O-Xchange Notes from the Field!

Wednesday, February 19, 2014

Disable Outlook Auto-Mapping with Mailboxes

If you wish to give a user full access to a mailbox, but do not want to have the mailbox auto-map into the users Outlook profile, assign the full access permission with with the -AutoMapping parameter.

Add-MailboxPermission mailboxname -user username -accessrights fullaccess -AutoMapping $false

The attempt to connect to http://server/powershell using "Kerberos" authentication failed: Connecting to remote server failed with the following error message: The WinRM client cannot process the request because the server name cannot be resolved

Error message: The attempt to connect to http://server/powershell using "Kerberos" authentication failed: Connecting to remote server failed with the following error message: The WinRM client cannot process the request because the server name cannot be resolved

Resolution: Try any of the options below
  
Option 1: 
Close console
Delete:  "C:\Users\[User Profile]\AppData\Roaming\Microsoft\MMC\Exchange Managment Console"
Try connecting again. It should re-query the servers

Option 2:
Close EMC
Delete the following registry value from the server: 
  HKCU\Software\Microsoft\ExchangeServer\v14\AdminTools\NodeStructureSettings
Reopen your EMC .

Option 3
If you know a working server's name, launch the console
Right Click on Microsoft Exchange, Click on Add Exchange forest
Under specify the FQDN or URL running the remote powershell instance, type the fqdn of the server

Click OK

Tuesday, February 18, 2014

Cannot install the Exchange 2013 Management Tools after Removing the Exchange 2010 Management Tools.

Scenario:  When attempting to install the Exchange 2013 Management Tools, the Exchange 2013 setup GUI shows the Management Tools as checked and grayed out even though the Exchange 2010 management tools are no longer installed on the computer.

Resolution:  Install the Management Tools from Powershell. From the Exchange Install directory, execute the following:

.\setup.exe /Role:ManagementTools /IacceptExchangeServerLicenseTerms


Some Controls aren't valid .“please specify an existing role(s) to uninstall” when uninstalling Exchange 2010 Management Tools

Scenario:  When uninstalling the Exchange 2010 management tools through Add/Remove Programs on my local computer, I ran into this error:

Some Controls aren't valid .“please specify an existing role(s) to uninstall”

Resolution:  
1. From command prompt navigate to the Bin Directory in your Exchange Install Path;  
CD C:\Program FIles\Microsoft\Exchange Server\V14\Bin

2. Run:  setup.com /mode:uninstall


By O-Xchange Members

Monday, February 17, 2014

Receiving "You don't have sufficient permissions" when editing Distribution List membership/owner

Scenario:  You receive the following error message when editing the members/owner of a group in powershell:
You don't have sufficient permissions. This operation can only be performed by a manager of the group.


Resolution:  Use -BypassSecurityGroupManagerCheck in the powershell command.

Adding member to Distribution List
Add-DistributionGroupMember "<Distribution Group Name>" -Member <User Name>
-BypassSecurityGroupManagerCheck

Setting the owner of a Distribution List
Set-DistributionGroup -Identity "<Distribution Group Name>" –ManagedBy <User Name>
-BypassSecurityGroupManagerCheck

Recommendations to avoid IOS Calendar Corruption with Exchange Mailboxes

Scenario: An entry on an IOS calendar shows incorrect times for an appointment, has disappeared, or is missing information, although the calendar entries in OWA and Outlook is correct. Specifically a single occurrence of a repeat appointment/meeting has one of the symptoms from above.

Recommendations from support:

1. Microsoft recommends running the same version of Outlook on all the computers. Mailbox owners and any delegates need to be using the same version of Outlook with the latest updates on all the computers that are used for calendaring. If you are in a mixed environment of Mac, Windows and iOS devices, each platform needs to be using the same version and each device should have the latest updates. 

2. Only one person should process meeting requests. Other people, computers or devices that receive the meeting request should ignore them, they should not delete or process them. Users should have a maximum of 2 delegates.

3. Manage your calendar exclusively from Outlook or OWA. Don't accept, decline, modify or invite others to appointments from your mobile device. You can create new appointments on your mobile device.

