Skip navigation

Category Archives: Exchange Server

How to delete the default database in Exchange 2010

You’ll probably want to delete the default database that is created when you build a new Exchange 2010 server. So you’ve moved all the mailboxes that you can see to another database. And then you’ll remove the database.

But if you do try, then you’ll get the following message:

Key Error Messages

The mailbox database ‘Mailbox Database <Numeric>’ cannot be deleted.

This mailbox database contains one or more mailboxes or arbitration mailboxes.

Cause

This is because there are hidden mailboxes.

Solution

Here’s how to find them, move them and then remove the database.

Find them

You’ll need to use the EMS, The Exchange Management Shell, for this.

  1. Use the Get-Mailbox – Database command as I have in the image below:

  2. You’ll see the SystemMailbox, as listed in the image above. You may see more than one mailbox in your listing.
  3. Copy the mailbox name(s) to notepad.

 

Move them

Still within the EMS…

  1. Use the New-MoveRequest command as seen in the image below, pasting back in the mailbox name you copied in the Find them steps above.

  2. If you need to move your arbitration\system mailboxes to a specific database, you could instead use the New-MoveRequest command but add the following switch:

    -TargetDatabase “Database_Name” as shown in the image below.

  3. When you do your move-request, Exchange will queue the move. In the background, Exchange 2010 will perform the move, just as it does for a move performed from EMC.
  4. Repeat step 1 or 2 if you have more mailboxes like this to move.
  5. Use Get-MoveRequest to check that the move has worked:

    You could do this within Move Request in the Exchange Management Console GUI, but you wouldn’t be able to confirm which database the mailbox had moved to.

Remove the database

Remove the database in the usual way in the Exchange Management Console.

I hope this has helped you.

How to resolve Exchange ActiveSync problems between Exchange and the iPhone

Part II

My Test Lab has moved onto Exchange 2010 on Windows Server 2008. And I now have an iPhone 4. And it’s great – I can have as many Exchange accounts as I like now. But that’s really due to the update to iOS4, and so you can do this too on your iPhone 3GS or your iPhone 3G.

And now I have four Exchange accounts. I never log on to a computer for three of these user accounts. But I access the mailboxes of all three though my main user and Exchange account, via Outlook.

But now, two of the three accounts (that I never log into) are failing on the iPhone with the following message:

Now I had a feeling that if I simply changed the password for the user accounts, that all would be well. But I wanted to find out why two accounts were working and two were not.

The ‘Cannot Get Mail‘ and the ‘Password Incorrect‘ messages that given out by the iPhone are generic messages. It would seem that there are many reasons for this error message. I searched the Internet, looking for a solution. There are many suggestions out there but I did not find one that helped in my situation. I’m not really a fan of suggestions that have no tests that would indicate that the suggestion would be valid. It means that we are no closer to a solution; if it works, it is only a fix.

The solution for this case turned out to be quite simple. You can jump straight to the solution at the end of this document if you’d like! But I’ll run through the troubleshooting steps I took now.

My Exchange and iPhone setup

My setup has moved on since my last blog on iPhone and ActiveSync problems.

Here are the relevant details to my scenario in my test lab:

  • Windows Server 2008 R2
  • Exchange 2010 Server with POP3 and IMAP services configured
  • Exchange 2010 Client Access Server (CAS) 
  • Exchange 2010 DAG with two member Mailbox Servers
  • iPhones with many mailbox accounts configured for ActiveSync.
  • A certificate (non-self-signed) configured for my Client Access Server

    
 

This scenario will probably be similar to many business implementations, though some may not configure Exchange 2010 for high availability but might elect for a single server. Of course, larger businesses will deploy more Exchange Mailbox Servers.

For the purposes of this troubleshooting exercise, it does not matter whether there is a DAG with member servers or the problem mailbox resides on a single server.

To successfully work through this document, you will need to have administrative access to your Exchange Server. If you don’t, then you may need to enlist the help of your friendly Exchange Administrator.

Key Error Messages

Cannot Get Mail – The username or password for <name> is incorrect

Password Incorrect – Please enter the password for <name>

A Web Exception occurred because an HTTP 401 – Unauthorized response was received from IIS7

Troubleshooting

For completeness, I’ll touch on some of the early things that I looked at:

  1. Re-entered the password several times on the iPhone.

    OK. So I sort of knew that this wasn’t going to work but, good to at least eliminate this as the problem.

  2. Compared Mailbox settings between one mailbox that was working and another that wasn’t.

    Found no differences.

  3. Compared User Account properties between one working user and one non-working user.

    Again, I found no differences.

  4. Increased logging for ActiveSync

    Found no significant error messages in the event logs.

 

Use the Microsoft Exchange Remote Connectivity Analyzer

This is a very useful service accessed via the web at https://www.testexchangeconnectivity.com.

This service is also accessible via the Toolbox in the Exchange Management Console.

Before using it – it can test a range of services – it is recommended that you set up a test account to use with it, in order to prevent exposing real accounts over the Internet. But in this situation, we have no choice but to use the account that we have a problem with.

We’ll at least make sure that the padlock is showing. And we will later change the password to this account.

Select the Exchange ActiveSync test and click Next.

In the next screen, you’ll be asked to fill in details that will allow the service to perform the test.

For the purposes of my setup, I will need to ‘Manually specify my ActiveSync server’ and I’ll need to select ‘Ignore Trust for SSL’ since my certificate isn’t trusted all the way to a root CA.

Fill in all other required fields and click Perform Test.

When I performed this test for one of the non-working user accounts I got the following result:

Expanding the Test Steps, I found the following error message:

ExRCA is attempting to send the OPTIONS command to the server.

Testing of the OPTIONS command failed. For more information, see Additional Details.

    Additional Details:

A Web Exception occurred because an HTTP 401 – Unauthorized response was received from IIS7

 

Searching the Internet for any information on the above error yielded no credible answer for my particular problem.

Test ‘direct’ Outlook Connectivity

As mentioned, I had never logged into a computer using any of three of the accounts I use with my iPhone. And I therefore hadn’t logged into the two that weren’t working. Would Outlook have any problems with these accounts?

Would I even be able to logon?

Here’s what happened.

The error message indicated that some password policy was in effect. I knew that I had not set such a password policy. But I remembered that Windows Server 2008 brought with it increased levels of security. A bit of research confirmed this to be the case.

http://technet.microsoft.com/en-us/library/cc264456.aspx

I noted from this page in particular that the default Maximum password age is now set to 42 days. I noted too that “…By default, the value for this policy setting in Windows Server 2008 is configured to Disabled, but it is set to Enabled in a Windows Server 2008 domain for both environments described in this guide.”

Root Cause

Most all of my user accounts have ‘Password never expires’ set. But this was not set for my three new User and Mailbox accounts. This was no doubt due to the fact that you can create a mail-enabled new user from the Exchange Management Console – ADUC is not visible in this process and so I neglected to check the User Account tab properties.

Solution

  1. Set a new password.
  2. Select ‘Password never expires’

    Note that corporate implementations will likely not allow your user account to be modified in this way. If this is the case, then you likely are already used to changing your network password every so often.

  3. On the iPhone, in Settings, navigate to the Mail settings and enter the new password.

 

Background

 

This procedure is for when you absolutely can’t do anything with your Exchange 2007 Server. This procedure will help when: 

  1. Exchange is not functioning
  2. Your restore hasn’t worked, or your backups are non-existant or unreliable
  3. Your databases are still intact
  4. You cannot uninstall or reinstall Exchange 2007 by normal means

One way to resolve this problem might be to try to mount your databases on another functioning Exchange 2007 server. Once you have mounted your databases on another server, you can then work on the non-functioning server by following the manually uninstall step below. 

A good article for mounting your databases on another server is available at the link below: 

http://www.msexchange.org/tutorials/Moving-Exchange-Server-2007-database-Mailbox-servers.html 

But if you don’t have another Exchange 2007 server handy, you might like to consider the procedure below: 

  

WARNING 

Only consider the procedure below if you have exhausted all other avenues, including: 

  • Reviewing all servers in your network; the unavailability of DC’s, GC’s and DNS servers, or problems with DNS can lead to unpredictable problems with Exchange.
  • Restoring from backups
  • Escalating to Microsoft’s PSS if that is an option available to you

The procedure below was tested by myself in my Test Lab and so I can verify that it works. But every organization is different and so you should proceed with caution and at your own risk. You should revise the whole of this blog before proceeding.

 

Manually uninstall

Manually removing Exchange 2007 is not supported by Microsoft. If you take this path, Microsoft will likely not assist you should it go wrong. Microsoft would want you to remove Exchange 2007 from the control panel, but you have tried that and it has not worked. 

Before you follow this procedure, you will need to locate the Windows Installer CleanUp Utility. This was a utility that was primarily used to cleanup a failed Office install, but known to cleanup other Installer failures. Unfortunately, Microsoft has now removed it from their download sites – they had found that there were some situations where the Utility might damage other components.

 

Perform a search on the Internet for MSICUU2.exe. Take care to locate the right file – it’s a zipped exe with a size on disk of 352KB.

 

When you are ready, take the following steps:

1. Run setup /m:uninstall

You may find that if you were unable to uninstall Exchange 2007 from the Control Panel, you may not be able to perform the above step either. Don’t worry. Move on to step 2.

2. Stop and disable all the Exchange 2007 services

3. Use Registry Editor (Start->Run->Regedit) to remove these Exchange related registry keys:

  • HKLM\SOFTWARE\Microsoft\Exchange
  • HKLM\SYSTEM\CurrentControlSet\Services\MSExchange* (all the keys starting with “MSExchange”)
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft Exchange

4. Remove the entire Web Server role (don’t forget to reinstall afterwards as it’s a prerequisite for Exchange 2007!)

5. Remove the Exchange 2007 server from Active Directory using ADSIEdit. Action-Connect To. And then in the Configuration Settings window, select the Configuration context and click OK. See image below.

