PREMNAIR'S Blog

"..Unnatural work produces too much stress.."

Restricting email to the Internet on a per user AND per domain basis

This blog post is meant to show how easy it now is to accomplish this oft heard request in Exchange 2010. Transport rules, introduced with Exchange 2007, provided a lot of new options for administration of mail resulting in even more requests for additional functionality. The rules now have new predicates and actions extending the possibilities of what can be done. For our example, the rule will restrictActive Directory Mail enabled users” who have their ‘Department‘ defined as ‘Temp Employees‘ from sending mail to the internet, except they must be allowed to send to 2 external domains called: ‘partnerdomain.com‘ and ‘fourthcoffee.com‘. Additionally, to reduce Helpdesk calls, you want to send an NDR when they violate the rule. For demonstration purposes I will use 2 Conditions, one Action and one Exception.

Microsoft Exchange Team Blog will explain you how to do it in Exchange 2010…beautiful blog post..click here

Advertisements

March 15, 2011 Posted by | Exchange Online, Exchange Server 2007, Exchange server 2010, Mails, MailTips, Microsoft, Office, Office 2010, Office 2011, Outlook, Outlook Webapps, Software, Transport architecture | , , | Leave a comment

An error occurred during discovery of the database availability group topology. Error: An error occurred while attempting a cluster operation. Error: Cluster API “AddClusterNode() (MaxPercentage=12) failed with 0×80070005. Error: Access is denied.”

If the witness server you specify isn’t an Exchange 2010 server, you must add the Exchange Trusted Subsystem universal security group to the local Administrators group on the witness server. These security permissions are necessary to ensure that Exchange can create a directory and share on the witness server as needed. If the proper permissions aren’t configured, the following error is returned:
Error: An error occurred during discovery of the database availability group topology. Error: An error occurred while attempting a cluster operation. Error: Cluster API “AddClusterNode() (MaxPercentage=12) failed with 0×80070005. Error: Access is denied.”

If you specify a witness server, you must use either a host name or a fully-qualified domain name (FQDN). Using an IP address or a wildcard name isn’t supported. In addition, the witness server cannot be a member of the DAG.

To know more read Exchange server migration – 2007 to 2010 – Live cast

March 15, 2011 Posted by | Exchange Server 2007, Exchange server 2010, Exchange Server Profile Analyzer, Mailbox Server Requirements Calculator, Microsoft, Software | | Leave a comment

Un-installing/De-commissioning Exchange server 2007 Mailbox from Passive cluster node for Exchange 2010

  1. Open the command prompt of the Passive mailbox server..make sure you logged in as domain administrator.
  2. Go to C:\Program Files\Microsoft\Exchange SErver\Bin
  3. Type the command setup /mode:uninstall

Now you have successfully uninstall the Exchange server mailbox role from the passive node, but the cluster environment server information still exists, and we need to remove that as well.

To do that we need to…

  • Open the Cluster Management Tool
  • Expand the cluster resource name
  • Expand the Nodes
  • Right click the passive node server
  • Click on More actions -> click on “Stop cluster service”

 

 Once you “Stop Cluster Service”, then click on More actions again and click Evict and click the Evict Node….

Once you done this, restart the server.

Once the server is up…do the following too

  1. Open the Server manager console
  2. Click on Features and then click on Remove Features
  3. Uncheck Failover Clustering
  4. Click on Yes to reconfirm and click on NEXT
  5. Click on Remove.
  6. After the Server is restarted
  7. Remove any remaining files and folders from the Exchange Server program files folder and subfolders.

Thats the end of Exchange Server 2007 Mailbox de-commissioning on a Passive node….Now go to the Active mailbox server of Exchange server 2007

This process is not as same like passive node. Here we can’t go with uninstall command only, because this server holds the culstered mailbox server information and it is online. In order to remove this,

Go to the command prompt..change the directory to C:\Program files\Microsoft\Exchange Server\Bin

Type command setup.com /removeCMS /CMSName:<Clustername>

This will take the mailbox now offline from the cluster…

Now type setup /mode:uninstall

Once you finish this uninstallation, Exchange server 2007 last mail box has been remove from your domain..now do the evict

Goto command prompt (If the command prompt is open, close it and open it and then type

Cluster <mailbox cluster name> node <nodename> /force

That’s the end of the “EXCHANGE SERVER 2007 DE-COMMISSIONING PROCESS”

Now you are completely depended on Exchange server 2010.

March 15, 2011 Posted by | Edge Server, Exchange Management Console, Exchange Management Shell, Exchange Server 2007, Exchange server 2010, Mailbox Server Requirements Calculator, Microsoft, Remote Connectivity Analyzer, Software, Transport architecture | , , | Leave a comment

Active Directory operation failed on *DomainController*. This error is not retriable. Additional information: Insufficient access rights to perform the operation.

When you try to move a mailbox from Exchange 2007 to Exchange 2010,  following error occured:

Error:
Active Directory operation failed on *DomainController*. This error is not retriable. Additional information: Insufficient access rights to perform the operation.
Active directory response: 00002098: SecErr: DSID-03150E8A, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0

The user has insufficient access rights.

Exchange Management Shell command attempted:
’*OUStructure*’ | New-MoveRequest -TargetDatabase ‘Mailbox Database 1985885663′ -BadItemLimit ‘-1′

To resolve this error…..by editing the Advanced Security Settings for that user,

  • Open Active Directory Users and Computers
  • Find the user of which the mailbox error occured
  • Open  the properties of the user and go to the security tab (if this is not available, choose view and then advanced features in the AD users and computers under  MMC)
  • Click on [Advanced]
  • Check the box at the bottom which says “Include inheritable permissions from this object’s parent” and then click [OK] twice.
Error fixing

Then try to move it and it will work…

March 15, 2011 Posted by | Exchange Management Console, Exchange Server 2007, Exchange server 2010, Mailbox Server Requirements Calculator, Microsoft, Software | , , , | Leave a comment

Activating Product Key – Exchange 2010

Activate the product key for Exchange Server 2010 (for each role installed)..otherwise you can run it for 119 days…!!!!

To activate the same, from the Exchange Management console of 2010, right pannel, you will see “Enter Product Key”…and enter the product key which comes with it…!!

March 15, 2011 Posted by | Edge Server, Exchange Management Shell, Exchange server 2010, Mailbox Server Requirements Calculator, Microsoft, Software | , | 1 Comment

Exchange 2010 – Manage CAS role – Access is denied error – HResult = -2147024891

ERROR: An IIS directory entry couldn’t be created. The error message is Access is denied.
. HResult = -2147024891

After installing Exchange 2010 server in an Exchange 2007 server environment may get some funny error results. After the installation Exchange 2010 , open the Exchange management console, you nee to go to Microsoft Exchange On-Premises -> ServerConfiguration -> Client Access and here you will receive the following error message.

So let run the “Get-OwaVirtualDirectory” in powershell and you will get the following result

From the power Shell command prompt .. Run

[PS] C:\Windows\system32>Get-OwaVirtualDirectory

An IIS directory entry couldn’t be created. The error message is Access is denied.
. HResult = -2147024891
    + CategoryInfo          : NotInstalled: (<ExchangeServer2007>\Exchange (Default Web Site):ADObjectId) [Get-OwaVirtualDirectory]
   , IISGeneralCOMException
    + FullyQualifiedErrorId : 4B12EB5D,Microsoft.Exchange.Management.SystemConfigurationTasks.GetOwaVirtualDirectory

Above command reads the Active Directory objects to see all the registered OWA virtual directories. The virtual directories you retrieve are the virtual directories from Exchange 2010,  but also from Exchange 2007. Next it connects to these directories and needs admin rights. This is the problem. Exchange 2010 creates a few new groups and one of them is Exchange Trusted Subsystem. Exchange Trusted Subsystem is automatically added to the local administrators group of the Exchange 2010 server but not on the Exchange 2007 servers. 

RESOLUTION :  All you need to do is add the Exchange Trusted Subsystem to the local administrators group on the Exchange 2007 CAS servers and restart the server, including the new 2010 H&C Server.

Now  run the “Get-OwaVirtualDirectory” in powershell we see:

[PS] C:\Windows\system32>Get-OwaVirtualDirectory

Name                                    Server                                  OwaVersion
—-                                    ——                                  ———-
Exchange (Default Web Site)             <ExchangeServer2007>                                 Exchange2003or2000
Public (Default Web Site)               <ExchangeServer2007>                               Exchange2003or2000
Exadmin (Default Web Site)              <ExchangeServer2007>                                 Exchange2003or2000

owa (Default Web Site)                  <ExchangeServer2010>                                 Exchange2010

 

March 15, 2011 Posted by | Exchange Management Console, Exchange Management Shell, Exchange server 2010, Microsoft, Software | , , , | Leave a comment

   

%d bloggers like this: