Exchange 2010

“New Local Move Request” missing

As you have noticed I am currently involved with turning up an Exchange 2010 server and migrating over. This doesn’t happen without learning some new tricks and getting to understand the new kid on the block. This is where New Local Move Request and I became friends.

I was unable to move a mailbox account that I had previously moved.  It wasn’t long until I discovered that if there is an existing Move Request (pending, in progress, failed or completed) you will not see the “New Local Move Request”

The solution to this is very simple, so much so that you wouldn’t think of it until you ran into the same issue. Just find your way to ‘Move Request’ located under Recipient Configuration and you will have the option that reads ‘Clear Move Request’.

Move requests should be enabled again and you,  are good to go.

– jermal

Testing Remote access to Exchange with Microsoft Exchange Remote Connectivity Analyzer

The Microsoft Exchange Remote Connectivity Analyzer is awesome tool for troubleshooting Exchange external access.

If you are setting up a new Exchange environment and want to test remotely, this is the tool for you.

Outlook Certificate Error?

After migrating my email account from EX2007 to EX2010 my Outlook 2010 client was giving warning about the certificate being used…

I will like to thank Elan Shudnow’s Blog for the post on this because it helped me confirm the steps I had applied were correct, they just didn’t take place until after I rebooted the Exchange 2010 Server.

Here are some tips for those of you facing the same problem; run the following commands:

this will show you services that had certificates assigned to them

Enable-exchangecertificate -services IMAP, POP, UM, IIS, SMTP -Thumbprint <thumprint>
I haven’t done this yet

Get-ClientAccessServer -Identity CASServer | FL
Eensure the AutodiscoverInternalURI is pointed to the CAS that will be your primary CAS for Autodiscover servicing

If you have done all the other things such as: Set-WebServicesVirtualDirectory, Set-OABVirtualDirectory, Enable-OutlookAnywhere, Set-ActiveSyncVirtualDirectory, you should be good to go.

Please visit his post for expanded information and thanks for stopping by mine

– jermal

owa/auth.owa error accessing outlook web

My battle with Exchange continues…

After a day of messing around with the configuration (details to come soon).  I restarted my Exchange 2010 Server.  All was working as expected, so thumbs up and smiles all around.  And then… it happened! I attempted to access web-mail (OWA).

The main Outlook Web Access page loaded without any issues.  So I logged in and after clicking Sign in I was presented with a blank page pointing to auth.owa.  What broke?  I didn’t do any updates. Attempting to test using Test-OWAConnectivity in the EMC didn’t give me much info to go on.

I later looked into the services and “wow, Microsoft, for-real guys” … Forms Based Authentication to a seperate Service called Microsoft Exchange Forms-Based Authentication Service.

Starting this fixed my issue. I am puzzled why this didn’t start with the server, because its set to automatic. I will do a little more digging and if I find something I’ll report back.

– Jermal

Exchange 2010 Active Sync Issue

Today I spent sometime working on my exchange migration path. There was some concerns that needed to be addressed some of which opened up the migration path I originally thought was best, but put out of my mind due to ……………  well anyhow!  I am back with an issue, and it seems this time its mobile devices and active sync.

After moving my mailbox over to EX2010 I noticed I was unable to sync my i777 or my IOS device.   After a little frustration, and searching Google, to only find post that did not help me at all; In fact some of them were instructing me to do things that would only wast my time.

Event Logs —

I decided to look in a place many of us system admin guys often forget to look; the event logs.  I quickly noticed the following error event in applications:

Event ID:  1053

Exchange ActiveSync doesn’t have sufficient permissions to create the “CN=Jermal Smith,OU=Users,OU=Information Technology,OU=*********,OU=*******,DC=******s,DC=*****” container under Active Directory user “Active Directory operation failed on ************. This error is not retriable. Additional information: Access is denied.
Active directory response: 00000005: SecErr: DSID-031521D0, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
Make sure the user has inherited permission granted to domainExchange Servers to allow List, Create child, Delete child of object type “msExchActiveSyncDevices” and doesn’t have any deny permissions that block such operations.

Now I have something I can use to search out a solution.  I also recalled having a similar issue testing out Lync where my admin account did not have inherited permission granted.  I then did the following:

On a Domain Controller or any member machine with the proper tools, Click on Start/All Programs/Administrative Tools/Active Directory Users and Computers

Click on View and Select Advanced Features

Select a mailbox that isn’t working with Active Sync, double click on the account, Select the Security Tab and then the Advanced Button.

Select Exchange Servers, and tick the Include inheritable permissions then Apply and OK.

When this was completed, I went back to my mobile devices to check if they would now connect and like magic (well not so much magic) they were both working as i expected them to.