Install Exchange 2007 SP2 on SBS 2008
Currently running through an Exchange Service Pack 2 install for Microsoft's Small Business Server 2008. For ease of reference I thought I'd briefly list the main three steps below:
- Download the Exchange 2007 Service Pack 2 - Exchange 2007 Downloads
- Run through the following KB Article referencing "You cannot install Exchange Server 2007 Service Pack 2 on a Windows Small Business Server 2008-based computer" - KB973862
- Download the Service Pack Installation tool for Small Business Server 2008 - KB974271
*Update*
Service Pack 3 is now available for Exchange 2007 which no longer needs the above steps to install. I believe it is support for SBS 2008 and as per a few we've done already goes on straight away.
Exchange 2007 orphaned Delegate User causing Bouncebacks
Having recently deleted an Exchange 2007 User from AD we found a number of bounce back emails beginning to occur. The bounce backs would occur primarily on editing Calender items for other users as the now deleted user was still listed as a Delegate for them. We wanted to query Exchange as to which mailboxes the now deleted user was listed on. The bounce back email is below:
Delivery has failed to these recipients or distribution lists:
Username
The recipient's e-mail address was not found in the recipient's e-mail system. Microsoft Exchange will not try to redeliver this message for you. Please check the e-mail address and try resending this message, or provide the following diagnostic text to your system administrator.
FIX:
1. Open Exchange 2007 PowerShell
2. Run the below query replacing $User with the name of the deleted user (e.g John Smith). This will output the details into a text file (C:\delegates.txt).
-
get-mailboxcalendarsettings | where-object{$_.ResourceDelegates -match"$user"} | out-file c:\delegates.txt -enc ASCII
Exchange 2007 4.3.1 Insufficient System Resources
We recently had a server that was receiving mail correctly, although the emails themselves were then never reaching the internal recipients. Checking over the Event Logs we saw the below error:
Level: Error
Source: MSExchangeTransport
Event ID: 15006
Reading on this further it looks to be due to a feature of the Exchange Transport service that monitors system resources called Back Pressure. We were running a little low on disk space so the easiest fix for us was to move the Queue to a different drive, the below sites explain this in full detail so are worth a read if you experience similar.
Microsoft Technet - Understanding Back Pressure
MSExchange.org - Understanding Back Pressure Feature in Exchange 2007
Petri.co.il - Back Pressure: Moving the queue Database in Exchange 2007
IIS7 HTTP Error 500.19 – Internal Server Error
Having upgraded a Server 2008 box with Service Pack 2 we noticed an issue when creating/using custom error pages in IIS. Unless it was down to my poor search terms I couldn't initially find much on the error as I'm no IIS expert, but it appears to be down to some changes made to IIS as part of the SP2 upgrade.
As the server was hosting Microsoft Exchange 2007 it was used for Outlook Web Access. We tend to make use of the redirect page to load from mail.domain.com straight to https://mail.domain.com/owa as per this MS article
When setting this up we found we received the below error (as well as Outlooks Out of Office not working):
ERROR:
HTTP Error 500.19 - Internal Server Error
Absolute physical path "C:\inetput\wwwroot\redir.htm" is not allowed in system.webserver/httpErrors section in web.config file. Use relative path instead.
FIX:
To resolve this as the error states we just needed to amend the path to the custom error page. This can be done either in the IIS console or by editing the web.config file usually in the \inetpub\wwwroot folder. Open the file in a text editor and edit the file path.
Absolute path:
-
<httperrors>
-
<remove statusCode="403" subStatusCode="-1" />
-
<error statusCode="403" prefixLanguageFilePath="" path="C:\inetpub\wwwroot\redir.htm" responseMode="File" />
-
</httperrors>
Relative path:
-
<httperrors>
-
<remove statusCode="403" subStatusCode="-1" />
-
<error statusCode="403" prefixLanguageFilePath="" path="redir.htm" responseMode="File" />
-
</httperrors>
Exchange 2007 Update Rollup 9 breaks OWA
Having installed Update Rollup 9 for Exchange 2007 on a number of different sites we finally had one that broke Outlook Web Access. OWA would load yet several images were just placeholders and after logging in no actual inbox could be read as all the Fonts and styling were screwed up.
Checking this site may help - Click Here
In our case running the UpdateOWA.ps1 resolved the issue.
FIX:
Step 1) Load the Exchange Management Shell
Step 2) Navigate to your Exchange Bin directory via the management shell - usually C:\Program Files\Microsoft\Exchange Server\Bin
Step 3) Run the UpdateOWA.ps1 script (done by entering .\UpdateOWA.ps1)
Outlook Web Access IIS Redirecting HTTP to HTTPS
One thing I still find with users is that they love to mistype URLs! One common mistake is to enter in the Outlook Web Access URL without specifying the https:// prefix, so here's how we can have http:// automatically redirect to https:// for the OWA directory
Note: this is based on a Small Business Server 2008 install although can apply to any standard Exchange 2007 setup
Step 1) Open up the IIS Console and expand the appropriate Site containing the OWA folder. Select the OWA folder.
Step 2) Open up the Error Pages icon.
You should now see a list of the default error pages
Step 3) On the right side of the window under Actions click Add
Step 4) Create the following custom error page and click Ok
Status Code: 403.4
Select Respond with a 302 redirect
Enter the full HTTPS URL to your OWA location e.g. https://mail.mydomain.com/owa
Step 5) Test the redirect is now working from a client machine
Moving Public Folder Replica – SSL Certificate Error
As part of a recent SBS 2003 - SBS 2008 migration we came across the following error when trying to move the Public Folder's from Exchange 2003 to Exchange 2007. When we told Exchange 2003 to move the Replica Set we saw the below error:
The SSL certificate server name is incorrect
ID no: c103b404
Exchange System Manager
Searching for a resolution we found a number of sites that listed removing the SSL certificate requirement on the exadmin folder (As per http://support.microsoft.com/kb/324345). Unfortunately this wasn't a complete fix as it also appeared we then needed to use adsiedit to remove the :443: binding on the service. The fix below worked for us:
- In IIS navigate to the Exadmin folder, Right click to bring the “Properties” window up and go to the “Directory Security” tab
- In the “Secure Communications” section select “Edit”.
- Make sure to deselect “Require secure channel (SSL)” and “Require 128-bit encryption.”
- If the “Require 128-bit encryption.” is selected and greyed out, make sure to select “Require secure channel (SSL)” and deselect “Require 128-bit encryption.” then deselect “Require secure channel (SSL)” again.
- Goto Start – Run and type adsiedit.msc
- In the left side pane expand the Configuration container.
- Next expand CN=Configuration, then CN=Services, CN=Microsoft Exchange, CN=, CN=Administrative Groups, CN=First Administrative Group, CN=Servers, CN=Protocols, CN=HTTP, CN=1
- Right Click on CN=Exadmin and choose Properties.
- In the Properties dialog box you will see 2 drop-down lists. drop down the top list and select “Both”. Drop down the second list and scroll down to the attribute “msExchSecureBindings” and double click on it.
- If this attribute is set to 443, click the 443 value to select it and click the “Remove” button. Then click “Apply” and then “OK”
- Close out of ADSI Edit,
- Restarted IISadmin service
Test the replication again, hopefully all should now be working as expected.
PFDAVAdmin “Could not expand” error
Recently came across this problem on a Server 2008 box running Exchange 2007. Having downloaded the PFDAVAdmin utility and trying to connect to all mailboxes, it gives the below error when you try to expand any of them. Fortunately it's a nice and easy fix!
Error:
Could not expand https://servername/exadmin/admin/domain/mbx/emailaddress/non_ipm_subtree/: Name cannot begin with the '0' character, hexadecimal value 0x30. Line 1, position 417.
Fix:
Run the PFDAVAdmin utility from a workstation, can download from HERE
Download Microsoft .NET Framework 1.1 HERE
DO NOT install this on the Exchange 2007 server as it will most likely reset the current .NET 2.0 settings and break Exchange 2007.
Exchange 2007 with Single Name SSL Certificate
Having configured a number of Exchange 2007 sites that only use a Single Name SSL certificate a few issues can be experienced. Outlook will often throw a couple errors your way if a few changes aren't made to Exchange/DNS to ensure they point to the name used in the SSL certificate. These errors are below:
Outlook 2007 Errors:
Information you exchange with this site cannot be viewed or changed by others. However, there is a problem with the site's security certificate.
Your Out of Office settings cannot be displayed, because the server is currently unavailable. Try again Later.
If you're seeing the above I'd suggest checking out the below site on how to best configure Exchange to suit the SSL certificate being used.
Install Microsoft Exchange 2007 Anti-Spam component
From http://support.microsoft.com/kb/555924
1. Log on to the Hub Transport Server.
2. Go to "Start" -> "Programs" -> "Microsoft Exchange Server 2007".
3. Open "Exchange Management Shell".
4. Write "Install-AntispamAgents.ps1" and press on the "Enter" key.
5. Restart "Microsoft Exchange Transport" service.
6. Go to "Start" -> "Programs" -> "Microsoft Exchange Server 2007".
7. Open "Exchange Management Console".
8. Navigate to "Microsoft Exchange" -> "Organization Configuration" > "Hub Transport".
9. A new tab, named "Anti-Spam" should appear.
Note: To revert to Exchange 2007 default settings, use "uninstall-AntispamAgents.ps1"
script and restart the "Microsoft Exchange Transport" service.