Category Archives: Exchange Server 2007

Exchange Server 2007 improved on all the past versions of exchange and introduced ActiveSync which allows syncing with mobile devices.

Grant Full Access to all Public Folders for a user in Exchange

This post goes over granting full access to all public folders for a user in Microsoft Exchange. I recently was migrating all public folders from an Exchange 2010 to Office 365 Environment and didn’t have access to some of the folders.

Enter the following in Exchange Management Shell:

Get-PublicFolder –Identity "\Root Folder Name" -Recurse | Add-PublicFolderAdministrativePermission -User "ctitus" -AccessRights AllExtendedRights

This will recurse the root folder and grant all rights to the user you specify.

Exchange 2007 SP1 Installation Error HRESULT E_FAIL has been returned from a call to a COM component.

I was recently installing and configuring a new server with 32 processors and installing server 2008 Standard and Exchange 2007 SP1 Standard. During installation I received the following error:

HRESULT E_FAIL has been returned from a call to a COM component.

After finding a Knowledge-base article from Microsoft, I discovered Exchange 2007 SP1 doesn’t support installation on a server with more than 24 processors, but is perfectly fine updating and running on a server with more than 24 processors.

Here is the fix for installing Exchange 2007 SP1 on a server with more than 24 cores.

For Windows Server 2008 and for Windows Server 2008 R2

To reduce the number of active processor cores, follow these steps:

  1. Click Start start button, and then type cmd in the Search programs and files box.
  2. Right-click cmd.exe in the Programs list, and then click Run as administrator.
     UAC If you are prompted for an administrator password or for confirmation, type the password, or provide confirmation.
  3. At the command prompt, copy or type the following command, and then press ENTER:
    msconfig.exe
  4. Click the Boot tab.
  5. Select the operating system that is used with Exchange Server 2007. Typically, this is labeled Current OS.
  6. Click Advanced.
  7. Note the number of processors that are currently set, and then set the number of processors to 24 or fewer.
  8. Restart the server.
  9. Install Exchange 2007.
  10. Click Startstart button, and then type cmd in the Search programs and files box.
  11. Right-click cmd.exe in the Programs list, and then click Run as administrator.
     UAC If you are prompted for an administrator password or for confirmation, type the password, or provide confirmation.
  12. At the command prompt, copy or type the following command, and then press ENTER:
    msconfig.exe
  13. Click the Boot tab.
  14. Select the same operating system that you selected in step 5 and that is used with Exchange Server 2007.
  15. Click Advanced.
  16. Restore the number of processors to the value that you noted in step 7.
  17. Restart the computer.

Setting Anti-Spam SCL in Microsoft Exchange

This post goes over setting the Anti-Spam SCL in Microsoft Exchange. I typically recommend leaving the Delete and Reject settings alone, but change the Move Message to Junk if the user is reporting a high amount of spam making it to his inbox. This is done with the command below SCLJunkThreshold.

SCL (Spam Confidence Level) determines what to do with a message

By Default Exchange is set as follows:

9 = Delete Message with no NDR

7= Reject Message with NDR

5= Move Message to Junk Mail in Mailbox

There is also a Quarantine option in Exchange that is configurable through EMC (Exchange Management Console) in Organization Configuration -> Hub Transport -> Anti-Spam Tab under the Content Filtering Module Properties

Note Junk Mail Threshold is NOT configurable in EMC and must be set via Shell. Here is the commands for EMS (Exchange Management Shell)

Set SCL Junk Mail Threshold

Set-OrganizationConfig -SCLJunkThreshold 5

 

Check SCL Junk Mail Threshold

Get-OrganizationConfig | Format-List SCLJunkThreshold

 

This should give you a good control over what is getting filtered and where it is going. You can always check a message SCL rating in Outlook by looking at the email’s header.

Internal Outlook “The name of the security certificate is invalid or does not match the name of the site”

Found this article on Spiceworks and was very helpful to fix internal clients receiving certification warning messages from me switching to a 3rd party cert on the exchange server.

(Original Link: http://community.spiceworks.com/how_to/show/48384-outlook-the-name-of-the-security-certificate-is-invalid-or-does-not-match-the-name-of-the-site)

 

Issue: Outlook anywhere works fine with third party cert, but internal Outlook clients get cert error with NETBIOS name of Exchange server.
Note: I tested this on Exchange 2010 as well.

