Saturday, June 26, 2010

The blog has moved to wordpress

Hello Dears,
I have spent 4 years with blogger, during this period I have struggled to post the best to you all, but blogger no longer helping me so I moved to wordpress with more intuitive name :), the blog will be located on

although the name is for Exchange LOL (I love Exchange the best Product I can work with), we will keep posting on CS14, AD and virtualization as usual.

I will no longer post here, to follow us please visit the blog on:

Bye bye Blogger

Friday, June 25, 2010

Exchange 2007 SP3 expired password reset tool

we all suffered from that, users with expired password cannot login to OWA or change their passwords, this have neen changed in Exchange 2007 SP3, there is a new web module that enables users with expired password to change their passwords.
Now that this feature is disabled by default, to avail this Password Reset feature administrators need to enable this…..To enable the password reset feature
  1. Log on Client Access Server | Registry Editor
  2. Go to HLKM\SYSTEM\CurrentControlSet\Services\MSExchange OWA
  3. Create the following DWORD value if it does not already exist:
    Value name: 
    ChangeExpiredPasswordEnabledValue type: REG_DWORD
    Value data: 

how to set spell checking language for users in OWA

here is a Nice Trick: to set the spell checking language for users you can use the following cmdlet:

Set-MailboxSpellingConfiguration with -DictionaryLanguage
More information:
thanks to Frank Wang for the trick

Wednesday, June 23, 2010

how to prevent users from updating their info using RBAC and Exchange control panel

here is a nice quick tip, if you want to quickly prevent users from updating their info using the ECP in Exchange 2010, then you use cmdlet:

set-ManagementRoleAssignment -Identity "MyContactInformation-Default Role Assignment Policy" -Enabled $false

this stop users immediately from updating the info in the ECP, if you want to allow some users to still do this you will have to edit the default policies to include a custom management role.

Thursday, June 17, 2010

Exchange 2010 Issue: you may receive 554 5.6.0 STOREDR .Deliver; Corrupt message content

Consider the following scenario:
a user send a message to:
Multiple recipients within the organization including 1 or attachments and Rule or software applied disclaimer.
you will receive the following error:
#554 5.6.0 STOREDRV.Deliver; Corrupt message content ##

Original message headers:

Received: from ([fe80::b5a3:e52f:14f6:1733]) by ([fe80::b5a3:e52f:14f6:1733%11]) with mapi; Mon, 26

Apr 2010 16:05:28 -0500

Content-Type: application/ms-tnef; name="winmail.dat"

Content-Transfer-Encoding: binary

This issue is a bug reported in Exchange 2010 RTM until RU3, this will be fixed in RU4 and SP1 RTM, there is no current fix for the issue.

Wednesday, June 16, 2010

Watch Part 2 of My Video Speaking about what is new in Exchange 2010 SP1 @ Microsoft Technology week, This is arabic session

Microsoft Technology Week - What is New in Exchange 2010 SP1 Part2 from mahmoud magdy on Vimeo.

Watch Part 1 of My Video Speaking about what is new in Exchange 2010 SP1 @ Microsoft Technology week, This is arabic session

Microsoft Technology Week - What is New in Exchange 2010 SP1 Part1 from mahmoud magdy on Vimeo.

WildCard Certificate might not work with Outlook AnyWhere (exchange 2007/Exchang 2010)

Consider the following scenario:
You have an Exchange 2010 server for which we have a wildcard certificate. The SAN on the SSL cert is * That is fine However Outlook Anywhere, via autodiscovery, sets the required cert name to This will appears to prevent the user from logging on via Outlook Anywhere. If you remove the requirement for a particular SSL in Outlooks proxy settings then things work fine.

to solve this issue please make sure to run the following:
Set-OutlookProvider EXPR -Server $null -CertPrincipalName none


Friday, June 11, 2010

More Exchange 2010 Console issues: Error message: Connecting to remote server failed with the following error message : The WinRM client cannot process the request because the server name cannot be resolved.

you might receive this error when opening the console, and you will not be able to open Exchange 2010 Console or powershell:
Error message: Connecting to remote server failed with the following error message : The WinRM client cannot process the request because the server name cannot be resolved. For more information, see the about_Remote_Troubleshooting Help topic.

one of causes is because of AVG internet security BSB. After uninstall AVG the problem will be resolved!

Sending SMS to group of People using Exchange 2010 and ActiveSync

here is a nice question we got asked, how we can send to group of people using activsync an SMS using the new "Send SMS feature" in outlook 2010 and Exchange 2010.
well first recipients must have SMTP address associated to them, place them in group and send the SMS to them, once they received by the AS their SMTP address will be resolved against they mobile numbers and then an SMS will be sent to their Mobile Number.

