Continue reading »]]> Issue

 When you try to edit the properties of a public folder to update an attribute such as the replicas in Exchange System Manager on a server that is running Microsoft Exchange Server 2003, you may receive the following error message:

 An internal server error has occurred on the server.
The requested operation failed
ID no: c1030af2
Exchange System Manager 

Resolution

 To resolve this issue run though the following:

 Option 1

1. Open the Exchange System manager
2. Expand Administrative Groups > Exchange Organization Name > Servers
3. Then Expand the server hosting the public folder > First Storage Group
4. In the right hand pane right click Public Folder Store > Select Dismount
5. Once Dismounted
6. In the right hand pane right click Public Folder Store > Select Mount

 Option 2

Please see http://support.microsoft.com/kb/906907

Continue reading »]]> ISSUE

When attempting to email any mailbox which is hosted in O365 where a hybrid (co-existence) configuration has been deployed with an on-premise Exchange 2003 organisation you receive NDR email messages and event log errors are raised as follows:
 
EVENT LOG:
 
Event Type: Error
Event Source: MSExchangeTransport
Event Category: NDR
Event ID: 3020
Date:  12/13/2011
Time:  11:12:28 AM
User:  N/A
Computer: SERVER
Description:
A non-delivery report with a status code of 5.4.6 was generated for recipient x-ex;/O=EXCHANGE/OU=External (FYDIBOHF25SPDLT)/cn=Recipients/cn=61338b4fc700481296869bdf761c0edb (Message-ID <3DA1FDF3A7EA5C4DBD3E3F0AE3553B81788AFB@server.domain.local>). �
Cause: A forward loop was detected by the categorizer. This is a common hosting configuration problem caused when someone uses the provisioning tool to create a contact in one organization unit and creates a user in a different organization user that share the same e-mail address.  �
Solution: Verify that you do not have a user in organizational unit and a contact in a different organizational unit that have the same e-mail address.�
Data:
0000: 46 05 04 80               F..€  �

�
Email NDR:
 
Subject:               Test
Sent:     13/12/2011 11:39
�
The following recipient(s) could not be reached:
�
ADMIN1 on 13/12/2011 11:39
A configuration error in the e-mail system caused the message to bounce between two servers or to be forwarded between two recipients. Contact your administrator.
<server.domain.local #5.4.6>
 

Resolution

 This error normally occurs because the email policy for the service domain in Exchange 2003 has been misconfigured.
�
To resolve the issue run through the following:

1. In Exchange System Manager, navigate to Administrative Groups > Recipients > Recipients Policies
2. Open the Recipient policy which contains the service domain name (normally in Default Policy)
3. Select the E-Mail Addresses (Policy tab) edit the SMTP addresses used by the service domain name (I.E service.domain.com, %g.%s@service.domain.com)
4. Uncheck This Exchange Organization is responsible for all mail delivery to this address.
5. Click OK and Close Exchange System Manager

Wait for AD and the Email Policy to synchronise
Then confirm that emails can now be sent to O365

Continue reading »]]> Either use Quest Migration Manager for AD: http://www.quest.com/migration-manager-for-active-directory/

Or a mixture of STSADM and Powershell.

# extract all users into an xml file
[xml] $users = c:"program filescommon filesmicrosoft sharedweb server extensions12bin"stsadm.exe -o enumusers -url http://wsstestsite
#iterate through each user (note the dot notation for accessing nodes)
foreach($login in $users.Users.User)
{
# determine old and new login (using regular .Net string func)
$oldlogin = $login.Login
$newlogin = $login.Login.Replace("LocalMachine", "Domain")
# migrate user
c:"program filescommon filesmicrosoft sharedweb server extensions12bin"stsadm.exe -o migrateuser -oldlogin $oldlogin -newlogin $newlogin
}


Continue reading »]]> Error.
=====

User Profile Import does not import any users and you receive the following errors, even though you have configured the user profile account replication directory changes.
Level: WARNING
Source MsiInstaller
Event ID: 1015
Message:
Failed to connect to server. Error: 0×80070005
The management agent “MOSSAD-AD Farm Users Connection domain.local” failed on run profile “DS_FULLIMPORT” because of connectivity issues.

