FIXED: Exchange 2010 Rollup 8

Exchange Server 2010 SP3 Update Rollup 8 has been re-released to the Microsoft download center resolving a regression discovered in the initial release.

Refer Click HERE

Advertisements

Exchange 2010 SP2 Rollup 1

Today the Exchange Team released Rollup 1 for Exchange Server 2010 Service Pack 2 (KB2645995).

Here’s the huge list of changes included in this rollup:

2465015 You cannot view or download an image on a Windows Mobile-based device that is synchronized with an Exchange Server 2010 mailbox

2492066 An automatic reply message is still sent after you clear the “Allow automatic replies” check box for a remote domain on an Exchange Server 2010 server

2492082 An Outlook 2003 user cannot view the free/busy information of a resource mailbox in a mixed Exchange Server 2010 and Exchange Server 2007 environment

2543850 A GAL related client-only message rule does not take effect in Outlook in an Exchange Server 2010 environment

2545231 Users in a source forest cannot view the free/busy information of mailboxes in a target forest in an Exchange Server 2010 environment

2549255 A meeting item displays incorrectly as multiple all-day events when you synchronize a mobile device on an Exchange Server 2010 mailbox

2549286 Inline contents disposition is removed when you send a “Content-Disposition: inline” email message in an Exchange Server 2010 environment

2556113 It takes a long time for a user to download an OAB in an Exchange Server 2010 organization

2557323 Problems when viewing an Exchange Server 2003 user’s free/busy information in a mixed Exchange Server 2003 and Exchange Server 2010 environment

2563245 A user who has a linked mailbox cannot use a new profile to access another linked mailbox in an Exchange Server 2010 environment

2579051 You cannot move certain mailboxes from an Exchange Server 2003 server to an Exchange Server 2010 server

2579982 You cannot view the message delivery report of a signed email message by using Outlook or OWA in an Exchange Server 2010 environment

2585649 The StartDagServerMaintenance.ps1 script fails in an Exchange Server 2010 environment

2588121 You cannot manage a mail-enabled public folder in a mixed Exchange Server 2003 and Exchange Server 2010 environment

2589982 The cmdlet extension agent cannot process multiple objects in a pipeline in an Exchange Server 2010 environment

2591572 “Junk e-mail validation error” error message when you manage the junk email rule for a user’s mailbox in an Exchange Server 2010 environment

2593011 Warning 2074 and Error 2153 are logged on DAG member servers in an Exchange Server 2010 environment

2598985 You cannot move a mailbox from a remote legacy Exchange forest to an Exchange Server 2010 forest

2599434 A Public Folder Calendar folder is missing in the Public Folder Favorites list of an Exchange Server 2010 mailbox

2599663 The Exchange RPC Client Access service crashes when you send an email message in an Exchange Server 2010 environment

2600034 A user can still open an IRM-protected email message after you remove the user from the associated AD RMS rights policy template in an Exchange Server 2010 environment

2600289 A user in an exclusive scope cannot manage his mailbox in an Exchange Server 2010 environment

2600943 EMC takes a long time to return results when you manage full access permissions in an Exchange Server 2010 organization that has many users

2601483 “Can’t open this item” error message when you use Outlook 2003 in online mode in an Exchange Server 2010 environment

2604039 The MSExchangeMailboxAssistants.exe process crashes frequently after you move mailboxes that contain IRM-protect email messages to an Exchange Server 2010 SP1 mailbox server

2604713 ECP crashes when a RBAC role assignee tries to manage another user’s mailbox by using ECP in an Exchange Server 2010 environment

2614698 A display name that contains DBCS characters is corrupted in the “Sent Items” folder in an Exchange Server 2010 environment

2616124 Empty message body when replying to a saved message file in an Exchange Server 2010 SP1 environment

2616230 IMAP4 clients cannot log on to Exchange Server 2003 servers when the Exchange Server 2010 Client Access server is used to handle proxy requests

