Friday, September 23, 2011

Common Exchange 2007/2010/2013 commandlets - Documenting for reference

Since now and then I need to go back and check the exchange commandlets help I thought of creating a list that I could refer to whenever I like:

NOTE: To Export to text file use OUT-FILE instead with pipe (|)

WhiteSpace on all Exchange 2010 DB’s
get-mailboxdatabase -status | fl Server,name,AvailableNewMailboxSpace

Mailbox Folder statistics
Get-MailboxFolderStatistics -Identity TESTUSER1

Mailbox statistics per DB for all mailboxes
Get-MailboxStatistics -database "Mailbox Database"
| fl Displayname,ItemCount,TotalItemSize,totalDeletedItemSize

DisplayName, ItemCount and size in MB per database
Get-MailboxStatistics -Database "Mailbox Database"
| Format-Table DisplayName, ItemCount, @{expression={$_.totalitemsize.value.ToMB()};label="Size(MB)"}

Create Bulk Folders in Users Mailboxes
New-MailboxFolder -Name <String> -Parent <MailboxFolderIdParameter> [-Confirm [<SwitchParameter>]] [-DomainController <Fqdn>] [-WhatIf [<SwitchParameter>]]
Just need to put it in the loop how we do it for bulk user mailboxes.
NOTE: New-MailboxFolder cmdlet is only added to Exchange 2010 SP1 so watch for that. Last time tested with SP2.

List all the permissions applied to a mailbox
get-mailboxpermission -identity TestMailbox |format-list

List all the permissions a particular user has over a specific mailbox
Get-Mailbox "TestMailbox" | Get-MailboxPermission -user "Es1_Service"  | format-list

Add Save-As extended rights over a mailbox database
Add-AdPermission -identity "mailbox database" -user "ServiceAccount" -ExtendedRights Send-As

Add Save-As rights over the whole server
Add-ADPermission -identity (get-mailboxserver -identity "mailboxServerName" | select-object).DistinguishedName -user "Domain\ServiceAccount" -ExtendedRights Send-As

Display disabled mailboxes (tested on exchange 2007)
Get-MailboxStatistics -Server "ServerName" | where{$_.DisconnectDate -ne $Null}

Check if any mailboxes reached quota. This will check all environment wise (Exchange 2010):
Get-Mailbox -ResultSize Unlimited | Get-MailboxStatistics | Format-List DisplayName,ServerName,StorageLimitStatus,TotalItemSize,TotalDeletedItemSize,ItemCount,DeletedItemCount

List Exchange ServerName, Edition and Build number 
Get-ExchangeServer | FL Name, Edition, AdminDisplayVersion
(Note: AdminDisplayVersion in some roleup is not updated properly, you may find EMC showing different version than what commandlet will print. Usually I find EMC displaying correct info (last time found Exchange 2010 SP2 RU4 V1 displayed in commandlet as Version 14.2 (Build 247.5) )

Verify that extended permissions are applied to the MailboxDatabase

Get-Mailboxdatabase -server ExchangeServer| Get-ADPermission | where-object { ($_.extendedrights -like "*receive*" -or $_.extendedrights -like "*ms-Exch-Store-Visible*" -or $_.extendedrights -like "*ms-Exch-Store-ad*") -and ($_.User -like "*S1_Service*") } | select Identity, User, ExtendedRights, IsInherited | ft –wrap

Wednesday, June 29, 2011

SharePoint Event 10016, DistributedCOM error "The application-specific permission settings do not grant Local Activation permission..."

