Disabling editing account information in OWA

Posted on by
12

In Exchange 2010, by default users have permission to edit their contact information from the Exchange Control Panel. In organizations where this is unwanted, like when account information is provisioned, you need to remove these permissions.

image

These permissions flow from the Default Role Assignment Policy.

Note: You could have changed the default role assignment. To view the default assignment policy, check the IsDefault attribute, e.g.

Get-RoleAssignmentPolicy | Where { $_.IsDefault -eq $True }

Now, each mailbox-enabled user is assigned the default policy when created. You can verify this by inspecting the RoleAssignmentPolicy using Get-Mailbox, e.g.

image

The assigned roles of this policy can be viewed using Get-ManagementRoleAssignment:

image

The ability to edit contact information lies in the MyContactInformation. You can view a description of this role using:

Get-ManagementRole MyContactInformation | select Description

The output reads, “This role enables individual users to modify their contact information, including address and phone numbers.”

To remove this ability you have the option of removing the assignment or you can simply disable the assignment using Set-ManagementRoleAssignment, e.g.

Set-ManagementRoleAssignment -Identity "MyContactInformation-Default Role Assignment Policy" -Enabled $false

Now after logging into OWA the contact information is view-only (despite the Edit button) and the Save option is gone.

Note that after performing this step, if you want to enable contact information for some users, you need to create a new RoleAssignmentPolicy, similar to the default one but with the MyContactInformation and assign that policy to those users. For example:

New-RoleAssignmentPolicy "Default Role Assignment Policy with Info"
Get-ManagementRoleAssignment -RoleAssignee "Default Role Assignment Policy" | New-ManagementRoleAssignment -Policy "Default Role Assignment Policy with Info"

You can use the same exercise to remove other unwanted functions, like the ability to create distribution groups (MyDistributionGroups) or to manage distribution group memberships (MyDistributionGroupMembership).

Exchange 2007 SP3 RU3 potential database corruption (update)

Posted on by
1

Update: Exchange 2007 SP3 Rollup 3 has been re-released. Version 2 of the Rollup can be downloaded here. Rollup 3 version 2 raises Exchange 2007’s version number to 8.3.159.2 (initial release was 8.3.159.0). The related knowledgebase article is kb2530488.

Update: The related knowledgebase article kb2531163 can be found here.

A quick notice on a potential issue with Exchange 2007 SP3 and database corruption after installing Rollup 3. The issue may occurs in the following situations:

  • When transaction log replay is performed by the Replication Service as part of ensuring the passive database copy is up-to-date;
  • When a database is not cleanly shut down and recovery occurs.

Because of this, Rollup 3 for Exchange 2007 was pulled and you’re advised to uninstall Rollup 3 on Exchange 2007 Mailbox and Transport servers. For more information, consult the post on the Exchange Team’s blog here.

Note that the issue may affect all Mailbox servers, clustered or standalone, so you’re also advised to uninstall RU3 on standalone Mailbox servers. For those with the issue on CCR or SCC setups, it requires reseeding or restoring from backup so plan accordingly.

Looking at the issues with latest Rollups for Exchange 2010 and 2007, it gives to think about the quality control process or if the Exchange team’s priorities perhaps lay somewhere else (Office 365?).

Potential for database corruption as a result of installing Exchange 2007 SP3 RU3

Exchange 2010 SP1 RU3 pulled: Blackberry issue

Posted on by
1

For those looking for Exchange 2010 SP1 Rollup 3, you’re in for an unpleasant surprise. Today, Microsoft pulled the Rollup because of issues with Blackberry devices sending duplicate messages.

While Microsoft is working with RIM to identify and solve the issue, the advice is to wait for updates regarding this issue and meanwhile put RU3 implementations on hold. If you’ve already implemented RU3 and are seeing no issues, you can leave it installed.

More information regarding this issue on the (revised) EHLO page here.

Exchange & Dynamic Memory : Don’t

Posted on by
2

With the arrival of Service Pack 1 for Windows Server 2008 R2, Dynamic Memory was introduced. In brief, Dynamic Memory is a memory management enhancement for Hyper-V which allows running virtual machines (VM) to allocate memory from the host and releasing it when possible, giving a minimum and maximum memory boundary. The main benefit is a higher VM density, because each VM will only allocate what’s required and you don’t have to approximate memory allocations.

Now this mechanism works well for many applications, but not for Exchange. Exchange’s goal – at least that of servers holding the mailbox role – is to claim as much memory as possible in order to cache information. This amount depends on the installed of memory (more information here). This cache is used for performance reasons, more cache means less I/O’s, less I/O’s result in better performance. You can guess what happens when you run Exchange with a minimal amount of memory and lots of dynamic memory configured, optionally shared with other Dynamic Memory-enabled VM’s. If Exchange starts up and wants to claim memory for caching or allocate memory for other reasons (transactions), instead of the memory being available instantly the host first needs to allocate it, or worse have other VM’s surrendering it their memory. That doesn’t make sense and will result in significant performance penalty.

Besides it being pointless to configure Dynamic Memory for Exchange, it’s also not recommended. From the Exchange 2010 System Requirements:

Many of the performance gains in recent versions of Exchange, especially those related to reduction in I/O, are based on highly efficient usage of large amounts of memory. When that memory is no longer available, the expected performance of the system can’t be achieved. For this reason, memory oversubscription or dynamic adjustment of virtual machine memory should be disabled for production Exchange servers.

Also, from the paper Implementing and Configuring Dynamic Memory, on applications that may not perform as well after Dynamic Memory is enabled:

  • Applications that perform their own memory management by taking over certain aspects of memory management from the operating system. Such applications typically grab as much memory as they possibly can in order to ensure the application’s best performance which can cause the amount of memory allocated to their virtual machine to grow until it reaches the amount specified by the Maximum RAM setting;
  • Applications where memory allocation is a one shot operation that is performed either when the application starts for the first time or each time the application starts.

Concluding, yes you can use Dynamic Memory for your lab or testing environment and it works. But don’t use it in production for Exchange Server.

Credits to Jetze who blogged about this originally here (Dutch).

Exchange 2010 SP1 Rollup 3 & Exchange 2007 Rollup 3

Posted on by
2

Today the Exchange Team released two Rollups, Rollup 3 for Exchange Server 2010 Service Pack 1 and Rollup 3 for Exchange Server 2007 SP3. No new Rollup for Exchange 2010 RTM.

The Exchange 2010 SP1 Rollup 3 (KB2492690) raises Exchange 2010’s version number to 14.1.289.3.

New fixes contained in this Rollup are:

  • 2009942 Folders take a long time to update when an Exchange Server 2010 user uses Outlook 2003 in online mode
  • 2277649 You receive misleading information when you run the “New-TestCasConnectivityUser.ps1” script on an Exchange Server 2010 server
  • 2398431 Using Pipelining in SMTP to check email addresses does not work correctly when you disable tarpitting functionality on a Receive connector in an Exchange Server 2010 environment
  • 2410571 A RBAC role assignee can unexpectedly change permissions of mailboxes that are outside the role assignment scope in an Exchange Server 2010 environment
  • 2417084 A public folder disappears from the Public Folder Favorites list of an Exchange Server 2010 mailbox
  • 2423754 The recipient response status is incorrect after you add another user to an occurrence of a meeting request in an Exchange Server 2010 environment
  • 2424801 The Microsoft Exchange Service Host service on an Exchange Server 2010 server crashes
  • 2426952 You cannot remove a mailbox database copy from a database on an Exchange Server 2010 server
  • 2432494 You cannot view the mailbox database copies that are hosted on certain Mailbox servers by using the Exchange Management Console after you install Exchange Server 2010 SP1
  • 2443688 Event ID 10003 and Event ID 4999 are logged when the EdgeTransport.exe process on an Exchange Server 2010 server crashes
  • 2445121 A memory leak occurs in the Microsoft.Exchange.Monitoring.exe process when you run the “Test-OwaConnectivity” cmdlet or the “Test-ActiveSyncConnectivity” cmdlet in the EMS on an Exchange Server 2010 server
  • 2447629 Event ID 4999 is logged when the Exchange Mail Submission Service crashes intermittently on an Exchange Server 2010 Mailbox server
  • 2451101 7BIT is not in quotation marks when you use the “FETCH (BODYSTRUCTURE)” command to request for a specific message in an Exchange Server 2010 environment
  • 2457304 You receive a synchronization failed email message when you synchronize your mobile device by using ActiveSync on an Exchange Server 2010 mailbox
  • 2457688 Error message when you try to add an external email address to the safe sender list in OWA in an Exchange Server 2010 SP1 environment
  • 2457868 “HTTP Error 400 Bad Request” error message when you use OWA in Exchange Server 2010 SP1 to receive instant messages by using Internet Explorer 9
  • 2458522 Entries disappear from a junk email blocked list or a junk email safe list after you install Exchange Server 2010 SP1
  • 2458543 A memory leak occurs in the Exchange RPC Client Access service on Exchange Server 2010 servers
  • 2463798 Users may experience a decrease in performance in Outlook or in OWA when you use IMAP4 to access the calendar folder in an Exchange Server 2010 SP1 environment
  • 2463858 A request to join a distribution group does not contain the distribution group name in an Exchange Server 2010 SP1 environment
  • 2464564 You cannot change your password if the user name that you type in OWA is in UPN format when you enable Exchange Server 2010 SP1 Password Reset Tool
  • 2467565 You cannot install an update rollup for Exchange Server 2010 with a deployed GPO that defines a PowerShell execution policy for the server to be updated
  • 2468514 OWA 2010 removes Calendar links that you add into multiple calendar groups by using Outlook 2010 calendar
  • 2469341 Various issues occur after you forward a signed email message by using Outlook in online mode in an Exchange Server 2010 environment
  • 2476973 Event ID 2168 is logged when you try to back up Exchange data from a DAG in an Exchange Server 2010 SP1 environment
  • 2479227 A forwarding rule does not function and the EdgeTransport.exe process crashes on an Exchange Server 2010 server
  • 2479875 The Microsoft Exchange Mailbox Replication Service service crashes when you run the “New-MailboxImportRequest” cmdlet to import a .pst file into a mailbox in an Exchange Server 2010 environment
  • 2481283 Various issues occur after you use Outlook to sign and then forward an email message in an Exchange Server 2010 environment
  • 2482100 You cannot create or update an inbox rule that specifies the “NoResponseNecessary” value by using EWS in an Exchange Server 2010 environment
  • 2482103 It takes a long time to expand a distribution list by using EWS in an Exchange Server 2010 environment
  • 2482471 A content search fails in an IMAP client application that connects to an Exchange Server 2010 mailbox
  • 2484862 You cannot read an email message by using an IMAP client in an Exchange Server 2010 environment
  • 2487501 The body of an email message is empty when you try to use an IMAP client application to read it in an Exchange Server 2010 environment
  • 2487852 “You do not have sufficient permissions. This operation can only be performed by a manager of the group.” error message when you try to change the “ManagedBy” attribute in an Exchange Server 2010 SP1 environment
  • 2489602 The “Get-FederationInformation” cmdlet cannot query federation information from an external Exchange organization in an Exchange Server 2010 environment
  • 2489713 Exchange Server 2010 SP1 supports the remote archive feature after an update changes Outlook cookies name
  • 2489822 “The Mailbox you are trying to access isn’t currently available” error when you use OWA Premium to try to delete an item that is in a shared mailbox
  • 2494389 Unnecessary events are logged in the Application log when you run the “Test-EcpConnectivity” cmdlet in an Exchange Server 2010 environment
  • 2494798 Certain email messages cannot be downloaded when you log on to an Exchange Server 2010 mailbox by using an IMAP4 client application
  • 2497669 A meeting request cannot be opened after you disable the “Display sender’s name on messages” option in the EMC on an Exchange Server 2010 server
  • 2497682 The store.exe process crashes when you try to unmount an active copy of a mailbox database that is hosted by a mailbox server in an Exchange Server 2010 SP1 environment
  • 2506998 A call is disconnected when transferring the call from the main auto attendant to an auto attendant that has a different language configured in an Exchange Server 2010 environment

In other words, Outlook 2003 users rejoice – UDP notifications are back!

The team also released Rollup 3 for Exchange 2007 Service Pack 3 (KB2492691), raising the Exchange 2007 version number to 8.3.159.0. For a full list of changes consult the KB article.

You can download Exchange 2010 SP1 Rollup 3 here; Exchange 2007 SP3 Rollup 3 can be downloaded here.

Note that when running ForeFront Protection for Exchange, make sure you disable ForeFront before installing the rollup and re-enabling it afterwards, otherwise the Information Store and Transport services may not start. You can disable ForeFront using fscutility /disable and enable it by using fscutility /enable afterwards.

For those still unaware, update rollups are cumulative, i.e. they contain fixes released in earlier update rollups for the same product level (RTM, SPx). This means you don’t need to install previous update rollups during a fresh installation but implement the latest rollup will suffice.