Archive for 2011

Error "Cannot bind argument to parameter 'Identity' because it is null.

By Gulab | Sunday, December 25, 2011 | 2 Comments

I was upgrading Exchange 2010 SP1 to SP2, Hub Transport and Client Access Server upgrade completed successfully but it failed on Mailbox Server Role. See the below figure.

Deleted the Public Folder Database and continued installing the server and it failed with the below error.

Went into registry on the exchange server and deleted the Action and WaterMark key from the below location. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ExchangeServer\v14\MailboxRole
Started the installation of Mailbox Role and it failed again with previous error message.
Checked and found that when ever I run the installation it creates the Mailbox Database and those database are not mounted. One more thing is, after the installation fails MS Exchange Information store service is not running and I had to restart it manually.

Deleted all dismounted database and dismounted the Public Folder Database and took the copy of .EDB file and deleted the Public Folder Database. Replicated the domain controllers.
Started the upgrade and it completed successfully.

After the successful installation, everything is working fine except OWA. I am able to login to to mailbox using OWA but getting the below error message when doing a check name and composing or checking emails.


1: Start IIS Manager.
2: Expand the local computer, expand Sites, and then click Default Web Site.
3: At the bottom of the Default Web Site Home pane, click Features View if this option isn't already selected.
4: In the IIS section, double-click HTTP Redirect.
5: Select the Redirect requests to this destination check box, and then type /owa.
6: Under Redirect Behavior, select the Only redirect requests to content in this directory (not subdirectories) check box.
7: In the Status code list, click Found (302).
8: In the Actions pane, click Apply. 
9: Close IIS Manager
10: Find the Outlook Web App Web.config file on the Client Access server. The default location is <drive>\Program Files\Microsoft\Exchange Server\<version>\ClientAccess\Owa.
11: Make a backup copy of the file.
12: Open the original file using an editor such as Notepad. Don't use IIS Manager to edit the Web.config file.
13: Find httpCookies httpOnlyCookies="false" requireSSL="true" domain="" and change the requireSSL flag to false.
14: Save and close the file.

Checked the OWA and it's working fine without any error.
Reference article: http://technet.microsoft.com/en-us/library/aa998359.aspx

Cheers,



Initialization failed when opening EMC after updating Exchange 2010 to SP2

By Gulab | Saturday, December 10, 2011 | Leave a comment

My first post on Exchange 2010 SP2 :)

I was upgrading Exchange 2010 SP1 to SP2. I extended the schema successfully without any error message and  upgraded the server to SP2 successfully.
But when I started the EMC I got the below error message.


To fix the issue you just need to restart your exchange server and everything will be fine.
I am still working on this behavior to find out that why it happened and what was it which was causing this issue....and once I get it I will update this post...

Update....

At the location C:\Program Files\Microsoft\Exchange Server\V14\RemoteScripts

Rename the file ConsoleInitialize.ps1 to ConsoleInitialize.OLD. Create a new one ConsoleInitialize.ps1. Send me email and I will send you the text file. Unfortunately I can't save file on Blogger :(

Note: It's a workaround, Microsoft is working on this issue. We hope that MS will release permanent fix  for it soon.
Cheers,

You cannot create Virtual Machines in Hyper V on Windows Server 2008 R2

By Gulab | Monday, December 5, 2011 | , Leave a comment

I was working on the LAB and had Windows Server 2008 R2 installed on the base machine. I installed Hyper V Role and restarted the machine.
While installing domain controller on windows server 2003 using the iso in the LAB and i got the error message.

I tried with multiple iso's thinking that it could be issue with iso but it gave the same error for all the iso.
Checked the current windows version and it was running.

Installed SP1 on R2 and rebooted the base machine.
Now creating the LAB virtual machine and now it's working fine without any error.

Moral of the story, you can't create virtual machine on Windows 2008 R2 host. It has to be with SP1.

Cheers,

Lesson learned, never run BETEST on Windows Server 2008

By Gulab | Tuesday, November 1, 2011 | , Leave a comment

One thing I would like tell everyone that never run BETEST on Windows Server 2008. I was working on backup failing issue. Exchange writers were failing when running vssadmin list writers.

