Share iT…

After installing a exchange 2010 Hub transport server in a exchange 2007 organisation, no mail is send from the exchange 2010 hub to the exchange 2007 hub. When you take a look in the queue viewer on the exchange hub transport server you see the emails stuck with the following error:

“451 4.4.0 Primary target IP address responded with: “451 5.7.3 Cannot achieve Exchange Server authentication.” Attempted failover to alternate host, but that did not succeed. Either there are no alternate hosts, or delivery failed to all alternate hosts”

This error occurs when on the exchange 2007 hub transport server a additional receive connector is created, for instance a anonymous relay connector. The interal exchange connections use Transport Layer Security (TLS) authentication to communicate, this is not selected in the additional receive connector, so communication fails.

Solution: Create a new Internal receive connector, at remote ip addresse give in alle exchange hub transport servers. This creates a receive connector with TLS and Exchange server authentication enabled. On the permission groups tab the exchange servers and legacy exchange servers must be enabled.

Probably the same error can occur otherwise round or when you have more then 1 exchange 2007 of 2010 hub transport servers.

For migrating printer drivers and setting from a Windows 2003 SBS server to a Windows 2008 SBS server. I first updated all printers on the Windows 2003 SBS server so they have x64 drivers installed. After that I used printbrm(ui) on a Windows 2008 server to export all drivers and settings to a export file. This file I copied to my new Windows 2008 SBS server and tried to import it using printbrm(ui). When finished I got a lot of warnings and errors and most printers were not created. The following event id 37 was logged:

“Printbrm.exe (the Printer Migration Wizard or the command-line tool) could not restore driver HP LaserJet 4200 PCL 6 (Windows NT x86) while restoring print queues from a file. Error reported: 0x80070bb8. The specified print monitor is unknown.
. This can occur if the driver requires a file that Printbrm.exe did not back up or if the user does not have permission to install drivers on the destination computer.”

The problem was not the driver or not enough permissions. But when you take a look at the Windows 2003 SBS server in the printer properties, advanced tab, Print Processor properties, for the failing printers the print processor didn’t use the winprint – raw processor, but a HP and some characters – raw processor.

Solution: For some strange reason the export function doesn’t export the print processor. Change the print processor to winprint raw, make a new export and import that file everything works fine.

After importing if needed it self chooses to use a other print processor available at the new server.

By default you cannot make a remote connection to a SQL 2008 (express) instance. To enable this you have to make the following changes:

Start the SQL 2008 Server Configuration Manager
Set at SQL Server Services the SQL Server Browser to automatic and start the service

Then go to SQL Server Network Configuration and then Protocols for Instance

By default TCP/IP and Named Pipes are disabled, enable the services you need for remote connection. You have to set these settings for every instance you want to remotely connect to.

Now you have to restart the SQL Server Services for all changed instances.

After migrating a Windows SBS 2003 server to a Windows SBS 2008 server no new external (internet) mail is deliverd to the new server. E-mailing internal works fine.

Solution: When you take a look in the Exchange 2007 Server Manager at server configuration, Hub Transport you see only a “Default Servername” receive connector:

Take a look at the properties and then the network tab, you probably see at receive mail from remote servers that have these IP addresses: only the internal ip addresses.

Option 1: You can change this to 0.0.0.0 – 255.255.255.255

Option 2: You can recreate the “Windows SBS Internet Receive Servername” receive connector. Open a Exchange Management Shell and use the following command:
new-receiveconnector -Name “Windows SBS Internet Receive SERVER-NAME” -RemoteIPRanges 0.0.0.0-192.167.255.255,192.168.0.1-192.168.0.1,192.168.1.0-255.255.255.255 -Bindings “192.168.0.2:25” -AuthMechanism “Tls” -PermissionGroups “AnonymousUsers” -Usage “Internet” -Server “SERVER-NAME”

Change the command to your ip address in this example the server ip is 192.168.0.2.

Option 2 is prefferred I’ve seen some strange problems with option 1 do’nt know for sure if this was relelated to this issue but if you can use option 2

When you try to move Windows SharePoint Services Data via the Windows Small Business Server (SBS) 2008 server console, Backup and Server Storage on the tab Server Storage. You get this error: “An error occurred while attempting to move the Windows SharePoint Services data.” The remote server returned an error: (401) Unauthorized.

Solution: This error can occure after installing Microsoft Knowledge Base update kb957097. Read the article or this kb926642 carefully there are some methods to change a registry key witch give a solution. After changing the registry you have to restart your SBS 2008 server before the change take effect.

After restarting the server again tried to move Windows SharePoint Services Data the following error occurred: “An error occurred while attempting to move the Windows SharePoint Services data.” The remote name could not be resolved: ‘companyweb’

Solution: In DNS Manager create a cname record “companyweb” in your Forward Lookup Zone Domain.local and point this to servername.domain.local. (don’t forget the . dot at the end)

Default outlook 2003 cannot connect to a default exchange 2010 instalaltion. This is because exchange 2010 uses by default RPC encryption to communicate. Outlook 2003 has this default disabled.

Solution: Enable encryption in outlook 2003.
You can do this at,
account settings,
exchange server,
change,
more settings,
then on the tab security,
enable “Encrypt data between Microsoft Office Outlook and Microsoft Exchange Server.”

Other options to solve this problem is disable rpc encryption on the Client Access Server (this is not the prefered option) or via outlook profile or via group policy. All options are described in this knowledge base article.

After you attach a Exchange 2010 Client Access role server to a Exchange 2007 environment you get an “An IIS directory entry couldn’t be created. The error message is Access is denied. HResult = -2147024891 It was running the command ‘Get-OwaVirtualDirectory’.” when you go to Server Configuration, Client Access in Exchange 2010 management console.

Solution: Because Exchange 2010 tries to read some information from the Exchange 2007 server, you have to add the “Exchange Trusted Subsystem” security group to the “local admin” group on all Exchange 2007 servers.

Welcome to my “Share iT” blog. Idea of this blog is to share IT tips, trics, problems and information. Content is growing and people start to find my blog, even a few comments from people who were helped with my solutions. That’s just the reason I started this blog, so I’m glad to help.

If you have any comments, tips, trics or other usefull thoughts please let me know.

Please notice English is my second language, I do my best and hope it will not bother you.

After installing a exchange 2010 roll-up you will get a blank browser page when you try to reach your outlook web app (owa) site. When click on the error sign at the bottom of your browser you see a syntax error flogon.js like below.

Solution: Start an exchange management shell (powershell) with run as administrator. Then browse to the directory and run the roll-up package like this: ii Exchange2010-KB982639-x64-en.msp. KB982639 stands for exchange 2010 roll-up 4 if you use a other roll-up change the kb number.