By default, the URL that is stored in these objects references the NetBIOS name of the server. For example, a URL that resembles the following URL is stored:
https://NetBIOS_name.contoso.com/autodiscover/autodiscover.xml

To resolve this issue, change the URLs for the appropriate Exchange 2007 components. To do this, follow these steps:

1.Start the Exchange Management Shell.
2.Change the Autodiscover URL in the Service Connection Point. The Service Connection Point is stored in the Active Directory directory service. To change this URL, type the following command, and then press Enter:
Set-ClientAccessServer -Identity CAS_Server_Name -AutodiscoverServiceInternalUrihttps://mail.contoso.com/autodiscover/autodiscover.xml

3.Change the InternalUrl attribute of the EWS. To do this, type the following command, and then press Enter:
Set-WebServicesVirtualDirectory -Identity “CAS_Server_NameEWS (Default Web Site)” -InternalUrlhttps://mail.contoso.com/ews/exchange.asmx

4.Change the InternalUrl attribute for Web-based Offline Address Book distribution. To do this, type the following command, and then press Enter:
Set-OABVirtualDirectory -Identity “CAS_Server_nameoab (Default Web Site)” -InternalUrl https://mail.contoso.com/oab

5. Change the InternalUrl attribute of the UM Web service. To do this, type the following command, and then press Enter:
Set-UMVirtualDirectory -Identity “CAS_Server_Nameunifiedmessaging (Default Web Site)” -InternalUrlhttps://mail.contoso.com/unifiedmessaging/service.asmx

Note The command in step 5 is required only in an Exchange 2007 environment. This command no longer exists in an Exchange 2010 environment. Instead, the WebServices URL is used for this purpose.
6.Open IIS Manager.
7.Expand the local computer, and then expand Application Pools.
8.Right-click MSExchangeAutodiscoverAppPool, and then click Recycle.

Windows Server 2008 could not continue installation as a reboot is needed

Microsoft Server setup cannot continue because a restart from a previous installation or update is pending.

The following Registery keys control this error message. If you have rebooted and are still experiencing this issue, clear out these keys and relaunch your installer.

HKEY_LOCAL_MACHINESOFTWAREMicrosoftUpdatesUpdateExeVolatile

HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSession ManagerPendingFileRenameOperations

The Setup MSI displays an error message if one of the following conditions is true:.

The value of the UpdateExeVolatile registry key is anything other than 0.

The PendingFileRenameOperations registry key has any value.

You can read this article about regedit.

http://technet.microsoft.com/en-us/library/cc164360(v=exchg.80).aspx

Exchange Server on Primary Domain Controller (P-DC) Slow Reboot and Startup

If you had the misfortune of installing Exchange on a Primary Domain Controller you will experience some pain when doing a reboot. Typically it will take 10-15 minutes before it restarts and up to 30 minutes to start the Microsoft Exchange Information Store. What is really happening in the background is the IS service is being terminated incorrectly on shutdown and the store is left in a “DIRTY” shutdown state. This is very bad on several levels and can cause the Store to corrupt and not start at all.

Its a simple fix to make your life much easier and give you peace of mind. All you have to do is shutdown the services before restarting. Below is a script that does it automatically, just plug it into a .cmd or .bat file and run.

@ECHO OFF
ECHO ARE YOU SURE YOU WANT TO RESTART SERVER??
pause

net stop msexchangeadtopology /y
net stop msftesql-exchange /y
net stop msexchangeis /y
net stop msexchangesa /y
net stop iisadmin /y

ECHO DONE STOPING SERVICES REBOOT NOW!
pause

Archiving and Reducing Exchange Mailboxes and Stores (Part 2)

You have analyzed your current exchange store and deciding to buy a 3rd party solution so your users can maintain the large amount of emails they are accustomed to and retain all emails for legal/business purposes, and here are the options.

  1. Buy the Barracuda Message Archiver ( website link: http://www.barracudanetworks.com/ns/products/archiver-overview.php) which is a really simple installation and maintenance. I have used this before, and it gets the job done. I did have issues with restoring emails after being exported, but after some conversion and importing to pst files it worked. This isn’t my first pick, but is widely popular for message archiving.
  2. Buy GFI Mail Archiver (http://www.gfi.com/mailarchiver/) which is probably the most popular software mail archiving programs out there. Installation is a bit complex, but not extremely difficult. When purchasing buy at least 1 year of maintenance because you will be on the phone with them for the first month or two after implementation. This has various platforms to run on (SQL only, SQL + File System, and 2 others using SQL Express that you SHOULD NOT use). I wish they would simplify the installation with only one option, because it’s the best in almost any situation. SQL + File System gives the best reliability and scalability.

