Exchange DBs (edb file) unexpected growth (with plenty of "white space" should be available) - Exchange 2010

Problem: Exchange DBs (edb file) unexpected growth (with plenty of "white space" should be available) - Exchange 2010

Apparently, this is the issue of Exchange 2010 for databases created pre-Exchange 2010 SP3 RU1.

Resolution:

1.       Get-MailboxDatabase -Status | ft name,AvailableNewMailboxSpace

2.       Start Extra and leave it run in circular logging..

a.        Run Extra (Start -> Run -> Extra) 

b.      Go to the welcome screen

c.        Choose Select a task 

d.      Choose Trace Control (Click OK on any pop up that appears)

e.      Leave default options (max trace file size 100MB, circular logging, select trace tags manually) 

f.        Click Set Manual Trace Tags 

g.       Select all checkboxes under Trace Types 

h.      Choose "Store" under "Components to Trace" 

i.         Choose "tagCleanupMsg" under Trace Tags 

j.        Click Start Tracing 

3.       Let this run for 20 minutes.

4.       Get-MailboxDatabase -Status | ft name,AvailableNewMailboxSpace

    Running Extra with parameters above makes Exchange starting reclaiming "white space"

Voice Mail Message Waiting Indicator (Exchange 2010) does not work

Problem: for the user Message Waiting Indicator does not work - does not get lighten up when the voice mail is left.

Resolution:

1. Make sure that Outlook is running in online mode (Not Cached Exchange Mode).  In online mode Outlook will say "Online with Microsoft Exchange" in the status bar, not "Connected with Microsoft Exchange".
2. Delete the Voice Mail search folder in Outlook.  This only deletes the search folder, not the messages.
3. Dial into Outlook Voice Access to access your old voicemails.  You need to enter the "voice mail" command, even if OVA says you have no new voicemails.  When you do this, EWS will recreate the Voice Mail search folder in Outlook.  Hang up.
4. Reconfigure Outlook to use Cached Exchange Mode again and restart Outlook.  Since the OST header still matches the mailbox database header, Outlook will use the same OST and will resync your emails quickly and easily.

Reference article: http://www.expta.com/2012/01/how-to-reset-exchange-2010-mwi.html

Group Policy User/Computer Section

Login Script configured on the "User" section of GPO is applied to both Computer and Users objects, while expected to be applied only to User objects.

Disabling Operator ("0") option for Exchange Mailbox

Default Option when creating UM Dial Plan  in Exchange 2010 is to have "Operator extension" is set to 0 (UM Dial Plans/Properties/Settings)

If you need to disable operator for certain mailboxes (users) here is the list of steps to follow:

1. On Exchange: create the new UM Dial Plan - make sure that "Operator extension" is set to empty (UM Dial Plans/Properties/Settings) - name the new UM Plan to something like "4-Digit No Operator".
2. Set "Subscriber Access" extension on the new UM Plan: (UM Dial Plans/Properties/Subscriber Access).
3. Create new Hunt Groups for every IP Gateway (UM IP Gateways tab), make sure to use the new UM Dial Plan and Pilot Identifier set in step 2 for subscriber access.
4. Disable Unified Messaging for the user/Enable Unified Messaging specifying new UM Dial Plan during enabling process.  That concludes Exchange portion of configuration.
5. On PBX: configure PBX to call new subscriber access (set in the step #2) for the user/users that should have operator option disabled.
6. On IP Gateway: make sure that subscriber access extension (set in step #2) is in the scope of extension that target Exchange UM.

Exchange Active Sync does not work after user mailbox moved to Exchange 2010 mailbox server

After the user mailbox was moved to Exchange 2010 mailbox server from Exchange 2007, ActiveSync got broken.

There are many warning messages on Exchange 2010 CAS servers:

Log Name:      Application
Source:        MSExchange ActiveSync
Date:          4/10/2014 10:35:08 AM
Event ID:      1008
Task Category: Requests
Level:         Warning
Keywords:      Classic
User:          N/A
Computer:      Exchange2010CASservername.mydomain.com
Description:
An exception occurred and was handled by Exchange ActiveSync. This may have been caused by an outdated or corrupted Exchange ActiveSync device partnership. This can occur if a user tries to modify the same item from multiple computers. If this is the case, Exchange ActiveSync will re-create the partnership with the device. Items will be updated at the next synchronization.

