Exchange 2007

Let the rollups role

Today it is Microsoft Rollup day. Both for Exchange 2010 SP2 and Exchange 2007 SP3 new rollups have been released. The rollup for Exchange 2010 SP2 contains a lot of fixes. For Exchange 2007 SP3 it is the 10nd rollup which has been released although the fixes contained in the rollup are not as large as for Exchange 2010. The rollup for Exchange 2007 contains a security fix and one issue for a problem with OWA.

An overview of the fixes included on the rollups can be found below:

Exchange 2010 SP2 Rollup 6:

  • 2489941 The “legacyExchangeDN” value is shown in the “From” field instead of the “Simple Display Name” in an email message in an Exchange Server 2010 environment
  • 2717453 You cannot move or delete a folder by using Outlook in online mode in an Exchange Server 2010 environment
  • 2733608 Corrupted Japanese DBCS characters when you send a meeting request or post a reply to a posted item in a public folder in an Exchange Server 2010 environment
  • 2734635 Folder-associated information (FAI) items are deleted when you run the New-InboxRule cmdlet or change Inbox rules in an Exchange Server 2010 environment
  • 2737046 AutoPreview feature does not work when you use Outlook in online mode in an Exchange Server 2010 environment
  • 2741117 High CPU utilization by Microsoft Exchange Replication service on Client Access servers in an Exchange Server 2010 environment
  • 2746030 Incorrect ExternalURL value for EWS is returned by an Exchange Server 2010 Client Access server
  • 2750188 Exchange Service Host service crashes when you start the service on an Exchange 2010 server
  • 2751417 Synchronization fails if you sync an external device to a mailbox through EAS in an Exchange Server 2010 environment
  • 2751581 OAB generation fails with event IDs 9126, 9330, and either 9338 or 9339 in an Exchange Server 2010 environment
  • 2760999 “The signup domain ‘org’ derived from ‘<TenantDomainName>.org’ is not a valid domain” error message when you use the Hybrid Configuration wizard in an Exchange Server
  • 2776259 Msftefd.exe process crashes if an email attachment has an unexpected file name extension or no file name extension in an Exchange Server 2010 environment
  • 2779387 Duplicated email messages are displayed in the Sent Items folder in a EWS-based application that accesses an Exchange Server 2010 Mailbox server
  • 2783586 Name order of a contact is displayed incorrectly after you edit the contact in an Exchange Server 2010 environment
  • 2783631 User-Agent field is empty when you run the Get-ActiveSyncDeviceStatistics cmdlet in an Exchange Server 2010 SP2 environment
  • 2783633 You cannot move or delete an email message that is larger than the maximum receive or send size in an Exchange Server 2010 environment
  • 2783649 Private appointment is visible to a delegate in an Exchange Server 2010 environment
  • 2783771 Mailbox on a mobile device is not updated when EAS is configured in an Exchange Server 2010 environment
  • 2783772 Edgetransport.exe process crashes after a journal recipient receives an NDR message in an Exchange Server 2010 environment
  • 2783776 You cannot perform a cross-premises search in a mailbox in an Exchange Server 2010 hybrid environment
  • 2783782 Error message when you use Scanpst.exe on a .pst file in an Exchange Server 2010 environment
  • 2784081 Store.exe process crashes if you add certain registry keys to an Exchange Server 2010 Mailbox server
  • 2784083 Week numbers in the Outlook Web App and Outlook calendars are mismatched in an Exchange Server 2010 environment
  • 2784093 SCOM alerts and event ID 4 in an Exchange Server 2010 SP2 organization that has Update Rollup 1 or later
  • 2784566 Exchange RPC Client Access service crashes on an Exchange Server 2010 Mailbox server
  • 2787023 Exchange Mailbox Assistants service crashes when you try to change a recurring calendar item or publish free/busy data in an Exchange Server 2010 environment
  • 2793274 A new option is available that disables the PermanentlyDelete retention action in an Exchange Server 2010 organization
  • 2793278 You cannot use the search function to search for mailbox items in an Exchange Server 2010 environment
  • 2793279 Exchange Server 2010 does not restart when the Microsoft Exchange Replication service freezes
  • 2793488 Internet Explorer freezes when you connect to the OWA several times in an Exchange Server 2010 environment
  • 2810616 Email message delivery is delayed on a Blackberry mobile device after you install Update Rollup 4 for Exchange Server 2010 SP2


