We had an issue recently when upgrading our Exchange Server to Exchange 2010 SP2. Basically the issue was that the first Exchange server we were trying to upgrade was not in the same site as the schema master and we got thrown the below error.

“Setup encountered a problem while validating the state of Active Directory: Exchange organization-level objects have not been created, and setup cannot create them because the local computer is not in the same domain and site as the schema master. Run setup with the /prepareAD parameter and wait for replication to complete.”

To work around this you can temporarily add the below registry key this will make the server belong to a different site, we want our Exchange server to connect to the same site as the Schema Master.

1. Open RegEdit
2. Browse to HKEY_LOCAL_MACHINESystemCurrentControlSetServicesNetlogonParameters
3. Create a REG_SZ entry with the name SiteName
4. Set the Value to the site name of the site the Schema Masters in
5. Reboot the Server

Once the server is upgraded delete the REG entry and reboot the server and you will have an upgraded Exchange server and everything will be back to normal

Here is a quick simple command you can run to add a mailbox database copy with the lagged copy time already set so you don’t have to go back and set the lagged copy setting after the seeding.

The below command is adding a copy for the mailbox database named “DatabaseName” onto the server ‘LagServer’ and the lag copy is set for 7 days behind (The maximum you can increase this to is 14 Days)

Add-MailboxDatabaseCopy –Identity ‘DatabaseName’ -MailboxServer ‘LagServer‘ -ReplayLagTime 07.00:00:00

Just to let you know Update Rollup 1 for Exchange Server 2010 Service Pack 2 (KB2645995) has been released

You can download the rollup from http://www.microsoft.com/download/en/details.aspx?id=28809&WT.mc_id=rss_alldownloads_all

Rollup 1 contains the following fixes (Referenced from http://support.microsoft.com/?kbid=2645995)

