Exchange 2010 SP2 | Mailbox Export Request

Exchange 2010 has many improvements.  As we know when things change they do not often stay the same. In this case the method used to export exchange email boxes to PST files. Back in a previous post I went over the steps of exporting a mailbox to PST. To do this all you needed was a system with the Exchange 2007 tools installed and office.  This has changed in Exchange 2010 SP2. I note the SP2 because this is what I am using and the methods have changed from the initial release.

In Exchange 2010, you first need to be assigned the “Mailbox Import Export” role to import or export email boxes.  To assign the “Mailbox Import Export” role to an individual user, use the following syntax:

To assign the “Mailbox Import Export”role to a Windows security group, use the following syntax

In addition to the “Mailbox Import Export” role, the user which will actually perform export / import must also be member of the local Administrators group on the Exchange server on which the export operation is taking place.

To run the command to export the mailbox we need to open the EMC and run the following command:

You need to grant read/write (full) permission to the group Exchange Trusted Subsystem to the network share where you’ll export or import mailboxes. If you don’t grant this permission, you’ll receive an error message stating that Exchange is unable to establish a connection to the target mailbox.

With this new method, the requirement for Office to be installed no longer exists and Exchange 2010 queues up the backup to the UNC folder path specified.

– Jermal

Determining Free Space in an Exchange 2010 Mailbox Database

In Exchange 2010 you can see how big your mailbox databases are, and how much white space they have, by running the following command in the Exchange Management Shell.

[PS] C:>Get-MailboxDatabase -Status | ft name,databasesize,availablenewmailboxspace -auto

In screen-cap database AB is 64.76 GB in size but has 11.97 MB white space due to mail deleted. This is a nice clean server post migration.  As time goes on the white space will grow and the need to defrag will be required to free up unused space.  — this I will go into at in another post.

– jermal

Public Folders Not Replicating From Exchange 2007 to 2010

After a migration from Exchange Server 2007 to Exchange Server 2010 I encountered a problem with the replication of public folders. It seems they would not replicate regardless of what I attempted.  I spent sometime looking into this, and not wanting to HACK in a solution just to make it work.  I wanted it to work and work right. I am here now to share some simple steps to look into if you a similar issues with public folder replication.

History: The public folders in this origination was from a Exchange 2003, migrated to 2007 (issues along the way) and not being moved to Exchange 2010.

From what I have read that this is a know issue and seems to happen with Exchange organizations that have previously run versions of Exchange Server 2003 or below.

The Exchange Server 2010 Application Event Log will have this error:

The store driver couldn’t deliver the public folder replication message ” ” because the following error occurred: The Active Directory user wasn’t found. This is Application Event ID 1020

The cause of this error:
A legacy container in Active Directory for the Exchange 2003 (or earlier) in server objects.

Do not follow these steps if you still have Exchange 2003 or earlier versions running in your organization.

Launch ADSIEdit.msc and navigate to CN=Configuration <your domain>, CN=Services, CN=Microsoft Exchange, CN=<your org name>, CN=Administrative Groups, CN=<your legacy administrative group>, CN=Servers.

If you no longer operate any Exchange 2003 or earlier servers and the Servers container is empty then you can delete the container.

I was able to replicate the public folder hierarchy and content from Exchange Server 2007 to 2010 after doing this.  How awesome is that!

– Jermal

Old Error, Now New

It’s back again:

Source: MSExchangeIS
Error ID: 9646
Description: Mapi session “xxxx: /o=OrganizationName/
exceeded the maximum of 500 objects of type “objtFolder”.

Microsoft Exchange 2010 server logs the above message. While on the client end Outlook client doesn’t update folders automatically.

The number of server-side objects that are allowed by clients is limited to prevent a single client from the exhausting resources on the Exchange server.

To resolve this problem:

1. Open Registry Editor and navigate to:


2. Right click ParametersSystem and create New -> Key

3. Enter MaxObjsPerMapiSession and confirm creation of the new sub-key

4. Right click newly created key, create new DWORD value called objtFolder and give it a decimal value bigger than default 500.

5. Create another DWORD value called objtFolderView and give it the same value.

Move mailbox in Exchange 2010 fails

When I was moving a mailbox from Exchange 2007 to Exchange 2010 I had mailbox moves which fail due to the “corrupt” limit being hit.

errorMessage: Message (size 11.00 MB ) exceeds the maximum allowed size for submission to the target mailbox. You can increase this limit by using the Set-Mailbox cmdlet in the Exchange Management Shell.

And while this can be fixed by doing the following:
Go to to user mailbox properties (in EX2010), then go to mail flow settings, then set Message Size Restriction properties and set both Sending and Receive message size to high value (99999).

Then go Move Request node again and resume the move request and it should work. Just remember to go back to the user mailbox setting again and set Message size restriction to its default value.

This is a per mailbox solution and doesn’t scale when moving many email boxes over in the migration process.

So before attempting any mailbox moves during a migration from 2007 to 2010, make sure you set the send receive limit to something larger, otherwise valid messages will be dropped as “corrupt” messages simply because they are over the size limit

Set the limit under global config -> hub transport -> global setting

– jermal

“New Local Move Request” missing

As you have noticed I am currently involved with turning up an Exchange 2010 server and migrating over. This doesn’t happen without learning some new tricks and getting to understand the new kid on the block. This is where New Local Move Request and I became friends.

I was unable to move a mailbox account that I had previously moved.  It wasn’t long until I discovered that if there is an existing Move Request (pending, in progress, failed or completed) you will not see the “New Local Move Request”

The solution to this is very simple, so much so that you wouldn’t think of it until you ran into the same issue. Just find your way to ‘Move Request’ located under Recipient Configuration and you will have the option that reads ‘Clear Move Request’.

Move requests should be enabled again and you,  are good to go.

– jermal

Testing Remote access to Exchange with Microsoft Exchange Remote Connectivity Analyzer

The Microsoft Exchange Remote Connectivity Analyzer is awesome tool for troubleshooting Exchange external access.

If you are setting up a new Exchange environment and want to test remotely, this is the tool for you.

owa/auth.owa error accessing outlook web

My battle with Exchange continues…

After a day of messing around with the configuration (details to come soon).  I restarted my Exchange 2010 Server.  All was working as expected, so thumbs up and smiles all around.  And then… it happened! I attempted to access web-mail (OWA).

The main Outlook Web Access page loaded without any issues.  So I logged in and after clicking Sign in I was presented with a blank page pointing to auth.owa.  What broke?  I didn’t do any updates. Attempting to test using Test-OWAConnectivity in the EMC didn’t give me much info to go on.

I later looked into the services and “wow, Microsoft, for-real guys” … Forms Based Authentication to a seperate Service called Microsoft Exchange Forms-Based Authentication Service.

Starting this fixed my issue. I am puzzled why this didn’t start with the server, because its set to automatic. I will do a little more digging and if I find something I’ll report back.

– Jermal

Exchange 2010 Active Sync Issue

Today I spent sometime working on my exchange migration path. There was some concerns that needed to be addressed some of which opened up the migration path I originally thought was best, but put out of my mind due to ……………  well anyhow!  I am back with an issue, and it seems this time its mobile devices and active sync.

After moving my mailbox over to EX2010 I noticed I was unable to sync my i777 or my IOS device.   After a little frustration, and searching Google, to only find post that did not help me at all; In fact some of them were instructing me to do things that would only wast my time.

Event Logs —

I decided to look in a place many of us system admin guys often forget to look; the event logs.  I quickly noticed the following error event in applications:

Event ID:  1053

Exchange ActiveSync doesn’t have sufficient permissions to create the “CN=Jermal Smith,OU=Users,OU=Information Technology,OU=*********,OU=*******,DC=******s,DC=*****” container under Active Directory user “Active Directory operation failed on ************. This error is not retriable. Additional information: Access is denied.
Active directory response: 00000005: SecErr: DSID-031521D0, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
Make sure the user has inherited permission granted to domainExchange Servers to allow List, Create child, Delete child of object type “msExchActiveSyncDevices” and doesn’t have any deny permissions that block such operations.

Now I have something I can use to search out a solution.  I also recalled having a similar issue testing out Lync where my admin account did not have inherited permission granted.  I then did the following:

On a Domain Controller or any member machine with the proper tools, Click on Start/All Programs/Administrative Tools/Active Directory Users and Computers

Click on View and Select Advanced Features

Select a mailbox that isn’t working with Active Sync, double click on the account, Select the Security Tab and then the Advanced Button.

Select Exchange Servers, and tick the Include inheritable permissions then Apply and OK.

When this was completed, I went back to my mobile devices to check if they would now connect and like magic (well not so much magic) they were both working as i expected them to.



Configure Local Continuous Replication in Exchange Server 2007

These day’s are almost in my past with Exchange 2010 just around the block. I had notes on t his but never put them out there, old news but new post. I hope you find this helpful.

LCR is a single server solution that provides high availability for Exchange Server 2007. Once you enable a local replica of a storage group, LCR copies any changes to the storage group to the replica. This process is called Log Shipping. Please follow the steps below:

  1. Log on to Exchange Server 2007
  2. Click Start, and then point to All Programs, then Microsoft Exchange and click Exchange Management Console
  3. Expand Microsoft Exchange and click the Server Configuration in the Console Tree
  4. Click the server name that has mailbox server role in the results pane. And in the action page, click Manage Mailbox Role
  5. In the work pane, right click First Storage Group and click Enable Local Continuous Backup
  6. On the welcome page, click Next
  7. On the Set Paths page accept the default location or enter new location for the Local Continuous replica set for Storage Group
  8. On the Mailbox Store page, click Next or enter suitable location for Replica Mailbox Store database files. Do the same for other stores in this Storage Group
  9. On the Enable Page, click Enable and then click Finish