IT Infrastructure blog

June 29, 2009

User was unable to login OWA

Filed under: Exchange 2007,OWA — Akther @ 6:47 am
Tags: , , , ,

One user got below error when he tried to access OWA.  We are using Exchange 2007 server.


Exception type:


Exception message: There was a problem accessing Active Directory.

Call stack


Microsoft.Exchange.Clients.Owa.Core.RequestDispatcher.DispatchLanguagePostLocally(OwaContext owaContext, OwaIdentity logonIdentity, CultureInfo culture, String timeZoneKeyName, Boolean isOptimized)

Microsoft.Exchange.Clients.Owa.Core.RequestDispatcher.DispatchLanguagePostRequest(OwaContext owaContext)

Microsoft.Exchange.Clients.Owa.Core.RequestDispatcher.PrepareRequestWithoutSession(OwaContext owaContext, UserContextCookie userContextCookie)

Microsoft.Exchange.Clients.Owa.Core.RequestDispatcher.InternalDispatchRequest(OwaContext owaContext)

Microsoft.Exchange.Clients.Owa.Core.RequestDispatcher.DispatchRequest(OwaContext owaContext)


System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)

Inner Exception

Exception type:


Exception message: Active Directory operation failed on This error is not retriable. Additional information: Insufficient access rights to perform the operation. Active directory response: 00002098: SecErr: DSID-03150A45, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0

Call stack

Microsoft.Exchange.Data.Directory.ADSession.AnalyzeDirectoryError(PooledLdapConnection connection, DirectoryRequest request, DirectoryException de, Int32 totalRetries, Int32 retriesOnServer)

Microsoft.Exchange.Data.Directory.ADSession.ExecuteModificationRequest(ADRawEntry entry, DirectoryRequest request, ADObjectId originalId)

Microsoft.Exchange.Data.Directory.ADSession.Save(ADObject instanceToSave, IEnumerable`1 properties)


Inner Exception

Exception type: System.DirectoryServices.Protocols.DirectoryOperationException

Exception message: The user has insufficient access rights.

Call stack

System.DirectoryServices.Protocols.LdapConnection.ConstructResponse(Int32 messageId, LdapOperation operation, ResultAll resultType, TimeSpan requestTimeOut, Boolean exceptionOnTimeOut)

System.DirectoryServices.Protocols.LdapConnection.SendRequest(DirectoryRequest request, TimeSpan requestTimeout)

Microsoft.Exchange.Data.Directory.PooledLdapConnection.SendRequest(DirectoryRequest request, LdapOperation ldapOperation)

Microsoft.Exchange.Data.Directory.ADSession.ExecuteModificationRequest(ADRawEntry entry, DirectoryRequest request, ADObjectId originalId)


This error may occur if the Allow inheritable permissions check box is not selected on the user object or on the OU container in Active Directory Users and Computers.


  1. Open the Active Directory Users and Computers snap-in.
  2. On the View menu, click Advanced Features.
  3. Open the properties of a user who cannot log on to Outlook Web Access.
  4. Click the Security tab, and then click Advanced.
  5. Select the Allow inheritable permissions check box if it has not already been selected.
  6. Repeat steps 3 through 5 for each organizational unit between the user object and the top-level container.
  7. Allow time for replication to occur.

User confirm that it’s working for him after i selected the Allow inheritable permission check box.




June 25, 2009

How it possible for group of users want to receive mails from internet in exchange 2007.

Filed under: Exchange 2007 — Akther @ 5:06 am
Tags: ,


By default in our organisation no one can able to receive outside mails except few like HR and other sales team to their inbox. All the employees have certain restriction to send/receive emails from outside organisation (internet). Few of the users who is in sepecific department they want to recevice mails from there vendors and others.


Create a distribution group and add those users in to this group.

Go to Exchange management console—>Recipient configuration—>Distribution group—>Mail flow settings—>Message delivery restrictions—>properties—> clear the checkbox “require that all the senders are authenticated”

receiving outside mails

Now these users are able to receive emails from outside organisation.



June 18, 2009

Maintinence window in SCCM 2007

Configuration manager added a new option for collection called the maintinence window. Its define a specific period of time within which changes can be made to clietns that are members of that collection.

For example, if you have set of computers that should only receive software updates and other advertisement between 1.30 A.M to 2.30 A.M midnight.In such cases you can use maintinence window for that specific collection.

A maintinence window cannot be longer than any given 24 hours period. If you need a longer maintinence windows, create multiple windows for collection.

How to configure a maintinence windows for a collection

Configuration Console —>Computer Management—> Collection—> Right click—> Modify Collection settings—> Select maintinence window—> New—> set start time and end time.





June 12, 2009

SCCM server and Client logs & Log location

I am listing few important logs from SCCM server as well as clients

Server Logs ( try to use tracert32 utility from configmgr2007 tollkit to open logs. But not all like this utility.)




  • Wsyncmgr.log – In this log we can able to see the sync updates between WSUS and SCCM server.
  • Mpcontrol.log – Current status of Management point. If you see  (Call to httpsendrequestsync succeeded for port 80 with status code 200,text ok http test request succeeded,successfully performed Management Point avaialbility check against local computer) This means MP is working fine.
  • Mp_status.log – Can see the MP status
  • Sender.log – Can see any errors related to the site to site communitation between the central site and the child sites.
  • distmgr.log – Able to see any DP to DP issues/transffering and erros
  • WUAHandler.log
  • WUAHandler.log – Can see any Group Policy Conflicts
  • locationservices.log -Checking and retriving MP availability

Client side Logs

Location – C:\windows\system32\ccm\logs ( 32 bit clients)

C:\Windows\SysWOW64\CCM\Logs ( 64 bit clients)

updatesstore.log   , updatesdeployment.log , updateshandler.log : Can check windows updates details.

Full log information



June 11, 2009

SCCM Client machines are not gettting updates throguh SCCM 2007


We have centerl Server  and three primary servers. I was trying to deploy june month patches to clients.  Clients under received windows updates with out any issue. But clients under primary2 and primary3 servers didn’t received updates.

Troubleshoot steps

try to telent  from central server 80 ( I was able to telnet) 80 ( I am uanble to telnet) 80 ( I am uanble to telnet)

So the issue figure it out that ports were blocked from central server to child server.  Port 445 and port 80 (or your custom ports) is used to communicate between a parent server with a wsus to a child server with wsus.

I had similar experiance in last month. That time clients under didn’t receive updates. I did some research and find out that Management Point was not working on that priamry server . Once i removed the MP role and add it back it start getting updates.

If you have issue like few of the clients not recieving updates you also need to check the below steps  from your failed computer

gpedit.msc  —> Computer configuration—>Administrative Templates—>Windows Components–>Windows Updates—>specify intranet microsoft update service location—> check the servername and port number. Try to telent from client to that server with port. If you are not able to connect means open that port from client to server



Distribution List its not displaying in Global Address List

Filed under: Exchange 2007,Outlook — Akther @ 10:17 am
Tags: , ,

Some times it happens in your life also. As you know it would be pain and customer keep on calling why it is not showing in outlook GAL.  How i resolved this issue was.

Go to Exchange Management Console->Organization configuration->Mailbox->OAB->right click->update

And asked user to download Address book from outlook  (Tools—>send receive—>download address book)

After this it appeared in outlook GAL.



user was unable to access his OWA

User was able to access his outlook. But can’t access OWA.


When users try to log on to Microsoft Office Outlook Web Access in Exchange Server 2007, they receive the following error message:” A problem occurred while trying to use your mailbox. Please contact technical support for your organization




This issue occurs when the msExchVersion attribute is not set correctly on the user object in the Active Directory.

 Exchange 2007 uses the msExchVersion attribute to determine the version of Exchange that user objects are associated with. If the version value is less than 0.1, Exchange 2007 considers the object “read-only” and cannot write changes to the object.

 Note the msExchVersion attribute may not set correctly if you created the user’s mailbox by using the Active Directory Users and Computers Microsoft Management Console (MMC) snap-in instead of by using the Exchange 2007 Management Console.



 To resolve this issue, type the following command at the Exchange Management Shell prompt:

Set-Mailbox User_Name -ApplyMandatoryProperties


To verify the msExchVersion attribute, type the following command at the Exchange Management Shell prompt:

Get-Mailbox User_Name | format-list ExchangeVersion




Mail stuck in Outbox, can’t delete or move to any other folder

Filed under: Outlook — Akther @ 9:52 am
Tags: , ,

A user complaints that she is unable to delete her mail from outbox.

First try in outlook /safe but didn’t solve. Then try with exchange work offline, but still unable to remove mail from outbox.

Then remove Exchange Cache Mode —> tools—>email accounts—>view or change—->more settings—>Advanced—->remove Exchange Cache Mode. Then close and open outlook- then open outbox . Now able to delete email.



Mail.queue file is increasing in Hub Transport Server’s and this running out of space

Filed under: Exchange 2007 — Akther @ 9:37 am
Tags: , ,

Location of Mail.Queue file         D:\Program Files\Microsoft\Exchange Server\TransportRoles\data\Queue

We have done some research and findout that few of the outlook clients are  below outlook 2003 SP2.  This is the know issue that mail.queue file will increase if you have  below outlook 2003 SP2 clients. We upgraded all the outlook clients in to Sp2 higher.

After done this also problem didn’t resolve.

Then we rename old mail.queue file ( before this we stopped Exchange trasnport service and rename the file). Then start the service.  It creates a new mail.queue file in the same location.

So the proble solved temporarly. We are monitoring this file every day.  I will update you if we come across the same problem

June 10, 2009

How to check Management Point is working fine in SCCM 2007

Filed under: SCCM 2007 — Akther @ 3:40 pm
Tags: , , ,

I was  search a lot at my initial days with SCCM to find out the MP status.  I have found few solution. It is listed below. Hope it will helpfull.

1. Check  mpcontrol.log and find if you have below status message. ( I use tracert32 to read log files)

call to httpsendrequestsync succeeded for port 80 with status code 200,text ok
http test request succeeded
successfully performed Management Point avaialbility check against local computer

Call to httpsendrequestsync succeeded for port 80 with status code 200,text ok

http test request succeeded

successfully performed Management Point avaialbility check against local computer

2. Check MPsetup.log and find the below status message
<12-16-2008 17:12:09> Installing the SMSMP
<12-16-2008 17:12:09> Passed OS version check.
<12-16-2008 17:12:09> IIS Service is installed.
<12-16-2008 17:12:09> SMSMP already installed (Product Code: {3945C886-9779-4280-B537-AB8E62A0878E}).  Upgrading/Reinstalling SMSMP
<12-16-2008 17:12:09> New SMSMP is a new product code {{7AF53388-F428-4A8B-8F20-DBB4851E3424}}.  This is a major upgrade.
<12-16-2008 17:12:09> Enabling MSI logging.  mp.msi will log to D:\SMS\logs\mpMSI.log
<12-16-2008 17:15:59> mp.msi exited with return code: 0
<12-16-2008 17:15:59> Verifying CCM_CLIENT virtual directory.
<12-16-2008 17:15:59> Website path is IIS://LocalHost/W3SVC/1.
<12-16-2008 17:15:59> Connecting to IIS.
<12-16-2008 17:15:59> CCM_CLIENT is currently D:\SMS\Client.
<12-16-2008 17:15:59> Installation was successful.
3. Check IIS and make sure that you have virtual directory named SMS_MP under default website
4. Fianlly for testing run this on IE from any client and from the server itself and you sould get the results mentioned.

a) Run http://<MP name>/sms_mp/.sms_aut?mplist
This returns a blank screen.
b) Run http://<MP name>/sms_mp/.sms_aut?mpcert
This returns a long list of numbers and letters.
5. last resort
Remove MP role from configuration manager. Wait for some time( check mpsetup.log and mp_msi.log) once you find MP has been removed successfully then add it from site system —> New Role–> Select Management Point.

Create a free website or blog at