Wednesday, August 29, 2012

The Microsoft Exchange Administrator has made a change that requires you quit and restart Outlook

During the implementation of a large Exchange 2010 infrastructure with two DAGs and two CAS  Arrays we had a large number of users that were complaining about receiving the infamous message “The Microsoft Exchange Administrator has made a change that requires you quit and restart Outlook”.
This issue started after applying RU3 for Exchange 2010 SP2.

Investigating the problem we found out that all the users that encountered this had open their mailbox stored in one DAG and at least another mailbox stored in the other DAG. This means that they were using one CAS Array to access their mailbox and another CAS Array to open the additional mailbox(s).
Client Team Lead for Messaging discovered this support article from Microsoft It was not fully related to our issue but it contains the way to solve it.

To resolve this issue you need to disable preferred site enforcement (a new feature from Exchange 2010 SP2 RU3)
To do this, create the following DWORD registry value:

Key: HKLM\System\CurrentControlSet\Services\MSExchangeRPC\ParametersSystem
Value Name: EnablePreferredSiteEnforcement
Data Type: REG_DWORD
Value: 0

After you set the EnablePreferredSiteEnforcement value to 0, a CAS server will accept connection requests from any site and not try to redirect the request to a CAS server from the home site of the mailbox.
To get more details about this new feature and how it can affect your Exchange infrastructure, you can also read this article

Saturday, August 4, 2012

Move mailbox failed when migrating from Exchange 2003 to Exchange 2010

In my last project I had to migrate thousands of mailboxes from Exchange 2003 to Exchange 2010. Almost all of them were migrated successfully but there were some that had errors.
You can find bellow the important part of the error.

Error context: --------
Operation: IDestinationFolder.SetRules
OperationSide: Target
Primary (bd50b428-3943-46cd-8c02-b57f87e7cd94)
Rules: [Rule: Condition: none; Actions: [RuleAction: OOFREPLY TemplateEID:[len=70, data=00000000559C404EBD82D04596AA5A9391BE8A100700868687CBFD049D4089FCFF392D2451CA0000011CC305000000F481963AC3F1428D4E7080D5ECCC710000018A14440000], TemplateGuid:21aadadc-46db-4334-9e1e-1d3cecb4c3d0, Flags:0]; Name ''; Provider: 'MSFT:TDX OOF Rules'; ProviderData: ; ExecutionSequence: 50; Level: 0; StateFlags: 13; UserFlags: 2; IsExtended: False]
Folder: '/Top of Information Store/Deleted Items', entryId [len=46, data=00000000559C404EBD82D04596AA5A9391BE8A100100868687CBFD049D4089FCFF392D2451CA0000011CC3080000], parentId [len=46, data=00000000559C404EBD82D04596AA5A9391BE8A100100868687CBFD049D4089FCFF392D2451CA0000011CC3020000]

I found the following article on Microsoft support web site It’s working perfectly but it’s not mentioning correctly where you should search for the corrupted rule.
To solve the problem make sure that you read the exact folder where the rule is stored (it is marked in red above).

Wednesday, May 9, 2012

APIPA IP address in email tracking log when using Exchange 2010 DAG

One of our customers noticed a strange thing when investigating a tracking log for an email in Exchange 2010. The user that was sending the email had his mailbox hosted on a database member of a DAG. Instead of seeing the IP address of the DAG or mailbox server, it was a an APIPA address like:
Received: from ( by ( with Microsoft SMTP Server (TLS) id; Thu, 12 Jan 2012 17:21:53 +0200

Googling the issue I found this article from TechNet Magazine. The problem is generated by the Windows Failover Cluster (WFC) component that is installed and configured automatically when you configure an Exchange 2010 DAG.

If that IP address bothers you, please read the above article.

Thursday, May 3, 2012

Change display name when sending emails via SMTP in Exchange 2010

Last week one of our clients that we are migrating from Exchange 2003 to Exchange 2010 had a interesting problem.
We configured for him a receive connector that allows open relay from certain IP addresses. Everything worked fine until he tried to change the display name when sending an email via SMTP. No matter what was set in the email header, when the recipient was receiving it, the display name of the email sender was the one that was defined in Active Directory. This is a normal behavior when you send an email in Exchange via SMTP with authentication but in this case there was no authentication configured.
If you search the internet for ways to configure open relay in Exchange 2010, you will notice (as specified on Microsoft web site that there are two ways to obtain that, and one of them is to configure the receive connector as Externally Secured. This option works fine but is not exactly an anonymous connection to the receive connector, in fact the SMTP connection is authenticated as one from an Exchange server.
To be able to change the display name for sender when sending SMTP via open relay in Exchange 2010 you need to configure the receive connector by allowing Relay Permission for Anonymous Connections, not by using the Externally Secured configuration. To obtain that use the following cmdlets

