Wednesday, July 28, 2010

Outlook Anywhere - The connection to Microsoft Exchange is unavailable

When trying to setup a new PC remotely to use outlook anywhere or previously called RPC over HTTP the following error was experienced.

The connection to Microsoft Exchange is unavailable. Outlook must be online or connected to complete this action.



PC's that had there outlook profile created in the office on the corporate network work fine with outlook anywhere however PC's for home users do not connect up - as the outlook profile was not created over MAPI.

This is a problem with Exchange 2007 which was fixed in Service Pack 2 or higher of the product. Please service pack your exchange server to resolve the problem.

An error occurred while testing the NSPI RPC endpoint.

I was getting the following error on an Exchange 2007 SP1 server when trying to run the https://www.testexchangeconnectivity.com/ for outlook anywhere.

ExRCA is testing the Name Service Provider Interface (NSPI) on the Exchange Mailbox server.
An error occurred while testing the NSPI RPC endpoint.
Test Steps
Attempting to ping RPC Endpoint 6004 (NSPI Proxy Interface) on server WATCEXCH.waturf.local
The attempt to ping the endpoint failed.
Tell me more about this issue and how to resolve it
Additional Details
RPC_S_SERVER_UNAVAILABLE error (0x6ba) was thrown by the RPC Runtime



The problem turned out to be Windows Server 2008 has made TCP/IPv6 the default communication protocol stack over which connections are made by clients connecting to the server that is running Microsoft Exchange. The RPCProxy component tries to connect to the DSProxy component through port 6004 over TCP/IPv6. However, the DSProxy component does not listen on the TCP/IPv6 stack, which causes connection requests from the RPCProxy component to fail.

Perform the following procedure:

1.Under Network Connections, select the network adapter, and then click Properties.

2.In the properties window, click to clear the check box for Internet Protocol Version 6 (IPv6).

Note:
Clearing this check box causes the RPCProxy component on the Client Access server to use TCP/IPv4 to talk to the DSProxy component on the Mailbox server.
3.Click Start, and then click Run.

4.Type regedit in the Open box.

5.Using Registry Editor, locate the following registry key:

HKEY_Local_Machine\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters

6.Right-click the Parameters key, click New, and then click DWORD (32-bit) Value. For the key, add the following values:

Name: DisabledComponents

Data: 0xFFFFFFFF

7.Restart the Client Access server.

Friday, July 23, 2010

Detach Mailbox from User Account

To Detach or Disconnect a Exchange Mailbox from a user account use Disable-Mailbox in powershell. This removes the exchange attributes from the user account in Active Directory.

To reattach the mailbox to another user account use Connect-Mailbox

You can also permanently delete a disconnected mailbox at any time by using the Remove-Mailbox cmdlet in the Exchange Management Shell

Use the Clean-MailboxDatabase cmdlet to scan the Active Directory directory service for disconnected mailboxes that are not yet marked as disconnected in the Microsoft Exchange store and update the status of those mailboxes in the Exchange store

Thursday, July 22, 2010

ID no: 00000000-0000-00000000, error code: -1056749164

When trying to export a mailbox using the Export-Mailbox powershell command I received the following error:

Export-Mailbox : Error was found for User Name (user@domain.com) because: Error occurred in the step: Moving mes
sages. Failed to copy messages to the destination mailbox store with error:
MAPI or an unspecified service provider.
ID no: 00000000-0000-00000000, error code: -1056749164
At line:1 char:15
+ Export-Mailbox <<<< -Identity mgreen -BadItemLimit 9999999 -PSTFolderPath c:\mgreen.pst + CategoryInfo : InvalidOperation: (0:Int32) [Export-Mailbox], RecipientTaskException + FullyQualifiedErrorId : 693782CA,Microsoft.Exchange.Management.RecipientTasks.ExportMailbox





To resolve this issue you need to give the Administrator who is exporting the mail rights to the users mailbox.

Get-Mailbox "users mailbox" Add-MailboxPermission -User Administrator -AccessRights FullAccess

A reboot from a previous installation is pending. Please restart the system and rerun setup.

I was trying to install Exchange Server 2007 SP3 Management Tools on a Windows 7 PC. During the installation I received the following error:

A reboot from a previous installation is pending. Please restart the system and rerun setup.