C:\Users\Admin>vssadmin list writers
vssadmin 1.1 - Volume Shadow Copy Service administrative command-line tool
(C) Copyright 2001-2005 Microsoft Corp.
Writer name: 'Microsoft Exchange Writer'

   Writer Id: {76fe1ac4-15f7-4bcd-987e-8e1acb462fb7}
   Writer Instance Id: {3e9411d9-6bbb-455a-8150-2ba5925c2a98}
   State: [8] Failed
   Last error: Inconsistent shadow copy

I am using Net App Backup (Snap Manager for Microsoft Exchange). Backup is failing when testing the vss hardware provider, in this case it's Net App hardware provider.
Deleted the Net App vss provider from registry and rebooted the server.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VSS\Providers\{ddd3d232-a96f-4ac5-8f7b-250fd91fd102}
Ran the command vssadmin list providers to check if the NetApp Hardware provider is not there:

C:\Users\Admin>vssadmin list providers
vssadmin 1.1 - Volume Shadow Copy Service administrative command-line tool(C) Copyright 2001-2005 Microsoft Corp.
Provider name: 'Microsoft Software Shadow Copy provider 1.0'
   Provider type: System
   Provider Id: {b5946137-7b9f-4925-af80-51abd60b20d5}
   Version: 1.0.0.7

Tried backup again and it failed again with the same vss error.Now I am fighting to get the Exchange writer state in Stable and without any error. To check if the exchange writers are find I was running BETEST which was failing. The point is, you should never ever run BETEST on Windows Server 2008, because BETEST is for Windows Server 2003 not for 2008. In place of BETEST there is tool call DiskShadow.

Ran the DiskShadow on the server and checked the exchange writer state by running vssadmin list writers and its showing stable without any error:

Writer name: 'Microsoft Exchange Writer'
   Writer Id: {76fe1ac4-15f7-4bcd-987e-8e1acb462fb7}
   Writer Instance Id: {e87db07c-b876-4ef7-affe-5b8ae968cf30}
   State: [1] Stable
   Last error: No error

Ran the backup and it failed again with error in Log.
[18:16:12.038]  [ExchangeServer] Asynchronous call DoSnapshotSet timed out!

[18:16:42.570]  [ExchangeServer] The call for DoSnapshotSet was cancelled.
[ExchangeServer] Failed to perform VSS snapshot, aborting...
[ExchangeServer] Backup is aborted.

Imported the delete registry of NetApp vss provider. Ran VSSREPORT Tool on the server and found that there is one registry key "819e04d3-809b-4657-aee0-778ca24470da" of Net App Hardware provider which is missing. That key is at the below location on the server.
HKEY_CLASSES_ROOT\CLSID\819e04d3-809b-4657-aee0-778ca24470da.

Now there are two option to get that key 1: Remove and Re-install Snap Manager for Exchange and Snap Drive 2: Repair Snap Manager for Exchange and Snap Drive. Ran the repair on both the application and ran the backup and it completed successfully.

Reference articles:
http://technet.microsoft.com/en-us/library/cc772172(WS.10).aspx
http://technet.microsoft.com/en-us/library/ee221016(WS.10).aspx
http://blogs.technet.com/b/josebda/archive/2007/11/30/diskshadow-the-new-in-box-vss-requester-in-windows-server-2008.aspx
http://blogs.technet.com/b/enterprise_admin/archive/2009/11/19/diskshadow-xcopy-backup-of-hyper-v.aspx


Cheers,

Update Rollup 6 for Exchange Server 2010 Service Pack 1

By Gulab | Saturday, October 29, 2011 | Leave a comment

Microsoft has released Update Rollup 6 for Microsoft Exchange Server 2010 Service Pack 1 (SP1).
Description of Update Rollup 6 for Exchange Server 2010 Service Pack 1

Download Update Rollup 6 for Exchange Server 2010 Service Pack 1

Cheers,

Hyper-V Features in Windows Server 8

By Gulab | Wednesday, October 19, 2011 | , Leave a comment


In Windows Server 8, Hyper-V features are enhanced, improving virtual machine performance and providing a scalable virtualization base for cloud deployments. This table provides a comparison of Hyper-V key features between Windows Server 2008 R2 and Windows Server 8.
Hyper-V Features
Windows Server 2008 R2
Windows Server 8
Host Memory
1 TB
2 TB
Logical Processors
64 (Max)
160 (Max)
Guest VM Memory
64 GB (Max)
512 GB (Max)
Guest Virtual Processors
4 per VM (Max)
32 per VM (Max)
Guest NUMA
N
Y
Host Failover Cluster
Y (16 nodes)
Y (63 nodes)
VM Support - Failover Cluster
1000 (Max)
4000 (Max)
Live Migration
Y (serial)
Y (concurrent)
Live Migration (no cluster or shared storage)
N
Y
Live Storage Migration
N
Y

Cheers,

A fix for the interoperability issues between Exchange 2007 and 2010 EMC and IE9 is now available

By Gulab | Monday, October 17, 2011 | , Leave a comment

Finally there is a fix!
We are happy to report that a fix for the Exchange Management Console (EMC) issues when Internet Explorer 9 is installed is now available. To be specific, we have talked about this in a previous blog post:
How does this fix need to be applied?
In order to install the fix, a released version of IE9 needs to be installed on the machine first. Then:
  • MS11-081: Cumulative Security Update for Internet Explorer: October 11, 2011 needs to be installed. This can be obtained from Windows Update or - if you need to download it for local network installation, the packages can be obtained here. Please note that the packages for client and server OSes might be different, depending on what you need. The installation of this package is REQUIRED for proper operation of the EMC hotfix.
  • In order to obtain the actual hotfix that resolves the interoperability problem with EMC, you will need to call Microsoft support and request a hotfix. The hotfix package is currently not available for public download, but can be obtained from support engineers, who can get it from internal hotfix servers. When you talk to support, the hotfix that you need to request is for the KB 2624899. Please note that this article is not publicly available at this time either.

Cheers,

Windows Server Backup failing with error code 2155348010

By Gulab | Sunday, October 16, 2011 | , Leave a comment

I was working with one customer yesterday on backup issue. Customer was taking backup using Windows Server Backup of Exchange Server 2010 but it was failing with error code "2155348010". Checked the application log and found the event 517.

He informed that he is taking backup on USB drive and in Windows Server Backup failure result it was talking about I/O failure. We were taking backup of two entire drive, C drive and E drive.(Windows Server Backup is volume backup)
Restarted the Exchange Server and started taking the backup, but this time we took only system state backup on the server drive and not on the USB drive. Backup started fine without any error.

Started the backup of Exchange Database drive "E" and this time we were taking backup on the USB drive and backup completed successfully.
When you select multiple drive for the backup (using windows server backup) and you are backing up on the USB drive, the chances are that they will fail due to I/O read and write failure.

Note: This is one of the reason why Microsoft doesn't recommend to take backup on USB drive.

If you do not have a choice other than running the backup on USB drive than there one thing you can do. Keep in mind its a temporary option.
1: Take the backup of the database on the server drive.
2: Once the backup is complete, copy the backup file paste it on the USB drive and delete it from the server.

Cheers,

Exchange Server Active Directory Schema Changes Reference

By Gulab | Monday, October 10, 2011 | , Leave a comment

This download includes the Exchange Server Active Directory Schema Reference, which provides information about the changes that Microsoft Exchange Server makes to the Active Directory schema when it is installed.
http://www.microsoft.com/download/en/details.aspx?id=5401

Cheers,
-Gulab

Exchange 2010 RTM lifecycle is ending

By Gulab | Saturday, September 10, 2011 | Leave a comment

http://support.microsoft.com/kb/2615653/

Lync for Mac 2011 Released to Manufacturing

By Gulab | Thursday, September 8, 2011 | , Leave a comment

Exchange videos

By Gulab | , Leave a comment

Your Out of Office settings cannot be displayed, because the server is currently unavailable. Try again later.