Level: ERROR
Source: FIMSynchronizationService
Event Id: 6050

Additional Information
Discovery Errors : “0″
Synchronization Errors : “0″
Metaverse Retry Errors : “0″
Export Errors : “0″
Warnings : “0″

User Action
View the management agent run history for details.
Details
======
You review the permissions for the domain you are syncing user profiles from, and the user profile service has replicate directory changes defined.
Details below
1. Open ADUC (Active Directory Users and Computers)
2. Right Click the Domain DOMAIN.LOCAL, choose Delegate Control… click Next
3. Add DOMAINUSERPROFILE, click Next
4. Select Create a Custom Task to Delegate, click Next
5. Select ‘This folder, existing objects in this folder….’ Click Next
6. Select the ‘Replicate Directory Changes’ permission and click Next
7. Click Finish

Further Information
================

To view the error in more depth open MIISClient.exe on the server running the User Profile Sync. The application normally exists in the following path:

C:Program FilesMicrosoft Office Servers14.0Synchronization ServiceUIShellmiisclient.exe
Select the Operations Tab
Find the profile name DS_FULLIMPORT
If you look at the Status you will normal see the status of ‘stopped-connectivity, Double click this operation to view the Connection Log.
In the connection Log review the error.

In this example the error is Replication access was denied with Error Code 8453

The important column to note here is the Server and more specifically the domain.
In this example the Domain is different to the Domain you are syncing user profiles from; this is because the Domain you are queuing for User Profiles is a child domain which is part of a larger forest FOREST.LOCAL.
Resolution
=========

You will need to add Replicate Directory Changes to DOMAINUSERPOFILE for the FOREST.LOCAL Configuration Container in order to import profiles. Please run though the following
1. Open ADSIEdit
2. Expand Configuration for abf.local
3. Right-Click CN=Configuration,DC=FOREST,DC=LOCAL
4. Select Permissions Tab, Click Advanced
5. Add DOMAINUSERPROFILE, click Next
6. Select the ‘Replicate Directory Changes’ permission
7. Click OK

Continue reading »]]> If you find you are having issues with email delivery between O365 (Exchange Online) and On-premises it is possible that the domain is set to outboundonly true

Hopefully the following will resolve your issue

$Cred = Get-Credential
When Prompted enter the following:
User: <enter>
Password: <enter>

$Session = New-PSSession –ConfigurationName Microsoft.Exchange –ConnectionUri https://ps.outlook.com/powershell/ -Credential $Cred –Authentication Basic –AllowRedirection

Import-PSSession $Session –allowclobber

Set-AcceptedDomain -Identity domain.com -OutboundOnly $false

Continue reading »]]> ISSUE
When Attempting to start the User Profile Synchronization service in Central Administration, the service goes into a starting state for a couple of minutes and then stops, usual this happens because of permissions (DB account not local admin etc..), however it would appear that if you slipstream and install SharePoint with SP1 and June 2011 included and then try and start the service it can still fail.

CAUSE
You find this will happen if your Domain contains Windows Server 2003 Domain Controllers.

The reason for this is due to a Kerberos ticket not be able to generate for the OWSTIMER Account (this is normally the DB Account) as it doesn’t contain an SPN please see Yvan’s Blog article for more information: http://blogs.msdn.com/b/yvan_duhamel/archive/2010/06/29/you-get-a-system-security-securityexception-when-you-try-to-start-the-fim-synchronization.aspx

RESOLUTION

Run
setspn –a NONE/NONE OWSTimerAccount

OWSTimerAccount = this is normally the FarmDBAccount.

ERRORS:

Using ULViewer downloadable from http://archive.msdn.microsoft.com/ULSViewer

You will see the following errors

User Profile Application: Unable to load satellite assembly for lcid 1033. Using neutral language assembly version. Exception details: System.IO.FileNotFoundException: Could not load file or assembly ‘Microsoft.Office.Server.Intl.resources, Version=14.0.0.0, Culture=en, PublicKeyToken=71e9bce111e9429c’ or one of its dependencies. The system cannot find the file specified. File name: ‘Microsoft.Office.Server.Intl.resources, Version=14.0.0.0, Culture=en, PublicKeyToken=71e9bce111e9429c’ —> System.IO.FileNotFoundException: Could not load file or assembly ‘Microsoft.Office.Server.Intl.resources, Version=14.0.0.0, Culture=en, PublicKeyToken=71e9bce111e9429c’ or one of its dependencies. The system cannot find the file specified. File name: ‘Microsoft.Office.Server.Intl.resources, Version=14.0.0.0, Culture=en, PublicKeyToken=71e9bce111e9429c’ WRN: Assembly binding logging is turned OFF. To enable assembly bind failure logging, set the registry value [HKLMSoftwareMicrosoftFusion!EnableLog] (DWORD) to 1. Note: There is some performance penalty associated with assembly bind failure logging. To turn this feature off, remove the registry value [HKLMSoftwareMicrosoftFusion!EnableLog].
at System.Reflection.Assembly._nLoad(AssemblyName fileName, String codeBase, Evidence assemblySecurity, Assembly locationHint, StackCrawlMark& stackMark, Boolean throwOnFileNotFound, Boolean forIntrospection)
at System.Reflection.Assembly.InternalGetSatelliteAssembly(CultureInfo culture, Version version, Boolean throwOnFileNotFound)
at Microsoft.Office.Server.Administration.UserProfileApplication.GetIntlDllFileVersionString(Int32 lcid)

UserProfileApplication.SynchronizeMIIS: Failed to configure ILM, will attempt during next rerun. Exception: System.Security.SecurityException: There are currently no logon servers available to service the logon request.
at System.Security.Principal.WindowsIdentity.KerbS4ULogon(String upn)
at System.Security.Principal.WindowsIdentity..ctor(String sUserPrincipalName, String type)
at System.Security.Principal.WindowsIdentity..ctor(String sUserPrincipalName)
at Microsoft.IdentityManagement.SetupUtils.IlmWSSetup.GetDomainAccountSIDHexString(String domainName, String accountName)
at Microsoft.IdentityManagement.SetupUtils.IlmWSSetup.GrantSQLRightsToServiceAccount()
at Microsoft.IdentityManagement.SetupUtils.IlmWSSetup.IlmBuildDatabase()
at Microsoft.Office.Server.UserProfiles.Synchronization.ILMPostSetupConfiguration.ConfigureIlmWebService(Boolean existingDatabase)
at Microsoft.Office.Server.Administration.UserProfileApplication.SetupSynchronizationService(ProfileSynchronizationServiceInstance profileSyncInstance) The Zone of the assembly that failed was: MyComputer.

In the Security event log you will see the following at the point of provisioning the Service.

An account failed to log on.
Subject:
Security ID: DomainFarmDBAccount
Account Name: FarmDBAccount
Account Domain: Domain
Logon ID: 0x313b2
Logon Type: 3
Account For Which Logon Failed:
Security ID: NULL SID
Account Name:
Account Domain:
Failure Information:
Failure Reason: An Error occured during Logon.
Status: 0xc000005e
Sub Status: 0×0
Process Information:
Caller Process ID: 0xa98
Caller Process Name: C:Program FilesCommon FilesMicrosoft SharedWeb Server Extensions14BINOWSTIMER.EXE
Network Information:
Workstation Name: SERVER
Source Network Address: -
Source Port: -
Detailed Authentication Information:
Logon Process: C
Authentication Package: Kerberos
Transited Services: -
Package Name (NTLM only): -
Key Length: 0
This event is generated when a logon request fails. It is generated on the computer where access was attempted.
The Subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.
The Logon Type field indicates the kind of logon that was requested. The most common types are 2 (interactive) and 3 (network).
The Process Information fields indicate which account and process on the system requested the logon.
The Network Information fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.
The authentication information fields provide detailed information about this specific logon request.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.

Continue reading »]]> You may notice after you have migrated an Exchange 20032007 On-Premise user to O365 Exchange Online that the Archive Feature is not avalible. to enable the feature please run though the following steps
 

To enable the migrated users to have an Archive Mailbox please run though the following

Once the user’s mailbox has been migrated to O365 Exchange Online logon to the Exchange 2010 Coexistence Server
Launch Powershell for Exchange 2010
Then run the following

Get-MailUser –Identity “User name” | Enable-RemoteMailbox

Wait for Directory Sync to occur or execute manually by running the following Powershell on the DirSync Server using the Powershell Modules Prompt:

‘Start-OnlineCoexistenceSync’

