(PID 5856, Thread 164) Task Get-FederationTrust throwing terminating exception at stage Microsoft.Exchange.Data.Directory.ADTransientException: An error caused a change in the current set of domain controllers.. Exception: {2fa78b33-8275-45ce-a132-9bce2a244a92}

EventID: 5

I have seen this only in large Forest wide usage with Child domains and different Administrator accounts used to operate the console.

Error in Exchange 2010 Management Console

In Eventviewer

1. Close the console
2. Got C:\Users\USERNAME\AppData\Roaming\Microsoft\MMC
3. Backup and Delete the file: "Exchange Management Console"
4. Restart the Console

    

    

    

Exchange 2003 > 2010 Migration end phase, Remove MOVE Request fails with console

After decommission of Exchange 2003 you are not able to remove past LOCAL MOVE Request because the SOURCE MDB is not valid. You have to remove the Existing old MOVE Requests with Powershell.

If you are sure all MOVES have finished you can use following coommand:

Get-moveRequest | Remove-moveRequest

Error:

The Green arrow shows you that a MOVE Request has been done.

If you want to remove the PAST Move request and the source Mailbox is not valid anymore you receive this error.

The solution:

Powershell: Get-moveRequest | Remove-moveRequest

But just think of "The" Administrator finally getting his Exchange SAN-Cert Ready after doing a post doc on Powershell and Certs.

Finally he comes to the website where he should validate the Certificate and what does he see? ;-) I know the technical details and the revocation lists and patches and this even may be an old 2003 but it's just a funny picture....

Windows Mobile 7 / 7.5 shows Code 0x85010014

Activesync Logfiles shows:

C:\inetpub\logs\LogFiles\W3SVC1\*.*

403 0 0 15

For Activesync to work for the Migrated old users try the following

Open "Active Directory Users and Computers", checked the user properties, then clicked on the "Security" Tab, clicked on "Advanced" options, and you will find "Include Inheritable Permissions from this Object's Parent" will be unchecked. Check that option.

Open the Adsiedit container by going to "start", "run" and typing "adsiedit.msc", then opened the Domain partition, then opened "CN=System", then click the properties of "CN=AdminSDHolder", click "Security" Tab, clicked "Advanced" and check the option "Include Inheritable Permissions from this Object's Parent"

users are moved to new server, please check the permission settings and verify application event log to see what error is recorded; besides, test the connectivity via https://www.testexchangeconnectivity.com/.

More info on AdminsHolder:

http://policelli.com/blog/archive/2009/11/06/understanding-adminsdholder-and-protected-groups/

Exchange Analyzer Error:

'Domain Admins' does not have 'Read' permission of folder 'D:\Program Files\Microsoft\Exchange Server\V14\ClientAccess\OAB\8b27efc1-81c1-46cf-a09d-5f99bffcf097' on server. This will cause clients fail to download Offline Address Book via HTTP(s). Please add 'Read' permission of this folder to this group.

This is an Analyzer Error and false Report in mixed environment (As example und and English [Exchange] and German [Active Directory] Environment)

The Permissions are set correct:

http://technet.microsoft.com/de-ch/library/9983b665-6040-4343-9e83-c85b5bb330c3.aspx

This error has been reported as bug in Outlook 2010 and can be safely ignored. If you want to get rid of the error there is an options to set a Registry key on each client.

          Outlook 2007

HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Outlook\Options

Outlook 2003

HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Outlook\Options

Outlook 2002

HKEY_CURRENT_USER\Software\Microsoft\Office\10.0\Outlook\Options

EnableConflictLogging    Wert:    0

0 = Logging deaktivieren (Activate Loging)

1 = Alle Fehler protokollieren (Log all errors) > DEFAULT

2 = Nur kritische Fehler protokollieren (Only log critical)

There are several bugs or limitations with Outlook 2003 and Exchange 2010.

1) If you try to open more than two calendars you receive errors. There is also a hard limit of 16 additional calendars (Reception) which you may have to keep an eye on.

2) If you delete or move a single E-Mail you have a delay. This is due the fact that Outlook 2003 tries to reach the Exchange Server with another protocol. It will work but it tries first with wrong protocoll which has timeout and then gets the correct after that timeout.

