Archive

Posts Tagged ‘Exchange 2010’

Exchange is So Sensitive

After demoting a Domain Controller you get an error every 5 minutes on your Exchange Server that says, “SACL Watcher servicelet found that the SeSecurityPrivilege privilege is removed from account SID.”

SACL_Error

Restart the Microsoft Exchange Active Directory Topology service (MSExchangeADTopology). Keep in mind this will also restart several other services that are disruptive to users so try to do this after hours.

services

As a side note to find which object the SID belongs to run LDP.exe & use the SID Lookup tool.

sid_lookup

Advertisements

Sure Raise the FFL & DFL…No Problem

February 25, 2014 2 comments

UPDATE: The Exchange Team blog also wrote about this recently. http://blogs.technet.com/b/exchange/archive/2015/02/13/considering-updating-your-domain-functional-level-from-windows-2003-read-this.aspx

They say raising the Forest Functional Level (FFL) & Domain Functional Level (DFL) aren’t a big deal…won’t affect anything. Well apparently I found one of the rare instances where it does & in a big noticeable way. About 9 hours after raising both the FFL & DFL from 2003 to 2008 R2, Exchange 2010 just stopped working. Long story short, restart the KDC service on all DC (or reboot if you can). I also rebooted all Exchange servers for good measure.

As you can see I’m not the only one:

http://visualplanet.org/blog/?p=20

http://www.winsysadminblog.com/2013/02/fixing-kdc-authentication-problems-when-upgrading-your-domain-and-forest-functional-level-from-2003-to-2008-r2/

Here were some of the errors I was getting:

Log Name: Application
Source: MSExchangeRepl
Date: 11/12/2013 6:36:54 PM
Event ID: 4123
Task Category: Service
Level: Error
Keywords: Classic
User: N/A
Computer: EX01.domain.com
Description:
Failed to get the boot time of witness server ‘dc01.domain.com’. Error: The RPC server is unavailable. (Exception from HRESULT: 0x800706BA)
 
 
Log Name: Application
Source: MSExchange ADAccess
Date: 11/12/2013 6:40:35 PM
Event ID: 2114
Task Category: Topology
Level: Error
Keywords: Classic
User: N/A
Computer: EX01.domain.com
Description:
Process MAD.EXE (PID=8580). Topology discovery failed, error 0x80040952 (LDAP_LOCAL_ERROR (Client-side internal error or bad LDAP message)). Look up the Lightweight Directory Access Protocol (LDAP) error code specified in the event description. To do this, use Microsoft Knowledge Base article 218185, “Microsoft LDAP Error Codes.” Use the information in that article to learn more about the cause and resolution to this error. Use the Ping or PathPing command-line tools to test network connectivity to local domain controllers.
 
 
Log Name: Application
Source: MSExchange ADAccess
Date: 11/12/2013 6:41:23 PM
Event ID: 2103
Task Category: Topology
Level: Error
Keywords: Classic
User: N/A
Computer: EX01.domain.com
Description:
Process MSEXCHANGEADTOPOLOGYSERVICE.EXE (PID=10908). All Global Catalog Servers in forest DC=domain,DC=com are not responding:
DC02.domain.com
DC01.domain.com
 
 
Log Name: Application
Source: MSExchange ADAccess
Date: 11/12/2013 6:42:14 PM
Event ID: 2130
Task Category: Topology
Level: Error
Keywords: Classic
User: N/A
Computer: EX01.domain.com
Description:
Process w3wp.exe () (PID=4212). Exchange Active Directory Provider could not find an available domain controller in domain DC=domain,DC=com. This event may be caused by network connectivity issues or configured incorrectly DNS server. This event may also occur if you have not configured correctly your multiple Active Directory sites.
 
