Upgrading Exchange 2013 RTM to Latest SP and CU

To check for the current version use the following command line

Version 15.0 (Build 516.32)

Get-Exchangeserver | ft Name,Admin* -Autosize

How to upgrade your existing Exchange Server 2013 to CU7 using command-line

You will have to download CU7 pack, extract it and run the command line from CMD with administrative privileges.

http://www.microsoft.com/en-us/download/details.aspx?id=45221

Here we run the CMD as admin

Drag and drop the folder you extracted into CMD window to be able to enter into the path in order to run the setup file.

Run the following command to upgrade the existent server

Setup /Mode:Upgrade /IAcceptExchangeServerLicenseTerms

Below you can see the upgrade process to install the Cumulative Update 3.

Once the upgrade process is finished you will be able to see the new version in the cmdlet after you apply the cmdlet

Get-ExchangeServer | ft Name,Admin* -AutoSize

The version must show 15.00.1044.025

Testing Exchange ActiveSync

Testing Active Sync and fixing access issue on Exchange 2013

If you have an issue with ActiveSync on Exchange 2010/2013 and you want to troubleshoot it, First test ActiveSync from Microsoft Exchange Management shell.

You can use the following cmdlet to start

Test-ActiveSyncConnectivity -MailboxCredential (Get-Credential domain\user) -UseAutodiscoverForClientAccessServer

clip_image001

As you can see in the previous snapshot, the test failed in folder syncing part. But in order to get the full report on the failure we’ll have to add the option | fl and if you want to export the report to a text file you can use the parameter >c:\1.txt which will export the command output to a text file name called 1.txt on the C root drive.

clip_image002
clip_image003

Resolution:

As you can see the eror says “Internal server error” and if you proceed to read the error in the middle it says “Active Directory operation failed on DC.server.local. This error is not retriable. Additional information: Access is denied. Active Directory response: 000000005 up to <INSUFF_ACCESS_RIGHTS>. Searching for this error a little bit I found that it’s related to Inheritance under the user’s security advanced settings.

clip_image004
clip_image005

Once this was applied the user was able to log in from mobile without an issuedel.icio.us Tags: Exchange,ActiveSync,ActiveDirectory,Exchange Mobile.

Owa Redirection results in 401 Unauthorized access message

I have been asked by one client of mine to do a redirection to their mail.domain.com to go directly to the Owa page but after applying the redirection configuration I faced an issue.

Whenever I try to go to the OWA page using only the FQDN mail.domain.com I get a 401 unauthorized access page.

Resolution:

The solution was to add authenticated users to wwwroot with full permission and restart the IIS with noforce parameter.

OWA an unexpected error occurred and your request couldn’t be handled

OWA Displays Unexpected Error

OWA experinces an unexpected error when you try to browse and your request couldn’t be handled

Symptoms

In Exchange 2010, 2013 you might get an error in OWA when trying to access calendar.

Screenshot

Cause and Resolution 1:

This error could happen to you if you set a redirection of OWA has been configured. To fix the issue simply remove the redirect option.

Resolution 2:

Another resolution that works without turning Redirection off for default site is to turn off redirection from the Public folder.

Reference


Outlook 2007 prompting users for Credentials

OUTLOOK 2007 KEEPS PROMPTING USERS FOR PASSWORD

After migration from Exchange 2003 to Exchange 2010 outlook 2007 keeps prompting users for password:

Symptoms

After you migrate Exchange 2003 to Exchange 2010, some outlook client users keep getting prompted to enter their credentials again.

Cause

The problem might be related to the authentication method used on Outlook Anywhere. (Basic Authentication).

The recommended approach is to use NTLM authentication which keeps credentials cached.

Resolution:

Changing the authentication method of Outlook anywhere to NTLM will resolve the issue.

Ref:

https://support.microsoft.com/en-au/help/956531/outlook-2007-prompts-you-repeatedly-for-a-password-under-certain-netwo

Offline Address book Issue after migration from Exchange 2003 to Exchange 2010

OFFLINE ADDRESS BOOK ISSUE AFTER MIGRATION FROM EXCHANGE 2003 TO EXCHANGE 2010

Error: event ID: 9360 OABGen encountered an error while generating the changes.oab file for version 2 and 3 differential downloads of address list

RESOLUTION 1

Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:

322756 How to back up and restore the registry in Windows

To resolve this issue, follow these steps on the server that is running Exchange Server 2003:

  1. Click Start, click Run, type regedit in the Open box, and then click OK.
  2. Locate and then right-click the following registry subkey:
  3. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSExchangeSA\Parameters
  4. Point to New, and then click DWORD Value.
  5. Type OAL post full if diff fails to name the new value.
  6. Right-click OAL post full if diff fails, and then click Modify.
  7. In the Value data box, type 1, and then click OK.
  8. Exit Registry Editor.
  9. Dismount and then mount the Public Folder Store again. To dismount and then mount the public folder store, follow these steps:
    1. Start Exchange System Manager.
    2. Expand Servers, expand the server that you want, expand Storage_Group_Name, and then right-click Public Folder Store.
    3. Note If administrative groups are defined, follow these steps:
      • Expand Administrative Groups.
      • Expand Administrative_Group_Name.
      • Expand Servers.
      • Expand the server that you want.
      • Expand Storage_Group_Name.
      • Right-click Public Folder Store.
    4. Click Dismount Store, and then click Yes to continue.
    5. Right-click Public Folder Store, click Mount Store, and then click OK.

A new parent Legacy Exchange DN container value ‘/o=HEMA/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients’ was found during generation of the differential update file for offline address list ‘\Global Address List’. This will force clients using this offline address list to do a full download of the offline address list.

– \Default Offline Address List

Resolution 2:

If the first resolution didn’t work, try to disable version 2 and 3 OAB, then update again and see if you get any errors.

Note that this may take some time to take effect.

New Mailbox migration suspended or queued with the error below generated

Detailed Error:

Database redundancy health check failed.

Database copy: DATABASE_3

Redundancy count: 1

Error: Passive copy ‘DATABASE_3\EXCH02’ is not in a good state. Status: DisconnectedAndResynchronizing.

Name Status RealCopyQueu InspectorQue ReplayQueue CIState

e ue

—- —— ———— ———— ———– ——-

DATABASE_3\EX Disconnected And Resynchronizing 426 0 0 Healthy

CH02

DATABASE_3\EX Mounted 0 0 0 Healthy

CH01

===============

Full Status

===============

Identity : DATABASE_3\EXCH02

Name : DATABASE_3\EXCH02

DatabaseName : DATABASE_3

Status : DisconnectedAndResynchronizing

MailboxServer : EXCH02

ActiveDatabaseCopy : exch01

ActivationSuspended : False

ActionInitiator : Unknown

ErrorMessage : The Microsoft Exchange Replication service w

as unable to perform an incremental reseed o

f database copy ‘DATABASE_3\EXCH02’ due to a

network error. The database copy status wil

l be set to Disconnected. Error An error occ

urred while communicating with server ‘EXCH0

1′. Error: Unable to read data from the tran

sport connection: A connection attempt faile

d because the connected party did not proper

ly respond after a period of time, or establ

ished connection failed because connected ho

st has failed to respond.

ErrorEventId : 2058

ExtendedErrorInfo :

SuspendComment :

SinglePageRestore : 0

ContentIndexState : Healthy

ContentIndexErrorMessage :

CopyQueueLength : 426

ReplayQueueLength : 0

LatestAvailableLogTime : 14.01.2014 07:13:37

LastCopyNotificationedLogTime : 14.01.2014 07:13:37

LastCopiedLogTime : 14.01.2014 07:11:52

LastInspectedLogTime : 14.01.2014 07:11:52

LastReplayedLogTime : 14.01.2014 07:11:52

LastLogGenerated : 592826

LastLogCopyNotified : 592400

LastLogCopied : 592400

LastLogInspected : 592400

LastLogReplayed : 592400

LogsReplayedSinceInstanceStart : 0

LogsCopiedSinceInstanceStart : 0

LatestFullBackupTime :

LatestIncrementalBackupTime :

LatestDifferentialBackupTime :

LatestCopyBackupTime :

SnapshotBackup :

SnapshotLatestFullBackup :

SnapshotLatestIncrementalBackup :

SnapshotLatestDifferentialBackup :

SnapshotLatestCopyBackup :

LogReplayQueueIncreasing : False

LogCopyQueueIncreasing : False

OutstandingDumpsterRequests : {}

OutgoingConnections :

IncomingLogCopyingNetwork :

SeedingNetwork :

ActiveCopy : False

Identity : DATABASE_3\EXCH01

Name : DATABASE_3\EXCH01

DatabaseName : DATABASE_3

Status : Mounted

MailboxServer : EXCH01

ActiveDatabaseCopy : exch01

ActivationSuspended : False

ActionInitiator : Service

ErrorMessage :

ErrorEventId :

ExtendedErrorInfo :

SuspendComment :

SinglePageRestore : 0

ContentIndexState : Healthy

ContentIndexErrorMessage :

CopyQueueLength : 0

ReplayQueueLength : 0

LatestAvailableLogTime :

LastCopyNotificationedLogTime :

LastCopiedLogTime :

LastInspectedLogTime :

