Monday, August 26, 2013

How to Bulk Delete Email Content in Organization Wide Mailboxes Using Subject Line

Hi Folks,

Today I had very interesting thing in Exchange 2010 in terms of Search-Mailbox, So I thought to share with you.

Issue: -

User initiated test bulk emails from application to multiple users from Internal and External and user wants to delete those test emails from all user mailboxes that are received.

Error Statement: -

We can remove/delete those emails in below scenarios,

1. Virus Infected emails.

2. Confidential Email sent wrongly.

3. Need to remove an Email with Specific subject from all the mailboxes in the organization.


Permission: -

In Exchange 2007 & 2010 Microsoft introduced RBAC which is Roll Base Access Control based on Team access, competency level.


Resolution: -


     1.  You need to assign Discovery Management Roll Permission prior to Run the Report.

   
    2. Select the User and Give OK







3. Add Administrator account to Mailbox Export Import Role Group.



4. Now Before Deleting in Bulk , We can use a log only switch to verify how many Mails we are going to delete and to verify the we are going to delete the right one.

Get-mailbox | search-mailbox –searchquery “Subject:’Ticket:Subject Line’” –Logonly –Targetmailbox administrator –Targetfolder Inbox

Now this will show how many mailboxes have this content



5. Once above Command grab the email logs and it will share the same in Administrator Mailbox as below.



6. Now we will go ahead and Delete it: -

Get-mailbox | search-mailbox –searchquery “Subject:’SubjectLine’” –DeleteContent


Thanks
Keep Visiting.

How to reconfigure Failed FileShare Witness Directory on Exchange 2010

Issue: -

Exchange 2010 File Share witness server/directory is not accessible.

Error Message: -

The operation has failed. “An error occurred while attempting to bring the resource File Share Witness (\\Exchfw.learnexchange\DAG01.learnexchange) online


Now my DAG displays a warning when I check the health of it.

WARNING: Database availability group ‘DAG01’ witness is in a failed state. The database availability group requires the witness server to maintain quorum. Please use the Set-DatabaseAvailabilityGroup cmdlet to re-create the witness server and directory.


In this real world this situation may also arise if the server hosting the File Share Witness was being decommissioned, or if it had failed. Fortunately we can resolve the problem by specifying a new FSW for the DAG which I will demonstrate here.


Resolution: -

You can configure File share witness directory by configuring through Failover Cluster Manager and Set-DatabaseAvailabilityGroup cmdlet to re-create the witness server and directory.

Type 1

  1.  Open Failover Cluster Manager ---->Right Click DAG Name ---->More Actions ----->Configure Cluster Quorum Settings.


   2.  On  Quorum Configuration Option Select “Add or change the quorum witness”


  3.  On Quorum Witness select “Configure a file share witness”


  4.  On Configure File Share Witness Click Browse --->Select Server and File Share directory.

  
5.  Confirm the above change and Click Next to Finish the configuration.

  6.  Remove the old File share witness directory by selecting Yes.



  7.  After removed the Filed File share witness directory, the DAG Replication Health is passed.




Type 2:

Set-Databaseavailabilitygroup  -Identity “DAG01” –WintnessServer “EXCHFW.learnexchange.com” –WitnessDirectory “C:\WitnessDirectory”


Thanks
Keep Visiting.




Tuesday, August 20, 2013

Increasing the number of simultaneous Local Move Request on Exchange 2010

Hi Folks,

My colleagues asked why mailbox movement takes more time than expected time window.

So I thought to provide some my past experience that will help someone here.

Issue: -

Mailbox movement takes more time than expected downtime window.

By default Exchange 2010 just moves 5 mailboxes simultaneously.
I need to move 85000 mailboxes with-in 3 month of time without any user downtime. So If I use Microsoft by default settings it will take approximately 1 year or so to complete the mailbox movement.

So what should we do? : -Yes, we do have workaround for this issue.

To increase the mailbox movement concurrent connection limits you have to change a configuration file for Mailbox Replication Service.

