Microsoft Exchange

“Assign Policy” option missing for Outlook users.

Posted on Updated on

I have always wondered why I was the only one in my whole organization that has the option ‘Assign Policy’ in Outlook.  I am the Exchange Engineer and administrator, but I don’t remember giving myself exclusive permissions.  Searching online also did not give me what I was looking for.

Assign_Policy

If you are like me, who searched online and did not find any answers.  Here is how I fixed this issue for regular users.

I am using Exchange 2013, to allow your users to assign their own policies, follow the steps below

  1. Login to Exchange Admin Center (EAC)
  2. Go to Permissions > User Roles and modify your default Role Assignment Policy, or whichever policy is assigned to your users.
  3. Check the box for ‘MyRetentionPolicies’ and that should give users permissions they are missing.

MyRetentionPolicy

Remove public folder user with multiple access rights

Posted on Updated on

I have come across an issue where users are assigned different permissions on public folders and I need to remove them fast.

Here is a link where I got the idea on how to go about doing it:  http://blogs.technet.com/b/dblanch/archive/2013/12/03/managing-exchange-public-folder-permissions.aspx

And here is the final script that worked for me:  Example entries for user can be “*lastname*”, “*NT USER:*” for deleted users

$test = Get-PublicFolder “\public folder\folder1” -Recurse | Get-PublicFolderClientPermission | ?{$_.User -like “*user*“} $test | ForEach {Remove-PublicFolderClientPermission -Identity $_.Identity -User $_.User -AccessRights $_.AccessRights -WhatIf}

I hope this script would help other users out there who are running into the same issue as I am.  Please leave a comment if you have any questions.

Exchange 2010 and MaxInbound ConnectionPerSource

Posted on Updated on

The exchange receive connectors do have settings for Maximum Inbound connection which is set to 20 by default.  If a server allowed to send emails reach this limit, you would see a log on the Exchange server.

Event 1021, MSExchangeTransport

Receive connector ‘name of connector’ rejected an incoming connection from IP address ‘server ip’.  The maximum number of connections per source (20) for this connector has been reached by this source IP address.

To verify the status of the receive connector, run the following cmdlet:

Get-ReceiveConnector ‘name of connector’ | select name, maxinbound*

To adjust the limit of the receive connector, run the following cmdlet:

Set-ReceiveConnector ‘name of connector’ -maxinboundconnectionpersource <value>

How to find users with ActiveSync and OWA enabled

Posted on Updated on

We had an auditor come in and asked us to get a report on users that currently have ActiveSync and OWA enabled.  And here is a powershell that allows you to get those information and save it to a file.

get-casmailbox -resultsize unlimited | ft DisplayName,ActiveSyncEnabled,OWAEnabled | Out-File c:\result.txt

I am still trying to find a way to set both ActiveSync and OWA to disabled for any new users.  Please feel free to comment if you have anything in mind.  I have seen a couple of examples for Powershell which work, but I am not necessarily the only one creating new users and they may have not access to powershell.

Event 2028, MSExchangeIS Public Store, how to troubleshoot?

Posted on Updated on

Before I was able to figure out this issue, I have been receiving more than 100 of these alerts in Exchange.

 

The delivery of a message sent by public folder <publicfolder> has failed.

To: user@user.com

 

Cc:

 

The non-delivery report has been deleted.

 

The event ID does not give you a lot of information and it is hard to figure out where this is coming from.

By default, mail-enabled Public Folders are not able to receive NDRs that is why you are seeing these alerts in the logs.

Here are the steps I took to figure out where the emails are being generated:

1.  Login to Exchange Management Console, open the Public Folder Management Console and drill down to the public folder mentioned in the event ID.

2.  Right-click on the public folder, properties, Mail Flow Settings, Delivery Options and then add an email address where you want all NDRs to be sent (All other emails are also forwarded just an FYI).  And DO NOT forget to check the box ‘Deliver message to both forwarding address and mailbox’ so that the regular emails are still being received on the mail-enabled public folder.

Once all settings above are setup, the NDRs will be forwarded to the email specified in the forwarding address field.  And the NDRs will give you all info you need as with a regular NDR.

In my case, the emails are being generated externally by our vendor and I had to quarantine the emails on our SPAM firewall so they no longer reach the Exchange Server.

I hope this helps.

 

I also added this same comment to the forum in http://social.technet.microsoft.com/Forums/exchange/en-US/91d6b279-4090-467d-9880-d4894632e2f1/event-id-2028-the-delivery-of-a-message-sent-by-public-folder-has-failed?forum=exchange2010&prof=required.

 

Exchange Logs filling up – what to do?

Posted on Updated on

Today, I noticed that one of our logs drives are filling up rapidly.  I was able to move the unused logs to a different drive but the logs continued to grow (check this link on how to move the unused logs https://wikipinoy.wordpress.com/2014/08/18/how-to-free-up-exchange-log-drive-space-when-it-fills-up/).

Here are some things you can do to figure out what is causing the logs to fill up:

1.  I just migrated 3 iPhone users yesterday to the mailbox and I thought they may be causing issues.  Confirmed with the users that they have not installed the latest IOS yet.  Here is an article from Microsoft that talks about that.

Rapid growth in transaction logs

2.  To confirm my suspicion, I downloaded EXMON (http://www.microsoft.com/en-us/download/details.aspx?id=11461) from Microsoft and installed it on my Exchange Server.  And ran a trace to find out what user may be causing the issue.  And bingo, the 3 users I migrated last night showed in the top 5 users with the highest CPU usage and Log bytes.

You can either ask the users to update to the latest version of IOS or follow Microsoft’s recommendation in the link in step 1.

Note:  Also check the logs in your Exchange server for any errors.  I noticed that large amounts of NDRs with Event ID 2028 (MSExchangeIS Public Store) causes the logs to fill up in my case.

 

traceerror

If you are getting this error when trying to re-launch EXMON, make sure that there are no processes running for this app.

From the command prompt, run logman query -ets to find out if ‘Exchange Event Trace’ is running.

Run the commands logman stop “Exchange Event Trace” -ets to stop

How to export a mailbox using Exchange PowerShell

Posted on Updated on

Here I am going to show you how to archive mailboxes to PST and how to deal with errors along the way.  When I first attempted the export in Exchange 2010, I ran across 2 error messages which prevented me from exporting a mailbox.  Below are the steps I performed to correct the issue.

1.  The very first step is to make sure the user running the export command have necessary permissions:

In Exchange 2010 ECP, go to Roles & Auditing and you may have to add a new Role called ‘Mailbox Import Export Role’ to the user.  Under Role Groups, select New, Enter the Name of the Role and you can set the scope to default.  Under Roles, add ‘Mailbox Import Export Role’ and under members, add the group or user who will be running the export command.

If the role is not setup before running the export, the process will have an error ‘Couldn’t find the Enterprise Organization container’.

2.  Next step is to create a share, preferably on the Exchange server to where all the archive emails will be saved.  Make sure to add FULL share and security permissions for Exchange Trusted Subsystem (normally found in your root domain – root\Exchange Trusted Subsystem) and SYSTEM.  If you are running the Information Store with a specific service account, then you will have to add that account too.

If the permissions are not setup correctly, an error will be displayed after running the export command: ‘Unable to open PST file ‘\\location\name.pst’.  Error details:  Access to the path is denied.

Note:  When I tried to google for an answer to this error message, I only came across articles suggesting to add the ‘Exchange Trusted Subsystem’ to the shared folder.  And unfortunately, it did not fix my issue.  I found the SYSTEM in all of my built-in Exchange shares and that is what lead me to the resolution.

3.  Export the mailbox by running the command:

New-MailboxExportRequest -Mailbox name -Filepath \\UNC_path_from_step_#2\name.pst

4.  After successfully running the export command, you can run the Get-MailboxExportRequest to see the status of the export.

I hope this article helps other users out there who are trying to export mailboxes for the first time.