Bhargav's IT Playground

Passion for Technology. Power of Messaging.

Archive for category Exchange 2007

What does New-ExchangeCertificate –confirm do?

Jan 21

Posted by Bhargav in Exchange 2007, Exchange 2010, Troubleshooting | No Comments

Depends who is asking.

Let’s assume a scenario where you are trying to create a new self-signed certificate on Exchange 2007 using a script. You run the command “New-Exchange Certificate – Services “IMAP, POP3, IIS, SMTP” –Confirm:$false”. The script stops at a prompt when it tries to confirm overwrite of existing SMTP certificate (because current self-signed certificate is assigned to that function). Since this is breaking your script, you decide to throw in –force to force override of the prompt.

Now you face another error: “Parameter set cannot be resolved using the specified named parameters.

This is because –Force serves different purpose in Exchange 2007. According to TechNet:

Use this parameter switch to overwrite an existing certificate request file that matches the same file path as specified in this cmdlet. By default, this cmdlet will not overwrite existing files.

Unfortunately, there is no way you can override the dreaded SMTP certificate prompt in Exchange 2007 (that I know of).

Now let’s turn our attention to Exchange 2010. Since New-ExchangeCertificate cmdlet does not directly write to a file, –force serves the purpose you expected in previous scenario. According to TechNet:

The Force switch specifies whether to override the confirmation prompt and set the new self-signed certificate as the default certificate for TLS for internal SMTP communication. By default, this cmdlet requires a confirmation before setting the new certificate as the default certificate for TLS encryption of internal SMTP communication.

So in case you were wondering, there you go.

  • Share/Bookmark
Print

Tags: , ,

Logs not truncated after VSS Backup in Exchange 2007 SP2 or Exchange 2010

Nov 2

Posted by Bhargav in Exchange 2007, Exchange 2010, Troubleshooting | 1 Comment

Release of Exchange 2007 SP2 brought much awaited feature – VSS Backups!

This was exciting. You were now able to take Exchange Server Backups on Windows Server 2008 without third-party backup software.

That was until after you ran your first backup, or a few more if you weren’t watching! That is when you noticed that the backups have not failed but the transactions logs did not truncate either!

What could go wrong with Exchange? Why is it not truncating logs? The backups have not failed.

Trust me, there is nothing wrong with Exchange. Exchange is fine!

The problem is with the way backup is run. When you run the backup and select “Everything”, The VSS default is “Copy” backup. When you run “Copy” backup, it does not change archive bit. In this case, it does not truncate transaction logs.

You need to make sure when you run the backup to create a custom backup and make sure it is “Full” backup and not a “Copy” backup. When you run a “Full” backup, Exchange will truncate transaction log files as expected after backup successfully completes.

  • Share/Bookmark
Print

Tags: , ,

Why is Exchange 2007 SP2 not supported on Windows Server 2008 R2?

Sep 21

Posted by Bhargav in Exchange 2007, Exchange Server, Supportability | No Comments

This is a tough question to answer as a PFE when I work with customers for whom, the release of both products came almost around the same timeframe. For many things, we rely on product groups to answer such questions and Exchange Team has answered it on their recent blog post.

I am sure there will be many more questions around this post. I am looking forward to reading interesting discussions that will follow.

On the lighter side of life, if you are getting ready to shoot someone for this issue, make sure that’s not me as I have nothing to do with how those decisions are made, neither do I have any input in that process. I’m just the messenger.

  • Share/Bookmark
Print

Tags: ,

Disable Certificate Revocation Check

Jul 11

Posted by Bhargav in Exchange 2007, Setup, Troubleshooting | No Comments

If your Exchange 2007 servers are not connected to internet (which for most cases should be true), installation of Rollup Update can hang and/or Exchange 2007 managed code services do not start. This happens due to Certificate Revocation check for certificate used to sign the code. It is documented here and here.

For Rollup Installation, You can address this one of two ways:

Turn off certificate revocation check in Internet Explorer

In Internet Explorer –> Tools –> Internet Options –> Advanced tab
In the Security section, uncheck or clear the box for two options mentioned below:

Check for publisher’s certificate revocation
Check for server certificate revocation

Turn off certificate revocation check in registry

In registry editor browse to the following key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing

Change Value “State”  to 146944 Decimal or 0×00023e00 Hexadecimal

Either way, you should not leave these settings intact after installation of Rollup update. Do not forget to revert the changes. I don’t think you will ask me for steps to revert it if you used IE method. If you changed registry, I have listed details below.

Turn on certificate revocation check in registry

In registry editor browse to the following key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing

Change Value “State”  to 146432 Decimal or 0×00023c00 Hexadecimal

 

If you are facing second issue which is Exchange 2007 managed code services do not start after installation of Rollup Update is installed, you will want to create or change the configuration files as discussed in articles mentioned above. If you are not running .Net Framework 2.0 SP1 or above, you need to apply software updates mentioned in KB944752.

The process of creating or changing configuration files may seem daunting task. Especially if you need to do it on many servers. Guillaume Bordier has created PowerShell script to automate this task. You can read more about it here.

  • Share/Bookmark
Print

Tags:

Exchange 2007 Setup Error: Setup Cannot use Domain Controller…

May 28

Posted by Bhargav in Exchange 2007, Exchange Server, Setup, Troubleshooting | 1 Comment

On one of my tests I was trying to add Hub role to a server that already had Mailbox role installed. When I started the setup, I got an error and pre-requisite check failed with error “Setup cannot use domain controller ‘dc1.mytest.int’ because an override is set in the registry.”

I then tried to run setup with “/domaincontroller dc2.mytest.int” which failed with same error as well.

It was interesting. What could be causing this issue? I remembered that few minutes ago I had run command:

Set-ExchangeServer -Identity exch1 -StaticExcludedDomainControllers dc1.mytest.int

I was trying to have my Exchange servers only connect to only one out of two Domain Controllers I had setup. I tried to reverse this by running:

Set-ExchangeServer -Identity exch1 -StaticExcludedDomainControllers $null

I ran the setup again and it still failed with same error!

After doing some research I found out that when I created exclusion, a registry entry was created for “ConfigDCHostName” at:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ Services\MSExchangeADAccess\Instance0

The entry had no value assigned. I deleted the “ConfigDCHostName” entry and gave setup another try.

Setup worked without any issues this time!

Quote of the day:

It is a mistake to think you can solve any major problems just with potatoes. – Douglas Adams

  • Share/Bookmark
Print

Tags: , ,