Exchange 2007 > 2013 Transition/Migration, POPUP on Outlook 2010 or Public Folder can’t be open from 2007

 

Exchange 2007 > 2013 Transition/Migration, POPUP on Outlook 2010 or Public Folder can't be open from 2007

 

Error1: When you click a Public Folder which lies on 2007 in Outlook.exe

"Cannot expand the folder. Microsoft Exchange is not available. Either there are network problems or the Exchange server is down for maintenance."

Event 401 is logged in IIS log file on 2007 side

Error2: Even if you have selected the option not to DOWNLOAD and other resources or public folder you Recieve constant authentication POPUPS "Windows Security" with username password. Outlook.exe shows password need at some point. Even if you chose remember my Credentials.

Quick Reason:

You have to change the Authentication for "Outlook Anywhere" on old 2007 side to NTLM.

A general reason is that Exchange 2013 works OVER "Outlook Anywhere" all the time. To make it correct you could enable "Outlook anywhere" backwards/afterwards on the old Exchange 2007. Warning: However this function will run from 10-60 Minutes depending on your Exchange 2007. Read and search more if it not enabled on the old Exchange 2007 and you want to do that while the old 2007 is productive. Most blogs don't mention that and most of them do 2007>2010>2013 and some 2007>2013 direct. However they assume you have "Outlook anywhere" on 2007 already on before you begin the swing Transition (Migration).

Explained:

Exchange 2007 and 2013 Coexistence:

  • Exchange 2013 runs with Outlook Anywhere
  • If you have Outlook Anywhere on 2007 change the a) Authentication b) Internal and External URL to something else than on the 2013
  • Both Authentication settings for the "Outlook Anywhere" Option have to be the same. As example "NTLM" only.

     

  • You have an Exchange 2007 existing running and a fresh 2013 setup
  • Exchange 2013 is ready and ALL Virtual directories are changed in Powershell
  • The SAN/UC Certificate with a) The old exchange name sample old.company.ch, Autodiscover.company.ch and newserver.company.ch is ordered imported and activated
  • Just ONE User was moved from 2007 > 2013, rest of them still on 2007 side
  • Autodiscover is setup correct in DNS also the old name (important can be whatever some use the term legacy [It does not have to be legacy.customer.ch!]) and also a new names for the new exchange 2010.

 

 

Check Logfiles on Exchange 2007 under:

C:\inetpub\logs\LogFiles\W3SVC1\*.*

Search for string "/rpc/rpcproxy.dll"

This is the Health check the Exchange 2013 does:

RPC_IN_DATA /rpc/rpcproxy.dll - 443 - 192.168.20.198 HttpProxy.ClientAccessServer2010Ping 401 2 5 0

Controll the Settings on the Exchange 2007.

get-OutlookAnywhere -Server "servername2007" | fl identity, IISAuthenticationMethods

Set-OutlookAnywhere -Identity " servername2007\Rpc (Default Web Site)" -IISAuthenticationMethods Ntlm

Or in GUI on the Exchange 2007

Do an IISRESET

If that does not work > Also recycle the IIS folders and Reboot the 2007.

Open IIS Konsole

Go to "Application Pools"

  • On right side "Select" Recycle
  • From "Defaultpool" downwards to "MSexchagesyncappool" press Recycle RIGHT side in IIS console

 

 

IIS Logfile after the change should be with a 500 value.

2016-04-26 14:20:35 192.168.20.13 RPC_IN_DATA /rpc/rpcproxy.dll - 443 - 192.168.20.198 HttpProxy.ClientAccessServer2010Ping 500 0 64 45021

 

Change on client side

IF account still under 2007 and using ONLY Outlook Anywhere you then have to change something in outlook.exe on each client THAT is laptop or workgroup and not domain joined. If Autodiscover and the EXPR-Record are correct this should work by itself.

 

 

 

Exchange 2010. Unable to open console GUI or PS error 1000 requests

 

Error:

1000 requests per 2 seconds in Exchange GUI or if you open Powershell worst case

  1. You open Exchange Powershell and the Shell "Jumps" to another Server (Like a CAS or other Mailbox Server) > Not the Local one
  2. You open the Exchange GUI and you can't connect / Expand the on Premise Server

Error: MTA reports error "system load quota of 1000 requests per 2 seconds has been exceeded"

Connecting to remote server failed with the following error message : The WS-Management service cannot process the request. The system load quota of 1000 requests per 2 seconds has been exceeded. Send future requests at a slower rate or raise the system quota. The next request from this user will not be approved for at least 1812767488 mi lliseconds. For more information, see the about_Remote_Troubleshooting Help topic.