I resolved this error by deleting the the REG_MULTI_SZ value PendingFileRenameOperations from HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\PendingFileRenameOperations

An error was detected while configuring Certificate Services

When trying to install a root certificate authority on a windows server 2003 standard edition server the following error occured:

An error was detected while configuring Certificate Services.
The Certificate Services Setup Wizard will need to be rerun to complete the configuration.
Certificate Services setup failed with the following error: The service cannot be started, either because it is disabled or because it has not enabled devices associated with it. 0x80080442 (WIN32: 1058)




To fix this I had to set the IIS Admin Service startup type to "Automatic". It was currently set to "Manual".

OCS Certificate Error

I was out at a client who had issues with their OCS Server.

Errors Received on Workstations

Users started receiving the following error on workstations when opening OCS.

There was a problem verifying the certificate from the server. Please contact your system administrator.



The client rebooted the server. After rebooting they started receiving the following error when opening OCS.

Cannot sign in because the server is temporarily unavailable. If the problem persists, contact the system administrator.



In the system event log on the client workstations the following error was received.

Event Type: Error
Event Source: Communicator
Event Category: None
Event ID: 7
Date: 23/07/2010
Time: 9:27:39 AM
User: N/A
Computer: KTM-10
Description:
Communicator failed to connect to server banara.rmaust.com.au (172.25.129.25) on port 5061 due to error 10061. The server is not listening on the port in question, the service is not running on this machine, the service is not responsive, or network connectivity doesn't exist.

Resolution:
Please make sure that your workstation has network connectivity. If you are using manual configuration, please double-check the configuration. The network administrator should make sure that the service is running on port 5061 on server banara.rmaust.com.au (172.25.129.25).




Errors Received on OCS Server

The following errors were received on the OCS server itself.

In the System log the following error appeared:

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7024
Date: 23/07/2010
Time: 9:36:06 AM
User: N/A
Computer: BANARA
Description:
The Office Communications Server Front-End service terminated with service-specific error 2148204801 (0x800B0101).




The following errors were seen in the Office Communications Server logs:

Event Type: Error
Event Source: OCS MCU Infrastructure
Event Category: (1022)
Event ID: 61002
Date: 23/07/2010
Time: 9:41:10 AM
User: N/A
Computer: BANARA
Description:
No certificate has been configured for secure transport.

The certificate assigned to process DataMCUSvc(3996) was not found.
Certificate serial number: 61796F2800000000000A
Certificate issuer name: CN=RMA8, DC=rmaust, DC=com, DC=au.
Resolution:
Verify that a valid certificate has been configured.




Event Type: Error
Event Source: OCS Data MCU
Event Category: (1018)
Event ID: 41009
Date: 23/07/2010
Time: 9:41:10 AM
User: N/A
Computer: BANARA
Description:
Failed to initialize the focus adapter.

Cause: Failed to initialize focus adapter
Resolution:
Check previous event log entries and resolve them.




Event Type: Error
Event Source: OCS Data MCU
Event Category: (1018)
Event ID: 41038
Date: 23/07/2010
Time: 9:41:10 AM
User: N/A
Computer: BANARA
Description:
Office Communications Server Web Conferencing Server could not be started

Message: Operation is not valid due to the current state of the object.
at Microsoft.Rtc.Server.McuInfrastructure.HttpTransport.LoadCertificate(CertificateInfo certificate)
at Microsoft.Rtc.Server.McuInfrastructure.HttpTransport.LoadCertificate()
at Microsoft.Rtc.Server.McuInfrastructure.HttpTransport..ctor(String listeningUrl, ICccpConfigurationProvider config, XmlWriterSettings writerSettings)
at Microsoft.Rtc.Server.McuInfrastructure.CccpAdapter..ctor(String listenerUri, ICccpConfigurationProvider config)
at Microsoft.Rtc.Server.McuInfrastructure.McuCccpAdapter..ctor(String listenerUri, ICccpConfigurationProvider config)
at Microsoft.Rtc.Server.DataMCU.Hosting.Runtime.ApplicationController..ctor(IDictionary`2 appConfig, String appClassName, String cccpListenerUri, Byte[] httpsCertificateIssuer, Byte[] httpsCertificateSN, String mcuType, String mcuVendor, IServiceWorker serviceWorker)
at Microsoft.Rtc.Server.DataMCU.ServiceWorker.StartServer(String[] args)

Resolution:
Look in previous event logs for more information about this error




Event Type: Warning
Event Source: OCS Data MCU
Event Category: (1018)
Event ID: 41063
Date: 23/07/2010
Time: 9:41:10 AM
User: N/A
Computer: BANARA
Description:
Could not connect to Active Directory to read configurations settings. Will retry in 30 seconds.




