• Shortcuts : 'n' next unread feed - 'p' previous unread feed • Styles : 1 2

» Publishers, Monetize your RSS feeds with FeedShow:  More infos  (Show/Hide Ads)


Date: Wednesday, 26 Mar 2014 14:01

Back pressure is a resource monitoring feature with Exchange servers which build into Transport service. ( Mailbox Servers ) The idea is to have Exchange Server detect the issues and take necessary action so the messaging servers wont be completely un available.

There are 4 event ID associated with correlating events and actions messaging server would perform.

Figuring out such event can be very usefully when back pressure becomes the issue.

# Explain event descriptions
Write-Host "--------------------------                              ------------------------------"
Write-Host "Event ID 15004 = Resource pressure increased" -Fore Cyan
Write-Host "Event ID 15005 = Resource pressure decreased" -Fore Cyan
Write-Host "Event ID 15006 = Low available disk space" -Fore Yellow
Write-Host "Event ID 15007 = Low available memory" -Fore Yellow
Write-Host "---------------------------                                  ------------------------"

image

To automate the process we have developed PS script. You can download from TechNet scripting library.

image

Special thanks to Benjamin Bohn for taking his time and turning my simple script into great resource script.

Stay tuned until next time.

Best regards,
Oz Casey , Dedeal
MCITP (EMA), MCITP (SA)
MCSE 2003, M+, S+, MCDST
Security+, Project +, Server +
Http://smtp25.blogspot.com (Blog)
Http://telnet25.wordpress.com (Blog)

Author: "Oz Casey, Dedeal (noreply@blogger.com)"
Send by mail Print  Save  Delicious 
Date: Saturday, 22 Mar 2014 17:31

We will migrate DHCP Service from windows 2003 DC onto Windows 2008 R2 DC. Just follow the simple steps to get the work done

Environment :

  • Source Server  windows 2003 ( DC,GC) DHCP Installed here server name is = Server
  • Destination Server Windows 2008 R2 ( DC,GC) = We will migrate DHCP Service and all related configurations here
  • Log into Source Server where DHCP is installed
  • Click Start Open Cmd.exe

Netsh dhcp server export c:\temp\dhcp.txt

Make sure temp directory exist if not create one on the C drive….

image

Now log into Target Server

  • Click start
  • In the search type
  • ServerManager.msc
  • Hit enter
  • Click Add Roles

image

image

image

image

image

image

image

image

image

image

image

image

image

image

  • Now you need the file we have created earlier to import into this server
  • I am going to connect the first server and get the file we have created which does have all existing settings for the DHCP server

image

image

I am going to copy the dhcp.txt file onto server1 onto temp directory

Click Start

Type Cmd.exe and hit enter

type following and hit enter

Netsh dhcp server import c:\temp\dhcp.txt

 

image

Now open back to DHCP management

If you refresh all your existed settings are now in this new DHCP Scope

image

Last thing we need to do is to go back and un-install DHCP services from source server, running DHCP from two servers will same scope will be ugly (-:

Log back onto first server

image

image

image

image

image

image

Well done you have completed DHCP migration

Stay tuned until next time.

Best regards,
Oz Casey , Dedeal
MCITP (EMA), MCITP (SA)
MCSE 2003, M+, S+, MCDST
Security+, Project +, Server +
Http://smtp25.blogspot.com (Blog)
Http://telnet25.wordpress.com (Blog)

Author: "Oz Casey, Dedeal (noreply@blogger.com)"
Send by mail Print  Save  Delicious 
Date: Wednesday, 19 Mar 2014 15:05

FSMO roles always been one of the most hot topics of every interview I have ever been. Even for Exchange Server interviews. Knowing the FSMO roles makes your job easy and understanding Active Directory for sure keeps your place in Exchange world safer.

If you need refresher for the FSMO Just take a look at this question. Considering having single FOREST if you have 12 domains, how many FSMO roles in total exist ? Id your answer is not 38 then you need the refresher (-: and here id nice summary Why do We Need FSMO Roles

You can quickly Fire up CMD and type

NetDom Query FSMO

image

Or you can open PowerShell

$Domain = Get-ADDomain | select -ExpandProperty Name

image

Get-ADDomain $Domain | fl PDCEmulator,RIDMaster,InfrastructureMaster

image

Or here is the simple script can show you the FSMO roles for your Domain Name Space

http://gallery.technet.microsoft.com/scriptcenter/Find-FSMO-Roles-6950d3c7

image

Stay tuned until next time.

Best regards,
Oz Casey , Dedeal
MCITP (EMA), MCITP (SA)
MCSE 2003, M+, S+, MCDST
Security+, Project +, Server +
Http://smtp25.blogspot.com (Blog)
Http://telnet25.wordpress.com (Blog

Author: "Oz Casey, Dedeal (noreply@blogger.com)"
Send by mail Print  Save  Delicious 
Date: Monday, 10 Mar 2014 08:37

 

Installing Exchange 2013 SP1, receiving error “The Windows component RSAT-Clustering-CmdInterface isn't installed on this computer and needs to be installed before”

image

On the problem server open PowerShell with administrator privileges and use following PS command

Install-WindowsFeature RSAT-Clustering-CmdInterface



image


image


Verify ….





Get-WindowsFeature | where-object {$_.Installed -eq $True} | fl name,*RSAT*

 


image


image


image


Stay tuned until next time.


