quarta-feira, maio 18, 2011

Problems with ECP after applying Exchange 2010 SP1



If you are facing with the following problem when accessing the ECP:


Request for URL 'https://localhost/ecp/default.aspx?rfr=owa' failed with the following error:
System.TypeInitializationException: The type initializer for 'Microsoft.Exchange.Configuration.TenantMonitoring.TenantMonitor' threw an exception. ---> System.FormatException: Input string was not in a correct format.


On Event Viewer you can find this error:
MSExchange Control Panel - EventID 4


You can fix this problem going to C:\Windows\System32 and running lodctr /r, after the command finishes run iisreset /noforce.


Ussually this issue occours after update the Exchange 2010 to SP1.
Postado por às Um comentário:
Marcadores:

quarta-feira, fevereiro 02, 2011

Microsoft Exchange: Stores fail to start with 0x8004010f error

I was recently involved in a migration from a legacy Exchange 2000 Organization to a new Exchange 2007 deployment. All was going well until the Information Store service on the Exchange 2000 Server was restarted, but failed to start due to the following error:

Unable to initialize the Microsoft Exchange Information Store service. Error 0x8004010fEvent ID: 5000 Source: MSExchangeIS
On attemping to start the Information Store manually, I was greeted with a not-particularly-verbose error stating the process failed with service-specific error code ’0′.
The issue was caused in this case by the X400 address, required by Exchange 2000/2003 for internal communications, being removed from the Default Recipient policy. Although legacy Exchange organizations require this address, Exchange 2007 deployments without any legacy Exchange Servers will function without the address , and it is possible some aspect of the new server configuration removed the entry.
Resolution
To restore the address, open Exchange System Manager on a legacy Exchange Server and edit the Default Recipient Policy. If no X400 address is present, add a new X400 address into the Recipient Policy using the appropriate information. Since removing an entry from a Recipient Policy does not remove the entry from existing mailboxes, I retrieved the required settings from an existing mailbox using the management tools on the new Exchange 2007 Server.
Once the address is added, or if it was present already but unchecked, you need to enable the entry. Attempting to check or uncheck the entry in ESM will more than likely result in an error:
X400 address cannot be disabled using Exchange System Manager
X400 address cannot be disabled using Exchange System Manager
This error is to be expected, since Exchange 2000/2003 requires the X400 address and will therefore prevent any attempt to remove it as a safety precaution. To enable the address, you need to perform a low-level edit using ADSIEdit on a Domain Controller.
Usual warnings apply – ADSIEdit can make permanent and potentially destructive changes to Active Directory. Use the tool at your own risk and with proper backups in place.
In ADSIEdit at a Domain Controller, expand the Configuration Naming Context and drill down through CN=Services > CN=Microsoft Exchange > CN= > CN=Recipient Policies. Right click the Default Policy and choose Properties. You will notice the X400 address is listed within the ‘disabledGatewayProxy’ attribute. To enable:
  1. Edit the disabledGatewayProxy attribute and remove the X400 address.
  2. After pressing the ‘Remove’ button, the X400 configuration contents generated by Exchange are placed into the textarea. Copy this data.
  3. Close the attribute so it is now stored blank. Edit the ‘gatewayProxy’ attribute, which is the location for enabled entries in the policy, and add the X400 contents from your clipboard.
  4. Store your changes, then wait for or manually force Active Directory replication prior to restarting the Exchange Services.
Viola! Your IS service should now start and you can mount the stores. If the X400 issue was not the culprit, it is more than likely permissions within Active Directory. Verify the Exchange 2000/2003 computer is a member of the legacy Exchange Domain Servers group, and that group is in turn a Member Of the Exchange Enterprise Servers security group. You should then use ADSIEdit to check and reset certain permissions; the changes required are detailed over at Technet.
Postado por às Nenhum comentário:
Marcadores:

terça-feira, janeiro 04, 2011

Exchange error MSExchangeIS Mailbox Store - EventID 10001



After moving a mailbox to another database you may start getting the following event log, even if the moving was sucessful:


Log Name:      Application
Source:        MSExchangeIS Mailbox Store
Date:          04/01/2011 21:10:35
Event ID:      10001
Task Category: Background Cleanup
Level:         Warning
Keywords:      Classic
User:          N/A
Computer:      
Description:
Mailbox cleanup could not completely remove the mailbox for user ff783a8e-2dc9-4af7-bab5-435d4b841b2f (Root Fid 2-225C78C) following mailbox removal. Encountered error 0xfffffae8. Should this message continue to persist for the same mailbox, it may be indicative of a problem that requires further investigation. 


To stop recieving this log just dismount and mount the previous and the current database for the specified mailbox.
Postado por às Nenhum comentário:

quarta-feira, outubro 20, 2010

Manage DNS Server (Windows 2008) from Windows XP/2003


If you can manage 2008 R2 DNS fine from RSAT on Windows 7, but accessing from DNS Management mmc on Server 2003 returns “access is denied”. If I install the 2003 R2 Admin Pack on an XP Pro PC it the symptom is the same, Access Denied.

