I was checking out the recent upgrade to 2010 from 2003 and I noticed the following in the eventlog:

Sender Information: System.ServiceModel.ServiceHostingEnvironment+HostingManager/42194754
Exception: System.ServiceModel.ServiceActivationException: The service ‘/Autodiscover/Autodiscover.xml’ cannot be activated due to an exception during compilation. The exception message is: Could not find a base address that matches scheme http for the endpoint with binding CustomBinding. Registered base address schemes are [https].. —> System.InvalidOperationException: Could not find a base address that matches scheme http for the endpoint with binding CustomBinding. Registered base address schemes are [https].

This was popping up mostly when someone was logging into OWA for the webmail access, but it also showed up a slightly different way when someone would try to reserve resources (rooms) for meetings.

And here’s the easy fix for me:

remove IIS binding http 80 127.0.0.1
remove IIS binding https 443 127.0.0.1

This might not apply to you, but just make sure you only have ONE binding for each port (80 and 443) and the best practice is to have it bind to any (*)

New place I work recently upgraded from a 2-server Exchange 2003 (1FE and 1BE) to a 4-server Exchange 2010 (CAS and Mailbox, Mailbox, Hub, Edge) environment. Unfortunately some of the upgrade didn’t go quite as planned and there were quite a few issues remaining.

One such issue was when a user would log into OWA (Outlook Web App – or as I still like to call it Outlook Web Access) and attempt to open up the Out Of Office area, they would receive a permission denied. This means the user cannot view the ECP (exchange control panel) area of OWA.

Problem I found: Users did not have a role policy assigned to them.
Shows the role assignment – should show “Default Role Assignment Policy”
get-mailbox MAILBOXNAME | select-object roleassignmentpolicy

If nothing shows, you must set the default policy:
get-mailbox MAILBOXNAME | set-mailbox -roleassignmentpolicy "Default Role Assignment Policy"

shows the current membership roles – should show MyBaseOptions
get-managementroleassignment -roleassignee MAILBOXNAME | fl role

If nothing shows, you must add the base options:
add-rolegroupmember 'MyBaseOptions' -Member MAILBOXNAME

ALL USERS IN DOMAIN – just remove the mailbox name:
get-mailbox | ft name,roleassignmentpolicy
get-mailbox | set-mailbox -roleassignmenpolicy "Default Role Assignment Policy"

Tired of looking this up the one time a year I use it:

Open a command prompt with administrative permissions on the domain/workgroup
query session /server:SERVERNAMEORIPHERE
reset session SESSIONIDHERE /server:SERVERNAMEORIPHERE

So in my case it was:
reset session 4 /server:testdc