By Gulab | Tuesday, August 30, 2011 | 4 Comments

I am not able to set OOF on all Outlook 2007 clients, not able to download the OAB and not able to view the Schedule+Free Busy. But in Outlook Web App (OWA) I am able to set OOF and see the Free Busy information.
When I open Outlook to set OOF I get the error message "Your Out of Office settings cannot be displayed, because the server is currently unavailable. Try again later."


Ran Test E-Mail Autoconfiguration and it failed with error code 0x800C8203.



I am able to create the Outlook profile using the autodiscover and it work fine with no errors. Ran the command  netsh winhttp show proxy on the server to check if there is any proxy set from the server end but there wasn't any proxy set on the server.
Current WinHTTP proxy settings:
    Direct access (no proxy server)
Tried the IE proxy to check if it helps:
1. Open IE, click “Tools”->”Options”. Click “Connections”. Click “LAN Settings” button.
2. In the “Proxy server” section, please click “Advanced” button. 3. In the “Exceptions” section, there is an option “Do not use proxy server for addresses beginning with: exchangeservername;FQDN of ExchangeServer.
After doing the above No Luck.

Did the host file entey on the client machine, still getting the same error.
Found one Hotfix for Outlook 2007 client http://support.microsoft.com/kb/2475891 but it's already installed on the client.

Removed and Recreated the Autodiscover Virtual Directory:
Remove-AutodiscoverVirtualDirectory -Identity "Autodiscover (Default Web Site)" -Confirm:$false

New-AutodiscoverVirtualDirectory -WebsiteName "#######" -InternalUrl "https://Internal_FQDN_OF_EXCHANGE/Autodiscover/Autodiscover.xml" -BasicAuthentication 1 -WindowsAuthentication 1
Note: If you run New-AutodiscoverVirtualDirectory it will create the AutodiscoverVirtualDirectory
Restarted MS Exchange System Attendant Service.

Ran the below commands on the server:
Set-ClientAccessServer -Identity CAS_Server_Name -AutodiscoverServiceInternalUri https://mail.contoso.com/autodiscover/autodiscover.xml

Set-WebServicesVirtualDirectory -Identity "CAS_Server_Name\EWS (Default Web Site)" -InternalUrl https://mail.contoso.com/ews/exchange.asmx

Set-OABVirtualDirectory -Identity "CAS_Server_name\oab (Default Web Site)" -InternalUrl https://mail.contoso.com/oab

Recycled MSExchangeAutodiscoverAppPool.

Did Test E-Mail Autoconfiguration and it passed with below results.



Oout of Office successful without any error message:

Cheers,

Update Rollup 5 for Exchange Server 2010 Service Pack 1 (KB2582113)

By Gulab | Wednesday, August 24, 2011 | Leave a comment

Not able to receive email on newly installed Exchange 2010

By Gulab | Wednesday, August 10, 2011 | Leave a comment

It's newly installed Exchange 2010 on Site C. Total there are four sites. Site A, Site B, Site C and Site D.

User can send email to users inside the organization and on the internet. The issue is User is not able to Receive Email from Internet and from all sites in the organization. After doing the Message Tracking, found that messages are getting stuck in the queue.
This is what I got in message tracking:


451 4.4.0 Primary target IP address responded with: 451 5.7.3 Cannot achieve Exchange Server authentication,” Attempted fadover to alternate host but that did not succeed. Either there are no alternate hosts

Checked the permissions on Receive Connector it was perfect all the permissions were intect. Deleted and Recreated the Bidirectional Routing Group Connector from Exchange 2010:
New-RoutingGroupConnector -Name "2010-2003" -SourceTransportServers "Exchange2010.corp.domain.com" -TargetTransportServers "Exchange2003.corp.domain.com" -Cost 1 -Bidirectional $true

http://technet.microsoft.com/en-us/library/aa997292.aspx

After digging around all over the domain and sites I couldn't find anything which was blocking these mails.
But guess what happened, was doing some network activity and found that there is a CISCO ASA firewall between all the sites. It was CISCO, checked the firewall and found that SMTP Inspection is enabled. Disabled the SMTP Inspection and hoooooray.....Mails started flowing across the sites.

