Windows Management Framework 3.0 with Small Business Server and Exchange servers (Updated)

Last week microsoft released Windows Management Framework (WMF) 3.0 which includes Powershell 3.0 (KB2506146 for Windows 2008 SP2 and KB2506143 for Windows Server 2008 R2) as an optional Windows update. So everyone can approve and install the update via Windows update, WSUS or any other updating mechanism you are using.

But installing this update on a Small Business Server (SBS) 2008 and 2011 or on an Exchange Server 2007 and 2010 will give all kind of trouble.

Symptoms for an Exchange Server:
Installation of Exchange update rollups will fail one of the errors is: error code of 80070643.

The Exchange Team wrote this blog about this issue. It states: “Windows Management Framework 3.0 (specifically PowerShell 3.0) is not yet supported on any version of Exchange except Exchange Server 2013. If you install Windows Management Framework 3.0 on a server running Exchange 2007 or Exchange 2010, you will encounter problems, such as Rollups that will not install, or the Exchange Management Shell may not run properly.”

Symptoms for a Small Business Server:
When running some SBS wizards like the Fix My Network wizard it will end up with errors about access denied for the Exchange Management Shell.
Also other kind of problems may occur with the Exchange and / or SharePoint 2010 Management Shell and as written for Exchange Servers installation of Exchange update rollups may fail.

On the Small Business Server Blog there is a post on these issues.

Recommendation for both Exchange and Small Business Servers is to NOT install the Windows Management Framework 3.0 update at this time. If you already installed the update and encoutered the previously described problems, uninstall the update. Your server should be fine when it comes back online after a restart.

Update:
There is another problem reported in the Small Business Technet forum uninstallation of the also removes a registry key that gives problems to the event log. This is the key that is deleted: “HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ WINEVT \ Channels \ ForwardedEvents”

Anytime later in the same post there is a mention that the updates are removed from Microsoft Update:

As a result of these regressions and feedback from customers and experts like you, we have expired the WMF 3.0 Update for all platforms (Windows 7, Server 2008, and Server 2008 R2) as of 5:07 pm PDT.

2506143 Windows Management Framework 3.0 for Windows 7 (KB2506143)
Windows Management Framework 3.0 for Windows 7 for x64-based Systems (KB2506143)
Windows Management Framework 3.0 for Windows Server 2008 R2 for x64-based Systems (KB2506143)

2506146 Windows Management Framework 3.0 for Windows Server 2008 (KB2506146)
Windows Management Framework 3.0 for Windows Server 2008 for x64-based Systems (KB2506146)

We’re engaged in an internal post-mortem to identify and resolve the issuesthat led to these updates being released that resulted in the regressions.

We work hard to ensure updates always release with an exceptionally high quality bar. That bar was not met for these updates and we’re working to ensure we can prevent this from happening again. Thank you for your feedback through this and other channels – and please keep providing helpful feedback so we can continue to improve.

doug neal
Microsoft Update (MU)

Exchange 2003 Mailbox Database object not found when moving mailboxes to an Exchange 2010 server

During an Exchange 2003 – 2010 transition, when moving a mailbox you see the database gives an “Object not found” message.

If you continue the mailbox move will fail with the following error: “Mailbox database “Servername\First Storage Group\Mailbox Store (SERVERNAME)” doesn’t exist.”

Probably you would also see some Event ID 3113, MSExchangeIS errors in your Application log indicating the Mailbox of Public Folder Store was not found in the directory. The item may have been deleted.

Solution: The problem is caused because the “Allow inheritable permissions from the parent to propagate to this object and all child objects. Include these with entries explicitly defined here.” is not set on the Exchange 2003 server object.

Open Exchange System Manager, browse to Administrative Groups, first administrative group, Servers and choose properties on your Server. Select the Security tab and choose advanced. Place a check at “Allow inheritable permissions from the parent to propagate to this object and all child objects. Include these with entries explicitly defined here.” and select OK.

If you cannot see the security tab you need create the ShowSecurityPage registry key. Open regedit browse to HKEY_Current_user\Software\Microsoft\Exchange\EXAdmin and create a new DWORD value ShowSecurityPage and set the value data to 1. Now restart Exchange system manager and you should be able to see the security page.

Posted in Blog, Exchange 2010 at June 14th, 2012. 2 Comments.

