Microsoft Exchange 2007 How to find what is inside Mailbox Database from Shell

In this Article, We are checking various options from the Exchange Management Shell

To avoid any Permission issue, Run Exchange Management Shell "Run As" Administrator or Account with Full Admin rights

How to find Mailbox Database
[PS] C:\>Get-mailboxDatabase

How to find Mailbox Database
[PS] C:\>Get-mailboxDatabase | FL Name, StorageGroup, Mounted, BackupInProgress, OnlineMaintenanceInProgress

How to find Mailbox Database
[PS] C:\>Get-mailboxDatabase -id "Name of the DB" | Get-Mailbox

How to find which Mailbox belongs to which Database
[PS] C:\Documents and Settings\Administrator>Get-mailbox | FL Name, Database

How to find list of the Mailboxes in Database
[PS] C:\>Get-mailbox -database "Database name" 

How to find Total number of Storage group 
[PS] C:\>Get-StorageGroup 

How to find list of the Mailboxes in Database
[PS] C:\>Get-mailbox -database "Database name" 


How to find list of the Mailboxes in Database
[PS] C:\>Mount-Database -Id "E2k7\RSG\"Mailbox Database" 

Understanding CCR log files
http://blogs.technet.com/b/timmcmic/archive/2009/09/21/log-files-required-to-be-copied-after-an-update-storagegroupcopy-re-seed-has-been-successfully-completed.aspx

Creating bulk users from Exchange management shell

Original script From : Script to download


When you have downloaded and extracted the scripts to your server – open a Powershell Console and navigate to the location where they are located – when there type in:

.\CreateUsersFromCSV.ps1

LabUsers01

When the script executes you will be presented with a Windows “Open” dialog box – navigate to the location where you extracted the files and then choose the sample CSV – see below;

LabUsers02

The script will then execute creating each user in your Active Directory Lab environment – the Default password is “Password1” – see below;

LabUsers03

When the script has completed – open Active Directory Users and Computers – you will see a new OU called “ExchangeUsers” – within this OU are the new accounts that you can play with – see below;

LabUsers04

Enable the users using Power Shell

Get-User -Filter {Department -Like 8* -And RecipientType -eq User} | % { Enable-MailUser $_ -externalEmailAddress $($_.name)@angrytech.com}

Another Script
-------------------------------
Get-User | Where-Object{$_.RecipientType –eq “User”}
Get-User –OrganizationalUnit People | Where-Object{$_.RecipientType –eq “User”}
get-user –organizationalUnit people | where-object{$_.RecipientType –eq “User” -and $_.department –eq “Sales”}
get-user –organizationalUnit people | where-object {$_.RecipientType –eq “User” -and $_.department –eq “Sales”} | Enable-Mailbox –Database “EXCHANGE1\Mailbox Database” | get-mailbox | select name,windowsemailaddress,database


Steps
From the powershell, run the .\CreateUsersFromCSV.ps1
and the confirm the user from Get-User in Active directory at OU=ExchangeUsers and in the below Exchange shell command rename -OrganizationalUnit People
Get-user –organizationalUnit people | where-object {$_.RecipientType –eq “User” -and $_.department –eq “Sales”} | Enable-Mailbox –Database “EXCHANGE1\Mailbox Database” | get-mailbox | select name,windowsemailaddress,database

Run the command from Shell
get-mailbox | fl name, database and from the resultant replace the Database after Enable-Mailbox -Database ""

So the new command would be
get-user –organizationalUnit ExchangeUsers | where-object {$_.RecipientType –eq “User” -and $_.department –eq “Sales”} | Enable-Mailbox –Database “E2K7\First Storage Group\Mailbox Database” | get-mailbox | select name,windowsemailaddress,database


Here OrganizationUnit is the location from ADUC where Exchange users created
and E2K7\First Storage Group\Mailbox Database is an example from my E2k7 DB

Post Installing KB 2837618 2768005 Unable to set out of office settings, free busy contains no information

Issue : 
--------------------
After installing KB on Outlook 2013, users are complaining that they are unable to set "Out of Settings" and can't schedule Free busy information after Installing November Security Patches

but Owa users can set OOF and schedule meetings

Error:
---------------------
 "Your server location could not be determined."