Best regards,
Oz Casey , Dedeal
MCITP (EMA), MCITP (SA)
MCSE 2003, M+, S+, MCDST
Security+, Project +, Server +
Http://smtp25.blogspot.com (Blog)
Http://telnet25.wordpress.com (Blog)

Author: "Oz Casey, Dedeal (noreply@blogger.com)"
Send by mail Print  Save  Delicious 
Date: Wednesday, 05 Mar 2014 05:25

When you want your Tier2 to have ability to manage distribution Groups by adding multiple managers to it, you may receive the error “You don’t have sufficient permissions. This operation can only be performed by a manager of this group.” in Exchange 2010 SMTP organization.

The issue might have been caused by “security group management check” outlined in the following KB

Remedy to this issues is to add the helpdesk administrators into RBAC Role Groups called “Role Management” so that they can populate the DL group membership with multiple managers.

image

image

“A positional parameter cannot be found that accepts that argument –BypassSecurityGroupManagerCheck “ this error simply being generated due to “Un sufficient rights”

Set-DistributionGroup "CTOS" –ManagedBy brian@ZtekZone.gov,Sam@ZtekZone.gov

image

Log into ECP with org administrator privileges

https://mail.ztekzone.com/ECP

Open Administrator Roles, select “Role Management” assign this to your Helpdesk  administrators.

image

Role Management Role allows

This role enables administrators to manage management role groups; role assignment policies and management roles; and role entries, assignments, and scopes in an organization. Users assigned this role can override the role group managed by property, configure any role group, and add or remove members to or from any role group.

image

After changes have been made you should not be receiving the same error.

Stay tuned until next time.

Best regards,
Oz Casey , Dedeal
MCITP (EMA), MCITP (SA)
MCSE 2003, M+, S+, MCDST
Security+, Project +, Server +
Http://smtp25.blogspot.com (Blog)
Http://telnet25.wordpress.com (Blog)

Author: "Oz Casey, Dedeal (noreply@blogger.com)"
Send by mail Print  Save  Delicious 
Date: Tuesday, 04 Mar 2014 14:14

Exchange 2013 SP1 has been released with several improvements over the product. The new futures listed in the release notes , that can be found here

If you are in the production environment it is critical you have to be !!!aware of these changes!!! and found issues with SP1 release. As you can tell clearly, without proper planning and preparation the SP1 upgrade can turn into !!!disaster!!!, which all of must avoid being there.

image

Some of the highlights for SP1…

1. Mail flow stops after Exchange 2013 SP1 is installed

  • Reboot the server after upgrade
  • (Microsoft Exchange Frontend Transport)

2. Mailbox size increase when migrating from previous Exchange versions

  • To prevent users from exceeding their mailbox size quotas, increase the database or mailbox quota
  • Mailbox size reported may increase 30 percent to 40 percent,
  • Disk space used by the mailbox database has not increased
  • Only the attribution of space used by each mailbox has increase

3. You must adjust the user quotas to prevent interruption

4. Installing Exchange 2013 in an existing Exchange organization may cause all clients to download the OAB 

  • This could result in network saturation and server performance issues especially on large enterprise platforms

5. MAPI over HTTP may experience poor performance when you upgrade to Exchange 2013 SP1

  • clients that connect to an Exchange 2013 SP1 server using the protocol may experience poor performance.

From CAS Servers ( Elevated command prompt)

  • set AppCmdLocation=%windir%\System32\inetsrv
    set ExchangeLocation=%ProgramFiles%\Exchange Server\V15
  • %AppCmdLocation%\appcmd.exe SET AppPool "MSExchangeMapiFrontEndAppPool" /CLRConfigFile:"%ExchangeLocation%\bin\MSExchangeMapiFrontEndAppPool_CLRConfig.config"
    %AppCmdLocation%\appcmd.exe RECYCLE AppPool "MSExchangeMapiFrontEndAppPool"

From MBX Servers ( Elevated command prompt)

  • set AppCmdLocation=%windir%\System32\inetsrv
    set ExchangeLocation=%ProgramFiles%\Exchange Server\V15
  • %AppCmdLocation%\appcmd.exe SET AppPool "MSExchangeMapiMailboxAppPool" /CLRConfigFile:"%ExchangeLocation%\bin\MSExchangeMapiMailboxAppPool_CLRConfig.config"
    %AppCmdLocation%\appcmd.exe RECYCLE AppPool "MSExchangeMapiMailboxAppPool"
  • %AppCmdLocation%\appcmd.exe SET AppPool "MSExchangeMapiAddressBookAppPool" /CLRConfigFile:"%ExchangeLocation%\bin\MSExchangeMapiAddressBookAppPool_CLRConfig.config"
    %AppCmdLocation%\appcmd.exe RECYCLE AppPool "MSExchangeMapiAddressBookAppPool"

 

MapiHttp (codename Alchemy). 

  • Microsoft has designed MapiHttp protocol to replace the existing RPC/HTTP protocol. MapiHttp is new communication protocol in between outlook and Exchange 2013 SP1.
  • The gain is obvious, taking out the RPC out the picture will improve the end-user messaging experience. As you could tell this will have big positive impact & effect on Office 365 cloud scenario, over user outlook usage.