• You cannot view or download an image on a Windows Mobile-based device that is synchronized with an Exchange Server 2010 mailbox
• An automatic reply message is still sent after you clear the "Allow automatic replies" check box for a remote domain on an Exchange Server 2010 server
• An Outlook 2003 user cannot view the free/busy information of a resource mailbox in a mixed Exchange Server 2010 and Exchange Server 2007 environment
• A GAL related client-only message rule does not take effect in Outlook in an Exchange Server 2010 environment
• Users in a source forest cannot view the free/busy information of mailboxes in a target forest in an Exchange Server 2010 environment
• A meeting item displays incorrectly as multiple all-day events when you synchronize a mobile device on an Exchange Server 2010 mailbox
• Inline contents disposition is removed when you send a "Content-Disposition: inline" email message in an Exchange Server 2010 environment
• It takes a long time for a user to download an OAB in an Exchange Server 2010 organization
• Problems when viewing an Exchange Server 2003 user’s free/busy information in a mixed Exchange Server 2003 and Exchange Server 2010 environment
• A user who has a linked mailbox cannot use a new profile to access another linked mailbox in an Exchange Server 2010 environment
• You cannot move certain mailboxes from an Exchange Server 2003 server to an Exchange Server 2010 server
• You cannot view the message delivery report of a signed email message by using Outlook or OWA in an Exchange Server 2010 environment
• The StartDagServerMaintenance.ps1 script fails in an Exchange Server 2010 environment
• You cannot manage a mail-enabled public folder in a mixed Exchange Server 2003 and Exchange Server 2010 environment
• The cmdlet extension agent cannot process multiple objects in a pipeline in an Exchange Server 2010 environment
• "Junk e-mail validation error" error message when you manage the junk email rule for a user’s mailbox in an Exchange Server 2010 environment
• Warning 2074 and Error 2153 are logged on DAG member servers in an Exchange Server 2010 environment
• You cannot move a mailbox from a remote legacy Exchange forest to an Exchange Server 2010 forest
• A Public Folder Calendar folder is missing in the Public Folder Favorites list of an Exchange Server 2010 mailbox
• The Exchange RPC Client Access service crashes when you send an email message in an Exchange Server 2010 environment
• A user can still open an IRM-protected email message after you remove the user from the associated AD RMS rights policy template in an Exchange Server 2010 environment
• A user in an exclusive scope cannot manage his mailbox in an Exchange Server 2010 environment
• EMC takes a long time to return results when you manage full access permissions in an Exchange Server 2010 organization that has many users
• "Can’t open this item" error message when you use Outlook 2003 in online mode in an Exchange Server 2010 environment
• The MSExchangeMailboxAssistants.exe process crashes frequently after you move mailboxes that contain IRM-protect email messages to an Exchange Server 2010 SP1 mailbox server
• ECP crashes when a RBAC role assignee tries to manage another user’s mailbox by using ECP in an Exchange Server 2010 environment
• A display name that contains DBCS characters is corrupted in the "Sent Items" folder in an Exchange Server 2010 environment
• Empty message body when replying to a saved message file in an Exchange Server 2010 SP1 environment
• IMAP4 clients cannot log on to Exchange Server 2003 servers when the Exchange Server 2010 Client Access server is used to handle proxy requests
• Multi-Mailbox Search fails if the MemberOfGroup property is used for the management scope in an Exchange Server 2010 environment
• Event ID 4999 when the Store.exe process crashes on an Exchange Server 2010 mailbox server
• Event ID 4999 when the Exchange Mailbox Assistants service crashes in Exchange 2010
• An encrypted or digitally-signed message cannot be printed when S/MIME control is installed in OWA in an Exchange Server 2010 SP1 environment
• Stop-DatabaseAvailabilityGroup or Start-DatabaseAvailabilityGroup cmdlet fails when run together with the DomainController parameter in an Exchange Server 2010 environment
• An Exchange Server 2010 database store grows unexpectedly large
• "None" recipient status in Outlook when a recipient responds to a meeting request in a short period of time in an Exchange Server 2010 environment
• “The action couldn’t be completed. Please try again." error message when you use OWA to perform an AQS search that contains "Sent" or "Received" in an Exchange Server 2010 SP1 environment
• The Microsoft Exchange Information Store service crashes in an Exchange Server 2010 environment
• Multi-Mailbox Search fails if you specify multiple users in the "Message To or From Specific E-Mail Addresses" option in an Exchange Server 2010 environment
• Incorrect number of items for each keyword when you search for multiple keywords in mailboxes in an Exchange Server 2010 environment
• The Microsoft Exchange Replication service crashes on Exchange Server 2010 DAG members
• A UM auto attendant times out and generates an invalid extension number error message in an Exchange Server 2010 environment
• A journal report is not sent to a journaling mailbox when you use journaling rules on distribution groups in an Exchange Server 2010 environment
• Message items rescanned in the background in an Exchange Server 2010 environment
• The Number of Items in Retry Table counter displays an incorrect value that causes SCOM alerts in an Exchange Server 2010 SP1 organization
• The MSExchangeSyncAppPool application pool crashes in a mixed Exchange Server 2003 and Exchange Server 2010 environment
• The hierarchy of a new public folder database does not replicate on an Exchange Server 2010 SP1 server
• The hierarchy of a new public folder database does not replicate on an Exchange Server 2010 SP1 server
• The RPC Client Access service may crash when you import a .pst file by using the New-MailboxImportRequest cmdlet in an Exchange Server 2010 environment
• A seed operation might not succeed when the source mailbox database has many log files in a Microsoft Exchange Server 2010 DAG
• Active Directory schema attributes are cleared after you disable a user’s mailbox in an Exchange Server 2010 environment
• Disabling or removing a mailbox fails in an Exchange Server 2010 environment that has Office Communications Server 2007, Office Communications Server 2007 R2 or Lync Server 2010 deployed
• An email message body is garbled when you save or send the email message in an Exchange Server 2010 environment
• Client Access servers cannot serve other Mailbox servers when a Mailbox server encounters a problem in an Exchange Server 2010 environment
• Mailbox replication latency may occur when users perform a Multi-Mailbox Search function against a DAG in an Exchange Server 2010 environment
• Warning of undefined recipient type of a user after the linked mailbox is moved from an Exchange Server 2007 forest to an Exchange Server 2010 forest
• The MailboxCountQuota policy is not enforced correctly in an Exchange Server 2010 hosting mode
• Event ID 4999 is logged on an Exchange Server 2010 Client Access server (CAS)

We came across an issue today when we were trying to set Send As permissions for a specific mailbox and recieved the below error on Exchange 2010.

