Microsoft Exchange couldn’t start transport agents. The Microsoft Exchange Transport service will be stopped. This is one of the errors you may get when you’ve got a corrupted transport agent. This can cause that the transport service won’t start anymore as you can see in the example, which causes that the mail traffic will stall.

There are two solutions for this issue

- remove the transport agent
- disable the transport agent

The first method maybe is the best method because you have a corrupted agent on your system which you don’t want. To remove the agent execute the following Powershell command:

Uninstall-TransportAgent “Name of the Agent”

If you would like to do some more research you may decide to temporarily disable the agent, this can be done by using the following Powershell command:

Disable-TransportAgent -Identity “Name of the Agent”

When you solved the issue you can enable the agent by using this command:

Enable-TransportAgent -Identity “Name of the Agent”

If you would like to have more information then have a look at the site below:

Technet: Transport Agent Cmdlets open

Gepost in Exchange ~ Geen Reactie

A really simple Powershellscript, the script below will make it possible to create a room and will add extra permissions to it:

Param(
[string] $room
)
New-Mailbox -database “MBX-srv\Mailbox Database” -Name $room -OrganizationalUnit “Conference Rooms” -DisplayName $room -UserPrincipalName $room@domain.local -Room
Add-adpermission $room -User domain\administrator -Extendedrights “Receive-As”

Executing the script:: new-room.ps1 “meetingroom1″

The script will place all rooms in the OU named Conference Rooms.

First the name will be read that is specified after the name of the parameter room$. After this the mailbox will be created as  a mailbox of the type room. The last step is setting the extra permissions, this is done by using the command add-adpermission, in this case the receive-as will be added but also send-as is an option.

Below a few links to the Technet pages of the used commands:

Technet add-adpermission open
Technet new-mailbox open

Gepost in Exchange 2007 ~ Geen Reactie

When you would like to change the log path of a normal storage group it’s not very hard, but when you want to change the log path of a storage group which is CCR enabled then you will need to do a few more things.

In this tutorial I will explain how you can move the logs from the CCR enabled storage group.

For the first step we will need to open the Exchange Management Console, we will need to disable to log replication temporarily. This can be done by going to the mailbox server via server configuration. Then select the storage group and right click on it, the menu below will be displayed.

In this menu we select the option Suspend Storage Group Copy, a new screen will be displayed which will let you enter the reason why you suspend the copy, you don’t have to fill it in if you don’t like it.

The status of the CCR will be changed from healthy to suspended.

Now the CCR copy has been disabled temporarily we need to open the Exchange Management Shell to perform the reconfiguration of the log path. This can only be done via the Exchange Management Shell.

By executing the command: move-StorageGroupPath -Identity ‘First Storage Group’ -LogFolderPath ‘E:\Mailbox\SG1′ – ConfigurationOnly we specify that we want to change the log path, files must be moved manually because the Powershell command won’t do it for you. Two confirmations will be asked, one for the reconfiguration of the log path and the other tells you that all databases within the storage group will be dismounted. Please be aware that the storage group will not be available to users at that moment.

When the command has been executed successfully you will need to move the log files and fileswith the jrs extension manually to their new location. When this is done you can enable the mount the storage group again via the Exchange Management Console by right clicking on it and choose the option mount.

When the storage group and databases are mounted again you can enable CCR. This can be done by right clicking on the storage group and select the option Restore Storage Group Copy. After several seconds the status will change to healthy again. When you have a look at the properties of the storage group you will see that the log path has been changed to the new location.

Gepost in ~ Geen Reactie

On several forums you will see that installing a rollup can break down OWA. One of the issues you can have is that a blank screen will be presented with in the url reason 0 as a parameter.

When you have this issue run the Powershell script updateowa.ps1. This script can be found in the Bin directory of Exchange.

After running the script OWA will work again.

Gepost in Exchange 2007 ~ Geen Reactie

In a lot of cases Exchange 2007 wil be installed in the current Exchange 2003 environment. During the setup you will have to choose the Exchange 2003 bridgehead server to use for sending mail to the other organization and the internet. After this a routing group connector will be created which will be used to transport mail.

It can happen that after the installation mail will flow only one way or it won’t flow in both directions. When you will have a look at the mail queue you can see that mails are in it.