MapiHttp protocol

  • Provides faster reconnection times after a communications break because only TCP connection unlike RFC requires "rebuild"
  • Offers a session context that is not dependent on the connection

Read more

To enable MapiHttp run following

Set-OrganizationConfig -MapiHttpEnabled $true

Read more some other real cool futures listed in Scotts Blog

Windows Server 2012 R2 and Database Availability Groups

Channel 9

Joseph Warren…

Exchange 2013 and MapiHttp

Scott Schnoll

Microsoft Exchange Server 2013 Tips & Tricks

Stay tuned until next time.

Best regards,
Oz Casey , Dedeal
MCITP (EMA), MCITP (SA)
MCSE 2003, M+, S+, MCDST
Security+, Project +, Server +
Http://smtp25.blogspot.com (Blog)
Http://telnet25.wordpress.com (Blog)

Author: "Oz Casey, Dedeal (noreply@blogger.com)"
Send by mail Print  Save  Delicious 
Date: Monday, 10 Feb 2014 21:25

if you are seeing X400 addresses on the mailbox properties you probably went through migration from legacy version of Exchange Server.

X.400 addresses required with Exchange 2003 and down, it is present with in the Default Recipient Policy.Exchange 2007 and 2010  environments with no 2000/2003 servers do not  require the X.400 address to function.

If you decide to clean all up here is simple PS can do the work.

foreach ($mbx in (get-mailbox -resultsize unlimited  )){

$addrs = $mbx.emailaddresses |? {$_.prefixstring -ne "x400"}

set-mailbox $mbx -emailaddresses $addrs

}

As good practice test the script in your test environment before using it in production

Stay Tuned….

Best regards,
Oz Casey , Dedeal
MCITP (EMA), MCITP (SA)
MCSE 2003, M+, S+, MCDST
Security+, Project +, Server +
Http://smtp25.blogspot.com (Blog)
Http://telnet25.wordpress.com (Blog)

Author: "Oz Casey, Dedeal (noreply@blogger.com)"
Send by mail Print  Save  Delicious 
Date: Monday, 10 Feb 2014 21:06

You are moving mailbox from legacy systems onto Exchange 2010 environment and some of your mailboxes are failing when they get to 95 percent. You need to troubleshoot the issue.

Steps for troubleshooting:

Before we deep dive into fixing this issue, I need to remind you this could be tedious work and if you are luck you only have handful users  to deal with (-:

Most obvious reason is corrupted item or items source  mailbox might have

Possible causes:

  • OFF turned on
  • User mailbox contains corrupted outlook rules ( folders moved etc. they no longer work)

How to deal with this:

You have couple options to remediate the issue and let the move request complete moving offensive mailbox. Shortest way is to assign yourself full mailbox permissions for the problem user ( You might be very careful if your company policies requires you to go to change control and obtain permissions to perform the work, don’t forget so)

Problem User Account name: Aki.Armstrong

Administrator needs full permissions: Casey.Dedeal

Add-MailboxPermission Aki.Armstrong -AccessRights FullAccess -User Casey.Dedeal

image

Let’s take a look to see if we can verify the full access rights Casey.Dedeal has been granted with previous one liner PowerShell.

Get-MailboxPermission aki.armstrong | where {$_.user.tostring() -ne "NT AUTHORITY\SELF" -and $_.IsInherited -eq $false -and $_.Deny -eq $false} | Select User

Or we could simply do this

$Permission = Get-MailboxPermission aki.armstrong

image

Pipe this into same command,

$Permission |  where {$_.user.tostring() -ne "NT AUTHORITY\SELF" -and $_.IsInherited -eq $false -and $_.Deny -eq $false} | Select User

image

Great now , from Casey.Dedeal outlook we will need to configure Aki.Armstrong outlook profile

Click Start

Control locate mail icon and double click

image

Show Profiles, switch outlook to “prompt for profile to be used”

image

Add

image

Aki.Armstrong ( you need to adjust this to fit into your scenario)

image

As you can see Autodiscovery knows Casey.Dedeal logged in , I need to change the e0mail address here to user I am configuring outlook profile too.

image

When I hit next , Exchange settings confirmed the user account Casey.Dedeal has already Full Mailbox permissions, therefore it allow me to get to last page.

image

I click finish here Now I can open outlook , pickup Aki.Armstrong outlook profile

image

Now we logged into Aki.Armstrong Mailbox E-mail which is corrupted in this case is here

image

*** Now it is a good time to backup user data, you can simply use outlook***

 

We will attempt to delete this e-mail by using MFCMAPI

Download MFCMAPI if you have not done it yet, there is 32bit and 64 bit versions, pick the  one which is proper to your environment.

  • Open MFCMAPI,
  • click Session
  • Logon

image

image

After selecting the profile , click okay and Open Store

image

Now Click on Root Container to expand

Now go down to Top of Information store

locate Mailbox, Locate the folder the e-mail was under

image

we will make right click and delete this folder

image

*** Be careful as good practice always make sure you have backup before you start deleting*** you never know if you need to go back that being said it would be good ideal to have PST export for this user at the least before we deleting data from outlook.

Now Click delete and select the option you like

image

If you wont select hard deletion you can still recovery deleted items

Exit twice to close MFCMAPI

image

Now opening outlook you can verify the corrupted folder and its content is gone

image

you will use same technique for each corrupted item, which is the pain part of it. The Mailbox move request will give you idea what is corrupted, you will need to get the information and locate within MFCMAPI to get rid of it.