 

+ CategoryInfo : OpenError: (System.Manageme....RemoteRunspace:RemoteRunspace) [], PSRemotingTransportExc eption + FullyQualifiedErrorId : PSSessionOpenFailed

 

Event ID: 32784

Source: Microsoft-Windows-PowerShell
Event ID: 32784

Computer: exch-cas121-switzerland-admin
Description:$

WSMan reported an error with error code: -2144108120.

Error message: Connecting to remote server failed with the following error message :

The WS-Management service cannot process the request. The system load quota of 1000 requests per 2 seconds has been exceeded. Send future requests at a slower rate or raise the system quota. The next request from this user will not be approved for at least 1795919616 milliseconds. For more information, see the about_Remote_Troubleshooting

 

Quick Solution:

Try another Exchange Server (CAS, Mailbox or maybe a IT management Server with Exchange Tool installed).

Solution quick:

Open IIS Konsole

Go to "Application Pools"

Select

MSExchangePowershellAppPool

On right side "Select" Recycle

 

Please check and re-open the Exchange GUI.

If this does not solve it please open an elevated cmd.exe shell and run:

Iisreset /noforce

Please check and re-open the Exchange GUI.

If this does not help run:

Iisreset

If this does not help restart the server that has the Error in Event.

 

Reason:

Could be a third party tool like an E-Mail Archive (Symantec EV [Enterprise Vault]?) or external Blackberry Server (Just something that PULLS E-Mails from the Exchange) and modifies the Throttling Policy. We however compared running customer to non-running and did not see any difference in the values if you run.

Get-ThrottlingPolicy

Or

Get-ThrottlingPolicy | fl powershellmaxconcurrency

One value would be "powershellmaxconcurrency". We see a value of 18 in Exchange 2010 SP3 some describe values of 5 (Maybe earlier Exchange 2010 or RTM, Dell KB does so). This value is described in different KB articles BUT we can't confirm that this value is the source. Because all our larger customers have a Value of 18 there. Only the Backup Exec Throttling Policy has a value of $null and thus unlimited numbers of Shells.

 

DefaultThrottlingPolicy Throttling Policy

AnonymousMaxConcurrency : 1

AnonymousPercentTimeInAD :

AnonymousPercentTimeInCAS :

AnonymousPercentTimeInMailboxRPC :

IMAPMaxConcurrency :

IMAPPercentTimeInAD :

IMAPPercentTimeInCAS :

IMAPPercentTimeInMailboxRPC :

OWAMaxConcurrency : 5

OWAPercentTimeInAD : 30

OWAPercentTimeInCAS : 150

OWAPercentTimeInMailboxRPC : 150

PowerShellMaxConcurrency : 18

PowerShellMaxTenantConcurrency :

PowerShellMaxCmdlets :

PowerShellMaxCmdletsTimePeriod :

ExchangeMaxCmdlets :

PowerShellMaxCmdletQueueDepth :

PowerShellMaxDestructiveCmdlets :

PowerShellMaxDestructiveCmdletsTimePeriod :

RCAMaxConcurrency : 20

RCAPercentTimeInAD : 5

RCAPercentTimeInCAS : 205

RCAPercentTimeInMailboxRPC : 200

CPAMaxConcurrency : 20

CPAPercentTimeInCAS : 205

CPAPercentTimeInMailboxRPC : 200

MessageRateLimit :

RecipientRateLimit :

ForwardeeLimit :

CPUStartPercent : 75

AdminDisplayName :

ExchangeVersion : 0.10 (14.0.100.0)

 

EnterpriseVault Throttling Policy

AnonymousMaxConcurrency : 1

AnonymousPercentTimeInAD :

AnonymousPercentTimeInCAS :

AnonymousPercentTimeInMailboxRPC :

EWSMaxConcurrency : 10

EWSPercentTimeInAD : 50

EWSPercentTimeInCAS : 90

EWSPercentTimeInMailboxRPC : 60

EWSMaxSubscriptions : 5000

EWSFastSearchTimeoutInSeconds : 60

EWSFindCountLimit : 1000

IMAPMaxConcurrency :

IMAPPercentTimeInAD :

IMAPPercentTimeInCAS :

IMAPPercentTimeInMailboxRPC :

OWAMaxConcurrency : 5

OWAPercentTimeInAD : 30

OWAPercentTimeInCAS : 150

OWAPercentTimeInMailboxRPC : 150

PowerShellMaxConcurrency : 18

PowerShellMaxTenantConcurrency :

PowerShellMaxCmdlets :

PowerShellMaxCmdletsTimePeriod :

ExchangeMaxCmdlets :

PowerShellMaxCmdletQueueDepth :

PowerShellMaxDestructiveCmdlets :

PowerShellMaxDestructiveCmdletsTimePeriod :