 
Log Name: Application
Source: MSExchange ADAccess
Date: 11/12/2013 6:44:23 PM
Event ID: 2604
Task Category: General
Level: Error
Keywords: Classic
User: N/A
Computer: EX01.domain.com
Description:
Process MSEXCHANGEADTOPOLOGY (PID=10908). When updating security for a remote procedure call (RPC) access for the Microsoft Exchange Active Directory Topology service, Exchange could not retrieve the security descriptor for Exchange server object ABCEX01 – Error code=80040934.
The Microsoft Exchange Active Directory Topology service will continue starting with limited permissions.
 
 
Log Name: Application
Source: MSExchange ADAccess
Date: 11/12/2013 6:44:23 PM
Event ID: 2102
Task Category: Topology
Level: Error
Keywords: Classic
User: N/A
Computer: EX01.domain.com
Description:
Process MSEXCHANGEADTOPOLOGYSERVICE.EXE (PID=10908). All Domain Controller Servers in use are not responding:
DC02.domain.com
DC01.domain.com
 
 
Log Name: Application
Source: MSExchange ADAccess
Date: 11/12/2013 6:47:23 PM
Event ID: 2501
Task Category: General
Level: Error
Keywords: Classic
User: N/A
Computer: EX01.domain.com
Description:
Process MSEXCHANGEADTOPOLOGY (PID=10908). The site monitor API was unable to verify the site name for this Exchange computer – Call=HrSearch Error code=80040934. Make sure that Exchange server is correctly registered on the DNS server.
 
 
Log Name: Application
Source: MSExchangeRepl
Date: 11/12/2013 6:48:14 PM
Event ID: 4116
Task Category: Service
Level: Error
Keywords: Classic
User: N/A
Computer: EX01.domain.com
Description:
Failed to resolve the fully qualified domain name for the short name ‘EX02’. Verify that the computer account exists. Other operations may fail because of this problem. Error: An Active Manager operation failed with a transient error. Please retry the operation. Error: The fully qualified domain name for node ‘EX02’ could not be found because of a problem accessing Active Directory: Could not find any available Global Catalog in forest domain.com.

Message Store Error in Outlook

December 4, 2013 Leave a comment

When a user tries to save an appointment on a shared calendar in Outlook she receives an error that said, “The message store has reached its maximum size. To reduce the amount of data in this message store, select some items that you no longer need, permanently (shift + del) delete them.” Capture

This can happen if a Storage Quotas value has been set for Prohibit send and receive in Exchange.

Storage Limit

To resolve the issue you can either remove items from mailbox that are no longer needed or increase the storage limit. However if you increase the storage limit it can take up to 2 hours for the setting to take effect. See this link for more details. A quick workaround (quick being relative to the size of the mailbox in question) is to move the mailbox to another database. Once the mailbox has been moved the updated storage quota setting will take effect.

Categories: Computers Tags: , ,

See which distribution list has a specific alias

In this example, find any distribution group that has the word contact in an alias.

Get-DistributionGroup | where {$_.EmailAddresses -match "contact"} | select Name, EmailAddresses | fl
Categories: Computers Tags: ,

Error Opening EMC

October 10, 2012 Leave a comment

When opening the Exchange Management Console (EMC) in Exchange 2010 you may receive a nice long error that says, “The following error occurred while attempting to connect to the specified Exchange server: The attempt to connect to SERVERNAME/PowerShell using ‘Kerberos’ authentication failed: Connecting remote server failed with the following error message : The WS-Management service cannot process the request. The system load quota of 1000 requests per 2 seconds has been exceeded. Send future requests at a slower rate or raise the system quota. The next request from this user will not be approved for a least 1928339328 milliseconds.”

You get a similar error in the Exchange Management Shell (EMS).

Run the following command from an elevated command prompt:

iisreset /noforce

Now the EMC will open.

Categories: Computers Tags: , , , ,

Quick Post: Exchange Server Errors

This is just a quick one for my reference. KB2025528 explains it in more detail.

Log Name:      Application
Source:        MSExchange ADAccess
Event ID:      2601
Level:         Warning
Description: Process MSEXCHANGEADTOPOLOGY (PID=1276). When initializing a remote procedure call (RPC) to the Microsoft Exchange Active Directory Topology service, Exchange could not retrieve the SID for account <WKGUID=ABCDEF1234567890ABCDEF1234567890,CN=Microsoft Exchange,CN=Services,CN=Configuration,…> – Error code=8007077f.  The Microsoft Exchange Active Directory Topology service will continue starting with limited permissions.

Log Name:      Application
Source:        MSExchange ADAccess
Event ID:      2604
Level:         Error Description: Process MSEXCHANGEADTOPOLOGY (PID=1276). When updating security for a remote procedure call (RPC) access for the Microsoft Exchange Active Directory Topology service, Exchange could not retrieve the security descriptor for Exchange server object EX01 – Error code=8007077f.  The Microsoft Exchange Active Directory Topology service will continue starting with limited permissions.

Log Name:      Application
Source:        MSExchange ADAccess
Event ID:      2501
Level:         Error Description: Process MSEXCHANGEADTOPOLOGY (PID=1276). The site monitor API was unable to verify the site name for this Exchange computer – Call=DsctxGetContext Error code=8007077f. Make sure that Exchange server is correctly registered on the DNS server.

Solution – Run NLTest /DSGetSite to verify that that the proper Active Directory Site is being returned by Windows. Once that has been verified, restart the MSExchange ADTopology service. Depending of the role of the server it may cause a service disruption due to dependent services having to restart as well.

Categories: Computers Tags: ,

Public Folders Not Replicating

March 12, 2012 7 comments

Recently after setting up a second Exchange 2010 server I had an issue where Public Folder replicas were not replicating. When running the following cmdlet it showed the replicas as being configured but they never showed up on the second server.


Get-PublicFolder -recurse | fl Name,Replicas

Name     : IPM_SUBTREE

Replicas : {}

Name     : Accounting Calendar1

Replicas : {PFDB02, PFDB01}

Name     : IT Calendar1

Replicas : {PFDB02, PFDB01}

I didn’t get any errors when configuring the replicas. I even set the Diagnostic Logging Level on certain services under MSExchangeIS\9001 Public to Expert but still nothing.

After a few days of dead ends on the Internet I was reminded about ExFolders. So I downloaded it & tried to run it but got an error that says, “An error occurred while trying to establish a connection to the Exchange server. Exception: The Active Directory user wasn’t found.” Finally an error I can search for. I quickly came across this site.

I opened ADSIEdit & connected to the Configuration partition. I deleted the empty CN=Servers container from the old administrative group in CN=Configuration,CN=Services,CN=Microsoft Exchange,CN=OrgName,CN=Administrative Group,CN=OldAdminGroupName . I ran ExFolders again & did not get an error. Moments later the replicas were showing up on the second server. Well that was easy enough.

Note – Be very careful when using ADSIEdit. Also, DO NOT delete the container for the old Administrative group. It will still be there if you did a transition from a previous version of Exchange.

Refhttp://blogs.technet.com/b/exchange/archive/2010/05/05/3409916.aspx

Error after Upgrade Exchange 2010 to SP1

November 25, 2011 Leave a comment

After upgrading Exchange 2010 RTM to SP1 I started getting the following error:

Log Name:      Application
Source:        MSExchange ADAccess
Event ID:      2937
Task Category: Validation
Level:         Warning
Computer:      EX1.domain.com
Description: Process w3wp.exe () (PID=316). Object [CN=Administrator,CN=Users,DC=domain,DC=com]. Property [HomeMTA] is set to value [domain.com/Configuration/Deleted Objects/Microsoft MTA DEL:c4ab6128-37aa-4e55-b99b-1aa8979a70e9], it is pointing to the Deleted Objects container in Active Directory. This property should be fixed as soon as possible.

It didn’t seem to be causing any issues but an error is still an error. The quick fix is to run the following command:

Get-Mailbox | Update-Recipient

Ref: http://www.expta.com/2010/09/fix-for-event-id-2937-msexchange.html, http://d1it.wordpress.com/2011/03/14/eventid2937/

Categories: Computers Tags: , ,

Error Removing ActiveSync Partnership

November 22, 2011 2 comments

I was doing a little cleanup/verification of all users & the devices that are syncing to Exchange. When I ran the following command I noticed that a test account still had two partnerships set up.

