Missing Microsoft-Server-ActiveSync and OMA virtual directories in IIS and Active Directory with Exchange 2003

Posted on May 6, 2013 by Ilan Lanz (Ilantz)

Hi Again,

I’ve encountered a situation today with an Exchange 2003 to 2010 migration, The Exchange 2003 Back-End server was missing the virtual directories in IIS, but this issue had an interesting twist … both vdirs were missing also in the Active Directory !

Missing or corrupt virtual directories with Exchange are common and can be easily solved with KB 883380 – How to reset the default virtual directories that are required to provide Outlook Web Access, Exchange ActiveSync, and Outlook Mobile Access services in Exchange Server 2003

Exchange Server setup creates each virtual directory in the AD forest configuration partition under services, microsoft Exchange, administrative groups, administration group name, server name, protocols, http, virtual server name (usually 1).

In this case, both ActiveSync and OMA virtual directories were missing from Active Directory and as a result were also missing from the System Manager MMC, so performing a Repair Setup or the Reset virtual directories method will render useless.. both will not write anything new to the AD.. we had to re-create the two virtual directories both in AD and the IIS, so using System Manager, we try to create a new virtual directory, but the ActiveSync and OMA is greyed out !

Microsoft-Server-ActiveSync and OMA Missing From Active Directory

Creating New Virtual Directory With System Manager Grayed out

With some searching I’ve reached a solution that worked perfectly (dated back to 2007 from the Microsoft Exchange newsgroup), this will enable the options within the System Manager and allow us to re-create the virtual directories and restore order :)

1. Using ADSIEDIT locate the Exchange 2003 server container – services, microsoft Exchange, administrative groups, administration group name and right click the server name to open it’s properties.
2. Locate the Heuristics attribute and note the current value (just in-case…) our value in this case was 805310468.
4. Change the value to 270012416 , click apply and ok.
5. Refresh the Exchange System Manager or close and re-open it.
6. Now, locate the server name within the tree, expend it, expend protocols, expend HTTP, expend the virtual server name and right click to create a new Virtual Directory. You should now be able to recreate the Microsoft-Server-ActiveSync and OMA virtual directory.

Note - This will also reset your RPC over HTTP and other “server specific” settings that you configured on the server using the System Manager GUI. so make sure to note all configurations under the server properties page and re-enable any changes after setting the value.

Credits – http://microsoft.newsgroups.archived.at/public.exchange.setup/200702/07021815421.html

I hope this helps anyone struggling with this,

Ilantz

Posted in Exchange 2003, Exchange 2010 | Leave a comment

The action cannot be completed error using Outlook – Exchange 2010 or Office 365

Posted on May 5, 2013 by Ilan Lanz (Ilantz)

Hi,

Quick note from the field, if you are moving to Exchange Online / Office 365 you should double check your current office group-policy settings and registry for Outlook.

You should make sure that you did not enable the Closest GC setting, or configured a specific global catalog server with the DS Server registry entries under HKEY_CURRENT_USER\Software\Microsoft\Exchange\Exchange Provider

Both registry values, errors and methods for resolution are located at:

http://support.microsoft.com/kb/2507626 – Error in Outlook: “The action cannot be completed. The Bookmark is not valid”

http://support.microsoft.com/kb/319206 – How to configure Outlook to a specific global catalog server or to the closest global catalog server

And if we are on the subject, it’s also a good practice to make sure the following when moving to Office 365:

  • You do not have Autodiscover related registry settings also – http://support.microsoft.com/kb/2212902 – Unexpected Autodiscover behavior when you have registry settings under the \Autodiscover key
  • Make sure that the “Encrypt data between Microsoft Office Outlook and Microsoft Exchange Server” option under account settings of the Outlook Profile is indeed selected. Office 365 is restricting clients to encrypt MAPI traffic – see the following KB for additional information (originally written for Exchange 2010 RTM) - http://support.microsoft.com/kb/2006508

ilantz

Posted in Exchange 2010, Exchange 2013, Group Policy, Office 365, Outlook / MAPI | Leave a comment

Exchange 2013 Migration Batch Stalled Due To Content Indexing CiAgeOfLastNotification

Posted on April 28, 2013 by Ilan Lanz (Ilantz)

Hi,

I’ve just encountered this issue during a LAB for migrating Exchange 2010 to Exchange 2013, migration batches were getting stuck in Syncing, in addition I noticed two annoying warning messages in the application log of the server with Event ID 1009 and Event ID 1013 with source MSExchangeFastSearch

I’ve looked in the migration report using:
Get-MigrationUserStatistics -IncludeReport -Identity ilantz@lab.com | fl
......
4/28/2013 7:44:46 AM [EX2013] The job is currently stalled due to 'Content Indexing' lagging behind on resource 'CiAgeOfLastNotification(Mailbox Database
.....

