Author: Steve Man

Collect and Email the Exchange 2013 Malware Protection Engine Update Information.

Scenario:  You want a report that will email you the Engine Update Information for all of your Exchange 2013 Servers that are using the native Malware Protection.

Script:

#Create Variables
$ExchangeServers = Get-ExchangeServer | Where AdminDisplayVersion -like "Version 15*"
$final = @()
$strCurrentTimeZone = (Get-WmiObject win32_timezone).StandardName
$TZ = [System.TimeZoneInfo]::FindSystemTimeZoneById($strCurrentTimeZone)

#Check for Malware Engine Updates. Loop and Invoke Commands.
$Exchangeservers | %{
$server = $_.name
$LC = Invoke-Command –Computername $_ -ScriptBlock {Add-PSSnapin microsoft.forefront.filtering.management.powershell;(Get-EngineUpdateInformation).LastChecked } -ErrorAction STOP
$LU = Invoke-Command –Computername $_ -ScriptBlock {Add-PSSnapin microsoft.forefront.filtering.management.powershell;(Get-EngineUpdateInformation).LastUpdated } -ErrorAction STOP
$EV = Invoke-Command –Computername $_ -ScriptBlock {Add-PSSnapin microsoft.forefront.filtering.management.powershell;(Get-EngineUpdateInformation).EngineVersion } -ErrorAction STOP

#Convert from UTC to Local Time Zone.
$LCLocal = [System.TimeZoneInfo]::ConvertTimeFromUtc($LC, $TZ)
$LULocal = [System.TimeZoneInfo]::ConvertTimeFromUtc($LU, $TZ)

#Build the Array
 $ServerObj = New-Object PSObject
 $ServerObj | Add-Member NoteProperty -Name "ServerName" -Value $server
 $ServerObj | Add-Member NoteProperty -Name "LastChecked" -Value $LCLocal
 $ServerObj | Add-Member NoteProperty -Name "LastUpdated" -value $LULocal
 $ServerObj | Add-Member NoteProperty -Name "EngineVersion" -value $EV
    $Final += $ServerObj    
}

$EngineUpdates = $final | Sort ServerName | Convertto-HTML

#Email
$body =""
$smtp = "mail.domain.com"
$to = "steve@domain.com"
$from = "EngineUpdateMonitor@domain.com"
$subject = "Engine Update Monitor" 
$body += "<b><Font color=#0404B4>Malware Engine Updates: </b></font><br><br>"
$body += "$EngineUpdates <br><br><br>"
send-MailMessage -SmtpServer $smtp -To $to -From $from -Subject $subject -Body $body -BodyAsHtml -Priority high

Content Index State is Unknown or Failed and has an error message of: “An internal error occurred for the database or its index.”

 Scenario:  Users cannot search in OWA or when in Outlook in Online mode. When you run the command below you notice that the Content Index State is Failed or Unknown.

get-mailboxdatabasecopystatus DB123 | FL Content*

ContentIndex:  Failed or Unknown
ContentIndexErrorMessage:  An internal error occurred for the database or its index.ContentIndexErrorCode:2

In the Application Event Log you see the following:

Event 1009, MSExchangeFastSearch:

The indexing of mailbox database DB123 encountered an unexpected exception. Error details: Microsoft.Exchange.Search.Core.Abstraction.OperationFailedException: The component operation has failed. —> Microsoft.Exchange.Search.Core.Abstraction.OperationFailedException: The component operation has failed. —> System.ServiceModel.FaultException`1[System.ServiceModel.ExceptionDetail]: Internal error while processing request

You have also verified that the Microsoft Exchange Search and Microsoft Exchange Search Host Controller services are started.

Solution: Follow these steps.

  1. Create an security group called ContentSubmitters.
  2. This security group will have no members, but you need to add Full Control in the security of the group to:
    • Administrators
    • Network Service
  3.  Now on the affected Exchange servers,  Restart the following services:
    • MSExchangeFastSearch  (Microsoft Exchange Search)
    • HostControllerService (Microsoft Exchange Search Host Controller)

 

 

Mailboxes were unable to connect after Exchange 2013 CU8 install

Scenario:  After upgrading our Exchange environment to CU8, users were reporting that they were unable to connect to their mailbox.  After investigation, it was narrowed down that only a few servers were showing this issue, and other recently updated servers were working fine.

Symptoms:

  • Outlook Anywhere was showing as disconnected.
  • OWA was taking mailboxes to a blank white page.
  • Mobile Devices were reporting that there were issues connecting to the server
  • Failure to connect to the Exchange Management Shell
  • Multiple events in the System Log of the affected servers: Event ID 15021 (Source: HttpEvent): An error occurred while using SSL configuration for endpoint 0.0.0.0:444.  The error status code is contained within the returned data.

Cause/Resolution: The problem was found to be that the Exchange Back End virtual directory in IIS was no longer bound to a SSL certificate; thus users were not able to establish a connection to their mailboxes.

  1.  Open IIS Manager
  2.  Expand the Server Name –> Sites.
  3.  Right click on the  Exchange Back End site.
  4.  Click on Edit Bindings.
  5.  Edit the entry for https port 444.
  6.  Select a valid SSL vertificate from the list. A certificate needs to be set and this was set  to none and was causing the issue.

 

Best practices when using the Outlook Calendar

The Outlook Calendar fully integrates with email, contacts, and other features. This integration makes the Calendar component one of the most popular features of Outlook. In this article, we will guide you through the use of the Calendars various functions. In addition, we’ll introduce you to calendar improvements that are specifically targeted to make your experience more consistent.

Note    Many calendar enhancements were added to Outlook 2007 service packs. For this reason, our very first recommendation is that you make sure to use Outlook 2007 Service Pack 3 (SP3) or later. The sections below assume that you are using Outlook 2007 SP3, Outlook 2010, or Outlook 2013.

Forwarding meeting requests

If you’re using Outlook 2007, you should not forward meeting requests. This can result in lost or mismatched meetings. Instead, ask the meeting organizer to add the attendee to the original meeting request.

If you are using Outlook 2010 or newer and you’re a meeting attendee, you can forward a meeting to another person that is using Outlook 2010 or newer. This is possible because Outlook 2010 introduced the Meeting Forward Notification feature. When you use Outlook 2010 or newer to forward a meeting to someone that was not originally invited to the meeting, Outlook sends a meeting forward notification to the meeting organizer. When the organizer receives the meeting notification, the new attendee is added to the organizer’s meeting. If existing attendees need to know that an additional attendee was added to the meeting, then the organizer must open the meeting and send a meeting update to all of the attendees.

Note   If you want to let someone know about a meeting, but not invite them, simply drag the meeting request from your calendar to the Mail icon on the lower left side of Outlook. This opens an email with information about the meeting that you can send out. Note that this email doesn’t add the recipient(s) to the meeting, and only contains meeting information such as date, time, subject and agenda.

For Microsoft Exchange users

Microsoft Exchange Server 2007 also introduced Meeting Forward Notifications as part of the Calendar Attendant feature. If you use Outlook to connect to a mailbox on an Exchange Server 2007, Exchange Server 2010 or Exchange Server 2013 organization, meeting forward notification behavior may be subject to Exchange settings, if configured by the Exchange Administrator. For example, the Exchange Administrator can prevent meeting forward notification from being sent to remote domains.

We generally recommend that an attendee not forward a meeting if they are not in the same Exchange organization as the organizer, unless all of the following conditions are true:

  • The attendee is using Microsoft Outlook 2010 or newer.
  • The attendee’s Exchange Administrator allows meeting forward notifications to be sent to remote domains.
  • The organizer is using a Microsoft Outlook client.

In the case of an attendee that uses a non-Exchange mail system, we generally recommend not forwarding a meeting, unless all of the following conditions are true:

  • The attendee is using Microsoft Outlook 2010 or newer.
  • The organizer is using a Microsoft Outlook client.

If for any reason the organizer does not receive the meeting forward notification, the meeting attendees are not added to the organizer’s meeting. If the organizer subsequently changes the meeting and sends out an update, the update is only sent to the original invitees. The attendees that earlier received the forwarded copy of the meeting will not receive the update.

If the above limitations prevent you from successfully and from consistently forwarding meeting invitations, it is best to simply ask the meeting organizer to add the desired attendees. It is important to ask the meeting organizer to add the desired attendees if you are not certain that both your and the desired attendees’ environments meet the above conditions.

Note    Outlook Delegates do not receive Meeting Forward Notifications.

Process all meeting requests and cancellations

Although you can delete a meeting request directly from your Inbox, you should properly process the meeting request by either accepting or declining it. Always use the Remove from Calendar command to process meeting cancellations. Avoid processing meetings directly from the Calendar module.

Working with recurring meetings

Set end dates and limit the number of occurrences

Outlook makes it easy to schedule a meeting that has multiple regular occurrences. We recommend that you 1) always set an end date and 2) limit the recurring series to a specific number of occurrences. Truthfully, recurring meetings are going to require modifications at one point or another. Over time, attendees are added to or removed from a single occurrence. The meeting location or time changes due to vacation dates or unforeseen circumstances. Outlook saves each of these unique changes as a meeting exception. Meetings with a very large number of exceptions result in a meeting series that is difficult to manage. Additionally, it can introduce unexpected behavior. You can always create a new meeting series when the current one ends. When thinking about the number of occurrences, consider the frequency. In the period of a year, a twice a week meeting will have about 90 more occurrences than a monthly meeting during that same period.

End a recurring meeting before the original end date

Although you can cancel a recurring meeting, a better option is to change the end date for the series. This allows you and the attendees to keep a record of the meetings that occurred in the past. If you cancel the recurring meeting altogether, that history is lost. The best option is to set a new end date and then send the update to all attendees. This ends the meeting series early, while keeping a record of previous meetings.

Note    If you end the meeting series early, exceptions associated with the recurring meeting are lost, To learn more about exceptions, see the “Set end dates and limit the number of occurrences” section.

For more information about cancelling all future meetings in a series, see: Cancel all future meetings in a series

Change the organizer

Outlook does not provide a way to change a meeting organizer. To change the meeting organizer of a recurring meeting, end the recurring meeting. To do this, set an earlier end date and send the update to all attendees. After you complete this step, the new organizer should create a new recurring meeting.

For more information about setting an earlier end date, also see: Cancel a meeting

Avoid using a recurring meeting to share attachments

Attachments add to the complexity of recurring meeting exceptions. Each exception contains its own copy of the attachments. As exceptions are added to recurring meetings, new copies of the attachments are created. If you make changes to one set of attachments, these changes do not propagate to the other exceptions. If you require that all attendees have the most recent copy of changes for any given meeting, share the documents via a sharing service, such as OneDrive. Enterprise users can take advantage of SharePoint or other shared file server on the network.

Prevent inconsistencies in meeting notes

If you make a change to the meeting time, date, location or attendee list, and then attempt to save the meeting, Outlook only offers you two choices. Send the meeting update to all attendees or cancel the changes. This design ensures that the copy of the meeting is consistent for all attendees. However, the Notes field is not considered a critical field. Therefore, you can save changes to the Notes field without sending the update to all attendees.

Important    If you intended to use these as personal notes, any subsequent change that requires sending the meeting update will include the Notes content. To prevent accidental disclosure, store your notes elsewhere.

The same goes for meeting attendees. As a meeting attendee, you can also store your own notes in your copy of the meeting. However, if you accept a subsequent full meeting update from the organizer, your notes may be overwritten.

Avoid copying meetings

By design, Outlook removes any links between a copied meeting and the original meeting. This greatly contributes to preventing inconsistencies. Newer versions of Outlook add the text string “Copy:” to the subject. This makes it easy to identify meeting copies.

Actions related to copied meetings yield unexpected results, therefore avoid copying meetings. This applies to both meetings copied from another user’s calendar, as well as those copied from another calendar folder that you own.

For more information about how to move meetings that you organized to another calendar folder, see:

How to move Outlook meetings without losing the option to “Send Update”

Maintain devices that connect to your calendar

Make sure that any device that connects to your Calendar has all of the latest updates installed. Some devices use Exchange ActiveSync to synchronize the Calendar and other folders. These devices include Windows Phone, Windows RT, Apple iOS and Android devices. Research In Motion (RIM) BlackBerry devices and others can also synchronize with the Calendar.

For more information about some of the known issues, see: Current issues with Microsoft Exchange ActiveSync and third-party devices.

Note    In some cases, multiple Outlook clients and devices may modify items at the same time, which can introduce conflicts. To minimize the likelihood, do not process the same item on two or more clients or devices within a relatively short period.

Maintain add-ins that integrate with Outlook

Most, if not all Outlook add-ins, access Outlook data. An add-in may change an Outlook item that you are editing at the same time, whether in Outlook or on another device. This can introduce conflicts. To minimize the likelihood, make sure to install the latest updates for any add-ins or programs that integrate with Outlook. Uninstall or disable any of these programs and add-ins that you do not use or that do not need to integrate with Outlook.

Note    In some cases, multiple Outlook clients and devices may modify items at the same time, which can introduce conflicts. To minimize the likelihood, do not process the same item on two or more clients or devices within a relatively short period.

Additional recommendations for Microsoft Exchange users

Working in a manager/delegate scenario

If your organization allows it, configure Outlook to connect to your Exchange mailbox using Cached Exchange Mode. This provides the best performance.

Newer versions of Microsoft Outlook, Microsoft Entourage, and Microsoft Outlook for Mac include many improvements to the delegate feature. For more information about these versions, see:

Outlook delegate feature in mixed versions of Microsoft Outlook and Entourage

Limit the number of delegates

Outlook does not limit the number of delegates that you can add. However, we recommend that you only grant Editor permissions to one (1) delegate. This allows you to track when and how a meeting was processed. Considering the fact that a delegate can use multiple devices to access your data, having many delegates with Editor permissions makes it very difficult to determine why meetings are missing or out of date.

Even if you only grant Editor permissions to one delegate, avoid adding a large number of delegates with Reviewer or Contributor permissions. This is because adding large numbers of delegates may exhaust other resources. For example, the 32K limit for rule data may be reached. When you add a delegate, various changes take place:

  • Outlook applies permissions to relevant folders.
  • The PublicDelegates Active Directory attribute is updated to add “Send on Behalf of” permissions to the delegate.
  • Outlook adds the delegate to a forward rule on the manager’s mailbox. This forwards meeting requests to the delegate.
  • Outlook saves additional delegate information in the manager’s mailbox.

Each of these component areas may have different limits. Nearing these limits can affect performance and stability.

Notes    During development and testing of the product, Microsoft used a maximum of four (4) delegates. Additionally, the delegates only used Outlook. Devices were not included in the testing.

If the delegate with Editor permissions must be replaced either temporarily or indefinitely, change the permissions from Editor to Reviewer or none. Then, grant Editor permissions to the new or backup delegate.

Configure the Exchange Web.Config File for Lync via Powershell Script on Multiple Servers

Scenario:  During the OWA Integration of Exchange 2013 and Lync 2013 , one of the steps is to edit the web.config file on each Exchange Mailbox Server by adding a IMCertificateThumbprint and IMServerName.

The script below queries a list of Exchange servers, determines the certificate thumbprint needed, appends the required values to the web.config file, and then restarts the MSExchangeOWAAppPool and the MSExchangeUM* services.

$Servers= Get-ExchangeServer | Where AdminDisplayVersion -like "*15*"

$Servers | %{
$servername = $_.name 
Write-Host $servername

#Adding the UM Info into Web.Config
$UMThumb= (Get-ExchangeCertificate -server $servername | Where { $_.Services -like '*UMC*'}).ThumbPrint | Select -First 1

Write-Host "Configuring WebConfig for "$servername " with " $UMThumb

$WebConfigFile= "\$servernameC$Program FilesMicrosoftExchange ServerV15ClientAccessOwaweb.config"

Write-Host "Editing Web.Config in $WebConfigFile"

$wc= [XML](Get-Content $WebConfigFile)
$el= $wc.CreateElement("add")
$key= $wc.CreateAttribute( 'key')
$key.psbase.value = 'IMCertificateThumbprint'
$val= $wc.CreateAttribute('value')
$val.psbase.value= $UMThumb
$el.SetAttributeNode($key)
$el.SetAttributeNode($val)
$wc.configuration.appSettings.Appendchild( $el)
$el= $wc.CreateElement("add")
$key= $wc.CreateAttribute( 'key')
$key.psbase.value = 'IMServerName'
$val= $wc.CreateAttribute('value')
$val.psbase.value= 'LyncServerPool.Domain.Com'
$el.SetAttributeNode($key)
$el.SetAttributeNode($val)
$wc.configuration.appSettings.Appendchild( $el)
$wc.Save( $WebConfigFile)


#Restart the AppPool
$appPoolName = "MSExchangeOWAAppPool"
$appPool = get-wmiobject -computername $servername -namespace "rootMicrosoftIISv2" -class "IIsApplicationPool" -Authentication PacketPrivacy -Impersonation Impersonate | Where-Object {$_.Name -eq "W3SVC/APPPOOLS/$appPoolName"}
$appPool.Recycle()

#Restart the UM Services
Get-Service MSExchangeUM* -computername $servername | Restart-Service

}

 

Build a custom table in Powershell that includes mailbox count

Scenario:  You want to build a custom table to include the MailboxCount and other elements of the Get-ExchangeServer command.

$exchangeservers = Get-ExchangeServer | Where AdminDisplayVersion -like "*15*"

$final = @()

$Exchangeservers | %{

#Put the Server Name into a Variable
$server = $_.Name

#Grab the Mailbox Count Per server
$MBXCount = (Get-mailbox -server $_.Name).Count

#Version of Exchange
$AdminDisplayVersion = $_.AdminDisplayVersion

Write-Host "Checking $server"

#Grab the InstallPath
$ExchangeInstallPath = $null

$ExchangeInstallPath = Invoke-Command –Computername $server -ScriptBlock {$env:ExchangeInstallPath} -ErrorAction STOP

#Build the Array
 $ServerObj = New-Object PSObject
 $ServerObj | Add-Member NoteProperty -Name "ServerName" -Value $server
 $ServerObj | Add-Member NoteProperty -Name "InstallPath" -Value $ExchangeInstallPath
 $ServerObj | Add-Member NoteProperty -Name "MBXCount" -value $MBXCount
 $ServerObj | Add-Member NoteProperty -Name "Version" -value $AdminDisplayVersion
    $Final += $ServerObj    
}
$Final

 

 

Exchange 2013 Backup Event ID’s in Order

Here are the Exchange 2013 Backup Event ID’s in order to assist troubleshooting your backup related problems.

  • Event ID 2021  – MSExchangeRepl –  Successfully collected metadata document in preparation for backup.
  • Event ID 2110  – MSExchangeRepl –  Successfully prepared for a full or a copy backup of database MDB01.
  • Event ID 2023  – MSExchangeRepl –  VSS writer successfully prepared for backup.
  • Event ID 2005  – ESE –  Shadow copy instance started.
  • Event ID 2025  – MSExchangeRepl –  VSS successfully prepared for a snapshot.
  • Event ID 2001  – ESE –  MDB01 shadow copy freeze started.
  • Event ID 2027  – MSExchangeRepl –  VSS writer instance has successfully frozen the databases.
  • Event ID 2003  – ESE –  MDB01 shadow copy freeze ended.
  • Event ID 2029  – MSExchangeRepl –  VSS writer instance has successfully thawed the databases.
  • Event ID 2035  – MSExchangeRepl –  VSS writer has successfully processed the post – snapshot event.
  • Event ID 2021  – MSExchangeRepl –  VSS writer has successfully collected the metadata document in preparation for backup.
  • Event ID 224  – ESE –  MDB01 deleting log files C:ExchVolsMDB01Log FilesE0000000001.log to C:ExchVolsMDB01Log FilesE000000002B.log.
  • Event ID 225  – ESE –  MDB01—no log files can be truncated; will be logged instead of Event ID 224 when circular logging is used.
  • Event ID 2046  – MSExchangeRepl –  VSS writer has successfully completed the backup of database MDB01.
  • Event ID 2006  – ESE –  MDB01 shadow copy completed successfully.
  • Event ID 2033  – MSExchangeRepl –  VSS writer has successfully processed the backup completion event.
  • Event ID 2037  – MSExchangeRepl –  VSS writer backup has been successfully shut down.

Exchange Database Restore with CommVault

Here are the steps for performing the restore:

1. Create the Recovery Exchange Database in Exchange

2. Restore the Database from backup in CommVault

3. Restore the contents of the mailbox in the recovery database to a place holder mailbox in Exchange.

4. Create a PST of the of the mailbox content of the place holder mailbox in Exchange.

 

Create a Recovery Database in Exchange 2013:
The server MBX1 has a dedicated mount point for restoring databases in Exchange. The mountpoint is C:RecoveryDB on MBX1. Run the following powershell command:

New-MailboxDatabase -Recovery -Name RDB_DB01 -Server MBX1 -EdbFilePath “C:RecoveryDBRDBDB01.edb” -LogFolderPath “C:RecoveryDBRDB logs”

 

Restore to the Recovery Database in CommVault:

1. Ensure the database you want to restore is dismounted and marked for overwrite.

2. From the CommCell Console, navigate to Client Computers | <Exchange CommVault Client>. Right-click Exchange Database and then click All Tasks | Browse Backup Data.

3. Select your Browse option for when to Restore From. Select the date of the last known good backup of the data that needs to be restored.

4. In the left pane of the Client Browse window, navigate to Exchange Database | Microsoft Information Store | <Storage Group>. Select the database to be restored in the right pane and click Recover All Selected.

5. In the Restore Destination section, select the destination client that holds the Recovery Database; MBX1. In the Destination DB, select the new recovery database that was created; RDB_DB01. Click OK. You can monitor the restore in the Job Controller so you know when it is 100%.
Extract Content from Recovery Database:
1. Mount the Recovery Database so we can access the content by running the following in Exchange PowerShell:

Mount-database RDB_DB01

2. The following PowerShell command we can use to extract content of the mailboxes. The content can be extracted and placed into another mailbox. We will use a place holder mailbox called r_steve2010 and put all of the content into a recovery folder which will be created during the mailbox restore.

Exchange 2013 command:

New-MailboxRestoreRequest -SourceDatabase “RDB_DB01” -SourceStoreMailbox “<DisplayName of User on RDB Database>” -TargetMailbox “r_steve2010” -TargetRootFolder Recovery -AllowLegacyDNMismatch

Exchange 2010 Command:

Restore-Mailbox -Identity “R_Steve2010” -RecoveryDatabase “RDB_DB01” -RecoveryMailbox ‘steve2010’ -TargetFolder Recovery

3. From here we can either provide access the dummy account, or export the content from the dummy mailbox to a PST and give it to the customer. To export it to a pst, run the following Powershell Command:

New-MailboxExportRequest R_steve2010 –FilePath “\servernamesharenamefilename.pst” -acceptlargedataloss -baditemlimit 999
Now we have successfully restored and recovered content from a Commvault backup.

How to quickly gather IP Addresses for a list of Servers

Scenario: You want to quickly gather the IP addresses from a list of HostNames.  Gather your hostnames into a variable and run the following script:

#Gather into your Variable ( I am gathering a list of all Exchange 2010 servers) – You could also Import-CSV or other import types.

$Servers = Get-ExchangeServer ExSvr* | Where AdminDisplayversion -like *14* | Sort Name

#Loop It!  You can also write it out to a file as well by inserting Out-File with -append OR other export types.

$servers | %{
$IP = [System.Net.DNS]::GetHostAddresses($_.Name).IPAddressToString
$Name = $_.Name +":"+$IP
Write-Host $name
}

“The User Profile service service failed the logon. User profile cannot be loaded.” when sigining into a server.

Scenario: When trying to log into a 2012 server, you receive the following error:

The User Profile service service failed the logon. User profile cannot be loaded.

This info is displayed in the application log (Event 1509).

Windows cannot copy file \?C:UsersDefaultAppDataLocalMicrosoftExchange Serverv15Configuration14720_100.sqm to location \?C:Users<username>AppDataLocalMicrosoftExchange Serverv15Configuration14720_100.sqm. This error may be caused by network problems or insufficient security rights.

DETAIL – Access is denied.

Resolution:  Go to the permissions of the source file and make sure you select the permissions to be inherited: C:usersdefault…Configuration14720_100.sqm