According to the Technet documentation you should be able to install Exchange 2010 in an environment where Exchange 2007 is running. A while ago I got a question from a customer who had an issue when trying to install Exchange 2010. The problem occured running the setup.com /ps to extend the schema for Exchange, the following error message was displayed:

The schema version of Exchange 2007 SP3 is higher than the one from the Exchange 2010 setup. This makes it impossible to install Exchange 2010.

When you have installed Exchange SP3 you will have to wait for a service pack which will extend the schema. Because a lot of people will probably install Exchange 2007 SP3 this may be included in SP1 for Exchange 2010.

Below an overview of the Exchange versions and which schema version they use:

If you would like to know how you can find out which version of AD schema you are using then take a look at the site below:

open

Gepost in Exchange 2010 ~ Geen Reactie

It has been a while since the last tutorial, so it gets time to publish a new one. This one will inform you about the new functionality that’s included in Exchange 2010 SP1 beta and then specifically the Unified Messaging role.

Have fun reading it:

open

Gepost in Exchange 2010 ~ Geen Reactie

During a migration of a mailbox from one forest to a new Exchange Forest I encountered the following problem:

(PID 5396, Thread 640) Task New-MoveRequest writing error when processing record of index 0. Error: Microsoft.Exchange.MailboxReplicationService.MailboxReplicationTransientException: Service ‘net.tcp://cas001.lab.local/Microsoft.Exchange.MailboxReplicationService’ encountered an exception. Error: MapiExceptionNetworkError: Unable to make connection to the server. (hr=0×80004005, ec=2423)

Diagnostic context:

Lid: 25922   StoreEc: 0×977      —> Microsoft.Exchange.MailboxReplicationService.MailboxReplicationTransientException: Exception details: MapiExceptionNetworkError (80004005): MapiExceptionNetworkError: Unable to make connection to the server. (hr=0×80004005, ec=2423)

But what is the cause of this error? Well there are multiple causes of this issue. The message MapiExceptionNetworkError tells you that there is a problem connecting to a server. The next question is which server? This can be found on the rule starting with Lid 8856, when looking at the end of the rule you will see the name of the server, in this case EX02.

When looking a little bit further in the log you will see the 0×80004005 error code which might be caused by an authentication problem.

This last option could be easily verified by performing the new-moverequest again and this time with the correct credentials.

But when this does not work which things can cause can you check:

• is the server reachable
• check the firewall settings on both sides
• can you resolve the server on NETBIOS name

I admit the last option is a little bit strange, but in this case caused the issue. On the NIC the default DNS suffixes where registered but not the old one. After adding the old suffix in the TCP/IP configuration the command worked without any issues.

Gepost in Exchange 2010 ~ Geen Reactie

One of the new features in Exchange 2007 Service Pack 3 is the ability for users to change their password before logging in. Before service pack 3 a user who’s password had expired needed to call the helpdesk to reset their password or use another solution. With this new feature a user will be redirected to another page where he/she can change the password.

But how does this work? In the OWA directory, which you can find here: Exchange\ClientAccess\OWA, you will find a directory called auth. This directory contains several files which are used for login and logout. But besides these files there are two new files expiredpassword.aspx and exppw.dll.

Before you can use the new functionality you will need to make an adjustment in the registry of the CAS server. Go to the following location in the registry:

HLKM\SYSTEM\CurrentControlSet\Services\MSExchange OWA

Create a new DWORD called ChangeExpiredPasswordEnabled and change the value of the key to 1. This should look the same like below:

During the logon (logon.aspx) a check is done if the password is expired and if this is the case the user will be redirected to expiredpassword.aspx.

Before the user can change his/her password he will first needs to specify the old password. Once the password has change the user will be redirected to his/her mailbox.

Gepost in Exchange 2007 ~ Geen Reactie

During a cross-forest migration from Exchange 2003 to Exchange 2010 I found a nasty issue while migration a mailbox. The first 10% of the move request went OK but after that it failed. In the first 10% the mailbox is created, the folder structure is created and permissions are set on the folders.

I started looking in the event log as, by default, enough information is logged here to see why a move request failed and found the following event:

Mailbox move for ‘xxxxxxxxxxxxxxxxxxxxxx’ (d126705e-af4d-4aca-83c6-0ea443a2ad60) has failed.