Get-ActiveSyncDevice | ft userdisplayname,name -AutoSize

UserDisplayName                                       Name

———————————–                     ——————————————-

domain.com/Users/EAS Test                     TestActiveSyncConnectivity§946080899

domain.com/Users/EAS Test                     htcliberty§HTCAnda1b56cda

 

To remove the partnership you must use the Identity attribute. You can either run Get-ActivesyncDevices & find the Identity or just use UserDisplayName/ExchangeActiveSyncDevices/Name from the previous results. For example, the identity of the first one from the list above would be domain.com/Users/EAS Test/ExchangeActiveSyncDevices/TestActiveSyncConnectivity§946080899.

Putting it all together the PowerShell command to remove the first partnership would be:

Remove-ActiveSyncDevice -Identity “domain.com/Users/EAS Test/ExchangeActiveSyncDevices/TestActiveSyncConnectivity§946080899”

 

However when I ran that command it failed with the following error:

The ActiveSyncDevice domain.com/Users/EAS Test/ExchangeActiveSyncDevices/TestActiveSyncConnectivity§946080899 cannot be found.

+ CategoryInfo          : NotSpecified: (0:Int32) [Remove-ActiveSyncDevice], ManagementObjectNotFoundException

+ FullyQualifiedErrorId : 7FA0B7B6,Microsoft.Exchange.Management.Tasks.RemoveMobileDevice

 

That user had actually been moved to another OU (domain.com/TestUsers). So I modified the command & ran it again:

Remove-ActiveSyncDevice -Identity “domain.com/TestUsers/EAS Test/ExchangeActiveSyncDevices/TestActiveSyncConnectivity§946080899”

 

It failed again with the following error:

Couldn’t find ‘domain.com/TestUsers/EAS Test’ as a recipient.

+ CategoryInfo          : InvalidArgument: (:) [Remove-ActiveSyncDevice], RecipientNotFoundException

+ FullyQualifiedErrorId : 8B934B04,Microsoft.Exchange.Management.Tasks.RemoveMobileDevice

 

Turns out someone disabled the Exchange mailbox (i.e. removed all exchange attributes). So I re-created the mailbox for the EAS Test account & ran the command again:

Remove-ActiveSyncDevice -Identity “domain.com/TestUsers/EAS Test/ExchangeActiveSyncDevices/TestActiveSyncConnectivity§946080899”

 

Success!

Now to remove the other one I run the command again updating it for the other partnership.

Remove-ActiveSyncDevice -Identity “domain.com/TestUsers/EAS Test/ExchangeActiveSyncDevices/htcliberty§HTCAnda1b56cda”

Error Mounting New Database

September 23, 2011 1 comment

When trying to mount a newly created Exchange 2010 database I received an error that said:

Failed to mount database ‘DB03’.

Error:
Couldn’t mount the database that you specified. Specified database: DB03; Error code: An Active Manager operation failed. Error: The database action failed. Error: Operation failed with message: MapiExceptionNotFound: Unable to mount database. (hr=0x8004010f, ec=-2147221233)
. [Database: DB03, Server: EX1.domain.com].

An Active Manager operation failed. Error: The database action failed. Error: Operation failed with message: MapiExceptionNotFound: Unable to mount database. (hr=0x8004010f, ec=-2147221233)
. [Database: DB03, Server: EX1.domain.com]

An Active Manager operation failed. Error: Operation failed with message: MapiExceptionNotFound: Unable to mount database. (hr=0x8004010f, ec=-2147221233)
. [Server: EX1.domain..com]

MapiExceptionNotFound: Unable to mount database. (hr=0x8004010f, ec=-2147221233)

The quickfix…close EMC & wait a few minutes. Then open EMC & mount it again.

Categories: Computers Tags: , ,
%d bloggers like this: