Exchange Troubleshooting

From Help
Jump to: navigation, search

Here are some solutions to issues I've ran into when working with Exchange 2013.

One major issue is that if your install dies out before finishing for any reason, when you fix those issues and complete the install the setup will not complete the "post install tasks" from the step that failed. Thus, it is VERY important to do all the prerequisits AND to document exactly what step it failed on and why. This way you can go back and do the post-install tasks by hand if needed later. I ran into the issue of the OWA site not functioning correctly, as the post-install tasks of creating the sharedwebconfig.config didn't complete.

If you have ever had another Exchange Server in your Active Directory, and did not properly remove it, your install will fail. You can look at your Domain Controller Active Directory Computers and Users for any OUs like "Microsoft Exchange Security Groups" and "Microsoft Exchange System Objects". IF you see these, and are not currently running an Exchange server, then you should STOP, do not install, and remove these via the below steps.

Return to Main Page

Importing Exchange modules into Administrator PowerShell

By default, Exchange installs it's own subsystem of Powershell called "Exchange Management Shell". However, many people find it more convient to use the normal Powershell system to do various commands. When you attempt to run an Exchange-specific command (like get-mailbox) you will get an error like:

get-mailbox : The term 'get-mailbox' is not recognized as the name of a cmdlet, function, script file, or operable
program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.
At line:1 char:1
+ get-mailbox
+ ~~~~~~~~~~~
    + CategoryInfo          : ObjectNotFound: (get-mailbox:String) [], CommandNotFoundException
    + FullyQualifiedErrorId : CommandNotFoundException

First, make sure you have updated to the most recent version of Powershell as well. You can find out what version you are running by:

$PSVersionTable.PSVersion

and you will get back something like:

Major  Minor  Build  Revision
-----  -----  -----  --------
5      1      14409  1012

See http://help.systemsadmin.pro/index.php?title=Powershell_usage#Updating_Powershell for more information on this.

Local server

To use locally (on the Exchange Server itself):

  • open your Powershell window
  • run Add-PSSnapin Microsoft.Exchange.Management.PowerShell.SnapIn;
  • Done!

Return to Top

From another system

To use Exchange Powershell remotely is a bit more work. You will need to import the session information off of the Exchange server into the PC your wanting to use.

  • Open Powershell
  • run Set-ExecutionPolicy RemoteSigned and you will see (answer Y):
Execution Policy Change
The execution policy helps protect you from scripts that you do not trust. Changing the execution policy might expose
you to the security risks described in the about_Execution_Policies help topic at
http://go.microsoft.com/fwlink/?LinkID=135170. Do you want to change the execution policy?
[Y] Yes  [N] No  [S] Suspend  [?] Help (default is "Y"):
  • Next, run the below command. You will get a popup. Enter the credentials of the user account that can admin Exchange.
$UserCredential = Get-Credential
  • Enter the below line into your PowerShell. Make sure to change the -ConnectionUri to the Active Directory DNS's FQDN of your Exchange server:
$s = New-PSSession -ConfigurationName microsoft.exchange -ConnectionUri http://exch2013.tpfnd.cat/powershell
  • Finally, import that session into this server:
Import-PSSession $s
    • You may get an error as below, but usually you can ignore it and now run your Exchange commands.
PS C:\Users\administrator.TPFND.000> Import-PSSession $s
WARNING: The names of some imported commands from the module 'tmp_drid3g5w.obg' include unapproved verbs that might
make them less discoverable. To find the commands with unapproved verbs, run the Import-Module command again with the
Verbose parameter. For a list of approved verbs, type Get-Verb.

ModuleType Version    Name                                ExportedCommands
---------- -------    ----                                ----------------
Script     1.0        tmp_drid3g5w.obg                    {Add-ADPermission, Add-AvailabilityAddressSpace, Add-Conte...

Return to Top

Log Location

You can find various logs at <system drive>\ExchangeSetupLogs\

Return to Top

Previous Exchange not removed properly