URL=/Microsoft-Server-ActiveSync/default.eas?Cmd=Provision&User=username%40userdomain.com&DeviceId=android1342529324&DeviceType=MotoDROIDRAZR
--- Exception start ---
Exception type: Microsoft.Exchange.AirSync.AirSyncPermanentException
Exception message: A null value was received for the NTSD security descriptor of container CN=ExchangeActiveSyncDevices,CN=username@userdomain.com,OU=OUname1,OU=OUname2,OU=OUname3,DC=mydomain,DC=com.
Exception level: 0
HttpStatusCode: 500
AirSyncStatusCode: 110
XmlResponse:
This request does not contain a WBXML response.

Google bringing up the following Microsoft article: http://support.microsoft.com/kb/2680321

It suggests "Include inheritable permissions from this object's parent" is selected...  But my users already had it selected.

Comparing the security settings on the OU level with OUs that work, I found that 'Exchange Trusted Subsystem' is missing from the list...  I added it with the 'Full Control' and it fixed the problem.

Upgrading first CAS server to Update Rollup in mixed environment

Users trying access OWA in the mixed environment and getting "The mailbox you're trying to access isn't currently available. If the problem continues, contact your helpdesk."

In mixed Exchange environment (ie. OWA client access for Exchange 2007 users goes  Exchange 2010 CAS Servers -> Exchange 2007 CAS Servers -> Exchange 2007 User), Exchange 2010 server must have previous version of OWA in it’s OWA folder.

Upgrade Exchange 2007 CAS server to Update Rollup creates new folder of files (like UR12 for Exchange 2007 SP3 created the folder ‘8.3.342.1’) which did not exist on Exchange 2010 CAS servers.

That causes problems for Exchange 2007 users to login.

To fix – copy the folder to Exchange 2010 CAS Server OWA folder (from upgraded Exchange 2007 CAS Server OWA folder) and do iisreset on Exchange 2010 CAS server.

More here: http://exchangeserverpro.com/owa-error-mailbox-trying-access-not-currently-available/ (scroll down to the end).

Monitoring Exchange Functionality (OWA/ActiveSync) from Internet

Following is the way to test Exchange Health from Internet.  You will need the pc with Exchange Management Tools installed.

• 2 batch file to be run on the Task Scheduler every desired number of minutes - one batch (running Powershell Script) will be testing the Exchange Functionality; another (running vbs script) will be parsing the output file and send email to the phone of on-call person if the word "Failure" appears in the script.
• Note - credentials are supplied for the script in the secure way
• Powershell Script:

#Set-ExecutionPolicy

Set-ExecutionPolicy -ExecutionPolicy:Unrestricted

# specify acct used on Exchange 2010

$username = "TestAccount@yourdomain.com"

$password = cat C:\admin\securestring.txt | convertto-securestring

$cred = new-object -typename System.Management.Automation.PSCredential -argumentlist $username, $password

Test-OwaConnectivity -URL https://yourURL.yourdomain.com/owa -MailboxCredential $cred | Out-File c:\admin\emailtestresult.txt -Append -Encoding utf8

Test-ActiveSyncConnectivity -URL https://YourURL.yourdomain.com/Microsoft-Server-ActiveSync -MailboxCredential $cred -LightMode | Out-File c:\admin\emailtestresult.txt -Append -Encoding utf8

• Note - there is a file  C:\admin\securestring.txt used as the encrypted password file; to generate it run the following:

read-host -assecurestring | convertfrom-securestring | out-file C:\admin\securestring.txt

and type the password of the account used.

• VBS Script:

Dim objFS

Dim objResult

Dim numEvent

Dim numAlert

numEvent = 0

numAlert = 0

Set objFS = CreateObject("Scripting.FileSystemObject")

strFileIn = "c:\admin\emailtestresult.txt"

'Set inFile = objFS.OpenTextFile(strFileIn, ForReading)

Set inFile = objFS.OpenTextFile(strFileIn, 1, TristateTrue)

Do Until inFile.AtEndOfStream

                strLine = lTrim(inFile.ReadLine)

  

'if the word 'Failure' found in the result file - numAlert == 1

                If InStr(strLine,"Failure") > 0 Then

                                numAlert = 1

                End If

Loop

                If numAlert > 0 Then

                                Set objShell = WScript.CreateObject("WScript.Shell")    

'send alert using blat

                                objResult = objShell.Run("blat " & strFileIn & " -subject ""Your friendly alert message is here"" -to yourphone@phonedomain.com")

                                Set objShell = Nothing

               

                End If

inFile.Close

• Create .bat file to run on the Task Scheduler
• For Powershell:

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -command ". 'C:\Program Files\Microsoft\Exchange Server\V14\bin\RemoteExchange.ps1'; Connect-ExchangeServer -auto; "PathToPSFile\PSFileName.ps1"

• For VBS Script:

cscript PathtoVBSFile\VBSFileName.vbs

Exchange Control Panel - not only Control Panel after all

When the user goes to Options/Change password in OWA (Exchange 2010), user gets redirected to https://yourmailserver.yourdomain.com/ecp...  Therefore 'ecp' is not for working as 'control panel' only.  (You have to make sure ecp is available from outside access if you configure OWA access through TMG or another reverse proxy device)

How to get list of mailboxes for enabled users only

Task: Provide the list of mailboxes for only accounts that are enabled (excluding the mailboxes for disabled accounts).  This is frequently required for any type of Exchange mailbox migration projects, when disabled mailboxes will not be migrated.

1. Get the all mailboxes list - including disabled (distinguishedname only): in Exchange Management Console run following command:"Get-Mailbox -resultsize unlimited | select-object distinguishedname | export-csv c:\admin\dn_mailboxes_all.csv -notype"
2. Get the list of distinguishednames of disabled accounts: using Quest ActiveRoles Management Shell: "Search-ADAccount -AccountDisabled | select-object distinguishedname | export-csv c:\admin\disabled-objects.csv -notype"
3. So - now we have 2 spreadsheets, first has all mailboxes, second all disabled objects - use your favorite way to select only items that exist in person first spreadsheet, but not in second.  I use Excel Pivot table: I combine both spreadsheets in one (simple copy/paste will work) and then I insert Pivot Table with 'count' option for that column...  The lines that have count '2' exist in both files, therefore disabled, so I need only lines that have count '1'.
4. Copy the ones that have count "1" (therefore either enabled objects or disabled non-user objects) to txt file (c:\admin\enabledobjects.txt in our case).
5. In Exchange Management Console run following command: "get-content c:\admin\enabledobjects.txt | Get-Mailbox -resultsize unlimited | select-object displayname, Organizationalunit, UserPrincipalname, PrimarySMTPAddress, ServerName | export-csv c:\admin\mailboxes_enabled_users.csv -notype" (note that when you run the script, non-user objects will produce error, that is normal: non-user objects do not have a mailbox, therefore the resulting file will have correct information with only enabled user mailboxes).

I am sure there maybe more elegant ways to do this...

Remove old IIS files with batch file (running on Task Scheduler)

Script below allows you to remove IIS Logs older than MaxDays days.

You can put it in vbs file and create bat file that will call vbs file:

cscript \.vbs

Then, you can schedule execution of that file using Task Scheduler.

Mostly the script is taken from http://gallery.technet.microsoft.com/scriptcenter/ba67b84a-286e-4256-8a6c-d6579dce2045 (replace interactive pieces of the script with providing the local computer as a target for the script).

MaxDays = 10

Set objNetwork = CreateObject("Wscript.Network")

strComputer = objNetwork.ComputerName

wmiQuery = "Select * from Win32_OperatingSystem" 

Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2") 

Set colItems = objWMIService.ExecQuery(wmiQuery) 

    For Each objItem In colItems 

        sWindowsPath = objItem.WindowsDirectory 

    Next 

Set objW3SVC = GetObject( "IIS://" & strComputer & "/W3SVC") 

    For Each objSite In objW3SVC 

        If objSite.Class = "IIsWebServer" Then 

            strLogDir = UCase(objSite.LogFileDirectory) 

                strLogDir = Replace(strLogDir,"%WINDIR%",sWindowsPath,1,1,1) 

                strLogDir = cscript C:\Scripts\VG\deleteoldiisfiles.vbsReplace(strLogDir,"%SYSTEMROOT%",sWindowsPath,1,1,1) 

                strLogDir = Replace(strLogDir,":","$",1,1,1) 

            objLogFolder = "\\" & strComputer & "\" & strLogDir 

            Set oFSO = CreateObject("Scripting.FileSystemObject") 

            Set oFolder = oFSO.GetFolder(objLogFolder) 

            Set colSubFolders = oFolder.Subfolders 

            For Each oSubFolder In colSubFolders 

                If InStr(UCase(oSubFolder),"W3SVC") Then 

                    For Each oFile In oSubFolder.files 

                        If InStr(LCase(oFile.Name),".log") Then 

                             If (Date - oFile.DateCreated > CInt(MaxDays)) Then 

                                oFSO.DeleteFile(oSubFolder & "\" & oFile.Name) 

                            End If 

                        End If 

                    Next 

                End If 

            Next 

        End If 

    Next