I ran into this one today with two servers in a DAG. This is caused by the certificate you're using not having the private key. Here's how I fixed it:
Go to the 1st server -> Start -> Run -> MMC -> File -> Add/Remove Snap Ins -> Certificates -> Computer Certificates -> Local Computer
Browse to the personal certificate store, right click on the correct certificate, select All Tasks, and then Export. Make sure here you choose "Export Private Key" and assign a password. Click Next and then name the file and where you want to save it. The file will have a .pfx extension.
From there on the 1st server inside ECP you can go to Servers -> Certificates -> Choose the server you want and then import the certificate.
Once this process is done just assign the services to the certificate (SMTP, POP, etc) and then restart the server if possible. If not some say you can do an IISRESET from the command prompt and then you'll be good.
Good luck!
Showing posts with label Exchange 2010. Show all posts
Showing posts with label Exchange 2010. Show all posts
Friday, May 22, 2015
Wednesday, March 04, 2015
RESOLVED: The WS-Management service cannot process the request.
RESOLVED: The WS-Management service cannot process the request. The user load quota of 1000 requests per 2 seconds has been exceeded. Send future requests at a slower rate or raise the quota for this user. The next request from this user will not be approved for at least X milliseconds.
This can happen if your Exchange server has recently received a new SSL (UCC) certificate.
What can happen is the remote PowerShell or the EMC will be using a certificate that is not trusted or valid anymore.
A simple "IISRESET" from PowerShell or the CMD prompt will correct the issue.
Good luck!
This can happen if your Exchange server has recently received a new SSL (UCC) certificate.
What can happen is the remote PowerShell or the EMC will be using a certificate that is not trusted or valid anymore.
A simple "IISRESET" from PowerShell or the CMD prompt will correct the issue.
Good luck!
Wednesday, July 30, 2014
Exchange 2010: The WS-Management Service Cannot Process The Request...
PROBLEM: The WS-Management service cannot process the request. The user load quota of 1000 requests per 2 seconds has been exceeded. Send future requests at a slower rate or raise the quota for this user. The next request from this user will not be approved for at least XX milliseconds.
This can happen if a certificate on Exchange expires (SSL or UCC) and the IIS service has not been restarted since.
All you need to do is open a command prompt (Run as Administrator if using UAC) and the type in IISRESET. Press ENTER and wait.
Now you should be able to login to the Exchange 2010 EMC with no issues.
Really simple fix.
Good luck!
Thursday, November 07, 2013
Exchange 2010 Error: A reboot from a previous installation is pending.
If you are seeing this error while trying to apply an Exchange SP or RU and you have restarted here's a quick fix for it:
**MAKE SURE YOU RESTART FIRST JUST TO MAKE SURE IT IS NOT CLEARING**
Delete the below key from the registry:
HKLM\SYSTEM\CurrentControlSet\Control\SessionManager\PendingFileRenameOperations
HKLM\SYSTEM\CurrentControlSet\Control\SessionManager\PendingFileRenameOperations
After this you will be able to continue your service pack install.
Good luck.
Exchange SP2 Install Error: This Server Role Can't Be Installed Because the Following Roles...
Mailbox role
Good luck!
Error: this server role can't be installed because the following roles aren't current: AdminToolsRole MailboxRole
Here's the fix for it:
Open REGEDIT
1. HKLM\Software\ExchangeServer\V14\AdminTools\ConfiguredVersion
Change ConfiguredVersion from 14.1.218.5 to 14.2.247.5
2. Repeat this process for the other keys labeled TRANSPORTROLE or MAILBOX role as needed. The different versions on those numbers are the source of the problem.
3. Restart server and then start Exchange 2010 SP2 setup again.
Good luck!
Wednesday, October 23, 2013
PST Capture Tool Setup and Use
Exchange PST Capture Use
There's a few things to do to get this to work properly. Here's how mine is setup and I have no problems pulling PST files into Exchange 2010.