Exchange 2007 SP3 Rollup 

2783779 A hidden user is still displayed in the Organization information of Address Book in OWA in an Exchange Server 2007 environment


Exchange 2007 SP3 Rollup 4 released

Microsoft has released Rollup 4 for Exchange Server 2007 SP3. This rollup will fix the following issues:

  • 2531208 You cannot synchronize a folder hierarchy by using Outlook for Mac 2011 in an Exchange Server 2007 SP3 environment
  • 2528437 EWS applications cannot connect to Exchange Server 2007 servers after you make changes on accepted domains
  • 2521063 You are incorrectly displayed as a meeting organizer after you synchronize the meeting by using your mobile device in an Exchange Server 2007 environment
  • 2517337 You cannot open a mailbox that has a “#” character in the primary SMTP email address by using OWA in an Exchange Server 2007 environment
  • 2515428 The MSExchangeMailboxAssistants.exe process crashes when the managed folder assistant tries to journal a message in an Exchange Server 2007 environment
  • 2508872 The W3WP.exe process in the Autodiscover application pool on the Exchange Server 2007 Client Access servers consumes excessive CPU resources
  • 2507374 “Cannot open this item” error message in Outlook online mode in an Exchange Server 2007 environment
  • 2506827 An UM auto attendant times out and generates an invalid extension number error message in an Exchange Server 2007 environment
  • 2502276 A meeting request series are deleted unexpectedly from the calendar in an Exchange Server 2007 environment
  • 2498924 “Could not connect to a directory server” error message when you click the last page button in the search results in Exchange Server 2007 OWA
  • 2498156 OLM/OLD incorrectly runs against databases in a RSG in an Exchange Server 2007 environment
  • 2496806 A mobile phone times out when you use ActiveSync to synchronize the calendar on the mobile phone with an Exchange Server 2007 mailbox
  • 2543879 A PDF attachment sent from a Mac Mail client does not display when you open the email message by using Outlook 2010 in an Exchange Server 2007 SP3 environment
  • 2491751 Spell checking does not function correctly in OWA when an S/MIME control is used and SSL Offloading is enabled in Exchange Server 2007
  • 2484147 “HTTP Error 400 Bad Request” error message when you use OWA to log on to a newly created Exchange Server 2007 mailbox
  • 2466220 Question mark (?) characters appear in the subject of a reply email message in an Exchange Server 2007 environment
  • 2223294 A new feature is available to disable the “No end date” check box in OWA when you create a recurring meeting item in an Exchange Server 2007 environment
  • 977906 You receive an error message when you run certain commands in the EMS on an Exchange Server 2007 server
  • 2495010 The EdgeTransport.exe process consumes 100% CPU usage on an Exchange Server 2010 Edge Transport server or an Exchange Server 2007 Edge Transport server
  • 2484817 A mailbox does not show in certain address lists after you run commands on an Exchange Server 2007 mailbox
  • The rollup can be downloaded from the site below:

Update Rollup 4 for Exchange Server 2007 SP3 open

OWA displays blank screen

During a troubleshooting sessions at one of our customers I had an issue which can be found on several forums now a days, OWA will only display a blank screen instead of the logon page. But what is the cause of this issue? Well there are several reasons which can cause it:

  • not all required Windows Components are installed
  • changes have been made in the configuration using IIS

Required Windows Components are missing

The first reason is quite strange as you would expect that the installation of Exchange will check if all required components are in place before starting the installation.

When you forget, for example, the static content item of IIS this may cause the blank screen of OWA. To make it a bit easier you can use the script below to install all required Windows Components on a Windows 2008 server which will become a CAS server:

ServerManagerCmd -i Powershell
ServerManagerCmd -i Web-Server
ServerManagerCmd -i Web-ISAPI-Ext
ServerManagerCmd -i Web-Metabase
ServerManagerCmd -i Web-Lgcy-Mgmt-Console
ServerManagerCmd -i Web-Basic-Auth
ServerManagerCmd -i Web-Digest-Auth
ServerManagerCmd -i Web-Windows-Auth
ServerManagerCmd -i Web-Dyn-Compression

If your planning to use Outlook Anywhere don’t forget to install the RPC over HTTP feature:

ServerManagerCmd -i RPC-over-HTTP-proxy

If all the above components are installed you can start installing Exchange 2007.