2616361 Multi-Mailbox Search fails if the MemberOfGroup property is used for the management scope in an Exchange Server 2010 environment

2616365 Event ID 4999 when the Store.exe process crashes on an Exchange Server 2010 mailbox server

2619237 Event ID 4999 when the Exchange Mailbox Assistants service crashes in Exchange 2010

2620361 An encrypted or digitally-signed message cannot be printed when S/MIME control is installed in OWA in an Exchange Server 2010 SP1 environment

2620441 Stop-DatabaseAvailabilityGroup or Start-DatabaseAvailabilityGroup cmdlet fails when run together with the DomainController parameter in an Exchange Server 2010 environment

2621266 An Exchange Server 2010 database store grows unexpectedly large

2621403 “None” recipient status in Outlook when a recipient responds to a meeting request in a short period of time in an Exchange Server 2010 environment

2628154 “The action couldn’t be completed. Please try again.” error message when you use OWA to perform an AQS search that contains “Sent” or “Received” in an Exchange Server 2010 SP1 environment

2628622 The Microsoft Exchange Information Store service crashes in an Exchange Server 2010 environment

2628693 Multi-Mailbox Search fails if you specify multiple users in the “Message To or From Specific E-Mail Addresses” option in an Exchange Server 2010 environment

2629713 Incorrect number of items for each keyword when you search for multiple keywords in mailboxes in an Exchange Server 2010 environment

2629777 The Microsoft Exchange Replication service crashes on Exchange Server 2010 DAG members

2630708 A UM auto attendant times out and generates an invalid extension number error message in an Exchange Server 2010 environment

2630967 A journal report is not sent to a journaling mailbox when you use journaling rules on distribution groups in an Exchange Server 2010 environment

2632206 Message items rescanned in the background in an Exchange Server 2010 environment

2633044 The Number of Items in Retry Table counter displays an incorrect value that causes SCOM alerts in an Exchange Server 2010 SP1 organization

2639150 The MSExchangeSyncAppPool application pool crashes in a mixed Exchange Server 2003 and Exchange Server 2010 environment

2640218 The hierarchy of a new public folder database does not replicate on an Exchange Server 2010 SP1 server

2641077 The hierarchy of a new public folder database does not replicate on an Exchange Server 2010 SP1 server

2642189 The RPC Client Access service may crash when you import a .pst file by using the New-MailboxImportRequest cmdlet in an Exchange Server 2010 environment

2643950 A seed operation might not succeed when the source mailbox database has many log files in a Microsoft Exchange Server 2010 DAG

2644047 Active Directory schema attributes are cleared after you disable a user’s mailbox in an Exchange Server 2010 environment

2644264 Disabling or removing a mailbox fails in an Exchange Server 2010 environment that has Office Communications Server 2007, Office Communications Server 2007 R2 or Lync Server 2010 deployed

2648682 An email message body is garbled when you save or send the email message in an Exchange Server 2010 environment

2649727 Client Access servers cannot serve other Mailbox servers when a Mailbox server encounters a problem in an Exchange Server 2010 environment

2649734 Mailbox replication latency may occur when users perform a Multi-Mailbox Search function against a DAG in an Exchange Server 2010 environment

2649735 Warning of undefined recipient type of a user after the linked mailbox is moved from an Exchange Server 2007 forest to an Exchange Server 2010 forest

2652849 The MailboxCountQuota policy is not enforced correctly in an Exchange Server 2010 hosting mode

2665115 Event ID 4999 is logged on an Exchange Server 2010 Client Access server (CAS)

You can download Exchange 2010 SP2 Rollup 1 here.

Exchange PST Capture Tool released

Today the Exchange Team released the Microsoft Exchange PST Capture Tool (initial version 14.3.16.4). The tool can be used to discover and inject PST files in an Exchange 2010 Exchange Online mailbox or archive.

