Archive

Archive for the ‘Exchange 2013’ Category

Lync 2013 Client crashing after sign-in

I have got an issue with one particular user, whenever he sign into the Lync 2013 desktop client it signs in but then the Lync client locks up and crashes with the error below. If any other user logs into the same computer it works perfectly. I can recreate the issue by logging the user into Lync from any Lync 2013 desktop client we have deployed.

 Error : Faulting application name: lync.exe, version: X.X.X.(x.x.x.x), time stamp: 0x52714a81

Solution:

1. Check the latest CU update for lync client has, if not then update lync 2013 with latest CU and check the issue. Refer below link.

Updated: Lync 2013 Cumulative Updates List

2. Disable user from lync control panel wait for 10 minutes and re-enable back and check the issue

3. Remove lync account and recreate from scratch, Follow below steps

  • Log onto FE server, open Lync Control Panel, Remove troubled user
  • Log into an AD server or use the AD snap in > View > Advanced Features > open trouble user account > Attribute Editor Tab > Verify ALL msRTCSIP info is gone
  • Clear some manually records of msRTCSIP  if still any stale records there
  • Open the Lync Powershell, and Run

Update-CSUserDatabase – wait 15 minutes at least (This updates the FE DB with the info in AD)

Update-CSAddressBook – wait 15 minutes (This updates the FE address book with the FE database)

  • Double Check AD msRTCSIP info on user
  • Add user using Lync Control Panel
  • Rerun Update-CSUserDatabase and wait for some time
  •  Update-CSAddressBook, wait for some time
  • Then try to log in again with troubled user account an test
Advertisements
Categories: Exchange 2013

Message Tracking log with multiple Transport Server

There several blog says about how to track email message for multiple HUB transport servers placed after HW LB like F5.

I was doing same and thoug to put here for my reference 🙂 !!!

1: Tracking of message for a subject “”WHAT’S NEW” on a single HUB transport server.

Get-MessageTrackingLog -start “5/8/2014 12:00 AM” -MessageSubject “WHAT’S NEW”-EventID Receive | Select ServerHostName,Timestamp,Recipients

2: Tracking of message for a subject “”WHAT’S NEW” on a multiple HUB transport server.
Get-transportserver HUBSevrer* | Get-MessageTrackingLog -start “5/8/2014 12:00 AM” -MessageSubject “WHAT’S NEW”-EventID Receive | Select ServerHostName,Timestamp,Recipients

2: Tracking of message for a subject “”WHAT’S NEW” on a multiple HUB transport server with ascending timestamp order.
Get-transportserver HUBServer* | Get-MessageTrackingLog -start “5/8/2014 12:00 AM” -MessageSubject “WHAT’S NEW”-EventID Receive | Sort Timestamp | Select ServerHostName,Timestamp,Recipients

Note : Please change HUB server name and time according to your environment.

SSL Certificates Installation for Exchange Server 2013 using local PKI

Managing certificates in an Exchange Server deployment is one of the most important administrative tasks. In Exchange 2013, certificate management functionality is provided in the Exchange Administration Console (EAC), the new Exchange 2013 administrative user interface. In Exchange 2013, the focus is on minimizing the number of certificates that an administrator must manage, minimizing the interaction the administrator must have with certificates, and allowing management of certificates from a central location.

Client Access server certificates:

The Client Access server in Exchange 2013 is a stateless thin server designed to accept incoming client connections and proxy them to the correct Mailbox server

 Mailbox server certificates:

Difference between Exchange 2010 and Exchange 2013 is that the certificates that are used on the Exchange 2013 Mailbox server are self-signed certificates. Because all clients connect to an Exchange 2013 Mailbox server through an Exchange 2013 Client Access server, the only certificates that you need to manage are those on the Client Access server. The Client Access server automatically trusts the self-signed certificate on the Mailbox server, so clients will not receive warnings about a self-signed certificate not being trusted, provided that the Client Access server has a non-self-signed certificate from either a Windows certification authority (CA) or a trusted third party. There are no tools or cmdlets available to manage self-signed certificates on the Mailbox server. After the server has been properly installed, you should never need to worry about the certificates on the Mailbox server.

