Wednesday, November 20, 2013

Exchange 2010 Circular Logging , Circular logging parameter change will not be applied on this database before it is remounted. Dismount and remount database….

You would like to enable CL ( Circular logging) on the production Exchange Servers, perhaps you start moving mailboxes and realized you need to turn on circular login, due to concerns with possible disk space issues, especially with large mailboxes.

Now if you have prior versions of Exchange experience you will quickly remember enabling and disabling it requires IS ( Information store ) service to be restarted in order for CL to go into effect & kick in.

Or perhaps you remember seeing this with Exchange 2010

--------------------------------------------------------
Microsoft Exchange Warning
--------------------------------------------------------
The following warning(s) occurred while saving changes:

Set-MailboxDatabase
Completed

Warning:
Circular logging parameter change will not be applied on this database before it is remounted. Dismount and remount database "db51elt" in order to apply this parameter change.

image

From PS we would enable CL with one Liner

###Enabling CL on the Specific DB

Get-MailboxDatabase db01elt | Set-MailboxDatabase -CircularloggingEnabled:$true

###Disabling CL on the Specific DB

Get-MailboxDatabase db01elt | Set-MailboxDatabase -CircularloggingEnabled:$False

Now if we like to enable CL on all the databases we would do this easily

$Alldb = Get-MailBoxDataBase
$Alldb | Set-MailboxDatabase -CircularloggingEnabled:$True

image

*** As you can see we get the same warnings***

If you like to disable it on all Databases ….

$Alldb = Get-MailBoxDataBase
$Alldb | Set-MailboxDatabase -CircularloggingEnabled:$False

Now why we are getting warning from ONLY one single DATABASE when we turn on CL on all the databases ? the answer is here in this picture. one DB in here does not have any other DB copy….

image

Now we need to quickly remember this

Circular Logging TYPE

What is it ?

Managed BY

CRCL continuous replication circular logging Microsoft Exchange Replication Service
JET CL Traditional circular logging JET circular logging is performed by Information Store

### Jet CL ( Single Database , with or without DAG environment )

Enabling and Disabling Traditional CL requires, Database to be dismounted and mounted. in this case the database does not have any copy within the DAG environment ( see picture above)

### CRCL ( Database in the DAG has its copy on another DAG member)

If the database has a copy , then CRCL comes into play and enabling & disabling it wont require any administrator intervention.

Good news if you are in DAG environment you can take advantage of CRCL , meaning no need to touch database after enabling or disabling CRCL = this will keep end users and your managers happier IMO (-:

Here is more comprehensive information on Scott Article !!!

http://blogs.technet.com/b/scottschnoll/archive/2011/06/27/circular-logging-and-mailbox-database-copies.aspx


Oz Casey, Dedeal

Exchange Server North America MVP

MCITP (EMA), MCITP (SA)
MCSE 2003, M+, S+, MCDST
Security+, Project +, Server +
http://smtp25.blogspot.com/ (Blog)
http://telnet25.wordpress.com/ (Blog)
--------------------------------------------------------

Exchange 2010 ContentIndexState Failed

Perhaps you wanted to fail over databases in DAG to another server which holds the healthy DB copy and realized you could not do it due to ContentIndexState  -eq failed.

To return the Content index state to normal healthy state we will need to run several PS scripts. Log into One of the Exchange 2010 server and run the below PS one liner script

If you have several servers you can assign variable to get-mailboxServer CMDlet and pipe that into another PS get property information based on your needs.

$Server = Get-MailBoxServer

$Server | Get-MailBoxDataBaseCopyStatus | Where {$_.ContentIndexState –eq “failed”}

We want to see not failed state but mounted & Health we could this

$Server | Get-MailBoxDataBaseCopyStatus | Where {$_.ContentIndexState -ne "failed"}

 

image

Now lets play a little bit what if I like to get the databases which are status “Mounted” I can use same logic

$Server | Get-MailBoxDataBaseCopyStatus | Where {$_.status -eq "Mounted"}

image

How about healthy ones ?

