Friday, April 21, 2017

WSUS Console Freezes when the Server Cleanup Wizard

A common administration task of maintaining a WSUS server is cleaning up old legacy updates no longer required running the Server Cleanup Wizard.


If you have a large amount of updates which need cleaning, the Server Cleanup Wizard often freezes making it impossible to clean old updates from the WSUS Database.

If this happens, install SQL Management Studio onto the server an connect to the Windows Internal Database used by WSUS.

Run the following query to clean up old updates (this can take hours to run):


exec spGetObsoleteUpdatesToCleanup

DECLARE @var1 INT
DECLARE @msg nvarchar(100)

CREATE TABLE #results (Col1 INT)
INSERT INTO #results(Col1) EXEC spGetObsoleteUpdatesToCleanup

DECLARE WC Cursor
FOR
SELECT Col1 FROM #results

OPEN WC
FETCH NEXT FROM WC
INTO @var1
WHILE (@@FETCH_STATUS > -1)
BEGIN SET @msg = 'Deleting ' + CONVERT(varchar(10), @var1)
RAISERROR(@msg,0,1) WITH NOWAIT EXEC spDeleteUpdate @localUpdateID=@var1
FETCH NEXT FROM WC INTO @var1 END
CLOSE WC
DEALLOCATE WC
DROP TABLE #results


After a few hours the query should finish.  Once finished, you will need to run a "wsusutil reset" from an elevated command prompt.

"wsusutil reset" will also take a few hours to complete as it needs to scan every update on disk against the database and delete any that no longer exist in the database.

Hope this post has been helpful.

Friday, March 31, 2017

Unable to remove Mailbox Database or Uninstall Exchange

I had an issue removing Exchange 2010 today at a customer site.  A very generic issue occurred when attempting to perform the uninstall where the following error was generated.

Error:
Uninstall cannot continue. Database 'DEVEXCH170-01-CEO and Councillors': This mailbox database contains one or more mailboxes, mailbox plans, archive mailboxes, or arbitration mailboxes. To get a list of all mailboxes in this database, run the command Get-Mailbox -Database . To get a list of all mailbox plans in this database, run the command Get-MailboxPlan. To get a list of archive mailboxes in this database, run the command Get-Mailbox -Database -Archive. To get a list of all arbitration mailboxes in this database, run the command Get-Mailbox -Database -Arbitration. To disable a non-arbitration mailbox so that you can delete the mailbox database, run the command Disable-Mailbox . To disable an archive mailbox so you can delete the mailbox database, run the command Disable-Mailbox -Archive. Arbitration mailboxes should be moved to another server; to do this, run the command New-MoveRequest . If this is the last server in the organization, run the command Disable-Mailbox -Arbitration -DisableLastArbitrationMailboxAllowed to disable the arbitration mailbox. Mailbox plans should be moved to another server; to do this, run the command Set-MailboxPlan -Database .


This error is normal when you have a database that has a mailbox, archive mailbox or arbitration mailbox.  It can also happen if it is associated with a Mailbox Plan (in a multi tenant environment).

In my case, there was no mailbox in the database!


Also the verbose command is meant to show you which mailbox resides in the database in the event one is present as per Exchange MVP Tony Redmond's post here:

http://windowsitpro.com/blog/exchanges-most-annoying-and-confusing-error-message

In this environment, the mailbox causing the issue was not displayed in the verbose output!


After much troubleshooting I decided to export the entire domain partition to a text file and search for the database name.

This was done with the following command:

dsquery * domainroot -attr * -limit 0


After searching the text file for the database name in question I saw that a legacy user IORepl (which was used by the Inter-Org Replication Tool for a previous cross-forest migration) is associated with the database.


 You can do two things here:
  • Clear the HomeMDB attribute
  • Delete the object.
As this account is no longer required, I simply deleted the object.

This fixed the problem.  No idea why it didn't return the mailbox object in PowerShell!

Sunday, March 12, 2017

Error 0x800f0922 attempting to reprovision DHCP Server

We needed to re-provision a DHCP server running Windows Server 2012 R2 which was recently demoted and the role removed.  When attempting to re-add the role the following error was experienced:

The request to add or remove features on the specified server failed.  Installation of one or more roles, role services, or features failed.  Error: 0x800f0922


After much misleading information on the Internet, to resolve this error we simply needed to remove the "dhcp" folder from C:\Windows\System32\

For fast effective IT Support in Perth, contact Avantgarde Technologies.

Wednesday, February 22, 2017

Pop and Crackling in Ableton 9.7.1 with Serum

 I was having many issues with crackling on Ableton 9.7.1 running the Serum VST even though my CPU usage was only 20-30%.  After extensive research I disabled the Intel SpeedStep and TurboMode technology which automatically increases the clock speed of the processor under heavy load.  Ableton was not able to detect the clock speed change of the processor and as the processor clock speed changed based on load, it interfered with my audio playback.

To fix this you need to enter your computers BIOS outside of Windows.

Here is a snapshot of my workstation where I disabled SpeedStep and TurboMode Tech.

 

Thursday, February 16, 2017

Kerberos Error Connecting to Exchange 2010

Using an old user account at a customer site, I had the following error when attempting to connect to Exchange Management Console (EMC).

The following error occurred while attempting to connect to the specified Exchange server 'server.domain.local:

The attempt to connect to http://server.domain.local/powershell using 'Kerberos' authentication failed: Connecting to the remote server failed with the following error message : WinRM cannot process the request. The following error occurred while using Kerberos  authentication: The network path was not found.


To resolve this issue, delete the NodeStructureSettings registry key from

HKEY_CURRENT_USER\Software\Microsoft\ExchangeServer\v14\AdminTools


For specialised IT Support in Perth, contact us.

Wednesday, February 8, 2017

Disabling Modern App Bloatware on Windows 10 Image

Windows 10 comes with much unwanted bloatware in the form of "ModernApps".  These apps include:
  • Netflix
  • Pandora
  • Skype Preview
  • Paid WiFi & Mobile
  • Xbox
  • Get Office
  • Microsoft Solitaire Collection
  • Groove Music
  • Adobe Photoshop Express
  • 3D Builder
Many more unwanted apps... some regions even get Mimecraft!

What is very annoying is Microsoft believes these applications are required "by default" even in Windows 10 Enterprise Edition which is targeted at corporations.

If a user removes these applications, they automatically reinstall by default making it more frustrating.

So - you want to build your corporate image but and remove all Windows 10 Bloatware and modern applications which Microsoft deem necessary for all users?  Here what we needed to do on our Windows 10 Enterprise anniversary update 1607.

First of all don't join your Windows 10 image to the domain.  If you join the Windows 10 Enterprise 1607 image to an Active Directory domain (even if you isolate the computer so it does not receive policy), sysprep fails with the following.

Sysprep was not able to validate your Windows installation.

 
In the setupact.log on the server the following error is generated from domain joining.  I believe this is a bug and I will be raising it with MS.
 
2017-02-07 16:45:40, Error     SYSPRP Failed to remove apps for the current user: 0x80073cf2.
2017-02-07 16:45:40, Error     SYSPRP Exit code of RemoveAllApps thread was 0x3cf2.
2017-02-07 16:45:40, Error[0x0f0082] SYSPRP ActionPlatform::LaunchModule: Failure occurred while executing 'SysprepGeneralizeValidate' from C:\Windows\System32\AppxSysprep.dll; dwRet = 0x3cf2
2017-02-07 16:45:40, Error     SYSPRP SysprepSession::Validate: Error in validating actions from C:\Windows\System32\Sysprep\ActionFiles\Generalize.xml; dwRet = 0x3cf2
2017-02-07 16:45:40, Error     SYSPRP RunPlatformActions:Failed while validating SysprepSession actions; dwRet = 0x3cf2
2017-02-07 16:45:40, Error[0x0f0070] SYSPRP RunExternalDlls:An error occurred while running registry sysprep DLLs, halting sysprep execution. dwRet = 0x3cf2
2017-02-07 16:45:40, Error[0x0f00d8] SYSPRP WinMain:Hit failure while pre-validate sysprep generalize internal providers; hr = 0x80073cf2
2017-02-07 16:46:54, Info [0x0f0052] SYSPRP Shutting down SysPrep log
2017-02-07 16:46:54, Info [0x0f004d] SYSPRP The time is now 2017-02-07 16:46:54
Make all changes to the image in "WORKGROUP" mode to ensure it never touches the Active Directory domain so sysprep will run.
 
Stop Bloatware from Re-downloading from MS Cloud
 
Next we want to stop Windows 10 from automatically "redownloading" bloatware apps after we remove them.
 