Cheers,

How to create Public Folder Hierarchies

By Gulab | Monday, August 8, 2011 | , 2 Comments

I have seen that after migration from 2003 to 2007-2010 people tend to delete First Administrative Group from Adsiedit.msc without moving the Public Folder Hierarchies. The issue everyone face is Public Folder Database not mounting. Here is step by step instruction to create Public Folder Hierarchies.


Create the "Folder Hierarchies" under the Exchange Administrative Group
1. Right click on Exchange Administrative Group
2. Select New Object
3. Select msExchPublicFolderTreeContainer for the class and click Next
4. Enter the following for the value: Folder Hierarchies, click Next
5. Click Finish

Create Public Folder Tree Object
1. Right click CN=Folder Hierarchies -> New Object
2. Selected msExchPFTree for the class
3. For the value we entered, "Public Folders" and clicked next
4. Click on the "More Attributes" button, selected msExchPFTreeType and set the
value to 1. Note: This is very important that this value is set to a value of 1 as
this tells Exchange that this is a MAPI Tree
5. Click Ok and then finish

1. Get properties of the newly created "Public Folders" Tree object in ADSIEdit.
2. Copy the distinguishedname value to the clipboard and then click cancel.
3. Navigate to the Storage group that contains the Public Folder Store for this
server and get properties of the server.
4. Locate the msExchOwningPFTree attribute and paste in the value that was copied
to the clipboard in step 2. Click OK.
5. Restart the Information Store Service
6. Attempt to mount the PF store if it is not already.

Cheers,

Microsoft Lync Server 2010 Capacity Calculator

By Gulab | Wednesday, August 3, 2011 | , Leave a comment

Re-release of Update Rollup 4 for Exchange Server 2010 Service Pack 1

By Gulab | Thursday, July 28, 2011 | Leave a comment

Note: If you are running Microsoft Forefront, it is important to disable Forefront protection during the update:
Before running patch: fscutility /disable
After running patch: fscutility /enable

Cheers,

Exchange 2010: How to delete the First database and move the system mailboxes

By Gulab | Monday, July 25, 2011 | Leave a comment

How to Increase number of Mailbox move in Exchange 2010

By Gulab | Wednesday, July 20, 2011 | Leave a comment

Assume you are doing migration to Exchange Server 2010 and you want to move 50 Mailbox at a time rather than the default number.
Check the reference Tech Net article:
Throttling the Mailbox Replication Service

To increase the number of moves you will have to make the changes in MSExchangeMailboxReplication.exe.config file.
A) Go to all Exchange 2010 CAS Servers, open the below file in notepad or any file editor:
C:\Program Files\Microsoft\Exchange Server\V14\Bin\MSExchangeMailboxReplication.exe.config

B) Change the below values:

1. MaxActiveMovesPerSourceMDB = “50″
2. MaxActiveMovesPerTargetMDB = “50″
3. MaxActiveMovesPerTargetServer = “50″

C) Save the file and restart the “Microsoft Exchange Replication Service".

Cheers,

Communicator & Lync Lync Sign-In Troubleshooting Tool Version 3.0

By Gulab | Leave a comment

The OCS & Lync Sign-In Troubleshooting Tool V3.0
Download
  1. You can download the tool here (save locally, unzip, and run on a Windows client).
Description
The OCS & Lync Sign-In Troubleshooter helps diagnose Microsoft Office Communicator and Lync clientsign-in issues.
Features
1] DNS Information.  The tool queries for the DNS SRV and A records used by the Communicator or Lync client to automatically locate the OCS or Lync server. It queries the DNS server (as configured on the client machine) and displays the results for the following DNS records:
  1.  _sipinternaltls._tcp.<domain.com>
  2. _sipinternal._tcp.<domain.com>
  3. _sip._tls.<domain.com>
  4. _sip._tcp.<domain.com>
  5. sipinternal.<domain.com>
  6. sip.<domain.com>
  7. sipexternal.<domain.com>
The preferred DNS match (that the client will first attempt to use) is then highlighted in the results.
2]  Test Port Availability.  A user can click on any of the DNS sign-in records that returned a match (resolved on the client) and then test the connectivity of the hostname and port associated with that DNS record.
3] Remotely Retrieve Certificate Information.  A user can click on any of the DNS automatic sign-in and remotely retrieve the X509 Certificate information if the port is secured using TLS (or SSL).  Certificate information returned includes the Common Name (CN), Subject Name, Issuer, Certificate Authority, Expiry Date, Creation Date, and Subject Alternative Names (SANs).
4] The tool also retrieves and displays the Installed Version of the Office Communicator or Lync client.

