Triggered by a comment/question  from Robbie De Sutter, on one of my previous blog posts (Exchange 2010: And then there is the long awaited cmdlet Add-MailboxFolderPermission), being:

First of all I'm running an international business, hence my users do not have a "Calendar" folder, but an "Agenda" (Dutch) or "Kalendar" (German) or ... How to deal with that (without me tracking which language every user is using)?

it got me thinking if there was an easy way, out of the box, to get a list like “user x has a Kalendar”, “user y has a Calendar”, and “user z is happy with his Calendrier”"…

Option 1. Use the cmdlet Get-MailboxFolder

Exchange 2010 provides you with a cmdlet named “Get-MailboxFolder”, which is described on TechNet as one that will “retrieve folders for a specified mailbox when the mailbox owner runs the command”, so let’s see. Logged in as Administrator on my demo machine, I can run the cmdlet, and get an overview of all mailbox folders for my own account…

but when trying to run the cmdlet against another user’s mailbox, the following error pops up:

“The specified mailbox “ilvancri” doesn’t exist”, whereas the mailbox definitely exists, as can be seen by running the cmdlet Get-Mailbox ilvancri:

Looking back at the TechNet article, it did state “when the mailbox owner runs the command”, thinking about RBAC, it’s time to see who is allowed to run the cmdlet Get-MailboxFolder, by running the following “Get-ManagementRole –Cmdlet “get-mailboxfolder”

The return shows that the role “MyBaseOptions”, scoped to Self, is the only one that is allowed to run the cmdlet Get-MailboxFolder.

Now, one might thing….easy….let’s create a new role, pick MyBaseOptions as the parent role, and change the ImplicitRecipientReadScope to OrganizationConfig…but that won’t work…as seen here on TechNet (Understanding Management Role Scopes) which clearly states:

“You can't change the implicit scopes defined on management roles. You can, however, override the implicit write scope and configuration scope on a management role. When a predefined relative scope or custom scope is used on a role assignment, the implicit write scope or configuration scope of the role is overridden, and the new scope takes precedence. The implicit read scope of a role can't be overridden and always applies. For more information about predefined or custom explicit scopes, see the related sections later in this topic.”

Using Bing, I came across this TechNet forum article: Get-MailboxFolder cmdlet is not working, which describes what I had seen, but it did include a solution, submitted by Exchange MVP Amit Tank, “to use in that case programmatic way with EWS would be easier way to query folders for other users...”, followed by a reply from the original poster being “Thanks Amit, I did it using EWS, specifically I used FindFolderType for this.”

Time to use EWS…

Option 2. Use EWS and FindFolderType

Searching the internet, it was easy to find a ton of scripts, using FindFolderType, but since I’m not a developer, it wasn’t easy to get started (copy-paste of script in Notepad didn’t do it ;-)), so therefore I want to show you how easy it is to get started with EWS and show you a very easy script that will retrieve folders and show them in a simple msgbox :-)

Step 1. Install Visual Studio

I decided to install Visual Studio 2010 Premium on a Windows 2008 R2 standalone server, so not a member my Exchange demo environment.

Step 2. Download and Install the Exchange Managed API

“The Microsoft Exchange Web Services (EWS) Managed API 1.0 provides a managed interface for developing client applications that use Exchange Web Services. The EWS Managed API simplifies the implementation of applications that communicate with Microsoft Exchange Server 2007 Service Pack 1 (SP1) and later versions of Microsoft Exchange. Built on the Exchange Web Services SOAP protocol and Autodiscover, the EWS Managed API provides a .NET interface to EWS that is easy to learn, use, and maintain.”

I downloaded and installed version 1.0, but there is also a version 1.1 in beta now:

• Exchange Web Services Managed API
• Exchange Web Services Managed API 1.1 Beta

Step 3. Launch Visual Studio

I decided to create a new Windows Form Application

In the Solution Explorer, I expand my project, called Hello World, and right-click References

There is select to Add a reference

And I browse to the location of the Microsoft.Exchange.WebServices.dll which has been installed by deploying the EWS Managed API!

After clicking OK I can see that I have a reference to Microsoft.Exchange.WebServices.