This is expected behavior, starting with Windows Server 2008 a few years ago. RPC Integrity required by W2K8 R2 DNS Servers is not supported by the Win2000 and Win2003 versions of DNSMGMT.MSC (or DNSCMD.EXE). For the most secure experience, W2K8 R2 DNS servers should be administered from operating systems that can execute the Windows Server 2008 or later versions of DNSMGMT.MSC. So Vista RSAT, Win 7 RSAT, Win 2008, Win 2008 R2 – all running DNSMGMT.MSC.

If you wanted to de-secure your Win2008/R2 DNS servers though – obviously this is highly discouraged – you can run the following command on your Win2008 R2 DNS servers to allow down-level connectivity:

dnscmd.exe /Config /RpcAuthLevel 0

If you do this you are exposing your Win2008/Win2008 R2 DNS servers to same kind of named-pipe sniffing ‘man in the middle’ attacks that Win2003/2000 DNS administration are vulnerable to. Ideally for security, all of your DNS servers would be instead upgraded to Win2008 R2. 

To return the security to default level run: dnscmd.exe /Config /RpcAuthLevel 1

To verify the current level run: dnscmd.exe /info /RpcAuthLevel

Related site:
http://technet.microsoft.com/en-us/library/ee649281(WS.10).aspx
.
Postado por às Nenhum comentário:
Marcadores: ,

segunda-feira, outubro 18, 2010

How to Rebuild the Full-Text Index Catalog on DAG Environment


If you cannot search e-mails neither fom Outlook or OWA then you have problems in the database's index catalog. To fix it on a single server you can use the following article: http://technet.microsoft.com/en-us/library/aa995966(EXCHG.80).aspx

But if you have databases in a DAG you have to do something else:

1- Suspend all replica databases;
2- Follow the directions described on http://technet.microsoft.com/en-us/library/aa995966(EXCHG.80).aspx;
3- Delete the Index Catalog on Replica databases;
4- Resume the replica databases.

To check how the process is going do the following:

1- Open Reliability and Performance Monitor (perfmon.exe).
2- In the console tree, under Monitoring Tools, click Performance Monitor.
3- In the Performance Monitor pane, click Add (green plus sign).
4- In Add Counters, in the Select counters from computer list, select the server on which the mailbox database you want to monitor is located.
5- In the unlabeled box below the Select counters from computer list, select Full Crawl Mode Status in the MSExchange Search Indices performance object.
6- In the Instances of selected object box, select the instance for the user's mailbox database.
7- Click Add, and then click OK.
8- To make easier to monitor the Full Crawl Mode Status, right-click on graph screen then Properties.
9- Select Graph tab.
10- On View Combo box select Histogram bar and Maximum Vertical Scale insert 2, click OK.

When you see a bar for a database it means that the index catalog is been created (value 1), if you don't see a bar meens the indexing has finished for that database.


Related sites:
Postado por às Nenhum comentário:
Marcadores: ,

quarta-feira, setembro 01, 2010

Installing SCCM 2007 SP2 on Windows 2008 R2

If after installing SCCM 2007 SP2 on Windows 2008 R2 you get the following error on SMS_MP_CONTROL_MANAGER "SMS Site Component Manager faild to install component SMS_MP_CONTROL_MANAGER on server" you have to enable the webdav and configure it properly.


Steps:
1- Open IIS Manager > Sites > Default Web Sites > WebDAV Authoring Rules;
2- Click Enable WebDAV on Action Pane;
3- Open WebDAV Settings and set the options like below:
         Allow property queries with infinite depth - TRUE
         Allow Custom Properties - FALSE
         Allow anonymous property queries - TRUE
         Click Apply;
4- On Action Pane click Add Authoring Rule dialog box, create a rule like below
         For Allow access to, select All content
         For Allow access to this content to, select All users
         For Permissions, select Read, and then click OK;
5- Restart the service SMS_SITE_COMPONENT_MANAGE


To check if SMS_MP_CONTROL_MANAGER was installed sucessfully open \Logs\mpsetup.log and look for an OK status.


Related sites:
http://technet.microsoft.com/en-us/library/cc431377.aspx#Enable_WebDAV
http://social.technet.microsoft.com/Forums/en-US/configmgrsetup/thread/20ec6449-d5ee-4d5a-b25d-cf780a726f01
Postado por às Nenhum comentário:
Marcadores: ,

terça-feira, junho 22, 2010

How to add a Subject Alternative Name to a secure LDAP certificate

This post describes how to add a Subject Alternative Name (SAN) to a secure Lightweight Directory Access Protocol (LDAP) certificate. The LDAP certificate is submitted to a certification authority (CA) that is configured on a Microsoft Windows Server 2003-based computer. The SAN lets you connect to a domain controller by using a Domain Name System (DNS) name other than the computer name. This article includes information about how to add SAN attributes to a certification request that is submitted to an enterprise CA, a stand-alone CA, or a third-party CA.

A step-by-step is on following site: http://support.microsoft.com/kb/931351
Postado por às Nenhum comentário:
Marcadores:
Assinar: Postagens (Atom)