To Use
  1. Click on the Download link and save the file on the client computer where the Lync or Office Communicator client is running.
  2. Extract the MOCLogin.exe file.  Right-click | Properties | “Unblock” it.  Double-click it to run the tool.
  3. Enter a SIP address or SIP domain name, and press Go.
  4. Optionally select a matching DNS record result and test the port connectivity or retrieve the certificate information.
Support
This tool is offered on a best effort basis by Curtis Johnstone. No formal support or warranty is offered, implied or intended.
Tested On
Microsoft Windows XP, Vista, 2003, Windows 7, and Windows 2008 with the latest Service Pack’s (as of July 2011).  The only language it was tested with is English.
Copyright
 This tool is Copyright © 2011 Curtis Johnstone and cannot be distributed without explicit permission.
Screen Shots
Main DNS Queries (Example)
Certificate Information (Example)

Cheers,

Error code 0X80004002 while doing In-Place upgrade from Exchange 2003 Standard to Enterprise

By Gulab | Saturday, July 16, 2011 | Leave a comment

It's been long time I worked on Exchange Server 2003. I got a chance to work on it this week and it's interesting. Client had Exchange 2003 Std edition and database crossed the 75 GB limit.
The good part was that client got this issue on weekend, hence there were no issues in production.
After long discussion we decided that migrating to Exchange 2010 won;t be possible due to the budget (as if now) hence he asked for the alternate resolution. After checking the event 1221 for Mailbox and Public Folder Store we found that there  is nothing we can achieve even after running the Defragmentation.

We decided to do In-Place upgrade from Standard to Enterprise.The good part is, client had the licensing for Enterprise(I don't know why didn't they installed Ent. edition).
Started the upgrade and it failed. Check the application log and found the below event id.

Event Type: Error
Event Source: MSExchangeSetup
Event Category: Microsoft Exchange Setup 
Event ID: 1002
Date:  7/10/2011
Time:  10:21:37 AM
User:  N/A
Computer: 2003
Description:
Exchange Server component Microsoft Exchange Messaging and Collaboration Services failed. 
Error: 0xc107041d - 0xc007041d - The service did not respond to the start or control request in a timely fashion. (EXIFS) 
For more information, click http://www.microsoft.com/contentredirect.asp. 
Checked the ExchangeSetupLog and got the error:

CComBOIFacesFactory::QueryInterface (d:\jtrs\admin\src\udog\bo\bofactory.cxx:54)
           Error code 0X80004002 (16386): No interface.

After doing little research I found that it's EXIFS which need's be corrected in the registry. 
Changed the value from 2 to 3 on Start key at the below location: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\EXIFS\Start
After changing the registry value continued the upgrade and it completed successfully.
Installed SP2 on the server. Restarted the Exchange Server and checked the application log for event  ID 1217 for Enterprise edition and it was present, which says that server has been successfully upgraded to Enterprise edition.

Checked the Mailbox Store and Public Folder Store and they mounted successfully. Created New Mailbox Store without any issue.

Cheers,

Exchange 2010 SP1 RU4 Removed from Download Center

By Gulab | Thursday, July 14, 2011 | Leave a comment


Released: Update Rollup 4 for Exchange Server 2007 SP3

By Gulab | Sunday, July 10, 2011 | Leave a comment

Description of Update Rollup 4 for Exchange Server 2007 Service Pack 3
Update Rollup 4 for Exchange Server 2007 Service Pack 3 (SP3) resolves issues that were found in Exchange Server 2007 SP3 since the software was released. This update rollup is highly recommended for all Exchange Server 2007 SP3 customers.