Exchange 2010 Can’t remove the domain ‘yourdomain.com’ because it’s referenced in an e-mail address policy

When you try to remove an Accepted domain within Exchange 2010 you get the following error:

“Can’t remove the domain ‘yourdomain.com’ because it’s referenced in an e-mail address policy by the proxy address template ‘smtp:@yourdomain.com’.”

But when you go to your e-mail address policies and view the properties this domain is listed in none of your e-mail address policies.

Solution: The domain was still set as a disabledGatewayProxy address on one of your e-mail address policies. Probably this is a leftover from a transition from exchange 2003.

You can remove this by using Adsiedit, open Configuration naming context, Services, Microsoft Exchange, Organization Name, Recipient Policies, do properties on a Policy and find disabledGatewayProxy. Remove the address you would like to delete, repeat this for all policies. After removing the address from all policies you should be able to remove the accepted domain.

Posted in Blog, Exchange 2010 at June 12th, 2012. No Comments.

How to: disable or change the 4 digit pin code that is enabled after mobile device connects to the Exchange 2010 within SBS 2011

After you have configured your mobile device to receive its business e-mail via ActiveSync from your SBS 2011 Exchange 2010 server, it is asking for a 4 digit pin code. This is because the default configuration on the SBS 2011 Exchange Server is to require a password for ActiveSync devices when they are going to synchronize with your server.

To disable or change this feature open Exchange Management Console, go to Organization Configuration, Client Access and choose the Exchange ActiveSync Mailbox Policies. Do properties on the Default policy and select the Passwords tab.

To completely disable the password remove the check at Require password. Of course you can also change the settings to your own requirements.

You can also create separate Mailbox policies with different settings, so you can set other policies for different users. When you create a new policy and want to attach it to a user, go to Recipient Configuration, Mailbox, do properties for the Mailbox user you want to change the policy.

Select the Mailbox Features tab, select Exchange ActiveSync and choose properties, now you can browse to select the other policy you have created.

Some additional information about what settings you can control with the ActiveSync policy are listed over here: Understanding Exchange ActiveSync Mailbox Policies

Please note not all features are supported with all kinds of mobile clients, so before you configure the settings make sure the settings are supported with your type of mobile devices.

Posted in Blog, Exchange 2010, Howto, SBS 2011 at October 11th, 2011. 6 Comments.

How to send from an email address alias?

Most people have multiple aliases on their mailbox, with aliases on the same email domain or even with multiple domain names. But when you try to send from (send as) one of these aliases you get the following undeliverable error message returned:

“You can’t send a message on behalf of this user unless you have permission to do so. Please make sure you’re sending on behalf of the correct sender, or request the necessary permission. If the problem continues, please contact your helpdesk.”

The answer to this problem is relatively easy, by default and design this isn’t possible, but there are a couple of workarounds available:

  • Create a separate mailbox and put the alias on the mailbox and configure it with send as permissions.
  • Create a distribution group and put the alias on the distribution group and configure it with send as permissions.
  • Create a dummy pop account in outlook and configure the alias as email address.
  • There are some third party tools available that create a workaround.



Workaround 1:
Create a separate mailbox and put the alias on the mailbox and configure it with send as permissions.

First we start with removing the alias we want to send as from the original mailbox.

Now we create a new mailbox, give it a logical name, etc. and give the alias as email address.

After the account has been created we need to set Send As permissions for the newly created account. We do this via the Exchange management console by right clicking on the newly created mailbox and choose Manage Send As permissions…

Add the original user (user@domain.com) to grant Send As permission for the alias@seconddomain.com

Now you are able to send as user@domain.com also with the alias@seconddomain.com address.

We do this by using the From… field in outlook, add the alias in the from field when you want to send from the alias. When you don’t see the from field go to the options menu and choose Show From.

Best thing to do is click the From… button and select the alias mailbox from the address list.

Of course when email is send to the alias@seconddomain.com it now will be delivered to this newly created mailbox. If you would like to receive the email just as before in the same mailbox (user@domain.com), then go to the properties of the newly created alias mailbox and choose the Mail Flow Settings tab, select Delivery Options… and choose properties.

Add the original mailbox at the Forward to: field, via the Browse… button. Now all mail is forwarded to your original mailbox and all mail will be in same mailbox as before removing the alias.




Workaround 2:
Create a distribution group and put the alias on the distribution group and configure it with send as permissions.

First we start with removing the alias we want to send as from the original mailbox.

Now we create a new distribution group, give it a logical name, I always give it the name of the email alias and set the alias as email address.

