Posted by Ståle Hansen on 09/07/2010
This post is a note to self to remember this the next time I encounter a similar problem. Article first published:
http://telnet25.wordpress.com/2010/02/22/an-error-caused-a-change-in-the-current-set-of-domain-controllers-it-was-running-command-get-federationtrust/
Problem: Receiving following error on Exchange 2010 server after opening EMC and expending Mailbox tab under organization configuration. An error caused a change in the current set of domain controllers. It was running command ‘Get-FederationTrust”
Possible causes:
To be honest first thing I checked was to make sure Exchange server is able to talk to all domain controllers as its configured on its TCP/IP properties.Also as always check to see anything catches your attention under application logs. Fair enough I was able to locate the event log “2080” MsExchangeADAccess” was showing me one DC only, however the TCP/IP stack was configured to talk to secondary DC.
Make sure Exchange is able to talk to all DC’s within its “Site”. Above example the second DC was not even discovered by MSExchange AD access, due to replication problems existed among the DC’s in the site where exchange is residing. After fixing the relocation issues and restarting MSExchangeADTopology service took care of the error.
Note:
Some other people who had same error assumed to fix this issue by deleting the local profile ( corrupted profile) for the user account they logged into Exchange server. So if the above solution does not work, try this:
This error is actually a false error, and is caused by GUI caching, more specifically MMC caching. This occurs when a DC (domain controller) that is either unreachable or has changed in some way is still cached by the MMC applet. To fix this issue by removing the cache and basically resetting the MMC applet do this:
Delete this file: “c:\users\<specific user>\appdata\roaming\microsoft\mmc\Exchange Management Console“
Source: http://trycatch.be/blogs/pdtit/archive/2010/02/04/an-error-caused-a-change-in-the-current-set-of-domain-controllers-exchange-2010.aspx
Posted in Exchange 2010 | Tagged: Exchange 2010 | Leave a Comment »
Posted by Ståle Hansen on 09/07/2010
Lately I have seen a lot of good articles about what the new and improved features of Exchange 2010 SP1 are and also a lot about how to configure these features. This post is written while Exchange 2010 SP1 is still in Beta so the information provided may be a little off from the released version later this year. I wanted to collect the posts I find interesting here so I have them all in one place when I will deploy SP1 to my customers.
Here is the main new features in Exchange 2010 SP1 and how to configure them
- Installation of prerequisites made part of SP1 setup process
- DAG improvements
- DAC mode support for 2 node DAG’s over two datacenters and in single AD sites
- Ability to set static IP and Alternate Witness Server in EMC
- Continuous Replication – Block Mode. Each update to the log file is updated on the copy databases
- Archiving improvements
- Archives can be stored in different databases, DAG’s and servers
- Create retention policy tags for automating archiving
- Outlook 2007 can access archive mailboxes
- Import and Export of mailboxes can be done directly to pst files without the need for Outlook
- E-Discovery improvements
- Support for iCal Calendar Sharing
- Administrator Audit Logging improvements
- OWA improvements
- Ability to choose themes. Branding of OWA can be down with only one theme for the entire organization
- Delivery reports improvements
- ECP, more configuration possibilities available
- Journar rules
- Transport rules
- MailTips
- Manage Litigation Hold
- Public Folder permissions added to EMC
Some minor changes in how to configure some features
- Change to how static ports are assigned on a CAS server
- Reset virtual directories in EMC
- Change to how to configure OWA integration with OCS 2007 R2
You can find a longer list of new features here: http://exchangepedia.com/2010/06/released-exchange-sever-2010-sp1-beta.html
TechEd 2010 Interviews with folks from the Exchange Product group about SP1: http://blogs.msexchange.org/walther/2010/06/16/teched-2010-interviews-with-folks-from-the-exchange-product-group/
Posted in Exchange 2010 | Tagged: Exchange 2010, Exchange 2010 SP1 | Leave a Comment »
Posted by Ståle Hansen on 22/06/2010
I recently integrated Exchange 2010 RTM OWA with OCS 2007 R2 for chat and presence. Having read some blog posts about how to implement the feature I decided to blog how I got this feature working based on these blogs and my own findings. I will cover the steps for both the Exchange 2010 RTM and SP1 versions since the steps are different.