Method 1
 
Add 32-bit DWORD value named DisableWindowsConsumerFeatures
 
to:
 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CloudContent 
 
Note: You will want to create the CloudContent Key.
 
Method 2
 
Method 2 involves deploying the regkey via you AD Domain/local policy.  During image creation as your machine is workgroup, it wont be able to get this policy from the domain.
 
Computer Configuration –> Administrative Templates –> Windows Components –> Cloud Content
 
“Turn off Microsoft consumer experiences”
 
Note: I recommend deploying Method 1 on the image itself immediately after being built as the image will start downloading bloatware as your configuring your base SOE.
 
Remove the Default Bloatware
 
Next you will want to remove all default Windows 10 Bloatware "Modern Apps".  To remove this from your image from an elevated PowerShell command prompt run:
 
Get-ProvisionedAppxPackage -Online | Remove-ProvisionedAppxPackage -Online
 
If you want to review the list of bloatware before running the above command, run this:
 
Get-AppXProvisionedPackage -Online | Select PackageName
After you remove the bloatware, make sure you run the following command from the user account you want to sysprep from, or sysprep will fail once again as per https://support.microsoft.com/kb/2769827
 
Get-AppxPackage | Remove-AppxPackage

Classic Shell
 
In this image I installed the classic shell App to give all users the standard Windows 7 start menu and remove the modern app interface all together.  This was downloaded from:
 
 
We only installed Classic Start Menu, not Classic Explorer, Classic IE or any of the other options from this download.
 
Default Profile
 
Items such as Edge cannot be removed from Windows 10 just like IE cannot be removed from Windows 7. We created a new Default Profile and removed the Edge icon from the task bar, configured the taskbar classic shell and setup default wallpaper etc.
 
Other Important Policies We Applied

Other important policies we deployed to the Active Directory Domain Group Policy for Windows 10 machines include:
 
Disabling the Windows Store:
 
Computer Configuration, Administrative Templates,  Windows Components, and then click Store.
In the Setting pane, click Turn off Store application
 
Disable OneDrive
 
Computer Configuration > Administrative Templates > Windows Components > OneDrive
 
Prevent the usage of OneDrive for file storage
 
Disable Cortana
 
Computer Configuration > Administrative Templates > Windows Components > Search
 
"Allow Cortana" --> Set to disabled.
 
Default Apps
 
Configure Windows 10 to use Windows Media Player and Internet Explorer as default apps (or alternative) and export the default App config with:
 
dism /online /export-defaultappassociations:\\localhost\c$\AppAssoc.xml
 
Deploy the xml file with Group Policy from a file share:
 
Administrative Templates\Windows Components\File Explorer\Set a default associations configuration file
 
Tip for Creating the Image
 
We wanted to create a driver independent image as we are deploying with SCCM and we need to layer the drivers based on the various client hardware.  As a result, we do not want any drivers incorporated in the image.
 
I built the image on VMWare using E1000 NIC (as its natively supported by Windows 10) and did not install VMware Tools during the build process to keep the image clean.
 
I also had numerous issues with sysprep failing due to numerous changes (many which I did not document here).  As a result, I recommend snapshotting your progress numerous times throughout the SOE build and attempting to run sysprep numerous times during your build process to ensure when you get to the end it will not fail!

Hope this information is helpful to anyone wanting to upgrade to Windows 10 as part of a corporate SOE.

Disable RC4 on Windows Servers

The 13 year old RC4 cipher exploit is enabled by default on Server 2012 R2.  If you have a IIS server using a digital certificate facing the Internet, it's recommended to disable RC4 cipher.

There are numerous security concerns documented on the Internet about this vulnerability including:

https://threatpost.com/attack-exploits-weakness-rc4-cipher-decrypt-user-sessions-031413/77628/

http://www.securityweek.com/new-attack-rc4-based-ssltls-leverages-13-year-old-vulnerability

To disable this vulnerability, add the following to the registry on your Server 2012 R2 operating system:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 128/128]
"Enabled"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 40/128]
"Enabled"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 56/128]
"Enabled"=dword:00000000

To disable this vulnerability, add the following to the registry on your Server 2012 R2 operating system:


This was put in place on a customers RDS  Gateway and Web Access server after conducting a penetration test and finding this vulnerability enabled by default.

Thursday, January 26, 2017

Displaying full values of Attributes in PowerShell

In Windows PowerShell often when you are running queries, PowerShell will only show a limited value for objects which contain large attributes.  The attribute output is cutoff with a "..." at the end of the attribute.


To configure PowerShell to display the full output of a cmdlet, enter the following into the shell window:

$FormatEnumerationLimit=-1

The shell will now push the full output onto the screen for long attributes.


Hope this post was helpful.

For IT Support in Perth, Contact Avantgarde Technologies. 

Thursday, January 19, 2017

MSExchange ActiveSync Event ID 1016

Customer with a single Exchange 2010 completely down.  The following error was spammed throughout the event log:

Log Name:      Application
Source:        MSExchange ActiveSync
Date:          18/01/2017 7:31:46 PM
Event ID:      1016
Task Category: Server
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      EXCHANGE2010
Description:
Exchange ActiveSync has encountered repeated failures when it tries to access data on Mailbox server [EXCHANGE2010.domain.local]. It will temporarily stop making requests to the Mailbox server for [60] seconds to reduce load on that server. This delay may occur if the Mailbox server is overloaded. If this event is logged frequently, review the Application log on this server and the Mailbox server noted above for other events that could indicate the root cause of performance problems.
Additional information:
"serverFQDN=EXCHANGE2010.domain.local
Error 0:

ErrorTimeStamp:
18/01/2017 7:31:45 PM
Exception:
--- Exception start ---
Exception type: Microsoft.Exchange.Data.Storage.ConnectionFailedTransientException
Exception message: Cannot open mailbox /o=EXCHANGE/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=User.
Exception level: 0
Exception stack trace:    at Microsoft.Exchange.Data.Storage.MailboxSession.ForceOpen(MapiStore linkedStore)
   at Microsoft.Exchange.Data.Storage.MailboxSession.Initialize(MapiStore linkedStore, LogonType logonType, ExchangePrincipal owner, DelegateLogonUser delegateUser, Object identity, OpenMailboxSessionFlags flags, GenericIdentity auxiliaryIdentity)
   at Microsoft.Exchange.Data.Storage.MailboxSession.<>c__DisplayClass12.b__10(MailboxSession mailboxSession)
   at Microsoft.Exchange.Data.Storage.MailboxSession.InternalCreateMailboxSession(LogonType logonType, ExchangePrincipal owner, CultureInfo cultureInfo, String clientInfoString, IAccountingObject budget, Action`1 initializeMailboxSession, InitializeMailboxSessionFailure initializeMailboxSessionFailure)
   at Microsoft.Exchange.Data.Storage.MailboxSession.CreateMailboxSession(LogonType logonType, ExchangePrincipal owner, DelegateLogonUser delegateUser, Object identity, OpenMailboxSessionFlags flags, CultureInfo cultureInfo, String clientInfoString, PropertyDefinition[] mailboxProperties, IList`1 foldersToInit, GenericIdentity auxiliaryIdentity, IAccountingObject budget)
   at Microsoft.Exchange.Data.Storage.MailboxSession.ConfigurableOpen(ExchangePrincipal mailbox, MailboxAccessInfo accessInfo, CultureInfo cultureInfo, String clientInfoString, LogonType logonType, PropertyDefinition[] mailboxProperties, InitializationFlags initFlags, IList`1 foldersToInit, IAccountingObject budget)
   at Microsoft.Exchange.Data.Storage.MailboxSession.Open(ExchangePrincipal mailboxOwner, WindowsPrincipal authenticatedUser, CultureInfo cultureInfo, String clientInfoString, Boolean wantCachedConnection)
   at Microsoft.Exchange.Data.Storage.MailboxSession.Open(ExchangePrincipal mailboxOwner, WindowsPrincipal authenticatedUser, CultureInfo cultureInfo, String clientInfoString)
   at Microsoft.Exchange.AirSync.Command.OpenMailboxSession(AirSyncUser user, Boolean shouldUseBudget)
   at Microsoft.Exchange.AirSync.Command.WorkerThread()
Inner exception follows...
Exception type: Microsoft.Mapi.MapiExceptionNetworkError
Exception message: MapiExceptionNetworkError: Unable to make connection to the server. (hr=0x80040115, ec=-2147221227)
Diagnostic context:
    ......
    Lid: 13720   dwParam: 0x6D9      Msg: EEInfo: Flags: 0
    Lid: 11672   dwParam: 0x6D9      Msg: EEInfo: NumberOfParameters: 4
    Lid: 8856    dwParam: 0x6D9      Msg: EEInfo: prm[0]: Unicode string: ncacn_ip_tcp
    Lid: 8856    dwParam: 0x6D9      Msg: EEInfo: prm[1]: Unicode string: EXCHANGE2010.domain.local
    Lid: 12952   dwParam: 0x6D9      Msg: EEInfo: prm[2]: Long val: -545057711
    Lid: 12952   dwParam: 0x6D9      Msg: EEInfo: prm[3]: Long val: 382312662
    Lid: 45169   StoreEc: 0x824    
    Lid: 44273 
    Lid: 59431   EMSMDB.EcDoConnectEx called [length=140]
    Lid: 34855   EMSMDB.EcDoConnectEx returned [ec=0x824][length=56][latency=0]
    Lid: 59505   StoreEc: 0x824    
    Lid: 25964   StoreEc: 0x824    
    Lid: 36081 
    Lid: 52465   StoreEc: 0x80040115
    Lid: 60065 
    Lid: 33777   StoreEc: 0x80040115
    Lid: 59805 
    Lid: 52209   StoreEc: 0x80040115
    Lid: 56583 
    Lid: 52487   StoreEc: 0x80040115
    Lid: 19778 
    Lid: 27970   StoreEc: 0x80040115
    Lid: 17730 
    Lid: 25922   StoreEc: 0x80040115
Exception level: 1
Exception stack trace:    at Microsoft.Mapi.MapiExceptionHelper.ThrowIfError(String message, Int32 hresult, SafeExInterfaceHandle iUnknown, Exception innerException)
   at Microsoft.Mapi.ExRpcConnection.Create(ConnectionCache connectionCache, ExRpcConnectionCreateFlag createFlags, ConnectFlag connectFlags, String serverDn, String userDn, String user, String domain, String password, String httpProxyServerName, Int32 ulConMod, Int32 lcidString, Int32 lcidSort, Int32 cpid, Int32 cReconnectIntervalInMins, Int32 cbRpcBufferSize, Int32 cbAuxBufferSize, Client xropClient, Byte[] clientSessionInfo, TimeSpan connectionTimeout)
   at Microsoft.Mapi.MapiStore.OpenMapiStore(String serverDn, String userDn, String mailboxDn, Guid guidMailbox, Guid guidMdb, String userName, String domainName, String password, String httpProxyServerName, ConnectFlag connectFlags, OpenStoreFlag storeFlags, CultureInfo cultureInfo, Boolean wantRedirect, String& correctServerDN, ClientIdentityInfo clientIdentity, String applicationId, Client xropClient, Boolean wantWebServices, Byte[] clientSessionInfo, TimeSpan connectionTimeout)
   at Microsoft.Mapi.MapiStore.OpenMailbox(String serverDn, String userDn, Guid guidMailbox, Guid guidMdb, String userName, String domainName, String password, ConnectFlag connectFlags, OpenStoreFlag storeFlags, CultureInfo cultureInfo, WindowsIdentity windowsIdentity, String applicationId)
   at Microsoft.Exchange.Data.Storage.MailboxSession.ForceOpen(MapiStore linkedStore)
--- Exception end ---
Error 1:

ErrorTimeStamp:
18/01/2017 7:31:45 PM
Exception:
--- Exception start ---
Exception type: Microsoft.Exchange.Data.Storage.ConnectionFailedTransientException
Exception message: Cannot open mailbox /o=exchange/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=sfso.
Exception level: 0
Exception stack trace:    at Microsoft.Exchange.Data.Storage.MailboxSession.ForceOpen(MapiStore linkedStore)
   at Microsoft.Exchange.Data.Storage.MailboxSession.Initialize(MapiStore linkedStore, LogonType logonType, ExchangePrincipal owner, DelegateLogonUser delegateUser, Object identity, OpenMailboxSessionFlags flags, GenericIdentity auxiliaryIdentity)
   at Microsoft.Exchange.Data.Storage.MailboxSession.<>c__DisplayClass12.b__10(MailboxSession mailboxSession)
   at Microsoft.Exchange.Data.Storage.MailboxSession.InternalCreateMailboxSession(LogonType logonType, ExchangePrincipal owner, CultureInfo cultureInfo, String clientInfoString, IAccountingObject budget, Action`1 initializeMailboxSession, InitializeMailboxSessionFailure initializeMailboxSessionFailure)
   at Microsoft.Exchange.Data.Storage.MailboxSession.CreateMailboxSession(LogonType logonType, ExchangePrincipal owner, DelegateLogonUser delegateUser, Object identity, OpenMailboxSessionFlags flags, CultureInfo cultureInfo, String clientInfoString, PropertyDefinition[] mailboxProperties, IList`1 foldersToInit, GenericIdentity auxiliaryIdentity, IAccountingObject budget)
   at Microsoft.Exchange.Data.Storage.MailboxSession.ConfigurableOpen(ExchangePrincipal mailbox, MailboxAccessInfo accessInfo, CultureInfo cultureInfo, String clientInfoString, LogonType logonType, PropertyDefinition[] mailboxProperties, InitializationFlags initFlags, IList`1 foldersToInit, IAccountingObject budget)
   at Microsoft.Exchange.Data.Storage.MailboxSession.Open(ExchangePrincipal mailboxOwner, WindowsPrincipal authenticatedUser, CultureInfo cultureInfo, String clientInfoString, Boolean wantCachedConnection)
   at Microsoft.Exchange.Data.Storage.MailboxSession.Open(ExchangePrincipal mailboxOwner, WindowsPrincipal authenticatedUser, CultureInfo cultureInfo, String clientInfoString)
   at Microsoft.Exchange.AirSync.Command.OpenMailboxSession(AirSyncUser user, Boolean shouldUseBudget)
   at Microsoft.Exchange.AirSync.Command.WorkerThread()
Inner exception follows...
Exception type: Microsoft.Mapi.MapiExceptionNetworkError
Exception message: MapiExceptionNetworkError: Unable to make connection to the server. (hr=0x80040115, ec=-2147221227)
Diagnostic context:
    ......
    Lid: 13720   dwParam: 0x6D9      Msg: EEInfo: Flags: 0
    Lid: 11672   dwParam: 0x6D9      Msg: EEInfo: NumberOfParameters: 4
    Lid: 8856    dwParam: 0x6D9      Msg: EEInfo: prm[0]: Unicode string: ncacn_ip_tcp
    Lid: 8856    dwParam: 0x6D9      Msg: EEInfo: prm[1]: Unicode string: EXCHANGE2010.domain.local
    Lid: 12952   dwParam: 0x6D9      Msg: EEInfo: prm[2]: Long val: -545057711
    Lid: 12952   dwParam: 0x6D9      Msg: EEInfo: prm[3]: Long val: 382312662
    Lid: 45169   StoreEc: 0x824    
    Lid: 44273 
    Lid: 59431   EMSMDB.EcDoConnectEx called [length=133]
    Lid: 34855   EMSMDB.EcDoConnectEx returned [ec=0x824][length=56][latency=0]
    Lid: 59505   StoreEc: 0x824    
    Lid: 25964   StoreEc: 0x824    
    Lid: 36081 
    Lid: 52465   StoreEc: 0x80040115
    Lid: 60065 
    Lid: 33777   StoreEc: 0x80040115
    Lid: 59805 
    Lid: 52209   StoreEc: 0x80040115
    Lid: 56583 
    Lid: 52487   StoreEc: 0x80040115
    Lid: 19778 
    Lid: 27970   StoreEc: 0x80040115
    Lid: 17730 
    Lid: 25922   StoreEc: 0x80040115
Exception level: 1
Exception stack trace:    at Microsoft.Mapi.MapiExceptionHelper.ThrowIfError(String message, Int32 hresult, SafeExInterfaceHandle iUnknown, Exception innerException)
   at Microsoft.Mapi.ExRpcConnection.Create(ConnectionCache connectionCache, ExRpcConnectionCreateFlag createFlags, ConnectFlag connectFlags, String serverDn, String userDn, String user, String domain, String password, String httpProxyServerName, Int32 ulConMod, Int32 lcidString, Int32 lcidSort, Int32 cpid, Int32 cReconnectIntervalInMins, Int32 cbRpcBufferSize, Int32 cbAuxBufferSize, Client xropClient, Byte[] clientSessionInfo, TimeSpan connectionTimeout)
   at Microsoft.Mapi.MapiStore.OpenMapiStore(String serverDn, String userDn, String mailboxDn, Guid guidMailbox, Guid guidMdb, String userName, String domainName, String password, String httpProxyServerName, ConnectFlag connectFlags, OpenStoreFlag storeFlags, CultureInfo cultureInfo, Boolean wantRedirect, String& correctServerDN, ClientIdentityInfo clientIdentity, String applicationId, Client xropClient, Boolean wantWebServices, Byte[] clientSessionInfo, TimeSpan connectionTimeout)
   at Microsoft.Mapi.MapiStore.OpenMailbox(String serverDn, String userDn, Guid guidMailbox, Guid guidMdb, String userName, String domainName, String password, ConnectFlag connectFlags, OpenStoreFlag storeFlags, CultureInfo cultureInfo, WindowsIdentity windowsIdentity, String applicationId)
   at Microsoft.Exchange.Data.Storage.MailboxSession.ForceOpen(MapiStore linkedStore)
--- Exception end ---
Error 2:

ErrorTimeStamp:
18/01/2017 7:31:45 PM
Exception:
--- Exception start ---
Exception type: Microsoft.Exchange.Data.Storage.ConnectionFailedTransientException
Exception message: Cannot open mailbox /o=exchange/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=sfso.
Exception level: 0
Exception stack trace:    at Microsoft.Exchange.Data.Storage.MailboxSession.ForceOpen(MapiStore linkedStore)
   at Microsoft.Exchange.Data.Storage.MailboxSession.Initialize(MapiStore linkedStore, LogonType logonType, ExchangePrincipal owner, DelegateLogonUser delegateUser, Object identity, OpenMailboxSessionFlags flags, GenericIdentity auxiliaryIdentity)
   at Microsoft.Exchange.Data.Storage.MailboxSession.<>c__DisplayClass12.b__10(MailboxSession mailboxSession)
   at Microsoft.Exchange.Data.Storage.MailboxSession.InternalCreateMailboxSession(LogonType logonType, ExchangePrincipal owner, CultureInfo cultureInfo, String clientInfoString, IAccountingObject budget, Action`1 initializeMailboxSession, InitializeMailboxSessionFailure initializeMailboxSessionFailure)
   at Microsoft.Exchange.Data.Storage.MailboxSession.CreateMailboxSession(LogonType logonType, ExchangePrincipal owner, DelegateLogonUser delegateUser, Object identity, OpenMailboxSessionFlags flags, CultureInfo cultureInfo, String clientInfoString, PropertyDefinition[] mailboxProperties, IList`1 foldersToInit, GenericIdentity auxiliaryIdentity, IAccountingObject budget)
   at Microsoft.Exchange.Data.Storage.MailboxSession.ConfigurableOpen(ExchangePrincipal mailbox, MailboxAccessInfo accessInfo, CultureInfo cultureInfo, String clientInfoString, LogonType logonType, PropertyDefinition[] mailboxProperties, InitializationFlags initFlags, IList`1 foldersToInit, IAccountingObject budget)
   at Microsoft.Exchange.Data.Storage.MailboxSession.Open(ExchangePrincipal mailboxOwner, WindowsPrincipal authenticatedUser, CultureInfo cultureInfo, String clientInfoString, Boolean wantCachedConnection)
   at Microsoft.Exchange.Data.Storage.MailboxSession.Open(ExchangePrincipal mailboxOwner, WindowsPrincipal authenticatedUser, CultureInfo cultureInfo, String clientInfoString)
   at Microsoft.Exchange.AirSync.Command.OpenMailboxSession(AirSyncUser user, Boolean shouldUseBudget)
   at Microsoft.Exchange.AirSync.Command.WorkerThread()
Inner exception follows...
Exception type: Microsoft.Mapi.MapiExceptionNetworkError
Exception message: MapiExceptionNetworkError: Unable to make connection to the server. (hr=0x80040115, ec=-2147221227)
Diagnostic context:
    ......
    Lid: 13720   dwParam: 0x6D9      Msg: EEInfo: Flags: 0
    Lid: 11672   dwParam: 0x6D9      Msg: EEInfo: NumberOfParameters: 4
    Lid: 8856    dwParam: 0x6D9      Msg: EEInfo: prm[0]: Unicode string: ncacn_ip_tcp
    Lid: 8856    dwParam: 0x6D9      Msg: EEInfo: prm[1]: Unicode string: EXCHANGE2010.domain.local
    Lid: 12952   dwParam: 0x6D9      Msg: EEInfo: prm[2]: Long val: -545057711f
    Lid: 12952   dwParam: 0x6D9      Msg: EEInfo: prm[3]: Long val: 382312662
    Lid: 45169   StoreEc: 0x824    
    Lid: 44273 
    Lid: 59431   EMSMDB.EcDoConnectEx called [length=133]
    Lid: 34855   EMSMDB.EcDoConnectEx returned [ec=0x824][length=56][latency=0]
    Lid: 59505   StoreEc: 0x824    
    Lid: 25964   StoreEc: 0x824    
    Lid: 36081 
    Lid: 52465   StoreEc: 0x80040115
    Lid: 60065 
    Lid: 33777   StoreEc: 0x80040115
    Lid: 59805 
    Lid: 52209   StoreEc: 0x80040115
