Exchange Server hung on "applying security policy to the system" screen after restart

This issue can be solved running [Exchange Installation Dir] setup.com /PrepareAllDomains on any server. After it finishes restart the Exchange Server again.

Increasing the number of simultaneous Remote/Local Move Request on Exchange 2010

By default Exchange 2010 just move 5 mailboxes simultaneously, it can make a migration of about 1500 mailboxes take 3 or more days.


To increase it you have to change a configuration file for Mailbox Replication Service. 


1. Open the file C:\Program Files\Microsoft\Exchange Server\V14\Bin\MSExchangeMailboxReplication.exe.config;
2. Increase the blue values to a number of simultaneous active moves that you want.

MRSConfiguration
    MaxRetries = "60"
    RetryDelay = "00:00:30"
    MaxMoveHistoryLength = "2" 
    MaxActiveMovesPerSourceMDB = "50"
    MaxActiveMovesPerTargetMDB = "50"
    MaxActiveMovesPerSourceServer = "50"
    MaxActiveMovesPerTargetServer = "50"
    MaxTotalMovesPerMRS = "100"
    FullScanMoveJobsPollingPeriod = "00:10:00"
    MinimumTimeBeforePickingJobsFromSameDatabase = "00:00:04"
    ServerCountsNotOlderThan = "00:10:00"
    MRSAbandonedMoveJobDetectionTime = "01:00:00"
    BackoffIntervalForProxyConnectionLimitReached = "00:30:00"
    DataGuaranteeCheckPeriod = "00:05:00"
    EnableDataGuaranteeCheck = "true"
    DisableMrsProxyCompression = "false"
    DisableMrsProxyBuffering = "false"
    MinBatchSize = "100"
    MinBatchSizeKB = "256" ;

3. Save and close the file;
4. Restart the Microsoft Exchange Mailbox Replication service.

I've used the above configuration to migrate about 1400 mailboxes (its average size was 200MB) and it took 12hs to finish, using gigabit ethernet.

Mapi session "/o=First Organization/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=username" exceeded the maximum of 16 objects of type "session"

Event ID 9646 is logged in the application event log of your Exchange Server 2010 computer when a client opens many MAPI sessions

1. Click Start, click Run, type regedit in the Open box, and then click OK.
2. Locate and then click the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSExchangeIS\ParametersSystem
3.If the Maximum Allowed Services Sessions Per User entry does not exist, do the following:
     a. On the Edit menu, point to New, and then click DWORD Value.
     b. Type Maximum Allowed Services Sessions Per User as the entry name, and then press ENTER.
4. Right-click the Maximum Allowed Services Sessions Per User entry, and then click Modify.
5. Click Decimal, type the value that you want to set in the Value data box, and then click OK.
6. Exit Registry Editor.
7. Click Start, click Run, type services.msc in the Open box, and then click OK.
8. Click the MSExchange Information Store service, and then click Restart Service.

You can find a solution to earlier versions of Exchange but it doen's work on Exchange 2010. The difference is Maximum Allowed SERVICES Sessions Per User instead of Maximum Allowed Sessions Per User.

IIS 7.0 - Create a SSL Certificate for Multiple Names

Create a configuration certificate file (request.inf)

[NewRequest]
Subject = "CN=FQDN, OU=Organizational Unit, O=Company, L=City, S=State, C=Country"
KeySpec = 1
KeyLength = 2048
HashAlgorithm = SHA256
Exportable = FALSE
MachineKeySet = TRUE
SMIME = FALSE
PrivateKeyArchive = FALSE
UserProtected = FALSE
UseExistingKeySet = FALSE
RequestType = PKCS10
KeyUsage = 0xa0
ProviderName = "Microsoft RSA SChannel Cryptographic Provider"
FriendlyName = ""