Prerequisites
- Download and install OCS 2007 R2 Web Trust Tool on the Exchange 2010 server
- http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=ca107ab1-63c8-4c6a-816d-17961393d2b8
- Locate and install the following files in elevated mode by running cmd.exe as administrator
- vc_redistx64
- UCMAredist.msi
- CWAOWASSP.msi
- If the Exchange 2010 server is running on Server 2008 R2 you also need to install the latest cumulative hotfix update for OCS 2007 R2 on the Exchange server
- http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=b3b02475-150c-41fa-844a-c10a517040f4
- Download and run ServerUpdateInstaller.exe
- Also download the latest update for UCMAredist that is not included in CU5
- Reboot the server
Configuring Exchange 2010 RTM
NOTE: The below steps need to be done on all Exchange 2010 CAS servers in you deployment
- Download and run the PowerShell Script found in the below link
- http://msunified.net/exchange-downloads/script-imexintegration-ps1/
- The script will not configure anything
- It takes backup of web.conf and generates the configuration you manually need to add the web.conf file
- The script makes it easy to generate the correct syntax for populating the below keys
- Navigate to the web.conf file
- C:\Program Files\Microsoft\Exchange Server\V14\ClientAccess\Owa\web.conf
- Edit the file and search for the string IMPoolName
- Replace the three “add key” strings with the ones provided with the script
- In Exchange Management Shell run the following command to configure OWA Virtual Directory
- Run IISreset in PowerShell
Configuring Exchange 2010 SP1
The Exchange 2010 SP1 guide is based on this great post written by Martin Sundström: http://msundis.wordpress.com/2010/06/21/integrate-ocs-2007-r2-with-exchange-server-2010-sp1-owa/ The configuration on Exchange is now moved from web.conf to the per server OWA Virtual Directory. I will definitely create a script automating the below process when I get more hands on :)
NOTE: The below steps need to be done on all Exchange 2010 CAS servers in you deployment
- Get the active Exchange 2010 certificate using this command in Exchange Management Shell
- Use the thumbprint and OCS pool FQDN in the command below
- Run iisreset
Configuring OCS 2007 R2
In order to allow the Exchange 2010 server to communicate with OCS using SIP containing presence and chat you need to add every Exchange 2010 CAS servers as authorized hosts on OCS.
- On your OCS R2 Pool server configure authorized host
- NOTE: Your user needs to be member of the RTCUniversalServerAdmins group
- Open Office Communications Server R2 under Administrative Tool
- Expand forest and Enterprise pool or Standard Edition Servers depending on you deployment
- Right click your pool and choose properties->Front End Properties
- On the Hosts Authorization tab
- You need to add the Client Access server FQDN and configure as the below image
- NOTE: This is the FQDN of your subject name (CN) on the certificate used on the CAS server
Troubleshooting the Installation (RTM)
Next are a few troubleshooting steps that can assist with some of the more common problems encountered with Exchange/OCS integration. I found these valid troubleshooting steps on Rand Morimoto’s post: http://www.networkworld.com/community/node/47348
Configuring the Firewall on the CAS Server
If the Client Access Server has the Windows Firewall enabled, it might need an exception to enable OCS 2007 R2 to communicate with it. To create the exception, perform the following steps:
- From the Control Panel, open Windows Firewall
- On the left side of the Windows Firewall window, click .“Allow a Program Through Windows Firewall.
- Click Add Program; then click Browse.
- Browse to C:\Windows\System32\inetsrv and select w3wp.exe.
- Click Open and then click OK twice to apply changes and close the window. Be sure to perform this step on all CAS servers with IM integration enabled.
User Configuration
- Before the user community can utilize the IM features, they must be “provisioned” for Office Communications Server R2 and must be enabled for Enhance Presence. When the user is initially enabled on OCS 2007 R2, he will automatically be enabled for Enhanced Presence.
- Users must also have a valid SIP proxy address for the OWA IM integration component to enable the IM Integration UI.
- When attempting to view the Instant Messaging contact list, a user might receive a notification that states
- Instant Messaging Isn’t Available Right Now. The Contact List Will Appear When the Service Becomes Available.
- If this occurs, perform the following steps:
- Using the same user account, confirm that you can access the IM services using the Office Communicator 2007 R2 client.
