Exchange Event ID 1012 & 1013

KB ID 0001619

Problem

Seen on Exchange 2013/2016

Event ID 1012

Log Name: Application
Source:  MSExchangeDiagnostics
Event ID: 1012
Task Category: General
Level: Error
Keywords: Classic
User:  N/A
Description: Data loss occurred in RetentionAgent: RetentionAgent: Data loss occurred. The size of this folder E:\Program Files\Microsoft\Exchange Server\V15\Logging\Diagnostics\DailyPerformanceLogs has reached the max size allowed – 5120 MB. Some files will be purged.

Event ID 1013

Log Name: Application
Source: MSExchangeDiagnostics
Event ID: 1013
Task Category: General
Level: Warning
Keywords: Classic
User: N/A
Description: Potential data loss warning in RetentionAgent: RetentionAgent: Warning: Potential data loss. The size of this folder E:\Program Files\Microsoft\Exchange Server\V15\Logging\Diagnostics\DailyPerformanceLogs has reached 95% of max size allowed – 5120 MB. Some data will be purged once it reaches the max limit.

Temporary Solution

I must say I don’t really like this solution, if you trawl the forums, you will see this is how you suppress the error. But you should really relocate the logs

Navigate to: {Drive Letter}:\Program Files\Microsoft\Exchange Server\V15\bin\Microsoft.Exchange.Diagnostics.Service.exe.config

Locate the DailyPerformanceLogs section and look for the LogDataLoss entry, change it from True to False.

Then restart the Microsoft Exchange Diagnostic Service.

Proper Solution

To relocate the logs to another location, or a larger partition/disk, do the following;

First double check the log location;

[box]

logman query ExchangeDiagnosticsDailyPerformanceLog | more

[/box]

Then to move the logs, stop the logging, relocate the log location, and finally start the logging again;

[box]

logman -stop ExchangeDiagnosticsDailyPerformanceLog
logman -update ExchangeDiagnosticsDailyPerformanceLog -o “H:\Exchange\PerformanceLogs”
logman -start ExchangeDiagnosticsDailyPerformanceLog

[/box]

Related Articles, References, Credits, or External Links

NA

Exchange – Event ID 205 and Event ID 16025

KB ID 0001251 

Problem

At a client this week, they were having a LOT of mail flow problems. Looking at the queue viewer, I could see that all their mail was sat in queues waiting to go into their mails stores. There was a queue for each mail store, and the error on each was “451 4.4.0 DNS query failed Exchange Server error in message queue“. Looking in the Application log it was full of Event ID 205, and 16025 Errors Stating;

Source MSExchange Common

No DNS servers could be retrieved from network adapter {GUID} Check that the computer is connected to a network and that the Get-NetworkConnectionInfo cmdlet returns results.

OR

No DNS servers could be retrieved from network adapter {GUID}. Verify that the computer is connected to a network and that the Get-NetworkConnectionInfo cmdlet returns results.

Solution

First you need to get the ‘Identity” of your actual network card with a Get-NetworkConnectionInfo command, (make sure the correct DNS settings are set for this NIC, i.e. it’s not pointing to a PUBLIC DNS server!)  Once you have it, change the Transport service to use this new ID, with a Set-TransportServer command.

[box]Set-TransportServer {Name-Of-Server} -InternalDNSAdapterGUID {GUID} -ExternalDNSAdapterGUID {GUID}[/box]

Then Restart the Microsoft Exchange Transport Service and the Microsoft Exchange Mailbox Transport Service.

Related Articles, References, Credits, or External Links

NA

Event ID 62464 ‘Source amdkmdag’

KB ID 0000613

Problem

My laptop has an annoying habit of ‘freezing” and requiring a manual power off and back on again to get it working (HP Probook 6560b).

A look in the system log yielded hundreds of event ID 62464 errors.

Log Name: System
Source: amdkmdag
Date: xx/xx/xxxx xx:xx:xx PM
Event ID: 62464
Task Category: DVD_OV
Level: Information
Keywords: Classic
User: N/A
Computer: xxxxxxxxx
Description:
UVD Information 

Solution

It seems I’m not the only one, a quick internet search turned up a few people with the same problem. However all the other posts were advocating disabling the logging of the error. I’m not a fan of disabling error logging no matter how ‘Spammy’ it is.

It’s obviously being generated by my graphics driver, so a look there told me what version I was running. (Start > Run devmgmt.msc {Enter}).

I went to HP and downloaded the latest published AMD driver they had, and rebooted, problem solved.

Related Articles, References, Credits, or External Links

NA

Event ID 14029

KB ID 0000446 

Problem

Event ID 14029

Couldn’t find an Exchange 2010 or later public folder replica for the free/busy folder: EX:/O={your domain/OU={your administrative group}

The message is quite straight forward, Older Outlook clients (2003 and earlier) get their scheduling and calendaring info from the “SHEDULE+ free/busy” public folder. Newer Outlook clients (2007 and later) don’t need to do this.

You are seeing this error message because, a) you have Older Outlook clients in your Exchange org, or b) Someone forgot to replicate this public folder over to Exchange 2010 when you upgraded.

Solution

1. On the Exchange Management Console > Toolbox > Public Folder Management Console > Expand “System Public Folders” > Expand “SCHEDULE+ FREE BUSY” > Select the folder that’s generating the error > Right Click > Properties.

2. Replication tab > Add > Add in the Exchange 2010 Server > Apply.

3. Finally, either reboot the server, or restart the MSExchangeMailboxAssistant Service.

 

Related Articles, References, Credits, or External Links

NA

Event ID 36888

KB ID 0000634 

Problem

This was driving me nuts on my Windows 7 x64 Laptop.

Log Name: System
Source: Schannel
Event ID: 36888
Task Category: None
Level: Error
User: SYSTEM
Description:
The following fatal alert was generated: 10. The internal error state is 10.

I was getting a dozen of these an hour!

Solution

This error is caused (from what I can gather) by an error in certificate negotiation, your machine is trying to initiate communications with another machine/server using a certificate and TLS and the process is producing this error TLS1_ALERT_UNEXPECTED_MESSAGE (10).

1. If your browser is the cause of the problem, then simply open Internet Options > Advanced > Untick all the TLS options > Apply.

2. However this DID NOT WORK for me, so something is programmatically chatting from my laptop using TLS. The bottom line is, this problem is probably not even on your machine, so I’m simply going to disable SCHANNEL logging.

Note: If your Error does NOT say “The following fatal alert was generated: 10. The internal error state is 10“. then I would suggest NOT doing this.

3. In the search run box type regedit and navigate to the following key;

[box]
HKEY_LOCAL_MACHINE > System > CurrentControlSet > Control > SecurityProviders > SCHANNEL
[/box]

Change the EventLogging value from 1 to 0 (that’s a zero).

Related Articles, References, Credits, or External Links

NA

Event ID 8213

KB ID 0000142 

Problem

Event ID 8213

System Attendant Service failed to create session for virtual machine <servername>. The error number is 0xc007052e. 

Admin password on the Administrative group (In Exchange) needs changing to the correct domain admin password.

NOTE only happens if you have an Active Directory Connector installed.

Solution

1. Start > All Programs > Microsoft Exchange > Exchange System Manager.

2. Administrative Groups > First Administrative Group*

3. Right click on First Administrative Group* folder >Properties.

4. Your going to see an Exchange Service Account (Administrator usually)

5. Click MODIFY.

6. Type in the admin password and verify.

7. Click OK > OK, close System Manager.

8. Restart Exchange services.

*Note your Exchange or may have a different group named depending on how it was set up.

Related Articles, References, Credits, or External Links

NA

Event ID 1014 and 1002 (Windows IIS Web Server)

KB ID 0000808 

Problem

Seen on Server 2003 running IIS 6, about once a week the website would fail, and the client had to reboot the server to bring things back up again. I took a look at the server and noticed that when the failure happened, we had five Event ID 1014 errors;

Source W3SVC
The World Wide Web Publishing Service encountered an internal error in its process management of worker process ‘<value>’ serving application pool ‘DefaultAppPool’. The data field contains the error number.

And finally we had an Event ID 1002;

Source W3SVC
Application pool ‘DefaultAppPool’ is being automatically disabled due to a series of failures in the process(es) serving that application pool

Solution

1. Before you proceed make sure this is not the problem.

2. Open the Internet Information Services (IIS) Manager > {Servername} > Application Pools > DefaultAppPool (unless your error is for another app pool) > Properties > Health.

3. Rapid-Fail Protection: You may wish to troubleshoot by simply increasing the thresholds, (the frequency of your 1002 events should give you a pointer). Though from what I’ve read this system tends to cause more problems than it cures, in the end I disabled it completely.

Warning: Disabling a system that is designed to protect you inherently has dangers.

If you suddenly get an unstable server, or memory leak problems you might want to reinstate this, and start checking the code in your website!

Related Articles, References, Credits, or External Links

NA

Event ID 29

KB ID 0001032 

Problem

Seen on a Microsoft Certificate Services server running NDES.

Log Name: Application
Source: Microsoft-Windows-NetworkDeviceEnrollmentService
Date: 04/02/2015 11:22:26
Event ID: 29
Task Category: None
Level: Error
Keywords:
User: PETENETLIVESVC_NDES
Computer: PNLPKI00v.petenetlive.com
Description:
The password in the certificate request cannot be verified. It may have been used already. Obtain a new password to submit with this request.

Solution

I got this error every time a network device tried to enroll with the NDES server. You are seeing this error because the NDES server is expecting the password that generated by visiting this url http://{hostname-of-NDES-Server}/Certsrv.mscep_admin.

Normally I disable the password requirement when I build NDES, this time I’d simply forgotten. To disable the password requirement, follow this process.

Related Articles, References, Credits, or External Links

NA

Exchange 2007 & 2010 – Setup and Deploy Outlook Anywhere

KB ID 0000519 

Problem

What used to be a fiddly job, is now very simple to do, setting up Outlook Anywhere (formally known at RPC over HTTP) takes about 10 minutes.

What is Outlook Anywhere?

This is a system that lets you connect Microsoft Outlook to to your Exchange server over the web, this means you can connect to to your email, calendaring and tasks etc, without the need for a VPN connection.

Solution

Outlook Anywhere with Exchange 2007 (Exchange 2010 Skip to Step1)

If you plan to deploy Outlook Anywhere with Exchange 2007 there is an additional step you need to carry out before you start. From server manager > Feature > Add Features > Add in the ‘RPC over HTTP Proxy’ feature before you start. (Note: you DONT need to do this if you are running SBS 2008).

Step 1 Configure Exchange

1. First we need to turn it on: from within the Exchange Management, expand Server configuration > Client Access > Select the server in the central pane > Select “Enable Outlook anywhere” in the action pane.

2. Enter the publicly addressable name of your Exchange server, for this example I’m using NTLM authentication > Enable.

Note: The external host name is the address that you would type into a browser to contact the Exchange server i.e. for Outlook Web Access http://mail.domaina.com/owa. This would mean the public name is mail.domaina.com. This name must be the Common Name (CN) on the Exchange server’s digital certificate.

Exchange 2010 – Working with Certificates

3. Take heed of the information, nothing’s going to work for 15 minutes (Even Exchange is telling you to apply the cup of coffee rule) > Go and have a hot milky beverage.

4. Look at the timestamps and the clocks, this one took 14 minutes (for once the dialog had it spot on!) You should see Event ID 3007, 3003, 3004,(all these are normal) and finally,

5. Event ID 3006 > Outlook Anywhere is up and running on the server. (Note: you will NOT see this on an Exchange 2007 Server, see the second screenshot).