Office Outlook 2003 does not connect to two or more additional mailboxes in a mixed Exchange Server 2007 and Exchange Server 2010 environment. http://support.microsoft.com/kb/978777/en-us

1) If you have Exchange 2010 SP1 then try following:

 $a = Get-ThrottlingPolicy | where-object {$_.IsDefault -eq $true}

$a | Set-ThrottlingPolicy -RCAMaxConcurrency 100

Screenshot shows the maximum value. Do not set to maximum to prevtn handys and "Virus" in worst case to open as many connections as the OS is limited to.

Restart the Service itself to make sure the new settings apply:

2) Also on the XP Office 2003 client which DID run before on 2000/2003 and other Exchange run:

 Check for Event 26 on the client:

Die Verbindung mit dem Microsoft Exchange Server wurde getrennt. Outlook wird die Verbindung so bald wie möglich wiederherstellen.

Weitere Informationen über die Hilfe- und Supportdienste erhalten Sie unter http://go.microsoft.com/fwlink/events.asp.

"C:\Program Files (x86)\Microsoft Office\Office14\Outlook.exe" /resetnavpane

 3) Check also for Events 4696 and if so:

If you know a certain user account that you have the problem because he reports it than also check the Exchange Stats:

get-Logonstatistics -Idnetity USERNAME | fl applicationID

Then count the "Client=MSExchangePPC which may not be over 16! If you have a full slot (16 connections) the change the hard coded limit of 16.

Here is an exmaple with 11 connections:

Here is a Outlook 2003 Sp3 running on a Exchange 2010 on a Small Business Server 2011.

This is a secretay/Phone client with a lot of calender or postboxes from other people.

This will not work stable as example. The Limit is 16 Connections she has 17.

"Mapi session "00cc3dde-64d7-4353-8050-00fc2057aae3: /O=xxxx/OU=xxxx/cn=Recipients/cn=customer.ch" exceeded the maximum of 32 objects of type "session"."

 Or you test on the client side:

Press "CTRL" and Right click on the Outlook tray icon (Where the watch is) and select "Verbindungstatus" or "Connection Status".

1) Chec the total amount of entries you see. They can't be near OR over 16 or you run into problems

2) Check the RPC Reaction time/Reaktionszeit

3) Check the Request/Error or in german Anfragen Fehler

http://technet.microsoft.com/en-us/library/ff477612.aspx

You need to use:

• Start Registry Editor (regedit).
• Navigate to the following registry subkey:
  \\HKEY_LOCAL_MACHINE \SYSTEM\CurrentControlSet\Services\MSExchangeIS\ParametersSystem.
• Right-click ParametersSystem, point to New, and then click DWORD (32-bit) Value.
  The new value is created in the result pane.
• Rename the key to one of the following values, and then press Enter:
  • Maximum Allowed Sessions Per User   This limit specifies the maximum allowable sessions per user.
  • Maximum Allowed Service Sessions Per User   This limit specifies the maximum allowed service sessions per user.
  • Maximum Allowed Exchange Sessions Per Service   This limit specifies the maximum allowed Exchange sessions per service. The default value is 10,000, and the Maximum value is 65536.
  • Maximum Allowed Concurrent Exchange Sessions Per Service   This limit specifies the maximum allowed concurrent Exchange sessions per service.
  • Disable Session Limit   This limit disables session limits. Set the value to 0 to turn off session limits. Set the value to 1 to turn on session limits.
• Right-click the newly created key, and then click Modify.
• In the Valuedata box, type the number of objects to which you want to limit this entry, and then click OK. Use the preceding table to view the default settings.

 See also:

http://social.technet.microsoft.com/wiki/contents/articles/1586.concern-is-having-outlook-2003-clients-going-to-prevent-me-from-deploying-exchange-2010.asp

Concern: Is Having Outlook 2003 Clients Going to Prevent Me from Deploying Exchange 2010?

 An these two hotfixes:

http://support.microsoft.com/kb/2212002/
Description of the Outlook 2003 hotfix package (Outlook.msp): July 1, 2010
Meeting Text Wrong

http://support.microsoft.com/kb/2510153/en-us
Description of the Office Outlook 2003 hotfix package (Olkintl.msp, Engmui.msp): March 9, 2011
The connection to the Microsoft Exchange Server is unavailable. Outlook must be online or connected to complete this action.

Issue that this hotfix package fixes

Consider the following scenario:

• You run Microsoft Office Outlook 2003 in an Exchange Server 2010 environment.
• You open another user's calendar folder or delegated mailbox that is located on the Exchange server.
• The connection to the Exchange server is lost and Outlook tries to reconnect automatically.

