Archive

Archive for the ‘Exchange 2003’ Category

Unable to Update Your Free/Busy Information – Outlook 2003\2007 – Exchange 2003

August 7, 2008 Leave a comment

I have had numerous complaints about users having problems either seeing other users’ Free/Busy information, having problems updating their Delegation settings and\or users’ having difficulty Accepting a meeting request on behalf of another user.  (Awarded by way of Delegated rights).  There are a varying degree of error messages, such as: “Unable to update your free/busy information” or “The Delegates settings were not saved correctly”, etc.  This has been an ongoing issue, that I believe we have made progress on understanding.

I always give props, when props are due, so I wanted to mention a great article I found that was written by JD Wade.  The article can be found here: Free/Busy Article.

How Free/Busy works: Free/Busy information is stored in a dedicated system folder called SCHEDULE+FREE BUSY on the Public Folder Server. This folder contains a separate sub-folder for each Exchange administrative group. When a user publishes his Free/Busy data, Exchange posts this information in a message in the appropriate sub-folder that now functions in a manner similar to the offline address book folders.  A hidden message is also added into the actual Exchange Mailbox to keep track of the Free/Busy data.  Every time a user receives a meeting or calendar request, this message gets updated.   If that file becomes corrupt, any subsequent files are also corrupt.  Deleting the Free/Busy message off of the Public Folder server should force the removal of the hidden message in the Exchange mailbox.

For initial troubleshooting of Free/Busy issues you can try one of 2 things:
1.  Run the /cleanfreebusy switch againt Outlook Profile
2.  Manually remove the user’s Free/Busy folder

More advanced Fix attempts are:

You can also use the MAPI Editor Tool to manually delete the Free/Busy message off of the server.  You will need to create an Outlook profile for the mailbox you want to repair:

1.  Choose Session and Logon and Display Store Table
2.  Choose the Outlook profile you created
3.  Double click the Instance that starts with “Mailbox -”
4.  Expand Root – Mailbox
5.  Click on IPM_SUBTREE
6.  In the right window, if there is a property name of PR_FREEBUSY_ENTRYIDS, right click on it and choose Delete Property (if it exists here…it may not)
7.  Expand IPM_SUBTREE
8.  Click on Inbox
9.  In the right window, if there is a property name of PR_FREEBUSY_ENTRYIDS, right click on it and choose Delete Property
10.  Exit out of MAPI Editor.
11.  Re-run the /cleanfreebusy on the mailbox.

Here is the hidden message in Exchange Mailbox:

image

Here is the Free/Busy Message on the Public Folder Server.  Each user mailbox is represented by ExchangeLegacyDN attribute, which is highlighted below.

image

image

Categories: Exchange 2003

How to determine who is an Exchange Delegate or Delegate OF a mailbox (publicdelegates or publicdelegatesBL)

June 10, 2008 Leave a comment

In Exchange 5.5, 2000, 2003, or 2007 there many instances where a user has defined a delegate to their mailbox.  This is due to many reasons, such as Secretary or Assistant permissions for Calendaring, Inbox, Task and Journaling management.  There is a whole plethora of reason to do it.  However, along with it comes lots of potential issues.  We’ll get to those later.

From within Outlook, Select Tools –> Options –> Delegates.   From this panel you can add Delegates as desired.  However, the Outlook client is the only way for a non-administrator to know any Delegates are in fact assigned.

image

You can however, poll Active Directory by using custom scripts or via ADSIedit and attain the Delegate settings.  There are two attributes in AD that hold this information.

  • publicDelegates – This attribute stores the user that was configured as a Delegate.  (Who is a Delegate of my mailbox)
  • publicDelegatesBL – This attribute stores which mailbox this user is a Delegate of. (What mailbox am I a Delegate of)

    In your custom script, be sure to adjust to multi-string values, just in case someone is a Delegate on multiple mailboxes.

    Such as:

    If IsArray(oUser.publicdelegates) Then
                    Wscript.Echo "Delegates of this mailbox:————- "
            For Each Value In oUser.publicdelegates
                wscript.echo "                           " & Value
            Next
    else
                    Wscript.Echo "Delegates of this mailbox:————- " & oUser.publicdelegates
    end if

    If IsArray(oUser.publicdelegatesBL) Then
                    Wscript.Echo ": They are a Delegates of (BL):— "
            For Each Value In oUser.publicdelegatesBL
                    Wscript.Echo "                           " & Value
            Next
    else
                    Wscript.Echo "They are a Delegates of (BL):— " & oUser.publicdelegatesBL
    end if

    ===============================================================================

    Now on to potential problems.  Here is a Scenario: If a user is a Delegate or has a Delegate assigned, and they have been set to "Receive a copy of the meeting request or message".  One of the Delegates accounts is then deleted or removed from Exchange.   The Delegate is still listed on one of the mailboxes.  If a message or meeting request is sent or accepted a NDR could be generated.  The error will look similar to: "Your message did not reach some or all of the intended recipients." or "You do not have permission to send to this recipient.  For assistance, contact your system administrator ".  The reason why is when an individual is added as a Delegate a hidden rule is assigned to the mailbox.   When a Delegated user account is deleted, they can become orphaned.