OWA virtual directory configuration is corrupted

Making configuration changes using IIS may cause you OWA configuration to be corrupted. So don’t use OWA to make changes but use the Exchange Managment Shell or Exchange Management Console to make configuration changes.

But if you made changes using IIS and OWA does not work anymore how can it be solved? Well there is only one solution, remove the OWA virtual directory and recreate it. This can be done by using the remove-owavirtualdirectory and new-owavirtualdirectory cmdlets.

First step is to remove the old OWA directory:

remove-owavirtualdirectory “owa (Default Web Site)”

This will remove the virtual directory as you can see in the screenshot below:

Once the directory is removed we can create a new one by using the cmdlet below:

new-owavirtualdirectory -OwaVersion “Exchange2007″ -Name “owa (Default Web Site)”

This will recreate the OWA virtual directory and if your lucky OWA will work again. This were just 2 options which might cause this issue. If you got the same issue but the above steps didn’t work contact me so I can add them to this article johan (a)

One of the new features in Exchange 2007 Service Pack 3 is the ability for users to change their password before logging in. Before service pack 3 a user who’s password had expired needed to call the helpdesk to reset their password or use another solution. With this new feature a user will be redirected to another page where he/she can change the password.

But how does this work? In the OWA directory, which you can find here: Exchange\ClientAccess\OWA, you will find a directory called auth. This directory contains several files which are used for login and logout. But besides these files there are two new files expiredpassword.aspx and exppw.dll.

Before you can use the new functionality you will need to make an adjustment in the registry of the CAS server. Go to the following location in the registry:

HLKM\SYSTEM\CurrentControlSet\Services\MSExchange OWA

Create a new DWORD called ChangeExpiredPasswordEnabled and change the value of the key to 1. This should look the same like below:

During the logon (logon.aspx) a check is done if the password is expired and if this is the case the user will be redirected to expiredpassword.aspx.

Before the user can change his/her password he will first needs to specify the old password. Once the password has change the user will be redirected to his/her mailbox.

Today I had a nice issue at a customer site who tried to install Exchange in a test environment. First I will give a short introduction. Let’s say you have an AD forest which contains a child domain where you want to host Exchange in. You first will need to do some things in the forest before you can install Exchange in the child domain. You will start with the schema upgrade followed by the forest prep. As last step you will prepare the child domain and you could start the Exchange setup to install Exchange.

Normally you will use the same media for all servers, but in Exchange 2007 this can be different. This because Exchange 2007 had a 32-bit version which could be used in test environments or to prepare the schema/forest on a 32-bit DC.

You may think aaahhh that happened ?? Everything was done via the correct steps but when starting the Exchange installation via the GUI the following errors were displayed in the log:

[2/7/2010 11:30:46 PM] [0] Setup has chosen the local domain controller for initial queries
[2/7/2010 11:30:46 PM] [0] PrepareAD has either not been run or has not replicated to the domain controller used by Setup. Setup will attempt to use the Schema Master domain controller
[2/7/2010 11:30:46 PM] [0] The schema master domain controller is available

So first checked if the servers can connect to eachother which was no issue. After trying some things we decided to move the schema master to the child domain to look if that would help. But this was also a no go and gave the following warnings:

[2/8/2010 3:32:34 PM] [1] [ERROR] PrepareDomain for domain ota has partially completed. Because of your Active Directory site configuration, you must wait for forest-wide replication to occur, and then run PrepareDomain for ota again.
[2/8/2010 3:32:34 PM] [1] [ERROR] Active Directory operation failed on This error is not retriable. Additional information: The specified group type is invalid.
Active directory response: 00002141: SvcErr: DSID-031A0FC0, problem 5003 (WILL_NOT_PERFORM), data 0

Waiting for 15 minutes didn’t fix the issue so we reversed all changes and I decided to start the Exchange setup via the GUI on the schema master. Then I saw the issue immidiatly the files used on the schema master were files for Exchange 2007 RTM and not for Exchange 2007 SP1. After using that files it worked without any issues.

It was a nice jigsaw after all.

Microsoft releases Rollup 2 for Exchange 2007 SP2

Microsoft has released rollup 2 for Exchange 2007 SP2, this rollup contains several fixes among which:

  • CAS server becomes slower when a user access a folder with a lot of content
  • Meetings will be displayed as all day events while this is not the case when synchronized via a mobile device
  • log and database increase abnormally
  • mails which need to be send to remote domains get stuck in the queue

These are a few of the fixes in Rollup 2 for a complete overview you can visit the following site.


