Exchange 2010 – Autodiscover is not working only for on mailbox

I came across an issue where Autodiscover is not workig only for one Mailbox.

It appears that the MAPI for this user was disabled.

we checked with get-casmailbox -Organisationalunit “OU where the affected user is located.”

Saw that MAPI is disable for this mailbox. After Enablin Aoutodiscover is working again.

Advertisements

Cannot import certificate with certutil “The requested operation is not supported”

There is a known issue with certificates which are one created with provider “Microsoft RSA SChannel Cryptographic Provider” which is decribed in this Blog. OWA and ECP are looping on FBA logon page.

Recently I had an issue implementing the solution :

certutil -csp “Microsoft RSA SChannel Cryptographic Provider” -importpfx <CertificateFilename>

On one maschine this Command is trowing exeption:

CertUtil: -importPFX command FAILED 0x80090029 (-2146893783 NTE_NOT_SUPPORTED)

CertUtil: The requested operation is not supported.

error

Cauise for this issue was that there was addidional permission for System on follwong folder: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys.

opa

After  removing the permissions the issue no longer exists and the certificate can be imported and OWA is not looping anymore.

 

 

 

 

 

 

Exchange 2010-EMC and EMS not starting after IIS reinstall

Symptoms:
Exchange Management Console and Exchange Powershell are not starting after reinstall of IIS. Folowing errors appears when starting:
 
Connecting to remote server failed with the following error message : The WinRM client c
annot process the request. The WinRM client tried to use Kerberos authentication mechanism, but the destination computer (server.domain.com:80) returned an 'access denied' error. Change the configuration to allow Kerberos authentication mechanism to be used or specify one of the authentication mechanisms supported by the server. To use Kerberos, specify the local computer name as the remote destination. Also verify that the client computer and the destination computer are joined to a domain. To use Basic, specify the local computer name as the remote destination, specify Basicauthentication and provide user name and password. Possible authentication mechanisms reported by server: Negotiate
 For more information, see the about_Remote_Troubleshooting Help topic.
 + CategoryInfo : OpenError: (System.Manageme....RemoteRunspace:RemoteRunspace) [], PSRemotingTransportExc
 eption
 + FullyQualifiedErrorId : PSSessionOpenFailed

German
AUSFÜHRLICH: Verbindung mit SERVER. wird hergestellt
[server.domian.local] Beim Verbinden mit dem Remoteserver ist folgender Fehler aufgetreten: Der WinRM-Client kann
die Anforderung nicht verarbeiten. Der WinRM-Client hat versucht, den Kerberos-Authentfizierungsmechanismus zu verwenden, aber der Zielcomputer (server.domian.local) hat einen "Zugriffverweigert"-Fehler zurückgegeben. Ändern Sie die Konfiguration so, dass der Kerberos-Authentifizierungsmechanismus zulässig ist, oder geben Sie einen der vom Server unterstützten Authentifizierungsmechanismen an. Wenn Sie Kerberos verwenden möchten, geben Sie den Computernamen als Remoteziel an. Stellen Sie auch sicher, dass der Client- und der Zielcomputer Mitglied einer Domäne sind. Wenn Sie die Standardauthentifizierung (Basic) verwenden möchten, geben Sie den Computernamen als Remoteziel an, legen Sie die Standardauthentifizierung fest, und geben Sie Benutzername und Kennwort an. Vom Server gemeldete mögliche Authentifizierungsmechanismen: Basic Weitere Informationen finden Sie im Hilfethema "about_Remote_Troubleshooting".
 + CategoryInfo : OpenError: (System.Manageme....RemoteRunspace:RemoteRunspace) [], PSRemotingTransportException
 + FullyQualifiedErrorId : PSSessionOpenFailed

Cause:
IIS waws reisntalled. exppw module in OWA missing . Path for "kerbauth", "WSmon" are missing and the modules are not listed as native.

Solution:
owa is throwing exception: exppw module not found.
Found that the module in owa has no path.
set the path and OWA is working now.
recreated powershell VD and powershell-proxy.
added missing path to kerbauth module.

