This post comes form my colleague Andrew Dorrian, he usually follows my migrating public folders article. Recently after a couple of Exchange 2016 migrations he has seen a problem where the public folders are visible in the Exchange Admin Console, but the users can’t access them.
Solution
Open ADSIedit.msc and connect to the ‘Configuration’ context.
Navigate to;
CN=Services > CN=Microsoft Exchange > CN=(your organization name) > CN=Administrative Groups > CN=Exchange Administrative Group (FYDIBOHF23SPDLT) > CN=Databases.
Locate you mailbox database(s) > Right Click > Properties > Locate: msExchHomePublicMDB > Edit > Clear > OK > Apply > OK.
Open an Exchange administrative shell and run the following command;
On the tail end of an Exchange 2010 to 2016 migration last week, I needed to decommission the old Exchange 2010 server. It would not let me remove the mailbox database, as it had a ‘move-request’ that it thought had not completed, (for the administrator account). However if I tried to delete the move request from the EMC this happened;
Error
Failed to communicate with the mailbox database
MapiExpetionNoAccess Unable to open message store
(hr=0x080070005, ec=-2147024891
Solution
Even trying to remove the move request with PowerShell failed. In the end I had to remove the request in ADSIEdit.msc.
Windows Key+R > asdiedit.msc > Connect to > Default Naming Context > DC={your domain}, DC={your domain extension} > Navigate to the user affected > Properties > Filter > Show only attributes that have values.
Locate the following two values and clear them;
msExchMailboxMoveFlags
msExchMailboxMoveStatus
This is enough to remove the failed mailbox move request, but if you’re nervous, then just refresh the move request section and it should disappear.
Related Articles, References, Credits, or External Links
A colleague was having some certificate problems onsite the other week. Someone suggested just using Certificate Services to simplify matters. I said I’d spin it up and configure it for him, (I’ve done a lot of Microsoft CA work, search the site!)
My fist question was, “Do they already have certificate services?’, unsurprisingly the answer was “I don’t know”.
So if you’re on a domain, and you want to locate your CA server, or simply find out if you have one, what do you do?
Solution
The simplest option is look in Active Directory Users and Computers, then locate the ‘Cert Publishers’ group and look at its members.
Or you can run adsiedit.msc > CN=Certification Authorities, CN=Public Key Services, CN=Services, CN=Configuration, DC={domain-name},DC={domain-extension}
Easy Option: If you’re lazy, (like me!) Simply run the following command;
[box]
certutil –config – -ping
[/box]
If you don’t have any CA’s this is what you will see;
But if you do (below there is one, but there may be many);
Related Articles, References, Credits, or External Links
I had to work out how to do this for a client, and as is my modus operandi, I’ll try and save you some of the pain I endured,
Products Used
System Center Configuration Manager 2007 SP2 Windows Server 2008 R2 SQL 2008 R2 (At time of writing neither officially supported or not supported on SCCM)
Note: I was originally going to use SQL 2005 – hence the reason the SQL servers name is SCCM-SQL2005, however I bit the bullet and used SQL 2008 R2 instead.
Solution
Step 1: SCCM Domain pre install work.
1. Create two groups in Active Directory.
a. sccm administrator group SCCM-ADMIN b. sql administrator group SQL-ADMIN
2. Add both groups to the Domain Admin’s group.
3. Create two new users: sccmadmin and sqladmin.
4. Add sccmadmin to SCCM-ADMIN group and add sqladmin to SQL-ADMIN group.
c. Windows Authentication. d. IIS6 Metabase compatibility. e. IIS6 WMI compatibility.
3. Add the following “server Features”:
a. Background Intelligent Transfer Service. b. Remote Differential Compression.
4. If you are NOT running Windows Server 2008 R2 Download and install WebDav (already included in Windows Server 2008 R2). If you are running R2 skip to the next step.
5. Server Manager > Roles > Web Server (IIS) > Add Role Services > WebDAV Publishing > Next > Close.
6. To enable WebDav > Start > Administrative Tools > Internet Information Services (IIS) Manager > Expand {server name} > Sites > Default Web Site > WebDav Authoring Rules.
7. Select Enable WebDav (On the right hand side).
8. Select add authoring Rule > All Content > All Users > Permissions > Read > OK.
9. Select the rule you have just created > WebDav Settings.
10. Change “Allow Anonymous Properties Queries” to True > Change “Allow Custom Properties” to False > Change “Allow Property Query with Infinite Depth” to True > Change “Allow hidden files to be listed” to True > Apply.
12. From the WSUS installation choose “Full server installation” > DO NOT accept the default “Use the existing IIS Default Web site” > Use “”Create a Windows Server Update Services 3.0 SP2 Web site” (Note: this will use port TCP 8530 by default).
Step 3: SCCM Install SQL Server.
1. From the SQL install media run setup.exe > Installation > “New Installation or add features to an existing Installation” > OK.
2. Enter product Key if applicable > Next > “I accept…” > Next > Install > Next > Next.
5. On the Server configuration Page > Select “Use the same account for all SQL Server services > Select the User you created originally (sqladmin) > Set the SQL Server Agent and SQL Server Database Engine Startup type to “Automatic” > Next.
6. Accept “Windows Authentication” > Add in your SCCM-ADMIN group and SQL-ADMIN group > Next > Next > Next > Install.
7. When it’s completed click close.
Step 4: Prepare Active Directory for SCCM
1. Extend the schema > From the install media > SMSSETUP > BIN > 1386 > extadsch.exe
2. Check the above was successful by opening the c:extADsch.txt file it should say “”successfully extended the Active Directory Schema”.
3. We now need to create some active directory objects go to a domain controller > Start > Administrative tools > ADSI Edit > Action > connect to > leave everything on its defaults > OK.
4. Expand the Default naming context > Expand your domain name > Right click “system” > New > Object > Container > Next.
5. Call it “System Management” > Next > Finish > Close ADSI Edit.
6. Still on the domain controller > Start > dsa.msc {enter} > View > Advanced.
7. Expand “system” > Locate the container you created “System Management” > right click it and select properties > Security Tab > Add > Object Types > Tick Computers > OK.
8. Click Advanced > Find Now > Locate and add the SCCM-ADMIN group you created earlier > Also add the SCCM Server itself > OK.
9. Grant allow “Full Control” to both the SCCM admin group and the SCCMserver.
10. Now click advanced > Select the SCCM-ADMIN group > Edit.
11. Change the “Apply to” section from “This object only” to “This object and all descendant objects” > OK > Apply > OK.
12. Repeat the above for the SCCM-Server object.
Step 5: Install SCCM
1. Log on as the sccadmin user.
2. From within the SCCM setup media run splash.hta > Run the Pre requisite checker > Enter the SQL Server name > SCCM server name and the FQDN of the SCCM server > OK.
3. Note If you cannot talk to the SQL server then check that the Windows firewall is not blocking you (on the SQL server Start > run > firewall.cpl > Turn it off).
4. All being well it should say “All required pre requisite tests have completed successfully” > OK.
5. Re-run Splash.hta > This time choose > Install configuration Manager 2007 SP2 > Next > “Install Configuration Manager site Server > Next.
6. Tick “I accept these License terms > Next > Custom Install > Next > Primary Site > Next > Next > enter unlock code is applicable > Next > Accept/change the install directory > Next > Enter a Site code and friendly name > Next.
DO NOT ever try and change this code and don’t forget it!!
7. Change the Site mode to “Configuration Manager Mixed Mode” (Native mode requires certificate services and considerably more work). > Next.
8. Accept the defaults (everything except NAP) > Next.
9. Enter your SQL server name > Next > Next > Next > Next > Next.
10. Select a location to install the updates to > Next.
11. Updates will download this may take some time > when finished it should say it was successful > OK > Next.
12. It will run the pre requisite check again > when finished click begin install.
13. When finished click Next > Finish.
14.Now you need to send out the clients and configure SCCM, I’ll cover that in a later article.
Related Articles, References, Credits, or External Links
Seen on an Exchange 2010 server, this server had previously been upgraded from Exchange 2007, and that was upgraded from Exchange 2003.
Event ID 9335
Log Name: Application
Source: MSExchangeSA
Event ID: 9335
Task Category: (13)
Level: Error
Keywords: Classic
User: N/A
Computer: ServerName
Description:
OABGen encountered error 80004005 while cleaning the offline address list public folders under
/o=org/cn=addrlists/cn=oabs/cn=Default Offline Address Book. Please make sure the public folder
database is mounted and replicas exist of the offline address list folders. No offline address
lists have been generated. Please check the event log for more information.
- Default Offline Address Book
Event ID 9331
Log Name: Application
Source: MSExchangeSA
Date: 29/08/2013 06:10:50
Event ID: 9331
Task Category: (13)
Level: Error
Keywords: Classic
User: N/A
Computer: ServerName
Description:
OABGen encountered error 80004005 (internal ID 50101f1) accessing the public folder database
while generating the offline address list for address list '/'.
- Default Offline Address Book
Solution
Note: If you don’t have any Outlook 2003 clients left in the organisation, this is a moot point. Simply disable distribution of the offline address book via public folder. (Newer Outlook clients use web based distribution.)
1. Before we do anything make sure that the offline address book has been specified, is shown on the correct server, and is set as default.
2. From the Exchange Management Console > Toolbox > Public Folder Management > system Public Folders > OFFLINE ADDRESS BOOK > Then in the center window, right click each one > Properties > Replication > The server that hosts the public folder should be in here > (In my case it was not.) > Add it in.
3. Now you can force the OAB to update with the following command;