Categories
blog exchange howto server

Exchange 2010 Outlook Anywhere proxy security certificate wildcard *.domain.com

When you use a wildcard certificate on your Exchange 2007 or 2010 environment you can receive an error on outlook:
There is a problem with the proxy servers's security certificate.
The name on the security certificate is invalid or does not match the name of the target site mail.domain.com
Outlook is unable to connect to the proxy server (Error code 0)

Error1
When using internally your outlook may connect just fine using the normal RPC-TCP method.
This happens because outlook is checking the name on the certificate for mutual authentication to ensure your are connecting to the right server. Outlook gets this information from the autodiscover service.
error2
If you manually change the value to msstd:*.domain.com it works, but the autodiscover will put the other value back in a matter of minutes. Autodiscover assumes a value equal to the external name set on your CAS server (in my case mail.domain.com) and uses this.

To override this behavior use the following exchange shell command:
Set-OutlookProvider EXPR -CertPrincipalName msstd:*.domain.com
After you adjust this, you need to restart the “world wide web publishing” service, because of caching.

You could also disable this “Mutual authentication”, but it’s a good security feature, so I wouldn’t.
Set-OutlookProvider EXPR -CertPrincipalName none
Remember to restart the W3P service.

Be aware that when you set $null instead of none Exchange will go back to default behavior and use the external name from the CAS server.

reference: http://blogs.technet.com/b/umutg/archive/2011/01/31/all-about-set-outlookprovider.aspx

Categories
blog exchange howto server windows

Exchange missing public folder database after adsiedit changes

I had to use Adsiedit.msc to manually remove the Public folder database on an Exchange 2007 i was trying to uninstall. I already had a new public folder database with all replica’s present on my Exchange 2010 server, so i was confident in removing the older Exchange 2007 PF database through Adsiedit. In the meantime I also removed the “First Administrative group” since this was left from Exchange 2003.

I then proceeded to uninstall Exchange 2007 without further issues.
I was surprised and horrified to find the Exchange 2010 Public Folder database missing in the “Database management tab” on “Organization – Mailbox” in the Exchange 2010 Management console. I tried various things, such as:
1) Restart information store
2) Recreate PF DB with exact same name, but this error saying it already had a DB with that name.

I ran the Best Practices Analyzer and it told me “Site folder server deleted”. I clicked on the help and it showed me how to fix this.

Open an Active Directory editor, such as ADSI Edit.
Locate the public folder information store that you want to designate as the Site Folder Server. For Exchange Server 2000 through Exchange Server 2007, expand the following nodes in the Configuration container:
CN=Configuration,DC=,DC=com, CN=Services, CN=Microsoft Exchange, CN=, CN=Administrative Groups, CN= CN=Servers, CN=, CN=InformationStore, CN=
For Exchange Server 2010, expand the following nodes in the Configuration container:
CN=Configuration,DC=,DC=com, CN=Services, CN=Microsoft Exchange, CN=, CN=Administrative Groups, CN=Exchange Administrative Group (FYDIBOHF23SPDLT), CN=Databases
In the right pane, right-click CN=, and then click Properties.
In the Attributes field, scroll down and select the distinguishedName attribute.
Click Edit, and then copy the entire attribute to the Clipboard.
Expand the Configuration container, and then expand CN=Configuration,CN=,CN=com, CN=Services, CN=Microsoft Exchange, CN=, CN=Administrative Groups
Right-click the administrative group you want to modify, and then click Properties.
In the Attributes field, scroll down and select the siteFolderServer attribute.
Click Edit, and then paste the value for the distinguishedName attribute into the Value field.
Double-check the contents of the Value field to ensure the paste was performed correctly, and then click OK to save the change.
Click OK to close the Administrative Group properties.
Exit the Active Directory editor and restart the Microsoft Exchange Server Information Store service on all Exchange Server computers in the site for the change to take effect.

I reran the BPA and the error was gone, but my PF database was still missing.
After some research on the internet I came by the solution thanks to “BFTech Impressions”.
Specifically in my case the “msExchOwningPFTree” attribute was empty on my PF database container and needed to be filled with the value from the “distinguishedName” attribute from the Public Folder container uner “Folder Hierarchies”, the first 2 steps in my case were not needed, these were still present.

Here is the link to the article:
http://blog.bruteforcetech.com/archives/766
Please click on the links for detailed instructions and screenshots.

These are his instructions I quote here so that in the case the original disappears the information is not lost.

Here are the instructions to fix it:
Open ADSI Edit, connect to a Domain Controller, change the context to Configuration.

Create the Folder Hierarchies under the Exchange Administrative Group
Navigate to Configuration ⇒ Services ⇒ Microsoft Exchange ⇒ [your organization] ⇒Administrative Groups ⇒ [your administrative group]
Right click on your administrative group and select New Object
Select msExchContainer as class and click Next
Enter the following as value: Folder Hierarchies, click Next, Finish

Create the Public Folders Tree Object
Right click Folder Hierarchies and select New Object
Select msExchPFTree as class, click Next
Enter the following as value: Public Folders, click Next
Click on More Attributes button, drop down the “select a property to view” list, select msExchPFTreeType and set the attribute to 1 (it should populate into the value field).
Click OK, Finish

Populate the msExchOwningPFTreeBL attribute object of the PF Store
(Tell the Public Folder database where to find the new folder hierarchy you just created)
Double click the newly created “Public Folders” object
Double click distinguishedName, copy the value to the clipboard, click Cancel
Exchange 2007: open properties of Configuration ⇒ Services ⇒ Microsoft Exchange ⇒ [your organization] ⇒ Administrative Groups ⇒ [your administrative group]⇒ Servers ⇒ [your server] ⇒ Information Store
Exchange 2010: open properties of Configuration ⇒ Services ⇒ Microsoft Exchange ⇒ [your organization] ⇒ Administrative Groups ⇒ [your administrative group] ⇒ Databases ⇒ [your Public Folder database]
Double click the msExchOwningPFTree attribute, paste the value that was copied to the clipboard in step 2
Click OK twice

Categories
blog howto windows

SERVER SIDE SOLUTION: Outlook Web Access 2003 does not work in Internet Explorer 10

When you want to view your Exchange 2003 e-mail via Outlook Web Access on Internet Explorer 10 you don’t see your e-mails but a black text instead:

exchweb/img/tf_Messages.xsltable-layout:fixed;width:100%;MessagesBKBMBfalseNonepercentImportancei4http://schemas.microsoft.com/exchange/x-priority-long1101width:13px;cursor:hand;text-align: center; Item Typestringhttp://schemas.microsoft.com/exchange/outlookmessageclass1101width:20px;cursor:hand;text-align: center; FlagStatusi4http://schemas.microsoft.com/mapi/proptag/x109000031101width:20px;cursor:hand;text-align: center; Attachmentbooleanurn:schemas:httpmail:hasattachment1101width:15px;cursor:hand;text-align: center; Fromstringhttp://schemas.microsoft.com/mapi/sent_representing_name1001width:23%;cursor:hand;text-align: ;padding-right:3px;padding-left:3px; Subjectstringhttp://schemas.microsoft.com/mapi/subject1001width:40%;cursor:hand;text-align: ;padding-right:3px;padding-left:3px; Receiveddateurn:schemas:httpmail:datereceived1001width:26%;cursor:hand;text-align: ;padding-right:3px;padding-left:3px; ddd M/d/yyyyh:mm ttSizei4http://schemas.microsoft.com/mapi/proptag/x0e0800031001width:11%;cursor:hand;text-align: right;padding-right:3px;padding-left:3px;padding-right:3px “http://schemas.microsoft.com/mapi/proptag/0x67aa000b” = false AND “DAV:isfolder” = falseurn:schemas:httpmail:datereceivedDESCdatebackground-color:buttonface

The solution is simple. Enable compatibility mode for the webpage (press alt to show the menu, look under tools).

If you want this done automatically for all your visitors you can also add a header on your IIS6 so that every viewer gets forced in Internet Explorer 8 compatibility mode. On your server open IIS manager, click the plus sign under default website and then select “Exchange” and right click and choose properties. Go to the TAB HTTP-HEADERS and add a customer header X-UA-Compatible with value IE=EmulateIE8.
IIS6-http-header

Now the browser receives this header and automatically uses compatibility mode.

Categories
blog howto windows

Exchange: Name Could Not be Matched to a Name in the Address List

English: “Name Could Not be Matched to a Name in the Address List”
Dutch: “Naam niet gevonden in de adreslijst”

Outlook showed this error while setting up the mailbox profile.
The user could login in to OWA without issues. In my case it had nothing to do with the Global Address List or Offline Address book.
Seems some attributes on the user in Active Directory were missing. In Exchange console i disabled the mailbox and thus removing exchange attributes from the user. The mailbox them became disconnected, and next I connected the mailbox again to the same user.

After that everything worked! If you have multiple AD sites remember that the Domain Controllers need time to sync.