MsExchange Blog Spot Telnet25

March 26, 2014

Exchange Server Back Pressure

Filed under: General — telnet25 @ 9:01 pm

Back pressure is a resource monitoring feature with Exchange servers which build into Transport service. ( Mailbox Servers ) The idea is to have Exchange Server detect the issues and take necessary action so the messaging servers wont be completely un available.

There are 4 event ID associated with correlating events and actions messaging server would perform.

Figuring out such event can be very usefully when back pressure becomes the issue.

# Explain event descriptions
Write-Host "————————–                              ——————————"
Write-Host "Event ID 15004 = Resource pressure increased" -Fore Cyan
Write-Host "Event ID 15005 = Resource pressure decreased" -Fore Cyan
Write-Host "Event ID 15006 = Low available disk space" -Fore Yellow
Write-Host "Event ID 15007 = Low available memory" -Fore Yellow
Write-Host "—————————                                  ————————"

image

To automate the process we have developed PS script. You can download from TechNet scripting library.

image

Special thanks to Benjamin Bohn for taking his time and turning my simple script into great resource script.

Stay tuned until next time.

Best regards,
Oz Casey , Dedeal
MCITP (EMA), MCITP (SA)
MCSE 2003, M+, S+, MCDST
Security+, Project +, Server +
Http://smtp25.blogspot.com (Blog)
Http://telnet25.wordpress.com (Blog)

March 23, 2014

Migrate DHCP Service from Windows 2003 onto Windows 2008 R2

Filed under: General — telnet25 @ 12:33 am

We will migrate DHCP Service from windows 2003 DC onto Windows 2008 R2 DC. Just follow the simple steps to get the work done

Environment :

  • Source Server  windows 2003 ( DC,GC) DHCP Installed here server name is = Server
  • Destination Server Windows 2008 R2 ( DC,GC) = We will migrate DHCP Service and all related configurations here
  • Log into Source Server where DHCP is installed
  • Click Start Open Cmd.exe

Netsh dhcp server export c:\temp\dhcp.txt

Make sure temp directory exist if not create one on the C drive….

image

Now log into Target Server

  • Click start
  • In the search type
  • ServerManager.msc
  • Hit enter
  • Click Add Roles

image

image

image

image

image

image

image

image

image

image

image

image

image

image

  • Now you need the file we have created earlier to import into this server
  • I am going to connect the first server and get the file we have created which does have all existing settings for the DHCP server

image

image

I am going to copy the dhcp.txt file onto server1 onto temp directory

Click Start

Type Cmd.exe and hit enter

type following and hit enter

Netsh dhcp server import c:\temp\dhcp.txt

image

Now open back to DHCP management

If you refresh all your existed settings are now in this new DHCP Scope

image

Last thing we need to do is to go back and un-install DHCP services from source server, running DHCP from two servers will same scope will be ugly (-:

Log back onto first server

image

image

image

image

image

image

Well done you have completed DHCP migration

Stay tuned until next time.

Best regards,
Oz Casey , Dedeal
MCITP (EMA), MCITP (SA)
MCSE 2003, M+, S+, MCDST
Security+, Project +, Server +
Http://smtp25.blogspot.com (Blog)
Http://telnet25.wordpress.com (Blog)

March 19, 2014

PowerShell to Discover the Holders of Active Directory FSMO Roles

Filed under: General — telnet25 @ 10:05 pm

FSMO roles always been one of the most hot topics of every interview I have ever been. Even for Exchange Server interviews. Knowing the FSMO roles makes your job easy and understanding Active Directory for sure keeps your place in Exchange world safer.

If you need refresher for the FSMO Just take a look at this question. Considering having single FOREST if you have 12 domains, how many FSMO roles in total exist ? Id your answer is not 38 then you need the refresher (-: and here id nice summary Why do We Need FSMO Roles

You can quickly Fire up CMD and type

NetDom Query FSMO

image

Or you can open PowerShell

$Domain = Get-ADDomain | select -ExpandProperty Name

image

Get-ADDomain $Domain | fl PDCEmulator,RIDMaster,InfrastructureMaster

image

Or here is the simple script can show you the FSMO roles for your Domain Name Space

http://gallery.technet.microsoft.com/scriptcenter/Find-FSMO-Roles-6950d3c7

image

Stay tuned until next time.