SD: O:S-1-5-21-3869603026-3631219241-1903344517-3835G:S-1-5-21-3869603026-3631219241-1903344517-513D:AI(A;OIIO;0x1f0fbf;;;S-1-5-21-3869603026-3631219241-1903344517-3835)(A;CI;0x1fc9ff;;;S-1-5-21-3869603026-3631219241-1903344517-3835)(A;OIIO;0x1208a9;;;S-1-5-21-4230955503-526549450-3057572010-5377)(D;OIIOID;0x1f0716;;;S-1-5-21-3869603026-3631219241-1903344517-2781)(A;CI;0x1208a9;;;S-1-5-21-4230955503-526549450-3057572010-5377)(D;CIID;0xdc916;;;S-1-5-21-3869603026-3631219241-1903344517-2781)

As you can see above it has some problems with the Taken folder. When we had a look at this folder together with the end-user we found out that specific permissions where set in the folders. So we asked if he could remove them on one of the folders to check if that fixed the issue. After the user had done this we were a step further but, as expected, had the same issue with another folder. As it isn’t an option to remove all permissions before migrating the mailbox I decided to contact Microsoft.

After we contacted Microsoft a lot became more clear. During the migration of a mailbox from Exchange 2003 to Exchange 2010 the process will try to regenerate the ACL’s on the Exchange 2010 side. This because Exchange 2010 does use the ACL’s in another way then Exchange 2003. It can happen that the an ACL get’s corrupt which will cause the migration of the mailbox to fail.

The solution: redefine the permissions via Outlook either by removing and adding them again or by changing them to something else and then change them back to the original permissions. Not a really nice solution but you can continue migrating.

Collegue Michel de Rooijave me another tip, try to use PFdavAdmin with this tool it’s possible to fix AC’L's of mailboxes.

Gepost in Exchange 2010 ~ Geen Reactie

During a cross-forest test migration from Exchange 2003 to Exchange 2010 I got the following error:

Warning: Unable to update AD information for the source mailbox at the end of the move.  Error details: An error occurred while updating a user object after the move operation. –> Failed to find the address type object in Active Directory for address type “SMTP:AMD64″.
Failed to cleanup the source mailbox after the move.
Error details: MapiExceptionNotFound: Unable to delete mailbox. (hr=0x8004010f, ec=-2147221233)

When I looked in the old and new environment I found out that the mailbox both existed in the old and new environment. In this  case you might have a big issue even when the mail is delivered in the Exchange 2003 environment  and the homeMDB attribute is not updated. Updating the attribute may take a while due to AD replication, in this case mail is not delivered in the new mailbox and so mails will not be placed in the new mailbox.

To prevent this issue Microsoft has released a hotfix for Exchange 2003 which can be found on the website below.

open

Gepost in Exchange 2003, Exchange 2010 ~ Geen Reactie

Opening a calender from another user using OWA is not a very hard proces, when you have enough permissions you can easily open the other users calender. But what if you would like to do this via OWA?  This depends on the Exchange version you are using, let’s start with Exchange 2003:

http://ex01.company.om/exchange/johan/calender

In Exchange 2003 you can do this by specifying the url which is used to open but add the following part to the url username/calender. In this case we will open the calender of johan.

For both Exchange 2007 and 2010 you will need to use another method. This is because both the OWA from 2007 and 2010 are using web-parts to build the OWA. In Exchange 2007 and 2010 you will have the option to open another users mailbox followed by the calender, backside from using this is that you will need full mailbox access, this is not what you want in all scenario’s. To open a calender directly use the following syntax:

https://owa.company.com/owa/johan@domain.com/?cmd=contents&module=calendar

Almost the same as 2003 only the last part has changed to username@domain.com/?cmd=contents&module=calender. Besides this way there are a few other options which you can use in Exchange 2007 and 2010 to display the calendar, below an overview:

https://owa.domain.com/owa/johan@domain.com/?cmd=contents&f=calendar&view=dialy

The above command will open the calender folder by using the f parameter which makes it possibly to open a specific folder in a mailbox. Using the view parameter we will specify how we want to display the calender, when you don’t specify this it will be opened using the dialy view standard. The command above will do exactly the same, open the calender using the dialy view.

https://owa.domain.com/owa/johan@domain.com/?cmd=contents&f=calendar&view=weekly

This command will open the calender using the weekly view.

https://owa.domain.com/owa/johan@domain.com/?cmd=contents&f=calendar&view=monthly

And as last option this command will open the calender view using the monthly view. At least you may think this was the last one there is one other possibility:

https://owa.domain.com/owa/johan@domain.com/?cmd=content&f=calendar&view=daily&d=10&m=26&y=2010

This will open the calendar using the dialy view and will open it on the 26th of October 2010.

Gepost in Exchange ~ Geen Reactie

Microsoft has released security updates for Exchange 2000 SP3, Exchange 2003 SP2, Exchange 2007 SP1/SP2 and Exchange 2010. For both Exchange 2007 and 2010 this security fix is  included in a rollup. For Exchange 2007 SP1 this is the 10th rollup, for Exchange 2007 the 4th and for Exchange 2010 the 3rd.

The update applies a fix to the Windows SMTP service because of a vulnerability which was recently found. This made it possible to perform a DOS attack on the Windows SMTP service.

Below you will find the links to the patches and a link to the security bulletin which has been published about this  vulnerability.

Exchange 2000 SP3: open
Exchange 2003 SP2: open
Exchange 2007 SP1: open
Exchange 2007 SP2: open
Exchange 2010: open
Microsoft Security Bulletin MS10-024: open

Gepost in Exchange ~ Geen Reactie

By accident I found a bug in Exchange 2010. The issue only occurs in Exchange 2010 and if you have multiple CAS servers which are located in different sites and can’t communicate to eachother. Till now I only saw the issue with Exchange 2010 where an extra CAS server was added to the mainoffice. In this case this is the 3rd CAS server in the Exchange 2010 environment

Normally you will get a nice overview of all CAS servers when running the get-owavirtualdirectory command. But when no RPC traffic is allowed between the sites you will get the following result:

As you can see the command will display the first CAS server but it goes wrong when it wants to connect to the 2nd CAS server. This is normal because it can’t connect to it via RPC. Normally you would expect that the query will continue to run and will display the other servers, NOT. After contacting Microsoft they confirmed that this is a bug which will be fixed in a future update.

Workaround: open RPC

Gepost in Exchange 2010 ~ Geen Reactie

During the conversion of a pilot to production environment I found a nice issue. The mailboxes needed to be moved from the old mailbox server to the new mailbox server. Normally not a very exciting proces which can be done both by using the Exchange Management Console as Exchange Management Shell. But the move from the old Exchange 2010 mailbox server to the new Exchange 2010 mailbox server failed with a strange error. So first I had a look in the event log of the server and found the following error:

(PID 5988, Thread 954) Task New-MoveRequest writing error when processing record of index 0. Error: Microsoft.Exchange.MailboxReplicationService.MailboxReplicationTransientException: The call to ‘net.tcp://cas.domain.local/Microsoft.Exchange.MailboxReplicationService’ failed. Error details: The type initializer for ‘Microsoft.Exchange.MailboxReplicationService.LocalMailbox’ threw an exception.. —> System.ServiceModel.FaultException`1[System.ServiceModel.ExceptionDetail]: The type initializer for ‘Microsoft.Exchange.MailboxReplicationService.LocalMailbox’ threw an exception. (Fault Detail is equal to An ExceptionDetail, likely created by IncludeExceptionDetailInFaults=true, whose value is:

System.TypeInitializationException: The type initializer for ‘Microsoft.Exchange.MailboxReplicationService.LocalMailbox’ threw an exception. —-> System.IO.FileLoadException: The located assembly’s manifest definition does not match the assembly reference. (Exception from HRESULT: 0×80131040)

   at Microsoft.Exchange.MailboxReplicationService.LocalMailbox..cctor()

   — End of inner ExceptionDetail stack trace —

   at Microsoft.Exchange.MailboxReplicationService.LocalMailbox..ctor(LocalMailboxFlags flags)

   at Microsoft.Exchange.MailboxReplicationService.LocalSourceMailbox..ctor(LocalMailboxFlags flags)

   at Microsoft.Exchange.MailboxReplicationService.MailboxReplicationService.<>c__DisplayClass25.<GetMailboxInformation2>b__24()

   at Microsoft.Exchange.MailboxReplicationService.CommonUtils.CatchKnownExceptions(GenericCallDelegate del, FailureDelegate failureDelegate, MrsTracer tracer)

   at Microsoft.Excha…).

   — End of inner exception stack trace —

   at Microsoft.Exchange.MailboxReplicationService.CommonUtils.CallService(GenericCallDelegate del, String epAddress)

   at Microsoft.Exchange.MailboxReplicationService.MailboxReplicationServiceClient.GetMailboxInformation(Guid primaryMailboxGuid, Guid physicalMailboxGuid, Guid targetMdbGuid, String targetMdbName, String remoteHostName, String remoteOrgName, String remoteDCName, NetworkCredential cred)

   at Microsoft.Exchange.Management.RecipientTasks.NewMoveRequest.InternalValidate()

   at Microsoft.Exchange.Configuration.Tasks.Task.ProcessRecord()

As you can see in the error message there went something wrong with the Exchange Mailbox Replication Service (MRS). These services are located on a server which has the Client Access Role installed on it and is responsible for moving the mailbox from the source to the target server. When you have multiple CAS servers in one site the MRS services will share information about the mailbox move process to prevent multiple servers are busy with the same request.

As their was only one CAS, cas.domain.local, I decided to have a closer look at that server. The MRS service was running according to the services.msc so I decided to restart the Mailbox Replication Service. After this was done I tried the move of the mailbox again and this time it went without issues.

I haven’t found the cause why this issue happened. One of the issues could be a mailbox database which is not 100% healthy. By using eseutil and isinteg you can fix the database and then try the process again.

Below you will find some links to sites containing further information about this topic:

Technet: Understanding Move Requests open

Technet: Troubleshooting Mailbox Moves open

Gepost in Exchange 2010 ~ 1 Reactie