Microsoft Sender ID Framework SPF Record Wizard

There is a lot of different great posts out there that describes SPF and how to create the records. But not so many posts that refers to the Sender ID Framework SPF Record Wizard provided by Microsoft.

Have a look at the wizard if you are planning to implement SPF, it provides the option to easily generate all SPF records you need. It can be found here!

Exchange Server Version Numbers

A list of all versions of Exchange server released so far including version numbers.

Friendly name Version number
Microsoft Exchange Server  4.0 4.0.837
Microsoft Exchange Server  4.0 (a) 4.0.993
Microsoft Exchange Server  4.0 SP1 4.0.838
Microsoft Exchange Server  4.0 SP2 4.0.993
Microsoft Exchange Server 4.0 SP3 4.0.994
Microsoft Exchange Server 4.0 SP4 4.0.995
Microsoft Exchange Server 4.0 SP5 4.0.996
   
Microsoft Exchange Server 5.0 5.0.1457
Microsoft Exchange Server 5.0 SP1 5.0.1458
Microsoft Exchange Server 5.0 SP2 5.0.1460
   
Microsoft Exchange Server 5.5 5.5.1960
Microsoft Exchange Server 5.5 SP1 5.5.2232
Microsoft Exchange Server 5.5 SP2 5.5.2448
Microsoft Exchange Server 5.5 SP3 5.5.2650
Microsoft Exchange Server 5.5 SP4 5.5.2653
   
Microsoft Exchange 2000 Server 6.0.4417
Microsoft Exchange 2000 Server (a) 6.0.4417
Microsoft Exchange 2000 Server SP1 6.0.4712
Microsoft Exchange 2000 Server SP2 6.0.5762
Microsoft Exchange 2000 Server SP3 6.0.6249
Microsoft Exchange 2000 Server post-SP3 6.0.6487
Microsoft Exchange 2000 Server post-SP3 6.0.6556
Microsoft Exchange 2000 Server post-SP3 6.0.6603
Microsoft Exchange 2000 Server post-SP3 6.0.6620.5
Microsoft Exchange 2000 Server post-SP3 6.0.6620.7
   
Microsoft Exchange Server 2003 6.5.6944
Microsoft Exchange Server 2003 SP1 6.5.7226
Microsoft Exchange Server 2003 SP2 6.5.7638
Microsoft Exchange Server 2003 post-SP2 6.5.7653.33
Microsoft Exchange Server 2003 post-SP2 6.5.7654.4
   
Microsoft Exchange Server 2007 8.0.685.24 or 8.0.685.25
Microsoft Exchange Server 2007 SP1 8.1.0240.006
Microsoft Exchange Server 2007 SP2 8.2.0176.002
Microsoft Exchange Server 2007 SP3 8.3.0083.006
   
Microsoft Exchange Server 2010 14.00.0639.021
Microsoft Exchange Server 2010 SP1 14.01.0218.015

Access rights error when moving mailboxes from Exchange Server 2003 to Exchange Server 2010

When I did the mailbox migrations from Exchange Server 2003 to Exchange Server 2010 yesterday, I received the following error for a couple of mailboxes:

Error:
Active Directory operation failed on <DomainControllerName>. This error is not retriable. Additional information: Insufficient access rights to perform the operation.
Active directory response: 00002098: SecErr: DSID-03150E8A, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0

The user has insufficient access rights.

Exchange Management Shell command attempted:
’<PathtoOrganizationalUnit>’ | New-MoveRequest -TargetDatabase ‘Mailbox Database 147171981′ -BadItemLimit ‘-1′

In my case, this was caused by inheritable permissions for the user object. To check this setting do the following:

  1. On a domain controller, Open Active Directory Users and Computers.
  2. Make sure that you have advanced features activated. Choose view and then Advanced Features.
    MoveError1
  3. Find the user that matches the mailbox you where trying to move.
  4. Open properties for the user and navigate to the Security tab.
  5. Click on Advanced and activate the checkbox Include inheritable permissions from this object’s parent”, then click Ok twice.
    MoveError2

And that should do it, you can try to move the mailbox again and it should work. Thanks for reading and do not hesitate to let me know if you run in to any problems!

Exchange 2010 Client Access behavior in coexistence with Exchange 2003 and 2007

I answered a post on Technet regarding this so I thought I would post it here as well.

There is no possibility to replace a Exchange 2007 CAS server with a Exchange 2010 CAS server. Exchange 2010 CAS does not support rendering mailboxes from legacy versions of Exchange. In the scenarios below I have included both Exchange 2003 and 2007.

For OWA:

  • When the Exchange 2007 mailbox is in the same AD Site as Exchange 2010 CAS, Exchange 2010 CAS will silently redirect the session to the Exchange 2007 CAS.
  • When the Exchange 2007 mailbox is in another Internet facing AD Site, Exchange 2010 CAS will manually redirect the user to the Exchange 2007 CAS.
  • When the Exchange 2007 mailbox is in a non-Internet facing AD site, Exchange 2010 CAS will proxy the connection to the Exchange 2007 CAS.
  • When the server is running Exchange 2003, Exchange 2010 CAS will silently redirect the session to a pre-defined URL.

For ActiveSync:

  • When the Exchange 2007 mailbox is in the same AD Site as Exchange 2010 CAS and the device supports Autodiscover, Exchange 2010 CAS will notify the device to synchronize with Exchange 2007 CAS.
  • When the Exchange 2007 mailbox is in the same AD Site as Exchange 2010 CAS and the device does not support Autodiscover, Exchange 2010 CAS will proxy the connection to Exchange 2007 CAS.
  • When the Exchange 2007 mailbox is in a non-Internet facing AD site, Exchange 2010 CAS will proxy the connection to the Exchange 2007 CAS.
  • When the server is running Exchange 2003, Exchange 2010 CAS will proxy the connection.

For Outlook Anywhere:

When migrating Outlook Anywhere you move the Outlook Anywhere endpoint from the Exchange Exchange 2007 CAS to the Exchange 2010 CAS. Exchange 2010 CAS will then proxy the Outlook MAPI RPC to either the Exchange 2007 Mailbox server or the Exchange 2010 Mailbox server depending on the mailbox home server.

So in all scenarios for OWA and Activesync you would still need the Exchange 2007 CAS to handle requests for Exchange 2007 mailboxes. Thanks for reading and as usual, please let me know if you have any further questions!

Multiple Updates for Exchange Server

Microsoft has released a number of different updates for Exchange Server 2000, 2003, 2007 and 2010.

This is as part of a important Microsoft Security Bulletin that addresses issues in Exchange and the SMTP service that could allow denial of service.

Security Update for Exchange 2000 Server
This update needs to be requested. Description: http://support.microsoft.com/?kbid=976703

Security Update for Exchange Server 2003 Service Pack 2
This update needs to be requested. Description: http://support.microsoft.com/?kbid=976702

Update Rollup 10 for Exchange Server 2007 Service Pack 1
Description: http://support.microsoft.com/?kbid=981407
Download: http://www.microsoft.com/downloads/details.aspx?FamilyID=6a894b4e-12b6-4a91-9555-d813956b6aac&displaylang=en

Update Rollup 4 for Exchange Server 2007 Service Pack 2 Description: http://support.microsoft.com/?kbid=981383
Download: http://www.microsoft.com/downloads/details.aspx?FamilyID=b8f7f872-16d5-49d6-9867-adc01351c06f&displaylang=en

Update Rollup 3 for Exchange Server 2010
Description: http://support.microsoft.com/?kbid=981401
Download: http://www.microsoft.com/downloads/details.aspx?FamilyID=7dcf2390-dff7-4e3a-acca-03f4d43fb79a&displaylang=en

Happy Updating!

Exchange Server Deployment Assistant

For all of you that didn’t know, there is a very good tool to help you on your way through the planning for the migration to Exchange Server 2010. The tool is called Exchange Server Deployment Assistant and it is a web-based guide that not only provides information on what you need to keep in mind when performing the migration, it also gives you a checklist covering all the required steps.

You can find it here: http://technet.microsoft.com/en-us/exdeploy2010/default.aspx#Home, make sure that you check it out before migrating!