WorkAround
---------------------
Creation of new profile while update 2768005 and 2837618 installed on the system, didn't working either, you need to remove both of the update and then create a new Outlook Profile.

Lots of users are complaining about this issue on Outlook 2013 with Exchange 2007.

Alternately Quit Outlook and try setting OOF from OWA and log back into Outlook and check if this settings can resolve the issue


There is no update released as far of now, wait for Microsoft to update about this issue in newer patch or update

Current issue on Technet http://social.technet.microsoft.com/Forums/en-US/827a12f0-c785-43df-a71f-0b21aeffa176/outlook-2013-freebusy-fails-after-updates?forum=officeitpro

Download Log parser

Download log parser from below link

Log Parser Studio

Microsoft Log Parser

Inspirational Quotes

“Experience life in all possible ways –good-bad, bitter-sweet, dark-light, summer-winter. Experience all the dualities. Don’t be afraid of experience, because the more experience you have, the more mature you become.”
- Osho

Continuous effort—not strength or intelligence—is the key to unlocking our potential.
- Winston Churchill

In order to grow, you must give up the struggle to remain the same, and learn to embrace change at all times.
–Michael A.  Singer


“if we do what we resolve to do then we can enjoy unlimited success” –Amit Malviya

"Focus on where you want to go, not on what you fear." - Anthony Robbins



Some of my suggestions are easier said than done. Just try. The intention is more important than immediate success. - Dr. Brian Weiss


"It's determination and commitment to an unrelenting pursuit of your goal that will enable you to attain the success you seek."


"Sooner or later, those who win are those who think they can." - Richard Bach

People only treat you one way …… the way you allow them

एक छुपी हुई पहचान रखता हूँ, बाहर शांत हूँ, अंदर तूफान रखता हूँ, 

रख के तराजू में अपने दोस्त की खुशियाँ, दूसरे पलड़े में मैं अपनी 

जान रखता हूँ।

One night a father overheard his son pray: Dear God, Make me the kind of man my Daddy is. Later that night, the Father prayed: Dear God, Make me the kind of man my son wants me to be.

- Anonymous


The 3 C’s of life: You must make a choice to take a chance or your life will never change

Bulk Mailbox Script

ForEach ($mailbox in $mailbox) {Enable-Mailbox -Identity $Mailbox.Identity -Database $Mailbox.Database}

SAVE THIS AS C:\ENABLEBOX.PS1
NEXT: Run the Script
Go to Exchange Management Shell
You can change the directory to the root by typing cd\ then hit Enter (NOTE: If you just typed the words "then hit Enter" you do not belong working on servers)

Then type: ./enablebox.ps1

Just in case you want to enable archive for all users in the csv add this to the above script. 
Add <| Enable-Mailbox –Archive -ArchiveDatabase "<enter archive db name here>"}> Shown below in its entirety. 

$mailbox=import-csv C:\<filename>.CSV
ForEach ($mailbox in $mailbox) {Enable-Mailbox -Identity $Mailbox.Identity -Database $Mailbox.Database | Enable-Mailbox –Archive -ArchiveDatabase "<enter archive db name here>"}



Reference : Mailbox Script

Unable to Mount Exchange 2010 Database on Hyper-V Guest MapiExceptionJetErrorOutOfMemory: Unable to mount database

Issue : On Exchange 2010 DAG database are not mounting

Error :
Couldn't mount the database that you specified. Specified database: DB1; Error code: An Active Manager operation failed with a transient error. Please retry the operation. Error: A transient error occurred during discovery of the database availability group topology. Error: Database action failed with transient error. Error: A transient error occurred during a database operation. Error: MapiExceptionJetErrorOutOfMemory: Unable to mount database. 

Resolution : 
In Hyper-V, Shutdown the Exchange VM to reset the Memory to multiple of 1024.
I reset the memory to 4096 MB and start the Exchange VM.
Now able to mount the Database.

Your Out of Office settings cannot be displayed, because the server is currently unavailable. Try again later

Issue
==================
Users from Outlook 2010, unable to set OOF, no issues from OWA

"Your Out of Office settings cannot be displayed, because the server is currently unavailable. Try again later"

Environment
=======================
Exchange server 2010 Sp2
Outlook 2007 


Troubleshooting steps
======================
1. Check for Address book service to ensure that connectivity for Autodiscover is fine 
2. Check for Autodiscover status from Outlook machine. Click on URL to check "Test Connectivity"
3. On Exchange server, Check Autodiscover Virtual Directory
It can be check from EMC or EMS 

Get-AutodiscoveryVirtualDirectory -id "Autodiscover (Default Web Site)" | FL *URL*
and check for both InternalURL and ExternalURL




For reference, Autodiscover FQDN URL are listed as below. Outlook Client will try to Access URLs from Internet in following order

• https://domainname.com/autodiscover/autodiscover.xml
• https://autodiscover.domainname.com/autodiscover/autodiscover.xml

To Set the Autodiscover from Exchange server

Ran the below commands on the server:
Set-ClientAccessServer -Identity CAS_Server_Name -AutodiscoverServiceInternalUri https://mail.domainname.com/autodiscover/autodiscover.xml

Set-WebServicesVirtualDirectory -Identity "CAS_Server_Name\EWS (Default Web Site)" -InternalUrl https://mail.domainname.com/ews/exchange.asmx

Set-OABVirtualDirectory -Identity "CAS_Server_name\oab (Default Web Site)" -InternalUrl https://mail.domainname.com/oab

Spoofed Address

Resolve Spoofed Address Issue

ms-Exch-SMTP-Accept-Authoritative-Domain-Sender permission on the default receive connector

Get-ReceiveConnector 'Default E2' | Remove-ADPermission -user 'NT AUTHORITY\ANONYMOUS LOGON' -ExtendedRights 'ms-Exch-SMTP-Accept-Authoritative-Domain-Sender'

or
Add-ADPermission –Identity “Default internal receive connector SPARTAN" –Deny –User “NT Authority\Anonymous Logon" –ExtendedRights ms-exch-smtp-accept-authoritative-domain-sender

or
Get-ReceiveConnector "Default ReceiveConnector" | Get-ADPermission -user "NT AUTHORITY\Anonymous Logon" | where {$_.ExtendedRights -like "ms-exch-smtp-accept-authoritative-domain-sender"} | Remove-ADPermission

Uncheck the Bypass Antispam for Authenticated user for Default Receive connector from ADSIEDIT.msc 

We run the command from the Set-SenderIdConfig -InternalMailEnabled $True and 
Set-SenderfilterConfig -InternalMailEnabled $True 

Restart the Transport service



Definition
==========
Sender ID Sender ID verifies that each e-mail message originates from the 
Internet domain from which the message claims to come by examining the sender's IP 
address and comparing the IP address to the Sender ID record in the sender's public 
Domain Name System (DNS) server. The Sender ID record in the sender's public DNS 
server is the sender policy framework (SPF) record. The SPF defines the IP 
addresses that are authorized to send messages for the domain in which the SPF 
record resides. When the receiving system queries the SPF record, and a "Pass" 
status is returned, the receiving system has a higher assurance that the message is 
not being spoofed by an illegitimate sender.
You can specify how the Sender ID agent handles temporary errors, such as DNS 
failures, when it performs an SPF query. 

For more information, see Sender IDSender ID 

Brief Info about Checksum Offload

Brief Info about Checksum Offload
----------------------------------------------
When data comes in through a network, it's "checksummed," meaning the data is checked against a checksum (or validation code) in the headers in the packets it was delivered in. If the data and checksum don't match, the packet is determined to be bad and has to be retransmitted. 

To speed things up, some network cards can "offload" the checksumming, i.e., perform the checksumming on the network card itself, rather than leave the job to the CPU. This frees up the CPU to do that much more work on its own and on a server with extremely high network throughput that much CPU savings can add up. 

Windows 2003 Server and Windows 2008 server both have driver-level support for checksum offloading in many network cards (that is, when the card itself also supports it). However, sometimes this causes the network link on the computer in question to drop unexpectedly. And you may experience communication issues with DCs, GCs and clients.

