange 2010. We have chosen to use the Transporter Suite, but to do this in a supported way, we installed a Exch2007 Mailbox /CAS server.<br />
My customer uses the Notes connector for Directory import with a partner, and are not used for migration between Notes and Exchange.<br />
<br />
To use the Transporter Suite in a Exchange 2010 environment for directory syncronization, you have to do as follow:<br />
<ul><li>Install an Exchange 2007 server holding MBX and HUB or CAS in your environment.</li>
<li>Install Lotus Notes version 7.1 or higher (I used 8.x) in "this user only". Transporter Suite does not like multiple notes.ini files</li>
<li>Make sure your server can do name resolution to Notes server, and that the ports are open.</li>
<li>Create a new connector with the settings you want regarding notes server, Notes addressbook name, domain name, what to syncronize to Notes.</li>
<li>Get GUID from legacy connector (powershell)</li>
<li>Get GUID from new connector (powershell)</li>
<li>Delete legacy Notes Connector from AD (Adsiedit.msc)</li>
<li>Create a OU where you want the users to be created in AD. If you do an upgrade from Exchange 2003 skip this.</li>
<li>Give the computer account running the Transporter Suite Account Operator permissions / FC on the OU where notes contacts should be created</li>
<li>If your Notes hosts multiple SMTP domains, you have to edit the file <strong>dominotoexchangerules.tbl</strong>. This file does some matching against the SMTP domain you specify on your connector. If the SMTP domain does not match, you get a lot of Notes users with primary SMTP addresses with / and % which gives a lot of errors. If the match failes, it adds the Notes internal address and adds the domain specified which gives you for sure an unsupported SMTP address.<br />
I changed the following fields to just put the Notes InternetEmailAddress as primary SMTP on the Contact object. <br />
TA=InetAddr<br />
PriSMTP=InetAddr<br />
SecSMTP= Deleted</li>
<li>Run Full import to AD and Full Import to Notes</li>
<li>Only neccary if you are upgrading legacy connector:<br />
Run the following command to upgrade/ take overship of existing Connector contacts:<br />
Start-DominoDirectoryConnector -Identity newconnectorGUID -TakeOwnership -LegacyConnectorID <connectorguid></li>
<li>All your Notes Contacts should now ha primary e-mail as a legal SMTP address, and not notes user id or notes interal address.</li>
<li>Uninstall Notes connector tool on Exchange 2003.</li>
</ul>Since the new transport suite uses SMTP for routing you could create a SMTP send connector to send the mail to the specific servers if necessary. But since SMTP is enabled, you could relay on the MX on internet to deliver the mail for you.<br />
<br />
This is my solution to using Transporter Suite in Exchange 2010 environment.Rune Bakkenhttp://www.blogger.com/profile/00109589528216477991noreply@blogger.com0tag:blogger.com,1999:blog-16993847154518048.post-11767497689531201362010-10-07T00:43:00.002+02:002011-03-18T14:11:57.925+01:00Direct Access - UAG - 2003 File Cluster AccessAt a customer who has deployed DA, we have a strange problem.<br />
The clients using DA suddenly got disconnected from the networks share on a 2003 FileCluster.<br />
This could be only seconds after they connected, that they got a red cross on the network drive. when accessing the drive, they either got an error saying it could not connect, or it connected as normal. If the error message was thrown, they tried again, and got connected.<br />
<br />
