Tuesday, January 29, 2008

My Blog has moved...

As some of you may know, I started a new job with Microsoft last September. I apologize for the lack of updates as I have been getting settled with the new job.

I have resumed blogging at a new location: http://blogs.msdn.com/karsmith/

--Nick

Wednesday, July 11, 2007

NDR Message: 5.6.1 Body type not supported by Remote Host

I spent this afternoon tracking down an odd NDR message received when an Exchange 2007 user sends a message to a distribution group hosted on an Exchange 2003 server containing contact objects. When the user sends a message to such a distribution group the following NDR message is received:

Delivery has failed to these recipients or distribution lists:

Smith,Nick
The e-mail system had a problem processing this message. Microsoft Exchange will not try to redeliver this message for you. Please provide the following diagnostic text to your system administrator.


Diagnostic information for administrators:

Generating server: e2003server.domain.com

k.nick.smith@gmail.com
#< #5.6.1 smtp;554 5.6.1 Body type not supported by Remote Host> #SMTP#



The headers of this message indicate that it was routed through the Exchange 2007 transport servers to Exchange 2003 via the routing group connector and to the Exchange 2003 listed as the expansion server for the distribution list. Most importantly, the NDR generating server was the Exchange 2003 distribution group expansion server.

I immediately began looking into the contact objects for which the NDR was generated. Oddly, I was able to successfully send mail directly to the contact object. I only received an NDR message when sending to a distribution group of which the contact object was a member. Further testing revealed that Exchange 2003 users were able to successfully send messages to the distribution group. The message was delivered to all members including the contact objects in question.

To muddy the waters, NDR messages are not generated for all contact objects in the distribution list. We created several new contacts and added them to a distribution list trying to find the difference between working and non-working contacts. This new test distribution list exhibited the same behavior as others; NDR’ing some contacts while successfully sending the message to others. NDR messages were always generated for the same contacts. At this point I compared the working and non-working contacts but I was unable to find any differences that would cause the problem.

On a hunch, since I was able to send messages to the contacts directly from Exchange 2007, I decided to change the expansion server for the distribution group to an Exchange 2007 transport server. This did the trick and both Exchange 2003 and 2007 users are able to send to all members of the distribution group. While I can’t fully explain why the distribution group does not work when expanded on an Exchange 2003 server, I can accept this simple workaround as the solution to our problems. Hopefully someone more knowledgeable than me can explain this in the comments section.

The Solution


To resolve this problem set the distribution group expansion server to an Exchange 2007 server. This can be done in the Exchange Management Shell with the following command:

Set-DistributionGroup “Group Display Name” –ExpansionServer:E2007ServerName

--Nick

Friday, June 29, 2007

Exchange 2007 Update Rollup 3 Released

The long awaited fix for the Outlook 2003 in-line attachments issue is included in the rollup.

Description of Update Rollup 3 for Exchange 2007

Additionally, the rollup includes the fix to the "Cannot open the free/busy information" error mentioned in my Managing Resource Mailbox Calendars Article.

I for one will be installing this rollup ASAP as we have been waiting for some of these fixes for quite a long time.

--Nick

Monday, June 18, 2007

Script: Identifying Quota Bottlenecks

Quota increase requests are a frequent occurrence for me. Without blindly approving the request, I prefer to look for large folders within a users’ mailbox that could easily be archived (e.g. ‘Sent Items 05’ or ‘Archived Items’). I have used the following scripts to see the number of items and size of user mailbox folders.

Exchange 2007


The Exchange Management Shell offers some built-in tools to accomplish this task. Massaging the output makes it easier to identify quota bottlenecks. This script can be run from any computer with the Exchange Management Shell

The Script:
param($alias = $(read-host alias))
Get-MailboxFolderStatistics $alias | FT FolderPath,ItemsInFolder,@{label="FolderSize (KB)";expression={$_.FolderSize.ToKB()} }
Get-MailboxStatistics $alias | FT ItemCount,StorageLimitStatus,@{label="TotalItemSize (KB)";expression={$_.TotalItemSize.Value.ToKB()} },@{label="TotalItemSize (MB)";expression={$_.TotalItemSize.Value.ToMB()} },LastLogonTime


The Output:


[PS] C:\Temp>.\MailboxSize.ps1 e12_test1

FolderPath ItemsInFolder FolderSize (KB)
---------- ------------- ---------------
/ 0 0
/Calendar 5 33
/Contacts 0 0
/Deleted Items 10 9
/Drafts 0 0
/Inbox 10 79356
/Journal 0 0
/Junk E-Mail 0 0
/Notes 0 0
/Outbox 0 0
/RSS Feeds 0 0
/Sent Items 14 32
/Sync Issues 0 0
/Sync Issues/Conflicts 0 0
/Sync Issues/Local Fail... 0 0
/Sync Issues/Server Fai... 0 0
/Tasks 0 0

ItemCount StorageLimitStatus TotalItemSize (KB) TotalItemSize (MB) LastLogonTime
--------- ------------------ ------------------ ------------------ -------------
43 BelowLimit 79438 77 6/6/2007 2:03:07 PM




 


Exchange 2003


The attached VBScript must be run on the mailbox server hosting the user’s mailbox. It connects to the IFS drive and evaluates the size of each folder in the user’s mailbox. I modified a script previously published by Glen Scales and adapted it to output the name and total size of the folder to the command window.

**Remember to change your domain name on line 15**

The Script:
'Adapted from http://www.outlookexchange.com/articles/glenscales/mreport2.asp


Dim obArgs,cArgs,iSize,ndate,tmailbox

Set obArgs = WScript.Arguments
tmailbox = obArgs.Item(0)

Main

Sub Main()
Dim sConnString,domainname

'On Error Resume Next
domainname = "mail.domain.com"
' Set up connection string to mailbox.
sConnString = "file://./backofficestorage/" & domainname
sConnString = sConnString & "/mbx/" & obArgs.Item(0) & "/NON_IPM_SUBTREE"

iSize = 0
Wscript.Echo
RecurseFolder sConnString, ""
WScript.Echo
WScript.Echo "Mailbox Size: " & replace(formatnumber((iSize/1024/1024),2),",","") & " MB"
End Sub


Public Sub RecurseFolder(sConnString, sParentFolder)
Dim oConn
Dim oRecSet
Dim sSQL
Dim sFolderPath

' Set up SQL SELECT statement.
sSQL = "SELECT ""http://schemas.microsoft.com/mapi/proptag/x0e080003"", "
sSQL = sSQL & """DAV:href"",""DAV:hassubs"",""DAV:displayname"" "
sSQL = sSQL & "FROM SCOPE ('SHALLOW TRAVERSAL OF """ & sConnString
sSQL = sSQL & """') WHERE ""DAV:isfolder"" = true"

' Create Connection object.
Set oConn = CreateObject("ADODB.Connection")
Set oRecSet = CreateObject("ADODB.Recordset")

' Set provider to EXOLEDB.
oConn.Provider = "Exoledb.DataSource"

' Open connection to folder.
oConn.Open sConnString
if Err.Number <> 0 then
WScript.Echo "Error opening connection: " & Err.Number & " " & Err.Description
Set oRecSet = Nothing
Set oConn = Nothing
Exit Sub
end if

' Open Recordset of all subfolders in folder.
oRecSet.CursorLocation = 3
oRecSet.Open sSQL, oConn.ConnectionString
if Err.Number <> 0 then
WScript.Echo "Error opening recordset: " & Err.Number & " " & Err.Description
oRecSet.Close
oConn.Close
Set oRecSet = Nothing
Set oConn = Nothing
Exit Sub
end if

if oRecSet.RecordCount = 0 then
oRecSet.Close
oConn.Close
Set oRecSet = Nothing
Set oConn = Nothing
Exit Sub
end if

' Move to first record.
oRecSet.MoveFirst
if Err.Number <> 0 then
WScript.Echo "Error moving to first record: " & Err.Number & " " & Err.Description
oRecSet.Close
oConn.Close
Set oRecSet = Nothing
Set oConn = Nothing
Exit Sub
end if


' Loop through all of the records, and then add the size of the
' subfolders to obtain the total size.
While oRecSet.EOF <> True
' Increment size.
iSize = iSize + oRecSet.Fields.Item("http://schemas.microsoft.com/mapi/proptag/x0e080003")
foldersize = oRecSet.Fields.Item("http://schemas.microsoft.com/mapi/proptag/x0e080003")
workfolderfp = oRecSet.Fields("DAV:href").value
workfolder = oRecSet.Fields("DAV:displayname").value
sFolderPath = sParentFolder & "/" & workfolder
if InStr(sConnString,"NON_IPM_SUBTREE") = 0 then
Dim sSplit
sSplit = Split(sFolderPath,"/")
Dim sShortPath
sShortPath = ""
for i = 2 to Ubound(sSplit)
sShortPath = sShortPath & sSplit(i) & "/"
next
Dim sSize, sFolder, sDisplay
sFolder = Left(sShortPath,Len(sShortPath)-1)
sSize = replace(formatnumber((foldersize/1024),0),",","") & " KB"
sDisplay = sFolder & " "
for i = Len(sFolder) to (50 - Len(sSize))
sDisplay = sDisplay & " "
next
sDisplay = sDisplay + sSize
WScript.Echo sDisplay
end if
' If the folder has subfolders, recursively call RecurseFolder to process them.

If oRecSet.Fields.Item("DAV:hassubs") = True then
RecurseFolder oRecSet.Fields.Item("DAV:href"), sFolderPath
End If
' Move to next record.
oRecSet.MoveNext
if Err.Number <> 0 then
WScript.Echo "Error moving to next record: " & Err.Number & " " & Err.Description
Set oRecSet = Nothing
Set oConn = Nothing
Exit Sub
end if
wend

' Close Recordset and Connection.
oRecSet.Close
if Err.Number <> 0 then
WScript.Echo "Error closing recordset: " & Err.Number & " " & Err.Description
Set oRecSet = Nothing
Set oConn = Nothing
Exit Sub
end if

oConn.Close
if Err.Number <> 0 then
WScript.Echo "Error closing connection: " & Err.Number & " " & Err.Description
Set oRecSet = Nothing
Set oConn = Nothing
Exit Sub
end if

' Clean up memory.
Set oRecSet = Nothing
Set oConn = Nothing
End Sub


The Output:


C:\temp>cscript MailboxSize.vbs user.csuf
Microsoft (R) Windows Script Host Version 5.6
Copyright (C) Microsoft Corporation 1996-2001. All rights reserved.


Inbox 472 KB
Outbox 0 KB
Sent Items 16 KB
Deleted Items 0 KB
Calendar 0 KB
Contacts 0 KB
Drafts 0 KB
Journal 0 KB
Notes 0 KB
Tasks 0 KB
Sync Issues 0 KB
Sync Issues/Conflicts 0 KB
Sync Issues/Local Failures 0 KB
Sync Issues/Server Failures 0 KB
Junk E-mail 1 KB

Mailbox Size: 0.48 MB





Download both scripts

--Nick

Thursday, May 24, 2007

Exchange 2003/2007: Enable Calendar Sharing

With a default installation of Exchange 2007, when an Exchange 2003 user tries to open/view the shared calendar of an Exchange 2007 user they receive the error “Unable to display the folder. The Calendar folder could not be found.” This error is received because the Exchange 2007 server rejects the MAPI request from the user’s Exchange 2003 server. Adding the following registry value will allow the Exchange 2007 server to accept these requests from 2003 servers:

Path: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSExchangeIS\ParametersSystem
Value Name: Disabled MAPI Clients
Value Type: REG_SZ
Value Date: -6.4.9999

The value “-6.4.9999” will allow Exchange 2007 servers to accept connections from Exchange 2003 and all versions of Outlook.

You can read more about this setting at:

How to disable MAPI client access to a computer that is running Exchange Server
http://support.microsoft.com/kb/288894

Technet: All versions of Outlook are allowed to access the server
http://technet.microsoft.com/en-us/library/69e7ac7b-9f0b-4b0d-879a-334c1b41242b.aspx

--Nick

Sunday, May 6, 2007

Exchange 2007 Clustering: Important KB articles

Kerberos Authentication


Kerberos authentication will not work on an Exchange 2007 clustered server (CMS and SSC) until each cluster node machine is granted permissions to write the ‘Validated-SPN’ property on the CMS Active Directory computer object. Additionally, the following error messages will be entered into the Application event log.

Event Type: Error
Event Source: MSExchangeSA
Event Category: General
Event ID: 9317
Date:
Time:


The KB article ID 935676 details the process of granting this permission on the CMS computer object.

Event ID 9317 is logged when the Microsoft Exchange System Attendant service comes online on an Exchange 2007 cluster node

Provisioning mailboxes on additional Single Copy Cluster nodes


If you are creating a multiple CMSs (Clustered Mailbox Server) in a Single Copy Cluster you should be aware of the following KB article. When trying to provision a mailbox on a second or successive CMS you receive the following error:

“A proxy generator DLL on server FQDN.serverName could not be found or failed to initialize. Proxy addresses for the current recipient cannot be calculated. Please ensure that all the proxy addresses for the current recipient cannot be calculated. Please ensure that all proxy address generator DLLs have been installed on the target server.”


This error can be solved by creating a message transfer agent (MTA) in Active Directory for each CMS.

How to enable mailbox creation on the second or later clustered mailbox server (CMS) of an Exchange 2007 Single Copy Cluster (SCC)

--Nick

Tuesday, May 1, 2007

Managing Resource Mailbox Calendars

The Set-MailboxCalendarSettings cmdlet is one of the most useful and flexible cmdlets available with Exchange 2007. However, its flexibility often leads to complexity and confusion. I’ll do my best to walk you through the possibilities and help explain some areas where the Microsoft documentation is lacking.

AutomateProcessing



Let’s start off by getting the calendar settings of a resource.

[PS] C:\>Get-MailboxCalendarSettings demo_laptop_1
Identity AutomateProcessing
-------- ------------------
ColoState.EDU/ExchangeResources/Demo Laptop 1 AutoAccept


You will see the identity of the resource and its AutomateProcessing type. This can be set as one of 3 possibilities:

None
Both the resource booking and calendar attendants are disabled.

AutoUpdate
Only the calendar attendant is enabled.

AutoAccept
Both the resource booking and calendar attendants are enabled.


AutoUpdate is the default value for all mailboxes to help users manage their calendar data. The AutoAccept processing mode can only be enabled on resource mailboxes.

Calendar and Resource Booking Attendants



From http://www.microsoft.com/exchange/evaluation/features/default.mspx each attendant is defined as the following:


Calendar Attendant
The Calendar Attendant reduces scheduling conflicts by limiting calendar items (request, declines, accepts) in the inbox to the latest version. The Calendar Attendant also marks meeting requests as tentative on recipient calendars until users can act on the request and relies on the Exchange Server 2007 free/busy Web service for always up-to-date availability information.


Resource Booking Attendant
The Resource Booking Attendant enables resources, including meeting rooms or other equipment, to be automatically managed. Resources can auto-accept requests when available or decline and provide details explaining the decline. Administrators can set granular policies on resources, including available hours or scheduling permissions.


Calendaring Policies



Now we explore the great flexibility this cmdlet offers (and the root of that flat spot on your forehead from repeating banging it against the wall). There are 3 distinct, counter-intuitively named policies that can be defined for automatic calendar processing:

Book-In Policy Requests
Users that are defined in the ‘Book-In-Policy’ are allowed to automatically schedule a resource if it available. Resource delegates do not have to approve these requests.


To define a list of users in the ‘book-in’ policy use the following command.
Set-MailboxCalendarSettings resource_alias -BookInPolicy 'user1@domain.com','user2@domain.com'

This command will allow all users to use the ‘book-in’ policy.
Set-MailboxCalendarSettings resource_alias -AllBookInPolicy:$True -AllRequestOutOfPolicy:$False -AllRequestInPolicy:$False

In-Policy Requests
Requests from users defined in the ‘In-Policy’ group must be approved by a resource delegate.

To define a list of users that can submit ‘in-policy’ requests use the following command.
Set-MailboxCalendarSettings resource_alias -RequestInPolicy 'user1@domain.com','user2@domain.com'

This command will allow all users to submit ‘out-of-policy’ requests.
Set-MailboxCalendarSettings resource_alias -AllBookInPolicy:$False -AllRequestOutOfPolicy:$False -AllRequestInPolicy:$True

Out-Of-Policy Requests
Users defined in the ‘Out-Of-Policy’ group have their requests automatically approved unless there is a conflict on the resource calendar. If a conflict exists, the calendar request is forwarded to resource delegates for approval.


To define a list of users that can submit ‘in-policy’ requests use the following command.
Set-MailboxCalendarSettings resource_alias -RequestOutOfPolicy 'user1@domain.com','user2@domain.com'

This command will allow all users to submit ‘out-of-policy’ requests.
Set-MailboxCalendarSettings resource_alias -AllBookInPolicy:$False -AllRequestOutOfPolicy:$True -AllRequestInPolicy:$False


If you want to get fancy you can use the following command to allow all users to submit in-policy requests while allowing user1 to submit out-of-policy requests and adding the ‘Executive Committee’ distribution group members to the book-in policy.
Set-MailboxCalendarSettings resource_alias -AllRequestInPolicy:$true -AllRequestOutOfPolicy:$False -AllBookInPo
licy:$False -BookInPolicy:'Executive Committee' -RequestOutOfPolicy:'user1@domain.com'


Resource Delegates



The Set-MailboxCalendarSettings cmdlet allows the administrator to define resource delegates without having to manually configure an Outlook profile and navigate the appropriate menus to define delegates. The feature is one of my favorites and very useful for self-service applications. However it has been a bit buggy. Here are the two bugs I have identified and should be fixed in SP1.

  • Error message when you try to accept a meeting request on behalf of an Exchange Server 2007 resource mailbox: "Cannot open Calendar folder for user resource_mailbox_name"
    http://support.microsoft.com/kb/930865


  • When the Set-MailboxCalendarSettings cmdlet is run to re-apply/add delegates for a resource calendar the original delegate's permissions are removed. The delegate is still displayed when running the ‘Get-MailboxCalendarSettings’ cmdlet however if you look at the permissions on the resource calendar, the delegate’s permissions have been removed. To re-grant permissions on the resource calendar you must run a "Set-MailboxCalendarSettings resource_alias -ResourceDelegates:$null" command. Afterwards you can re-grant permissions to the intended user. Until SP1 is released, I would recommend running this command before making any changes to resource delegates.


Resource Calendar Options



In additions to the features offered by the resource booking attendant there are many other calendar customizations that can be defined. Below are a few useful options that we use all the time. A complete list can be found at http://technet.microsoft.com/en-us/library/aa996340.aspx.

-AddAdditionalResonse and –AdditionalResponse
Define an additional response text that will accompany any meeting accept/decline/tentative notices.

-AddOrganizerToSubject
If set to $True, the calendar attendant will prepend the meeting organizers name to the meeting subject. This is very useful for quickly identifying the meeting organizer while looking at the resource calendar.

-AddRequestsTenatively
If set to $true, all meeting requests will be added to the resource calendar and marked as tentative until acted upon by a resource delegate.

-DeleteAttachments
If set to $true, attachments will be removed from the meeting information in the resource mailbox.

-DeleteComments, -DeleteSubject
See above.

-DeleteNonCalendarItems
If set to $true any non-calendar related messages will be deleted.

-BookingWindowInDays
Defines a horizon date for meeting scheduling. Also see EnforceSchedulingHorizon.

-ConflictPercentageAllowed
If recurring meetings are enabled you can define a conflict percentage to avoid declining a series of meetings because of a single conflict. An allowed percentage of ‘25’ would allow a meeting with 8 occurrences to be accepted as long as no more than 2 conflicts were detected. A separate decline message would be sent to the organizer for the conflicting meeting times.

-MaximumConflictInstances
The same as ConflictPercentageAllowed except with a defined static amount of conflicts allowed.

-MaximumDurationInMinutes
If you wish to prevent people from scheduling resources for a day, or possibly a few days, you can define this setting to set the maximum meeting duration. Alternatively, if you set the value to ‘0’ meetings of any length will be processed.

-ProcessExternalMeetingMessages
If set to $true, meeting requests from external Exchange organizations will be processed.


OWA Management



If you fear the command line like some of my co-workers (you know who you are… Jon) you can manage most of these settings via connecting to the resource mailbox via OWA and editing the ‘Resource Scheduling Options’. You have the ability to manage all of the calendar settings you would from the command line with the exception of defining resource delegates.



To open the resource mailbox via OWA you must define full-mailbox access to the managing user. This can be done from the Exchange Management Shell with the following command.

Add-MailboxPermission resource_alias –User:domain\username –AccessRights:FullAccess


Further Documentation




--Nick