===============================================================

from : Disable checksum offloading to resolve network slowdown caused by Windows Firewall

Netstat

NETSTAT
=======
netstat -s   //shows packet information
netstat -arn // Persistant routes.
netstat
netstat -a
netstat -ano
netstat -abo
Route Print 

Belos is the Example to filter port 25 for TCP
netstat -an |file ":25" | file "TCP"

Disable SMTP on Cisco firewall

Log on to the PIX device by establishing a telnet session or by using the console. 

Type enable, and then press ENTER. 
When you are prompted, type your password, and then press ENTER. 
Type "configure" terminal, and then press ENTER. 
Type "no fixup protocol smtp 25" , and then press ENTER. 
Type "write memory", and then press ENTER. 
Restart the PIX device, or reload the PIX configuration.

Please use above command carefully on your responsibility.

Exchange Attributes

Important attributes for Exchange server

from : XCON: Attributes Required to Route Messages Through the Categorizer

Legacyexchangedn
Homemdb
Homemta
mailNickname
proxyAddresses
msExchHomeServerName
msExchMailboxSecurityDescriptor
msExchMailboxGuid

PORT

PORT
=====
Port 25; Simple Mail Transfer Protocol (SMTP) 465 (SSL)

DNS 53; TCP & UDP 

Port 80; Hypertext Transfer Protocol (HTTP) 

Port 88; Kerberos TCP & UDP 

Port 102; Message Transfer Agent (MTA) 

Port 110; Post Office Protocol v3 (POP3) (995, SSL)

Port 119; Network News Transfer Protocol (NNTP) 

Port 135; Exchange administration, RPC, client server communication   
RPC 135, 445 & all 1024+ port TCP 

Port 143, Internet Message Access Protocol version 4 (IMAP4) 

Port 389, Lightweight Directory Application Protocol (LDAP) TCP & UDP 

Port 443, HTTP using Secure Sockets Layer (SSL) 

port 465 (ssmtp), 

Port 563, NNTP using Secure Sockets Layer (SSL) 

Port 636, LDAP using Secure Sockets Layer (SSL) 

Port 691, Link State T

Port 993, IMAP4 using Secure Sockets Layer (SSL) 

Port 995, POP3 using Secure Sockets Layer (SSL) 

Port 3268 – Port 3269; Global catalog lookups 


On Exchange Server
=======================
CAS server to CAS server = TCP 80 and TCP 443
Hub server to Hub server = TCP_25
Hub server to Mailbox server = Ephermal port i.e Dynamic TCP port (1024-65535)
Mailbox server to Mailbox Server  = TCP 135, Dynamic TCP (1024-65535), UDP 3343, TCP 64327

NSlookup

Here are the few Examples for using NSLookup

nslookup -q=a "IP.domain.com"
Eg. nslookup -q=a "1.1.1.1.bl.spamcop.net"

In above examples, i am using bl.spamcop.net as an example and if you want to test with any other domain, use IP along with domain name.

set vc   // for tcp queries
server <10.2.124.133>

nslookup q=ptr
> type IP address to check whether IP address has reverse IP

in the same way you can change the query type to mx, a, txt,ns

q=mx //to query about MX record of the domain
q=a    //All
q=txt // TXT record
q=ns //name server 


Other tools can be used
--------------------------------
c:\> ARP -a 
c:\> Route Print

c:\> pathping -4 microsoft.com  (Microsoft.com domain is used as an Example)

Microsoft Exchange server 2003 Queues listing

from : How to use Queue Viewer to troubleshoot mail flow issues in Exchange server 2003

Queue: Messages pending submission
Queue: Messages awaiting directory lookup
Queue: Messages waiting to be routed
Queue: Local delivery (the domain name may appear) 
Queue: Remote delivery queue 
Queue: Messages with an unreachable destination
Queue: Messages queued for deferred delivery
Queue: DSN messages pending submission
Queue: Failed message retry
Queue: Failed message retry
Queue: PendingRerouteQ (X.400)

Exchange Technet links

Managing Connectors
http://technet.microsoft.com/en-us/library/bb125128.aspx

Send Connectors
http://technet.microsoft.com/en-us/library/aa998662.aspx

Configuring Exchange 2007 Hub Transport role to receive Internet mail 
http://msexchangeteam.com/archive/2006/11/17/431555.aspx

How to Configure Connectors for Internet Mail Flow
http://technet.microsoft.com/en-us/library/aa998212.aspx

Exchange Server 2007 Recipient Policies and Accepted Domains 
http://msexchangeteam.com/archive/2006/11/16/431531.aspx

Exchange Server 2007 recipient management one-liners 
http://msexchangeteam.com/archive/2006/09/05/428833.aspx

How to Modify an SMTP E-Mail Address by Using Recipient Policies
http://support.microsoft.com/kb/822447

How to customize the SMTP e-mail address generators through recipient policies
http://support.microsoft.com/kb/285136

Recipient Policies
http://msdn.microsoft.com/en-us/library/aa580723.aspx

Troubleshooting the Recipient Update Service in Exchange Server 2003 and Exchange 2000 Server
http://support.microsoft.com/kb/288807

Tools and parameter

NETMON PARAMETER
Ethereal  - smtp.rsp.parameter contains "Authentication unsuccessful"

NetMon ipv4.Address == 10.0.0.5 and ipv4.Address == 10.0.0.2

wireshark (ip.addr eq 10.0.0.5 and ip.addr eq 10.0.0.2)

experfwiz from
http://archive.msdn.microsoft.com/ExPerfwiz

Example
.\experfwiz.ps1 -server <Server FQDN> -interval 5 -filepath C:\Logs

Procdump
http://technet.microsoft.com/en-us/sysinternals/dd996900 

Syntax

=========

procdump.exe -ma -n <number of dumps> -s <number> -accepteula <servicename>.exe c:\dumps\<nameof the dump file>.dmp 

TOOLS
ExTrace.exe -v -c xx.etl >output.txt
aqadmcli.exe
delmsg flags=sender,sender=sender@domain_name.com
Ran aspnet_regiis -i from the \WINDOWS\Microsoft.NET\Framework\v2.0.50727 folder the issue was resolved.
Running ASPNET_REGIIS.EXE –i resolved the issue

Command to check SPN
----------------------------------------
ldifde -t 3268 -d "" -p subtree -r "(serviceprincipalname=*)" -f spn.txt

IIS BOX
========

Outbound : IIS box's IP should be added in the relay in the Exchange server box
Exchange server --> IIS box --> Internet
@IIS
Inbound : Remote domain

SBS SERVER 2003
====================================
How to troubleshoot the POP3 Connector in Windows Small Business Server 2003
http://support.microsoft.com/?scid=kb;en-us;885685&x=9&y=13

E-mail to external recipients with the same e-mail domain causes NDR messages when using the POP3 Connector
http://support.microsoft.com/kb/300681

Exchange Server Connector for POP3 Mailboxes deliver multiple copies of messages
http://support.microsoft.com/kb/264249

Enable logging from EMC (few eg.)
=====================
Get-EventlogLevel "MSExchange ADAccess" | Set-EventlogLevel -Level Lowest
Get-EventlogLevel "MSExchange Common" | Set-EventlogLevel -Level Lowest

Get-EventlogLevel "MSExchange ADAccess" | Set-EventlogLevel -Level Lowest


variable can be used as 
MSExchange Common\General                                                                                  Expert    
MSExchange Common\Configuration                                                                         Expert    
MSExchange Common\Logging                                                                                  Expert
MSExchange Configuration Cmdlet - Management Console\General                         Expert    
MSExchange Configuration Cmdlet - Management Console\RBAC                            Expert    
MSExchange ADAccess\General                                                                             Expert    
MSExchange ADAccess\Cache                                                                                Lowest    
MSExchange ADAccess\Topology                                                                           Expert    
MSExchange ADAccess\Configuration                                                                    Expert    
MSExchange ADAccess\LDAP                                                                                 Expert    
MSExchange ADAccess\Validation                                                                         Expert

MSExchange ADAccess\Site Update                                                                      Expert    

Image compression software
=======================
http://compressnow.com/        //it compresses the file to the % of the file