Added missing path for modules
Kerbauth
C:\Program Files\Microsoft\Exchange Server\V14\Bin\kerbauth.dll
und dann
WSMan
C:\Windows\system32\wsmsvc.dll

registred kerbauth and WSman as native local modules in Applicationhost.config C:\windows\system32\inetsrv\config\

added under
<globalModules>

<add name="kerbauth" image="C:\Program Files\Microsoft\Exchange Server\V14\Bin\kerbauth.dll"/>
<add name="WSMan" image="C:\Windows\system32\wsmsvc.dll" />

Created virtual directory for ecp since there was non.

Exchange 2010-HTTP server error status (500) when starting EMC and EMS

Symptoms:
Connecting to remote server failed with the following error message: The WinRM client
received an HTTP server error status (500), but the remote service did not include any other information about the cause of the failure.
For more information, see the about_Remote_Troubleshooting Help topic.
+ CategoryInfo : OpenError: (System.Manageme….RemoteRunspace:RemoteRunspace) [], PSRemotingTransportException
+ FullyQualifiedErrorId : PSSessionOpenFailed

German:
Beim Verbinden mit dem Remoteserver ist folgender Fehler aufgetreten: Der WinRM-Client hat einen
Status in Bezug auf einen HTTP-Serverfehler (500) empfangen, aber der Remotedienst hat keine anderen Informationen zur
Fehlerursache bereitgestellt. Weitere Informationen finden Sie im Hilfethema "about_Remote_Troubleshooting".
+ CategoryInfo : OpenError: (System.Manageme....RemoteRunspace:RemoteRunspace) [], PSRemotingTransportExc
eption
+ FullyQualifiedErrorId : PSSessionOpenFailed
Cause:
This issue can have multiple causes

Solution:

1. Chech if WinRM IIS extentions are installed
Install the WinRM IIS extensions.  
Server Manager / Features / WinRM IIS extensions. 

2. Check if WinRM is configured with winrm quickconfig in cmd or shell

3. Check if ExchangeInstallpath Variable is correct under : Start Menu / right-click Computer and select Properties / Advanced System Settings / Environment variables /System Variables
Default path is C:\Program Files\Microsoft\Exchange Server\V14\
 
4.  Check where is pointing the Powershell VD in IIS. 
default path is the \Program Files\Microsoft\Exchange Server\v14\ClientAccess\PowerShell 

5. Check if Transport Service is started

6. Rename Enterprisesec.config to Enterprisesec.config.old located under C:\windows\microsoft.Net\Framework64\v2.0.50727\config

7. If you have WSUS on the same server. delete DynamicCompressionModule and StaticCompressionModule from IIS under "Servername (domian\administrator)"

Exchange 2013 Setup fails with ” Database is mandatory on UserMailbox.”

Symptoms:

Exchange 2013 setup fails with folowing error in Setup log :

11.05.2015 15:49:33.0205] [2] Preparing to output objects. The maximum size of the result set is “1”.

[11.05.2015 15:49:34.0049] [2] [WARNING] The object datadirect.de/Users/SystemMailbox{bb558c35-97f1-4cb9-8ff7-d53741dc928c} has been corrupted, and it’s in an inconsistent state. The following validation errors happened:

[11.05.2015 15:49:34.0080] [2] [WARNING] Database is mandatory on UserMailbox.

[11.05.2015 15:49:34.0080] [2] [WARNING] Database is mandatory on UserMailbox.

[11.05.2015 15:49:34.0080] [2] Ending processing Get-Mailbox

[11.05.2015 15:49:34.0111] [2] Beginning processing Write-ExchangeSetupLog

[11.05.2015 15:49:34.0111] [2] Setting mailbox properties.

Cause:

When running get-mailbox –arbitration we see that the some of the arbitration mailboxes are in inconsistent state or corrupted.

Additionaly they mey reside on exchange server which is no longer active.

Solution:

Delete all 3 system mailboxes from User OU.

Delete Federation mailbox and Migration mailbox

Run setup /preparead /IacceptExchangeServerLicenseTerms in cmd for the folder were the exchange setup is located.

Mailboxes will be recreated.