After a lot of troubleshooting, the explanation was found. When one user is connected to the fileshare over DA its OK, when a new user connects to the fileshare, the new connection resets the old one. This is because the UAG server is using NAT64 the UAG server is responsible for terminating the DA sessions and transalating them to Ipv4. More info here: <a href="http://blogs.technet.com/b/edgeaccessblog/archive/2009/09/08/deep-dive-into-directaccess-nat64-and-dns64-in-action.aspx">http://blogs.technet.com/b/edgeaccessblog/archive/2009/09/08/deep-dive-into-directaccess-nat64-and-dns64-in-action.aspx</a>. <br />
<br />
If the fileserver had been 2008 servere this would not have been an issue, since DA would not use NAT64, and IPv6 could have been used for the entire session.<br />
<br />
Due to NAT64 the UAG server needs to create a sessions for each DA user to the 2003 file cluster share. This is not supported in SMB1 <a href="http://support.microsoft.com/kb/301673">http://support.microsoft.com/kb/301673</a>, <br />
but is supported in SMB2.<br />
Microsoft gives you 2 option, block port 445 and use Netbios, or upgrade the file cluster to 2008, which support SMB2.<br />
<br />
<br />
<span style="color: red;">*************UPDATE*****************<br />
Microsoft has confirmed this issue, and are working on a hotfix <span lang="EN-US" style="color: #1f497d; font-family: "Calibri", "sans-serif"; font-size: 11pt; mso-ansi-language: EN-US; mso-bidi-language: AR-SA; mso-fareast-font-family: Calibri; mso-fareast-language: NO-BOK; mso-fareast-theme-font: minor-latin;">KB2444558 that will fix this issue.</span></span><br />
<span lang="EN-US" style="color: #1f497d; font-family: "Calibri", "sans-serif"; font-size: 11pt; mso-ansi-language: EN-US; mso-bidi-language: AR-SA; mso-fareast-font-family: Calibri; mso-fareast-language: NO-BOK; mso-fareast-theme-font: minor-latin;"><span style="color: red;">This issue can also affect the authentication between DA and 2003 domain controllers, since this also uses SMB. </span></span><br />
<span lang="EN-US" style="color: #1f497d; font-family: "Calibri", "sans-serif"; font-size: 11pt; mso-ansi-language: EN-US; mso-bidi-language: AR-SA; mso-fareast-font-family: Calibri; mso-fareast-language: NO-BOK; mso-fareast-theme-font: minor-latin;"><span style="color: red;">The expected release date is week 48.</span></span><br />
<span lang="EN-US" style="color: #1f497d; font-family: "Calibri", "sans-serif"; font-size: 11pt; mso-ansi-language: EN-US; mso-bidi-language: AR-SA; mso-fareast-font-family: Calibri; mso-fareast-language: NO-BOK; mso-fareast-theme-font: minor-latin;"><span style="color: red;">*******************************************</span></span>Rune Bakkenhttp://www.blogger.com/profile/00109589528216477991noreply@blogger.com0tag:blogger.com,1999:blog-16993847154518048.post-40142072083283760962010-09-06T23:35:00.000+02:002010-09-06T23:35:48.683+02:00Paternity leave and vacationI'm on paternity leave and vacation.<br />
<br />
Will be back 13 sept.Rune Bakkenhttp://www.blogger.com/profile/00109589528216477991noreply@blogger.com0tag:blogger.com,1999:blog-16993847154518048.post-2677391274409595282010-07-02T10:58:00.003+02:002011-03-18T14:11:29.365+01:00Iphone OS4 - Exchange Activesync issuesApple has created a hotfix for issues regarding OS4.0 and activesync.<br />
<a href="http://support.apple.com/kb/TS3398">http://support.apple.com/kb/TS3398</a><br />
<br />
This hotfix needs to be installed on the iPhone.Rune Bakkenhttp://www.blogger.com/profile/00109589528216477991noreply@blogger.com0tag:blogger.com,1999:blog-16993847154518048.post-59098404008327773562010-06-28T15:43:00.002+02:002011-03-18T14:11:10.282+01:00Unable to access mailbox after migration from Exchange 2003 to Exchange 2010I migrated 400 users this weekend to Exchange 2010. The migration seems like the migration went well, since all the move requests came out 100% completed and no one reported any errors. But something didn’t go successfully as reported…..<br />
