Thursday, September 26, 2013

Increase RCP connections to exchange 2013

Symtom:

Some users get error in Outlook:

Your server administrator has limited the number of items you can open simultaneously. Try closing messages you have opened or removing attachments and images from unsent messages you are composing.

usually happens when working with many calendars.

Cause:

Every calendar is one rpcconnections. The default limitation in Exchange 2013 is 40 connections per user. When having 30+ shared calenders and 2 mailboxes this limitation might occur more often than not.

Solution:

Create a new throttlingpolicy and increase allowed rpcconnections.

/> new-throttlingpolicy “mypolicy” –rcamaxconcurrency:200

/> set-mailbox john.doe –throttlingpolicy “mypolicy”

Verify policy set by:

/> get-mailbox john.doe |select throttlingpolicy

Script to apply this to many boxes:

---------------setthrottle-----------------------------

foreach ($user in get-content testusers.txt)

{

set-mailbox $user -throttlingpolicy "mypolicy"

write-host "$user is processed."

}

------------------eof---------------------

References:

http://www.msexchange.org/kbase/ExchangeServerTips/ExchangeServer2010/Monitoring/RPCClientAccessThrottlingLogging.html

http://www.kraftkennedy.com/blog/bid/102095/Exchange-2010-Notes-from-the-Field-Client-Throttling-and-Max-Concurrency

http://technet.microsoft.com/en-us/library/bb232205%28v=exchg.150%29.aspx

http://exchangemaster.wordpress.com/tag/perfmon-counters/

Set calender permissions for all users

To check permissions for calender on a user:

/> get-mailboxfolderpermission john.doe:\calender

To Set permissions for user default to reviewer on john.does calender

/>set-mailboxfolderpermission john.doe:\calendar –user Default –Accessrights Reviewer

To script this for all users

--------------SetCalendarReviewer.ps1-------------

foreach ($user in get-content users.txt)

{

set-mailboxfolderpermission ${user}:\calendar -user Default -Accessrights Reviewer

write-host "$user is processed."

}

----------------------------eof----------------------------------

It retrievs all users from test.txt which is simply one username per line.

Also below is a link to policy to always set this permission with newly created users, which I haven’t tried out yet.

References:

http://stackoverflow.com/questions/15612088/how-to-combine-variable-with-the-rest-of-the-command

http://exchangeinside.org/2013/01/set-default-calendar-permissions-for-all-new-users-to-reviewer/

http://technet.microsoft.com/en-us/library/dd351181%28v=exchg.150%29.aspx – remove-mailboxfolderpermission

http://technet.microsoft.com/en-us/library/ff522363%28v=exchg.150%29.aspx – set-mailboxfolderpermissions

Tuesday, September 24, 2013

Exchange 2013 throttling

When setting up a special user that is used to copy a lot of items we today learned about the default throttling restrictions in Exchange 2013.

Here’s so useful powershell commands for the occasion.

/>get-throttlingpolicyassociation john.doe |fl      - shows what policy is associated with account. If it’s empty it’s the global default.

To Check the current throttlingpolicies:

/>get-throttlingpolicy |fl

To create a new one and set it to unlimited

/>New-ThrottlingPolicy MyNewPolicy

/>Set-ThrottlingPolicy MyNewPolicy -RCAMaxConcurrency Unlimited -EWSMaxConcurrency Unlimited -EWSMaxSubscriptions Unlimited -CPAMaxConcurrency Unlimited -EwsCutoffBalance Unlimited -EwsMaxBurst Unlimited -EwsRechargeRate Unlimited

/>Set-Mailbox "john.doe" -ThrottlingPolicy MyNewPolicy

Goes without saying that this should be used with extreme caution.

References:

https://migrationwiz.zendesk.com/entries/22713616-How-do-I-disable-the-Exchange-2013-throttling-policy-

http://www.msexchange.org/articles-tutorials/exchange-server-2010/compliance-policies-archiving/exchange-2010-client-throttling-policies.html

Thursday, September 19, 2013

Autodiscover pains in my side.

