SuperTekBoy

Practical Help for Exchange & Office 365

Exchange Solutions

Unexpected result from Windows Live. 1007 Access Denied – Federation Trust

By Leave a Comment

34 Shares
Share
Tweet
+1
Share
Reddit

Recently while trying to remove a domain from the federation trust I received the following error.

The URI couldn't be released. An unexpected results was received from Windows Live 1007 Access Denied

The URI "supertekboy.com" for domain "supertekboy.com" on application identifier "000000004804735E" couldn't be released. Detailed information: "An unexpected result was received from Windows Live. Detailed information: "1007 AccessDenied: Access Denied.".".

Despite the almost cryptic error, this one is actually quite simple to fix. In this particular case, the time in my domain was 5 minutes behind the rest of the world. Or more importantly, 5 minutes offset from the Microsoft Federation Gateway. As soon as I brought my time forward I was able to immediately release the shared domain from the federation trust.

Error 1007 can occur while making other configuration changes to the federation trust. It is not just linked to releasing a domain. So if you see this error while performing any task with the federation trust, check the time on your Exchange boxes.

TwitterHave you run into this error? What was your solution? Drop a comment below or join the conversation on Twitter @SuperTekBoy.

The delegation token is NULL – Hybrid Free/Busy

By 1 Comment

77 Shares
Share
Tweet
+1
Share
Reddit

Ran into a strange issue recently where on-premises users could not see the free/busy information for test users I had migrated to Exchange Online. Exchange Online, on the other hand, had no problem seeing the free/busy of the on-premises users. I had just run the hybrid configuration wizard and it completed without incident. The environment had not been previously enabled for the Microsoft Federation Gateway so I let the wizard take care of that step as well.

When we tested the trust with the federation gateway we received the following error on Step 5 of 6: Requesting delegation token.

 C:\> Test-FederationTrust -UserIdentity rsong@exchangeservergeek.com

<...edited...>

RunspaceId : e4e42cab-62f4-4d70-be15-69143b273823
Id : TokenRequest
Type : Error
Message : Failed to request delegation token.

Error. Attempted to get delegation token, but token came back as null.

The token coming back as null seemed to be the key here. Unfortunately, the web seemed to lack any real way to fix the existing trust. We resolved to delete and recreate the trust with the federation gateway.

Recreating the Federation Trust

Warning: Before we get started with the process you will need access to external DNS zone. Recreating the trust voids the current TXT record that was used for domain validation.

To delete the federation trust navigate to the Organization > Sharing tabs in the Exchange Admin Center. Under the section titled Federation Trust click the Remove button. Click Yes to confirm.

Removing the trust with the Microsoft Federation Gateway

[Read more…] about The delegation token is NULL – Hybrid Free/Busy

McAfee VirusScan Enterprise blocks outbound SMTP on Exchange

By 2 Comments

65 Shares
Share
Tweet
+1
Share
Reddit

If you install McAfee VirusScan Enterprise on an Exchange Server you will find that your outbound mail is being blocked. By default McAfee only allows certain processes to send out on port 25. Exchange isn’t one of them.

The block is caused by the Access Protection component. Disabling this component entirely would allow your mail to flow again. However, disabling an entire protection component may not be ideal. Instead, we list a couple of options below to allow Exchange through without sacrificing security.

Tip: Microsoft documents all the mandatory Exchange exclusions here. In addition, McAfee also details Exchange exclusions in this article.

Option 1

Right click on the McAfee taskbar icon and select VirusScan console from the context menu.

McAfee VirusScan Enterprise Exchange 2013 2016 [Read more…] about McAfee VirusScan Enterprise blocks outbound SMTP on Exchange

Internal 500 server error after fresh Exchange 2016 install

By 16 Comments

123 Shares
Share
Tweet
+1
Share
Reddit

Ran into a strange problem recently. I installed Exchange 2016 CU2 onto a brand new machine. This was the first Exchange 2016 server in the environment. Exchange 2010 SP3 RU14 was in coexistence. I could access the Exchange Control Panel fine. But when I accessed Outlook on the Web (formerly Outlook Web App) I received an Internal 500 server error. Not good. Especially on a brand new install.

Outlook Web App Internal 500 server error

Checking the application log revealed a ton of ASP.NET warnings. The warning had a source ASP.NET with Event ID 1310. Inside each warning was internal code 3008 with event message, A configuration error has occurred. The specifics are below.

ASP.NET Event ID 1310 Event Code 3008
Event code: 3008
Event message: A configuration error has occurred.
Event time: 9/1/2016 7:00:00 PM
Event time (UTC): 9/1/2016 11:00:00 PM
Event ID: 33cf7da9abe544e8b562fe0ab5437b57
Event sequence: 1
Event occurrence: 1
Event detail code: 0

We quickly found our answer in the exception message. In many instances the Microsoft.Exchange.Security assembly was missing. Other missing assemblies were referenced in separate warnings as well. [Read more…] about Internal 500 server error after fresh Exchange 2016 install

Errors Migrating to Modern Public Folders

By Leave a Comment

15 Shares
Share
Tweet
+1
Share
Reddit

Recently while crafting an article to describe the migration process to Modern Public Folders I ran into some strange errors. They both occurred while the migration batch was attempting to copy data.

Here is the first.

Request was quarantined because of following error Nullable object must have a value

Error: MigrationPermanentException: Request was quarantined because of the following error: Nullable object must have a value.

Cryptic huh? Nothing much on the interwebs either.

When I attempted to resume the batch I then received this error.

Downlevel clients aren't supported.

Error: MigrationPermanentException: Downlevel clients aren’t supported. –> Downlevel clients aren’t supported.

This one got me thinking. I suddenly wondered if I had ever upgraded Exchange 2016 in my lab from preview to RTM. A quick check of the build numbers revealed I had not. D’oh!

If you get this error make sure you are not still on the preview of 2016. In addition, once you upgrade and reboot your 2016 lab server, you will need to delete and recreate the batch. Then you should be able to test the migration process successfully.

TwitterJoin the conversation on Twitter @SuperTekBoy.

RemoteExchange.ps1 cannot be loaded

By 1 Comment

17 Shares
Share
Tweet
+1
Share
Reddit

Cannot be loaded because running scripts is disabled on this system

File .\RemoteExchange.ps1 cannot be loaded because running scripts is disabled on this system. For more information, see about_Execution_Policies at http://go.microsoft.com/fwlink/?LinkID=135170.

If you see the above error the fix is actually quite simple. The error is caused when your execution policy in PowerShell is too restrictive. You can determine the level of restriction by typing Get-ExecutionPolicy cmdlet. You may see a response similar to that of the following:

 C:\> Get-ExecutionPolicy
Restricted

[Read more…] about RemoteExchange.ps1 cannot be loaded

Exchange 2013 won’t update after installing Exchange 2016 Preview

By Leave a Comment

129 Shares
Share
Tweet
+1
Share
Reddit

If you are like me and eagerly deployed Exchange 2016 Preview in your 2013 lab (before official support was available) then you will likely have encountered this error when you upgraded to CU 10 and beyond.

The given key was not present in the dictionary.

[ERROR] The given key was not present in the dictionary.

If we review the Exchange setup log let’s see the last thing the installer was working on.

[2] Used domain controller DC.SKARO.LOCAL to read object CN=My Custom Apps,CN=Roles,CN=RBAC,CN=SKARO,CN=Microsoft Exchange,CN=Sevices,CN=Configuration,DC=SKARO,DC=LOCAL.
[2] Used domain controller DC.SKARO.LOCAL to write object CN=My Custom Apps,CN=Roles,CN=RBAC,CN=SKARO,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=SKARO,DC=LOCAL.
[2] Saving object "My Custom Apps" of type "ExchangeRole" and state "Unchanged".
[2] Used domain controller DC.SKARO.LOCAL to read object CN=My Marketplace Apps,CN=Roles,CN=RBAC,CN=SKARO,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=SKARO,DC=LOCAL.
[2] Used domain controller DC.SKARO.LOCAL to write object CN=My Marketplace Apps,CN=Roles,CN=RBAC,CN=SKARO,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=SKARO,DC=LOCAL.
[2] Saving object "My Marketplace Apps" of type "ExchangeRole" and state "Unchanged".
[2] Used domain controller DC.SKARO.LOCAL to read object CN=My ReadWriteMailbox Apps,CN=Roles,CN=RBAC,CN=SKARO,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=SKARO,DC=LOCAL.
[ERROR] The given key was not present in the dictionary.
[WARNING] An unexpected error has occurred and a Watson dump is being generated: The given key was not present in the dictionary.
[1] The following 1 error(s) occurred during task execution:
[1] 0. ErrorRecord: The given key was not present in the dictionary.
[1] 0. ErrorRecord: System.Collections.Generic.KeyNotFoundException: The given key was not present in the dictionary.

I have color coded the setup log to help illustrate the process. During the organization preparation, Exchange is making changes to the RBAC roles.  This is where it is failing.

In blue, it reads in each RBAC role from our DC named dc.skaro.local.
In green, it specifies which DC it will use to write any changes.
In orange, it identifies what, if any, changes were made.

We can see it successfully completes its configuration on the “My Custom Apps” and “My Marketplace Apps” user roles. Yet the error occurs immediately after reading in “My ReadWrite Mailbox Apps”.

Something is preventing the Exchange 2013 setup from reading this role from Active Directory. Let’s check it out in ADSI Edit. The setup log gives us the direct path to the object. [Read more…] about Exchange 2013 won’t update after installing Exchange 2016 Preview

Two Prereqs for Exchange 2013 CU11 on 2012 RTM

By 1 Comment

41 Shares
Share
Tweet
+1
Share
Reddit

For those of you with Exchange 2013 on Server 2012 RTM (not R2), you will run across two additional prerequisites while upgrading to the latest cumulative update.

The first prerequisite is a hotfix for the Resilient File System (KB 2894875). While it was only with the advent of Exchange 2016 that ReFS made it into the preferred architecture, ReFS was supported in Exchange 2013. Whether or not you are using ReFS you are still required to get the update. The hotfix addresses an issue where the operating system can freeze while trying to perform a DIR command on a ReFS volume. Nuts huh?

The second prerequisite is a hotfix for the Virtual Disk Service (KB 2884597). To quote Microsoft.

When you use certain applications that use the Virtual Disk Service (Vds.exe) on a computer that is running Windows Server 2012, the Virtual Disk Service or the applications that use the Virtual Disk Service crash or freeze. 

That does not sound good!

Download the fixes

For more information and to download both hotfixes check these links:

Hotfix Download AvailableWindows Server 2012-based computer freezes when you run the “dir” command on an ReFS volume

Hotfix Download AvailableVirtual Disk Service or applications that use the Virtual Disk Service crash or freeze in Windows Server 2012

The hotfixes are only available by registering an email address to download.

Both fixes will require a reboot once you install them. The installer will also stop you from continuing until you have them.