Using the toolbox, it’s easy to create a new button, and enter some code, as said, VERY SIMPLE code, I’m a newbie :-)

The code below will send an email to ilvancri..

using System;
using System.Collections.Generic;
using System.Collections.ObjectModel;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Linq;
using System.Text;
using System.Windows.Forms;
using Microsoft.Exchange.WebServices.Data;
using System.Net;

namespace Hello_World
{
    public partial class Form1 : Form
    {
        public Form1()
        {
            InitializeComponent();
        }

        private void button1_Click(object sender, EventArgs e)
        {
            ExchangeService service = new ExchangeService();
            service.Credentials = new NetworkCredential("user", "<password>",���<domain>");
            service.Url = new Uri("https://mail.cs14.local/EWS/Exchange.asmx");
            EmailMessage message = new EmailMessage(service);
            message.Subject = "Hello from the EWS Managed API";
            message.Body = "Now that's easy!";
            message.ToRecipients.Add("ilvancri@cs14.local");
            message.SendAndSaveCopy();
        }

  }

  }

And this one will show the mailbox folder names for a user called user5

private void button2_Click(object sender, EventArgs e)
{
    ExchangeService service = new ExchangeService(ExchangeVersion.Exchange2010);
    service.Credentials = new NetworkCredential("user", "<password>",”<domain>");
    service.Url = new Uri("https://mail.cs14.local/EWS/Exchange.asmx");
    service.AutodiscoverUrl("user5@cs14.local");
    FolderView view = new FolderView(30, 1, OffsetBasePoint.Beginning);
    view.PropertySet = new PropertySet(BasePropertySet.IdOnly);
    view.PropertySet.Add(FolderSchema.DisplayName);
    view.PropertySet.Add(FolderSchema.ChildFolderCount);
    view.Traversal = FolderTraversal.Shallow;
    FindFoldersResults findfolderresults = service.FindFolders(WellKnownFolderName.MsgFolderRoot, view);
    foreach (Folder myfolder in findfolderresults.Folders)
    {
       MessageBox.Show("Folder: " + myfolder.DisplayName);
    }

}

To find out more about Exchange Web Services, and dive into some examples, I strongly encourage you to have a look at the following links:

• http://msdn.microsoft.com/en-us/library/dd633626(EXCHG.80).aspx
• http://gsexdev.blogspot.com/
• http://blogs.msdn.com/b/mstehle/archive/2007/07/30/outbox-configuring-and-using-exchange-web-services-impersonation-in-exchange-2007.aspx

Once I do have a script that creates the desired output of user x has calendar, user z has a calendrier, I’ll let you know….

Ilse

Configuring the link between OCS 2007 R2 and Exchange 2007/Exchange 2010 seems pretty easy, and it all boils down to:

• Getting the rights certificates:
  • does the Common Name match the FQDN of the Exchange UM server, and the one used by OCS, does the Common Name match the FQDN of the Pool…
  • are the certificate issuers trusted by both the Exchange Server and the OCS environment
  • are the certificates still valid?
• Creating a Dial Plan in Exchange, and making sure the Location Profile matches the FQDN of that Dial Plan
• Running the ExchUCUtil script on the Exchange UM Server to set the needed permissions
• Running the OCSUMUtil tool on the OCS Server to create one or two OCS-Enabled users for the Exchange Subscriber Access &/or the Auto Attendant
• Double-check it all in the published guidelines, and then…TEST….:-)

And then when it doesn’t work….it’s time to troubleshoot. Today I’ve been busy troubleshooting an Exchange 2010-OCS 2007 R2 setup that refused to work…here’s a list of things run into…

Step 1. Log into Exchange and check the configuration of the Exchange UM Settings

As it turned out, Exchange didn’t run, and a closer look revealed that the installation of RU4 failed before. After restarting the installation of RU4, it succeeded, but there was no working Exchange, since all Exchange services were set to “Disabled”.

The following link helped to make sure all necessary services were started again: Overview of Services Installed by Exchange Setup

But next to these, make sure also the World Wide Web Publishing service is set to Automatic, and the IIS Admin service :-)

Here’s a print of an Exchange 2010 Sp1 Beta box, running Mailbox Server Role, Client Access Server role, Hub Transport Server role, and Unified Messaging Server role

Next problem… when using the Exchange Management Console, and getting the properties of the Exchange Server, the following error message popped up:

An error occurred while accessing the registry on the server "*****". The error that occurred is: "The network path was not found". It was running the command 'Get-AntispamUpdates -Identity *******’. 