Once the Sync has completed Logon to the Exchange 2010 Coexistence Server
Under your On-Premise organisation.
Expand Recipent Configuration
Expand Mail Contact
Right click the Mail User Contact (should now have the Recipient type of ‘Remote User Mailbox’
Select ‘Enable Hosted Archive’
Wait 30mins and the Online Archive will appear in the O365 Users OWA or Outlook

Continue reading »]]> $Cred = Get-Credential
When Prompted enter the following:
User: <enter>
Password: <enter>

$Session = New-PSSession –ConfigurationName Microsoft.Exchange –ConnectionUri https://ps.outlook.com/powershell/ -Credential $Cred –Authentication Basic –AllowRedirection

Import-PSSession $Session –allowclobber

$remotecred = Get-Credential

New-MoveRequest -Remote -RemoteHostName 'msproxy.ul.com' -RemoteCredential $remotecred -TargetDeliveryDomain 'service.o365.domain' -BadItemLimit 10

 Error Mesasges examples:

 
Message : Error: This mailbox exceeded the maximum number of corrupted items that were specifi
ed for this request. --> MapiExceptionPartialCompletion: Unable to copy message(s).
(hr=0x40680, ec=0)
Diagnostic context:
Lid: 45095 EMSMDB.EcDoRpcExt2 called [length=78]
Lid: 61479 EMSMDB.EcDoRpcExt2 returned [ec=0x0][length=30325][latency=0]
Lid: 23226 --- ROP Parse Start ---
Lid: 27962 ROP: ropFXSrcCopyMessages [75]
Lid: 27962 ROP: ropTellVersion [134]
Lid: 27962 ROP: ropFXSrcGetBuffer [78]
Lid: 31418 --- ROP Parse Done ---
Lid: 30945
Lid: 23226 --- ROP Parse Start ---
Lid: 27962 ROP: ropFXSrcGetBuffer [78]
Lid: 17082 ROP Error: 0xFFFFF9BF
Lid: 23137
Lid: 21921 StoreEc: 0xFFFFF9BF
Lid: 31418 --- ROP Parse Done ---
Lid: 22753
Lid: 21817 ROP Failure: 0xFFFFF9BF
Lid: 32758
Lid: 16586 StoreEc: 0xFFFFF9BF
Lid: 22518
Lid: 28874 StoreEc: 0xFFFFF9BF
Lid: 17654
Lid: 18122 StoreEc: 0xFFFFF9BF
Lid: 25510
Lid: 25270 StoreEc: 0xFFFFF9BF
Lid: 19830
Lid: 25290 StoreEc: 0xFFFFF9BF
Lid: 45095 EMSMDB.EcDoRpcExt2 called [length=45]
Lid: 61479 EMSMDB.EcDoRpcExt2 returned [ec=0x0][length=42][latency=15]
Lid: 23226 --- ROP Parse Start ---
Lid: 31418 --- ROP Parse Done ---
Lid: 16465
Lid: 24657 StoreEc: 0xFFFFF9BF
FailureTimestamp : 20/07/2011 21:10:11
FailureContext : --------
--------
Operation: LocalSourceFolder.CopyBatch
EntryIDs: [[len=70, data=00000000A1A6A1EA8F89BB428EFC5EFE8B4ABAF607006D5919CE4BAB714
1A389862DCEF4BE720000002501940000CFC4FCD864259C43B0E007899055D3DB0000040561610000]]
--------
Folder: entryId [len=46, data=00000000A1A6A1EA8F89BB428EFC5EFE8B4ABAF601006D5919CE4B
AB7141A389862DCEF4BE720000002501940000]
Remote server: https://URL/EWS/mrsproxy.svc Server.domain.local (14.1.218.11 caps:01FFFF)
--------
Operation: ISourceMailbox.ExportMessages
OperationSide: Source
Primary (08b7fd94-b8d7-4378-b4be-ff19d717b081)
Flags: None
PropTags: (null)
IsValid : True


Continue reading »]]> Here is an important table which details the FreeBusy Support when integrating On-Premise Exchange to Exchange Online

Interesting to see how they have changed to using the word hybrid

Depending on the version of Microsoft Exchange Server you have deployed in your on-premises organization, there are significant configuration differences:

For this basic overview, we are assuming that you have followed the hybrid deployment steps in the Exchange Server Deployment Assistant and are still having some difficulty with free/busy sharing between your on-premises and cloud-based organizations.

For more information please see the following article: http://community.office365.com/en-us/w/exchange/532.aspx