Register a SA Forums Account here!
JOINING THE SA FORUMS WILL REMOVE THIS BIG AD, THE ANNOYING UNDERLINED ADS, AND STUPID INTERSTITIAL ADS!!!

You can: log in, read the tech support FAQ, or request your lost password. This dumb message (and those ads) will appear on every screen until you register! Get rid of this crap by registering your own SA Forums Account and joining roughly 150,000 Goons, for the one-time price of $9.95! We charge money because it costs us $3,400 per month for bandwidth bills alone, and since we don't believe in shoving popup ads to our registered users, we try to make the money back through forum registrations.
«4 »
  • Post
  • Reply
Linux Nazi
May 6, 2003

./configure; make; HEIL!

Pillbug

R-Type posted:

From someone who is a co-owner of IT company and TPM that has done hundreds of Exchange 2007 and 2010 implementations, Exchange 2007 and 2010 suck massive elephant cock. Also, gently caress PowerShell in its loving rear end.

Sorry for the generalized rant, had to blow off steam. A recent implementation has gone awry yet again (certificate issues) and is causing massive grief, thank goodness this is a parallel spin-up to an existing 2003 environment.

I don't know how somebody with this amount of exposure to exchange 2007 and 2010 could have such a negative view of it.

When I very first started performing 2003 to 2007/2010 migrations I was thrown for a loop on a few minor details (looking at you, msExchOwningPFTree), but 2010 especially is incredibly simple to manage, especially in multi-server environments. It's really goddamned stable, easy to troubleshoot, and I don't know how else to put this except to say that powershell loving owns. If you absolute want to avoid it in 2010 you can, except for maybe performing some diagnostic tasks when something breaks.

I also work for an outfit that has done hundreds of exchange implementations, and compared to anything prior, 2007/2010 is a goddamned dream to work with.

Things I do not miss from 2000/2003: horrible diagnostics framework, ~*~IIS dependencies~*~, poo poo message filtering (requiring horrible 3rd party products), public folder syncing horseshit, front-end/back-end coexistence seemingly a complete afterthought.

I mean in 2010 configuring RDP over HTTP takes like 2 clicks to enable and you are done with it, in previous versions you had to jump through so many hurdles.

I get that it's easy to hate on Microsoft, but Exchange 2010 is about as good as you can hope for when it comes to managed mail services.

Adbot
ADBOT LOVES YOU

Linux Nazi
May 6, 2003

./configure; make; HEIL!

Pillbug

Thel posted:

I have no problem with typing in a server name.

It's when I have to reconfigure ~400 TS profiles one by one that I'll start having problems.

Is there an easier way to reconfigure outlook settings for Terminal Services users?

Autodiscover really isn't troublesome to configure at all, just remember to include the URL for it as a subject alternate name in your cert.

If you've moved mailboxes to another server in the site then the outlook client should automatically reconfigure itself.

Linux Nazi
May 6, 2003

./configure; make; HEIL!

Pillbug

Thel posted:

I'm not an exchange expert by any stretch, I'm a DBA that's been press-ganged into helping clean up the fallout.

(I laugh because otherwise I'd have to cry ...)

So when you say put the URL for it as a subject alternate name in your cert, I assume that's something I'd do on new-mail-server? old-mail-server doesn't actually exist any more.

Exchange 2010 basically requires a SSL cert, if you are cheap you can go to a site like godaddy or certificatesforexchange.com for a cheap-o starfield cert that is going to be accepted by every web browser or mobile device, or use a self-signed cert (or one supplied via a PKI if you have one already configured.)

Godaddy / C4E will walk you through the issuing process, just be sure to add autodiscover.maildomain.com as one of the SAN entries. You can use powershell or the management interface to generate the initial CSR.

Then:

Exchange team blog how-to for setting up autodiscover.

It's a lot of but honestly there isn't much to it, especially for a single-server configuration. You don't have to take the server down so even for somebody new, there is little risk to configuring it.

Then, of course, the connectivity test site for when you are done:

http://www.testexchangeconnectivity.com/

Linux Nazi
May 6, 2003

./configure; make; HEIL!

Pillbug

Thel posted:

Heh. Uh, after our exchange 2007 migration blew up spectacularly (irreparably corrupted mail store, or something along those lines), we went back to 2003. Which looks like it doesn't have autodiscover. FML.

(Don't ask me I don't make the decisions. Either way, no autodiscover, should I go back to pushing a .prf file?)

e: 1.5 days to migrate from 2003 ... to 2003. And we still haven't sorted the terminal services issues out yet (a day after we got people on laptops working).

Eek, I get if it is out of your control, but I can't imagine deploying an exchange 2003 server in the year 2011.

That being said, if the mailboxes currently live on the current 2003 server, when you move them to the other 2003 server then the outlook client should reconfigure itself without you having to do anything. Occasionally a client hiccups, but 99% of them should point to the new host without issue.