<br />
<br />
Right now I have completed troubleshooting an issue where a migrated user was not able to access his mailbox. The users who by the move request report went successful, but not all of the AD attributes were updated.<br />
<br />
This is an excerpt of the migration log:<br />
<em><span style="font-size: x-small;">Status : Completed</span></em><br />
<em><span style="font-size: x-small;">StatusDetail : Completed</span></em><br />
<em><span style="font-size: x-small;">SourceVersion : Version 0.0 (Build 7638.0)</span></em><br />
<em><span style="font-size: x-small;">SourceDatabase : exchange2003server\Storage Group\DBname</span></em><br />
<em><span style="font-size: x-small;">TargetVersion : Version 14.0 (Build 639.0)</span></em><br />
<em><span style="font-size: x-small;">TargetDatabase : 2010-databasename</span></em><br />
<em><span style="font-size: x-small;">MoveServerName : fqdn.servername</span></em><br />
<em><span style="font-size: x-small;">TotalMailboxSize : 2.951 GB (3,168,187,842 bytes)</span></em><br />
<em><span style="font-size: x-small;">TotalMailboxItemCount : 21074</span></em><br />
<em><span style="font-size: x-small;">BytesTransferred : 2.717 GB (2,917,612,755 bytes)</span></em><br />
<em><span style="font-size: x-small;">ItemsTransferred : 20958</span></em><br />
<em><span style="font-size: x-small;">PercentComplete : 100 </span></em><br />
<br />
I then did a <strong>get-mailbox</strong> username and this gave me the following result:<br />
<br />
<div class="separator" style="border-bottom: medium none; border-left: medium none; border-right: medium none; border-top: medium none; clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiJi4fbpoh8WLAsYxsplr8hwp31KLSupMYt5uhG9F5zQ93uxrbuJXjs1VQl4X7FI8CECUIbSpQoQ_u11as_h_m39z3C9tpkb9ngdNF2MeJ5BYYqxwDEwSozuh-scAw4jfw5Kdz_XjYa6g/s1600/bilde1.JPG" imageanchor="1" style="clear: left; cssfloat: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" ru="true" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiJi4fbpoh8WLAsYxsplr8hwp31KLSupMYt5uhG9F5zQ93uxrbuJXjs1VQl4X7FI8CECUIbSpQoQ_u11as_h_m39z3C9tpkb9ngdNF2MeJ5BYYqxwDEwSozuh-scAw4jfw5Kdz_XjYa6g/s320/bilde1.JPG" /></a></div><br />
<br />
And this is strange, the log says it completed successfully, but AD says it’s on the Ex2003 server.<br />
<br />
I then did | fl to get some more info, and the recipient type and recipient type details returned usermailbox, the Exchange version on the user was 0.10(14.0.100.0). And all these values were correct compared to the migration log.<br />
The only attributes that was wrong on the user object was<strong> serverlegacyDN</strong> and <strong>Servername </strong>where it pointed to the Ex2003 server and Ex2003 administrative group.<br />
<br />
This pointed me to something going wrong in Active Directory, at the current moment.<br />
I went in to Active Directory with ADSI edit and changed the following attributes<br />
HomeMDB and mdexchhomeservername to the new Exchange 2010 paths.<br />
<br />
After changing this to the correct values, the mailbox worked as normal, and the get-mailbox username returned the correct value on servername and serverlegacyDN<br />
<br />
<div class="separator" style="border-bottom: medium none; border-left: medium none; border-right: medium none; border-top: medium none; clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi1bqR0CXxI4bTU1zgKt0zgA4fWDJzBU3rgWruIgNHC5b0zj46dPI9Gmm39ARPMQNI8lbB1QNpd-M6XanKohEE-YHNC8MJKGm7lg2xeg4Jl1-iD4VEKyhOJhdUgxJDkhdwvAH6uz2M0RA/s1600/bilde2.JPG" imageanchor="1" style="clear: left; cssfloat: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" ru="true" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi1bqR0CXxI4bTU1zgKt0zgA4fWDJzBU3rgWruIgNHC5b0zj46dPI9Gmm39ARPMQNI8lbB1QNpd-M6XanKohEE-YHNC8MJKGm7lg2xeg4Jl1-iD4VEKyhOJhdUgxJDkhdwvAH6uz2M0RA/s320/bilde2.JPG" /></a></div>Rune Bakkenhttp://www.blogger.com/profile/00109589528216477991noreply@blogger.com0tag:blogger.com,1999:blog-16993847154518048.post-78566331200379456182010-06-25T00:34:00.003+02:002011-03-18T14:16:34.412+01:00Save all attachments does not work after moving to Exchange 2010Today I troubleshot an issue with Outlook 2007 and the save all attachment function <br />
