Co-Existence of Exchange 2010 with Exchange 2007. EMC Error "IIS directory entry couldn't be created. The error message is Access is denied"

Problem
======
After Adding your Exchange 2010 Servers into an Organisation which has any Exchange 2007 servers present. When you try and Manage the CAS Servers through the Exchange 2010 EMC you will recieve the below error

" IIS directory entry couldn't be created. The error message is Access is denied"

Solution
======
Add “Exchange Trusted Subsystem" group  a member of local admin group of ALL Exchange 2007 servers in the entire organisation.

Migrate / Export Windows 2003 IAS Radius Config to Windows 2008 R2 NPS

Iasmigreader.exe (Bulit into Windows 2008 R2 and Later) a command-line tool that exports the configuration settings of IAS on a computer running Windows Server 2003 to an Ias.txt file. Ias.txt is in a format that can be imported on an NPS server running Windows Server 2008 with the netsh nps import path\ias.txt command.

1. Copy the iasmigreader.exe file from the following folder:
   • 32-bit version of Windows Server 2008 R2
     C:\Windows\winsxs\x86_microsoft-windows-n..n_service_migreader_31bf3856ad364e35_6.1.7600.16385_none_64707cf9c089e26b
   • 64-bit version of Windows Server 2008 R2
     %windir%\syswow64\
2. Paste the file in a computer that is running Windows Server 2003 together with IAS (the IAS server).
3. On the IAS server, no sooner than one minute after you change the IAS server configuration, run the iasmigreader.exe file. This creates an Ias.txt file in the %windir%\system32\ias folder. If you are running a 64-bit version of Windows Server 2003, the Ias.txt file is created in the %windir%\syswow64\ias folder.
   
   Note The exported Ias.txt file contains all shared secret information from the configuration. Therefore, make sure that the file is stored in a secure location.
4. Copy the Ias.txt file to the NPS server.
5. At the netsh prompt on the NPS server, run the netsh nps import command, and specify the ias.txt file as the parameter. For example, at a command prompt, type the following command:
   netsh nps import <path>\ias.txt

Exchange 2010 Outlook Wep App (OWA) Changing the Default Spelling Dictionary

It Seems that in Exchange 2010 RTM & SP1 Outlook Web App (OWA). That the default Dictionary Reverts to English United States, Regardless of the CAS Server Language, Client Browser Language etc.

So, How do we change this for multiple or all users users ?
Answer
======
Using Powershell and MailboxSpellingConfiguration Applet command:

1. First lets check the current Dictionary setting for a Particular user,
    we will use:
 Get-MailboxSpellingConfiguration -identity usernamehere

This will present the following output. as can be seen, We have the wrong Dictionary..!

RunspaceId         : 9e7c7fdb-137d-45ac-b04b-71f74eb2e643
CheckBeforeSend    : False
DictionaryLanguage : EnglishUnitedSates
IgnoreUppercase    : False
IgnoreMixedDigits  : False
Identity           :
IsValid            : True

2. Now lets go about setting the Dictionary to our preferred Dictionary.
   So for ALL users the following command will be sufficient.

Get-Mailbox | set-MailboxSpellingConfiguration -DictionaryLanguage EnglishUnitedKingdom

 for a single user we would simply run:
set-MailboxSpellingConfiguration -identity username -DictionaryLanguage EnglishUnitedKingdom


 Running the Above PS Command will confirm the change on a user
Get-MailboxSpellingConfiguration -identity usernamehere
RunspaceId         : 9e7c7fdb-137d-45ac-b04b-71f74eb2e643
CheckBeforeSend    : False
DictionaryLanguage : EnglishUnitedKingdom
IgnoreUppercase    : False
IgnoreMixedDigits  : False
Identity           :
IsValid            : True

Want an Exchange 2007 OAB Generation Server, that only hosts Public Folder Database? Well you can't & will get errors, 8197, 9386 & 9399 thrown at you...

Scenario:

Brand new Exchange 2007 SP3 UR1 deployment in single windows 2003 Forest / Domain, single AD site spanning well-connected WAN.  Exchange is deployed on Windows Server 2003 x64.  4 x CAS / HT Servers, 2 x Public Folder Mailbox Servers (No Mailbox Stores Present), 2 x Mailbox Server roles (No Public Folder Stores Present, will act as Staging Servers for Quest EMW) and two x CCR clusters (one node in each site, but these aren't relevant yet for this issue).