IF you think all these too much work, wait there is another trick you can do, simply

Click File

Open Export

image

Export Import

Export to file

image

Choose PST and next

image

image

Note the location of PST backup file and name it if you like

This is default location

C:\Users\UserName\Documents\Outlook Files\backup.pst

image

Once you are done Delete everything !!!!!!

  1. E-mails
  2. All contact
  3. All Rules
  4. All deleted items
  5. All Sent items
  6. All draft E-mails

image

Once you are done , Resume MB move, you will see it will complete

Now time to  put all back

File , Open Export, Import/Export

image

image

image

image

image

all good everything is back , you have successfully migrated your mailbox or took care of the corruption. Thanks to MFCMAPI (-:

 image

Don’t forget to remove your full mailbox permissions

Remove-MailboxPermission Aki.Armstrong -AccessRights FullAccess -User Casey.Dedeal

and verify (-: so that you have no worries Security is knocking your door

Stay Tuned….

Best regards,
Oz Casey , Dedeal
MCITP (EMA), MCITP (SA)
MCSE 2003, M+, S+, MCDST
Security+, Project +, Server +
Http://smtp25.blogspot.com (Blog)
Http://telnet25.wordpress.com (Blog)

Author: "Oz Casey, Dedeal (noreply@blogger.com)"
Send by mail Print  Save  Delicious 
Date: Sunday, 09 Feb 2014 20:29

The Exchange 2010 OOF option to external audience is “enabled out the box” .In many organizations allowing OOF for external usage is up to company security policies. In large environments disabling OOF requires bulk changes and coming up with process to make sure newly created accounts OOF External is set to “internal” meaning these account wont have OOF External option. You may also consider allowing this option or disallowing it per your needs. In this article we will touch in each scenario and give you tips and show you how to deal with OOF settings for mail enabled users.

image

You will see the options under “Automatic Replies”

image

Lets take a look  same settings from PowerShell.

ExternalOofOptions : InternalOnly  (  External OOF option is set to “InternalONLY” )

ExternalOofOptions : External ( External OOF option is set to “External” )

image

Now lets start disabling OOF.Following procedures outline how to enable and disable OOF External option for single mailbox.

Procedure:

  1. Log in to Exchange 2010 server or use your management computer with proper privileges
  2. Click Start
  3. All Programs
  4. Microsoft Exchange Server 2010
  5. Exchange Management Shell

Enabling OOF External Option for single user

set-mailbox casey.dedeal -ExternalOofOptions "External"

Disabling OOF Option for single user

set-mailbox casey.dedeal -ExternalOofOptions "InternalOnly"

image

Disable OOF External for Everyone

get-mailbox -ResultSize Unlimited | set-mailbox -ExternalOofOptions "InternalOnly" -Confirm:$False

How to turn the OOF External option in large environments and only allow certain people ?

If this is the scenario one of the good way to handle such request coming up with process

Procedure:

1. Come up with User Creation SOP ( Standard Operation Procedure) and include disabling OOF External for each user creation.

2. Create Active group called “OOF-Allowed-External-Recipients” Universal Security for instance.

3. Add the exception members in the group

image

In the Second Article I will post OOF Script which will Disable OOF External option for everyone, Enable only for member of Allowed group in AD.

Stay Tuned

Best regards,
Oz Casey , Dedeal
MCITP (EMA), MCITP (SA)
MCSE 2003, M+, S+, MCDST
Security+, Project +, Server +
Http://smtp25.blogspot.com (Blog)
Http://telnet25.wordpress.com (Blog)

Author: "Oz Casey, Dedeal (noreply@blogger.com)"
Send by mail Print  Save  Delicious 
Date: Monday, 13 Jan 2014 16:34

We like to create shared mailbox in Exchange 2010 , yet we get the option from GUI

image

Open PS

New-Mailbox -Shared -name MeetingsHR  -UserPrincipalName MeetingsHR@ZtekZone.com

image

It is Great we have now what we call is Shared mailbox, if you pay attention the icon within GUI has changed for the shared mailbox.

image

so what is the purpose of  this shared mailbox and why it is different then the regular mailbox ?

Shared mailbox has Disabled AD account therefore it does not have password ( wont associate with one)  therefore user principle information CANNOT be used by the shared owners to log into this mailbox. Sole Purpose to be used as Shared MB, e-mails , calendar etc..

image

Now you have the Shared mailbox you can assign Full MB permissions to users who wish to have access to this mailbox

 

Add-MailboxPermission MeetingsHR -AccessRights FullAccess -User Casey.Dedeal

image

 

image

image

image

Now for some reason if I want to change the “RecipientTypedetails” for this shared mailbox.

The different Recipient Types you can set:
Regular
Room
Equipment
Shared

get-mailbox  MeetingsHR | Set-Mailbox -Type Regular

him since the account did not have any password we could not convert it as you can see so we need to set proper password for the account

image

Lets do that

image

Try again

get-mailbox  MeetingsHR | Set-Mailbox -Type Regular

Now it is set to ne UserMailbox

image

So what happens if I set regular user mailbox to shared MB ?

 

image

image

Get-Mailbox *dedeal* | fl name,*recipient*

image

Nice now my account says it is shared mailbox, so what happen to my AD account ?

As you can guess it is disabled

image

happy playing….