Solution there was to start the Remote Registry service…and set it to Automatic (since it was disabled in our case).

After double-checking everything both on the Exchange side, and the OCS side, still no luck in calling the Exchange AutoAttendant.

Step 2. Start a new debug session on OCS, and use the Snooper tool to find out where connection is dropped.

Including with this, we maximized logging for all Exchange UM properties. No luck, except for the error message stated in the subject of this blog post. Then time to check if all had been done to be able to install OCS 2007 R2 on top of a Windows 2008 R2! All prerequisites have been clearly documented in the following article:

Supportability is available for Office Communications Server 2007 R2 member server role on a Windows Server 2008 R2 operating system

It became clear that one step was forgotten:

Install the Hotfix that is described in KB 975858 for Windows Server 2008 R2.

975858 (http://support.microsoft.com/kb/975858/ ) An application or service that calls the InitializeSecurityContext function together with the ISC_REQ_EXTENDED_ERROR flag may encounter a TLS/SSL negotiation failure on a computer that is running Windows Server 2008 R2 or Windows 7 operating system

After requesting the hotfix, and installing it on both the Exchange UM Server (running Windows 2008 R2) and the OCS Server, time to reboot and try again….

And it failed again, but now with quite a bit of information in the Event Log….

Giving me information that made absolutely no sense at all like…

“The Unified Messaging server wasn’t able to retrieve the custom prompt data for the UM Dial Plan”…there was no custom prompt configured!

“The discover mailbox, a hidden default mailbox that is required to search mailboxes, can’t be found”…..but it did exist!

“The Unified Messaging server cannot find a valid UM hunt group”….there was a valid UM hunt group, associated with the UM IP gateway!

“The Telephony Manager declined a call….”

And the a quick Bing search, got me to the following link: Accidental deletion of discovery mailbox , where David Strome posted the solution :-)

A Copy-Paste of the solution :-)

The UM team was able to reproduce this error using the steps that appear to have happened. The culprit seems to be the user SystemMailbox{e0dc1c29-89c3-4034-b678-e6c29d823ed9}. If it's not properly enabled as an arbitration mailbox, this error can occur.
To try and resolve this, try the following in an Exchange Management Shell prompt:
Enable-Mailbox "SystemMailbox{e0dc1c29-89c3-4034-b678-e6c29d823ed9}" -Arbitration
If that completes successfully, then try calling the auto attendant again. If you don't get the error, great. If the Enable cmdlet failed, or you still get the error, try the following from an Exchange Management Shell window:
Remove-Mailbox "SystemMailbox{e0dc1c29-89c3-4034-b678-e6c29d823ed9}" -Arbitration
Get-User "SystemMailbox{e0dc1c29-89c3-4034-b678-e6c29d823ed9}"
Get-User "SystemMailbox{e0dc1c29-89c3-4034-b678-e6c29d823ed9}" -Arbitration
The "SystemMailbox{e0dc1c29-89c3-4034-b678-e6c29d823ed9}" user should no longer appear.
Then, from a cmd.exe window, run the following:
Setup.exe /PrepareAD
Once completed, open the Exchange Management Shell again and run:
Get-User "SystemMailbox{e0dc1c29-89c3-4034-b678-e6c29d823ed9}"
The "SystemMailbox{e0dc1c29-89c3-4034-b678-e6c29d823ed9}" user should show up as a regular user, not UserMailbox. Run the following:
Enable-Mailbox "SystemMailbox{e0dc1c29-89c3-4034-b678-e6c29d823ed9}" -Arbitration
This should enable the "SystemMailbox{e0dc1c29-89c3-4034-b678-e6c29d823ed9}" user as an arbitration mailbox.
Try to call the auto attendant again and see if the error occurs. If it does, let me know and please include any other error messages you receive either in the shell or in the event log.
David.

---

Senior Technical Writer - Exchange This posting is provided "AS IS" with no warranties, and confers no rights.

I had to use Active Directory Users and Computers to delete the two System Mailboxes:

After that I ran Setup.com /PrepareAD:

Turned the SystemMailbox{{e0dc1c29-89c3-4034-b678-e6c29d823ed9} into an arbitration mailbox using the EMS cmdlet Enable-Mailbox:

And then the test…and it worked :-)

It was a fun day…happy everything worked when going home :-)

Thanks Pieter!

Ilse