Exchange Server 2010 Troubleshooting Issues – Part I
The following article will provide a summary on common issues in Exchange 2010 deployment in the Enterprise. The information in this article consists of my own experience and official Microsoft knowledgebase articles. Due to the fact that your Exchange environments will all vary, please read the information carefully and test the suggestions from this article - in a lab that can demonstrate the current Exchange infrastructure.
The blogs will be is divided into the following chapters:
General issues in Exchange 2010 deployment
This is a 'Live List" that I will be adding to as I see issues arise in this area;
- When you are using account with administrative privilege to export mailboxes, you may get errors due to permission issues. The same symptoms may occur if you are using 3rd party backup software.
- Give the account that is used for export/backup purpose, the required level of permissions to access to the user mailbox: Get-MailboxDatabase | Add-ADPermission -user "domainname\backupaccountserviceaccountname" -AccessRights GenericAll
- Administrative Accounts (e.g. Domain Admins have deny access permission to users mailboxes by default).
- When you are trying to relay from Exchange 2010 server, you will be blocked by default.
- Setup the required relay permissions: Allow Anonymous Relay on a Receive Connector
- In highly secure environments you can easily add security features like Authentication, encryption, etc.
- Microsoft has posted a good guide on known issue while trying to move mailboxes from old Exchange system to the Exchange 2010 system.
- Outlook 2003 users may report on slow performance during send and receive post migration.
- Upgrade to Outlook 2007 or higher, otherwise: Outlook 2003 email messages take a long time to send and receive when you use an Exchange 2010 mailbox
- After installing Exchange 2010 on computer that is also a GC, Exchange services may not started after reboot.
- During Apple iPhone synchronization, the following error message may appear:"Exchange ActiveSync doesn’t have sufficient permissions to create the “CN=John Ferris,OU=Users,OU=Lab Demo,OU=Pilot Exchange 14,DC=shadowall,DC=local” container under Active Directory user “Active Directory operation failed on mail.shadowall.local. This error is not retriable. Additional information: Access is denied. Active directory response: 00000005: SecErr: DSID-03151E04, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0“.
- If the account is a member of a Protected Group you may need to verify that the user Mailbox permissions are set to apply inheritance has the following setting on: “Include inheritable permissions from this object’s parent".
- Users with mobile phones that use a third party operating system may report a “Certificate Error” during the synchronization stage.
- This issue isn’t an Exchange problem as such, and it’s a common issue. The mobile phone's operating system simply didn’t setup the correct “Root CA” certificate or the mobile phone operating system does not support a certificate with SAN extensions *”Unified Communications Certificate”).
- Microsoft recommends using only specific certificate types in Exchange 2010. If you are like to obtain a public certificate, please note that Microsoft released a list of official supported vendors: Unified Communications Certificate Partners for Exchange Server and for Communications Server
- Outlook 2003 users may report failures when connecting to Exchange 2010.
- Upgrade to Outlook 2007 or higher or more simply enable the option on the outlook 2003 (Manually or by using GPO): “Encrypt data between Microsoft Office Outlook and Microsoft Exchange Server".
- Alternatively, but not recommend - we can disable the requirement to use RPC with encryption support, by using the power shell command on the relevant Exchange 2010 server: “Set-RpcClientAccess -Server savdalex10 -EncryptionRequired $false".
- When using Exchange 2010 Best Practice Analyzer, the following error may appear: "Unrecognized Exchange signature Active Directory domain 'domainname' has an unrecognized Exchange signature. Current DomainPrep version: 12639."
- As I know, this issue should be resolved in Exchange 2010 Service Pack 1. Exchange 2010 Best Practice Analyzer doesn’t support earlier Exchange versions.
- Using Symantec BackupExec 2010 to restore users emails accomplished successful. However, after checking the user mailbox you may found that no user data is restored.
- During the Exchange 2010 organization upgrade, the following error may appear: "The execution of: "$error.Clear(); if ($RolePrepareAllDomains) { initialize-DomainPermissions -AllDomains:$true -CreateTenantRoot:$RoleIsDatacenter; } elseif ($RoleDomain -ne $null) { initialize-DomainPermissions -Domain $RoleDomain -CreateTenantRoot:$RoleIsDatacenter; } else { initialize-DomainPermissions -CreateTenantRoot:$RoleIsDatacenter; }", generated the following error: "Length of the access control list exceed the allowed maximum."
- During Exchange 2010 installation, “error code 3221685941” may appear.
- Users may report that they can’t open DOC, PDF, and XLS files by using Exchange 2010 OWA.
- Install Exchange 2010 Rollup Pack 3 or higher: Description of Update Rollup 3 for Microsoft Exchange Server 2010 Release to Manufacturing
- Outlook 2003 users can’t publish their FB data on Exchange Server 2007 or 2010:
- Some users cannot connect Exchange Server 2010 using Outlook Anywhere.
- Self signed certificates warnings.
- A few customers that are using Symantec Enterprise Vault 8.x reported on mailbox data restore issues. The following error may appear: “Error 3310: There was a problem accessing a network service or resource. The dispenser will re-queue the current item and sleep for 5 minute(s). Task: Mailbox Archiving Task for EXCHANGESERVERNAME (Retrieval). For more information, see Help and Support Center at https://evevent.symantec.com/rosetta/showevent.asp.”
- Upgrade to Symantec Enterprise Vault 9.x contact Symantec Support for further assistant.
- Exchange Server 2010 Management Tools start up issues.
- Microsoft Exchange Team released a nice document that can help: Troubleshooting Exchange 2010 Management Tools start up issues
- Due to wrong configuration of third party backup software, the following error may appear: “Exact Error Message 0xe0000380 - Backup Exec attempted to back up an Exchange database according to the job settings. The database was not found in the Database Availability Group”
- Please contact the third party support staff to resolve this issue. Symantec released a nice article how to resolve this issue: Exchange Information Store for Exchange 2010 is not visible in the Backup Selections or the Exchange 2010 backup fails with either the error "0xe0000380 - Backup Exec attempted to back up an Exchange database according to the job settings. The database was not found in the Database Availability Group
- In most scenarios, the backup server should use Windows 2008 x64 / Windows 2008 R2 operating system with the latest edition of the Exchange 2010 Management Tools
Comments
Anonymous
January 01, 2003
Adrian, Thanks for the feedback - Happy to help.Anonymous
May 07, 2010
Love it. One always hits the same probs on a rollout, its nice to find that someone else has found the solutions already!Anonymous
November 07, 2010
Hi jhon, my name is Barra, just now i already installed exchange 2010. and i have a problem when i try to open OWA. My configuration is 1 Domain Controller, 1 mailbox server and 1 server (Hub transport & CAS). I tried to open OWA, nothing happen? can u suggest me, what should i do resolve the problem. Thanks very much barrapurnama@yahoo.comAnonymous
January 15, 2013
@barra please check from client acces settingsAnonymous
December 11, 2013
DEAR EXCHANGE ADMINISTRATORS... I AM PLEASURE TO SHARE WITH U THAT AM ALSO LEARNING ABOUT EXCHANGE SERVER 2010 TO BECAME EXCHANGE ADMIN.. I WANT TO KNOW WHAT ARE THE TROUBLESHOOTING TO HAVE MET IN YOUR EXPERIENCE PLS SHARE AND HELP ME.. THANKS AND REGARDS Parthiban selvaraj s.parthiban@hotmail.com, sparthee87@gmail.com