Best regards,
Oz Casey , Dedeal
MCITP (EMA), MCITP (SA)
MCSE 2003, M+, S+, MCDST
Security+, Project +, Server +
Http://smtp25.blogspot.com (Blog)
Http://telnet25.wordpress.com (Blog)

Author: "Oz Casey, Dedeal (noreply@blogger.com)"
Send by mail Print  Save  Delicious 
Date: Wednesday, 08 Jan 2014 05:48

 

If you are in the large enterprise environment and wondering  if you could run one script to get all Exchange related VSS writers and their status here is simple script that will help you get the work done

http://gallery.technet.microsoft.com/scriptcenter/Use-to-retrieve-the-status-3fc45df6

image

image

Oz Casey, Dedeal

Exchange Server North America MVP

MCITP (EMA), MCITP (SA)
MCSE 2003, M+, S+, MCDST
Security+, Project +, Server +
http://smtp25.blogspot.com/ (Blog)
http://telnet25.wordpress.com/ (Blog)
--------------------------------------------------------

Author: "Oz Casey, Dedeal (noreply@blogger.com)"
Send by mail Print  Save  Delicious 
Date: Wednesday, 20 Nov 2013 20:48

You would like to enable CL ( Circular logging) on the production Exchange Servers, perhaps you start moving mailboxes and realized you need to turn on circular login, due to concerns with possible disk space issues, especially with large mailboxes.

Now if you have prior versions of Exchange experience you will quickly remember enabling and disabling it requires IS ( Information store ) service to be restarted in order for CL to go into effect & kick in.

Or perhaps you remember seeing this with Exchange 2010

--------------------------------------------------------
Microsoft Exchange Warning
--------------------------------------------------------
The following warning(s) occurred while saving changes:

Set-MailboxDatabase
Completed

Warning:
Circular logging parameter change will not be applied on this database before it is remounted. Dismount and remount database "db51elt" in order to apply this parameter change.

image

From PS we would enable CL with one Liner

###Enabling CL on the Specific DB

Get-MailboxDatabase db01elt | Set-MailboxDatabase -CircularloggingEnabled:$true

###Disabling CL on the Specific DB

Get-MailboxDatabase db01elt | Set-MailboxDatabase -CircularloggingEnabled:$False

Now if we like to enable CL on all the databases we would do this easily

$Alldb = Get-MailBoxDataBase
$Alldb | Set-MailboxDatabase -CircularloggingEnabled:$True

image

*** As you can see we get the same warnings***

If you like to disable it on all Databases ….

$Alldb = Get-MailBoxDataBase
$Alldb | Set-MailboxDatabase -CircularloggingEnabled:$False

Now why we are getting warning from ONLY one single DATABASE when we turn on CL on all the databases ? the answer is here in this picture. one DB in here does not have any other DB copy….

image

Now we need to quickly remember this

Circular Logging TYPE

What is it ?

Managed BY

CRCL continuous replication circular logging Microsoft Exchange Replication Service
JET CL Traditional circular logging JET circular logging is performed by Information Store

### Jet CL ( Single Database , with or without DAG environment )

Enabling and Disabling Traditional CL requires, Database to be dismounted and mounted. in this case the database does not have any copy within the DAG environment ( see picture above)

### CRCL ( Database in the DAG has its copy on another DAG member)

If the database has a copy , then CRCL comes into play and enabling & disabling it wont require any administrator intervention.

Good news if you are in DAG environment you can take advantage of CRCL , meaning no need to touch database after enabling or disabling CRCL = this will keep end users and your managers happier IMO (-:

Here is more comprehensive information on Scott Article !!!

http://blogs.technet.com/b/scottschnoll/archive/2011/06/27/circular-logging-and-mailbox-database-copies.aspx


Oz Casey, Dedeal

Exchange Server North America MVP

MCITP (EMA), MCITP (SA)
MCSE 2003, M+, S+, MCDST
Security+, Project +, Server +
http://smtp25.blogspot.com/ (Blog)
http://telnet25.wordpress.com/ (Blog)
--------------------------------------------------------

Author: "Oz Casey, Dedeal (noreply@blogger.com)"
Send by mail Print  Save  Delicious 
Date: Wednesday, 20 Nov 2013 14:50

Perhaps you wanted to fail over databases in DAG to another server which holds the healthy DB copy and realized you could not do it due to ContentIndexState  -eq failed.

To return the Content index state to normal healthy state we will need to run several PS scripts. Log into One of the Exchange 2010 server and run the below PS one liner script

If you have several servers you can assign variable to get-mailboxServer CMDlet and pipe that into another PS get property information based on your needs.

$Server = Get-MailBoxServer

$Server | Get-MailBoxDataBaseCopyStatus | Where {$_.ContentIndexState –eq “failed”}

We want to see not failed state but mounted & Health we could this

$Server | Get-MailBoxDataBaseCopyStatus | Where {$_.ContentIndexState -ne "failed"}

 

image

Now lets play a little bit what if I like to get the databases which are status “Mounted” I can use same logic

$Server | Get-MailBoxDataBaseCopyStatus | Where {$_.status -eq "Mounted"}

image

How about healthy ones ?

