Friday, August 22, 2014

Troubleshooting Steps : The Proxy address "MBX:0" is already being used by org/users/username

Issue : Error received when for few user tried to change the "Set as Reply" 

The Proxy address "MBX:0" is already being used by "org/users/username". Please choose another proxy address

Resolution :  From the ADSIEdit.msc, remove the Problematic address from the Attribute "ProxyAddress"

Users had been migrated from Exchange 2003 to Exchange 2010, while moving mailbox Exchange stamps mailbox for processing with MBX:0 and MBX:1 likewise

Tuesday, August 5, 2014

Cross Forest Migration

Tools

1.  Microsoft Identity Lifecycle Manager (ILM) 2007 Feature Pack 1 (FP1) 
2. MIIS
3. FIM, other 3rd party dirsync tool, etc

2. Scripts

(a) This example configures the Availability service to retrieve per-user free/busy information on a Mailbox server in the target forest.
Get-MailboxServer | Add-ADPermission -Accessrights Extendedright -Extendedrights "ms-Exch-
EPI-Token-Serialization" -User "<Remote Forest Domain>\Mailbox servers"

Add-AvailabilityAddressSpace -Forestname ContosoForest.com -AccessMethod PerUserFB -UseServiceAccount:$true

(b) To configure bidirectional cross-forest availability, repeat these steps in the target forest.

If you choose to configure cross-forest availability with trust, and also choose to use a service account (instead of specifying organization-wide or per-user credentials), you must extend permissions as shown in the example in the "Use the Shell to configure trusted cross-forest availability with a service account" section. Performing that procedure in the target forest gives Mailbox servers in the source forest permission to serialize the original user context.
(c) This example configures trusted cross-forest availability with a service account.
Get-MailboxServer| Add-ADPermission -Accessrights Extendedright -Extendedright "ms-Exch-EPI-Token-Serialization" -User "<Remote Forest Domain>\Exchange servers"

This example sets the organization-wide account on the availability configuration object to configure the access level for free/busy information in the target forest
Set-AvailabilityConfig -OrgWideAccount "Contoso.com\User"

This example adds the Availability address space configuration object for the source forest.
$a = Get-Credential (Enter the credentials for organization-wide user in Contoso.com domain)
Add-AvailabilityAddressspace -Forestname Contoso.com -Accessmethod OrgWideFB -Credential:$a


From Microsoft Technet : http://technet.microsoft.com/en-us/library/bb125182(v=exchg.150).aspx
from Blog :http://blogs.technet.com/b/ucedsg/archive/2010/04/22/how-does-federated-calendar-sharing-work-in-exchange-2010.aspx
Four things needed to get you started:
1) Obtain a X.509 certificate from a Trusted Root CA (GoDaddy, Entrust, etc) for use with Microsoft Federation Gateway (MFG) for signing and encrypting delegation tokens.  (more here). Here is a list of Trusted Root CAs that MFG is aware of here.
2) Create a Federation Trust using cmdlet with the MFG (more here):
New-FederationTrust
3) Provide domain ownership by creating a DNS TXT record similar to (more here):
Contoso.com IN TXT AppId = 1C2
4) Add your SMTP domains (other Exchange Orgs) and add Federated domains to trust calendar information with (other org must accept) using cmdlet (more here):
Set-FederatedOrganizationIdentifier  - to enable your SMTP domains for federation sharing with the MFG
Add-FederatedDomain – to add other External Orgs to share calendar information with

Thursday, July 31, 2014

The trust relationship between this workstation and the Primary domain failed

Issue : The trust relationship between this workstation and the Primary domain failed

Resolution : 
On Windows Server 2008 R2

Login to machine with local admin account and open Windows Shell "Run as Administrator" 

and run this command and then log off and try login with Domain credentials

NETDOM RESETPWD /Server:enteryourDCFQDN /UserD:domain\accountwithprivilege  /PasswordD:enteryourpassword

Alternatively, you can run the following command from shell also

Reset-ComputerMachinePassword -server yourDCFQDN -confirm

and for WINDOWS 7
Disjoin and Join Computer from Domain and that will resolves the issue


Tuesday, July 8, 2014

RpcClientAccessServer Exchange 2010 FAQ

Why there is a "Microsoft Exchange RPC Client Access" service in CAS and MBX server ?

Public folder connections from an Outlook client occur against the RPC Client Access service on the Mailbox server role. It is optional on a Mailbox server, only required for Outlook public folder access. 




How to point RPC Cas service  to Newly created Database ?
Get-Mailboxdatabase | Set-Mailboxdatabase -RpcClientAccessServer "CASArrayname.domain.com"

Setting Static RPC ports for MAPI and Directory Access ?
By default you need to open the TCP 135 EndPointMapper and the Dynamic RPC range TCP 1024-65535 between your internal Client network and the CAS server or Arrays and your Mailbox servers.

On CAS servers, for Mailbox connections, add D-Word TCP/IP Port" and set the value 55000, 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSExchangeRpc\ParametersSystem


also from
Microsoft.exchange.addressbook.service.exe.config 
Open the file in Notepad and then change the “RpcTcpPort” value from the default assignment of “0” to the port you want Outlook clients and Exchange to use for the directory access via the NSPI EndPoint. In this article we use port 55001.