Issue

The reason why all these errors started spawning stems from the Digital Certificate issued to the OCS Server expiring. If you fire up MMC, add in the certificate console, go to local computer certificates and open up the certificate used for OCS it will say the certificate is expired.



Resolution

To resolve the issue generate assign a new certificate from the internal certificate authority (or from a public certificate authority) depending on how your OCS organisation is setup. In this instance we will be issuing a certificate from an internal certificate authority. The certificate request needs to be renewed on a number of OCS services. For each OCS component follow these guides from the OCSPEDIA website:

Certificate on Standard/Enterprise Edition Front End Server:
http://www.ocspedia.com/Certificates/SE/CreateAssign_SE.htm

Certificate on an Access Edge Server:
http://www.ocspedia.com/Certificates/AccessEdge/InternalCA/CreateAssign_AccessEdge.htm

Certificate on a Web Conference Edge Server:
http://www.ocspedia.com/Certificates/AccessEdge/InternalCA/CreateAssign_AccessEdge.htm

Certificate on an Audio/Video Conference Edge Server:
http://www.ocspedia.com/Certificates/AccessEdge/InternalCA/CreateAssign_AccessEdge.htm

Users will continue to receive "There was a problem verifying the certificate from the server. Please contact your system administrator" until they reboot their workstation after changing the certificate on the server.

Tuesday, July 20, 2010

Convert lastLogonTimestamp to readable format

The lastLogonTimestamp is encoded in Active Directory as a base64 value.



To convert the lastLogonTimestamp attribute to a readable format use the w32tm tool:

w32tm /ntte lastlogontimestamp_value

For Example:

w32tm /ntte 129154168571093750

Monday, July 19, 2010

Windows cannot access the specified device, path, or file.

On a Windows Server 2003 R2 SP2 Server I received the following error when trying to install an application downloaded from the internet.

Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item.



To resolve this uninstall the Internet Explorer Enhanced Security Configuration from add and remove programs.



Please note after uninstalling you must log off and log back in.

Unable to complete operation on

On domain controllers whenever going to a log file I got the following error:

Unable to complete the operation on "event log".
Access is denied.



To resolve this remove the domain admin account from the Built In Guests group in AD Users and Computers.

Click Start, point to Programs, point to Administrative Tools, and then click Active Directory Users and Computers.
In the left pane, expand the domain name, and then click Builtin.
In the right pane, double-click Guests, and then click the Members tab.
In the Members list, click your user account and remove it. Please note that it may be nested inside a group!

Tuesday, July 13, 2010

Exchange Stripping Attachments for Web Based Email Clients

Issue

I had a VERY weird problem with a customers exchange server when sending attachments. When sending an email an attachment to some web mail systems (for example http://mail.iinet.net.au) the attachments do not appear under the web mail system. However sending emails to other windows email servers running Exchange and opening the email with Outlook or Outlook Web Access the attachment comes up fine.

- There are no smarthosts in front of this exchange server, its relaying directly to the Internet using MX records.

- This company only has a single server running the exchange mailbox, hub transport and client access roles.

- The issue is not with Microsoft Office Outlook as it occurs for both outlook and outlook web access.

- The same attachments can be sent from another exchange organisation. If I send the email to my home exchange server, then forward it onto the correct iinet address, the iinet address receives it correctly.

- No Transport Agents are running on the exchange server with rules configured, eg the transport rules or journaling rules agents.

- The exchange organisation is running exchange 2007 with service pack 1. Other exchange 2007 organisations running service pack 1 do not have the issue - I tested.

- Every mailbox user in the exchange organisation is experiencing the problem.

- All attachments are experiencing the problem regardless of the attachment format.

When a user sent an email to a web mail provider the attachment was not available for download even though web mail identifies there were attachments in the email. Please click to enlarge.



When a user such as myself sends an email from another exchange organisation, the email goes through fine and the attachment is downloadable. See the screenshot below - click to enlarge.



Resolution

The problem was identified using Pipeline Logging on the hub transport server. This pushes out email message body to a text file allowing an administrator to review. Pipeline logging was enabled on the hub transport user for a user experiancing problems.

- Open Exchange Management Shell (EMS).

- Run the following cmdlet in EMS:

Set-TransportServer <hub_server_name> -PipelineTracingSenderAddress <smtpaddress>

Note: Replace the <smtpaddress> with a problematic sender address.

