O-Xchange Notes from the Field!

Wednesday, September 24, 2014

Get-CsUser : Management object not found for identity "jdow1".

You must be wondering why a user could not be move from Lync on-premises to the cloud (LyncOnline).

This error could occur when user that is already enabled on AD and active on Lync On-premises is not mail enabled (i.e does have exchange account).

Get-CsUser : Management object not found for identity "jdow1".
At C:\Scripts\MoveUserToO365\EnableUsers.ps1:
+ Get-CsUser -Identity $usr.Identity | Move-CsUser -Target sipfed.online.lync.co
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidData: (jdow1:UserIdParameter) [Get-CsUse
    + FullyQualifiedErrorId : Identity,Microsoft.Rtc.Management.AD.Cmdlets.GetOc
16 char:1


The account should be mail enable, then try to move the user to the cloud.

For more assistance
Contact: Abu Lasisi (alasisi1@jhu.edu))

Tuesday, September 23, 2014

The error "Members can't remove themselves from security groups. Please set the group to Closed for requests to leave." when editing a distribution group.

Scenario: When editing the managers of a distribution group, this error is displayed:

Members can't remove themselves from security groups. Please set the group to Closed for requests to leave.

Resolution: Set the MemberDepartRestriction to closed for that distribution group.

set-distributiongroup  <alias of group> -memberdepartrestriction closed

Monday, September 22, 2014

Emails in users "Inbox" are automatically moved to a folder (not created by user), labeled "Junk"


A new email arrives, it sits in the "Inbox" anywhere from a few seconds to a few minutes before it moves to a folder labeled "Junk". This is not the default "Junk E-Mail" folder in Outlook/OWA.


Client has a Samsung Galaxy device configured to view users mailbox.

  1. Go into the E-Mail application on the Samsung Galaxy
  2. Press the Menu Key, select Settings, then General Settings
  3. Select Spam addresses and remove any addresses that should not be in there, such as your corporate domain.

No results display for Exchange Databases in EAC under Servers-Databases, New Mailbox Requests, and New Move Requests

Scenario:  In EAC, you notice that no databases are being displayed under Servers-->Databases. You also notice when adding a mailbox or moving an existing mailbox, no databases are being displayed there either to select.

Solution:  When attempting to open and select a database from the mailbox move request,  the error below was displayed before it returned no results.

Error:  The Exchange server for the database object "Mailbox Database 0348382938490" wasn't found in Active Directory Domain Services.  The object may be corrupted.

The database referenced was removed from Exchange, but still exists in ADSI Edit. Remove the database in ADSI Edit:

1. Open ADSI Edit in Configuration and navigate to:
-Microsoft Exchange
-<Exchange Enterprise Name>
-Administrative Groups
-Exchange Administrative Group

2. Find that database, and delete it.

Tuesday, September 16, 2014

Installing SNMP Services on remote servers via powershell

Open notepad, paste the following in notepad without the quotes.
"Get-WindowsFeature -name SNMP* | Add-WindowsFeature -IncludeManagementTools"
 then save as c:\snmpinstall.ps1

From powershell run the following.(without the quotes) Replace servername with the actual server name(s).
For more servers add additional lines as needed.

Invoke-Command -FilePath C:\snmpinstall.ps1 -ComputerName servername
Invoke-Command -FilePath c:\snmpinstall.ps1 -ComputerName servername
Invoke-Command -FilePath c:\snmpinstall.ps1 -ComputerName servername

Monday, September 15, 2014

Check for hotfix on multiple computers

Create file c:\server_list.txt with a list of the servers to check.
In powershell scripts below: Replace $Patch variable KB2982791with the hotfix your looking for.

