Search This Blog

Tuesday, 20 November 2012

Matt Landis: Lync 2010 Training Resources List

Matt Landis:;+UC+Report)

-Lync 2010 Attendant Training:

-Outlook Voice Access/VoiceMail Reference Sheet (choose your languague even!):

-PowerPoint Lync Training:

-How To Video Training for each individual thing:

-Lync Adoption/Training Kit:

Configuring Reverse Proxy for Lync Server 2010 Mobility

Monday, 19 November 2012

Exclude Contact Folders from Exchange Mailbox in Lync

set-csclientPolicy -identity global -ExcludedContactFolders “Contacts;Suggested Contacts;frequent contacts”

Thursday, 15 November 2012

Lync Client Log Files

To turn on Logging
In the Communicator Title bar, click the Menu button, point to Tools, and then click Options.
Click the General tab, and then under Options, select the Logging options that you want to enable.

To locate the Communicator log file
In Windows Explorer, navigate to the <user profile>\Tracing folder. If you have enabled the Turn on Logging in Communicator option, you will see a communicator-uccp-log.uccplog file in the folder. If you are already signed in, you will need to sign out and then sign back in before the log file is created.

Also lync 2011 for mac log files are located: 


Windows Live contacts that use a custom (EASI) domain

Consider the following scenario. You add Windows Live, MSN, or Windows Live Hotmail contacts to a Microsoft Lync Online user’s contact list. To do this, you use an E-mail As Sign-In (EASI) ID domain instead of a default address. In this scenario, you may experience the following issues:

Presence is unavailable, and the status is displayed as Presence Unknown.
Instant messages cannot be delivered or sent.

In the following sections, the following domains are used as placeholder examples:

Lync Online domain:
Windows Live EASI domain:

Public Internet Connectivity (PIC) in Lync Online supports Windows Live, MSN, and Windows Live Hotmail. However, when you add PIC contacts that use a Windows Live EASI domain such as, Lync Online cannot resolve the IM Federation server based on the domain suffix.

If you directly add a PIC contact by using the contact’s EASI ID (for example, you use, a specific Service (SRV) record is required in the Domain Name System (DNS) for This SRV record is required because the Lync Online server uses the domain suffix in the user's EASI ID. In this example, the Lync Online server tries to use the domain suffix. The Lync Online server tries to identify an SRV record that points to the Instant Messaging (IM) federation server for the domain.

To resolve this issue, use one of the following methods.

Method 1

Use the EASI Windows Live ID together with PIC when you add a user to your Lync 2010 contact list. To do this, you must make a change in the search field. A Lync Online user who wants to add the EASI Windows Live ID, such as <username>, must add an address that resembles the following to the search field:


This method allows for a quick resolution if Lync Online users are only going to add a few PIC contacts.

Method 2

The Lync Online administrator must add the correct SRV Federation records to the DNS host for the Lync Online environment. The Windows Live EASI domain owner must also add an SRV record that resembles the following example to the DNS host for the Windows Live EASI environment:
port = 5061
server hostname =
Administrators can let Lync Online users add contacts without having to use the special format in "Method 1" in the "Resolution" section. To do this, administrators must add an SRV Federation record that Lync Online users can access to add contacts to the Windows Live EASI domain.

Lync 2010 Deleting ALL Contacts by User - Using SQL

1. Using the Microsoft SQL Management Studio tools connect LyncServerName\RTC using an account that has full CSAdministrator rights.

2. When connected, under databases right click "RTC" and select "New Query".

3. In the new query entry fieldtype the following:

DECLARE @_Owner nvarchar(4000)
EXECUTE @RC = [rtc].[dbo].[ImpDeleteContactGroups2] ""

4. Under the Execute command detailed above change the users SIP address to be the desired one. To run this for multiple people at once, add more Execute lines for each person and then click Execute in the tool bar to run the script

5. Once the query has run, log into the Lync 2010 client as the user(s) and ensure their contacts list is now blank.

Adium MAC and SIPE Addon for LYNC

The setup is simple:

Make sure you’re running Adium 1.5
Download this plugin:
Install the plugin and restart Adium
Add the new account using Office Communicator for the protocol

It doesn’t do everything (no video chat or screen sharing) – but it’s a huge step in the right direction.

[Update 5/4/12]: One thing Adium doesn’t do (but lync does) is set your status based off your calendar. I’ve addressed this via some AppleScript, as detailed here.

[Update 5/16/12]: The latest beta of Adium (1.5.1b1) uses a different version of libpurple, so the plugin doesn’t work. A quick workaround is to run the following commands in Terminal:

cd /Applications/
ln -s 0.10.5 0.10.0

Plugin is also available on V:\IT Share\IM Clients\MAC\Adium + SIPE Plugin\

Pidgin on Linux with SIPE connect to Lync ... -on-linux/

Instructions for Ubuntu (using a precompiled deb I've uploaded):

sudo apt-add-repository ppa:pidgin-developers/ppa
sudo apt-get update
sudo apt-get install pidgin
wget ... 2_i386.deb
sudo dpkg -i pidgin-sipe_1.13.1-2_i386.deb

Once this is done you can then open pidgin, and add an "Office Communicator" account, using teh following settings:

First tab (Basic)
Login: email address
Username: email address
Password: password

