Google
Search WWW Search msexchangetips.blogspot.com

Monday, January 31, 2011

Exchange 2010 Mailbox Move An error occurred while updating a user object after the move operation. --> The value 'HTTP§1§1§§§§§§' is already present

When performing a cross forest mailbox move using the new-moverequest, the mailbox move fails at the completing stage when viewing in the move request in the EMC. When you open the move request for the user in the details tab you see the following error.

Error details: An error occurred while updating a user object after the move operation. --> The value 'HTTP§1§1§§§§§§' is already present in the collection.

Resolution: Delete the protocolsettings using adsiedit for both the source and target user.

1. Open adsiedit.msc from run command on source DC
2. Locate your user in the domain partition
3. Locate attribute protolsettings and delete all values
4. Repeat steps for target user in target domain
5. Resume the failed mailbox move


James Chong
MCITP | EA | EMA; MCSE | M+, S+
Security+, Project+, ITIL
msexchangetips.blogspot.com

Wednesday, January 26, 2011

ActiveX component can't create object: 'ADMT.Migration'

When attempting to set exclusions or add exclusions on ADMT you receive the following error:

C:\Admin\scripts\ADMTExclusion.vbs(1, 1) Microsoft VBScript runtime error: Activ
eX component can't create object: 'ADMT.Migration'


Resolution:

Run the command from the C:\Windows\SysWOW64> directory.

C:\Windows\SysWOW64>cscript c:\admin\scripts\admtexclusion.vbs
Microsoft (R) Windows Script Host Version 5.8
Copyright (C) Microsoft Corporation. All rights reserved.


James Chong
MCITP | EA | EMA; MCSE | M+, S+
Security+, Project+, ITIL
msexchangetips.blogspot.com

Exchange 2010 New Forest Migration Provisioning Distribution Lists

Exchange 2007 and Exchange 2010 have the ability to provision mailbox enabled users. What about Exchange Distribution Lists? Previous options were to use a third party migration suite or powershell or even LDIFDE. As you noticed ADMT 3.2 by default does provision or create Exchange Distribution Lists. If you use ADMT 3.2 to migrate a Distribution List, it will get migrated to the target forest but as a flat AD group only. Exchange is unware of this group being a Distribution Group. In order for ADMT 3.2 to provision this as an AD group you have to prevent ADMT 3.2 from exluding Exchange attributes during the migration.

Create a new notepad file and name it ADMTexclusion.vbs and enter the lines below.
Set objMig = CreateObject("ADMT.Migration")
objMig.SystemPropertiesToExclude = ""

Then run the file on your ADMT server:

C:\Windows\SysWOW64>cscript c:\admin\scripts\admtexclusion.vbs

Caveats: ADMT excludes Exchange attributes by default to prevent issues with provisioning mailbox users prior to Exchange 2010 SP1. So ensure that you're on SP1. To get additional details read article below. Also note that even though you provision the DL with ADMT it will not bring over all the attributes such as send restrictions, hide from GAL etc.

Exchange 2010 Cross-Forest Mailbox Moves
http://msexchangeteam.com/archive/2010/08/10/455779.aspx


James Chong
MCITP | EA | EMA; MCSE | M+, S+
Security+, Project+, ITIL
msexchangetips.blogspot.com

IIS7 Application Request Routing and Outlook Anywhere 2010?

Is it possible to use IIS7 ARR as an alternative reverse proxy in lieu of UAG\TMG? From testing, I was able to get it to work but had to pan out some key issues.

After setting ARR up to point to my CAS servers, OA did not connect.

The issue was with IIS7 default 30MB HTTP request limit. The IIS trace logs show that Outlook is trying to send 1GB (1073741824 bytes) of data and getting 404.13 Content length too large. Note this is an empty mailbox. Once we up this to this value it works. The request is always sending exactly this much data which MS thinks it could actually an error code in the bytes field and not actually the bytes. 1073741824 also represents “unknown error condition” code. Highly unlikely it’s sending 1GB since the IIS logs on the Exchange server do not show this. Theory is that ARR is running into some error condition trying to process rpc over http requests.



James Chong
MCITP | EA | EMA; MCSE | M+, S+
Security+, Project+, ITIL
msexchangetips.blogspot.com

Tuesday, January 25, 2011

Exchange Powershell "Cannot save changes made to an item to store"

When running the following powershell command you receive the "Cannot save changes made to an item to store"

[PS] C:\Windows\system32>Get-Mailbox -Server "dcexmailp02" |
Set-CalendarProcessing -ProcessExternalMeetingMessages $true
Cannot save changes made to an item to store.
+ CategoryInfo : NotSpecified: (14:Int32) [
Set-CalendarProcessing], QuotaExceededException
+ FullyQualifiedErrorId : DF365789,Microsoft.Exchange.Management.StoreTasks.
SetCalendarProcessing

In additional if you run:

[PS] C:\Program Files\Microsoft\Exchange Server\v14\Scripts>Get-Mailbox
| Set-CalendarProcessing -ProcessExternalMeetingMessages $true
Cannot save changes made to an item to store.
+ CategoryInfo : NotSpecified: (21:Int32)
[Set-CalendarProcessing], QuotaExceededException
+ FullyQualifiedErrorId : DEBD37F4,Microsoft.Exchange.Management.StoreTasks.
SetCalendarProcessing

Resolution: You have a mailbox that has a quota of 0 set. In this case, I had configured a mailbox with a 0 send\receive limit for users to use to check Freebusy times during migration coexistence and prohibited the account from sending\receiving email.

