Create VM from Powershell v3.0

Here $server is a variable where  number of VM’s defined, one can used .CSV file to import

$server= “VM1”, “VM2”, “VM3”
for ($i=0 ; $i -le ($server).Count ; $i++)
{
New-VM -Name $server[$i] -NewVHDPath “C:\Hyper-V\$($server[$i])\Virtual Hard Disks\$($server[$i]).vhdx” -NewVHDSizeBytes 32212254720 -BootDevice CD -MemoryStartupBytes 536870912 -Path C:\Hyper-V\ -SwitchName SurinHyper-v
}

Reinstalling Exchange 2010, got error for Offline address book

After uninstalling/Reinstall Exchange 2010, I got error “The nominated Exchange server for offline address book ‘Default Offline Address Book’ has been deleted. Nominate a valid server and restart setup.”

Resolution

I Deleted the OfflineAddress book from the ADSIEDIT

CN=Offline Address Lists,CN=Address Lists Container,CN=First Organization,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=<Domain>DC=com

and restarted the Exchange setup and issue resolves.

Exchange 2010, Uninstalling Exchange server roles, receive following error

 

Issue

Setup encountered a problem while validating the state of Active Directory: Active Directory operation failed on Machinename.domain.com. The supplied credential for ‘domain\administrator’ is invalid.

Resolution

From command prompt,

Run control keymgr.dll and from Credential manager, delete Credentials matching with Exchange server name. There are three category, “Windows Credentials” “Certificate-based credentials” and “Generic Credentials”

In my case, I deleted all the parameters under all three category and restarted Uninstallation setup and uninstalled successfully

Receive Connector permission

From Technet

 

 

Receive connector permissions are assigned to security principals when you specify the permission groups for the connector. When a security principal establishes a session with a Receive connector, the Receive connector permissions determine whether the session is accepted and how the received messages are processed. The following table describes the permissions that can be assigned on a Receive connector to security principals. You can set Receive connector permissions by using the EMC or by using the PermissionGroups parameter with the Set-ReceiveConnector cmdlet in the Shell. To modify the default permissions for a Receive connector, you can also use the Add-ADPermission cmdlet.

Receive connector permissions

`Receive connector permission	Description
ms-Exch-SMTP-Submit	The session must be granted this permission or it will be unable to submit messages to this Receive connector. If a session doesn’t have this permission, the MAIL FROM and AUTH commands will fail.
ms-Exch-SMTP-Accept-Any-Recipient	This permission allows the session to relay messages through this connector. If this permission isn’t granted, only messages that are addressed to recipients in accepted domains are accepted by this connector.
ms-Exch-SMTP-Accept-Any-Sender	This permission allows the session to bypass the sender address spoofing check.
ms-Exch-SMTP-Accept-Authoritative-Domain-Sender	This permission allows senders that have e-mail addresses in authoritative domains to establish a session to this Receive connector.
ms-Exch-SMTP-Accept-Authentication-Flag	This permission allows Exchange 2003 servers to submit messages from internal senders. Exchange 2010 will recognize the messages as being internal. The sender can declare the message as trusted. Messages that enter your Exchange system through anonymous submissions will be relayed through your Exchange organization with this flag in an untrusted state.
ms-Exch-Accept-Headers-Routing	This permission allows the session to submit a message that has all received headers intact. If this permission isn’t granted, the server will strip all received headers.
ms-Exch-Accept-Headers-Organization	This permission allows the session to submit a message that has all organization headers intact. Organization headers all start with X-MS-Exchange-Organization-. If this permission isn’t granted, the receiving server will strip all organization headers.
ms-Exch-Accept-Headers-Forest	This permission allows the session to submit a message that has all forest headers intact. Forest headers all start with X-MS-Exchange-Forest-. If this permission isn’t granted, the receiving server will strip all forest headers.
ms-Exch-Accept-Exch50	This permission allows the session to submit a message that contains the XEXCH50 command. This command is needed for interoperability with Exchange 2003. The XEXCH50 command provides data such as the spam confidence level (SCL) for the message.
ms-Exch-Bypass-Message-Size-Limit	This permission allows the session to submit a message that exceeds the message size restriction configured for the connector.
Ms-Exch-Bypass-Anti-Spam	This permission allows the session to bypass anti-spam filtering.

