Did you ever bumped into this Non Delivery Report ?

#550 5.2.0 STOREDRV.Deliver: The Microsoft Exchange Information Store service
reported an error.  The following information should help identify the cause
of this error: "MapiExceptionNotAuthorize

This is mainly caused by the wrong permissions of either Anonymous (for external sent mail) or Default (for internal sent mail).

External senders will receive the error if the Public Folder does not permit “Anonymous” to create new items.

[PS] C:\>Get-PublicFolderClientPermission \test

Identity                   User                       AccessRights
--------                   ----                       ------------
\test                    Default                    {FolderVisible}
\test                    mycompany.local/Users/A... {Owner}
\test                    Anonymous                  {None}

To grant this access run the following command in the Exchange Management Shell.

[PS] C:\>Add-PublicFolderClientPermission \test -User Anonymous -AccessRights CreateItems

Identity                   User                       AccessRights
--------                   ----                       ------------
\test                    Anonymous                    {CreateItems}

Internal senders are able to be authenticated by the Exchange server, and so are not treated as Anonymous. For internal senders the user must have at least Create Items permissions on the Public Folder. For general use Public Folders this can be granted as the “Default” permission.

To grant this access run the following command in the Exchange Management Shell.

[PS] C:\>Add-PublicFolderClientPermission \test -user Default -AccessRights CreateItems

Identity                   User                       AccessRights
--------                   ----                       ------------
\test                     Default                     {Contributor}

Now to see the name of the public folder (in this example is test) you can go in the public folder console in found in tools under exchange management console. Expand the default public folder and see their names.

First off there are 2 ways to do this.

The first one is for the Exchange 2010 NON SP1 and I will not cover it because it involves either dangerous techniques or a second machine with Office 2010 64 bit and Exchange 2010 management tools. You can find the “how to”  here.

The second way is dedicated for Exchange 2010 SP1.

1. Start the Exchange Management Shell

2. Give the user you are logged on with role assignment using the command below. (AdminExchange is my user in this situation)

New-ManagementRoleAssignment -Role “Mailbox Import Export” -User AdminExchange

3. Start he export of the desired mailbox using this command:

New-MailboxExportRequest -Mailbox Jan@domain.nl -FilePath \\Server\share\jan.pst
The mailbox can also be an alias or the full e-mail account and the filepath needs to be a share (if it’s not a share you’ll get an error regarding the path).

If you have a large mailbox it will take longer. Don’t close the management shell until it’s finished.

L46.774309 L23.621338

November 13, 2006 1:31:15 AM
From: Schipor George <logical_hazard@yahoo.com>
To:  … ILYSAM….

bye bye inger din ceruri

Text alterat , prin ”decupare”

=========================================================
Ruy666 Schipor George Romania -= I’m a bite lost in Cyberspace =-
——————————————————————————————————
Cu respect Ruy666 Schipor George
=========================================================

If by any chance you “accidentally” delete and “accidentally” click YES on the pop-up asking if you are sure if you want to delete the website, here’s what you may want to try.

First of all for the sake of the argument let’s say you don’t have a backup configuration file.

If you right lick the server All Tasks -> Backup/Restore configuration you can select one of the previously created configurations. They are done automatically so you should have at least 6 previous versions, or the initial setup if the others aren’t working.

Second scenario imply that you saved too many configurations in the property pane of the pages trying to put it back that no backup configuration will help you anymore. In this case you should have a physical backup of the files and folders of the C drive. A snapshot or a .bck will do the trick as long as they are browse able. You need to explore the backup and go to windows->system32->inetsrv and copy the file Metabase.xml . Run a command prompt and stop all the IIS services with the command NET STOP IISADMIN /Y . After all the processes are stopped go to C:\Windows\System32\Inetsrv , find Metabase.xml and rename it to something like Metabase.xml_1 (doesn’t matter, it’s just to keep both versions) and paste the file that you got from the backup. Go to the Services pane (run -> services.msc) and start all the services that are on Automatic (check the list of stopped services from the command prompt earlier used). This should be all you need to get it up and running again.