Your install might die at various stages (usually in the Mailbox role: mailbox server), and give you some error that will mention "Database is manadatory on UserMailbox.". This is because one of your AD users has a mailbox inside of AD, but the server it is referencing no longer exists. In your ExchangeSetup.log file, you will see something like:

[11/28/2017 03:04:03.0465] [2] [ERROR] Database is mandatory on UserMailbox.
[11/28/2017 03:04:03.0465] [2] Ending processing Update-RmsSharedIdentity
[11/28/2017 03:04:03.0465] [1] The following 1 error(s) occurred during task execution:
[11/28/2017 03:04:03.0465] [1] 0.  ErrorRecord: Database is mandatory on UserMailbox.
[11/28/2017 03:04:03.0465] [1] 0.  ErrorRecord: Microsoft.Exchange.Data.DataValidationException: Database is mandatory on UserMailbox.

and

[ERROR] The following error was generated when "$error.Clear(); 
          if ( ($server -eq $null) -and ($RoleIsDatacenter -ne $true) )
          {
            Update-RmsSharedIdentity -ServerName $RoleNetBIOSName
          }
        " was run: "Microsoft.Exchange.Data.DataValidationException: Database is mandatory on UserMailbox.

and

<[11/28/2017 07:17:58.0735] [2] [WARNING] The object tpfnd.cat/Users/SystemMailbox{1f05a927-3fc4-4b63-8942-1ab2e3e8d078} has been corrupted, and it's in an inconsistent state. The following validation errors happened:
[11/28/2017 07:17:58.0735] [2] [WARNING] Database is mandatory on UserMailbox.
[11/28/2017 07:17:58.0735] [2] [WARNING] Database is mandatory on UserMailbox.

To fix this, several steps will need to be taken.

WARNING: These steps involve using a VERY powerful tool called ADSI Edit. With this tool, you can totally wreck your Active Directory. I stress that you do a full backup of your Domain Controller before performing these steps, and tred very carefully.

You will need to identify the mailboxes giving this error, and then disable them. You will then need to reassociate them to the current Mailbox Database. This will need to be done both on any user mailboxes AND the System (Arbitration) Mailboxes.

You will also need to remove the old Mailbox Database, server, and associated computer accounts from AD.

Disabling mailboxes on new Exchange server

I would suggest disabling mailboxes, since actually removing them will ALSO delete the AD accounts associated with them. Also, copy your Powershell results into a text file so you can more easily manipulate the returned info into the next needed commands.

  • Open your Exchange Management Shell (or Powershell if you have imported the module into it as outlines above)
  • Get a list of user mailboxes:
get-mailbox | Select Name, Alias, Database, SamAccountName | Format-List
  • should return something like:
Name           : Administrator
Alias          : Administrator
Database       : Mailbox Database 2138160981
SamAccountName : Administrator

Name           : Matthew Hunt
Alias          : mhunt
Database       : Mailbox Database 2138160981
SamAccountName : twist

Name           : DiscoverySearchMailbox {D919BA05-46A6-415f-80AD-7E09334BB852}
Alias          : DiscoverySearchMailbox{D919BA05-46A6-415f-80AD-7E09334BB852}
Database       : Mailbox Database 2138160981
SamAccountName : SM_c9f4f0057ad24d7fa

Name           : test
Alias          : test
Database       : Mailbox Database 2138160981
SamAccountName : test
  • open a new text file, and copy this into it.
  • Next, get a list of the System (Arbitration) Mailboxes:
get-mailbox –Arbitration | Select Name, Alias, Database |  Format-List 
  • should return something like:
Name     : SystemMailbox{1f05a927-3fc4-4b63-8942-1ab2e3e8d078}
Alias    : SystemMailbox{1f05a927-3fc4-4b63-8942-1ab2e3e8d078}
Database : Mailbox Database 2138160981

Name     : SystemMailbox{bb558c35-97f1-4cb9-8ff7-d53741dc928c}
Alias    : SystemMailbox{bb558c35-97f1-4cb9-8ff7-d53741dc928c}
Database : Mailbox Database 2138160981

Name     : SystemMailbox{e0dc1c29-89c3-4034-b678-e6c29d823ed9}
Alias    : SystemMailbox{e0dc1c29-89c3-4034-b678-e6c29d823ed9}
Database : Mailbox Database 2138160981

Name     : Migration.8f3e7716-2011-43e4-96b1-aba62d229136
Alias    : Migration.8f3e7716-2011-43e4-96b1-aba62d229136
Database : Mailbox Database 2138160981

Name     : FederatedEmail.4c1f4d8b-8179-4148-93bf-00a95fa1e042
Alias    : FederatedEmail.4c1f4d8b-8179-4148-93bf-00a95fa1e042
Database : Mailbox Database 2138160981
  • copy this into your text file as well
  • Edit your text file into useable commands. You will use the above information (Alias and Database), and make a command per System mailbox like below:
set-mailbox "SystemMailbox{1f05a927-3fc4-4b63-8942-1ab2e3e8d078}" -Arbitration -Database "Mailbox Database 2138160981"
  • for each User mailbox (use the SamAccountName):
set-mailbox "test" -Database "Mailbox Database 2138160981"

and also (for every returned mailbox, both User and System):

Disable-Mailbox -Identity SystemMailbox{1f05a927-3fc4-4b63-8942-1ab2e3e8d078} -Confirm:$false
  • Make sure to change the info to what your server returned to you! You will have to "lists" of commands to run, one set-mailbox and the other disable-mailbox. Copy 1 line at a time into the console, and run all of them.

Return to Top

Removing old Exchange Servers from AD

The list of Exchange servers on the domain is stored in the Active Directory configuration. Following steps below to remove the obsolete server:

  • Log on to the Domain Controller.
  • From the Start menu select Run… and enter adsiedit.msc to launch the ADSI Edit tool
  • In the tool, right-click ADSI Edit and select Connect To…
  • In the Connection Settings dialog under Select a well known Naming Context then select Configuration and click OK
  • Navigate to CN=Configuration [domain] → CN=Services → CN=Microsoft Exchange → CN=[organization] → CN=Administrative Groups → CN=Servers
  • Right-click and Delete the container for the offending Exchange server.

Return to Top

Removing Mailboxe Databases

The Active Directory also stores information about the mailboxes that were located on the non-existent server. To remove these, perform the following steps in the ADSI Edit tool:

  • Navigate to CN=Configuration [domain] → CN=Services → CN=Microsoft Exchange → CN=[organization] → CN=Administrative Groups → CN=Databases
  • Identify the Mailbox Database containers that belonged to the lost server and Delete them.
    • Make sure that you are not deleting working mailboxes from the list, if you delete any by mistake.

Return to Top

Removing Old Server

On the domain controller:

  • Open Active Directory Users and Computers [domain]
    • Go down to Microsoft Exchange Security Groups
      • Remove the computer from the members list of Exchange Servers
      • Remove the computer from the members list of Exchange Trusted Subsystem.
    • Go to your OU of computers, and remove the old server's account
    • Close ADUC
  • Open DNS
    • Remove any host records relating to the old server

Return to Top

Error in Mailbox role: Transport service

You may see the following error:

Error:
The following error was generated when "$error.Clear();
	if (($server -eq $null) -and ($rolesDatacenter -ne $true))
		{
			Update-RMSSharedIdentity -ServerName $RoleNetBIOSName
		}
		" was run "Database is mandatory on UserMailbox.".

You will need to delete the FederatedEmail account, and then AFTER YOU FINISH the Mailbox role setup, re-create it.

Next, you need to remobe the email accounts you just disabled from AD.

  • Log on to the Domain Controller.
  • From the Start menu select Run… and enter adsiedit.msc to launch the ADSI Edit tool
  • In the tool, right-click ADSI Edit and select Connect To…
  • In the Connection Settings dialog under Select a well known Naming Context select "Default naming context" and click OK
    • Drill down to CN=USers
    • Locate and then right-click the CN=FederatedEmail.4c1f4d8b-8179-4148-93bf-00a95fa1e042 container. Then, click Delete.

After you finish the Mailbox role setup:

  • On your Exchange server, in your Exchange MAnagement Shell (make sure and change Default_Accepted_Domain to your actual domain!):
New-Mailbox -Arbitration -Name FederatedEmail.4c1f4d8b-8179-4148-93bf-00a95fa1e042 -UserPrincipalName FederatedEmail.4c1f4d8b-8179-4148-93bf-00a95fa1e042@<Default_Accepted_Domain>

Return to Top

OWA issues

Cannot log into OWA, seeing 1310 errors in Eachange's event log, or "You do not have permission to perform this action" when trying to send email:

This can happen when your install fails and you go back and finish it after fixing issues. Exchange install does not do "post install" tasks after install resume if those install tasks had finished in the previous attempt.

  • On your Exchange server, go into <installed drive>\Program Files\Microsoft\Exchange Server\V15\FrontEnd\HttpProxy
  • Copy the sharedwebconfig.config file
  • Paste it into <installed drive>\Program Files\Microsoft\Exchange Server\V15\ClientAccess
  • Reboot your server

Return to Top

530 5.7.1 Client was not authenticated

This is when you can send out email to internet addresses, but getting "530 5.7.1 Client was not authenticated" when someone is trying to send to you.

  • On your Exchange Server, log into Exchange Admin Center web site
  • Go into Mail Flow > Mail Flow > Receive connectors Client Frontend, the role of FrontendTransport
  • Then go to Security > Checkbox "Anonymous users" and Save

Return to Top

References

Return to Top