Sunday, November 10, 2013

Unable to Mount Exchange 2010 Database on Hyper-V Guest MapiExceptionJetErrorOutOfMemory: Unable to mount database


Issue : On Exchange 2010 DAG database are not mounting

Error :
Couldn't mount the database that you specified. Specified database: DB1; Error code: An Active Manager operation failed with a transient error. Please retry the operation. Error: A transient error occurred during discovery of the database availability group topology. Error: Database action failed with transient error. Error: A transient error occurred during a database operation. Error: MapiExceptionJetErrorOutOfMemory: Unable to mount database. 

Resolution : 
In Hyper-V, Shutdown the Exchange VM to reset the Memory to multiple of 1024.
I reset the memory to 4096 MB and start the Exchange VM.
Now able to mount the Database.

INT Your Out of Office settings cannot be displayed, because the server is currently unavailable. Try again later

Issue
==================
Users from Outlook 2010, unable to set OOF, no issues from OWA

"Your Out of Office settings cannot be displayed, because the server is currently unavailable. Try again later"

Environment
=======================
Exchange server 2010 Sp2
Outlook 2007 


Troubleshooting steps
======================
1. Check for Address book service to ensure that connectivity for Autodiscover is fine 
2. Check for Autodiscover status from Outlook machine. Click on URL to check "Test Connectivity"
3. On Exchange server, Check Autodiscover Virtual Directory
It can be check from EMC or EMS 

Get-AutodiscoveryVirtualDirectory -id "Autodiscover (Default Web Site)" | FL *URL*
and check for both InternalURL and ExternalURL




For reference, Autodiscover FQDN URL are listed as below. Outlook Client will try to Access URLs from Internet in following order
  • https://domainname.com/autodiscover/autodiscover.xml
  • https://autodiscover.domainname.com/autodiscover/autodiscover.xml

To Set the Autodiscover from Exchange server

Ran the below commands on the server:
Set-ClientAccessServer -Identity CAS_Server_Name -AutodiscoverServiceInternalUri https://mail.domainname.com/autodiscover/autodiscover.xml

Set-WebServicesVirtualDirectory -Identity "CAS_Server_Name\EWS (Default Web Site)" -InternalUrl https://mail.domainname.com/ews/exchange.asmx

Set-OABVirtualDirectory -Identity "CAS_Server_name\oab (Default Web Site)" -InternalUrl https://mail.domainname.com/oab


Scenario
========
Exchange 2013 and Outlook 2013, where a domain joined machine with Proxy Enabled with different Mailbox credentials.


On Test machine, Administrator logins with his credential and he is able to set OOF for himself but for other users, Mail Profile created by "Control Panel" "Mail", Getting error 

"Your Automatic reply settings cannot be displayed because the sever is currently Unavaialble". Try again later


Checked
Connection Status
Test E-Mail AutoConfiguration - Working


EWS URL accessibility - Working

As per one MS KB article  , here is the reason

This problem occurs because the CAS server uses the credentials that you used to log on to Windows instead of the credentials that you used to log on to the mailbox in Outlook 2010. Because the Windows credentials do not match the mailbox credentials, the CAS server returns a "500" error code. However, the "500" error code is not an authentication error code. Therefore, no other authentication methods are tried.

and the resolution is to add WinHttpAuth in the registry editor "HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Security" if Security folder is not present you have to create "Security" folder and create WinHttpAuth key in it.



Process
  1. Click Start, click Run, type regedit in the Open box, and then click OK.
  2. Locate and then click the following registry subkey: 
    HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Security
  3. On the Edit menu, point to New, and then click DWORD (32-bit) Value.
  4. Type WinhttpAuth, and then press ENTER.
  5. In the Details pane, right-click WinhttpAuth, and then click Modify.
  6. In the Value data box, type 1, and then click OK.
  7. Exit Registry Editor.