Note: To Access from Outside your network the public name of the Exchange server (in this case mail.domain.com), needs TCP port 443 (HTTPS) open to it, or “Port Forwarded” to the Exchange server.

Note2: To work internally make sure that mail.domaina.com resolves to the INTERNAL IP address of the Exchange server.

6. You may also want to execute the following command. Particularly if you use SBS, which has a habit of setting remote.publicdomain.com as the default outside name.

[box] Set-WebServicesVirtualDirectory –Identity ‘EXCHANGE-MAILEWS (Default Web Site)’ –ExternalUrl https://mail.domain.co.uk/ews/exchange.asmx[/box]  

Step 2 Configure Outlook for Outlook Anywhere

1. In this example I’m using Outlook 2010 and the mail profile/account has NOT been setup, if you already have an account edit it, select “More Settings” and jump to number 4.

Note: To support Outlook Anywhere you need a minimum of Outlook 2003 SP2

2. If you are setting up your Outlook client internally, the autodiscover service should fill in the details for you.

3. If it auto configures the settings for you, tick the box to manually configure server settings.

4. More Settings.

5. Connection Tab > Tick “Connect to Microsoft Exchange Server using HTTP” > Click “Exchange Proxy Settings”.

6. Put on the URL (Public name of Exchange – see step 1 number 2) > I’m using NTLM authentication you may be using basic, if you don’t know, check with your IT department, or try each one.

7. Security Tab > Ensure “Encrypt data between Microsoft Outlook and Microsoft Exchange” is selected.

8. Restart Outlook – you may be asked for your username and password again this is normal.

 

Related Articles, References, Credits, or External Links

Original article written: 04/10/11

Exchange 2010 – Working with Certificates

Buy Your Exchange Certificates Here!

Event ID 9335 and 9331 Offline Address Book Update Errors

KB ID 0000849

Problem

Seen on an Exchange 2010 server, this server had previously been upgraded from Exchange 2007, and that was upgraded from Exchange 2003.

Event ID 9335

Log Name: Application
Source: MSExchangeSA
Event ID: 9335
Task Category: (13)
Level: Error
Keywords: Classic
User: N/A
Computer: ServerName
Description:
OABGen encountered error 80004005 while cleaning the offline address list public folders under
 /o=org/cn=addrlists/cn=oabs/cn=Default Offline Address Book. Please make sure the public folder
 database is mounted and replicas exist of the offline address list folders. No offline address 
lists have been generated. Please check the event log for more information.
- Default Offline Address Book 

Event ID 9331

Log Name: Application
Source: MSExchangeSA
Date: 29/08/2013 06:10:50
Event ID: 9331
Task Category: (13)
Level: Error
Keywords: Classic
User: N/A
Computer: ServerName
Description:
OABGen encountered error 80004005 (internal ID 50101f1) accessing the public folder database 
while generating the offline address list for address list '/'.
- Default Offline Address Book 

Solution

Note: If you don’t have any Outlook 2003 clients left in the organisation, this is a moot point. Simply disable distribution of the offline address book via public folder. (Newer Outlook clients use web based distribution.)

1. Before we do anything make sure that the offline address book has been specified, is shown on the correct server, and is set as default.

2. From the Exchange Management Console > Toolbox > Public Folder Management > system Public Folders > OFFLINE ADDRESS BOOK > Then in the center window, right click each one > Properties > Replication > The server that hosts the public folder should be in here > (In my case it was not.) > Add it in.

3. Now you can force the OAB to update with the following command;

[box]Get-OfflineAddressBook | Update-OfflineAddressBook[/box]

4. Now recheck the event logs, and you should no longer get Events 9335 and 9331.

Related Articles, References, Credits, or External Links

Update Global Address List Error “WARNING: The recipient “xxxxxMicrosoft Exchange System Objects/xxxxx” is invalid and couldn’t be updated