Active directory troubleshooting

Active directory troubleshooting
===========================


1. Run and post: netdom query dc

2. Run and post: repadmin /replsum

3. Run and post: ipconfig /all (on all DCs listed in #1)

4. dcdiag /test:dns /v > dnsdiag.txt

5.C:\Windows\system32>sc query rpcss

LDIFDE

LDIFDE example

c:\>ldifde -f delegates.txt -d "ou=users,dc=domain,dc=com" -l name,publicDelegates,publicDelegatesBL -r "(|(publicDelegates=*)(publicDelegatesBL=*))"

Outlook "Test E-mail Autoconfiguration" and "Connection Status"

"Test E-mail Autoconfiguration" for outlook


1. Hold Control Key and Right click outlook icon bottom right of the task bar. It might be possible that Outlook Icon is hidden in Notification bar. If it is so Click and drag icon into task bar.

2. From Popup-menu Test E-mail Autoconfiguration.

3. Select only “Use AutoDiscover” and then click Test button


Similarly you can check the "Connection Status" to check which GC/CAS/FE server Outlook is connected to.

Here is the Image of both of the Options

List of Microsoft Exchange server's Verb

Exchange verb in my Lab

Exchange 2003's verb (18 verb)
=====================================
220 TEST.lab.local Microsoft ESMTP MAIL Service, Version: 6.0.3790.3959 ready at  Sun, 10 Nov 2013 02:41:11 +0530
ehlo
250-TEST.lab.local Hello [127.0.0.1]
250-TURN
250-SIZE
250-ETRN
250-PIPELINING
250-DSN
250-ENHANCEDSTATUSCODES
250-8bitmime
250-BINARYMIME
250-CHUNKING
250-VRFY
250-X-EXPS GSSAPI NTLM LOGIN
250-X-EXPS=LOGIN
250-AUTH GSSAPI NTLM LOGIN
250-AUTH=LOGIN
250-X-LINK2STATE
250-XEXCH50
250 OK

Exchange 2007's Verb ( 14 verb)
================================
ehlo
250-E2K7.labs.local Hello [::1]
250-SIZE
250-PIPELINING
250-DSN
250-ENHANCEDSTATUSCODES
250-STARTTLS
250-X-ANONYMOUSTLS
250-AUTH NTLM
250-X-EXPS GSSAPI NTLM
250-8BITMIME
250-BINARYMIME
250-CHUNKING
250-XEXCH50
250 XRDST


Exchange 2010's verb (15 verb)
=====================================
220 E2K10.labs.local Microsoft ESMTP MAIL Service ready at Sat, 9 Nov 2013 13:12:46 -0800
ehlo
250-E2K10.labs.local Hello [::1]
250-SIZE
250-PIPELINING
250-DSN
250-ENHANCEDSTATUSCODES
250-STARTTLS
250-X-ANONYMOUSTLS
250-AUTH NTLM
250-X-EXPS GSSAPI NTLM
250-8BITMIME
250-BINARYMIME
250-CHUNKING
250-XEXCH50
250-XRDST
250 XSHADOW

Exchange 2013's verb on Mailbox server's
======================================
220 E15MBX2.labs.local Microsoft ESMTP MAIL Service ready at Wed, 13 Nov 2013 20:51:43 +0530
ehlo
250-E15MBX2.labs.local Hello [::1]
250-SIZE
250-PIPELINING
250-DSN
250-ENHANCEDSTATUSCODES
250-STARTTLS
250-X-ANONYMOUSTLS
250-AUTH NTLM
250-X-EXPS GSSAPI NTLM
250-8BITMIME
250-BINARYMIME
250-CHUNKING
250-XEXCH50
250-XRDST
250 XSHADOWREQUEST



Exchange 2013's verb on CAS server's
======================================

220 E15CAS1.labs.local Microsoft ESMTP MAIL Service ready at Wed, 13 Nov 2013 07:21:31 -0800

ehlo

250-E15CAS1.labs.local Hello [::1]

250-SIZE 37748736

250-PIPELINING

250-DSN

250-ENHANCEDSTATUSCODES

250-STARTTLS

250-X-ANONYMOUSTLS

250-AUTH NTLM

250-X-EXPS GSSAPI NTLM

250-8BITMIME

250-BINARYMIME

250-CHUNKING

250 XRDST

How to Configure Outlook Anywhere from Internet

How to Configure Outlook Anywhere from Internet

If your customer does decide to enable OA externally it is important to note that the external host name value configured for Outlook Anywhere must match the Certificate Principal Name (CPN) on the certificate used by clients and must match the end point property in the client.

