Exchange server troubleshooting notes
Take a look at some troubleshooting notes from my vault:
Error: The database was either not found or was not replicated
Issue:
The user receives the following error while trying to execute a seed operation.
Error: Failed to open a log truncation context to source server ‘X2.sampledomain.org’. Hresult: 0xfffffae7. Error: The database was either not found or was not replicated.. [Database: DB4, Server: X1.sampledomain.org]
Failed to open a log truncation context to source server ‘X2.sampledomain.org’.Hresult: 0xfffffae7. Error: The database was either not found or was not replicated.
Exchange Management Shell command attempted:
Add-MailboxDatabaseCopy -Identity ‘DB4’ -MailboxServer ‘EX1’ -ActivationPreference ‘2’
Elapsed Time: 00:00:02
Resolution:
The issue can be solved by deleting the DumpsterInfo registry key from both “Source” and “Target” DAG members. To do that, remove the registry key HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/ExchangeServer/v14/Replay/State/<db-guid>/DumpsterInfo
To find the database GUID – run
Get-MailboxDatabase DB4 | Fl Name, GUID
Remember that you need to perform this step on both Source and Target nodes or it wont work.
Exchange Server error: “The trust relationship between this workstation and the primary domain failed”
********************************************
Issue:
The user receives the following error messages in certain client computers.
The trust relationship between this workstation and the primary domain failed
Resolution:
This kind of error occurs when the exchange server computer account in Active directory was reset. One way to solve this is to disjoin and rejoin the computer to the domain . Another method is to try the follwoing:
Log in to the computer with the issue. Note that logging on to the domain is not possible and hence local admin account may be used.
Execute the following command
netdom.exeresetpwd /s:DCname /ud:domain\username /pd:*
Here, DCName is a domain controller and domain\username should be in the format EXCHGuru\Ratish with permissions to reset computer accounts.
Outlook Does not run after Logon
Issue:
After entering the log in credentials, the user is unable to access outlook. Instead, the log in screen reappears. If the log in is cancelled, the user receives errors like:
- The action cannot be completed.
- The Connection to Microsoft Exchange is unavailable.
- Outlook must be online or connected to complete this action.
Resolution:
This issue occurs if the Microsoft Exchange Address Book service is not running in the exchange server. Ensure that the same is running on your server and try again.
********************************************
Unable to use Remove-ADPermission
Issue:
The user is unable to execute the cmdlet to delete certain users with some permissions from the database. The user tried the following:
[SampleSystem] C:\Windows\System32>Get-ADPermission “mailbox database” | where {$_.user -like “s-*”} | fl
User : S-1-5-21-1499267127-3068409404-2779259215-1104
Identity : SERVER\First Storage Group\Mailbox Database
Deny : True
AccessRights : {ExtendedRight}
ExtendedRights : {Send-As}
IsInherited : True
Properties :
ChildObjectTypes :
InheritedObjectType :
InheritanceType : All
User : S-1-5-21-1499267127-3068409404-2779259215-1104
Identity : SERVER\First Storage Group\Mailbox Database
Deny : True
AccessRights : {ExtendedRight}
ExtendedRights : {Receive-As}
IsInherited : True
Properties :
ChildObjectTypes :
InheritedObjectType :
InheritanceType : All
User : S-1-5-21-1499267127-3068409404-2779259215-1104
Identity : SERVER\First Storage Group\Mailbox Database
Deny : False
AccessRights : {GenericAll}
ExtendedRights :
IsInherited : True
Properties :
ChildObjectTypes :
InheritedObjectType :
InheritanceType : All
[SampleSystem] C:\Windows\System32>Remove-ADPermission “mailbox database” -user “S-1-5-21-1499267127-3068409404-2779259215-1104” -ExtendedRights “send as”
Removing Active Directory permission “mailbox database” for user “S-1-5-21-1499267127-3068409404-2779259215-1104” with access rights “‘send as'”.
Remove-ADPermission : Cannot remove ACE on object “CN=Mailbox Database,CN=First Storage Group,CN=In formationStore,CN=SERVER,CN=Servers,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=First Organization,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=domain,DC=com” for attribute “ExtendedRight (ObjectType: ab721a54-1e2f-11d0-9819-00aa0040529b)” because it is not present.
At line:1 char:20 + Remove-ADPermission<<<< “mailbox database” -user “S-1-5-21-1499267127-3068409404-2779259215-1104” -ExtendedRights “send as”
[SampleSystem] C:\Windows\System32>
Resolution:
The delete operation can be performed from ADSIEdit.
To do this, navigate to:
Adsiedit.msc -> configuration -> services -> Microsoft Exchange ->YourOrgName -> Administrative Groups -> Exchange Administrative Group (FYD…) ->YourServerName ->SGName ->DBName -> Properties -> Security Tab
From there, delete the required user.
The user can also be removed using the cmdlet
Get-MailboxDatabase -identity “SERVERNAME\First Storage Group\Mailbox Database” | Remove-ADPermission -user “S-1-5-21-1499267127-3068409404-2779259215-1104” -ExtendedRights Send-As
********************************************
Cross Forest 2010 – 2013: Failed to reconnect to Active Directory server
Issue:
The user is unable to move from one server to another. User receives following error while trying to move a mailbox.
[Serv] C:\Program Files\Microsoft\Exchange Server\V15\Scripts>New-MoveRequest -Identity “user1@company.local” -RemoteLegacy -TargetDatabase “DB1″ -RemoteGlobalCatalog”dc1ex1.company.local” -RemoteCredential $RemoteCredentials -TargetDeliveryDomain “ex13.domain.internal” -verbose
VERBOSE: [10:13:04.146 GMT] New-MoveRequest : Active Directory session settings for ‘New-MoveRequest’ are: View Entire Forest: ‘False’, Default Scope: ‘domain.internal’, Configuration Domain Controller: ‘ex13.domain.internal’, Preferred Global Catalog: ‘ex13.domain.internal’, Preferred Domain Controllers: ‘{ ex13.domain.internal }’
VERBOSE: [10:13:04.177 GMT] New-MoveRequest :Runspace context: Executing user: domain.internal/Company/Admin, Executing user organization: , Current organization: , RBAC-enabled: Enabled.
VERBOSE: [10:13:04.177 GMT] New-MoveRequest : Beginning processing
VERBOSE: [10:13:04.177 GMT] New-MoveRequest : Instantiating handler with index 0 for cmdlet extension agent “Admin Audit Log Agent”.
VERBOSE: [10:13:04.177 GMT] New-MoveRequest : Searching objects “mailbox database 1655352701” of type “MailboxDatabase” under the root “$null”.
VERBOSE: [10:13:04.177 GMT] New-MoveRequest : Previous operation run on domain controller ‘ex13.domain.internal’.
VERBOSE: [10:13:04.271 GMT] New-MoveRequest : Current ScopeSet is: { Recipient Read Scope: {{, }}, Recipient Write Scopes: {{, }}, Configuration Read Scope: {{, }}, Configuration Write Scope(s): {{, }, }, Exclusive Recipient Scope(s): {}, Exclusive Configuration Scope(s): {} }
VERBOSE: [10:13:04.271 GMT] New-MoveRequest : The current object has been processed by the cmdlet extension agent with index 0.
VERBOSE: [10:13:04.271 GMT] New-MoveRequest : Searching objects “user1@company.localnet” of type “ADUser” under the root “$null”.
VERBOSE: [10:13:04.364 GMT] New-MoveRequest : Previous operation run on domain controller ‘ex13.domain.internal’.
VERBOSE: [10:13:04.364 GMT] New-MoveRequest : Processing object “$null”.
VERBOSE: [10:13:04.411 GMT] New-MoveRequest : Failed to reconnect to Active Directory server dc1ex1.company.localnet.
Make sure the server is available, and that you have used the correct credentials. –> A local error occurred.
VERBOSE: [10:13:04.411 GMT] New-MoveRequest : Admin Audit Log: Entered Handler:OnComplete.
Failed to reconnect to Active Directory server dc1ex1.company.localnet. Make sure the server is available, and that you have used the correct credentials.
+ CategoryInfo : NotSpecified: (:) [New-MoveRequest], RemoteTransientException
+ FullyQualifiedErrorId : 762377E2,Microsoft.Exchange.Management.RecipientTasks.NewMoveRequest
+ PSComputerName : ex13.domain.internal
VERBOSE: [10:13:04.411 GMT] New-MoveRequest : Ending processing
Resolution:
Here, since the target is not an exchange 2010 version nor since the source is exchange 2007 version, one cannot use the RemoteLegacy request to perform the move operation. Instead, we perform move operation using the Remote Mover request.
$Remote = Get-Credential (source\account)
New-MoveRequest -Identity “exy.zrs@domain.com” -Remote -RemoteGlobalCatalog “GC.source.local” -RemoteCredential $Remote -TargetDeliveryDomain “target.com” -remotehostnamecas.source.local
********************************************
Unable to Delete Outlook 2007 recurring appointment
Issue:
The user has multiple client outlook accounts. One of the clients created a recurring appointment which everyone accepted. Whenever the user clicked any of the buttons on the reminder window, an error is shown. And the appointment is not listed in the creator client’s outlook.
Resolution:
There are two possible solutions for this issue:
Case 1:
This issue may occur due to inconsistency of Reminder Queue in the Reminder Table
In such cases do the following:
- Open Outlook in online mode.
- In the MAPI Editor (MFCMapi), Navigate to Session menu-> Display Store Table. Choose the appropriate profile. Then Right-click “Mailbox-your name” and select “Open Store”.
- Expand Root-Mailbox and double-click Reminders.
- Next find the recurring appointment with the issue by checking “Subject” and “To” column. Delete the message by right clicking the appointment and select Permanent Deletion option.
- Finally run Outlook with cleanreminders<outlook.exe /cleanreminders>
Case 2:
If case 1 does not yield a solution, try the following.
- Open Outlook in online mode.
- In the MAPI Editor (MFCMapi), Navigate to Session menu-> Display Store Table. Choose the appropriate profile. Then Right-click “Mailbox-your name” and select “Open Store”.
- Expand Root-Mailbox and right -click Reminders.
- Select Delete Folder. Uncheck Hard Deletion and click OK.
- Close the MAPI editor and Run Outlook with cleanreminders<outlook.exe /cleanreminders>
********************************************
EMC initialization failed with WinRM error – Exchange 2010 SP2
Issue:
When the user tries to run the exchange management shell, the following error is received:
The following error occurred when getting management role assignment for ‘domain/Users/Administrator’:
Processing data for a remote command failed with the following error message: The WinRM client cannot complete the operation within the time specified. Check if the machine name is valid and is reachable over the network and firewall exception for Windows Remote Management service is enabled. For more information, see the about_Remote_Troubleshooting Help topic.
The error was different in some cases:
The following error occurred when getting management role assignment for ‘domain/Users/Administrator’:
Processing data for a remote command failed with the following error message: The client cannot connect to the destination specified in the request. Verify that the service on the destination is running and accepting requests. Consult the logs and documentation for the WS-Management service running on the destination, most commonly IIS or WinRM.
If the destination is the WinRM service, run the following command on the destination to analyze and configure the WinRM Service: “winrmquickconfig”. For more information, see the about_Remote_Troubleshooting Help topic.
Resolution:
There are a number of causes for this solution. Hence only a trial and error method can be employed to resolve this.
Firstly, check if the IIS is stopped. If it is stopped, start and check if the issue persists.
If the problem persists, try clearing the MMC Cache. For this, navigate to : C:\Users\<USERID>\AppData\Roaming\Microsoft\MMC and delete the file, Exchange ManagmentConsole.msc.
If the problem persists, run the winrmquickconfig and add an excepton to the firewall. Then run the command Winrm e winrm/config/listener to ping Winrm Query on Port 5985.
********************************************
Exchange SP3 fails upgrade on Hub Transport Role
Issue:
The User receives the following error while trying to upgrade to SP3:
Hub Transport Role Failed
Error:
The following error was generated when “$error.Clear();
$vdirName = “PowerShell (Default Web Site)”;
$proxyVdirName = “PowerShell-Proxy (Default Web Site)”;
$InternalPowerShellUrl=”http://” + $RoleFqdnOrName + “/powershell”;
$vdir = get-PowerShellVirtualDirectory -server $RoleFqdnOrName -DomainController $RoleDomainController | where { $_.Name -eq $vdirName };
$proxyVdir = get-PowerShellVirtualDirectory -server $RoleFqdnOrName -DomainController $RoleDomainController | where { $_.Name -eq $proxyVdirName };
if ($vdir -ne $null -or $proxyVdir -ne $null)
{
update-PowerShellVirtualDirectoryVersion -DomainController $RoleDomainController;
}
if ($vdir -eq $null)
{
$vdirName = “PowerShell”;
new-PowerShellVirtualDirectory $vdirName -InternalUrl $InternalPowerShellUrl -DomainController $RoleDomainController -BasicAuthentication:$false -WindowsAuthentication:$false -RequireSSL:$false;
}
else
{
Set-PowerShellVirtualDirectory $vdirName -InternalUrl $InternalPowerShellUrl -DomainController $RoleDomainController -WindowsAuthentication:$false -RequireSSL:$false;
}
if ($proxyVdir -eq $null)
{
$proxyVdirName = “PowerShell-Proxy”;
new-PowerShellVirtualDirectory $proxyVdirName -DomainController $RoleDomainController -BasicAuthentication:$false -WindowsAuthentication:$true -RequireSSL:$true -AppPoolId “MSExchangePowerShellProxyAppPool” -Path ($RoleInstallPath + “ClientAccess\PowerShell-Proxy”);
}
else
{
Set-PowerShellVirtualDirectory $proxyVdirName -DomainController $RoleDomainController -WindowsAuthentication:$true -RequireSSL:$true;
}
” was run: “The virtual directory ‘PowerShell’ already exists under ‘PRT-EV-CAS.yourdomainname.com/Default Web Site’.
Parameter name: VirtualDirectoryName”.
The virtual directory ‘PowerShell’ already exists under ‘PRT-EV-CAS.yourdomainname.com/Default Web Site’.
Parameter name: VirtualDirectoryName
Elapsed Time: 00:02:25
Client Access Role
Cancelled
Mailbox Role
Cancelled
Management Tools
Cancelled
Finalizing Setup
Cancelled
Resolution:
To resolve this issue, follow the steps:
- Open IIS Manager. Navigate to PowerShell and Powershell-proxy virtual directory.
- Delete both of them
- Goto ADSI and delete the PowerShell and Powershell-proxy virtual directory from there
- In ADSI, navigate to the virtual directory of the server with the issue.
- FInd the registry key from “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Exchange Server\v14.0\ClientAccessRole”.
- Delete the keys Action and Watermark
- Restart IIS and Reinstall Exchange 2010 SP3
Ratish Nair
Microsoft MVP | Exchange Server
Team @MSExchangeGuru
June 10th, 2014 at 1:39 pm
I’m having an issue with using send-as permission and Outlook Client using cached mode. I gave a user send-as rights to a mailbox and it only works when their Outlook client is in “Online” mode. I tried with with Outlook 2010 and 2013 and got the same result. I tried downloading the OAB and still get the same result. Thanks guys.