O-Xchange Notes from the Field!

Wednesday, December 30, 2009

customer can't find emails moved at the root level-IPM tree

Customer did a search and able to find it in ipm_subtree folder. Customer had moved messages to the root of the mailbox(ipm tree). To find these messages:
You can find these messages by doing a “find” at the root level.
Right-click mailbox-username in the left pane and chose “Advanced Find” and then the “advanced” tab
Chose the “field” dropdown and select “all mail fields” and then “in folder”
Make the value “IPM_SUBTREE” and click “find now”

Monday, December 28, 2009

Set maximum number of days in resource calendar to 365days

To do this, You will need to open the resource mailbox via owa 2007
Note:To use this features, you must be granted FULL ACCESS to another user's mailbox or resource mailbox that you want
to open
To open the resource mailbox:
1. Please login to OWA
2. Click on your name in the upper right corner of the window:
3. In the “Open Other Mailbox” dialog box, please enter the name or email address of the mailbox that you want to open:
4. If more than one matching entry is found, Outlook Web Access will list them all.
5. Choose the mailbox to open. The mailbox will open in a new window.
6. Click on Options on the upper right hand corner next to the mailbox name
7. Click on resource settings on the left
8. On the right, type 365 for the maximum number of days:
9. Click on Save
10. You 're done
If the mailbox doesn’t open and you get the following error message instead:
"You do not have permission to open this mailbox. Contact technical support for your organization for access or for more information.",
then you need to make sure that you were granted FULL ACCESS to that mailbox.

Tuesday, December 22, 2009

How to determine organization name in Exchange 2007

To find exchange organization name in Exchange 2007, use powershell and type this:

Tuesday, December 8, 2009

Gain System Level Access in Windows XP

To gain system level access in Windows XP, read this article
you will need system level access to be able to clear domain cached credentials. These are stored as hashes in the local systems registry
after gaining system level access, delete NL$1 through NL$10

Clear Domain cached credentials in Windows XP

To  clear domain cached credentials in Windows XP, do either of the following:
A. use rundll32.exe keymgr.dll, KRShowKeyMgr
B. Start>Run>control userpasswords2>Advanced>Manage Passwords.

Thursday, November 19, 2009

underline is activated automatically on creating new message

Issue: Customer complained that each time she clicks on New mail message in Outlook, the underline is activated and everything she types gets underlined
To resolve, click on tools, options, mail format, stationery/fonts, Personal stationery
under New mail messages, click on Font, underline style, choose none and click Ok, OK and exit options

Thursday, November 12, 2009

Cannot send email to a distribution list

Issue: Customer called to inform that she was getting the error below when sending to a distribution list in Exchange server. User's mailbox is homed on another mail server

Your message wasn't delivered because of security policies. Microsoft Exchange will not try to redeliver this message for you. Please provide the following diagnostic text to your system administrator.


1. Find the Distribution list in Exchange using the mgmt console
2. Right click on it, properties, mail flow settings
3. Double click on Message delivery restrictions
4. Uncheck require that all senders are authenticated box and click ok
5. You have now resolved the issue

Monday, November 2, 2009

cannot open Notes in OWA 2007

Issue: customer reported not being able to open notes from OWA 2007, using Internet Explorer

Synopsis: Customer creates a note in outlook 2007. tries to open the notes using external servername from Internet explorer. The error below is displayed, trying to access the note

Exception type: System.Web.HttpCompileException
Exception message: c:\Program Files\Microsoft\Exchange Server\ClientAccess\Owa\forms\CommVault\readmessage.aspx(35): error CS0154: The property or indexer 'Microsoft.Exchange.Clients.Owa.Core.UserOptions.ComposeFontName' cannot be used in this context because it lacks the get accessor

Note that Customer can open this note if using Chrome or Firefox browsers respectively

Workaround Solutions:

The external servername sends traffic through the ISA server. We are trying to figure out a way to resolve this

workaround solution A:

use firefox or Chrome browser

Workaround solution B:

if customer is using Internet explorer, advise customer to use https://externalservername/owa to access webmail

Note: This issue applies to OWA 2007(webmail) users

Tuesday, October 27, 2009

Assign send-as, receive-as and administer info store permissions

Assigning send-as, receive-as, and administer information store permissions to a user account, for eg besadmin
use this powershell script:
get-mailboxserver "servername" | add-adpermission -user besadmin -accessrights GenericRead, GenericWrite -extendedrights Send-As, Receive-As, ms-Exch-Store-Admin

