O-Xchange Notes from the Field!

Thursday, April 21, 2011

Granting write permission for calendar sharing with OWA 2010

The calendar sharing feature introduced in Outlook Web App 2010 (OWA) allows a user to grant access to their calendar to another user. To access the option, click on the Share option when in the Calendar and then on Share This Calendar. You’ll then be able to select the user(s) that you want to share your calendar with and define the level of information you want the recipient to be able to see in your calendar.

Recovering from an Exchange 2007 CCR “Split Brain” Situation

 Recovering from an Exchange 2007 CCR “Split Brain” Situation
http://marksmith.netrends.com/Lists/Posts/Post.aspx?ID=16

Using recovery storage groups in Exchange 2007

Using recovery storage groups in Exchange 2007
 

Internal support function returned an error sending to Distribution list

Issue:  Customer reported “Internal support function returned an error sending to Distribution list”
Resolution:
There is a duplicate, one-off contact in the DL, containing the Internet address for a member of the Microsoft Exchange Server Global Address List (GAL).
Do not use the identical display name for one-off contacts in a DL that also have Internet entries in the GAL.
Customer is advised to re-create the distribution list in Outlook

Sharing a calendar in Outlook Web App 2010

Sharing a calendar in Outlook Web App 2010

Note: The outlook web parts URL that worked in Exchange 2008 will not work for Exchange 2010. Please use the link below for a step by step to configure Calendar sharing in Outlook Web App 2010

Monday, April 18, 2011

sufficient permission error on Exchange 2010 Distribution Groups

Reference:
 

Understanding RBAC in Exchange 2010

Role-Based Permissions in Exchange 2010
 
 

configure RBAC for restoring mailboxes to recovery database

request/issue: customer wants to be able to restore mailboxes to recovery database

recommended solution:
step 1: Find which role has the role entry
use this cmdlet to find out:
Get-ManagementRoleEntry "*\Restore-Mailbox" | fl Name,Role
result:
Name : Restore-Mailbox
Role : Disaster recovery
step 2: Create a new role for eg ServerAdmins-Restore-Mailbox that inherits all the permissions of 'disaster recover' built in role
for eg New-ManagementRole -Name 'ServerAdmins-Restore-Mailbox' -Parent 'Disaster recovery'
 Step 3: Add the newly created role to the role group using shell or ECP

Note: You can choose to ONLY allow restore-mailbox cmdlet to the "serveradmins-restore-mailbox" role
by using this command:

Add-ManagementRoleEntry "ServerAdmins-Restore-Mailbox\restore-mailbox"
use this command to view the mgmt role entries for the newly created role "serveradmins-restore-mailbox"
Get-ManagementRoleEnty "serveradmins-restore-mailbox\*"

Shared Exchange Mailbox: Read Only Access

Read only access to a Shared Exchange Mailbox can be granted to individuals using the Microsoft Outlook client. Instructions for Outlook 2010 and Outlook 2007 are included below. Reference: http://its.vanderbilt.edu/Vmail/SEM/read-only

Tuesday, April 12, 2011

Display name in AD doesn't match mailbox name in Outlook

Issue: Customer reported display name in AD doesn't match mailbox name in Outlook. Customer wants display name in AD to display as mailbox name in Outlook
 
resolution: Re-created customer's Outlook profile to resolve the issue

Tuesday, April 5, 2011

you do not have sufficient permission to perform this operation on the object

Issue: Customer was getting this error message " Changes to the public group membership cannot be saved. you do not have sufficient permission to perform this operation on the object
Finding: Users(owners) who managed groups were put in a universal distribution/security group called grp-groupname. In AD console, the groups were added as managers under the managed by tab. This worked ok in Exchange 2007. However, group owners that are migrated to Exchange 2010 get permission errors trying to add a member to the group via Outlook 2007/2010. Exchange 2010 console now has managed by property beneath newly added group information tab. By so doing, one can't use groups to manage security/distribution group, mail enabled or not. Exchange 2010 console shows the grp-groupname as object not found.
This problem doesn't apply to groups that only 1 owner assigned.
Resolution: While in exchange mgmt console, Add the owners of the group under managed by property of Group information tab. Note that this will upgrade the group to exchange 2010 group. Only Exchange 2010 groups can allow multiple owners of the mailbox. Customers that want multiple owners for a group will need that group upgraded. Another way to upgrade a group is by using this powershell cmdlet. You must do this in exchange 2010 shell
set-distributiongroup -Name -forceupgrade

Chrome browsers slow in loading OWA 2010 behind TMG

We have noticed that Chrome browsers have significant delay in loading websites through a reverse proxy server like TMG. Issue: There is a new feature in Chrome called SSL False Start which is supposed to speed up your SSL connections. Unfortunately, the end result against sites published by TMG is they don’t ever load unless the user manually refreshes the page a 2nd time. Keep in mind this applies to any SSL website published by TMG and accessed by a user with Chrome, not just Lync Web App or Outlook Web App. There is also an issue open on Google Code about this problem, http://code.google.com/p/chromium/issues/detail?id=67617, but there is no server-side fix. At this time the only solution is to modify the Google Chrome shortcut to disable the SSL False Start feature. Just modify your shortcut to be “chrome.exe -disable-ssl-false-start” and all is well. Reference: http://www.confusedamused.com/tags/tmg/ Lync Web App and TMG Hangs January 24, 2011

Get all mailboxes with IMAP enabled using powershell

To get all mailboxes with IMAP enabled using powershell, use the command below Get-CASMailbox -resultsize unlimited | where {$_.IMAPEnabled} | select Name, SamAccountName

Use Netstat to select specific strings

Use Netstat to select specific strings, in this case Ip address 192.168.1.2, port 993: use the command below: netstat -ano | Select-String 192.168.1.2:993

Grant send-on behalf to distribution list

To Grant send-on behalf to distribution list called DL for User1: Set-DistributionGroup -Identity "DL" -GrantSendOnBehalfTo "User1"

The Black Hole Method in Exchange

Create distribution list with no members. Emails sent to this DL will go into blackhole and won't NDR. Exchange silently deletes them.

Changing the default address book in Outlook

How to change the default address book in Outlook http://office.microsoft.com/en-us/outlook-help/change-the-default-address-book-watch-and-learn-HA010252526.aspx

Automatically Check Your Spelling Before Sending In Outlook 2007

Automatically Check Your Spelling Before Sending In Outlook 2007 go to this link: http://www.lockergnome.com/windows/2007/08/29/automatically-check-your-spelling-before-sending-in-outlook-2007/

Automatically Spell Check Emails Before Sending

Automatically Spell Check Emails Before Sending: go to this link http://www.addictivetips.com/windows-tips/outlook-2010-automatically-spell-check-emails-before-sending/

Friday, April 1, 2011

Balancing Active Databases

Server reboots, Domain Controller issues and other interruptions can cause databases to fail-over to another healthy database in the DAG. Since our DAG was designed to keep roughly half of the mailboxes in the Mount Washington Datacenter and the remainder in the East Baltimore Data Center it is important to be sure that the active databases are balanced and on the copy with an activation preference of 1.

To help with this, Exchange 2010 SP1 includes the script RedistributeActiveDatabases.ps1.

To use this script logon on to a Mailbox server in the DAG and go to the scripts directory by entering the following in the Exchange Management Shell:

cd 'E:\Program Files\Microsoft\Exchange Server\Scripts'
To determine which copy each database is active, run the RedistributeActiveDatabases.ps1 script with the following syntax:

.\RedistributeActiveDatabases.ps1 -ShowDatabaseCurrentActives >C:\db.txt
This will output a list detailing the activation preference of each active database to file on the root of C: called db.txt.

After reviewing this file, you may find that some of the databases are active on lower preference copies. To rebalance them run the RedistributeActiveDatabases.ps1 script with the following syntax:

.\RedistributeActiveDatabases.ps1 -dagname <dagname> -BalanceDbsByActivationPreference -ShowFinalDatabaseDistribution -Confirm:$false
This will attempt to balance the number of active databases on each server by moving them to the copy with an activation preference of 1. Depending on how unbalanced the databases are, this may have to be run more than once.