Prevent spam which appear to be sent from your own domain

Last months you may receive spam which looks like to be sent from an account from your own domain. When you investigate the issue you will discover that this it not the case. But why does Exchange doesn’t do something with this kind of spam. I found the answer on Exchangepedia blog. Each mail which is received from the internet will be accepted with the anonymous user, when removing this user from the connector you won’t be able to receive mail from the internet. This account has some rights which are needed, one of these rights is the Ms-Exch-Accept-Authoritative-Domain-Sender which ensure that every session which contains a message from an authoritative domain will not be checked.

To prevent this you will need to remove some rights from the connector by using the following command:


Get-ReceiveConnector “Internet” | Get-ADPermission -user “NT AUTHORITY\Anonymous Logon” | where {$_.ExtendedRights -like “ms-exch-smtp-accept-authoritative-domain-sender”} | Remove-ADPermission

Please keep in mind that this also will have some consequences for other applications/devices which will use this connector using the anonymous user. For this application/devices you will need to create a separate connector.

Chinese signs in non-delivery reports

I know it may sound strange, Chinese signs in non-delivery reports. After some investigation I discovered something which made the problem stranger then I first thought. When the message was printed the text was displayed in Dutch.

When the same mail was sent from an Outlook 2003/2007 client the problem was not there. So I decided to start searching on the internet and after a while I found something on the Technet forum which looked pretty much on the problem I had.

The problem is caused by a bug in Outlook XP which will not be fixed anymore. To make the problem clear I summarized some details below:

  • mail-client is Outlook XP
  • happens only when a NDR is delivered in HTML format
  • when the mail is printed everything look OK

To fix this issue you will need to tell your Hub server that every NDR needs to be sent as a plain-text NDR, this can be done by executing the following Powershell command:

Get-TransportServer | Set-TransportServer –InternalDsnSendHtml $False

Another solution is upgrading your Outlook client to 2003 or higher.

Install Exchange in a Citrix Xenserver environment

Exchange setup error

Today I brought a new Exchange environment in the air. This time it was a greenfield situation, an environment which is completely seperated from the old environment. A big part of the server environment is virtualized, one of them is the Exchange server. Citrix XenServer was selected as the virtualization environment, and as it is listed on the list on the Microsoft site it should not be a problem.

So after the design was approved by the customer we started with the installation. Since some small things needed to be done on other servers I opened Xencenter so I can easily get access to all servers. It should not be a big problem you may think, till Exchange started with preparing the AD. After a few minutes the following error was displayed you do not have permissions to read the security descriptor on cn=deleted  objects,cn=configuration,dc=ishw,dc=local. Very strange because the account had enough permissions and the replication between the dc’s went OK. So I started to search for the cause of the issue and found a few possibilities:

– change the driveletter of the cd/dvd-rom, this was not an option since the installation was placed on a fileshare
– fix the permissions with ADAM, as this option brings some risks with it I skipped this one and saved it for later
– install it via the console, a little bit probelematic with a vm, so i tried RDP with the /console or /admin option

This last optionwas the solution, so XenCenter will make a RDP connection without the /console or /admin option. If your planning to install Exchange in a XenServer environment keep an eye on this.

Below some interesting articles”

Microsoft Support Policies and Recommendations for Exchange Servers in Hardware Virtualization Environments open
Security descriptor error during Exchange Server 2007 schema extension open
Technet Forum: Exchange 2007 Install Error : Read Security Descriptor open

Create a new room and set permissions in one step

A really simple Powershellscript, the script below will make it possible to create a room and will add extra permissions to it:

[string] $room
New-Mailbox -database “MBX-srv\Mailbox Database” -Name $room -OrganizationalUnit “Conference Rooms” -DisplayName $room -UserPrincipalName
$room@domain.local -Room
Add-adpermission $room -User domain\administrator -Extendedrights “Receive-As”

Executing the script:: new-room.ps1 “meetingroom1″

The script will place all rooms in the OU named Conference Rooms.

First the name will be read that is specified after the name of the parameter room$. After this the mailbox will be created as  a mailbox of the type room. The last step is setting the extra permissions, this is done by using the command add-adpermission, in this case the receive-as will be added but also send-as is an option.

Below a few links to the Technet pages of the used commands:

Technet add-adpermission open
Technet new-mailbox open