Let’s say that you are not running the Exchange server on the C drive therefore the most probable cause of disk space running out on the C drive isn’t the all so popular transaction logs. Let’s say it’s something else that you just can’t figure out.Here are some popular tricks to fix this issue quick :

1. First of all try running cleanmgr.exe and see if you have any temp files that you could get ridd of and use it to clean it all.

2. Windows keeps old instalation files in a folder called located at c:\windows\installer . Now cleaning this folder by deleting the content it’s probably going to render windows unninstall corrupted in many application cases but there is a way to safly do that. It’s by using msizap.exe . After you download it (you can simply click the hyperlink above) just open a cmd and navigate to the location of your msizap.exe and type in “msizap.exe G! “. This option will remove orphaned cached Windows Installer data files (for all users). This thing here will save you a lot of space depending on how old is the windows instalation and how many programs have you used over time.

3. Everytime your computer is being updated, windows automatically saves the installation cache in a folder:

• C:\Windows\SoftwareDistribution\Download

Now you can do this manually from time to time or you can create a login script. All you have to do is :

CD\
CD %Windir%
CD SoftwareDistribution
DEL /F /S /Q Download

Now that you have the .bat file paste it in c:\windows\system32 and afterwords go in active directory users and computer, under your username (or the adminsitrator username) under the profile section user profile -> Logon script and typein the Erase_cache.bat. That’s it!

Daca toate serviciile sunt pornite, conectorii de SMTP sunt ok, cozile de livrare de asemeanea si toate lucrurile par sa fie ok iar mailurile dvs nu mai pleaca verificati spatiul disponibil pe C:\ sau pe drive-ul unde este instalat Microsoft Exchange 2007. Chiar daca aveti undeva intre 2 si 10 Gb este foarte probabil ca exchange-ul sa fi oprit serviciul de mail submission datorita faptului ca nu mai are spatiu. Pentru a verifica cel mai rapid utilizati un telnet catre server (ex : start-> run-> cmd-> telnet-> o localhost 25-> helo “localhost name” -> mail from: zzz@ccc.com .. etc). In momentul in care ati introdus adresa expeditorului va aparea o eroare 4.3.1 Insufficient System Resources . Traducerea cea mai simpla este ca mechanismul de verificare al exchange-ului a ajuns la concluzia ca systemul ramane fara resurse motiv pentru care a oprit serviciul de mail submission. Ca sa reparati problema rapid (pana eliberati spatiul necesar) mergeti in mmc-ul Services (start ->cmd -> services.msc) si opriti serviciul MSExchangeTransport , apoi navigati catre \Exchange Server\Bin\ si editati fisierul EdgeTransport.exe.config cu un editor text. Gasiti linia <add key=”EnableResourceMonitoring” value=”true” /> si modificati valoarea din true in false. salvati fisierul si reporniti serviciul MSExchangeTransport. Trimiterea mailurilor va fi repornita imediat

Cel mai bun mod pentru a realiza folder redirection ar fi sa incepem prin a configura Group Policies pentru utilizarea cu Terminal Services astfel incat sa se aplice userilor doar cand incearca sa se logheze pe Terminal Server . Iata cum :