- Run the following cmdlet in EMS:

Set-TransportServer <hub_server_name> -PipelineTracingEnabled $True

- Send a plain text email from the user to the iinet email address with an attachment.

- Disable Pipeline logging again for that user account with:

Set-TransportServer <hub_server_name> -PipelineTracingEnabled $False

X-CreatedBy: MessageSnapshot-Begin injected headers

X-MessageSnapshot-UTC-Time: 2010-07-12T06:38:36.291Z

X-MessageSnapshot-Record-Id: 3266

X-MessageSnapshot-Source: OnRoutedMessage,Journaling Agent

X-Sender: user@badexchangeorganisation.com

X-Receiver: user@iinet.net.au

X-EndOfInjectedXHeaders: MessageSnapshot-End injected headers

Received: from CAPS-PER-EX1.badexchangeorganisation ([127.0.0.1]) by caps-per-ex1

([127.0.0.1]) with mapi; Mon, 12 Jul 2010 14:38:35 +0800

Content-Type: application/ms-tnef; name="winmail.dat"

Content-Transfer-Encoding: binaryFrom: Matthew Sampson

To: "user@iinet.net.au"

Date: Mon, 12 Jul 2010 14:38:35 +0800

Subject: Plain Text Test Email

Thread-Topic: Plain Text Test Email

Thread-Index: AcshjMv1dlpmCgONQJ2XofbMlypxSw==

Message-ID: <4dac02e2e52f584ca7a90ddcfee6f89204bfd55d9f@caps-per-ex1>

Accept-Language: en-US, en-AU

Content-Language: en-US

X-MS-Has-Attach: yes


What gave the problem away was the email had a winmail.dat file attached identified in the pipeline log, even though we specified plain text. winmail.dat files are created by outlook whenever an email is sent in RTF (Rich Text Format). Outlook and Outlook Web Access deal with them fine but other mail clients sometimes have problems.

It turned out that the Exchange Server was converting the emails to rich text format meaning many web based email clients could not display the attachment correctly.

The problem was resolved by performing the following steps:

Get-RemoteDomain | fl

Check if the value of TNEFEnabled is set to true. If yes, please run the following cmdlet to correct it:

Set-RemoteDomain "Default" -TNEFEnabled $null

Monday, July 12, 2010

Outlook 2003/2007 Looses Email Signature on Terminal Servers

I had a really weird problem with outlook 2003 installed on a terminal server farm running Windows Server 2003 Enterprise Edition R2 x86. Whenever users logged into a different terminal server their outlook signature under tools --> options --> mail format --> signatures got set to instead of their predefined configured signature. The user would have to go back and re-select their signature every time they logged into a different terminal server.

I had multiple servers in the farm with the following configuration:

- Users profiles are redirected to a network share

- Users profiles are deleted of the terminal server when users log off

- Application Data, Desktop, Documents are all redirected off to network shares for each user.

- Citrix was installed on terminal servers in the farm.

I visited Microsoft KB918561 and deleted the ImportPRF key as Microsoft suggested from each terminal server, however this did not fix my issue.

Resolution

The problem comes with the way Microsoft implemented the installation process for Outlook. During installation, Outlook creates a registry entry called First-Run. It contains some sort of cryptic code which I don't fully understand, but you don't need to. The problem comes from the fact that when you install Outlook on the second server, it generates a NEW, UNIQUE code. When a user launches Outlook for the first time, that First-Run key gets copied into their profile and follows them around. Unfortunately, when the user next launches Outlook, if they hit a server with a different First-Run key, Outlook makes the assumption they are a new user, and will wipe out certain profile information, including the signature info. The signature itself probably isn't gone, just the information that tells Outlook to actually use it.

The First-Run key is located under:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\11.0\Outlook\Setup

If you notice notice in this terminal server environment, each terminal server had a different hex code for First-Run.

Terminal Server 1 ("First-Run"=hex:0b,e4,9d,de,3f,17,87,40,8b,8f,e4,70,c7,3c,24,88)



Terminal Server 2 ("First-Run"=hex:37,47,b4,ae,5f,18,10,49,b9,e1,18,27,9e,e3,6b,59)



What I did was export the First-Run REG-BINARY value to a .reg file from Terminal Server 1 then import the reg file into all other terminal servers in the farm. Once you ensure that the hex code for First-Run is the same on all terminal servers in the farm, the issue will not occur anymore.

The same problem also exists for Office 2007. The above fix still applies, just change 11.0 to 12.0

Hope this post fixes your issue, please leave feedback.