Best regards,
Oz Casey , Dedeal
MCITP (EMA), MCITP (SA)
MCSE 2003, M+, S+, MCDST
Security+, Project +, Server +
Http://smtp25.blogspot.com (Blog)
Http://telnet25.wordpress.com (Blog

March 10, 2014

The Windows component RSAT-Clustering-CmdInterface isn’t installed on this computer and needs to be installed before

Filed under: General — telnet25 @ 3:37 pm

Installing Exchange 2013 SP1, receiving error “The Windows component RSAT-Clustering-CmdInterface isn’t installed on this computer and needs to be installed before”

image

On the problem server open PowerShell with administrator privileges and use following PS command

Install-WindowsFeature RSAT-Clustering-CmdInterface

image

image

Verify ….

Get-WindowsFeature | where-object {$_.Installed -eq $True} | fl name,*RSAT*

 

image

image

image

Stay tuned until next time.

Best regards,

Oz Casey , Dedeal

MCITP (EMA), MCITP (SA)

MCSE 2003, M+, S+, MCDST

Security+, Project +, Server +

Http://smtp25.blogspot.com (Blog)

Http://telnet25.wordpress.com (Blog)

March 5, 2014

You don’t have sufficient permissions. This operation can only be performed by a manager of this group.

Filed under: General — telnet25 @ 1:28 pm

When you want your Tier2 to have ability to manage distribution Groups by adding multiple managers to it, you may receive the error “You don’t have sufficient permissions. This operation can only be performed by a manager of this group.” in Exchange 2010 SMTP organization.

The issue might have been caused by “security group management check” outlined in the following KB

Remedy to this issues is to add the helpdesk administrators into RBAC Role Groups called “Role Management” so that they can populate the DL group membership with multiple managers.

image

image

“A positional parameter cannot be found that accepts that argument –BypassSecurityGroupManagerCheck “ this error simply being generated due to “Un sufficient rights”

Set-DistributionGroup "CTOS" –ManagedBy brian@ZtekZone.gov,Sam@ZtekZone.gov

image

Log into ECP with org administrator privileges

https://mail.ztekzone.com/ECP

Open Administrator Roles, select “Role Management” assign this to your Helpdesk  administrators.

image

Role Management Role allows

This role enables administrators to manage management role groups; role assignment policies and management roles; and role entries, assignments, and scopes in an organization. Users assigned this role can override the role group managed by property, configure any role group, and add or remove members to or from any role group.

image

After changes have been made you should not be receiving the same error.

Stay tuned until next time.

Best regards,
Oz Casey , Dedeal
MCITP (EMA), MCITP (SA)
MCSE 2003, M+, S+, MCDST
Security+, Project +, Server +
Http://smtp25.blogspot.com (Blog)
Http://telnet25.wordpress.com (Blog)

March 4, 2014

MAPI-HTTP Alchemy Exchange 2013 SP1

Filed under: General — telnet25 @ 10:14 pm

Exchange 2013 SP1 has been released with several improvements over the product. The new futures listed in the release notes , that can be found here

If you are in the production environment it is critical you have to be !!!aware of these changes!!! and found issues with SP1 release. As you can tell clearly, without proper planning and preparation the SP1 upgrade can turn into !!!disaster!!!, which all of must avoid being there.

image

Some of the highlights for SP1…

1. Mail flow stops after Exchange 2013 SP1 is installed

  • Reboot the server after upgrade
  • (Microsoft Exchange Frontend Transport)

2. Mailbox size increase when migrating from previous Exchange versions

  • To prevent users from exceeding their mailbox size quotas, increase the database or mailbox quota
  • Mailbox size reported may increase 30 percent to 40 percent,
  • Disk space used by the mailbox database has not increased
  • Only the attribution of space used by each mailbox has increase

3. You must adjust the user quotas to prevent interruption

4. Installing Exchange 2013 in an existing Exchange organization may cause all clients to download the OAB 

  • This could result in network saturation and server performance issues especially on large enterprise platforms

5. MAPI over HTTP may experience poor performance when you upgrade to Exchange 2013 SP1

  • clients that connect to an Exchange 2013 SP1 server using the protocol may experience poor performance.

From CAS Servers ( Elevated command prompt)

  • set AppCmdLocation=%windir%\System32\inetsrv
    set ExchangeLocation=%ProgramFiles%\Exchange Server\V15
  • %AppCmdLocation%\appcmd.exe SET AppPool "MSExchangeMapiFrontEndAppPool" /CLRConfigFile:"%ExchangeLocation%\bin\MSExchangeMapiFrontEndAppPool_CLRConfig.config"
    %AppCmdLocation%\appcmd.exe RECYCLE AppPool "MSExchangeMapiFrontEndAppPool"

From MBX Servers ( Elevated command prompt)

  • set AppCmdLocation=%windir%\System32\inetsrv
    set ExchangeLocation=%ProgramFiles%\Exchange Server\V15
  • %AppCmdLocation%\appcmd.exe SET AppPool "MSExchangeMapiMailboxAppPool" /CLRConfigFile:"%ExchangeLocation%\bin\MSExchangeMapiMailboxAppPool_CLRConfig.config"
    %AppCmdLocation%\appcmd.exe RECYCLE AppPool "MSExchangeMapiMailboxAppPool"
  • %AppCmdLocation%\appcmd.exe SET AppPool "MSExchangeMapiAddressBookAppPool" /CLRConfigFile:"%ExchangeLocation%\bin\MSExchangeMapiAddressBookAppPool_CLRConfig.config"
    %AppCmdLocation%\appcmd.exe RECYCLE AppPool "MSExchangeMapiAddressBookAppPool"

MapiHttp (codename Alchemy). 

  • Microsoft has designed MapiHttp protocol to replace the existing RPC/HTTP protocol. MapiHttp is new communication protocol in between outlook and Exchange 2013 SP1.
  • The gain is obvious, taking out the RPC out the picture will improve the end-user messaging experience. As you could tell this will have big positive impact & effect on Office 365 cloud scenario, over user outlook usage.

MapiHttp protocol

  • Provides faster reconnection times after a communications break because only TCP connection unlike RFC requires "rebuild"
  • Offers a session context that is not dependent on the connection

Read more

To enable MapiHttp run following

Set-OrganizationConfig -MapiHttpEnabled $true

Read more some other real cool futures listed in Scotts Blog

Windows Server 2012 R2 and Database Availability Groups

Channel 9

Joseph Warren…

Exchange 2013 and MapiHttp

Scott Schnoll

Microsoft Exchange Server 2013 Tips & Tricks

Stay tuned until next time.

Best regards,
Oz Casey , Dedeal
MCITP (EMA), MCITP (SA)
MCSE 2003, M+, S+, MCDST
Security+, Project +, Server +
Http://smtp25.blogspot.com (Blog)
Http://telnet25.wordpress.com (Blog)

February 11, 2014

Exchange 2010 , X.400 addresses missing, do I really need them?

Filed under: General — telnet25 @ 5:25 am

if you are seeing X400 addresses on the mailbox properties you probably went through migration from legacy version of Exchange Server.

X.400 addresses required with Exchange 2003 and down, it is present with in the Default Recipient Policy.Exchange 2007 and 2010  environments with no 2000/2003 servers do not  require the X.400 address to function.

If you decide to clean all up here is simple PS can do the work.

foreach ($mbx in (get-mailbox -resultsize unlimited  )){

$addrs = $mbx.emailaddresses |? {$_.prefixstring -ne "x400"}

set-mailbox $mbx -emailaddresses $addrs

}

As good practice test the script in your test environment before using it in production

Stay Tuned….

Best regards,
Oz Casey , Dedeal
MCITP (EMA), MCITP (SA)
MCSE 2003, M+, S+, MCDST
Security+, Project +, Server +
Http://smtp25.blogspot.com (Blog)
Http://telnet25.wordpress.com (Blog)

Mailbox move failed at 95% with Exception Unable to modify Table (Exchange 2003 to Exchange 2010)

Filed under: General — telnet25 @ 5:10 am

You are moving mailbox from legacy systems onto Exchange 2010 environment and some of your mailboxes are failing when they get to 95 percent. You need to troubleshoot the issue.

Steps for troubleshooting:

Before we deep dive into fixing this issue, I need to remind you this could be tedious work and if you are luck you only have handful users  to deal with (-:

Most obvious reason is corrupted item or items source  mailbox might have

Possible causes:

  • OFF turned on
  • User mailbox contains corrupted outlook rules ( folders moved etc. they no longer work)

How to deal with this:

You have couple options to remediate the issue and let the move request complete moving offensive mailbox. Shortest way is to assign yourself full mailbox permissions for the problem user ( You might be very careful if your company policies requires you to go to change control and obtain permissions to perform the work, don’t forget so)

Problem User Account name: Aki.Armstrong

Administrator needs full permissions: Casey.Dedeal

Add-MailboxPermission Aki.Armstrong -AccessRights FullAccess -User Casey.Dedeal

image

Let’s take a look to see if we can verify the full access rights Casey.Dedeal has been granted with previous one liner PowerShell.

Get-MailboxPermission aki.armstrong | where {$_.user.tostring() -ne "NT AUTHORITY\SELF" -and $_.IsInherited -eq $false -and $_.Deny -eq $false} | Select User

Or we could simply do this

$Permission = Get-MailboxPermission aki.armstrong

image

Pipe this into same command,

$Permission |  where {$_.user.tostring() -ne "NT AUTHORITY\SELF" -and $_.IsInherited -eq $false -and $_.Deny -eq $false} | Select User

image

Great now , from Casey.Dedeal outlook we will need to configure Aki.Armstrong outlook profile

Click Start

Control locate mail icon and double click

image

Show Profiles, switch outlook to “prompt for profile to be used”

image

Add

image

Aki.Armstrong ( you need to adjust this to fit into your scenario)

image

As you can see Autodiscovery knows Casey.Dedeal logged in , I need to change the e0mail address here to user I am configuring outlook profile too.

image

When I hit next , Exchange settings confirmed the user account Casey.Dedeal has already Full Mailbox permissions, therefore it allow me to get to last page.

image

I click finish here Now I can open outlook , pickup Aki.Armstrong outlook profile

image

Now we logged into Aki.Armstrong Mailbox E-mail which is corrupted in this case is here

image

*** Now it is a good time to backup user data, you can simply use outlook***

We will attempt to delete this e-mail by using MFCMAPI

Download MFCMAPI if you have not done it yet, there is 32bit and 64 bit versions, pick the  one which is proper to your environment.

  • Open MFCMAPI,
  • click Session
  • Logon

image

image

After selecting the profile , click okay and Open Store

image

Now Click on Root Container to expand

Now go down to Top of Information store

locate Mailbox, Locate the folder the e-mail was under

image

we will make right click and delete this folder

image

*** Be careful as good practice always make sure you have backup before you start deleting*** you never know if you need to go back that being said it would be good ideal to have PST export for this user at the least before we deleting data from outlook.

Now Click delete and select the option you like

image

If you wont select hard deletion you can still recovery deleted items

Exit twice to close MFCMAPI

image

Now opening outlook you can verify the corrupted folder and its content is gone

image

you will use same technique for each corrupted item, which is the pain part of it. The Mailbox move request will give you idea what is corrupted, you will need to get the information and locate within MFCMAPI to get rid of it.

IF you think all these too much work, wait there is another trick you can do, simply

Click File

Open Export

image

Export Import

Export to file

image

Choose PST and next

image

image

Note the location of PST backup file and name it if you like

This is default location

C:\Users\UserName\Documents\Outlook Files\backup.pst

image

Once you are done Delete everything !!!!!!

  1. E-mails
  2. All contact
  3. All Rules
  4. All deleted items
  5. All Sent items
  6. All draft E-mails

image

Once you are done , Resume MB move, you will see it will complete

Now time to  put all back

File , Open Export, Import/Export

image

image

image

image

image

all good everything is back , you have successfully migrated your mailbox or took care of the corruption. Thanks to MFCMAPI (-:

 image

Don’t forget to remove your full mailbox permissions

Remove-MailboxPermission Aki.Armstrong -AccessRights FullAccess -User Casey.Dedeal

and verify (-: so that you have no worries Security is knocking your door

Stay Tuned….

Best regards,
Oz Casey , Dedeal
MCITP (EMA), MCITP (SA)
MCSE 2003, M+, S+, MCDST
Security+, Project +, Server +
Http://smtp25.blogspot.com (Blog)
Http://telnet25.wordpress.com (Blog)

February 10, 2014

Mailbox MailboxAutoReplyConfiguration OOF

Filed under: General — telnet25 @ 4:26 am

The Exchange 2010 OOF option to external audience is “enabled out the box” .In many organizations allowing OOF for external usage is up to company security policies. In large environments disabling OOF requires bulk changes and coming up with process to make sure newly created accounts OOF External is set to “internal” meaning these account wont have OOF External option. You may also consider allowing this option or disallowing it per your needs. In this article we will touch in each scenario and give you tips and show you how to deal with OOF settings for mail enabled users.

image

You will see the options under “Automatic Replies”

image

Lets take a look  same settings from PowerShell.

ExternalOofOptions : InternalOnly  (  External OOF option is set to “InternalONLY” )

ExternalOofOptions : External ( External OOF option is set to “External” )

image

Now lets start disabling OOF.Following procedures outline how to enable and disable OOF External option for single mailbox.

Procedure:

  1. Log in to Exchange 2010 server or use your management computer with proper privileges
  2. Click Start
  3. All Programs
  4. Microsoft Exchange Server 2010
  5. Exchange Management Shell

Enabling OOF External Option for single user

set-mailbox casey.dedeal -ExternalOofOptions "External"

Disabling OOF Option for single user

set-mailbox casey.dedeal -ExternalOofOptions "InternalOnly"

image

Disable OOF External for Everyone

get-mailbox -ResultSize Unlimited | set-mailbox -ExternalOofOptions "InternalOnly" -Confirm:$False

How to turn the OOF External option in large environments and only allow certain people ?

If this is the scenario one of the good way to handle such request coming up with process

Procedure:

1. Come up with User Creation SOP ( Standard Operation Procedure) and include disabling OOF External for each user creation.

2. Create Active group called “OOF-Allowed-External-Recipients” Universal Security for instance.

3. Add the exception members in the group

image

In the Second Article I will post OOF Script which will Disable OOF External option for everyone, Enable only for member of Allowed group in AD.

Stay Tuned

Best regards,
Oz Casey , Dedeal
MCITP (EMA), MCITP (SA)
MCSE 2003, M+, S+, MCDST
Security+, Project +, Server +
Http://smtp25.blogspot.com (Blog)
Http://telnet25.wordpress.com (Blog)

January 14, 2014

Create Shared Mailbox Exchange 2010 when and Why !!!

Filed under: General — telnet25 @ 12:35 am

We like to create shared mailbox in Exchange 2010 , yet we get the option from GUI

image

Open PS

New-Mailbox -Shared -name MeetingsHR  -UserPrincipalName MeetingsHR@ZtekZone.com

image

It is Great we have now what we call is Shared mailbox, if you pay attention the icon within GUI has changed for the shared mailbox.

image

so what is the purpose of  this shared mailbox and why it is different then the regular mailbox ?

Shared mailbox has Disabled AD account therefore it does not have password ( wont associate with one)  therefore user principle information CANNOT be used by the shared owners to log into this mailbox. Sole Purpose to be used as Shared MB, e-mails , calendar etc..

image

Now you have the Shared mailbox you can assign Full MB permissions to users who wish to have access to this mailbox

Add-MailboxPermission MeetingsHR -AccessRights FullAccess -User Casey.Dedeal

image

image

image

image

Now for some reason if I want to change the “RecipientTypedetails” for this shared mailbox.

The different Recipient Types you can set:
Regular
Room
Equipment
Shared

get-mailbox  MeetingsHR | Set-Mailbox -Type Regular

him since the account did not have any password we could not convert it as you can see so we need to set proper password for the account

image

Lets do that

image

Try again

get-mailbox  MeetingsHR | Set-Mailbox -Type Regular

Now it is set to ne UserMailbox

image

So what happens if I set regular user mailbox to shared MB ?

image

image

Get-Mailbox *dedeal* | fl name,*recipient*

image

Nice now my account says it is shared mailbox, so what happen to my AD account ?

As you can guess it is disabled

image

happy playing….

Best regards,
Oz Casey , Dedeal
MCITP (EMA), MCITP (SA)
MCSE 2003, M+, S+, MCDST
Security+, Project +, Server +
Http://smtp25.blogspot.com (Blog)
Http://telnet25.wordpress.com (Blog)

Next Page »

The Rubric Theme. Create a free website or blog at WordPress.com.

Follow

Get every new post delivered to your Inbox.

Join 32 other followers