2 Files will be created on your desktop.

Run the following from powershell
$computers = cat C:\server_list.txt
$Patch = "KB2982791"
foreach ($computer in $computers)  
if (get-hotfix -id $Patch -ComputerName $computer -ErrorAction 0)  
Add-content "Hotfix is Present in $computer" -path "$env:USERPROFILE\Desktop\Hotfix-Present.log" 
Add-content "Hotfix is not Present in $computer" -path "$env:USERPROFILE\Desktop\Missing-Hotfix.log"   


After a Database Reseed, the following error is displayed: Error: Unable to delete logs at 'C:\DB01\Logs'. The database has been seeded successfully. If any obsolete log files exist, manualy delete them to prevent database divergence.

Scenario:  During a Exchange database reseed, you get the following error when the reseed is finished:

Update-MailboxDatabaseCopy DB01\MBX02 -DeleteExistingFiles

A source-side operation failed. Error An error occurred while performing the seed operation. Error: Unable to delete logs at 'C:\DB01\Logs'. The database has been seeded successfully. If any obsolete log files exist, manualy delete them to prevent database divergence. Error: System.IO.IOException: The file or directory is corrupted and unreadable.

Resolution:  Format the hard drive and perform the reseed again.

Friday, September 12, 2014

Configure bulk Exchange 2013 servers for Unified Messaging and Unified Messaging Call Router Settings.

Configure bulk Exchange 2013 servers for Unified Messaging and Unified Messaging Call Router Settings.

Set the UMService and UMCallRouterSettings for the servers:

Get-UMService |  where {$_.identity -like 'MBXSVR*'} | Set-UMService -DialPlans dialplan1 -UMStartupMode "dual"

Get-UMCallRouterSettings |  where {$_.identity -like 'MBXSVR*'} | Set-UMCallRouterSettings -DialPlans dialplan1 -UMStartupMode "dual"

Configure the Exchange Certificate for the UM and UMCallRouter srevices.

Get-ExchangeCertificate -Thumbprint <thumbprint of Certificate> | Enable-ExchangeCertificate -services UM, UMCAllRouter,IIS

Restart the following Services on each server:  
MSExchangeUM, MSExchangeUMCR

Tuesday, September 9, 2014

Exchange 2013 Pre-Installation Steps

Below are some Pre-Installation steps when installing Exchange 2013.
1. Prepare Active Directory Schema for your install of Exchange 2013.
2. Install the Windows Features and then restart.

Install-WindowsFeature AS-HTTP-Activation, Desktop-Experience, NET-Framework-45-Features, RPC-over-HTTP-proxy, RSAT-Clustering, RSAT-Clustering-CmdInterface, Web-Mgmt-Console, WAS-Process-Model, Web-Asp-Net45, Web-Basic-Auth, Web-Client-Auth, Web-Digest-Auth, Web-Dir-Browsing, Web-Dyn-Compression, Web-Http-Errors, Web-Http-Logging, Web-Http-Redirect, Web-Http-Tracing, Web-ISAPI-Ext, Web-ISAPI-Filter, Web-Lgcy-Mgmt-Console, Web-Metabase, Web-Mgmt-Console, Web-Mgmt-Service, Web-Net-Ext45, Web-Request-Monitor, Web-Server, Web-Stat-Compression, Web-Static-Content, Web-Windows-Auth, Web-WMI, Windows-Identity-Foundation

3. Install these software packages and Reboot:
a. Unified Communications Managed API 4.0 Runtime
b. Microsoft Office 2010 Filter Pack 64 bit
c. Microsoft Office 2010 Filter Pack SP2 64 bit

4. Proceed with the install of Exchange 2013.

Friday, September 5, 2014

Outlook just hangs when trying to open outlook on one windows computer, but can open on another windows system.

User is on exchange server, running outlook 2013/2010.
Creating a new outlook profile does not fix the issue.

Rebuild windows profile and create new outlook profile.

This is just a quick solution, rebuilding the windows profile many times is much quicker than going through many troubleshooting steps.




Thursday, September 4, 2014

Clearing out a corrupt transport queue.

MSExchange Transport Service will not start. Application eventlog has logged Source ESE, EventID 529 with this in the details. bytes failed verification due to a corrupted checksum log record. The read operation will fail with error. If this condition persists, restore the logfile from a previous backup.