Resolution: -

1. Open the file C:\Program Files\Microsoft\Exchange Server\V14\Bin\MSExchangeMailboxReplication.exe.config;

2. Increase the blue values to a number of simultaneous active moves that you want.

<mrsconfiguration ></mrsconfiguration >MRSConfiguration
    MaxRetries = "60"
    RetryDelay = "00:00:30"
    MaxMoveHistoryLength = "2" 
    MaxActiveMovesPerSourceMDB = "80"
    MaxActiveMovesPerTargetMDB = "80"
    MaxActiveMovesPerSourceServer = "80"
    MaxActiveMovesPerTargetServer = "80"
    MaxTotalMovesPerMRS = "200"
    FullScanMoveJobsPollingPeriod = "00:10:00"
    MinimumTimeBeforePickingJobsFromSameDatabase = "00:00:04"
    ServerCountsNotOlderThan = "00:10:00"
    MRSAbandonedMoveJobDetectionTime = "01:00:00"
    BackoffIntervalForProxyConnectionLimitReached = "00:30:00"
    DataGuaranteeCheckPeriod = "00:05:00"
    EnableDataGuaranteeCheck = "true"
    DisableMrsProxyCompression = "false"
    DisableMrsProxyBuffering = "false"
    MinBatchSize = "100"
    MinBatchSizeKB = "256" ;

3. Save and close the file;

4. Restart the Microsoft Exchange Mailbox Replication service.

Thanks,
Keep Visiting.

Monday, August 19, 2013

The Delegates settings were not saved correctly. Cannot activate send-on-behalf-of list. You do not have sufficient permission to perform this operation on this object

Issue: -

Users are not able to update mailbox delegates through outlook.

Error Message: -

When user trying to update/delete delegates from outlook they will get error message as
“The Delegates settings were not saved correctly. Cannot activate send-on-behalf-of list.

You do not have sufficient permission to perform this operation on this object”


Error Statement: -

When you use Microsoft Outlook to add or remove delegates which will grand send-on-behalf-of permission to those mailboxes. If you’re local system is not connecting Local Global Catalog server and it’s connecting to remote Global Catalog server, which will not write publicDelegates attribute of your user object in Active Directory.
The SELF object does not have the Write Personal Information right on your Active Directory user object.

Resolution: -

   1.  Check user have self-access permission assigned in mailbox.

   2.  Check whether you have any AD related issues.

   3.  Modify the registry on HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\x.0\Outlook\Preferences

After you select the subkey that is specified in New on the Edit menu, and then click DWORD Value.
Type IgnoreSOBError, and then press Enter.
Right-click IgnoreSOBError, and then click Modify.
In the Value data box, type 1, and then click OK.
On the File menu, click Exit to exit Registry Editor.

   4.  Go to AD user properties attributes Tab and find publicDelegates attributes and remove/add required details and OK.
 

   5.  It will take 15 minutes to update. After replication check the user delegates Tab.


Thanks

Keep Visiting


Message tracking fails with 'The server software doesn't support the type of search requested'

Issue: -

Not able to track the emails by using Exchange Management Console or Exchange Management Shell.

Error Message: -


Message tracking fails with 'The server software doesn't support the type of search requested' for only a SINGLE user in org

What is the use of Message Tracking Logs: -

If you want to track messages using the shell, the magic cmdlet to remember is Get-MessageTrackingLog. It’s capable of doing wonderful things very quickly.

Message Tracking log fields: -

First, let’s take a look at a typical record in the tracking log. A single message generates multiple records in the log, one for each message tracking event. Familiarity with the fields and the kind of information they contain will help you filter and find what you’re looking for. If you frequently use message tracking for troubleshooting or otherwise, this familiarity can be rewarding.