1. Windows 7 Professional on the domain.
2. Install .NET 4.5 framework.
3. Install Powershell 3.0. It's part of the Windows Management Framework. Download HERE.
4. Install Outlook 2010. Make sure you use the 64-bit version. Even if the PST file comes from a 32-bit machine. This is because Exchange 2010 is 64-bit.
5. Run this command using Exchange Powershell "New-ManagementRoleAssignment -Role "Mailbox Import Export" -User "PSTImportUser"
**If you do not run the Powershell command you will get ERROR OPENING MAILBOX**
6. Install PST Capture.
Once these things are done you are ready to pull the PST files into Exchange using PST Capture.
I highly recommend you go into Settings and remove the check box beside "Create a subfolder for each PST file". This will put all mail into the proper folder structure as what is inside the PST.
Also make one more edit under Non-mail items. Check both boxes so it will get their calendar, contacts, etc.
That's pretty much it. The rest inside PST Import is pretty easy to understand and you're on your way to importing files as needed into a new or existing Exchange server.
Good luck!
There's a few things to do to get this to work properly. Here's how mine is setup and I have no problems pulling PST files into Exchange 2010.
1. Windows 7 Professional on the domain.
2. Install .NET 4.5 framework.
3. Install Powershell 3.0. It's part of the Windows Management Framework. Download HERE.
4. Install Outlook 2010. Make sure you use the 64-bit version. Even if the PST file comes from a 32-bit machine. This is because Exchange 2010 is 64-bit.
5. Run this command using Exchange Powershell "New-ManagementRoleAssignment -Role "Mailbox Import Export" -User "PSTImportUser"
**If you do not run the Powershell command you will get ERROR OPENING MAILBOX**
6. Install PST Capture.
Once these things are done you are ready to pull the PST files into Exchange using PST Capture.
I highly recommend you go into Settings and remove the check box beside "Create a subfolder for each PST file". This will put all mail into the proper folder structure as what is inside the PST.
Also make one more edit under Non-mail items. Check both boxes so it will get their calendar, contacts, etc.
That's pretty much it. The rest inside PST Import is pretty easy to understand and you're on your way to importing files as needed into a new or existing Exchange server.
Good luck!
Tuesday, October 08, 2013
Export Emails within a Date Range from Exchange 2010
Today I had to do this to assist with an email audit for a government agency. Below are the steps you need to follow to make this happen. The TechNet article leaves out a very important step that I have included for you below.
1. Open up the Exchange Management Shell and enter the following command: New-ManagementRoleAssignment –Role “Mailbox Import Export” –User "DOMAIN\USERACCOUNT"
**NOTE: Now close the EMS and reopen it. You have to do this because the roles for the user logged in are loaded when the EMS is started.
2. Use this command to export your email date range and the location where you want to save it: New-MailboxExportRequest -Mailbox "SAMPLE USER" -ContentFilter {(Received -lt '01/01/2012') -and (Received -gt '03/31/2012')} -FilePath "\\SERVER\EXPORTS\SAMPLE_USER.pst"
Depending on the size of the user's email you may get a file rather quickly or you may get a message from the EMC that the job is queued and will be filled when it is completed the search and export process.
What lead me here was the error "The Term 'New-MailboxExportRequest' is not recognized as the name of a cmdlet, function, script file, or operable program".
The steps above will avoid this error and get you exactly what you need from the email box.
If you just want to dump the entire mailbox use this: New-MailboxExportRequest -Mailbox "SAMPLE USER" -FilePath "\\SERVER\EXPORTS\SAMPLE_USER.pst"
1. Open up the Exchange Management Shell and enter the following command: New-ManagementRoleAssignment –Role “Mailbox Import Export” –User "DOMAIN\USERACCOUNT"
**NOTE: Now close the EMS and reopen it. You have to do this because the roles for the user logged in are loaded when the EMS is started.
