Bug revealed in Dynamic Distribution Groups on Exchange 2007
I have been lately involved in a question on Experts-Exchange that turned into a very interesting adventure that led me to discover a bug in the Dynamic Distribution Groups on Exchange 2007.
I have tested the below on Exchange 2007 SP2 rollup 2 and the bug was still there, however I need to mention that tests also proved it was solved on Exchange 2010.
The Setup
First let me give you a very brief idea about the setup, for the lab I have setup an EBS server and created 2 mailboxes on it "John Doe" and "Jane Jackson".
Running Get-Recipient shows the 3 mailboxes in this organization
Taking a look at Active Directory Users and Computers also reveals that "John Doe" and "Jane Jackson" are located in the TestOu, the Administrator is located in the Users containter
The Plot
Allow relaying on Exchange 2007 & Exchange 2010 in 4 easy steps
I have this application/website that needs to send emails, I have it configured to use our exchange server as SMTP. It can send emails to internal users however external ones are failing with a "550 5.7.1 Unable to relay" error
I have been answering this question, under different forms, so often on Experts Exchange lately that I have it copied on a notepad and end up by pasting it again every now and then.
First a mail server should be configure to unconditionally (not talking about spam/viruses here) accept emails sent to users in the smtp domains it serves. However it should be careful about who gets to send emails to other smtp domains using its services, that's what is called relaying.
This should explain why, in the above scenario, emails sent to internal users but not to external one. So for your application to be able to send external emails you should allow it (or its IP address) to relay emails through your exchange server and here is how to do it in Exchange 2007 and Exchange 2010.
Installing your first Exchange 2010 CAS – Part 2
A few days back I have talked about Installing your first Exchange 2010 Client Access Server when migrating from Exchange 2003 to Exchange 2010. Today I will discuss the requirements of installing your first Exchange 2010 CAS if migrating from Exchange 2007.
First we have to agree that that an Exchange 2010 CAS cannot communicate directly with an Exchange 2007 mailbox servers, so Exchange 2007 CAS are still required.
We will need to differentiate 2 scenarios when mixing Exchange 2007 & Exchange 2010 CAS
Exchange 2010 CAS and Exchange 2007 CAS in the same Active Directory Site
The first Exchange 2010 CAS server should be installed in your internet facing site, and it should be the first server people are directed to when they try to access your organization from the internet using, say, https://webmail.yourdomain.com/owa
Since Exchange 2010 Client Access Server cannot proxy the requests to an Exchange 2007 CAS server in the same active directory site, when the request reaches the 2010 CAS it will query Active Directory for the mailbox server of the user, if that mailbox is located on an Exchange 2007 mailbox server in the same Active Directory site the CAS will look for the ExternalURL & InternalURL parameter of that CAS server.
26 things I shouldn’t forget about Exchange 2010 DAG, nor should you!
I am currently involved in planning and designing a couple of site resilient Microsoft Exchange 2010 clusters so I have been reviewing my notes and here is one I would like to share with you.
In short it is the summary of an 11 pages long technet document in 26 points I had previously highlighted on papers.
Installing your first Exchange 2010 CAS or the truth about Exchange2003Url – Part 1
The Exchange2003Url is a new parameter in the Set-OwaVirtualDirectory cmdlet on Exchange 2010. Although Microsoft documentation clearly states that "The Exchange2003Url parameter specifies the Outlook Web App URL for Exchange 2003 mailboxes." It is all over the net that this parameter is also used to redirect requests to Exchange 2007 mailboxes!
I have no idea where this idea is coming from but I can assure you that is not the case.
Upgrading from Exchange 2003 to Exchange 2010
If you are upgrading from exchange 2003 you should know that an Exchange 2010 CAS cannot communicate directly with an Exchange 2003 mailbox. Thus you will need to publish at least 2 URLs one for your Exchange 2010 CAS and one for you Exchange 2003 Back End server or Front End server.
We will assume that https://owa.yourdomain.com/owa will point you to your exchange 2010 CAS server and https://ex2k3.yourdomain.com/exchange will give you access to your exchange 2003 back end or front end server.
By running, on your Exchange 2010 server,
5 things to consider when changing the IP of an Exchange server
We are all faced, from time to time, with the need to change the IP address of our Microsoft Exchange server.
There is no hard relation between the operation of your Exchange server and its IP address thus changing the latter will not break your system.
In short this operation can be considered as safe however it requires a certain level of planning and considerations. I will try to cover in this article the various things you should think about before and after actually changing the IP of your server.
Managing spaces in AddReplicaToPFRecursive.ps1 script
If you are familiar with Microsoft Exchange 2007 you already know about the AddReplicaToPFRecursive.ps1 script that can be found in the "X:\Program Files\Microsoft\Exchange Server\Scripts", however this script has a bug it doesn't look to support public folders which names contains spaces.
It is quite common to enclose parameters that contains spaces with "quotations" but that doesn't work here.
If you simply try to use the following it will fail.
AddReplicatoPFRecursive.ps1 -TopPublicFolder “\PublicFolder with space” -ServerToAdd “servername”
The solution turned out to be to use single quotes inside the double quotes so it should be something like
AddReplicatoPFRecursive.ps1 -TopPublicFolder “'\PublicFolder with space'” -ServerToAdd “servername”
That's really weird and not standard but it works !
Cannot move mailboxes: INSUFF_ACCESS_RIGHTS error
When moving mailboxes from Exchange 2003 to Exchange 2007 or Exchaneg 2010 either from Exchange Management Console or Powershell using the move-mailbox or new-moverequest cmdlets the move operation might fail with the following error.
Active Directory operation failed on server.domain.com. This error is not retriable. Additional information:
Insufficient access rights to perform the operation.
Active directory response: 00002098: SecErr: DSID-03150A45, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
+ CategoryInfo : NotSpecified: (0:Int32) [New-MoveRequest], ADOperationException
+ FullyQualifiedErrorId : 6C39B6E8,Microsoft.Exchange.Management.RecipientTasks.NewMoveRequest
At first sight it looks like the user initiating the move mailbox doesn't have enough rights to perform this operation, however that user can move other mailboxes just fine.
Here is how to solve the issue
Managing certificates in Exchange 2010
If you are familiar with Exchange 2010 and trying to install Exchange 2010 for the first time you should have already noticed that the powershell cmdlets used to request and install certificates in Exchange 2007 no longer work in Exchange 2010.
For instance running
New-ExchangeCertificate -GenerateRequest -domainname mail.contoso.msft,autodiscover.contoso.msft,myserver,myserver.internal.contoso.msft -FriendlyName mail.contoso.msft -privatekeyexportable:$true -path c:\cert_myserver.txt
will fail with the following error
A positional parameter cannot be found that accepts argument ‘-Path’.
+ CategoryInfo : InvalidArgument: (:) [New-ExchangeCertificate], ParameterBindingException
+ FullyQualifiedErrorId : PositionalParameterNotFound,New-ExchangeCertificate
and running
Import-ExchangeCertificate -path "c:\CertNew.cer"
will also fail with the same error
A positional parameter cannot be found that accepts argument '-path'.
+ CategoryInfo : InvalidArgument: (:) [Import-ExchangeCertificate], ParameterBindingException
+ FullyQualifiedErrorId : PositionalParameterNotFound,Import-ExchangeCertificate
So here are the commands you should use for Exchange 2010
Solved: Setup Exchange 2007 SP1 CCR passive node fails
When installing Exchange 2007 SP1 in Cluster Continuous Replication (CCR) configuration. The setup of the passive node fails with the following error:
"This is not a passive node. A clustered mailbox server represented by the cluster resource group [clustername] was found on this node."
I've found out that the reason for the problem is that upon finishing the Exchange Cluster installation on the active node the setup will ask you for a restart. Restarting the machine will cause the Windows cluster to failover to the passive node to be and thus causing the Exchange installation to fail on that node.
To solve this problem make sure to move back the cluster resources to the active node and re-run the Exchange 2007 SP1 installation on passive node.
This solution was tested on Microsoft Windows 2008 and Microsoft Exchange 2007 SP1