<br />
When we tried to save all attachment from the file->Save as-> save all attachment, nothing happened. We were able to save attachment from the mail (right click save as…).<br />
<br />
I tested to find out what causing this problem, and I was able to reproduce it. It seems like if the attachment has been sent from outside the Exchange organization this happens, but if I send the attachment within my Exchange organization the save all attachments works.<br />
<br />
After verifying this, I thought this must be an bug.<br />
I did some googling and found this link: <a href="http://social.technet.microsoft.com/Forums/en/exchange2010/thread/69f951f4-5ef3-46a3-8391-3e1e4c669c20">http://social.technet.microsoft.com/Forums/en/exchange2010/thread/69f951f4-5ef3-46a3-8391-3e1e4c669c20</a><br />
<br />
They say it’s a known bug in Exchange 2010, and that they are working on a KB article, which has not yet been published (KB980940).Rune Bakkenhttp://www.blogger.com/profile/00109589528216477991noreply@blogger.com0tag:blogger.com,1999:blog-16993847154518048.post-68074259256303011872010-06-24T09:10:00.002+02:002011-03-18T14:09:57.589+01:00iPhone OS4.0 - ActiveSyncAfter iPhone OS 4 has been released, many of our users complain that the ActiveSync does not longer work against Exchange 2010. <br />
This seems to be a bug in the ActiveSync somehow, but we are working on this issue to see if we can find a solution, or if we have to wait for Apple to fix it.Rune Bakkenhttp://www.blogger.com/profile/00109589528216477991noreply@blogger.com0tag:blogger.com,1999:blog-16993847154518048.post-62377538045312836782010-06-24T09:07:00.001+02:002010-06-24T09:10:53.698+02:00SCOM And Exchange 2010, the Extest_ account gets locked outFor the past 1 month we've been troubleshooting an issue with our SCOM and Exchange 2010 monitoring.<br />
The monitonring with the SCOM Management Pack works fine for a long time, but suddenly the extest_ account get locked out. This is right after the automatic password change routine on the Exteset_ account. <br />
<br />
After talking to MS premier support, they have now found a bug in how the SCOM does it authentication, and that the authentication is multiple ways.<br />
<br />
I've got an workaround, and that was to disable the following SCOM monitors, this did not work for us, but you might try it to remove the annoying SCOM alerts. This is the response we got from Microsoft:<br />
<br />
<i>"In the authoring section of the OpsMgr console, “Outlook Server Availability” to your scope and disable the 6 monitors that start with “KHI: HTTP Connectivity Against Local Server”. This should disable the instance of test-outlookconnectivity that causes this problem. We’ll be addressing issue, but this should serve as a workaround for now"</i>Rune Bakkenhttp://www.blogger.com/profile/00109589528216477991noreply@blogger.com1tag:blogger.com,1999:blog-16993847154518048.post-84047233683851254132010-06-24T09:01:00.001+02:002011-03-18T14:09:36.121+01:00Users unable to access Exchange Control Panel(ECP, OWA)Today I troubleshooted an issue on Exchange 2010.<br />
When the users clicked the Options button to access the Exchange Control Panel, the OWA page just reloaded and nothing happend.<br />
