Author Archives: Godwin Daniel

Exchange 2013 Emails stuck in Drafts

No outgoing Emails in Exchange 2013 fresh install , sent emails get stuck in Drafts folder in OWA,

Scenario: The problematic environment was a fresh install of exchange 2013, no migration and new mailboxes were created, but when emails were sent they got stuck in the drafts folder, OWA or outlook both failed sending emails. This is a 2012 environment, main DC and a member 2012 server, both being virtual and the server hosting exchange was a clone server.

Diagnosis: After enabling verbose logging on the default receive connector, the following error messages were seen in the SMTP recieve located here: C:\Program Files\MicrosoftExchange Server\V15\TransportRoles\Logs\Hub\ProtocolLogSmtpReceive\

X.X.X.X:2525,X.X.X.X:53103,>,421 4.3.2 Service not available,

Enabled kerberos logging  using :http://support.microsoft.com/default.aspx?scid=kb;EN-US;262177

after this checked the eventlogs showed a huge number of Kerberos related errors under System:

A Kerberos error message was received:
on logon session DOMAIN.LOCALExchangeservername$
Client Time:
Server Time: 0:35:49.0000 3/19/2014 Z
Error Code: 0x6 KDC_ERR_C_PRINCIPAL_UNKNOWN

Checked to make sure all services are running and checking SPN are set correctly using the setspn commands:

setspn -L hostname
setspn -r AccountName

more details here: http://social.technet.microsoft.com/wiki/contents/articles/717.service-principal-names-spns-setspn-syntax-setspn-exe.aspx

Also checked to make sure correct DNS settings were used in the Exchange server under EAC=>Servers=>edit=>DNS lookups.

In my case both internal and external lookups were set to ” all network adapters ipv4″

Solution: Eventually it turned out to be the Security Policy setting wasnt enabled for Access this computer from the network Policy in Group Policy

The default domain policy was applied to the OU where the Exchange 2013 server was, hence updated default domain policy: so open Group Policy Editor and go to

Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\

Put a tick on Define these policy settings and add the default groups as per : http://technet.microsoft.com/en-us/library/cc740196(v=ws.10).aspx

  • Administrators
  • Backup Operators
  • Users 
  • Everyone

Please note this is a 2012 server and for some reason there are no power users as per the article.

Did a gpupdate /force on DC and exchange and reboot exchange services and voila all stuck emails were going out one at a time.

At this point in time the kerberos errors are still being generated, I still need to fix this…more soon.

 

Remote Desktop Disconnected, unable to connect Windows 2003 Server via RDP

I ran into this problem after doing a successful recovery of server which failed miserably. Was able to ping and RDP was enabled and listening on the right port number etc, but kept getting the error when trying to RDP into the 2003 server.

“The client could not connect to the remote computer. Remote connections might not be enabled or the computer might be too busy to accept new connections. It is also possible that network problems are preventing your connection.”

The Resolution:

To resolve the problem make sure that the correct network adapter is bound to RDP-TCP connection. To do this, follow these steps:
1. On the server, logon to the server locally (not using Remote Desktop/Terminal Client).
2. Click Start, Run, type “tscc.msc /s” (without qutation marks and click OK.
3. In the Terminal Services Configuration snap-in double-click Connections, then RDP-Tcp in the right pane.
4. Click the Network Adapter tab, select the correct network adapter and click OK.
5. Make sure that you can establish an RDP connection to the server.

Alternative resolution steps.
Use these steps only if you can not perform local logon to the affected server.
WARNING: Using Registry Editor incorrectly may cause serious problems that may require you to reinstall your operating system. Use Registry Editor at your own risk and only after making backup of full Registry and the keys you are going to change. Please see More Information section for registry backup and restore information.
1. Start Registry Editor (Regedt32.exe).

2. Click File\Connect network Registry. Enter computer name or IP address and click OK. Firewalls between your computer and the affected server may prevent successfull connection. Remote Registry service should be running on the server.

3. Navigate to the following registry key (path may wrap):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}

4. Under this key are one or more keys for the globally unique identifiers (GUIDs) corresponding to the installed LAN connections. Each of these GUID keys has a Connection subkey. Open each of the GUID\Connection keys and look for the Name value. Choose the connection you want Terminal Services to use.

5. When you have found the GUID\Connection key that contains the Name setting that matches the name of your LAN connection, write down or otherwise note the GUID value.

6. Then navigate to the following key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\lanatable. Using the GUID you noted in step 5 select subkey. Note it’s LanaId.

7. Navigate to the following value:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp\LanAdapter. Change it’s data to the value you noted in step 6. If you want RDP to listen on all LAN adapters enter value of 0.

source: http://support.microsoft.com/kb/555382

nsebin.def files filling up C:\Windows\Temp folder; norman scan engine update issue in Microsoft Forefront

Recently bumped into problem where an exchange 2010 server was running low in disk space on the C drive.  After checking all aspects like exchange database location, log files, shadow copies and page file, in the end it was the C:\Windows\temp folder, there were a bunch of tmp files with the name nsebin.def files similar to below but too many in numbers

nsebin.def.xxxx.temp file

nsebin.def.xxxx.temp file

A quick Google search led me to this post on technet: http://social.technet.microsoft.com/Forums/en-US/FSENext/thread/ca55530e-3850-49a0-9cd6-2ffd562301ce

This problem is due to a recent bug on the Norman Scan Engine update which surfaced around 25/4/2013 following which older nsebin.def files weren’t removed and hence the build up. One can certainly imagine what this might do to a 40Gb System drive partition as each of these of files were around 320Mb and downloaded twice a day if you have forefront downloading automatically for you.

The solution as of now is to delete the nsebin.def files as and when you get low on space, there is no need to restart any services for this, just get in there and DELETE, do not delete the nse_temp files.

As there is no fix yet, as suggest on the post, disable the Norma Scan engine and update schedules as below in Forefront:

Disable Norman Scan engine and update schedule

Disable Norman Scan engine and update schedule

One has also suggested rebuilding the Norman Engine folder to get Forefront to automatically fix this, but this hasnt worked for me, but you are welcome to try.

Rebuild Norman Engine Folder:

To do this locate the Norman folder C:\Program Files (x86)\Microsoft Forefront Protection for Exchange Server\Data\Engines\x86\Norman  or on a different drive where you installed forefront and rename the folder to Norman.old

Rename Norman folder

Rename Norman folder

Once done renaming, open the forefront console and force an update by going to Policy Management > Global Settings > Advanced Options > Update Scheduling section,  right click the Norman engine there and select update now.

Update norman engine

Update norman engine

You should now see a new Norman folder created, but the problem is the old def files are still there.

MS is still working on this and I will update this post when I find out that my problem has been fixed.

update 13/5/13: Still nothing from MS, I have left Norman scan engine and update schedule disabled.

update: 15/5/13: MS have released a fix, if you have disabled the scheduled update, enable it.

reason 442: failed to enable virtual adapter on windows 8

After installing Cisco VPN Client Windows 8 64Bit you get the error reason 442: failed to enable virtual adapter when trying to connect.

Solution:

  • Open regedit
  • Browse to the Registry Key HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\CVirtA
  • Select the DisplayName to modify, and remove the leading characters from the value data up to the last “%;”
  • for 64 bit; change the value data from something like “@oem8.inf,%CVirtA_Desc%;Cisco Systems VPN Adapter for 64-bit Windows” to “Cisco Systems VPN Adapter for 64-bit Windows”
  • for 32bit; change the value data from something like “@oem8.inf,%CVirtA_Desc%;Cisco Systems VPN Adapter” to “Cisco Systems VPN Adapter”

Reboot to test, the above solution worked for me on Cisco client version 5.0.0.07.0240 64bit.

Windows could not search for new updates, error code 8024402F

This error encouuntered on a windows 7 computer which was never updated. Clicking the option to Get help with this error and then run the Microsoft Fixit doesnt seem to help.

The issue was due to DNS on the client computer pointing at the default gateway for DNS, switching to one of the public DNS fixed the problem, changed DNS to google public dns 8.8.8.8 and 8.8.4.4 got the updates working again.

Error 1053: The service did not respond to the start or control request in a timely fashion.

Windows could not start the Print Spooler service on Local Computer.Error 1053: The service did not respond to the start or control request in a timely fashion.

This could also few other services like Mcafee agent in my case.

Cause:
The ServiceBase class calls the OnStop method directly from the Service command handler that is defined in the ScDispatcherLoop of the Advapi32.dll file. After 30 seconds, if the ScDispatcherLoop thread is not ready to receive a new service command from the service control manager, Windows Service Controller marks the service as “time out.” Therefore, you receive this error message.

Solution: http://support.microsoft.com/kb/839174

If you have the latest .Net framework, simply download the .Net web installer and run the repair install.

http://www.microsoft.com/en-gb/download/details.aspx?id=17851

Sent message is not saved in the Sent items folder of Shared/ additional mailbox when you “Send As” that mailbox

When you send an e-mail message from a shared mailbox in Outlook 2007, the sent message is not saved in the Sent Items folder of the shared mailbox

In this scenario, when you send an e-mail message from the shared mailbox, the message is sent successfully. However, the sent message is not saved in the Sent Items folder of the shared mailbox.

You configure the DelegateSentItemsStyle registry entry for Microsoft Office Outlook 2007.

To do this, you set the DWORD value of the following registry key to 1:
HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Outlook\Preferences\DelegateSentItemsStyl

If you are on Office 2007 SPS3 you dont need the hotfix mentioned below.

To resolve this problem, install the Outlook 2007 hotfix package that is dated June 30, 2009 and then set the value for the

DelegateSentItemsStyle

registry entry to enable the hotfix package. To do this, follow these steps:

  1. Install the Outlook 2007 hotfix package that is dated June 30, 2009. For more information about this hotfix package, http://support.microsoft.com/kb/970944
  2. Set the value for the
    DelegateSentItemsStyle

    registry entry to enable the hotfix.

Or just run the Microsoft Fixit:

http://go.microsoft.com/?linkid=9780417

To edit the registry yourself:

  1. Click Start, click Run, type regedit, and then click OK.
  2. Locate and then click the following registry subkey:
    HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Outlook\Preferences
  3. On the Edit menu, point to New, and then click DWORD Value.
  4. Type DelegateSentItemsStyle, and then press ENTER.
  5. Right-click
    DelegateSentItemsStyle

    , and then click Modify.

  6. In the Value data box, type 1, and then click OK.
  7. Exit Registry Editor.

Saved credentials not working when connecting to 2008 Terminal server from windows 7

“Your credentials did not work. Your system administrator does not allow the use of saved credentials to log on to the remote computer because its identity is not fully verified”

You get the above error when attempting to connect via RDP to a 2008 terminal server session, you are then able to connect using the same password typed in manually no matter how many times you try saving the correct password for the RDP connection.

One would probably get frustrated having to enter the password for a zillion rdp connections as Win 7 is not using the saved credentials. To get around this:

  1. Click on Start, and then in the search bar type: gpedit.msc
  2. Expand Computer Configuration, Expand Administrative Templates, Expand System, Expand Credentials Delegation
  3. Double Click on “Allow Delegating Default Credentials with NTLM-only Server Authentication“. Click the “Show…” button, Enter the following: TERMSRV/*
  4. Click OK, to close the Show Contents Window, Click OK again to close the next window.
  5. Double Click on “Allow Delegating Saved Credentials with NTLM-only Server Authentication“. Click the “Show…” button, Enter the following: TERMSRV/*
  6. Click OK, to close the Show Contents Window, Click OK again to close the next window.
  7. Click on Start, and then in the search bar type: GPUPDATE /FORCE

You should now be able to save the password for the RDP connection.

Excel and Word 2007 missing letters when printing

The characters in an equation are not printed when you print a Word 2007 document on a Windows XP-based or Windows Server 2003-based computer

To work around this issue, install the Complex Script support files. To do this, follow these steps:

  1. Click Start, and then click Run
  2. Type intl.cpl, and then click OK.
  3. Click the Languages tab.
  4. Under Supplemental language support, click to select the Install files for complex script and right-to-left languages (including Thai) check box.
  5. When you receive the following message, click OK to close the message:
    You chose to install the Arabic, Armenian, Georgian, Hebrew, Indic, Thai and Vietnamese language files. This will require 10 MB or more of available disk space. The files will be installed after you click OK or Apply on the Regional and Language Options dialog box.
  6. Click OK to close the Regional and Language Options dialog box

http://support.microsoft.com/kb/960985

 

Create a Shared Mailbox in Exchange 2007

Create shared mailboxes in Exchange 2007  using powershell  as the EMC in Exchange 2007 doesnt allow you to create shared mailboxes like the new exchange 2010.

You can do this with the help of the new-mailbox cmdlet.

Below is an example of creating a shared mailbox called Info and then assigning the info security group full access to the shared mailbox.

New-Mailbox -Name:’info’ -OrganizationalUnit:’contoso.loal/OU/users OU’ -Database:’Mailbox Database’ -UserPrincipalName:’info@contoso.com’ -Shared

Exchange 2007 will now create a shared mailbox and also create a disabled active directory account.

Now to assign full access

Add-MailboxPermission Info -User:’info group’ -AccessRights:FullAccess

You can also convert a mailbox to shared one usin the set-mailbox cmdlet.

Set-Mailbox Info -Type:Shared

Once this is done, you are now able to manage the shared mailbox via Exchange Management console if you need to assign permissions for full access or send as permission. The following powershell command is used to assign send-as rights and read/write personal information.

Add-ADPermission info -User:’info Group’ -ExtendedRights:Send-As -AccessRights:ReadProperty, WriteProperty -Properties:’Personal Information’