Users Are Unable to Use Activesync After Migration from Exchange 2007 to Exchange 2010


At a recent customer, we ran into an issue where a set of users were migrated from Exchange 2007 to Exchange 2010.  All of the users activesync worked without issue, but one user was unable to connect.  No matter what we tried, he would get”unable to connect to server” on his phone.  We checked the activesync logs, would see an initial connection but then nothing else.

Checking the event logs of one of the CAS servers, we found error event ID 1053: “Exchange Activesync doesn’t have sufficient permissions to create the container under Active Directory User”Untitled

So I opened Active Directory Users and Computers, selected View-Advanced Features:


Then I opened the user account, went to to the security tab->;Advanced:


Here, the “Include inheritable permissions from this objects parent” was UNCHECKED:


I checked this box, hit apply, and boom active sync started working. Since this account was not a domain admin and just a standard user account, this was unexpected.

Posted in ActiveSync, exchange 2007, Exchange 2010, Threat Management Gateway | Tagged | 2 Comments

Configuration Exchange 2010 DAG Replication for use with WAN Acceleration


If you using WAN acceleration devices such as Silverpeak’s, Riverbed’s or Citrix Branch Repeater’s, and are sending Exchange 2010 replication traffic through them, there are some changes you should make to ensure that you are getting the best utilization out of these devices. 

By default, Exchange 2010 comes set with NetworkCompression and NetworkEncryption set to InterSubnetOnly


You can see this by running the command:

Get-DatabaseAvailablityGroup –Identity DagName –Status | FL

This means that Exchange 2010 will encrypt and compress the replication network traffic across sites.  Since the WAN accelerators cannot unencrypt the data, it cannot reduce the traffic.  If we disable these two options and let the dedicated WAN accelerators handle the reduction, we’ll get much better utilization.

You want to run the command:

Set-DatabaseAvailabilityGroup –Identity DagName –NetworkCompression disabled –NetworkEncryption disabled

Check the DAG with the Get-DatabaseAvailabilityGroup command and the settings should be changed:


Posted in Exchange 2010 | Tagged , | 1 Comment

Outlook Rules Are Not Working After Moving a Mailbox From Exchange 2010 to Exchange 2007


Recently had an issue with a customer who was in the middle of an Exchange 2007 to Exchange 2010 migration.  After moving some test users, there was a bug exposed with a separate vendor’s (not Microsoft Exchange) unified messaging system.  The UM vendor needed to apply a patch that had to be scheduled for a later date.  The bug prevented users from receiving Voicemails on their desk phones and being able to call in and check their VM’s.

As a workaround, we moved the users who had been migrated to Exchange 2010, back to Exchange 2007.  After the move, the UM worked fine, but the users rules were broken, all except for Client Side rules.

Turns out it is a bug with Exchange 2007 SP3, that is resolved in Exchange 2007 SP3 RU7 available here:

The workaround (not recommended) is to run isinteg on the specified database that contains users having the issue.  This is ONLY if you do not want to install the update.  Below is the specific KB page regarding the issue:

Posted in Uncategorized | Leave a comment

Creating an Exchange 2010 DAG Fails with “Access Denied–Server Side Error”


Just a quick blurb today.  Was working on setting up a cross site DAG with a customer today.  Kept getting an issue where when we tried to add two existing mailbox servers to the DAG, both would fail with an “access denied” error:


A server-side database availability group administrative operation failed. Error: The operation failed. CreateCluster errors may result from incorrectly configured static addresses. Error: The Cluster service couldn’t access the Microsoft Failover Cluster Virtual Miniport network adapter. Verify that other network adapters are working and check Device Manager for errors associated with this adapter. If the configuration for this adapter has changed, you may have to reinstall the Failover Clustering feature on this computer. Learn more at Error: 1062. —> Microsoft.Exchange.Cluster.Replay.DagTaskNetFtProblemException:

Turns out, in the past, this customer had wiped out their local administrators on the Exchange servers with a group policy run amuck!  They added things like Domain Admins in, but didn’t add in “Exchange Trusted Subsystem”.  We added that in, DAG creation worked like a charm. 