Update Rollup 4 for Exchange Server 2007 Service Pack 3 (KB2509911)
http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=26692

Issues that the update rollup resolves:
http://support.microsoft.com/?kbid=2509911
Cheers,

Accepted Domains, Safe Senders List and You

By Gulab | Saturday, July 9, 2011 | Leave a comment

You may have noticed a change in the behavior of the Safe Senders list within Outlook starting in Exchange 2010. Users can no longer add accepted domains to Outlook’s Safe Senders list.
Screenshot: Adding an accepted domain to Outlook's Safe Senders list
Figure 1: Adding an accepted domain to Outlook's Safe Senders list
This was done as an anti-spam deterrent as we have all seen cases where Joe The Spammer spoofs the mail from your own domain. Adding your own domain to the Safe Senders list would bypass all Outlook client-side anti-spam checks, dumping that message from the Nigerian prince (spoofed using your own domain) into your users’ Inboxes. Not so good unless you were really waiting for that business opportunity.
A valid SPF record and our anti-spam agents (specifically the SenderID agent) would go a long way to block these types of spam. However, many customers out there have not exactly jumped on the SPF bandwagon.
You can learn more about SenderID filtering in Sender ID and Understanding Sender ID. Use the Sender ID Framework SPF Record Wizard to create an SPF record for your domain.
With Exchange 2010, you CAN still add individual email addresses from your own accepted domains to the Safe Senders list - you just can’t add the entire domain, as shown in the screenshot above.

What happens if you DO decide to add the whole domain?
If you try to do this for a user via the Shell, you will get the very helpful error below:
“<@yourdomain.com>” is your e-mail address or domain and can’t be added to your Safe Senders and Recipients list.

Figure 2: If you try to add an accepted domain to user’s Safe Senders list using the Shell, you get an error indicating its your domain or e-mail address
We tell you exactly why we are throwing an error.
How about when a user does this via Outlook? First, Outlook lets the user add a domain.

Figure 3: Although users can add an accepted domain to their Safe Senders list in Outlook, it is automatically removed in a few minutes
However after a few minutes the entry will magically disappear.
The Disappearing Safe Senders List
In Exchange 2010 SP1, a bug was introduced where if the user added the accepted domain to his/her Safe Senders list via Outlook - not only would the accepted domain entry disappear but it would take the user’s entire safe senders list with it. This was fixed in E2010 SP1 RU3v3 where we are back to the expected behavior.

Allowing app servers to send as your own domain

Many customers have various applications that submit mail anonymously to Exchange where the messages come from email addresses from your accepted domains.
Some of you have apps submitting from so many accepted domain addresses that it wouldn’t be feasible (let alone fun) attempting to add all of these addresses individually to the safe senders list in Outlook to ensure these messages do not end up in junk mail.
Now that we can’t add the whole domain, what are our options?
  • We know that adding all the addresses manually is an available albeit painful option
  • A second option is to disable Outlook’s client side filtering (yeah... not a good idea, so do not seriously consider it. Spam checks out the window!)
  • A third and best option is to install the anti-spam agents on your relay hub(s) and add the IPs of your app servers to the IP Allow list of the connection filtering agent as documented here.
When the sending SMTP host’s IP address is on the IP Allow List in Exchange, it bypasses all anti-spam checks (except sender/recipient filtering) and the Content Filter agent stamps an SCL of -1 on the message which Outlook will honor.
Here's what the message header will look like:
X-MS-Exchange-Organization-AuthAs: Anonymous
X-MS-Exchange-Organization-Antispam-Report: IPOnAllowList
X-MS-Exchange-Organization-SCL: -1
So, go ahead and run the Install-AntispamAgents.ps1 from the Scripts folder on your Hub Transport server, and then add IP addresses or subnets of our application servers to the IP Allow List.