The tool was originally from Red Gate and known as PST Importer. It’s architecture consists of three components: the central service, agents for PST discovery, registration and collecting PST files and an administrative console

Courtesy: Red-gate

The online documentation can be found here.

Note that although it’s only supported for Exchange 2010 and Exchange Online, you can use it with Exchange 2007; it’s only untested (and probably unsupported) with that product.

You can read the official announcement here; you can download the tool and the agents here.

How to fix Lync Services Signin : Type your user name and password to connect for retrieving calendar data from outlook.

When signing-in to Lync client using cached Domain Credentials (e.g. you login to your corporate domain-joined laptop at home), Lync Client may prompt you with an additional authentication dialog box:

When Lync Client signs in, it also attempts to retrieve availability data via Exchange 2010 Web Services(EWS). It does so by leveraging the Autodiscover functionality.

Communicator will issue SOAP requests (over HTTPS) to the published Autodiscover server, who returns the URLs for the Microsoft Exchange 2010 Client Access Server(s) that will feed the availability data back to Lync Client.

The additional prompt for authentication stems from Communicator being hard-wired to authenticate using NTLM. When IIS (on the Exchange 2010 CAS machines) returns it’s WWW-Authenticate headers, it does so in the form of:

WWW-Authenticate: Negotiate

WWW-Authenticate: NTLM

When Communicator attempts to negotiate authentication using your cached credentials (over the Internet), it will fail with a “401.2 Unauthorized” (*2), and subsequently prompt you for authentication as above. However, if we force NTLM from either the client side or the server side, we eliminate these additional prompts for credentials

How to Fix:

We are instructing IIS on the Exchange 2010 CAS server(s) to offer NTLM as the first authentication provider (with Negotiate as the fallback provider) in the WWW-Authenticate header.

Fix using command lines

1. On the Exchange 2010 CAS machine(s), start -> run -> cmd -> OK. Change to the C:InetpubAdminScripts directory.

2. Execute the below commands.

a. Inspecting current status:

C:InetpubAdminScripts>cscript adsutil.vbs get w3svc/1/root/NTAuthenticationProviders

Microsoft (R) Windows Script Host Version 5.8

Copyright (C) Microsoft Corporation. All rights reserved.

The parameter “NTAuthenticationProviders” is not set at this node. (*4)

b. Setting the parameter:

C:InetpubAdminScripts>cscript adsutil.vbs set w3svc/1/root/NTAuthenticationProviders “NTLM,Negotiate”

Microsoft (R) Windows Script Host Version 5.8

Copyright (C) Microsoft Corporation. All rights reserved.

NTAuthenticationProviders : (STRING) “NTLM,Negotiate”

c. Verifying the output:

C:InetpubAdminScripts>cscript adsutil.vbs get w3svc/1/root/NTAuthenticationProviders

Microsoft (R) Windows Script Host Version 5.8

Copyright (C) Microsoft Corporation. All rights reserved.

NTAuthenticationProviders : (STRING) “NTLM,Negotiate”

3. Restart the IIS Admin Service (which will restart all dependent services) on the Exchange 2010 CAS machine(s).

IIS 7.0 Configuration

Lists configuration
appcmd list config /section:windowsAuthentication

Removes Negotiate
Appcmd.exe set config /section:windowsAuthentication /-providers.[value=’Negotiate’]

Adds Negotiate
appcmd.exe set config -section:system.webServer/security/authentication/windowsAuthentication /+”providers.[value=’Negotiate’]” /commit:apphost

Lists configuration
appcmd list config /section:windowsAuthentication

Here is a list of the results:

C:WindowsSystem32inetsrv>appcmd list config /section:windowsAuthentication
<system.webServer>
<security>
<authentication>
<windowsAuthentication enabled=”true” useKernelMode=”false”>
<providers>
<add value=”Negotiate” />
<add value=”NTLM” />
</providers>
</windowsAuthentication>
</authentication>
</security>
</system.webServer>