In this scenario, Office Outlook 2003 cannot reconnect to the Exchange server. Additionally, this may occur when you close and restart Office Outlook 2003. When this occurs, you receive the following error message:

Folders take a long time to update when an Exchange Server 2010 user uses Outlook 2003 in online mode

Problem:

If you delete or move a single E-Mail you have a delay. This is due the fact that Outlook 2003 tries to reach the Exchange Server with another protocol. It will work but it tries first with wrong protocoll which has timeout and then gets the correct after that timeout.

Solution:

1) Enable Outlook Cached Mode

2) Install Exchange 2010 Rollup 7 or later (Or go to SP2)

3) Install this FIXIT which changed a Regsitry Value

http://support.microsoft.com/kb/2009942/en-us

Default size is 10MB and that is just how it should be. Even if freeware mail provider has 50MB Limits. It's not a law but it's historical SMTP/RFC value from and people have lived with it for 15 years. Then some nerd put it up 5MB and others had to follow.

Everyone who lets a e-mail attachment larger than 20MB in the www should be blocked and blacklisted.

Use FTP, SharePoint or a commercial Data room solution (Not free stuff) if you are too stupid for ZIP or Splitting ZIPS.

Per User:

Per Exchange Organisation with Powershell:

Set-TransportConfig -MaxReceiveSize 50MB -MaxSendSize 50MB

On the separate Receive Connectors:

Here is a logfile:

Here is how to check the Sizes with telnet. Make sure your Mcafee or other virus Software does not block SMTP/Ports25 from test client.

Do Not forget to check the SIZE on your in-house SPAM Filter

Exchange will DROP the e-mail IF you have a mismatch in the size in your internal networtk. As example if you have a Fortimail 100 and an Exchange 2010 and the sizes are different. Fortimail will not re-try internal per default.

You will loose that e-mail!

Some links:

http://exchangepedia.com/2007/09/exchange-server-2007-setting-message-size-limits.html

 Text from RFC and why it's OK some device just drops the email which is too big.

http://tools.ietf.org/html/rfc1870

6.2  Client action on receiving response to extended MAIL command

Windows Mobile is the only mobile device range which is not cheatable with the man in the middle SSL-Spoof.

IOS 5 and current Android may be unsafe currently if you use self signed SSL Cert for the Activesync IIS Site.

Explained For non IT-managers (people who pay IT people and reduce their budget)

http://www.wpcentral.com/windows-phone-dodges-black-hat-2012-certificate-vulnerability

http://www.blackhat.com/usa/bh-us-12-briefings.html

http://searchsecurity.techtarget.com/news/2240160456/Black-Hat-2012-SSL-handling-weakness-leads-to-remote-wipe-hack

An excellent link from SINA for anyone who discuss using SSD Solid State Disk in Server or Storage. Good Real World data collected in one PDF.

http://www.snia.org/sites/default/files/AnilVasudeva_Are_SSDs_Ready_Enterprise_Storage_Systemsv4.pdf

Swisscom has sent a minor automatic change to all their mobile customers. The IPHONE or HTC new automatic connects to their Swisscom WIFI Hotspot if in range (Stores/Malls/Airport).

Because you handy is connected to WIFI it may think you are HOME or in the OFFICE where you may have unlimited bandwidth access.

In most applications/Apps you can tell the IPHONE when and OVER what connection to UPDATE. In this case the IPHONE

is connected to WIFI and think it's at home and does larger updates.

The transfer size will clearly swap over the limit of 250MB/500MB/1000MB you have with Swisscom and thus for any fuirther MB you pay.

In the report from SFDRS is a short movie how to turn this off.

http://www.srf.ch/konsum/themen/multimedia/mobile-eapsim-swisscom-trickst-kunden-aus

http://www.tagesanzeiger.ch/digital/mobil/Der-Aerger-mit-dem-kostenpflichtigen-SwisscomWLAN/story/18874269

http://www.id.uzh.ch/dl/mobil/wlan/CheckSSID/iphoneEAPSIM.html

http://www.fhnw.ch/services/ict/email/smartphone/deaktivierung-eapsim_iphone

Please make sure you turn off this option of you are a Swisscom mobile customer.

Error while you try to remove/Change the HUB Transport role from an Exchange 2010 server.

There may some cases where you have to MOVE or migrate the HUB-Role in an existing Exchange 2010 setup to another server.