$Server | Get-MailBoxDataBaseCopyStatus | Where {$_.status -eq "healthy"}

image

Pretty cool isnt it ? if you like to see what other properties available for you to play you could easily do this

Get-MailboxDatabaseCopyStatus | get-member

 

image

image

Get back to our mission now to fixing index copy status, to figure out which servers do have the issue we could do something like this

$Status = Get-MailBoxDatabaseCopyStatus

$Status | Where {$_.ContentIndexState –eq “failed”} | UpdateDatabaseCopy -CatalogOnly

To verify everything is good ( all Servers)

$server = Get-mailboxserver

$Server | Get-MailboxDatabaseCopyStatus | fl name, contentindexstate

Now you get the ideal ,  and ready to make practice (-:

Oz Casey, Dedeal

Exchange Server North America MVP

MCITP (EMA), MCITP (SA)
MCSE 2003, M+, S+, MCDST
Security+, Project +, Server +
http://smtp25.blogspot.com/ (Blog)
http://telnet25.wordpress.com/ (Blog)

Author: "Oz Casey, Dedeal (noreply@blogger.com)"
Send by mail Print  Save  Delicious 
Date: Tuesday, 12 Nov 2013 20:49

 

Log onto Windows 2008 R2 Server run PS with administrator  privileges.

image

Import-Module ServerManager

image

Run fallowing command

Add-WindowsFeature PowerShell-ISE

image

image

Now type  below PS command and hit enter

powershell_ise.exe

 

image

 

image

there are number of great adds on for the ISE in-case you need them

https://social.technet.microsoft.com/wiki/contents/articles/2969.windows-powershell-ise-add-on-tools.aspx

Oz Casey, Dedeal

Exchange Server North America MVP

MCITP (EMA), MCITP (SA)
MCSE 2003, M+, S+, MCDST
Security+, Project +, Server +
http://smtp25.blogspot.com/ (Blog)
http://telnet25.wordpress.com/ (Blog)

Author: "Oz Casey, Dedeal (noreply@blogger.com)"
Send by mail Print  Save  Delicious 
Date: Tuesday, 12 Nov 2013 12:06

 

The reason you are receiving this error, you are running PowerShell command from Child domain and you like to see the Groups located on the root domain. In order to see these groups and continue to carry on your task all you need to do it to change your setting to view entire forest, this is almost same as opening ADUC and trying to located users or groups within the child domain, when these users or groups actually sits on the root domain. You don’t see it because your query is being performed on the child domain only.

see the settings

Get-AdServerSettings | fl

 

image

 

To change that

Set-AdServerSettings -ViewEntireForest $True

image

image

Now you wont have the errors if you carry on the same task

best

ocd

Oz Casey, Dedeal

( Exchange Server North America MVP)

MCITP (EMA), MCITP (SA)
MCSE 2003, M+, S+, MCDST
Security+, Project +, Server +
http://smtp25.blogspot.com/ (Blog)
http://telnet25.wordpress.com/ (Blog)

 

 

Author: "Oz Casey, Dedeal (noreply@blogger.com)"
Send by mail Print  Save  Delicious 
Date: Monday, 11 Nov 2013 06:25

 

Below are collection of one Liner snippets you can copy and paste them into EMS and use it for your needs. Please make sure you understand the power of using Pipe ( | ) and Set commands  in PS.

### List Mailbox Databases

Get-MailboxDatabase

image

###Locate DB which has the string  the *22*  ( locate a specific DB )

Get-mailboxdatabase  *22*

###Enabling CL on the Specific DB

Get-MailboxDatabase db01elt | Set-MailboxDatabase -CircularloggingEnabled:$true

###Disabling CL on the Specific DB

Get-MailboxDatabase db01elt | Set-MailboxDatabase -CircularloggingEnabled:$False

### After CL is Enable in order CL to work you need to Dismount and Mount the database

This snippet will dismount DB01elt and it will NOT ask confirmation

###Enabling CL on the ALL Databases

Get-MailboxDatabase | Set-MailboxDatabase -CircularloggingEnabled:$true

###Disabling CL on the ALL Databases

Get-MailboxDatabase | Set-MailboxDatabase -CircularloggingEnabled:$false

### Dismount all Databases

Get-MailboxDatabase | Dismount-Database -Confirm:$false

### Mount all Databases

Get-MailboxDatabase | Mount-Database -Confirm:$false

### Dismount Specific Database

Get-MailboxDatabase db01elt | Dismount-Database -Confirm:$False

### Mount Specific Database

Get-MailboxDatabase db01elt | Mount-Database -Confirm:$False

### CL Enabled

Get Databases CL is enabled

Get-MailboxDatabase | where {$_.CircularLoggingEnabled -eq $true}

image

### CL is NOT Enabled

Get Databases CL is NOT enabled

Get-MailboxDatabase | where {$_.CircularLoggingEnabled -eq $False}

 

image

More to come……….

Oz Casey, Dedeal

( Exchange Server North America MVP)

MCITP (EMA), MCITP (SA)
MCSE 2003, M+, S+, MCDST
Security+, Project +, Server +
http://smtp25.blogspot.com/ (Blog)
http://telnet25.wordpress.com/ (Blog)

Author: "Oz Casey, Dedeal (noreply@blogger.com)"
Send by mail Print  Save  Delicious 
Date: Wednesday, 06 Nov 2013 07:51

 

If you are running Exchange 2010 I am pretty sure one way or other you are familiar with Exchange VSS Writer and how it effects your ability to back up your Exchange servers.

When VSS Writer is in Error stage the backup software won't be able to take successful backup and most likely backup team will open ticket and ask Exchange team to fix the VSS writer so their software can perform the backups.

If you are in large enterprise environment where you have backup team , windows team and Exchange team now you are in the Chicken and egg war as the backup tram will blame on Exchange writer and Exchange team will ask Windows Team to fix the issues (-: and as you can see things will get quite interesting.

