Moving

I am moving this blog to WordPress. This is the first part of moving my focus and developing an Adelaide Exchange Server and Directory Services User Group in the near future.

Please update your favourites to point to messagingguy.wordpress.com

I’ll continue to replicate content on here for the next few months

Outlook 2007 prompting for authentication after migrating to Exchange 2010

Client had an issue after I migrated them from Exchange 2007 to Exchange 2010 where users on Outlook 2007 were being prompted for authentication. Mail flow would work for the user but they were being prompted for authentication from the autodiscover url.

The fix for the was as follows

 

Set-ClientAccessServer -Identity CASSERVER -AutodiscoverServiceInternalUrihttps://url.domain.com/autodiscover/autodiscover.xml
Set-WebServicesVirtualDirectory -Identity " CASSERVER \EWS (Default Web Site)" -InternalUrl https://url.domain.com/ews/exchange.asmx
Set-OABVirtualDirectory -Identity " CASSERVER \oab (Default Web Site)" -InternalUrl https://url.domain.com/oab
Set-UMVirtualDirectory -Identity " CASSERVER \unifiedmessaging (Default Web Site)" -InternalUrl https://url.domain.com/unifiedmessaging/service.asmx

 

The final thing to do is to make sure if you are using a proxy server make sure there is an exception in the proxy list for the url of the autodiscover service

On a multihomed CAS server you receive error “Connecting to remote server failed with the following error message: The WinRM client cannot process the request. It cannot determine the content type of the HTTP response from the destination computer. The content type is absent or invalid. For more information, see the about_Remote_Troubleshooting Help topic.” after statically binding an IP address to the web site containing the PowerShell virtual directory.

Had an issue today at a clients site where they needed another OWA virtual directory for their SharePoint portal. So I created a new Web Site, added an additional IP address to the existing NIC. I then went into the bindings of the Default Web Site and set it to one of the addresses and then set the other site to the other address. Seems simple enough.

I then opened up the EMS and got this error

“Connecting to remote server failed with the following error message: The WinRM client cannot process the request. It cannot determine the content type of the HTTP response from the destination computer. The content type is absent or invalid. For more information, see the about_Remote_Troubleshooting Help topic.”

 

After making sure time was all good between the CAS and the DC I figured out that setting the web site that contained the PowerShell virtual directory to use All Unassigned as it’s binding resolved the issue.

Routing messages between two Exchange 2007/2010 fails with “451 5.7.3 Cannot achieve Exchange Server authentication." Attempted failover to alternate host, but that did not succeed. Either there are no alternate hosts, or delivery failed to all alternate hosts”

Here is something that came up at a client site today

EXC01 (2k7 CAS/HT) has an Internal Relay receive connector with allowed relay from x.x.x.0/24 – among others

EXC02 (2k10 CAS/HT) is getting errors when trying to route mail to the 2k7 server “451 4.4.0 Primary target IP address responded with: "451 5.7.3 Cannot achieve Exchange Server authentication." Attempted failover to alternate host, but that did not succeed. Either there are no alternate hosts, or delivery failed to all alternate hosts”

What needs to be done is to take the new HT out of the relay list.

Why?

Well the way that I set up my relay connectors

AuthMechanism : Tls, ExternalAuthoritative

PermissionGroups : ExchangeServers

So the problem is the ExchangeServers Permission group that screws it all up. The relay connector see new HT as an Exchange server and so it used the relay connected not the default connector. This starts TLS but when the new HT initiates Integrated authenticated it fails because the relay connector does not have that as an Auth method.

Exchange 2010 Help file

http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=8071c31f-45be-48dc-bfca-e1fb51f544d2

This is the same as what is available online here, always nice to have the offline version on you especially when your at a site you cant get ‘net access and are in a bit of a bind.

Messages Stuck in Drafts folder in OWA

Excellent article on this issue in Exchange 2010 and points out why sysprep and unique SID’s are so important

http://www.petrikb.com/email-stuck-in-drafts-folder.htm

RPC Encryption – Exchange 2010 and Outlook 2003

By default Outlook 2003 does not encrypt traffic between itself and the Exchange server it connects to.

With the introduction of Exchange 2010 RPC traffic between the Exchange server and Outlook must be encrypted by default.

To get around this with Outlook 2003 clients you must either use Group Policy to enable RPC encryption or disable the requirement for encryption on all Exchange 2010 CAS servers. To do this run the following common in the EMS.

Set-RpcClientAccess –Server CAS1 –EncryptionRequired $False

Without making one of these changes Outlook 2003 clients will not be able to connect to the Exchange 2010 CAS.

Update Rollup 2 available for Exchange 2007 SP2

http://msexchangeteam.com/archive/2010/01/29/453908.aspx

Here is the lists of fixes it covers:

KBA 972076 lists all the fixes included in this rollup. Here are some of the product improvements and critical bug fixes we'd like to call out:

1. KB 972705: This one is for all the IT pros and anyone who has ever had to explain abnormal database size/log file growth in a short period of time. We have added three new registry entries to help speed up troubleshooting the issue:
   • BytesLogWarningThreshold
   • BytesLogErrorThreshold
   • BytesLogCheckPeriodInMinutes
   More information on the values to set in the above registry keys is documented in KB 972705.
2. KB 975404: Accepting meeting requests sent via an application using CDO like Blackberry devices sometimes results in rendering an embedded message attached to the meeting request inaccessible.
3. KB 976137: We have made a change to the behavior of the Unified Messaging Auto attendant when it plays the greeting for callers on a holiday. Currently when callers call on a holiday, they hear the non-business hours greeting followed by the holiday greeting. In this rollup we have made a change so that the callers calling on a holiday will only hear the holiday greeting. If your greetings are configured such that they would make sense to callers calling on a holiday only if they hear both the non-business hours greeting and the holiday greeting, then you need to re-configure them when you install this update rollup.
4. KB 971177: Another change in the UM Auto Attendants configuration in the Exchange Management Console. It is now aware if your time zone follows Daylight Saving Time.
5. KB 975165: In an environment using self-signed certificates and CAS-CAS proxying, Exchange Web Services requests proxied may start failing after the Availability Service has made a proxy request.
6. A bug where the OWA Virtual Directory cannot be accessed via the Exchange Management Console in an environment coexisting with Exchange 2010 if the Exchange 2007 server was upgraded from Exchange 2007 SP1 to SP2.