Also how did you manage to get a corrupt mailstore on the 2007 server? When you migrate, the install basically drops a inter-site connector for the purpose of the migration, and you can gracefully move the mailboxes from the old server to the new mail store. It isn't as if you need to schlep the EDB files over and mount them in the 2007 server or anything, you populate an empty mailstore on the 2007 with the migrated data when you move the mailboxes.

Linux Nazi
May 6, 2003

./configure; make; HEIL!

Pillbug

Thel posted:

I don't know. I just don't know.

(I wasn't actually here when they did the migration over the weekend. All I heard when I came in on Monday was "it's all hosed up and we can't fix it. Trying to get mail back on to a 2003 server, but that's not working either".)

So now we have a new mail server that has all the mailboxes on it, the old server has disappeared (we still have a copy of the VM but we can't bring it up except in safe mode ), and none of the clients pick up the new server automatically. Laptops is fine because we can configure those ourselves, but our TS GPOs don't allow TS users to access control panel->mail, and when they open Outlook they get an error "default mail store unavailable" or something along those lines, Outlook closes immediately.

You could try to loosen the GPO restrictions on accessing the mail control panel icon and instead install the office 2007 resource kit, add the Outlk12.adm admin template, and apply the "prevent users from adding e-mail account types" policy.

This should let you effectively let users access the mail panel but not add any personal e-mail accounts.

Only registered members can see post attachments!

Linux Nazi
May 6, 2003

./configure; make; HEIL!

Pillbug

Thel posted:

Thanks for that. Turns out the users that are having problems have mailboxes in the exchange server, but don't show up in any of the address lists. The only solution we've found is to delete and recreate their accounts (losing all of their settings aside from whatever we save).

In short: Fuuuuuuck.

By "deleting their accounts" do you mean just deleting their outlook profile? If so, give manually downloading the OAL a shot first? If they are in cached mode then the OAL is where the client looks for the GAL.

Hopefully your global address list / OAL isn't hosed up due to the migration so far. It's pretty easy to get hosed up due to the stupid way it's tied to the public folder replication, which is almost certainly broken considering how ungracefully the old server seems to have been ripped out.

Only registered members can see post attachments!

Linux Nazi fucked around with this message at May 25, 2011 around 00:38

Linux Nazi
May 6, 2003

./configure; make; HEIL!

Pillbug

Gyshall posted:

- Read the prereqs for Exchange 2010 and make sure to install them all - http://technet.microsoft.com/en-us/...y/bb691354.aspx - also the ifilters (basically integrates Windows Search with 2010 almost seamlessly) - http://technet.microsoft.com/en-us/...y/ee732397.aspx

The SP1 download for 2010 can be used to perform a fresh install, and as part of the new setup process it includes a checkbox that will automatically add all of the required roles and services for most vanilla setups.

It is literally the best thing ever if you have to repeatedly perform installs.

Linux Nazi
May 6, 2003

./configure; make; HEIL!

Pillbug

angry armadillo posted:

So this seems like a reasonable thread to post this:

Managing exchange mailboxes, please tell me how you do it.

It's not my decision on how we do it in our place, but if you haven't read the ticket came in thread, our exchange server died and the CIO wasn't happy with how my line manager, manages mailboxes (say that out loud )

Specifically, we run exchange 2003, it used to be standard edition and we nearly hit the 65gb limit. At this point my boss went round some of the biggest mailboxes and archived all their mail into personal folders on a network share.

The he realised the info store wasn't going down in size because he needed to do an offline defrag. This was going to take longer than a weekend so he never bothered. Eventually we hit the limit and used the email crash as a way of getting an order for exchange 2003 enterprise signed off... So now we pretty much just let users have big mail boxes.

- I'd say we have around 300 users and a mailbox store of 160gb, which from what I have discussed elsewhere isn't that big. However refer to the above about the CIO not being happy - he said he wanted us to reduce it by 50%.

His reasoning will be that he does a lot of work with the company that own us, and because they own us our policies on basically everything have to be in line as possible with theirs - their mailbox policy is 10mb of space each or 40mb if you are an exec. Archive or delete anything else. (though they have around 600k users worldwide, I'm not sure how that breaks down regionally, but I guess that is why they are a touch on the militant side perhaps?)


As much as it isn't my decision on how we change our policy, I can see 'buying enterprise and ignoring the problem' isn't a solution. There is a 'post-server-crash' meeting this week and I'd at least like to look half informed when I open my mouth.


So any knowledge would be appreciated

I hope you have some beige fatigues and jackboots to wear into the office after you impose that strict a limit. 10MB is barely anything.

I would first plan on moving to 2010, don't even consider 2007 at this stage. For an org with that many mailboxes you should not run into any problems with a new hardware request as part of the migration.

Then implement online archiving as part of the rollout.

The one thing you absolutely 100% at all costs want to avoid is PST files. Local stored PST files may as well be lost email, since their retention is completely out of your control and you have really no options for disaster recovery.

Opening PST files across the network is bad. Simply do not do it ever, especially as part of any kind of company policy. If you are in charge of managing exchange in any capacity then I really shouldn't have to explain why.

