Exchange Server 2013 solutions

Exchange Server 2013 solutions

Unable to enable Exchange 2013 Mailbox for user

Solution: Go to Active Directory - Select Advance Tab - User Object -  Security Tab - Advanced - Enable Inheritance

Error: Installation of Exchange 2013 CU3 update

Solution: Try to perform the installation using command prompt not by powershell

To check the network adapter statistics in Exchange server using Powershell

Solution: Get-NetAdapterStatistics

Exchange Server - Internet Information Service 7 on deep drive

Exchange Server - Internet Information Service 7 on deep drive

• ASP.NET and the .NET framework have been fully integrated into IIS7.
• IIS7 is now very 'modular'. There are over 40 modules that 'can' be installed.
• IIS7 does NOT include POP3 or SMTP services by default
• To install IIS 7 in powershell use the command   servermanagercmd -q
• Windows Process Activation Service (WAS) will be installed automatically in Graphical mode but not when you are using cmd installation
• IIS7 install logs are located in %systemroot%\Windows\iis7.log
• By default, when you create a new site in IIS, IIS will automatically create a new application pool and will create a special .config file for the worker processes to use and will be located in the \inetpub\temp\AppPools directory
• IIS6 had one long, flat file, metabase.xml, known as the “IIS Metabase”, which contained ALL settings related to IIS, all web sites, vdirs, etc.
• IIS7 was replaced by ApplicationHost.config located in %windir%\system32\inetsrv\config
• THE are 2 root .NET framework config files 1.Machine.config 2. Web.config are located in %windir%\Microsoft.NET\Framework\framework_version\CONFIG.
• Since Exchange 2007 requires a metabase you will be required to install II6 Compatibility Mode when installing Exchange this will get a metabase.xml file.
• To have detailed error message report go  the directory:
• %systemroot%\system32\inetsrv:
• Appcmd set config /section:httpErrors /errorMode:Detailed            (default is DetailedLocalOnly)
• AppCmd Backups do NOT backup web.config files.
• The redirect module is NOT installed bydefault.
• Previously, IIS used LOCAL accounts,
•     IUSR_ and IIS_WPG. There were drawbacks to these, as the LOCAL account and its SID were included in the metabase.xml and in ACLs, thus
•     if you tried to copy the metabase or ACLs to another machine, it would not work.
•         To replace the IUSR_MachineName account, we now have IUSR
•         To replace IIS_WPG group, we now have the IIS_USRS group
•         The IUSR account is a BUILT IN account. Since it is a built in account, IT NO LONGER
•         NEEDS A PASSWORD! NO more worrying about resetting or syncing passwords!
•         Since the IUSR account is built-in, the SID will be the same on ALL machines with IIS7 (S-1-5-17)
•         Since there is no longer anything ‘machine specific’, config files and ACL’s can be copied from one machine to another with no issue.

Exchange Server 2013 Mailbox database White Space

Exchange Server 2013 Mailbox database White Space

In earlier version of exchange white space is calculated using event id 1221 which display the amount of white space on specific database. From Exchange 2010 onwards white space can be easily calculated using exchange power shell command as follows,

Get-MailboxDatabase -status | Select-Object Server,Name,AvailableNewMailboxSpace

Get-MailboxDatabase –Status –Server | Select-Object Server,Name,AvailableNewMailboxSpace

Get-MailboxDatabase -status | Select-Object Server,Name,AvailableNewMailboxSpace

Free Microsoft Virtualization Exam

The below url provide you free Microsoft virtualization exam with free of cost

http://www.virtualizationsquared.com/

http://www.microsoft.com/learning/en-us/exam.aspx?ID=74-409

http://www.microsoftvirtualacademy.com/offers/virtualizationsquaredoffer#?fbid=pPk5jBkaL_W

Step by Step Configuring Exchange server certificate

Step by Step Configuring Exchange server certificate

The trust relationship between this workstation and the primary domain failed

The trust relationship between this workstation and the primary domain failed

Event ID 5723

"The session setup from the computer DOMAINMEMBER failed to authenticate.
The name of the account referenced in the security database is DOMAINMEMBER$.

Solution:

Disjoin and rejoin the computer to the domain controller

Every machine in the domain has a secure channel between it and the domain. The password on this is reset automatically by the systems.  PowerShell v2 enables us to test this

PS> Test-ComputerSecureChannel
PS> Test-ComputerSecureChannel -Server server02
PS> Test-ComputerSecureChannel -Server server02.exchange.org
PS> Test-ComputerSecureChannel -Server dc02
PS> Powershell command:  Test-ComputerSecureChannel -repair

Get-ADUser -Identity raji| Get-ADObject -Properties *

Failover Primary Active Manager in Exchange Server 2013 DAG

Failover Primary Active Manager in Exchange Server 2013 DAG

1. Verify the cluster group
Command: cluster group

2. Move the cluster to the another DAG node
Command: cluster.exe Group "Cluster Group" /MoveTo:

3. Verifying Replication health check
Command: Test-ReplicationHealth

4. Verifying Primary Active Manager:

Command: Get-DatabaseAvailabilityGroup -Identity -Status | fl name,primaryactivemanager
 