6. In ADSIEdit, expand Configuration through to CN=Services.

7. Expand Services. Expand CN=Microsoft Exchange. Expand CN=Your_Domain. Expand CN=Administrative Groups.

8. Expand CN=Exchange Administrative Group (FYDIBOHF23SPDLT)

9. Expand CN=Servers

10. Delete the target server. It will be of the form CN=<Server_Name>.to your domain CN=Domain. If you are unable to find your server listed as described, you may need to use LDP.EXE to firstly locate it.

11. Use Windows Explorer to delete:

  • C:\Program Files\Microsoft\Exchange Server
  • C:\ExchangeSetupLogs

12. Run the Windows Installer CleanUp Utility to remove all the Exchange related info from the installer database.

13. Remove the target server from any Exchange security groups.

 

  

Install Exchange 2007

Install Exchange 2007 by running setup normally. I would recommend that you install to the same service pack level as you had before your server disaster.

I came across a problem as I tried to install Exchange 2007 where I got an error as setup proceeded to Copy Exchange Files:

Error:

Error code is 1603. Last error reported by the MSI package is ‘Could not open key: UNKNOWN\Components\… Verify that you have sufficient access to that key, or contact your support personnel.

This problem may have occurred as a consequence of using the Windows Installer Cleanup Utility. Hopefully you won’t come across this problem. But to keep this blog short, I describe how I resolved this problem on another blog:

https://messageflip.wordpress.com/2010/07/30/cant-reinstall-exchange-error-code-1603/ 

 

 

Test Database Integrity by using eseutil

If you have gotten to this stage then your Exchange Server has been restored. If this was a mailbox server, then you will be looking to see if you can restore your databases.

Before you can progress, you’ll want to be sure that your databases are OK by verifying its integrity. You can do this by following the steps below:

  1. Open a command prompt window.
  2. Navigate to Exchange’s binary folder (usually at c:\Program Files\Microsoft\Exchange Server\Bin)
  3. Type in the following: eseutil /mh  (see image below).

 

 

You will notice that, in the image above, the State is ‘Clean Shutdown’.

This indicates that the database in this instance had shutdown correctly before the disaster occurred. The chances of this database being restored to the newly recovered server are very good. If your result for any of your databases are anything other than a ‘Clean Shutdown’ then you will need to use eseutil to repair the database. A discussion on repairing the database using eseutil is beyond the scope of this post, but there is plenty of information on the Internet on this procedure. I include a recommended link at the end of this post. If you need to repair any database, I would recommend taking a copy of your database firstly.

 

Mounting the Database

Once you have verified that your database(s) are good, you might like to take the following steps to mount your database:

1. Create a brand new database in a temporary folder on a disk and name this database the same as the old database that you are recovering

2. Mount the database

At this point, you have mounted a new, blank, database on your server. This database has exactly the same name as the old database.

3. Set the database as being able to be overwritten by a restore

You are now preparing the new database to be swapped out for the old database of the same name.

4. Dismount the new database

5. Rename the new database to *.old.

6. Copy the original database to the new temporary location.

7. Mount the database

The original database has now been recovered.

8. Move the database back to its original location on disk

9. Repeat steps 1-8 for any other databases that need to be recovered.

10. Delete any temporary *.old database files that you have used.

  

Outlook Problems?

At this stage, you have now recovered your server and your databases. But if you start Outlook you might see the following message:

As far as Outlook is concerned, the original server is not reachable. This has likely happened because certain user attributes have changed, or have even been deleted.

You can use ADSIEdit to see where the problem is. Navigate to a user and examine the user’s properties (see image below).

The two attributes to check are homeMDB and homeMTA. They follow a form similar to these below:

CN=Mailbox_Database_Name,CN=Storage_Group_Name,CN=InformationStore,CN=Server_Name,CN=Servers,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Domain_Name,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Domain_Name,DC=com

CN=Microsoft MTA,CN=Mailbox_Server_Name,CN=Servers,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Domain_Name,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Domain_Name,DC=com

If your respective attributes are different or missing, you will need to edit and then replace them for each user. You can do this within ADSIEdit and it is not too onerous if you have only a few users to edit. You can also use ADSIEdit to get key users up and running.

If you have more than a few users, I believe that there might be a Windows PowerShell method to deploy these changes to an OU. It should be fairly straightforward to develop a script to make the changes too, but this is beyond the scope of this article.

I hope that this has helped you in some way.

REFERENCES

Manually removing Exchange 2007.

http://blog.koenvermoesen.be/2009/01/23/manually-remove-exchange-2007/

eseutil repair options:

http://technet.microsoft.com/en-us/library/aa998249(EXCHG.80).aspx