As we already know VSS technology has been around quite a bit and third party Vendors are relaying on Microsoft native VSS writer to perform backup functions when it comes to backing up Exchange 2010 Application.

Now before we move forward more let's make sure we get the basic done.

Exchange Server application will provide two different VSS Writers

 

Writer Name

Usage

Utility to see the writers Status

Exchange Information Store VSS writer

Backup of Mounted DB / Active

Open CMD with Administrator privileges on the Exchange servers issue

VSSadmin List Writers ( Command )

Exchange Replication Service VSS writer Backup of Healthy DB / Passive

Open CMD with Administrator privileges on the Exchange servers issue

VSSadmin List Writers ( Command )

 

Exchange Server application will provide two different VSS Writers

 

Writer Name

Writer Location

VSS writer ID

Usage

Microsoft Exchange Writer

Store Writer

Built into the Exchange Information store

( MSExchangeIS = store.exe )

{76fe1ac4-15f7-4bcd-987e-8e1acb462fb7}

Store Writer is used by Mounted / Active Databases

Microsoft Exchange Replica Writer

 

 

Build into Replication Service

( MSExchangeRepl = msexchangerepl.exe )

{76fe1ac4-15f7-4bcd-987e-8e1acb462fb7} The Replication Writer is used by Healthy /Passive Databases

 

How to deal with failing VSS Exchange Writer issues ?

image

The sort and most common answer is going to be re-start the service which the writer is associating with. As you can tell re-starting replication service might be acceptable at most of the work environments as it does not cause any end user disruption. However dealing with IS service is different ball game, even with Exchange 2010 DAG environment, most places will be hesitant to re-start this service ( Failing over to DAG member is for sure valuable option, draining one server and deal with it make sense) .

Another option could be dedicating a Exchange 2010 Server for backup and availability services ( putting activation block , on these servers and deal with them as the issues occur).

Beyond this, my point of view is that, it is real hard to convince the third party vendors to clean up their backup software code and not to cause Exchange writer to fail and keep pointing fingers back and forth. If you been there you would understand what I mean.

Reference

http://msdn.microsoft.com/en-us/library/bb204080(v=exchg.140).aspx

Oz Casey, Dedeal

( Exchange Server North America MVP)

MCITP (EMA), MCITP (SA)
MCSE 2003, M+, S+, MCDST
Security+, Project +, Server +
http://smtp25.blogspot.com/ (Blog)
http://telnet25.wordpress.com/ (Blog)

Author: "Oz Casey, Dedeal (noreply@blogger.com)"
Send by mail Print  Save  Delicious 
Date: Tuesday, 08 Oct 2013 21:23

Issue: Unable to convert Mail Enabled Groups from EMC in Exchange 2010.

--------------------------------------------------------
Microsoft Exchange Error
--------------------------------------------------------
Action 'Convert to Universal Group' could not be performed on object 'IT Managers'.

IT Managers
Failed
Error:
Active Directory operation failed on dc1.ZtekZone.com. This error is not retriable. Additional information: A universal group cannot have a local group as a member.
Active directory response: 00002146: SvcErr: DSID-031A120C, problem 5003 (WILL_NOT_PERFORM), data 0

The server cannot handle directory requests.

image

Exchange 2010 and Group Scope

  • To refresh your knowledge here is Active Directory Group Scope and Group Types
Group Scope Group Type
Domain Local Security
Global Distribution
Universal

Exchange 2007 and Exchange 2010 wants all mail enabled groups Scope to be “Universal” regardless of the Group type. This is almost the other way around in Exchange 2003 world, as Exchange 2003 did not care about this much.

Lets take a look at our problem Group and try to understand the issue.

image

This Group Type is “Domain local” it is a Distribution Group, Exchange 2010 is not happy with this group scope type,  as you can see from the picture even Icon for this group is faded out (-:

image

How to solve this problem? We could perfectly locate this group with ADUC and change .the Group Scope to “Universal” and click apply.

image

Now we go back to EMC and take a look at same Group, to see if  Exchange is happy with new Group Type “ Universal” , the answer is yes.As you can see the Icon is changed.

image

Why Exchange forces Mail enabled group Types to be “Universal” ONLY!!!?

Here is the reason Universal group membership is replicated to all Global Catalogs , ALL DC/GC Servers, unlike Global and Domain local Scope type. The Universal groups replication boundaries and expansion capabilities FOREST Wide, thus Exchange 2007 and 2010 wants mail enabled groups and their Group Scope only to be “Universal” This is the case when it comes to Exchange and unfortunately Exchange does not care even you have single Label Domain name space.

Please note that there is no other reason or limitations any other functions goes. So if you are in the middle of the migration and finding this out do not freak out , This is fairly simple to deal with and it has no other side effects to existing functioning Distribution groups goes, since changing Group scope Type does not make any changes on the group membership, ACL’s permissions and etc.

One thing is to remember it could increase the network traffic when it wants to expand if it has forest wide members, but this ensures all members gets the e-mail (-: so give and take thing (-:

Now if you have many of these how to convert them?

