29 Jan 2011

Force removal of Public Folders Database

To uninstall the last Exchange 2003 server from Exchange Organisation you have to delete Public Folders Databases. You can find a few very good articles about removing the last Exchange 2003. These articles are very useful when everything goes well and you can replicate all Public Folders to a new Exchange 2007/2010 server. What if you are unable to replicate all Public Folders and some folders remain on the old server (at least Exchange tools state that)? I know from experience that this is a very common problem. I'm going to describe the procedure which easily solves this problem.

Important notice: If you remove Public Folders database using this method all data that remains in it will be lost!
Important notice 2: If you remove the first Public Folder Database via this method, the site folder server will point to a deleted object. You will subsequently need to fix that using ADSIEDIT. Refer to Site folder server deleted

To forcibly remove Public Folder Database

  1. Open the following path using the adsiedit.msc tool
    CN=Configuration,DC=yourdomain,DC=yourhighlevelpartofdomain,CN=Services,CN=Microsoft Exchange,CN=YourOrganizationName,CN=Administrative Groups, CN=YourAdministrativeGoupName,CN=Servers,CN=YourServerName,CN=StorageGroupNameWhichContainsPFDatabase
  2. In right window, right click Public Folder database name and delete it
You can use this procedure also with Exchange 2007/2010 Public Folder Databases.

27 Jan 2011

Exchange 2010 - Certificate Status: RevocationCheckFailure

I was configuring Exchange 2010 for a customer who bought GoDaddy certificates to use with Exchange. When I tried to verify installed certificate using Get-ExchangeCertificte | FL
command, the certificate Status was RevocationChekFailure. The certificate was displayed correctly under MMC console, so it was obviously problem with access to CRL Publication Point.
Exchange 2010 was installed on Windows 2008 R2 and a proxy server was needed to connect to the Internet.
Exchange 2010 uses WinHttp service to connect to the Internet. This service doesn't import proxy settings from Internet Explorer configuration.
You have two options to configure WinHttp:
1. WPAD - If WPAD is deployed on the network then WinHttp service will get configuration automatically
2. Manual configuration - If you don't have WPAD you must configure WinHttp service manually. I'm going to describe this method.

To verify current settings:
Run netsh winhttp show proxy from Command Line. You will see your current settings. Direct access means that there is no proxy for WinHttp

To set proxy run the following command:
netsh winhttp set proxy proxy-server="http=yourhtpproxyserver:8080;https=yourhttpsproxyserver:8080" bypass-list="*.yourADdomain.local"

The above command is correct only for Windows 2008 R2, for Windows 2008 use this command:
netsh winhttp set proxy-server="http=yourhtpproxyserver:8080;https=yourhttpsproxyserver:8080" bypass-list="*.yourADdomain.local"

Optionally you can clear CRL Cache with the following command certutil -urlcache crl delete

Notice: Please remember to set value of bypass-list parameter to your local Active Directory domain FQDN. If you pass over this part you won't be able to connect to your Exchange using Exchange Management Console nor PowerShell.