Then we add the original mailbox as only member.

Now we need to set the Send As permissions for the original mailbox (user@domain.com) on the newly created distribution list. This cannot be done via the exchange management console, we have to use the exchange management shell.

This is the command syntax: Add-ADPermission “public folder name ” -ExtendedRights Send-As -user “Domain\Username”

Now you are able to send as user@domain.com also with the alias@seconddomain.com address.

We do this by using the From… field in outlook, add the alias in the from field when you want to send from the alias. When you don’t see the from field go to the options menu and choose Show From.

Best thing to do is click the From… button and select the alias distribution group from the address list.




Workaround 3:
Create a dummy pop account in outlook and configure the alias as email address.

WARNING: This option is the least recommended, because setting up this will create the posibillity to open a security hole for smtp virusses.

With this workaround we leave the email aliases as they are on the mailbox. We are going to configure a dummy / fake pop account in outlook, so no server configuration needed.
Open outlook and go to Account Settings, choose for New…, choose the email services that include Pop3, choose for manual configure server settings and choose Internet E-mail (Pop).

At Your Name: we give your name (this is the name the receiver will see), at E-mail Address we give alias@seconddomain.com, at incoming mail server, just give in something it doesn’t matter, at outgoing mail server give in your Exchange server and at username and password give in your logon credentials (the users domain account credentials).

Choose More Settings…

Make sure that you enable “My outgoing server (SMTP) requires authentication” on the Outgoing Server tab. This is needed to let you send via your exchange server, then finish the wizard.

Now you are able to send as user@domain.com also with the alias@seconddomain.com address.

We do this by using the Account button that is created after creating the dummy pop account. You just choose the email address you would like to send your email from.



Conclusion:
So you see there are a couple of workarounds available, which one is the best, there isn’t it all depends on your needs and wishes.



Exchange 2010 MSExchangeTransport (edgetransport process) keeps crashing and replaying logfiles

On an Exchange 2010 server with the Cas / Hub transport role installed the edgetransport process keeps crashing and replaying log files and again crashing with the following evened error:

Event ID 4999:
Watson report about to be sent for process id: 1240, with parameters: E12, c-RTL-AMD64, 14.01.0270.001, edgetransport, mscorlib, S.I.__Error.WinIOError, System.TypeInitializationException, c11a, 02.00.50727.4959.
ErrorReportingEnabled: False

After these messages it comes with the follwing messages:

edgetransport (1240) Transport Mail Database: The database engine (14.01.0270.0001) is starting a new instance (0).
edgetransport (1240) Transport Mail Database: The database engine is initiating recovery steps.
A configuration update for Microsoft.Exchange.Transport.TransportServerConfiguration has successfully completed.
A configuration update for Microsoft.Exchange.Transport.RemoteDomainTable has successfully completed.
A configuration update for Microsoft.Exchange.Transport.X400AuthoritativeDomainTable has successfully completed.
A configuration update for Microsoft.Exchange.Transport.AcceptedDomainTable has successfully completed.
A configuration update for Microsoft.Exchange.Transport.ReceiveConnectorConfiguration has successfully completed.
A configuration update for Microsoft.Exchange.Transport.TransportSettingsConfiguration has successfully completed.
edgetransport (1240) Transport Mail Database: The database engine has begun replaying logfile C:\Program Files\Microsoft\Exchange Server\V14\TransportRoles\data\Queue\trn.log.
edgetransport (1240) Transport Mail Database: The database engine has successfully completed recovery steps.
edgetransport (1240) Transport Mail Database: The database engine started a new instance (0). (Time=2 seconds)
edgetransport (1240) Transport Mail Database: The database engine attached a database (0, C:\Program Files\Microsoft\Exchange Server\V14\TransportRoles\data\Queue\mail.que). (Time=0 seconds)
edgetransport (1240) IP Filtering Database: The database engine (14.01.0270.0001) is starting a new instance (1).
edgetransport (1240) IP Filtering Database: The database engine is initiating recovery steps.
edgetransport (1240) IP Filtering Database: The database engine has begun replaying logfile C:\Program Files\Microsoft\Exchange Server\V14\TransportRoles\data\IpFilter\trn.log.
edgetransport (1240) IP Filtering Database: The database engine has successfully completed recovery steps.
edgetransport (1240) IP Filtering Database: The database engine started a new instance (1). (Time=1 seconds)
edgetransport (1240) IP Filtering Database: The database engine attached a database (2, C:\Program Files\Microsoft\Exchange Server\V14\TransportRoles\data\IpFilter\IpFiltering.edb). (Time=0 seconds)


And after that the edgetransport crashes again and the loop continues every 30 to 60 seconds.