4. Verify that the device has the latest iOS version installed. (Please verify this before adding the Exchange account to the device. Sometimes, new devices are running an older version of iOS, so it is a good habit to confirm that all updates are applied before adding Exchange accounts)

5. To change an entire series of meetings, cancel the original meeting and create a new one. To change one instance, cancel just that meeting and create a new one to replace it. Always put an end date on a recurring meeting.

6. A "corrupt" meeting will remain that way until you delete it. If it is a recurring appointment, delete all occurrences and reschedule it.

7. When scheduling a recurring meeting, Microsoft recommends setting the end date no more than 6 months. If you need to schedule a meeting for a longer period, start a new recurring meeting.


8. Making multiple changes to recurring events can contribute to unexpected results.

Exchange Activesync Monitor for Specific Devices

Scenario:  Monitor specific ActiveSync Devices and report when a device has not made a successful ActiveSync connection for over an hour.  Report the time in local time and not Greenwich.  

Script: I ran the following Exchange PS script every hour . Depending on your requirements, you may need to manipulate or move the script around.

#Format Date to Greenwich
$currentdate = get-date
$currentdate = $currentdate.Addhours(-1)
$currentdate = $currentdate.touniversaltime()

#Pull the devices that have not connected to LastSuccessSync in over an hour
$devices = get-activesyncdevicestatistics DeviceID  | Where {$_.LastSuccessSync -lt $currentdate} | Sort LastSuccessSync | Select DeviceID, DeviceOS, deviceFriendlyName, LastSuccessSync, LastSyncAttemptTime, DeviceModel, Identity

#For the device(s) found, format the information
ForEach ($entry in $devices){
$Device = "Device: "+$entry.DeviceFriendlyName
$DeviceOS = "Device OS:   "+$entry.DeviceOS
$DeviceLastAttempt = "Last Sync Attempt (EST):   "+$entry.LastSyncAttemptTime.ToLocalTime()
$DeviceLastSync = "Last Success Sync (EST):   "+$entry.LastSuccessSync.ToLocalTime()
$DeviceModel = "Device Model:   "+$entry.DeviceModel
$DeviceIdentity = "DeviceID:   "+$entry.Identity
$DeviceIdentity = $DeviceIdentity -replace "Domain/OU/",""
$DeviceIdentity = $DeviceIdentity -replace "/ExchangeActiveSyncDevices/","_"
}

#Email the results if there is a device that has not reported in over 1 hour.
If ($Devices -ne $null){
$SmtpClient = new-object system.net.mail.smtpClient 
$MailMessage = New-Object system.net.mail.mailmessage 
$SmtpClient.Host = "smtp.domain.com" 
$mailmessage.from = ("EASMonitoring@domain.com") 
#$mailmessage.To.add("User@domain.com") 
$mailmessage.Subject = "Alert: A mobile device has not connected to e-mail in over 60 minutes."
$mailmessage.Body = "The mobile device below has not connected to e-mail in over 60 minutes.
$DeviceIdentity
$Device
$DeviceOS
$DeviceLastAttempt
$DeviceLastSync
"
$smtpclient.Send($mailmessage)
}

Thursday, February 6, 2014

Incorrect message size reported using IMAP with a Pine client

​Issue: Incorrect message size reported using IMAP with a Pine client

Synopsis: In order for Exchange to return the exact size, it must rebuild the MIME which can have a performance impact on large messages or deeply nested attachments. The default setting is to return an estimate of the size to improve performance and since most other IMAP clients don't have any problems if the size is wrong.

You can enable the exact size for everyone with:
Set-ImapSettings -EnableExactRFC822Size:$true

Or only for a specific user:
Set-CASMailbox "IMAP User" -ImapUseProtocolDefaults:$false -ImapEnableExactRFC822Size:$true

More info:

http://social.technet.microsoft.com/Forums/exchange/en-US/21adbe96-e21b-458a-8242-2c3894b9d7cf/imappopsettings-and-enableexactrfc822size-false?forum=exchangesvrgenerallegacy