2. Use this command to export your email date range and the location where you want to save it: New-MailboxExportRequest -Mailbox "SAMPLE USER" -ContentFilter {(Received -lt '01/01/2012') -and (Received -gt '03/31/2012')} -FilePath "\\SERVER\EXPORTS\SAMPLE_USER.pst"
Depending on the size of the user's email you may get a file rather quickly or you may get a message from the EMC that the job is queued and will be filled when it is completed the search and export process.
What lead me here was the error "The Term 'New-MailboxExportRequest' is not recognized as the name of a cmdlet, function, script file, or operable program".
The steps above will avoid this error and get you exactly what you need from the email box.
If you just want to dump the entire mailbox use this: New-MailboxExportRequest -Mailbox "SAMPLE USER" -FilePath "\\SERVER\EXPORTS\SAMPLE_USER.pst"
Sunday, February 24, 2013
SBS 2011 Exchange 2010 SP2 installation fails - certificate not found error
Tonight I was installing Server Pack 2 on SBS 2011. Here's the error I got:
Hub Transport Role
Failed
Error:
The following error was generated when "$error.Clear();
Write-ExchangeSetupLog -Info "Creating SBS certificate";
$thumbprint = [Microsoft.Win32.Registry]::GetValue("HKEY_LOCAL_MACHINE\Software\Microsoft\SmallBusinessServer\Networking", "LeafCertThumbPrint", $null);
if (![System.String]::IsNullOrEmpty($thumbprint)){
Write-ExchangeSetupLog -Info "Enabling certificate with thumbprint: $thumbprint for SMTP service";
Enable-ExchangeCertificate -Thumbprint $thumbprint -Services SMTP;
Write-ExchangeSetupLog -Info "Removing default Exchange Certificate";
Get-ExchangeCertificate | where {$_.FriendlyName.ToString() -eq "Microsoft Exchange"} | Remove-ExchangeCertificate;
Write-ExchangeSetupLog -Info "Checking if default Exchange Certificate is removed";
$certs = Get-ExchangeCertificate | where {$_.FriendlyName.ToString() -eq "Microsoft Exchange"};
if ($certs)
{
Write-ExchangeSetupLog -Error "Failed to remove existing exchange certificate"
}
}
else{
Write-ExchangeSetupLog -Warning "Cannot find the SBS certificate";
}
" was run: "The certificate with thumbprint EC6C8334CEB1F6A5A3802E3927BCADE008ACD07A was not found.".
The certificate with thumbprint EC6C8334CEB1F6A5A3802E3927BCADE008ACD07A was not found.
Click here for help... http://technet.microsoft.com/en-US/library/ms.exch.err.default(EXCHG.141).aspx?v=14.2.247.1&e=ms.exch.err.Ex88D115&l=0&cl=cp
Failed
Error:
The following error was generated when "$error.Clear();
Write-ExchangeSetupLog -Info "Creating SBS certificate";
$thumbprint = [Microsoft.Win32.Registry]::GetValue("HKEY_LOCAL_MACHINE\Software\Microsoft\SmallBusinessServer\Networking", "LeafCertThumbPrint", $null);
if (![System.String]::IsNullOrEmpty($thumbprint)){
Write-ExchangeSetupLog -Info "Enabling certificate with thumbprint: $thumbprint for SMTP service";
Enable-ExchangeCertificate -Thumbprint $thumbprint -Services SMTP;
Write-ExchangeSetupLog -Info "Removing default Exchange Certificate";
Get-ExchangeCertificate | where {$_.FriendlyName.ToString() -eq "Microsoft Exchange"} | Remove-ExchangeCertificate;
Write-ExchangeSetupLog -Info "Checking if default Exchange Certificate is removed";
$certs = Get-ExchangeCertificate | where {$_.FriendlyName.ToString() -eq "Microsoft Exchange"};
if ($certs)
{
Write-ExchangeSetupLog -Error "Failed to remove existing exchange certificate"
}
}
else{
Write-ExchangeSetupLog -Warning "Cannot find the SBS certificate";
}
" was run: "The certificate with thumbprint EC6C8334CEB1F6A5A3802E3927BCADE008ACD07A was not found.".
The certificate with thumbprint EC6C8334CEB1F6A5A3802E3927BCADE008ACD07A was not found.
Click here for help... http://technet.microsoft.com/en-US/library/ms.exch.err.default(EXCHG.141).aspx?v=14.2.247.1&e=ms.exch.err.Ex88D115&l=0&cl=cp
The default self-signed certificate
generated for Exchange by the Small Business Server setup has been
deleted / replaced by a 3rd party certificate, but registry still
contains the registry value referencing it.
I fixed it by opening REGEDIT and edited the following:
HKEY_LOCAL_MACHINE/Software/Microsoft/SmallBusinesServer/Networking/LeafCertThumbprint and clear the value value under it. (The value, not the key. The key itself should not be deleted)
HKEY_LOCAL_MACHINE/Software/Microsoft/SmallBusinesServer/Networking/LeafCertThumbprint and clear the value value under it. (The value, not the key. The key itself should not be deleted)
Restart service pack installation.
Friday, February 08, 2013
Setup Encountered a Problem While Validating the State of Active Directory - Exchange 2010
The error will be worded something like this:
Exchange Setup encountered a problem while validating the state of Active Directory: Could not find any Domain Controller in domain
I ran into this while installing Exchange 2010 SP2.
The simple fix.
Close the install, go to the folder you extracted the patch into and then right click on setup.exe and choose "Run as Administrator". Makes all of the difference.
Good luck!
Exchange Setup encountered a problem while validating the state of Active Directory: Could not find any Domain Controller in domain
I ran into this while installing Exchange 2010 SP2.
The simple fix.
Close the install, go to the folder you extracted the patch into and then right click on setup.exe and choose "Run as Administrator". Makes all of the difference.
Good luck!
Monday, August 20, 2012
Outlook 2010 "Could not Complete the Operation" when Forwarding Email
This issue is a result of the contact information being "misread" or "corrupted".
In Outlook 2010 there are a couple of way to work with this.
1. When you go to forward the message and the person's name automatically appears, simply hover the mouse over it and press DELETE. This will remove it from the cache. Now type in the address and the message will complete properly.
2. If you want to clear out all of your cache without trying to address them one at a time, then here are the steps:
Microsoft's first recommendation is to clear your Outlook profile and create another one which is sure work but is a bit overkill for such a small issue.
I'm sure the process is similar with other versions of Outlook but YMMV.
Good luck...
In Outlook 2010 there are a couple of way to work with this.
1. When you go to forward the message and the person's name automatically appears, simply hover the mouse over it and press DELETE. This will remove it from the cache. Now type in the address and the message will complete properly.
2. If you want to clear out all of your cache without trying to address them one at a time, then here are the steps:
- Open Outlook 2010
- Open File
- Click Options
- Click Mail
- Select "Empty Autocomplete List"
Microsoft's first recommendation is to clear your Outlook profile and create another one which is sure work but is a bit overkill for such a small issue.
I'm sure the process is similar with other versions of Outlook but YMMV.
Good luck...
Saturday, June 09, 2012
Active directory response: 00002098: SecErr: DSID-03150BB9, problem 4003 (INSUFF_ACCESS_RIGHTS)
Active directory response: 00002098: SecErr: DSID-03150BB9, problem 4003 (INSUFF_ACCESS_RIGHTS)
- Go into the user's account in AD and go to the Security tab.
- Check the box to Inherit permissions. If it's already set, clear it, force an AD update, and then check the box again.
I had 2 boxes do this on my last Exchange migration. It's a real pain to find out after you've waited on the mailbox to copy but a very easy fix.