Upgrading Exchange 2010 to SP1 and later rollup 2 didn’t resolve anything.

Solution: After having had contact with Microsoft support on this issue, the problem was caused by a third party exchange virusscanner. But you can perform the following steps to throubleshoot if you have a similar issue:

Open Exchange Management Shell,
Do a Get-TransportAgent it gives a list of all transport agents, you will see which additional programs have plugged into the sequense.

Do a Get-TransportAgent | Disable-TransportAgent , now all transport agents are disabled

Restart the Microsoft Exchange Transport service.

View the eventlog to see if the error returns , in my case the transport services was stable now (wait some time to be sure it won’t return it could take about 5 till 10 minutes till it cames back).

Allright after you have seen everything is stable now we can enable the transport agents one by one to see when it will crash again.

Use Enable-TransportAgent -Identity “transportagent name” (you can copy the exact name from the Get-TransportAgent list you did before) note some programs have more than one transport agent enable those together. After enabling a transport agent you have to restart the Microsoft Exchange Transport service again and see if the process keeps to be stable (Keep in mind to give it some time).

If you have found the problematic transport agent you can use Disable-TransportAgent -identity “transportagentname” to disable on this transport agent again.

In my case I have removed the problematic software and downloaded the latest version of the product and installed it the problem haven’t come back.

Posted in Blog, Exchange 2010 at May 13th, 2011. No Comments.

Cannot close Exchange 2010 management console after the installation of IE9

UPDATE: the interm fixes are not needed anymore as the fix is now included within the official 13 december 2011 update

The last days I have seen many people who are reporting they get an error message when they try to close the Exchange 2010 Management Console: “You must close all dialog boxes before you can close Exchange Management Console”.

Some research found there are many people with the same issue and that it all started after the installation of IE9. Because there is no solution yet, simply removing IE9 will help for now.

Update: Finally there has been posted a resolution by the Exchange team for fixing this problem.

First step would be installing the MS11-081 (2586448) cumulative IE security update.
Second install KB 2624899, this is a hotfix only available for this issue and should be requested by microsoft support.

Update 2: The KB 2624899 could be downloaded direct from this link here.

Posted in Blog, Exchange 2010, SBS 2011 at May 9th, 2011. 4 Comments.

Event ID 2937 MSExchange ADAccess warning after installing Exchange 2010 SP1

After you have installed Service Pack 1 for Exchange 2010 you find multiple event id 2937, source MSExchange ADAccess warnings.

“Process Microsoft.Exchange.AddressBook.Service.exe (PID=960). Object [CN=Username,OU=OU name,DC=domain,DC=local]. Property [HomeMTA] is set to value [domain.local/Configuration/Deleted Objects/Microsoft MTA
DEL:5e53dca2-cd75-4b28-a0cc-7f87392e1869], it is pointing to the Deleted Objects container in Active Directory. This property should be fixed as soon as possible.”

The process and username may vary.

Solution: When you run the “update-recipient recipientname” command from exchange management shell it will update the HomeMTA value to a good value. If you would like to run the setting for all your user account in one mailbox database use the following command: “get-mailbox -database “Mailbox Database” | update-recipient

Source: Microsoft technet forum

Posted in Blog, Exchange 2010 at May 9th, 2011. No Comments.

What is the difference between Exchange 2010 SP1 in Small Business Server (SBS) 2011 and the “normal“ version

I often see or been asked the question what is the difference between the Exchange 2010 SP1 version available as part of Small Business Server (SBS) 2011 and the normal Exchange 2010 SP1 Standard.

The answer to the question is relatively easy, there isn’t.

Alright there is one little difference, if you have configured your Small Business Server with predefined wizards, there are automatically created 3 receive connectors (with 1 that accepts anonymous email from the outside) and 1 send connector. With a normal Exchange 2010 server installation you need to allow anonymous access and create a send connector manually.

Small Business Server 2011 includes the Exchange 2010 SP1 standard version without any limitation. And the Small Business Server Client Access License (CAL) covers the Exchange 2010 CAL.

If you would like to use the so called enterprise functionality like: Custom Retention Policies, Personal Archive, Voicemail, Information Protection and Compliance, Cross Mailbox Search, Legal Hold, Advance Mobile Policies, and Per User/Distribution List Journaling, you need to buy additional the Exchange 2010 Enterprise CAL.