Update 973917 causes "Service Unavailable" in OWA, ActiveSync and application pools to automaticly disabled in Exchange Server 2003 and repeated login prompts in Exchange Server 2007

or, “How to type a long topic…”

Long description (shorter solution presented below…)

Today an issue occurred on a customers Exchange Server 2003. The Outlook Web Access and ActiveSync had stopped working and when accessing OWA the error “Service Unavailable” where displayed. After a quick look in IIS Manager I noticed that the two application pools configured for Exchange Server 2003 had stopped.

I tried iisreset and the pools came back up. As soon as OWA or ActiveSync was accessed the pools stopped again.

The following Events where logged in the System Log:

Event Type:    Error
Event Source:    W3SVC
Event Category:    None
Event ID:    1002
Description:
Application pool ‘ExchangeApplicationPool’ is being automatically disabled due to a series of failures in the process(es) serving that application pool.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:    Warning
Event Source:    W3SVC
Event Category:    None
Event ID:    1009
Description:
A process serving application pool ‘ExchangeApplicationPool’ terminated unexpectedly. The process id was ‘5892’. The process exit code was ‘0xffffffff’.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:    Warning
Event Source:    W3SVC
Event Category:    None
Event ID:    1009
Description:
A process serving application pool ‘ExchangeApplicationPool’ terminated unexpectedly. The process id was ‘1276’. The process exit code was ‘0xffffffff’.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:    Warning
Event Source:    W3SVC
Event Category:    None
Event ID:    1009
Description:
A process serving application pool ‘ExchangeApplicationPool’ terminated unexpectedly. The process id was ‘3884’. The process exit code was ‘0xffffffff’.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:    Warning
Event Source:    W3SVC
Event Category:    None
Event ID:    1009
Description:
A process serving application pool ‘ExchangeApplicationPool’ terminated unexpectedly. The process id was ‘2212’. The process exit code was ‘0xffffffff’.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:    Warning
Event Source:    W3SVC
Event Category:    None
Event ID:    1009
Description:
A process serving application pool ‘ExchangeApplicationPool’ terminated unexpectedly. The process id was ‘3960’. The process exit code was ‘0xffffffff’.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

I also noticed that these errors started to occurred directly after the installation of a couple of updates for Windows. After uninstalling one update at the time it finally worked, the update causing this issue where “Update for Windows Server 2003 (973917)”.

After uninstalling the update i got a Windows Authentication login prompt when accessing OWA. I looked at the Application Pools again and they where set to run by “Network Service”. I changes this to “Local System” an the problem was solved.

Short Solution

  1. Uninstall Microsoft Update for Windows Server 2003 (973917)
  2. Restart the server
  3. Make sure that the correct user is set to run the application pools. Follow these steps:
    1.  In Internet Information Services (IIS) Manager, expand Application Pools.
    2.  Right-click ExchangeApplicationPool, and then click Properties.
    3.  Click the Identity tab, and then in the Select a security account for this application pool list, click Local System.
    4.  Click Apply, and then click OK.
  4. Restart IIS
  5. OWA and ActiveSync should now be working.

Let me know if you bump in to any other issues!

EDIT 2009-12-13
Microsoft has published a KB (KB973917) on this issue and recommends an reinstall of Windows Server 2003 SP2. See this page for more information: http://support.microsoft.com/?kbid=2009746. This is a larger operation then just uninstalling the update but with this solution you will also get the security changes included in the 973917 update.
Thanks Wes for providing the link!

Please do also note that Microsofts suggested solution of reinstalling SP2 for Windows Server 2003 enables Scalable Networking pack. You can find more information on this issue and a link to the hotfix that disables SNP on the Microsoft Exchange Team blog: http://msexchangeteam.com/archive/2008/03/12/448421.aspx

EDIT 2009-12-18
According to a good friend of mine over at Mailmaster this is also an issue on Exchange Server 2007. The symptoms here is repeated login prompts and SP1 Rollup 9 is the fix for you running Exchange Server 2007. More info at Magnus blogg: http://mailmaster.se/blog/?p=392.

EDIT 2009-12-22
Just thought I should add a link to where you can find more info on SP1 Rollup 9: http://technet.microsoft.com/en-us/library/ee221166(EXCHG.80).aspx 
And if you want you can download it from here: http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=55320be2-c65c-48bb-bab8-6335aa7d008c.