The ability to sync a mailbox with Microsoft Exchange Server is a key element in your systems design. If this ability is non-existent then your system may as well be broken.  It’s important to remember that users will be relying on getting their mail, and if they can’t, then you’re going to have a problem.  Companies and organizations rely on System Administrators to maintain business continuity; letting something like a synchronization error slip through is just not an option. In order to prepare for issues like this, be sure that your system is updated to the proper service pack as well as the latest updates being applied to your users’ devices.

An example of this particular issue is when a mailbox won’t Sync to an Exchange Server 2010 environment. The mailbox is using Exchange ActiveSync and receives an error message during the sync process. Based on my past posts it seems that ActiveSync has been a common problem with some devices trying to access the server. Although most operating systems have released a patch to fix this issue, you should know that not all are currently optimized for working with an Exchange Server.

In this scenario our user account is part of a class in Exchange Server 2010 which is the InetOrgPerson object. When the user attempts to Sync with the server, they receive an error message which states:

• “Active Directory operation failed on DCName.domain.com. This error is not retriable. Additional information: Access is denied. Active directory response: 00000005: SecErr: DSID-03151E04, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0″.

Now this error is important to look over as it states a key problem that we are experiencing. As it states, “Access is denied” we know that this issue could be a problem with permissions. To further examine the error it also states, “INSUFF_ACCESS_RIGHTS” which pretty much tells us that the problem is because our user cannot and will not be able to Sync up all because of the permissions we have set on the user’s account.

Specifically as we find out trying to fix this issue, the InetOrgPerson object is the problem. This object doesn’t have the rights to Sync up.

Now why would you want to use the InetOrgPerson object in the first place? Well this particular object has its benefits. For example, it can make it a lot easier for you to migrate from LDAP directories to Active Directory Directory Services (AD DS). It’s also part of the user class which would explain why we’re getting this error as it’s most likely that the user was put under this object.

To fix this issue just make sure that your system is updated to Service Pack 3 on an Exchange Server 2010 environment. This is the only fix as this service pack was intended to fix only  a couple of errors, and this one happened to be a common enough complaint, which led to it being implemented in the Service Pack. If you have an issue that you would like to see implemented in the next service pack, be sure to email Microsoft about it and try to find more people who are experiencing something similar, as the more people you have the higher your chances are to see a fix in the next update.

You can also enable an existing InetOrgPerson by way of the cmdlet. But if you choose this route, then you should note that when the user receives an email for example, that the object will be created in the database.  For this example I’ll use the user “John Doe” and our database will be named User_data, the following command would create a mailbox for this user:

• Enable-Mailbox –Identity Doe/ John –Database User_data

Note that if this user is not in the database then there could be a potential issue. For example, if the user is not found in the database then Exchange could change the desired name to all question (?) marks instead of the user’s name. And if the user’s name contains non-ASCII characters, then the same problem will occur. To avoid this issue you should first verify that the user, that you are going to add a mailbox to, has a valid name, specifically an ASCII name. By doing so you will ensure that there is no potential mismatch.

The Exchange Team at Microsoft has long maintained one of the best and most active blogs of any Microsoft product group. “You Had Me At Ehlo” is not only a regular read for me, it is often the inspiration for my posts here at TheEmailAdmin. Recently, Jeff Mealiffe, the Senior Program Manager Lead for the Exchange Customer Experience posted an article on sizing Exchange 2013 that should be a must read for anyone currently considering an Exchange 2013 upgrade or new deployment. Ask the Perf Guy: Sizing Exchange 2013 Deployments is one of the longer posts to make it onto the Exchange Team Blog, but it’s also one of the most informative and detail filled posts I’ve seen in a long time. Here’s some of the highlights for you to consider. Continue reading Inside Exchange 2013, Part 12 – Sizing Does Matter

While every mobile operating system is different from another, it’s important to make sure you know how to fix some common problems on iOS. Most of these problems revolve around one simple issue: syncing. iOS has been having problems with Exchange Server ever since it came out. To give its manufacturer credit, they are usually always on top of releasing software updates to correct problems as soon as they become known. And although most of these fixes are successful, there are always a couple fixes that still need workarounds.

Unfortunately these issues don’t become known until after an update has been applied and a particular condition occurs where the update was not tested against during beta testing. Not every condition or application can be tested so it’s understandable, though unfortunate, that customers often are the ones to complete the final debugging of patches and updates. That’s why workarounds are usually implemented after an official update has been released to the public. These workarounds are meant to be temporary but on rare occasions they can become de facto long term fixes.

One example of this is when users of iOS are prevented from accessing an Active Directory account. If you skim across the net you will not find an official fix for this problem. However the issue is known by the manufacturer and if you want an official fix then you will need to open a support case with them. The specific problem occurs when users have changed their Active directory password on their mobile device. When users enter their new password their account will get locked. Continue reading Common Fixes for iOS and Exchange Server

The Exchange team at Microsoft must not sleep, because once again they have taken one of my favourite tools, and made it better. The Remote Connectivity Analyzer, which by now we all know and love, has a new feature added into it for analyzing SMTP headers called the Message Analyzer, and while it is branded as being in beta, and you might think it’s only useful for Exchange or Office 365, it’s a great tool you can use today whether or not you use Exchange or live in Microsoft’s cloud. Continue reading Troubleshooting Headers with the Remote Connectivity Analyzer

Any organizations spend a considerable amount of time, resources and dollars to secure the perimeter of their organization’s network. When it comes to email, however, the same fervor that came with ordering firewalls, intrusion detection and prevention systems, web application firewalls, penetration tests, end point security and even data encryption comes up short when email security is concerned.

From the network security expert’s point of view the mail servers exist behind the firewall or in the DMZ so they are secured as much as they need be. The operating systems are patched and the machines are running anti-virus software with the latest signature database so what more could you ask for? Anti-spam filtering? No need for anything more than a list of words to filter and domains to block right? After all, spam is dead.

Its unfortunate, but true, that a majority of managers and executives understand security threats when they are glamorized or newsworthy. Anonymous launching a large scale distributed denial of service attack against major credit card companies make the mainstream news so what do people look for? Ways to prevent DDoS attacks from taking down their business web site. Social networking accounts are compromised so what is the immediate reaction? Two-factor authentication becomes the silver bullet.

But when you look at the root of most of the recent attacks, email is the source. Whether the attack tricked a user into giving up their login credentials, or an attachment loaded malware onto the victim’s computer odds are an email message was used to deliver the payload.

If you find that you are having trouble getting your bosses to understand the need for greater email security due to a lack of sensationalized news stories, try running these statistics by them to see if they still shrug it off as not important: Continue reading Email Security by the Numbers

I work a lot with customers who are migrating from non-Microsoft mail platforms to Microsoft based ones, be that Exchange Online in Office 365 or on-prem. One of the interesting differences that comes up a lot for customers migrating is the difference between Exchange/Outlook and Domino/Notes and how shared mailboxes are handled. It’s a learning curve and big change for many companies that use shared mailboxes for customer service, sales inquiries, and other purposes, and interestingly enough, the default way that Domino/Notes handles sent and deleted items actually seems to be the more intuitive choice when compared to how Exchange/Outlook handles them. Continue reading Troubleshooting Shared Mailboxes and Sent Items

For the email administrator in a small to medium sized organization, a request for e-Discovery can bring about a great deal of stress. Large companies often have a legal team and personnel dedicated specifically to this process. But for a smaller company, this can be rather intimidating.

e-Discovery, for those who are unfamiliar with the term, is the initial phase of litigation where parties in dispute are required to provide information, records and any other evidence relevant to the case. In today’s world, where electronic storage of documents and electronic communication is the norm, e-Discovery is important because it deals with all of the documents, spreadsheets, database records, multimedia and email that was produced and is stored electronically.

When it comes to providing email messages, things can get a bit trickier. The request for these records can be quite expensive and extremely time-consuming. The process usually goes as such: Continue reading Is Your Email Ready for e-Discovery?

There’s a new tool out from the Exchange Team that you should know about. It’s a guided walkthrough for troubleshooting public folder replication in Exchange 2003. Yes, that’s right, a tool for a version of Exchange that is in extended support, and should be well on its way to retirement. Why should you care about something for a product that is near the end of its support lifecycle? There’s a couple of reasons actually. If you have any Exchange 2003 still in your environment, read on. Continue reading New Tool For Troubleshooting Exchange 2003 Public Folder Replication

Microsoft Exchange Server users will oftentimes check their email through their mobile devices such as Droid or iPhones. Unfortunately Microsoft considers these mobile devices to be third party devices that use the Exchange ActiveSync technology to synchronize their mailboxes with the Exchange Server. And since these smart phones are not intellectual property owned by Microsoft then they are also not licensed by Microsoft, which creates a support problem. Although Microsoft can help fix problems between Exchange Server and smart phones they are not contractually required to. And therein lays the problem.

Cell phone manufacturers routinely issue updates at various times throughout the year to fix certain problems.  Of course it is up to the users and administrators to make sure their software and their devices are up to date. Sometimes we miss an update, discover we have a problem, log a call into support and then find out that an update released months ago would have easily avoided our current problem. That’s why it is important to maintain an updated device.