James Chong
MCITP | EA | EMA; MCSE | M+, S+
Security+, Project+, ITIL
msexchangetips.blogspot.com

Monday, January 24, 2011

5.4.6 Hop count exceeded - possible mail loop - Forest Migration

After you perform a cross forest mailbox move, the user is able to send emails, but cannot receive. You receive the following NDR.

Delivery has failed to these recipients or groups:
Bob Smith (bsmith@company.com)
A problem occurred during the delivery of this message. Please try to resend the message later. If the problem continues, contact your helpdesk.
The following organization rejected your message: mail.company.com.





Diagnostic information for administrators:
Generating server: exchangeserver.corp.dom
bsmith@company
mail.company.com #554 5.4.6 Hop count exceeded - possible mail loop ##


Resolution: Disable the mailbox and reconnect.


James Chong
MCITP | EA | EMA; MCSE | M+, S+
Security+, Project+, ITIL
msexchangetips.blogspot.com

Tuesday, January 18, 2011

Cannot create mail enabled user because an existing object with type already has the same proxy addresses/MasterAccountSid.

When provisioning an MEU using the Prepare-MoveRequest.Ps1 script you receive the following error:

[PS] C:\Program Files\Microsoft\Exchange Server\V14\Scripts>.\Prepare-MoveRequest.Ps1 -Identity "CN=mbperm1,OU=office,D
=ipcfcdom,DC=inphonic,DC=com" -RemoteForestDomainController "dcfcdc03.ipcfcdom.inphonic.com" -RemoteForestCredential $R
mote -LocalForestDomainController "eqdcp01.corp.dom" -LocalForestCredential $Local -TargetMailUserOU "OU=office,DC=corp
DC=dom" -uselocalobject -overwritelocalobject
The operation couldn't be performed because object 'corp.dom/Office/mbperm1' couldn't be found on 'EQDCP01.corp.dom'.
+ CategoryInfo : NotSpecified: (:) [Get-Recipient], ManagementObjectNotFoundException
+ FullyQualifiedErrorId : 4A3D86A8,Microsoft.Exchange.Management.RecipientTasks.GetRecipient

C:\Program Files\Microsoft\Exchange Server\V14\Scripts\Prepare-MoveRequest.ps1 : Cannot create mail enabled user becaus
e an existing object with type already has the same proxy addresses/MasterAccountSid.
At line:1 char:26
+ .\Prepare-MoveRequest.Ps1 <<<< -Identity "CN=mbperm1,OU=office,DC=ipcfcdom,DC=inphonic,DC=com" -RemoteForestDomainCo
ntroller "dcfcdc03.ipcfcdom.inphonic.com" -RemoteForestCredential $Remote -LocalForestDomainController "eqdcp01.corp.do
m" -LocalForestCredential $Local -TargetMailUserOU "OU=office,DC=corp,DC=dom" -uselocalobject -overwritelocalobject
+ CategoryInfo : NotSpecified: (:) [Write-Error], WriteErrorException
+ FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Prepare-MoveRequest.ps1

The reason is you used ADMT and didn't exclude the necessary exchange attributes. Therefore prepare-moverequest fails to merge to the existing object brought over by ADMT. The provisioning script must match 3 attributes: Proxyaddresses, mail and mailnickname. You must have all 3 attributes set in order for the script to match and merge the MEU then excluse all other Exchange attributes.

You must script the move to stop the exclusion of some core exchange attributes. The link below shows a sample script. You would then need to append the following lines.

Create a new notepad file and name it ADMTexclusion.vbs and enter the lines below.
Set objMig = CreateObject("ADMT.Migration")

objMig.SystemPropertiesToExclude = "homeMDB, homeMTA, showInAddressBook, msExchHomeServerName, msExchRecipientTypeDetails, msexchrecipientdisplaytype msExchMailboxSecurityDescriptor, msExchMDBRulesQuota, msExchPoliciesIncluded, msExchUserAccountControl, msExchVersion, mdbusedefaults"

Then run the file on your ADMT server:


C:\Windows\SysWOW64>cscript c:\admin\scripts\admtexclusion.vbs

Migrating All User Accounts
http://technet.microsoft.com/en-us/library/cc974368(WS.10).aspx


Another option is to use ADMT to bulk move\seed them without any attributes, then use either powershell or old friend ADModify to bulk update the proxyaddresses, mail and mailnickname. Typically you would use %'samaccount'% as the variable to fill in these attributes.

Finally you can just provision the account using Prepare-MoveRequest.ps1 first then use ADMT.



James Chong
MCITP | EA | EMA; MCSE | M+, S+
Security+, Project+, ITIL
msexchangetips.blogspot.com
xml:lang="en" lang="en"> MS Exchange Tips: January 2011