You can use the following cmdlets to manage digital certificates on an Exchange Client Access server:

  • Import-ExchangeCertificate   This cmdlet is used to import certificates to a server. You can import a CA-signed certificate (to complete a pending certificate signing request (CSR)) or a certificate with a private key (PKCS #12 files, generally with a .pfx extension, previously exported from a server along with the private key).
  • Remove-ExchangeCertificate   This cmdlet is used to remove certificates from a server.
  • Enable-ExchangeCertificate   This cmdlet is used to assign services to a certificate.
  • Get-ExchangeCertificate   This cmdlet is used to retrieve an Exchange certificate based on a variety of criteria.
  • New-ExchangeCertificate   This cmdlet is used to create a new self-signed certificate or a CSR.

——————————————————————————————————————————————–

Here, I am going to update default self-signed certificate of CAS server from Internal PKI Certificate Authority. This server is installed with the Client Access and Mailbox server roles.

Server is located in non internet-facing Client Access server, So I am using internal PKI (CA is installed on local DC) to install the certificate.

Note : If your CAS server is internet facing Client Access Server then you must use third part CA to acquire the SSL certificate like VeriSign, Digicert etc.

In My LAB, I have Server named as below

  • PUNDC01 (Domain Controller, DNS & PKI)
  • PUNMail (Exchange 2013 server with MBX+CAS Role)

Generate Certificate Request:

  1. Login to Exchange Admin Center with Exchange Administrator credential

EAC
2. Click the “+” button to start the new Exchange certificate wizard. Choose to create a new certificate request and click Next to continue.

Certificate1

3. Select “Create a request for a certificate from a certificate authority” and click Next to continue.

CreateNewCert

4.Give the new certificate a friendly name and click Next to continue.

Name

5.Leave Blank and click Next to continue. Although wildcards are supported for Exchange they are not supported for some interoperability scenarios with other server products

Blank

6.Select Exchange Server Name to store the certificate request

6

7.Click the Edit button and enter the domain name that clients will be using to connect to each service, This is dependent upon your organization requirement and naming to access services.

7

8. As I have mentioned, this is non internet facing server so I just used default.

8

9.Here, enter your organization details and click Next to continue.

9

10.Enter a valid UNC path else you will get error as shown below.

10

11.Enter a valid UNC path to store the certificate request file, and click Finish

11

12.Explore the location and make sure “Cert.REQ” file is created. Open file in notepad and verify content.

12

Generate Certificate with PKI:

1.Open CA service Web console using URL http://CAServer/CertSRV and select “Request a Certificate” under select a task

13

2.Select “advanced Certificate Request”

14

3.Open “Cert.REQ” file is which is created in section 11. Open file in notepad copy content and pate. Make sure no blank space is left. Select Template “Web Server” and hit to “Submit”

15

4.Select “DER encoded” and download the certificate

16

5.Open certificate and verify SAN Name

17

Assign Certificate to Exchange Server:

Go Back to Exchange Admin Center and click on The pending certificate request. Select certificate and assign it to server.

19

You are done now !!!! 🙂 🙂

For more details, click here

Categories: Exchange 2013

DsGetSiteName failed: Status = 1919 0x77f (Installing Exchange 2013 SP1)

April 18, 2014 1 comment

I ran Exchange 2013 SP1 Setup in my LAB from a windows 2012 member server, received the following error message at the Readiness Checks dialog box:

“The Computer does not belong to a valid active Directory site. Check the site and subnet definitions”.

1Readiness Checks Error

Used Nltest.exe utility with the nltest /dsgetsite option, the Nltest.exe utility generated the following output:

DSGetSiteName failed: Status = 1919 0x77f ERROR_NO_SITENAME

2Error

To resolve this issue, I have followed below steps to make sure my windows 2012 Member server is healthy and part of valid site

  1. Check the DNS settings on the member server is pointed to valid internal DNS servers.

To change the DNS settings:

  1. Right-click My Network Places, and then click Properties in the shortcut menu to open the Network and Dial-up Connections dialog box.
  2. Right-click Local Area Connection, and then click Properties in the shortcut menu.
  3. Click Internet Protocol (TCP/IP), and then click Properties.
  4. Change the preferred DNS server.

     2. Check the AD replication is working properly between your domain controller. Push a force replication.

How to do force replicate between Domain Controller :  http://technet.microsoft.com/en-us/library/cc816926(v=ws.10).aspx

  1. I ran the “NLTest” command for member server agai and see its working fine now.

3

4.  In few cases if you are not part od AD team and above setting does not help the issue, you can manually change the netlogon settings in member server for site name and fix as a work around.

From regedit, drill down the following:

HKLM\System\CurrentControlSet\Services\Netlogon\Parameters

Once you click Parameters, add a string word called “SiteName

Add the current site name to the entry and exit regedit.

Run command “nltest /Server:punlync2010 /dsgetsite” and verify output

Categories: Exchange 2013

MS Announce official death of Exchange Server 2003

Exchange2003

Categories: Exchange 2013

Microsoft Diagnostics Services—Self-Help

November 30, 2013 Leave a comment

The “Fix it Center Pro” name and its associated portal is retired now and are replaced by the Microsoft Diagnostics Services—Self-Help portal. The new portal is an automated troubleshooting service from Microsoft. This service can help make it easier to identify solutions to problems with Microsoft applications. Microsoft Diagnostics Services—Self-Help uses targeted analysis to scan your system to identify and resolve specific problem areas. The analysis sessions scan your system to identify solutions for specific problem areas. The results are uploaded to Microsoft servers to be processed and to identify any known issues. If a known issue is found, a message is displayed that explains the steps that you can take to resolve the problem.

Wanna to go to link ?? Go here

Volume Shadow Copy Service error event ID 12292

September 20, 2013 Leave a comment

Since we had change the SAN switch for one of our Exchange 2010 DAG nodes, Its started to fetch the event ID 12292 and VSS backup stoped working for this node.

Used below cmdlet to make sure exchange replication  writer and providers are working fine.

Vssadmin list writers

Vssadmin list providers

Started looking the registry value of VSS provider and matching the registry value with other DAG nodes which is working normally. During match, I found the “Start” Dword value is showing data value “0x00000004”.

In other DAG nodes this value was ““0x00000002” under “KLM\CCS\SYSTEM\SERVICES\SWPRV” .

If you falling under same kind of issue, I would suggest you to verify the registry value with working server for below Key’s.

1. On Exchange server, please run regedit, go to verify the following two registry keys. Make sure they are the same with another working server:

HKLM\CCS\SYSTEM\SERVICES\VSS\PROVIDERS

KLM\CCS\SYSTEM\SERVICES\SWPRV

2. Please Reboot Exchange server in Off-Business hours.

3. After reboot, please try to backup Exchange using Windows Server Backup tool.  Check if it is successful.

If still you are not bale to managed this working, As a Last resort you can try Re registering the Vss dlls

Re-registering Vss Dlls

cd /d %windir%\system32
net stop vss
net stop swprv
regsvr32 /s ole32.dll
regsvr32 /s oleaut32.dll
regsvr32 /s vss_ps.dll
vssvc /register
regsvr32 /s /i swprv.dll
regsvr32 /s /i eventcls.dll
regsvr32 /s es.dll
regsvr32 /s stdprov.dll
regsvr32 /s vssui.dll
regsvr32 /s msxml.dll
regsvr32 /s msxml3.dll
regsvr32 /s msxml4.dll
vssvc /register
net start swprv
net start vss

It does help in getting the Vss service to function properly