- If functional, confirm that the OCS Server name is properly entered in the Web.Config file of the CAS server.
- Also confirm the configuration of the Authorized Hosts option on the OCS pool contains all IM Integrated Client Access Servers.
OWA Certificate Error
If OWA cannot locate the certificate, an error stating The Local Certificate Specified Was Not Found in the Store for the Local Computer appears.
In this case, confirm that the value of the OCSCertificateIssuer and OCSCertificateSerialNumber fields in the Web.Config file are correct. Also ensure that there are blank spaces between every two characters in the serial number to separate octets in the string.
References
TechNet: http://technet.microsoft.com/en-us/library/ee633458%28EXCHG.140%29.aspx
Chris and Robin’s Technology blog: http://chrislehr.com/2009/11/implementing-integrated-ocs-in-owa-2010.htm
Martin Sundström: http://msundis.wordpress.com/2010/06/21/integrate-ocs-2007-r2-with-exchange-server-2010-sp1-owa/
Rand Morimoto: http://www.networkworld.com/community/node/47348
Posted in Exchange 2010, OCS 2007 | Tagged: Exchange 2010, PowerShell, OCS 2007 R2, owa, OWA OCS Integration | 9 Comments »
Posted by Ståle Hansen on 07/05/2010
In Exchange 2010 you need to set the Internal URLs for various services on the Client Access Server. Outlook 2007/2010 uses Autodiscover to connect to the Exchange server. If the Internal URLs are configured wrong you could get certificate errors when logging on to Outlook as well as errors when using free busy and oof services internally. Also when deploying Outlook Anywhere you need to configure the External URLs correct for the same services to work.
This script may come in handy in the following scenarios:
- Initial configuration, avoid typos
- Expansion in the infrastructure with load balanced CAS
- Change in internal FQDN if you change certificate name
- When you have a total disaster on site 1 and need to fail over to a second site with a passive DAG server that holds all server roles
Please keep in mind:
- The Script is developed for Exchange 2003 coexistence and migration scenarios
- The script must not be run in an Exchange 2007 coexistence and migration scenario
- For InternalURL the script will look for a CASArray (It is recommended to create a CASArray in any scenario)
- The script assumes there is only one ADsite
About the script:
- First you will be presented with som choices on what to do
- InternalURL will autoconfigure based on CASArray
- ExternalURL will prompt for public FQDN and assume one external address
- Will use same FQDN for OWA, ActiveSync, Autodiscover and so on
- Will prompt for Exchange 2003 URL
- All configuration will output the changes made
Update 27.05.2010:
- Added support for Exchange 2007 and Exchange 2007/2010 coexistence scenarios.
- The script will check for Exchange version before applying any settings.
- When applying Exchange 2010 Internal URL the script will match the CAS servers to the correct CASarray in the correct ADsite
Update 28.05.2010
- Added option for checking current configuration
- Corrected some errors on the Exchange 2007 configuration and listing of URLs
- Tested in Exchange 2007 only deployments and Exchange 2010 and 2007 coexistence deployments
The Script can be viewed and downloaded here: http://msunified.net/exchange-downloads/script-internalexternalurls-ps1/
Posted in Exchange 2010 | Tagged: Exchange 2010, ExternalURL, InternalUrl, PowerShell, Web Services | Leave a Comment »
Posted by Ståle Hansen on 24/04/2010
Installing Update Rollups for Exchange 2007 and Exchange 2010 is not always a walk in the park. I have customers who ended up with no Exchange files, WebAccess files not present or all Exchange services set to disabled. The common solution is to run the Update Rollup in elevated mode and just re-run the Update Rollup.
Jan Egil Ring has posted a comprehensive best practice to running Update Rollups and also provide som troubleshooting tips in this blog article:
http://blog.powershell.no/2010/04/20/installing-exchange-server-20072010-update-rollups
General guidelines for installing Update Rollups in Exchange Server 2007/2010:
- Use elevated Administrator-privileges when running the installation either from Windows Update or by manually downloading the installation file.
- Verify that all Execution Policies are set to “Undefined”.
- Uninstall any interim Exchange hotfixes installed since the last Update Rollup.
- Verify that the ExchangeSetupLogs directory are present on the system-drive. The installer uses this directory for saving service-state information.