Spoofed Address


Resolve Spoofed Address Issue

ms-Exch-SMTP-Accept-Authoritative-Domain-Sender permission on the default receive connector

Get-ReceiveConnector 'Default E2' | Remove-ADPermission -user 'NT AUTHORITY\ANONYMOUS LOGON' -ExtendedRights 'ms-Exch-SMTP-Accept-Authoritative-Domain-Sender'

or
Add-ADPermission –Identity “Default internal receive connector SPARTAN" –Deny –User “NT Authority\Anonymous Logon" –ExtendedRights ms-exch-smtp-accept-authoritative-domain-sender

or
Get-ReceiveConnector "Default ReceiveConnector" | Get-ADPermission -user "NT AUTHORITY\Anonymous Logon" | where {$_.ExtendedRights -like "ms-exch-smtp-accept-authoritative-domain-sender"} | Remove-ADPermission

Uncheck the Bypass Antispam for Authenticated user for Default Receive connector from ADSIEDIT.msc 

We run the command from the Set-SenderIdConfig -InternalMailEnabled $True and 
Set-SenderfilterConfig -InternalMailEnabled $True 

Restart the Transport service



Definition
==========
Sender ID Sender ID verifies that each e-mail message originates from the 
Internet domain from which the message claims to come by examining the sender's IP 
address and comparing the IP address to the Sender ID record in the sender's public 
Domain Name System (DNS) server. The Sender ID record in the sender's public DNS 
server is the sender policy framework (SPF) record. The SPF defines the IP 
addresses that are authorized to send messages for the domain in which the SPF 
record resides. When the receiving system queries the SPF record, and a "Pass" 
status is returned, the receiving system has a higher assurance that the message is 
not being spoofed by an illegitimate sender.
You can specify how the Sender ID agent handles temporary errors, such as DNS 
failures, when it performs an SPF query. 

For more information, see Sender IDSender ID 




Saturday, November 9, 2013

Brief Info about Checksum Offload

Brief Info about Checksum Offload
----------------------------------------------
When data comes in through a network, it's "checksummed," meaning the data is checked against a checksum (or validation code) in the headers in the packets it was delivered in. If the data and checksum don't match, the packet is determined to be bad and has to be retransmitted. 

To speed things up, some network cards can "offload" the checksumming, i.e., perform the checksumming on the network card itself, rather than leave the job to the CPU. This frees up the CPU to do that much more work on its own and on a server with extremely high network throughput that much CPU savings can add up. 

Windows 2003 Server and Windows 2008 server both have driver-level support for checksum offloading in many network cards (that is, when the card itself also supports it). However, sometimes this causes the network link on the computer in question to drop unexpectedly. And you may experience communication issues with DCs, GCs and clients.

===============================================================

from : Disable checksum offloading to resolve network slowdown caused by Windows Firewall

Disable SMTP on Cisco firewall

Log on to the PIX device by establishing a telnet session or by using the console. 

Type enable, and then press ENTER. 
When you are prompted, type your password, and then press ENTER. 
Type "configure" terminal, and then press ENTER. 
Type "no fixup protocol smtp 25" , and then press ENTER. 
Type "write memory", and then press ENTER. 
Restart the PIX device, or reload the PIX configuration.

Please use above command carefully on your responsibility.

Exchange Attributes

Important attributes for Exchange server

from : XCON: Attributes Required to Route Messages Through the Categorizer

Legacyexchangedn
Homemdb
Homemta
mailNickname
proxyAddresses
msExchHomeServerName
msExchMailboxSecurityDescriptor
msExchMailboxGuid

PORT

PORT
=====
Port 25; Simple Mail Transfer Protocol (SMTP) 465 (SSL)

DNS 53; TCP & UDP 

Port 80; Hypertext Transfer Protocol (HTTP) 

Port 88; Kerberos TCP & UDP 

Port 102; Message Transfer Agent (MTA) 

Port 110; Post Office Protocol v3 (POP3) (995, SSL)

Port 119; Network News Transfer Protocol (NNTP) 

Port 135; Exchange administration, RPC, client server communication   
RPC 135, 445 & all 1024+ port TCP 

Port 143, Internet Message Access Protocol version 4 (IMAP4) 

Port 389, Lightweight Directory Application Protocol (LDAP) TCP & UDP 

Port 443, HTTP using Secure Sockets Layer (SSL) 

port 465 (ssmtp), 

Port 563, NNTP using Secure Sockets Layer (SSL) 

Port 636, LDAP using Secure Sockets Layer (SSL) 

Port 691, Link State T

Port 993, IMAP4 using Secure Sockets Layer (SSL) 

Port 995, POP3 using Secure Sockets Layer (SSL) 

Port 3268 – Port 3269; Global catalog lookups 


On Exchange Server
=======================
CAS server to CAS server = TCP 80 and TCP 443
Hub server to Hub server = TCP_25
Hub server to Mailbox server = Ephermal port i.e Dynamic TCP port (1024-65535)
Mailbox server to Mailbox Server  = TCP 135, Dynamic TCP (1024-65535), UDP 3343, TCP 64327