Thursday, November 27, 2014

Exchange 2013 and Exchange 2010 mixed environment throws error message "The arbitration mailbox 'SystemMailbox{e0dc1c29-89c3-4034-b678-e6c29d823ed9}' for the organization '' is located on a server that doesn't have Exchange 2013 installed. The arbitration mailbox must be moved to an Exchange 2013 server before you can enable auditing."

Issue: While enabling auditing or trying to access audit info following warning message would appear:

The arbitration mailbox 'SystemMailbox{e0dc1c29-89c3-4034-b678-e6c29d823ed9}' for the organization '' is
located on a server that doesn't have Exchange 2013  installed. The arbitration mailbox must be moved to an Exchange
2013 server before you can enable auditing.

Cause: As per Microsoft article , SystemMailbox mentioned above should be moved to  Exchange 2013 database once Exchange 2013 is introduced into the environment.

Resolution: Move 'SystemMailbox{e0dc1c29-89c3-4034-b678-e6c29d823ed9}' mailbox from Exchange 2010 based mailbox DB to Exchange 2013 DB.


1. Find out location of arbitration databases using following exchange powershell cmdlet:

Get-Mailbox -Arbitration | fl Name, Displayname, ServerName, Database, AdminDisplayVersion

It would print information similar to the following

Name                : SystemMailbox{1f05a927-c4a9-4cc7-80bd-a557eb562135}
DisplayName         : Microsoft Exchange Approval Assistant
ServerName          : exchange
Database            : Mailbox Database 0147642087
AdminDisplayVersion : Version 14.3 (Build 123.4)

Name                : SystemMailbox{e0dc1c29-89c3-4034-b678-e6c29d823ed9}
DisplayName         : Microsoft Exchange
ServerName          : exchange
Database            : Mailbox Database 0147642087
AdminDisplayVersion : Version 14.3 (Build 123.4)

Name                : FederatedEmail.4c1f4d8b-8179-4148-93bf-00a95fa1e042
DisplayName         : Microsoft Exchange Approval Assistant
ServerName          : exchange
Database            : Mailbox Database 0147642087
AdminDisplayVersion : Version 14.3 (Build 123.4)

Name                : SystemMailbox{bb558c35-97f1-4cb9-8ff7-d53741dc928c}
DisplayName         : Microsoft Exchange
ServerName          : exchange2013
Database            : Mailbox Database 0562670298
AdminDisplayVersion : Version 15.0 (Build 995.29)

Name                : Migration.8f3e7716-2011-43e4-96b1-aba62d229136
DisplayName         : Microsoft Exchange Migration
ServerName          : exchange2013
Database            : Mailbox Database 0562670298
AdminDisplayVersion : Version 15.0 (Build 995.29)

2. Either use information from above to get database names where version is 15.0 or above or use following exchange powershell cmdlet to print information about all databases in your environment:

Get-MailboxDatabase -IncludePreExchange2013 | fl Name, Server, AdminDisplayVersion

It would print information similar to the following:

Name                : Mailbox Database 0147642087
Server              : EXCHANGE
AdminDisplayVersion : Version 14.3 (Build 123.4)

Name                : Mailbox Database 0562670298
Server              : EXCHANGE2013
AdminDisplayVersion : Version 15.0 (Build 995.29)

3. Now move SystemMailbox in question using EAC  (under migration) or using following shell cmdlet (modify  with DB name identified above for exchange 2013)

Get-Mailbox -Arbitration -Identity "SystemMailbox{e0dc1c29-89c3-4034-b678-e6c29d823ed9}" | New-MoveRequest -TargetDatabase


Wednesday, November 26, 2014

Microsoft Exchange Server 2013 upgrade to SP1 or RU5 or RU6 will fail with error message " The Windows component RSAT-Clustering-CmdInterface isn't installed on this computer and needs to be installed before Exchange Setup can begin."

Issue: While trying to upgrade Microsoft Exchange Server 2013 RTM or releases below SP1/RU5/RU6 that is installed on Windows 2012 Server to either SP1 or RU5 or RU6   error message "The Windows component RSAT-Clustering-CmdInterface isn't installed on this computer and needs to be installed before Exchange Setup can begin." may appear on the screen.