Below a few reasons which can cause this issue and if you have an issue how to solve it.

recreate the connector

Before we can recreate the connector we will need to remove the old one. This van be done via the Powershell commands below, in this example the Routing Group Connector is called Ex072Ex03 RGC :

Remove-RoutingGroupConnector -Identity “Exchange Administrative Group (FYDIBOHF23SPDLT)\Exchange Routing Group (DWBGZMFD01QNBJR)\Ex072Ex03 RGC”

As the command above will only delete the connector in the Exchange 2007 environment we will need to execute the remove-routinggroupconnector command again to delete it in the Exchange 2003 environment.

Remove-RoutingGroupConnector -Identity “Ex2003 Administrative Group\Ex2003 Routing Group\Ex072Ex03 RGC”

Next we will create the new connector, this can be done via the Powershell command below:

New-RoutingGroupConnector -Name “Interop RGC” -SourceTransportServers “Ex207.company.local” -TargetTransportServers “Ex03.company.local” -Cost 100 -Bidirectional $true -PublicFolderReferralsEnabled $true

With the command above both the routing group connector in Exchange 2007 and 2003 will be created and Public Folders can be synchronized via this connector

check the default virtual SMTP server settings

In some cases the default virtual SMTP server has been modified. This can cause some issues, check the following items:

• check if no smarthost has been defined, if this is the case then remove it and create a new connector which is used to send to the internet. If it already exists then specify the smarthost there.
• check if besides anonymous authentication integrated windows authentication is also enabled

Gepost in Exchange 2007 ~ 1 Reactie

Why do it the hard way instead of the easy way,  imagine you’ve got several mailboxes which you would like to disable and you’ve got them listed in a CSV file. Why shouldn’t you use Powershell to do this.

Save the script below in the Exchange 2007 scripts directory:

dismb.ps1

Param(
[string] $CSVFile
)
Import-CSV $CSVFile | ForEach-Object -Process {disable-Mailbox $_.Name}

Execute it via Powershell by typing the following .\disps1 “c:\csvfile.csv”

The script will open the CSV you will give as a parameter when executing the command and will take read the column Name.

A warning will be displayed which asks you to confirm the changes you want. When acknowleding the alarm the mailboxes will be disabled.

Gepost in Exchange 2007 ~ Geen Reactie

Just as like Windows 2003 you need to add some components to Windows 2008 before you can install Exchange 2007. In this tutorial I will explain which need to be installed on which server and made some scripts for it, that’s far more easier then typing the commands one by one .

When you gone prepare the AD for Exchange 2007 from a Windows 2008 server you first need to install the Active Directory Domain Services remote management tools. These tools make it possible to modify the schema and domain so that Exchange 2007 can be installed.

This can be done by executing the following script:

prepad4ex07.cmd

ServerManagerCmd -i RSAT
shutdown -r

After the installation of the tools the server will be  rebooted, this last thing is optional and is not always needed.

After the tools have been installed the next step is the CAS server. First we will install Powershell, this is a prerequisite for Exchange 2007. Next fase is installing several IIS components for the web applications such as: OWA and AutoDiscovery that will be hosted on the CAS.  When you are going to use Outlook Anywhere you also need to install the RPC over HTTP proxy, this will be done in the last step.

CASpreex07.cmd

ServerManagerCmd -i PowerShell
ServerManagerCmd -i Web-Server
ServerManagerCmd -i Web-ISAPI-Ext
ServerManagerCmd -i Web-Metabase
ServerManagerCmd -i Web-Lgcy-Mgmt-Console
ServerManagerCmd -i Web-Basic-Auth
ServerManagerCmd -i Web-Digest-Auth
ServerManagerCmd -i Web-Windows-Auth
ServerManagerCmd -i Web-Dyn-Compression
ServerManagerCmd -i RPC-over-HTTP-proxy
shutdown -r

After installing the components the server will be rebooted, this again is optional.

When the CAS server is prepared it’s time for the HUB server. If you want to use a script for it, it’s your own decission, this because just one component will be installed.

HUBpreex07.cmd

ServerManagerCmd -i PowerShell
shutdown -r

Now that the CAS and HUB server are prepared it’s time for the mailbox server.

MBpreex07.cmd

ServerManagerCmd -i PowerShell
ServerManagerCmd -i Web-Server
ServerManagerCmd -i Web-ISAPI-Ext
ServerManagerCmd -i Web-Metabase
ServerManagerCmd -i Web-Lgcy-Mgmt-Console
ServerManagerCmd -i Web-Basic-Auth
ServerManagerCmd -i Web-Windows-Auth
shutdown -r

As you can see IIS is installed besides Powershell. Exchange 2007 doesn’t use the SMTP and NNTP from IIS anymore, some other components do need IIS.