    Lid: 56583 
    Lid: 52487   StoreEc: 0x80040115
    Lid: 19778 
    Lid: 27970   StoreEc: 0x80040115
    Lid: 17730 
    Lid: 25922   StoreEc: 0x80040115
Exception level: 1
Exception stack trace:    at Microsoft.Mapi.MapiExceptionHelper.ThrowIfError(String message, Int32 hresult, SafeExInterfaceHandle iUnknown, Exception innerException)
   at Microsoft.Mapi.ExRpcConnection.Create(ConnectionCache connectionCache, ExRpcConnectionCreateFlag createFlags, ConnectFlag connectFlags, String serverDn, String userDn, String user, String domain, String password, String httpProxyServerName, Int32 ulConMod, Int32 lcidString, Int32 lcidSort, Int32 cpid, Int32 cReconnectIntervalInMins, Int32 cbRpcBufferSize, Int32 cbAuxBufferSize, Client xropClient, Byte[] clientSessionInfo, TimeSpan connectionTimeout)
   at Microsoft.Mapi.MapiStore.OpenMapiStore(String serverDn, String userDn, String mailboxDn, Guid guidMailbox, Guid guidMdb, String userName, String domainName, String password, String httpProxyServerName, ConnectFlag connectFlags, OpenStoreFlag storeFlags, CultureInfo cultureInfo, Boolean wantRedirect, String& correctServerDN, ClientIdentityInfo clientIdentity, String applicationId, Client xropClient, Boolean wantWebServices, Byte[] clientSessionInfo, TimeSpan connectionTimeout)
   at Microsoft.Mapi.MapiStore.OpenMailbox(String serverDn, String userDn, Guid guidMailbox, Guid guidMdb, String userName, String domainName, String password, ConnectFlag connectFlags, OpenStoreFlag storeFlags, CultureInfo cultureInfo, WindowsIdentity windowsIdentity, String applicationId)
   at Microsoft.Exchange.Data.Storage.MailboxSession.ForceOpen(MapiStore linkedStore)
--- Exception end ---
errorCount=3, backingOff=True".



I know there are a few causes of this error however in my instance it was due to Microsoft Exchange Replication Service not started.  The service had been misconfigured to run as a service account with invalid credentials.

Setting it back to local system resolved the issue and getting the customer back online.

The Active Sync service queries "Active Manager" which is part of the Exchange Replication Service to determine where the users active mailbox copy in a DAG resides - and still follows this model even if your not using DAG's in your environment.  Hence if Active Manager is not available, no one can locate their Active Mailbox.

Tuesday, January 17, 2017

Out of Office Messages Interval on Exchange Server

I had a customer raise an interesting request.  They wanted to know if it was possible to change the amount of Out of Office messages which are sent to external and internal recipients after a user activates OOF.

After checking this matter with fellow MVP's in Exchange Server, this is what was determined.

Exchange Server does not put a delay in place between Out of Office messages.  When OOF is enabled on a mailbox, it creates a list stored on the mailbox containing all recipients which have received the OOF message.

Exchange only sends One (1) OOF message to internal and external recipients.

This list maintained on each mailbox is reset when OOF is disabled on the mailbox and re-enabled.

There is no easy way using native tools provided with Exchange to modify this functionality.  It would be possible however to clear the OOF lists on mailboxes on a schedule through creating an external script.

Hope this information has been useful.