Timestamp : 8/19/2013 12:03:46 PM
ClientIp : 10.250.10.14
ClientHostname : EXCHMBX01.learnexchange.com
ServerIp : 10.250.10.10
ServerHostname : mail.learnexchange.com
SourceContext : 08CAEC7BADA2C89C
ConnectorId : Default
Source : SMTP
EventId : SEND
InternalMessageId : 566
MessageId : <8ae81f81e2d0bc45b53db7d1661e75b801a4e86bc6d2@exchmbx01.learnexchange.com>
Recipients : {Gengaiyan@learnexchange.com}
RecipientStatus : {250 2.1.5 harish@learnexchange.com }
TotalBytes : 21097
RecipientCount : 1
RelatedRecipientAddress :
Reference :
MessageSubject : Welcome Message.
Sender : Gengaiyan@learnexchange.com
ReturnPath : Gengaiyan@learnexchange.com
MessageInfo : 08/19/2013 12:03:38 PM

Filtering Message Tracking Logs: -

You can filter Message Tracking logs by the following properties:

Start: End By default, Message Tracking logs are kept for a maximum of 30 days. If you’re trying to find a message that may have been sent or received in the last day or two, or a specific period, it’s inefficient to search 30 days’ worth of logs. It’s a good idea to narrow down the search by specifying a start time, and preferably the end time as well.

Event ID: This is by far one of the more important parameters of Message Tracking logs that we need to understand. Whereas Exchange Server 2003/2000′s Message Tracking log was an easy-to-use application that shielded the user from this complexity, it also provided much less flexibility. Message Tracking logs have a lot of details about a message as it originates from an internal user or external sender, and makes its way through the different stages of message routing and transfer, and finally gets delivered (or not). You can now track messages based on these events.

Sender: Sender’s SMTP address

Recipients: SMTP address(es) of one or more recipients

MessageSubject:  The subject field in the message header

MessageID: This is the MessageID in the header. It is constant for the lifetime of a message, and can be used to track messages across different mail systems.

InternalMessageID: An integer field assigned by the Exchange 2007 server that is currently processing the message. The same message will have a different InternalMessageID on different Exchange servers.

Message Tracking Events: -

DEFER: Message delivery delayed

DELIVER: Message delivered to a mailbox

DSN: A delivery status notification was generated.
Messages quarantined by the Content Filter are also delivered as DSNs. The recipient’s field has the SMTP address of the quarantine mailbox.

EXPAND: Distribution Group expanded. The RelatedRecipientAddress field has the SMTP address of the Distribution Group.

FAIL: Delivery failed. The RecipientStatus field has more information about the failure, including the SMTP response code. You should also look at the Source and Recipients fields when inspecting messages with this event.

POISONMESSAGE:  Message added to or removed from the poison queue

RECEIVE: Message received. The Source field is STOREDRIVER for messages submitted by Store Driver (from
 a Mailbox server), or SMTP for messages
a) received from another Hub/Edge
b) received from an external (non-Exchange) host using SMTP
c) submitted by SMTP clients such as POP/IMAP users.
REDIRECT:  Message redirected to alternate recipient

RESOLVE: Generally seen when a message is received on a proxy address and resolved to the default email address. The RelatedRecipientAddress field has the proxy address the message was sent to. The recipient’s field has the default address it was resolved (and delivered) to.

SEND: Message sent by SMTP. The ServerIP and ServerHostName parameters have the IP address and hostname of the SMTP server.

SUBMIT:  The Microsoft Exchange Mail Submission service on a Mailbox server successfully notified a Hub Transport server that a message is awaiting submission (to the Hub). These are the events you’ll see on a Mailbox server.
The SourceContext property provides the MDB Guid, Mailbox Guid, Event sequence number, Message class, Creation timestamp, and Client type. Client type can be User (Outlook MAPI), RPCHTTP (Outlook Anwhere), OWA, EWS, EAS, Assistants, Transport.

TRANSFER: Message forked because of content conversion, recipient limits, or transport agents

Finding messages

Here are some examples that show how to use different parameters such as sender, recipients, start and end times to find messages. These examples demonstrate the power of the Exchange shell and how it can help you be very productive when managing Exchange 2010/2007 using this great new too.

