Exchange Server 2010 Troubleshooting Issues – Part I
First of all a HUGE THANKS to Yuval Sinay for putting this information together.
The following article will provide a summary on common issues in Exchange 2010 deployment in the Enterprise. The information in this article consists of my own experience and official Microsoft knowledgebase articles. Due to the fact that your Exchange environment may vary, please read the information carefully and test the suggestions from this article - in a lab that can demonstrate the current Exchange infrastructure.
The article is divided to the following chapters:
General issues in Exchange 2010 deployment
- When you are using account with administrative privilege to export mailboxes, you may get error on permission issue. The same symptoms may occur if you are using Backup software from third party.
- Give the account that use for export/backup purpose, the required permissions to access to the user mailbox: Get-MailboxDatabase | Add-ADPermission -user "domainname\backupaccountserviceaccountname" -AccessRights GenericAll
- Administrative Accounts (e.g. Domain Admins have deny access permission to users mailboxes by default).
- When you are trying to relay from Exchange 2010 server, you may block by default.
- Setup the required relay permissions: Allow Anonymous Relay on a Receive Connector
- In high secure environment you can add security features like Authentications, SSL, etc.
- Microsoft posts a nice guide on known issue while trying to move mailboxes from old Exchange system to the Exchange 2010 system.
- Outlook 2003 customers may report on slow performance during send and receive.
- Upgrade to Outlook 2007 or higher, otherwise: Outlook 2003 email messages take a long time to send and receive when you use an Exchange 2010 mailbox
- After installing Exchange 2010 on computer that own Global Server role, Exchange services may not started after reboot.
- During Apple iPhone synchronization, the following error message may appear:"Exchange ActiveSync doesn’t have sufficient permissions to create the “CN=Yuval Sinay,OU=Users,OU=Lab Demo,OU=Pilot Exchange 2010,DC=shadowall,DC=local” container under Active Directory user “Active Directory operation failed on mail.shadowall.local. This error is not retriable. Additional information: Access is denied. Active directory response: 00000005: SecErr: DSID-03151E04, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0“.
- If the account is a member of Protect Group you may need to verify that the user Mailbox permission set to apply inheritance has the following setting on: “Include inheritable permissions from this object’s parent".
- Users with mobile phones that using third party operating system may report on “Certificate Error” during the synchronization stage.
- This issue isn’t related to Microsoft, and it’s a common issue that the mobile phone operating system didn’t setup with the correct “Root CA” certificate or the mobile phone operating system don’t support certificate with SAN extensions *”Unified Communications Certificate”).
- Microsoft recommends using only specific certificate type in Exchange 2010 system. If you are like to obtain a public certificate, please note that Microsoft released a list of official supported vendors: Unified Communications Certificate Partners for Exchange Server and for Communications Server
- Outlook 2003 users may report on failure in connection to the Exchange 2010.
- Upgrade to Outlook 2007 or higher, otherwise enable the option on the outlook 2003 (Manually or by using GPO): “Encrypt data between Microsoft Office Outlook and Microsoft Exchange Server".
- Alternatively we can disable the requirement to use RPC with encryption support, by using the power shell command on the relevant Exchange 2010 server: “Set-RpcClientAccess -Server savdalex10 -EncryptionRequired $false". This one isn’t recommended, due the security risk it imposes.
- During use Exchange 2010 Best Practice Analyzer, the following error may appear: "Unrecognized Exchange signature Active Directory domain 'domainname' has an unrecognized Exchange signature. Current DomainPrep version: 12639."
- As I know, this issue should be resolved in Exchange 2010 Service Pack 1. Exchange 2010 Best Practice Analyzer doesn’t support earlier Exchange versions.
- Using Symantec BackupExec 2010 to restore users emails accomplished successful. However, after checking the user mailbox you may found that no user data is restored.
- During the Exchange 2010 organization upgrade, the following error may appear: "The execution of: "$error.Clear(); if ($RolePrepareAllDomains) { initialize-DomainPermissions -AllDomains:$true -CreateTenantRoot:$RoleIsDatacenter; } elseif ($RoleDomain -ne $null) { initialize-DomainPermissions -Domain $RoleDomain -CreateTenantRoot:$RoleIsDatacenter; } else { initialize-DomainPermissions -CreateTenantRoot:$RoleIsDatacenter; }", generated the following error: "Length of the access control list exceed the allowed maximum."
- During Exchange 2010 installation, “error code 3221685941” may appear.
- Users may report that they can’t open DOC, PDF, and XLS files by using Exchange 2010 OWA.
- Install Exchange 2010 Rollup Pack 3 or higher: Description of Update Rollup 3 for Microsoft Exchange Server 2010 Release to Manufacturing
- Outlook 2003 users can’t publish their FB data on Exchange Server 2007 or 2010:
- Some users cannot connect Exchange Server 2010 using Outlook Anywhere.
- Self signed certificates warnings.
- A few customers that are using Symantec Enterprise Vault 8.x reported on mailbox data restore issues. The following error may appear: “Error 3310: There was a problem accessing a network service or resource. The dispenser will re-queue the current item and sleep for 5 minute(s). Task: Mailbox Archiving Task for EXCHANGESERVERNAME (Retrieval). For more information, see Help and Support Center at https://evevent.symantec.com/rosetta/showevent.asp.”
- Upgrade to Symantec Enterprise Vault 9.x contact Symantec Support for further assistant.
- Exchange Server 2010 Management Tools start up issues.
- Microsoft Exchange Team released a nice document that can help: Troubleshooting Exchange 2010 Management Tools start up issues
- Due miss configuration of third party backup software, the following error may appear: “Exact Error Message 0xe0000380 - Backup Exec attempted to back up an Exchange database according to the job settings. The database was not found in the Database Availability Group”
- Please contact the third party support staff to resolve this issue. Symantec released a nice article how to resolve this issue: Exchange Information Store for Exchange 2010 is not visible in the Backup Selections or the Exchange 2010 backup fails with either the error "0xe0000380 - Backup Exec attempted to back up an Exchange database according to the job settings. The database was not found in the Database Availability Group
- In most scenarios, the backup server should use Windows 2008 x64 / Windows 2008 R2 operating system with the latest edition of the Exchange 2010 Management Tools.
- An issue with cluster upgrade was reported by a customer from Israel. Upgrading from Exchange Server 2003 cluster to Exchange Server 2007/2010 cluster may lead to communication issue, if we are hosting the routing group connector on that cluster.
- It’s recommended to move the routing group connector to an alternative Exchange Server, before starting the cluster upgrade.
- During Exchange Server 2010 installation, the following error may appear: “The execution of: “$error.Clear(); if ($RoleStartTransportService) { start-SetupService -ServiceName MSExchangeTransport }”, generated the following error: “Service ‘MSExchangeTransport’ failed to reach status ‘Running’ on this server. ”
- Enable IPV 6 on the network adapter(s).
- When you try to install the Exchange Server 2010 mailbox role, the installation process fails
Comments
- Anonymous
March 07, 2012
Thank You for sharing this information, it was very helpful for me. Cheers…