New-ReceiveConnector -Name "Anonymous Relay" -Usage Custom -PermissionGroups AnonymousUsers -Bindings -RemoteIpRanges
Get-ReceiveConnector "Anonymous Relay" | Add-ADPermission -User "NT AUTHORITY\ANONYMOUS LOGON" -ExtendedRights "Ms-Exch-SMTP-Accept-Any-Recipient"

Monday, April 23, 2012

Applications are unable to send emails via SMTP in Exchange 2010

Sometimes when you configure an application to send emails via a SMTP connector in Exchange 2010 it will not be able to send them and it will report a connection timeout.
Additionaly, if you enabled protocol loging for the Receive connector you will see in the logs the following record:

Tarpit for '0.00:00:00.902' due to 'DelayedAck',Delivered

This issue is caused by Shadow Redundancy feature from Exchange 2010.

To solve the issue there are two posibilities:

Use the Shell to configure the maximum acknowledgement delay on a Receive connectorUsing powershell run the following cmdlet

Set-ReceiveConnector "Custom App Receive Connector" -MaxAcknowledgementDelay 0
where "Custom App Receive Connector" is the connector that is used for receiveing emails from application,

Shadow redundancy promotion In Microsoft Exchange Server 2010 Service Pack 1 (SP1), instead of skipping the delayed acknowledgement, the transport server can be configured to relay the message to any other transport server in the site. This effectively inserts the message into the shadow redundancy pipeline, thereby protecting the message. This process is called shadow redundancy promotion. This approach minimizes the number of unprotected messages in the organization when compared to the “skipping delayed acknowledgement” method. By default, this feature is disabled. To enable shadow redundancy promotion, follow these steps:

Edit the edgetransport.exe.config file. By default, this file is located in the C:\Program Files\Microsoft\Exchange Server\V14\Bin directory.
In the edgetransport.exe.config file, change the “shadowredundancypromotionenabled” key to true, and then save the changes.
Restart the Microsoft Exchange Transport service (MSExchangeTransport.exe).

Friday, April 20, 2012

Update Rollup 2 for Exchange Server 2010 Service Pack 2

Microsoft has released Update Rollup 2 for Microsoft Exchange Server 2010 Service Pack 2 (SP2) - KB2661854.
The update is available here.

If you are running Exchange 2010 SP2 you should install this update but my recommendation is to wait for o couple of weeks unless you encountered one of the issued that are fixed by this update. Even updates are already tested it might happen from time to time that they are not tested enough so is good to see if there are problems with it.