Problem: When setting up Outlook 2007 on a Server 2003 R2 a certificate error is shown every time Outlook starts. Exchange server is 2013 and Autodiscovery is pretty much mandatory.

image

Cannot connect to proxy server. Error code 10.

Symptom:s

Certificate error is shown at startup.

In the Outlook Anywhere settings, the proxyserver settings is set to the internal servername, like myserver.mydomain.local instead of the external mail.mydomain.com. The certificate is set to the external name so its no wonder Outlook complains.

When we alter the name in Outlook Anywhere settings the Proxyerror disappears. Though after restarting outlook once or twice, the settings returns.

Now the issue here is that these settings are only incorrect if the server (or computer) is a member of the domain. If a external Outlook puts up a user, everything looks fine in the Outlook Anywhere settings.

Cause:

Then looking for autodiscover settings, Outlook always looks to the domains SCP before the dns.

Now this can be amended by changing the parameters of cmdlet set-outlookprovider

Like : set-outlookprovider expr –server mail.mydomain.com –certprincipalname msstd:mail.mydomain.com and then restarting both mailserver and clientcomputer.

People usually solve the problem when doing that, but not in my case. I blame a very old server that probably upgraded Office one time to many.

clip_image002

Solution:

In my case I had to completely bypass the Active Directory to fool the Terminal Server to look towards the DNS, where everything worked dandy.

These are the magic settings.

Navigate to HKEY_CURRENT_USER\Software\Microsoft\Office\12.0 14.0 for Outlook 2010\Outlook\AutoDiscover and create these DWORD

"PreferLocalXML"=dword:0
"ExcludeHttpRedirect"=dword:0
"ExcludeHttpsAutodiscoverDomain"=dword:0
"ExcludeHttpsRootDomain"=dword:1
"ExcludeScpLookup"=dword:1 (forces Outlook to exclude SCP object check)
"ExcludeSrvLookup"=dword:1
"ExcludeSrvRecord"=dword:1

All cred for the fix goes to hosting.intermedia.net link below. Still pasting it here just in case they drop it.

On a side note, I also installed a brand new Server 2008 R2 with Outlook 2010 and didn’t see the issue there at all. So either something broke or Outlook 2007/Server 2003 bugged out.

References:

http://blogs.technet.com/b/umutg/archive/2011/01/31/all-about-set-outlookprovider.aspx

http://ilantz.com/2009/06/18/prevent-outlook-anywhere-aka-rpc-over-http-from-being-automaticly-configured-in-exchange-2007-with-autodiscover/

https://hosting.intermedia.net/support/kb/default.asp?id=2445

Wednesday, September 11, 2013

Autodiscover

To configure autodiscover for Exchange 2013 without one of those fancy Unified Communication Certificates, use an SRV record. This will handle Out Of Office functions (and autoconfigure from Outlook at least).
Put a DNS record for the relevant domain
Type: Other>SRV
Service: _autodiscover
Port number :443
Host offering service : mail.yourdomain.com
A nice little window will popup for all Outlook users after this, urging them to allow the change. Doing so will reconfigure their local email, taking with them any local archivefiles.
All very automatic.



image 
Edit after being tried in the real world:
Ok, so it didn't really work as expected when it got deployed. If Outlook tries to reconfigure an existing account it doesn't seem to manage if the current account is in Cached Mode. Therefore it lands in temporary land. But still, thanks to this srv-record its really easy to set up the email from scratch, just enter your emailaddress and account settings and it configures mailserversettings automaticly. could have been better ms... 