PowerShell Script: Bhargav Shukla has created a PowerShell sctipt to check for current Exchange 2007/2010 patchlevel: http://msunified.net/exchange-downloads/script-exchangeupdaterollups-ps1/
Posted in Exchange 2010 | Tagged: Exchange 2010, Installing update rollup | Leave a Comment »
Posted by Ståle Hansen on 12/03/2010
Finally there is a built in way to add thumbnails of people in Exchange and Global Addresslist. In earlier Exchange versions there were no function to import pictures in to schema and therefore a lot of different scripts and third party tools was designed to import pictures. Now we can deliver this as a part of any other Exchange project. Office 2010 is built around showing thumbnail photo of users in E-mail, Global Address List, Communicator, and all other office products where you find a username. This is really an important part of the Unified Communications experience
Here are some facts:
- You need to activate the thumbnailPhoto attribute in schema to replicate to Global Catalog
- The attribute is limited to 10K in size
- The recommended thumbnail size is 96*96 pixels
- In Exchange PowerShell use the cmdlet Import-RecipientDataProperty
- Import-RecipientDataProperty -Identity ”Bharat Suneja” -Picture -FileData ([Byte[]]$(Get-Content -Path ”C:\pictures\BharatSuneja.jpg” -Encoding Byte -ReadCount 0))
- After the thumbnails are uploaded you need to update OAB, so that it will point to AD for the images
- Update-OfflineAddressBook “Default Offline Address Book”
- For true offline use, you could modify the ConfiguredAttributes of an OAB to make thumbnailPhoto a Value attribute
- This will increase the size of the OAB so it need to be tested before deployed
Anderson Patricio, MVP has created a script to automate this pocess: http://msunified.net/exchange-downloads/script-uploadphoto-ps1/
GAL Photos: Frequently Asked Questions: http://msexchangeteam.com/archive/2010/06/01/455005.aspx
See this article for the full story: http://msexchangeteam.com/archive/2010/03/10/454223.aspx
Posted in Exchange 2010 | Tagged: AD, Exchange 2010, Office 2010, Outlook 2010, thumbnailPhoto | Leave a Comment »
Posted by Ståle Hansen on 06/03/2010
If you are planning to install a new Microsoft Exchange Server 2010, you should probably consider installing the latest update before configuring any of the server roles.
The below guide is not written by me. I found it so useful that I want to repost it here on my blog for later reference. This guide is written by Elie Bou Issa and the original article can be found here: http://blog.elieb.info/2010/03/06/exchange-2010-with-ur2-installation-in-unattended-mode.aspx
In the below scenario, we are installing the Mailbox role, the Client Access role and the Hub Transport role along with Update Rollup 2 in unattended mode. The exchange installation root folder is called exch and the Update Rollup 2 is placed under C:\Exchange2010\Patches. To install the exchange prerequisites, run “Exchange-Typical.xml” from the Scripts folder found in the installation directory. You can also take a look at this post for installing the prerequisites manually:
http://msunified.net/2009/10/30/exchange-2010-prerequisites-on-server-2008-r2/After successfully installing the prerequisites, set the NetTcpPortSharing service startup type to automatic by running the below command
Now, it is time to run the setup in unattended mode.
To do that, run the following command from the exchange installation directory:
Setup.com /m:Install /r:M,C,H /OrganizationName:Name of the Organization /UpdatesDir: Updates path
After completing the installation, you can check the product version by clicking Help-> About from the Exchange Management Console as shown below:
Posted in Exchange 2010 | Tagged: Exchange, Exchange 2010, Unattended mode | Leave a Comment »
Posted by Ståle Hansen on 13/01/2010
UPDATE: This script has been updated and revamped 07.05.2010 and described in this post: http://msunified.net/2010/05/07/script-for-configuring-exchange-2010-internal-and-external-urls/
In Exchange 2010 you need to set the internal URL for various services on the Client Access Server. Outlook 2007 uses autodiscover internally to connect to the exchange server. If internal URL is configured wrong you could get certificate errors when logging on to Outlook as well as errors when using other services internally.