Monday, October 26, 2009

Configuring Exchange Impersonation

Exchange Impersonation enables a caller to impersonate a given account so that a caller can perform operations by using the permissions that are associated with the impersonated account instead of the permissions that are associated with the caller's account. Microsoft Exchange Server 2007 provides two Active Directory directory service extended permissions that are used to determine which callers can perform Exchange Impersonation calls and which accounts can be impersonated by the caller.
This procedure grants fasapprov1 permission to impersonate fasaptest1
Add-ADPermission -Identity "username" -User "Username2" -extendedRight ms-Exch-EPI-May-Impersonate
See article link below to see step by step configuration instructions

Wednesday, October 21, 2009

Exchange is unable to mount the database that you specified

Issue: Exchange is unable to mount the database that you specified. Specified database: Server\EXVS25SG1\Mailbox; Error code: MapiExceptionCallFailed: Unable to mount database. (hr=0x80004005, ec=-2147467259)


Error was due to lag in AD replication. Whenever a new mailstore is created, it updates the config in AD. Trying to mount too soon may reproduce the error stated above. So wait about 5 to 10mins and try to mount it again. It should mount OK

Tuesday, October 6, 2009

How to exclude domain controllers from AD access list in Exchange

Exchange server 2007 relies extensively on Active directory. All directory lookups are done using the MS Exchange AD topology DS access service.
For optimal lookups performance in exchange, use this powershell script to exclude some domain controllers that are not required for optimal directory lookups and performance. You will choose the DC exclusion list based on the datacenter your exchange servers are homed. Note that The excluded domain controllers list is based on recommendations from the Active Directory team:
This script must be run in Exchange 2007 management shell. It's recommended that you run this script on all your exchange servers.

Set-ExchangeServer -Identity exchsrv1 -StaticConfigDomainController $null -StaticDomainControllers $null -StaticGlobalCatalogs $null -StaticExcludedDomainControllers dc1.domain.com,dc2.domain.com
Step by Step Configuration Steps:
1. Run the powershell script on the active node of your cluster. Remember to use the exchange server cluster name as the identity for Set-Exchangeserver command
2. Restart MSExchange Topology service. This will also restart transport log search, service host, search indexer, replication service, mail submission and mailbox assistants)
3. Verify by going to the exchange console, right click on cluster properties, system settings. You will see only domain controllers in the list
4. Repeat the same procedure for the passive node of your cluster
4. You have completed the change

Thursday, October 1, 2009

create or renew self-signed certificate on Exchange server 2007

After creating a new hub transport server(or any exchange 2007 server), a new self-signed certificate with the server name is created
THis cert can be used to establish TLS connections. However, if service TLS setting advertises with a different FQDN, the domain name must be included during certificate creation in exchange
for eg, to create a certificate for SMTP services using 2 domain names, use the following command
get-exchangecertificate | New-ExchangeCertificate -DomainName "servername", "publicname" -FriendlyName MSExchange

the certificate will be created with multi-domain names. In this case, server name and the public name
this resolves event 12014 on a hub transport server

Thursday, September 24, 2009

Adding a new storage group to SCC cluster

Follow these steps to add a new storage group to Exchange 2007 SCC cluster
  • Using disk management tool, scan and initialize disks. format partition and create mount points as needed
  • Using Exchange management console, create storage group as needed
  • Using the Exchange console, create database for the SG, but don't mount database yet
  • using cluster administrator, create physical disk resources for the exchange virtual cluster name
  • create disk dependencies for the newly created exchange resources
  • Bring online the new resources in cluster administrator
  • check exchange management console to ensure database is mounted

Monday, September 21, 2009

Your message wasn't delivered because of security policies in Exchange 2007

Issue: Your message wasn't delivered because of security policies in Exchange 2007
Synopsis: When a user tries to send an email to a distribution group, this error maybe returned: delivery
has failed to these recipients or distribution lists. Your message wasn't delivered because of security policies in Exchange 2007
Cause: This can occur if customer/user tries to email a distribution list from outside the institution to an internal distribution list. By default only authenticated users are allowed to email a distribution list
Resolution: To allow emailing to the distribution group from outside your organization, follow these steps:
1. Open the Exchange Management Console
2. Expand Recipient Configuration
3. Click Distribution Group
4. Double click the distribution group
5. Select the Mail Flow Settings Tab
6. Double click Message Delivery Restrictions
7. Uncheck "Require that all senders are authenticated"
8. Click OK

Settings are immediately effective ,so it should work right away.

Wednesday, September 16, 2009

How to Forward email sent to a distribution list

Emails sent to a Distribution list can be forwarded to another email address.
for eg, if you want emails sent to a distribution group to be forwarded to a mail enabled Sharepoint folder on a Sharepoint site, you can simply achieve your goal by following the steps below:
1. Create a contact for the sharepoint folder email address, for eg test@domain.com
2. Make this contact a member of the distribution list
3. You 're done. Emails sent to the DL will also be sent to test@domain.com

Tuesday, September 15, 2009

Junk Mail Error Message- Cannot add to the server Junk E-mail List

Issue: User reported this error message while opening Outlook
Error Message: Cannot add to the server Junk E-mail List, you are over the size allowed on the server.  The Junk E-mail Filter on the server will be disabled until your Junk E-mail Lists have been reduced to the size allowed on the server.
woul you like to manage your Junk E-mail List now?
get to a command prompt by Clicking on start, run, type cmd:
Outlook /cleanprofile
reboot computer

Thursday, September 10, 2009

Configure Delegate Access in Outlook

Delegate access feature in Outlook is used to grant send-on-behalf rights to an assitant by a mailbox owner. It can also be used to grant permissions as required to these default Outlook folders: inbox, calendar, journal, notes and tasks. Follow the steps below to assign a delegate for any of the default outlook folders:

Assigning delegate access:

  1. First click Tools | Options on the Outlook toolbar
           In the Options dialog box, click the Delegates tab
To add a delegate, click the Add button and select the appropriate person. You can select a delegate from any of the Outlook address lists that are available to you.
     2. After you've added the delegate, click OK and then use the drop-down lists shown in  to select the desired permissions for the delegate. The levels of permissions are:
    • None: The assigned delegate is unable to view or modify your calendar, inbox, tasks, contacts, notes or journal.
    • Reviewer (Can Read Items): The assigned delegate is allowed to read items on your calendar, inbox, tasks, contacts, notes or journal.
    • Author (Can Read And Create Items): The assigned delegate is allowed to read and create new items on your calendar, inbox, tasks, contacts, notes or journal.
    • Editor (Can Read, Create, And Modify Items): The assigned delegate is allowed to read, create, and modify items on your calendar, inbox, tasks, contacts, notes or journal.
When assigning delegate access, be careful to assign the appropriate permissions to each delegate. For example, you'll want to avoid confusion by limiting the number of people who can modify your calendar.
You may also want to assign a delegate to send emails on your behalf without being able to view the owner's mailbox.

Wednesday, September 9, 2009

Disable Automatic RUS update for a user using ADSIedit

In Exchange 2003, Recipient update service is required to update enterprise email address policy for all users. This is not required and not available for exchange 2007. under email address tab, the checkbox automatically update email addresses based on recipient policy enables rus for a user. Unchecking this box, disables rus. Below are the ad attributes used for disabling and enabling RUS for a user.
This attribute:
msExchPoliciesIncluded with this value

turns on rus update for a user.
To turn off RUS for a user, use this attribute with the value

apply activesync policy to all exchange users

Use this powershell code to apply an activesync policy to all exchange users:
 Get-Mailbox -resultsize unlimited | Set-CASMailbox -ActiveSyncMailboxPolicy(Get-ActiveSyncMailboxPolicy "Policy Name").Identity
To apply to a particular user:
set-casmailbox username -ActiveSyncMailboxPolicy(Get-ActiveSyncMailboxPolicy "Enterprise Exchange ActiveSync Policy").identity

Tuesday, September 1, 2009

User not receiving meeting requests

Issue: User complained meeting requests were not coming to her inbox
Cause: Customer had configured only her delegate to receive meeting requests
Resolution:  In Outlook, Check tools, options, delegates, ensure that my delegates only is not checked. Instead check the button with my delegates only, but send a copy of meeting requests and responses to me (recommended)

Tuesday, August 25, 2009

Outlook hides when minimized

Issue: user reported Outlook hides when she minimized Outlook and couldn't find it anywhere on the taskbar
Resolution:   Right Click on the Outlook Icon on the taskbar, Uncheck hide when minimized

Unread emails appear as read in Outlook

Issue: Customer reports that unread emails appear as read in Outlook
Software: Outlook 2007
Go to Menu bar,
Click Tools | Options | Other tab.
Click Reading P
ane. Deselct mark items as read when selection changes

Wednesday, August 12, 2009

Configuring Apple MacMail for secure IMAP

Macmail can be used to connect remotely to MS Exchange server 2007 or Exchange 2010 using secure imap protocol.
Use the following recommended settings to configure MACMAIL if your server is Exchange 2007
Account type: IMAP
Email address: your email address
Full name: your full name
Incoming Mail Server: imap.domain.com
Username: username
Password: your domain password
Port: 993 (check use SSL)
Outgoing Mail Server(SMTP): smtp.domain.com
Authentication: Password
Use the following recommended settings to configure MACMAIL if your server is Exchange 2010
Account type: IMAP
Email address: your email address
Full name: your full name
Incoming Mail Server: imap.domain.com; Port: 993 (use SSL)
Username: username
Password: your domain password
Outgoing Mail Server(SMTP): smtp.domain.com, Use port 25 or 587. Note that using port 587 requires authentication information
Authentication: Password

Wednesday, July 15, 2009

How to disable New mail desktop alert in Outlook 2007

Some users want to disable new mail desktop alert in Outlook 2007. This maybe necessary if you don't want users/customers to see your emails as they trickle in,  while you are in a meeting or presentation.
To do so, While in Outlook Click on
1. Tools, options, Preferences tab
2. Click on email options, under message handling section, click Advanced e-mail options
3. Under When new items arrive in my inbox section, uncheck display a new mail desktop alert box
4. Click ok, ok, ok and you 're done

Thursday, July 9, 2009

Use Outlook 2007 to add members to a Distribution List

occasionally, customers request that we create distribution lists.
Note:if outlook is in cache mode, customer won't see DL immediately. If in online mode, the DL is visible immediately.
To do so, you will need to find out who the DL owner is.
Phase 1
use Exchange mgmt console to create the DL.
After creation, right click the DL, properties, Group information tab
Check managed by and choose the username(owner)
Click ok to save
phase 2 
While in Outlook 2007,
Go to Tools, Address book
Type name of the distribution group in the bar and click on Go button
Right click on the group, Click on properties
The owner of the DL is displayed on the left. Only this owner and exchange administrator can add members to this DL
Click on modify members and Add members
Click Ok, Apply and Ok

Thursday, June 25, 2009

Configure Entourage to use Address Book using LDAP

Please refer to this document to configure
Entourage to use LDAP-Address book

How to restart Commvault services on a server

How to restart Commvault services on a server
 note: you will need to restart 2 instances of the service, the 64bit and 32bit accordingly
1. Find user's home exchange server
2. login to the server, and click on start, programs, commvault qnetix, galaxy, service controll manager. this is the 64bit instance click on stop
3. click on start, programs, commvault qnetix, galaxy, instance 002(this is the 32bit), service control manager, click on stop
4. Now start the 64bit instance first and then 32bit instance 5. You have now completed the restart
note: if this doesn't resolve the issue. stop the services again, go to task manager and find this process: dmrexrestore.exe and kill the process.
restart the services again.

Thursday, June 4, 2009

Working with Disconnected Mailboxes using powershell

To display mailboxes that are disconnected use the following command.
Get-MailboxStatistics -Server <server> | where { $_.DisconnectDate -ne $null } | select DisplayName,DisconnectDate
Replace <server> with the name of your mailbox server.
This gives a list of the disconnected mailboxes.

To reconnect you use the command below
Connect-mailbox –database <mailbox database name> –Identity <disconnected mailbox name> –User <User to connect to>

 The command below gives list of disconnected mailboxes on a server called Server1

Get-MailboxStatistics -Server "Server1" | where { $_.DisconnectDate -ne $null } | select DisplayName,DisconnectDate

some message tracking powershell commands for hub transport servers

some message tracking powershell commands for hub transport servers

Set-TransportServer "servername" –MessageTrackingLogMaxDirectorySize 2GB

Set-TransportServer E2K7 –MessageTrackingLogMaxFileSize 5MB

Set-TransportServer SERVERNAME –MessageTrackingLogMaxAge DD.HH:MM:SS
for eg Set-TransportServer E2K7 –MessageTrackingLogMaxAge 15.00:00:00

get-messagetrackinglog -Server "servername" -Start "1/14/2009 11:20:00 AM" -End "2/10/2009 11:20:00 AM" -resultsize unlimited | select timestamp, eventid, source, messagesubject, sender, internalmessageid, {_.recipients}, sourcecontext | export-csv c:\msgtrakcsv

creating report of all exchange mailboxes with associated information

steps to create report of all exchange user mailboxes with associated Names, server names, departments and title
(Note, you must have at least exchange recipient management rights to do this)
1. Open Exchange management shell
2. Run the Get mailbox powershell command(see below)
3. Run the Get-user command (see pshell command below). Note that this can take up to 10-15minutes to complete
4. Open MS Access and open the text files to a database and import the text files to respective tables in same database
5. While importing, use fixed width. Name the fields. Choose no primary key
6. After importing, create join between required tables
7. Run query on joined tables
get-mailbox  -ResultSize Unlimited  | ft SamAccountName, DisplayName, ServerName | out-file c:\all-EMTmboxes060309.txt

get-user  -ResultSize Unlimited | where-object{$_.RecipientType –eq “UserMailbox”}| ft SamAccountName, FirstName, LastName, Department, Title | out-file c:\allusermailboxes060309.txt

How to recover data from an old OST File in Outlook 2007

Issue: User lost calendar data from previous year and wants to recover lost data from an old OST file homed on a different computer
Steps to recover are as follows:
  • Request full access to the mailbox. An Exchange administrator will need to do this
  • Login to network. Open Outlook and create new profile with user information. Do not use auto discovery during setup. Configure manually
  • During profile setup, you will need to have the user’s server name. click on more settings, advanced settings, offline folder settings, click on browse and point to the ost file you need data restored from and click ok
  • Open outlook 2007 and choose the user’s profile you just created
  • You may get this warning message “Outlook is using an old copy of ost file, delete , close outlook and a new one will be created”. Click Ok and Click on File, Work Offline
  • Now export to .PST file by Clicking on File, Import/Export, export to a file, choose personal folder file, select desired folder to export and name the pst file and location
  • Close Outlook, delete the old .ost file. Open outlook, import the .pst file to the user’s folder on exchange server
  • Congratulations. You are done!

Outlook calendar events disappear after some months

issue:  Customer complained that Outlook calendar events disappear after some months
2 key things to check as you troubleshoot this:
a. autoarchive setting
b. mobile device synchronization
Note: Outlook does not delete things from the calendar automatically unless you have configured it to do so. 
verify autoarchive setting by Right-clicking the Calendar folder , choose Properties.  Select the AutoArchive tab and look to see if autoarchiving is enabled.  If so, disable it.

If AutoArchive is not the issue, confirm is customer synchs with a hand-held device?  That can be a contributing factor.
Mobile devices usually delete the events while the synchronization software ensures event is deleted in Outlook.

Tuesday, May 26, 2009

User Continually Receives Prompt to Log Into Microsoft Exchange Server

Issue: User is continually receiving a prompt to log into a Microsoft Exchange Server (pop-up window);
Cause: Outlook settings was configured for RPC over HTTPS(outlook anywhere). Outlook anywhere authenticates via Reverse proxy server(ISA server) and would not allow connectivity without valid login credentials. Users on domain do not need to be configured to use outlook anywhere 
follow the steps below to resolve issue:
1. In Outlook have user go to Tools -> Account Settings
2. When Account Settings Window opens click the Change Button
3. In lower right corner user should select More Settings
4. When the More Setting Window appears have them choose the Connection Tab
5. Uncheck the "Connect to Microsoft Exchange using HTTP" box located at the bottom.

Thursday, May 21, 2009

How to setup rule that enables sent items from shared mailbox show in the sent folder

While in Outlook
Go to Tools -> Rules and Alerts
Rules Wizard Pops Up
Under Step 1: Box User should select "Move messages from someone to a folder" Under the Stay Organized section
User the goes to Step 2: (Box at bottom) ->Click hyperlink "People or Distribution list" link
User the goes to Step 2: (Box at bottom) ->Click hyperlink "People or Distribution list" link 
User the goes to Step 2: (Box at bottom) ->Click hyperlink "People or Distribution list" link
Type in Name of Shared Mailbox -> Double Click Mailbox Name -> Click Ok
Go back to Step 2:  -> Select "Specified" hyperlink -> Select Sent Folder from Shared Mailbox
Click Ok
Click Finish
Click Apply

Click OK