Friday, August 31, 2012

Exchange 2010 SP2 UR4 mailbox move issue

Exchange 2010 SP2 UR4 mailbox move to another DB on the same server with newly created databases gives warning/error:

The Microsoft Exchange Mailbox Replication service completed request <mailbox> with warnings.
Warning: Failed to clean up the source mailbox after the move.
Error details: MapiExceptionUnexpectedMailboxState: Unable to delete mailbox. (hr=0x80004005, ec=2634)

The mailbox has been moved and can be accessed. I think this is a bug which MS should solve.

See also http://social.technet.microsoft.com/Forums/da-DK/exchange2010/thread/6043b74f-a41e-4674-b2b1-08c3b1a3afbd

Friday, July 20, 2012

Exchange 2010 SAN Certificate Mismatched Address

Obtained an Exchange 2010 SAN Certificate from a Windows 2008 R2 Enterprise Root CA in a test environment.

When accessing OWA with IE I got a warning:
Mismatched Address
The security certificate presented by this website was issued for a different website's address

Cause: the Common Name of the certificate should also be part of the Subject Alternative Name field.

SAN Cert example:

CN: webmail.contoso.com

Subject Alternative Name field:
webmail.contoso.com
autodiscover.contoso.com

Tuesday, February 28, 2012

Exchange 2010 SP2 OWA Dutch translation issue part 2

Update: MS released the newest version of the Exchange 2010 language pack on 5/22/2012 which solves the issues as described in this blog. See Exchange 2010 Service Pack 2 Language Pack Available for Download.


In a previous blog I wrote about an Exchange 2010 SP2 OWA Dutch translation issue.


This issue is described in The word "Globale Adreslijst" in Dutch is displayed unexpectedly in breadcrumb and navigation pane in OWA in an Exchange Server 2010 SP2 environment.


Solution: install Exchange 2010 SP2 Language Pack Bundle on Exchange 2010 CAS Servers.

Important:
  • Exchange 2010 SP2 Language Pack Bundle is ONLY for people with the Dutch OWA problem. No one else should install it.
  • This Language Pack Bundle is only intended for Exchange 2010 CAS role to solve the OWA Dutch translation issue. So, install this Language Pack Bundle only on Exchange 2010 CAS or Multi-Role Servers. Don't install this LPB on Exchange 2010 Mailbox or HUB Transport Servers.
  • If you have already installed this Language Pack Bundle on Exchange 2010 Mailbox Servers or Multi-Role Servers it will probably generate errors in Application Log (Active Directory entry for mailbox <name> contains an invalid locale for attribute MsExchUserCulture: nl-NL,en-US). Microsoft is working on a fix for this. Summary, if you have:
    • CAS Server: installing LPB and no error events
    • CAS/HUB Server: installing LPB and no error events
    • CAS/HUB/MBX Server: installing LPB and error events (MS will provide a fix)
    • MBX Server: installing LPB and error events (MS will provide a fix)

Remarks:


Install Exchange 2010 SP2 Language Pack Bundle:
1.       Download Exchange 2010 SP2 Language Pack Bundle
2.       Run LanguagePackBundle.exe







What do we see: the wrong translation ‘Globale adreslijst’ has been replaced with ‘E-mail’.
However, this translation is different from the original translation. With Exchange 2010 RTM/SP1 the OWA Dutch interface shows ‘Berichten’ instead of ‘E-mail’. I’ve asked Microsoft about this and for some reason they chose ‘E-mail’ instead of ‘Berichten’ as the original translation.

Sunday, February 12, 2012

Forefront Protection 2010 for Exchange Hotfix Rollup 4 and Kaspersky scan engine update errors

After installing FPE 2010 Hotfix Rollup 4 Kaspersky scan engine was not updating.
Event Viewer errors:

Event Type:        Error
Event Source:    GetEngineFiles
Event Category: Engine Error
Event ID:             6012
Description:
Microsoft Forefront Protection encountered an error while performing a scan engine update.
   Scan Engine: Kaspersky
   Error Code: 0x80004005
   Error Detail: Description: An error occurred while loading the scan engine.

Event Type:        Error
Event Source:    GetEngineFiles
Event Category: Engine Error
Event ID:             6019
Description:
Microsoft Forefront Protection encountered an error while performing a scan engine update.
   Scan Engine: Kaspersky
   Error Detail: An error occurred while testing the scan engine.
 
FPE Console:


Solution:

If running FPE on Windows 2003:

1.       Windows Explorer: turn on ‘Show hidden files and folders’
2.       C:\Documents and Settings\All Users\Application Data
            Rename ‘Kaspersky SDK’ (for example: rename Kaspersky SDK to Kaspersky SDK OLD)
3.       Update FPE engines

If running FPE on Windows 2008:
1.       Windows Explorer: turn on ‘Show hidden files, folders, and drives’
2.       C:\ProgramData\
           Rename ‘Kaspersky SDK’ (for example: rename Kaspersky SDK to Kaspersky SDK OLD)
3.       Update FPE engines

Friday, February 3, 2012

Simplify the Outlook Web App URL

Simplify the Outlook Web App URL describes Exchange 2010 SP2 OWA redirection.

I have the following comments regarding Simplify the Outlook Web App URL:

·         Section “Use IIS Manager to simplify the Outlook Web App URL when SSL is required”: I think MS means: Use IIS Manager to simplify the Outlook Web App URL when SSL is required at the Default Web Site? If so, step 12 says: In SSL Settings, clear Require SSL but SSL should not be cleared if you require SSL at the Default Web Site.

·         When configuring Require SSL (clear Require SSL) & Redirection settings at Default Web Site, the settings are propagated to lower-level directories. The steps to enable SSL on all sub dir’s (except OAB & PowerShell virtual dir) and disable redirection on all sub dir’s are not explicitly mentioned.

·         The following table contains default OWA SSL & Redirect settings (after installing new Exchange 2010 SP2 CAS Server):

Default IIS Settings E2K10 SP2 CAS Server
SSL Settings
HTTP Redirect
Default Web Site
[x] Require SSL
[ ] Redirect requests to this destination: <>
Redirect Behavior: (options greyed out)
[ ] Redirect all requests to exact destination
[x] Only redirect requests to content in this directory
Status code: Found (302)
aspnet_client
[x] Require SSL
[ ] Redirect requests to this destination: < >
Redirect Behavior: (options greyed out)
[ ] Redirect all requests to exact destination
[x] Only redirect requests to content in this directory
Status code: Found (302)
Autodiscover
[x] Require SSL
[ ] Redirect requests to this destination: < >
Redirect Behavior: (options greyed out)
[ ] Redirect all requests to exact destination
[x] Only redirect requests to content in this directory
Status code: Found (302)
ecp
[x] Require SSL
[ ] Redirect requests to this destination: < >
Redirect Behavior: (options greyed out)
[ ] Redirect all requests to exact destination
[x] Only redirect requests to content in this directory
Status code: Found (302)
EWS
[x] Require SSL
[ ] Redirect requests to this destination: < >
Redirect Behavior: (options greyed out)
[ ] Redirect all requests to exact destination
[x] Only redirect requests to content in this directory
Status code: Found (302)

Exchange
[x] Require SSL
[x] Redirect requests to this destination: /owa
Redirect Behavior:
[ ] Redirect all requests to exact destination
[ ] Only redirect requests to content in this directory
Status code: Found (302)
Exchweb
[x] Require SSL
[x] Redirect requests to this destination: /owa
Redirect Behavior:
[ ] Redirect all requests to exact destination
[ ] Only redirect requests to content in this directory
Status code: Found (302)
Microsoft-Server-ActiveSync
[x] Require SSL
[ ] Redirect requests to this destination: < >
Redirect Behavior: (options greyed out)
[ ] Redirect all requests to exact destination
[x] Only redirect requests to content in this directory
Status code: Found (302)
OAB
[ ] Require SSL
[ ] Redirect requests to this destination: < >
Redirect Behavior: (options greyed out)
[ ] Redirect all requests to exact destination
[x] Only redirect requests to content in this directory
Status code: Found (302)
owa
[x] Require SSL
[ ] Redirect requests to this destination: < >
Redirect Behavior: (options greyed out)
[ ] Redirect all requests to exact destination
[x] Only redirect requests to content in this directory
Status code: Found (302)
PowerShell
[ ] Require SSL
[ ] Redirect requests to this destination: < >
Redirect Behavior: (options greyed out)
[ ] Redirect all requests to exact destination
[x] Only redirect requests to content in this directory
Status code: Found (302)
Public
[x] Require SSL
[x] Redirect requests to this destination: /owa
Redirect Behavior:
[ ] Redirect all requests to exact destination
[ ] Only redirect requests to content in this directory
Status code: Found (302)

Rpc
[x] Require SSL
[ ] Redirect requests to this destination: < >
Redirect Behavior: (options greyed out)
[ ] Redirect all requests to exact destination
[x] Only redirect requests to content in this directory
Status code: Found (302)
RpcWithCert
[x] Require SSL
[ ] Redirect requests to this destination: < >
Redirect Behavior: (options greyed out)
[ ] Redirect all requests to exact destination
[x] Only redirect requests to content in this directory
Status code: Found (302)

By default only Exchange, Exchweb & Public virtual dir are redirected to /owa. However, after enabling redirection at the Default Web Site and disabling at owa virtual dir you get in a loop and it’s not possible to restore the default configuration (only Exchange, Exchweb & Public virtual dir redirect to /owa):

·         When I enable redirection for default web site, the owa site inherits the redirection.

·         When I remove the redirection from owa it removes it from exchange, exchweb and public sites as well.

·         If I add redirection back to exchange, exchweb or public sites it gets copied to owa site as well.



After some research I found a much easier way to get owa redirection working by using Custom Error Pages:

IIS Manager (Windows 2008 R2):

·         Default Web Site, Error Pages, Add...

·         Add Custom Error Page

o   Status code: 403.4

o   (*) Respond with a 302 redirect

o   Absolute URL: https://webmail.domain.com/owa

By using Custom Error Pages there is no need to configure IIS SSL & Redirect settings and things don’t get messed up.
 

When using https://webmail.domain.com users will see the default IIS7 Welcome page. To redirect https://webmail.domain.com to https://webmail.domain.com/owa:

·         Create a default.aspx in the root directory (C:\inetpub\wwwroot\default.aspx) with one line:

o   <% Response.Redirect("https://webmail.domain.com/owa") %>

·         IIS Manager:

o   Default Web Site, Default Document

o   Move Up default.aspx to the top of the list

If you have any comments or questions, please let me know.

Monday, January 30, 2012

Exchange 2010 SP2 and special characters in database name

Event ID 4999 is logged on an Exchange Server 2010 Client Access server (CAS) describes the following Exchange 2010 SP2 bug:

Consider the following scenario:
  • You have a server that is running Microsoft Exchange Server 2010.
  • The name of a mailbox database on the server contains one or more of the following special characters:
    (
    )
    :
  • You install Microsoft Exchange Server 2010 Service Pack 2 (SP2).
  • The System Attendant homeMDB attribute for a user points to the mailbox database that has special characters in the name.
  • The user tries to access the Exchange Server 2010 SP2 mailbox.
In this scenario, the MSExchangeServicesAppPool application pool crashes on the Exchange Server 2010 Client Access server (CAS). Therefore, Exchange Web Services (EWS) applications cannot connect to the servers that are running Exchange Server 2010.

I was able to reproduce this in my Exchange 2010 SP2 test environment. After creating a test DB with name 'DB1 (Test)' and access a mailbox with Outlook 2007 I got the following Application Log error:


Result: Outlook 2007/2010 Out of Office (OOF) are not working anymore. This is because OOF is using Exchange Web Services on Exchange CAS.

An Interim Update (IU) is available from Microsoft.

Update 16-2-2012: this issue has been solved with Exchange 2010 SP2 Update Rollup 1

Friday, January 27, 2012

Exchange 2010 and removing AD Sites

A customer removed AD Sites because of restructuring AD Sites to a central AD Site.

Exchange Application Log reported:
Unhandled Exception "User setting 'PreferredSite' is not available"
Source: MSExchange Autodiscover
Level: Error

Exchange 2010 has an Active Directory dependency and both Exchange Client Access Array en Client Access Server make explictit use of AD Sites.

Solution is to reconfigure Exchange for the new AD Site:
Set-ClientAccessArray Name-CAS-Array –Site Name-AD-Site
Set-ClientAccessServer Name-CAS-Server – AutoDiscoverSiteScope Name-AD-Site

Friday, January 6, 2012

Warning when creating GAL from Exchange 2010 SP2 Shell

When creating a GAL from Exchange 2010 SP2 Shell (New-GlobalAddressList) I got the following warning:

WARNING: One or more global address lists were missing from the Active Directory attribute.  This is likely caused by using legacy Exchange management tools to create global address lists

Cause: you get this warning if this is the first new GAL created from 2010 or there are 2007 created GALs. This is 'by design' and can be ignored.

Tuesday, January 3, 2012

Exchange 2010 Address List Updates & Address Book Policies

Understanding Address Book Policies explains how to use & create Address Book Policies (ABPs):

1.       Use Custom Attributes 1-15
2.       Create Address Lists, GALs and OABs
3.       Create ABPs
4.       Assign ABPs to mailboxes
5.       Outlook users will see their own GAL

However, Outlook users will see an empty GAL and Address List containers. Solution:

·         Update-AddressList <name>
·         Update-GlobalAddressList <name>
·         Update-OfflineAddressBook <name>

Update-AddressList/GlobalAddressList/OfflineAddressBook only need to be executed once. After updating the address lists new Exchange recipients are immediately visible with Outlook in Online Mode.