Exchange / Outlook

Fixed: The Active Directory schema isn’t up-to-date, and this user account isn’t a member of the ‘Schema Admins’ and/or ‘Enterprise Admins’ groups.

Setting Primary Group to Schema Admins

Attempting to run an Exchange CU update on a server this morning and the server kept giving “The Active Directory schema isn’t up-to-date, and this user account isn’t a member of the ‘Schema Admins’ and/or ‘Enterprise Admins’ groups” error message when attempting to run setup.exe /Prepareschema /IacceptExchangeServerLicenseTerms as a pre-requisite installation step. My user account was a member of both of the groups but the error still occurred.

Changing the accounts primary group in Active Directory by selecting the Member Of tab and then selecting the Schema Admins group and selecting Set Primary Group, logging off and back on again led to the setup process completing successfully.

Don’t forget to set it back after the installation has completed.

Retrieve Mailbox Migration errors for Office365

When you have a lot of mailboxes to migrate, Microsoft’s provided method of viewing the errors involves a tedious amount of clicking by logging into the portal, selecting Exchange, Migration, View details, scroll down to find a failure, select the user, click view details.

Viewing Migration status in Office365

 

Rather than use the tedious method of going into the details, selecting a user and then viewing details, run the following powershell script (once connected using the previous office365 connection script)

get-migrationuser -status failed  | get-migrationuserstatistics | select identity,emailaddress,recipienttype, error,bytestransferred |export-csv c:\temp\migrationstatus.csv

I also have a simple loop that gets me the status once an hour. Obviously change the email address’s appropriately.

while (1)
{
$a=(get-migrationuser | out-string)
send-mailmessage -to [email protected] -subject “Company Migration Stats” -from [email protected] -smtpserver my.mailserver.com  -body $a
start-sleep -seconds 3600
}

Would/Should you block linkedin to your Exchange Server?

Apparently Linkedin now have a feature that allows users to provide their corporate passwords to a third party so the users can then send invites to other people in their office.  I really don’t see how this can Be A Good Thing 😉 – Paul Cunningham has a post on ExchangeServerPro on this feature and links to Adam Fowler’s post on how to block LinkedIn to Exchange. This is interesting as we’ve also seen this issue with Verizon doing something that we expect is screenscraping to provide email information to phones. Admittedly this was a while back but we have found it hitting the Exchange server so it will be interesting to see if this successfully blocks the server.

In a meantime, maybe it’s time to not only educate LinkedIn that this is a really bad idea but also your corporate users.

For what it’s worth the solution is to do the following:-

There are a few settings to check. First, under the Set-OrganizationConfig area, you’ll need to check that EwsApplicationAccessPolicy is set to ‘EnforceBlockList’. If it’s not, it’s going to be “EnforceAllowList” and you’re probably OK, as it’s using a whitelist for access to only what’s listed rather than a blacklist, to only block what’s listed.

Next, you need to add LinkedIn into the BlockList. This is done with the command “Set-OrganizationConfig -EwsBlockList LinkedInEWS

Fixed:Corrupt contacts in outlook but they appear ok on phone.

Had a weird problem this morning with a user that had issues with incorrect data appearing in their outlook contacts. When you looked at the contacts in Outlook 2007, the Full Name was typically somebody else, yet the email address and name displayed in Outlook would be correct. Occasionally things like company name would appear incorrect. Looking at the phone, the data looked correct however the phone typically does not seem to use all of the fields that outlook2007 displays.
When I looked at the contacts within OWA the data looked ok. In OWA I changed the middle name on one of the corrupted contacts (although it looked correct in OWA) and then switched back to Outlook – the contact was now showing the middle name as expected, but the rest of the data was also coming across correctly. I took out the middle name within OWA and sure enough Outlook removed the middle name too and the contact was now correct.
The next stage was just to open the contact in OWA and hit save and close. This fixed the contact in Outlook too. I have no idea why this issue occured, and thankfully there are not *too* many contacts to open (only 170 in total) but just opening and then doing a Save and Close fixes the issue.
It will be interesting to see if this issue reoccurs.

Fixed – Archive options missing in Outlook 2007 and send/receive issues

We had a weird issue this morning where the Archive options were missing in Outlook 2007. This is apparently a known issue with the kb2412171 December 14, 2010 outlook update which allegedly improves stability. It is hard to see how removing functionality, breaking send and receive and reducing performance when you switch folders comes under the category of improving stability and increasing performance.
Thankfully the solution is simple, just remove 2412171 from add/remove programs and everything should go back to normal.
Further details on the patch are also available which includes the known issues when installing 2412171.
Needless to say, we have unapproved this patch on our WSUS servers.

Cost for bulk uploading to Microsoft’s Exchange Hosted Archive

As part of our investigations into hosting mail online using Microsoft Exchange Hosted services I have spent several hours on the phone with several companies to obtain prices and quotes. A couple of companies are out of the running as they didn’t bother to return my calls and although Microsoft were helpful, they just did not get it.
One of their offerings is email archiving. Every email sent and received, both internally and internally is copied to the archive service which is then searchable for ediscovery or just in case you can’t find that one email you know you received way back when. The only downside with this is the old email currently sitting on the exchange server that would not be searchable. However according to the Buy Microsoft Exchange hosted Services, “”You may bring historical data into the archive for a one-time charge, which is priced per GB”
As you can purchase the standard archive service from Microsoft and the same page contains prices for this service, it makes sense that Microsoft would be able to provide costs for this data import. About 2 hours on the phone later I realised that Microsoft unfortunately do not have a clue and nobody was able to give me a straight answer or even a ballpark figure. I was bounced around to several departments until eventually someone said that this service is purchased through the reseller channel. This doesn’t really make sense as the BPOS service itself can basically be purchased direct so why not the data import?
Our reseller is Ingram Micro, but their price list is only available to people with an account – useless for a tech like me who is trying to get some data together. However, CDW came to the rescue and this service is available by purchasing the “Microsoft Exchange Hosted Archive Historical Data Load at a cost of $60 per user (not per GB as in the original Microsoft documentation). The part number is 74P-00053. If you have an Enterprise Select agreement the part number is 74P-0059 but the price is still the same.

I’m not sure why Microsoft can’t give this price in the original web page and say to contact your normal reseller for more information.
Once the order has been placed there are more hoops to go through to get the data sent to Microsoft. The data can apparently be ftp’d to Microsoft – I’m hoping this is actually secure ftp – but as most users are going to have many Mb’s or Gb’s of data the normal scenario is to put the data onto a USB drive. I was pleased and also surprised to see they support Truecrypt. For more details of the process, continue to read the rest of the entry.

BPOS active Directory Synchronization does not work on 64bit or domain controllers.

Thinking about BPOS to host the exchange mail for your small office? – I discovered a small gotcha this afternoon but first a couple of thoughts in our recent experiences between Google Apps and Microsoft BPOS.

We’ve had several requests from clients to host their email in the cloud using services like google apps or Microsoft Hosted Exchange. Our first deployments were with google apps due to the lower cost per year, but as we’ve found out the support from Google is severely lacking.  We had a peculiar issue where one users email sent through outlook would get marked as spam all the time, yet if they used the gmail web interface and sent exactly the same content the mail would get sent with no problems.  The service that marks the destination mail as spam is postini – now owned by Google so it should really be a simple matter of turning over the problem to Google to investigate. Unfortunately Google’s response so our request was basically “thanks – if we feel like getting back to you, we might do – in a couple of days”.   As it turned out, the issue was resolved by deleting the google sync profile and recreating it again.

Contrast this to a Microsoft issue which started off as a pre-sales technical call to get a user id setup and ended up with the gtlv owa issue I blogged about earlier. I had several calls from Microsoft within an hour to work on the issue. They worked really hard to ensure my problems were solved and it almost felt like they were harassing me as they kept following up for a status even though I’d told them a couple of times that I was happy for the case to be closed – I even got a call at 5pm on Saturday afternoon from support – something I’ve not experienced (at least from a end user experience!)

