Exchange 2007

All posts tagged Exchange 2007

Let the rollups role

Today it is Microsoft Rollup day. Both for Exchange 2010 SP2 and Exchange 2007 SP3 new rollups have been released. The rollup for Exchange 2010 SP2 contains a lot of fixes. For Exchange 2007 SP3 it is the 10nd rollup which has been released although the fixes contained in the rollup are not as large as for Exchange 2010. The rollup for Exchange 2007 contains a security fix and one issue for a problem with OWA.

An overview of the fixes included on the rollups can be found below:

Exchange 2010 SP2 Rollup 6:

  • 2489941 The “legacyExchangeDN” value is shown in the “From” field instead of the “Simple Display Name” in an email message in an Exchange Server 2010 environment
  • 2717453 You cannot move or delete a folder by using Outlook in online mode in an Exchange Server 2010 environment
  • 2733608 Corrupted Japanese DBCS characters when you send a meeting request or post a reply to a posted item in a public folder in an Exchange Server 2010 environment
  • 2734635 Folder-associated information (FAI) items are deleted when you run the New-InboxRule cmdlet or change Inbox rules in an Exchange Server 2010 environment
  • 2737046 AutoPreview feature does not work when you use Outlook in online mode in an Exchange Server 2010 environment
  • 2741117 High CPU utilization by Microsoft Exchange Replication service on Client Access servers in an Exchange Server 2010 environment
  • 2746030 Incorrect ExternalURL value for EWS is returned by an Exchange Server 2010 Client Access server
  • 2750188 Exchange Service Host service crashes when you start the service on an Exchange 2010 server
  • 2751417 Synchronization fails if you sync an external device to a mailbox through EAS in an Exchange Server 2010 environment
  • 2751581 OAB generation fails with event IDs 9126, 9330, and either 9338 or 9339 in an Exchange Server 2010 environment
  • 2760999 “The signup domain ‘org’ derived from ‘<TenantDomainName>.org’ is not a valid domain” error message when you use the Hybrid Configuration wizard in an Exchange Server
  • 2776259 Msftefd.exe process crashes if an email attachment has an unexpected file name extension or no file name extension in an Exchange Server 2010 environment
  • 2779387 Duplicated email messages are displayed in the Sent Items folder in a EWS-based application that accesses an Exchange Server 2010 Mailbox server
  • 2783586 Name order of a contact is displayed incorrectly after you edit the contact in an Exchange Server 2010 environment
  • 2783631 User-Agent field is empty when you run the Get-ActiveSyncDeviceStatistics cmdlet in an Exchange Server 2010 SP2 environment
  • 2783633 You cannot move or delete an email message that is larger than the maximum receive or send size in an Exchange Server 2010 environment
  • 2783649 Private appointment is visible to a delegate in an Exchange Server 2010 environment
  • 2783771 Mailbox on a mobile device is not updated when EAS is configured in an Exchange Server 2010 environment
  • 2783772 Edgetransport.exe process crashes after a journal recipient receives an NDR message in an Exchange Server 2010 environment
  • 2783776 You cannot perform a cross-premises search in a mailbox in an Exchange Server 2010 hybrid environment
  • 2783782 Error message when you use Scanpst.exe on a .pst file in an Exchange Server 2010 environment
  • 2784081 Store.exe process crashes if you add certain registry keys to an Exchange Server 2010 Mailbox server
  • 2784083 Week numbers in the Outlook Web App and Outlook calendars are mismatched in an Exchange Server 2010 environment
  • 2784093 SCOM alerts and event ID 4 in an Exchange Server 2010 SP2 organization that has Update Rollup 1 or later
  • 2784566 Exchange RPC Client Access service crashes on an Exchange Server 2010 Mailbox server
  • 2787023 Exchange Mailbox Assistants service crashes when you try to change a recurring calendar item or publish free/busy data in an Exchange Server 2010 environment
  • 2793274 A new option is available that disables the PermanentlyDelete retention action in an Exchange Server 2010 organization
  • 2793278 You cannot use the search function to search for mailbox items in an Exchange Server 2010 environment
  • 2793279 Exchange Server 2010 does not restart when the Microsoft Exchange Replication service freezes
  • 2793488 Internet Explorer freezes when you connect to the OWA several times in an Exchange Server 2010 environment
  • 2810616 Email message delivery is delayed on a Blackberry mobile device after you install Update Rollup 4 for Exchange Server 2010 SP2


Exchange 2007 SP3 Rollup 

2783779 A hidden user is still displayed in the Organization information of Address Book in OWA in an Exchange Server 2007 environment


