Exchange 2010 Offline Address Book Not Working - 500 Internal Server Error?
We know from past experiences that the 500 Internal Server Error is a very general HTTP status code that means something has gone wrong on the web site's server but the server could not be more specific on what the exact problem is. That's really not a lot of information to go on.
This error in Exchange has come up a few times recently. Best place to start troubleshooting is to find out if it's internal and/or external clients. Also, is it effecting one user, multiple users, or all users?
One thing a lot of engineers like to do is create 403 redirect pages with Exchange 2010 to simplify access for end uers. It's a great tool to be able to tell your clients to go to "https://mail.yourdomain.com" rather than https://mail.yourdomain.com/owa. Unfortunately, what this does is it creates a web.config file in the directory of where your OAB virtual directory points. Even more unfortunate, this breaks OAB. But - don't worry - there's an easy fix for this. Simply go to the security properties of the web.config file, assign Read and Read & Execute permission to Autheticated Users group then restart IIS using iisreset /noforce.
After this, you can download the address book for your users through Outlook. Still not working? If it's still not working on a few individual users, try this trick below.
Individual Users - Outlook 2007 or 2010 error (0x8004010F) operation failed. An object cannot be found.
Since Outlook 2007, the Offline Address book is downloaded via BITS and the sometimes the BITS job queue can get full. (Especially if it has a queue of erros)
Simply run BITSADMIN.EXE /RESET to fis the issue.
If you cannot find/run BITSADMIN, it's technically a depreciated command, here's a PowerShell equivilent. Note, you may need to run this multiple times: get-BitsTransfer -allusers | Remove-BitsTransfer
Friday, August 31, 2012
Wednesday, August 8, 2012
Slow DFS Sharing - Several Seconds Before Root Directory Access
I recently installed a new DFS setup for a client. With this DFS setup, everything was working great. That is until end users started accessing everything. Immediately we noticed that any access to any share would take up to 10 seconds to access the initial root folder. From then on it worked great. Turned out to be this little problem. When you have a DNS only space, Windows tries accessing servers and folders NOT by using DNS first.
http://support.microsoft.com/kb/244380
Special thanks to this article for finding it:
http://serverfault.com/questions/50789/long-pause-when-accessing-dfs-namespace
http://support.microsoft.com/kb/244380
Special thanks to this article for finding it:
http://serverfault.com/questions/50789/long-pause-when-accessing-dfs-namespace
Monday, July 30, 2012
Exchange 2010 RPC/HTTP Proxy and Autolook Anywhere
Sometimes Outlook Anywhere doesn't function correctly. I always start by using "Exchange Analyzer". Recently using this I found an issue where IIS was returning a 500 Authentication error. Here's what worked for me.
Connect to the Exchange Client Acces Server
Ensure the RPC over HTTPs feature is installed and that Outlook Anywhere is enabled.
Browse to the follwoing location:
C:\Windows\System32\RpcProxy
Copy the web.config file to web.config.backup.
Open web.config in Notepad.
Replace the following section:
<system.webServer>
<modules>
</modules>
</system.webServer>
With:
<system.webServer>
<validation validateIntegratedModeConfiguration="false" />
</system.webServer>
Save the file and restart iis via a command prompt: IISRESET
You should now be good to go!
Exchange 2010 Forms Based Auth Crashing
In Exchange 2010, it seems like a lot of Small Business Server installations cause the Forms Based Authentication Service to crash. Microsoft has identified this issue and it is because Exchange is installed on a Global Catalog Server. While best practice identifies that Exchange should never be installed on a Domain Controller or Global Catalog Server, this is not a practical solution to customers using Small Business Server.
Microsoft has a "Fix it" solution for this. This solution changes some of the dependencies for the Microsoft Exchanges services to be sure that the dependent services start first.