Also when I tried to access the url for the ECP <a href="https://url/ECP">https://url/ECP</a> I came to the OWA page.<br />
<br />
One configuration change we did to remove the timezone and language prompt for our OWA users, was to set the defaultclientlanguage on the OWAVirtualdirectory. <br />
<br />
When the OWAvirtualdirectory -defaultclientlanguage is set to something else than 0, this issue will occure. <br />
<br />
I have now send a bug report to Microsoft, to find out if this is by design, or if its a bug.Rune Bakkenhttp://www.blogger.com/profile/00109589528216477991noreply@blogger.com0tag:blogger.com,1999:blog-16993847154518048.post-30991002950992496522010-06-16T14:26:00.001+02:002011-03-18T14:08:38.429+01:00An IIS directory entry couldn't be created. The error message is Access is denied.. HResult = -2147024891<div style="border-bottom: medium none; border-left: medium none; border-right: medium none; border-top: medium none;">Today I did a Exchange 2007 to Exchange 2010 migration. we had to keep one of the Exchange 2007 CAS serveres for the Microsoft Transporter Suite (Lotus Notes integration). </div><div style="border-bottom: medium none; border-left: medium none; border-right: medium none; border-top: medium none;">When doing an get-owavirtualdirectory and other cmdlets involving all servers in the organisation, I got the following error message:</div><div style="border-bottom: medium none; border-left: medium none; border-right: medium none; border-top: medium none;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg-c6GcEPiirck2YLKil3M0Rvsnv5ffK0x9SyCYJDk71Q7iek5IlHRJXCPGWoaTVp3YKc_Tgk6FFZyRKuuWxRqOPj61DqFzpi9egZZXGW2KEDTGCcV4E1jg5TCLKd57NNoIluuskAmCUw/s1600/exchange.PNG" imageanchor="1" style="clear: left; cssfloat: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" qu="true" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg-c6GcEPiirck2YLKil3M0Rvsnv5ffK0x9SyCYJDk71Q7iek5IlHRJXCPGWoaTVp3YKc_Tgk6FFZyRKuuWxRqOPj61DqFzpi9egZZXGW2KEDTGCcV4E1jg5TCLKd57NNoIluuskAmCUw/s320/exchange.PNG" /></a></div><div style="border-bottom: medium none; border-left: medium none; border-right: medium none; border-top: medium none;"><br />
</div><div style="border-bottom: medium none; border-left: medium none; border-right: medium none; border-top: medium none;"><br />
</div><div style="border-bottom: medium none; border-left: medium none; border-right: medium none; border-top: medium none;"><br />
</div><div style="border-bottom: medium none; border-left: medium none; border-right: medium none; border-top: medium none;">The solution for this error messsage is to add the Exchange trusted subsystem to the local admin group on Exchange 2007 servers.</div>Rune Bakkenhttp://www.blogger.com/profile/00109589528216477991noreply@blogger.com0tag:blogger.com,1999:blog-16993847154518048.post-81691894141368179632010-06-15T10:41:00.003+02:002011-03-18T14:07:41.910+01:00How to change placement of queues and log files in Exchange 2010 HUB and CASAs a general best practise its recommended to change the default paths for logfiles, to avoid them filling up your System disk. <br />
<br />
Exchange 2010 uses the default installation path for all logs and mail queues for HUB and CAS.<br />
To change these you can modify the following files in the Exchange 2010 install folder \bin.<br />
The paths I normally change is the ones specified below:<br />
<br />
<div></div>Edgetransport.exe.config<br />
<ul><li>add key="QueueDatabasePath" value = "D:\Exchange\Transport Roles\Data\Queue" </li>
<li>add key="QueueDatabaseLoggingPath" value = "D:\Exchange\Transport Roles\Data\Queue"</li>
<li>add key="IPFilterDatabasePath" value = "D:\Exchange\Transport Roles\Data\IPFilter"</li>
<li>add key="IPFilterDatabaseLoggingPath" value = "D:\Exchange\Transport Roles\Data\IPFilter"</li>