Nice Trick

Thursday, June 10, 2010

I will be speaking next Week in Microsoft Egypt Technology Week about UC and Virtualization

If you reside in Egypt or visiting Egypt during the next week, stop by Microsoft at Smart Village in Cairo and attend the Technology week Next week, I will be speaking on Monday, Tuesday and Thursday about UC (OCS 2007 R2 and Exchange 2010) and Virtualization (SCVMM, Hyper-v and VDI).

There will be lot of speaker next week so stop by MS next week, It will be a huge week. and Don't forget my sessions :)

Reported the First Exhcange 2010 SP1 Bug: Exchaneg 2010 SP1 Possible Bug, Cannot create move to archive retention tag on inbox, but can create a new one and edit and assign inbox to it


I am playing with Exchange 2010 SP1 Beta, I can see a strange issue with the retention tags, to re-produce it follow the steps:

1- Create a retention tag and select inbox as a folder, assign any date and action move to archive.

you get the error

Summary: 1 item(s). 0 succeeded, 1 failed.
Elapsed time: 00:00:00


Unable to execute the task, reason: MoveToArchive can only be applied to tags of type default ('All'), Personal or RecoverableItems.
Click here for help...

Exchange Management Shell command attempted:
New-RetentionPolicyTag -Name '3434' -Type 'Inbox' -Comment '' -AgeLimitForRetention '33.00:00:00' -RetentionAction 'MoveToArchive' -RetentionEnabled $true

Elapsed Time: 00:00:00

now try this:

2_ create another policy that deletes the items, assign it to inbox.

3- now go edit the action and change it to move to archive, it completes with now errors

opened a question here: follow up for more details

Wednesday, June 9, 2010

you cannot Apply MRM to mailboxes that have personal archives in Exchange 2010

You can't apply a managed folder mailbox policy to mailboxes that have a personal archive. Managed content settings created for managed folders can't use the Move to archive action.

This is by Design.

What is new in Exchange 2010 SP1

New Option in Deployment

During an Exchange 2010 SP1 installation, you can now select a new option to install the required Windows roles and features for each selected Exchange 2010 SP1 server role.

Description: mk:@MSITStore:D:\Data\sources\E14\Exch2010Helpsp1\Exch2010Help.chm::/local/collapse.gifClient Access Server Role Improvements

The improvements and new features in the Client Access server role fall under several key areas: Federation certificates, Exchange ActiveSync, SMS Sync, Integrated Rights Management, Microsoft Office Outlook Web App, and virtual directories. Each area is described in more detail in the following sections.

Federation Certificates

In Exchange 2010 SP1, you can use a self-signed certificate instead of a certificate issued by a Certificate Authority to establish a federation trust with the Microsoft Federation Gateway. A self-signed certificate is automatically created and installed on Exchange servers in your organization when you use the New Federation Trust wizard in the Exchange Management Console. For more information, see

Exchange ActiveSync

In Exchange 2010 SP1, you can manage Exchange ActiveSync devices using the Exchange Control Panel (ECP). Administrators can perform the following tasks: 

  • Manage the default access level for all mobile phones and devices.
  • Set up e-mail alerts when a mobile phone or device is quarantined.
  • Personalize the message that users receive when their mobile phone or device is either recognized or quarantined.
  • Provide a list of quarantined mobile phones or devices.
  • Create and manage Exchange ActiveSync device access rules.
  • Allow or block a specific mobile phone or device for a specific user.

For every user, the administrator can perform the following tasks from the user's property pages:

  • List the mobile phones or devices for a specific user.
  • Initiate remote wipes on mobile phones or devices.
  • Remove old mobile phone or device partnerships.
  • Create a rule for all users of a specific mobile phone or device or mobile phone type.
  • Allow or block a specific mobile phone or device for the specific user.

SMS Sync

SMS Sync is a new feature in Exchange ActiveSync that works with Windows Mobile 6.1 with the Outlook Mobile Update and with Windows Mobile 6.5. SMS Sync is the ability to synchronize messages between a mobile phone or device and an Exchange 2010 Inbox. When synchronizing a Windows Mobile phone with an Exchange 2010 mailbox, users can choose to synchronize their text messages in addition to their Inbox, Calendar, Contacts, Tasks, and Notes. When synchronizing text messages, users will be able to send and receive text messages from their Inbox. This feature is dependent on the user's mobile phones or devices supporting this feature.

Server-Side Information Rights Management Support

Exchange ActiveSync mailbox policies now contain support for Information Rights Management (IRM) functionality. Information Rights Management is enabled when creating a new Exchange ActiveSync mailbox policy. This new functionality allows non-Windows Mobile devices to receive and view protected e-mails. When the IRMEnabled property is configured on the Exchange ActiveSync mailbox policy and IRM is enabled for Client Access Servers, the protected e-mail will be decrypted on the server before it is downloaded to the mobile phone or device. The downloaded e-mail will be downloaded with additional properties that indicate the restrictions sent with the original e-mail. Protected messages will only be decrypted and downloaded if the mobile phone or device connects to the Client Access server using Secure Sockets Layer (SSL).

Outlook Web App Improvements

The following is a list of the new Outlook Web App functionality in Exchange 2010 SP1:

  • Improved management of the relationship between Office Communications Server and Outlook Web App. Configuration is stored in Active Directory instead of a web.config file and can be managed via cmdlet.
  • Twenty-seven themes are available, and they have new administrative options:
    • Set default theme with the DefaultTheme.
    • Create custom themes by modifying existing themes.
    • Control the order themes are listed in Outlook Web App.
  • By default, attachment types that are marked as Force Save will be excluded from security checks for XML or HTML.

Reset Virtual Directory

In Exchange 2010 SP1, you can use the new Reset Client Access Virtual Directory wizard to reset one or more Client Access server virtual directories. The new wizard makes it easier to reset a Client Access server virtual directory. One reason that you might want to reset a Client Access server virtual directory is to resolve an issue related to a damaged file on a virtual directory. In addition to resetting virtual directories, the wizard creates a log file that includes the settings for each virtual directory that you choose to reset. For more information,

Description: mk:@MSITStore:D:\Data\sources\E14\Exch2010Helpsp1\Exch2010Help.chm::/local/collapse.gifImprovements in Transport

The following is a list of new Transport functionality in Exchange 2010 SP1:

  • MailTips access control over organizational relationships
  • Enhanced monitoring and troubleshooting features for MailTips
  • Enhanced monitoring and troubleshooting features for message tracking
  • Message throttling enhancements
  • Shadow redundancy promotion
  • SMTP failover and load balancing improvements
  • Support for extended protection on SMTP connections
  • Send connector changes to reduce NDRs over well-defined connections

For more information and details about these changes,.

Description: mk:@MSITStore:D:\Data\sources\E14\Exch2010Helpsp1\Exch2010Help.chm::/local/collapse.gifPermissions Functionality

The following is a brief description of new permissions features and enhancements in Exchange 2010 SP1:

  • Database scope support   With database scopes, you can control which databases mailboxes can be created for a given set of administrators and also control which databases they can manage. For more information about database scopes,
  • Active Directory split permissions   Active Directory split permissions enable you to completely separate the administrative capabilities of Exchange administrators from your Active Directory administrators. The ability to create and remove Active Directory users and groups and manage non-Exchange attributes of Active Directory objects by Exchange administrators and servers has been removed in Exchange 2010 SP1. For more information about Active Directory split permissions,
  • Improved user interface   You can now create and manage management role groups and management role assignment policies in the Exchange Control Panel (ECP). This includes adding and removing management roles to role groups and role assignment policies, adding and removing members to and from role groups, and assigning users to role assignment policies. For more information about how to manage role groups and role assignment policies, see the following topics:

Description: mk:@MSITStore:D:\Data\sources\E14\Exch2010Helpsp1\Exch2010Help.chm::/local/collapse.gifExchange Store and Mailbox Database Functionality

The following is a list of new store and mailbox database functionality in Exchange 2010 SP1:

  • With the New-MailboxRepairRequest cmdlet, you can detect and repair mailbox and database corruption issues.
  • Store limits were increased for administrative access.
  • The Database Log Growth Troubleshooter (Troubleshoot-DatabaseSpace.ps1) is a new script that allows you to control excessive log growth of mailbox databases.
  • Public Folders client permissions support was added to the Exchange Management Console (EMC).

For more information and details about each of these features,

Description: mk:@MSITStore:D:\Data\sources\E14\Exch2010Helpsp1\Exch2010Help.chm::/local/collapse.gifMailbox and Recipients Functionality

The following is a list of new mailbox and recipient functionality included in Exchange 2010 SP1:

  • Calendar Repair Assistant supports more scenarios than were available in Exchange 2010 RTM.
  • Mailbox Assistants are now all throttle-based (changed from time-based in Exchange 2010 RTM).
  • Internet calendar publishing allows users in your Exchange organization to share their Outlook calendars with a broad Internet audience.
  • Importing and exporting .pst files now uses the Mailbox Replication service and doesn't require Outlook.
  • Hierarchical address book support allows you to create and configure your address lists and offline address books in a hierarchical view.
  • Distribution group naming policies allow you to configure string text that will be appended or prepended to a distribution group's name when it's created.
  • Soft-delete of mailboxes after move completion.

For more information and details about these features,

Description: mk:@MSITStore:D:\Data\sources\E14\Exch2010Helpsp1\Exch2010Help.chm::/local/collapse.gifHigh Availability and Site Resilience Functionality

The following is a list of new high availability and site resilience functionality included in Exchange 2010 SP1:

  • Continuous replication - block mode
  • Active mailbox database redistribution
  • Improved Outlook cross-site connection behavior and experience
  • Enhanced datacenter activation coordination mode support
  • New and enhanced management and monitoring scripts
  • Exchange Management Console user interface enhancements
  • Improvements in failover performance

For more information about these features,

Description: mk:@MSITStore:D:\Data\sources\E14\Exch2010Helpsp1\Exch2010Help.chm::/local/collapse.gifMessaging Policy and Compliance Functionality

The following is a list of new messaging policy and compliance functionality included in Exchange 2010 SP1:

  • Provision personal archive on a different mailbox database
  • Import historical mailbox data to personal archive
  • Delegate access to personal archive
  • New retention policy user interface
  • Support for creating retention policy tags for Calendar and Tasks default folders
  • Opt-in personal tags
  • Multi-Mailbox Search preview
  • Annotations in Multi-Mailbox Search
  • Multi-Mailbox Search data de-duplication
  • WebReady Document Viewing of IRM-protected messages in Outlook Web App
  • IRM in Exchange ActiveSync for protocol-level IRM
  • IRM logging
  • Mailbox audit logging

For more information and details about each of these features,

Description: mk:@MSITStore:D:\Data\sources\E14\Exch2010Helpsp1\Exch2010Help.chm::/local/collapse.gifUnified Messaging Server Role Improvements

The Unified Messaging server role has been improved and has added new features in Exchange 2010 SP1. To use some of these features, you must correctly deploy Microsoft Office Communications Server "14" in your environment. The following is an overview of all the new features in Exchange 2010 Unified Messaging:

  • UM reporting   The reports for Call Statistics and User Call Logs found in the Exchange Management Console are displayed in the Exchange Control Panel.
  • UM management in the Exchange Control Panel   You can use the ECP to manage UM components in a cross-premises environment.
  • Cross-Forest UM-enabled mailbox migration   In Exchange 2010 SP1, you can use the New-MoveRequest cmdlet with the Mailbox Replication Service (MRS) to move a UM-enabled mailbox within a local forest and multiple forests in an enterprise. 
  • Outlook Voice Access improvements   Outlook Voice Access users can log on to their Exchange 2010 mailbox and choose the order to listen to unread voice mail messages, from the oldest message first or the newest message first.
  • Caller Name Display support   Exchange 2010 SP1 includes support for enhanced caller ID resolution for displaying names for voice mails from unresolved numbers using Caller Name Display (CND).
  • Test-ExchangeUMCallFlow cmdlet   With this Exchange 2010 SP1 cmdlet, you can test UM connectivity and call flow.
  • New UM Dial Plan wizard   An additional page has been added to the New UM Dial Plan wizard that allows you to add a UM server to the dial plan.
  • Office Communications Server "14" Support   Migrating SIP URI dial plans and Message Waiting Indicator (MWI) notifications in a cross-premises environment has been added.
  • Secondary UM dial plan support   You can add a secondary UM dial plan for a UM-enabled user.
  • UM language packs added   New UM language packs are now available in Exchange 2010 SP1. In addition, the Spanish (Spain) (es-ES) UM language pack available for Exchange 2010 SP1 now includes Voice Mail Preview, a feature that wasn’t available in the Exchange 2010 RTM release of that language pack.
  • Call answering rules improvements   There are three updates to Call Answering Rules for UM-enabled users in SP1.
  • Unified Communications Managed API/speech platform improvements   Beginning with Exchange 2010 SP1, the UM server relies on Unified Communications Managed API v. 2.0 (UCMA) for its underlying SIP signaling and speech processing.
  • UM auto attendant update   In Exchange 2010 SP1, a UM auto attendant will play only the holiday greeting on a holiday.

Description: mk:@MSITStore:D:\Data\sources\E14\Exch2010Helpsp1\Exch2010Help.chm::/local/collapse.gifAudit Logging Improvements

Exchange 2010 SP1 provides improvements in functionality related to administrator audit logging and new functionality for mailbox audit logging:

  • Improvements in administrator audit logging   Exchange 2010 enhances the administrator audit logging functionality by providing you with the ability to perform searches of the admin audit log using the Exchange Management Shell. You can search on cmdlet and parameter names, date, the user who ran the command, and more. The results generated by your search can be displayed on the screen or e-mailed to a recipient you specify and viewed as an XML file. And, because all the administrative interfaces run Shell cmdlets in the background, the actions that occur in all the interfaces can be logged.

  • New mailbox audit logging   Exchange 2010 SP1 introduces new mailbox audit logging functionality to allow you to track mailbox access by administrators, delegates, and mailbox owners, and actions taken on mailbox items such as moving or deleting a message, using SendAs or SendOnBehalf rights to send messages, and accessing a mailbox folder or a message. You can use the ECP to generate a report of non-owner mailbox access and use the Shell to search mailbox audit logs. For more information,
  • The Exchange Control Panel also provides several reports which are generated based on the audit logs in Exchange 2010 SP1.

Tuesday, June 8, 2010

Exchange 2010 ECP prompts for password and login when you click on the options button in Outlook webapp

Simply this is because for SSO to work you need FBA authentication configured on the OWA and on the ECP, make sure that no other option is selected since basic AUTH/Windows AUTH will not work with it.

so enable FBA on them both and it will function again

Auditing Mailboxes with Full Mailbox access permissions on it

a common question, here is a nice Script to audit it, you can then export it to HTML or CSV:
Get-Mailbox -ResultSize Unlimited | Get-MailboxPermission | where { ($_.AccessRights -eq "FullAccess") -and ($_.User -like "*User1*") }

Monday, June 7, 2010

you Receive "the text you typed is too long" when editing signature in OWA in Exchange 2010

it is so clear, this is because OWA in Exchnage 2010 allows only 8 KB for signature including HTML and text.

This is by design and cannot be changed.

Sunday, June 6, 2010

Exchange 2010 read receipt might look incorrect if you compare it to Exchange 2003 or 2007

Well, lots of customers are asking about that one, you might get the read receipt in the UTC format in OWA and in Outlook, while it was before based on the local time zone of the server.

This lead so many customers to think that this is a bug, however in Exchange 2010 the design has been changed to force the Exchange server to send RR in UTC timezone and no way to change this one, so this is by design and cannot be changed and this is not a BUG.

AFAIK, this will bot be changed in SP1

More Exchange 2010 EMC errors and fixes Client of WinRM service received from WS-managment code HTTP 403

you cannot open the Exchange management Console you will get the following error:
Initialization failed

The following error occured when searching for on-premises exchange server

connecting to remote server failed with following message: Client of WinRM service received from WS-managment code HTTP 403.

1. make sure IIS WinRM extension is installed
2. open powershell and run command : WinRM Quickconfig
3. Open IIS go to Powershell virtual directory and check that SSL in disabled and authentification is set only to Anonymous
4. Open Windows powershell modules
5. run Remove-PowershellVirtualDirectory command
6. run New-PowershellVirtuallirectory command
7. IISreset

شروح Exchange 2010 اللي سبق وضعها بس الموضوع بالعربي

من زمااااااااان مكتبتش بالعربي احساس جميل و الله
ان شاء الله يكون في نصيب اكتر و اكتر للمواضيع العربي بس الكتابة بالعربي صعبة خصوصا مع المصطلحات الكتيرة
الموضوع ده علشان انا لقيت في ناس كتير بتبحث بالعربي عن مواضيع لل Exchange 2010
مع العلم انه انا وضعت الشرح بس يظهر علشان انا كاتب المواضيع بالانجليزي مش بتظهر
على العموم دي الروابط بالعربي (حلوة روابط دي)
شرح اساسيات تنزيل و تركيب Exchange 2010
شرح عمل الابجريد و التحديث من النسخ السابقة )xchange 2003/2007( ل 2010
معايير الكفاءة ل exchange 2010
الجزء الاول من اساسيات Client access server
الجزء الثاني من اساسيات Client Access Server
اساسيات ال Storage في Exchange 2010

Sunday, May 30, 2010

Blackberry deployment notes for Windows 2008 Domain Controllers

if you have large number of BB devices you might get:
[40206] (12/22 08:58:11.625):{0x1A38} MailboxManager::SubsystemInitialize - Using MAPI profile 'BlackBerryServer'
[50000] (12/22 08:58:11.672):{0x394} Controller: This BES Agent is under control of BlackBerry Agent Controller
[20137] (12/22 08:58:11.719):{0x1A38} MailboxManager::SubsystemInitialize - g_pSession->OpenMsgStore (0x80040111)
[40000] (12/22 08:58:11.719):{0x1A38} Setting PR_PROFILE_CONNECT_FLAGS CONNECT_IGNORE_NO_PF true
[40206] (12/22 08:58:11.719):{0x1A38} MailboxManager::SubsystemInitialize - Using MAPI profile 'BlackBerryServer'
[20137] (12/22 08:58:11.797):{0x1A38} MailboxManager::SubsystemInitialize - g_pSession->OpenMsgStore (0x80040111)
[10277] (12/22 08:58:11.797):{0x1A38} BlackBerry Messaging Agent MERC74 Agent 1 failed to start. Error code 5305
[50106] (12/22 08:58:11.797):{0x1A38} Stopping BlackBerry Mailbox Agent 1 for Server

[40000] (12/22 09:44:49.654):{0x4EC} CDO initializing failure in CDO helper 1046a930 (2)
[30001] (12/22 09:44:49.764):{0x4EC} CDOCalendar::Initialize - Code = 800406f9, WCode = 04f9, Code meaning = IDispatch error #1273,
[30002] (12/22 09:44:49.764):{0x4EC} Server = mercmbx11, Mailbox = Description = The information store could not be opened. [MAPI 1.0 - [MAPI_E_LOGON_FAILED(80040111)]]
[30180] (12/22 09:44:49.764):{0x4EC} {saskit} CDOCalendar::Initialize - Error in call m_spCalendarFolder = m_spCDOSession->GetDefaultFolder
[40000] (12/22 09:44:49.764):{0x4EC} CDO initializing failure in CDO helper 1046a930 (4)

[30181] (12/22 15:04:32.463):{0x1A38} Performing system health check (BlackBerry Mailbox Agent 1 - BESX Version
[30038] (12/22 15:04:32.463):{0x1A38} Worker Thread: *** No Response *** Thread Id=0x1350, Handle=0x7B0, WaitCount=6, WorkingTime=68 min, LastActivity=68 min, Event: NEW_MB_PCKT_RESCAN, User: , Server: , Activity: MAPISendertoRIMSender - RIM_HrGWResolveProxy
[30038] (12/22 15:04:32.463):{0x1A38} Worker Thread: *** No Response *** Thread Id=0x1564, Handle=0x1664, WaitCount=6, WorkingTime=68 min, LastActivity=68 min, Event: NEW_MB_PCKT_RESCAN, User: , Server: , Activity: MAPISendertoRIMSender - RIM_HrGWResolveProxy
[50020] (12/22 15:04:32.463):{0x1A38} Some worker threads have been blocked for 6 health checks

In addition, it is likely that if this article applies, the BlackBerry Manager will return an error when opened regarding

here is a guide for deployment of BB servers in 2008 Domain controllers environment


Netapp storage best practices for Exchange 2010

Nice post:

Saturday, May 29, 2010

the Exchange 2010 Configurator Script

Hi There,

I often win points on EE by answering lots of web services question, and also spending lots of troubleshooting EWS on EE, of course I win points, but after all users experience have been degraded and admins suffered.

If you read my previous article you will find that there are lot of configuration that must be done on the Exchange web services including (OWA, ECP,EWS,EAS,OAB) for outlook and Exchange to work smoothly.

I always find lot of people running into troubles configuring their Exchange server and using the poweshell, so I created this nice powershell script that will answer you very simple questions and configure Exchange web services including (OWA, ECP, OAB, AES, Internal SCP, EWS)
Here is the script notes:

Internal domain name entered in the FQDN format.

Server name entered in netbios format.

Autodiscover and webmail URLs are entered in FQDN format with no HTTP or HTTPS.

Internal name are set to server FQDN thus the certificate has to include the server name as well.

If you have multiple servers you will need to run the script for each server.

Other than this attached the script file along with the script itself here for your reference, you can use and customize this script to meet your need, use the script at your own responsibility blab la bla (legal stuff ), and your comment and feedback are welcome on e14(at)Ingazat(dot)com.
#Add exchange 2010 snap in for mailbox creation

Add-PSSnapin Microsoft.Exchange.Management.Powershell.E2010 -ea silentlyContinue

write-Host "Welcome to the Exchange configurator, This script will help you to configure the Exchange web services to avoid common missing

and wrong configuration, This script is created by Mahmoud Magdy (

you can reach me by email on e14(at)ingazat(dot)com use this script under your own responsibility"

write-Host "The Configurator will list the current system configuration for your reference the config will be saved to c:\e14systemconfig.txt"

$systemconfig = @(Get-OwaVirtualDirectory
fl name,internalurl,externalurl)

$systemconfig = $systemconfig + @(Get-ecpVirtualDirectory
fl name,internalurl,externalurl)

$systemconfig = $systemconfig + @(Get-oabVirtualDirectory
fl name,internalurl,externalurl)

$systemconfig = $systemconfig + @(Get-WebServicesVirtualDirectory
fl name,internalurl,externalurl)

$systemconfig = $systemconfig + @(Get-ActiveSyncVirtualDirectory
fl name,internalurl,externalurl)

$systemconfig = $systemconfig + @(Get-ClientAccessServer
fl Name,AutoDiscoverServiceInternalUri)

out-file c:\e14systemconfig.txt

write-Host "The Configurator will start asking you some questions then will configure your environment"

$InternalDomainname = Read-Host "What is the name of the Internal domain name"

$Servername = Read-Host "What is the name of the Internal server name"

$Externalwebmail = Read-Host "what is the url used by users to acces OWA Externally e.g

please don't include https://"

$InternalAutodiscover = Read-Host "what is the url used by users to acces autodiscover internal URL

(this will be retrieved from AD SCP please don't include https://"

$InternalURL = $servername + "." + $internaldomainname

$ServernameURL = "https://" + $InternalURL

$httpsExternalwebmail = "https://" + $Externalwebmail

$owaextURL = $httpsExternalwebmail + "/owa"

$owaintURL = $ServernameURL + "/owa"

$ecpextURL = $httpsExternalwebmail + "/ecp"

$ecpintURL = $ServernameURL + "/ecp"

$EWSexternalURL = $httpsExternalwebmail + "/EWS/Exchange.asmx"

$EWSInternalURL = $ServernameURL + "/EWS/Exchange.asmx"

$oabextURL = $httpsExternalwebmail + "/oab"

$oabintURL = $ServernameURL + "/oab"

$EASexturl = $httpsExternalwebmail + "/Microsoft-Server-ActiveSync"

$EASinturl = $ServernameURL + "/Microsoft-Server-ActiveSync"

$Autodiscogerinternalurl = $InternalAutodiscover + "/Autodiscover/Autodiscover.xml"

$Autodiscogerinternalurl = "https://" + $Autodiscogerinternalurl

write-Host "The Configurator will start Configuring your System now"

get-owavirtualdirectory -server $servername
set-owavirtualdirectory -ExternalUrl $owawextURL -InternalUrl $owawintURL

get-ecpVirtualDirectory -server $servername
set-ecpVirtualDirectory -ExternalUrl $ecpextURL -InternalUrl $ecpintURL

get-oabVirtualDirectory -server $servername
set-oabVirtualDirectory -ExternalUrl $oabextURL -InternalUrl $oabintURL

get-WebServicesVirtualDirectory -server $servername
set-WebServicesVirtualDirectory -ExternalUrl $EWSexternalURL -InternalUrl $EWSInternalURL

get-ActiveSyncVirtualDirectory -server $servername
set-ActiveSyncVirtualDirectory -ExternalUrl $EASexturl -InternalUrl $EASinturl

Get-ClientAccessServer -Identity $Servername
Set-ClientAccessServer -AutoDiscoverServiceInternalUri $Autodiscogerinternalurl

write-Host "The Configurator is done you might want to run this script on other servers"

save the code above to scriptname.ps1 and run it by double click on it, you can run this PS from windows powershell (I added the Exchange snapin) or the Exchange management shell.

I hope to win less points on EE from EWS and win more points from this article

Sunday, May 23, 2010

Exchange 2010 using C# and to create mailboxes using remote shell connect

here is a nice code snippest:
SecureString password = new SecureString();

string str_password = "pass";

string username = "userr";

string liveIdconnectionUri = "http://exchange.Domain.local/Powershell?serializationLevel=Full";

foreach (char x in str_password)




PSCredential credential = new PSCredential(username, password);

// Set the connection Info

WSManConnectionInfo connectionInfo = new WSManConnectionInfo((new Uri(liveIdconnectionUri)), "",


connectionInfo.AuthenticationMechanism = AuthenticationMechanism.Default;

// create a runspace on a remote path

// the returned instance must be of type RemoteRunspace

Runspace runspace = System.Management.Automation.Runspaces.RunspaceFactory.CreateRunspace(connectionInfo);

PowerShell powershell = PowerShell.Create();

PSCommand command = new PSCommand();


command.AddParameter("Identity", usercommonname);

command.AddParameter("Alias", userlogonname);

command.AddParameter("Database", "MBX_SBG_01");

powershell.Commands = command;



// open the remote runspace


// associate the runspace with powershell

powershell.Runspace = runspace;

// invoke the powershell to obtain the results

return = powershell.Invoke();


catch (Exception ex)






// dispose the runspace and enable garbage collection


runspace = null;

// Finally dispose the powershell and set all variables to null to free

// up any resources.


powershell = null;


Friday, May 21, 2010

'Group is too large to display. communicator can not be used for groups with more than 100 members

you might receive this message in OCS 2007 Client when you try to expand a group in OC.
first you have to know that OCS client is hard coded with a maximum of 150 members to display, if you want users to display more than the default 100 limit then create the following client side policy and restart the OCS Client:
Open Registry:
go to
Create a Key: MaxDLExpansion (DWORD)
and type 150 as the value.
More KBs:
Thanks to Jeff for that great hint

Outlook 2007 may crash when you create a new mail when it is connected to Exchane 2010 servers

Outlook users in online or Cachedm mode connected to Exchange 2010 creating a new email message get outlook crashed and might get:
Faulting application OUTLOOK.EXE, version 12.0.6504.5000, time stamp 0x49e7f47e, faulting module EMSMDB32.DLL, version 12.0.6504.5001, time stamp 0x49fea4b0, exception code 0xc0000005, fault offset 0x0003adfa, process id 0x2a6c, application start time 0x01ca3097445ad092.

Make sure that your users have the msExchQueryBaseDn attribute wit hthe search base DN, make sure that you don't use Exchange 2007 Address List segregation in Exchange 2010 environment.
to add the basedn from powershell use this cmdlet:
get-mailbox -resultsize unlimited

Foreach { $dn = “LDAP://” + $_.distinguishedname;$obj = [ADSI]$dn;$obj.msExchQueryBaseDN = “DC=Domain,DC=local”;$obj.setinfo()}

Tuesday, May 18, 2010

How Exchange 2010 Message Tracking are indexed

Exchange 2010 has a optimziation for the message tracking logs as they are faster, this is indicated here:
but they are not documents, if you wonder how message tracking are indexed they are indexed by Exchange 2010 using message ID and address information to allow much faster search and lookup in the tracking console.

the content is under publishing but this is an insider info, more detail will be provided as I get them.

Monday, May 17, 2010

Unable to moun Exchange 2010 DB, replication service stops.

you might get this error:
Microsoft.Exchange.Configuration.MonadDataProvider.CommandExecutionException: Unexpected error [0x79596503] while executing command 'mount-database'. ---> System.InvalidCastException: Specified cast is not valid.

how to solve this:
to solve this issue delete the EnableVSSWriter from the registry and restart the server.

Sunday, May 16, 2010

Exchange 2010/2007 Virtual Directory Default Permissions

We see that a lot on forums users asking for the default permissions on virtual directories, also in some troubleshooting we found that
wrong NTFS permissions or in-correct IIS authentication might affect autodiscover, EWS, OAB or OWA/ECP, so for reference here they are:
NTFS permissions
Authentication Users
(read, Read and Execute)
Basic Auth.
System (Full Control)
Windows Auth.
Administrators (Full Control)

Authentication Users (read)
Basic Auth.
System (Full Control)

Administrators (Full Control)

Authentication Users (read)
Windows Auth.
System (Full Control)

Administrators (Full Control)

Basic Auth.
Authentication Users (read)

System (Full Control)

Administrators (Full Control)

Windows Auth.
System (Full Control)

Organization Management
 (Traverse, Read & Execute,
Read Attribute, Read Extended Attribute)

View only organizations Managenet
(Traverse, Read & Execute
, Read Attribute, Read Extended Attribute)

Administrators (Full Control)

IIS_IUSR (Traverse, Read &
Execute, Read Attribute,
 Read Extended Attribute)

Basic Auth.
Authentication Users (read)

System (Full Control)

Administrators (Full Control)

Authentication Users (read)

System (Full Control)

Administrators (Full Control)

Basic Auth

Windows Auth.