Mails are stuck in Exchange 2007 Queue
After a long while i am back here with a new issue in Exchange Server 2007.
Problem
Users complain that mails are not going to outside world.But they are getting internal mails.
Diagonise
Affected to all users in the organisation
Checked Queue viewer in Hub Transport Server and find out that mails are stuck in queue.
Task done
Checked Event Viewer of Hub and Edge server and find out that Exchange TLS certificate was expired.
To get the current Exchange certificate status
Get-ExchangeCertificate | FL ThumbPrint, isSelfSigned, NotBefore, NotAfter, Services
Renew the certificate in Hub Transport Server
New-ExchangeCertificate | “ThumbPrintOfExpiringCertificate”
Remove the old certificate
Remove-ExchangeCertificate –ThumbPrint “ThumbPrintOfExpiringCertificate”
Then run start-edgesynchronization command from Hub Transport server.
Verify the sync between Edge server by using Test-edgesynchronization
After this Queue has been released from Queue and start mail flow between Hub and Edge Server
Thanks
Akther
outlook 2007 keeps prompting for password
One of the user is facing this issue in my company. No other user is facing this issue. When ever he start out look 2007 one dialoag box is coming for authentication. After giving username and password ( remember password check box selected) also it is again asking same window after some time. So it is annoying user and me to !
user was upgraded outlook 2003 to 2007. No other changes he done. After some investigation i have found solution. He is using Windows XP OS and Exchange 2007 we are using.
Resolution
Close outlook
Control pannel –>User accounts –> Advanced Tab–>manage password–>Add Exchange server name, Username.
Removed outlook anywhere option from outlook.
Open outlook–> It will again ask for password. Give it and select remember password check box.
It worked for me like a charm. I have seen in news groups with same issue and other resolution. Any how it resolved my issues . So i thought to share my experiance, may be it will help some one.
SCCM client status showing N/A Approved No
I have seen so many times SCCM client status is not approved or N/A after you push client to that particular server. If you install sccm client manually in this server also same story only.
So where we need to look in to this to get client status approved and client assigned Yes.
1 ) Open these ports in firewall
80, 445 ,443 ,135 , 8530 and 8531
2)Check the ip subnets are in sites boundaries.
3) check the sms agent host, BITS and WMI services are running.
If the bove settings are configured then go to configuration manager console and right click from collection and update membership collection then refresh. Now the client status should be Yes and Assigned
Thanks
Akther
Disable ActiveSync WSS/UNC Access In Exchange 2007 Server
How can we secure Exchange 2007 server? This settings we can consider for Exchange 2007 baseline security.
Here is the one option.
WSS and UNC provided file share access for mobile devices. If the functionality is not needed by mobile users then it should be disabled to reduced Exchanges attack surface and exposure to internal file shares.
How to implement
Open the Exchange Management Console, perform the following steps:
- Microsoft Exchange Organization Configuration –> Client Access –>Exchange ActiveSync Mailbox Policies
- Right Click on <name> Policy, Select Properties
- General Tab WSS/UNC Access Windows File Shares: Unchecked
Windows SharePoint Services : Unchecked
OR-
- Open the Exchange Management Shell, perform the following:
Set-ActiveSyncMailboxPolicy –identity <name> -WSSAccessEnabled $false -UNCAccessEnabled $false
Thanks
Akther
Software updates reports in SCCM Server 2007
Reports are the greate companion in my sccm journey. Through the below reports we can easily identify the windows /software updates status on sccm clients.
Report 1Enforcement state for deployment : Will give following status
Compliant status
Failed to install upates
Non compliance
Pending system restart
Report 2 – Evaluation state of deploymnet
Evaluation succeeded
Evaluation failed
Evaluation state unknown
Report 3 -Compliance 1- overall compliance
This report will give the full windows update details by client by client.
How to check scavenging is working or not in DNS Server
What is scavenging in DNS Server?
Removing stale records from DNS database based on the refresh interval and no-refresh interval settings in Aging tab.
How to configure Scavenging in DNS Server?
Properties of the zone—> Aging Tab—> select the box scavenge stale resource record. and configure the proper refresh interval and no refresh interval.
For example: Refresh Interval – 7 days.
No-refresh interval – 8 dyas. In this case scavenging will happen every 15 days.
How to find out Scavenging is working properly or not?
Check the Event ID 2501 in Event viewr. In this id you can see the status of scavenging.
Please note that if you create a DNS record on the console manually and this record will not be eligible for scavenging process. However if a client sends a dynamic update (or maybe the DHCP server) for the record you created manually, the record will become a dynamic record.
For manual creted record there will not be any time stamp.
User was unable to login OWA
One user got below error when he tried to access OWA. We are using Exchange 2007 server.
Exception
Exception type:
Microsoft.Exchange.Data.Storage.StoragePermanentException
Exception message: There was a problem accessing Active Directory.
Call stack
Microsoft.Exchange.Data.Storage.ExchangePrincipal.Save()
Microsoft.Exchange.Clients.Owa.Core.RequestDispatcher.DispatchLanguagePostLocally(OwaContext owaContext, OwaIdentity logonIdentity, CultureInfo culture, String timeZoneKeyName, Boolean isOptimized)
Microsoft.Exchange.Clients.Owa.Core.RequestDispatcher.DispatchLanguagePostRequest(OwaContext owaContext)
Microsoft.Exchange.Clients.Owa.Core.RequestDispatcher.PrepareRequestWithoutSession(OwaContext owaContext, UserContextCookie userContextCookie)
Microsoft.Exchange.Clients.Owa.Core.RequestDispatcher.InternalDispatchRequest(OwaContext owaContext)
Microsoft.Exchange.Clients.Owa.Core.RequestDispatcher.DispatchRequest(OwaContext owaContext)
System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
Inner Exception
Exception type:
Microsoft.Exchange.Data.Directory.ADOperationException
Exception message: Active Directory operation failed on RUH-002-DC-001.prod.mobily.lan. This error is not retriable. Additional information: Insufficient access rights to perform the operation. Active directory response: 00002098: SecErr: DSID-03150A45, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
Call stack
Microsoft.Exchange.Data.Directory.ADSession.AnalyzeDirectoryError(PooledLdapConnection connection, DirectoryRequest request, DirectoryException de, Int32 totalRetries, Int32 retriesOnServer)
Microsoft.Exchange.Data.Directory.ADSession.ExecuteModificationRequest(ADRawEntry entry, DirectoryRequest request, ADObjectId originalId)
Microsoft.Exchange.Data.Directory.ADSession.Save(ADObject instanceToSave, IEnumerable`1 properties)
Microsoft.Exchange.Data.Storage.ExchangePrincipal.Save()
Inner Exception
Exception type: System.DirectoryServices.Protocols.DirectoryOperationException
Exception message: The user has insufficient access rights.
Call stack
System.DirectoryServices.Protocols.LdapConnection.ConstructResponse(Int32 messageId, LdapOperation operation, ResultAll resultType, TimeSpan requestTimeOut, Boolean exceptionOnTimeOut)
System.DirectoryServices.Protocols.LdapConnection.SendRequest(DirectoryRequest request, TimeSpan requestTimeout)
Microsoft.Exchange.Data.Directory.PooledLdapConnection.SendRequest(DirectoryRequest request, LdapOperation ldapOperation)
Microsoft.Exchange.Data.Directory.ADSession.ExecuteModificationRequest(ADRawEntry entry, DirectoryRequest request, ADObjectId originalId)
Cause
This error may occur if the Allow inheritable permissions check box is not selected on the user object or on the OU container in Active Directory Users and Computers.
Resolution
- Open the Active Directory Users and Computers snap-in.
- On the View menu, click Advanced Features.
- Open the properties of a user who cannot log on to Outlook Web Access.
- Click the Security tab, and then click Advanced.
- Select the Allow inheritable permissions check box if it has not already been selected.
- Repeat steps 3 through 5 for each organizational unit between the user object and the top-level container.
- Allow time for replication to occur.
User confirm that it’s working for him after i selected the Allow inheritable permission check box.
Thanks
Akther
How it possible for group of users want to receive mails from internet in exchange 2007.
Issue
By default in our organisation no one can able to receive outside mails except few like HR and other sales team to their inbox. All the employees have certain restriction to send/receive emails from outside organisation (internet). Few of the users who is in sepecific department they want to recevice mails from there vendors and others.
Resolution
Create a distribution group and add those users in to this group.
Go to Exchange management console—>Recipient configuration—>Distribution group—>Mail flow settings—>Message delivery restrictions—>properties—> clear the checkbox “require that all the senders are authenticated”
Now these users are able to receive emails from outside organisation.
Regards
Akther
Maintinence window in SCCM 2007
Configuration manager added a new option for collection called the maintinence window. Its define a specific period of time within which changes can be made to clietns that are members of that collection.
For example, if you have set of computers that should only receive software updates and other advertisement between 1.30 A.M to 2.30 A.M midnight.In such cases you can use maintinence window for that specific collection.
A maintinence window cannot be longer than any given 24 hours period. If you need a longer maintinence windows, create multiple windows for collection.
How to configure a maintinence windows for a collection
Configuration Console —>Computer Management—> Collection—> Right click—> Modify Collection settings—> Select maintinence window—> New—> set start time and end time.
Thanks
Akther