Second tab (Advanced)
Server/port: blank
Connection Type: Auto
User Agent: UCCAPI/4.0.7577.314 OC/4.0.7577.314
Auth Scheme: TLS-DSK

Untick Use single sign on, leave everything below it blank

Ignore the other 2 tabs

Lync 2010 Prepare for Support of Public IM Connectivity + Video to MSN ... 98177.aspx

Supporting connectivity with public IM users in your organization requires that the appropriate licensing is in place and that the provisioning process for the public IM services that you want to support is complete. Provisioning can take up to thirty days, so allow sufficient time to complete the process prior to the date on which you want to implement support. For details about licensing requirements and how to complete the provisioning process, see the "Public IM Connectivity Provisioning Guide for Microsoft Lync Server, Office Communications Server, and Live Communications Server" at

If you are implementing audio/video (A/V) federation with Windows Live Messenger, there are two parameters that you need to modify: the Microsoft Lync Server 2010 encryption level and the EnablePublicCloudAccess policy. By default, the encryption level is set to Required. You must change this setting to Supported. The EnablePublicCloudAccess policy is set to false, this needs to be set to true You can do this from the Lync Server Management Shell.

Start the Lync Server Management Shell: Click Start, click All Programs, click Microsoft Lync Server 2010, and then click Lync Server Management Shell.

From the command prompt, type the following commands:

Set-CsMediaConfiguration -EncryptionLevel SupportEncryption

Set-CsExternalAccessPolicy Global -EnablePublicCloudAccess $true -EnablePublicCloudAudioVideoAccess $true

Lync Server 2010 Deployment - blog.schertz.

Wicked guide to Lync 2010 setup:

Jeff Schertz Bog:

Saturday, 2 June 2012

Exchange Special Mailboxes - System Attendant mailbox

This post is a follow-on post to the SystemMailbox post from last week. Here I’m talking about System Attendant mailbox in Exchange 200x.

System Attendant mailbox

What is it and what is it used for?

Each Exchange 200x server has one (and hopefully only one) System Attendant mailbox. If the server has a System Attendent mailbox (note the misspelling), someone has probably been messing around with the server. Yes, I put that in mostly so it would be indexed with the incorrect spelling as a keyword also. J

The System Attendant mailbox has a folder within it called SpecialPrivateFolderForFreeBusyStorage. This folder is used when CDO or OWA push Free/Busy information up to the store through the MSExchangeFBPublish process.

System Attendant mailbox is also required to be available during mailbox moves. For instance, if you have the mailbox store containing the System Attendant mailbox dismounted during a mailbox move, the move will fail and you’ll find events 9175, 9167, and 1008 in your application event log (see KB.264413).

The SA mailbox is also used to send and receive the messages used by the legacy link monitoring service.

Where can it be found?

There are two parts to make up the complete System Attendant mailbox: a directory object and a mailbox object. The directory object is the actual System Attendant object in the configuration container (ie, at a location like: CN=Microsoft System Attendant,CN=<servername>,CN=Servers,CN=<sitename>,CN=Administrative Groups,CN=<orgname>,CN=Microsoft Exchange,CN=Services,CN=Configuration,CN=<domain> ). This directory object hosts all of the directory attributes associated with the system attendant. There is also a mailbox object, stored in the first Mailbox store created on an Exchange 200x server. This is generally the “Mailbox Store (servername)” store.

When does it get created? Can it be moved and/or recreated?

The System Attendant mailbox is created when the System Attendant is created on a server. It is associated with the first mailbox store created on a server.

If an attempt is made to delete the mailbox store containing the System Attendant mailbox, the following warning will appear:

“Deleting this mailbox store may result in the loss of system messages used by Exchange, such as Free/Busy or Key Management Security. If you choose to continue, you need to restart the system attendant service after the store is deleted.”

If the store is then deleted, the System Attendant mailbox will be moved automatically into another mailbox store on the server (ie – the HomeMDB value on the directory object will be updated). System Attendant service will have to be restarted to reconfigure MSExchangeFBPublish to use the new mailbox location, and the mailbox object may not reappear under the “Mailboxes” node of ESM until it is used in the future.

If there is a System Attendant directory object but no mailbox object (ie – one good cause of this is dropping in a blank store for troubleshooting), the mailbox store object will be recreated automatically in the mailbox store referenced by the HomeMDB attribute as soon as it’s needed.

How can I log onto the System Attendant mailbox?

It can be done, but it’s a fairly complicated set of steps and you’ll have to call PSS to get them.

SHOULD I log on to the System Attendant mailbox?

Probably not. I can’t think of any good reasons for accessing this mailbox without PSS directing you to do so.

What happens if I don’t have a proper System Attendant mailbox?

If there’s no System Attendant mailbox available on a server (and in a mounted and functional mailbox store), anything that requires it will almost certainly fail. You’ll see 9175 events logged in the application log, indicating a failure to logon to this mailbox by the system. You’ll see OWA-generated Free/Busy information not getting updated. You’ll see mailbox moves fail. It’s a very important mailbox to have configured properly and available!

(Added some more on Dec 27, 2004):

Should I delete it? Do I have to delete it before I can uninstall the Exchange server?

Nope, definitely should not delete it. If you’re getting the error “One or more users currently use this mailbox store. These users must be moved to a different mailbox store or be mail disabled before deleting this store. ID no: c1034a7f Exchange System Manager” when trying to remove the mailbox store or uninstall the server, this is not due to the System Attendant Mailbox. Have a look at KB.279202 for more information on how to determine which mailbox is causing this behavior.

How to Configure a Relay Connector for Exchange Server 2010

Taken from:

In most Exchange Server 2010 environments there will be the need to allow relaying for certain hosts, devices or applications to send email via the Exchange server. This is common with multi-function devices such as network attached printer/scanners, or applications such as backup software that send email reports.

SMTP communication is handled by the Hub Transport server in an Exchange organization. The transport service listens for SMTP connections on it’s default Receive Connector. However, this connector is secured by default to not allow anonymous connections (ie, the type of connection most non-Exchange systems will be making).

You can see this in effect if you telnet to the server on port 25 and try to initiate unauthenticated SMTP communications.

220 EX3.exchangeserverpro.local Microsoft ESMTP MAIL Service ready at Wed, 18 Au
g 2010 19:42:27 +1000
250 EX3.exchangeserverpro.local Hello []
mail from:
530 5.7.1 Client was not authenticated

For some Hub Transport servers that are internet-facing, anonymous connections may already be enabled. In those cases relay would still be denied but will behave differently than the first example.

220 EX3.exchangeserverpro.local Microsoft ESMTP MAIL Service ready at Wed, 18 Au
g 2010 20:01:44 +1000
250 EX3.exchangeserverpro.local Hello []
mail from:
250 2.1.0 Sender OK
rcpt to:
550 5.7.1 Unable to relay

You’ll note that relay is denied if I try to send from an address to an address, because neither is a valid domain for the Exchange organization. But with Anonymous Users enabled on the Receive Connector I can send from an address to a valid local address.

220 EX3.exchangeserverpro.local Microsoft ESMTP MAIL Service ready at Wed, 18 Au
g 2010 20:05:54 +1000
250 EX3.exchangeserverpro.local Hello []
mail from:
250 2.1.0 Sender OK
rcpt to: alan.reid@exchangeserverpro.local
250 2.1.5 Recipient OK
354 Start mail input; end with .
250 2.6.0 [In
ternalId=2] Queued mail for delivery

However if I try to relay out to an external recipient, the Exchange server does not allow it.

220 EX3.exchangeserverpro.local Microsoft ESMTP MAIL Service ready at Wed, 18 Au
g 2010 20:11:27 +1000
250 EX3.exchangeserverpro.local Hello []
mail from:
250 2.1.0 Sender OK
rcpt to:
550 5.7.1 Unable to relay

To permit a non-Exchange server to relay mail we can create a new Receive Connector on the Hub Transport server. Launch the Exchange Management Console and navigate to Server Management, and then Hub Transport. Select the Hub Transport server you wish to create the new Receive Connector on, and from the Actions pane of the console choose New Receive Connector.

newreceiveconnector01.png (48.71 KiB) Viewed 4 times

Give the new connector a name such as “Relay ” and click Next to continue.

newreceiveconnector02.png (12.04 KiB) Viewed 4 times

You can leave the local network settings as is, or optionally you can use a dedicated IP address for this connector if one has already been allocated to the server. Using dedicated IP addresses for each connector is sometimes required if you need to create connectors with different authentication settings, but for a general relay connector it is not necessary to change it.

newreceiveconnector03.png (5.81 KiB) Viewed 4 times

Highlight the default IP range in the remote network settings and click the red X to delete it.

newreceiveconnector04.png (6.2 KiB) Viewed 4 times

Now click the Add button and enter the IP address of the server you want to allow to relay through the Exchange server. Click OK to add it and then Next to continue

newreceiveconnector05.png (8.53 KiB) Viewed 4 times

Click the New button to complete the wizard.

The Receive Connector has now been created but is not yet ready to allow the server to relay through it. Go back to the Exchange Management Console, right-click the newly created Receive Connector and choose properties.

Select the Permission Groups tab and tick the Exchange Servers box.

newreceiveconnector07.png (3.58 KiB) Viewed 4 times

Select the Authentication Tab and tick the Externally Secured box.

newreceiveconnector06.png (5.37 KiB) Viewed 4 times

Apply the changes and the Receive Connector is now ready for the server to relay through.

220 EX3.exchangeserverpro.local Microsoft ESMTP MAIL Service ready at Wed, 18 Au
g 2010 20:31:00 +1000
250 EX3.exchangeserverpro.local Hello []
mail from:
250 2.1.0 Sender OK
rcpt to:
250 2.1.5 Recipient OK
354 Start mail input; end with .
250 2.6.0 <924bab1e-0f07-4054-8700-d121577993b4@EX3.exchangeserverpro.local> [In
ternalId=3] Queued mail for delivery

Because the remote IP range has been secured to that single IP address, any other servers on different IP addresses still won’t be able to relay through the Exchange Server. From any other IP address not included in the remote IP range on the Receive Connector relay will be denied.

