Exchange – Failed to mount database(hr=0x80040115, ec=-2147221227)

KB ID 0000664 

Problem

The Exchange server on my test network stopped working, the mailbox database was not mounted. When I attempted to mount it:

[box]
--------------------------------------------------------
Microsoft Exchange Error
--------------------------------------------------------
Failed to mount database '{Database Name}'.
{Database Name}
Failed
Error:
Couldn't mount the database that you specified. Specified database: {Database Name}; 
Error code: An Active Manager operation failed with a transient error. Please retry 
the operation. Error: Database action failed with transient error. Error: A 
transient error occurred during a database operation. Error: MapiExceptionNetworkError: 
Unable to make admin interface connection to server. (hr=0x80040115, ec=-2147221227)
Diagnostic context:
......
Lid: 12696 dwParam: 0x6D9 Msg: EEInfo: Generation Time: 2012-08-28 13:55:49:266
Lid: 10648 dwParam: 0x6D9 Msg: EEInfo: Generating component: 2
Lid: 14744 dwParam: 0x6D9 Msg: EEInfo: Status: 1753
Lid: 9624 dwParam: 0x6D9 Msg: EEInfo: Detection location: 501
Lid: 13720 dwParam: 0x6D9 Msg: EEInfo: Flags: 0
Lid: 11672 dwParam: 0x6D9 Msg: EEInfo: NumberOfParameters: 4
Lid: 8856 dwParam: 0x6D9 Msg: EEInfo: prm[0]: Unicode string: ncalrpc
Lid: 8856 dwParam: 0x6D9 Msg: EEInfo: prm[1]: Unicode string:
Lid: 12952 dwParam: 0x6D9 Msg: EEInfo: prm[2]: Long val: -1988875570
Lid: 12952 dwParam: 0x6D9 Msg: EEInfo: prm[3]: Long val: 382312662
Lid: 24060 StoreEc: 0x80040115
Lid: 23746
Lid: 31938 StoreEc: 0x80040115
Lid: 19650
Lid: 27842 StoreEc: 0x80040115
Lid: 20866
Lid: 29058 StoreEc: 0x80040115 [Database: {Database Name}, Server: 
PNL-EX.petenetlive.net].
An Active Manager operation failed with a transient error. Please retry the operation. 
Error: Database action failed with transient error. Error: A transient error occurred 
during a database operation. Error: MapiExceptionNetworkError: Unable to make admin 
interface connection to server. (hr=0x80040115, ec=-2147221227)
Diagnostic context:
......
Lid: 12696 dwParam: 0x6D9 Msg: EEInfo: Generation Time: 2012-08-28 13:55:49:266
Lid: 10648 dwParam: 0x6D9 Msg: EEInfo: Generating component: 2
Lid: 14744 dwParam: 0x6D9 Msg: EEInfo: Status: 1753
Lid: 9624 dwParam: 0x6D9 Msg: EEInfo: Detection location: 501
Lid: 13720 dwParam: 0x6D9 Msg: EEInfo: Flags: 0
Lid: 11672 dwParam: 0x6D9 Msg: EEInfo: NumberOfParameters: 4
Lid: 8856 dwParam: 0x6D9 Msg: EEInfo: prm[0]: Unicode string: ncalrpc
Lid: 8856 dwParam: 0x6D9 Msg: EEInfo: prm[1]: Unicode string:
Lid: 12952 dwParam: 0x6D9 Msg: EEInfo: prm[2]: Long val: -1988875570
Lid: 12952 dwParam: 0x6D9 Msg: EEInfo: prm[3]: Long val: 382312662
Lid: 24060 StoreEc: 0x80040115
Lid: 23746
Lid: 31938 StoreEc: 0x80040115
Lid: 19650
Lid: 27842 StoreEc: 0x80040115
Lid: 20866
Lid: 29058 StoreEc: 0x80040115 [Database: {Database Name}, 
Server: PNL-EX.petenetlive.net]
An Active Manager operation failed with a transient error. Please retry the operation. 
Error: MapiExceptionNetworkError: Unable to make admin interface connection to server. 
(hr=0x80040115, ec=-2147221227)
Diagnostic context:
......
Lid: 12696 dwParam: 0x6D9 Msg: EEInfo: Generation Time: 2012-08-28 13:55:49:266
Lid: 10648 dwParam: 0x6D9 Msg: EEInfo: Generating component: 2
Lid: 14744 dwParam: 0x6D9 Msg: EEInfo: Status: 1753
Lid: 9624 dwParam: 0x6D9 Msg: EEInfo: Detection location: 501
Lid: 13720 dwParam: 0x6D9 Msg: EEInfo: Flags: 0
Lid: 11672 dwParam: 0x6D9 Msg: EEInfo: NumberOfParameters: 4
Lid: 8856 dwParam: 0x6D9 Msg: EEInfo: prm[0]: Unicode string: ncalrpc
Lid: 8856 dwParam: 0x6D9 Msg: EEInfo: prm[1]: Unicode string:
Lid: 12952 dwParam: 0x6D9 Msg: EEInfo: prm[2]: Long val: -1988875570
Lid: 12952 dwParam: 0x6D9 Msg: EEInfo: prm[3]: Long val: 382312662
Lid: 24060 StoreEc: 0x80040115
Lid: 23746
Lid: 31938 StoreEc: 0x80040115
Lid: 19650
Lid: 27842 StoreEc: 0x80040115
Lid: 20866
Lid: 29058 StoreEc: 0x80040115 [Server: PNL-EX.petenetlive.net]
MapiExceptionNetworkError: Unable to make admin interface connection to server. 
(hr=0x80040115, ec=-2147221227)
Diagnostic context:
......
Lid: 12696 dwParam: 0x6D9 Msg: EEInfo: Generation Time: 2012-08-28 13:55:49:266
Lid: 10648 dwParam: 0x6D9 Msg: EEInfo: Generating component: 2
Lid: 14744 dwParam: 0x6D9 Msg: EEInfo: Status: 1753
Lid: 9624 dwParam: 0x6D9 Msg: EEInfo: Detection location: 501
Lid: 13720 dwParam: 0x6D9 Msg: EEInfo: Flags: 0
Lid: 11672 dwParam: 0x6D9 Msg: EEInfo: NumberOfParameters: 4
Lid: 8856 dwParam: 0x6D9 Msg: EEInfo: prm[0]: Unicode string: ncalrpc
Lid: 8856 dwParam: 0x6D9 Msg: EEInfo: prm[1]: Unicode string:
Lid: 12952 dwParam: 0x6D9 Msg: EEInfo: prm[2]: Long val: -1988875570
Lid: 12952 dwParam: 0x6D9 Msg: EEInfo: prm[3]: Long val: 382312662
Lid: 24060 StoreEc: 0x80040115
Lid: 23746
Lid: 31938 StoreEc: 0x80040115
Lid: 19650
Lid: 27842 StoreEc: 0x80040115
Lid: 20866
Lid: 29058 StoreEc: 0x80040115
[/box]


Solution

1. On closer inspection, I noticed the Exchange System Attendant was not running, and when I tried to launch it is started then stopped?

2. And the Exchange Information Store service was also not running, (that explains why the database won’t mount).

3. And when I tried to start that:

Error Windows could not start the Microsoft Exchange Information Store on Local Computer. For more information review the System Event Log. If this is a non Microsoft service, contact the service vendor, and refer to server-specific error code -2147221213

4. Fair enough, the Event Viewer yielded this:

Event ID 5003

Error
Unable to initialize the Microsoft Exchange Information Store service because the clocks on the client 
and on the server machine are skewed. This may be caused by a time change either in the client or the 
server machine, and may require a reboot of that machine. Other than that, verify that your domain is 
properly configured and is currently online.

Well the clock on the Exchange server was correct, as were the clocks on the domain controllers they were both sync’d and in the same time zone.

5. The Exchange server is a VMware virtual machine, and even though it is not set to take it’s time from the host, the time on the host was incorrect.

6. Firstly set the time correctly on the ESX host, (below I’ve used an external NTP server, though you can just manually set the time).

7. Then restart the Exchange Active Directory Topology Service, make sure all the services come up correctly, and check the database has mounted.

Related Articles, References, Credits, or External Links

NA

Event ID 9327

KB ID 0000480 

Problem

Seen when an Exchange server attempts to build the Offline Address book but encounters an error.

Source: MSExchangeSA
Event ID: 9327
Task Category: (13)
Level: Warning
Keywords: Classic
User: N/A
Description:
OALGen skipped some entries in the offline address list 'Global Address List'. To see which entries are affected, event logging for the OAL Generator must be set to at least medium. 

This is just an instruction to enable logging so that you can see the REAL error.

Solution

Option 1 Enable Logging via the Exchange Management Shell

1. Launch the Exchange Management Shell and check the current logging level it will probably be set to “Lowest” Issue the following command:

[box]Get-EventLogLevel[/box]

Then scroll down to “MSExchangeSAOAL Generator” and check its status.

2. To turn the logging Level Right up issue the following command:

[box]Set-EventLogLevel -Identity “MSExchangeSAOAL Generator” –Level Expert[/box]

Option 2 Enable Logging via the Exchange Management Console

1. Launch the Exchange Management Console > Server Configuration > Right click the offending server > Manage Diagnostic Logging Properties > Expand MSExchangeSA > Select OAL Generation > Tick Expert > Configure > Finish.

Then rebuild the Offline address Book

1. Launch the Exchange Management Console > Organization Configuration > Offline address book Tab > Right click “Default Offline address Book” > Update.

2. Select “Yes” when prompted.

3. Wait a few minutes the re-check the server application log, you will see this error again but there should be a more descriptive error near it to let you know what is failing.

 

Related Articles, References, Credits, or External Links

NA

Event ID 9323

KB ID 0000481 

Problem

Seen when an Exchange server attempts to build the Offline Address book but encounters an error.

Source: MSExchangeSA Event ID: 9323 Task Category: (13) Level: Warning Keywords: Classic Description: Entry ‘{Username}’ has invalid or expired e-mail certificates. These certificates will not be included in the offline address list for ‘Global Address List’.

Solution

1. Go to a domain controller, Launch “Active Directory Users and Computers”, Select View and enable “Advanced Features”. Locate the username reported in the error (In this example it’s the administrator), On the properties for that user locate the “Published Certificates” tab.

If you can’t see the published certificates tab you are probably on the Exchange Server and NOT on a domain controller.

2. You will see that this user has a certificate which you can see by pressing the view certificate button, In this case we can see that the certificate has expired.

3. I didn’t need to renew this certificate, so I simply removed it.

Then rebuild the Offline address Book

1. Launch the Exchange Management Console > Organization Configuration > Offline address book Tab > Right click “Default Offline address Book” > Update.

2. Select “Yes” when prompted.

3. Wait a few minutes the re-check the server application log, to make sure it now completes without error.

Related Articles, References, Credits, or External Links

NA

Event ID 3

KB ID 0000341 

Problem

Event ID 3

Source: SystemServiceModel

Error: WebHost failed to process a request. Sender Information.

Exception: System.ServiceModel.ServiceActivationException: The service ‘/EWS/exchange.asmx’ cannot be activated due to an exception during compilation.  The exception message is: Security settings for this service require ‘Anonymous’ Authentication but it is not enabled for the IIS application that hosts this service.. —> System.NotSupportedException: Security settings for this service require ‘Anonymous’ Authentication but it is not enabled for the IIS application that hosts this service.

It’s simple permissions error in IIS.

Solution

1. Locate the Virtual Directory in the error message, in the example above that the EWS virtual directory. (Exchange Web Services).

2. Click Start > Administrative Tools > Internet Information Services (IIS) Manager > Expand Sites > Default Web sites > locate the problem virtual directory > Select it then open authentication.

3. Make sure “Anonymous Authentication” is set to enabled.

4. Then restart web services, click Start > in the run/search box type cmd{enter} > Execute the following command,

[box]iisreset /noforce[/box]

Related Articles, References, Credits, or External Links

NA

Event ID 9323

KB ID 0000481 

Problem

Seen when an Exchange server attempts to build the Offline Address book but encounters an error.

Source: MSExchangeSA
Event ID: 9323
Task Category: (13)
Level: Warning
Keywords: Classic
Description:
Entry '{Username}' has invalid or expired e-mail certificates. These certificates will not be included in the offline address list for 'Global Address List'. 

Solution

1. Go to a domain controller, Launch “Active Directory Users and Computers”, Select View and enable “Advanced Features”. Locate the username reported in the error (In this example it’s the administrator), On the properties for that user locate the “Published Certificates” tab.

If you can’t see the published certificates tab you are probably on the Exchange Server and NOT on a domain controller.

2. You will see that this user has a certificate which you can see by pressing the view certificate button, In this case we can see that the certificate has expired.

3. I didn’t need to renew this certificate, so I simply removed it.

Then rebuild the Offline address Book

1. Launch the Exchange Management Console > Organization Configuration > Offline address book Tab > Right click “Default Offline address Book” > Update.

2. Select “Yes” when prompted.

3. Wait a few minutes the re-check the server application log, to make sure it now completes without error.

 

Related Articles, References, Credits, or External Links

NA

Backup Exec – Error “0xe0009585 – Unable to open a disk of the virtual machine”

KB ID 0000349 

Problem

Seen while using Backup Exec 2010 R2, while attempting to backup an Exchange 2010 server (on Windows server 2008 R2) in a VMware virtualised environment (using the VMware Backup Exec Agent).

Click for Larger Image

Errors Read

Job Completion Status

Completed status: Failed
Final error: 0xe0009585 – Unable to open a disk of the virtual machine.
Final error category: Resource Errors

Errors

Backup- VMVCB::”Virtual infrastructure”
V-79-57344-38277 – Unable to open a disk of the virtual machine.

VixDiskLib_Open() reported the error: You do not have access rights to this file
V-79-57344-38277 – Unable to open a disk of the virtual machine.

VixDiskLib_Open() reported the error: You do not have access rights to this file

Solution

This involves two reboots of the target machine start planning downtime, or warning your users.

1. Go to the Virtual Machine that you are trying to backup (in my case the Exchange server)

2. Start > run > appwiz.cpl > Locate and uninstall the VMware tools > when prompted to > reboot.

3. Reinstall the VMware tools but this time choose “CUSTOM INSTALL” > Locate the “Volume shadow Copy Service”.

4. Change the drop down so that this option will not be installed > complete the VMware tools installation and reboot when prompted.

 

Related Articles, References, Credits, or External Links

NA

Managing Forefront Endpoint Protection (FEP) with Microsoft Group Policy (GPO)

KB ID 0000604

Problem

FEP is Microsoft’s offering for antivirus, try to think of it as the corporate version of Security Essentials. Just about everything on the net for managing it seems to be geared to managing it with SCCM. Which is fine if you have SCCM, but what if you don’t? Thankfully you can manage it with group policy, even if information on how to do it is rarer than hens teeth!

With a Microsoft CoreCAL you can use the FEP client, so if you already have CoreCALs, then it’s a solution that can save you some cash on your corporate AV strategy.

Solution

Installing Forefront Endpoint Protection

The client software is available in x64 and x86 bit flavours, it is installed from a single executable (FEPInstall.exe). There is no MSI installer (yeah thanks Microsoft!) So if you want to roll it out on mass, you need to either install it using a startup script, include the software in your ‘Master/Golden Image’ and re-image you machines, or tear your hair out trying to work out SCCM.

Managing Forefront Endpoint Protection with Group Policy

1. First you need to download the policy definitions, copy the FEP2010.admx file to %Systemroot%PolicyDefinitions.

2. Then copy the FEP2010.adml file to %Systemroot%PolicyDefinitionsEN-US

Creating a Group Policy Central Store

3. If you have all your ADMX policy definitions in a central location, all your clients can use them. The correct place for them is in the sysvol directory, in a folder called policies (this is where your clients read their group policies from). To create the directory issue the following command;

[box]MD “%logonserver%sysvol%userdnsdomain%policiesPolicyDefinitions”[/box]

4. Now copy all your policy files into it, (from the folder we used earlier) with the following command;

[box]xcopy %systemroot%policydefinitions*.* “%logonserver%sysvol%userdnsdomain%policiesPolicyDefinitions” /S /Y[/box]

5. Then either create a new policy, or edit an existing one that’s linked to the COMPUTER objects you want to manage.

6. Navigate to;

[box]Computer Configuration > Policies > Administrative Templates > System > Forefront Endpoint Protection 2010[/box]

Here you will find the policy settings you require.

7. When you are controlling settings via GPO this is what you will see on the client machines.

Importing and Exporting Forefront Policy Settings

8. From the files you extracted earlier locate and run the FEP2010GPTool.exe. From here you can import and export all the policy settings from a particular group policy. Microsoft have published a set of policy settings which you can download for various server roles.

Note: By default each policy you import will merge with the existing settings in the GPO, unless you tick the “clear the existing Forefront Endpoint Protection settings before import” option.

Updates for Forefront Endpoint Protection

9. Windows uses it’s existing ‘Windows updates’ path for getting updates. If you have a WSUS server you will need to enable the updates in the ‘Products and Classifications’ section.

10. If you DONT have WSUS but you are behind a proxy, you can manage FEP proxy settings from the following policy.

Related Articles, References, Credits, or External Links

NA

Microsoft Exchange RPC Client Access Service Does Not Start

KB ID 0000802 

Problem

I build a new SBS 2011 environment last week, and I had just put on the new digital certificate, and as no one was using it, I simply rebooted the SBS Server and went for a coffee. From that point forward all the new Outlook 2013 clients give me this error,

Cannot start Microsoft Outlook. Cannot open the Outlook window. The set of folders cannot be opened. You must connect to Microsoft Exchange with the current profile before you can synchronize your folders with your Outlook data file (.ost).

Solution

1. At first I thought this was a user profile problem, so i logged on as another user (no difference). So I thought it was a problem with Outlook/Office on that PC. Until I built another one and it did the same. If you are seeing this error I suggest you remove the Outlook profile on the affected machine first.

2. Some Google searching told me this can happen if certain services have not started, as I had this problem on the same server, I checked the services and sure enough the Microsoft Exchange RPC Client Access’ service was not running. I could manually start it, and the error ceased. That’s great but I needed to deliver the server to a client and I wouldn’t be about to manually start services every time they rebooted it!

3. It turns out that this is a known problem if Exchange is installed on a Global Catalog server (being an SBS Server I don’t have much choice). it is supposed to be addressed by Microsoft KB940845, I say ‘supposed to‘ because this did not work.

4. Despite my best efforts, this service refused to start with the server, so I clipped on my spurs and wrote a startup script that waits three minutes after the server starts then it manually starts the service for me. You can put it in the servers Startup folder, or (as I did) assign the startup script via group policy.

Note: This script waits 180 seconds, you can change the interval if you wish.

Related Articles, References, Credits, or External Links

NA

Outlook – Disable “Show in Groups”

 

KB ID 0000668 

Problem

With older versions of Outlook this was simple to do, they have made a good job of hiding it in Outlook 2010?

Emails Grouped by Date.

Solution

1. From within Outlook View > Change View > Manage Views.

2. Seelct ‘Current view settings’ > Modify.

3. Group By.

4. Untick ‘Automatically group according to arrangement’ > OK.

Related Articles, References, Credits, or External Links

NA