Enable them with

Enable-Mailbox -Arbitration -Identity “FederatedEmail.4c1f4d8b-8179-4148-93bf-00a95fa1e042”

Enable-Mailbox -Arbitration -Identity “SystemMailbox{bb558c35-97f1-4cb9-8ff7-d53741dc928c}”

Enable-Mailbox -Arbitration -Identity “SystemMailbox{e0dc1c29-89c3-4034-b678-e6c29d823ed9}”

Enable-Mailbox -Arbitration -Identity “Migration.8f3e7716-2011-43e4-96b1-aba62d229136”

Set-Mailbox “Migration.8f3e7716-2011-43e4-96b1-aba62d229136” -Arbitration –Management:$true

There will be one more System mailbox which name can vary. Copy and paste the name in the enable-mailbox command to enable it.

User get-mailbox –monitoring to check if all the health mailboxes are OK.

If they are also corrupted. Delete them from the Microsoft exchange system Objects /monitoring and restart MSexchange Health Manager service to recreate them.

NOTE: In German this services is name “MSExchange -Integritaetsdienst” 😀

Exchange 2010 RU update is failing with Error code 1603

Symptoms:

MSI (c) (5C:74) [16:12:15:999]: Produkt: Microsoft Exchange Server – Update “Update Rollup 17 for Exchange Server 2007 Service Pack 3 (KB3056710) 8.3.417.1” konnte nicht installiert werden. Fehlercode 1603. Weitere Informationen sind in der Protokolldatei c:\KB3056710.log enthalten.

MSI (c) (5C:74) [16:12:15:999]: Ein Update wurde durch Windows Installer installiert. Produktname: Microsoft Exchange Server. Produktversion: 8.3.83.6. Produktsprache: 1031. Updatename: Update Rollup 17 for Exchange Server 2007 Service Pack 3 (KB3056710) 8.3.417.1. Erfolg- bzw. Fehlerstatus der Installation: 1603.

MSI (c) (5C:74) [16:12:15:999]: Note: 1: 1729

MSI (c) (5C:74) [16:12:15:999]: Note: 1: 2262 2: Error 3: -2147287038

MSI (c) (5C:74) [16:12:16:031]: Transforming table Error.

MSI (c) (5C:74) [16:12:16:031]: Transforming table Error.

MSI (c) (5C:74) [16:12:16:031]: Note: 1: 2262 2: Error 3: -2147287038

MSI (c) (5C:74) [16:12:16:046]: Transforming table Error.

MSI (c) (5C:74) [16:12:16:046]: Transforming table Error.

Possible Solutions:

http://blogs.technet.com/b/exchange/archive/2012/12/14/windows-management-framework-3-0-on-exchange-2007-and-exchange-2010.aspx

set-executionpolicy Remotesigned

get-hotfix -id  KB2506146

get-hotfix -id  KB2506143

wusa.exe /uninstall/kb:2506146

wusa.exe /uninstall/kb:2506143

Enable :

Microsoft .NET Framework NGEN v2.0.50727_X64

Microsoft .NET Framework NGEN v2.0.50727_X86

Runnsetup from cmd:

RU10setup.msp /lxv* c:\<path>\<filename>.log

If fails check in the logpath of the temp file location  which cannot be deleted. before clicking finish on failed installation. move the file to another location and rerun the setup.

– Set execution policy to unrestricted by running below command.

Set-executionpolicy unrestricted

– Set all the exchange service startup type to Manual by running below command.

Get-Server *exch* | set-service -startuptype manual

– Created new admin account and logged into windows with new admin account.

– Again initiated setup and it completed successfully.

check windows\installer for previose installations.

antivirus disable

Exchange 2010/2013 – ActiveSync devices are not able to send e-mails sporadically. E-mails with attachment and long conversation history.

Issue:

ActiveSync devices are not able to send e-mails sporadically. E-mails with attachment and long conversation history.

IPhone Error “Message cannot be sent” , “The message was rejected from the server”

Solution:

Browsed to configuration editor of IIS ->Microsoft-Server-ActiveSync Virtual Directory -> select ConfigurationEditor -> system.webServer -> serverRuntime -> uploadReadAheadSize.

Change value to 15728640

Recycle MSExchange ActiveSync AppPool.

Additional Info:

https://www.iis.net/configreference/system.webserver/serverruntime

  • The maxRequestEntityAllowedand uploadReadAheadSize attributes respectively configure limits for the maximum number of bytes allowed in the entity body of a request and the number of bytes a Web server will read into a buffer and pass to an ISAPI extension.

https://support.microsoft.com/en-us/kb/810957