LastReplayedLogTime :

LastLogGenerated : 0

LastLogCopyNotified : 0

LastLogCopied : 0

LastLogInspected : 0

LastLogReplayed : 0

LogsReplayedSinceInstanceStart : 0

LogsCopiedSinceInstanceStart : 0

LatestFullBackupTime :

LatestIncrementalBackupTime :

LatestDifferentialBackupTime :

LatestCopyBackupTime :

SnapshotBackup :

SnapshotLatestFullBackup :

SnapshotLatestIncrementalBackup :

SnapshotLatestDifferentialBackup :

SnapshotLatestCopyBackup :

LogReplayQueueIncreasing : False

LogCopyQueueIncreasing : False

OutstandingDumpsterRequests : {}

OutgoingConnections :

IncomingLogCopyingNetwork :

SeedingNetwork :

ActiveCopy : True

Resolution:

To resolve this issue, check if the database which is having the issue is over 1TB and if that’s the case try to remove some users from this database to another database.

To view the users of this database using the following powershell cmdlet.

Get-MailboxDatabase “Mailbox Database 1” | Get-MailboxStatistics | Sort totalitemsize -desc | Export-CSV C:\mailboxes.csv

Installing “Only” Trend Micro 11.0 on Exchange 2013 server

This guide will show you how to installing order to Install “Only” Trend Micro 11.0 on Exchange 2013 server

You will have to make sure that before you install Trend Micro you have enough resources on the mail servers or Edge servers depending on where you are intending to install it.

Prerequisites:

  1. You will need to install Windows IIS CGI role.
  2. Net Framework 3.5
  3. Trend Micro Setup.

If you did not install CGI you will get the following error, so you must install it

clip_image001

To install it you will need to go to Add Roles and then choose and install it.

clip_image002

If Net Framework 3.5 is not install the setup won’t proceed unless you do so and you will get the following error:

clip_image003

To install Net Framework 3.5 , you can use the wizard or you can use the Powershell but you’ll need to attach Windows Server ISO File to the VM or the physical machine.

clip_image004

Setup will restart from the beginning

NetFrame work fails from the Server Manager

clip_image005

Instead, I imported the Windows 2012 r2 server ISO into the VM and ran the powershell command line

Dism /online /enable-feature /featurename:NetFx3 /All /Source:D:\sources\sxs /LimitAccess

Where D is the ISO drive name where Windows is.

clip_image006

Restarted the Trend Micro Setup and the setup is working

I already have copied the setup files on my mailbox servers, in my scenario I have 2 mail box servers which I am going to install it on.

I will launch the setup and go through the following wizard

clip_image007

As I mentioned earlier, I am planning to install it on Exchange 2013 Mailbox servers, so I will go ahead and choose Mailbox servers

clip_image008

I will click Browse and Add exchange servers and as in the following snapshot it’ll show me total server count

clip_image009

Next I will type the Exchange Admin account which I used to setup Exchange with and login to the admin Center which is also a local admin.

clip_image010

This is set by default so you will need to leave it as it is.

clip_image011

You can keep the following default settings or change the port in case it’s already used or enable SSL.

clip_image012

In my case I will enable SSL as well as it’s more preferable for security purposes.

clip_image013

Trend micro setup will check if there’s any previous instance on the target Mailbox server in order to check if it’s an upgrade or a fresh install.

clip_image014

I have no proxy so I will proceed without it.

clip_image015

I’m planning to ignore this now and register later, so you can provide the key if you already have it and want to register.

clip_image016

When you continue without activating the product you will get the following warning.

clip_image017

Depending on if you wanna be useful or not, you can just to participate with this program or just ignore it.

clip_image018

In case you would like to direct or send all incoming spam messages to the user to take the decision him/her self you can choose to integrate with Outlook junk e-mail or integrate with End user’s quarantine. In this case incoming infected or suspicious mails will be delivered to the user’s Quarantine but can be restored from/with trend micro.

clip_image019

Trend Micro have also a control manager for centralized management, so if you have it you can configure it and manage all those scanmail from one location. If not then just click next

clip_image020

Click browse and choose your domain in order to select the domain admin groups to manage the trend micro scan mail application.

clip_image021

All server details and configuration is going to be listed in the next snapshot.

clip_image022

And now installation should start.

clip_image023
clip_image024
clip_image025

The credentials to login might be standard but you could also try your domain admin which you have assigned during the setup to login to the portal.

clip_image026

Any configuration that you do on the Mailbox server 1, you will have to re-do it on Server 2 since this is not centralized management.

clip_image027

So first thing I’ll do is update the product to the latest version.

clip_image028

After selecting the components to update click on Update and wait for the process to finish.

clip_image029

After setting and configuring couple of rules and restarting Exchange transport service on each server . I was able to test It and see that it works as in the following snapshot.

clip_image030

Extend MS Exchange Server’s Certificate life

On the Certification Authority Server open Certification Authority Console (MMC)

Right click on Certificate Templates and click Manage

IN certificate templates console right click on Web Server and click Duplicate template

Select Windows Server 2003 Enterprise

Enable “Allow private key to be exported”

Under security tab Select Enroll for the Authenticated users

Back to the Certificate Authority Console, Right click on Certificate Templates and click New -> Certificate template to issue and add the certificate template you created to the list.