<li>add key="TemporaryStoragePath" value = "D:\Exchange\Transport Roles\Data\Temp"</li>
</ul>microsoft.exchange.addressbook.service.exe<br />
<ul><li>add key="LogFilePath" value="Drive\Folder"</li>
</ul><br />
<div>microsoft.exchange.rpcclientaccess.service.exe</div><br />
<ul><li> add key="LogPath" value="D:\Exchange\RPC Client Access\"</li>
</ul><br />
<div></div>POP3 IMAP config files are located in \v14\ClientAccess\PopImap<br />
<br />
<div>Change the following files to set the new log folder for the services:</div><br />
<div> </div>Microsoft.Exchange.Imap4.exe.config<br />
<ul><li>add key="TemporaryStoragePath" value = "D:\Exchange\ClientAccess\PopImap\Temp"</li>
<li>add key="LogPath" value="D:\Exchange\ClientAccess\Imap4" </li>
</ul>Microsoft.Exchange.Pop3.exe.config<br />
<br />
<ul><li> add key="TemporaryStoragePath" value = "D:\Exchange\ClientAccess\PopImap\Temp"</li>
<li> add key="LogPath" value="D:\Exchange\ClientAccess\Pop3"</li>
</ul><br />
<div>Always backup your files before you edit them, and to make the change active. You have to restart the services related to the config file.<br />
Regarding NTFS permissions, be sure to grant the correct user on the folder. Some services acts as network service.</div><br />
<div></div>Rune Bakkenhttp://www.blogger.com/profile/00109589528216477991noreply@blogger.com2tag:blogger.com,1999:blog-16993847154518048.post-67947963513670752342010-05-26T16:03:00.002+02:002011-03-18T14:07:07.423+01:00Test-ActiveSyncConnectivity - The remote server returned an error: (403) ForbiddenToday I troubleshoot an issue where the test-activesyncconnectivity didn't work.<br />
The following error was given when running the test:<br />
<br />
<span style="color: red; font-size: x-small;">PS] C:\Windows\system32>Test-ActiveSyncConnectivity</span><br />
<span style="color: red; font-size: x-small;">CasServer LocalSite Scenario Result Latency(MS) Error</span><br />
<span style="color: red; font-size: x-small;">--------- --------- -------- ------ ----------- -----</span><br />
<span style="color: red; font-size: x-small;">CASServer Default-Fi... Options Success 15.60</span><br />
<span style="color: red; font-size: x-small;">CASServer Default-Fi... FolderSync Failure [System.Net.WebExcept...</span><br />
<br />
With the | FL we can see a more specific error message: <br />
<br />
<span style="color: red; font-size: x-small;">RunspaceId : 64768a1f-b8cc-49cd-bd76-ee70de43c728</span><br />
<span style="color: red; font-size: x-small;">LocalSite : Default-First-Site-Name</span><br />
<span style="color: red; font-size: x-small;">SecureAccess : True</span><br />
<span style="color: red; font-size: x-small;">VirtualDirectoryName :</span><br />
<span style="color: red; font-size: x-small;">Url :</span><br />
<span style="color: red; font-size: x-small;">UrlType : Unknown</span><br />
<span style="color: red; font-size: x-small;">Port : 0</span><br />
<span style="color: red; font-size: x-small;">ConnectionType : Plaintext</span><br />
<span style="color: red; font-size: x-small;">ClientAccessServerShortName : CASSERVER</span><br />
<span style="color: red; font-size: x-small;">LocalSiteShortName : Default-First-Site-Name</span><br />
<span style="color: red; font-size: x-small;">ClientAccessServer : CASSERVER.FQDN</span><br />
<span style="color: red; font-size: x-small;">Scenario : FolderSync</span><br />
<span style="color: red; font-size: x-small;">ScenarioDescription : Issue a FolderSync command to retrieve the folder hierarchy.</span><br />
<span style="color: red; font-size: x-small;">PerformanceCounterName : DirectPush Latency</span><br />
<span style="color: red; font-size: x-small;">Result : Failure</span><br />