KB 972076 has more details about this release and a complete list of all fixes included in this rollup.

Exchange 2010 OWA errors in Exchange Management Console

After the installation of Exchange 2010 if you navigate to Server Configuration->Client Access Server.
You may get the following error:
“An IIS Directory entry couldn’t be created. The error message is Access is denied.
.HResult= –2147024891 it was running the command Get-OwaVirtualDirectory”.

This is resolved by adding the Exchange Trusted Subsystem group to the local Administrator group on the Exchange 2007 server.

Exchange 2010 from Installation to Migrating Mailboxes Pt.1

Apologies for not having posted for quiet some time but I have been transitioning a new client into the company that I work for’s managed service offering.
Documenting and auditing an infrastructure of 100 odd physical server ranging in age from 3-6 years covering 12 locations and 2 AD forests took a little bit of my time for a couple of months.
So now that is over I am back to my regular job and on to my first few Exchange 2010 migrations.
I am going to run you through how to get Exchange 2010 installed in your environment and migrate your mailboxes from an Exchange 2007 server to an Exchange 2010 environment today. Please note this will not cover DAG’s (Database Availability Groups) I will be covering that is great detail in a future post.
So lets get started.
On the source server we need to make sure the following prerequisites are completed before installing Exchange 2010 into the environment.
1) Exchange 2007 SP2 must be installed on source server.
If you have more than 1 Exchange 2007 server you must have SP2 installed on all CAS servers in Organisation and installed on all Exchange 2007 servers in the same AD site as the one that you are planning on placing your Exchange 2010 server.
2)  Other than all the current Windows Updates, you need to install Windows Installer 4.5 (found here)
If installing Exchange 2010 on Windows 2008 you also need to install SP2 and the following

1. Install Microsoft .NET Framework 3.5 Service Pack 1 (SP1). For details, see Microsoft .NET Framework 3.5 SP1.
2. Install the Microsoft .NET Framework 3.5 Family Update for Windows Vista x64, and Windows Server 2008 x64 updates. For details, see Microsoft .NET Framework 3.5 Family Update for Windows Vista x64, and Windows Server 2008 x64. See also Microsoft Knowledge Base article 959209, An update for the .NET Framework 3.5 Service Pack 1 is available.
3. Install Windows Remote Management (WinRM) 2.0 and Windows PowerShell V2 (Windows6.0-KB968930.msu). For details, see Windows Management Framework.
4. On servers that will host the Hub Transport or Mailbox server role, install the Microsoft Filter Pack. For details, see 2007 Office System Converter: Microsoft Filter Pack.

To install all the OS pre-requisites follow the technet guide here. Just a note: when using the built in Exchange XML files for Server Manager you need to add the path to the files; so your command will look something like this

sc config NetTcpPortSharing start= auto
ServerManagerCmd -ip z:\scripts\Exchange-Typical.xml –Restart

Where Z is the location of the source files.

After all the OS pre-requisites are done installing and the server has finished its reboot. you can either proceed with the GUI install or the command line install.

My personal preference is to use the command line.
So from the command prompt (it will need to be run as Administrator)
Start with the AD modifications

setup.com /preparead

After this completes you will need to actually install Exchange.

For a server holding CAS, Mailbox and Hub Transport roles issue the following command

setup.com /m:Install /r:M,H,C

If you have update rollups and wish to incorporate that into your installation and the following switch

/UpdatesDir:“c:\ExchangeUpdates“

The contents of the update folder must be a .msp or update.exe.

The GUI installation is pretty much a next, next finish affair with the one exception of being asked if the CAS role will be Internet facing and if so what the external address will be.

If you are installing Exchange 2010 into an environment comprised of Exchange 2003 you will need to specify the server that you wish to create a Routing Group connector with.

On the Exchange 2003 server if you use a smart host for outbound mail make sure that the smart host  is set on the SMTP connector NOT the Default SMTP Virtual Server as this will cause mail flow problems.


That wraps it up for this part.


I’ll go through moving mailboxes next

Exchange 2010 EAS problems

Well after bashing my head against the wall for the last 2 hours or so I have found a solution to my issue.
In Exchange 2010 after migrating from Exchange 2007 (not sure about 2003 haven’t had the issue with a 03->10 migration yet) you may get the following error when trying to use ActiveSync : -

ActiveSync registered a problem on the server.
Support code: 0×85010014
The Exchange Connectivity Analyser will state that there is a HTTP 500 error
The solution to this is that any users that wish to use ActiveSync need to have inheritance turned on on their AD user object.

Now if setting this on one user is OK but to do it to a lot (I have about 2200 AD objects and they think it is around 90 ActiveSync user) use ADModify (www.codeplex.com/admodify)

After doing this all phones synced again, although they did do a complete re-sync so just bear that in mind