Following is the screenshot while performing silent upgrade

If you will check ExchangeSetup.log file located usually under C:\ExchangeSetupLogs\ folder you will find entries similar to the following:

[11/25/2014 05:04:26.0209] [1] Failed [Rule:RsatClusteringCmdInterfaceInstalled] [Message:The Windows component RSAT-Clustering-CmdInterface isn't installed on this computer and needs to be installed before Exchange Setup can begin.]

[11/25/2014 05:04:26.0490] [1] [REQUIRED] The Windows component RSAT-Clustering-CmdInterface isn't installed on this computer and needs to be installed before Exchange Setup can begin.

[11/25/2014 05:04:26.0490] [1] Help URL:

The link mentioned above as of today while I am writing this note is not working.

Following is the screenshot from the log file in question:

Solution: Install the required module using the following Windows PowerShell command whiand restart setup.exe program to upgrade.

Install-WindowsFeature RSAT-Clustering-CmdInterface

Following is the screenshot (ignore warning about automatic updates since I like to control updates on my servers)

Note: For more information about this module please refer Microsoft documentation on "Failover Clustering module"

Monday, November 24, 2014

How to find list of attributes in PAS (partial attribute set)

Purpose: Sometimes we need to find out what attributes are there in the PAS list used by the Active Directory environment. Sometimes just to make sure there isn't an attribute that you need to exist on all Global Catalog servers for a product or query to work. 

Steps: Following PowerShell command can be run on Domain Controller in your environment to get Display Name of attributes in PAS.

Get-ADObject -SearchBase "cn=Schema,cn=Configuration,dc=YourDomain,dc=com" -LDAPFilter "(isMemberOfPartialAttributeSet=TRUE)" -Properties lDAPDisplayName | Select lDAPDisplayName

Example : 

Get-ADObject -SearchBase "cn=Schema,cn=Configuration,dc=katwal,dc=local" -LDAPFilter "(isMemberOfPartialAttributeSet=TRUE)" -Properties lDAPDisplayName | Select lDAPDisplayName
Following PowerShell can be executed on the Domain Controller to get list of attributes 

Friday, August 15, 2014

USB Hard Disk or storage drive cannot be recognised by WINDOWS ?

Issue: At times Windows 7 may not be able to recognize a hard disk or a USB stick e.g. Sandisk Cruzer Slice and same device would work just fine on another Windows 7 machine ? 

In such case following is a solution that worked for me every time.

Cause: System may be missing some entries in usbstor.inf or file could be missing all together.

Resolution: To resolve this issue perform the following steps:

1. Get copy of USBstore.inf located under %windir%\inf\ folder from machine where the same device worked (make sure operating system is same e.g. Windows 7). You can email the same as well by renaming it to .txt file and then changing it to .inf on time of adding it to your machine.

2. On your machine where you have issue go to %windir%\inf\  folder (usually %windir% c:\Windows) and copy the file that you got from another machine where things worked as expected.

3. Launch device manager, you can do this by selecting  Start,   Run, in Open box type devmgmt.msc and select OK button. 

4. In Windows Device Manager look for Other Devices or Unknown Devices section, you will find your device marked with a yellow sign. Right click on your device and select Uninstall.

5. Stay within Device Manager, select Action menu on the top and select Scan for hardware changes.

6. Once scan finished you should see your device appearing properly.

How to allow certain types of file attachments (HTML/XML) through OWA (2010/2013)

GOAL: At times there may be sites that have business case to allow file attachments e.g. .HTML or .XML to be opened/accessed through OWA. Though these are be default not allowed to be opened due to security concerns but there may be sites where it is business requirement. 


From early days of Exchange 2003/2007 there were means available to allow such attachments through OWA. I am only adding here for very recent versions of the exchange only. Especially because they have Microsoft Exchange powrshell cmdlets which can do it very quickly. 

1. Open Microsoft Exchange Management Shell in case of Exchange 2010/2013 

2. Once shell is connected up and running use the following cmdlet to add extension to the AllowedFileTypes 

Set-OwaVirtualDirectory -identity "owa (default web site)" -AllowedFileTypes @{Add='.html'}

This would add .html to AllowedFileList for both "Plublic Computer File Access" and "Private Computer File Access".

In case you are working with an attachment time that is in the BlockedFileTypes or ForceSaveFileTypes list you need to remove those from there first.

After this change now will be up to the internet browser you are using.

For IE 8 it will work like a charm. Users will be able to OPEN and SAVE .HTML attachments as they they like.

With IE 9 and onward there is an issue, it would not allow HTML files to open and same is currently applicable to FireFox (on the time when I am writing it). Another issue is that if you click on SAVE button that will change any URLs within HTML with something like redir.aspx?........

Workaround for this issue is to add .HTML to ForceSaveFileTypes list and then use "Save Target As..." option within IE 9, 10 and 11.

Chrome appears to have no issue at this stage.

To me it appears this is combination of filtering within exchange and the way headers are passed on to browsers. IE 8 and Chrome can handle it but IE 9, 10, 11 and FireFox is having issue.

Thursday, July 17, 2014



1.  Create file listing of all files or specific files (bare file names with path) from all subdirectories. It can be used to get listing of all such files on a drive letter.

DIR /S/B/A-D | FIND /I "*.xls" >> C:\Temp\XLSFILES.TXT

2. Read one text file for path/location of the files and then move those files to a folder. This may be suitable when you have files scattered all  over the place in multiple sub-directories and you only need to move/copy certain files to certain location

    for /f "delims=########" %a in (C:\Temp\XLSFILES.TXT) do copy /Y "%a" I:\DestFolder

    for /f "delims=########" %a in (C:\Temp\XLSFILES.TXT) do move /Y "%a" I:\DestFolder

3. List file name with path along with its size.
   for %F in ("c:\Users\Rajan\*") do @echo %F ------ %~zF

4. Combine logic to create a file listing of multiple file from different sub-directories and then get size of each file.

DIR /S/B/A-D >> E:\FileName.txt

for /f "delims=########" %F in (FileName.txt) do @echo %F ------ %~zF 
(assumed that user is running second command line from E:\> prompt)

4. If you have large number of text file(s) and you are only interested in certain line (containing specific words) from text file
   (a) Assume you have all your .txt files that are the input test file located in Files folder.
   (b) Create FindText.bat file and add following to it
@echo off
>results.txt (
FOR /F "delims=" %%i IN (TextFind.txt) DO (
FIND "%%i" files\*.txt | FINDSTR /v "^---- ^$"

Note: This example assumed that command prompt is already pointing to location where the BAT file is located and TextFind.txt is the file containing text that you will be searching for all *.txt files within Files folder.

Wednesday, July 16, 2014

Microsoft Windows NLB - Configure Exchange CAS high availability

Although for sites with high volume of network traffic coming to the CAS servers it is recommended to have hardware NLB, for sites that are small in size or do not have hardware NLB in hand Microsoft provides Windows Network Load Balancing as an option.

What I am going to mention below is something I built for my lab running Exchange 2013. You may want to check Microsoft best practices for your version of exchange before you follow this post. 

Legal Stuff: I or anyone related to me would not be responsible for any issue or loss caused if you follow this post.


1. Server names used for CAS Servers e.g. CAS1.katwal.local and CAS2.katwal.local
2. Make sure both CAS servers has TWO NIC cards (network interfaces). 
3. Write down IP addresses of the both CAS servers:
     CAS1.katwal.local =
     CAS2.katwal.local =
4. Dedicated IP address for NLB :
5. NLB/CAS URL name: mail.katwal.local  (I assume you already prepared your CAS servers for this alias e.g. SSL certificates are already having autodiscover.katwal.local and mail.katwal.local in their SAN and certificates are already installed on each CAS server)
6. Rename network interfaces that we are going to use on both CAS servers for NLB (to NLB) to make sure we can differentiate them.

Prepration of network interfaces for NLB configuration:

1. As I mentioned above change the network interfaces names to make sure we can differentiate them. In my case I renamed them to NLB.