In order for Subject Alternate Name (SAN) certificates to be used for clients to connect to the OA service, where the CPN does not match the msstd value configured in the Outlook client profile (but the url is listed in the SAN part of the certificate), certain conditions need to be met, these are listed below:-

• Outlook 2007 or higher
• Vista SP1

Then when you open Outlook you should not longer get the cert error!

Excerpt from : The Name on the security certificate is invalid or does not match the name of the site - PART 2

http://blogs.technet.com/b/danielkenyon-smith/archive/2010/05/13/the-name-on-the-certificate-is-invalid-or-does-not-match-the-name-of-the-site-part-2.aspx

The set of folders cannot be opened Your server administrator has limited the number of items you can open simultaneously

In Outlook 2010 (Exchange 2010) Configured with multiple Mailboxes received error while accessing Mailbox's

"The set of folders cannot be opened. Your server administrator has limited the number of items you can open simultaneously."

In the Event log, Application log on Mailbox server

Error General 9646 MSExchangeIS ExchangeFQDN.domainname.com N/A Mapi session b07d8c58-536d-4e6c-80b2-cd6722433802: /O=ORG/OU=OU/cn=Recipients/cn=Recipientsname" exceeded the maximum of 32 objects of type "session"."

Things need to check

@Outlook

1. Check for 3rd party Add-in to Ms Outlook

. If Outlook is configured in Cached Exchange mode.

. Open Outlook in “Folder list” module on the Navigation Pane to see \Sync Issues

* 2. Check if firewall is causing any connection timeout. (RPC timeout)

check this link New Best Practice for RPC Timeouts in Exchange

3. Check Perfomrance at MBX SERVER

4. Disable TCP Chimney, RSS on Exchange server, if networking is an issue, also confirm with EXBPA

Possible Resolution

1. In Outlook Profile if secondary Mailbox or more Mailboxes added, try removing Mailbox from Outlook Profile. If fewer number of Mailboxes are added then try checking the Mailboxes folder.

*2. Also check for Shared Mailbox if it is enabled, if it is enabled disable it.

To disable Caching of shared folders in Outlook 2010/2013

File > Account Settings > Account setting lists > E-mail tab > "double click" Exchange server Account > in Change account > More settings > Advanced tab > click to clear "Download shared folders" > finish and complete the Wizard and restart the Outlook.

3. If still you want to Cache Shared folders in the secondary Exchange mailbox, remove secondary Mailbox from Account settings and Open Mail item in control panel and Add new account.

4. Check if firewall is between Outlook client and Exchange and causing RPC reset *

5. Here Event id 9646, indicates towards, "Session" limit, so try increasing session value but it may effect Server's performance, increase session size in +3

6. MAPI session Limit disabled 

From Registry Editor (always have backup of Registry key*), goto the location

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSexchangeIS\ParametersSystem

If value "Disable Session Limit" exist then change the value to 1 (Dec) from 0 or else create a new DWORD KEY.

Creating and Renew Exchange certificate from Internal Certificate Authority

Environment in my lab

====================
(Domains used in my lab are fictitious and only for demonstration purpose only)

Domain name : arc.com

DC role : ADC + CA (Certificate Authority is installed on DC) *

CAS/Hub Server Name : ACasHub
Exchange server version : Exchange 2010
Windows version : Windows 2008 R2 Ent

Scenario
================

In my lab, CAS/Hub roles are installed on seperate roles and assuming certificates are going to expired and for that reason, we are going to renew certificate on CAS/Hub server role

Here is the process of Renewing certificate which is Installed on Exchange CAS/HUB server

For the purpose of understanding, I am using Exchange management console to renew the Certificate, We can also use Exchange Management Shell, which i will be covering in next blog.