Added replicas of system Public Folders from PF server 1 to PF Server 2.
Added single Mailbox database to Mailbox-Only Staging server 1, and set Default Public Folder store to point to Public Folder Server 1.

Problem being experienced:

This issue came to light, when we hooked up an Outlook 2003 client to a test mailbox located on the Staging server, and got an 'Error Downloading Address Book' error from Outlook…  'Contact your Administrator'.

Issues observed in Server Event Logs:

The error being logged every 25 minutes on the mailbox-only Staging server, where the test mailbox resided, was:

So, first thing was to try forcing an 'Update Now' on the OAB Generation Server (Public Folder Mailbox Server in this scenario), and then check 'Application' event log.  The command completes without reported error, but when checking the event log, the following are logged:
 

  

Now, the 'Web-Based' distribution part of this appears to be working just fine after forcing the OAB Generation Process for the first time.  Looking on the CAS Server, we can see that after an initial Warning that there are no files to collect, following the forced update, we now get this:

  

So, for E2K7 and above Outlook clients, this shouldn't be an issue.  But when we have the following boxes checked:

then we get the 9386 and 9399 errors being logged on the OAB Generation Server.

Testing things out, general Public Folder creation and replication between nodes is working just fine.  So clearly, the public folder stores are alive and present, contrary to the 9386 and 9399 events, happily accessible by Outlook 2003.  So why are the warnings stating that the PF database is not present?  My suspicion was perhaps you might need a System Attendant Mailbox present to perform certain System Attendant functions such as this, but I could not find anything concrete to support this theory initially, so tried various things to no avail in the first instance.

After reviewing this however:  http://social.technet.microsoft.com/Forums/en-US/exchangesvradmin/thread/c58b47a7-4794-4486-81fc-28b9fbd10804/

right at the bottom of the thread, was something pointing towards what I had suspected earlier.

Situation 4, of the following MS article also points towards this:  http://technet.microsoft.com/en-us/library/bb331959(EXCHG.80).aspx

So, checking ADSIEDIT for the System Attendant HOMEMDB value on the Public Folder server showed that there was indeed no value specified, as expected.

To support this theory further, the following can be referenced:

http://social.technet.microsoft.com/Forums/en/exchangesvradmin/thread/9f762036-5486-4891-8af9-f27812ab49a7

So, I created a new SG and Mailbox DB on the Public Folder server.  Initially, you may not be able to mount the new DB after creating it, down to good old replication latency as usual.  Wait a minute or so, and as always with Exchange, the manual mount works just fine after that.

Here is the resultant event log sequence:

  

So, the first sets of red are moaning about not being able to locate the SA mailbox.

This goes away after a minute, as indicated in one of the warning events.  So we should now have an SA Mailbox:

And we do, with 402 items in it as per any other mailbox server doing very little.

Now, checking back in ADSIEDIT for the HOMEMDB attribute on the System Attendant for the PF server in question shows that we now have an attribute present.  All good!

OK, so try forcing OAB Generation again now, and check the event log out:

and there are now no 9386 or 9399 events reported, whereas before, this would be flagged pretty much instantly when the process failed.

So, things are hopefully happy now.

Checking back in the Public Folder Management Console, we will hopefully see some sub-folders of OAB being created, however you do get some latency experienced here, taking a few minutes for this to show up after the forced generation.  Closing and re-opening the PF Management Console reveals that these have now been created as desired, and we now have the OAB Version 2, 3a and 4 folders.

In addition, this has also solved the MSExchangeBPublish errors that were occurring on the Staging Mailbox Servers, that didn't have public folder stores, but that were pointing to the PF server above.  Note that these stop re-occurring at around 5pm, after reoccurring every 25 minutes before:

Conclusion:

So, if your aim is to have Mailbox role servers dedicated to hosting Public Folder databases and you also wish to make one of these an OAB generation server for legacy Outlook clients, then you MUST retain a local mailbox database also in order for the System Attendant Mailbox to do its job.  If you don’t, the only thing you get told about is that you don't have a Public Folder store alive or mounted and you could well spend a while trying to work out why.

Happy Generating!!

Manage domain member Hyper-V servers from a workgroup PC

A scenario that often arises when installing Hyper-V hosts (running Hyper-V server or server core) for a customer without any existing server 2008/R2 servers in their environment is the need to run the Hyper-V management console from somewhere (anywhere really) while you set the servers up...

There are some fairly extensive blog articles about this, but I have boiled the essentials down to a single, pithy screenshot as usual, also worth noting that this process assumes that you have enabled the remote management options (1, 2 and 3) using sconfig previously, and accepted the kind offer of a reboot afterwards:

Start your dcomcnfg console, browse to ‘My Computer’, click ‘Edit Limits’, and finally permit remote access for anonymous users.  To finish off you need half-an-hour at gas mark four, and some domain credentials added to your machine store for accessing the servers, (this can be done either using the cmdkey utility as shown here, or ‘Credential Manager’ in control panel if you must use a GUI, the account added must have local admin rights on the Hyper-V host) and you are good to go.  It might be worth noting here that there is an (unsupported but otherwise perfectly formed) utility called HVremote which has been released which can do all this for you, it’s just that personally I like to roll my own for stuff like this.  Also worth adding as a ‘Disclaimer’: anonymous remote access to your COM objects is a ‘Very Bad Thing’^TM and this should only be used as a temporary stopgap, un-set this when you are done.  Stay safe everyone.

Create OWA & ECP Custom Themes Exchange 2010 SP1

This post will give some basic concepts on how to Achieve some basic OWA customization

by creating your own Themes., The themes are Real-Time, so there should be no need to restart IIS. (Just F5)

Note: These are only basic guides and tips from our test lab, for official MS Guides please see

http://msdn.microsoft.com/en-us/library/ee693018(EXCHG.140).aspx  (Once released)

(Note: Avoid testing through ISA / TMG, This caches the png`s and do not change until the cache expires)

  

1. Copy your Base theme you wish to edit, The themes are located in C:\Program Files\Microsoft\Exchange Server\V14\ClientAccess\Owa\Version*\Themes\

      e.g copy the "space" folder and rename the new copied folder to your custom theme.

2. In your new folder edit the file "ThemInfo.xml" and input your Theme Name

3. Edit your themepreview.png  to chose your own preview picture

4. Now Just edit the following files.

    a)  edit csssprites.png with your custom logo  (NOTE: This may not work well if you have a full Banner with colour, but works well with the fade effects banner)

    b) edit hedaderbgmain.png and enter any custom text or logos if needed.

5. If you also wish to customize the ECP (Options) you will need to edit the same files in

C:\Program Files\Microsoft\Exchange Server\V14\ClientAccess\ecp\Version\Themes\Default

NOTE:  After each Service Pack / Rollup you will need to re-copy to your custom theme to the new Version folder.

Done.....

Quickly Export and Import DHCP Reservations Windows 2008, Winows 2003

This simple process describes the how to migrate a DHCP reservation list without having to migrate the entire scope.

1. Export the DHCP reservations, from the Old server which is to be migrated using netsh:
   
           netsh dhcp server [ip address] scope [scope address] dump>c:\temp\reservations.txt
   e.g. netsh dhcp server 172.20.2.33 scope 172.16.0.0 dump>c:\temp\reservations.txt
   
2.  Edit the exported file in notepad 'reservations.txt' , Simply do a Find and Replace for the old DHCP server IP you ran the export on and change to the New DHCP server IP you are importing to and remove out everything else in the text file except for the reservations config section.
   
   
3.  On the New DHCP server, make sure you create the new scope first, and ten just simply run the  following command:

           netsh exec C:\temp\reservations.txt

Done

Application Patch Installation & Windows 2008 UAC

Just a quick tip - now you can no longer drag an installer into an elevated command prompt or right-click and select 'Run as Administrator' like you would for an EXE (oh UAC how we love you) to install it, you might need to know this trick:

...hold Ctrl+Alt and then right-click the file and you get a new option to ‘copy to path’ paste that in your Adminitrator:command prompt window, and you’re golden.

Simon

Quickly Create 100 Test Users and Mailbox

This Awesome Command will quickly create 100 Test Users and Mailbox`s in your test lab.

