ganeshg1990

Mailbox is currently unavailable in EMC and EMS – Exchange 2010

 

Mailbox is currently unavailable in EMC and EMS – Exchange 2010

Scenario:

  • Unable to connect to a mailbox which wasn’t disconnected or deleted.
  • When trying to access the mailbox , e.g., opening the mailbox calendar folder

        Below error occurs,

 Error(s):

        “The set of folders can’t be opened, the attempt to log-in the Microsoft exchange server has failed”

 

  • Mailbox export to pst also failed,
  • Tried login to the user mailbox via owa and outlook,
  • Both failed with an error stating unable to connect to mailbox

 

Solution:

  •     Run MAPI connectivity test on the user’s mailbox to check if everything is fine with the mapi connectivity,

 

Test-MAPIConnectivity “tober” | fl

 

RunspaceId : c55b4756-38d9-4bcd-81dd-d0800ec6ce7d

Server     : W8-EXCH-MBOX-E1

Database   : MBOX1 DB2

Mailbox    : tober

Result     : *FAILURE*

Latency    : 00:00:00

Error      : [Microsoft.Exchange.Data.Storage.StorageTransientException]: Cannot open mailbox /o=xxxxxx/ou=Exchange A

ministrative Group (FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/cn=xxxxxx/cn=Microsoft System A

tendant. Inner error [Microsoft.Mapi.MapiExceptionMailboxQuarantined]: MapiExceptionMailboxQuarantined: U

able to open message store. (hr=0x80004005, ec=2611)

Diagnostic context:

Lid: 55847   EMSMDBPOOL.EcPoolSessionDoRpc called [length=152]

Lid: 43559   EMSMDBPOOL.EcPoolSessionDoRpc returned [ec=0xA33][length=274][latency=0]

Lid: 32881   StoreEc: 0xA33

Lid: 50035

Lid: 64625   StoreEc: 0xA33

Lid: 50128

Lid: 1494    —- Remote Context Beg —-

Lid: 26426   ROP: ropLogon [254]

Lid: 22787   Error: 0x0

Lid: 13032   StoreEc: 0x8004010F

Lid: 25848

Lid: 7588    StoreEc: 0x8004010F

Lid: 25840

Lid: 6564    StoreEc: 0x8004010F

Lid: 27395   Error: 0x0

Lid: 61867

Lid: 37291   StoreEc: 0xA33

Lid: 53675

Lid: 12716   StoreEc: 0xA33

Lid: 20794

Lid: 28474   StoreEc: 0xA33

Lid: 22330   dwParam: 0x0        Msg: 14.03.0174.001:W8-EXCH-MBOX-E1

Lid: 1750    —- Remote Context End —-

Lid: 50288

Lid: 23354   StoreEc: 0xA33

Lid: 25913

Lid: 21817   ROP Failure: 0xA33

Lid: 26297

Lid: 16585   StoreEc: 0xA33

Lid: 32441

Lid: 1706    StoreEc: 0xA33

Lid: 24761

Lid: 20665   StoreEc: 0xA33

Lid: 25785

Lid: 29881   StoreEc: 0xA33

Identity   :

IsValid    : True

 

Mailbox is quarantined

  • Check the registry entry to find if the mailbox is found under the appropriate quarantined sub key,

HKLM\SYSTEM\CurrentControlSet\Services\MSExchangeIS\<Server Name>\Private-{db guid}\QuarantinedMailboxes\{mailbox guid}

 

  • Get the Mailbox and database GUID via powershell

 

Get-mailbox “MailboxName” | fl *GUID*

 

  • Deleted the mailboxguid subkey
  • Dismounted and remount the database
  • Again Run the Mapi connectivity test to confirm successful report
  • Now you can successfully login and send emails
  • Would Suggested to move the mailbox to a different database on the same/different server to eliminate any corruption

Possible Cause for the mailbox to be quarantined is due to the poison messages

Support Links,

http://technet.microsoft.com/en-us/library/gg490642(v=exchg.80).aspx

http://support.microsoft.com/kb/2603736

Regards,

Ganesh G

ganeshg1990

Uninstalling Exchange 2010 after migrating to Exchange 2013

Remove exchange 2010 after upgrading the current environment to exchange 2013

Please ensure,

  •  All Client Access server FQDNs are pointing to Exchange 2013.
  • All mail flow connectors are pointing to Exchange 2013.
  • All user and arbitration mailboxes have been moved to Exchange 2013.

Move Arbitration and Discovery Search mailboxes
Follow the below steps to move all arbitration and discovery search mailboxes to final 2013 database.
Open EMS with run as administrator and run the following cmds
Get‐Mailbox –Arbitration | New‐MoveRequest –TargetDatabase TargetDBName
Get-Mailbox “*Discovery*” | New‐MoveRequest  –TargetDatabase TargetDBName

  • If you were using public folders, make sure the public folders databases have been migrated to Exchange 2013.
  • Any Exchange 2010 CAS arrays you have configured must be removed.
  • Make a list of applications that may be using Exchange 2010 and then make sure to configure these applications to start using Exchange 2013 if necessary.

http://technet.microsoft.com/en-us/library/ee332361(v=exchg.141).aspx

Completely remove exchange from the environment, “In addition to removing exchange 2010 via Control panel > add or remove programs ”

Check if the exchange related objects are removed from AD, if it’s not removed then try to remove them manually.

  1. Go to Primary Domain Controller
  2. Open ADSIEDIT
  3. Right Click on ADSIEdit and Click Connect to
  4. Connect to “Default Naming Context”
  5. Navigate to the following objects and Delete them.

DC=Domain,DC=Com -> OU=Microsoft Exchange Security Groups

DC=Domain,DC=Com -> CN=Microsoft Exchange System Objects

  1. Right Click on ADSIEdit and Click Connect to
  2. Connect to “Configuration”
  3. Navigate to the following objects and Delete them.

CN=Configuration,DC=Domain,DC=Com -> CN=Services -> CN=Microsoft Exchange

CN=Configuration,DC=Domain,DC=Com -> CN=Services -> CN=Microsoft Exchange Autodiscover

  1. Force the Active directory Replication.
  2. Exchange 2010 Manual Uninstallation is Completed

pic1

pic2

 

Feel free to post in for your comments and feedbacks

Regards,

Ganesh G

ganeshg1990

Cross Site DAG / DAC Mode – Scenarios

Cross Site DAG / DAC Mode – Scenarios

Here is a scenario where in we have a cross site DAG and we have the core discussion on how it works during a disaster (WAN down , Primary site down).
So please go though this and post me with your feedback and corrections if any,

If you wish to add more to this please feel free to add to it

Environment:

Two Sites

Primary – 10 database and copies

2 CAS/HUB

5 MBX – 1 witness

DR – Copies

5 MBX and 2nd witness (alternate witness)

2 CAS/HUB

 

Image

1 DAG – 10 Databases

Research:

 

Primary Site:

2 CAS/HUB – Primary Witness

5 MBX – 1 witness

Secondary Site:

5 MBX and 2nd witness (Alternate witness)

2 CAS/HUB

Based on the current deployment where we have 2 sites and identical number of nodes (cluster-wise) on both sides, what would happen if the link goes down while servers are still up?

Scenario 1: You have two sites and the WAN link between the sites goes down,

 Image

One DAG with 10 members and 10 databases,

WAN link between the sites goes down (DAC doesn’t come into picture)

  1. Once when the WAN link goes down, the communication between the sites are disrupted.
  2. As a result the Secondary DR Site will loses its quorum and will not be able to continue,
  3. Primary site still can maintain a quorum as it has 6 votes (5 Nodes + 1 FSW). (Node and File Share Majority)
  4. Also the databases which were active in the DR site will be failed over to Primary site based on the preferences, which will be taken care by PAM (primary active manager) active on the Primary site.

Note: If AD replication between the sites are fine, then the databases will be failed over to the primary site, else database will be dismounted on the DR site and we need to manually use the command to mount them on the Primary site,

Move-ActiveMailboxDatabase <Database Name> -ActivateOnServer <target server>

  1. Now the DAG is completely operational.
  2. If the WAN link comes back online, then a manual interruption is required to restore the services again, like moving the active database copies to the DR site.

Scenario 2:

 a.       Primary Site goes down – DAGONLY (Dac mode is turned on)

 Datacenter Activation Mode is a mode specifically for multisite Data Availability Groups with 3 or more members.

It is there to stop datacenter DAG split brain syndrome with the help of a protocol calledDatacenter Activation Coordination Protocol (DACP)

DAC operates this using literally a bit that it flips 0 or 1. “0” meaning it cannot mount a database and upon talking to other DAG members using DACP and finding another server with 1, will mount the databases as it knows it is allowed to.