$Server | Get-MailBoxDataBaseCopyStatus | Where {$_.status -eq "healthy"}

image

Pretty cool isnt it ? if you like to see what other properties available for you to play you could easily do this

Get-MailboxDatabaseCopyStatus | get-member

 

image

image

Get back to our mission now to fixing index copy status, to figure out which servers do have the issue we could do something like this

$Status = Get-MailBoxDatabaseCopyStatus

$Status | Where {$_.ContentIndexState –eq “failed”} | UpdateDatabaseCopy -CatalogOnly

To verify everything is good ( all Servers)

$server = Get-mailboxserver

$Server | Get-MailboxDatabaseCopyStatus | fl name, contentindexstate

Now you get the ideal ,  and ready to make practice (-:

Oz Casey, Dedeal

Exchange Server North America MVP

MCITP (EMA), MCITP (SA)
MCSE 2003, M+, S+, MCDST
Security+, Project +, Server +
http://smtp25.blogspot.com/ (Blog)
http://telnet25.wordpress.com/ (Blog)

Tuesday, November 12, 2013

How to Enable ISE Windows 2008 R2

 

Log onto Windows 2008 R2 Server run PS with administrator  privileges.

image

Import-Module ServerManager

image

Run fallowing command

Add-WindowsFeature PowerShell-ISE

image

image

Now type  below PS command and hit enter

powershell_ise.exe

 

image

 

image

there are number of great adds on for the ISE in-case you need them

https://social.technet.microsoft.com/wiki/contents/articles/2969.windows-powershell-ise-add-on-tools.aspx

Oz Casey, Dedeal

Exchange Server North America MVP

MCITP (EMA), MCITP (SA)
MCSE 2003, M+, S+, MCDST
Security+, Project +, Server +
http://smtp25.blogspot.com/ (Blog)
http://telnet25.wordpress.com/ (Blog)

The requested search root Root.Ztekzone.com “microsoft security groups” is not within the scope of this operation. Cannot perform searches outside the scope ‘usa.Root.Ztekzone.com’

 

The reason you are receiving this error, you are running PowerShell command from Child domain and you like to see the Groups located on the root domain. In order to see these groups and continue to carry on your task all you need to do it to change your setting to view entire forest, this is almost same as opening ADUC and trying to located users or groups within the child domain, when these users or groups actually sits on the root domain. You don’t see it because your query is being performed on the child domain only.

see the settings

Get-AdServerSettings | fl

 

image

 

To change that

Set-AdServerSettings -ViewEntireForest $True

image

image

Now you wont have the errors if you carry on the same task

best

ocd

Oz Casey, Dedeal

( Exchange Server North America MVP)

MCITP (EMA), MCITP (SA)
MCSE 2003, M+, S+, MCDST
Security+, Project +, Server +
http://smtp25.blogspot.com/ (Blog)
http://telnet25.wordpress.com/ (Blog)

 

 

Monday, November 11, 2013

One Liner Useful Random Collection of snippets # 1

 

Below are collection of one Liner snippets you can copy and paste them into EMS and use it for your needs. Please make sure you understand the power of using Pipe ( | ) and Set commands  in PS.

### List Mailbox Databases

Get-MailboxDatabase

image

###Locate DB which has the string  the *22*  ( locate a specific DB )