220 EX3.exchangeserverpro.local Microsoft ESMTP MAIL Service ready at Wed, 18 Au
g 2010 20:46:06 +1000
250 EX3.exchangeserverpro.local Hello []
mail from:
250 2.1.0 Sender OK
rcpt to:
550 5.7.1 Unable to relay

You can later add more IP addresses, IP ranges, subnets, or even add multiple IP addresses to the Receive Connector using a script if necessary.

Useful Exchange Commandlets

Get Mailbox
Get-MailboxStatistics | where {$_.TotalItemSize -gt 1MB} | sort-object DatabaseName, TotalItemSize,LastLogonTime | format-table DisplayName, @{expression={$_.TotalItemSize.Value.ToMB()};label=”TotalItemSize(MB)”}, LastLogonTime, DatabaseName
(This will give you info on the selected users mailbox size, last login time and database)
 you could use:
Get-MailboxStatistics –id “User name” |fl displayname,totalitemsize

Message Trackign log:

Get-MessageTrackingLog -Start "04/13/2009 9:00AM" -End "04/26/2009 5:00PM" -Sender "" | Select-Object Timestamp,Sender, {$_.recipients}, MessageSubject | export-csv c:\QueryAllRecipients.csv

Add full mailbox permission:
Add-MailboxPermission -Identity 'CN=Journal Technical,OU=Technical,DC=EGRP,DC=local' -User 'EGRP\Domain Admins' -AccessRights 'FullAccess'

How To Check Exchange Database Size with PowerShell

Get-MailboxDatabase -Status | select ServerName,Name,DatabaseSize

Edge Sync
Start-EdgeSynchronization -Server Hub1

Calendar Permissions:
add-MailboxFolderPermission -Identity DarrenBos:\calendar -AccessRights Editor -User Scotteastman

Which Servers are people logged onto
Get-LogonStatistics -Identity "seastman" |fl clientname

Message Tracking
Get-Exchangeserver | where {$_.isHubTransportServer -eq $true -or $_.isMailboxServer -eq $true} | Get-Messagetrackinglog -sender -MessageSubject "Subject of message” -Start "8/27/2010 7:00 AM" -End "8/27/2010 11:00 AM" | Select-Object Timestamp,Clienthostname,eventid,source,sender,@{Name="Recipients";Expression={$_.recipients}},Recipientcount,serverhostname,SourceContext | Export-Csv c:\temp\Messageinfo.csv

Search mailbox - then put results into my mailbox in folder called XEN:
Search-Mailbox -Identity zwood -SearchQuery "From:''" -TargetMailbox seastman -TargetFolder "XEN" -LogLevel Full

Removing Emails from all mailbox's
Get-Mailbox -database "ENTA IT" -resultsize unlimited | Search-Mailbox -SearchQuery "From:'*@*'" -DeleteContent

Get-Mailbox -resultsize unlimited | Search-Mailbox -SearchQuery "From:''" -DeleteContent

Get-Mailbox -resultsize unlimited | Search-Mailbox -SearchQuery "From:'User X' To:'All Email Users'" -DeleteContent

Get-Mailbox -resultsize unlimited | Search-Mailbox -SearchQuery "Subject: Update Your E-Mail Details Account" -DeleteContent

Tracking Emails
get-messagetrackinglog -Server "ourExch2007" -Start "10/25/2009 9:34:00 AM" -End "11/6/2009 9:44:00 AM" -resultsize unlimited |where {$_.Sender -like "*"}

Wondering how many log files are generated per database every minute? Quickly find out by typing:
Get-MailboxDatabase -Server $env:ComputerName | %{ Get-ChildItem -Path $_.LogFolderPath -Filter "*????.log" | Group-Object -Property {$_.LastWriteTime.Day,$_.LastWriteTime.Hour,$_.LastWriteTime.minute} | ?{$_.Count -gt 1} | Measure-Object - Property Count -Min -Max -Ave }

Mailbox Size
Get-MailboxStatistics -server exchangemb11 | Sort-Object TotalItemSize -Descending | ft Display
Name,@{label="TotalItemSize(MB)";expression={$_.TotalItemSize.Value.ToMB()}},ItemCount | Format-List > c:\file.txt

Export Mailbox Request
New-MailboxExportRequest -Mailbox journal1 -FilePath "\\vmmlibrary\Exchange_Backup\Journal Backup\Master Journal\Journal1.pst"
get-messagetrackinglog -Sender "" | Select-Object Timestamp,Sender, {$_.recipients}, MessageSubject | export-csv 'V:\IT\Exchange\LOGS\Jim Woods\jimEdge.csv'
Use the Shell to remove a mailbox export request:
Remove-MailboxExportRequest -Identity "Ayla\MailboxExport"

Use the Shell to remove multiple mailbox export requests:
Get-MailboxExportRequest -Status Completed | Remove-MailboxExportRequest
Archiving Info:
Get-Mailbox | where {$_.ArchiveDatabase -ne $null}

Get-Mailbox | where {$_.ArchiveDatabase -ne $null} | ft name, archivedatabase, archivename, archivequota, archivewarningquota -AutoSize

Find a users Archive information:
get-mailboxstatistics mailboxname –archive

Get-Mailbox -archive | Get-MailboxStatistics -archive |fl DisplayName, Total*
Export Tracking Logs to CSV