 

Just copy and paste the command below exactly straight into the Exchange Powershell

 

1..100 | ForEach { Net User "User$_" MyPassword=01 /ADD /Domain; Enable-Mailbox "User$_" }

Quick Powershell Script to Verify the health and status of the DAG

 Save the following commands as a PowerShell script (.PS1) file:

(Get-DatabaseAvailabilityGroup -Identity (Get-MailboxServer -Identity $env:computername).DatabaseAvailabilityGroup).Servers | Test-MapiConnectivity | Sort Database | Format-Table -AutoSize
Get-MailboxDatabase | Sort Name | Get-MailboxDatabaseCopyStatus | Format-Table -AutoSize
function CopyCount
{
$DatabaseList = Get-MailboxDatabase | Sort Name
$DatabaseList | % {
$Results = $_ | Get-MailboxDatabaseCopyStatus
$Good = $Results | where { ($_.Status -eq "Mounted") -or ($_.Status -eq "Healthy") }
$_ | add-member NoteProperty "CopiesTotal" $Results.Count
$_ | add-member NoteProperty "CopiesFailed" ($Results.Count-$Good.Count)
}
$DatabaseList | sort copiesfailed -Descending | ft name,copiesTotal,copiesFailed -AutoSize
}
CopyCount

Run the PS1 Script to see a overview on the complete status of the DAG

Want to Prioritise Windows NLB Traffic on Exchange 2010 or 2007 CAS Servers ?

Scenario
========
Multiple Exchange 2010 CAS Servers, Possible Mixture of Virtual and Physical configurations, or Lower and Higher Spec Servers.

Requirement
===========
You would like to ensure that most of the traffic is handled by the Higher spec or physical servers to utilise as much resource as possible.

Solution
========
Use Windows NLB LOAD WEIGHT Parameter
To prioritise traffic to the server with the Higher Load weight,

When using Multiple hosts filtering mode, this parameter specifies the relative amount of load-balanced network traffic that this host should handle for the associated port rule. Allowed values range from 0 (zero) to 100. To prevent a host from handling any network traffic, set the load weight to 0 (zero).

The actual fraction of traffic handled by each host is computed as the local load weight divided by the sum of all load weights across the cluster.

You can specify different load weights for each host in the cluster by using the Load weight parameter. You can specify that all hosts distribute the network load equally by using the Equal load distribution parameter instead of the Load weight parameter.

OK, But How do I know its doing whats its suppose to do ?
===============================================
Easy, and Very Accurate, Using good old Perfmon you can add the following counters to see how many
RPC Access Clients are connected (Outlook) and how many OWA Users are connected,
and you should see the load is spread as you want.
Counters:
"MSExchange RPCClient Access\Active User Count"
"MS Exchange OWA\Current Users"

Unable to Activate Exchange 2010 Mailbox Database "Error: content index catalog files in the following state: 'Failed'.

Issue:
you attempt to move the active copy from a mailbox DAG Member server to another server you get error:

--------------------------------------------------------
Microsoft Exchange Error
--------------------------------------------------------
Cannot activate database copy 'Activate Database Copy...'.

Activate Database Copy...
Failed
Error:
An Active Manager operation failed. Error: The database action failed. Error: An error occurred while trying to validate the specified database copy for possible activation. Error: Database copy 'DB1' on server 'dag01' has content index catalog files in the following state: 'Failed'.

To Resolve this issue re-seed the Content Index:
1. Restart the MSExchange Search service on the node which has the active database.
2. Run update-mailboxdatabasecopy -catalogonly on each passive DAG Member
3. Activate Required Database

e.g. Command
update-MailboxDatabaseCopy -Identity "DAG01-DB10\DAGMB02" -CatalogOnly

This will seed from Datatabase DAG-01\DB10 to Passive Server DAGMB02

Create Custom Exchange 2007 / 2010 OPATH Custom Address Lists and EAP with Recipient Filters

To Create a new Address list which is filtered on users UPN and Creates in a Container called Test Dept (To Create at the root, Replace with \:

New-AddressList -Name "Test Address List" -Container "Test Dept" -RecipientFilter {((RecipientType -eq 'UserMailbox') -and ((UserPrincipalName -like '*@test.co.uk') ))}


To Create EAP based on users UPN:

New-EmailAddressPolicy -Name "AD Net EAP" -EnabledPrimarySMTPAddressTemplate "smtp:%g.%s@test.com" -RecipientFilter "UserPrincipalName -like '*@ad.net'" -Priority "9"