To uninstall the Hub Transport Role from an existing Exchange 2010 Server:

Command: Setup /mode:uninstall /role:ht

Here are some errors which may come up:

There are 102 messages waiting in the 'SERVERC02\6' queue. Proceeding with the removal of the server role may result in data loss.

Setup cannot continue with the uninstall because the 'mmc' (Exchange Management Console) process (ID: 4924) has open files. Close the process and restart Setup.

This computer is configured as a source transport server for 1 connector(s) in the organization. These must be moved or deleted before Setup can continue.

The Exchange Server setup operation didn't complete. More details can be found in ExchangeSetup.log located in the <SystemDrive>:\ExchangeSetupLogs folder.

Exchange Server setup encountered an error.

Make sure the NEW Hub-Transport-Role Server is installed.

Then take a look why the old HT-Role does not uninstall.

Error example:

There are 102 messages waiting in the 'SERVERC02\6' queue.

How to fix:

First make SURE there is no E-Mail in the Queue of the mentioned Exchange 2010.

Migrate any custom "Receive Connectors" AND then remove them to Uninstall/change the HUB-Rolle.

Error:

This computer is configured as a source transport server for 1 connector(s) in the organization. These must be moved or deleted before Setup can continue.

How to fix:

This is where you can see that the mentioned server is still as Source Server for routing on one of the "Send Connectors"

After that all goes fine:

Error after importing a SAN/UC Certificate in Exchange 2010:

Error 1: "The certificate is invalid for exchange server usage"

This is because of a missing ROOT and Intermediate CA not imported.

Now Error After you resolved you get:

Error 2: "The certificate status could not be determined because the revocation check failed"

That means the Certificate Service (Certutil) can reach some URL from Microsoft or from the Cert PKI provider (Example Comodo)

Error: When your see the second error you are unable to"Export" a certificate in EMC / Exchange 2010 GUI. (Like for Load Balancer or CAS-Array)

HINT> If the certificate Status is NOT valid you still are able to "ENABLE"  the imported Certificate with Powershell.  We are unsure if Export would work.

See http://www.butsch.ch/post/Generate-SAN-UC-Certificate-SSL-on-Exchange-2010.aspx on how to do that.

First error comes "The certificate is invalid for exchange server usage" because suddenly your up to date Windows Server does not have an actual updated ROOT CA from some Cert Publishers.

1. Import the Root CA Files you got together with the provider on your Exchange 2010 CAS Server.

1. If you have a ROOT CA (Certificate Authority) you may publish the Root CA through your OWN CA to the Windows Domain. Type CERTUTIL in command to find out if you have/had one and then please ask the PKI-Engineer in your environment to help (If you have one ;-)

Here is how to manual import on the Exchange 2010 CAS:

The file you got from your PKI-Provider together with your certificate.

Start > mmc

Import the Root CA you got from your ISP to your Exchange 2010 CAS Server.

1. ROOT CA (Most with Root in the name) to "Trusted >Root Certification Authorities")

Import the second Certificate you got from the Provider to "Intermediate"

After this you see in the Exchange 2010 EMC under Server (on right side)

The certificate status could not be determined because the revocation check failed

Check which Certificate paths the Exchange wants to have access to AND open those on the FIREWALL/WEBFILTER or use the correct PROXY Settings. Open the URL string you see in a Browser and check if you can download the files. Just make sure your Exchange 2010 can reach those URLs.

certutil -URLcache CRL (Check)

Here is an output from certutil -URLcache

http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab

http://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl

http://crl.microsoft.com/pki/crl/products/MicCodSigPCA_08-31-2010.crl

http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab

http://crl.microsoft.com/pki/crl/products/CSPCA.crl

http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab

Also and esp. for Comodo Certificates check and validate where your CERT itself want to go and OPEN those URL.

certutil -verify -urlfetch c:\edv\13296984.crt (13296984.crt filename of your provider Certificate)

----------------  Certificate AIA  ----------------

 Failed "AIA" Time: 0

   Error retrieving URL: The operation timed out 0x80072ee2 (WIN32: 12002)

   http://crt.comodoca.com/COMODOHigh-AssuranceSecureServerCA.crt

  ----------------  Certificate CDP  ----------------

 Failed "CDP" Time: 0

   Error retrieving URL: The operation timed out 0x80072ee2 (WIN32: 12002)

   http://crl.comodoca.com/COMODOHigh-AssuranceSecureServerCA.crl

 ----------------  Certificate OCSP  ----------------

 Failed "OCSP" Time: 0

   Error retrieving URL: The operation timed out 0x80072ee2 (WIN32: 12002)

   http://ocsp.comodoca.com

   Revocation Check Failed "Certificate (0)" Time: 0
    [0.0] http://crt.usertrust.com/AddTrustExternalCARoot.p7c