Friday, June 08, 2012
Outlook 2010 Certificate Error After Migration
I recently did a migration from Exchange 2003 to Exchange 2010. The new environment uses a CAS/HT server and a mailbox only server. Everything went great until the first user opened up Outlook 2010 and there was the dreaded SECURITY ALERT stating that the certificate is invalid or does not match the name of the site.
Here's the fix for that little issue.
Assuming you have already installed the UCC certificate on the Exchange server you will need to enable the cert. You can run the following command to enable the certificate.
Enable-ExchangeCertificate -Thumbprint 59 5e a4 7c f0 4e 66 da 3d 6b 29 95 f7 c4 b1 72 ca 0f 82 -Services "SMTP, IIS"
Note: The thumbprint needs to match the certificate you installed. You can use either the GET-CERTIFICATE command or use the MMC, select the certificate, click on details, and then click on thumbprint.
For each CAS server that is installed a Service Connection Point (SCP) record is created for the autodiscover service for internal clients.
When i go into Outlook i get the following error:
This happens because the connection is using the NetBIOS name of mbx1 which does not match the name on the certificate. If you run Get-ClientAccessServer -Identity mbx1 | FL you would see that the AutoDiscoverServiceInternalUri says https://MBX1/Autodiscover/Autodiscover.xml and this does not match the certificate. If you also check the other services and you will get the same results for OAB, EWS, Outlook Anywhere (OA) and Exchange Active Sync (EAS). The fix is to update all theses internal URL links to match the name on the cert.
Note: If you do decide to enable OA externally it is important to note that the external host name value configured for Outlook Anywhere must match the Certificate Principal Name (CPN) on the certificate used by clients and must match the end point property in the client.
In order for Subject Alternate Name (SAN) certificates to be used for clients to connect to the OA service, where the CPN does not match the msstd value configured in the Outlook client profile (but the URL is listed in the SAN part of the certificate), certain conditions need to be met, these are listed below:-
After this is completed once you open Outlook 2010 you will no longer get the certificate error.
Here's the fix for that little issue.
Assuming you have already installed the UCC certificate on the Exchange server you will need to enable the cert. You can run the following command to enable the certificate.
Enable-ExchangeCertificate -Thumbprint 59 5e a4 7c f0 4e 66 da 3d 6b 29 95 f7 c4 b1 72 ca 0f 82 -Services "SMTP, IIS"
Note: The thumbprint needs to match the certificate you installed. You can use either the GET-CERTIFICATE command or use the MMC, select the certificate, click on details, and then click on thumbprint.
For each CAS server that is installed a Service Connection Point (SCP) record is created for the autodiscover service for internal clients.
When i go into Outlook i get the following error:
This happens because the connection is using the NetBIOS name of mbx1 which does not match the name on the certificate. If you run Get-ClientAccessServer -Identity mbx1 | FL you would see that the AutoDiscoverServiceInternalUri says https://MBX1/Autodiscover/Autodiscover.xml and this does not match the certificate. If you also check the other services and you will get the same results for OAB, EWS, Outlook Anywhere (OA) and Exchange Active Sync (EAS). The fix is to update all theses internal URL links to match the name on the cert.
- Set-ClientAccessServer -Identity "mbx1" –AutodiscoverServiceInternalURI https://nlb.nwtraders.msft/autodiscover/autodiscover.xml
- Set-WebServicesVirtualDirectory -Identity "mbx1\EWS (Default Web Site)" –InternalUrl https://nlb.nwtraders.msft/EWS/Exchange.asmx
- Set-OABVirtualDirectory -Identity “mbx1\OAB (Default Web Site)” -InternalURL https://nlb.nwtraders.msft/OAB
- Enable-OutlookAnywhere -Server mbx1 -ExternalHostname “nlb.nwtraders.msft” -ClientAuthenticationMethod “NTLM”
- Set-ActiveSyncVirtualDirectory -Identity “mbx1\Microsoft-Server-ActiveSync (Default Web Site)” -InternalURL https://nlb.nwtraders.msft/Microsoft-Server-Activesync
Note: If you do decide to enable OA externally it is important to note that the external host name value configured for Outlook Anywhere must match the Certificate Principal Name (CPN) on the certificate used by clients and must match the end point property in the client.