Export-MessageTrackingLogsForRecipient.ps1 -Recipient steve -OutputCSV .\output.csv
Mailbox Size Report:

get-mailbox | Get-MailboxStatistics | Sort-Object TotalItemSize -Descending | ft DisplayName,@{
label="TotalItemSize(MB)";expression={$_.TotalItemSize.Value.ToMB()}},@{label="TotalItemSize(GB)";expression={$_.TotalItemSize.Value.ToGB()}} >c:\scott4.xls

Database size report:
Get-MailboxDatabase -status | Sort-Object databaseSize -Descending |ft name,databasesize
Get Managed Folder Assistant
Get-MailboxServer | fl Name,ManagedFolderAssistantSchedule

Get Mailbox Database Copy Status
Get-mailboxdatabasecopystatus -connectionstatus | fl name,outgoingconnections,incominglogcopyingnetwork

Add Domain Admins FULL access rights to every mailbox
Get-MailboxDatabase | Add-ADPermission -user "Domain Admins" -AccessRights GenericAll
Enable Pipeline Tracing
Set-TransportServer -id Exchangemb11 -PipelineTracingEnabled $true -PipelineTracingSenderAddress -PipelineTracingPath "C:\Program Files\Microsoft\Exchange Server\V14\TransportRoles\Logs\PipelineTracing"

First turn it on: Set-TransportServer Server1 -PipelineTracingEnabled $True

This will create a folder called PipelineTracing and all the email messages and info will be in there

Mailbox Permission Change:
Add-MailboxPermission -Identity 'CN=Journal Master4,OU=IT,DC=EGRP,DC=local' -User 'EGRP\Domain Admins' -AccessRights 'FullAccess'

Using web parts in Exchange OWA

This will give you just the calendar for the logged on user

You can also change path=inbox / contacts / tasks etc to just view those parts

Exchange Mailbox Size

List Exchange users by mailbox size in Exchange 2007 & 2010

This tip shows you how to query an Exchange mail server to determine users with the largest mailboxes. This is useful if you need to move mailboxes to reduce store size, or find users to ping about reducing their mailbox.

The command to do this is as follows. You can copy-paste this into the Exchange Management Shell on your server:

Get-MailboxStatistics | Sort-Object TotalItemSize -Descending | ft DisplayName,@{label="TotalItemSize(MB)";expression={$_.TotalItemSize.Value.ToMB()}},ItemCount

And you should get the following output:

DisplayName TotalItemSize(MB) ItemCount
----------- ----------------- ---------
Lastname, Firstname 1934 30959
Lastname, Firstname 1849 40519
Lastname, Firstname 1841 43277
Lastname, Firstname 1770 41790
Lastname, Firstname 1643 43348
Lastname, Firstname 1511 21973
Lastname, Firstname 1500 31290
Lastname, Firstname 1499 34474
Lastname, Firstname 1482 25253
Lastname, Firstname 1468 15313
Lastname, Firstname 1461 20534
Lastname, Firstname 1410 31545
Lastname, Firstname 1396 22245
Lastname, Firstname 1344 24807
Lastname, Firstname 1314 25633
... etc ...

The important column is the second one, TotalItemSize. As you can see the largest mailbox is listed first, and is a whopping 1.9 GB.

The breakdown of the command is as follows. Management Shell uses the powerful Unix pipeline idiom to pass and filter output between commands.

The first command is Get-MailboxStatistics which does pretty much what it sounds like it does.

This output is piped to the Sort-Object command, which orders by the TotalItemSize column in descending order.

The Sort-Object output is then transformed via pipe by the Format-Table command, ft for short. This command gives you control of how the 'table' output will be viewed. In this case it transforms TotalItemSize from bytes to megabytes, which is much easier to grok. It also selects only the columns you want to see.

Search Exchange Message Tracking logs for wildcard values

Unfortunately the Exchange Management Console does not allow use of wildcard values for things like senders and recipients. These need to be specific user or list of users. However you can search these logs for wildcard values using the Exchange Management Shell.

Here are two examples to search for any user at These will output the results to a text file for easier viewing. Make sure to update the date ranges and domain name as needed.

Search for messages sent TO any users at

Get-MessageTrackingLog -ResultSize Unlimited -Start "5/1/2011" -End "5/12/2011" | where{$_.recipients -like "*"} | select-object Timestamp,SourceContext,Source,EventId,MessageSubject,Sender,{$_.Recipients} | export-csv C:\ExchangeLogResults.txt

Search for messages sent FROM users at

Get-MessageTrackingLog -ResultSize Unlimited -Start "5/1/2011" -End "5/12/2011" | where{$_.sender -like "*"} | select-object Timestamp,SourceContext,Source,EventId,MessageSubject,Sender,{$_.Recipients} | export-csv C:\ExchangeLogResults.txt

This information applies to Exchange 2003, 2007, and 2010.

How to Export Message Tracking Results in Exchange 2010

I know we all were a little uncomfortable when Microsoft has come up with the new Message Tracking in Exchange Server 2007 and Exchange 2010 (of course even me). But, now I become very comfortable with it and mainly because of its flexibility/features. Recently the message tracking helped me in identifying a spam attack from an application server, which made me to write this post. Here I have tried to explain how to easily track and export the tracking results to a file and do the further filtration for troubleshooting purpose.