Unicast Mode

With the WNLB cluster configured in unicast mode, the MAC address of each server’s network adapter will be changed to a virtual cluster MAC address, which is the MAC address that will be used by all servers in the Windows NLB cluster. When unicast mode is enabled, clients can only connect to the servers via the VIP address on the network interface card (NIC) that has been configured with the cluster MAC address.

Multicast mode

With the Windows NLB cluster configured in multicast mode, a multicast MAC address is added to the cluster adapter of each server in the cluster. Note that I write “is added”, as each server will retain their original MAC address.
A Windows NLB cluster, no matter what mode it is configured in, works with just a single network adapter installed in each server, but it is recommended to install a second network adapter in each server, in order to achieve optimal performance, and to separate ordinary and cluster related network traffic.
So what mode should I use for my Exchange 2010 CAS array and how many network adapters should I install in each Client Access server? Well, a best practice recommendation is to install two network adapters and use unicast mode, so that the host and cluster network traffic are separated on their own respective network interface. However, if you only have the option of installing one NIC in each CAS server or if you’re forced to using multi-cast mode because of the switches used in your organization, you should pick multicast mode.

"Your Exchange Server Configuration is not supported" Error Code 3

Exchange 2013 and Sharepoint 2013
--------------------------------------
While configuring Site mailbox for Sharepoint 2013 and Exchange 2013 as per Technet Article, Configure site mailboxes in SharePoint Server 2013


and after running scripts, 


(a) .\Set-SiteMailboxConfig.ps1 -ExchangeSiteMailboxDomain domain.com –ExchangeAutodiscoverdomain autodiscover.domain.com -WebApplicationUrl https://SharepointserverFQDN -Force


Things need to take care in the above command for Switch
 -ExchangeSiteMailboxDomain      should be mentioned DomainFQDN and in option 
-ExchangeAutodiscoverDomain,     it should be Autodiscover domain
To findout Autodiscover domain, Run the following command from Exchange Management Shell
(a) Test-OutlookWebServices -id emailaddress.com
(b) Get-WebServicesVirtualDirectory
and 


And then run the following Scripts
(b) .\Configure-EnterprisePartnerApplication.ps1 -ApplicationType Sharepoint –AuthMetadataUrl  https://sharepointFQDN.domain.com/_layouts/15/metadata/json/1






we are getting error

The Hub Site Mailbox
 "Your Exchange Server Configuration is not supported"

Correlation ID : 3e55a09c-fc49-8040-e119-a2722ea02855, Error Code 3


Your Exchange Server Configuration is not supported

Please note that Correlation ID might be different for each Sharepoint Site so good to be looked into the Error Code

In my case, i found out that .\Set-SiteMailboxConfig.ps1 Script switch -ExchangeSiteMailboxDomain "Email address" , Changing the switch ExchangeSiteMailboxDomain to "Domain.com", 

It Resolves the issue

Saturday, July 5, 2014

What Is RPC

What Is RPC?
RPC is an interprocess communication (IPC) method that is used by clients and servers to communicate with each other. Simply put, RPC is used by programs, typically on a client computer, to execute a program on a server computer. For example, Microsoft® Outlook® clients communicate with Microsoft Exchange Server using RPC. The client computer sends a message to the server computer with certain arguments. The server responds to the client with a message that contains the results of the executed program.
Integral to this process is the endpoint—the name, port, or group of ports on a computer that is monitored by a server for incoming client requests. More specifically, it is a network-specific address of a server process that is used for RPCs.
The Endpoint Mapper, which is part of the RPC subsystem, is responsible for responding to the clients’ requests to resolve dynamic endpoints. In some situations, Endpoint Mapper is also responsible for dynamically assigning endpoints to servers.
Another important RPC component is the Locator Service. It maintains a list of RPC services and servers on the network. A Windows® client connects to the domain controller over the Server Message Block (SMB) ports (TCP 139 and 445) and searches for RPC services or servers through the Locator Service.
Most built-in Windows services communicate with each other using RPC. For example, certificate services, DCOM, FRS, MSMQ, MAPI, and Active Directory® Replication Service use RPC for communication. Therefore, if the RPC service is not functioning properly on a network, you may experience any number of communication problems.

from : http://technet.microsoft.com/en-us/magazine/2007.07.howitworks.aspx

Thursday, July 3, 2014

Exchange 2010: How to Delete the First Database and Move the System Mailboxes

Before removing the Last Database from the system Confirm the location
(a) Transaction log file
(b) Catalogue file


The First database contains the SystemMailboxes which are the Arbitration mailbox(es).
We have to move these system mailboxes to another database before of remove the Default Database.
1. Find the Arbitration Mailbox using the Exchange Management Shell (EMS):
Get-Mailbox -Arbitration | Where {$_.Name -like "SystemMailbox*" } | ft –wrap

2. Now create a new move request in order to move the system mailboxes to another mailbox database:
New-MoveRequest -Identity "SystemMailbox{1f05a927-32d1-4e19-8ea5-67eba859f541-yourGUID}" -TargetDatabase "dbxxxx"
3. Verify whether the move request completed:
Get-MoveRequest
4. Now remove the move request
Remove-MoveRequest -Identity "the name of the request like Microsoft Exchange Approval Assistant"