Linux Nazi fucked around with this message at Jun 7, 2011 around 16:24

Linux Nazi
May 6, 2003

./configure; make; HEIL!

Pillbug

Gyshall posted:

For Exchange? 0, nil, nada. If you are on Exchange, you should have OST files instead.

That being said, I have seen some clients who have outside consultants who have upwards of 16gb PST files, sometimes worse.


This is all fantastic advice. The 10MB limit is a bit harsh. Consider a gig per mailbox, maybe more. Set up deleted item retention limits and archiving, and Exchange will pretty much maintain itself in both of those regards.

He already has an average of ~500MB per mailbox, so I think that with archiving you could realistically manage it down to 100MB without too many headaches.

Just 10 MB, sheesh. I mean there are certainly environments where modest mail store allocation isn't really required, but normal office type work would be hell: "Wait, before you send me that attachment I have to delete literally ever message in my inbox.... okay now try it"

Linux Nazi
May 6, 2003

./configure; make; HEIL!

Pillbug

Shadowhand00 posted:

What is the maximum size a PST should be before moving onto a fresh one?

Newer unicode PST files can get to roughly 18-20GB, the old ASCII encoded files were those hellbeasts with a 2GB limit that people loved to break.


I remember having to schlep broken 2GB PST files over to an at-the-time top of the line dual P3 Dell Poweredge with a SCSI RAID 0+1 array in order to get the inbox repair tool to process it before the end of the day.

Linux Nazi
May 6, 2003

./configure; make; HEIL!

Pillbug

Scaramouche posted:

One caveat with this is that I've noticed exch 2010 doesn't play well with < Outlook 2007 so make sure your clients are up to snuff/available. This is why we're still stuck on exch 2007 SP3.

What types of problems have you encountered? I've got (unfortunately) many Outlook 2003 clients at many sites using Exchange 2010 and haven't had any issues.

I've had the exact opposite, Outlook 2007 not playing nice with resource accounts and sending meeting requests in an exchange 2003 environment, though they released a patch specifically to address that (finally).

These days though I'm not sure how far I would let my sympathy go for people complaining about wanting to still use Office 2003. I certainly would not let it drive my decision making on a new Exchange deployment, if I was experiencing problems with Outlook 2003 on Exchange 2010, I would be far more likely to write Outlook 2003 out of the picture or tell people they will just have to cope with whatever nuance crops up.

Linux Nazi
May 6, 2003

./configure; make; HEIL!

Pillbug

Scaramouche posted:

The core functionality is there, I think the big problems are with public folders and global address lists. I was thinking about the upgrade but then googled 'outlook 2003 with exchange 2010' and saw all these horror stories and held off; the furor might be overblown it's true.

It's overblown.

Outlook 2003 is blind to how the GAL/OAB operate behind the scenes, suffice to say that if your Outlook 2003 clients are having problems with retrieving the global address list and accessing public folders, than your Outlook 2010 clients are going to be having the same problem.

There are considerations you have to prepare for if you are going to have extended periods of coexistence, such as enabling VLV and waiting for the GroupMetrics to perform its initial generation (which only occurs on sunday, I've never found a way to force it).

FWIW I've stumbled through some of my first Exchange 2010 migrations relatively blind and never did any of that and by the time I had the mailboxes living on the new server, everything was fine. Never even saw any errors.

Linux Nazi
May 6, 2003

./configure; make; HEIL!

Pillbug

incoherent posted:

There is a registry edit out there to push this 75GB.

They obviously know about that entry since it has been raised from the default already.

Besides you never actually set it for the maximum size, I usually would set it for 70GB, that way when it hit the top I had room to bump it up another couple gigs so I could keep it mounted and deal with the cleanup.

Linux Nazi
May 6, 2003

./configure; make; HEIL!

Pillbug

mindphlux posted:

lol ok so

migrated some accounts from exchange 2003 to hosted 2010 with intermedia

everything went pretty well, but then have some problems - users address books or something contain old x.400 (or 500? I don't know) names, and so when outlook autocompletes internal addresses, users get undeliverables (ie, trying to deliver to old server's x400 address)

so, intermedia offered to import my x.500 addresses if I could provide a list of them. which is swell, but I can't figure out a time efficient way to export a list of mailboxes along with proxy addresses from my old sbs2003 server.

anyone a better exchange admin than me? I could just type them by hand by opening active directory users and computers, but... naw.

Correct, nickname cache can hold into invalid x400 address information and try to submit that information to the wrong location.

Have users start outlook with the /CleanAutoCompleteCache parameter, or script the deletion of the .nk2 file. You can also install the outlook admin templates and create a GPO to do the work for you, it's located in the "options\preferences\e-mail options\advanced e-mail" for the 2003/2007 templates.

Pro Exchange Admin tip: give users plenty of warning before you kill their autocomplete, people are dumb as hell about how they rely on that for important addresses.


adaz posted:

Man gently caress exchange's auto-complete cache forever and ever and ever amen. One of the most annoying "features" ever.