Enable Adobe iFilter for Exchange 2010

Microsoft has tested and supports all of the default IFilters installed with Exchange Server 2010. Third-party IFilters can be added, which could extend the capability for inspecting additional file types. However, Microsoft has not tested third-party IFilters with Transport Rules, so it is highly advised that you fully test any third-party IFilters before deploying into your production environment. Additional files can be parsed by installing and registering the file type's IFilter on each Hub Transport server. For example, you can add support for inspecting PDF file attachments by downloading and installing the Adobe PDF IFilter. After that, simply register the IFilter DLL to the Exchange server registry location: 

1. Identify the CLSID of the installed IFilter (search under HKeyClassesRoot\CLSID\ in the registry, or get it from installation docs)
   For example, the CLSID for PDF files is: {E8978DA6-047F-4E3D-9C78-CDBE46041603}
2. Create a new registry key under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ExchangeServer\v14\MSSearch\CLSID with the same name as the CLSID, and a default value which points to the full path of the IFilter DLL file.
   For example, for PDF files, the default path of the PDF IFilter is: C:\Program Files\Adobe\Adobe PDF IFilter 9 for 64-bit platforms\bin\PDFFilter.dll
3. Create a new key under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ExchangeServer\v14\MSSearch\Filters with the name of the file extension that the filter will handle. Enter the default value for this key to be the CLSID of the IFilter
   For example, for PDF files, the key you should create:
   Name: .pdf
   Value: {E8978DA6-047F-4E3D-9C78-CDBE46041603}
4. The Network Service needs to have read access to both of these keys. To check the permissions, and allow Read permissions for Network Service, right click on the CLSID and Filter keys, select "Permissions.." Network Service should be added with Read permissions allowed..
   

Now the Transport Rules engine will be able to inspect these file attachments for the key words and text patterns configured in the Transport Rule condition. The registry cache automatically refreshes every 30 minutes, but if you want the changes to be immediately applied, then restart the Exchange Transport Service on the Hub Transport Server where you made the change. At the Exchange Shell prompt:

Restart-Service msexchangetransport

Restart-Service MSExchangeSearch

Force Re-Build and crawl of index`s on each mailbox server

.\ResetSearchIndex.ps1 –Force –All

Error Creating New Database Exchange 2010

Save all photos Want to save all these photos at once? Learn how

Online pictures are available for 30 days

Couldn't mount the database that you specified. Specified database: 

<test3>; Error code: An Active Manager 

operation failed. Error: The database action failed. Error: Operation 

  failed   with message: MapiExceptionNotFound: Unable to mount database. 

 (hr=0x8004010f,  ec=-2147221233) [Database: <test3>, Server:   <Servername>]. 

An Active Manager operation failed. Error: The database action failed. Error: 

  Operation failed with message: MapiExceptionNotFound: Unable to mount 

  database.  (hr=0x8004010f, ec=-2147221233) [Database: <test3>

Resolution

========

Simply Wait for AD Replication to Occur and attempt to Mount.

Exchange 2010 Installing Updates using MSIEXEC Command

Attempting to install an Update Rollup, You may see the update hang at “Starting Services” To Resolve the issue, from a Administrator Command Line, Run the following command. msiexec /update e:\support\Exchange2010-KB982639-x64-en.msp

Exchange 2010 Public Folders not visible through OWA

During a Transition from Exchange 2003 to 2010, You may not be able to see the public folder hierachy and recive the following error:

the public folder you’re trying to access couldn’t be found. if the problem continues, contact your helpdesk and tell them the following the public folder couldn’t be found because there are no exchange 2010 public folder servers

In the Event log, you may recieve the following message:
Event ID 2161
"Event ID 2161" Validation - "publicfolderhierarchy". error message: you must provide a value for this property:

Fix
===
Find the offending Public folder through ADSIEDIT, find attribute msexchowningpftree
This will be empty or not set, simply find a working PF Folder and copy the attribute, or get the Distinguised name from the "folder hierachy" object and copy this into the missing attribute.

We saw this error on 2 offline public folder stores, which were using doubletake.

"Communicator could not retrieve calendar or Out of Office information from Exchange Web Services"

After Moving a Mailbox to exchange 2010, Microsoft Office Communicator 2007 Client reports the following Intergration Warning.

"Communicator could not retrieve calendar or Out of Office information from Exchange Web Services" 

Fix is to Apply the Following Hotfix

http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=1ad57f8f-78f7-45f6-a8c0-805936f46645

Detail

http://support.microsoft.com/?kbid=2028885