Updates should never be viewed in a negative way.  Updates are what help improve the user experience, which is the ultimate goal. One of the first questions good support people will ask is “what release or version are you running on your Exchange Server Software”. Continue reading ActiveSync and Mobile Device Issues

Exchange Server has many features, many of which are extremely valuable to users. In order to utilize these features, it’s important to understand what the users are going to be using most often and what they will not.  As some features are useful to users, they will be used the most, while others not as much. Understanding this will help System Administrators to improve system performance as well as user experience for the most frequently used features.

In almost all business environments that have an Exchange server, the creation and scheduling of meeting requests will be one of the most often used features. Meeting requests are a key part of the infrastructure of any business that utilizes this form of communication. As a System Administrator it is your responsibility to ensure that these features are always working correctly.  And when an issue arises within the scope of the Exchange Server environment it is your responsibility to fix it as efficiently as possible. Most recipients of a meeting request will also receive a reminder; but that may not be a part of the original meeting request configuration setting.

Consider the following scenario:

• You create a meeting request in Microsoft Outlook.
• You configure Outlook not to send reminders. For example, you set the Reminder status to None in Microsoft Office Outlook 2007.
• You send the meeting request to a recipient.
• The mailbox for the recipient is hosted on Microsoft Exchange Server 2007 or Microsoft Exchange Server 2010.

In this scenario, a reminder is set to the default value of 15 minutes when the recipient receives the message.

Although this isn’t a critical error and doesn’t involve any system downtime, it is still an error because we have not initiated this action to occur. Good System Admins have complete control over their system and will usually want to correct this as soon as possible. Even simple problems such as unwanted reminder notices can become issues when users begin to complain. This is another reason to correct these problems as soon as they occur.

To resolve this particular issue we are going to set up a simple file containing code that will allow us to change the default settings on our Exchange Server. This code will completely turn off reminders on appointments made through the system. To undo this fix simply change the values of the following code from “false” to “true”.

The following steps will provide you with a resolution to this issue within Exchange 2007, 2010, and 2013. You will need a word editor such as notepad to save the code as a “.config” file.

Exchange Server 2013

1. Start Notepad.
2. Type the following in the Notepad file:

• <?xml version=”1.0″ encoding=”utf-8″ ?> <configuration>  <storeDriver>   <parameters>    <add key=”AlwaysSetReminderONAppointment” value=”false” />   </parameters>  </storeDriver> </configuration>

1. Click File, and then click Save.
2. In the File name box, type StoreDriver.config.
3. In the Save as type box, click All Files.
4. Save the file in the %ExchInstallFolder%\bin folder.
5. Restart the Microsoft Exchange Mailbox Transport Delivery service.
6. Repeat steps 1 through 6 on all Exchange 2013 servers that have the Hub Transport role.

Exchange Server 2010

1. Start Notepad.
2. Type the following in the Notepad file:

• <?xml version=”1.0″ encoding=”utf-8″ ?> <configuration>  <storeDriver>   <parameters>    <add key=”AlwaysSetReminderONAppointment” value=”false” />   </parameters>  </storeDriver> </configuration>

1. Click File, and then click Save.
2. In the File name box, type StoreDriver.config.
3. In the Save as type box, click All Files.
4. Save the file in the %ExchInstallFolder%\bin folder.
5. Restart the Transport service.
6. Repeat steps 1 through 6 on all Exchange 2010 servers that have the Hub Transport role.

Exchange Server 2007

1. Install the latest Exchange Server 2007 service pack on the Hub Transport servers. For more information about how to install the latest Exchange service pack or update rollup
2. Start Notepad.
3. Type the following in the Notepad file:

• <?xml version=”1.0″ encoding=”utf-8″ ?> <configuration>  <storeDriver>   <parameters>    <add key=”AlwaysSetReminderONAppointment” value=”false” />   </parameters>  </storeDriver> </configuration>

1. Click File, and then click Save.
2. In the File name box, type StoreDriver.config.
3. In the Save as type box, click All Files.
4. Save the file in the %ExchInstallFolder%\bin folder.
5. Restart the Transport service.
6. Repeat steps 1 through 7 on all Exchange 2007 servers that have the Hub Transport role.

These steps are taken from Microsoft’s support page right here: http://support.microsoft.com/kb/945854

The reason why this condition occurs is because of an internal bug with the HUB Transport service. This happens because the transport service was configured for AlwaysSetReminderONAppointment and on all HUB transport role servers this attribute is set by default.