Author: Steve Man

cannot open Notes in OWA 2007

Issue: customer reported not being able to open notes from OWA 2007, using Internet Explorer
Synopsis: Customer creates a note in outlook 2007. tries to open the notes using external servername from Internet explorer. The error below is displayed, trying to access the note
Exception type: System.Web.HttpCompileException
Exception message: c:Program FilesMicrosoftExchange ServerClientAccessOwaformsCommVaultreadmessage.aspx(35): error CS0154: The property or indexer ‘Microsoft.Exchange.Clients.Owa.Core.UserOptions.ComposeFontName’ cannot be used in this context because it lacks the get accessor
Note that Customer can open this note if using Chrome or Firefox browsers respectively
Workaround Solutions:
The external servername sends traffic through the ISA server. We are trying to figure out a way to resolve this
workaround solution A:
use firefox or Chrome browser
Workaround solution B:
if customer is using Internet explorer, advise customer to use https://externalservername/owa to access webmail
Note: This issue applies to OWA 2007(webmail) users

Assign send-as, receive-as and administer info store permissions

Assigning send-as, receive-as, and administer information store permissions to a user account, for eg besadmin
 
use this powershell script:

get-mailboxserver “servername” | add-adpermission -user besadmin -accessrights GenericRead, GenericWrite -extendedrights Send-As, Receive-As, ms-Exch-Store-Admin

Configuring Exchange Impersonation

Exchange Impersonation enables a caller to impersonate a given account so that a caller can perform operations by using the permissions that are associated with the impersonated account instead of the permissions that are associated with the caller’s account. Microsoft Exchange Server 2007 provides two Active Directory directory service extended permissions that are used to determine which callers can perform Exchange Impersonation calls and which accounts can be impersonated by the caller.
 

This procedure grants fasapprov1 permission to impersonate fasaptest1

Add-ADPermission -Identity “username” -User “Username2” -extendedRight ms-Exch-EPI-May-Impersonate

See article link below to see step by step configuration instructions
 
 

Exchange is unable to mount the database that you specified

Issue: Exchange is unable to mount the database that you specified. Specified database: ServerEXVS25SG1Mailbox; Error code: MapiExceptionCallFailed: Unable to mount database. (hr=0x80004005, ec=-2147467259)

Resolution:

Error was due to lag in AD replication. Whenever a new mailstore is created, it updates the config in AD. Trying to mount too soon may reproduce the error stated above. So wait about 5 to 10mins and try to mount it again. It should mount OK

How to exclude domain controllers from AD access list in Exchange

Exchange server 2007 relies extensively on Active directory. All directory lookups are done using the MS Exchange AD topology DS access service.
 
For optimal lookups performance in exchange, use this powershell script to exclude some domain controllers that are not required for optimal directory lookups and performance. You will choose the DC exclusion list based on the datacenter your exchange servers are homed. Note that The excluded domain controllers list is based on recommendations from the Active Directory team:
 
This script must be run in Exchange 2007 management shell. It’s recommended that you run this script on all your exchange servers.
 

Set-ExchangeServer -Identity exchsrv1 -StaticConfigDomainController $null -StaticDomainControllers $null -StaticGlobalCatalogs $null -StaticExcludedDomainControllers dc1.domain.com,dc2.domain.com
  
Step by Step Configuration Steps:
1. Run the powershell script on the active node of your cluster. Remember to use the exchange server cluster name as the identity for Set-Exchangeserver command
2. Restart MSExchange Topology service. This will also restart transport log search, service host, search indexer, replication service, mail submission and mailbox assistants)
3. Verify by going to the exchange console, right click on cluster properties, system settings. You will see only domain controllers in the list
4. Repeat the same procedure for the passive node of your cluster
4. You have completed the change

create or renew self-signed certificate on Exchange server 2007

After creating a new hub transport server(or any exchange 2007 server), a new self-signed certificate with the server name is created
 
THis cert can be used to establish TLS connections. However, if service TLS setting advertises with a different FQDN, the domain name must be included during certificate creation in exchange
 
for eg, to create a certificate for SMTP services using 2 domain names, use the following command
 

get-exchangecertificate | New-ExchangeCertificate -DomainName “servername”, “publicname” -FriendlyName MSExchange
the certificate will be created with multi-domain names. In this case, server name and the public name
this resolves event 12014 on a hub transport server

Adding a new storage group to SCC cluster

Follow these steps to add a new storage group to Exchange 2007 SCC cluster
 
  • Using disk management tool, scan and initialize disks. format partition and create mount points as needed
  • Using Exchange management console, create storage group as needed
  • Using the Exchange console, create database for the SG, but don’t mount database yet
  • using cluster administrator, create physical disk resources for the exchange virtual cluster name
  • create disk dependencies for the newly created exchange resources
  • Bring online the new resources in cluster administrator
  • check exchange management console to ensure database is mounted

Your message wasn’t delivered because of security policies in Exchange 2007

Issue: Your message wasn’t delivered because of security policies in Exchange 2007
Synopsis: When a user tries to send an email to a distribution group, this error maybe returned: delivery
has failed to these recipients or distribution lists. Your message wasn’t delivered because of security policies in Exchange 2007
Cause: This can occur if customer/user tries to email a distribution list from outside the institution to an internal distribution list. By default only authenticated users are allowed to email a distribution list
Resolution: To allow emailing to the distribution group from outside your organization, follow these steps:
1. Open the Exchange Management Console
2. Expand Recipient Configuration
3. Click Distribution Group
4. Double click the distribution group
5. Select the Mail Flow Settings Tab
6. Double click Message Delivery Restrictions
7. Uncheck “Require that all senders are authenticated”
8. Click OK

Settings are immediately effective ,so it should work right away.

How to Forward email sent to a distribution list

Emails sent to a Distribution list can be forwarded to another email address.
 
for eg, if you want emails sent to a distribution group to be forwarded to a mail enabled Sharepoint folder on a Sharepoint site, you can simply achieve your goal by following the steps below:
 
1. Create a contact for the sharepoint folder email address, for eg test@domain.com
 
2. Make this contact a member of the distribution list
 
3. You ‘re done. Emails sent to the DL will also be sent to test@domain.com

Junk Mail Error Message- Cannot add to the server Junk E-mail List

Issue: User reported this error message while opening Outlook
 
Error Message: Cannot add to the server Junk E-mail List, you are over the size allowed on the server.  The Junk E-mail Filter on the server will be disabled until your Junk E-mail Lists have been reduced to the size allowed on the server.
 
woul you like to manage your Junk E-mail List now?
 
Resolution:
 
get to a command prompt by Clicking on start, run, type cmd:
 
Outlook /cleanprofile
 
reboot computer