Exchange 2007 SP3 Rollup 4 released

Microsoft has released Rollup 4 for Exchange Server 2007 SP3. This rollup will fix the following issues:

  • 2531208 You cannot synchronize a folder hierarchy by using Outlook for Mac 2011 in an Exchange Server 2007 SP3 environment
  • 2528437 EWS applications cannot connect to Exchange Server 2007 servers after you make changes on accepted domains
  • 2521063 You are incorrectly displayed as a meeting organizer after you synchronize the meeting by using your mobile device in an Exchange Server 2007 environment
  • 2517337 You cannot open a mailbox that has a “#” character in the primary SMTP email address by using OWA in an Exchange Server 2007 environment
  • 2515428 The MSExchangeMailboxAssistants.exe process crashes when the managed folder assistant tries to journal a message in an Exchange Server 2007 environment
  • 2508872 The W3WP.exe process in the Autodiscover application pool on the Exchange Server 2007 Client Access servers consumes excessive CPU resources
  • 2507374 “Cannot open this item” error message in Outlook online mode in an Exchange Server 2007 environment
  • 2506827 An UM auto attendant times out and generates an invalid extension number error message in an Exchange Server 2007 environment
  • 2502276 A meeting request series are deleted unexpectedly from the calendar in an Exchange Server 2007 environment
  • 2498924 “Could not connect to a directory server” error message when you click the last page button in the search results in Exchange Server 2007 OWA
  • 2498156 OLM/OLD incorrectly runs against databases in a RSG in an Exchange Server 2007 environment
  • 2496806 A mobile phone times out when you use ActiveSync to synchronize the calendar on the mobile phone with an Exchange Server 2007 mailbox
  • 2543879 A PDF attachment sent from a Mac Mail client does not display when you open the email message by using Outlook 2010 in an Exchange Server 2007 SP3 environment
  • 2491751 Spell checking does not function correctly in OWA when an S/MIME control is used and SSL Offloading is enabled in Exchange Server 2007
  • 2484147 “HTTP Error 400 Bad Request” error message when you use OWA to log on to a newly created Exchange Server 2007 mailbox
  • 2466220 Question mark (?) characters appear in the subject of a reply email message in an Exchange Server 2007 environment
  • 2223294 A new feature is available to disable the “No end date” check box in OWA when you create a recurring meeting item in an Exchange Server 2007 environment
  • 977906 You receive an error message when you run certain commands in the EMS on an Exchange Server 2007 server
  • 2495010 The EdgeTransport.exe process consumes 100% CPU usage on an Exchange Server 2010 Edge Transport server or an Exchange Server 2007 Edge Transport server
  • 2484817 A mailbox does not show in certain address lists after you run commands on an Exchange Server 2007 mailbox
  • The rollup can be downloaded from the site below:

Update Rollup 4 for Exchange Server 2007 SP3 open

OWA displays blank screen

During a troubleshooting sessions at one of our customers I had an issue which can be found on several forums now a days, OWA will only display a blank screen instead of the logon page. But what is the cause of this issue? Well there are several reasons which can cause it:

  • not all required Windows Components are installed
  • changes have been made in the configuration using IIS

Required Windows Components are missing

The first reason is quite strange as you would expect that the installation of Exchange will check if all required components are in place before starting the installation.

When you forget, for example, the static content item of IIS this may cause the blank screen of OWA. To make it a bit easier you can use the script below to install all required Windows Components on a Windows 2008 server which will become a CAS server:

ServerManagerCmd -i Powershell
ServerManagerCmd -i Web-Server
ServerManagerCmd -i Web-ISAPI-Ext
ServerManagerCmd -i Web-Metabase
ServerManagerCmd -i Web-Lgcy-Mgmt-Console
ServerManagerCmd -i Web-Basic-Auth
ServerManagerCmd -i Web-Digest-Auth
ServerManagerCmd -i Web-Windows-Auth
ServerManagerCmd -i Web-Dyn-Compression

If your planning to use Outlook Anywhere don’t forget to install the RPC over HTTP feature:

ServerManagerCmd -i RPC-over-HTTP-proxy

If all the above components are installed you can start installing Exchange 2007.

OWA virtual directory configuration is corrupted

Making configuration changes using IIS may cause you OWA configuration to be corrupted. So don’t use OWA to make changes but use the Exchange Managment Shell or Exchange Management Console to make configuration changes.

