Microsoft Exchange Upgrade

In working with Outlook 2010, I had a client who had Exchange mailboxes that he needed to get rid of because they no longer needed. The user tried removing the mailbox from Outlook by simply launching the "Mail" (Outlook profiles) from control panel. When the user would re-open Outlook the account was still there. After some looking around it was found that the user had been given the "Manage Full  Access Permission" in Exchange 2010 to this specific mailbox. This was causing Outlook for some reason to hold on to the mailbox in the left pane.

In order to get rid of the mailbox the "Manage Full  Access Permission" had to be removed from the specified users on this function of the mailbox in the Exchange management console.  You can also use the Exchange Power Shell to perform this by using this command - Remove-MailboxPermission -Identity Mailbox -User -useraccessing Fullaccess

After removing the user from the full access permissions, Outlook was closed and opened back up and the users were then removed. It is unclear if this is issue is caused by a Microsoft Exchange upgrade or if this is just one of those little issues that slipped through the cracks on patching either system. SkyByte Consulting supports clients large and small with issues like this and many others. 

Last week I ran into a bizarre email sending problem which ultimately was caused by Microsoft Outlook 2010.  All of a sudden a user could no longer send email from their Outlook, but could receive.  The user would immediately receive this undeliverable bounce-back after sending any emails:
 

 
"Delivery has failed to these recipients or groups:
user@domain.com

You can't send a message on behalf of this user unless you have permission to do so. Please make sure you're sending on behalf of the correct sender, or request the necessary permission. If the problem continues, please contact your helpdesk."

This error is typically seen when a user attempts to send an email on behalf of another user without the proper permissions.  This was not the case, the user was trying to just send email as himself.  The first obvious check was if his Exchange permissions were set correctly.  The user was running a fairly new box, running Windows 7 Professional 64 bit with Microsoft Office 2010 Home and Business edition.  Their Outlook was connected to an on-premise Exchange 2010 server, and no other users on the network were experiencing this problem.  While we had performed a Microsoft Exchange Upgrade recently, he had been running normally for several months.  The next step I took was see if he could send from OWA, and he could.  Additionally, he could send from his Android phone connected to his Exchange account.

To confirm the problem was isolated to his machine as a possible network security or software issue, he logged in as himself on another similar machine, created an Outlook profile and was able to send email just fine.  So, the next step I took was recreating his Outlook profile.  Recreating the Outlook profile will resolve many Outlook abnormalities, unfortunately this time it did not help.  Then I backed up the user's profile, and recreated it.  To my disbelief, the problem remained.  My next step was to fully remove and reinstall Office, not a repair install.  This finally fixed the issue, and he was able to send email again.

1. In outlook 2010, click on your calendar.
   
2. From the Home tab, Select Calendar Groups.
   
3. In the drop-down list, click one of the following-
   
   
   1. To create a new group calendar, click Create New Group Calendar, and continue to step 4.
      
   2. If you have multiple Calendars open ( For example: You are viewing other peoples calendars along with your own), you can save the the calendars in the current view as a new calendar group in the navigation pane by clicking Save as New Calendar Group.
      
   3. To display team calendars in the navigation pane, click Show Team Calendars. Team calendars contain calendars for your manager, direct reports, and peers as determined from information in Active Directory.
      
4. In the Create New Calendar Group dialog box, type the name for the grouping, and click OK.
   
5. In the Select Name: Global Address List dialog box, find the individuals or resources you wish to add to the grouping. Click the Group Members -> button to add them (or double click their name). You can add multiple people or rooms by finding another person and clicking the button again.
   
   If you have a server-side distribution list (For example - a mail-enabled group, not a LISTSERV list or a personal distribution list), you may find that group and add it.
   
6. When you are done adding the people and rooms click OK and the calendar group is saved in your navigation pane. In it, you can see each of members or resources availability. If the individual or resource room doesn't allow people or a specific set of people to view the free/busy information, you will not see any details listed.
   