Microsoft has a "Fix it" solution for this. This solution changes some of the dependencies for the Microsoft Exchanges services to be sure that the dependent services start first.
| Microsoft Exchange SA | EventLog, RPCSS, LanmanWorkstation, LanmanServer, Netlogon |
| Microsoft Exchange AD Topology | Net Logon |
| Microsoft Exchange IS | Net Logon |
Here's the link to the KB with the "Fix It" download: http://support.microsoft.com/kb/940845
Sunday, January 22, 2012
SharePoint Post Windows Updates
So if you use SharePoint and you've recently done updates (or installed Service Pack 1), you may have gotten an annoying message after you've rebooted the server. Oddly, there is not much online for documentation on what you need to do and the link in the dialog box is not helpful either.
This message occurs because the update requires 2 parts. First, the binary update part which it does on its own. Then, the database needs to be updated. The database is a manual command you'll have to run.
To perform the update, you'll need to open an elevated SharePoint PowerShell console. Once you've opened PowerShell, you can run the following command to see if the update is needed: (get-spserver $env:computername).NeedsUpgrade
To Perform the Update, you'll need to change your directory
CD "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\BIN"
And then run the PSConfig Utility.
PSConfig.exe -cmd upgrade -inplace b2b -force -cmd applicationcontent -install -cmd installfeatures
After running the PSConfig utility, you may need to reboot your server to get rid of the warning message. If it does not disappear upon reboot, you can open the Group Policy Management Console - gpmc.msc - and look for the policy "SharePoint Psconfig Notification Policy".
Tuesday, December 6, 2011
How secure is your password??
I find people asking me how complex their password needs to be all the time. This is a genuinely valid question. Sometimes this is a matter of opinion from network engineers, so here's my opinion on what I've found.
(A Complex Answer / Microsoft Recommendation) Microsoft recommends:
A) Password does not contain any part of a user's name (Display Name/Account Name/etc.)
B) Must be at least 7 characters
C) Should be changed every 42 days, minimum
D) Must contain 3 of the 5 following: An uppercase, a lowercase, a digit, a symbol, and/or a unicode character.
(My simple answer) I recommend:
Passwords need to be secure, but easy to remember. Of course "T8iL#)iuwr*3A~~!!" is going to be very secure, but who's going to remember that? So, of course, you're going to document that somewhere right? Sheet of paper? Excel document? Notepad document? When you need to document it, how do you secure that document?
So, what is more secure? "T8iL#)iuwr*3A~~!!" or "D0g...................." (Capitol D, Zero, g, +20 periods)? Which one are you going to remember better? Believe it or not, "D0g...................." (23 characters) is going to take quite a bit longer than "T8iL#)iuwr*3A~~!!" (17 characters) to crack.
Here's a nice site I stumbled upon a few weeks ago that shows you just how long it might take to crack a password: https://www.grc.com/haystack.htm
Enjoy!
Exchange 2010 Certificates - The Cheap Way
So, every now and then, I run into people that don't want to pay $80/year for a UCC / SAN Certificate for their exchange environment. While there are ways around this to put in a regular certificate, it's highly recommended to just get the UCC/SAN Cert.
And that should be all you need to do on the back end to get it working.
If you do end up getting the cheap, one-domain name certificate, here's a few items you'll have to update through Exchange Management Shell. These will help make everything work more smoothly and prevent certificate / password prompting in Outlook:
Modify the Autodiscover URL in the Service Connection Point. The Service Connection Point is stored in the Active Directory directory service. (This one is missed the most) To modify this URL, type the following command, and then press ENTER:
Set-ClientAccessServer -Identity CAS_Server_Name -AutodiscoverServiceInternalUri https://mail.yourdomainname.com/autodiscover/autodiscover.xml
Modify the InternalUrl attribute of the EWS. To do this, type the following command, and then press ENTER:
Set-WebServicesVirtualDirectory -Identity "CAS_Server_Name\EWS (Default Web Site)" -InternalUrl https://mail.yourdomainname.com/ews/exchange.asmx
Modify the InternalUrl attribute for Web-based Offline Address Book distribution. To do this, type the following command, and then press ENTER:
Set-OABVirtualDirectory -Identity "CAS_Server_name\oab (Default Web Site)" -InternalUrl https://mail.yourdomainname.com/oab
Expand the local computer, and then expand Application Pools.
Right-click MSExchangeAutodiscoverAppPool, and then click Recycle.
Subscribe to:
Posts (Atom)