[EnhancedKeyUsageExtension]
OID=1.3.6.1.5.5.7.3.1 ; Server Authentication

[RequestAttributes]
CertificateTemplate = WebServer

[Extensions]
2.5.29.17 = "{text}"
_continue_ = "DNS=example.com&"
_continue_ = "DNS=www.example.com&"
_continue_ = "DNS=secure.example.com"

The process

Once you have the above information saved. Follow these steps:

1. Open a command prompt and cd to the directory where you saved request.inf.
2. Run certreq -new request.inf request.req
3. Submiting
a. Submit the request.req file to your CA. They will process it and approve/decline it.
b. To submit the request file to your internal CA: certreq –submit request.req
4. When they approve it they should send you back your public key in a .cer file.
5. Run certreq -accept file-from-ca.cer (or request.req) to finish setting up the key.

Sources:
http://serverfault.com/questions/67697/iis-7-0-ssl-certificate-renew-or-new
http://blogs.technet.com/pki/archive/2009/08/05/How-to-create-a-web-server-SSL-certificate-manually.aspx

How to Use Nslookup to Verify MX record configuration

Basically:

C:\>nslookup

Default Server: contoso.com

Address: 10.0.0.112

> set q=MX

> microsoft.com --> domain to be searched

Server: contoso.com

Address: 10.0.0.112

Non-authoritative answer:

microsoft.com MX preference = 10, mail exchanger = mail.messaging.microsoft.com

mail.messaging.microsoft.com internet address = 216.32.180.22

>

http://technet.microsoft.com/en-us/library/aa998082(EXCHG.65).aspx

http://www.zoneedit.com/doc/nslookup.html

Remote Desktop Application - RD Tabs

Windows Remote Desktop is great, except when you have to connect to dozens of them and it fills up your taskbar! Enter RD Tabs: the ultimate tabbed Remote Desktop Client. Not only does it provide all the expected features of "tabbed" applications like FireFox, Opera, and IE7, but it takes Remote Desktop to the next level with features such as favorites with advanced editing, command line scripting, connection thumbnails, encrypted passwords, detached connection windows, remote desktop screen capture, remote terminal server information/management, RDP 6.0 support, and much more!

Download here the latest version of RD Tabs:

http://www.avianwaves.com/Tech/Tools/RDTabs

Exchange services do not start, and event IDs 2114 and 2112 are logged in the Application log in Exchange Server 2003 or in Exchange 2000 Server

Após instalar no domínio com DCs 2003 R2 com Exchange 2010 RTM e Exchange 2003 SP2 dois DCs 2008 R2 e remover os DCs 2003 R2 (o nível funcional continuou 2003) o Exchange 2010 não conseguia mais contactar os DCs e o serviço System Attendant do Exchange 2003 não conseguia iniciar, apresentando os seguintes erros no event viewer:

Event ID : 2114
Event Category : Topology
Event Source : MSExchangeDSAccess

Event ID : 2112
Event Category : Topology
Event Source : MSExchangeDSAccess

Solução para o Exchange 2010:

If you receive the error “An error caused a change in the current set of domain controllers” in Exchange 2010 the simple fix is to run the “Collect Organizational Health Data” option from the actions plane.

http://www.itgeek.co.nz/post/An-error-caused-a-change-in-the-current-set-of-domain-controllerse280a6.aspx

Solução para o Exchange 2003:

a. Start the Active Directory Users and Computers snap-in.

b. Right-click the Domain Controllers container, and then click Properties.

c. Click the Group Policy tab, click Default Domain Controllers Policy in the Group Policy Object Links box, and then click Edit.

d. Expand Computer Configuration, expand Windows Settings, expand Security Settings, expand Local Policies, and then click User Rights Assignment.

e. In the right pane, double-click Manage auditing and security log, click Add, click Browse, and then add the Exchange Enterprise Servers group.

f. In the Add user or group dialog box, click OK, and then click OK again.

g. Exit the Group Policy snap-in, and then click OK in the Domain Controllers Properties dialog box.

h. Restart the Exchange server.

http://support.microsoft.com/?scid=kb;en-us;919089&x=2&y=12