2. On both servers assign the IP addresses as mentioned above and subnet mask. Make sure you DO NOT fill any DNS information or WINS information.

3. By going to ADVANCED TCP/IP settings screen, under DNS tab uncheck "Register this connection's addresses in DNS" on both servers. Similarly under WINS tab select "Disable NetBIOS over TCP/IP"

4. Check Network Adapter bindings on both machines to make sure NLB adapters are the first adapters in binding. I will give example from Windows 2008 R2 machine below:
  • Press ALT key to bring up the menu bar, go to ADVANCED menu
  • Select Advanced Settings
  • Under Adapters and Binding section, reorder positions of NIC interfaces to make sure NLB is the first interface and other network interface is second.

By default Network Load Balancing feature is not installed on the servers. Following are the steps to install and configure a NLB cluster:

1. Select START > Administrative Tools> Server Manager

2. Select Features > Add Features,  Select Network Load Balancing Manager, Select Install

3. Close Wizard when Network Load Balancing Manager is installed.

4. On CAS1 server select START > Administrative Tools > Network Load Balancing Manager

5. When NLB Console will start, right click on Network Load Balancing Cluster and select New Cluster.

6. On New Cluster: Connect screen, type FQDN for CAS1 server e.g. CAS1.katwal.local  and select Connect.

7. Select Network Interface with IP and select Next button.

8. On  New Cluster:Host Parameters windows select all default and select Next.

9. On New Cluster: Cluster IP addresses window select ADD button and add IPv4 IP address of NLB cluster which is with subnet mask of, select OK, select NEXT

10. On New Cluster: Cluster Parameters window under Full Internet Name section type the URL name selected above: mail.katwal.local 

11. Leave Cluster Operation Mode to be set to Unicast and select NEXT.

12. On Add/Edit Port Rule window, select Finish.

13. Allow some time for cluster to converge and turn into green colour icon.

14. Now log on to CAS2 server and use PING command to check if mail.katwal.local replies back on IP address that was assigned to NLB (

15. Just in case there is some issue with getting the reply back, check DNS Server configuration.

16. To add CAS2 server to the NLB Cluster open NLB Manager Console

17. Right Click on the cluster (mail.katwal.local) and select  Add Host To Cluster.

18. In Host Field type FQDN for CAS2 server (CAS2.katwal.local) and select Connect.

19. Select NLB interface with IP address of and select Next, Next.

20. Leave everything to default as we did earlier and select Finish.

21. Now you should see second node of CAS2 will start to converge just as CAS1 did earlier and you should see it with the green icon.

22. Verify that when one of the nodes is turned off from NLB Manager we can still get reply for URL (mail.katwal.local) from IP address Additional test will be to turn of both nodes from NLB manager and check if we cannot get to mail.katwal.local and then start only one node at a time.  

23. If using virtual machines you may want to have static MAC address that was provided when cluster was configured. You can get to it by using NLB manager and get to to the properties of Cluster and selecting Cluster Parameter tab. Once you have the MAC address if you are using VMWARE you can go to the properties of NIC we used for NLB and add the MAC address for making it static. Similarly in Hyper-V Manager configure NIC used for NLB and fill  in info under Static section. on Hyper-V also select Enable Spoofing of MAC Addresses.

24. To confirm changes to NIC have not broken anything restart both nodes one at a time and confirm that both nodes converge without issues.

25. Next step is to make sure NIC forwarding is done so that all OWA requests only go to NIC selected for NLB. Following is example of the command I ran on both of my CAS servers. 

netsh interface ipv4 set interface NLB forwarding=enabled

Make sure you start command prompt using Run As Administrator. Reply expected after running above command line is OK.

26. Now you can go ahead and start with Exchange Server 2013 Servers control panel (ECP) to define Internal and external URLs as you want those.

Tuesday, July 8, 2014

Exchange 2013 - Test-OutlookWebServices to verify four services functionality

Problem Description: At times we need to check if any of the following is having an issue


Those who are familiar with old version of Test-OutlookWebServices might have to watch for few changes in Exchange 2013.