Issues that the update rollup resolves

Update Rollup 2 for Exchange Server 2010 SP2 resolves the issues that are described in the following Microsoft Knowledge Base (KB) articles:
  • 2519806 ( ) A meeting request that is sent by an external user or by using a non-Microsoft email system is stamped as Busy instead of Tentative in an Exchange Server 2010 environment
  • 2556766 ( ) Slow performance when you create many contacts by using Exchange Web Services in an Exchange Server 2010 environment
  • 2592398 ( ) Email messages in the Sent Items folder have the same PR_INTERNET_MESSAGE_ID property in an Exchange Server 2010 environment
  • 2601301 ( ) Customized contact objects revert to the default form after a public folder database replication in an Exchange Server 2010 environment
  • 2625450 ( ) You cannot generate an OAB file that is larger than 2GB in an Exchange Server 2010 environment
  • 2630808 ( ) A user can log on to a mailbox by using Outlook for Mac 2011 unexpectedly in an Exchange Server 2010 environment
  • 2632201 ( ) MAPI_E_INVALID_PARAMETER errors occur when a MAPI application receives notifications in an Exchange Server 2010 environment
  • 2635223 ( ) A hidden user is still displayed in the Organization information of Address Book in OWA in an Exchange Server 2010 environment
  • 2636387 ( ) Event ID 3022 is logged and you cannot replicate a public folder from one Exchange Server 2010 server to another
  • 2636883 ( ) Returned message items can disappear from the search results view when you use Outlook in online mode in an Exchange Server 2010 environment
  • 2641249 ( ) Error message when you use the "Folder.Bind" method in an Exchange Server 2010 environment
  • 2641753 ( ) An email message from an Exchange Server 2003 user is forwarded incorrectly to an external recipient of an Exchange Server 2010 user mailbox
  • 2644144 ( ) A read receipt is not sent when a receiver does not expand a conversation to preview the message by using OWA in an Exchange Server 2010 environment
  • 2644920 ( ) The Get-FederatedDomainProof cmdlet fails in an Exchange Server 2010 SP1 environment
  • 2645587 ( ) An external email message is not delivered to mail-enabled public folders and you do not receive NDR messages in an Exchange Server 2010 environment
  • 2649499 ( ) Updates for a meeting request are sent to all attendees directly in an Exchange Server 2010 environment
  • 2649679 ( ) Text in tables is displayed incorrectly in the Conversation view in Outlook Web App in an Exchange Server 2010 environment
  • 2652730 ( ) You encounter failures when you run the Test-EcpConnectivity cmdlet to test Exchange Control Panel connectivity in an Exchange Server 2010 environment
  • 2657103 ( ) CPU resources are used up when you use the Set-MailboxMessageConfiguration cmdlet in an Exchange Server 2010 environment
  • 2660178 ( ) "More than one mailbox has the same e-mail address" error message when you try to manage a mailbox in a tenant organization in an Exchange Server 2010 SP1 Hosting mode environment
  • 2661277 ( ) An ActiveSync user cannot access a mailbox in an Exchange Server 2010 forest
  • 2661294 ( ) An email address policy does not generate the email addresses of recipients correctly in an Exchange Server 2010 environment
  • 2663581 ( ) OK button is not displayed when you change your password in Outlook Web App by using Firefox in an Exchange Server 2010 environment
  • 2664365 ( ) Certain MailboxStatistics properties are not updated when a user uses a POP3 or IMAP4 client to access a mailbox in an Exchange 2010 environment
  • 2664761 ( ) DPM protection agent service may stop responding on Exchange Server 2010 servers that are protected by System Center DPM 2010
  • 2665806 ( ) Error message when you open an RTF email message that has inline attachments in an Exchange Server 2010 environment
  • 2672225 ( ) A user in a trusted account forest cannot use the EMC to manage an Exchange Server 2010 SP2 server
  • 2673087 ( ) Error message when you try to copy the Inbox folder to another folder in Outlook in online mode in an Exchange Server 2010 environment
  • 2677847 ( ) The Microsoft Exchange File Distribution service consumes large amounts of memory in an Exchange Server 2010 environment
  • 2678361 ( ) The user-agent information about an Exchange ActiveSync device is not updated in an Exchange Server 2010 environment
  • 2678414 ( ) The display name of a contact in address book is empty in an Exchange Server 2010 environment
  • 2681464 ( ) An EWS application crashes when it calls the GetStreamingEvents operation in an Exchange Server 2010 environment
  • 2685996 ( ) Error message when a user who does not have a mailbox tries to move or delete an item that is in a shared mailbox by using Outlook Web App Premium
  • 2688667 ( ) W3wp.exe consumes excessive CPU resources on Exchange Server 2010 Client Access servers when users open recurring calendar items in mailboxes by using Outlook Web App or EWS
  • 2693078 ( ) EdgeTransport.exe process crashes in an Exchange Server 2010 environment
  • 2694280 ( ) Whatif switch does not work in the Set-MoveRequest or Resume-MoveRequest cmdlet in an Exchange Server 2010 environment
  • 2694289 ( ) Resource mailbox does not forward meeting request to delegates after one of the delegates' mailbox is disabled in an Exchange Server 2010 environment
  • 2694414 ( ) The update tracking information option does not work in an Exchange Server 2010 environment
  • 2694473 ( ) File name of a saved attachment is incorrect when you use OWA in Firefox 8 in an Exchange Server 2010 environment
  • 2694474 ( ) Incorrect delivery report when you send an email message to a recipient who has configured an external forwarding address in an Exchange Server 2010 environment
  • 2696857 ( ) EdgeTransport.exe process crashes without sending an NDR message when you send a message to a distribution group in an Exchange Server 2010 environment
  • 2696905 ( ) Day of the week is not localized in MailTips in Outlook Web App in an Exchange Server 2010 environment
  • 2696913 ( ) You cannot log on to Outlook Web App when a proxy is set up in an Exchange Server 2010 environment


Installation Notes

Important information for customers who install the update on computers that are not connected to the Internet

When you install this update rollup on a computer that is not connected to the Internet, you may experience long installation times. Additionally, you may receive the following message:

Creating Native images for .Net assemblies.

This behavior is caused by network requests to connect to the ( website. These network requests represent attempts to access the certificate revocation list for each assembly that native image generation (NGen) compiles to native code. However, because the Exchange server is not connected to the Internet, each request must wait to time out before the process continues.
To resolve this issue, follow these steps:
  1. On the Tools menu in Windows Internet Explorer, click Internet Options, and then click the Advanced tab.
  2. In the Security section, click to clear the Check for publisher's certificate revocation check box, and then click OK.
We recommend that you clear this security option in Internet Explorer only if the computer is in a tightly controlled environment. When setup is complete, click to select the Check for publisher’s certificate revocation check box again.