When you want to build a cluster of mailbox servers you will need to add an extra line of code to the script.

MBCpreex07.cmd

ServerManagerCmd -i PowerShell
ServerManagerCmd -i Web-Server
ServerManagerCmd -i Web-ISAPI-Ext
ServerManagerCmd -i Web-Metabase
ServerManagerCmd -i Web-Lgcy-Mgmt-Console
ServerManagerCmd -i Web-Basic-Auth
ServerManagerCmd -i Web-Windows-Auth
ServerManagerCmd -i Failover-Clustering 
shutdown -r

A next step could be installing the Edge Sync server.

Edgpreex07.cmd

ServerManagerCmd -i PowerShell
ServerManagerCmd -i ADLDS
shutdown -r

This script will install Powershell again, besides this Active Directory Lightweight Directory Services will be installed. This services have the same functionality as the Active Directory Application Mode (ADAM) as it was known in Windows 2003.

When you would like to use the auto attendant and voicemail functionality of Exchange 2007 you will need to install the UM role.

UMpreex07.cmd

ServerManagerCmd -i PowerShell
ServerManagerCmd -i Desktop-Experience
shutdown -r

This script will install the codecs for audio/video from the Windows Media Player.

When you have a dedicated management station it may be necessary to install the manegement tools on it. For this only Powershell and two IIS components are needed.

Mgpreex07.cmd

ServerManagerCmd -i PowerShell
ServerManagerCmd -i Web-Metabase
ServerManagerCmd -i Web-Lgcy-Mgmt-Console

I think we have talked about all the prerequisites for all rolles now. Below there are some links to some resources that contain extra information about this.

How to Install Exchange SP1 Prerequisites on Window Server 2008 or Vista
Speeding up installation of Exchange Server 2007 SP1 Prerequisites on Windows Server 2008

Gepost in ~ Geen Reactie

It has been a while ago so it’s time for a new tutorial.

This tutorial will be about dynamic distribution groups, a new feature in Exchange 2007. With a dynamic distribution group you can create a group which members will be selected according to a filter you specify. Each time a mail is send to this group a query will be done to select the users who are a member of the group.

There are two methods to create a dynamic distribution group:

• via the Exchange Management Console
• via the Exchange Management Shell

Dynamic Distribution Group via the Exchange Management Console

We start with the first method, for this you will need to startup the Exchange Management Console and go to groups via recipient configuration .

When you have selected the groups icon you can select the option new dynamic distribution group in the right menu to start the wizard.

You will be presented the screen above, here we can define a name for the new dynamic distribution group. When the name has been defined you can click on next

The next step is to define the filter, here we need to define from which OU the members will be selected. The other thing we can define here is which objects will be selected from the OU. Standard all objects will be selected but if you have an OU which different types of objects you can specify for example only Exchange Mailbox users.

When your statisfied with the filter click on next

The next step is to define the conditions which a user must met to be a member of the group. As you can see in the screenshot there are a few fields displayed at step 1. When you wish to use another field will need to create the group via the Exchange Management Shell.  This is described later in this tutorial.

In this case we would like to select all people who work in the IT department, therefor we select the option  Recipient is in a Department, in the lower part of the screen we must define the condition. By clicking on specified we can specify a value. When clicking on it you will see the following screenshot.

Here we specify the value which we want to use in our filter, in this case IT. When you have specified all values you can click on OK.

Now we have provided all necessary values we will get a short overview of what we are going to configure.

When we are satisfied with this we click on new, after this the new dynamic distribution group will be created.

Now we created the new group we would like to know which users are a member of it. To find this out we need to get the properties of the group.

Next thing is to select the tab conditions and push the button preview

An overview of the users who are a member of the group will be displayed.

Standard only mail from authenticated users will be accepted. This is to prevend people from the internet sending mail to this group. When you would like to enable this group for receiving mail from the internet we need to configure this. This can be done on the tab Mail Flow Settings

When you opened the tab select the item Message Delivery Restrictions and click the button properties.

In the upper part of the screen you will see accept messages from below that title you will find the option require that all senders are authenticated, remove the checkmark before the option to accept mail from the internet. 

