Exchange 2010 SP1 has built-in multi-tenant support, which helps service providers to host multiple organizations in a single Active Directory environment. There are few features which are available only in hosting mode and few others which are not available, compared to a normal deployment of Exchange 2010 SP1. 2010 SP1 will form part of the suite of multi-tenant capable products that will replace the Hosted Messaging and Collaboration solution.

Few points to note about installing 2010 SP1 in hosting mode:

• The installation can only be done in command line.
• You need to use /InstallWindowsComponents while running the setup to install all windows components required for Exchange.
• You need to use /Hosting switch while running the setup to install Exchange in hosting mode.
• 2010 SP1 is required.
• Exchange Management Console will not be installed.

Exchange 2010 SP1 doesn’t support the following features in Hosting mode (from Technet):

• Exchange Management Console
• Public Folders
• Unified Messaging Server role
• GalSync
• Federation
• Business-to-Business features such as cross-premises message tracking and calendar sharing
• IRM
• Outlook 2003 support (EnableLegacyOutlook)
• Edge Transport Server role
• Same forest upgrade from Exchange 2007
• Resource forest
• Parent-child domains
• Discontiguous namespace
• Disjoint namespace

In order to install Exchange 2010 SP1 in hosting mode, run the following from an elevated command prompt.

Setup.com /Roles:m,h,c /InstallWindowsComponents /Hosting /OrganizationName:

Don’t press any key as it will cancel the setup process.

Installation pre-checks are carried out.

After the pre-checks are completed successfully, setup starts installing the three roles.

As explained above, there is no EMC after the installation, only Exchange Shell & Help.

Happy installing!

I was uninstalling an Exchange 2007 server from an organization which had Exchange 2007 & 2010 co-existence when I received this error message.

Summary: 5 item(s). 0 succeeded, 1 failed.
Elapsed time: 00:00:34

Mailbox Role
Failed

Error:
Object is read only because it was created by a future version of Exchange: 0.10 (14.0.100.0). Current supported version is 0.1 (8.0.535.0).

Elapsed Time: 00:00:34

Client Access Role
Cancelled

Hub Transport Role
Cancelled

Management Tools
Cancelled

Remove Exchange Files
Cancelled

I had moved all the public folder replicas to the 2010 server using the “MoveAllReplicas.ps1” script in the Exchange Scripts folder. Running Get-PublicFolderStatistics –Server “2007server” returned nothing. PF replication was stopped as well.

I tried removing the 2007 public folder by running Remove-PublicFolder –identity “2007serverstorage grouppublic folder database”, but the command failed on both on 2007 and 2010 server.

The solution was to remove the 2007 public folder database using ADSIEdit. I launched ADSIEdit and connected to the “Configuration” container. Navigated to “Services –> Microsoft Exchange –> Org Name –> Administrative Groups –> Group Name –> Servers –> 2007servername –> Information Store –> Storage Group”

Right clicked the “2007 Public Folder Database” and selected “Delete”. Waited for the replication to happen & the uninstall ran successfully.

Microsoft has released Update Rollup 1 For Exchange 2010 SP1. Few issues were raised in the forums after the release of service pack 1.

Exchange 2010 Service Pack 1 must be installed prior to installing this update rollup. Any Interim Updates (from Microsoft Support) for Exchange 2010 must be uninstalled prior to installing this update rollup.

Download the Update Rollup here

Forefront Protection for Exchange 2010 users will have to disable it using fscutility /disable as usual and enable it after the rollup installation using fscutility /enable. Information Store and Transport services will not start up without these steps.

This issue has a funny side. Everything works as normal except the fact that it creates confusion to the group membership approver. The issue we have is that when a user joins a distribution group (using ECP) which requires “owner approval”, the approver receives an email asking for his/her authorization. Now the confusing bit is that the email doesn’t mention the name of the group which the user is trying to join.

How can the approver make a decision without knowing the group name? It becomes a problem when the same approver is managing a number of groups! This only happens in Exchange 2010 SP1. RTM works without any issues.

Let me explain the issue. I have created a group named “Moderated Group”. I am managing the group.

And the group is configured for “Owner Approval”.

A user (Chakka) logs into ECP & tries to join this group. A warning pops up saying that the request to join the group has been submitted to the group owners (me in this case).

I login to my mailbox and sure enough, I have an email asking for approval. It has a proper subject “Request to join distribution group” and it shows the user who is trying to join (Chakka in my case).

I open up the email, but the name of the group is not listed. I have the buttons to approve or reject the request. Exchange Product Team has done some work in this area, as the body of the email has been changed to “Please respond” in SP1.

I approve the request in this case and the sent email shows the the “approved” email, again with no group info.

The user now received an email with the group owner’s decision and to my surprise, that email list the name of the group which the user wanted to join. It would have made some sense if it happened the other way around!

In Exchange 2010 RTM, this works properly as the approver gets an email with the name of the group which the user wants to join.

So Microsoft, is this a bug? Any patch to be released soon? Anyone else having the same issue?

I was at a customer site who was having issues sending emails from an IMAP client (Thunderbird in this case). Receiving emails was fine. The user could send & receive emails using Outlook & Outlook Web App (Yes, the client was running Exchange 2010).