Note – I used the Exchange 2010 SP1 Exchange Management Console and Shell.

Open the Tool Box from EMC and locate Tracking Log Explorer, and do your normal tracking for a desired output. Here I did tracking for couple of test message that I sent.

Message_Tracking_-EMC1.png (6.81 KiB) Viewed 1 time

Below shows the result window,

Message_Tracking_-EMC2.png (14 KiB) Viewed 1 time

As you know that the Exchange 2007 and 2010 tracking give plenty of detail in the message tracking result. Now, how will you interpret these results? Is it easy to read the information shows in this output?

At least few time you would have thought, how we can export these results. It is not difficult for administrators who work with Exchange Management Shell. Don’t worry, it is not difficult for you who are not comfortable with Shell as well.

Copy the Exchange Management Shell command from the Message tracking page,

get-messagetrackinglog -MessageSubject "Test Message to Verify Tracking Details" -Start "6/26/2011 9:00:00 PM" -End "6/26/2011 9:30:00 PM"

End of the Shell command that you copied add the field needed to export with a ‘select’ filter, see the below modified shell command.

get-messagetrackinglog -MessageSubject "Test Message to Verify Tracking Details" -Start "6/26/2011 9:00:00 PM" -End "6/26/2011 9:30:00 PM" | select timestamp, ClientIp, ClientHostname, ServerIp, ServerHostname, SourceContext, ConnectorId, Source, EventId, InternalMessageId, MessageId, {$_.Recipients}, {$_.RecipientStatus}, TotalBytes, RecipientCount, RelatedRecipientAddress, Reference, MessageSubject, Sender, ReturnPath, MessageInfo >c:\Track-results.csv

Message_Tracking_-EMS.png (7.8 KiB) Viewed 1 time

Open the results file in excel and do your rest of filtration, that’s it... you have done.

Message_Tracking_CSV.png (14.13 KiB) Viewed 1 time

You may select only the fields that you need during the shell command execution, use the table below to decide your fields.


Hope now you will like the message tracking of Exchange 2007 and 2010. You may use the same approach when tracking in Exchange 2007, more or less the same.

Changing Certificate on CAS Servers

Go to IIS7 and click on - then go to Sites / Default Web site

Then on right hand side go to bindings and on "https-443-*" Edit and select the correct certificate

Restart IIS

Then you will have to run these commands on the CAS Servers to change the outlook provider to the new certificate name (E.g. the new cert i have used below is for

Set-OutlookProvider EXPR -CertPrincipalName:""
Set-OutlookProvider EXCH -CertPrincipalName:""

This setting relates to the account info in outlook - under account and more settings / Connections Tab / Outlook anywhere / Exchange Proxy Settings / Proxy Server principal name

DAG and DAC (Datacenter Activation Coordination)

When you have a two-member DAG, the system can no distinguish between the different types of failure. It could be a single server failure, a multiple-server failure or a site failure. To manage a datacenter switchover for a two-member DAG that is extended across multiple datacenters you must use Windows failover cluster management tools.

More information on datacenter switchovers can be found here: ... 51049.aspx

If you can wait until Exchange Server 2010 Service Pack 1 changes has been made so that DAC supports two-member DAGs in separate datacenters. DAC, or Datacenter Activation Coordination mode is a property setting for a database availability group (DAG). It enables control of the activation behavior of the DAG members preventing split-brain syndrom by not allowing databases to mount automatically even though the DAG has a quorum.

More information on DAC can be found here: ... 79790.aspx
Datacentre Activation Mode is a mode specifically for multsite Data Availability Groups with 3 or more members. It is there to stop datacentre DAG split brain syndrome.

For example you have 2 Sites with DAG members in each. Catastrophic errors occur and your WAN linking the two sites goes down. You now have a potential scenario where both sites will make a passive database active. The site that already had the active database, and the second site seeing the loss of the active database and automatically activating a copy.

so DAC operates this using literally a bit that it flips from either 0 or 1. 0 meaning it cannot mount a database and upon talking to other DAG members using DACP and finding another server with 1, will mount the databases as it knows it is allowed to.

For a more detailed explanation see here:

DAC must be enabled manually if you are in a split datacentre scenario with 3 or more members. To see the cmdlet to activate again see:

Outlook Cant preview or open email attachments

Error opening attachments / Cleaning out the Temporary Outlook Files folder

When opening an attachment directly from within Outlook you could get an error message saying that it can’t create the file and to that you need check the permissions on the folder you want to save it in. In most cases the permissions on the folder isn’t the issue but the fact that the folder is “full”. When you open an attachment directly from within Outlook it will first save a copy to a subfolder of the Temporary Internet Files folder. Cleaning out the folder will solve the issue.

Outlook Secure Temp folder
Unfortunately this is easier said than done. The subfolder name Outlook creates (on installation of Outlook) in the Temporary Internet Files folder is quite random. In Outlook 2003 and previous, the name starts with OLK and is followed by up to 4 random numbers or letters. In Outlook 2007 and Outlook 2010, this folder is called Content.Outlook and then has a subfolder which is named with with 8 random numbers and letters. In addition, by default, you cannot simply browse to the folder to clean it out. Getting to the Temporary Outlook Folder can still be accomplished in 2 easy steps though.