We need to renew the highlighted “ACASHUB server”. The name of the certificate is “*.arc.com” which is “Self-Signed” and services assigned are “IIS” and “SMTP”

We selected the highlighted services and choose the option “Renew Exchange certificate

Highlighted certificate “*.arc.com” would be using to renew certificate process, Self-Signed Status is showing “False” which means the certificate is been assigned from CA (Internal or 3rd party)

Click on browse on above browse button and select a location on your server to save “ .REQ” Extension file. 

In my lab I am renewing certificate with a name of the Server in folder name “New Exchange Certificate”

this is the REQ file generated by Exchange Server for certification Renew request

After saving file, Please click on RENEW button from the bottom of the Wizard and you would be the End of the confirmation wizard.

After finishing, Certificate wizard, you will find new Certificate for Server “ACasHub” where status is showing “This is a pending certificate signing request (CSR)” and check the services status, which is now “NONE”

And this is REQ file generated by Exchange server for certification renew

certutil -encode c:\renewal.req c:\base64renewal.req 

2nd Part

=======================

there are two process for Enrollment 

(a) Copy the file to CA server and initiate the process of Certificate approval using web

(b) From the Exchange server, you can initiate the process of Certificate approval using web 

In our process, we are copying file *.REQ file to CA

We need to copy the *.REQ file to the CA.

In case of internal CA, you can copy the file into the CA or if it is a 3rd party, you need to follow the URL of their respective services to upload file and get a CERTIFICATE REQUEST file

So now we are at Internal CA, where we copied file “ACasHub.req” from our CAS/Hub server.

Logged into your CA and open Internet Browser and type URL http://servername/certsrv or https:// servername/certsrv, where servername is the name of the Web server hosting the CA Web enrollment pages and this process is known as Request a certificate over the Web

From Here, Select “Request a Certificate” Under “Select a Task”

Now select “Advanced certificate request” and then

In this screen, the file that we copied from our CAS/Hub server, should be opened in a notepad and Highlight the content from Edit Menu “Select All” > Copy the content in the Renewal request page

And paste the content in Based-64-encoded certificate request (CMC or PKCS #10 or PKCS #7) and make sure the “Certificate Template” should be “Web Server”

And then click on Submit

if you need subject alternative names, add in attributes box as

SAN:dns="webmail.test.net"&dns="autodiscover.test.net"&dns="webmail.test.ca"&dns="CAS1""&dns="CAS1.test.ca"

because we are renewing the certificate request, I Kept it as empty

The next page we will be getting is to “Download Certificate”

Here you will find two Radio button “DER encoded” or “Base 64 encoded” and two option of downloading the Certificate  “Download Certificate” and “Download Certificate Chain”

So highlight “Base 64 encoded” and select “Download Certificate” URL

Now you will be prompted to download a file with Extension name “ *.CER “

Save this “ *.CER” file and copy it to the CAS/Hub server

In Exchange Management console, highlight the Certificate that is pending for “Certificate signing request”, Right click > Complete Pending Request > Browse and provide “ *.CER” file that we have downloaded

And now the status of “Exchange certificate” is complete, now as a next step we need to assign services

Highlight the certificate and assign services

In the Assign services to certificate, highlight the CAS/Hub server for which you want to install Certificate.

In case, if CAS and Hub are installed on different box, then for CAS server, Services needs to be assigned would be IIS, POP, IMAP and Hub Transport Service “SMTP” service

And here you can add the list of the server for which you want to assign services to the certificate at once

Here you need to select Services

And next

Here I am assuming that the certificate has been expired on my lab so I would select “Overwrite the existing default SMTP certificate” or else you can select “NO” and as a result it will generate two certificate.

One which we created and another older certificate and later we can delete the older/ expired certificate.

After assigning services to the certificate, restarting Exchange services like for Hub Transport server, Restarting “Ms Exchange Transport” works and most of the from command prompt IISRESET will work.

Or from the services console“

PART 3

==================

How to assign the same certificate to another CAS/Hub server

Part 4 How to backup Certificate

==============

And for backup CA (Internal), you can backup by highlighting Server under “Certification Authority” right click “All Tasks” and then “Backup CA”