Get-DistributionGroup | where { $_.Grouptype -Like "Global*" } | Set-Group -Universal

Now

Get-DistributionGroup | where { $_.Grouptype -Like "Domain*" } | Set-Group -Universal

image

*Note you might be getting errors when you run this script , if a mail enabled group has another mail enabled group as its member, and both Group Scope are not Universal , if you persistently keep running these scripts, you will be able to take care of them and  and when Exchange server is happy you get all these nice futures with the mail enabled groups

image

Oz Casey, Dedeal

( Exchange Server North America MVP)

MCITP (EMA), MCITP (SA)
MCSE 2003, M+, S+, MCDST
Security+, Project +, Server +
http://smtp25.blogspot.com/ (Blog)
http://telnet25.wordpress.com/ (Blog)

Author: "Oz Casey, Dedeal (noreply@blogger.com)"
Send by mail Print  Save  Delicious 
Date: Wednesday, 02 Oct 2013 17:15

Running “Move-ActiveMailboxDatabase  fails with fallowing errors”

$Sname1 = E1
$Sname1 = E2
Get-mailboxdatabase -server $Sname1 -status | where {$_.mounted -eq $true} | Move-ActiveMailboxDatabase -ActivateOnServer $Sname2 -Confirm:$False

 

An Active Manager operation failed. Error The database action failed. Error: An error occurred while trying to validate the specified database copy for possible activat
on. Error: Database copy 'db01' on server 'E1.ZtekZone.com' has content index catalog files in the following state: 'Failed'.. [Database: db01, Server: E1.ZtekZone.com]
    + CategoryInfo          : InvalidOperation: (db01:ADObjectId) [Move-ActiveMailboxDatabase], AmDbActionWrapperException
    + FullyQualifiedErrorId : 52C54005,Microsoft.Exchange.Management.SystemConfigurationTasks.MoveActiveMailboxDatabase

 

image

image

Solution

Get-MailboxDatabaseCopyStatus | fl name, ContentIndexState

Or





$DBstatus = Get-MailboxDatabaseCopyStatus
$DBstatus | fl name,*Content*


image


Now if we are dealing with single Database this would work





Update-MailboxDatabaseCopy "db60ssc\E1" -CatalogOnly

image


Now if we have many Databases





Get-MailboxDatabaseCopyStatus * | where {$_.ContentIndexState -eq "Failed"}

image


To fix all





$DBstatus = Get-MailboxDatabaseCopyStatus
$DBstatus | where {$_.ContentIndexState -eq "Failed"}

image


Now we will use Fallowing Command and append it to above command to fix content index issues








Update-MailboxDatabaseCopy –CatalogOnly

To Update all





Get-MailboxDatabaseCopyStatus * | where {$_.ContentIndexState -eq "Failed"} | Update-MailboxDatabaseCopy –CatalogOnly

 


Reseed the Search Catalog
http://technet.microsoft.com/en-us/library/ee633475.aspx


Enjoy !!

Respectfully,

Oz Casey, Dedeal

( Exchange Server North America MVP)


MCITP (EMA), MCITP (SA)
MCSE 2003, M+, S+, MCDST
Security+, Project +, Server +
http://smtp25.blogspot.com/ (Blog)
http://telnet25.wordpress.com/ (Blog)

Author: "Oz Casey, Dedeal (noreply@blogger.com)"
Send by mail Print  Save  Delicious 
Date: Friday, 13 Sep 2013 22:39

Our task is to allow PST Import and Export functions in Exchange 2010 to replace XMerge functions which used to be the tool in Exchange 2003 days.

Xmerge concept does not exist in Exchange 2010 and using simple PS cmdlet New-MailboxExportRequest will do the job and you will love using it.

  • Create a new Role Group
  • Assign “Mailbox Import Export” role to it.
  • Add Desired Users to Role Group
  • Create Network Share ( Exchange Trusted Subsystem group has read/write permission to NTFS Permissions)
  • Run PS New-MailboxExportRequest
  • Monitor New-MailboxExportRequest
  • Verify PST File has been created on the network Share

Task#1

Create a new Role Group and assign role “ Mailbox Import Export” to it

I called the RoleGorup “PST Import Export” you can call it anything you like but remember you have to assign “Mailbox Import Export” role to this group like shown below

New-RoleGroup “PST Import Export” -Roles “Mailbox Import Export”

Once this is successful done we can see the Role Group

image

Task#2

Add Desired Users to Role Group

Add-RoleGroupMember “PST Import Export” -Member Administrator

Verify the work

Get-RoleGroup *export* | Get-RoleGroupMember

image

Task#3

Create Network Share assign Exchange Trusted Subsystem group has read/write permission Shared Folder &  NTFS Permissions

Administrator account ( or Account you like to use)  also has Full Shared Permissions

image

image

image

Task#4

Execute the PS to get the work done

New-MailboxExportRequest -Name MBExport -Mailbox "Casey.Dedeal" -FilePath \\E1\pst$\Dedeal.pst

Task#5

Monitor the Move Request

Get-moverequest|get-moverequeststatistics
image
Get-moverequest|get-moverequeststatistics  |export-csv c:\reports\Move_Report.csv

Enjoy !!

Respectfully,

Oz Casey, Dedeal

( Exchange Server North America MVP)

MCITP (EMA), MCITP (SA)
MCSE 2003, M+, S+, MCDST
Security+, Project +, Server +
http://smtp25.blogspot.com/ (Blog)
http://telnet25.wordpress.com/ (Blog)

Author: "Oz Casey, Dedeal (noreply@blogger.com)"
Send by mail Print  Save  Delicious 
Next page
» You can also retrieve older items : Read
» © All content and copyrights belong to their respective authors.«
» © FeedShow - Online RSS Feeds Reader