Almost done!!  Here's Part 23 (Troubleshooting Part 1) of the 24 Part Exchange 2007 Webcast series.  Please let me know if you have any questions.  Thanks!

Harold Wong
harold.wong@microsoft.com

Exchange Server 2007 Webcast Series (Part 23 of 24) Questions and Answers Log (04-11-07)


Question: When I run the command: update-AddressList -Identity '\Public Folders' Along with several other recipients, I receive: Warning: The recipient "trhs.org/Microsoft Exchange System Objects/Schedule+ Free Busy Information - First Administrative Group" is invalid and could not be updated. Any idea how to get rid of them?

Answer: This is a carryover from your Exchange 2003 environment.  Do you still have the 2003 servers around??  This should not be an issue so long as everything is updating on the 2007 side.


Question: If I install SCC with shared storage, which Quorum method should I use, traditional Quorum on physical disk or MNS share witness?

Answer: That's up to you. We support both. Obviously, there is an advantage using an MNS quorum with a file share witness (FSW): you don't need shared storage for the quorum.


Question: What is the difference between PING and RPCPing?

Answer: Ping is low-level ICMP - RPCping tests RPC communications - http://support.microsoft.com/default.aspx?scid=kb;en-us;Q167260.


Question: if I want to put quorum on the share storage, should i need to create it first before installation?

Answer: Technically, any Windows 2003 file server can be used for the share needed for the FSW. We recommend a Hub Transport server because that puts the share under the control of an Exchange administrator. What you might consider doing is creating a CNAME record in DNS and having a share provisioned on both HT servers. The CNAME record will point initially to the IP of one of the HT servers (you pick which one). Then, if that HT has an extended outage, you can change the IP address in DNS to the other HT server, clear DNS caches (or do whatever you need to do to get DNS changes reflected ASAP), and the FSW will move to that server..


Question: does the commandlet getloglevel show logging levels for all servers in the org, or just the one you are working on?

Answer: If I execute the following command “Get-EventLogLevel”, it will return the information for the server I am running the command from.  I can always specify a different server by using the –Server or –Identity option.


Question: Is there still CancelRPC registry value in Outlook 2007?

Answer: http://support.microsoft.com/kb/831053.  The CancelRPC entry is mentioned toward the end of the article and is still a valid entry for Outlook 2007.


Question: what about if i stall scc, can i put quorum on other server rather than shared strage?

Answer: You designate the quorum type while building the cluster, not after installing Exchange. You need to configure and provision the FSW after you have the second node installed. BTW, while SCC supports up to 8 nodes (with at least one node being passive), FSW only works when there are two nodes in the cluster. If you have any more or any less, FSW cannot be used. I recommend reading Planning for Single Copy Clusters at http://technet.microsoft.com/en-us/library/bb125149.aspx.


Question: Ar the labs for this course still availalbe? If so, then how much longer will we have to utilize them?

Answer: They are still out there. I am not aware of a date they will go away.


Question: I have a problem that i can not seem to troubleshoot well. Can you lead me in the right direction?? problem: Recently every time I add a new user, the new user is not showing up in the GAL in the Outlook client (Outlook 2007 and Exchange 2007)? Help

Answer: Some things to look at: 1. Do the new users show up in the GAL when using OWA?  2. Is this behavior true for all existing and new Outlook 2007 clients?  3. Check your Exchange Server event logs to see if there are any errors listed there.  4. Did you accidentally hide these addresses from the GAL when creating them?   Finally, if all else fails, you may want to call Customer Support at (800) 936-4900.


Question: I have two CAS server as resilience, do i have to configure all activesync, owa and etc. on both server? tks

Answer: If you want both servers to support those client access methods, then you would configure them both. You can also use Network Load Balancing for higher availability of CAS, as well.


Question: Our Outlook 2007 users are getting certificate errors when opening Outlook internally. The cert is our 3rd party cert for OWA and it's expecting the machine name. Is there a workaround?

Answer: Yes, you'll want to create a new certificate using the same name that Outlook 2007 uses to connect. For example, if Outlook connects to email.mydomain.com, then the certificate name must be email.mydomain.com. If you're using OWA for external access, your cert should have an FQDN, and not just the host name.


Question: Hi Harold.. I agree with you regarding the steps you take, however in a large environment, all you can do is open a ticket with the other groups in charge of AD / DNS / Exchange.. they are all seperate groups and if you open a service request and they close it stating that there is no problem with DFS, AD or DNS, you are between a rock and a hard spot.

Answer: I understand and empathize with you on this.  This may also come down to politics and you may need to get management involved if you don’t get you issues resolved.  Sorry.


Question: I did use NLB, but i don't know where i should configure the activesync, owa stuff. can you recommend for me?

Answer: ActiveSync - http://technet.microsoft.com/en-us/library/bb124396.aspx; OWA - http://technet.microsoft.com/en-us/library/aa996373.aspx; Client Access - http://technet.microsoft.com/en-us/library/aa997850.aspx.


Question: CAS server needs to be the first server that is introduced into e2k3 Org. Correct?

Answer: If you have an FE / BE environment, then Yes.


Question: Why does Outlook 2007 acceess always go through the Client Access Server since it could, in theory go directly to the mailbox server using MAPI (as is the case with earlier verions of Outlook) when the client is inside of the Enterprise?

Answer: When not using Outlook Anywhere (formerly RPC over HTTP) Outlook 2007 only talks to CAS for Web Services (including Autodiscover and Availability) and Web distribution of OABs; otherwise for Mailbox or PF access, it talks MAPI directly with the Mailbox server.


Question: re certificates for outlook - can the new exchange uc certifictaes be used for owa and will cas use subject alternative names to allow different internal and external urls for cas using the same certificate (do you know) ?

Answer: Outlook by default does mutual authentication of the certificate based on the subject only and this mutual auth does not take SANs into consideration. Because of this, the URL used by an Outlook Anywhere client must match the SubjectName on the certificate, which will be determined by the first entry in the -DomainName list in the request cmdlet. For all other HTTPS connections (Autodiscover, OOF, Availability, OAB, and UM), we do not do mutual auth; therefore, a SAN will work fine.


Question: Can you run test MAPI Connectivity against multiple servers, or only against one server at one time?

Answer: With pipelining, you can test multiple systems.


Question: Can I use a self signed cert generated by Exchange? Just enter the server name and email.domain.com in the domain name option?

Answer: For Outlook Anywhere? No, Outlook Anywhere will not work with a self-signed certificate.


Question: When are Public Folders GOING AWAY?

Answer: Public Folders are supported until 2016 at this point.  Also, public folders will likely be in the next major release of Exchange, as well (the one after Exchange 2007).


Question: with public folders accessible by Outlook 2007 clients, and network shares accessible by OWA clients, where is the middle ground? What is suggested as a best practice for ALL clients to access shared resources?

Answer: Long term our strategy is SharePoint. Certainly public folders will be around and supported for some time, so if you're using Public Folders now, you have plenty of time to plan a migration to SharePoint.


Question: Can permissions for a public folder still be set through Outook?

Answer: Yes.


Question: can I setup Outlook Anywhere to work for different domain names? For example, lets say that I support two companies in one Exchange org and I want users to use unique url to connect to OWA and to Outook anywhere?

Answer: Yes, but you would need to setup a different CAS for each. Then publish them appropriately.