Web Server V2 is on top

Let’s check it on Certserv IIS

Certificate is generated for 5 years. The reason why the certificate is generated for 5 years is because the Certification Authority server’s Certificate is limited to 5 years.

So the CA certificate must be set to longer then the client’s requested Certificate limit.

Certification Authority Issuing Certificate validity period extending

To change the Validity Period for the Root CA you can configure a CAPolicy.inf. To create a CAPolicy.inf file that changes the lifietime of the certificate to 30 years, you would type the following into a text file, and save it with the name CAPolicy.inf in the C:\Windows directory,:

[Version]

Signature= “$Windows NT$”

[Certsrv_Server]

RenewalValidityPeriod=Years

RenewalValidityPeriodUnits=30

After this you will need to renew the CA certificate from the CA console : right click on your certification authority and choose All Tasks -> then choose -> Renew CA Certificate

When you click on Renew CA certificate you will get the following prompt asking you to stop the CA to renew its Certificate, Click Yes

Once you click on Yes the service will stop and you will get this window telling you if you would like to generate new public and private key it’s up to you to use a new or not but if you choose Yes the clients using the old Certificate might be provoked and you might need to install the new CA Certificate on all clients using GPO.

Click Ok

After clicking OK you will see that you were able to generate the new CA Certificate and then you can issue clients certificates

Note: I created another template with 30 years expiration date this time after I created the CA policy for 30 years too.

Now In order to allow the CA to issue certificates that has longer than the default age (2 years) you must run the following command line on the CMD on the CA server.

And here we go, after requesting the certificate from the server I got 30 years valid certificate.

Exporting and Importing PST from Exchange 2003 to Exchange 2013

In order to export mails from Exchange 2003 (should not exceed 2 GB) you will have to copy Administrator user into another user “admin” and give that user the rights to access all other mailboxes.

You will have to navigate to the Mailbox store

clip_image001

Right click the mailbox store and click on Properties

Go to Security tab and add the new user (Admin) and give it full control as below

clip_image002

Apply, then sign out of the windows session to the Exchange machine and use the newly added domain admin to login and then open the Exmerge application

clip_image003

Select the second step (Extract or Import)

clip_image004

Select step1

clip_image005

Select the Exchange name and the DC (They should be set automatically)

clip_image006

Select the users that you want to be exported (shouldn’t exceed 2 GB).

clip_image007

Select the local language

clip_image008

Select the destination folder (In my case I mapped a network drive)

clip_image009

Save settings for later use if you want or just click Next.

clip_image010

Once done, the mailbox will be exported.

clip_image011

Importing into Exchange 2013

In exchange 2013 Open the EMS as administrator

Before you start, you should move all the PST files into a shared folder in the network and add the “Exchange Trusted Subsystem” user to its permission.

clip_image001[5]
clip_image002[5]

The same user should be added to the security tab

clip_image003[4]
clip_image004[4]

Providing import and export permission on Exchange 2013

In order to import the PST files to Exchange 2013 users you will have first to assign the Exchange Admin account the capability of importing these PST files then sign out from the EAC portal and back in

To do so you will have to go to EAC then go to Permissions and double click on the Recipient Management

Click Add and select the Mailbox Import Export and click Add then OK

clip_image005[4]
clip_image006[4]

I will add members to this role group

clip_image007[4]
clip_image008[4]

After signing in back to the EAC with the administrator I got the Import PST options.

clip_image009[4]
clip_image010[4]
clip_image011[4]
clip_image012

For Management shell usage

http://technet.microsoft.com/en-us/library/ff607310(v=exchg.150).aspx

Importing PST using EAC and following up with EMS

clip_image013

Importing Single folder from source PST file into a target folder in email

Importing the folder Sent Items from the file basakc_backup.pst into target folder Sent Items in Mhamada user.

Note:

The parameter -TargetRootFolder will create a folder inside the existing Sent Items folder

clip_image014
clip_image015
clip_image016
clip_image017
clip_image018
clip_image019

Importing large items into mailbox in Exchange

clip_image020