Get-mailboxdatabase  *22*

###Enabling CL on the Specific DB

Get-MailboxDatabase db01elt | Set-MailboxDatabase -CircularloggingEnabled:$true

###Disabling CL on the Specific DB

Get-MailboxDatabase db01elt | Set-MailboxDatabase -CircularloggingEnabled:$False

### After CL is Enable in order CL to work you need to Dismount and Mount the database

This snippet will dismount DB01elt and it will NOT ask confirmation

###Enabling CL on the ALL Databases

Get-MailboxDatabase | Set-MailboxDatabase -CircularloggingEnabled:$true

###Disabling CL on the ALL Databases

Get-MailboxDatabase | Set-MailboxDatabase -CircularloggingEnabled:$false

### Dismount all Databases

Get-MailboxDatabase | Dismount-Database -Confirm:$false

### Mount all Databases

Get-MailboxDatabase | Mount-Database -Confirm:$false

### Dismount Specific Database

Get-MailboxDatabase db01elt | Dismount-Database -Confirm:$False

### Mount Specific Database

Get-MailboxDatabase db01elt | Mount-Database -Confirm:$False

### CL Enabled

Get Databases CL is enabled

Get-MailboxDatabase | where {$_.CircularLoggingEnabled -eq $true}

image

### CL is NOT Enabled

Get Databases CL is NOT enabled

Get-MailboxDatabase | where {$_.CircularLoggingEnabled -eq $False}

 

image

More to come……….

Oz Casey, Dedeal

( Exchange Server North America MVP)

MCITP (EMA), MCITP (SA)
MCSE 2003, M+, S+, MCDST
Security+, Project +, Server +
http://smtp25.blogspot.com/ (Blog)
http://telnet25.wordpress.com/ (Blog)

Wednesday, November 6, 2013

Microsoft Exchange VSS writer is in a failed retryable state!!!

 

If you are running Exchange 2010 I am pretty sure one way or other you are familiar with Exchange VSS Writer and how it effects your ability to back up your Exchange servers.

When VSS Writer is in Error stage the backup software won't be able to take successful backup and most likely backup team will open ticket and ask Exchange team to fix the VSS writer so their software can perform the backups.

If you are in large enterprise environment where you have backup team , windows team and Exchange team now you are in the Chicken and egg war as the backup tram will blame on Exchange writer and Exchange team will ask Windows Team to fix the issues (-: and as you can see things will get quite interesting.

As we already know VSS technology has been around quite a bit and third party Vendors are relaying on Microsoft native VSS writer to perform backup functions when it comes to backing up Exchange 2010 Application.

Now before we move forward more let's make sure we get the basic done.

Exchange Server application will provide two different VSS Writers

 

Writer Name

Usage

Utility to see the writers Status

Exchange Information Store VSS writer

Backup of Mounted DB / Active

Open CMD with Administrator privileges on the Exchange servers issue

VSSadmin List Writers ( Command )

Exchange Replication Service VSS writer Backup of Healthy DB / Passive

Open CMD with Administrator privileges on the Exchange servers issue

VSSadmin List Writers ( Command )

 

Exchange Server application will provide two different VSS Writers

 

Writer Name

Writer Location

VSS writer ID

Usage

Microsoft Exchange Writer

Store Writer

Built into the Exchange Information store

( MSExchangeIS = store.exe )

{76fe1ac4-15f7-4bcd-987e-8e1acb462fb7}

Store Writer is used by Mounted / Active Databases

Microsoft Exchange Replica Writer

 

 

Build into Replication Service

( MSExchangeRepl = msexchangerepl.exe )

{76fe1ac4-15f7-4bcd-987e-8e1acb462fb7} The Replication Writer is used by Healthy /Passive Databases

 

How to deal with failing VSS Exchange Writer issues ?

image

The sort and most common answer is going to be re-start the service which the writer is associating with. As you can tell re-starting replication service might be acceptable at most of the work environments as it does not cause any end user disruption. However dealing with IS service is different ball game, even with Exchange 2010 DAG environment, most places will be hesitant to re-start this service ( Failing over to DAG member is for sure valuable option, draining one server and deal with it make sense) .

Another option could be dedicating a Exchange 2010 Server for backup and availability services ( putting activation block , on these servers and deal with them as the issues occur).

Beyond this, my point of view is that, it is real hard to convince the third party vendors to clean up their backup software code and not to cause Exchange writer to fail and keep pointing fingers back and forth. If you been there you would understand what I mean.