In order for Subject Alternate Name (SAN) certificates to be used for clients to connect to the OA service, where the CPN does not match the msstd value configured in the Outlook client profile (but the URL is listed in the SAN part of the certificate), certain conditions need to be met, these are listed below:-
- Outlook 2007 or higher
- Vista SP1
After this is completed once you open Outlook 2010 you will no longer get the certificate error.
Thursday, July 28, 2011
How to Move Public Folders to Exchange 2010
Move public folder data to Exchange 2010
Public folders are an optional feature in Exchange 2010. If all client computers in your organization are running Microsoft Office Outlook 2007 or later, then public folders are an optional feature. However, if Outlook 2003 clients are in use, then public folders are required. In addition, if you're currently using public folders for collecting, organizing, or sharing documents and other information and you want to continue doing so, you can use public folder replication to move your public folder data to Exchange 2010.
How do I do this?
You can use the Exchange Management Console to perform this task.
You can use the Get-PublicFolder cmdlet in the Exchange Management Shell to verify replicas on the Exchange 2010 public folder database. For example, to determine the replicas for all public folders in the public folder tree, run the following command: Get-PublicFolder -Recurse | Format-List Name,Replicas To determine the replicas for all system folders, run the following command: Get-PublicFolder \NON_IPM_SUBTREE | Format-List Name,Replicas
Public folders are an optional feature in Exchange 2010. If all client computers in your organization are running Microsoft Office Outlook 2007 or later, then public folders are an optional feature. However, if Outlook 2003 clients are in use, then public folders are required. In addition, if you're currently using public folders for collecting, organizing, or sharing documents and other information and you want to continue doing so, you can use public folder replication to move your public folder data to Exchange 2010.
How do I do this?
You can use the Exchange Management Console to perform this task.
- In the Console tree, click Toolbox.
- In the Result pane, double-click Public Folder Management Console. The Public Folder Management Console appears.
- In the public folder tree, click or expand Default Public Folders, and then select the parent public folder of the public folder that you want to move to Exchange 2010. Note: To configure replication for the offline address book (OAB) or for Schedule+ free/ busy information, expand System Public Folders, and then click OFFLINE ADDRESS BOOK or SCHEDULE+ FREE BUSY.
- In the Result pane, right-click the public folder you want to replicate to Exchange 2010 and select Properties.
- On the Replication tab, click Add to select an Exchange 2010 public folder database and then click OK.
- By default, Exchange uses the replication schedule configured for the public folder database. To create a custom replication schedule for the public folder, clear the Use public folder database replication schedule check box and select one of the settings in the list.
- To create a customized schedule, click Customize.
- To set the schedule, click the time grid in the Schedule dialog box. Public folder replication will run during the time slots that you specify.
- Click OK to close the Schedule dialog box.
- To specify the age limit for items in this public folder, type the number of days in the Local replica age limit (days) box. Items that have reached the age limit are deleted.
- Click OK to close the Properties dialog and to save your changes.
- Repeat Steps 4-11 for each public folder you want to move to Exchange 2010.
You can use the Get-PublicFolder cmdlet in the Exchange Management Shell to verify replicas on the Exchange 2010 public folder database. For example, to determine the replicas for all public folders in the public folder tree, run the following command: Get-PublicFolder -Recurse | Format-List Name,Replicas To determine the replicas for all system folders, run the following command: Get-PublicFolder \NON_IPM_SUBTREE | Format-List Name,Replicas
Subscribe to:
Posts (Atom)