“Error:
Active Directory operation failed on DC.domain.com. This error is not retriable. Additional information: Access is denied.
Active directory response: 00000005: SecErr: DSID-03151E07, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0

The user has insufficient access rights.”

Resolution

To resolve this we had to do the following

1, Open Active Directory Users and Computers and View advanced features

2, Find the user account for the mailbox with the issue and go to the properties of this account

3, Go to the security tab and hit advanced

4, Now check the box that says include inheritable permission and apply this setting

5, Now when you set the send as permission and all works

“Completed

Exchange Management Shell command completed:
Add-ADPermission -Identity ‘CN=User,OU=Users OU,DC=Domain=DC=com’ -User ‘DomainUser1′ -ExtendedRights ‘Send-as’

Elapsed Time: 00:00:00”

We recently needed to add a Secondary Email address to a mailbox in Exchange 2010.

Please see the command below on how to do this (In this example the user is test@test.com and he would like the secondary email address to be test1@risual.com)

Run the below from the Exchange management shell.

Set-Mailbox test@test.com -EmailAddresses @{add="test1@test.com"}

We had an issues recently on a client machine , when reinstalling a CRM 2011 client from x64 to x86.

Once we reinstalled the x86 version we were unable to run the CRM Configuration wizard and if we opened outlook the CRM add-in appeared to be there but was not functional at all.

Resolution

To fix this we did the following

1, Uninstall the CRM 2011 Client

2,Open Registry Editor

3, Delete the following key “HKEY_CURRENT_USERSoftwareMicrosoftMSCRMClient

4, Re-install CRM Client and it all works

We had an issue recently trying to RDP to our newly created TMG server. We had allowed the machine we were using to connect to the server in the TMG’s Server System policy.

When running logging in TMG we could see the RDP server hitting the server but then immediately getting a closed connection with the following message “A connection was abortively closed after one of the peers sent an RST packet”

Resolution

1.  First Log onto your TMG Server

2. Right-click the highlighted icon and choose “Open Network and Sharing Center”

3. If you then choose “Change Adapter Settings”

4. If you know right click the Adapter for you Internal Network named LAN and press properties and make note of the name of the adapter.

5. If we now go to START > Administrative Tools > Remote Desktop Services > Remote Desktop Host Configuration

6. You Should see a connection named RDP-Tcp if you select this and then Disable and Re-enable the connection

7. If you know right click the connection named RDP-Tcp and choose properties

8. If you then navigate to the Network Adapter tab and choose the Internal Network adapter we found out in Step 4 and choose ok

9. If you then disable and re-enable the connection again

After this all worked again even after a reboot

Just to let you know Exchange 2007 SP3 Rollup 6 has been released

You can download the rollup from http://www.microsoft.com/download/en/details.aspx?id=28751

Rollup 6  contains the following fixes (Referenced from http://support.microsoft.com/?kbid=2608656)