  Verified "Certificate (1)" Time: 0
    [0.1] http://crt.usertrust.com/AddTrustExternalCARoot.p7c

  Revocation Check Failed "Certificate (0)" Time: 0
    [1.0] http://crt.usertrust.com/AddTrustUTNSGCCA.crt

  ----------------  Certificate CDP  ----------------
  Verified "Base CRL (0bbc)" Time: 0
    [0.0] http://crl.usertrust.com/AddTrustExternalCARoot.crl

  ----------------  Base CRL CDP  ----------------
  No URLs "None" Time: 0
  ----------------  Certificate OCSP  ----------------
  Verified "OCSP" Time: 63
    [0.0] http://ocsp.usertrust.com

OPEN these URL on the Firewall also:

http://crt.comodoca.com/COMODOHigh-AssuranceSecureServerCA.crt
http://crl.comodoca.com/COMODOHigh-AssuranceSecureServerCA.crl
http://ocsp.comodoca.com
http://crt.usertrust.com/AddTrustExternalCARoot.p7c
http://crt.usertrust.com/AddTrustUTNSGCCA.crt
http://crl.usertrust.com/AddTrustExternalCARoot.crl
http://ocsp.usertrust.com

PROXY 

If you have a PROXY do not to EXCLUDE your > Exmaple > *.domain.local from the PROXY or your Exchange EMC want work anymore!

If you can't open the CAS Server to those URL or you don't have the right to do so. Check how to configure the Proxy Setting with NETSH.

http://exchangeserverpro.com/exchange-2010-certificate-revocation-checks-and-proxy-settings/
http://www.geekmungus.co.uk/microsoft-exchange/exchange2010-ucccertificatethecertificateisinvalidforexchangeserverusage
http://blogs.technet.com/b/pki/archive/2007/09/13/how-to-refresh-the-crl-cache-on-windows-vista.aspx
http://blogs.technet.com/b/exchange/archive/2010/07/26/emc-and-certificates-with-failed-revocation-checks-in-exchange-2010.aspx
http://support.microsoft.com/kb/979694/en-us
http://msexchangeguru.com/2012/11/12/certificate-revocation/

certutil -urlcache crl delete (Clean Cache)

certutil -urlcache ocsp delete (Clean Cache)

• Please also check our post (http://www.butsch.ch/post/Exchange-2010-Resource-Rooms-Booking-Delegate-to-Assitant.aspx) which handles more complex rooms with delegates

In general you would give someone "Full access" with the ESM Exchange Management Konsole and that person then opens the Mailbox or Room with outlook.exe. Here is way to do this with powershell. As example if an assistant wants access to the calendar of her boss and he is on the plane. Please make sure you understand local laws and have the right to do so.

Important: The syntax keywords are language sensitive "Kalender or Calendar"

[PS] C:\>Get-MailboxFolderPermission "Sitzungszimmer_1_og:\calendar"

This is the place the end-user or you with outlook.exe would do such commands.

Screenshot above and below shows out of the box permission with nothing changed

Here is how to change to permissions:

German

Set-MailBoxFolderPermission Sitzungszimmer_2_OG:\kalender -User default -AccessRights PublishingEditor

Get-MailboxFolderPermission -identity sitzungszimmer_2_og:\kalender

English

Set-MailBoxFolderPermission Sitzungszimmer_2_OG:\calendar -User default -AccessRights PublishingEditor

Get-MailboxFolderPermission -identity sitzungszimmer_2_og:\calendar

Sets standard values for everyone which is authenticated on the Domain to "Publishing Editor"

A list of the English command can be found here:

http://www.o365info.com/2012/09/room-mailbox-powershell-commands.html

http://technet.microsoft.com/de-de/library/ff522363(v=exchg.150).aspx

CAS-Array auf SAN Cert oder nicht?

http://social.technet.microsoft.com/Forums/exchange/en-US/d933f572-effd-40a4-b8a7-894729dbee0b/exchange-2010-cas-array-and-ssl-certificate

http://social.technet.microsoft.com/Forums/exchange/en-US/33ee2eb4-15f0-4873-ba9b-334b342f7bed/cas-array-name-in-certificate

