Search This Blog

Thursday, 15 October 2015

Getting folder permissions in a multi language environment

I have recently been working with a customer to audit their mailbox delegate permissions ready for a migration to Office 365.  This is because mailbox delegation/permissions don't work cross premises, i.e. the delegates and mailbox owners need to be all on-premise or all in O365.


Scenario

My issue was that this customer has a worldwide presence, and as such the users' mailboxes use a variety of languages.  This causes an issue as get-mailboxfolderpermissions requires the local language version of the folder in order to query permissions, e.g. get-mailboxfolderpermissions "usera:\calendario" to get a Spanish user's calendar permissions.

The usual way around this, which you will find plenty of hits for with your search engine of choice, is to use get-mailboxfolderstatistics to work out the local language name for the folder and then query get-mailboxfolderpermissions with that folder name.  Example code:

$Calendarfolder = $Mailbox.Name + ':\' + [string](Get-MailboxFolderStatistics $Mailbox.Identity | where-object {$_.foldertype -eq "calendar"}).Name 
# Get the permissions on the calendar $CalendarPermissions = Get-MailboxFolderPermission $Calendarfolder
This works really well if all your servers are running the same version of Exchange, albeit rather slowly due to the time taken to execute get-mailboxfolderstatistics. However, the get-mailboxfolderstatistics command can only query mailboxes that match the version of Exchange Server running the command.  Therefore if you run the command on Exchange 2013 against a 2010 mailbox you will get the dreaded wall of red:

>Unable to retrieve mailbox folder statistics for mailbox USERA. Failure: Error code -2146233088 occurred with message The mailbox of user usera@domain.com that is located on a server that is running version 14 can't be opened on a server that is running version 15.. + CategoryInfo : ReadError: (:) [Get-MailboxFolderStatistics], MailboxFolderStatisticsException + FullyQualifiedErrorId : [Server=EXCHANGE-01,RequestId=5787b9cf-9158-4dc4-a1cf-d7b63dd93ca8,TimeStamp=15/10/2015 13:59:37] [FailureCategory=Cmdlet-MailboxFolderStatisticsException] 147CD831,Microsoft.Exchange.Management.Tasks.GetMailboxFolderStatistics + PSComputerName        : exchange-01.domain.com

Wednesday, 10 September 2014

Problems with Free/Busy from O365 to on-premises users

I was recently working on a customer solution with Exchange 2013 configured in a hybrid setup with Office 365.  I was having issues with free/busy requests from Exchange Online mailboxes to on-premises mailboxes.

Here is a description of the problem and the eventual resolution which took a few days and late nights to resolve:

Scenario

With a recent deployment of Exchange Server 2013 CU6 in a hybrid configuration with Office 365 user that had mailboxes on O365 couldn’t query for free/busy of on-premises users.  Users with on-premises mailboxes could query the free/busy status of O365 mailboxes.  The free/busy test for Office 365 in the Exchange Remote Connectivity Analyser (http://exrca.com ) showed the test for free/busy queries from O365 to on-premises as working successfully.

Environment

·        A multi-domain Active Directory forest with all DCs running Windows Server 2012R2
·        A single Exchange Server 2013 CU6 server with Mailbox/CAS roles installed, running on Windows Server 2012R2
·        DirSync and ADFS running on Windows Server 2012R2
·        Exchange Hybrid configured by running the hybrid configuration wizard on the Exchange Server 2013 CU6 server
·        Clients running Windows 8.1 and Outlook 2013 SP1
·        Clients running IE11 and connecting to OWA on the O365 portal

Saturday, 6 September 2014

Integrating Lync 2013 with Exchange 2013 OWA 


In this article we'll go through integrating Lync 2013 with Exchange 2013 OWA. The contents of this article are unashamedly stolen from a colleague, but pointless re-inventing the wheel :).

Scenario

Multiple Exchange 2013 multi-role servers have the same public signed certificate being used for client access. This certificate does not contain the FQDN of the Exchange server as they can no longer be purchased from a public CA.  The Subject Name of the SSL certificate matches the ExternalURL configured on the OWA virtual directories and is the DNS name assigned to the Virtual IP (VIP) on the Hardware Load Balancer (HLB).

If you only have a single Exchange Server and are not using HLB then simply use the FQDN of the Exchange Server in the following steps.  You will need a certificate that contains the FQDN in the subject name field, so this will likely have to come from an internal CA.  If this is the case then the issuing CA certs will have to be trusted by both the Exchange and Lync servers.

Goal

Exchange 2013 client access server integrated with Lync 2013. 

ASP.NET problems with 2013 CU6 install

I recently did a fresh install of Exchange 2013 CU6 for a customer and had major issues trying to access the Exchange Admin Centre (EAC) and Outlook Web App (OWA).

The server was a brand new 2012R2 machine.  The AD forest was brand new and composed entirely of 2012R2 Domain Controllers.  Due to an issue they had they completely deleted the entire environment and recreated it.  All servers were installed from the 2012R2 ISO and all Windows Updates applied.  The following problem occurred in both the original environment and the rebuilt one.

After installation the Application Eventlog was full of event 1310 from source asp.net 4.0.30319.0.  This was logged every few seconds.  EAC/OWA was not accessible and simply returned the "Something Went Wrong :-(" error message.  The event was logged for each of the virtual directories, e.g. OWA/Autodiscover/EWS etc.  Details of the event related to "The file specified could not be found", each referring to a different module that was referenced in the web.config file related to each virtual directory, e.g. AntiXSS.