Outlook says .. Microsoft Exchange is not available

This was is a good one and has been doing my head in!

I had a user mailbox that could log in to OWA but not Outlook.

With outlook you would get an error saying:

"Cannot open your default e-mail folders. Microsoft Exchange is not available. Ether there are network problems or the exchange Computer is down for maintenance"

If you run:

Get-LogonStatistics -Identity <email address>

Then have a look at the FullMailboxDirectoryName

This should match the users legacyexchangedn.  In my case, another user has the same address as a proxy address.

Just removed it and everything worked fine!

#Powershell and Get-ExchangeServer


Now that is cool.  Been playing with the cmdlet Get-ExchangeServer.  I wanted to get a group of different server names in one go, without having the run the cmdlet multiple times.

So I thought I would try and chuck an array at Get-ExchangeServer and see what it does?  It only bloody works ;-)

$s +="MyServers*"
$s += "Exch*"
$s | Get-ExchangeServer

Neat trick, and you can also pass arrays in as a script parameter too.  Found this: http://santoshbenjamin.wordpress.com/2008/09/30/powershell-and-arrays-as-named-parameters/

The key for a script or function parameter is [String[]]$Server=”*”

I Like it ALOT!

Forefront for Exchange Kaspersky Engine

#Exchange2010 #Exchange

Been getting lot of errors over the past couple of week with the Kaspersky engine not updating:

Log Name:      Application
Source:        GetEngineFiles
Event ID:      6012
Task Category: Engine Error
Level:         Error
Microsoft Forefront Protection encountered an error while performing a scan engine update.
   Scan Engine: Kaspersky
   Error Code: 0x80004005
   Error Detail: Description: An error occurred while loading the scan engine.

Found this:http://social.technet.microsoft.com/Forums/en/FSENext/thread/a198da95-b500-4627-820f-dd796ebe7fc5

The resolution works a dream:

Under C:ProgramData there is a folder called "KasperSky SDK" (you will have to enable viewing of hidden files to see if)

Rename the folder to say it for example  to "KasperSky SDK,old”

Update "Kaspersky" through the Forefront Console


Virtualized Exchange Storage: VMDK or RDM or…?

#Exchange #Exchange2010 #vmware

Matt sent me this .. an Interesting read


One of the hottest topics I get into when talking to customers about virtualizing Exchange is storage. Not surprising considering the number of options available when we virtualize Exchange on vSphere. If you are not familiar with the common methods for provisioning storage in vSphere a brief description of each follows:

  • VMFS based virtual disk (VMDK) – VMFS is a high performance, clustered file system that allows concurrent access by multiple hosts to files on a shared volume. VMFS offers high I/O capabilities for virtual machines and is optimized for large VMDK files. VMFS volumes can be Fibre Channel or iSCSI attached.
  • Raw-device mappings (RDM) – RDM is a mapping file in a VMFS volume that acts as a proxy for a raw physical device, sometimes called a pass-thru disk. The RDM file contains metadata used to manage and redirect disk access to the physical device. RDMs can be Fibre Channel or iSCSI attached.

In early versions of ESX the virtualization overhead associated with deploying virtual disks (VMDK files) was much higher than it is today and why it was considered a best practice to place Exchange data files on physical mode raw-device mappings (RDM). As ESX and vSphere have evolved the performance difference between RDMs and virtual disks has become almost nonexistent. This leaves some questioning why we might choose to deploy RDMs for Exchange storage.

… “

New-MoveRequest Fails at 95%

#Exchange2010 #Exchange

I had a single mailbox, that I could not move from Exchange 2003 to Exchange 2010.  It moved from 2003 to another 2003 database no problem, but 2003 to 2010 no chance.