I'm not sure about exporting them out, but I do know if you wipe the auto-complete cache it should fix the problem. It should be under %APPDATA%\Microsoft\Outlook - ProfileName.Nk2 file and delete it, should be a fairly easy script.

You can't really blame exchange here, it is really only "at fault" for clients that support "roaming autocomplete lists", which currently is just Outlook 2010, and maybe the latest version for Macs.

The nickname cache is part of the outlook functionality. When they moved it serverside with the roaming autocomplete it's supposed do it's own housekeeping, though honestly I've not had enough users that use Outlook 2010 and then go through a migration to really get a feel for how well it works.

Linux Nazi fucked around with this message at Jun 9, 2011 around 14:45

Linux Nazi
May 6, 2003

./configure; make; HEIL!

Pillbug

Sometimes people losing their autocomplete is good for them in the long run, it's painful enough that they are more mindful to save important contacts later on.

I've never had a user complain about losing important contacts this way more than once.

Linux Nazi
May 6, 2003

./configure; make; HEIL!

Pillbug

NinjaPablo posted:

Trying to set up OWA to redirect correctly, and I've got half of it together.

If a user is on Exchange 2003 and tries to login to 2010 OWA, they are properly redirected to the external URL of 2003's OWA. However, if a user is on 2010 and tries to login to 2003 OWA, they are redirected to the internal (exch2010.internal.local) domain name of the 2010 server. How can I tell 2003 to redirect to the proper external URL?

If their external OWA url is set correctly then it should try to redirect them to that URL. You can either use the EMC under server configuration -> client access -> outlook web app or the shell, and then use the shell to set the Exchange2003Url argument "Set-OwaVirtualDirectory -ExternalUrl [mail.whatever.com] -Exchange2003Url [2k3.whatever.com]"

I assume it should redirect 2010 mailboxes to the proper external URL if they attempt to log into the 2003 OWA if the OWAVirtualDirectory settings are correct, though honestly I usually stage my migrations to get all of the mailboxes on one enviroment or the other. I try not to let coexistence linger any longer than I absolutely have to.

The problem here is, is that you have to configure both URLs to be accessible via the net. So you basically have 2 OWA sites exposed, and end up doing twice the work w/r/t configuring the firewall, DNS, SSL certs etc.

Web users are blind to it since the browser does the work for them, but this breaks activesync, so phones for 2003 users have to be manually set for the 2003 URL, then when you move the mailbox you have to manually change them to the proper OWA URL. This may or may not be a big deal.

Only registered members can see post attachments!

Linux Nazi
May 6, 2003

./configure; make; HEIL!

Pillbug

Mierdaan posted:

Dynamic distribution list question: we have a user who just transferred departments, but is still getting the DDL emails for her old department. She's definitely not in that OU anymore, and the recipientfilter/recipientcontainer are just the standard ones:

code:
RecipientContainer                 : domain.local/blah/old OU
RecipientFilter                    : ((Alias -ne $null) -and (-not(Name -like 'SystemMailbox{*')) -and (-not(Name -like 'CAS_{*')))
DDLs are supposed to check their members when delivering a message, so there's no membership list or anything to update. Any ideas?

Dumb question, but any replications issues on the DC/GC that the exchange server is looking at?

e: check the AD powershell console and run a 'get-aduser -server [servername] "username"' against the DC that exchange is making it's queries to and see if it comes up with the correct OU.

Linux Nazi fucked around with this message at Jul 11, 2011 around 14:17

Linux Nazi
May 6, 2003

./configure; make; HEIL!

Pillbug

Mierdaan posted:

Not a dumb question at all. No replication errors as far as dcdiag knows.

After installing hotfix 969166 on my 2008 RTM SP2 server so that I could actually install ADWS so I could query the exchange org's OriginatingServer via get-aduser, I can say that yes it sees the right OU for her user object.

Strange, I'm a little fuzzy on how caching and OAB caching works for dynamic distro lists but the 2 things I would check would be:

1. Check the output of the Get-Recipient -RecipientPreviewFilter against the dynamic list to see if it's populated correctly. ie. see if the user is still a member when it dumps the output.

2. If possible submit a test message via OWA to eliminate a cached OAB holding onto the membership incorrectly. Though I am unsure if the OAB caches the actual membership of a DDL so maybe somebody can clarify if this is a good idea? I've had to deal with OAB vs distribution list membership issues before because I was not privy to errors with the OAB updating automatically. OWA doesn't use the Offline Address Book so if it's incorrectly cached there it should submit cleanly via OWA.


Also I would check the actual AD DS and NTFRS event logs as well as dcdiag to look into replication snafus.

Linux Nazi
May 6, 2003

./configure; make; HEIL!

Pillbug

Google-fu seems to mention that those warnings seem typical for 2003 -> 2007/2010 upgrades concerning trailing whitespace, a technet post that seems to correlate the issue you are having is here.
code:
Get-Mailbox | Foreach { Set-Mailbox -Identity $_.Identity -DisplayName $_.DisplayName.Trim() }
Though I've never ran across this issue myself, the fix seems to make sense, just a foreach loop ran against the mailbox list that substitutes the Identity and DislpayName value with a truncated value.

I would say go ahead and try it, and do the same for the public folders as well.
code:
get-publicfolder -identity "\" -Recurse -ResultSize Unlimited | Foreach { Set-publicfolder -Identity $_.Identity -Name $_.Name.Trim() }
If all else fails you could just create a new OAB and apply that to the database instead of the older one. As long as OAB generation is functional then you aren't risking much by creating a new one and assigning it, you don't even have to rid yourself of the old one, just stop using it until you know everything is fixed.

Linux Nazi fucked around with this message at Jul 11, 2011 around 19:50

Linux Nazi
May 6, 2003

./configure; make; HEIL!

Pillbug

Intoxication posted:

I'm playing around with installing Exchange 2010 SP1, trying to work out how to set it up for a client.
They want to move to Exchange 2010 from GroupWise.
Thankfully, they are moving to new mail addresses, as well, so the migration process is basically exporting everything from GroupWise into .psts (via Transend Migrator) and setting up mail forwarding at the former host.

For their new addresses, they already have a mailserver with their website host, and a mailbox with dedicated login and password for every user's address on there.
Those addresses are not in use yet.

How does this affect the Exchange setup? Do I use a connector (something i remember setting up in Exchange 2007 for other clients or on SBS 03/08)? Do i use a connector for each and every address? Do i need the edge tansport option for that?

My guess is that I'm looking at a fairly standard scenario here, but I don't want to start off into the wrong direction here.

It depends on what the end scenario is going to be.

Either ignore the current mail server for the new domain and set the MX records to point directly to the new Exchange installation. The Exchange 2010 anti-spam capabilities are pretty decent and after people's address books populate, pretty hands-off.

Or, if you want to use a 3rd party to filter for Spam / AV, then there are more graceful means of doing it. Sign up a postini/mxlogic account for the domain, and restrict the receive connector on the exchange server to only receive from that host's ip address(es).

It was a little more common 8-10 years ago to have individual mailboxes query an external source and retrieve messages, but that method should be avoided unless absolutely necessary. It's just a lot of administrative work for no benefit.

Linux Nazi
May 6, 2003

./configure; make; HEIL!

Pillbug

All I'm seeing in that NDR is a generic 554 SMTP response.

The thing that sucks about NDRs is that really getting a proper rejection notification is a courtesy on the receiver's behalf. If your connection is being rejected outright like it seems to be here (ie. they aren't allowing you to connect to even attempt submission), then it may be unhappy with your:

- SPF record
- rDNS PTR
- the FQDN it's submitting when it says EHLO.

For instance if your sending TPECI-SERVER.tpeci.local as the FQDN when you connect (EHLO TPECI-SERVER.tpeci.local) even if you have an SPF record set for your external domain it won't be able to do a proper query against TPECI-SERVER.tpeci.local, which is what it will try to do if that is what EHLO is providing it.

If you are on Exchange 2003 check the default SMTP virtual Server (under delivery / advanced).

If you are on 2007/2010 then run Get-SendConnector|fl name,fqdn and make sure it's returning something that matches your FROM: address.

Big providers and govt mail servers are understandably draconian about this type of poo poo.


If everything checks out then either grab the SMTP protocol logs or try using SMTPDiag to see if there are more return codes / messages.

Linux Nazi fucked around with this message at Jul 19, 2011 around 18:18

Linux Nazi
May 6, 2003

./configure; make; HEIL!

Pillbug

The Fool posted:

SPF record is set, and propagated. SPF record passed tests at http://www.kitterman.com/spf/validate.html

Ran SMTPdiag, and my server passed all of the tests.

We are still having problems with .gov and .mil e-mail addresses.

If you add -v you get a pretty verbose response that will include anything you are likely to see in the raw logs. If it passes that, and still cant be submitted via exchange then idk.

smtpdiag.exe "sender@domain.com" "reciever@domain.gov" -v

If you want, post the get-sendconnector|fl output?

Linux Nazi
May 6, 2003

./configure; make; HEIL!

Pillbug

Moey posted:

Someone please refresh my memory here. If I feel like rebooting my Exchange server. What services do I want to stop before I actually reboot the machine? I vaguely remember my coworker mentioning something, but cannot think of it for the life of me. The Information Store Service and the Transport Service?

You don't need to manually halt any, but in 2003 the information store can take a while to stop.

For 2007/2010 just set a powershell script like:

get-service -displayname *exchange*|stop-service -force

Linux Nazi fucked around with this message at Jul 22, 2011 around 02:14

Linux Nazi
May 6, 2003

./configure; make; HEIL!

Pillbug

captkirk posted:

Right now I'm having a bitch of a time getting Outlook 2007 connecting to my new shiny 2010 CAS. Whenever I launch Outlook I get

"Cannot open your default e-mail folders. You must connect to Microsoft Exchange with the current profile before you can synchronize your folders with your offline folder file."