Reference

http://msdn.microsoft.com/en-us/library/bb204080(v=exchg.140).aspx

Oz Casey, Dedeal

( Exchange Server North America MVP)

MCITP (EMA), MCITP (SA)
MCSE 2003, M+, S+, MCDST
Security+, Project +, Server +
http://smtp25.blogspot.com/ (Blog)
http://telnet25.wordpress.com/ (Blog)

Tuesday, October 8, 2013

A universal group cannot have a local group as a member.

Issue: Unable to convert Mail Enabled Groups from EMC in Exchange 2010.

--------------------------------------------------------
Microsoft Exchange Error
--------------------------------------------------------
Action 'Convert to Universal Group' could not be performed on object 'IT Managers'.

IT Managers
Failed
Error:
Active Directory operation failed on dc1.ZtekZone.com. This error is not retriable. Additional information: A universal group cannot have a local group as a member.
Active directory response: 00002146: SvcErr: DSID-031A120C, problem 5003 (WILL_NOT_PERFORM), data 0

The server cannot handle directory requests.

image

Exchange 2010 and Group Scope

  • To refresh your knowledge here is Active Directory Group Scope and Group Types
Group Scope Group Type
Domain Local Security
Global Distribution
Universal

Exchange 2007 and Exchange 2010 wants all mail enabled groups Scope to be “Universal” regardless of the Group type. This is almost the other way around in Exchange 2003 world, as Exchange 2003 did not care about this much.

Lets take a look at our problem Group and try to understand the issue.

image

This Group Type is “Domain local” it is a Distribution Group, Exchange 2010 is not happy with this group scope type,  as you can see from the picture even Icon for this group is faded out (-:

image

How to solve this problem? We could perfectly locate this group with ADUC and change .the Group Scope to “Universal” and click apply.

image

Now we go back to EMC and take a look at same Group, to see if  Exchange is happy with new Group Type “ Universal” , the answer is yes.As you can see the Icon is changed.

image

Why Exchange forces Mail enabled group Types to be “Universal” ONLY!!!?

Here is the reason Universal group membership is replicated to all Global Catalogs , ALL DC/GC Servers, unlike Global and Domain local Scope type. The Universal groups replication boundaries and expansion capabilities FOREST Wide, thus Exchange 2007 and 2010 wants mail enabled groups and their Group Scope only to be “Universal” This is the case when it comes to Exchange and unfortunately Exchange does not care even you have single Label Domain name space.

Please note that there is no other reason or limitations any other functions goes. So if you are in the middle of the migration and finding this out do not freak out , This is fairly simple to deal with and it has no other side effects to existing functioning Distribution groups goes, since changing Group scope Type does not make any changes on the group membership, ACL’s permissions and etc.

One thing is to remember it could increase the network traffic when it wants to expand if it has forest wide members, but this ensures all members gets the e-mail (-: so give and take thing (-:

Now if you have many of these how to convert them?

Get-DistributionGroup | where { $_.Grouptype -Like "Global*" } | Set-Group -Universal

Now

Get-DistributionGroup | where { $_.Grouptype -Like "Domain*" } | Set-Group -Universal

image

*Note you might be getting errors when you run this script , if a mail enabled group has another mail enabled group as its member, and both Group Scope are not Universal , if you persistently keep running these scripts, you will be able to take care of them and  and when Exchange server is happy you get all these nice futures with the mail enabled groups

image

Oz Casey, Dedeal

( Exchange Server North America MVP)

MCITP (EMA), MCITP (SA)
MCSE 2003, M+, S+, MCDST
Security+, Project +, Server +
http://smtp25.blogspot.com/ (Blog)
http://telnet25.wordpress.com/ (Blog)

Wednesday, October 2, 2013

Exchange 2010, An Active Manager operation failed, content index catalog files in the following state: 'Failed'.