 Image

  1. Now the Primary site is down due to some reason, it has lost its quorum.
  2. As the Dag is not operational, hence a datacenter switchover is required
  3. Steps involved in Datacenter switchover,
  4. Stop the primary site,

 Stop-DatabaseAvailabilityGroup -Identity DAG1 -ActiveDirectorySite <Primary Site> –ConfigurationOnly

   5. Stop DAG members,

 Stop-DatabaseAvailabilityGroup -Identity DAG1 -MailboxServer <DAGmembersinPrimarySite> –ConfigurationOnly

 

   6. Restore Dag on the DR site using the following command,

 Restore-DatabaseAvailabilityGroup -Identity DAG1 -ActiveDirectorySite <DR Site> -AlternateWitnessServer <HUBServer> -AlternateWitnessDirectory <WitnessDirectory Path>

 The Restore-DatabaseAvailabilityGroup cmdlet performs several operations that affect the structure and membership of the DAG’s cluster. This task will:

  1. Forcibly evict the servers listed on the StoppedServersList from the DAG’s cluster, thereby reestablishing quorum for the cluster enabling the surviving DAG members to start and provide service.
  2. Configure the DAG to use the alternate witness server if there is an even number of surviving DAG members.

 7. Mount the database on the DR Site,

Move-ActiveMailboxDatabase -Server <DAGMemberinPrimarySite> -ActivateOnServer <DAGMemberinDRSite> -SkipActiveCopyChecks –SkipClientExperienceChecks –SkipHealthChecks -SkipLagChecks

 

Scenario 3:

 

  1. b.      Primary Site goes down –(Dag mode is turned OFF)

 

When the DAG isn’t in DAC mode, the specific actions to terminate any surviving DAG members in the primary datacenter are as follows:

  1. The DAG members in the primary datacenter must be forcibly evicted from the DAG’s underlying cluster by running the following commands on each member:

net stop clussvc

cluster <DAGName> node <DAGMemberName> /forcecleanup

 

  1. The DAG members in the second datacenter must now be restarted and then used to complete the eviction process from the second datacenter.

Stop the Cluster service on each DAG member in the second datacenter by running the following command on each member:

net stop clussvc

 

  1. On a DAG member in the second datacenter, force a quorum start of the Cluster service by running the following command:

 

net start clussvc /forcequorum

 

  1. Open the Failover Cluster Management tool and connect to the DAG’s underlying cluster. Expand the cluster, and then expand Nodes. Right-click each node in the primary datacenter, select More Actions, and then selectEvict. When you’re done evicting the DAG members in the primary datacenter, close the Failover Cluster Management tool.

When the DAG isn’t in DAC mode, the steps to complete activation of the mailbox servers in the second datacenter are as follows:

  1. The quorum must be modified based on the number of DAG members in the second datacenter.

If there’s an odd number of DAG members, change the DAG quorum model from a Node a File Share Majority to a Node Majority quorum by running the following command:

cluster <DAGName> /quorum /nodemajority

  1. If there’s an even number of DAG members, reconfigure the witness server and directory by running the following command in the Exchange Management Shell:

 

Set-DatabaseAvailabilityGroup <DAGName> -WitnessServer <ServerName>

 

  1. Start the Cluster service on any remaining DAG members in the second datacenter by running the following command:

 

net start clussvc

  1. Perform server switchovers to activate the mailbox databases in the DAG by running the following command for each DAG member:

Move-ActiveMailboxDatabase -Server <DAGMemberinPrimarySite> -ActivateOnServer <DAGMemberinSecondSite>

  1. Mount the mailbox databases on each DAG member in the second site by running the following command:

Get-MailboxDatabase <DAGMemberinSecondSite> | Mount-Database

More information on DAC:

How DAC mode works :  http://technet.microsoft.com/en-us/library/dd979790(v=exchg.141).aspx

Understanding DAC      :  http://technet.microsoft.com/en-us/library/dd351049.aspx

Regards,

Ganesh G

ganeshg1990

Script to Get the member counts in all DL which are enabled for receiving external emails

=====================================================================

#Script to Get the member counts in all DL which are enabled for receiving external emails

#Start Script

Start-transcript C:\Results_DLMembercount.txt
$DistGrp = Get-DistributionGroup -resultsize “Unlimited” | where {$_.RequireSenderAuthenticationEnabled -eq “True”}
Foreach ($DistGrp in $DistGrp)
{
$DLName = $DistGrp.DisplayName
$Members = Get-DistributionGroupMember “$DistGrp”
$Count = $Members.count
$Count = “$DLName” + “ = “ + “$Count”
$Count
}
Stop-Transcript

#End of Script

==============================================================

 

ganeshg1990

Solution for Outlook Auto mapping – Exchange 2010 SP2 and above

Solution for Outlook Auto mapping – Exchange 2010 SP2 and above

 For Specific OU Users

  1. Created a OU named “Automap” and added two users to it named “Manisha Tunk ” & “Pramod”.
  2. Administrator is the user who has full access on both the mailbox in this Automap OU.
  3. Now our action plan is to remove auto mapping for the administrator , to avoid those two profiles being added to the administrator’s outlook when its loaded.
  4. The attribute which is working behind automapping is “msExchDelegateListLink”, it has the list of users who have fullaccess on the mailbox.
  5. So we can either set this attribute to null or we can just follow the below steps to remove automapping via exchange powershell (Only applicable for Exchange 2010 SP2 and above), Same is available here – Technet   

Auto1

 

Auto2

 

For all the users in the Org to remove auto mapping for a user named “Administrator”

Below command just gives the user “Administrator” full access to all the mailboxes, Here by default Automapping is set to true,

I.e., msExchDelegateListLink has this value added to the respective mailboxes

Auto3

 

When the administrator opens the Outlook,Now outlook will display all the mailbox on which the administrator has full mailbox access,Most of them doesn’t want this to happen,

Hence we tweak “-automapping” value to be false

Auto4

 

Below command adds full mailbox access to the user “Administrator” and disables the automapping

Get-Mailbox | % {Add-mailboxpermission -user “Administrator” -accessrights “FullAccess” -identity $_ -Automapping $false}

 

Auto5

 

Now find the administrator’s profile below,

Auto6

 

Profiles are not automapped, as we have set the automapping to $false

Post in your feedback/queries/and what ever you want to say about this piece of info 🙂

-Ganesh G

ganeshg1990

Offline Address Book – Understanding

Offline Address Book – Understanding

Let’s first go back to our good old days from where the OAB concepts originated,

The offline address book is a snapshot of the Active Directory service information that is available in the global address list. Therefore, some information is available in the global address list that is not available in the offline address book. The offline address book does not contain the following items that are available in the global address list:

  • Custom properties in Active Directory that an administrator has added (for example, the Employee ID of each employee)
  • Organization hierarchy information
  • Group membership information

Outlook must be able to access the server to obtain this
information. Therefore, if you are in cached mode and if you are working online(that is, your connection status indicates “Connected”), Outlook uses both the offline address book and the global address list to provide a complete listing of user information.  If you are in cached mode and if your connection status shows either “Disconnected” or “Offline,”you can see only the information thatis available in the offline address book.

Exchange 2003 days, Definition as per TechNet (So nothing i need to talk from my perspective 🙂 )

Offline Address Book provides offline access to directory information from the global address list (GAL) and from other address lists, each night, Exchange generates new offline address book files and places them in a special public folder, known as a system folder, for Outlook to download. The offline address book files are compressed before they are added to the offline address book system folders so that the download to Outlook is minimal. Outlook is scheduled to check periodically for new offline address book files in these system folders, and download the required files.

Exchange Server and Active Directory work together to maintain the offline address book, keeping it synchronized with changes that may be made in the directory.

Generated OAB will be stored in the public folders for the users to download. System attendant service was responsible for the generation process.

Components involved in the generation process are,

  1.        Microsoft Exchange System Attendant
  2.        Microsoft Exchange Information Store  
  3.        Directory servers
  4.        Recipient Update Service.

System attendant call the Oabgen.dll

In turn the oabgen (MAPI Application) read the Active directory and creates OAB Version 2, OAB Version 3a, and OAB Version 4 folders.

Image

Exchange 2k3 Offline address lists are stored in two locations

1. The Active Directory

2. The Microsoft Exchange Public Folder Information Store.

Exchange 2k7/E2k10 Offline address lists can be stored in three
locations

1. The Active Directory

2. The Microsoft Exchange Public Folder Information
Store.

3. File Structure \\MBX Server \ExchangeOAB\GUID

Exchange 2013, those are stored in Arbitration mailbox and CAS

As there are numerous articles on the internet which talks about the Distribution part, Below are few for your ref,

This article is from the OAB Guru DGoldman,

http://blogs.msdn.com/b/dgoldman/archive/2006/08/25/how-exchange-2007-oab-files-are-replicated-to-a-client-access-server-for-download.aspx

Post in ur queries, lets learn from each other 🙂

Ganesh G