Monday, October 23, 2017




Exchange 2016 CU 7 Issues / bugs and frustrations 

If you are upgrading to CU7 you might run into issues listed below. Interruption on the mail flow. The issue seems to be caused by permission changes on the registry key called “IDStore”
This is another undocumented surprise with CU7.  Also keep an eye on your existing IIS settings, SSL offloading existing setting seems to be wiped out with the CU7 install.
OU pickler ( config file ) is not working after config file is getting wiped out also known CU upgraded gift , Microsoft seems to be neglecting to get this fixed.
IF more found I will update the article in the feature.

The transport process failed during message processing with the following call stack: System.UnauthorizedAccessException: Access to the registry key 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ExchangeServer\v15\WorkerTaskFramework\IdStore\ProbeDefinitionIDConflicts' is denied.
   at Microsoft.Win32.RegistryKey.Win32Error(Int32 errorCode, String str)
   at Microsoft.Win32.RegistryKey.CreateSubKeyInternal(String subkey, RegistryKeyPermissionCheck permissionCheck, Object registrySecurityObj, RegistryOptions registryOptions)
   at Microsoft.Win32.RegistryKey.CreateSubKey(String subkey)
   at Microsoft.Office.Datacenter.WorkerTaskFramework.WindowsRegistryKey.CreateSubKey(String path)
   at Microsoft.Office.Datacenter.ActiveMonitoring.DefinitionIdGenerator`1.RecordConflictInRegistry(String keyName, String value)
   at Microsoft.Office.Datacenter.ActiveMonitoring.DefinitionIdGenerator`1.GenerateDefinitionId(String definitionKey, Boolean isNotification)
   at Microsoft.Office.Datacenter.ActiveMonitoring.NotificationItem.Publish(Boolean throwOnError)
   at Microsoft.Exchange.Protocols.Smtp.Legacy.MailSmtpCommand.LogMailFromSmtpResponseEventIntoCrimsonChannelPeriodically(String eventIdentifier)
   at Microsoft.Exchange.Protocols.Smtp.Legacy.MailSmtpCommand.OutboundProcessResponse()
   at Microsoft.Exchange.Protocols.Smtp.Send.SmtpOutSession.HandlePostParseResponse(SmtpCommand command)
   at Microsoft.Exchange.Protocols.Smtp.Send.SmtpOutSession.InvokeResponseHandler(SmtpCommand command)
   at Microsoft.Exchange.Protocols.Smtp.Send.SmtpOutSession.StartProcessingResponse(Byte[] buffer, Int32 offset, Int32 size, Boolean overflow)
   at Microsoft.Exchange.Protocols.Smtp.Send.SmtpOutSession.ReadLineComplete(IAsyncResult asyncResult)
   at Microsoft.Exchange.Net.LazyAsyncResult.WorkerThreadComplete(Object state)
   at Microsoft.Exchange.Net.LazyAsyncResult.Complete(IntPtr userToken)
   at Microsoft.Exchange.Net.LazyAsyncResult.ProtectedInvokeCallback(Object value, IntPtr userToken)
   at Microsoft.Exchange.Net.NetworkConnection.InvokeRecvCallback(LazyAsyncResultWithTimeout`1 asyncResult, NetworkResult result)
   at Microsoft.Exchange.Net.NetworkConnection.ReadLineDataAvailable(IAsyncResult asyncResult)
   at System.Net.LazyAsyncResult.Complete(IntPtr userToken)
   at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
   at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
   at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)
   at System.Net.ContextAwareResult.Complete(IntPtr userToken)
   at System.Net.LazyAsyncResult.ProtectedInvokeCallback(Object result, IntPtr userToken)
   at System.Net.Sockets.BaseOverlappedAsyncResult.CompletionPortCallback(UInt32 errorCode, UInt32 numBytes, NativeOverlapped* nativeOverlapped)
   at System.Threading._IOCompletionCallback.PerformIOCompletionCallback(UInt32 errorCode, UInt32 numBytes, NativeOverlapped* pOVERLAP)


Issue:  Inbound e-mail stops with following error (user not getting inbound e-mail)
Symptoms:  All Exchange 2016 services seems to be running, transport service looks fine.
User experience:  No incoming e-mail, outgoing e-mail continues to work

















Solution:
To remediate the issue listed above, Assign network service ( This computer)  Full Access rights as shown below.

  • ·        HKEY_LOCAL_MACHINE
  • ·        SOFTWARE
  • ·        Microsoft
  • ·        ExchangeServer
  • ·        v15
  • ·        WorkerTaskFramework
  • ·        IdStore





'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ExchangeServer\v15\WorkerTaskFramework\IdStore






Navigate the register key listed above on your Exchange 2016 CU7 server. Make a right click, permissions and select ( Local computer) Network service is local computer account. Assign Full permissions and close the register.


Verify mail flow id restored.



Oz Casey, Dedeal
Systems Engineer
http://smtp25.blogspot.com/ (Blog)
http://telnet25.wordpress.com/ (Blog)
https://twitter.com/Message_Talk (Twitter)



Tuesday, October 10, 2017

Check to see if Active Directory Account is Enabled/Disabled



Simple Tip:
Using the simple PS code below we can check to see if AD account for given user is enabled or disabled. Exploring other  properties with following one liner PS  Get-ADUser $user  -Properties * | gm
will also provide more options. You can check any of the available properties with same way and accomplish the task.





# Check to see if AD User Exist

#(1).Collect user Info
$user               = "Casey.dedeal"
$status           = Get-ADUser $user  -Properties * | select LockedOut
$LockedOut  = $(try {$status} catch {$True})

#(2).Write Output
write-host "()_Checking $user AD Account Status" -f yellow

#(3).Check the account status
If ($LockedOut -eq $True) {
write-host "()_.$user is locked out"
} Else {
write-host "()_.$user is NOT locked out"}





Oz Casey, Dedeal
Systems Engineer
http://smtp25.blogspot.com/ (Blog)
http://telnet25.wordpress.com/ (Blog)
https://twitter.com/Message_Talk (Twitter)