Posts

Disabled accounts error hr=0x80040111, ec=-2147221231 when moving from Exchange 2003 to Exchange 2010

You can fix this by doing the following steps.
1. Start active directory users and computers.
2. Enable the AD account .
3. Goto the properties of the account, under Exchange Advanced -> Mailbox Rights -> Add in the SELF object and grant it full rights, including the ‘Associated External Account’ permission. 
4. Wait for the changes to replicate.  This could take awhile be patient.

Microsoft Small Business Server 2008

Microsoft SBS Server 2008 is an excellent solution for small businesses.  However, migrating to SBS 2008 is not that simple.  First things first it is essential that you migrate to a new physical server.  Doing an in place upgrade is a nightmare and I would not attempt to do it.  If you don’t have another server and your current server is of x64 platform then you should create a virtual machine and use a physical to virtual utility to convert your existing machine to a virtual machine.  Once that is done install SBS 2008 from scratch then power up the virtual machine.  You can then migrate over to SBS 2008.
It should also be noted that x64 is becoming the new standard.  It gives you a bus twice as big as its predecessor x86 processing.  That being said Windows Server 2008 requires x64 hardware.  It will not install on x86.
You basically have two choices when it comes to SBS2008 standard or premium.  The main difference is with premium edition you can have 2 servers in the domain.  As where standard was intended to be a single server solution.
Microsoft decided that ISA server would not be included in SBS 2008.  This in my opinion was a good idea.  There are things certain companies are good at and they should stick to their core competencies of things that they can perfect.  Cisco owns Microsoft when it comes to networking/firewall’s and Microsoft has better server solutions.  Do yourself a favor and do not try to use a “software” firewall solution.  Use a Cisco ASA 5505 or model that fits your needs.
SBS 2008 also has a built in web interface for connecting to your PC at work.  I believe RDP is the way to go for employees accessing your network remotely.  The reason being is their PC acts as a dumb terminal and they can see and feel their desktop as if they were sitting at it.  VPN solutions also known as virutal private networks are over rated.  When a client VPN’s from home they basically connect their PC to your internal networking.  Meaning that if their PC is compromised their attacker basically has a door to your network.  Since it is almost impossible to control employees’ PC’s at home it is inevitable at some point they will get a virus or spyware.  If you remember this is how Microsoft’s network was compromised a few years back. 
Also with the premium edition you have the ability to install SQL 2008 standard.  This is not an option with standard.
The steps for migrating from SBS 2003 are as follows:
Always run backups on your existing server first before doing anything.  This is vital.
Next go to Windows Updates and make sure you upgraded and installed all service packs and updates.
You must now raise the function level of your SBS 2003 domain that can be done by first demoting any NT4 or Windows 2000 domain controllers(if you have any).  Once that is complete Go to active directory domains and trust.  Right click on your domain and select raise domain functional level to 2003.  You must also upgrade the forest functional level to 2003.  This can be done by staying in the console and right clicking on active directory domains and trusts select raise forest functional level.
I would recommend next that you have all of your users go into Outlook.  Tell them to go to tools and empty recycle bin.  This will free up tons of space worth of trash.  It will help make your migration faster.
Make sure your source server has the correct time as this is essential:  w32tm /config /syncfromflags:domhier /reliable:no /update
net stop w32time
net start w32time
Make sure your domain is in native mode and not mixed
Next prepare your server by inserting the 2008 SBS DVD.  Go to tools click sourcetool and run it.  You are going to need an answer file for this which can be created by running SBSAfg.exe on the SBS 2008 DVD.
Keep in mind you must remove the source server.  You have 21 days.
When you install the new server make sure your answer file is on a USB drive.  It will be auto detected as long as it is in the source of any drive.  If it successfully detected after you answer all the Windows server 2008 questions you will get a start the migration page. 
To migrate Exchange 2003 to Exchange 2008 I would recommend you have all your users create a backup PST from Outlook.  This way you have local copies of your data.  Once that is complete then on the migration wizard home page click migrate exchange mailboxes and settings.  Follow the steps outlined.

Moving your Exchange 2003 database and log files

To move databases

  1. Start Exchange System Manager.
  2. Open the administrative group that contains the database that you want to change.
  3. Under Storage Group, right-click the mailbox store or the public folder store that you want to change, and then click Properties.
  4. Click the Database tab.
  5. Next to the database that you want to change, click Browse, and then specify a new drive or folder location for the files.
    Notes

    • With the databases, you can decide to move the Exchange Database (.edb file), the Exchange Streaming Database (.stm file), or both.
    • If the databases are still mounted, you receive the following message:
      You are about to perform the following operation(s):
      – change Exchange database location
      To perform the requested operation(s), the store must be temporarily dismounted which will make it inaccessible to any user.
      Do you want to continue?

      Click Yes to dismount the database automatically and move the location.

  6. When you finish moving the databases, remount the databases manually.

You can move the log files and database files to any folder that you want to create. When you move logs and database files, you may want to create the ExchsrvrMdbdata file structure for consistency reasons, but you are not obligated to do so.
You must grant the following default permissions to the new Mdbdata folder that contains the log files and database files:

  • Administrators: Full Control
  • Authenticated Users: Read and Execute, List Folder Contents, Read
  • Creator Owner: None
  • Server Operators: Modify, Read and Execute, List Folder Contents, Read, Write
  • System: Full Control

Note Only assign permissions to the Server Operators group if the Exchange server is a domain controller. Otherwise, assign permissions to the Power Users group. Only domain controllers should have permissions to the built-in Server Operators group. Stand-alone and member servers should have permissions to the built-in Power Users group.
You may also have to grant the following permissions to the root drive that contains the new Mdbdata folder:

  • System: Full Control

During the process of moving log files and database files, your store is temporarily dismounted. Because the store is temporarily dismounted, it is inaccessible to your users until the process is completed. Moving log files or database files invalidates all existing incremental and differential backups; therefore, make a full backup after these changes.
Do not delete or rename the Old MDBdata Folder path after you move the Exchange database. If you want to delete the old MDBdata folder, make sure that the following working directory parameter in the registry points to the new location:

HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesMSExchangeISParametersSystem
Value name: Working Directory
Value type: REG_SZ
Value data: C:Program FilesExchsrvrMdbdata

For more information, click the following article number to view the article in the Microsoft Knowledge Base:

298415  (http://support.microsoft.com/kb/298415/ ) Messages that have attachments are not delivered as expected, and Event ID 12003 and 327 messages are logged in Exchange 2000 Server and in Exchange Server 2003

Do not move databases to the root of a drive. Instead, move databases at least one subfolder down from the root drive. For example, do not use C: as the path of the database or log files. Instead, you could use the C:Subfolder path. In an organization that uses Exchange 2003 and Exchange 2007, the 2007 management tools will flag database or log files that are the root of a drive as an error. For more information, visit the following Microsoft Web site:

If you are using SSL and forms based authentication Activesync will be broken

In order to resolve this issue you must perform the following steps on your Exchange box.

Disable the forms-based authentication for the Exchange virtual directory

To create a secondary virtual directory for Exchange that is based on steps 1 through 7 of the following procedure, make sure that forms-based authentication is disabled for the Exchange virtual directory before you make the copy. Before you follow these steps, disable forms-based authentication in Exchange System Manager. Then restart Internet Information Services (IIS). To do this, follow these steps:

  1. Open Exchange Manager.
  2. Expand Administrative Groups, expand the first administrative group, and then expandServers.
  3. Expand the server container for the Exchange Server 2003 server that you will be configuring, expand Protocols, and then expand HTTP.
  4. Under the HTTP container, right-click the Exchange Virtual Server container, and then clickProperties.
  5. Click the Settings tab, clear the Enable Forms Based Authentication check box, and then click OK.
  6. Close Exchange Manager.
  7. Click Start, click Run, type IISRESET/NOFORCE, and then press ENTER to restart Internet Information Services (IIS).

Create a secondary virtual directory for Exchange server

You must use Internet IIS Manager to create this virtual directory for Exchange ActiveSync and Outlook Mobile Access to work. If you are using Windows Server 2003, follow these steps:

  1. Start Internet Information Services (IIS) Manager.
  2. Locate the Exchange virtual directory. The default location is as follows:
    Web SitesDefault Web SiteExchange
  3. Right-click the Exchange virtual directory, click All Tasks, and then click Save Configuration to a File.
  4. In the File name box, type a name. For example, type ExchangeVDir. Click OK.
  5. Right-click the root of this Web site. Typically, this is Default Web Site. Click New, and then click Virtual Directory (from file).
  6. In the Import Configuration dialog box, click Browse, locate the file that you created in step 4, click Open, and then click Read File.
  7. Under Select a configuration to import , click Exchange, and then click OK.
    A dialog box will appear that states that the “virtual directory already exists.”
  8. Select the Create a new virtual directory option. In the Alias box, type a name for the new virtual directory that you want Exchange ActiveSync and Outlook Mobile Access to use. For example, type exchange-oma. Click OK.
  9. Right-click the new virtual directory. In this example, click exchange-oma. ClickProperties.
  10. Click the Directory Security tab.
  11. Under Authentication and access control, click Edit.
  12. Make sure that only the following authentication methods are enabled, and then click OK:
    • Integrated Windows authentication
    • Basic authentication
  13. On the Directory Security tab, under IP address and domain name restrictions, clickEdit.
  14. Click the option for Denied access, click Add, click Single computer and type the IP address of the server that you are configuring, and then click OK twice.
  15. Under Secure communications, click Edit. Make sure that Require secure channel (SSL) is not enabled, and then click OK.
  16. Click OK, and then close the IIS Manager.
  17. Click Start, click Run, type regedit, and then click OK.
  18. Locate the following registry subkey:
    HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesMasSyncParameters
  19. Right-click Parameters, click to New, and then click String Value.
  20. Type ExchangeVDir, and then press ENTER. Right-click ExchangeVDir, and then clickModify.
    NoteExchangeVDir is case-sensitive. If you do not type ExchangeVDir exactly as it appears in this article, ActiveSync does not find the key when it locates the exchange-omafolder.
  21. In the Value data box, type the name of the new virtual directory that you created in step 8. For example, type /exchange-oma. Click OK.
  22. Quit Registry Editor.
  23. Restart the IIS Admin service. To do this, follow these steps:
    1. Click Start, click Run, type services.msc, and then click OK.
    2. In the list of services, right-click IIS Admin service, and then click Restart.
  24. If you want to reuse Forms-based Authentication on the Exchange server, follow these steps to re-enable Forms-based Authentication on the /Exchange virtual directory in Exchange System Manager.
    1. Open Exchange Manager.
    2. Expand Administrative Groups, expand the first administrative group, and then expand Servers.
    3. Expand the server container for the Exchange Server 2003 server that you will be configuring, expand Protocols, and then expand HTTP.
    4. Under the HTTP container, right-click the Exchange Virtual Server container, and then click Properties.
    5. Click the Settings tab, click to select the Enable Forms Based Authenticationcheck box, and then click OK.
    6. Close Exchange Manager.
    7. Click Start, click Run, type IISRESET/NOFORCE, and then press ENTER to restart Internet Information Services (IIS).

Note If the server is Microsoft Windows Small Business Server 2003 (SBS), the name of the Exchange OMA virtual directory must be exchange-oma.
The integrated setup of Microsoft Windows Small Business Server 2003 creates the exchange-omavirtual directory in IIS. Additionally, it points the ExchangeVDir registry key to /exchange-omaduring the initial installation. Other SBS wizards, such as the Configure E-mail and Internet Connection Wizard (CEICW) also expect the virtual directory name in IIS to be exchange-oma.

How to assign an email address to a public folder

Go to your Exchange server and open up the Exchange system manager.
From here drill down to Administrative Groups>First Administrative Group>Servers>[Servername]>First Storage Group>Public Folder Store>Public Folders
This will list all of your public folders.  From here you can browse to find the one that you want to assign an email address to.  Right click on it and go to properties.  From here click on the e-mail addresses tab.  Next click on the “new” button and select “SMTP Address”.  Now you can type whatever email you want in your domain and it will be delivered to this public folder for all to share.

Can't restore public folders after accidentally deleting.

I’m not sure if most people are aware but if you empty your deleted items or accidentally delete a public folder you can restore it by clicking on its parent folder and going to tools>recover deleted items.
However, occasionally when trying to restore a public folder you may receive an error:
Outlook was unable to recover some or all of the items in this folder.  Make sure you have the required permissions to recover items in this folder, and try again.  If the problem persists, contact your administrator.

error

You can still recover these items by downloading a utility called PFDAVAdmin.  I’m also under the impression you can do this from within OWA but I’ve never tried it before.
The PFDAVAdmin utility is pretty straightforward.  You put in the address of your Exchange server and your global catalog server.  Once you do this you should be able to view all of your public folders right click on the parent one and recovery the deleted items.