So, indeed the Content Indexing which was failing and keeping the migration back… nothing special here, Exchange 20010 had this issues as well …
Quick search showed a very odd solution to this…

Quoting http://support.microsoft.com/kb/2807668 – Content Index status of all or most of the mailbox databases in the environment shows “Failed”

This issue may occur if the search platform tries to check its membership in a security group that is named “ContentSubmitters.” This group is not created by the search platform or by Exchange Server 2013 and is therefore not usually present. Although the check usually fails silently, without any consequences, an exception sometimes occurs. This causes the search component to fail.

Wow … well :) .. hope this will be fixed with CU2.. go with Method 1 in the KB, worked like a charm here.

ilantz

Posted in Exchange 2013 | 2 Comments

Microsoft Exchange Web Services Managed API 1.1 Download

Posted on February 25, 2013 by Ilan Lanz (Ilantz)

Hi All,

Following a workaround mentioned on http://support.microsoft.com/kb/2512023 – “GetUserOofSettings”, “SetUserOofSettings” and “GetUserAvailability” operations do not support Exchange Impersonation on the Exchange Server 2010 SP1 schema

Seems like the EWS Managed API 1.1 download link does not work anymore, and it’s virtually impossible to get a hold of the files on the WEB, so I’ve uploaded the redistributable package here for anyone looking around for it.

Anyway – grab it here: Microsoft Exchange Web Services Managed API 1.1

Hope this helps.

ilantz

Exchange Web Service Managed API 1.1, Download – Microsoft ( Non working download links) :
www.microsoft.com/en-us/download/details.aspx?id=13480
http://www.microsoft.com/downloads/en/details.aspx?FamilyID=c3342fb3-fbcc-4127-becf-872c746840e1

Posted in Exchange 2007, Exchange 2010, Misc | Leave a comment

Ammy Admin Error 12007 with Windows 8

Posted on January 29, 2013 by Ilan Lanz (Ilantz)

Hi again,

I’ve been using Ammyy Admin to support family members and friends for a while now, but since I’ve upgraded to Windows 8, the program seems to fail it’s initial connection to it’s public servers upon start up.

It keeps popping out an error window:

Error {12007} occured while connecting to server “http://rl.ammyy.com”
Would you like to change proxy settings?

Ammy Admin Error 12007 Windows 8

To solve this, just open the Ammyy Admin setting menu and un-check the “Run under SYSTEM account on Windows Vista/7/2003/2008″ check-box.

Uncheck Run under SYSTEM account

hope you find this useful.

ilantz

Posted in Misc, Windows 8 | 8 Comments

TCP/IP KeepAlive, Session Timeout, RPC Timeout, Exchange, Outlook and you

Posted on January 14, 2013 by Ilan Lanz (Ilantz)

Hi Again,

This post will spotlight networking considerations that are mostly overlooked and became more common with many of my customers. I’ve gathered a few of these issues that might brought you here searching for an answer:

  • Outlook is retrieving data from the Microsoft Exchange Server
  • The connection to Microsoft Exchange is unavailable. Outlook must be online or connected to complete this action
  • Sent items are stuck in Outbox or delayed
  • Outlook freezes or stuck when sending a message
  • Event ID 3033 regarding Exchange Server ActiveSync complaining about the most recent heartbeat intervals used by clients
  • Other strange / weird issues “but PING works! / telnet to the port works great!” – my personal favorite

The mentioned issues or symptoms could take place in any network environment, thus more common in complex network setups where multiple devices are protecting / route network traffic. Some typical configurations examples could be one of the following:

  • Outlook Anywhere or RPC over HTTP is being used, servers are protected or published by ISA / TMG / UAG / F5 / Juniper or any other reverse proxy / publishing solutions
  • Exchange servers are located behind a firewall, router or other network device
  • Clients / Remote clients are located behind a firewall, router or other network device (just to be clear on that…)
  • Exchange servers are being load-balanced with an external physical / virtual appliance

If you’ve read this post up until here and got disappointed because the above does not fit your issue, I’de like to suggest reviewing other RPC troubleshooting topics that might help Troubleshooting Outlook RPC dialog boxes – revisited or Outlook RPC Dialog Box Troubleshooting