But if you made changes using IIS and OWA does not work anymore how can it be solved? Well there is only one solution, remove the OWA virtual directory and recreate it. This can be done by using the remove-owavirtualdirectory and new-owavirtualdirectory cmdlets.

First step is to remove the old OWA directory:

remove-owavirtualdirectory “owa (Default Web Site)”

This will remove the virtual directory as you can see in the screenshot below:

Once the directory is removed we can create a new one by using the cmdlet below:

new-owavirtualdirectory -OwaVersion “Exchange2007″ -Name “owa (Default Web Site)”

This will recreate the OWA virtual directory and if your lucky OWA will work again. This were just 2 options which might cause this issue. If you got the same issue but the above steps didn’t work contact me so I can add them to this article johan (a)

According to the Technet documentation you should be able to install Exchange 2010 in an environment where Exchange 2007 is running. A while ago I got a question from a customer who had an issue when trying to install Exchange 2010. The problem occured running the /ps to extend the schema for Exchange, the following error message was displayed:

The schema version of Exchange 2007 SP3 is higher than the one from the Exchange 2010 setup. This makes it impossible to install Exchange 2010.

When you have installed Exchange SP3 you will have to wait for a service pack which will extend the schema. Because a lot of people will probably install Exchange 2007 SP3 this may be included in SP1 for Exchange 2010.

Below an overview of the Exchange versions and which schema version they use:

Exchange 2000 RTM4397
Exchange 2000 SP34406
Exchange 2003 RTM6870
Exchange 2003 SP36936
Exchange 2007 RTM10628
Exchange 2007 SP314625
Exchange 201014622
Exchange 2010 SP114726

If you would like to know how you can find out which version of AD schema you are using then take a look at the site below:


One of the new features in Exchange 2007 Service Pack 3 is the ability for users to change their password before logging in. Before service pack 3 a user who’s password had expired needed to call the helpdesk to reset their password or use another solution. With this new feature a user will be redirected to another page where he/she can change the password.

But how does this work? In the OWA directory, which you can find here: Exchange\ClientAccess\OWA, you will find a directory called auth. This directory contains several files which are used for login and logout. But besides these files there are two new files expiredpassword.aspx and exppw.dll.

Before you can use the new functionality you will need to make an adjustment in the registry of the CAS server. Go to the following location in the registry:

HLKM\SYSTEM\CurrentControlSet\Services\MSExchange OWA

Create a new DWORD called ChangeExpiredPasswordEnabled and change the value of the key to 1. This should look the same like below:

During the logon (logon.aspx) a check is done if the password is expired and if this is the case the user will be redirected to expiredpassword.aspx.

Before the user can change his/her password he will first needs to specify the old password. Once the password has change the user will be redirected to his/her mailbox.

Today I had a nice issue at a customer site who tried to install Exchange in a test environment. First I will give a short introduction. Let’s say you have an AD forest which contains a child domain where you want to host Exchange in. You first will need to do some things in the forest before you can install Exchange in the child domain. You will start with the schema upgrade followed by the forest prep. As last step you will prepare the child domain and you could start the Exchange setup to install Exchange.

Normally you will use the same media for all servers, but in Exchange 2007 this can be different. This because Exchange 2007 had a 32-bit version which could be used in test environments or to prepare the schema/forest on a 32-bit DC.

You may think aaahhh that happened ?? Everything was done via the correct steps but when starting the Exchange installation via the GUI the following errors were displayed in the log:

[2/7/2010 11:30:46 PM] [0] Setup has chosen the local domain controller for initial queries
[2/7/2010 11:30:46 PM] [0] PrepareAD has either not been run or has not replicated to the domain controller used by Setup. Setup will attempt to use the Schema Master domain controller
[2/7/2010 11:30:46 PM] [0] The schema master domain controller is available

So first checked if the servers can connect to eachother which was no issue. After trying some things we decided to move the schema master to the child domain to look if that would help. But this was also a no go and gave the following warnings:

[2/8/2010 3:32:34 PM] [1] [ERROR] PrepareDomain for domain ota has partially completed. Because of your Active Directory site configuration, you must wait for forest-wide replication to occur, and then run PrepareDomain for ota again.
[2/8/2010 3:32:34 PM] [1] [ERROR] Active Directory operation failed on This error is not retriable. Additional information: The specified group type is invalid.
Active directory response: 00002141: SvcErr: DSID-031A0FC0, problem 5003 (WILL_NOT_PERFORM), data 0

Waiting for 15 minutes didn’t fix the issue so we reversed all changes and I decided to start the Exchange setup via the GUI on the schema master. Then I saw the issue immidiatly the files used on the schema master were files for Exchange 2007 RTM and not for Exchange 2007 SP1. After using that files it worked without any issues.