Dynamic Distribution Group via the Exchange Management Shell

As mentioned earlier we can create a dynamic distribution group via two methods. The second method is via Powershell. You can do this by using the command new-DynamicDistributionGroup. It can be done via an easy or by are more complex way. Can we specify only a few fields in the EMC, in Powershell we can filter on much more fields.

But that’s for later, let’s start with the easy version:

New-DynamicDistributionGroup -IncludedRecipients MailboxUsers -Name “Rotterdam DDG” -OrganizationalUnit Rotterdam

The command above will select all users with an Exchange Mailbox from the OU Rotterdam and will add them to a dynamic distribution group Rotterdam DDG.

When we want to view the users who are a member of this group we need to use the following 2 commands:

$RotterdamOffice = Get-DynamicDistributionGroup -Identity “Rotterdam DDG”

Get-Recipient -Filter $RotterdamOffice.RecipientFilter (RTM)

The first rule will save the group in a parameter. The second rule will get all users from this distribution group. There are two versions of it, one for the RTM version and the other vor the SP1 version.

Now we showed the easy way let’s make one via the complex way.

new-dynamicdistributiongroup -name Test  -RecipientFilter {(UserPrincipalName -like ‘*@test.local’)}

The command above will create a new distribution group with the name Test. Here we select only users with a UPN that ends with test.local

You can make it more complex if you want, for example you can filter on more conditions

New-DynamicDistributionGroup -Name AllTestIT -OrganizationalUnit test.local/Utrecht/Users -RecipientFilter { ((RecipientType -eq ‘UserMailbox’) -and (Company -eq ‘Test’)) }

This command will create a new distribution group with the name AllTestIT and select the users only from the OU Utrecht/Users with an Exchange Mailbox and which are working at the company Test.

You can make it as complex as you want by adding more parameters. For a full overview of the fields you can use have a look at this site

Technet articles

How to Create a New Dynamic Distribution Group

Creating Filters in Recipient Commands

Filterable Properties for the -Filter Parameter in Exchange 2007 RTM

Filterable Properties for the -Filter Parameter in Exchange 2007 SP1

How to View Members of a Dynamic Distribution Group

Gepost in ~ Geen Reactie

Event id 12014 is caused by a problem with loading the certificate when setting up a SMTP connection which uses TLS for authentication.

There are several causes which could result in this issue:

• the certificate is not enabled for SMTP
• the server doesn’t have a certificate with the correct FQDN defined in the  subject or subject alternate name

The certificate needs to be place in the computer’s personal certificate store.

To check the certificates which are installed and the FQDN used by the connectors we need to use the Powershell commands below

Get-ExchangeCertificate | FL *, this will display a list of certificates available

Get-SendConnector | FL name, fqdn, objectClass, this will display all send connectors

The output of the Get-ExchangeCertificate will contain a field labeled services, this field described for which services the certificate can be used.  If you want to use the certificate for SMTP the value after services needs to contain SMTP just as you can see below.

The next step is checking the FQDN, this can be found after the label CertificateDomains. This will look like the screenshot below.

When the incorrect FQDN is displayed you will need to get a new certificate. A new certificate request can be generated by executing the following Powershell command New-ExchangeCertificate. Besides this type of certificate you can use a 3rd party or custom certificate. 

New-ExchangeCertificate -GenerateRequest -SubjectName “C=NL, O=Test, CN=mail.test.nl” -IncludeAcceptedDomains -DomainName mail.test.nl -Path c:\certificates\mail.test.nl.req

The command above will generate a certificate request for example an Edge server with the name mail.test.nl.

When you choose to use a 3rd party certificate or custom certificate which contains the correct FQDN but is not enabled for SMTP. Then you need to use the Enable-ExchangeCertificate Powershell command to enable it for SMTP.

Enable-ExchangeCertificate -Thumbprint 5113ae0233a72fccb75b1d0198628675333d010e -Services “SMTP”

With the command above we enable the certificate for SMTP.

Enable-ExchangeCertificate

Certificate request for SMTP

How to troubleshoot STARTTLS

Gepost in Exchange 2007 ~ Geen Reactie

In Exchange 2007 you can create a custom GAL. Creating the custom GAL can be done via the EMC of Powershell.

The Powershell command above will create a GAL containing all the users from the company TestBut what should you do if you can’t delete your custom GAL and it stays visible in OWA ? Then we need to use Powershell again. First we execute the following command

Gepost in Exchange 2007 ~ Geen Reactie