At this point I’d like to note a few lines about Outlook connectivity. Exchange Server and Outlook use MAPI over RPC to communicate “natively”, RPC uses dynamic port allocation which may require you to configure static ports for Exchange (see links below) . RPC can also be encapsulated over HTTP using the RPC Proxy component of Windows Server aka “RPC over HTTP” which will require only a single port (443) for connecting.
In addition, RPC is also used for internal communication between and within exchange servers. For example a CAS server will use RPC to connect to a mailbox store so it could proxy data to clients like OWA, ActiveSync, EWS etc…

Note: To keep you up-to-date, Exchange Server 2013 allows only Outlook Anywhere (RPC over HTTP) connections from clients which in my opinion is a great change that will simplify future deployments.

Now, if you’ve managed to get here following the long introduction (sorry about that) here’s the “deal”.
Client connections in exchange “native” protocols remain active at normal operation, this includes your Outlook client, iPhone or even a web browser. While reading an email or sending one the TCP connection to the server is actually moving data.. Yeah nothing new. When no data is requested or created the connections become idle.. Here comes the term KeepAlive – a client or a server should send a “dummy” packet to make sure the connection remain open or it will eventually timeout because it’s idle.

I know this not be a shocker for most, but here comes the fun part.
Taking the examples above about typical configurations and adding the idle session note – we must confirm that network flow between all clients and our servers follow a known session timeout setting. This is crucial for a smooth operation spanning all clients.

Here’s my “how-to” suggestion:

  • Configure the RPC timeout on Exchange servers to make sure that components which use RPC will trigger a keep alive signal within the time frame you would expect
    reg add "HKLM\Software\Policies\Microsoft\Windows NT\RPC" -v "MinimumConnectionTimeout" -t REG_DWORD -d 120
  • Consider modifying the server TCP/IP KeepAlive to reduce the chance of “IDLE” connections being terminated – (Default is Two hours) – this controls the OS TCP behavior with idle connections, could greatly improve responsiveness and scalability – http://support.microsoft.com/kb/314053/EN-US
  • Make sure that you are aware of any router, firewall or any other network device that is placed between your clients and your servers. Once you do – note their session timeout or session TTL or session ageing setting for the relevant protocol and port! (this could be tricky, so do not treat this lightly)

The trick for success here is that timeout settings should be configured without overlapping one another – for example ( values are only an example not a true recommendation ):

  • RPC timeout ( application timeout ) is set to the smallest value – 3 minutes
  • TCP/IP timeout ( server timeout ) is set to a larger value – 4 minutes
  • FW timeout ( network timeout ) is set to the largest value – 5 minutes

If additional network devices are placed between the server and your clients, make sure that session timeout settings continue to be configured accordingly.
With today’s security measures, network security has become much more complex. A typical corporate network will implement many different network appliances or software based solutions to secure data, restrict access, prevent attacks and unwanted traffic.
Bottom line – don’t think you are done with network considerations just because “ping works” or an email comes with a statement like “your port is now open”.

I hope this post will benefit others as this issue was and will probably remain common with Exchange and other client / server services.

Don’t get timed out :)
Ilantz

Additional useful links and sources of data:

New Best Practice for RPC Timeouts in Exchange
Outlook Anywhere Network Timeout Issue
Sent Items delayed when publishing Outlook Anywhere through TMG
Outlook getting Stuck/disconnected occassionally with Exchange
The Microsoft Outlook’s requesting data problem — a detailed analysis
TCP/IP and NBT configuration parameters
RPC cancel request dialogue box due to session timeout triggered by the Network devices
Troubleshooting Outlook RPC dialog boxes – revisited
Outlook RPC Dialog Box Troubleshooting
Direct Push – ActiveSync

Posted in Exchange 2003, Exchange 2007, Exchange 2010, Exchange 2013, ForeFront (ISA/TMG), Networking, Outlook / MAPI | Leave a comment

Windows 8 Wakes Up From Sleep or Hibernation Unexpectedly

Posted on December 21, 2012 by Ilan Lanz (Ilantz)

Hi Again,

I’ve upgraded my desktop to windows 8 lately and since the upgrade I’ve noticed that each time the computer enters sleep mode or hibernation it keeps turning on my itself mysteriously and no apparent reason.