I mostly see recommendations on forums to delete the local mailbox folders, which I've done, I've delete them, and then deleted the nodes from the registry that pertain to mail settings for me, I've tried on a different computer which I've never logged into before. Same problems. It's not the encryption option, I'm running Exchange 2010 SP1 (defaults to not requiring encryption) and I've tried with it disabled and enabled on the client side anyway.

Fortunately I'm the only person on the new mailbox servers and OWA still works for me.

Is your mailbox server 2010 or 2007?

If you create an entirely new mailbox and connect to it, is it still borked?

Linux Nazi
May 6, 2003

./configure; make; HEIL!

Pillbug

captkirk posted:

Mailbox server is a spanking new Exchange 2010 box. I get the errors when trying to access either my box or my test account's mail box (test account created on 2010 mailbox server, has never lived on any of the 2003 stuff) but bother are accessible through OWA.

Of course make sure that test-mapiconnectivity comes back clean, and then bump up the verbosity of the eventloglevel for some of the MSExchangeIS catagories(?). It sounds like a MAPI issue, considering that OWA is able to operate the mailboxes fine, but the outlook clients are not. Don't turn up a bunch of logging all at once, start with some of the general categories and go from there.

Also, since it's a new installation, maybe give the BPA a spin. It's good for making sure you didn't miss something like turning on the tcp port sharing service or whatever.

You can also rule out the mailbox database configuration itself by taking a moment to create a new one and see if you see the same behavior.


Sorry I can't be more helpful, usually new installs are relatively problem-free.

Linux Nazi
May 6, 2003

./configure; make; HEIL!

Pillbug

Mithra6 posted:

I'm having a really strange issue.

I have a client running 2003 Exchange with about 15 clients. Last week they got new internet service, so I duly updated all the MX records and router stuff.

Today I realized (due to spotty internet access) that I forgot to change the internet DNS on the DHCP. DHCP is on a Sonic Wall router. My normal preference is to simply use the router's IP for this, but I decided to keep things pretty much as they were on the original settings since this network is very badly set up and I have a long-term project to simplify all of this.

Anyhoo all I did was remove the old IP's DNS and changed it to the new on the DHCP today.

As soon as I did it, 4 users couldn't connect to Exchange. This was after I refreshed everyone's IPs. All of the other users (the majority) are fine. I didn't change anything on the servers. The affected users can log into OWA with no problem, so it's not like they mysteriously lost Exchange accounts. All affected users have either Outlook 2007 or 2010. All of the working users have the same except a couple of 2003.

In case it matters the DNS in DHCP looks this:

DNS 1: 192.168.1.12 (Primary DC)
DNS 2: 192.168.1.6 (BDC)
DNS 3: x.x.x.x (new ISP's DNS)

What the hell?

In an AD environment your internal clients should only be pointing to an internal DNS server, if your clients are getting an additional external DNS from the DHCP provider then all kinds of things (like authentication) are going to be unreliable and skewed.

The DNS server on the internet isn't going to have things like any of your SRV records or _msdcs information in place, so clients are going to be blind to a lot of key information if they make the request to the wrong provider.

Just have the internal DNS server either configured for root hints (should be default) or give it your ISP's DNS servers as forwarders.

Linux Nazi
May 6, 2003

./configure; make; HEIL!

Pillbug

It is odd that you are receiving the 554 response immediately after the data clause kicks in. This probably explains why you aren't seeing the response when you use telnet, you aren't submitting a MIME encode when you type DATA and then hammer out a test message.

Though I am honestly at a loss as to what the receiving end is so pissed off about, something about the message content. I once had a similar issue where somebody had a twitter link in their signature that was misspelled, but the link was not. So it ended up looking like a phishing link, they kept getting rejected right at the data clause as well. Do you have any default signatures or transport rules appending messages in any way?

Also your connector is completely typical, if you don't mind show me your Get-RemoteDomain|fl output.

Linux Nazi
May 6, 2003

./configure; make; HEIL!

Pillbug

LamoTheKid posted:

Gunning to do my 2010 CAS cutover tomorrow night (co-existance with Exchange 2003).

I'll be leaving the legacy server in place for a month or two since there's a lot of large mailboxes I need to move over.

A few questions...

Can I move the OAB right now or should I wait until the CAS is cutover to be our external facing site?

I have a BES Express server in place hooked up to the old server. Do I need to worry about permissions or for tha tmatter, ANYTHING, with the new server at all or will I be ok until I move the mailbox over to the new one?

The 2010 OAB should be independent from what you have in the 2003 environment. You should have one created and assigned to the new mail database.

If you haven't already, create a test mailbox both on 2010 environment and one on the 2003, make sure you can reach each via the new CAS, and that everything works peachy. If it does, then you shouldn't have much to really worry about.