Posted in Uncategorized | Leave a comment

Exchange 2010 Cluster Loses Quorum and Unexpectedly Fails Over Databases


I was working on a client’s Exchange 2010 setup, working on a specific issue.  The client had a multi site stretched DAG across two datacenters.  One datacenter was the “primary”, and then they had a second disaster recovery datacenter.  In the primary datacenter they had two mailbox servers, MBX01 and MBX02 each with a copy of the database, and the secondary had a single mailbox server, DRMBX03 with a copy of the database.

The client was experiencing an issue where databases would suddenly failover within the primary site from MBX01 to MBX02, and report that the cluster lost quorum. 

I took a look at the cluster log, which can be generated by running the command:

Cluster log /g /copy:LogFolder /span:120

The span entry specifies the amount back in minutes that the log is generated for.  Just a hint, if you run this from the root of the C: drive, it will copy the logs to the C:\LogFolder location.

Within that folder you’ll find a separate log for each of the servers in the DAG, in our case MBX01, MBX02 and DRMBX01:


When I opened the logs, I began to see 1226 and 1236 errors in the log:




These errors are specifically handled by the following hotfix for 2008 R2 Failover Clusters (which is what Exchange 2010 runs on top of):

These were recently released and talked about by the Exchange Team, along with these two other hotfixes:

After applying each of these hotfixes to EACH and EVERY single DAG node and rebooting, the issue was resolved.  These hotfixes are recommended to ANYONE running Exchange 2010 on 2008 R2, regardless if your seeing the issues or not.

Posted in Uncategorized | 1 Comment

How to Import Users via CSV in Exchange 2010

Create an csv file with the necessary information across the top row of the file as such:


The top row is going to coordinate with the S_.value that you are going to use in the following Exchange Shell command:

Import-CSV “C:\Mailboxes.csv” | foreach {new-mailbox –Name $ –Alias $_.alias –UserPrincipalName $_.userprincipalname –Database $_.Database –OrganizationalUnit $_.organizationalunit –password (ConvertTo-SecureString $_.password –AsPlainText –force)}


And you should see the mailbox’s created below:


That’s it.  You can see how the values map with their respective column names.  You can add as many users as you want, and change it so they go to different database’s.

You can even create an automated job to export from your production servers, and them import them to your DEV Exchange Servers for testing. 

Posted in exchange 2007, Exchange 2010 | Tagged , , | 8 Comments

How to View Disconnected Mailbox’s and Purge Disconnected Mailboxes from Exchange 2010


To view disconnected mailbox’s, essentially mailboxes that have been deleted from their user accounts, you need to first ensure that Exchange has gone through and cleaned the database.  This is done to ensure that it marks that mailbox as deleted.  If your database is MDB36, run the following command:

Clean-MailboxDatabase MDB36


Exchange gives no result from the command.  But now you can view Disconnected mailboxes through the “Disconnected Mailbox” view in the EMC:



You can also view it in the shell by running the following command:

Get-MailboxStatistics –Database MDB36 | where {$_.disconnectdate –ne $null}


And you will receive the following output:


By default, Exchange 2010 keeps disconnected mailbox’s in the DB for 14 days.  But say you want to remove this mailbox now and return it’s white space to use in the DB.  You need to remove the mailbox from the shell. 

You can do this by getting the GUID for the mailbox by running the command:

Get-MailboxStatistics –Database MDB36 | where {$_.disconnectdate –ne $null} | select displayname,MailboxGUID


And you will receive the following output:


Now run the following command to remove the mailbox:

Remove-Mailbox –Database MDB50 –StoreMailboxIdentity 7b40b106-5941-4de0-9fce-27ede21c474e


You’ll receive a confirmation prompt, just accept it, and your all set:



Posted in Exchange 2010, High Availability | Tagged , | Leave a comment