We have IT administrators who are members of the receipient management role in Exchange 2010 and they are also Domain Admins. These folks can create users, distribution groups, etc. but when they try to add members to mail enabled security groups using the EMC, they get an error "A parameter cannot be found that matches parameter name 'BypassSecurityGroupManagerCheck'
They do not get this error if I add them to the "Organization Management" role but that is a lot of authority to give folks who simply manage mailboxes for the company.
Have I found a bug in the EMC? If I issue the underlying command using Powershell and leave off the parameter 'BypassSecurityGroupManagerCheck', then they are able to add the users to the group without any problem. This is a fine workaround but these folks are not at the knowledge level where they can use Powershell on a daily basis so I would rather they use the EMC.
↧
Distribution group permissions?
↧
Moving exchange to a different network
Here is the deal. We are currently moving exchange 2010 servers to a different network so once moved, we are setting new IP's and obviously they will live on a different vlan/subnet but same domain. We have 6 servers that are in a DAG. We failed over 3 of the servers. We moved our 1st exchange server, changed the network settings. It's on the domain and accessible. I can ping the other exchange servers and all that.
I'm having problems with getting the exchange services going. Some services are dependent on others so the big thing is I'm getting errors for the Exchange AD Topology service and some other services are either stuck starting or not running. Here are some errors I'm receiving:
Process MSEXCHANGEADTOPOLOGYSERVICE.EXE (PID=1480). Topology discovery failed, error 0x8007077f.
Unable to initialize the Microsoft Exchange Information Store service. - Error 0xfaf.
It's pointing to the correct DC. Any suggestions on this? Could this be a firewall issue?
Thanks
↧
↧
Unroutable Address from only one External Customer
Hi,
I have an external customer whom when they email us receive an "Unroutable Address" bounce back message.
We can email them and they receive it and it is only them, any other customer whom emails us or if i test from my gmail address we receive it with out issue.
Any ideas of whats causing this?
Thanks,
Marcus
↧
Mail Submission Queue - Emails Stuck
Hi All,
Having an issue with exchange 2010 SP3 RU11 running on 2008R2 Server (Updated after issue started to try rule out).
Issue has only started in the last 3weeks however everything i have tried leads back to the same problems.
Emails will sit in the Mail Submission Queue and not send out, when this happens we need to run a suspend command and then stop the transport service/delete Queue and restart service, re-importing all the extracted .eml files into the pickup folder.
The server was previously on migrated from an 2003 server however it has been running on the 2008 R2 server for the last 18months.
Things tried:
Removed Anti-Virus from Server (in case interfering).
Followed Above website to remove Previous DC which has allowed me to upgrade to SP3 on the exchange; previously would fail stating the Global Catalog did not match on machines (one has been offline for years).
Moved the mail queue to a new virtual HDD (on different disk host).
Originally had been getting spam however added to mail filter (GFI MaxMail) which has resolved spam; have also had virus scans run on the local network, no issues found however two email accounts had been shown to be sending spam (disabled those accounts and spam has stopped).
Recreated Send/Receive Connectors and re-applied Certificate to exchange server.
Users have been getting issues/bouncebacks due to TNEF Corruption which i believe is involved, have sent some emails as plain text and allows sending.
Properties of some of the Stuck Emails below
SCL: 0
Date Received: 3/12/2015 1:35:44 PM
Expiration Time: 5/12/2015 1:35:44 PM
Last Error:
Queue ID: SVR-EX01\Submission
Recipients: User@Domain.com;2;3;;0;CN=Mailbox Database 12345678,CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=First Organization,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Domain,DC=local
(Same Email but in Suspended State).
SCL: 0Date Received: 3/12/2015 1:35:44 PM
Expiration Time: 5/12/2015 1:35:44 PM
Queue ID: SVR-EX01\Submission
Recipients: User@Domain.com;2;0;;0;
Another full Stuck email below, however this one has the routing group involved, which i dont understand why as i cannot find any reference to a routing group installed on the server. When running 'Get-RoutingGroupConnector' i receive nothing back.
I have read Exchange 2010 creates a default routing group with the same ID when creating the first Hub Transport Role.
Identity: SVR-EX01\Submission\99Subject: Workflow Email
Internet Message ID: <b0bf9379-aa51-42ad-8db9-43bfdc479b73@SVR-EX01.domain.local>
From Address: user2@domain.com
Status: Active
Size (KB): 217
Message Source Name: SMTP:Printers (This is a Anonymous SMTP Receive Connector used for Printers).
