Exchange 2010

Error FileAccessDenied (JET_errFileAccessDenied …)

I ran into the following message when running an operation on one of my Exchange databases: Operation terminated with error -1032 (JET_errFileAccessDenied, Cannot access file, the file is locked or in use) after 10.79 seconds.

The operation’s I was attempting was an integrity check on a database (ESEUTIL /G database_filename.edb). When this failed with the error above. I verified that the database was dismounted and that my antivirus scanner was not locking the file.

It took me a little bit of time but I soon released that the temp file for the database would be on my system volume which did not have the space required to run this operation.

That said I ran the command again; this time specifying a location for the temp file. That command looks something like this:

ESEUTIL /G database_filename.edb /TE:\Mailbox\Temp\thisismytempfile.edb

Please note that there is no space used after the command switch /T

For more info on the ESEUTIL: http://support.microsoft.com/kb/192185

Unresolved Error: Server 2012 – Event 1000, Application Error

I came across an issues with my Windows Server 2012 / Exchange 2013 RU2 Server. After an unexpected shutdown message I was able to find out the faulting application which caused the reboot was LSASS.

There was an event message in the system event log of:

The process wininit.exe has initiated the restart of computer EXSERVER on behalf of user for the following reason: No title for this reason could be found
Reason Code: 0x50006
Shutdown Type: restart
Comment: The system process ‘C:Windows\system32\lsass.exe‘ terminated unexpectedly with status code 255. The system will now shut down and restart.

Later found in the application log event 1000 application error::

Faulting application name: lsass.exe, version: 6.2.9200.16384, time stamp: 0x50108ab2
Faulting module name: schannel.DLL, version: 6.2.9200.16384, time stamp: 0x5010892c
Exception code: 0xc0000409
Fault offset: 0x000000000001a73a
Faulting process id: 0x224
Faulting application start time: 0x01ce7f8a27d7e7ff
Faulting application path: C:Windowssystem32lsass.exe
Faulting module path: C:Windowssystem32schannel.DLL
Report Id: c2142447-f4f2-11e2-9404-000c299625b9
Faulting package full name:
Faulting package-relative application ID:

Looking into the Exception code: 0xc0000409 only tells me that the application experienced an event it could not handle and crashed causing windows to reboot.

Another bit of info I will keep in mind is right before this issue there were several Application Events, Event 4002, MSExchangeIS that reads:

Microsoft Exchange Information Store service has promoted the following properties (65F3, 65E9, 0E99, 0E9A) for mailbox (59bfe395-06d4-4407-8d6c-4f763e37e698) and folder (Inbox <hidden>) with session client type (Migration).

This so happens to be during a migration period where I am moving mailboxes from Exchange 2010 to Exchange 2013 RU2. It has me also wondering if items from one of the legacy mailboxes has some form of corruption within them which may be the root cause of this.

For now this is unresolved and I will keep an eye on it.  If you know of this issues please hit me up via email jermsmit ( at ) gmail (dot) (com).

Thanks

Freeware Active Directory, Exchange, Lync provisioning tool

I can’t wait to play with this free software called Z-Hire. Z-Hire is a employee provisioning that handles account creations in Active Directory, Exchange, Lync. With just a few simple clicks (one click) accounts for Active Directory, Exchange, and Lync will be created.

Z-Hire doesn’t just assist those account administrators with creating new accounts; It simplifies account closures. Z-Hire can even create accounts in Office 365 and SalesForce. So take a look at it. I am sure you will find it very useful. Best of all, its free.

Link to help info:

http://www.zohno.com/docs/Z-Hire_V4_Administration_Guide.pdf

http://www.zohno.com/docs/Z-Term_V4_Administration_Guide.pdf

Download Z-Hire from TechNet

 

System Requirements
– Windows 7 X64 w/ .NET 3.5 and .NET 4.0 (Domain Joined)
– Windows Server 2008 X64 w/ .NET 3.5 and .NET 4.0 (Domain Joined)
– Windows Server 2008 R2 X64 w/ .NET 3.5 and .NET 4.0 (Domain Joined)

Permission Requirements
– Ability to create Active Directory user
– Ability to create Exchange Mailbox
– Ability to create / enable Lync user

Supported Environments
– Active Directory (all versions)
– Exchange 2007 (all versions)
– Exchange 2010 / 2013 (all versions)
– Lync 2010 / 2013 (both Standard and Enterprise versions)
– Office 365 Cloud
– SalesForce CRM Cloud

Primary target IP address responded with: “451 5.7.3 Cannot achieve Exchange Server authentication.”

In my previous post I was banging my head over an Exchange 2013 issue. I was able to finally resolve it. And it took some steps to do so…

451 4.4.0 Primary target IP address responded with: “451 5.7.3 Cannot achieve Exchange Server authentication.”

After an Exchange 2013 Install I found myself having issues with sending emails between two Exchange Servers; 2010 and 2013. The messages on both server seem to be stuck in the mail Queue.

Full message reads: 451 4.4.0 Primary target IP address responded with: “451 5.7.3 Cannot achieve Exchange Server authentication.” Attempted failover to alternate host, but that did not succeed. Either there are no alternate hosts, or delivery failed to all alternate hosts.

This issue existed because the Exchange servers could not authenticate with one another. This type of authentication is required for Exchange to route email internally. The respective servers use the X-EXPS command to authenticate. This error will happen when servers don’t have this method of authentication enabled.

In my case this wasn’t true, however there was another issue preventing the X-EXPS command from being passed and that was our Cisco security appliance/router. In fact the Extended SMTP verbs X-ANONYMOUSTLS, X-EXPS, and GSSAPI must be able to pass. I will get to this a bit later…

In my adventure to troubleshoot this issue the following was done (thank you Microsoft for providing details. While useful did not directly solve the overall issue. These steps are below

 

Step 1 – Enable Exchange Authentication on Receive Connectors

For Microsoft Exchange Server 2013 remote servers:

  1. Go to the following website to access the Exchange Administration Center (EAC):

https://<CAS>/ECP

  1. Sign in to the ECA by using the administrator account.
  2. Click mail flow.
  3. Click receive connectors.
  4. In the Select server box, select the remote Exchange server that the email message should be sent to.Note To determine the correct Exchange server, review the send protocol logs from the server that the email message is stuck in.
  5. Select the receive connector and then click Edit.Note Typically, the receive connector is the Default server_name receive connector for the remote Exchange server
  6. Click security, under Authentication, make sure that Exchange Server Authentication check box is selected.

For Microsoft Exchange Server 2007 or 2010 remote servers:

  1. Start Exchange Management Console.
  2. Expand Server Configuration and then click Hub Transport.
  3. Click the Receive Connectors tab.
  4. Locate the remote Exchange server receive connector that the e-mail message is trying to be sent to.
  5. Right-click the receive connector and then click Properties.
  6. On the Authentication tab, make sure that the Exchange Server authentication check box is selected.

For Microsoft Exchange Server 2003 remotes servers:

  1. Start Exchange System Management.
  2. Expand the Servers container.
  3. Under the problematic remote Exchange server, locate to the Protocols container.
  4. Expand the Protocols container, right-click SMTP.
  5. Right-click Default SMTP Virtual Server and then click Properties.
  6. Click the Access tab and then click Authentication.
  7. Make sure that the Integrated Windows Authentication check box is selected.

As I mentioned above this did not resolve my issue as this was already enabled, so I went onto the next step in troubleshooting the problem.

 

Step 2 – Event ID 12014 (MSExchangeTransport)

I had (for some time) many errors in my Application Event Log referencing the ID of 12014, where the TLS Certificate for SMTP was no longer valid. Event message below.

Log Name:      Application
Source:        MSExchangeTransport
Date:          7/3/2013 4:30:06 PM
Event ID:      12014
Task Category: TransportService
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      exchange.jermsmit.com

Description:

Microsoft Exchange could not find a certificate that contains the domain name mail.jermsmit.com in the personal store on the local computer. Therefore, it is unable to support the STARTTLS SMTP verb for the connector To Internet with a FQDN parameter of mail.jermsmit.com. If the connector’s FQDN is not specified, the computer’s FQDN is used. Verify the connector configuration and the installed certificates to make sure that there is a certificate with a domain name for that FQDN. If this certificate exists, run Enable-ExchangeCertificate -Services SMTP to make sure that the Microsoft Exchange Transport service has access to the certificate key.

To correct this issue I needed to log open the Exchange Power Shell on my Exchange 2010 server and enter the following: New-ExchangeCertificate -DomainName mail.jermsmit.com -services SMTP” followed by a restart of the Transport Services (I did this on both).

I tested out my change and now the event error message is gone however I am still unable to send email between the Exchange Servers.

 

Step 3 – Back to the basics

I later logged into each Exchange Host (2010/2013) and used telnet to connect to the respective hosts SMTP address. I got a response: 220**************************************************** but this was not the proper response for an Exchange SMTP.

Then it was apparent that a firewall was blocking the communication between one Exchange host and the other. In my case it was a Cisco ASA which has a mailguard feature turned by.  The Auth and Auth login commands (Extended Simple Mail Transfer Protocol [ESMTP] commands) are stripped by the firewall

So the logical thing was to turn it off. This was done by entering the following command:
no fixup protocol smtp 25

Once this command was issued I restarted the transport services on each host and to use an old coined phrase “You Got Mail” I was back in business.

 

Info Resources:

http://support.microsoft.com/kb/979175

http://technet.microsoft.com/en-us/library/bb123786(v=exchg.65).aspx

http://support.microsoft.com/kb/320027

 

Exchange 2010 SP3 Upgrade Error

I just got finished with upgrading my Exchange 2010 Server to SP3 in preparation for next weeks online of Exchange 2013. During the service pack upgrade I encountered a few issues:

  1. After the prerequisite test the upgrade failed due to my antivirus software
  2. Upgrade failed due to the Exchange MMC being open by other users session
  3. Upgrade in a bad state after the two failures above

During the upgrade some of the roles had updated and my install was failing on the mailbox role. Exchange would not continue the upgrade process. To fix this I needed to delete an entry from the registry.

These are the steps I had taken:

  1. Opened regedit (Start > Run)
  2. Browsed the the following key: HKEY_LOCAL_MACHINESOFTWAREMicrosoftExchangeServerv14
  3. Listed here are each role; Hub Transport, Client Access, Mailbox – I looked for the the following: action and watermark entries and deleted them. In my case they only existed under the Mailbox role.
  4. Rebooted Server
  5. Started the Exchange 2010 SP3 Upgrade

This completed with success. After the completion of the upgrade I gave my server a restart and once online and all services running tested via my Outlook Client, Outlook Web Access, and via Mobile Devices to ensure Exchange was running as expected.

I hope this saves you some time if you are attempting this or looking for a solution.