1. Creati un OU (organizational unit) care va contine Terminal Serverele dvs.
2. Blocati Policy inheritance pe OU (Properties-> Group Policy). Asta impiedica replicarea setarilor catre serverele de TS dintr-un AD mai sus in forest.
3. Mutati Obiectele – Terminal Server in OU-ul pe care l-ati creat. Dar nu puneti nici un user account in acest OU.
4. Creati un Security Group in Active Directory numit “Terminal Servers” de exemplu (sau ceva care sa va ajute sa-l identificati usor) si asaugati  Terminal Serverele din OU in acest grup.
5. Creati o GPO numita “TS Machine Policy”  aplicata acestui OU
6. Bifati “Disable User Configuration settings” in GPO
7. Dati enable la Loopback Policy Processing in GPO
8. Modificati campul Security al Policy-ului astfel incat Apply Policy va fi setat pe “Authenticated Users” si Security Group-ul creat mai devreme.
9. Creati alte GPO-uri in functie de necesitati – TS Users, TS Administrator cu drepturile dorite.
10. Bifati de asemenea pt toate GPO-urile create optunea “Disable Computer Configuration settings”.
11. Editati campul Security astfel incat GPO-urile sa se aplice user configuration-ului pentru OU sis a nu se aplice pt userii care nu au fost intentionati sa intre sub influenta lor.

Cu GPO-urlie configurate astfel, faceti diferenta intre drepturile userilor in domeniu si efectiv pe masinile de TS pe care se vor autentifica.

Setarile pentru folder redirection se gasesc in user configuration -> windows settings -> folder redirections:

Pentru a configure un obiect (item)  right click-> Properties. In fereastra care se va deschide puteti configure redirectionarea unui folder pentru toti userii carora li se aplica GPO-ul sau puteti seta redirectiona in functie de apartenenta la un grup al userilor.

Pentru a asigura functionarea corecta a folder redirection-ului destinatia redirectionarii trebuie sa aiba NTFS si Share Permissions configurate correct:

Share permissions :

Everyone –full control

NTFS permissions:

Everyone – read and execute

Daca policyul creat face redirectionarea catre o locatie unde va crea automat un folder atunci permisiunile urmatoare trebuie aplicate folderului parinte :

Share permissions :

Everyone – full control

NTFS permissions:

Everyone – create folder/append Data  (this folder only)

Everyone – list folder/read data  (this folder only)

Everyone – read attributes ( this folder only)

Everyone – traverse folder/ execute file (this folder only)

Creator owner- full control (subfolders and files)

Important de stiut este ca atunci cand redirectionarea implica foldere de genul my documents catre o locatie deja existent cum ar fi User’s Home Folder exista o setare esentiala ca totul sa mearga correct , ownershipul. Daca utilizatorul nu este owner-ului folderului destinatie atunci redirectionarea va esua. In acest caz trebuie deselectata optiunea “grant the user exclusive rights to My Documents”:

Daca nu veti debifa optiunea urmatoarea eroare va aparea in event log-ul de pe serverul de TS accesat cu userul care are acest redirect :

Event ID: 101
User: username
Computer: computername
Description:
Failed to perform redirection of folder foldername. The new directories for the redirected folder could not be created. The folder is configured to be redirected to \\servername\sharename\%username%, the final expanded path was \\servername\sharename\username. The following error occurred:
Access is denied.

Note :

1.  Setarile din Group Policy intra in vigoare la primul logon al userilor dupa ce policy-ul a fost salvad si s-a facut replicarea
2. Setarile serverului din Group Policy intra in vigoare dupa restart si dupa ce se initializeaza sau se logheaza in Active Directory.

Sa presupunem ca aveti un server nou, pe care tocmai ati instalat ESX si doriti sa instalati o masina virtuala bineinteles folosind chiar cd-ul primit de la producator si in loc de un instalation welcome screen vedeti un mesaj : “This system is not supported platform”. In principal trebuie sa stiti ca asta veti pati cand nu folositi ESX customizat de catre producator (dell, hp, etc.), asa cum a fost cazul meu deoarece HP nu a reusit sa lanseze esxi 4.1 customizat motiv pentru care am mers cu varianta default de la vmware. Rezolvarea acestei probleme este cat se poate de usoara :

Pasul 1 : Inchideti masina virtuala.

Pasul 2: Edit Settings

Pasul 3: Options ->Click pe Advanced General -> Configuration Parameters -> Add row

Pasul 4: Completati smbios.reflecthost=”TRUE”

Salvati si porniti masina virtuala.