Source IP: 192.168.0.243
SCL: 0
Date Received: 3/12/2015 2:11:04 PM
Expiration Time: 5/12/2015 2:11:04 PM
Last Error:
Queue ID: SVR-EX01\Submission
Recipients: Random@Email.com;2;2;;0;CN=SendConnector,CN=Connections,CN=Exchange Routing Group (DWBGZMFD01QNBJR),CN=Routing Groups,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=First Organization,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=domain,DC=local user2@domain.com;2;3;;0;CN=Mailbox Database 12345678,CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=First Organization,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=domain,DC=local
I am by no means an expert on Exchange and it could be the above is all quite normal; however have run out of options and research.
Any information would be greatly appreciated.
Thanks.
↧
Questions about routing email
Currently, all Exchange servers are 2010 SP3 with rollup 11. on 2008R2 SP1. We have two at our main office, say a cluster name of Jx. Existing remote sites Vsb and EWV adding a 3rd, Bel.
I created a send connector of address space * with Route mail through the following smart hosts set to my mail server cluster name at Jx.
Vsb, EWV, and JX can all see each other. Bel can only see Jx. I think it would be trivial to add routes for Bel to see Vsb & EWV, but I've been told no.
From the new server Bel, I can email back and forth with my outside accounts, and email from there to and from our Jx site works also, but emails from Bel to users on Vsb & EWV get hung in the queue with the error: 451 4.4 0 primary target ip address responded with 421 4.2.1 unable to connect. Attempted failover to alternate host, but that did not succeed. Either there are no hosts, or delivery failed to all alternate hosts.
Is there a way to do this so all mail from Bel to Vsb & EWV is routed through Jx without creating routes for Bel to see the other two sites?
↧
↧
Event ID: 12018 - There is no valid SMTP Transport Layer Security (TLS) certificate for the FQDN
Please can someone help me rectify this issue, I'm currently seeing lots of these on our Exchange server, the event log advises to create a new certificate by using the New-ExchangeCertificate task. With regards to creating a new certificate, will this create a self generated SSL certificate or will I need to obtain an SSL certificate from a certificate provider? How do I check what SSL certificates we're currently using? How do you access and run the New-ExchangeCertificate task on the server?
Kind regards,
RocknRollTim
↧
Outlook 2007 Error can't connect to Exchange error 80004005-501-FFFFF9BF-940
Please help. We have a client that has Exchange 2010 with all the updates. This user has a desktop and an old laptop. both connect fine. We setup an new Win7Pro laptop when we connect it to the Exchange server we get the following error:
23:52:06 Synchronizer Version 12.0.6672
23:52:06 Synchronizing Mailbox '%username%'
23:52:06 Synchronizing Hierarchy
23:52:06 8 folder(s) updated in online store
23:52:06 Terminated in error
23:52:06 [80004005-501-FFFFF9BF-940]
23:52:06 The client operation failed.
23:52:06 Microsoft Exchange Information Store
We have tried removing the .ost. Does the same thing. Tried turning off cached mode then we get the folders but a lot of them multiply!?! And not all the folders are up to date either!?! We did a fresh install and tried again. Same thing. We have even tried on an different laptop. Same thing. It still works fine on the other two devices. On top of that we can't send or receive mail at all. We have looked all over the web and can't find this exact error or any solution. Thanks in advance.
Dave A.
↧
Message tracking and log check at exchange 2010
How can i check the send/receive e-mail from edge server?
↧
Setting up Exchange 2010 Impersonation for a group
I have an CRM router that needs a mailbox to impersonate several mailboxes. I do not want to give the mailbox in question impersonation rights to the entire store, but only to mailboxes in a specific AD group.
I am a novice at powershell and I want to make sure I've got the powershell commands correct.
AD group =Rock
By researching I've believe I need to create a New-Management scope and restrict it to the AD group Rock with the command:
New-ManagementScope -Name "RockManagementScope" -RecipientRestrictionFilter {MemberofGroup -eq "Rock"}
Now I can use this scope during the assignment of the ImpersonationRole:
New-ManagementRoleAssignment -Name:"RockImpersonation"
-User: userallowedtoimpersonate@myorg.gov -Role "Applicationimpersonation"
-CustomRecipientWriteScope: "RockManagementScope"
Am I correct this should allow the userallowedtoimpersonate@myorg.gov to ONLY impersonate a mailbox that owner is in the AD group Rock?
Thanks.
↧
↧
Need to export large 30GB public folder to PST as a backup
I know how to do it but I was wondering if that can be done in one night? Not sure the rate at which it exports. Anyone know?
↧
multiple MRM policies
Hi,
In case of multiple MRM policies in exchange 2010, which policy is applied as default?
Thanks
SMF
↧
IIS 8.5 fails to create Exchange 2010 sp3 powershell Virtual Directory
The issue is the vd for exchange 2010 powershell default web site has been removed but will not allow recreation.
I have a single exchange 2010 sp3 server running on latest windows 2012 r2 and has been for months until the local admin deleted the Exchange configuration object out of AD using ADSI. There are no system states for the 2 windows 2012 r2 dc's.
ALso, have recently installed a exchange 2013 sp1 cu10 to the same orgngle server ( No DAG) into the same Exchange org. with the same account used to recreated exchange 2010.
Note: WHen i reinstalled exchange 2010 sp3 from the deletion, it had powershell vd and they worked just fine. The next day they stopped working, thus remove /recreating powershellvirtualdirectory.
Actions:
I have uninstalled/reinstalled IIS,WAS, Exchange cas role
Rerun all preqrequsites scripts to make sure all was installed correctly, installed filter packs, umca.
I still can not create the 'PowerShell ( Default Web Site)' under the default or any other website.
I can create the site 'PowerShell ( Default Web Site) (Default Web Site)' and of course that doesnt work, although i will tell you when I create the latter. The MSExchangePowerShellapppool is created and has the correct perms.
I have removed all the history apphost.config files, removed all mention of powershell from the current apphost.config,
ran IISreset /noforce, restarted web sites and pools and rechked before run the one liner below.
'New-PowerShellVirtualDirectory -name 'PowerShell' -requiressl:$false -verbose -debug"
with the following results:
PS C:\Windows\system32> New-PowerShellVirtualDirectory -Name "PowerShell" -RequireSSL:$false -Verbose
VERBOSE: [17:30:31.719 GMT] New-PowerShellVirtualDirectory : Active Directory session settings for
'New-PowerShellVirtualDirectory' are: View Entire Forest: 'True',
VERBOSE: [17:30:31.735 GMT] New-PowerShellVirtualDirectory : Runspace context: Executing user:
lgsco.com/Users/Administrator, Executing user organization: , Current organization: , RBAC-enabled: Disabled.
VERBOSE: [17:30:31.735 GMT] New-PowerShellVirtualDirectory : Beginning processing New-PowerShellVirtualDirectory
VERBOSE: [17:30:31.735 GMT] New-PowerShellVirtualDirectory : Instantiating handler with index 0 for cmdlet extension
agent "Admin Audit Log Agent".
VERBOSE: [17:30:31.735 GMT] New-PowerShellVirtualDirectory : Current ScopeSet is: { Recipient Read Scope: {{, }},
Recipient Write Scopes: {{, }}, Configuration Read Scope: {{, }}, Configuration Write Scope(s): {{, }, }, Exclusive
Recipient Scope(s): {}, Exclusive Configuration Scope(s): {} }
VERBOSE: [17:30:31.750 GMT] New-PowerShellVirtualDirectory : Searching objects "lgs41.lgsco.com" of type "Server" under
the root "$null".
VERBOSE: [17:30:31.766 GMT] New-PowerShellVirtualDirectory : Previous operation run on domain controller
'LGS3a.lgsco.com'.
VERBOSE: [17:30:31.766 GMT] New-PowerShellVirtualDirectory : Processing object "LGS41\PowerShell".
VERBOSE: [17:30:33.641 GMT] New-PowerShellVirtualDirectory : Admin Audit Log: Entered Handler:Validate.
VERBOSE: Creating the Windows PowerShell virtual directory "PowerShell" on the server "lgs41.lgsco.com".
VERBOSE: [17:30:33.641 GMT] New-PowerShellVirtualDirectory : Resolved current organization: .
VERBOSE: [17:30:41.391 GMT] New-PowerShellVirtualDirectory : Admin Audit Log: Entered Handler:OnComplete.
New-PowerShellVirtualDirectory : An error occurred while creating the IIS virtual directory
'IIS://LGS41.lgsco.com/W3SVC/1/ROOT/PowerShell' on 'LGS41'.
At line:1 char:1
+ New-PowerShellVirtualDirectory -Name "PowerShell" -RequireSSL:$false -Verbose
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (LGS41\PowerShell (Default Web Site):ADObjectId) [New-PowerShellVirtua
lDirectory], InvalidOperationException
+ FullyQualifiedErrorId : 90FFFCD3,Microsoft.Exchange.Management.SystemConfigurationTasks.NewPowerShellVirtualDire
ctory
VERBOSE: [17:30:41.407 GMT] New-PowerShellVirtualDirectory : Ending processing New-PowerShellVirtualDirectory
I can not figure it out..