Step 1: Locate the folder
The folder location is stored in the registry in the following key;

Outlook 97 HKEY_CURRENT_USER\Software\Microsoft\Office\8.0\Outlook\Security
Outlook 98 HKEY_CURRENT_USER\Software\Microsoft\Office\8.5\Outlook\Security
Outlook 2000 HKEY_CURRENT_USER\Software\Microsoft\Office\9.0\Outlook\Security
Outlook 2002/XP HKEY_CURRENT_USER\Software\Microsoft\Office\10.0\Outlook\Security
Outlook 2003 HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Outlook\Security
Outlook 2007 HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Outlook\Security
Outlook 2010 HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Security
Step 2: Get to the folder

Open the OutlookSecureTempFolder registry key from the location provided in Step 1.
Copy the path from the key.
Open Explorer
Paste the address in the Address Bar and press Enter
and remove all files in that folder

should work then

Use Telnet on Port 25 to test SMTP communication

For purposes of providing an example, the following procedure uses the values that are described in the following list:

* Destination SMTP server
* Source domain
* Sender's e-mail address
* Recipient's e-mail address
* Message subject Test from Contoso
* Message body This is a test message
You should always use a valid sender e-mail address so that any non-delivery report (NDR) messages that are generated by the destination SMTP server are delivered to the sender of the message.

The commands in Telnet Client are not case-sensitive. The SMTP command verbs are capitalized for clarity.

1. At a command prompt, type telnet, and then press ENTER. This command opens the Telnet session.
2. Type set localecho and then press ENTER. This optional command lets you view the characters as you type them. This setting may be required for some SMTP servers.
3. Type set logfile <filename>. This optional command enables logging of the Telnet session to the specified log file. If you only specify a file name, the location of the log file is the current working directory. If you specify a path and a file name, the path must be local to the computer. Both the path and the file name that you specify must be entered in the Microsoft DOS 8.3 format. The path that you specify must already exist. If you specify a log file that doesn't exist, it will be created for you.
4. Type open 25 and then press ENTER.
You can't use the backspace key after you have connected to the destination SMTP server within the Telnet session. If you make a mistake as you type an SMTP command, you must press ENTER and then type the command again. Unrecognized SMTP commands or syntax errors result in an error message that resembles the following:

500 5.3.3 Unrecognized command

5. Type EHLO and then press ENTER.
6. Type MAIL and then press ENTER.
7. Type RCPT NOTIFY=success,failure and then press ENTER. The optional NOTIFY command defines the particular delivery status notification (DSN) messages that the destination SMTP server must provide to the sender. DSN messages are defined in RFC 1891. In this case, you're requesting a DSN message for successful or failed message delivery.
8. Type DATA and then press ENTER. You will receive a response that resembles the following:

354 Start mail input; end with <CLRF>.<CLRF>

9. Type Subject: Test from Contoso and then press ENTER.
10. Press ENTER. RFC 2822 requires a blank line between the Subject: header field and the message body.
11. Type This is a test message and then press ENTER.
12. Press ENTER, type a period ( . ) and then press ENTER. You will receive a response that resembles the following:

250 2.6.0 <GUID> Queued mail for delivery

13. To disconnect from the destination SMTP server, type QUIT and then press ENTER. You will receive a response that resembles the following:

221 2.0.0 Service closing transmission channel

14. To close the Telnet session, type quit and then press ENTER.

Exchange Web Services Managed API ... 80%29.aspx

Videos: ... 80%29.aspx ... 80%29.aspx

EXTEST_33788774A21E4 user is not there (Exchange Test User)

If the EXTEST_33788774A21E4 user is not there and needs to be to run the test-outlookconnectivity you need to do the following:

Then open Exchange Management Shell and navigate to the Scripts directory under where you installed Exchange, and run the new-TestCasConnectivityUser.ps1 script to recreate the mailbox-enabled user. It shouldn't matter that it creates a new mailbox; there shouldn't be any data in it that is of any importance.

Again, I don't think this will fix Outlook Anywhere, but it will allow you to test it.

Content Index 'Failed' when mail server switch over

If this error occurs:
Error: "Content Index Catalog Files in the following state 'Failed'"

Do the following:
1. Suspend database copy
2. activate database copy: wait for the resync

It should work when status changed to HEALTHY and all indexes are ok.

Exchange Restrict RAM

Incase u want to limit the size..Follow the steps below

1. Start ADSI Edit.
2. Open the following object:
Configuration/Services/Microsoft Exchange/Your organization/Administrative
Groups/Your administrative group/Servers/Server name/Information Store
3. Right-click Information Store, and then click Properties.
4. Under the list of Attributes, scroll down and select msExchESEParamCacheSizeMax.

5. Click the Edit button, then type the number of 8 kb pages that you
want to set the maximum cache size to.

For example. 1GB cache equates to 1048576 (1024x1024). Divide the cache that you want to set by 8kb to determine the value to enter.

6. Quit ADSI Edit, and then restart the Microsoft Exchange Information Store service

Quorum log too small

The Microsoft® Exchange Server Analyzer Tool reads the following registry entry to determine the size of the quorum log configured for the cluster:


If the Exchange Server Analyzer finds the value for MaxQuorumLogSize less than 4194304 decimal (0x400000 hexadecimal), a warning is displayed.