From the MoveRequest Log you could see this at the end:

12/10/2011 1:04:36 AM [CAS] Fatal error UpdateMovedMailboxPermanentException has occurred.
Error details: An error occurred while updating a user object after the move operation. –> Active Directory operation failed on MyDC. One or more attribute entries of the object ‘BadUser’ already exists. –> The attribute exists or the value has been assigned.
   at Microsoft.Exchange.MailboxReplicationService.LocalMailbox.Microsoft.Exchange.MailboxReplicationService.IMailbox.UpdateMovedMailbox(UpdateMovedMailboxOperation op, ADUser remoteRecipientData, String domainController, ReportEntry[]& entries, Guid newDatabaseGuid, Guid newArchiveDatabaseGuid, String archiveDomain, ArchiveStatusFlags archiveStatus)
   at Microsoft.Exchange.MailboxReplicationService.MailboxWrapper.<>c__DisplayClass3c.<Microsoft.Exchange.MailboxReplicationService.IMailbox.UpdateMovedMailbox>b__3b()
   at Microsoft.Exchange.MailboxReplicationService.ExecutionContext.Execute(GenericCallDelegate operation)
   at Microsoft.Exchange.MailboxReplicationService.MailboxWrapper.Microsoft.Exchange.MailboxReplicationService.IMailbox.UpdateMovedMailbox(UpdateMovedMailboxOperation op, ADUser remoteRecipientData, String domainController, ReportEntry[]& entries, Guid newDatabaseGuid, Guid newArchiveDatabaseGuid, String archiveDomain, ArchiveStatusFlags archiveStatus)
   at Microsoft.Exchange.MailboxReplicationService.LocalMoveJob.UpdateMovedMailbox()
   at Microsoft.Exchange.MailboxReplicationService.MoveBaseJob.UpdateAD(Object[] wiParams)
   at Microsoft.Exchange.MailboxReplicationService.CommonUtils.CatchKnownExceptions(GenericCallDelegate del, FailureDelegate failureDelegate)
Error context: ——–
Operation: IMailbox.UpdateMovedMailbox
OperationSide: Target
Primary (62d90226-d9a1-4941-baa5-28104b5fab78)
12/10/2011 1:04:36 AM [CAS] Relinquishing job.

It turns out that in when looking in the AD at the user proxy addresses a couple of them had an Š instead of an S.

When you looked with Exchange, it showed the S and not Š

So it’s an extended ASCII character (_http://en.wikipedia.org/wiki/%C5%A0 (_http://en.wikipedia.org/wiki/%C5%A0)). 

When I have changed it to a “normal” S using ADSIEdit, the move then worked!

How funky! .. Interesting in the Get-Mailbox still tagged the mailbox as valid!

Virus of the week (2012-01-09)

#Exchange #Exchange2010 #Virus

So this is a summary of what Microsoft Forefront Protection for Exchange Server detected as a virus.


  • Subject line:  "Botanical Gardens Boot Camp NOW STARTING"
  • Subject line:  "Just for Cardholders: Save an extra 10% on select TVs at Amazon.com"
  • Subject line:  "Bank of America Customer Service – Tell us what you think"
  • Subject line:  "PayPal – Your account has been limited!"



  • File name:  "winmail.dat->Insurance.zip->1036775_4909136e-c76f-466a-a8fe-a935fb735dbd_TATAAIGFIRSTPLAN.doc"

    Forefront Protection for Exchange

    #Exchange #Exchange2010

    So it’s been annoying me, when Forefront sends you an email, the from address it is a bit pants, and I want to change it.  By default it’s ForefrontServerProtection@servername.server.

    I looked around the PowerShell add in for Forefront and drew a blank so after a bit of googling I found this: http://technet.microsoft.com/en-us/library/dd639362.aspx

    Essentially …

    Changing the From address for notifications

    FPE utilizes SMTP messaging for notification purposes, placing the message in the SMTP service Pickup folder and resolving the Exchange name with the Active Directory directory service. By default, the server profile used for identifying notifications is: ForefrontServerProtection@servername.server. However, you can change this server profile by modifying the FromAddress registry value.

    To modify the FromAddress registry value

    Open the Registry Editor and navigate to the following registry key:

    HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMicrosoftForefront Server SecurityNotifications

    Modify the default value of FromAddress to the sender name you would like. Alphanumeric characters are acceptable. You may also use the at sign (@) or a period (.), but these characters cannot be the first or last character. Any illegal characters will be replaced with an underscore (_).

    You must restart the relevant Microsoft Exchange and Microsoft Forefront Server Protection services in order for this change to take effect.

    BES 5.0 SP3 MR 6

    #BlackBerry #Exchange #Exchange 2010

    BlackBerry Enterprise Server for Microsoft Exchange Version: 5.0 | Service Pack: 3 | Maintenance
    Release: 6

    Service Pack 3 Maintenance Release 6

    • Filename: besx503mr6.zip
    • Filesize: 192 MB
    • Date posted: 14-Dec-11




    • *If you created a new user and selected Create a user with a generated activation password, the BlackBerry Administration Service did not always send the activation email. (DT 1059145)

    BlackBerry Administration Service

    • *In some circumstances an exception error was displayed when an administrator searched for data using particular search criteria. (DT 2033693)
    • *The BlackBerry Administration Service became slow to respond and administrators could not log in due to an SQL disconnect. (DT 2019181)
    • Several BlackBerry Web Services API calls were not integrated with the BlackBerry Administration Service. (DT *2330494, 1970659, 1967817, 1938039, 1889249, 1889248, 1889245, 1889244, 1889215, 1889210, and 1889207)
    • After you upgraded from BlackBerry Enterprise Server 5.0 SP2 to 5.0 SP3, the BlackBerry Administration Service might not have performed as expected. This might have been the result of the BlackBerry Administration Service attempting to process a large number of tasks that it could not process during the upgrade. (DT 1968029)
    • The BlackBerry Administration Service did not clear old addresses from the database causing the database to gradually increase in size until you could not add new users. (DT 1842397)
    • *In some circumstances, administrators with the appropriate permissions were not able to see the list of users in a group. (DT 1271633)
    • *Administrators could not send IT policies through the policy server directly, which delayed the delivery of IT policies to devices because of dependencies on previous job tasks. (DT 1225228 )
    • If you upgraded BlackBerry Enterprise Server to 5.0 SP3 while the BlackBerry Administration Service was reconciling jobs, the BlackBerry Administration Service did not finish reconciling jobs after the upgrade process completed. (DT 1216175)
    • If one BlackBerry Administration Service instance sent a reconciliation task to a second instance, and the connection between the instances dropped so that the reconciliation task failed, reconciliation stopped on all BlackBerry Administration Service instances. The first BlackBerry Administration Service instance then wrote the following error to its log file: “org.jboss.remoting.CannotConnectException: Can not get connection to server. Problem establishing socket connection for InvokerLocator [sslsocket:”. The BlackBerry Administration Service checks for unprocessed reconciliation events every 24 hours and restarts them at that time. For more information, contact RIM Support. (DT 1159175)
    • *If a user switched to another device, the BlackBerry Administration Service sent applications to the device before the device had completed the activation process, and the device could not properly install the applications. (DT 1120052)
    • *If there were thousands of software configuration jobs pending, the BlackBerry Administration Service became unresponsive and administrators were unable to log in. (DT 1087186)
    • If you set the BlackBerry Device Software deployment managed by BlackBerry Administration Service option to Yes, the BlackBerry Administration Service did not hide the Allow Wireless Security Updates IT policy rule, even though it is no longer applicable. (DT 1056730)
    • When the BlackBerry Administration Service lost a connection to the BlackBerry Configuration Database, the BlackBerry Administration Service was restarted and some events were not processed. (DT 1042891)
    • If you updated the SMTP email address of administrators with access to the BlackBerry Monitoring Service in Microsoft Active Directory, the BlackBerry Administration Service did not update the email address in the BlackBerry Configuration Database. (DT 1028523)
    • The interval for the failsafe mechanism in the BlackBerry Administration Service was too long (24 hours), which meant that some events were not processed in a timely manner. (DT 1014960)
    • *The BlackBerry Administration Service did not support searching for user accounts using the mailbox ID. As a result, if you used the BlackBerry Enterprise Server User Administration Tool, you could not search for user accounts by canonical name. (DT 604566)

    BlackBerry Attachment Service

    • When a user viewed an .xls or .xlsx attachment on their device, negative percentages (example, -25%) were not displayed correctly. (DT 1428205)

    BlackBerry Collaboration Service

    • Some valid characters were not permitted in the user name or domain name for Microsoft Office Communications Server. (DT 2081919)
    • *Users were unable to log in to enterprise instant messaging when the BlackBerry Enterprise Server pool and the instant messaging server pool appeared in different DNS subdomains. (DT1115118)
    • On some occasions, when users were logged in to the client for Microsoft Office Communications Server 2007 R2 on both their computer and their device, the first reply to a new chat session was not delivered. (DT 1031517)
    • If a BlackBerry device user using Microsoft Office Communications Server sent instant messages to a recipient that was logged in to both a BlackBerry device client and Microsoft Communicator Web Access, the messages were not received. (DT 525962)
    • Users were unable to re-invite participants to an expired conference. (DT 353483)

    BlackBerry MDS Connection Service

    • *The BlackBerry MDS Connection Service did not send an error message to the device when it dropped a connection request. (DT 2082262)
    • *Users were unable to browse to internal and external websites from their devices because the BlackBerry MDS Connection Service stopped responding to incoming IPPP requests. (DT 2036927)
    • *Users were unable to load a map image when a direct request was made to the website. (DT 1995079)
    • *When a device was activated with a SIM card, and then the SIM card was removed, the BlackBerry Enterprise Server was unable to push data to the device over a Wi-Fi connection. (DT 1437011)
    • If you gave the Microsoft SQL Server a name that contained a "$", the BlackBerry MDS Connection Service did not start. (DT 1429111)
    • You could not send push messages to large numbers of users in groups that were on different BlackBerry Enterprise Server instances. (DT 1404460)
    • If the list of supported BlackBerry Dispatcher instances for the BlackBerry MDS Connection Service exceeded 256 characters, the BlackBerry MDS Connection Service was unable to process any push requests. (DT 1175023)
    • If you submitted a certificate request to a CA a second time for the same profile, the enrollment might have failed. (DT 1175008)
    • When you disabled the "Use scalable HTTP" feature of the BlackBerry MDS Connection Service, users could not access some HTTPS sites. (DT 1170693 and DT 1049666)
    • If a group in the BlackBerry Administration Service had users that resided on mult
      iple BlackBerry Enterprise Server instances, push messages to that group failed. (DT 1125058)
    • After a user submitted numerous certificate requests to an enterprise CA or stand-alone CA that were approved, an enrollment process might have failed while the device was waiting for an approved certificate. (DT 1116098)
    • *If your organization used a proxy server for web browsing on a device, users could not log in to an application that had been coded with the TLS setting "EndToEndRequired" (for example, BlackBerry App World™). (DT 914899)
    • If you configured integrated Windows authentication for the BlackBerry MDS Connection Service, set the File URL Pattern to .*, and created the required access control rules, when a user tried to browse to a file that included an @ (at sign) in the file name, the device could not display the file. The BlackBerry MDS Connection Service truncated the file and removed every letter before the @. The BlackBerry MDS Connection Service also logged a DFTF/1.1
      404 error message in its log file. (DT 846883)

    BlackBerry Mail Store Service

    • *When a company that is hosting the BlackBerry Enterprise Server added a new user to their mail  server, they had to wait up to 24 hours before they could add the user to the BlackBerry Enterprise Server. (DT 1391094)

    BlackBerry Messaging Agent

    • There is improved handling of partial name collisions that may have occurred in the LegacyExchangeDN field where the expected user account had been disabled. (DT 1448927)
    • When a missed call message was delivered to Microsoft Outlook, the same message was not delivered to the BlackBerry device. (DT 1161394)
    • *The PFContactMonitor scan was running a full scan approximately every 20 minutes, instead of once a day or on restart. (DT 1147411)
    • In some circumstances email messages were not delivered promptly because of high disk I/O on Microsoft Exchange 2010 mailbox servers. (DT 1141515)
    • *When performing a user lookup using a device, fields in the user search results might have appeared blank if the user account had multiple values entered for a field. For example, if the user account had multiple home phone numbers, the search results did not display the user’s home phone number. (DT 1002292)
    • When you composed an email message containing both Hebrew and English characters on a device, the version that was received in Microsoft Outlook was not readable because the direction of the Hebrew characters was changed. (DT 765816) Support for bi-directional languages is also dependent on an update to BlackBerry Device Software that will be available following the release of this MR.

    BlackBerry Enterprise Server Resource Kit

    • The BlackBerry Enterprise Server Resource Kit 5.0 SP3 includes the BlackBerry Directory Sync Tool, which you can use to synchronize the membership of security and distribution groups in Microsoft Active Directory to selected groups in a BlackBerry Domain. In the initial release of the tool, you could not synchronize group membership  from a group in Microsoft Active Directory to a BlackBerry Enterprise Server group that had more than 2000 members. After you upgrade to BlackBerry Enterprise Server 5.0 SP3 MR3, you can make changes to the tool’s configuration file and use the tool to synchronize group membership to BlackBerry Enterprise Server groups with more than 2000 members.

      For more information about changing the maximum size of a BlackBerry Enterprise Server group that the tool can synchronize changes to, visit www.blackberry.com/go/serverdocs to read the BlackBerry Analysis, Monitoring, and Troubleshooting Tools Administration Guide. (DT 1214644)

    BlackBerry Synchronization Service

    • *When a user was migrated from BlackBerry Enterprise Server 4.x to 5.x, the BlackBerry Synchronization Service did not trigger a versioning check so users could not see records belonging to any newly added or updated syncable databases. (DT 2077524)
    • When the BlackBerry Synchronization Service tried to synchronize data for many devices that were not in service, a high CPU usage resulted. (DT 1839166)
    • In certain circumstances, the throttling code scheduled more slow synchronization requests than expected, which might have increased the CPU usage on the computer where the BlackBerry Synchronization Service is installed. (DT 1008489)
    • In certain circumstances, when backing up PIN messages for a particular user account, the BlackBerry Synchronization Service stopped responding. (DT 796168)

    BlackBerry Web Desktop Manager

    • When you used the default version of USB drivers to connect a BlackBerry device to BlackBerry Web Desktop Manager, sometimes the attached device was not recognized and could not be activated. (DT 1168677)

    High Availability

    • *After a failover, in some circumstances the newly active BlackBerry Enterprise Server could not access a user’s mailbox. (DT 1838303)


    • SMS log files truncated the first two characters from email addresses in the To field. (DT 711626)

    Organizer data synchronization

    • Contacts that used a custom message class, did not synchronize with Public Folders. (DT 1400600)
    • If you changed the Mappings settings for organizer data synchronization at the component level, the organizer data was not synchronized. (DT 1396390)


    • A vulnerability in the BlackBerry Collaboration Service could have allowed a potentially malicious BlackBerry device user within an organization to log in to the BlackBerry Collaboration Service as another BlackBerry Collaboration Service user within the same organization. The potentially malicious user could then impersonate the legitimate
      user within the enterprise instant messaging environment. The vulnerability was present in the component that provides connectivity between the BlackBerry Collaboration Service and the following clients on a BlackBerry
      • BlackBerry Client for use with Microsoft Office Communications Server 2007 R2
      • BlackBerry Client for use with Microsoft Lync Server 2010
      For more information about the issue, visit www.blackberry.com/btsc to read article KB28524. (DT 2047669)
    • *Some BlackBerry Enterprise Server ports allowed weak cipher suites that should have been excluded on certain SSL encrypted connections. (DT 1254022)
    • Vulnerabilities existed in how the BlackBerry Collaboration Service and the BlackBerry Messaging Agent processed PNG images and TIFF images for rendering on BlackBerry devices. These vulnerabilities could have allowed a potentially malicious user to execute arbitrary code using the privileges of the BlackBerry Enterprise Server login
      account. (DT 1238271 and DT 1125216)
    • These issues are resolved by this maintenance release. The update replaces the image.dll file that the affected components uses with an image.dll file that is not affected by the vulnerabilities. For more information, visit www.blackberry.com/btsc to read KB27244.
    • A vulnerability existed in the BlackBerry Administration API which could have allowed an attacker to read files that contain only printable characters on the BlackBerry Enterprise Server, including unencrypted text files. Binary file formats, including those used for message storage, were not affected. This issue could have caused resource exhaustion and therefore could have been leveraged as a partial Denial of Service. The vulnerability was limited
      to the user permissions granted to the BlackBerry Administration API. (DT 1183849)
      For more information, visit www.blackberry.com/btsc and read KB27258.


    • If SNMP for the BlackB
      erry Monitoring Service was not set up correctly, the BlackBerry MDS Connection Service continuously wrote the following error to its log file: <ERROR>:<LAYER = SCM, BMS: setConfigConfig failed rc=-1000>. (DT 891612)

    2540817 Outlook 2007 prompts for credentials after Exchange CAS is restarted

    #Exchange2010 #Outlook #Exchange …  Interesting

    Source: http://support.microsoft.com/default.aspx?scid=kb;EN-US;2540817

    After an Exchange Client Access Server (CAS) is restarted, the Microsoft Office Outlook 2007 client prompts you to re-enter your credentials to reconnect to the Microsoft Exchange server. (This behavior is not experienced if you are connected to the Exchange CAS server by using Outlook 2010.)

    To work around this issue, follow these steps to enable the DisableTransientFailureAuthPrompts

    #BlackBerry Enterprise Server for Exchange Software Support Life Cycle

    #Exchange #Exchange2010

    Interesting, hope you off BES 4.1

    Product Name and Version General Availability Support End Date Sales End Date
    BlackBerry Enterprise Server v5.0.1 for Microsoft Exchange Available 15-Nov-2011 15-Nov-2011
    BlackBerry Enterprise Server v5.0.0 for Microsoft Exchange 04-May-2009 15-Nov-2011 15-Nov-2011
    BlackBerry Enterprise Server v4.1.7 for Microsoft Exchange 17-Nov-2009 02-Jul-2011 02-Jul-2010
    BlackBerry Enterprise Server v4.1.6 for Microsoft Exchange 17-Jul-2008 02-Jul-2011 02-Jul-2010
    BlackBerry Enterprise Server v4.1.5 for Microsoft Exchange 18-Apr-2008 31-Jan-2009 17-Jul-2008
    BlackBerry Enterprise Server v4.1.4 for Microsoft Exchange 20-Jun-2007 31-Jan-2009 18-Apr-2008


    General Availability: The software product is available for download on this date.

    Sales End Date Support End Date
    Definition The date the full version of the software is no longer available for sale or download from RIM. The full support scope of service is diminished and source code maintenance no longer performed.
    Impact to the T-Support Customer No longer able to purchase additional full copies of this version. Replacement copies for Disaster Recovery may be available. Customer with existing contract continues to be supported; all issues are triaged but if the issue reported has been resolved in a current version, customer may be instructed to update the software. Customer may continue to receive hot fixes for Sev 1 and security issues.
    Impact to the non T-Support Customer No longer able to purchase additional full copies of this version. Replacement copies for Disaster Recovery may be available. Maintenance Releases (MRs) are no longer available.