Everytime an email was sent from the IMAP client, a pop up window appeared with the following error message.

“Cannot send the message. The mail server responded: 550 5.7.1 Client does not have permissions to send as this sender”.

Since the user was able to send using other clients, I was pretty sure that something was missing on the Exchange server. I knew that POP & IMAP clients uses the “Client (ServerName)” receive connector. The issue was that “ms-Exch-SMTP-Accept-Authoritative-Domain-Sender” permission was missing on the receive connector for authenticated users.

In order to allow POP & IMAP clients to submit messages via this connector, you need to run the command below.

Get-ReceiveConnector “Client” | Add-ADPermission –User “authenticated users”  -ExtendedRights ms-Exch-SMTP-Accept-Authoritative-Domain-Sender

Once the permission was set, users were able to send emails from the IMAP clients.

Microsoft has released the latest version of Live Essentials Suite named Windows Live Essentials 2011. Out of all the programs, the one I am after is Live Writer 2011. MSN Messenger has been given a new look & feel as well.

Live Essentials 2011 includes the following & more.

• Windows Live Family Safety
• Windows Live Mesh
• Windows Live Photo Gallery
• Windows Live Movie Maker
• Windows Live Messenger
• Windows Live Writer
• Windows Live Mail

Download Live Essentials 2011 here

Live Writer 2011 has been given the same look & feel like Office 2010.

You have use emotion icons in your blog now!

What are you waiting for? Update your system with Live Essentials 2011.

I came across an issue at a customer site, which looked simple at the first glance. Users were getting NDR when sending an email to a particular user. The bounced message had the following information.

Delivery has failed to these recipients or groups:

There is a problem with the recipient’s e-mail system. More than one person has this e-mail address. The recipient’s system administrator will have to fix this problem.

IMCEAEX-_O=Exchange Org Name_OU=EXCHANGE+20ADMINISTRATIVE+20GROUP+20+28FYDIBOHF23SPDLT+29_CN=RECIPIENTS_CN=FirstName+20Lastname@emaildomain.com
#550 5.1.4 RESOLVER.ADR.Ambiguous; ambiguous address ##

It looked like a duplicate email address issue at first as the customer had just finished a cross forest migration from Exchange 2003 to 2010. Further analysis showed that there is no other user with the same email address. More info was given – the bounce only happens when an internal user email; external emails are fine and the user who had the issue can’t login to Outlook, but OWA works fine.

This prompted me to have a look at the “legacyExchangeDN” attribute of the user and sure enough, there was another user with the same value. The issue was that another account existed with the same first name and last name, but a different alias. The “legacyExchangeDN” attribute was the CN, which was firstname “space” lastname. Hence, there were two users with same “legacyExchangeDN” value and Exchange was getting confused & internal emails were bouncing. I changed the user’s “legacyExchangeDN” to a different value (from firstname lastname to firstname.lastname) and everything started working.

The only problem with renaming this value is that it will break the ability to reply, if the sender uses the Outlook autocache. Hence, the Outlook cache of the sender had to be removed.

In order to change the “legacyExchangeDN” attribute, launch AD Users & Computers with “Advanced Features” turned on. Get the properties of the user, navigate to “Attribute Editor” tab, where you will find the “legacyExchangeDN” attribute. You can also use ADSIEdit.

I was at a customer site and had to look into a strange issue. The issue was that one user kept getting spam emails, that too emails which are clearly spam in all respect. This was happening only for one user and the organization had a combined TMG, Edge 2010 & Forefront 2010 for Exchange as their spam filtering system. Of course, they had an array of TMG servers.

Below is what the user had in the spam email header.

X-MS-Exchange-Organization-Antispam-Report: ContentFilterConfigBypassedRecipient

X-MS-Exchange-Organization-SCL: -1

X-MS-Exchange-Organization-Antispam-Report: MessageSecurityAntispamBypass

MIME-Version: 1.0

SCL rating of –1 for a spam email & ContentFilterConfigBypassedRecipient means that the user is been configured to bypass the checks.  I immediately checked the TMG servers and Forefront for any “Allowed Recipients List” which will bypass the antispam checks, but the list was empty.

The issue was that this particular user had “AntispamBypassEnabled” set to true on the mailbox level. You can find the setting by running

Get-Mailbox “user” | fl anti*

In my case, the setting was set to true, which made all spam emails appear in his inbox. Once I had flipped it to false, spam emails were blocked by Forefront.

In order to set the value to false (which is the default), run

Set-Mailbox “user” –AntispamBypassEnabled $false

This was the the last place I looked in solving this particluar issue & hence thought of sharing, in case someone else comes across the same problem.

Checking the size of the mailbox database is not easy in Exchange 2007. This is because of the fact that Get-MailboxDatabase doesn’t have the a databasesize attribute when used with the –Status switch.

Fortunately, things have changed in Get-MailboxDatabase command in Exchange 2010. In order to find the size of mailbox databases, run the following command

Get-MailboxDatabase –Status | fl name, databasesize

Good that the command has been improved in 2010 to give the functionality out of the box!