1. Find messages by sender:

Get-MessageTrackingLog -sender “Gengaiyan@learnexchange.com”

2. Find messages by recipient:

Get-MessageTrackingLog -recipients “Gengaiyan@hotmail.com”

3. Messages received or messages delivered to the mailbox: You can further separate or constrain these by message received:

Get-MessageTrackingLog -sender “Gengaiyan@learnexchange.com” -eventID RECEIVE

and messages delivered to the mailbox

Get-MessageTrackingLog -sender “Gengaiyan@learnexchange.com” -eventID DELIVER

4. Start and End date/time: To further constrain these by Start and End times:

Get-MessageTrackingLog -sender Gengaiyan@learnexchange.com -eventID DELIVER -Start “08/19/2013 9:00AM” -End “08/19/2013 5:00PM”

Formatting output

To show only selected fields, you can pipe the output to the Select-Object command, and specify the fields required. Here we want the timestamp, recipients, and subject fields:

Get-MessageTrackingLog -sender “Gengaiyan@learnexchange.com” -eventID DELIVER -Start “08/19/2013 9:00AM” -End “08/19/2013 5:00PM” | Select timestamp,recipients,messagesubject

To get all fields from a message in a list format, you can pipe the output into a fl (format list).

By default, the Get-MessageTrackingLog command returns up to 1000 results. This can be hard to work with in a command screen that keeps scrolling endlessly. In addition to the above parameters used to filter the logs, you can also restrict the number of results returned using the ResultSize parameter.

Get-MessageTrackingLog -sender “Gengaiyan@learnexchange.com” -eventID DELIVER -Start “08/19/2013 9:00AM” -End “08/19/2013 5:00PM” -ResultSize 100

Resolution: -

  1.  By default Microsoft supports up to 49 proxy address can associate with single mailbox. If you have more than 49 + proxy address remove unnecessary proxy addresses and force the AD replication or wait for 15 minutes to get replicate across AD servers.

  2.  Verify whether any external domain proxy addresses associated with problematic account properties, if you found something remove it and wait for AD Replication.

  3.  MSExchangeTransportLogSearch.exe service have 32KB limit and Microsoft confirmed that this is product issue and Programmers are working on this issue.

Thanks
Keep Visiting

A server-side database availability group administrative operation failed. Error: The operation failed. CreateCluster errors may result from incorrectly configured static addresses. Error: The computer account ‘DAG01′ could not be validated. Access was denied. Check that the current user (NT AUTHORITY\SYSTEM) has permissions to create computer accounts in the domain or to claim the computer account.

Issue: -
Not able to add Mailbox server into Database Availability Group in Exchange 2013.

Error Message: -

A server-side database availability group administrative operation failed. Error: The operation failed. CreateCluster errors may result from incorrectly configured static addresses. Error: The computer account ‘DAG01′ could not be validated. Access was denied. Check that the current user (NT AUTHORITY\SYSTEM) has permissions to create computer accounts in the domain or to claim the computer account. [Server: EXCHMBX02.learnexchange.com]

A server-side database availability group administrative operation failed. Error: The computer account ‘DAG01′ could not be validated. Access was denied. Check that the current user (NT AUTHORITY\SYSTEM) has permissions to create computer accounts in the domain or to claim the computer account.




Error Statement: -

In Exchange 2013 Microsoft introduced CNO, If your DAG members are running Windows Server 2012, you must pre-stage the CNO prior to adding the first server to the DAG.
The CNO is a computer account created in Active Directory and associated with the cluster's Name resource. The cluster's Name resource is tied to the CNO, which is a Kerberos-enabled object that acts as the cluster's identity and provides the cluster's security context. The formation of the DAG's underlying cluster and the CNO for that cluster is performed when the first member is added to the DAG. When the first server is added to the DAG, remote PowerShell contacts the Microsoft Exchange Replication service on the Mailbox server being added. The Microsoft Exchange Replication service installs the failover clustering feature (if it isn't already installed) and begins the cluster creation process. The Microsoft Exchange Replication service runs under the LOCAL SYSTEM security context, and it's under this context in which cluster creation is performed.

Resolution: -

   1.  Create Computer account (CNO) and disable it.

   2.  Assign full control of the computer account to the computer account of the first Mailbox server you're adding to the DAG.

   3.  Assign full control of the computer account to the Exchange Trusted Subsystem USG.


   4.  Now try to add first exchange mailbox server and followed by second server.

Thanks,
Keep Visiting

Friday, August 16, 2013

Prevent Outlook Anywhere (aka RPC over HTTP) from being automatically configured in Exchange 2010 with autodiscover

Hi Folks,

Yesterday I came across very interesting thing in Exchange OutlookAnywhere, So I thought to share with you.

Issue: -

OutlookAnywhere getting configured automatically in outlook by restarting the outlook and it’s pop-up for credentials.

Error Message: -



”Please enter user name and Password”


Error Statement: -

Now when user trying to access the mailbox through the Outlook the Auto discover Service will send the XML Request to Autodiscover Outlook provider and Autodiscover Outlook provider have the SCP connection values which will refer the EXPR. So if user system/Site have any network latency issues which will not able to contact the local Client Access Array Server which will route the connection to RPC over HTTPS. Due to the connection routed to Internet outlook will through the Pop-up for entering the Credentials.

Resolution: -

While troubleshooting the Outlook Pop up issue, I have verified the outlook settings and connection status the outlook getting configured Outlook Anywhere feature by automatically using Auto discover settings.

This is common behavior in Exchange, Once enabled the Outlook AnyWhere feature on Exchange Client Access server.

Once Prepare active directory has been completed below three entries are getting created automatically in Active Directory on the below location.

        1.    EXPR
        2.    EXCH
        3.    WEB

DistinguishedName    : CN=EXPR,CN=Outlook,CN=AutoDiscover,CN=Client Access,CN=ORG,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=domain,DC=com

The EXCH setting references the Exchange RPC protocol that is used internally. This setting includes port settings and the internal URLs for the Exchange services that you have enabled.

The EXPR setting references the Exchange HTTP protocol that is used by Outlook Anywhere. This setting includes the external URLs for the Exchange services that you have enabled, which are used by clients that access Exchange from the Internet.

The WEB setting contains the best URL for Outlook Web Access for the user to use. This setting is not in use.

Microsoft documented Deployment Considerations for the Autodiscover Service in:



For Single User Issue: -

1.    Verify any old user account password was saved in User account Managed Password Settings, If you found something please delete it.

Start ---->Control Panel ---->User accounts --->Managed Accounts ----->Advanced ----->Manage Passwords.



Multi-User Issue: -

     1.    Verify whether you have any Certificate issue by login to Exchange server.

Exchange Management Console ---->Server Configuration ----> Certificate.

     2.    If OutlookAnywhere authentication is mismatching with TMG OutlookAnywhere Web Publishing Rule Outlook will through Password Pop-up, Please make sure if you have setup NTLM authentication in Exchange servers TMG Rule should be in NTLM authentication.


    3.    Verify Outlook Provider have been configured any Server Name and Certificate Principal name by following command.

Get-Outlookprovider |FL Server, CertPrincipalName


     4.    If you found any entry by running above command, we need to remove the Server and CertificatePrincipalName which will prevent automatic configuration of Outlook Anywhere.

Get-OutlookProvider| Remove-OutlookProvider.


What is the Impact?: -

Once you removed Outlook Provider, autodiscover service will not connect to SCP connection which will lose of OOF,Free/Busy Information and Offline Address Book download.



Further Troubleshooting on this issue, I found a way to avoid Outlook Anywhere configuring automatically.

As I said above EXPR references the Exchange HTTP protocol that is used by Outlook Anywhere. This setting includes the external URLs for the Exchange services that you have enabled, which are used by clients that access Exchange from the Internet.

So we will remove EXPR Outlook Provider entry.

Remove-OutlookProvider -Identity "EXPR"

Once you removed EXPR reset the IIS for immediate effect or wait 15 minutes for AD Replication.


How to Confirm: -

1. Re-configure Outlook 2007/2010 profile.
2. Verify Outlook Anywhere will be disabled.

3. You can re-configure Outlook Anywhere by manually to access it.



Thanks

Keep Visit.