1. By default user can run Test-OutlookWebServices. If you get error message similar to the following that means a user mailbox/test mailbox is not provided.

[PS] C:\Windows\system32>Test-OutlookWebServices Unable to find the client accesss monitoring user. Please run C:\Program Files\Microsoft\Exchange Server\V15\Scripts\New-TestCasConnectivityUser.ps1. Exception: Microsoft.Exchange.Monitoring.MailboxNotFoundException: Failed to find the mailbox. Mailbox = 'extest_1d3bbbbcd5f34@katwal.local'. at Microsoft.Exchange.Monitoring.CommonTestTasks.GetDefaultTestAccount(ClientAccessContext context) at Microsoft.Exchange.Monitoring.TestWebServicesTaskBase.GetMonitoringAccount()    
+ CategoryInfo : InvalidData: (:) [Test-OutlookWebServices], TestWebServicesTaskException    
+ FullyQualifiedErrorId : 5322965D,Microsoft.Exchange.Monitoring.TestOutlookWebServicesTask    
+ PSComputerName : exchange2013.katwal.local

 You can create a test user using the PS script mentioned in the error message above. Following are steps:
[PS] C:\Windows\system32>cd $exscripts
[PS] C:\Program Files\Microsoft\Exchange Server\V15\scripts>.\new-TestCasConnectivityUser.ps1

Please enter a temporary secure password for creating test users. For security purposes, the password will be changed regularly and automatically by the system.

Enter password: ***********

Create test user on: EXCHANGE2013.katwal.local
Click CTRL+Break to quit or click Enter to continue.:

UserPrincipalName: extest_1d3bbbbcd5f34@katwal.local WARNING: The command completed successfully but no settings of 'katwal.local/Users/extest_1d3bbbbcd5f34' have been modified.

You can enable the test user for Unified Messaging by running this command with the following optional parameters : [-UM DialPlan -UMExtension ] . Either None or Both must be present.

[PS] C:\Program Files\Microsoft\Exchange Server\V15\scripts>

Now when we will run the Test-OutlookWebServices we should run without issues.

2. Another method is to specify a particular mailbox. Following is an example:

[PS]C:\Windows\System32>Test-OutlookWebServices -identity:rajan@katwal.local -MailboxCredential (Get-Credential)

Friday, April 25, 2014

Exchange 2013 setup on Domain Controller throws error message "Unable to set shared config DC"

PROBLEM DESCRIPTION: While installing Microsoft Exchange 2013 on a server that is also a Windows Domain Controller, Transport Service installation will fail with the following error message:

The following error was generated when "$error.Clear(); 
          $maxWait = New-TimeSpan -Minutes 8
          $timeout = Get-Date;
          $timeout = $timeout.Add($maxWait);
          $currTime = Get-Date;
          $successfullySetConfigDC = $false;

          while($currTime -le $timeout)
            $setSharedCDCErrors = @();
              Set-SharedConfigDC -DomainController $RoleDomainController -ErrorVariable setSharedCDCErrors -ErrorAction SilentlyContinue;
              $successfullySetConfigDC = ($setSharedCDCErrors.Count -eq 0);

              Write-ExchangeSetupLog -Info ("An error ocurred while setting shared config DC. Error: " + $setSharedCDCErrors[0]);
              Write-ExchangeSetupLog -Info ("An exception ocurred while setting shared config DC. Exception: " + $_.Exception.Message);

            Write-ExchangeSetupLog -Info ("Waiting 30 seconds before attempting again.");
            Start-Sleep -Seconds 30;
            $currTime = Get-Date;

          if( -not $successfullySetConfigDC)
            Write-ExchangeSetupLog -Error "Unable to set shared config DC.";
        " was run: "Unable to set shared config DC.".

CAUSE: Server has IPv6 turned off. 


1. Turn back on IPv6 for the network adapter.
2. Restart the server
3. Start again the Microsoft Exchange 2013 setup, it will find that last installation was incomplete and will complete it.
4. Check to make sure all services for exchange are operational and all configurations.

Usually recommendation is not to install Exchange on Domain Controllers. Some might have to do this due to lack of resources or just because they need to do something for a presentation, demo or testing.