Running “Move-ActiveMailboxDatabase  fails with fallowing errors”

$Sname1 = E1
$Sname1 = E2
Get-mailboxdatabase -server $Sname1 -status | where {$_.mounted -eq $true} | Move-ActiveMailboxDatabase -ActivateOnServer $Sname2 -Confirm:$False

 

An Active Manager operation failed. Error The database action failed. Error: An error occurred while trying to validate the specified database copy for possible activat
on. Error: Database copy 'db01' on server 'E1.ZtekZone.com' has content index catalog files in the following state: 'Failed'.. [Database: db01, Server: E1.ZtekZone.com]
    + CategoryInfo          : InvalidOperation: (db01:ADObjectId) [Move-ActiveMailboxDatabase], AmDbActionWrapperException
    + FullyQualifiedErrorId : 52C54005,Microsoft.Exchange.Management.SystemConfigurationTasks.MoveActiveMailboxDatabase

 

image

image

Solution

Get-MailboxDatabaseCopyStatus | fl name, ContentIndexState

Or





$DBstatus = Get-MailboxDatabaseCopyStatus
$DBstatus | fl name,*Content*


image


Now if we are dealing with single Database this would work





Update-MailboxDatabaseCopy "db60ssc\E1" -CatalogOnly

image


Now if we have many Databases





Get-MailboxDatabaseCopyStatus * | where {$_.ContentIndexState -eq "Failed"}

image


To fix all





$DBstatus = Get-MailboxDatabaseCopyStatus
$DBstatus | where {$_.ContentIndexState -eq "Failed"}

image


Now we will use Fallowing Command and append it to above command to fix content index issues








Update-MailboxDatabaseCopy –CatalogOnly

To Update all





Get-MailboxDatabaseCopyStatus * | where {$_.ContentIndexState -eq "Failed"} | Update-MailboxDatabaseCopy –CatalogOnly

 


Reseed the Search Catalog
http://technet.microsoft.com/en-us/library/ee633475.aspx


Enjoy !!

Respectfully,

Oz Casey, Dedeal

( Exchange Server North America MVP)


MCITP (EMA), MCITP (SA)
MCSE 2003, M+, S+, MCDST
Security+, Project +, Server +
http://smtp25.blogspot.com/ (Blog)
http://telnet25.wordpress.com/ (Blog)

Friday, September 13, 2013

PST Export & Import Exchange 2010

Our task is to allow PST Import and Export functions in Exchange 2010 to replace XMerge functions which used to be the tool in Exchange 2003 days.

Xmerge concept does not exist in Exchange 2010 and using simple PS cmdlet New-MailboxExportRequest will do the job and you will love using it.

  • Create a new Role Group
  • Assign “Mailbox Import Export” role to it.
  • Add Desired Users to Role Group
  • Create Network Share ( Exchange Trusted Subsystem group has read/write permission to NTFS Permissions)
  • Run PS New-MailboxExportRequest
  • Monitor New-MailboxExportRequest
  • Verify PST File has been created on the network Share

Task#1

Create a new Role Group and assign role “ Mailbox Import Export” to it

I called the RoleGorup “PST Import Export” you can call it anything you like but remember you have to assign “Mailbox Import Export” role to this group like shown below

New-RoleGroup “PST Import Export” -Roles “Mailbox Import Export”

Once this is successful done we can see the Role Group

image

Task#2

Add Desired Users to Role Group

Add-RoleGroupMember “PST Import Export” -Member Administrator

Verify the work

Get-RoleGroup *export* | Get-RoleGroupMember

image

Task#3

Create Network Share assign Exchange Trusted Subsystem group has read/write permission Shared Folder &  NTFS Permissions

Administrator account ( or Account you like to use)  also has Full Shared Permissions

image

image

image

Task#4

Execute the PS to get the work done

New-MailboxExportRequest -Name MBExport -Mailbox "Casey.Dedeal" -FilePath \\E1\pst$\Dedeal.pst

Task#5

Monitor the Move Request

Get-moverequest|get-moverequeststatistics
image
Get-moverequest|get-moverequeststatistics  |export-csv c:\reports\Move_Report.csv

Enjoy !!