Figure 4: Adding IP address or address range of internal app servers to the IP Allow List using the EMC
If using the Shell, use this command to add an IP address to the IP Allow List:
Add-IPAllowListEntry –IPAddress 192.168.10.120
What Not To Do: Using Externally Secured Authentication
Now I know what you’re thinking: Why don’t we just add Externally Secured Authentication as an authentication type on a Receive Connector, scope the connector’s remote IP range to the sending application servers and call it a day?
Well, not so fast... you see, while Externally Secured gives the sending IP the ms-Exch-Bypass-Anti-Spam extended right, this only circumvents the Exchange Anti-Spam checks, not Outlook’s. And it is Outlook that’s moving the message into junk mail in this case.
Also note that Externally Secured does not stamp any SCL X-headers on the message as an SCL of -1 would’ve bypassed Outlook’s checks. The only header this authentication type creates is the one below:
X-MS-Exchange-Organization-AuthAs: Internal
If you're still confused about Exchange and Outlook anti-spam checks, take a look at Exchange anti-spam myths revealed.

Big thanks to Tak Chow for tech reviewing this post.
Tom Kern

MS Exchange Information Store Service not starting after upgrading Exchange 2007 SP1 to SP3

By Gulab | Tuesday, June 28, 2011 | Leave a comment

I was working on Exchange 2007 SP1 to upgrade it to SP3. I upgraded the server with SP3 without any issue and restarted the server. After the restart i found that MS Exchange Information Store service is not started. I tried to start it manually but it failed with event id 5000.
As per the support article http://support.microsoft.com/kb/944752 but in my case it wasn't the issue.

I was getting the error message:
Unable to initialize the Microsoft Exchange Information Store service. Failed to find the working directory parameter from the registry - Error 0x80004005.

After doing little bit of research i found that i have to make changes in the registry.
I went to the registry Editor on the server:
Under this Registry Key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSExchangeIS\ParametersSystem
Add a new String Value and call it "Working Directory"
Enter the path for the working directory C:\Program Files\Microsoft\Exchange Server\Mailbox\MDBTemp

Note:You need to make sure that you have the right name of the String Value and the location i.e C:\Program Files\Microsoft\Exchange Server\Mailbox\MDBTemp

After making the change, restarted the Exchange Server and MS Exchange Information Store Services started successfully.

Cheers,
-Gulab

Exchange Deployment Assistant

By Gulab | Saturday, June 11, 2011 | Leave a comment



We're happy to announce that we've enhanced Exchange Server Deployment Assistant to include support for configuring rich coexistence (also known as “hybrid deployment”) for organizations interested in maintaining some users on-premises with Exchange 2010 and some users hosted in the cloud by Microsoft Office 365 for enterprises. This scenario is in addition to the existing support for configuring rich coexistence between on-premises Exchange 2003 and Exchange 2007 organizations and Office 365.
The new coexistence information for the Exchange 2010 environment is only available in English at this time and requires that your existing Exchange 2010 servers are updated to Exchange Server 2010 Service Pack 1 (SP1).
Rich coexistence (“hybrid deployment”) offers organizations the ability to extend the feature-rich experience and administrative control they have with their existing on-premises Microsoft Exchange organization to the cloud. It provides the seamless look and feel of a single Exchange organization between an on-premises organization and a cloud-based organization. In addition, coexistence can serve as an intermediate step to moving completely to a cloud-based Exchange organization. This approach is different than the simple Exchange migration (aka cutover migration) and staged Exchange migration options currently offered by Office 365 outlined in Email Migration Overview in Exchange Online help.
If you're not already familiar with the Exchange Deployment Assistant, it allows you to create Exchange Server 2010 on-premises configuration and deployment instructions that are customized to your environment. It asks you a small set of simple questions and it provides a checklist with instructions that are designed to deploy or configure Exchange 2010 based on your answers. In addition to the online checklist, you can even print a PDF of your checklist.

Figure 1: The Exchange Server Deployment Assistant (ExDeploy) is a web-based tool that helps you upgrade to Exchange 2010 on-premises, deploy a hybrid on-premises and Exchange Online organization or migrate to Exchange Online
Your feedback is very important for the continued improvement of this tool. We would love your feedback on this new scenario and any other area of the Deployment Assistant. Feel free to either post comments on this blog post, provide feedback in the Office 365 community migration and coexistence forum, or send an email to edafdbk@microsoft.com via the 'Feedback' link located in the header of every page of the Deployment Assistant. Thanks!
The Exchange Team

EXCHANGE RANGER