Managing email addresses in Exchange 2010 and 2007

Shay Levi (MVP) has posted yet another great PowerShell tip,

this time he blogged about how to modify the EmailAddresses property ( which is actually a MultiValuedProperty ) with powershell 2.0 new capabilities, making adding an additional or removing an email address from a recipient a snap!

check it out

Managing email addresses in Exchange 2010

Adding Read-only permissions to Exchange 2007 Auditing Logs


I was asked today to add a permission to the Exchange Auditing log which is included with Exchange 2007 SP2 installations to simplify auditing,
after activating Mailbox Access Auditing , I was requested to allow read only permissions to the IT Security group.

What seemed to be quite straight forward, was soon to be changed with SDDL ACL format….

Here’s the quick how-to:

– Note, this was done on a Windows 2008 server

  1. Identify the SID of the user/group you wish to allow access.
    Using powershell you can easily find it e.g:
    Get-User | Select SID
    Get-Group | Select SID
  2. Then following this KB – Which was the most simple and self-explained, add the appropriate permissions. – each event log is located in the registry at: HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesEventLog
    the Exchange Auditing log is also located there, and in that key you will find an existing CustomSD string value with the ACL’s in the SDDL format ( more info in the links I added below )
    I was required to add read-only permissions to the IT Audit group, which is a “regular” group, without special domain / enterprise rights,
    so in my case i used the following:
    (A;;0x1;;; [Your Group Name/user account SID])
    so appended that to the existing CustomSD value.
  3. Restart the server.
  4. Now the user/group can access the Exchange Auditing log from any computer 🙂

Links: – White Paper: Configuration and Mailbox Access Auditing for Exchange 2007 Organizations – Writing to the Windows Event Log from an ASP.NET or ASP application fails. – How to set event log security locally or by using Group Policy in Windows Server 2003 – Also useful if you’d like to set this via GPO

Happy Auditing !

MSExchangeRepl 2147 / MSExchangeRepl 2104 / MSExchangeRepl 2127 occurring on Windows 2008 or Windows 2008 R2 with Exchange 2007 Cluster Continuous Replication (CCR)

As i ran into this issue this week,I’ve stumbled upon this thread:

Seems the cause for these errors, are because SMBv2 introduces status caching into the LanManWorkstation service…read more at SMB2 Client Redirector Cache

So to fix it I’ve added these registry keys under :

FileInfoCacheLifetime [DWORD] = 0
FileNotFoundCacheLifetime [DWORD] = 0
DirectoryCacheLifetime [DWORD] = 0

My errors on the server were:

Event ID : 2147
Raw Event ID : 2147
Source : MSExchangeRepl
Type : Error
Machine : SERVER
Message : There was a problem with ‘ActiveNode’, which is an alternate name for ‘ActiveNode’. The list of aliases is now ‘ActiveNode’, and the alias ‘was’ removed from the list. The specific problem is ‘CreateFile(
\ActiveNodeStorageGroupGuid$LogFile.log) = 2′.

ID:       2127
Level:    Information
Provider: MSExchangeRepl
Machine:  SERVER
Message:  The system has detected a change in the available replication networks.  The system is now using network ‘ActiveNode’ instead of network ‘ActiveNode’ for log copying from node ActiveNode.

Thanks a lot for JR on sharing this, check out Tim McMichael with more info on this:

Exchange 2007 SP3 is out !

At last !

Exchange Server 2007 Service Pack 3 was released this week !

What’s New ?

  1. Top requested Support for Windows Server 2008 R2 server installations
  2. Windows 7 – for Exchange 2007 Management Tools
  3. Improved Password Reset Functionality – Enable the Exchange 2007 SP3 Password Reset Tool
  4. Updated Search Functionality – mailbox server side indexing
  5. Support for Right-to-Left Disclaimer Text
  6. And of course… Active Directory Schema Changes, although with only a few changes but still take that into account.

Don’t forget the installation path to success :

  • Prepare your environment – Forest changes..
  • Upgrade Client Access servers (Internet Facing first…)
  • Upgrade Unified Messaging servers
  • Upgrade Hub Transport servers
  • Upgrade Edge Transport servers
  • Upgrade Mailbox servers

Enjoy !

Ask and you shall receive – Exchange 2007 SP3 w/support for Windows Server 2008 R2 Now Available
What’s New in Exchange Server 2007 SP3

Exchange 2007 SP3 Release Notes

Download Exchange 2007 SP3 here

How to Use Telnet to Send SMTP Email to Exchange 2007 and 2010

Thanks to Jeff – The EXPTA {blog}, you can have full how-to ” use telnet to send SMTP email” for some basic testing and such.

I’ve ran into A lot of issues when migrating to Exchange 2007 / Exchange 2010 , due to the strict RFC compliance that Microsoft has implemented with the new transport (SMTP) stack.

anyways, enjoy this fine how-to:

Exchange 2007 SP2 for SBS 2008 installation tool available !

You must update your Windows Small Business Server 2008 settings both before and after you install Exchange Server 2007 Service Pack 2 (SP2). Before installing SP2 for Exchange Server 2007, read the detailed information at

At last, a installation too for easy install of Exchange 2007 SP2 for SBS 2008,  no more “hacking” the sbs 2008 server…

Great News, Enjoy !

Exchange Servers Permissions are needed on Security Groups

Recently, I’ve encountered a situation where users that have been migrated to Exchange 2007 could not send mail to certain public folders.

It seems that the selected recipients were members of a security group that had inheritance disabled, and which had only few specific ACL’s for Admins and such. but the ” Exchange Servers ” group were not included in the DACL.

The NDR reported back the recipients tried to send the email to the public folder was:

#550 5.2.0 STOREDRV.Deliver: The Microsoft Exchange Information Store service reported an error. The following information should help identify the cause of this error: “MapiExceptionNotAuthorized

To resolve this i’ve added Read Permissions – Allow for the Exchange Servers  group, with inheritance to all child objects.

Hope this will be useful !

RTL Plain Text emails with Outlook 2007 – fixed

Finally, a long term solution to a problem that have been annoying quite a while…

Outlook 2007 + Plain Text replies , that uses Right to Left languages , in my case Hebrew, were received reversed in order .. that is the words in the sentences were displayed literally reversed.

A quite annoying word issue actually… A workaround for this was making sure that users were sending out Rich Text (RTF) email’s. then the replies were displayed correctly.

Long story short. to solve this, request and install the following patch –
Description of the Word 2007 hotfix package (Word-x-none.msp, Wordconv-x-none.msp): August 25, 2009

Additional configuration to align the text to the right could be done by following daniel’s petri post regarding this :

This solved my issue on the spot.

Better later then never 🙂

Configure Session TTL / Timeout in Fortinet

Hey there Mobile admins..

Recently, I’ve did some troubleshooting with Fortinet and ActiveSync timeout, also known as Event ID 3030 Source: Server ActiveSync with the following being output to the Application Log on an Exchange Server 2003 and 2007.

Event Type: Warning
Event Source: Server ActiveSync
Event Category: None
Event ID: 3033
The average of the most recent [200] heartbeat intervals used by clients is less than or equal to [9]. Make sure that your firewall configuration is set to work correctly with Exchange ActiveSync and direct push technology. Specifically, make sure that your firewall is configured so that requests to Exchange ActiveSync do not expire before they have the opportunity to be processed.

Read more on the Direct Push in Technet : Understanding Direct Push , typically you will need to adjust your session TTL to no less then 12 minutes.

Fortinet  lists the official help on the subject in – FD31862 – Customizing Session TTL in FortiOS 4.0 , FortiOS 4 also allows this in Per rule ! so for all those with FortiOS 3 , use the mentioned KB from Fortinet try the FortiOS CLI Reference..

Usually i set this time out to no less the 15 minutes or 900 seconds.. you’r call 🙂

-updated the link to Fortinet KB

Troubleshooting Exchange 2003 and 2007 Store Log/Database growth issues

Issues like these always come up with various customers, I’d thought it might be good to share with you all.

As posted also in the official Microsoft Exchange Team blog:

Mike Lagase has just posted a very detailed troubleshooting guide for these problems on his blog – Troubleshooting Exchange 2007 Store Log/Database growth issues

This is one of the most comprehensive collection of information on how to troubleshot those issues. Read it !