Respectfully,

Oz Casey, Dedeal

( Exchange Server North America MVP)

MCITP (EMA), MCITP (SA)
MCSE 2003, M+, S+, MCDST
Security+, Project +, Server +
http://smtp25.blogspot.com/ (Blog)
http://telnet25.wordpress.com/ (Blog)

Monday, September 2, 2013

Bulk User Mailbox Creation Exchange Server 2010

This script will help you to create bulk mailbox. You can create 10 or 1000 mailbox, it is up to you, just fallow the simple steps and provide input after executing the script.

This script is great and handy if you are looking for populating users for your LAB etc..

Download the script from here

Step One execute the script from your Exchange server

Create_Bulk_MailBoxUsers.ps1

image

Just provide the input for the script , that is all you have to do

image

Script will take your inputs it will create mailboxes, you can create 10 or 1000 mailbox with simple clicks..

image

Enjoy !!

Respectfully,

MCITP (EMA), MCITP (SA)
MCSE 2003, M+, S+, MCDST
Security+, Project +, Server +
http://smtp25.blogspot.com/ (Blog)
http://telnet25.wordpress.com/ (Blog)

Saturday, August 31, 2013

Create Bulk Active Directory Users with PowerShell

Here is real simple script to use to create bulk AD users for your test environment. When you execute the script it will ask you simple questions, all you need to do it to type input based on your scenario, script will take your input and execute within the shell. and at the end it will list the users which have been created.

I wrote this script please fell free to change or add anything you like.

Download the script  from here

 

After downloading the script execute it

image

Script will ask you three questions

image

After you specify how many users you like to create ( you can create as many users as you like)

image

Script will show you the users, you will also find these  users on the default user contained within ADUC.

image

Easy enough (-: , Enjoy it

Respectfully,

MCITP (EMA), MCITP (SA)
MCSE 2003, M+, S+, MCDST
Security+, Project +, Server +
http://smtp25.blogspot.com/ (Blog)
http://telnet25.wordpress.com/ (Blog)

 

 

Wednesday, August 21, 2013

How to Configure Exchange 2010 Self Certificate Part 3

  • Now open your Exchange 2010 Server EMC
  • Go to Server Configuration , make right click
  • Select "new Exchange Certificate"

clip_image001

Give it a name like,

Exchange 2010 CR Request

clip_image002

Click next

clip_image003

Now on this page let me elaborate bit more, in our scenario we won't have any access from internet so all configuration changes we will be doing are INTERNAL. That being said if this would be real time scenario the process would be the same as you would consider to use outside names to access these resources such as mail.YourCompnay.com or outlook.YourCompany.com

Internal Server names DO NOT NEED TO BE on the certificate normally , Unless you can think of some good reason.

We will use two name spaces

Mail.ztekzone.com and Webmail.ztekzone.com , in internal DNS servers we will add A records to point these resources

Any Exchange server we like. The purpose of having different name space is to keep control of internal mail related resources and segregate them from outside ( Different path, different HLB servers etc.)

clip_image004

clip_image005

The last option is Legacy , if you were to perform migration from legacy versions of Exchange servers this is what you would select here for the proper name space to be able to distinguish Exchange services and proxy them back to legacy servers in Co-Existence scenarios . ( you leave this blank if this is wont pertain to you)

clip_image006

Now on this page make sure your common name set it correctly

Fill out the blanks per your reference

clip_image007

clip_image008

clip_image009

clip_image010

Click Finish now you can see you have pending request

clip_image011

Here is our file

clip_image012

In Part 3 we will put all together

clip_image013

Here is OWA and SSL connection is established  with no  issues

clip_image014

Respectfully,

MCITP (EMA), MCITP (SA)
MCSE 2003, M+, S+, MCDST
Security+, Project +, Server +
http://smtp25.blogspot.com/ (Blog)
http://telnet25.wordpress.com/ (Blog)