    Several things to look at are the two attributes above and determine if one of the entries is stale.  The other option is a Microsoft Provided tool called MFCMAPI which can be found here along with instructions.  http://support.microsoft.com/kb/924297.  In my experiences, the easiest tactic is to add the Delegates back and then remove them.  This often toggles the attribute and removes the orphaned or problematic account.

    Happy Hunting.

    image

  • Categories: Exchange 2003

    IIS 6.0\Event 1062 and Server Unavailable Errors

    November 26, 2007 Leave a comment

     

    Within our IIS\OWA Front-End server configuration, we have 8 IIS virtuals that are defined for various types of applications.  The Exchange apps, OWA, OMA, etc are still running ASP.Net 1.1, whereas a homebrew Mailbox reporting app requires ASP.Net 2.0.  The applications were originally configured to run within the same IIS App Pool.  Although it worked, we frequently began seeing errors with "Server Application Unavailable".  The ultimate fix was an IISReset or boot of the server. 

    We later discovered from the Event logs, Event 1062 which states, "It is not possible to run two different versions of ASP.NET in the same IIS process. Please use the IIS Administration Tool to reconfigure your server to run the application in a separate process."

    You cannot run more than one version of the framework in the same application pool in IIS6:
    While multiple versions of the framework can co-exist on the same server, they can’t co-exist in the same process.  This was not the case with IIS5.0.  If you attempt to run multiple versions of the framework at the same time in the same process, the 2nd version that tries to run will fail with the following error:

    "Server Application Unavailable "

    What to do:
    Fortunately, the solution is easy enough.  Simply create a new application pool and move the site that you will be upgrading to that pool.  You can even base it off of the configuration of the existing one if you don’t have the password memorized.  During the new Application Pool creation, select the previous App Pool as a template and select create.  One caveat is you may have to stop and start the IIS service.  An IISRESET is performed after the change.  Be sure to check the event logs for an additional errors.

    Ed M.

    Categories: Exchange 2003

    How to configure Forms Based Authentication for Outlook Web Access and Exchange 2003

    November 14, 2007 Leave a comment
    1. From Exchange System Manager.    Right click on the Exchange Virtual, under Protocols and select Properties.  
    2. Check the box to Enable forms Based Authentication.  Hit Apply and OK.

    Note: I am assuming you have already installed a certificate on the default website with a properly formed DNS name, such as Webmail.edm-users.com and have configured your DNS with a HOST (A) record and a properly assigned IP address.

    1. Launch IIS Manager.
    2. From within IIS Manager, right click on the Default Website and select Properties.
    3. Click Advanced and then select Add under the SSL portion. 

    clip_image014 image

    Specify the IP address and add port 443.  Hit OK twice. 

    Click the Directory Security tab and select the Edit on the Authentication section.

    image   clip_image018

    Select Enable Anonymous and select Basic Authentication.   Specify your default domain.

    Configure your Re-Director:

    We now need to setup a redirector.  From within IIS Manager, Select the Default Web Site, right click on the IISSTART.htm file and select Properties.  

    clip_image020

    Select "A redirection to a URL".   Add HTTPS://Yourdomain.com/exchange, such as:  https://webmail.edm-users.com/exchange (Example)   Hit Apply and OK.

    clip_image022

    Verify Your Exchange virtual settings

    Within IIS Manager:  Expand the default website, Select the Exchange Virtual and select properties. Verify these settings.

    clip_image024   clip_image026

     

    Verify your SSL Certificate.

    clip_image028

    Launch Webmail.edm-users.com……you should now get a forms based authentication splash page.

    image

    image

    Categories: Exchange 2003

    Can’t Access Public Folders from Outlook Web Access 2003 – 503 Service Unavailable Errors?

    November 7, 2007 Leave a comment

    From Outlook Web Access, our Public Folders began showing 503 Service Unavailable errors unexpectedly.  Public Folders were working fine from Outlook MAPI connections, but not from any IIS Exchange\Public virtual dependent services.  The end cause ended up being a Front-end server in one of our sister campuses (domains) that had installed a new Exchange server and did not remove the Public Folder service and database.  In fact, they dismounted the PF virtual which complicated the matter further.  Read this article, which explains considerations of a Front-end\Back-end Topology. 

    "A public folder store should never be mounted, or present (even in a dismounted state) on the front-end server."

    Rebooting the Public Folder or Front-end servers did not resolve the issue.  When Exchange 2003 servers are restarted and Exchange services become online (System Attendant specifically), Exchange reads information out of Active Directory and the Configuration Container.  When Exchange started on our servers they saw the new Public Folder server and began sending all Public Folder proxy requests to the offlined server.  From ADSIEDIT (Support Tools), view your Configuration information regarding your Public Folder Hierarchy.  Select Public Folders and select Properties.  Select the attribute called msExchOwningPFTreeBL and select edit.   The first server in our list was the Front-end Exchange server with the dismounted PF store.  Our first fix was to remove the offlined server from this list and remove the PF store from the Front-end server.  You must reboot your OWA servers to remove the AD information from cache. 

    One note of warning , if you have installed Service Pack 2 for Exchange 2003 on a Front-end server with a Public Folder database still present, it is nearly impossible to remove it.  The best course of action is to delete it manually from the Configuration container via ADSIEDIT.

    Ed M.

     

     

    Categories: Exchange 2003

    Exchange 2003\Windows 2003 Server- /ForestPrep fails on existing domain?

    November 7, 2007 Leave a comment

    I had an existing test domain with Exchange 2003 installed and configured.  I decided to uninstall Exchange and re-install due to some configuration issues.  However, since this was the only Exchange server in the domain, uninstalling Exchange meant I was removing the last Exchange server from the forest.  This caused several problems.  The main issue was the orphaned Exchange objects that were left in Active Directory.  When I tried to re-install Exchange or perform a /ForestPrep I received this error:

    "The component "Microsoft Exchange Forest Preparation" cannot be assigned the action "Forestprep" because to install the first Exchange server in a domain, or to run setup in "/ForestPrep" mode, you must be an Exchange Full Administrator at the organization level. You must use an account that has been granted the Full Exchange Administrator role on the Exchange organization using the Exchange Administrative Delegation Wizard. "

    If you look in your Exchange Server Setup Progress Log, you will see the above error with ID:64283

    After digging in AD and ensuring I was using a valid credential I found a KB article with the fix.  KB Article Here  (Be sure you are using a credential that is a Enterprise\Domain\Schema Admin to perform the /ForestPrep.  It must be ran on a Domain Controller.)

    CAUSE

    This issue may occur if the setup /forestprep command fails shortly after it creates the GUID org container and before it creates the related global containers, and Exchange 2003 does not have permission to the GUID org container.

    WORKAROUND

    To work around this issue, manually delete the GUID org container and the heuristics attribute by using the ADSI Edit snap-in, and then run the Exchange 2003 Setup /forestprep command again. The ADSI Edit snap-in is included in the Microsoft Windows Server 2003 Support Tools. To manually delete the GUID org container and the heuristics attribute by using the ADSI Edit snap-in, follow these steps.

    Start the ADSI Edit snap-in. To do this, click Start, click Run, type adsiedit.msc in the Open box, and then click OK.

    1. Locate the CN=Configuration,CN=Services,CN=Microsoft Exchange,CN={335A1087-5131-4D45-BE3E-3C6C7F76F5EC} container.
    2. Note The CN={335A1087-5131-4D45-BE3E-3C6C7F76F5EC} container may also appear as CN=First Organization. (In my case, this was my Organization Name)
    3. Right-click the CN={335A1087-5131-4D45-BE3E-3C6C7F76F5EC} container, and then click Delete.
    4. Right-click the CN=Microsoft Exchange container, and then click Properties.
    5. On the Attribute Editor tab, click the heuristics attribute if it exists, click Edit, click Clear, and then click OK two times.
    6. Run the Exchange 2003 setup /forestprep command again.

    At this point, I am now able to re-run the Exchange /ForestPrep setup.  Remember to then run the Exchange /DomainPrep before you run the Exchange install.

    image

    Categories: Exchange 2003

    Exchange 2003 – Antigen 1023 Errors\Performance Logs?

    November 7, 2007 Leave a comment

    We began seeing Event Id 1023 errors on all of our Backend Exchange servers that are running Sybari’s Antigen Anti-Virus suite.  This problem occurs because the Performance Logs and Alerts service (Smlogsvc.exe) does not have sufficient permissions to access the performance counter DLL directory (C:\Program Files\Sybari Software\Antigen for Exchange) for Microsoft Antigen Services (Version: 9.00.1055).  The Smlogsvc.exe service runs as the Network Service account (Local machine) which requires "Read" permissions within the directory.  More specifically, the AntigenPMDLL.dll file controls the Antigen Perfmon Counters.   Adding the "Read" permission for the Network Service account on the AntigenPMDLL.dll file resolved the problem.  This KB article goes into more detail on a similar issue involving SQL server. 

    Ed M.

    Categories: Exchange 2003