7. To add more people or resources, right-click on the calendar group in the navigation pane and click Add Calendar. Choose one of the following methods  to add the calendar-
   
   
   1. From Address Book
   2. From Room List
   3. From Internet
   4. Open Shared Calendar
      
8. To delete a calendar group, right-click the calendar group in the navigation pane and select Delete Group.

How many times have you not had sufficient space on your virtual server due to growing exchange data stores, SQL databases, or Data Protection Manager backups?  It can be a daunting task, in smaller networks, to have sufficient drive space on VM hosts. Using Microsoft Hyper V server 2008, I've setup test and dev machines and just hosted the VM files off on an external hard drive. 

In the past external hard drives running USB 1.1 and 2.0 were too slow to host a file such as a .VHD effectively. Within the last couple of years technologies like e-Sata and USB 3.0 have emerged as great choice's for an external interface. These newer external ports offer superior read and write throughput performance for hard drives. You can purchase expansion cards that give your server the ability to have these ports. In the case of e-Sata, you can also employ Raid setups using external drive housings that support raid 0,1,5,10 and others.

I've found that, depending on your virtualization hosts configuration, you can setup or relocate .VHD files onto an external drive. Also you could add an external drive to house all of your machine backups and images on drives up to 3TB in size. With the performance of both USB 3.0 and e-Sata you can create, deploy, and restore in a fairly quick amount of time. Non-essential or lightly used VM's could be hosted on a single external drive with higher use possible using an e-Sata Raid setup. This solution would be very easy to implement with many server virtualization systems and very inexpensive compared to upgrading the drives in a server.

While attempting to configure Outlook Anywhere using RPC over HTTPs in Outlook, I ran across and issue where the Exchange server's hostname would not resolve outside of the office during setup.  When I attempted to configure Outlook Anywhere on the internal office network, it was successful.  Once Outlook Anywhere was configured properly internally, Outlook would connect outside the office.  However, important Outlook features such Calendar and Tasks were either limited or unavailable. 

This client of ours received a Microsoft Exchange Upgrade to Exchange 2007 running Server 2008 R2.  At first I thought it was either a configuration problem on the Exchange server, or a network security problem on their Cisco ASA firewall.  Using this extremely helpful Outlook and Exchange connectivity tool found here: www.testexchangeconnectivity.com, I was able to track down and resolve the issue preventing me from configuring Outlook Anywhere outside the office.

The test results showed the Exchange server could not be reached on port 6004.  After some research on the Microsoft TechNet Exchange library, I discovered the problem was related to connection requests defaulting to using IPv6 in Microsoft Server 2008.  The simple solution is to comment out IPv6 and add the IPv4 address and local hostname in the Exchange server's host file:

127.0.0.1 localhost
#::1 localhost
xxx.xxx.xxx.xxx mailserver
xxx.xxx.xxx.xxx mailserver.domain.local

Once this was saved to the host file, Outlook was able to resolve the hostname outside the office and all functionality of Outlook was restored!

In Microsoft Outlook, how do I change the default address book?

To change the default address book in Outlook for Windows, follow the appropriate steps below:


Outlook 2010 :

1. From the Find group on the Home tab, select Address Book.
2. In the Address Book window that appears, from the Tools menu, select Options...
3. Under "When opening the address book, show this address list first:", use the scroll-down menu to select the appropriate listing (i.e., Global Address Book, or Outlook Address Book).
4. To save the changes, click OK.
5. To close the Address Book, click the X in the top right corner.

1.  From the Tools menu, select Address Book.
2. In the Address Book window that appears, from the Tools menu, select Options.
3. Under "Show this address list first:", use the scroll-down menu to select the appropriate listing (i.e., Personal Address Book, Global Address Book, or Outlook Address Book).
4. To save the changes, click Apply.
5. To exit, click OK.

Updating Exchange Server can be a daunting task, but I have run into what seems to be a very common problem and would like to share my findings.

