Archive
Setting Internal and External URL’s in Exchange 2013
Microsoft made a nice GUI for setting internal and external URL, however they still did not put in the AutodiscoverServiceInternalUri, and the OutlookAnywhere URL in the GUI. In my opinion, if you’re going to make a GUI for setting URL’s, it would make sense to present all the necessary URL settings in the GUI, so certificate errors don’t occur. So I made a nice script for myself to set all the necessary URL’s on a CAS server.
Download the jpg (wordpress hates .txt or .ps1 files) below, and change the extension to .ps1 or .txt after download. Full script text below.
Download the file, change the extension to .ps1, and run it in Exchange shell
#
# Author: Scott Jaworski
# Website: jaworskiblog.com
# Version: 1.0
# Description: This script sets internal and external URL’s on the specified Exchange 2013 Client Access Server
# then displays the results of all the urls that have been set.
# How to Use: Copy the text file to a location on the Exchange server. Change the .txt extension to .ps1,
# Open Exchange Management Shell, Browse to the location of the script in EMS, Run .\Set-Exchange2013Vdirs
#
Function Set-Exchange2013Vdirs
{
$ExServer = Read-Host “Please enter the Exchange 2013 Server Name you’d like to set Vdirs “
$InternalName = Read-Host “Input the internal domain name eg.. IntMail.domain.com “
$ExternalName = Read-Host “Input the external domain name eg. ExtMail.domain.com “
Write-Host “Configuring Directories for $ExServer..” -Foregroundcolor Green
Get-WebservicesVirtualDirectory -Server $ExServer | Set-WebservicesVirtualDirectory -InternalURL https://$InternalName/EWS/Exchange.asmx -ExternalURL https://$externalName/EWS/Exchange.asmx
Get-OwaVirtualDirectory -Server $ExServer | Set-OwaVirtualDirectory -InternalURL https://$InternalName/owa -ExternalURL https://$ExternalName/owa
Get-ecpVirtualDirectory -Server $ExServer | Set-ecpVirtualDirectory -InternalURL https://$InternalName/ecp -ExternalURL https://$ExternalName/ecp
Get-ActiveSyncVirtualDirectory -Server $ExServer | Set-ActiveSyncVirtualDirectory -InternalURL https://$InternalName/Microsoft-Server-ActiveSync -ExternalURL https://$ExternalName/Microsoft-Server-ActiveSync
Get-OABVirtualDirectory -Server $ExServer | Set-OABVirtualDirectory -InternalUrl https://$InternalName/OAB -ExternalURL https://$ExternalName/OAB
Set-ClientAccessServer $ExServer -AutodiscoverServiceInternalUri https://$internalName/Autodiscover/Autodiscover.xml
Set-OutlookAnywhere -Identity “$ExServer\Rpc (Default Web Site)” -InternalHostname $internalName -ExternalHostName $ExternalName -InternalClientAuthenticationMethod ntlm -InternalClientsRequireSsl:$True -ExternalClientAuthenticationMethod Basic -ExternalClientsRequireSsl:$True
Write-Host “Vdirs have been set to the following..” -Foregroundcolor Green
Write-Host “$ExServer EWS”
Get-WebservicesVirtualDirectory -Server $ExServer |Fl internalURL,ExternalURL
Write-Host “$ExServer OWA”
Get-OWAVirtualDirectory -Server $ExServer | Fl internalUrl,ExternalURL
Write-Host “$ExServer ECP”
Get-ECPVirtualDirectory -Server $ExServer | Fl InternalURL,ExternalURL
Write-Host “$ExServer ActiveSync”
Get-ActiveSyncVirtualDirectory -Server $ExServer | Fl InternalURL,ExternalURL
Write-Host “$ExServer OAB”
Get-OABVirtualDirectory -Server $ExServer | Fl InternalURL,ExternalURL
Write-Host “$ExServer Internal Autodiscover URL”
Get-ClientAccessServer $ExServer | Fl AutodiscoverServiceInternalUri
Write-Host “$Exserver Outlook Anywhere Settings”
Get-OutlookAnywhere -Identity “$ExServer\rpc (Default Web Site)” |fl internalhostname,internalclientauthenticationmethod,internalclientsrequiressl,externalhostname,externalclientauthenticationmethod,externalclientsrequiressl
Write-Host “The Powershell URL have not been set as part of this script. Set it if you choose” -ForegroundColor Yellow
}
Set-Exchange2013Vdirs
Fixing Lync/OWA Integration After Upgrading to Windows 2008 R2 SP1 or .NetFramework 4.0
So you had Lync integration working with OWA brilliantly by followingJeff Guillet’s blog article, and then you patched your Exchange Servers to Server 2008 R2 SP1 and everything broke. Here’s why, and here’s how to fix it.
Cause:
.Net Framework 4.0 is rolled up in Server 2008 R2 Sp1, which is incompatible with the UCMA package required for the Lync/OWA integration. We can see in the Windows Updates that .net Framework 4.0 has been installed. It is possible that this was installed outside of SP1 as an optional update.
Unfortunately we cannot simply Uninstall this update, it does not show up in the list of available updates to Uninstall. So how do we get rid of .Net Framework 4.0 without Uninstalling the Server 2008 R2 SP1 update?
Solution:
1. Download the .Net Framework 4.0 bits from Microsoft, and install it on your Exchange CAS server(s).
2. Once the install is complete, go to Control Panel – Programs and Features, and Remove the .Net Framework 4 Extended, and then the .Net Framework 4 Client Profile.
3. Reboot the Server.
4. Re-run the original .msi and .msp patches you installed for the Lync Integration from Jeff’s blog article. No reboot should be necessary.
5. Open OWA and enjoy your fixed OWA/Lync integration.
Outlook Prompt Some Users “connecting to user@domain.com”
Recently I ran into an issue where a subest of internal, domain joined users were getting prompted in Outlook. Most users were not experiencing the issue at all. There are dozens of reasons Outlook will prompt users. In most cases it is due to a misconfiguration of Exchange, but sometimes it has to do with the users. This is what they were seeing when they opened Outlook, or after their computer went to sleep.
Notice that no server name is listed in the prompt. The users were also experiencing Outlook disconnects due to the account being locked out from this prompt. If the user enters the wrong password a few times here, Outlook will disconnect, and it may be awhile before the user realizes their account has been locked out.
Reason
The users at some point had cached the wrong credentials in Outlook. Clicking the “Remember my credentials” can cause Windows to cache the credentials, and the next time the application is opened it will attempt to use the cached credentials instead of the AD login. This would theoretically be ok, until the user changes their password.
Solution
Open Control Panel | User Accounts | Credential Manager
Remove the cached credentials for the Exchange Server under “Windows Credentials”.
Remove the cached credentials for any Outlook entries under “Generic Credentials”.
It may be in a slightly different location in Windows XP and Vista, but you can still find it under user accounts.
Search queries: Outlook prompting for UPN. Outlook connecting to e-mail address. Outlook prompts for e-mail address. Outlook prompts some users. Outlook caching wrong credentials. Outlook disconnecting. Outlook disconnected after prompt.
Common Exchange 2010 Mailbox Move Errors
Moving Mailboxes from Exchange 2003 or 2007, to 2010 sometimes fail, for various reasons. This is a list of errors I see frequently, as well as how to resolve the error and get the mailbox moved. This post will be updated as I come across more errors.
If you don’t find the error you are looking for in this list, you may try Microsoft’s technet page that has additional errors and resolutions
http://technet.microsoft.com/en-us/library/dd638094.aspx
The Database Already contains a move request for ‘user’
This is purposely put first, because after a mailbox move fails, you almost always have to remove the move request manually.
Error:
The queue in ‘User Mailbox Database’ database already contains a move request for ‘User Name’, while AD reports the mailbox as not being moved. It is possible that someone created this move request recently, while targeting a different domain controller, and AD replication did not yet occur. You can examine this move request by running ‘Get-MoveRequestStatistics -MoveRequestQueue ‘User Mailbox Database’ -MailboxGuid 2d2df646-036c-4c65-a986-861524dde06e -IncludeReport | fl’. If you believe this to be an abandoned move request, you can remove it by running ‘Remove-MoveRequest -MoveRequestQueue ‘User Mailbox Database’ -MailboxGuid 2d2df646-036c-4c65-a986-861524dde06e’.
Exchange Management Shell command attempted:
‘domain.com/Users/User Name’ | New-MoveRequest -TargetDatabase ‘User Mailbox Database’
Reason/Resolution
Both are listed within the error message above. hit “Ctrl+C” to copy the contents of the error message, paste it into notepad, and then copy the given command. With the above example I would run the following command in Exchange Management Shell
Remove-MoveRequest -MoveRequestQueue ‘User Mailbox Database’ -MailboxGuid 2d2df646-036c-4c65-a986-861524dde06eWhen it asks if you are sure, type Y then hit Enter
Property expression “UserName” isn’t valid.. ‘@’ cannot be the last character
Error:
Property expression “UserName” isn’t valid. Valid values are: Strings that includes ‘@’, where ‘@’ cannot be the last character
Exchange Management Shell command attempted:
‘domain.com/Users/User Name’ | New-MoveRequest -TargetDatabase ‘User Mailbox Database’
Reason
The user login name is not set, so the username becomes “User@” This is an invalid username.
Resolution
Open Active Directory Users and Computers. Open the Properties of the User – Account Tab. The Drop down for the User Login is blank. Set the user login to your primary domain, then try moving the mailbox again.
Insufficient Access Rights to Perform the Operation
Error:
Active Directory operation failed on DC.domain.com. This error is not retriable. Additional information: Insufficient access rights to perform the operation.
Active directory response: 00002098: SecErr: DSID-03150BB9, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
The user has insufficient access rights.
Exchange Management Shell command attempted:
‘domain.com/Users/User Name’ | New-MoveRequest -TargetDatabase ‘User Mailbox Database’
Reason
Inheritable permissions are not turned on for the user. If the user is a member of the domain admins group, this setting will be unchecked. You can turn on this permission for the mailbox move. AD will run service in the background that will uncheck the box again in a few hours. This is ok, it just has to be checked during the mailbox move. This error does not seem consistent, ie some domain admins will experience it and some won’t. I have also seen normal users have this box unchecked as well.
Resolution
Check the “Allow Inheritable Permissions from this object’s parent” box on the user Account. If you don’t know where to find that, keep reading.
1. Open Active Directory Users and Computers and make sure the Advanced Features is checked.
2. Open the Properties of the User Account and go to the Security Tab. Once there, click on Advanced
3. Check the box at the bottom left
4. In Exchange Management Console, try moving the mailbox again.
Microsoft Exchange Critical Error
Error:
A dialog box pops up that says Microsoft Exchange Critical Error. “Unexpexted Error [0x787DB51B] while executing command ‘New-MoveRequest -TargetDatabase ‘User Mailbox Database”
Reason:
In my case, the mailbox was never migrated to the 2003 server, so it was still pointing to an non-existent Exchange 2000 Mailbox Server.
If I ran a get-mailbox “user” it would tell me that the object has been corrupted, and it’s in an inconsistent state. The following validation errors happened:
Warning: Database is mandatory on UserMailbox
This is telling me that the mailbox I was trying to move did not have a database assigned to it.
If I open the Properties of the User account – Exchange General Tab, I see that the Home Server attribute is pointed to an Exchange 2000 database.
Resolution:
Remove the Exchange attributes from the user account. If the mailbox was never migrated from a non-existent mailbox server, nobody is using the account and therefore at least it’s exchange attributes can be removed.
1. Open Up Exchange Users and Computers on the Exchange 2003 server.
2. Right click on the user – Exchange Taks
3. Follow the wizard to Remove Exchange Atrributes
Remote Desktop Connection Manager
A lot of my customers ask me what software I’m using for RDP, so I thought I’d share it here.
If you often remote into servers, this free program from Microsoft makes life a lot easier. Just input the server name and credentials you use to login and add it to the list. Then select the server you want to connect to from the list, or connect to the entire group. Much better than multiple minimized RDP sessions. It also automatically selects a resolution so you can view the entire desktop.