No, the RPC CAS Array host name should not be in the SSL certificate. People who are posting otherwise are wrong.

http://social.technet.microsoft.com/Forums/exchange/en-US/a53c42db-f58b-418f-aebc-f56f75ed9015/san-certificate-for-exchange-2010-cas-array

http://social.technet.microsoft.com/Forums/exchange/en-US/144eecf0-1963-4768-a08a-7c06eb2a79f1/cas-cas-array-nlb-ip-addresses-and-certificate-names

TN 5703 - How do I enroll for an Entrust SSL certificate when my sites are load balanced?

http://www.entrust.net/knowledge-base/technote.cfm?tn=5703

1 oder 2 san Certs WENN Load Balancer?

http://serverfault.com/questions/68753/does-each-server-behind-a-load-balancer-need-their-own-ssl-certificate

How to load balance a Web server farm by using one SSL certificate in IIS 6.0 and in IIS 5.0

http://support.microsoft.com/kb/313299/en-us

Your third option here is buy a SAN certificate, place all relevant names on that cert, and install the same certificate on all your servers and on load balancer. The more servers you have, the more cost effective this becomes

http://forums.comodo.com/ssl-certificate/ssl-certificate-for-cluster-behind-load-balancer-t84262.0.html

I need to secure multiple load-balanced servers; do I use the same CSR for each server?

http://www.geocerts.com/ssl/faq#csr11

Exporting/Importing SSL Certificates Between Windows Servers

http://www.geocerts.com/support/migrate_iis

Export import SAN, Exchange 2010 fuer Load Balancer

http://www.cb-net.co.uk/citrix-articles/2013-netscaler-load-balancing-exchange-2010

http://techlib.barracuda.com/resources/download/LBADCv50.pdf

http://technet.microsoft.com/en-us/library/ff625248.aspx

Analyze and Debug you Certs

https://www.ssllabs.com/ssltest/analyze.html

http://www.digicert.com/help/

You can use regular Scheduler from Server 2008R2 to start a Powershell direct. But here is how to make a Link

which you can double click.

This is what we want:

Note your paths from the Powershell Batch and your exchange Install Directory:

Exchange 2010 in: "D:\Program Files\Microsoft\Exchange Server\V14"

Exchange Powershell File you want to run: "C:\batch\reindex.ps1"

Make a new Link on your Windows Desktop

Link Start in: "D:\Program Files\Microsoft\Exchange Server\V14\Bin"

Link Target: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -version 2.0 -noexit -command ". 'c:\batch\reindex.ps1'"

File: c:\batch\reindex.ps1

The red part is what's missing from regular Windows Powershell TO the yellow Exchange Powershell.

Subject Range: RE: [#SMV-xxxxxxxxxxxxxxxxxxxx]: Transfer - Ueberweisung

Since today 08.08.2013 starting around 17:10 O'clock CET we see a large amount of "Reply – Delete me also" spam running through all kind devices and also large enterprise

Spam filters. We even have a reply from Swiss federal E-Mail domain @admin.ch which hosts all or most E-Mail accounts of Swiss federal employee. We also see large

Amount of Reply Switzerland's university's and college's which most of them are experts in SPAM defense and have developed Grey Listening modules which commercial spam filters use.

That's means that this E-mail drops though all very expensive commercial and Linux mail filters currently.

Most of those people have/had the E-Mail already opened and some of them already replied WHICH then makes another wave of spam. It's to date unclear If the E-Mail contains a 0-day

Exploit. Mcfaee VSE 8.8 SP2, SEP Corporate Edition client side with actual Defintions, CLAM-AV and Group shield with actual Defintions did not show any malware at 22:00 CET European time.

1. Do NOT reply to the E-Mail (You will generate another wave with thousands of E-Mail)
2. Visit http://www.bakom.admin.ch/dienstleistungen/faq/01834/01872/index.html?lang=en and report the case (Link at the bottom)
3. And yes above link is also involved in the SPAM wave itself, so reporting to them and telling them to "teach their employee HOW to use E-mail nefore handing out a client or mobile"

    

Just about in time and parallel to those many, many Social MSDN Blogs which nobody could solve except via PST Export and import (Which I don't like and is kind of messy because it stops AT the next best corrupt item!) MS has released Rollup 2 for Exchange 2010 SP3. And yes it resolves the Microsoft.Exchange.Data.Storage.PropertyErrorException: Property: [0x3ff00102] , PropertyErrorCode: UnknownError, PropertyErrorDescription: 0x80040107 error so many people had who migrated Public Folders during that period in AUG/SEP 2013.

I just fixed a customer Public Folder nirvana with German/English Exchange Categories, End Dates, 48'000 items per PF and Corrupt Elements when at the end we had no 1020 Replication Errors and then simply could get simply PF's with 2 items not in sync.

With the PS from Mike Walker you can nicely compare to Exchange Server and the items.

http://blog.mikewalker.me/2013/05/exchange-2010-public-folder-replication.html

http://www.microsoft.com/en-us/download/details.aspx?id=39835

Update Rollup 2 for Exchange Server 2010 SP3 addresses the vulnerabilities that are described in Microsoft Security Bulletin MS13-061 and resolves the issues that are described in the following Microsoft Knowledge Base (KB) articles:

2855083 > http://support.microsoft.com/kb/2855083/de

Public Folder contents are not replicated successfully from Exchange Server 2003 or Exchange Server 2007 to Exchange Server 2010

Consider the following scenario:•You have an environment that Update Rollup 4 for Microsoft Exchange Server 2010 Service Pack 2 (SP2) or a later update or version of Exchange Server 2010 coexists with Microsoft Exchange Server 2003 or Microsoft Exchange Server 2007.

•You try to replicate Public Folder contents from Exchange Server 2003 or Exchange Server 2007 to Exchange Server 2010.

In this scenario, some Public Folder contents are not replicated from Exchange Server 2003 or Exchange Server 2007 to Exchange Server 2010. Additionally, the following event is logged in the Application log:

Log Name:     Application

Source:      MSExchange Store Driver

Date:     Date and Time

Event ID:     1020

Task Category:     MSExchangeStoreDriver

Level:     Error

Keywords:      Classic

User:     N/A

Computer:     Computer

Description:

The store driver couldn't deliver the public folder replication message "Backfill Request (SMTP Address)"

because the following error occurred: Property: [0x3ff00102] , PropertyErrorCode: UnknownError, PropertyErrorDescription: 0x80040107.

Also check Rollup 11 for Exchange 2007 SP3 which fixes a issue with the LAST Public Folder not moving to Exchange 2013

http://support.microsoft.com/kb/2873746

Issues that the update rollup resolves

Update Rollup 11 for Exchange Server 2007 SP3 addresses the vulnerabilities that are described in Microsoft Security Bulletin MS13-061

And resolves the issues that are described in the following Microsoft Knowledge Base articles: 

• 2852663

  (http://support.microsoft.com/kb/2852663/ )

  The last public folder database on Exchange 2007 cannot be removed after migrating to Exchange 2013
• 2688667

  (http://support.microsoft.com/kb/2688667/ )

  W3wp.exe consumes excessive CPU resources on Exchange Client Access servers when users open recurring calendar items in mailboxes by using OWA or EWS

RTF = Rich Text Format (The text/enriched MIME Content-type)

http://tools.ietf.org/html/rfc1563

http://msdn.microsoft.com/en-us/library/office/aa140284(v=office.10).aspx

http://en.wikipedia.org/wiki/Transport_Neutral_Encapsulation_Format

Transport Neutral Encapsulation Format or TNEF is a proprietaryemail attachment format used by Microsoft Outlook and Microsoft Exchange Server. An attached file with TNEF encoding is most often named winmail.dat or win.dat, and has a MIME type of Application/MS-TNEF. The official (IANA) media type, however is application/vnd.ms-tnef.^[1]

If a sender does send an E-Mail to EXTERNAL address:

1. And he chooses RTF and NOT HTML or Text as Text Type
2. The existing CONTACT under the same E-mail address has a Format type of RTF
3. The existing CONTACT was handled on some device that messes up this settings (Ericson Handy, Palms all other strange old mobile solutions)
4. The existing CONTACT was handled on some strange device from APPLE (Not IPHONE > IMAC with MS office)

Then you may receive a WINMAL.DAT on outgoing E-mail messages.

There are two solutions to handle this:

Client SIDE solution

http://office.microsoft.com/en-001/outlook-help/change-the-message-format-to-html-rich-text-or-plain-text-HP001232996.aspx

http://support.microsoft.com/kb/278061/en-us

Change the message format for all messages

You can configure Outlook so that all new e-mail messages use the message format of your choice.

1. On the Tools menu, click Options, and then click the Mail Format tab.
2. In the Compose in this message format list, click the format that you want.

   Change the message format for all messages sent to a specified Internet recipient

3. Open the contact card for the recipient.
4. In the E-mail box, double-click the recipient's e-mail address.
5. In the Internet Format list, select the format that you want to use for messages to this recipient.

    Note   You can change the format for only the messages sent to a contact with an SMTP e-mail address. An SMTP e-mail address contains the @ symbol — for example, barbara@contoso.com. If you are using an Exchange account and sending to another person in your organization who is also using an Exchange account, this feature is not available.

    

    

    

   So kann man dies pro Kontakt nachsehen:

   
   a) Kontakt auswählen
   
   b) Doppelklick auf die E-Mail Adresse im Kontakt
   
   c) Symbol >Rechts Oben > Weitere Optionen fuer Interaktion mit dieser Person Anzeigen / Outlook Eigenschaft
   
   d) Auswahl: Internet Format (Dort gibt es Als NUR Text Speichern / Im Outlook Rich Text Format / Automatisch)
   

   Server SIDE Solution:

   Change the settings on the Exchange 2010 HUB.

Here is how the Erros looks in Outlook.

OAB, Offline Address book Sync fails with 0x80190194 in a Load Balancer Environment with CAS-Array.

Example:

1 x Load Balancer Setup (outlook.customer.ch)

1 x CAS-Array (outlook.customer.ch)

1 x CAS1.customer.ch (CAS/HUB)

1 x CAS2.customer.ch (CAS/HUB)

2 x MBX Server

Check your OAB Settings (Do not ask about the 98/2003) just select them. You may disable it after it works. Check the both CAS Servers you have are green and listed under their full CAS name not the CAS-Array or Load Balancer address.

On both CAS Servers check if you have the LOAD Balancer or CAS-ARRAY FQDN. We focus on the internal distribution.

Do not search in direction if SSL for the OAB this is a different story. Default is https://servernamefqdn/oab (443)

Change this on both CAS Server and do an IISRESET on both CAS:

Delete the full Content of the Folder (Example D: Installation)

D:\Program Files\Microsoft\Exchange Server\V14\ClientAccess\OAB

Generate new adressbooks /Publish that to all CAS with Powershell:

Get-OfflineAddressBook | Update-Offlineaddressbook

Update-FileDistributionService "cas1"

Update-FileDistributionService "cas2"

Check BOTH cas Servers for the Files to populate:

\\CAS1\D$\Program Files\Microsoft\Exchange Server\V14\ClientAccess\OAB\*GUID***

\\CAS2\D$\Program Files\Microsoft\Exchange Server\V14\ClientAccess\OAB\*GUID***

Get the GUID from your CAS Server (in red)

D:\Program Files\Microsoft\Exchange Server\V14\ClientAccess\OAB\b7ed04c4-d330-47b8-b42d-7a918e4726ab

Test with Internet Explorer if you can open the XML file. Maybe also check INTERNET EXPLORER Proxy Settings (You may add FQDN Name of the Load Balancer address and the both single CAS Names into the PROXY Exceptions to be sure).

https://outlook.customer.ch/oab/2875a149-a624-4140-b4dd-333d18fbe9f8/oab.xml

https://cas1.customer.ch/oab/2875a149-a624-4140-b4dd-333d18fbe9f8/oab.xml

 https://cas2.customer.ch/oab/2875a149-a624-4140-b4dd-333d18fbe9f8/oab.xml

Normal permission:

1. You have permission as "Authenticated user" on the XML File
2. You do NOT have permission to LIST the folder \oab or \oab\GUIDXXXXXX\
3. If you have any EXPA (Analyzer) reports about MISSING Permission this may be resulted to MIXED environment of GERMAN / ENGLISH Domain Controller and Exchange (http://www.butsch.ch/post/Exchange-Analyzer-false-Error-OAB-Permissions-in-language-mixed-env-(GERENG).aspx)

    

No prompt fort username and password should come!

Test it with outlook.exe

Right click CTRL on Outlook Icon in TRAY by Clock

The RCPort show FIXED RPC Ports on the CAS Server (Something special)

How to Test if the client has a valid Offline Address book

Enable Cache Mode of Outlook temporary

Start Outlook.exe

Take the test COMPUTER OFFLINE (No network cable) and open address book.

You see entries while not network cable > The offline Address book should not work offline.

If no content is displayed it is not working start from above