• 2289607 - The week numbers displayed in OWA do not match the week numbers displayed in Outlook for English users and French users in an Exchange Server 2007 environment
• 2498852 - "0×80041606" error message when you perform a prefix search by using Outlook in online mode in an Exchange Server 2007 environment
• 2499841 - An arrow icon does not appear after you change the email message subject by using OWA in an Exchange Server 2007 SP3 environment
• 2523695 – A "System.ArgumentOutOfRangeException" exception occurs when you click the "Scheduling Assistant" tab in Exchange Server 2007 OWA
• 2545080 - Users in a source forest cannot view the free/busy information of mailboxes in a target forest when the cross-forest Availability service is configured between two Exchange Server 2007 forests
• 2571391 – Applications or services that depend on the Remote Registry service may stop working in an Exchange Server 2007 environment
• 2572010 – The Microsoft Exchange Information Store service may crash after you run the Test-ExchangeSearch cmdlet in an Exchange Server 2007 environment
• 2575360  – A new feature is available to automatically stop the Microsoft Exchange Information Store service when a time-out is detected in an Exchange Server 2007 SP3 environment
• 2591655 – A journaling report remains in the submission queue when an email message is delivered successfully in an Exchange Server 2007 environment
• 2598980 – The PidLidClipEnd property of a recurring meeting request has an incorrect value in an Exchange Server 2007 environment
• 2616427 – An Outlook Anywhere client loses connection when a GC server restarts in an Exchange Server 2007 environment
• 2617784 – Journal reports are expired or lost when the Microsoft Exchange Transport service is restarted in an Exchange Server 2007 environment
• 2626217 – Certain changes to address lists may not be updated in an Exchange Server 2007 environment
• 2629790 – The Exchange IMAP4 service may stop responding on an Exchange Server 2007 Client Access server when users access mailboxes that are hosted on Exchange Server 2003 servers
• 2633801 – The SCOM 2007 SP1 server cannot alert certain issues in an Exchange Server 2007 organization
• 914533 – The Microsoft Exchange Information Store service may stop responding on an Exchange Server 2007 server
• 976977 – The scroll bar does not work in OWA when there are more than 22 all-day event calendar items in an Exchange Server 2007 user’s calendar
• 2641312 – The update tracking information option does not work in an Exchange Server 2007 environment
• 2653334 – The reseed process is unsuccessful on the SCR passive node when the circular logging feature is enabled in an Exchange Server 2007 environment
• 2656040 – An Exchange Server 2007 Client Access server may respond slowly or stop responding when users try to synchronize the Exchange ActiveSync devices with their mailboxes
• 2658613 – The "PidLidClipEnd" property of a no ending recurring meeting request is set to an incorrect value in an Exchange Server 2007 environment

We had an issue recently with End User Recovery for DPM 2010  recently , where on certain shares on a file server we were backing up didn’t show previous versions, with the following error “There are no previous versions available”.

Working Previous version on file share

Failing Previous versions on the same file share

To resolve this issue we had to do the following

• First log on your DPM 2010 server
• Open Server Manger
• Expand Roles > File Services
• Choose Share and Storage management
• Navigate to the Shares tab
• Now right click the share thats shows no recovery points and choose Stop Sharing

Now we’ve removed the share from DPM we will need to do some changes in AD via ADSI Edit.

The first thing we need to do is find the canonical name of the share, so if you open command prompt on a server with AD tools and Asdiedit installed such as a DC and run the following command.

Change the below in Bold to match your domain

dsquery * cn=ms-sharemapconfiguration,cn=system,dc=Domain, dc=com –attr ms-productionSrvShare cn -limit 1000 > C:shares.txt

Once you have run the above command open the shares.txt file on the C drive that would of been outputted

Example of outputted file

ms-productionSrvShare                                                            cn                                   
                                                                                                            MS-ShareMapConfiguration             
\ServerShare                                                                            def225c9-0816-4192-bcea-46f1fb71f5b6

Now open ADSIEDIT but keep the shares.txt file open so we can refer to it

• Open ADSIEDIT
• Expand Domain
• Expand DC=Domain, DC=com
• Expand CN=System
• Now select CN=MS-ShareMapConfiguration
• Now we need to refer back to our shares.txt file to find the CN name of the share we need to fix the previous versions for
• now delete the object that matches the CN file from the shares.txt file

Once that has been done wait for your AD to replicate or force replication.

Now you need to modify the protection group that is backing up the file share in question.

• Exclude the folder with the issue with previous versions from the backup and update the protection group and wait for consistency check to complete
• Re-add the folder we just excluded and update the protection group again

Wait for the consistency check to complete and then previous versions should be working again

We had an issue recently when trying to access an external FTP site. We tried to open the FTP website via Windows Explorer, we typed our credentials in and we got the following error.

The part we are interested in is the “502 Active FTP not allowed” , this is due to the fact that Active FTP is automatically disabled via TMG.

To allow Active FTP in TMG do the Following

1. Open The TMG Management Console
2. Press System and go to the Application Filters tab
3. Right click the FTP Access Filter and press properties
4. Go to the FTP properties tab and select the tick box “Allow active FTP access”

Also do the following on the access rule you created to allow FTP access

1. Right click access rule and choose Configure FTP
2. Uncheck Read Only

You will now be able to access the FTP site