Well…no more!! Here’s the actual line of events that led me to the solution:

  1. Went through some event viewer entries, specifically looking at Power-Troubleshooter and Kerner-General source that did not provide me with anything…
    Event ID 1 Source Power-Troubleshooter Wake Source Unknown
  2. Double checked that no one is touching the mouse or keyboard… :)
  3. Made sure that the “Allow wake timers” option is not enabled for the active power scheme
    Allow Wake Timers Set To Disabled
  4. Disabled the “Allow this device to wake up the computer” option on the network card adapter Power Management settings tab – you can query all devices that are allowed using the following command (cmd not PowerShell):
    powercfg -devicequery wake_armedAllow This Device To Wake The Computer Disabled

Only after being frustrated again from the computer still waking up with no apparent reason I’ve noticed that it keeps waking up at around specific times, which led me to the conclusion that it’s probably a schedule task that was waking the computer up !
Seems like there is a Media Center task names mcupdate_scheduled that was causing all the trouble !

Wake The Computer To Run This Task Enabled

So, I’ve written a small PowerShell script to disable the “wake the computer to run this task” option from all scheduled tasks at once, and that did the trick!
This script should work fine with Windows 8 or Server 2012 and might serve as an example for manipulating scheduled tasks with PowerShell.

Get-ScheduledTask | ? { $_.Settings.WakeToRun -eq $true -and $_.State -ne "Disabled"} | % { $_.Settings.WakeToRun = $false; Set-ScheduledTask $_ }

Now my computer sleeps and hibernates without waking up ! ZzzzzzzZzzzzZzzzz

Ilantz

Additional Links:

http://superuser.com/questions/503786/windows-8-desktop-wakes-up-immediately-after-sleep-due-to-keyboard-mouse/522628

http://www.howtogeek.com/127818/how-to-stop-windows-8-waking-up-your-pc-to-run-maintenance/

Posted in PowerShell, Server 2012, Windows 8 | 2 Comments

Exchange RBAC Knowledge base

Posted on October 30, 2012 by Ilan Lanz (Ilantz)

Hi Again, due to popular demand, here is my small RBAC “knowledge base”, this should apply just fine to Exchange 2010 and Exchange 2013.

Fast and Furious how-to and cool examples:

http://www.mikepfeiffer.net/2010/11/7-useful-one-liners-when-managing-rbac-in-exchange-2010/

http://blogs.technet.com/b/heyscriptingguy/archive/2012/01/13/use-powershell-and-rbac-to-control-access-to-exchange-server-cmdlets.aspx

http://www.opsvault.com/how-to-create-custom-recipient-management-groups-using-exchange-2010-rbac/

http://rbac.codeplex.com/ – a free GUI tool for managing RBAC

Learn and Understand RBAC:

http://blogs.technet.com/b/exchange/archive/2009/11/16/3408825.aspx – RBAC and the Triangle of Power

http://technet.microsoft.com/en-us/library/dd298183.aspx – Understanding Role Based Access Control

http://help.outlook.com/en-us/140/dd207272.aspx – Built-in RBAC Roles for Exchange Online

Hope you find this information useful !

ilantz

Posted in Exchange 2010, Exchange 2013, PowerShell | Leave a comment

Office Client and Office Server 2013 product line was released!

Posted on October 25, 2012 by Ilan Lanz (Ilantz)

Hello Everyone,

A huge release by Microsoft, all client and server office products are out ! Login to your Technet / MSDN Subscriptions and start downloading :)

Lync Server 2013

Exchange Server 2013

Office Web Apps 2013

Office Professional Plus 2013 (x64 and x86)

SharePoint Server 2013

Visio Professional (x64 and x86)

Project Professional 2013 (x64 and x86)

Enjoy !

ilantz

Posted in Exchange 2013, Outlook / MAPI | Leave a comment

Exchange 2010 DAG failover with lost members and homeMTA and msExchHomeServerName values

Posted on September 28, 2012 by Ilan Lanz (Ilantz)

Hi Again,

I’ve recently had an unusual situation I wanted to share. A client of mine had a geographically stretched Exchange 2010 DAG cluster that crashed really bad, the original “active” servers had been lost beyond repair… luckily the databases were replicated to another location, so the data was saved. In addition the client was in between a migration from Exchange 2007 to Exchange 2010 (the 2007 servers were not effected from the disaster..).

Just for the sake of explaining a little more, the original “active” servers should have been restored with the setup.com /m:recoverserver , but due to the nature of the failure those servers and their names are gone and were no longer required. Those failed Exchange 2010 DAG member servers were completely deleted from Active Directory using ADSIEdit.

To recover the Exchange 2010 environment I’ve done a few steps, following which the Exchange DAG was online and service was restored.

  1. Restored the DAG to the DR site (evict nodes from the cluster, modify the quorum, leverage AlternativeWitnessServer): Restore-DatabaseAvailabilityGroup
  2. Created a new ClientAccessArray in the new AD site
  3. Modified all databases with Set-MailboxDatabase so the new CAS array is now the RpcClientAccessServer
  4. Made sure all databases are active within the our new site and on the correct servers with Move-ActiveMailboxDatabase
  5. Removed the lost database copies on the lost DAG members with Remove-MailboxDatabseCopy
  6. Forcibly removed the lost DAG members from the DAG: Remove-DatabaseAvailabilityGroupServer -ConfigurationOnly

Following the actions above, service was restored, and all was good, until we encountered an issue with users located on the Exchange 2007, they reported that they could not retrieve any free/busy information from other users (which were all located on Exchange 2010 databases).

A quick troubleshooting showed that configuration was fine (URL’s were set correctly, networking access was fine, permissions were okay etc..), so I’ve enabled the troubleshooting log on an outlook client while logged on as an 2007 user. Looking at the xxxx-xxx-AS.log (availability service logs) generated from outlook, I was able to extract the root cause:

<FreeBusyResponse><ResponseMessage ResponseClass="Error"><MessageText>Unable to find a Client Access server that can serve a request for an intraforest mailbox <Jhon Doe>;SMTP:Jhon.Doe@Contoso.com., inner exception: The server MBX2.contoso.com was not found in the topology.</MessageText><ResponseCode>ErrorServiceDiscoveryFailed</ResponseCode><DescriptiveLinkKey>0</DescriptiveLinkKey><MessageXml><ExceptionType xmlns="http://schemas.microsoft.com/exchange/services/2006/errors">Microsoft.Exchange.InfoWorker.Common.Availability.ServiceDiscoveryFailedException</ExceptionType><ExceptionCode xmlns="http://schemas.microsoft.com/exchange/services/2006/errors">5021</ExceptionCode></MessageXml></ResponseMessage><FreeBusyView><FreeBusyViewType xmlns="http://schemas.microsoft.com/exchange/services/2006/types">None</FreeBusyViewType></FreeBusyView></FreeBusyResponse>

The availability service on the Exchange 2007 server was trying to locate the users’ using its msExchHomeServerName value which pointed to a deleted server, one of the original “active” DAG members that was lost !  Looking at the attributes values of John Doe (per my example above) reviles that the values of homeMTA and msExchHomeServerName were pointing to non existing values, the homeMTA clearly shows a deleted server value, and the msExchHomeServerName points to a server that no longer exists. here’s an example of what I saw:

homeMTA points to a deleted server value - CN=Microsoft MTA\0DEL:

homeMTA points to a deleted server value – CN=Microsoft MTA\0DEL:

msExchHomeServerName points to a deleted server

msExchHomeServerName points to a deleted server

I’ve wrote a small PowerShell script that helps update the values for all affected users using a LDAP filter and the Get-User cmdlet from the Active Directory Module and the Set-Mailbox -ConfigurationOnly cmdlet.

Use this script on your own risk, make sure to always double check your self before running on a production environment.

$filter = "(&(objectCategory=user)(objectClass=user)(msExchHomeServerName=/o=Contoso/ou=Exchange\20Administrative\20Group\20\28FYDIBOHF23SPDLT\29/cn=Configuration/cn=Servers/cn=MBX2*))"
$strAttributes = "msExchHomeServerName, homeMTA, homeMDB"
$users = get-ADUser -LDAPFilter "$filter" -ResultSetSize $null -properties $strAttributes
foreach ($user in $users)
{
$mbx = $null;
$mbx = get-mailbox -Identity $user.DistinguishedName;
write-host "working on user" $user.name
write-host "working on mailbox" $mbx.name
set-mailbox $mbx -Database $mbx.database -confirm:$false -force -verbose
}

Make sure you modify the LDAP filter $filter and the MBX2 per your configuration.

The conclusion from this case was very interesting to me, the scenario we had here was a “typical” cross site activation of an Exchange 2010 DAG, but due to the nature of the failure, we were forced to re-home the mailboxes as if we were using Database Portability! (excluding the actual database change of course). See the links below for more about Database Potability.

Hope you find this information useful,
Ilantz

Datacenter Switchovers

Move a Mailbox Database Using Database Portability

Posted in Exchange 2010, PowerShell | Leave a comment