<span style="color: red; font-size: x-small;">Error : [System.Net.WebException]: The remote server returned an error: (403) Forbidden.</span><br />
<span style="color: red;"><br />
<span style="font-size: x-small;"></span></span><br />
<span style="color: red; font-size: x-small;">HTTP response headers:</span><br />
<span style="color: red;"><br />
<span style="font-size: x-small;"></span></span><br />
<span style="color: red; font-size: x-small;">MS-Server-ActiveSync: 14.0</span><br />
<span style="color: red; font-size: x-small;">Content-Length: 5355</span><br />
<span style="color: red; font-size: x-small;">Cache-Control: private</span><br />
<span style="color: red; font-size: x-small;">Content-Type: text/html; charset=utf-8</span><br />
<span style="color: red; font-size: x-small;">Date: Wed, 26 May 2010 13:50:19 GMT</span><br />
<span style="color: red; font-size: x-small;">Server: Microsoft-IIS/7.5</span><br />
<span style="color: red; font-size: x-small;">X-AspNet-Version: 2.0.50727</span><br />
<span style="color: red; font-size: x-small;">X-Powered-By: ASP.NET</span><br />
<span style="color: red;"><br />
<span style="font-size: x-small;"></span></span><br />
<span style="color: red; font-size: x-small;">UserName : extest_3650257c296a4</span><br />
<span style="color: red; font-size: x-small;">StartTime : 26.05.2010 15:50:20</span><br />
<span style="color: red; font-size: x-small;">Latency : -00:00:01</span><br />
<span style="color: red; font-size: x-small;">EventType : Error</span><br />
<span style="color: red; font-size: x-small;">LatencyInMillisecondsString :</span><br />
<span style="color: red; font-size: x-small;">Identity :</span><br />
<span style="color: red; font-size: x-small;">IsValid : True</span><br />
<br />
The reason for this is becase the default ActiveSync Mailbox Policy has been changed and does not support non- provisionable devices.<br />
<br />
Solution is to create a new ActiveSync mailbox policy which allow non-provisionable devices and assign this to the extest_3650257c296a4 user.Rune Bakkenhttp://www.blogger.com/profile/00109589528216477991noreply@blogger.com1tag:blogger.com,1999:blog-16993847154518048.post-78803426880348109112010-05-25T14:59:00.001+02:002010-05-25T15:00:10.424+02:00Eventid 200 Database headers have been successfully validated.... Dirty shutdownToday I've troubleshoot some issues with backup of an Exchange 2010 DAG installation. Some databases were partially backed up according to the backup software (Symantec Netbackup). <br />
<br />
I came over the information event:<br />
<br />
<span style="color: red;">Source: Storage Group Consistency Check</span><br />
<span style="color: red;">Event ID: 200</span><br />
<span style="color: red;">Level: Information</span><br />
<span style="color: red;">Instance X: Database headers have been successfully validated. All Databases are in a dirty shutdown state. Tobring these databases to a clean shutdown state, log generation xxxxx(0x0xxxx) to xxxxxx (0x0xxxxx) will be required.</span><br />
<br />
As it says this is only for information, and there is no need to be worried and is as expected when the database is online.<br />
<br />
When the database is online it has logs in memory or open logs etc. that are not committed yet. <br />
<br />
So, don’t worry, this is expected, and this check is done on online backup.<br />
<br />
On the other hand, if your database is offline and you get Dirty Shutdown when running eseutil /mh (DBpath+filename) then you might have a bigger issue, and have to do a repair / restore and log replay job.Rune Bakkenhttp://www.blogger.com/profile/00109589528216477991noreply@blogger.com0tag:blogger.com,1999:blog-16993847154518048.post-43466534685511274512010-04-08T21:12:00.001+02:002011-03-17T23:37:17.307+01:00Exchange 2010 - Service Pack1 scheduled this yearMSexchangeteam has now announced that Microsoft will relase Service Pack1 for Exchange 2010 this year.<br />
