Archive for the 'exchange' Category

Distribution Group Management in Exchange 2007

Published on November 5, 2009 in exchange 2007. 0 Comments

Managing a distribution group in Exchange 2007 works little differently than it did in Exchange 2003. In Exchange 2003, you could select a user to manage a distribution group, and select the option so that they could update the members in the list. (see image below)

DGManagement_Ex2003

In Exchange 2007, you have the ability to select a manager to manage the members of the list as well. However, the manager has no rights to add/remove members from the list. (see image below)

DGManagement_Ex2007

In order to grant this permission to the user, you have to run the following command from the Exchange Management Shell:

Add-ADPermission -Identity:'Group Display Name’ -User:domain\username -AccessRights ReadProperty, WriteProperty -Properties 'Member'

Make sure you have the appropriate permissions before you run that command, or it will error out. According to the Technet article, you will need the following permissions to run the command successfully:

1) Exchange Recipient Administrator role.
2) Account Operator role for the applicable Active Directory containers.

Error logging in to Outlook Web Access (OWA) on Exchange 2007

Published on October 28, 2009 in exchange 2007. 0 Comments

When we had completed our migration from Exchange 2003 to Exchange 2007, there were a couple of users that informed us that their Outlook Web Access wasn’t working anymore. The error they received was:

A problem occurred while trying to use your mailbox. Please contact technical support for your organization.

After expanding the error message, it showed the following:

Request
Request
Url: http://[owa servername]:80/owa/lang.owa
User host address: [user ip]
Exception
Exception type: Microsoft.Exchange.Data.Storage.StoragePermanentException
Exception message: There was a problem accessing Active Directory.
Call stack
Microsoft.Exchange.Data.Storage.ExchangePrincipal.Save()
Microsoft.Exchange.Clients.Owa.Core.RequestDispatcher.DispatchLanguagePostLocally(OwaContext owaContext, OwaIdentity logonIdentity, CultureInfo culture, String timeZoneKeyName, Boolean isOptimized)
Microsoft.Exchange.Clients.Owa.Core.RequestDispatcher.DispatchLanguagePostRequest(OwaContext owaContext)
Microsoft.Exchange.Clients.Owa.Core.RequestDispatcher.PrepareRequestWithoutSession(OwaContext owaContext, UserContextCookie userContextCookie)
Microsoft.Exchange.Clients.Owa.Core.RequestDispatcher.InternalDispatchRequest(OwaContext owaContext)
Microsoft.Exchange.Clients.Owa.Core.RequestDispatcher.DispatchRequest(OwaContext owaContext)
System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
Inner Exception
Exception type: Microsoft.Exchange.Data.Directory.ADOperationException
Exception message: Active Directory operation failed on [active directory servername]. This error is not retriable. Additional information: Insufficient access rights to perform the operation. Active directory response: 00002098: SecErr: DSID-03150A45, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
Call stack
Microsoft.Exchange.Data.Directory.ADSession.AnalyzeDirectoryError(PooledLdapConnection connection, DirectoryRequest request, DirectoryException de, Int32 totalRetries, Int32 retriesOnServer)
Microsoft.Exchange.Data.Directory.ADSession.ExecuteModificationRequest(ADRawEntry entry, DirectoryRequest request, ADObjectId originalId)
Microsoft.Exchange.Data.Directory.ADSession.Save(ADObject instanceToSave, IEnumerable`1 properties)
Microsoft.Exchange.Data.Storage.ExchangePrincipal.Save()
Inner Exception
Exception type: System.DirectoryServices.Protocols.DirectoryOperationException
Exception message: The user has insufficient access rights.
Call stack
System.DirectoryServices.Protocols.LdapConnection.ConstructResponse(Int32 messageId, LdapOperation operation, ResultAll resultType, TimeSpan requestTimeOut, Boolean exceptionOnTimeOut)
System.DirectoryServices.Protocols.LdapConnection.SendRequest(DirectoryRequest request, TimeSpan requestTimeout)
Microsoft.Exchange.Data.Directory.PooledLdapConnection.SendRequest(DirectoryRequest request, LdapOperation ldapOperation)
Microsoft.Exchange.Data.Directory.ADSession.ExecuteModificationRequest(ADRawEntry entry, DirectoryRequest request, ADObjectId originalId)

After searching around the web, I found a few posts that referenced this error. The users account needed to have the inheritable permissions option checked for their account.

To perform this,
1. Open Active Directory Users and Computers (ADUC).
2. Locate the user account and view the properties for the account.
3. Select the Security tab. NOTE: If you don’t see the security tab, you will have to enable Advance Features from the View menu.
4. Select the Advanced button.
5. Check the option box for “Allow inheritable permissions from the parent to propagate to this object…”

6. Click Apply and then OK to close out the properties for the user account.

Once this option is selected, the user was able to log in to OWA successfully.

Exchange Analyzer Tools

Published on September 10, 2008 in asides and exchange. 0 Comments

Exchange Analyzer Tools help Exchange Performance, Configuration and Recovery.

Exchange 2007 SP1 Cmdlet List

Published on September 5, 2008 in asides and exchange 2007. 0 Comments

Complete list of Exchange 2007 SP1 Powershell commands.

Exchange tools

Published on August 3, 2007 in asides, exchange 2003 and exchange 2007. 0 Comments

Microsoft updated some tools for Exchange Server 2003/2007. (via Bink)

Event ID 1001 and 3031

Published on March 12, 2007 in activesync and exchange 2003. 4 Comments

A couple of weeks ago, we had an issue where the Pocket PC phones were not syncing with the exchange server. I started to peruse through the logs and noticed that event id’s 1001 and 3031 were appearing quite frequently. After searching around, I came across KB 817379 for event id 3031 and KB 832297 for event id 1001.

After checking the security settings on the directories in IIS, I noticed that the back-end exchange server’s Exchange directory in IIS had the option for Integrated Windows Authentication unchecked. How it got unchecked, we have no idea. We hadn’t made any changes at all to either the front-end or back-end exchange server that day, so we were puzzled as to how this happened.

To fix this issue, we checked the option for Integrated Windows Authentication (see image below) on the Exchange directory in IIS on the back-end server and restarted both the servers. After they came back up, everything was back to normal.

Exchange directory security

Exchange 2003 OWA and Vista’s Internet Explorer issues

Published on March 11, 2007 in internet explorer, owa and vista. 0 Comments

We recently acquired a Microsoft Vista machine to aid us in testing its compatibility with our software. As we started to test a few things, we noticed that we had an issue with OWA; when replying to a message, we’d get what looked like a broken image in the area where you would type your message (see image below). After a little searching around, we found out that Internet Explorer in Vista strips out the Dynamic HTML Editing ActiveX control (KB 911829). Microsoft released a patch for this particular issue for Exchange.

NOTE: The patch must be applied on both the frontend and backend Exchange servers.

Below is a screenshot of the window before the patch is applied.
OWA Vista 1

And a screenshot of the window after the patch is applied.
OWA Vista 2