Problem Description: After installing SharePoint 2010 Application event log filles with following error messages:

Log Name: System
Source: Microsoft-Windows-DistributedCOM
Date: 29/06/2010 4:32:45 AM
Event ID: 10016
Task Category: None
Level: Error
Keywords: Classic
Computer: sharepoint.katwal.local
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

CAUSE: LOCAL ACTIVATION permissions missing for "IIS WAMREG admin Service"


First of all you might already know how did I know its "IIS WAMREG admin service", just in case you do not know, for every single com object there is GUID assigned by WINDOWS. In the error message above we could see it {61738644-F196-11D0-9953-00C04FD919C1}

Now what we needed to do was to find out what this GUID represents, registry of the server is the friend that could tell us. We need to open registory editor, select Edit menu and select Find. Now paste the GUID number and search for it. Registry editor will already have the GUID selected when its found. On the right side pane we should be able to see (Default) - Reg_SZ - IIS WAMREG admin service

That is how we know which COM component needs to be checked for activation permissions. To get to this componet follow the steps below

1. Select Start
2. Select Run
3. Type DCOMcnfg and select open.
4. Expand Component Services >Computer > My Computer > DCOM CONFIG
5. Right click on "IIS WAMREG admin Service" and select properties
6. Here you will find out that you were meant to change permissions under Security Tab but that option is all gray out and cannot be changed.

Problem is that as we checked earlier this component is tied to a registry key and on that registry key only trusted installer has full permissions all other users got READ permission. We need to provide full permission to the Administrator or the FarmAdmin Group. In my case I were using an account that was part of domain admins so I just gave permission on HKEY_CLASSES_ROOT\AppID\{61738644-F196-11D0-9953-00C04FD919C1} registry key.

Here is another issue that when you try to add full permission you will not be able to do it because ownership is not assigned to your group. Since my account was member of domain admin group I selected, "Advanced" option under permissions and selected OWNER tab. Here I added Domain Admins group ad the owner.

Now we can give full permission to Domain Admins on the registry key.

If DCOMcnfg is alreay open we will have to close and re-open because refresh does not work.

Again we will have to go to the properties on the "IIS WAMREG admin Service" under DCOMcnfg as mentioned above. but this time under SECURITY tab, we will be able to change "launch and Activation permissions". We need to add service account for sharepoint with "Local launch" and "Local Activation" permissions. In my case I selected Domain Admins again because it was a small setup.

Tuesday, June 28, 2011

SQL Install Error: Invoke or BeginInvoke cannot be called on a control until the window handle has been created

Problem Description: While patching SQL server which could be Windows 2008 (any version) there are chances some of us will see the following error message other than very famous AXWIN....

"Invoke or BeginInvoke cannot be called on a control until the window handle has been created"

Cause: Some underlying cause in the code. Many versions of SQL impacted in multiple condition. I will document what helped on Windows 2008 R2 SP1 while patching SQL 2008 that was earlier upgraded from SQL 2005 enterprise.

Solution: I googled this error message and came accross all kind of comments e.g. try again, certain hotfix links from Microsoft that were not applicable to x64 versions and so on. The easiest fix was to wait and try 3 times. I had to do this two times both times it worked in the third try. Once I were running using command promtp and second time just double click on the executable.

Sunday, June 26, 2011

Error "Unable to read data from the Metabase. Ensure that Microsoft Internet Information Services is installed" while installing Exchange 2010 on W2K8

While installing Exchange 2010 on Windows 2008 R2 some times admins can see two error messages

- Unable to read data from the Metabase. Ensure that Microsoft Internet Information Services is installed.
- Unable to access the ‘Default Web Site’ on this computer.

CAUSE: Exchange 2010 Prerequisites are not met successfully

SOLUTION: One can follow Microsoft Article to make sure all prerequisites are met:

If all common roles are being installed on one server as I had to do some time back for test environment following is what is needed to be executed from Windows Powershell (should be started with "Run As Administrator")

- Import-Module ServerManager

- Add-WindowsFeature NET-Framework,RSAT-ADDS,Web-Server,Web-Basic-Auth,Web-Windows-Auth,Web-Metabase,Web-Net-Ext,Web-Lgcy-Mgmt-Console,WAS-Process-Model,RSAT-Web-Server,Web-ISAPI-Ext,Web-Digest-Auth,Web-Dyn-Compression,NET-HTTP-Activation,RPC-Over-HTTP-Proxy -Restart

- Set-Service NetTcpPortSharing -StartupType Automatic