C:WindowsSystem32inetsrv>Appcmd.exe set config /section:windowsAuthentication /-providers.[value=’Negotiate’]

C:WindowsSystem32inetsrv>appcmd.exe set config -section:system.webServer/security/authentication/windowsAuthentication /+”providers.[value=’Negotiate’]” /commit:apphost

C:WindowsSystem32inetsrv>appcmd list config /section:windowsAuthentication
<system.webServer>
<security>
<authentication>
<windowsAuthentication enabled=”true” useKernelMode=”false”>
<providers>
<add value=”NTLM” />
<add value=”Negotiate” />
</providers>
</windowsAuthentication>
</authentication>
</security>
</system.webServer>

How to Fix using GUI

1. Open the IIS Manager on the Client Access server, “Navigate to default Web site” Autodiscover and select Authentication

2. Open “Windows Authentication”, on the right hand side pane select “Providers”, Move up the “NTLM”.

3. Open the IIS Manager on the Client Access server, “Navigate to default Web site” EWS and select Authentication

4. Open “Windows Authentication”, on the right hand side pane select “Providers”, Move up the “NTLM”.

How to view Whitespace in Exchange 2010 Databases

With older versions of Exchange admins would use the 1221 EventID to see how much whitespace was available in each database.

With Exchange 2010 EventID 1221 is no longer used.

Admins now can query the database directly with the following PowerShell command to see the whitespace in each Database

Get-MailboxDatabase -Status | FT Name, AvailableNewMailboxSpace

Additonal Scripts on Exchange 2010 SP2

As with most Microsoft Exchange Service Packs and some Update Rollups, Exchange Server SP2 introduces six new scripts that are useful to manage and monitor your Exchange organization.

All the canned Exchange scripts are located in the %ExchangeInstallPath%Scripts folder (normally, C:Program FilesMicrosoftExchange ServerV14Scripts). You can easily change to this folder within the Exchange Management Shell (EMS) using the command cd $exscripts. It looks dirty, but it’s not. 🙂

The six new(ish) Exchange Service Pack 2 scripts are:

  • ConvertOABVDir.ps1 – This script will convert the OAB virtual directory to an IIS web application, as well as create a new application pool called MSExchangeOabAppPool. Converting the OAB virtual directory is necessary to support different authentication methods like Kerberos and Certificate authentication. You need to execute this script on each Client Access Server. Ross Smith wrote about this script in his article, Recommendation: Enabling Kerberos Authentication for MAPI Clients.
  • ExPerfwiz.ps1

What Exchange Delegation and Lync do?

This was something that I have wanted to share with you all. There were more queries from Service desk and desktop team about what “people I manage call for” do and how to remove/manage them from the Lync client.

The “People I manage calls for” is part of the delegation model. If the user in question is responsible for scheduling Lync/OCS meetings for the person in their “People I manage calls for” group, no you cannot remove them because removing them will remove their ability to schedule meetings as well. If that’s not the intention, and they ended up being a delegate by accident of exchange permissions then yes they can be safely removed.

There is a resource kit utility called SEFAUtil.exe that has the ability to add/remove delegations from Lync server manually.

Normally, Lync gets its delegate information from permissions settings in exchange. For the example, I’m going to use Boss and Admin instead of delegator and delegate because I find the latter confusing

For the admin to be able to schedule Lync meetings for the boss, the boss sets either “Editor” or “Author” rights on his calendar to his admin

Both the boss and the admin have the csclientpolicy –EnableExchangeDelegateSync set to $true

When the boss’s Lync client boots up it checks with exchange to see what permissions the boss has granted other people. It will find he’s granted his admin “Editor” or “Author” rights to his calendar and the Lync client will send a message to the Lync server to grant delegation permission to the admin.

When the Admin restarts their client, it will contact the Lync server and pull down the users that the admin has been granted permission for. The admin will then be able to schedule Lync meetings inside the boss’s calendar.

This is the normal process.