So, after singing Microsoft’s praises – the gotcha.  Microsoft’s Hosted Exchange service has a directory sync service that synchronises AD information to the cloud ready for newly created users and distribution lists to appear in the hosted exchange environment. Unfortunately, according to the Directory Synchronization prerequisites the server needs to be running 32bit AND not be a domain controller.   Unfortunately for small companies just starting out from a peer to peer network and getting their first server (but don’t want SBS2008 for some reason), this first server is very likely to be 64bit (crazy not to nowadays) and also a domain controller – possibly/probably even THE domain controller. Installing a 32bit member server is totally out of the question.   It’s not *that* big a deal as all the information can be created online, but it’s twice the amount of data entry along with the possibility of typos but also every AD change of membership and user creation/deletion now needs to be duplicated online.  For large organizations this is not going to be a problem as they’ll likely have extra servers lying around, but for small businesses this is very unlikely. For very large organizations (ie Universities hosting mail through live.edu) it seems that the AD sync program actually requires extra software functionality with the Identity Lifecycle Manager (ILM) package (however I’m not too familiar with these details just yet)

This is the second flaw in Microsoft’s online feature list that extols the virtues of Microsoft vs Google that I’ve found – Active Directory synchronization is not always possible and the other is the benefit of not having to download an application to synchronize data from outlook to the cloud/google – fair enough a client doesn’t have to be downloaded for that application but instead a single signon client needs to be downloaded to prevent the various Microsoft apps asking for the password multiple times. I did think that was the whole point of the “save password” option is for in the outlook and browser applications!

I was also really surprised that the Exchange online is not running Exchange2010 – the Outlook Web App is so much nicer in 2010 compared to 2007 – as I run Outlook 2010 at home and Exchange2010 in the office I’m spoilt (but I still need Office 2010 on the work laptop – thats hopefully coming real soon)

Fixed – ‘gtLV’ is null or not an object when replying to an email from OWA

I was getting the “‘gtLV’ is null or not an object” message when I replied to an email using our Microsoft Online Hosted Exchange email account. Ironically enough, the problem would always occur when I replied to a new email from a Microsoft support engineer. The email would go through but I would get the ” ‘gtLV’ is null or not an object” error message popup on the screen. If I replied to the email again the problem would not occur. A very similar message can be seen in the Microsoft Exchange Server forums where I also posted the provided solution.

After many emails to the very patient support tech at Microsoft (as I would reply and then send an email to let him know if the reply worked or not) we escalated the ticket and I got back the following resolution.

1. type regedit on command prompt or run
2. go to: HKCU\Software\Microsoft\Internet Explorer\Main
3. create TabProcGrowth (string or dword) and set the value to 0

This solution worked for me.  From what I can see at the ie8blog this has the side effect of reducing the protectedmode protection and I think the browser tabs use the same process rather than running in seperate processes.  This is a slight downside, but I doubt many users will care – they’re more than happy to have OWA working.

Archive mailbox missing in Outlook 2010 – fixed

If you’re lucky enough to already be running Outlook 2010 and Exchange 2010, then you may have spotted your archive mailbox is missing in the newly released Office2010. There was a bug that is strangely fixed by obtaining a new key from Technet and reentering it from appwiz.cpl, office 2010, change, change product key.  I’m not sure why it took so long for the product key to be changed on my machine (about 3 or 4 minutes) but sure enough, after restarting office the mail archive box was back.Thanks to Henrick Walther blog for the heads up.

In my case, there is not a lot in it as we’ve only just switched over to Outlook with Exchange 2010 so there is not a lot of old mail. However I’m already 3/5 of the way through my quota.  With no archiving policies set up yet (and office 2007 on the work laptop) the manual housekeeping is going to be a pain.