It was a nice jigsaw after all.

Microsoft releases Rollup 2 for Exchange 2007 SP2

Microsoft has released rollup 2 for Exchange 2007 SP2, this rollup contains several fixes among which:

  • CAS server becomes slower when a user access a folder with a lot of content
  • Meetings will be displayed as all day events while this is not the case when synchronized via a mobile device
  • log and database increase abnormally
  • mails which need to be send to remote domains get stuck in the queue

These are a few of the fixes in Rollup 2 for a complete overview you can visit the following site.


Autodiscover in a multiforest environment

It has been a while ago since the last tutorial, so here is the new one about autodiscover in a multiforest environment. Normally autodiscover may cause some headaches so when deploying it in a multiforest environment this may also be the case. In this tutorial I will explain how you can configure and test autodiscover in a multiforest environment.


Autodiscover in a multiforest environment

Autodiscover, a really nice feature of Exchange but it can cause headaches. When implementing it in a multiforest environment you will have to take care of some extra things. In this tutorial I will explain which steps are needed and will let you see what goes wrong when it is not configured correctly.

Below a forest overview of the forests in my test environment:

multiforest environment

In this environment the following forests have been created:

  • demo.local, the user forest. In this forests all user accounts will be created, this forest will contain a domaincontroller.
  • exchange.local, one of the Exchange resource forests. This forest contains an Exchange server with the HUB, CAS and mailbox role installed, besides this it’s the domaincontroller for this forest.
  • company.local, the other Exchange resource forest. This forest also contains an Exchange server with the HUB, CAS and mailbox role installed and also will function as a domaincontroller for this forest.

OK now what do we want to achieve. The useraccounts will be created in the demo.local forest. All users will be placed in seperate OU’s per Exchange resource forest. The next step will be to create the linked mailboxes in the resource forests. These forests will contain user accounts but all accounts will be disabled. Users will login to the demo.local domain and will configure their Outlook using autodiscover.

The steps to install a domain controller and install Exchange will be skipped, and I will assume that you have 3 forests containing the earlier mentioned servers including the domain controller and Exchange roles.

First we will create the trust between the forests. Before we can setup the trust we need to ensure that DNS records can be resolved correctly. This can be done by creating a forwarder to the DNS server responsible for the domain. So the DNS server in the user forest will contain a forwarder to the DNS server in the resource forest and vice versa.

Next step is to create the trust, this can be done via netdom command:

Netdom trust trusted_domain_name /domain: trusting_domain_name /verify

Or via Active Directory Domains and Trusts, this can be done via the wizard:

Create trust

Specify the name of the user forest.

Forest trust

In the next step you will specify the type of trust you want to create, in this case a forest trust.

Outgoing trust

Then we will define that the trust only needs to be an outgoing trust, this because users from the user forest only need to authenticate in the resource forest and not vice versa.

Create trust

As an option you can also arrange that the trust will be created in both forests, for this you will need to specify an account with enough permissions.

Authenticate user

Once specified click on next

Forest-wide authentication

One of the lasts steps is choosing between forest-wide or selective authentication. With this we can configure if the complete forest gets access to the resource forest of that this will need to be configured per user.

After a short overview you must click on next to create the trust and the following screen will be displayed.

Trust created

If you like you can perform an extra check.

Trust validation

After the test is performed the test results will be displayed.

Results check

Before we will continue with the next steps we need to create the user in the user forest. This can be done via Active Directory Users & Computers and can be a standard user. When the user is created we can create the linked mailbox, for this we need to open the Exchange Management Console or Exchange Management Shell.

For creating the linked mailbox via a commandline execute the following command:

New-Mailbox -Database “Mailbox Database” -Name “Demo User” -LinkedDomainController “dc.demo.local” -LinkedMasterAccount demo\demouser -OrganizationalUnit Exchange\Users -UserPrincipalName demouser@exchange.local-LinkedCredential:(Get-Credential demo\administrator)

Or using the GUI, once opened go to recipient configuration and select the mailbox item.

Recipient Configuration

Rightclick on the mailbox item and choose the option new mailbox.

New Mailbox

A wizard will be opened.

Linked mailbox

Choose the option linked mailbox and click the next button.

New user

After this you have the option to select an existing user or create a new user, keep in mind that this will be in the resource forest and not in the user forest.

New user step 2

Fill in the required fields and press next to continue.

Create mailbox

Select the database where you want to create the mailbox of the user and select an activesync and managed folder policy for this user if you like.

Master account

In the next screen we will select the master account to which the mailbox will be need to assigned, this will be a user in the user forest. You can easily select the user by pressing on the browse button. When you have selected the user press next to continue.

A short overview will be displayed and when pressing next again the user and mailbox will be created.

Linked mailbox created

As you can see in the screen above the user and mailbox have been created successfully.

When the mailbox is created we can perform some tests, this tests will not succeed as the user forest will not know anything about the autodiscover functionality in the resource forest.

First we will start Outlook and the following screen will be displayed.

Outlook - create profile

We will fill in all the required information and press next to continue.

Outlook - error

After several seconds Outlook will display a message that it can’t setup a secure connection and that you will have the option to setup an unsecure connection, click on next to try this.

Outlook - unencrypted error

This will also not succeed and Outlook tells you to verify the information. In this case we are 100% sure that the specified information is correct so why does Outlook will display the error.

This is what a client does when using the autodiscover functionality from the LAN:

Autodiscover workflow

As you can see a query is done for a Service Connection Point (SCP), this object can be found in the configuration partition of the Active Directory which does not exist in the user forest.

To doublecheck this we will need to open adsiedit on a domain controller in the user forest. Once opened open the configuration partition and go to:

CN=Services, CN=Configuration, CN=domain, CN=local

Adsiedit - without autodiscover service

To create the SCP in the user forest we will need to execute the following command on the Exchange server in the resource forest:

Export-AutoDiscoverConfig -DomainController DomainControllerName -TargetForestDomainController TargetForestDomainControllerName -MultipleExchangeDeployments $true

I think the parameters are clear enough but maybe the last one will need some additional information. When the parameter MultipleExchangeDeployments is set to TRUE you will tell the forests that you have multiple Exchange forests. Not really exciting you may think but it is. The parameter will also export the accepted domains which are defined in the Exchange environment. When adding an extra accepted domain you will need to execute this command again to update the SCP object.

When you have a look with adsiedit again on the domain controller in the user forest you will see that the object for the autodiscover service has been created.

Adsiedit - with autodiscover service

Per Exchange forest a folder will be created, in our case exchange.local and company.local.

When you will get the properties of the folder and have a look at the values of keywords and serviceBindingInformation you will see that it points to the resource forest. The keyword attribute contains the Active Directory Site of the site from which the CAS is a member. The serviceBindingInformation attribute contains the FQDN of the CAS server in the following format When the replication has succeeded between the user forest and the resource forest it’s time to try it again so we will start Outlook.

Outlook - create profile

We will fill in the required info and will press next

Create Outlook profile succesfully

As you can see above the automatic configuration of Outlook has succeeded and we can use Outlook to confirm this.

Outlook test e-mail autoconfiguration

Interesting links:

MsExchange Team: Configuration Tips and common troubleshooting steps for multiple forest deployment of Autodiscover service open
Technet: White Paper: Exchange 2007 Autodiscover Service open
Technet: How to create a linked mailbox open

Install Exchange in a Citrix Xenserver environment

Exchange setup error

Today I brought a new Exchange environment in the air. This time it was a greenfield situation, an environment which is completely seperated from the old environment. A big part of the server environment is virtualized, one of them is the Exchange server. Citrix XenServer was selected as the virtualization environment, and as it is listed on the list on the Microsoft site it should not be a problem.

So after the design was approved by the customer we started with the installation. Since some small things needed to be done on other servers I opened Xencenter so I can easily get access to all servers. It should not be a big problem you may think, till Exchange started with preparing the AD. After a few minutes the following error was displayed you do not have permissions to read the security descriptor on cn=deleted  objects,cn=configuration,dc=ishw,dc=local. Very strange because the account had enough permissions and the replication between the dc’s went OK. So I started to search for the cause of the issue and found a few possibilities:

– change the driveletter of the cd/dvd-rom, this was not an option since the installation was placed on a fileshare
– fix the permissions with ADAM, as this option brings some risks with it I skipped this one and saved it for later
– install it via the console, a little bit probelematic with a vm, so i tried RDP with the /console or /admin option

This last optionwas the solution, so XenCenter will make a RDP connection without the /console or /admin option. If your planning to install Exchange in a XenServer environment keep an eye on this.

Below some interesting articles”

Microsoft Support Policies and Recommendations for Exchange Servers in Hardware Virtualization Environments open
Security descriptor error during Exchange Server 2007 schema extension open
Technet Forum: Exchange 2007 Install Error : Read Security Descriptor open