Mahabhart and Gokarna

Proceeding next to Gokarna celebrated over the three worlds, and which is situated, O best of kings, in the midst of the deep, and is reverenced by all the worlds, and where the gods headed by Brahma, and Rishis endued with wealth of asceticism, and spirits and Yakshas and Pisachas…worship the lord of Uma, one should worship Isana, fasting there for three nights. By this, one acquireth the merit of the horse-sacrifice, and the status of Ganapatya. By staying there for twelve nights, one’s soul is cleansed of all sins.

From The Mahabharata, written between 400 and 100 BCE

DON’T REJOIN TO FIX: The trust relationship between this workstation and the primary domain failed

 

DON’T REJOIN TO FIX: The trust relationship between this workstation and the primary domain failed :: Post by Dan Peterson

 

Resolution “:

Just change your computer password using netdom.exe!
netdom.exe resetpwd /s:<server> /ud:<user> /pd:*
<server> = a domain controller in the joined domain
<user> = DOMAIN\User format with rights to change the computer password

Here are the full steps:

1. You need to be able to get onto the machine. I normally just log in with the local Administrator account by typing, “.\Administrator” in the logon window. I hope you remember the password. If you’re creative and resourceful you can hack your way in without the password. Another option is to unplug the machine from the network and log in with domain user. You will be able to do disconnected authentication, but in the case of a reset machine, remember that you may have to use an old password. Your domain user’s cached credential has the same problem as the machine’s private secret.
2. You need to make sure you have netdom.exe. Where you get netdom.exe depends on what version of Windows you’re running. Windows Server 2008 and Windows Server 2008 R2 ship with netdom.exe you just have to enable the Active Directory Domain Services role. On Windows Vista and Windows 7 you can get it from the Remote Server Administration Tools (RSAT). Google can help you get them. For other platforms see this link: http://technet.microsoft.com/en-us/library/ee649281(WS.10).aspx”
3. Extra steps if the machine is a domain controller. If the broken machine is a domain controller it is a little bit more complicated, but still possible to fix the problem. I haven’t done this for a while, but I think this works:
   1. Turn off the Kerberos Key Distribution Center service. You can do this in the Services MMC snap-in. Set the startup type to Manual. Reboot.
   2. Remove the Kerberos ticket cache. A reboot will do this for you, or you can remove them using KerbTray.exe. You can get that tool here: http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=17657
   3. Post change steps. Do these in conjunction with 5 below. Turn the Kerberos Key Distribution Center Service back on before rebooting. You should reboot the domain controller and then force replication in the Active Directory Sites and Services MMC snap-in.
4. Run netdom.exe to change the password.
   1. Open an administrative command prompt. On Windows platforms with UAC enabled, you will need to right-click on cmd.exe and select “run as Administrator”.
   2. Type the following command: netdom.exe resetpwd /s:<server> /ud:<user> /pd:*
5. Reboot the machine.

Here is more information on netdom.exe: http://support.microsoft.com/kb/325850

Unable to move Active Mailbox Database Copy in DR site failover scenario

I have a scenario where Primary Exchange site went down, all of the CAS/HUB/MBX server went offline only DC on Primary site is working, so no access to Exchange server, well I have access to DR site’s Exchange server.

So logged in DR site, and from Exchange management console when I am running command Get-MailboxDatabaseCopyStatus -server “SERVERNAME”

[PS] C:\Windows\System32>Get-MailboxDatabaseCopyStatus –id “Primary DB”

Name	Status	CopyQueue Length	Replay Queue Length	Last Inspected LogTime State	ContentIndex
“Primary DB”\”primary site MBX”	ServiceDown	0	0		Unknown
“Primary DB”\”DRsite MBX”	Disconnected	9223372036854775029	0	DATE / time	Failed

and in this I don’t have access to Primary Exchange site, I tried to move the active database on DR site

[PS] C:\Windows\system32>Get-MailboxDatabase “Primary DB” | Move-ActiveMailboxDatabase -ActivateOnServer “DR site MBX server”

Error :

An Active Manager operation failed.
Error The database action failed. Error: An error occurred while trying to validate the specified database copy for possible activation. Error: Database copy ‘Primary DB’ on server ‘DR MBX.domain.com’ has a copy
queue length of 9223372036854775029 logs, which is too high to enable automatic recovery. You can use the Move-ActiveMailboxDatabase cmdlet with the -SkipLagChecks and -MountDialOverride parameters
to move the database with loss. If the database isn’t mounted after successfully running Move-ActiveMailboxDatabase, use the Mount-Database cmdlet to mount the database.

and here is another story about  Copy queue Length “9223372036854775029”, and here is MS explanation and resolution (Use override switches : -SkipHealthChecks -SkipActiveCopyChecks -SkipClientExperienceChecks -SkipLagChecks -MountDialOverride:BESTEFFORT )

Exchange 2010: The mystery of the 9223372036854775766 copy queue…

[PS] C:\Windows\system32>Get-MailboxDatabase “Primary DB”| Move-ActiveMailboxDatabase –ActivateOnServer “DRSite Mbx” -SkipActiveCopyChecks -SkipLagChecks  -MountDialOverride:”BestEffort”

Error :

An Active Manager operation failed.
Error The database action failed.
Error: An error occurred while trying to validate the specified database copy for possible activation.
Error: Database copy ‘Primary DB’ on server ‘DR MBX.domain.com’ has content index catalog files in the following state: ‘Failed’.. [Database: “Primary DB”, Server: “DR site MBX”.domain.com]

[PS] C:\Program Files\Microsoft\Exchange Server\V14\Scripts>Get-MailboxDatabaseCopyStatus -id “Primary DB” |fl name, *index*

Name : “Primary DB”\”Primary MBX server”
ContentIndexState : Unknown
ContentIndexErrorMessage :

Name :”Primary DB”\”DR site MBX”
ContentIndexState : Failed
ContentIndexErrorMessage : MAPI Network Error for database {ae67e86b-6c15-49c4-98f9-1a925dfa5de4}.

and at last command I tried, which help to activate Mailbox database on DR site Exchange server

[PS] C:\Windows\system32>Get-MailboxDatabase adb1| Move-ActiveMailboxDatabase -ActivateOnServer bmbx1 -SkipActiveCopyChecks -SkipLagChecks -MountDialOverride:besteffort –SkipClientExperienceChecks

so here option –SkipClientExperienceChecks, helps to resolve the issue

and now I am getting

[PS] C:\Windows\system32>Get-MailboxDatabaseCopyStatus -id “Primary DB” |fl name, *index*

Name : “Primary DB”\”Primary MBX server”
ContentIndexState : Unknown
ContentIndexErrorMessage :

Name : “Primary DB”\”DR site MBX”
ContentIndexState : Healthy
ContentIndexErrorMessage :

and now I able to successfully Mount the Database on DR site

Getting error "0x8004010F" when outlook synchronizes an offline address book

My title page contents

 

Issue : this could be issue with the outlook client if it is using Web proxy to connect to the internet

Resolution : In the Internet Proxy settings, enter CAS server’s IP address as a exception. IP address can be used as a wild card or whole IP address

 

Testing

Windows Server 2008 R2 – Prerequisite for Exchange 2010 Sp2

1. Open a Windows Shell on Windows Server 2008 R2 to install the Prerequisite for Exchange 2010 Sp2

PS c:\> Import-Module ServerManager

PS c:\> Add-WindowsFeature NET-Framework,RSAT-ADDS,Web-Server,Web-Basic-Auth,Web-Windows-Auth,Web-Metabase,Web-Net-Ext,Web-Lgcy-Mgmt-Console,WAS-Process-Model,RSAT-Web-Server,Web-ISAPI-Ext,Web-ISAPI-filter, Web-Digest-Auth,Web-Dyn-Compression,NET-HTTP-Activation,RPC-Over-HTTP-Proxy,web-wmi, web-asp-net –Restart

With release of Service Pack 2 for Exchange Server 2010, you gain few new features such as Cross-Site Silent Redirection for OWA, Address Book Policies, Mailbox Auto-Mapping and few other additions (What’s new in Exchange 2010 SP2).

With it, comes new pre-requisites if you are installing/updating Client Access Server (CAS) role.

You will need to install the following components on the server that will be running CAS role (or existing CAS you are planning to update):

ISAPI Filters – Web-ISAPI-Filter
IIS 6 WMI Compatibility – Web-WMI
ASP.Net – Web-Asp-Net

You can install them as described in Exchange 2010 Prerequisitesarticle. If you want to install these components on existing CAS server before upgrade to SP2, you can launch PowerShell as Administrator and then run:

Import-Module ServerManager

Add-WindowsFeature Web-ISAPI-Filter,Web-WMI,Web-Asp-Net