Check last logon time in E2013

Ok, so gui pretty much out in Exchange 2013.
So if I want to check when users last logged on the mailbox for some reason we use powershell.
Make a script, typing is going to get old real fast.
To check latest logintime for users
-----------CheckLastlogon.ps1-------------
add-pssnapin microsoft.exchange.management.powershell.snapin
foreach ($user in get-content users.txt)
{
get-mailboxstatistics $user |select displayname,itemcount,lastlogontime,totalitemsize
}
---------------eof----------------------------------





If you want the results in a pretty displaybox, you can pipe |out-gridview like .\checklastlogon.ps1 | out-gridview.
To make the script pause after printing, add these lines:

write-host "press any key to end"
$x = $host.UI.RawUI.ReadKey("NoEcho,IncludeKeyDown")

Good for those diehard powerhaters out there, or in here…
References:
http://exchangeserverpro.com/last-logon-time-exchange-2010-mailbox-users/



Monday, September 09, 2013

Changing the smtp banner in Exchange 2013

  1. Check the identity
    1. get-receiveconnector |select identity,banner
    2. The identity your looking for is “SERVERNAME\DEFAULT Frontend servername”
  2. Set banner
    1. set-receiveconnector –identity “SERVERNAME\DEFAULT Frontend servername” –banner “220 mail.yourdomain.com Microsoft ESMTP MAIL Service ready”

image

References:

www.testexchangeconnectivity.com

http://rowen121.wordpress.com/2013/01/17/how-to-modify-the-default-smtp-banner/

Friday, September 06, 2013

Using retention events as reminders

In lists, we sometimes want email reminders when something is due. Maybe a contract is about to expire. Or a folder hasn’t been touched in a long time.

Using Information Management Policies we can use a datefield to initate a move or start a workflow. All built-in, although in the enterprise version of Sharepoint 2013.

  1. Create a datecolumn in your list.
  2. Create a workflow associated with the list. For example a simple email-wf. image
  3. List>List Settings>
  4. Permissions and Management>Information Management Policy Settings>Item>Enable Retention>Add a retention state
  5. Use the created date-column or another available date column, choose action. In this case the newly created workflow.
  6. Enter a listitem which is about to expire.
  7. Testrun by running timerjobs for the specific webapplication on the sharepoint server. The relevant jobs are in Sharepoint 2013 :
    1. PolicyUpdateProcessing
    2. ExpirationProcessing
  8. After all is verified to be working, it’s a good idea to change the timerjob intervals of above jobs. Default value is only once a week. Change this to daily at the appropriate time.

The timerjobs must be run in that particular order for this to work. After they have first run, for trial and error purposes, we can remove the policy and reapply to renew the policy.

Also some handy powershell for the occasion:

/> get-sptimerjob policyupdateprocessing

/> start-sptimerjob expirationprocessing

/> set-sptimerjob expirationprocessing –schedule ”daily at 07:00”

/> set-sptimerjob policyupdateprocessing –schedule “daily at 06:00”

Note that above assumes theres only one webbapplication. When there’s more the powershell needs to be targeting that specific application. Since all applications have these timerjobs.

image

References:

http://office.microsoft.com/en-001/sharepoint-server-help/create-and-apply-information-management-policies-HA101631505.aspx - general information

http://weblogs.asp.net/spano/archive/2012/03/17/sharepoint-expiration-policy-not-working.aspx

http://technet.microsoft.com/en-us/library/ff607833.aspx - start-spadminjob - seems to start all timerjobs.

http://www.danielroot.info/2012/08/information-management-policy.html - details

http://stackoverflow.com/questions/8545161/sharepoint-2010-retention-policy-not-working

http://weekbeforenext-blog.blogspot.se/2011/06/extracting-month-and-year-from-date-and.html

http://office.microsoft.com/en-001/windows-sharepoint-services-help/examples-of-common-formulas-HA001160947.aspx

http://yalla.itgroove.net/2012/09/sharepoint-calculated-column-formulas/

http://blogs.askcts.com/2013/05/14/creating-a-timed-workflow-in-sharepoint-2010/ -

http://sarahlhaase.wordpress.com/2013/03/27/setting-up-automated-reminder-emails/

https://specmgt.wordpress.com/2011/10/26/documentexpiry/ -

Powershell and Uptimerobot

Uptimerobot can be quite tedious when you need to update many monitors at once. For example say you bought the license for Uptimerobot and n...