Skip navigation

Category Archives: Exchange 2010

How to delete the default database in Exchange 2010

You’ll probably want to delete the default database that is created when you build a new Exchange 2010 server. So you’ve moved all the mailboxes that you can see to another database. And then you’ll remove the database.

But if you do try, then you’ll get the following message:

Key Error Messages

The mailbox database ‘Mailbox Database <Numeric>’ cannot be deleted.

This mailbox database contains one or more mailboxes or arbitration mailboxes.

Cause

This is because there are hidden mailboxes.

Solution

Here’s how to find them, move them and then remove the database.

Find them

You’ll need to use the EMS, The Exchange Management Shell, for this.

  1. Use the Get-Mailbox – Database command as I have in the image below:

  2. You’ll see the SystemMailbox, as listed in the image above. You may see more than one mailbox in your listing.
  3. Copy the mailbox name(s) to notepad.

 

Move them

Still within the EMS…

  1. Use the New-MoveRequest command as seen in the image below, pasting back in the mailbox name you copied in the Find them steps above.

  2. If you need to move your arbitration\system mailboxes to a specific database, you could instead use the New-MoveRequest command but add the following switch:

    -TargetDatabase “Database_Name” as shown in the image below.

  3. When you do your move-request, Exchange will queue the move. In the background, Exchange 2010 will perform the move, just as it does for a move performed from EMC.
  4. Repeat step 1 or 2 if you have more mailboxes like this to move.
  5. Use Get-MoveRequest to check that the move has worked:

    You could do this within Move Request in the Exchange Management Console GUI, but you wouldn’t be able to confirm which database the mailbox had moved to.

Remove the database

Remove the database in the usual way in the Exchange Management Console.

I hope this has helped you.

Advertisements

How to resolve Exchange ActiveSync problems between Exchange and the iPhone

Part II

My Test Lab has moved onto Exchange 2010 on Windows Server 2008. And I now have an iPhone 4. And it’s great – I can have as many Exchange accounts as I like now. But that’s really due to the update to iOS4, and so you can do this too on your iPhone 3GS or your iPhone 3G.

And now I have four Exchange accounts. I never log on to a computer for three of these user accounts. But I access the mailboxes of all three though my main user and Exchange account, via Outlook.

But now, two of the three accounts (that I never log into) are failing on the iPhone with the following message:

Now I had a feeling that if I simply changed the password for the user accounts, that all would be well. But I wanted to find out why two accounts were working and two were not.

The ‘Cannot Get Mail‘ and the ‘Password Incorrect‘ messages that given out by the iPhone are generic messages. It would seem that there are many reasons for this error message. I searched the Internet, looking for a solution. There are many suggestions out there but I did not find one that helped in my situation. I’m not really a fan of suggestions that have no tests that would indicate that the suggestion would be valid. It means that we are no closer to a solution; if it works, it is only a fix.

The solution for this case turned out to be quite simple. You can jump straight to the solution at the end of this document if you’d like! But I’ll run through the troubleshooting steps I took now.

My Exchange and iPhone setup

My setup has moved on since my last blog on iPhone and ActiveSync problems.

Here are the relevant details to my scenario in my test lab:

  • Windows Server 2008 R2
  • Exchange 2010 Server with POP3 and IMAP services configured
  • Exchange 2010 Client Access Server (CAS) 
  • Exchange 2010 DAG with two member Mailbox Servers
  • iPhones with many mailbox accounts configured for ActiveSync.
  • A certificate (non-self-signed) configured for my Client Access Server

    
 

This scenario will probably be similar to many business implementations, though some may not configure Exchange 2010 for high availability but might elect for a single server. Of course, larger businesses will deploy more Exchange Mailbox Servers.

For the purposes of this troubleshooting exercise, it does not matter whether there is a DAG with member servers or the problem mailbox resides on a single server.

To successfully work through this document, you will need to have administrative access to your Exchange Server. If you don’t, then you may need to enlist the help of your friendly Exchange Administrator.

Key Error Messages

Cannot Get Mail – The username or password for <name> is incorrect

Password Incorrect – Please enter the password for <name>

A Web Exception occurred because an HTTP 401 – Unauthorized response was received from IIS7

Troubleshooting

For completeness, I’ll touch on some of the early things that I looked at:

  1. Re-entered the password several times on the iPhone.

    OK. So I sort of knew that this wasn’t going to work but, good to at least eliminate this as the problem.

  2. Compared Mailbox settings between one mailbox that was working and another that wasn’t.

    Found no differences.

  3. Compared User Account properties between one working user and one non-working user.

    Again, I found no differences.

  4. Increased logging for ActiveSync

    Found no significant error messages in the event logs.

 

Use the Microsoft Exchange Remote Connectivity Analyzer

This is a very useful service accessed via the web at https://www.testexchangeconnectivity.com.

This service is also accessible via the Toolbox in the Exchange Management Console.

Before using it – it can test a range of services – it is recommended that you set up a test account to use with it, in order to prevent exposing real accounts over the Internet. But in this situation, we have no choice but to use the account that we have a problem with.

We’ll at least make sure that the padlock is showing. And we will later change the password to this account.

Select the Exchange ActiveSync test and click Next.

In the next screen, you’ll be asked to fill in details that will allow the service to perform the test.

For the purposes of my setup, I will need to ‘Manually specify my ActiveSync server’ and I’ll need to select ‘Ignore Trust for SSL’ since my certificate isn’t trusted all the way to a root CA.

Fill in all other required fields and click Perform Test.

When I performed this test for one of the non-working user accounts I got the following result:

Expanding the Test Steps, I found the following error message:

ExRCA is attempting to send the OPTIONS command to the server.

Testing of the OPTIONS command failed. For more information, see Additional Details.

    Additional Details:

A Web Exception occurred because an HTTP 401 – Unauthorized response was received from IIS7

 

Searching the Internet for any information on the above error yielded no credible answer for my particular problem.

Test ‘direct’ Outlook Connectivity

As mentioned, I had never logged into a computer using any of three of the accounts I use with my iPhone. And I therefore hadn’t logged into the two that weren’t working. Would Outlook have any problems with these accounts?

Would I even be able to logon?

Here’s what happened.

The error message indicated that some password policy was in effect. I knew that I had not set such a password policy. But I remembered that Windows Server 2008 brought with it increased levels of security. A bit of research confirmed this to be the case.

http://technet.microsoft.com/en-us/library/cc264456.aspx

I noted from this page in particular that the default Maximum password age is now set to 42 days. I noted too that “…By default, the value for this policy setting in Windows Server 2008 is configured to Disabled, but it is set to Enabled in a Windows Server 2008 domain for both environments described in this guide.”

Root Cause

Most all of my user accounts have ‘Password never expires’ set. But this was not set for my three new User and Mailbox accounts. This was no doubt due to the fact that you can create a mail-enabled new user from the Exchange Management Console – ADUC is not visible in this process and so I neglected to check the User Account tab properties.

Solution

  1. Set a new password.
  2. Select ‘Password never expires’

    Note that corporate implementations will likely not allow your user account to be modified in this way. If this is the case, then you likely are already used to changing your network password every so often.

  3. On the iPhone, in Settings, navigate to the Mail settings and enter the new password.

 

The Background

I had just finished installing the Hub and CAS role to my Exchange 2007 mailbox server. The not to distant plan is to next safely decommission the existing Exchange 2007 Hub and CAS server. The plan is to then press the hardware into being an Exchange 2010 Hub and CAS server. I already had an Exchange 2010 server that performed the Hub, CAS and Mailbox roles and that had worked well within my very mixed Exchange Organization.

I hadn’t logged into that Exchange 2010 in a month or so. Having checked that my Exchange 2003 and Exchange 2007 servers were well, it was time to check on the Exchange 2010 server…

 

Key error messages and symptoms

Error Messages:

Initializing.. Attempting to connect to the specified Exchange server

An error caused a change in the current set of domain controllers. It was running the command ‘Get-….

Symptoms:

Slow to start, or non-starting Exchange Management Console.

Problem

On the Exchange 2010 server, I tried to start the Exchange Management Console (EMC). Where this used to work flawlessly and quickly too, this was taking a long time to start up. Within the EMC, I would see the error:

Initializing.. “Attempting to connect to the specified Exchange server”

 

When I did get manage to get the EMC to somewhat start, patience was the key here, error messages like this (see image below) appeared on-screen.

 

 

This error popped up as I clicked the Organization Configuration section within the left hand pane of the EMC. But I’d get similar errors as I clicked on the Server Configuration and Recipient Configuration sections too.

Resolution

 My first visit was to the Event Viewer where I spotted the error message below:

 

 

 

Recognising that the error mentioned one of my servers, AVONTE, I checked the network connections for this server. It all pinged and trace-routed OK.

Then I checked DNS. I’d noted before that avonte, from the DNS console of another server, wasn’t showing properly. It had the big red x but I wasn’t worried. AVONTE was an elderly Exchange 2003 server and other DNS server were working. And my Exchange 2007 servers were working.

But looking further, I noticed (again) that another server, NIA, was still in DNS. I’d decommissioned NIA a year ago. It seemed to go well, and everything worked well – Exchange 2003 and Exchange 2007 were working fine. I wasn’t minded to remove NIA from DNS back then and with hindsight, I should have tidied up sooner.

NIA somehow has the same IP address as AVONTE.

Once I removed NIA from DNS – as well as being an A record, it was still down as a Name Server (NS) – the EMC started flawlessly.

I’ve always extolled the virtues of a clean DNS – having seen an unwell DNS take down Exchange in the past. I must remember to be virtuous in my test lab!

I hope this has been useful for you.