I'm not sure on the BESX server, I've installed both 4.x and 5.x in the past, but I've never migrated from 2003 to 2010. I would make sure that your BESAdmin account has all of the required permissions (Add-ADPermission -User "BesAdmin" -AccessRights ExtendedRight -ExtendedRights Receive-As, ms-Exch-Store-Admin) on the new databases, and that it's a local administrator of the 2010 server. Then do some testing. If it's version 5 then it may still provision devices and function while you migrate everything.

But honestly there shouldn't be any surprises when you go to move mailboxes, there is ample time (and zero risk) to test things before you commit to moving the mailboxes to the new home.

Linux Nazi
May 6, 2003

./configure; make; HEIL!

Pillbug

nexxai posted:

I have a question about Exchange via HTTP on Exchange 2007/Office 2010.

To note: I've got all the external and internal hostnames set up correctly (autodiscover is resolvable outside of the building, etc.) and the UCC certificate is working great.

When I have a laptop in the building that I've configured Outlook 2010 on, they can then take that laptop outside of the building and not even need a VPN connection to connect to Exchange - it uses connection type "Exchange HTTP". What I'm trying to figure out is how to setup a laptop for this same type of connection that has never set foot in our office.

I've tried replicating the settings exactly how my copy of Outlook on my laptop is set up, but when I go to add the server name and click the "Check name" button after I've entered my name, I get this error: http://i.imgur.com/EwqeG.png

Am I missing something here, or do I have to have the machine here in the office for the initial configuration?

It should automatically configure the RPC proxy settings with autodiscover, but where you want to verify that is going to be buried in the mail account settings here:

Only registered members can see post attachments!

Linux Nazi
May 6, 2003

./configure; make; HEIL!

Pillbug

nexxai posted:

Yeah, I have all those settings replicated identically between the two machines, but I'm having 0 luck.

I guess I'll probably just do as sanchez suggests and VPN them temporarily until they can pull those settings down.

Also, start outlook with the /rpcdiag parameter and see if it helps you make sense of the problems.

e: I've also had this issue on new exchange servers when the system attendant service had halted for some unknown reason. Outlook clients will refuse to go "online" when a new profile is configured.

Linux Nazi fucked around with this message at Aug 22, 2011 around 22:14

Linux Nazi
May 6, 2003

./configure; make; HEIL!

Pillbug

madsushi posted:

I had a similar issue where RPC users had to be in the office before their account would work. It was due to an Exchange/Domain Controller issue, where the Exchange proxy service wasn't able to talk to the domain controller to find their user name. When you're local, your PC just goes to the DC directly. I had to add a whole bunch of registry entries to get that communication working again.

Yup! This is actually the exact function that the system attendant (mad.exe) provides. It acts as a proxy for AD requests.

In a healthy environment you shouldn't have to add any extra settings.

Linux Nazi
May 6, 2003

./configure; make; HEIL!

Pillbug

nexxai posted:

I just checked and the System Attendant service is definitely running. Any other suggestions?

Try kicking it over for good measure. Otherwise see what the /rpcdiag comes back with on the client side.

It's worth sorting out the issue, since it's likely to happen again next time you have to provision a remote user's outlook client.



Also see if the remote analyzer tool qualifies you.

https://www.testexchangeconnectivity.com/

e: Check the RPC/HTTP and just have it use autodiscover.

Linux Nazi fucked around with this message at Aug 23, 2011 around 02:02

Linux Nazi
May 6, 2003

./configure; make; HEIL!

Pillbug

nexxai posted:

Ok, so I've got it working - and forwarding the ports had nothing to do with the problem.

Apparently Exchange 2007+ loves talking IPv6 even when IPv6 is disabled. What I did was edit the hosts file on the local Exchange server with the following lines:
code:
10.0.1.65      nrp-cal-exch1.DOMAIN.local
10.0.1.65      nrp-cal-exch1
aka: both the NetBIOS name and FQDN of the server.

As soon as I did that (no reboots or anything were needed), the whole thing started working beautifully! I could even use the "Automatically detect mail settings" rather than using the "Manually configure server settings" in Outlook.

Correct, Exchange 2010 loves talking over IPv6. I'm sure there's a more graceful way of correcting it, but I always just leave IPv6 turned on.

I just woke up so I don't remember the specifics, but with IPv6 disabled you would have likely had some topology error events barking at you in the event logs, followed by a 2080 where it lists the DCs and their characteristics. like:

dc1.domain.local CDG 1 1 7 0 1 7 1
dc2.domain.local CDG 0 0 0 0 0 0 0

Usually some quick google-foo will lead you to the fact that IPv6 should be left on if you investigate the events.

Linux Nazi
May 6, 2003

./configure; make; HEIL!

Pillbug

Use telnet and manually submit a message from the mail server outbound, and vice versa from a remote source.

Bump up the verbosity on the firewall logs and see if it's actively blocking / dropping the connection. If not, then check the ISP.

Depending on the ISP, they may have instituted an opt-out SMTP policy. Some smaller regional providers have started doing this, may be worth it to give them a call and see if it's something they've turned on recently. I've had this happen once with a provider, they had sent the client a notification in the mail something like 60 days in advance, but of course the client didn't know what it said or bother telling me.

Linux Nazi
May 6, 2003

./configure; make; HEIL!

Pillbug

johnnyonetime posted:

Hey guys, my boss want's me to generate a Powershell report on how many e-mails she receives on a day to day basis...

I have googled some stuff but can't really come up with anything.

I have tried Get-MailboxStatistics and GetMessageTrackingReport cmdlets and while they give me good information I can't narrow down just raw received e-mails on a daily basis.

Anyone have ideas?

Pretty sure the EPA will do that.

http://www.microsoft.com/download/e...s.aspx?id=10559

You won't be able to track daily message counts via the shell since I don't think that statistic is kept. And performance counters could possibly be set to see how many messages a mailbox gets per second(?). To get an actual count you will need to use a tool that scans the tracking logs.

Linux Nazi fucked around with this message at Sep 16, 2011 around 15:51

Linux Nazi
May 6, 2003

./configure; make; HEIL!

Pillbug

Mutar posted:

Not sure if this is in the right place or not, but hopefully someone can help me out. I'm trying to see if there is a way to see what iOS version a device connected to Exchange Activesync is at. If possible, I'd like to check a list of maybe 50 users in a quick manner. Is this doable?

For exchange 2010 (not sure on 2007) there is a cmdlet that will output this for you.

Something like:
code:
Get-ActiveSyncDevice|fl identity,name,devicetype,deviceuseragent
Will tell you the name of the device, the type of device, the version of the useragent, and the mailbox that is utilizing the device.
code:
Identity        : domain.local/Users/Test Testington/ExchangeActiveSyncDevices/iPadžApplDLFFL6KDUJHG
Name            : iPadžApplDLFFL6KDUJHG
DeviceType      : iPad
DeviceUserAgent : Apple-iPad2C3/808.8

Linux Nazi fucked around with this message at Sep 20, 2011 around 20:18

Linux Nazi
May 6, 2003

./configure; make; HEIL!

Pillbug

madsushi posted:

I have seen this issue pop up on Exchange 2010, and I am wondering if any of you have seen it or know of a fix.

A user sends an email to say 10 external recipients. 9 of those 10 recipients are valid, but 1 of them isn't. The email goes out to the 9 mailboxes, but the 10th one gets rejected (with say a 4xx or 5xx error) and the entire message goes back in the Exchange queue. A minute later, the email goes out again to the 9 mailboxes, but the 10th one gets rejected. Repeat indefinitely until the 9 working users all get TONS of copies of the email, while the messages is still stuck in my Exchange queue waiting on the 10th person's mailbox to start working.

It seems like Exchange doesn't split the message into 10 different pieces, but rather sends it as one big push and will restart from scratch any time one piece of the push fails.

This isn't typical. The bad recipient should generate an NDR that gets kicked back to the sender and that is it. I've not seen it behave any other way. Even if it is sent to a distro group with external contacts as members, and one of those contacts is bad it should gracefully kick back an NDR to the sender.

I can't imagine a scenario where this would not be the case, unless you are relaying to a smarthost that is re-submitting the messages.

Linux Nazi
May 6, 2003

./configure; make; HEIL!

Pillbug

Drumstick posted:

I have a user that is missing the junk email folder in Outlook, but it is there in OWA. How can I fix this?

Easy answer? Kill the outlook profile entirely and re-create it. If it's there in OWA then it's part of their store, they've just managed to mask it somehow. Re-creating the profile will set most of the settings back to default.

Linux Nazi
May 6, 2003

./configure; make; HEIL!

Pillbug

NinjaPablo posted:

For some reason, the free/busy folder on my 2003 server isn't replicating to my 2010 server. I've created a public folder DB on 2010, and other folders seem to replicate to it fine. I've added the 2010 server as a replication partner for the Schedule+ Free Busy Information folder on the 2003 server, it just never replicates.

On 2010, I keep getting this error in the event log - "Couldn't find an Exchange 2010 or later public folder server with a replica for the free/busy folder: EX:/O=example/OU=example.". The event log on the 2003 server doesn't have any errors.

Have you manually added the replica for the schedule+ free busy on the Exchange 2010 side? Give this KB a look. check your replicas property on the "\NON_IPM_SUBTREE\SCHEDULE+ FREE BUSY" folder to make sure that it includes all of the replica partners you are expecting.

Adbot
ADBOT LOVES YOU

Linux Nazi
May 6, 2003

./configure; make; HEIL!

Pillbug

Mithra6 posted:

My brain is playing tricks with me. I have a client with about 45 users, but a bunch of generic e-mail addresses. I only need CALs for the actual users accessing the server right?

1 CAL per mailbox. If the mailbox as 20 e-mail domains attached to it, it is still only 1 CAL.



e: If in doubt go run the organizational summary in the management console and it will give you an exact count of CALs that you require.

Linux Nazi fucked around with this message at Sep 28, 2011 around 17:53

  • 1
  • 2
  • 3
  • 4
  • 5
  • Post
  • Reply
«4 »