Room Mailbox – Your meeting request was declined

When you reschedule appointments in a roombox you can get this error:

Your meeting request was declined.
It didn't specify an end date. The end date must be before x/x/xxxx.

To fix this start the Exchange Management Shell and set this commands:

get-CalendarProcessing * |fl |findstr Roombox
set-CalendarProcessing "Roommailbox" -EnforceSchedulingHorizon $false
set-CalendarProcessing "Roommailbox" -BookingWindowInDays 1080

After this cmdlet you can schedule the appointments more than the default 180 days.

Global sharing of calendars in exchange 2010

  • Download the ExFolders tools
  • Extract the tool
  • Place the tool in de Exchange Bin folder
  • Run the reg in the zip
  • Run the tool
  • Click File , and then click Connect
  • Click Tools , and then click Set Calendar Permissions .
  • In the new window, click Add , and then select Everyone . Click OK to confirm.
  • Back in the Permissions window, click \Everyone , and select the appropriate permissions that you want to add.
  • Click OK to begin setting permissions. No warning screen will appear, permissions will be set immediately.
  • When the Percentage complete box has reached 100, you can safely close the window. All permissions are set on everyone’s calendar.

If you get the error: Error: Logged-on user does not have FullAccess to this mailbox” in ExFolders run the following cmdlet in the exchange shell:

Get-Mailbox | Add-MailboxPermission -User [username] -AccessRights FullAccess –InheritanceType All

Fix STARTTLS SMTP error

Error:

Microsoft Exchange could not find a certificate that contains the domain name exchange.global-e.nl in the personal store on the local computer. Therefore, it is unable to support the STARTTLS SMTP verb for the connector Outbound Ex 2010 with a FQDN parameter of exchange.global-e.nl. If the connector’s FQDN is not specified, the computer’s FQDN is used. Verify the connector configuration and the installed certificates to make sure that there is a certificate with a domain name for that FQDN. If this certificate exists, run Enable-ExchangeCertificate -Services SMTP to make sure that the Microsoft Exchange Transport service has access to the certificate key.

Cause:

Problem is that you have configured a wrong (not matching)  SSL certificate on your send/recieve connector.

Fix:

  • Start the Exchange Powershell
  • Get-ExchangeCertificate
  • Copy the good thumbprint
  • Enable-ExchangeCertificate -Services SMTP
  • Paste the good thumbprint

More information:

http://blog.ronnypot.nl/?p=271
http://smtpport25.wordpress.com/2009/03/19/renewing-the-certificate-in-client-access-servers/

Renew Self-Signed SSL Exchange 2007

I had to renew an expired self signed SSL certificate that i have on Exchange 2007 box today, and found the SSL clone trick interesting and did the job for me. So here’s the howto:

Using the Exchange Management Shell run the following commands:

Get-ExchangeCertificate -DomainName server.yourdomain.com (copy the thumbprint of the expired SSL)
Get-ExchangeCertificate -Thumbprint <old thumbprint> | New-ExchangeCertificate

Now you can go to IIS and select your new created SSL certificate (this SSL have the same name as the old SSL one)

You might need to reboot IIS or any other service you enabled this SSL for.

Install Thawte SSL Webserver or Wildcard (the Quick way)

After you successfully installed a web or wildcard SSL certificate you must follow some extra steps.

  • First download this zip with 2 SSL certificates
  • Extract the zip e.g. C:\install\ssl
  • Start > run > mmc > file> add/remove snap in > certificates > local computer >computer account > Intermediate Certification Authorities > right click certificates > import

Then disable the old certificate

  • Expand Trusted Root Certification Authorities > certificates
  • Locate this certificate:

Common Name – thawte Primary Root CA
Expiry Date – 17th July 2036
Thumbprint – 91 c6 d6 ee 3e 8a c8 63 84 e5 48 c2 99 29 5c 75 6c 81 7b 81

  • disable it completely

When the SSL not exist, please follow this steps:

  • Download this zip
  • Install it here: Trusted Root Certification Authorities > certificates
  • Disable the certificate

I used this website as source: http://www.ripley.za.net/howto/it_howto/ssl-web-server-or-wildcard-certificate-issued-after-june-26-2010-not-trusted-after-installation-on-microsoft-iis/

Exchange 2007 – Out-of-Office / Autodiscover troubleshooting

If you have some trouble with Out-of-Office / Autodiscover  Exchange try the following to fix the problems:

 Remove Autodiscover and EWS virtual directories from the default website with the following commands

 Remove-WebServicesVirtualDirectory

Remove-AutodiscoverVirtualDirectory

If you can’t remove them because of some error use the metebase explorer (google) and follow these steps:

 1. Install it on your Exchange Server
2. Run it as Administrator
3. Browse to Wssv –> 1 –> Root –> Autodiscover
4. Dont delete it first, rename it to whatever…
5. Check Metabase Explorer and IIS Management to make sure your new Autodiscover Application is listed. 
6.  Delete old renamed directory in Metabase explorer…

 Create the EWS and Autodiscover again

New-WebServicesVirtualDirectory -WebsiteName “Default Web Site” -Internalurl “https://server.domain.local/EWS/Exchange.asmx” -ExternalUrl “https://server.domain.local/EWS/Exchange.asmx

New-AutoDiscoverVirtualDirectory -websitename “Default Web Site” -WindowsAuthentication $true -DigestAuthentication $false -Internalurl “https://server.domain.local/EWS/Exchange.asmx” -ExternalUrl “https://server.domain.local/EWS/Exchange.asmx

 Give an IIS reset.

Check with these commands if the EWS and Autodiscover works:

1. Past the internal URL in your browser. A certificate error may occur, and there must be come a login windows. After you login with some authenticated user you must see a XML file.
2. Try the following CMDlets for more information. Esspecialy the output from Test-Outlookwebservices is very important .

Test-OutlookWebServices |fl
Get-webservicesvirtualdirectory |fl

3. Start Outlook as Exchange user, press down crtl, click with the right mouse button on the Outlook icon and click on test automatic email configuration.

If you get an error 500, error 1013 or some web application error check the IIS authentication rights:


Now it must work!

Microsoft Exchange 2007 Powershell Commands

Remove a public folder database
Remove-PublicFolderDatabase -Identity "\\ "

Change the Default Public Folder Database for a Mailbox Database
Set-MailboxDatabase -Identity "Mailbox Database" -PublicFolderDatabase "PublicFolderDB1"

Move all public folder replica’s
MoveAllReplicas.ps1 –Server Server1 –NewServer Server2

Set Postmaster Address
Set-TransportServer -ExternalPostmasterAddress

Upgrade Email Address Policy
Set-EmailAddressPolicy "Default Policy" -IncludedRecipients AllRecipients

View Public Folder Client Permissions
Get-PublicFolderClientPermission -Identity "\Marketing" | fl

Change Autodisover website settings
Set-AutodiscoverVirtualDirectory "servername\Autodiscover (Default Web Site)" -InternalUrl
http://server.domain.com -ExternalUrl https://autodiscover.mydomain.com

Create a new certificate
New-ExchangeCertificate -DomainName "external.maildomain.com"

Enable certificate
Enable-ExchangeCertificate "the number you get from the certificates once it
is generated" with out the quotes

Give a user access to a Top Public Folder and all sub folders
AddUsersToPFRecursive.ps1 -TopPublicFolder "\Sales" -User "David" -Permission Reviewer

Give a user access to a Public Folder
Add-PublicFolderClientPermission -Identity "\Marketing\West Coast" -AccessRights PublishingEditor -User Kim

Replace the permissions of a user with new permissions
ReplaceUserPermissionOnPFRecursive.ps1 -Server "SERVER01" -TopPublicFolder "\Marketing" -User "Kim" -Permissions PublishingEditor

Replace the permissions of a user with new a new user on all sub folders
ReplaceUserWithUserOnPFRecursive.ps1 -TopPublicFolder "\Sales" -UserOld "David" -UserNew "Kim"

Remove the permissions of a user on a folder and all sub folders
RemoveUserFromPFRecursive.ps1 -Server "SERVER01" -TopPublicFolder -"\Sales\Oregon" -User "David"

Remove the permissions of a user from a Public Folder
Remove-PublicFolderClientPermission -Identity "Sales\West Coast\Oregon" -User David -AccessRights CreateItems

Mail enable Public Folder
Enable-MailPublicFolder -Identity "\My Public Folder"

Force Edge server synchronisation
Run the following command on the Transport server
Start-EdgeSynchronization

Remove forwarding address with PowerShell – All users
Get-Mailbox | Where {$_.ForwardingAddress -ne $null} | Set-Mailbox -ForwardingAddress $null -DeliverToMailboxAndForward $false

Set Mailforwarder on a mailbox
Set-Mailbox -Identity John -DeliverToMailboxAndForward $true -ForwardingAddress jose@contoso.com This e-mail address is being protected from spambots. You need JavaScript enabled to view it

Exchange 2007 Spam solution

To enable anti-spam functionality on a Hub Transport server

  1. Run the following command:
    ./install-AntispamAgents.ps1
  2. After the script has run, restart the Microsoft Exchange Transport service by running the following command:
    Restart-Service MSExchangeTransport