Q. May I use the SBS 2011 CAL Suite to access the Enterprise functionality of Microsoft Exchange Server Enterprise server software?

 A. You may use SBS 2011 CAL Suite instead of Exchange Server 2010 Standard CALs to access base functionalities in instances of Exchange Server 2010 Standard or Enterprise in the Windows Small Business 2011 domain. In addition to SBS 2011 CAL Suite, you must acquire Exchange Server 2010 Enterprise CALs to access the following Exchange Server Enterprise functionalities in the Windows Small Business 2011 domain: Custom Retention Policies; Personal Archive; Voicemail; Information Protection and Compliance; Cross Mailbox Search; Legal Hold; Advance Mobile Policies, and Per User/Distribution List Journaling.

Taken from the Small Business Server 2011 Licensing FAQ.

Is there than nothing that cannot be done with Exchange Server in Small Business Server. Because Small Business Server is based on Windows server 2008 R2 standard, you cannot add the Exchange server to a Database Availability Group (DAG) this feature requires that your operating system is Windows Server 2008 (R2) Enterprise.

Posted in Blog, Exchange 2010, SBS 2011 at March 21st, 2011. 9 Comments.

Reply or forward via OWA gives “An unexpected error occurred and your request couldn’t be handled.”

When you try to reply or forward an e-mail via outlook web app (OWA) in exchange 2010 (in this case small business server 2011 exchange 2010 SP1) you get this error “An unexpected error occurred and your request couldn’t be handled.”

Request
Url: https://remote.domain.com:443/owa/?ae=PreFormAction&a=Reply&t=IPM.Note&id=RgAAAACGrFxHc9ijR44U4ykKtU4LBwAeKagN6lmQSpA1lJbfKp7EAAAALJcxAAAeKagN6lmQSpA1lJbfKp7EAAAcI3ykAAAJ&pspid=_1300011623710_69458484
User host address: ::1
User: User A
EX Address: /o=First Organization/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=User A
SMTP Address: email@domain.com
OWA version: 14.1.218.13
Mailbox server: servername.domain.local

Exception
Exception type: System.ArgumentException
Exception message: imceaDomain must be a valid domain name.

Call stack

Microsoft.Exchange.Data.Storage.InboundConversionOptions.CheckImceaDomain(String imceaDomain)
Microsoft.Exchange.Data.Storage.InboundConversionOptions..ctor(String imceaDomain)
Microsoft.Exchange.Clients.Owa.Core.Utilities.CreateInboundConversionOptions(UserContext userContext)
Microsoft.Exchange.Clients.Owa.Core.ReplyForwardUtilities.CreateReplyOrReplyAllItem(BodyFormat bodyFormat, Item item, ReplyForwardFlags flags, Boolean replyAll, UserContext userContext, StoreObjectId parentFolderId)
Microsoft.Exchange.Clients.Owa.Core.ReplyForwardUtilities.CreateReplyItem(BodyFormat bodyFormat, Item item, ReplyForwardFlags flags, UserContext userContext, StoreObjectId parentFolderId)
Microsoft.Exchange.Clients.Owa.Premium.Controls.ItemReplyPreFormAction.Execute(OwaContext owaContext, ApplicationElement& applicationElement, String& type, String& state, String& action)
Microsoft.Exchange.Clients.Owa.Core.RequestDispatcher.DoFinalDispatch(OwaContext owaContext)
Microsoft.Exchange.Clients.Owa.Core.RequestDispatcher.InternalDispatchRequest(OwaContext owaContext)
Microsoft.Exchange.Clients.Owa.Core.RequestDispatcher.DispatchRequest(OwaContext owaContext)
Microsoft.Exchange.Clients.Owa.Core.OwaRequestEventInspector.OnPostAuthorizeRequest(Object sender, EventArgs e)
System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)

Solution: The problem was caused with one of the accepted domains, probably a space or other illegal character at the end of the domain name. After reading this article and set the domain name again with the following command in the exchange management shell:

Set-AcceptedDomain -Identity “accepted domain name” -Name “domain.com”

Did this for the last added domain name, because that was when the problem started. After completing this and restarted the server, the problem was solved.

Posted in Blog, Exchange 2010, SBS 2011 at March 13th, 2011. 14 Comments.
Sharing Buttons by Linksku