Tuesday, November 19, 2013

Free/Busy Information not Showing for Some Users

Today I was working with one customer for the Outlook Free/Busy information issue where I observed very interesting things, So I thought to share with you for future references.

Issue: -
Not able to see Free/Busy information for particular users.

Error Message: -


Issue Statement: -
                  
                   Microsoft Introduced Calendar Assistance in Outlook 2003/2007/2010 and 2013 which will user to get the users free/busy information without access permission of the users mailbox. When outlook opened it will utilize SCP (Service Connection Point) by Autodiscover service to identify and validate users and server information/settings to connect Mailbox server. Basically all the client access servers will have Autodiscoverurl to propagate server settings which is known as SCP by the EWS API.

                   When outlook connect Microsoft Exchange Client Access Server the first outlook send the XML file which contained User Name, Password, Email address , AD Site information’s to Client Access Server (Load balancer if you have HLB/NLB) then CAS Server transfer the connections status to “Connection Manager” which will validate given information with Global Catalog servers, Based on response connection manager will respond to CAS server then CAS server allow clients to connects with Mailbox server.

                   When we requesting for Free/Busy information CAS server will communicate with Mailbox servers by utilizing SCP connections with the following phases,

    3.    SRV  - autodiscover.learnexchange.com

AutoDiscoverServiceClassName   : ms-Exchange-AutoDiscover-Service
AutoDiscoverServiceGuid        : 77378f46-2c66-4aa9-a6a6-3e7a48b19596
AutoDiscoverSiteScope          : {Exchange-A}

Following diagram illustrates SCP Lookup Phases,


In our cause Autodiscover return proper response with status 200 by running the “Test E-Mail AutoConfiguration” but am not receiving user free/busy information, I just quite curious to know the reason, than I checked the same by login to Webmail and Outlook Online Mode both showing the same result L.

Where is the issue? I recalled the outlook command switch that “Outlook /Cleanfreebusy” will clear the outlook corrupted free/busy cache, I ran the same command but still I was not able to see the particular user free/busy information.

I am literally pulling out my hair ^o) ^o), Finally I went to Exchange Command Shell to get the Calendar Permission and Testing the Autodiscover of the particular user,

Autodiscover Test: - I ran the Test-OutlookWebServices command and got Successful result.

Test-OutlookWebServices -TargetAddress "terrikarsten@learnexchange.com" |fl

Id      : 1122
Type    : Success
Message : Autodiscover was tested successfully.

Gathering Calendar Permission: -  I ran the Get-MailboxFolderPermission against Calendar Folder and found Access Permission set as “None”.

Get-MailboxFolderPermission -Identity terrikarsten@learnexchange.com:\calendar

FolderName   : Calendar
User         : Default
AccessRights : {None}
Identity     : Default
IsValid      : True

Which is not the default settings of Calendar for the regular mailboxes by default set in place of “AvailabilityOnly”.

Resolution: -

As we see above diagnose shows that Calendar should have “AvailabilityOnly” permission to get the free/busy information of user, So now we have to assign the permission to calendar. We can assign the permission by the following methods.

   1.    Microsoft Exchange Management Shell.

   2.    Microsoft Outlook.

The easiest way to assign the permission is Microsoft Outlook (I always prefer) by the following directions,

Open Outlook navigate it to Folder List select “Calendar” Right Click go to Properties


Select Permission Tab and change the “Default” User Permission from “None” to “Free/Busy Time” save the changes and close.


We have to wait for some time to replicate the changes. After 15 min (By default Replication Interval) checked the same now we able to see the user free/busy information.


Thanks
Keep Visit

Friday, November 1, 2013

Outlook Autodiscover Failed 0X800C8203 - Your Automatic Reply settings cannot be displayed because the server is currently unavailable


Recently I came across Outlook 2007 and 2010 users having issues while accessing Outlook out Of Office (OOO) and Outlook Free/Busy information. When I started troubleshooting the issue, I have verified Outlook Email Auto Configuration test and I got below error message.


Outlook Test E-mail Auto Configuration: -


Outlook Automatic Reply Response: -


I have verified other users in the same database and server all users are accessing OOO and Outlook Free/Busy information without any issues. So I have accessed user profile on different machine I got the same error message than I thought it’s not server level issues it’s something wrong on the user mailbox settings.

I decided to begin troubleshooting by running a web debugging tool on the server which allows me to capture the HTTP traffic generated by Outlook. I found the following Autodiscover response within this trace:

PS D:\Program Files\Microsoft\Exchange Server\V14\Scripts> Test-OutlookWebServices -Identity WayneKern@learnexchange.com

RunspaceId : 9fe80cf8-547a-49a9-9ef8-9500e77d316a
Id         : 1123
Type       : Error
Message    : Autodiscover returned the error: 603:The Active Directory user wasn't found.


At first I was little confused because above user able to access his mailbox through Outlook and Webmail without any issues. Then I recalled Exchange Update patches Microsoft Released Mailbox AutoMapping Feature in Exchange 2010 SP1 were mailboxes will be added automatically once user assigned Mailbox Full Access Permission by Exchange management Console or Exchange Management Shell by following command.

Add-MailboxPermission –Identity “UserName” –User “RequesterName” –Accesspermission Fullaccess – InheritanceType all


Which will add the mailbox automatically on requester outlook after replication, If you don’t want it follow the below command..

Add-MailboxPermission –Identity “UserName” –User “RequesterName” –Accesspermission Fullaccess – InheritanceType all –Automapping $false

While the permissions are being applied against the object, the delegate user object is also added to the msExchDelegateListLink attribute for the owner mailbox. The delegate’s user object also has an Active Directory attribute modified. The msExchDelegateListBL is updated to include the new mailbox owner’s user object DN. Now that the user has been granted access to the mailbox we will look at what happens on the client side.

An Autodiscover request is always initiated when the Outlook client is launched to determine the mailbox settings for the user. This Autodiscover request queries Active Directory and retrieves the msExchDelegateListBL for the user as part of the process. These results are then included in the Autodiscover response XML as an alternative mailbox. The following is an example taken from a working client:

Take look at the above msExchDelegateListBL attributes response, here would see DelegateBL attribute showing the Owner Mailbox Distinguish Name (DN). Now let look at the above delegate mailbox status then I found this user account was disabled and account does not have mailbox in Exchange Environment.
What do you think happens when Active Directory returns this msExchDelegateListBL and there is a user object within the list that no longer has a mailbox? If you answered Autodiscover returns a 603 error, then you are correct. Once this list is retrieved, the server and legacyExchangeDN for the mailboxes must be retrieved. These attributes are no longer present on a user object after the mailbox has been removed. Therefore Active Directory cannot find the mailbox and returns the user not found error.

Than how do I need to check? Yes, we can, Microsoft introduced Active Directory Power shell Module through we can check and do the necessary changes.

Import-Module ActiveDirectory

PS C:\Windows\system32> Get-adUser -Identity "waynekern" -Properties msExchDelegateListBL

DistinguishedName    : CN=Kern\, Wayne,OU=Users,DC=EXCHDC,DC=learnexchange,DC=com
Enabled              : True
GivenName            : Wayne
msExchDelegateListBL : {CN=Kern\, Wayne,OU=Disabled Accounts,OU=Accounts,DC=learnexchange,DC=com}
Name                 : Kern, Wayne
ObjectClass          : user
ObjectGUID           : 244638bb-4ab5-4118-ae8a-ac204dbd7f6e
SamAccountName       : waynekern
SID                  : S-1-5-21-1454471165-1960408961-725345543-2167388
Surname              : Kern
UserPrincipalName    : waynekern@learnexchange.com


Now we will make sure GUID match with user account,


PS C:\Windows\system32> Get-ADUser 244638bb-4ab5-4118-ae8a-ac204dbd7f6e

DistinguishedName : CN=Kern\, Wayne,OU=Users,OU=Site,DC=EXCHDC,DC=learnexchange,DC=com
Enabled           : True
GivenName         : Wayne
Name              : Kern, Wayne
ObjectClass       : user
ObjectGUID        : 244638bb-4ab5-4118-ae8a-ac204dbd7f6e
SamAccountName    : waynekern
SID               : S-1-5-21-1454471165-1960408961-725345543-2167388
Surname           : Kern
UserPrincipalName : waynekern@learnexchange.com

Resolution: -

Now that we have identified the missing mailbox causing our issue we need to remove it from this backlink. A backlink attribute is read-only so we cannot modify it directly on this user object. Instead we must modify the msExchDelegateListLink  for the object identified within the backlink or the original mailbox owner. We can do this from the same Powershell session or ADSIEDIT.

            1.    ADSIEDIT
            2.    Active Directory Command Shell


ADSIEDIT: -


Open ADSIEDIT connect “Default Naming Context” and Navigate to user Organizational Unit, Select the user account properties and followed by select “Attribute Editor” scroll down to “msExchangeDelegatelistLink” clear the match values .



Active Directory Command Shell: -

Stat ---->Administrative Tools ----->Active Directory PowerShell Module.

Set-ADUser  -Identity “waynekern “ -Clear msExchDelegateListLink

Once Active Directory Replication has been completed you can Run Get-adUser -Identity "waynekern" -Properties msExchDelegateListBL.

Now it will show null values.

Now Replication has been completed it’s good time to test the Outlook Webservice health status again user mailbox. Run the below command and find the autodiscover ID, We have received Autodiscover test success.

Test-OutlookWebServices -Identity "waynekern@learnexchange.com" |fl

Id      : 1122
Type    : Success
Message : Autodiscover was tested successfully.

Saturday, September 14, 2013

Unable to register the MSExchangeAB RPC interface. Failed with the error code The endpoint is a duplicate (1740) and The Microsoft Exchange RPC service can't be started because the EMSMDB interface is already registered by another process.

Issue: -

Microsoft Exchange Address Book and Microsoft RPC Client Access Service are not started after setup Static Ports.

Error Message: -

Address Book Service: -

Unable to register the MSExchangeAB RPC interface. Failed with the error code The endpoint is a duplicate (1740)

Microsoft RPC Client Access Service: -

The Microsoft Exchange RPC service can't be started because the EMSMDB interface is already registered by another process.

Error Statement: -

When you Setup Static Ports for Microsoft Exchange Address Book and Microsoft RPC Client Access Services and if the same Port is already used by another service which can result service start fail.
You can follow the below steps to configure the static ports,

UDP/TCP 59531-65535; set static ports

To set a static port for the RPC Client Access service on an Exchange 2010 Client Access server, you need to open the registry on the respective server and navigate to:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\MSExchangeRPC


Here, you need to create a new key named ParametersSystem, and under this key create a REG_DWORD named TCP/IP Port. The Value for the DWORD should be the port number you want to use.


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\MSExchangeRPC\ParametersSystem]
"TCP/IP Port"=dword:0000e88c

To set a static RPC port for the Exchange Address Book Service, create a new REG_SZ registry key named “RpcTcpPort” under:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\MSExchangeAB\Parameters]
"RpcTcpPort"="59533"

Resolution: -

   1.  Find whether same port used by another process by using NETSTAT command.
  TCP    10.250.172.59:59499    10.250.172.58:55163    ESTABLISHED
  TCP    10.250.172.59:59519    10.250.172.41:135      ESTABLISHED
  TCP    10.250.172.59:59520    10.250.172.41:36553    ESTABLISHED
  TCP    10.250.172.59:59521    10.250.172.41:36553    ESTABLISHED
  TCP    10.250.172.59:59532    10.250.172.62:135      ESTABLISHED
  TCP    10.250.172.59:59533    10.250.172.62:14417    ESTABLISHED
  TCP    10.250.172.59:59534    10.250.172.62:14417    ESTABLISHED
  TCP    10.250.172.59:59545    10.250.172.49:37827    ESTABLISHED
  TCP    10.250.172.59:59546    10.250.172.49:37827    ESTABLISHED
  TCP    10.250.172.59:59723    10.250.172.62:135      ESTABLISHED
  TCP    10.250.172.59:59724    10.250.172.62:14417    ESTABLISHED
  TCP    10.250.172.59:59725    10.250.172.62:14417    ESTABLISHED
  TCP    10.250.172.59:59847    10.250.172.48:9747     ESTABLISHED
  TCP    10.250.172.59:60179    10.250.172.52:21192    ESTABLISHED
  TCP    10.250.172.59:60535    10.250.32.17:389       ESTABLISHED

   2.  Restart Microsoft Information Store service which will release if the same port used.
   3.  Check which service is using that ports using NETSTAT /autob
[w3wp.exe]
  TCP    10.250.172.59:59520    10.250.172.41:36553    ESTABLISHED     19184
 [w3wp.exe]
  TCP    10.250.172.59:59521    10.250.172.41:36553    ESTABLISHED     19184
 [w3wp.exe]
  TCP    10.250.172.59:59532    10.250.172.62:135      ESTABLISHED     19184
 [w3wp.exe]
  TCP    10.250.172.59:59533    10.250.172.62:14417    ESTABLISHED     19184
 [w3wp.exe]
  TCP    10.250.172.59:59534    10.250.172.62:14417    ESTABLISHED     19184
 [w3wp.exe]
  TCP    10.250.172.59:59545    10.250.172.49:37827    ESTABLISHED     19184
 [w3wp.exe]
  TCP    10.250.172.59:59546    10.250.172.49:37827    ESTABLISHED     19184

   4.  After found which service using (In my cause w3wp.exe service) restart it.
   5.   If above steps is not resolved your issue, Please restart your server    by setup services in automatic mode.

Thanks
Keep Visiting

Thursday, September 5, 2013

How to Open Shared Sub Calendar in Outlook 2007 & 2010


It’s easy to share the default folders in your Microsoft Exchange mailbox just giving your co-worker permission to the folder. They can view the contents using the File, Open, Other user’s folder command. But sharing the subfolders requires a bit more effort as the subfolders are not accessible from the Open Other Users Folder dialog.


In order to share Outlook subfolders with another user, you need to give them the desired permission (at least Reviewer) to the folder and at least Folder visible permission to every Root folder above the shared subfolder.

Right click on the shared folder and choose Properties. Go to the permission tab and assign permission to the person you want to share with.


Every folder in the path above this folder needs to have at least Folder visible permission, up through the top level.
Before a person can view one of your folders, they need permission. If they are a Delegate to your mailbox (Tools, Options, Delegates) they may have permission to some or all of your mailbox folders.
1.  Right click on the folder you wish to share.

2.  Choose Properties, select the Permissions tab.

3.  If Default has Reviewer permission you won’t need to add individual names to the list unless they need more permissions than the Default account has.

4.  Click Add and select the names you want to share with from the Global Address List.

5.  Give them at least Reviewer permission so they have Folder visible permission.

6.  Click OK to close the dialog.

Repeat for each folder you wish to share.
If the person already has delegate access you won’t need to do anything more. If they do not have any access to your mailbox, you need to give them Folder visible permission to the mailbox.
1.  Right click on the mailbox root. This is the folder you click on to display Outlook Today.

2.  The Default account typically has no permission to the entire mailbox. You can either give the Default account Folder visible permission or click Add and select your co-worker’s name from the GAL.

3.  Check the Folder visible box only. The permission level remains set to None.
4.  Click Ok to exit the dialog


Opening the shared folder

Once the folder permissions are set, the person who the folders are shared with needs to add the mailbox to their profile, as a secondary mailbox.

1.  Go to Tools, Account Settings. (File, Account Settings in Outlook 2010 or 2013.)

2.  Select your Exchange account and clickChange (or double click)

3.  Click More Settings

4.  On the Advanced Tab, click Add

5.  Type all or part of the name of the mailbox that was shared with you. Select the correct name if presented with a list of names.

6.  Click Ok and work your way out of the dialogs and return to Outlook.
The mailbox you added is now in your folder list and the calendars you have permission to view will be listed in the Calendar pane. Any other folders that this user was given permissions to access will be visible in the folder list or appropriate modules.

Thanks
Keep Visiting.

Monday, August 26, 2013

How to Bulk Delete Email Content in Organization Wide Mailboxes Using Subject Line

Hi Folks,

Today I had very interesting thing in Exchange 2010 in terms of Search-Mailbox, So I thought to share with you.

Issue: -

User initiated test bulk emails from application to multiple users from Internal and External and user wants to delete those test emails from all user mailboxes that are received.

Error Statement: -

We can remove/delete those emails in below scenarios,

1. Virus Infected emails.

2. Confidential Email sent wrongly.

3. Need to remove an Email with Specific subject from all the mailboxes in the organization.


Permission: -

In Exchange 2007 & 2010 Microsoft introduced RBAC which is Roll Base Access Control based on Team access, competency level.


Resolution: -


     1.  You need to assign Discovery Management Roll Permission prior to Run the Report.

   
    2. Select the User and Give OK







3. Add Administrator account to Mailbox Export Import Role Group.



4. Now Before Deleting in Bulk , We can use a log only switch to verify how many Mails we are going to delete and to verify the we are going to delete the right one.

Get-mailbox | search-mailbox –searchquery “Subject:’Ticket:Subject Line’” –Logonly –Targetmailbox administrator –Targetfolder Inbox

Now this will show how many mailboxes have this content



5. Once above Command grab the email logs and it will share the same in Administrator Mailbox as below.



6. Now we will go ahead and Delete it: -

Get-mailbox | search-mailbox –searchquery “Subject:’SubjectLine’” –DeleteContent


Thanks
Keep Visiting.