Update issue on computers that have customized Outlook Web App files

Important Before you apply the update rollup, we recommend that you make a backup copy of any customized Outlook Web App files. For more information about how to customize Outlook Web App, visit the following Microsoft website:
Outlook Web App customization details ( )
When you apply an update rollup package, the update process updates the Outlook Web App files if they are required. Therefore, any customizations to the Logon.aspx file or to other Outlook Web App files are overwritten, and you must re-create the Outlook Web App customizations in Logon.aspx.

Update issue for CAS Proxy Deployment Guidance customers who deploy CAS-CAS proxying

If you meet both of the following conditions, apply the update rollup on the Internet-facing Client Access servers before you apply the update rollup on the non-Internet-facing Client Access servers:
  • You are a CAS Proxy Deployment Guidance customer.
  • You have deployed CAS-CAS proxying.
Note For other Exchange Server 2010 configurations, you do not have to apply the update rollup on the servers in a certain order.



To apply this update rollup, you must have Exchange Server 2010 SP2 installed.

Note Remove all interim updates for Exchange Server 2010 SP2 before you apply this update rollup.


Restart requirement

The required services are automatically restarted when you apply this update rollup.


Removal information

To remove Update Rollup 2 for Exchange Server 2010 SP2, use Add or Remove Programs in Control Panel to remove update 2661854.

Sunday, April 15, 2012

MVP again

Since I was very busy lately I didn’t have time to write about receiving MVP (Most Valuable Professional)  award for Microsoft Exchange for another year. It has been a busy year for my company and kept me away from doing extensive community activities. I had time to write some technical articles on site and also to participate in some technical presentations but that was all. Probably the fact that nothing really new happened in with Exchange was another reason for my reduced activity here.

I expect this year to be different as Exchange 15 is on the way and it should be a lot to talk about. We will see about that J.

Monday, April 2, 2012

"Your request couldn't be completed" when accessing OWA

I encountered the following error when implementing Exchange 2010 for a large organization during the test phase. Their infrastructure have a lot of servers with CAS arrays and at this point is running on Exchange 2010 SP2 with Rollup Update 2.

The error appeared when clicked to compose a new mail, when browsing through old emails or trying to other things in OWA. Since this was quite a large implementation we had to find a quick fix.
We  notice that this error was showing only when accessing OWA without using SSL. Normally the users will access OWA only by SSL via a hardware load balancer solution for CAS servers but for sure the technical personnel will try to access each CAS server individually with no encryption as SSL offloading is configured on each of the balanced servers.
Searching through Microsoft articles I found one that is talking about "Simplify the Outlook Web App URL" and especially when no SSL is needed -
It seems that Exchange 2010 SP2 has introduced a new option that needs to be configured in order to use OWA without SSL.
To solve the problem, you need to modify the Outlook Web App Web.config file on the Client Access server. The default location is \Program Files\Microsoft\Exchange Server\\ClientAccess\Owa as follows:
1.       Make a backup for web.config file
2.       Using notepad open the original file and find the line that contains httpCookies httpOnlyCookies="false" requireSSL="true" domain=""
3.       Change the requireSSL option to false and save the file
4.       From command line run iisreset /noforce /timeout:120 and wait for the IIS reset to be completed
This should solve the problem and you should be able to access OWA without using SSL without any error. Pay attention that this should not be used for external access as it is not secured J.

Monday, January 23, 2012

Hide from Address Book in Office 365

We are implementing more and more Office 365 infrastructures for our customers and we had some requests to hide users from Address Book. This should be an easy task, as stated in Microsoft as stated in this TechNet article

If you have an infrastructure where you have implemented ADFS when you run the command:

Set-Mailbox "Mailbox Name" -HiddenFromAddressListsEnabled $true

You will get an error like:

PS C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Online Service s] Set-Mailbox "Mailbox Name" -HiddenFromAddressListsEnabled $true
The operation on mailbox "Mailbox Name" failed because it's out of the current user's write scope. The action 'Set-Mailbox', 'HiddenFromAddressListsEnabled', can't be performed on the object 'Mailbox Name' because the object is being synchronized from your on-premises organization. This action should be performed on th e object in your on-premises organization

If you have an local Exchange installation this task is easy, but if you don't you will notice quick that there is no place to step the required flag.

So, what is the solution? It’s simple, if you follow this procedure:

1. Download Exchange 2010 SP2 from Microsoft web site;
2. Extract it to a folder on a local machine running Windows 2008  (x64) or 2008 R2;
3. Run setup /prepareAD to extend your schema for Exchange 2010. It might be possible that you need to install some features in Windows to be able to run the setup;
4. Using ADSI Editor find the account that you need to hide and set to true the msExchHideFromAddressLists to true (see the picture);

5. Sync the local AD with Office 365.

If you want to revert the Hide from Address Book setting, you have to set the attribute to “Not set”