Stop the MSExchange Transport Service

Go to C:\Program Files\Microsoft\Exchange Server\V14\TransportRoles\data\Queue\ (if installed in default location)

Create New folder OLDQueue,

Move all files in the Queue folder to new OLDQueue folder.

Start the MSExchange Transport Service

A new database will be created and your queue will be cleared.

Exchange Queue Error: 451 4.4.0 dns query failed. the error was dns query failed with error ErrorRetry

Scenario:  You receive complaints that users are experiencing the following symptoms with their Exchange 2013 mailbox:

  • Outlook:  Messages are getting stuck in the OutBox when sending
  • OWA: Messages are getting stuck in the Drafts Folder when sending

During investigation, you run this command: get-queue -server ExMbx1 | FL Identity, Status, MessageCount, LastError and find all of the queues on that transport server have a high MessageCount and this LastError:  451 4.4.0 dns query failed. the error was dns query failed with error ErrorRetry

You have verified your DNS settings on the network adapter are correct and you were successful at using NSLOOKUP to resolve the MX record of one of the domains that you are having trouble with (instructions below on how to do this).

NSLOOKUP instructions:
1. From command line, type nslookup
2. set q=mx    (or  set type=mx)
3. domain.com

Cause:  Exchange transport service allows you to set and use external and internal dns servers different from network card dns settings. Internal DNS server setting was pointing to dns servers that were decommissioned

Solution:  Remove the custom DNS entries in Exchange. This makes Exchange use the network adapters DNS. Follow the steps below to resolve via EAC or PowerShell

Via EAC:
1. Once in EAC/ECP, navigate to Servers and open the server properties.
2. Click on DNS Lookups.
3. Make sure the Internal and External DNS lookups are set correctly.  The internal and External DNS settings need to match DNS setting on the network card IP configuration. Type the current DNS settings or leave it blank. Blank forces Exchange transport service to use network card DNS setting

Via Shell:
1. Use get-transportserver ExMbx1 | FL *DNS* to verify your settings.
2. You want to use the set-transportserver command to set it back to all network adapters or change the custom IP Range.

For Example:  You may wish to change the Internal DNS to use all network adapters and not custom by running:
set-transportserver ExMbx1 -InternalDNSProtocolOption Any

OR type the following to set it to Null

set-transportserver ExMbx1 -InternalDNSServers $null

Wednesday, September 3, 2014

Add a new email address to mailboxes in bulk

This one liner reads a list of user names from a text file, fetches the current set of proxy email addresses, and adds a new “test.com” SMTP email address to each mailbox.

Get-Content Users.txt | Get-Mailbox |% {$_.EmailAddresses.add("smtp:$($_.SamAccountname)@test.com"); Set-Mailbox -Identity:$_.Identity -EmailAddresses:$_.EmailAddresses}

Tuesday, September 2, 2014

Block Activation of Database Copies on an Exchange Server

Scenario:  We need to block database copies on a server from Activation as these servers are being worked on.  Activation is the process of changing a mailbox database copy from a passive copy to an active copy. Activation occurs automatically by the system as part of a database or server failover operation, and it can be performed manually by an administrator as part of a database or server switchover operation. Blocking a database for activation prevents it from becoming the active copy during a database or server failover.

Run the following command to block activation:

For a single server:  
Set-MailboxServer -identity MBX1 -DatabaseCopyAutoActivationPolicy Blocked

For multiple Servers (One liner)
Get-MailboxServer MBX* | Set-MailboxServer -DatabaseCopyAutoActivationPolicy Blocked

Run the following command to unblock activation:

For a single server:  
Set-MailboxServer -identity MBX1 -DatabaseCopyAutoActivationPolicy Unrestricted

For multiple Servers (One liner)
Get-MailboxServer MBX* | Set-MailboxServer -DatabaseCopyAutoActivationPolicy Unrestricted