This script may come in handy in the following scenarios
- Initial configuration
- Expansion in the infrastructure with load balanced CAS
- Change in internal FQDN if you change certificate name
- Change from https to http
- When you have a total disaster on site 1 and need to fail over to a second site with a passive DAG server that holds all server roles
It is a very simple script, if you have some advice to make the script better I would be happy if you let me know. The script does the following:
- The server path is specified with a prompt
- The script is set up with “-identity *” if you have more than one instance you need to specify wich instance you want to configure
- The url is generated using the variable and the default location of the services
- After configuring the URL’s the scritp lists all changes so its easy to doublecheck the configuration
- The UM role is excluded because it is not supported to be hosted on the same server as CAS
To run the script do the following:
- Copy this into a txt file and rename it to a ps1 file
- Open powershell and navigate to the location where the file is saved
- Use tab in powershell to get the correct run syntax
- Run it and type the correct FQDN like this when prompted: https://yourcasserver.domain.local
#InternalURL.ps1
$urlpath = Read-Host "Type internal Client Access FQDN starting with http:// or https://"
Set-AutodiscoverVirtualDirectory -Identity * –internalurl “$urlpath/autodiscover/autodiscover.xml”
Set-ClientAccessServer –Identity * –AutodiscoverServiceInternalUri “$urlpath/autodiscover/autodiscover.xml”
Set-webservicesvirtualdirectory –Identity * –internalurl “$urlpath/ews/exchange.asmx”
Set-oabvirtualdirectory –Identity * –internalurl “$urlpath/oab”
Set-owavirtualdirectory –Identity * –internalurl “$urlpath/owa”
Set-ecpvirtualdirectory –Identity * –internalurl “$urlpath/ecp”
Set-ActiveSyncVirtualDirectory -Identity * -InternalUrl "$urlpath/Microsoft-Server-ActiveSync"
#get commands to to doublecheck the config
get-AutodiscoverVirtualDirectory | ft identity,internalurl
get-ClientAccessServer | ft identity,AutodiscoverServiceInternalUri
get-webservicesvirtualdirectory | ft identity,internalurl
get-oabvirtualdirectory | ft identity,internalurl
get-owavirtualdirectory | ft identity,internalurl
get-ecpvirtualdirectory | ft identity,internalurl
get-ActiveSyncVirtualDirectory | ft identity,internalurl
Posted in Exchange 2010 | Tagged: Autodiscover, Exchange 2010, InternalUrl, PowerShell | 3 Comments »
Posted by Ståle Hansen on 07/12/2009
Any Post starting with this disclaimer means that this post was not written by me however I liked it and added it to my blog. I will also include the link to the original or similar post to provide credit to the original author
http://www.howexchangeworks.com/2009/11/finding-users-who-have-out-of-office.html
It might come in handy if you know how to get a list of users who have out of office message turned on. Exchange 2010 shell gives you that ability now. You can even change the message, set the audience (internal or external), turn it off etc with the shell.
- To get a list of users who have out of office scheduled, run the following command.
- Get-Mailbox | Get-MailboxAutoReplyConfiguration | Where-Object { $_.AutoReplyState –eq “scheduled” }
- The above command gives you much more than you need, including the actual message, start time, end time etc.
- If you are only interested in the list of users, run
- Get-Mailbox | Get-MailboxAutoReplyConfiguration | Where-Object { $_.AutoReplyState –eq “scheduled” } | fl identity
- If you want to get the settings for a particular user (for example Rajith), run
- Get-MailboxAutoReplyConfiguration –identity rajith
- You can also change the out of office settings for a particular user with the Set-MailboxAutoReplyConfiguration cmdlet.
- For example, to turn off the out of office for the user account “Rajith”, run
- Set-MailboxAutoReplyConfiguration –identity “Rajith” –AutoreplyState disabled
- Similarly, if you want to extend the out of office message for a user (change the end time), run
- Set-MailboxAutoReplyConfiguration –identity “Rajith” –EndTime 01/12/2009 17:00:00
- You can change the actual out of office message (internal and external) by running
- Set-MailboxAutoReplyConfiguration –identity “Rajith” –InternalMessage “I won’t be around today guys” –ExternalMessage “I am out of the office today”
NOTE: This cmdlets will only work in Exchange 2010 Shell
Posted in Exchange 2010 | Tagged: AutoReplyState –eq “scheduled”, Exchange 2010, Get-MailboxAutoReplyConfiguration | Leave a Comment »