The service pack will include both fixes and new features.<br />
<br />
Some of the new features are:<br />
<ul><li>Archiving. You will now be able to create the archive mailbox in a different mailboxdatabase than the database where the user mailbox are located. This finally gives the archive feature the benefit of being located on slow and cheap storage.</li>
<li>Multi-Mailbox search feature - improved</li>
<li>Outlook Web Application - new features</li>
<li>Active-Sync - new features</li>
<li>New managmenet UI - extended commands</li>
</ul>Read more on <a href="http://msexchangeteam.com/archive/2010/04/07/454533.aspx">http://msexchangeteam.com/archive/2010/04/07/454533.aspx</a>Rune Bakkenhttp://www.blogger.com/profile/00109589528216477991noreply@blogger.com0tag:blogger.com,1999:blog-16993847154518048.post-45307110968565265312010-03-25T16:29:00.004+01:002011-03-18T14:06:38.046+01:00Outlook 2007 - Connect to my Exchange mailbox using HTTP - Disable with registryIn a Exchange 2010 project I’m working on, all the clients (laptops and desktops) are configured to use RPC/HTTPS on slow and fast networks. <br />
<br />
<br />
Since the company does not allow Outlook Anywhere, we needed to change this configuration, and to disable the “Connect to my Exchange mailbox using HTTP” option in Outlook. <br />
<br />
This information was hard to find, since it does not obviously writes this in clear text in registry. This information is written in hex in here: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Default Profile\13dbb0c8aa05101a9bb000aa002fc45a<br />
The key that keeps this configuration are: 00036623 <br />
This also keeps the configuration of the choice of slow and fast network.<br />
When RPC is enabled but not configured the HEX value = hex: 23,00,00,00<br />
If you disable the “Connect to my Exchange mailbox using HTTP” in Outlook the KEY 00036623 is deleted.<br />
To manually disable the RPC in Outlook, you have either delete the key or set it to 00036623 = hex:22,00,00,00<br />
<br />
The following keys are also used for configuring RPC:<br />
001f6622 contains the URL specified to your Exchange server<br />
001f6625 Verifies that the certificated used contains the same URL<br />
0003662 This key is for basic / NTLM authentication<br />
<br />
This is what I've found out, and with a fresh install of Outlook 2007, the keys described above does not exists.<br />
<br />
RegardsRune Bakkenhttp://www.blogger.com/profile/00109589528216477991noreply@blogger.com1tag:blogger.com,1999:blog-16993847154518048.post-73654917145427959882010-03-19T13:34:00.002+01:002011-03-17T23:36:30.348+01:00Exchange 2010 performance monitoring/baselining - templatesFor baselining or performance monitonring your Exchange 2010, you need to add alot of counters.<br />
I've created the templates based on the <a href="http://technet.microsoft.com/en-us/library/dd335215.aspx">http://technet.microsoft.com/en-us/library/dd335215.aspx</a> which described the counters needed.<br />
<br />
The following templates has been created:<br />
- Common Server<br />
- Mailbox server<br />
- CAS server<br />
- HUB server<br />
<br />
These templates may be downloaded here:<br />
<a href="http://cid-214999a8ebe4fcb4.skydrive.live.com/self.aspx/.Public/Exchange2010/Exchange%202010%20-%20PerformanceMonitoringTemplatest.zip">http://cid-214999a8ebe4fcb4.skydrive.live.com/self.aspx/.Public/Exchange2010/Exchange%202010%20-%20PerformanceMonitoringTemplatest.zip</a><br />
<br />
Regards,<br />
<br />
RuneRune Bakkenhttp://www.blogger.com/profile/00109589528216477991noreply@blogger.com0