RCAMaxConcurrency :

RCAPercentTimeInAD :

RCAPercentTimeInCAS :

RCAPercentTimeInMailboxRPC :

CPAMaxConcurrency : 20

CPAPercentTimeInCAS : 205

CPAPercentTimeInMailboxRPC : 200

MessageRateLimit :

RecipientRateLimit :

ForwardeeLimit :

CPUStartPercent : 75

AdminDisplayName :

 

SymantecEWSRestoreThrottlingPolicy has unlimited

The Throttling Policy from Symantec Backup Exec has a value of $null (Unlimited Powershell)

 

You should also check WIM interface:

winrm get winrm/config/winrs

Change with:

winrm set winrm/config/winrs @{MaxShellsPerUser="25"}
winrm set winrm/config/winrs @{MaxConcurrentUsers="25"}

 

Change in Powershell:

Get-ThrottlingPolicy | Set-ThrottlingPolicy -powershellmaxconcurrency 25

Please also see:

http://www.butsch.ch/post/Exchange-Error-you-get-while-you-open-the-EMC-GUI-Console.aspx

 

 

 

 

 

 

 

Mcafee/TIE: Definition 424 solves c:\Windows\assembly false/Positive detection

http://www.mcafee.com/us/resources/release-notes/threat-intelligence-exchange/tie-03-14-2016.pdf

https://community.mcafee.com/thread/88126

https://community.mcafee.com/thread/88837

 

The problem with the c:\Windows\assembly\Nativeimages seemed to be solved by update 424. These are Framework

Files Executables which are compiled in real time first usage. We have only seen that as example on Exchange CAS Servers before.

They time the first user logs onto OWA after an MSP Patch has that delay once. We had up to 6'000 Files per W7 client before that patch new

During March 2016 Patchday.

 

   

Rule 139 - Identify trusted DOT Net assemblies

 

Description:

 

This rule detects files that have CLR code (DOT Net) and have been installed into the global

Assembly cache folders. The files are present on multiple machines within the enterprise,

Indicating they are not just-in-time compiled assemblies.

 

Default State: Mandatory

 

Changes in this release

Changed how age and prevalence are handled in DOT Net validation algorithm 

   

 

Also there is a heavy update for Ransomware detection.

Rule 240 - Identify suspicious files with characteristics that have been predominantly seen in

Ransomware

 

Description:

 

Identify suspicious files with characteristics that have been predominantly seen in

ransomware, are in uncommonly used locations and less than 7 days old

 

Default State: Evaluate

Post Patchday: Bitlocker Patch KB 3133977 W7, (ONLY FIPS MODE) + VM KB3137061

A few few intermin/post May 2016 Patches in WSUS from Microsoft

  • Bitlocker Patch W7/2008R2 WSUS, Post Intermin Patchday March 2016 (ONLY FIPS MODE)
  • VM SCSI Disk Patch from Microsoft

https://www.microsoft.com/en-us/download/details.aspx?id=51581&WT.mc_id=rss_windows_7

https://support.microsoft.com/en-us/kb/3133977

This article describes an issue in which BitLocker can't encrypt the drive and the service crashes in Windows 7 Service Pack 1 (SP1) or Windows Server 2008 R2 SP1. An update is available to fix this issue. Before you install this update, see the Prerequisites section.

Symptoms

 

This issue occurs after you install A FIPS-compliant recovery password cannot be saved to AD DS for BitLocker in Windows 7 or Windows Server 2008 R2 (2990184) and have the Federal Information Processing Standard (FIPS) mode enabled.

 

 

https://support.microsoft.com/en-us/kb/3137061

This article describes an issue in which Windows Azure virtual machines (VMs) don't recover from a network outage and data corruption occurs in Windows 8.1, Windows RT 8.1, Windows Server 2012 R2, Windows Server 2012, Windows 7 Service Pack 1 (SP1), or Windows Server 2008 R2 SP1. Before you install this update, see the Prerequisites section.

Cause

This issue occurs because the SCSI synchronize cache command fails, and the command result isn't checked when VMs handle the FLUSH request.

Note VMs disks should check the result of the synchronize cache command.

 

 

Mcafee Endpoint 10 / VSE 10 Preview points

 

Some points for upcoming Mcafee VSE 10. You can run TIE/GTI integration today with VSE8.8 and Framework 5.X.

Check out some related links:

http://www.butsch.ch/post/Ransomware-Schweiz-Mcafee-TIE-Threat-Intelligence-Exchange-im-Einsatz.aspx

http://www.butsch.ch/post/Ransomware-Versions-who-spread-in-network-and-attack-locked-files-from-SQL-Servers-coming-up.aspx