Category Archives: Microsoft

All Microsoft Products (Exchange, SQL, Windows, Server)

Microsoft

Exchange Errors

2 Comments

It was Friday around 3PM and most people were already gone for the day. One of the few employees left came by my desk and asked if something was up with the Exchange server. I checked Outlook – it said it was connected. Shift + F9 to force a reconnection and it failed out. Error 0x80004005. Last email received was 30 minutes ago. Great.

So error 0x80004005 says this:

The client operation failed. Microsoft Exchange Information Store.

Log onto the Exchange server and verify the services are all running. They all were running.
Check the event viewer log files – way too many errors to go through all of them while a production server was down, but this one stood out:

Event viewer showed this error:

A transient failure has occurred. The problem may resolve itself in a while. The service will retry in 56 seconds. Diagnostic information:
Cannot open mailbox /o=blah/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/cn=blah/cn=Microsoft System Attendant.
Microsoft.Exchange.Data.Storage.ConnectionFailedTransientException: Cannot open mailbox /o=blah/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/cn=blah/cn=Microsoft System Attendant. —> Microsoft.Mapi.MapiExceptionLogonFailed: MapiExceptionLogonFailed: Unable to open message store. (hr=0x80040111)

Restart the Information Store service.
Now I get this error in the event viewer:

MapiExceptionCallFailed: Unable to mount database. (hr=0x80004005, ec=1276)

Crap. I verify that we’re running Exchange enterprise and not standard (database store limits). I check the management console and see that the database is offline and refuses to mount. Since the database was already offline, I decided to run a repair on the DB.

Open a command prompt:
eseutil /p "C:\program files\microsoft\exchange server\mailbox\first storage group\mailbox database.edb"
This took roughly 30 minutes on a 44GB database.

Try to mount the database again. It fails but gives me a different error this time:

Exchange is unable to mount the database that you specified. Specified database: Exchange07\Storage Group 1\Mailstore 1; Error code: MapiExceptionCallFailed: Unable to mount database. (hr=0x80004005, ec=-515)

This means that I’m missing a required transaction log and that the DB won’t start without it. Great.

So I navigate to the first storage group log files (C:\program files\microsoft\exchange server\mailbox\first storage group)
I moved all of the files (excluding Mailbox Databse.edb and CatalogData-* folder) to another directory. Then I attempted to mount the DB again. Success!

Total downtime: 75 minutes
Active working time: 45 minutes

So what happened?
McAfee Antivirus grabbed a file from the transaction log before it could be written to the database. Since the transaction log was altered while it was trying to write to the database, the mailstore became slightly corrupt and required a repair. And because the transaction logs and the database were at different parts, even after the repair, the log files needed to be “destroyed” in order for the DB to be mounted again. Oh, the logs were recreated after successfully mounting the database.

Microsoft, Miscellaneous

LDAP Testing

Leave a comment

Sometimes I forget how much we actually use LDAP in our daily lives. Active Directory is based on LDAP. Linux can use LDAP. Same for Mac. Cisco. Lots of stuff.

In the process of upgrading from a managed call center to an in-house Cisco call manager system, we find that we need to add a Unity user account and type in the LDAP path to this user (along with the path to the users we want to import).

Being as forgetful as I usually am, I had to open up adsiedit to find out the exact paths required.

OBJECT CLASS:
User, Group, Computer, or Container are all CN (Common Name)
Organizational Unit is OU
Domain is DC

So, in our case, I had to input “cn=Unity User,ou=Service Accounts,dc=domain,dc=com”

In order to test out if this works, as well as if a user actually has rights to see the LDAP information, I found a handy program called LDAP Administrator (or Viewer)
http://www.ldapadministrator.com/download.htm

Just feed that the information and it does the rest. It reminds me of a better ADSIedit program.

Microsoft, Troubleshooting

Drag and Drop Stops Working

94 Comments

I used to have this issue on my Vista 64-bit system: I’d go to drag a file from the desktop to another location either on the desktop or in a nested folder on the computer. In any case, I could not drag the icons. It seemed as though as soon as I’d try to drag it the selection would disappear.
A simple reboot would fix that right up.
I’m not a big fan of rebooting my systems – I try to leave them up and running as long as possible without being a security risk (so roughly a month at a time – although my test slackware server would stay up for a year at a time). I also hate it when software installs and then says “reboot to finish”. I almost always ignore the requests.

So rebooting a system whenever I can no longer drag and drop items on my system is a definite no-no. Anyway, I never really looked further into it as I went back to using XP after trying vista out for a while. I chalked it up to a “vista issue”. Don’t we all?

Fast forward to last week: A coworker of mine complained that he could no longer drag and drop on his Windows 7 x64 system. I told him that he should reboot and it’ll work after that. He rebooted. It worked.

But then today it happened to me. Argh. I closed out of all my terminal sessions to see if that would fix it. Nope. I closed out of all my java-based applets/applications. Nope. I closed all my command windows and MMC windows. Nope. I closed all of my chatting programs (MSN/Pidgin/Skype) and all my remote help programs (gotomeeting/tightvnc/glance/logmein). Nope. I closed all my Microsoft programs (Outlook, Internet Explorer, Excel, Word) and my Mozilla programs (firefox, thunderbird). Nope. Argh, wtf? I even closed my putty sessions and my foobar2000 music player. Notta.

Then I looked in the services.msc and started randomly restarting all available services. Nothing. This was starting to take more time than actually rebooting the machine after installing windows updates.

After a bit of searching, I find a “fix” for XP machines:
regsvr32 ole32.dll
regsvr32 /i shell32.dll

As this is a Windows 7 64bit machine, I have my doubts. But I try them anyway. Nothing.

Then I find this site (http://astahost.com/info.php/problem-drag-drop_t14544.html) which tells me to press and release (hit) the escape key. Damn, all that wasted time.

SO, if you want to know how to fix it:
Press ESC

That is all.

***EDIT***
I also had some other issues that were not solved by the ESC solution above. After pressing both CTRL buttons several times, both Windows Key buttons several times, and both ALT keys several times the problem went away again. Stuck keyboards FTW!

Microsoft

Exchange 2007 Outlook Anywhere

Leave a comment

I enabled Outlook Anywhere on the Primary external-facing Exchange server. But then some of the employees were complaining that whenever they would connect to exchange using Outlook that it would ask for their credentials. I chalked it up to being a permissions issue, but apparently the old Ex03 server was somehow still in the mix.

Open the registry editor on your Outlook Anywhere machine and checking the following key:
HKLM\SOFTWARE\Microsoft\Rpc\RpcProxy\ValidPorts
Make sure that you only see the name of your exchange server and the ports 6001, 6002, 6004 for the servername and servername.domain.tld.
I noticed that the old server was still listed in there. I deleted it, and then restarted the Microsoft Exchange Service Host to complete the task. Unfortunately the old server was put back in.

So then I checked ASDIedit and saw no traces of the old exchange server in the mix. Odd. So why was the old server still showing up in the RPC registry keys?

I had to load up IIS/Adminpak.msi on an XP machine to get Exchange 2003 System Manager to install (ESM). Loaded that up and under Admin Groups I could clearly see the old Exchange server. Booo.
Right-click, delete. *poof*.

Redo the registry edit steps and restart the service host service and bam, working again. Now no more complaints.

Microsoft

Exchange 2007 Outlook Anywhere Per User

Leave a comment

Exchange 2007 is pretty nice. They made Outlook Anywhere (RPC over HTTPS) pretty darn easy to setup – assuming you have an SSL certificate. Unfortunately (or fortunately depending on how you look at things) a lot of the commands must be performed using the command line PowerShell application. Good thing the PowerShell and Exchange 2007 allows for more granular permissions with Outlook Anywhere.

One such command is to allow/disallow Outlook Anywhere per user. By default Exchange allows all authenticated users to connect via Outlook Anywhere. There’s no nice way using the GUI to disable access – like there is for POP3/IMAP/MAPI/etc – so you’ll have to fire up the PowerShell.

Want to check the current settings of your user?
get-mailbox USERNAME | get-casmailbox | fl
That will fully list the CAS settings for that mailbox. Look under MAPIBLOCKOUTLOOKRPCHTTP. It’s probably set to “false”. If you want to block that user from accessing Outlook Anywhere:
get-mailbox USERNAME | set-casmailbox -mapiblockoutlookrpchttp $true

That’s it.

Microsoft

Exchange 2007 3rd Party Certificate

Leave a comment

I’ve done plenty of new self-signed certificates for Exchange. Most places don’t mind if the certificate displays an error when users visit the webmail site (OWA), but they do mind if the users receive an error saying the certificate name is invalid when using Outlook.

Had the self-signed certificate installed on a standard Exchange 2007 server. CRM 4 requires an SSL/TLS connection. While we could have created another internal certificate with the export = $true key, the customer also wanted to rid themselves from the invalid certificate when browsing to the Outlook Web Access site.

Obviously replace “domain.tld” with your actual information.

Create the certificate request:

Open PowerShell on Exchange
New-ExchangeCertificate -DomainName webmail.domain.tld,other.domain.tld,autodiscover.domain.tld -FriendlyName "Site Webmail Certificate" -GenerateRequest:$True -Keysize 2048 -path c:\Webmailcertificate.txt -privatekeyExportable:$true -subjectName "c=US, o=CompanyName Inc., OU=IT, L=City, S=State, CN=webmail.domain.tld"

Purchase the site certificate:

Go to your favorite SSL supplier (Verisign, Thawte, etc.) and purchase an SSL Certificate. Standard is fine for this mostly internal-only site.
Paste the code from c:\Webmailcertificate.txt when applicable
After the certificate has been authorized, download the .crt certificate and the intermediary Certificate Authority files

Install your certificate:

Back on PowerShell for Exchange
Import-ExchangeCertificate -path c:\webmailcertificate.txt
Get-ExchangeCertificate
Copy the Thumbprint from the NEW certificate (probably the one with “…..” listed under Services
Enable-ExchangeCertificate -Services IMAP, POP, UM, IIS, SMTP -Thumbprint 896B74B2YourExchangeThumbprintFC6A7
Click Y for Yes if prompted to replace from an old(er) certificate

Now your webmail access (OWA) should no longer have a certificate issue. However, if the issued name on the certificate is DIFFERENT from your NETBIOS name of your email server, you will have issues INTERNALLY. Namely, all of your outlook clients will report a certificate is invalid error – that the names do not match. This is because the Exchange Server now has the certificate that points to webmail.domain.tld and your outlook clients are pointing to exchange07.domain.local.

To fix this issue:

Once again, use PowerShell for Exchange
Get-ClientAccessServer
Copy the servername
Set-ClientAccessServer -Identity SERVERNAMEHERE -AutodiscoverServiceInternalUri https://webmail.domain.tld/autodiscover/autodiscover.xml
Set-WebServicesVirtualDirectory -Identity "SERVERNAMEHERE\EWS (Default Web Site)" -InternalUrl https://webmail.domain.tld/ews/exchange.asmx
Set-OABVirtualDirectory -Identity "SERVERNAMEHERE\oab (Default Web Site)" -InternalUrl https://webmail.domain.tld/oab
There is one final step required – recycle the MSExchangeAutodiscoverAppPool:
On Exchange 2007, Open IIS Manager
Navigate to Local Computer > Application Pools
Right-Click on MSExchangeAutodiscoverAppPool and select Recycle

That should be it. Everything works here after recycling.

Or you could always just put in the required domains on your certificate request:
NetBIOS name
FQDN external (if different)
autodiscover.domain.tld
autodiscover.domain.local (if applicable)
webmail.domain.tld (obviously change accordingly)

Computer Hardware, Microsoft

Change Floppy Drive Letter

Leave a comment

I had to update the BIOS of a very old computer so it could handle more RAM (128MB chips were the max at the time). But I needed to create a floppy disk to do so. Plugged in my trusty USB floppy drive to my i7 machine running Windows 7 x64. Tried to run the floppy drive installation program – Not compatible with your version of windows. Damn, must need 32bit.

Moved over to the laptop with Windows 7 32bit – not a valid 32bit application. Argh. Zero for two.

Use my vmware XP Pro image – but the application requires the use of Drive A: Dammit. Zero for three.

Here’s how to change the drive letters around:

regedit
HKLM\SYSTEM\MountedDevices
Rename \DosDevices\A: to \DosDevices\Q:
Rename \DosDevices\B: to \DosDevices\A:
Rename \DosDevices\Q: to \DosDevices\B:
Reboot

Now your USB floppy should be drive A: