Seen when an Exchange server attempts to build the Offline Address book but encounters an error.
Source: MSExchangeSA Event ID: 9323 Task Category: (13) Level: Warning Keywords: Classic Description: Entry ‘{Username}’ has invalid or expired e-mail certificates. These certificates will not be included in the offline address list for ‘Global Address List’.
Solution
1. Go to a domain controller, Launch “Active Directory Users and Computers”, Select View and enable “Advanced Features”. Locate the username reported in the error (In this example it’s the administrator), On the properties for that user locate the “Published Certificates” tab.
If you can’t see the published certificates tab you are probably on the Exchange Server and NOT on a domain controller.
2. You will see that this user has a certificate which you can see by pressing the view certificate button, In this case we can see that the certificate has expired.
3. I didn’t need to renew this certificate, so I simply removed it.
Then rebuild the Offline address Book
1. Launch the Exchange Management Console > Organization Configuration > Offline address book Tab > Right click “Default Offline address Book” > Update.
2. Select “Yes” when prompted.
3. Wait a few minutes the re-check the server application log, to make sure it now completes without error.
Related Articles, References, Credits, or External Links
Seen when an Exchange server attempts to build the Offline Address book but encounters an error.
Source: MSExchangeSA
Event ID: 9323
Task Category: (13)
Level: Warning
Keywords: Classic
Description:
Entry '{Username}' has invalid or expired e-mail certificates. These certificates will not be included in the offline address list for 'Global Address List'.
Solution
1. Go to a domain controller, Launch “Active Directory Users and Computers”, Select View and enable “Advanced Features”. Locate the username reported in the error (In this example it’s the administrator), On the properties for that user locate the “Published Certificates” tab.
If you can’t see the published certificates tab you are probably on the Exchange Server and NOT on a domain controller.
2. You will see that this user has a certificate which you can see by pressing the view certificate button, In this case we can see that the certificate has expired.
3. I didn’t need to renew this certificate, so I simply removed it.
Then rebuild the Offline address Book
1. Launch the Exchange Management Console > Organization Configuration > Offline address book Tab > Right click “Default Offline address Book” > Update.
2. Select “Yes” when prompted.
3. Wait a few minutes the re-check the server application log, to make sure it now completes without error.
Related Articles, References, Credits, or External Links
Windows Server 2008 R2 and 2012 are a lot better with printing support over remote desktop, that their predecessors were. But to be able to print to your remote users ‘local’ machines. The TS/RDP server still likes to have the correct drivers installed.
What about Easy Print?
Easy Print (Introduced with Server 2008 R2) is a ‘proxy’ service that simply sends all print processes to the remote machine rather than the server itself, thus negating the need for a driver. That’s great! Unless your remote home users still have Windows XP or Vista (Pre SP1).
Solution
1. Before troubleshooting, make sure the printer actually works on the client machine, you don’t want to spend an hour trying to get it working when it’s actually out of paper or not turned on, (sorry but users are ‘challenging’).
2. Download the Drivers to the Remote Desktop Server. MAKE SURE if your clients are a mix of x86 and x64 bit versions of Windows you need to download BOTH versions of the driver.
Note: Download x86 and x64 bit versions of the SAME driver, i.e. Try and install an x86 PCL6 driver and an x64 bit PCL5 Driver and you may get an error.
Note 2: With some older printers, you can save a lot of time by simply plugging them into the server and letting Windows Update do the hard work for you. You might think that this is ‘time/cost prohibitive’. But I once spent an afternoon trying to get an HP multifunction printer to work that was worth about £60. The remote client was 45 minutes away, by the time I was finished the cost was greater than replacing this printer with 6 or 7 new ones that would have worked out of the box!
3. You can simply install the printer on the Server if you wish, then delete the printer and the drivers will remain, though the correct way is to add the drivers via the servers ‘Print Server Properties’.
Server 2000 / 2003
Start > Run > control printers {Enter}.
Server 2012/2008 R2
Windows Key+R > control printers {Enter}.
Note: Print server properties is not visible until you select a printer.
4. Repeat the process to add additional driers for the CPU architecture of your remote clients (x86, x64, etc).
Related Articles, References, Credits, or External Links
I had this error in Windows Server 2008 R2, though you will see the same on Windows 7, you may assume you are running IIS 7, but you are actually running IIS 7.5.
Error: IIS Version 7.0 is required to use this product
Thankfully you don’t have to download another version of WebDAV you just need to enable it.
Solution
You need to enable WebDAV, it’s now a “feature”.
Windows 7 Enable WebDAV
1. Start > Run > appwiz.cpl {enter} > Turn Windows Features on or off> Expand World Wide Web Service > Expand Common HTTP Features > Select WebDAV Publishing > OK.
Windows Server 2008 R2 Enable WebDAV
1. Launch Server Manager > Roles > Web Server (IIS) >Add Role Services > Below Common HTTP Features >Select WebDAV Publishing > Next > Install.
Then you can manage WebDAV Authoring rules in Internet Information Services (IIS) Manager.
Related Articles, References, Credits, or External Links
If you create a new user, give them a mailbox, and they seemingly fail to appear then don’t panic!
Firstly and fore mostly: If you do anything in Exchange: Apply the “cup of coffee rule”, never make a change then go and prove that change works straight away! check it later.
However most of us work in the real world and you have a user who needs to use this mailbox yesterday!
1. Before you do anything send the user you created a ‘Test Email’ from your own account. If you receive an error message then you can investigate further (Note: Set your Outlook client to send you a delivery report on the test email as well). Then check the mailbox Exists (See Check for existence of mailbox sections below).
Check for the Existence of the mailbox (Exchange 2000 /2003)
1. Click Start > All Programs > Microsoft Exchange > System Manager.
2. Expand the Exchange Organisation > Administrative groups > Administrative group name (First Administrative group is the default).
Note: If you cannot see Administrative Groups right click the Very top object > Properties > Tick Display Administrative Groups.
3. Expand Servers > Server-name > Storage Group (First Storage group will be the default) > Mailbox Store > Mailboxes.
4. The Mailbox SHOULD be in the right hand window (Providing you are in the correct administrative group, on the correct server, and in the correct mailbox store!).
Check for the Existence of a mailbox (Exchange 2007/2010)
Remember with Exchange 2007 / 2010 you create the mailbox with the Exchange system Manager anyway!
1. On the Exchange Server, Start > All Programs > Microsoft Exchange Server 2007 > Exchange Management Console.
2. Expand recipient Configuration > Mailbox.
3. The Mailbox should be listed in the centre window.
Check for the Existence of a mailbox (Exchange 2013/2016)
Connect to the Exchange admin center > recipients > mailboxes > locate your user.
Mailbox is there but the user is not listed on the Global Address List
1. Make sure the user is not “Hidden from the Global Address List”
Exchange 2000/2003
On the Exchange Server > Click Start > run > dsa.msc {enter} >Locate the user in question > Right Click the user > Properties > Exchange Advanced Tab > Ensure “Hide from Exchange Address Lists” is NOT ticked.
Exchange 2007/2010
On the Exchange Server > Start > All Programs > Microsoft Exchange Server 2007 > Exchange Management Console Expand recipient Configuration > Mailbox > Locate the Mailbox for the user in question > Right Click the Mailbox > Properties > General Tab > Ensure “Hide From Exchange Address Lists” is NOT ticked.
Exchange 2013/2016
Connect to the Exchange admin center > recipients > mailboxes > locate your user > Edit > Ensure “Hide From Exchange Address Lists” is NOT ticked.
Make sure the user is on the Global Address List on the server.
The easiest way to do this is simply connect to Outlook Web Access, and query the GAL directly (OWA uses the GAL no the OAB like Outlook running in cached mode does).
Exchange 2000/2003
Click Start > All Programs > Microsoft Exchange > System Manager > Expand Recipients >All Global Address Lists > Right Click Default Global Address List > Properties > General Tab > Preview > Check the user is on this list.
Exchange 2007/2010
On the Exchange Server > Start > All Programs > Microsoft Exchange Server > Exchange Management Console > Select Organisation Configuration > Mailbox > Address Lists Tab > Locate the all users Object > Double Click it > Select Preview > Check the user is on this list > OK > Cancel.
Exchange 2013/2016
Connect to the Exchange admin center > organization > address lists > Default Global Address List > Edit > Preview recipients in the global address list includes… > Locate the user.
The User/Mailbox IS listed on the Server But NOT in Outlook.
Remember, if you are looking at the Global Address List in Outlook then you are NOT looking at the Servers Global Address List*. If you are using Outlook you may be in “Cached Mode”, and you are looking at a copy called the “Offline address book” This only gets updated Every 24 hours, and the copy on the server only gets updated every 24 hours at 04:00 (by default). In addition to this there a a few methods by which your Outlook clients get the offline address book.
*Note: Unless you are NOT in cached mode.
Outlook 2003 (and older)* clients get their OAB from a public folder, Outlook 2007 (and newer) clients can get their OAB from ‘Web-based distribution’ (basically form the website on the Exchange (or Exchange CAS) server. So there are three factors stopping you seeing that new user on the GAL (I personally advise you simply wait, however if that’s not an option, read on).
*Exchange Supported versions of Outlook
Support for Outlook 2000 was dropped with Exchange 2007, Exchange 2010 only supports Outlook 2003 (post SP2). Exchange 2013 only supports Outlook 2007 (post SP3 and cumulative update), and Outlook 2010 must be at SP1 with cumulative update.
a. Firstly force update the Offline Address Book.
b. Force your Outlook Client to Download the Offline Address book.
c. Check that the OAB is getting distributed from the Exchange/CAS server.
Update the Offline Address Book from the Global address List
Exchange 2000 / 2003
Click Start > All Programs > Microsoft Exchange > System Manager > Expand Recipients > Offline Address Lists > Right Click the “Default Offline Address Book” > Rebuild > HEED THE WARNING > OK > Right Click it again > Properties, You will see the time it updates (by default) you can change that here..
Exchange 2007 / 2010
1. On the Exchange Server > Start > All Programs > Microsoft Exchange Server 2007 > Exchange Management Console > Select Organisation Configuration > Mailbox > Offline address book tab > Right Click the Default Offline Address Book > Update > HEED THE WARNING > OK > Right Click Again > Properties > You can change the Schedule at which it updates.
Exchange 2013/2016
You can also force the OAB update with the following PowerShell command;
Click Start > All Programs > Microsoft Exchange > System Manager > Expand the Exchange Organisation > Administrative groups > Administrative group name (First Administrative group is the default) > Expand Servers > Server-name > Storage Group (First Storage group will be the default) > Public Folder Database > Ensure it is mounted.
Then expand Folders > Public Folders > OFFLINE ADDRESS BOOK > Make sure it’s displayed as per the image below.
Exchange 2007 / 2010
On the Exchange Server > Start > All Programs > Microsoft Exchange Server > Exchange Management Console > Select Organisation Configuration > Mailbox > Offline address book tab > Right Click the Default Offline Address Book > Properties > Distribution.
Note: Make sure the Generation Server is set to a server that exists, and it’s online.
In the diagram below you can see this server is performing public folder AND web based distribution, this is probably because you ticked this box when you installed the product.
For public folder distribution ensure the public folder database is mounted, and at least one server holds a replica. Also in the properties of the mailbox database, your users are using, make sure it points to the correct public folder database.
For web-based distribution make sure the site is up.
Exchange 2013/2016
Exchange 2013/2016 will only be distributing the OAB via web-distribution. make sure the default website is up.
Force Outlook to Download the New Offline Address Book
For all versions of Outlook (since 2003) you have two choices, either take Outlook out of cached mode* (so it queries the ‘live’ global address list). Or force Outlook to download the latest version of the offline address book.
*Note: Disabling cached mode is not really a fix!
Outlook 2003 Download The Offline Address Book
Tools > SendReceive > Download Address Book > OK.
Outlook 2003 Turn off Cached Mode
Tools > E-mail Accounts > View or change existing email accounts > Next > Select the account > Change > un-tick “Use Cached Exchange Mode” > Next.