Using any of the above solutions will work wonders for retaining and keeping a lean exchange store. You will use Exchange’s built-in retention policies to keep all mailboxes at reasonable levels and never again will you have users screaming of slow outlook that is bloated beyond belief. I will mention that doing any of these solutions is a considerable time commitment when you factor importing old emails to these systems. In the end, it will give you peace of mind that you will always have copies of ANY email that your company receives, no matter what the user does with it. All these systems use journaling to essentially copy the message to these systems before the user touches it.

Disable RSS Feed in Outlook 2007 using GPO (Group Policy Object)

First install the 2007 Office system Administrative Template files (ADM, ADMX, ADML) and Office Customization Tool version 2.0 if you haven’t already done so.

In Group Policy Editor navigate to User Configuration -> Polices -> Administrative Templates -> Microsoft Office Outlook 2007 -> Tools | Account Settings -> RSS Feeds

-Default RSS Feeds -> Set to Disabled
-Synchronize Outlook RSS Feeds with Common Feed List -> Set to Disabled
-Turn off RSS Feature -> Enabled

After all these are set you can reboot the workstations or force a GPO update by using gpupdate /force

By disabling RSS feeds you are cleaning up space on your Exchange store and speeding up your users outlook. I recommend doing this in any business.

Fixing Certification Warning Popups in Outlook 2007 and 2010.

If your users are complaining of a certification popup when logging into outlook 2007 or 2010 you probably have some issues with your Certificates on Exchange Server. Deleting and creating new certificates can cause all sorts of problems, so I wouldn’t recommend it. (Unless they are expired of course.)

I recently ran into this and it was because I used the shortname for my server instead of the FQDN (Fully Qualified Domain Name) when making my certificates common name. ex. SERVER instead of Server.domain.local

Everything is working properly except for end users receiving the popup message, but after running the following commands and recycling the application pool, all was fixed.

Here is the commands I typed in EWS (SERVER = Certificate Common Name)

Set-ClientAccessServer -Identity SERVER -AutodiscoverServiceInternalUri https://SERVER/autodiscover/autodiscover.xml
—————
Set-WebServicesVirtualDirectory -Identity “EXGSERVEREWS (Default Web Site)” -InternalUrl https://SERVER/ews/exchange.asmx
—————
Set-OABVirtualDirectory -Identity “SERVERoab (Default Web Site)” -InternalUrl https://SERVER/oab
—————
Set-UMVirtualDirectory -Identity “SERVERunifiedmessaging (Default Web Site)” -InternalUrl https://SERVER/unifiedmessaging/service.asmx

-Open IIS Manager.
-Expand the local computer, and then expand Application Pools.
-Right-click MSExchangeAutodiscoverAppPool, and then click Recycle.

Now restart effected computers and the warning should be gone.

Edge Synchronization Creating and Renewing Certificates

Once a year you will need to create new edge certificates and re-establish the synchronization. Here is the steps to do this process (All commands are run in EWS):

  • View the status of current Certificates: Get-ExchangeCertificate | List
  • Created new certificate (This step needs to be done on hub transport and edge server): New-ExchangeCertificate select Yes to overwrite
  • Move IIS role to new Certificate: Enable-ExchangeCertificate -Thumbprint (put thumbprint of new cert here) -Service IIS
  • Remove old Certificate in IIS (select old cert and hit delete) or EWS using: Remove-ExchangeCertificate -Thumbprint (old cert thumbprint key here)
  • On Edge Server type: New-EdgeSubscription (type file path/name when prompted ex. c:newedge.xml)
  • Copy xml file you created to Hub Transport server(flash drive or network drive)
  • Open Exchange Management Console on Hub Transport. Goto Organization Configuration -> Hub Transport. Select New Edge Subscription and select the xml file (leave all settings on config page default and hit new)
  • Open EWS back up on Hub transport and type: Start-EdgeSynchronization
  • Now test your edge sync by typing: Test-EdgeSyncronization (Everything should be synchronized)
  • Do your test emails to verify connectivity and you are finished.