Step by Step Lync 2010 IM Integration with Exchange server 2013

Step by Step Lync 2010 IM Integration with Exchange server 2013

Step 1. Create and import the exchange certificate on all the exchange 2013 mailbox server

Import-ExchangeCertificate -FileData ([Byte[]]$(Get-Content -Path c:\temp\owaim.pfx -Encoding byte -ReadCount 0)) -Password:(Get-Credential).password

Step 2. Add the thumbprint and Lync server pool name in the web config file

C:\Program Files\Microsoft\Exchange Server\V15\ClientAccess\Owa\web.config





Step 3 Create Trusted pool application for Exchange 2013 mailbox server

New-CsTrustedApplicationPool -Identity Mailboxserver.domain.com -Registrar lyncpool.domain.com -Site 1 -RequiresReplication $False


Step 4: Configure application id in the Lync Front end server

New-CsTrustedApplication -ApplicationId OutlookWebApp -TrustedApplicationPoolFqdn Mailboxserver.domain.com  -Port 5199

Step 5: Run the command Enable-CSTopology to get updated

Step6: Verify the Output on logging into OWA and click sign-in to IM

Step by Step installation Exchange server 2013 Cumulative Update 3

Step by Step installation Exchange server 2013 Cumulative Update 3

Although the installation of Exchange server 2013 CU3 is simple few steps needs to be consider while deploying.

• Restart the exchange server before deploying the patch – This will let’s the other user’s session will be dropped and also if there is any pending restart will get cleared off

• There are several places a restart flag could be squirreled.  This is not an exhaustive list:
• Look at HKLM\SYSTEM\CurrentControlSet\Control\Session Manager
• PendingFileRenameOperations
• Use Sysinternals Pendmoves.exe to see if there are pending operations
• HKLM\Software\Microsoft\Windows\CurrentVersion\Component Based Servicing
• RebootPending

• When you are installing using command prompt don’t use exchange management PowerShell instead use the windows PowerShell. Open the windows PowerShell using “Run As” and type the username and credential that holds admin privilege

• In Exchange 2013 it is mandatory to accept the license agreement - /IAcceptExchangeServerLicenseTerms

• After Exchange 2013 Cumulative Update 3 installation we will not able to revert back

Active Directory MaxTokenSize

Active Directory MaxTokenSize

MaxTokenSize of Windows 2000 is 8000 bytes, Windows 2003/2008 is 12000 bytes and Windows Server 2012 - 48000 bytes.

User token size can be calculated using the below power shell script and formula

Script: http://gallery.technet.microsoft.com/scriptcenter/Check-for-MaxTokenSize-520e51e5

TokenSize = 1200 + 40d + 8s

This formula uses the following values:

    d: The number of domain local groups a user is a member of plus the number of universal groups outside the user's account domain that the user is a member of plus

the number of groups represented in security ID (SID) history.
    s: The number of security global groups that a user is a member of plus the number of universal groups in a user's account domain that the user is a member of.
    1200: The estimated value for ticket overhead. This value can vary, depending on factors such as DNS domain name length, client name, and other factors.


By default user belongs to  900 groups. The hard limit is 1,015 groups a user can be a member of. Inorder to have user more than  900 groups modify the registry value

in workstation as follows,


    Start Registry Editor (Regedt32.exe).

    Locate and click the following key in the registry:
    System\CurrentControlSet\Control\Lsa\Kerberos\Parameters

    If this key is not present, create the key. To do so:
        Click the following key in the registry:
        System\CurrentControlSet\Control\Lsa\Kerberos
        On the Edit menu, click Add Key.
        Create a Parameters key.
        Click the new Parameters key.

    On the Edit menu, click Add Value, and then add the following registry value:
    Value name: MaxTokenSize
    Data type: REG_DWORD
    Radix: Decimal
    Value data: 48000
    Quit Registry Editor.

Symptoms due to the Tokens Size:

New resolution for problems with Kerberos authentication when users belong to many groups
"HTTP 400 - Bad Request (Request Header too long)" error in Internet Information Services (IIS)
Users who are members of more than 1,015 groups may fail logon authentication
Group Policy may not be applied to users belonging to many groups
Internet Explorer Kerberos authentication does not work because of an insufficient buffer connecting to IIS
Buffer overflow exploit possible with extended stored procedures
"HTTP 400 - Bad Request (Request Header too long)" error in Internet Information Services (IIS)

Ref: http://support.microsoft.com/kb/327825

Microsoft Outlook 2013 - Task 'RSS Feeds' reported error (0x800C0008) :'Synchronization to RSS Feed

Microsoft Outlook 2003  - Task 'RSS Feeds' reported error (0x800C0008) 

Error Message

Task 'RSS Feeds' reported error (0x800C0008) :'Synchronization to RSS Feed:"http://rajisubramanian.blogspot.in/base/feed.rss" has failed. Outlook cannot download the RSS content from http://rajisubramanian.blogspot.in/base/feed.rss because of a problem connecting to the server.'

Cause:

The OST file where the RSS feed getting download got corrupted. 