If your having problems with OWA after installing Microsoft Exchange Servers latest Update Rollup 2, I might have the answer for you.

Error -
Outlook Web App didn't initialize. If the problem continues, please contact your helpdesk.

Couldn't find a base theme (folder name=base).

Cause -
The update failed to update the OWA virtual directory or the command wasn't run as an admin in the Exchange Management Console.

Solution 1 -
1. Start an exchange powershell shell and run

2. execute this "C:Program FilesMicrosoftExchange ServerV14BinUpdateCas.ps1"

3. Open elevated command prompt and run "iisreset /noforce"

If this doesn't work try the next solution.

Solution 2 -
1. Goto Programs and Features and uninstall the Rollup 2

2. Start an Administrative Exchange Management Shell

3. Type the location of the update Roll Up 1 "Exchange2010-KB976573-x64-en.msp" or Roll Up 2 "Exchange2010-KB2425179-x64-en.msp"  (I.E. c:usersuserdownloadsExchange2010-KB976573-x64-en.msp)

4. Close the Exchange Management Shell and finish the patch.

5. Open elevated command prompt and run "iisreset /noforce"

Note: If you do not run the Exchange Management Shell as an Administrative prompt, you will get an error regarding a failed install.

Hopefully this fixes any potential issues you may run into after these updates. Skybyte Consulting can assist you with all of your various Exchange 2003, 2007 and 2010 needs.

This post may also relate to  Microsoft Server Virtualization with Exchange server and Microsoft Server Support.

Are you users having problems with their options button in Outlook Web Access? I noticed that after performing a Microsoft Exchange Upgrade to 2010 SP1 RTM from 2007 R2, that when their users would hit the options button the page would simply just refresh. I dug around on the Internet and found the answer's. There are two possible fixes for this, and the second one worked for the problem I was having.

• Mirror the ECP and OWA virtual sites, authentication settings in IIS.
  
• Check the ECP Site and make sure its not redirecting to the OWA site.

• Sense
• Pictures of Contacts
• Improved screen sharing and document sharing capabilities
• Redesigned interface
• Improved IP Phone system compatibility
• And much more

Recently while performing an Microsoft Exchange Upgrade by adding a new Exchange 2010 mail server to an existing Exchange 2003 organization I came across an email routing / email security issue. This particular project planned for a short period of planned coexistence between the old 2003 exchange server and the new 2010 exchange server and thus we had the resolve the problem quickly to ensure internal email between users on both systems.  The main symptom appeared after I moved the majority of mailboxes from the old exchange 2003 server to the new exchange 2010 server. Emails flowed successfully to the Internet unrestricted.  However when sending internal email to mailboxes that still resided in the 2003 exchange server I would get the following error:

Delivery has failed to these recipients or groups:

xxxxxxx (xxxxx@xxxxxcommunity.org)
This message was rejected by the recipient e-mail system. Please check the recipient's e-mail address and try resending this message, or contact the recipient directly.

 

The following organization rejected your message: xxx.xxxxxcommunity.org.(Receiving Server)

Diagnostic information for administrators:

Generating server: xxxxx.xxxxxcommunity.org

xxxxx@xxxxxxcommunity.org
xxxxx.xxxxxxxcommunity.org #554 5.1.0 Sender Denied ##

Original message headers:

Received: from xxxx.xxxxxcommunity.org ([10.7.53.8]) by XXXXX

 ([10.7.53.8]) with mapi; Mon, 3 Jan 2011 14:00:19 -0600

Content-Type: application/ms-tnef; name="winmail.dat"

Content-Transfer-Encoding: binary

From: Darren Sieck <DarrenSieck@xxxxxxxcommunity.org>

To: "Fr. Don McLaughlin" <xxx@xxxxxxxcommunity.org>

Subject: FW: Test

Thread-Topic: Test

This error can indicate several factors:
You should check that you have routing connectors in each routing group (under the System manger on the exchange 2003 server )  and that your new server is allowed to relay on the old server (Under SMTP properties on the old server). It turns out that my routing connectors were configured properly and relaying was possible. 

Problem:
The problem was the client had configured exchange 2003’s filtering features and the server was blocking all email from the internal domain. Basically the old server thought the new server was spoofing the client’s internal domain. To resolve the situation you should disable the exchange built-in filtering altogether or use a 3^rd party SMTP email filtering product such as Websense Email Security or Ironport.

Resolution:
Navigate to the filtering settings native in Exchange 2003: Open System Manger > First Organization (or the name of your organization) > Global Settings > Message Delivery: Select properties on Message delivery and turn off or configure filters according. Most settings are under the “Connection Filtering” tab.

After receiving my new HTC EVO from Sprint I was eager to get my corporate emails flowing in. I went to perform the mail setup and entered all of the info for our Exchange server then selected the data I wanted to sync. I selected finish and was then presented with an error stating - "Error Failed to create the account. Please try again later."

I was 100% sure that my exchange server was working properly because we had  just completed an Microsoft Exchange server uprade and I had been testing Blackberry Enterprise Server Support and iPhone users and they were working properly. After looking around on the Internet I found that I wasn't the only person with this issue.  I found that there are 2 very common issues and mine was the Active Directory fix. I did list both fixes below just incase others need one or the other.

SSL Certificate Fix:

A little further digging and I discovered that this was down to a security setting people use on their Exchange server which forces mobile ActiveSync users to specify a PIN number on their phone to add an additional layer of security on the phone. It seems the Android built in Exchange support can't deal with sending back your encrypted password. So, if you use SSL with your web-facing Exchange server, you won't be able to connect without either turning off the mobile users password policy requirement, or I assume, using a certified web certificate. Neither turning off SSL or turning off the password policy is a particularly good idea, and would violate most network security policies. The best option would be to ask your IT admins to arrange for a web certificate. In the interests of covering all the options for this guide though, I'll detail the method of excluding specific users from the password policy.

1.  Open Exchange System Manager
2.  Expand Global Settings and then right click on Mobile Services and choose Properties
3.  Click the Device Security button
4.  The "Enforce password on device" tick box is the culprit here, but it's better to turn it off for one specific user rather than the whole domain, so push the Exceptions button
5. Push Add and select the user you want added to the exception list
6.  Push OK three times to get back to Exchange System Manager and you're done

1. Log onto Domain Controller
2. Start AD Users and Computers
3. Click on View – Advanced Features
4. Double-click on the user who’s account wont work with ActiveSync
5. Go to the security tab and then select the advanced button
6. Select Exchange Servers, and tick the Include inheritable permissions toggle then Apply and OK.
7. Reconfigure your phone and walk away reading you emails

• Assess your network infrastructure and decide if you need to acquire a new server or just require some server upgrades. Remember Exchange 2010 only runs on 64-bit versions of Server 2008 and R2. This also means you will need a 64-bit processor in your server.
• Do you currently use virtualization in your network infrastructure? If so you can virtualize your exchange server or servers using Microsoft Hyper V Server 2008,  Vmware Vsphere Installation, and other server virtualization systems.
• Download and read the Planning for Exchange 2010 and also the Deploying Exchange 2010 information on Microsoft's Technet site.
• Does your current network infrastructure design support an edge configuration, or will you be just installing a single server setup?
• If you are upgrading you can only upgrade from Exchange 2007 R2. This may require you to upgrade your exchange 2007 server to R2. If your running Exchange 2003 you will have to perform a migration.
• If your running an older network infrastructure like Server 2000 and earlier, it will require an Active Directory upgrade.
• Do your current email security solutions support Exchange 2010?
• When you finalize your plan also perform a business continuity risk assessment focusing on electronic communications for your business, and update your information Technology disaster recovery plan to include the new Exchange 2010 mail server or cluster. These are very important parts of the process that many neglect to do.