The MaxQuorumLogSize registry value represents the currently configured value for the Reset quorum log at cluster quorum parameter. This warning is generated if the MaxQuorumLogSize is less than 4096 kilobytes (KB).

The cluster records all changes to the cluster database in the quorum log file. When the quorum log attains the specified size, the cluster saves the database and resets the log file. On Microsoft Windows® 2000 Server-based clusters, the default quorum size limit is 64 KB. On Windows Server™ 2003-based clusters, the default quorum size limit is 4096 KB. For Exchange Server clusters, it is recommended that the Reset quorum log at property be configured to 4096 KB. This ensures that there will be sufficient space to hold the cluster configuration information, such as which servers are part of the cluster, what resources are installed in the cluster, and what state those resources are in (for example, online or offline).
To correct this warning

1. Open Cluster Administrator.
2. In the left pane, right-click the object that represents the cluster, and then click Properties.
3. On the Quorum tab, configure Reset quorum log at with a value of 4096.
4. Click OK to save the changes.

Application log size - CAS Servers

The Microsoft® Exchange Server Analyzer Tool reads the following registry entry to determine the maximum size of the Application log file:


If the Exchange Server Analyzer finds that the value for MaxSize is less than 41,943,040 bytes (40 megabytes ), the Exchange Server Analyzer displays a best practice message. /M:RecoverServer

To recover a server first reset computer in Activity Directory and re-add to domain under same name (Make sure you Reset and not delete)

The run /M:RecoverServer on server to recover.

Also View and READ these:

(Hub Transport Server role installed, and this is the only Exchange 2007 Server with this role installed, it's recommended to run /M:RecoverServer with the /DoNotStartTransport syntax, as there are a few post-recovery steps that should be completed before this role is made active.)

Errors i received:
- Setup previously failed while performing the action "DisasterRecovery". You can't resume setup my performing the action "Install"
- Setup previously failed while performing the action "Uninstall". You can't resume setup my performing the action "Install"

The problem is that exchange thing he is in a DisasterRecovery, but he isn't ??? To solf this issue:
- Start regedit
- Goto HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ExchangeServer\v14.0\roleName
Here is the place that exchange says: DisasterRecovery. Just remove the key and try it again.

Exchange Mail Log Info

Go onto the mailbox servers - logs for all mail sent / Received are located in:

C:\Program Files\Microsoft\Exchange Server\V14\TransportRoles\Logs

Active User stats
Edge Sync
Message Tracking

are all logs to look at.

Message tracking will give you a record of all mail. Very usefull.

Exchange 2010 Resourses

Tech Bulletins

>>> Tech Bulletin: Overview of Exchange 2010 Role Based Access Control <<< ... 6376a5c760

>>> Tech Bulletin: How to move mailbox from legacy Exchange forest to Exchange 2010 forest <<< ... 33694e9f7f

Hot Downloads

Download Microsoft Exchange Server 2010 ... 85495.aspx

Update Rollup 1 for Exchange Server 2010 (KB976573) ... laylang=en

Update Rollup 2 for Exchange Server 2010 (KB979611) ... laylang=en

Useful links

Microsoft Exchange Server 2010 Frequently Asked Questions

Exchange team blog

Exchange Server 2010 ... (EXCHG.140).aspx

Error Downloading Exchange Address Book

I seem to be having the same issue i had a few months back where the OAB stops downloading, However if i add the authenticated users to the OAB virtual directory in IIS they can then download the OAB again, however these rights keep on disapearing every week. I raised this on

So if the offline address book stops downloading to clients please complete the following as a temporary fix:

Go to all 3 of the CAS servers: / /

Goto Internet Information Services (IIS) Manager / expand / Sites / Default Web Site /

Right click on OAB and go to Edit Permissions and add authenticated users with Just read right. (you may also need to do this with the actual OAB directory under the OAB directory)

For more info go to the Gold partner forums:

Exchange File Extensions

*.edb - Exchange Database file

*.chk - checkpoint file - keeps track of which transactions have moved from the transaction logs to the database - so in the event of the being an interuption of those transaction logs being moved to the database, if anything happens the checkpoint file can be used to refernece.

*.log - 2 different types - the current transaction log e.g. E00.log, but once this gets to 1mb it is re-created again and is renamed to e.g. E00000000001.log

*.jrs - Used if the server gets to the end of its storage space and has no more room to wright any more information into transaction logs (There should be 2 of these logs just for an emergency like that)

tmp.edb - Tempory workspace to store data before written to main *.edb database
not present in 2010 - i think its now E:\database\Accounts\Accounts.edb.IRS.RAW

Outlook Autocomplete

In outlook the email address field - uses an auto complete file that holds all the history for email contacts

This file is the outlook.nk2 file

Testing your mail server security

Telnet IP 25


mail from

rcpt to

enter message here, followed by a full stop on a new line


Also, check whether your email server divulges your internal users by supporting the EXPN and VRFY commands (for example, VRFY administrator ->

' telnet 25

help - does it show EXPN / VRFY to be supported?

EXPN administrator

VRFY admin'

Finally, check if it's possible to send a spoofed email through the email server. For example, SMTP server for domain "" receives an external email from Does your email server drop this email? It should do