If there is more info needed let me know, I will provide it.
I am hoping for help from senior members of the community.
↧
Change CAS Array Site
I have a question about the CAS Array's "Site" property in Exchange Server 2010.
I have a 3 node DAG that spans 3 different Active Directory Sites.
i.e. one exchange 2010 server per AD site.
But there is only one CAS Array object that was created in the first Active Directory site.
What is the impact of changing the Site property of the CAS Array ?
i.e. If i issue the command :
Set-ClientAccessArray -Identity "ArrayName" -Site "SiteB"
My understanding is that it will adjust the membership of the CAS array to include all Exchange servers in SiteB.
But is there any other impact on the end users ?
Ex: will Outlook 2010 users need to repair their outlook profiles or need to close and re-start outlook ?
-Nadim
I have a 3 node DAG that spans 3 different Active Directory Sites.
i.e. one exchange 2010 server per AD site.
But there is only one CAS Array object that was created in the first Active Directory site.
What is the impact of changing the Site property of the CAS Array ?
i.e. If i issue the command :
Set-ClientAccessArray -Identity "ArrayName" -Site "SiteB"
My understanding is that it will adjust the membership of the CAS array to include all Exchange servers in SiteB.
But is there any other impact on the end users ?
Ex: will Outlook 2010 users need to repair their outlook profiles or need to close and re-start outlook ?
-Nadim
↧
↧
New Local Move Request Stuck at 0% as queued
Hi I tried to move users to a new database in Exchange 2010, but has not migrated to try and restart the service and not MSExchangeMailboxReplication are migrating
↧
.local and .com mixup
Server Standard 2008 R2
Exchange Standard 2010
About 6 months ago I had to renew the SSL cert for our exchange server. Before renewing the cert, the SSL cert name was using the localdomain.local domain name. The SSL cert issuer has changed that and now the SSL cert is using publicdomain.com. The cert issuer gave me instructions on how to go from .local to .com and so far everything is working fine. Recently, I tested the server using telnet and saw that it is using the .local name.
220 EXCHANGE.domain.local Microsoft ESMTP MAIL Service ready
helo mail.domain.com
250 EXCHANGE.domain.local Hello [x.x.x.x]How can I fix this?
Thank you.
↧
Outlook 2010 Hangs Copying offline address book template file only on Windows 10
We have a problem with our Windows 10 installations and Outlook 2010 on Exchange 2010.
Outlook always hangs copying the offline address book template file. This problem does not occur on the same account in Windows 7 or 8.1
I have tried renaming the Offline Address Books folder, removed the ~ files, created a new profile and disabled any firewall/anti-virus
There is no wireless devices, read about a strange one with a broken wireless mouse driver.
Is there anything else that might be causing this only in Windows 10?
↧
Exchange 2010 with Lync Only now needs Email Setup
Hi Guys,
I have an existing MS Exchange but it is being used only for Lync purposes, now the company has a direction to enable email use for internal and external use, which is a hosted service in the past. How do I go on with doing so?
Thank you for your response.
Cheers!
Bryann
↧
↧
one user email is not reaching to external domain exchange 2010
Hi,
In our exchange server 2010, only one user emails are not reaching to external domains like yahoo, hotmail, gmail etc but he can receive emails from clients and other domains as well and this problem came couple of days ago. Internal email (send, receive) working fine from him. All other employees emails are working fine without any problem. i checked message delivery restrictions, anti spam filter etc for specific user in exchange but no solution.
Kindly help me if anyone face this type of problem before or have an idea about solution.
Thanks.
Osama Aftab.
↧
Empty window in Message Tracking (Delivery Reports)
Hi, i replaced my 2 Exchange servers to new hardware, and now i cannot perform Message Tracking in ECP.
When i open delivery reports in ECP i can choose "Mailbox to search", but i cannot choose a user in "Search for messages sent to OR received from", i get empty window with signature "Bad request". What is the problem, can somebody help me with that?
↧
Delete emails on User's Deleted Items folder via Exchange shell
Hi, Guys.
Need your assistance on how to delete emails on User's deleted items folder via Exchange shell.
In Outlook/OWA, we couldn't delete the emails in user's Deleted Items folder and give us an error as per below:
+++
Some items can't be deleted. They were either moved or already deleted, or access was denied.
+++
Thank you.
↧