Solution:

Try to create seperate PST file for delivering the RSS feed items in the PST location

Go to File  - Account Settings - RSS Feeds - Delivery Location - Change Folder- Create New Outlook Data File.

When you are done, try to close the outlook 2013 and re-open it again. You can abe to observer the RSS started to get download.

Exchange 2013 Quarantine Mailbox

Exchange 2013 Quarantine Mailbox

To find the quarantine mailbox -  Get-mailbox administrator | fl *isq*

The following registry path is created used to store the keys:

HKLM\SYSTEM\CurrentControlSet\Services\MSExchangeIS\\Private-{db guid}\QuarantinedMailboxes\{mailbox guid}

In this path the following keys will be created:

    CrashCount: the amount of crashes detected
    LastCrashTime: the timestamp of the last occurance of a crash
    QuarantineState: is a mailbox quarantined or not
    QuarantineTime: the time the mailbox is placed in quarantine

If the issue doesn’t occur again in two hours the registry key used to store the counter is deleted. The 2 hours is a value which can’t be changed. But there are two other interesting keys:

    MailboxQuarantineCrashThreshold: how many issue may occur before a mailbox is put in quarantine
    MailboxQuarantineDurationInSeconds: how long is the mailbox placed in quarantine

When mailbox put in quarantine it doesn't passes to OPEN_AS_ADMIN flag

Solution:

To manually release the mailbox you will first need to know the GUID of the mailbox. You can lookup the GUID by using the get-mailboxstatistics cmdlet just like this:

Get-Mailbox support |select name, GUID
Once you have found the GUID you will need to find the corresponding registry path. As discussed earlier each poisoned mailbox has the key MailboxQuarantineDurationInSeconds modify the value to for example 0 or 1. After you’ve made the registry key change perform one of the following tasks:

•     Dismount/mount the database
•     Restart the Information Store
•     Reboot your server

Dynamic Witness in Windows Server 2012

Dynamic Witness in Windows Server 2012

Witness server plays there role when there is even number of nodes. If you have odd number of nodes and if any nodes fails it will turn into even number of nodes

The Dynamic Witness features which launched in Windows Server 2012 will helps to overcome the issue on enabling the witness server and providing their votes.

Hence clustering service will automatically assign the witness a vote, the witness dynamic vote, depending on if there is an odd or even number of votes present for the cluster nodes.

•     If there are an even number of nodes that have a vote (dynamic weight = 1), then the witness dynamic vote = 1
•     If there are an odd number of nodes that have a vote (dynamic weight = 1), then the witness dynamic vote = 0

To check the vote status of the witness, use the Windows PowerShell command below. A return of 1 means the witness has a vote; a return of 0 means the witness doesn't have a vote. This is a read-only value. It simply shows the vote status of the witness.
(Get-Cluster).WitnessDynamicWeight

Issue in Exchange Server 2013 Cumulative Update 3

Issue in Exchange Server 2013 Cumulative Update 3

Issue in Exchange Server 2013 Cumulative Update 3

 I am trying to list out the issue that getting arised from various experts on deploying Exchange Server 2013 Cumulative Update 3

1. Exchange 2013 CU3 causes headaches for OWA on Windows XP  - Ref: http://windowsitpro.com/blog/exchange-2013-cu3-causes-headaches-owa-windows-xp

2. PublicFolders health set is "Unhealthy" after you install Exchange Server 2013 Cumulative Update 3 - Ref: http://support.microsoft.com/kb/2911802

3. High Memory utilization of MSExchangeRPCPorxyAppPool

4. It removes HTTP to HTTPS Redirect on the Default Web Site

5. It enables SSL on the same Internet Information site.

6. It remove the Lync integration in the web.config on mailbox servers:

Exchange Server 2013 Outlook Anywhere SSLOffloading

Exchange Server 2013 Outlook Anywhere SSLOffloading

The product team made Exchange 2013 Outlook Anywhere SSLOffloading the default value as true which is not in the Exchange 2007/2010. Not sure is there any specific reason but it should be enabled for SSL offloading. The documentation is not much clear as we have in Exchange 2010 and 2007 other than just note on Exchange 2013 powershell command to configure Outlook anywhere: -

Exchange 2013 Ref: http://technet.microsoft.com/en-us/library/bb123545%28v=exchg.150%29.aspx

Exchange 2007 -  Ref: http://technet.microsoft.com/en-us/library/bb123889%28v=exchg.80%29.aspx

Do not use this option unless you are sure that you have an SSL accelerator that can handle SSL offloading. If you do not have an SSL accelerator that can handle SSL offloading, and you select this option, Outlook Anywhere will not function correctly.

Exchange 2010 - Ref: http://technet.microsoft.com/en-us/library/bb123542%28v=exchg.141%29.aspx

Don't use this option unless you're sure that you have an SSL accelerator that can handle SSL offloading. If you don't have an SSL accelerator that can handle SSL offloading, and you select this option, Outlook Anywhere won't function correctly.

http://social.technet.microsoft.com/wiki/contents/articles/1267.how-to-configure-ssl-offloading-in-exchange-2010.aspx