Wednesday, July 30, 2008

Event ID: 1025 on Exchange 2003 SP2


Today morning, I found that the application log on the exchange server is flooded with the following warning:

Event Type:    Warning

Event Source:    MSExchangeIS Mailbox Store

Event Category:    General

Event ID:    1025

Date:        7/30/2008

Time:        8:45:28 AM

User:        N/A

Computer:    MAIL


An error occurred on database "DatabaseName".

Function name or description of problem: EcEntryIdFromAddr

Error: 0x467


For more information, click

A related article on MS support site stated that this error can occur on exchange 2000, but in our case we have exchange 2003, any way the cause part of the article state the following:



This problem can occur if a message from the Internet contains a "REPLY-TO" field. The information store asks for the same attribute (proxy addresses) twice and Dsaccess only fills in the first instance. This problem can occur with Microsoft MSN Hotmail accounts if you alter the reply to address.


However to eliminate the error, I have browsed the queue and find out a message pending in the local delivery queue. To sort this error out, I did the following:

  • Stop the SMTP service.
  • Open the queue directory.
  • Open the stucked messages for local delivery with notepad.
  • Delete the "REPLY-TO" line.
  • Start the SMTP service.


The messages then will be delivered and the error will be eliminated. In my case the messages was coming from a Blackberry device.


Sunday, June 29, 2008

ABCD System Center Essentials (SCE)


In this post I am gonna go through the basic steps to install and configure SCE, and make it up and running.


Initially, once you insert the media it will check for the pre-requisites and give you a nice report whether it is applicable to install SCE or not, and tell you what is the missing components ( .Net framework, IIS…)


I am not going to talk about the installation process since it is as simple as 10 clicks wizard. Once the installation wizard finished, you will get the following screen:


 After that, you will launch the SCE console






It is clear that the configuration steps are not completed, mainly we have to configure these three configuration steps in order to make SCE working, and those are:

  1. Configure product feature: this will configure proxy setting, group policy setting (Domain level or local policy), Firewall Exception, enable remote assistance on client machine, Error collection setting and schedule discovery. 
  2. Configure computers and devices to manage: enable you to discover the network and find out the clients and servers then push the installation of client agent. 
  3. Configure Microsoft Update settings: it is very similar to the WSUS configuration, this will enable you to choose which OS updates to download and which language, and which office and other Microsoft product updates to download, it is easy and a matter of simple click, then you can synchronize with Microsoft site or schedule it on non working hours.


Note: in order to allow the SCE server to discover computers in your network, certain ports must be opened the server VLAN and the clients VLAN, those are: 

Thursday, April 17, 2008

DNS Disaster Recovery!


If you are working in an organization that hosts its own DNS server where you have the records for MX, Web and other servers that are accessible externally, you must put a plan for how to rebuild your DNS server in case of failure or a disaster.


In this article, I am going to show you how to backup the zones in your DNS server and restore those using DNSCMD command lines; DNSCMD is a part of Support tools. So you must install the support tools in order to run this command.

I am going to simulate the case, by backing up a production DNS server and restore it to a virtual machine image. After installing the support tools on the server go to:

Start -> programs -> windows support tools -> command prompt

The syntax for our command is: dnscmd [ServerName] /zoneexport ZoneName ZoneExportFile

So based on my server and zone names, I will use the following syntax:

C:\>dnscmd MyDNSname /zoneexport

You will notice that the output of this command is:

DNS Server MyDNSname exported zone to file %windir%\system32\dns\

DNS server Command completed successfully.

Now you have to browse to the specified path and copy the .bak file, which we will use it to restore the zone to a different server.

  • On the new server which supposes to be as a new one, install the DNS service and don't create any new zone.
  • Paste the .bak file on %systemroot%\system32\dns and rename the extension to .dns
  • Go to DNS management console, right click forward lookup zone and choose new zone, Next, Next, give it the same name, then next, make sure to choose the second choice, it should take the name of the zone automatically.


Now check your zone, it should contain your old records.

Note: In my case, the DNS server is a member server setting on the DMZ zone so the option to have active directory integrated zone is not available. One more thing, the previous exercise is valid in case of corrupted zone or you need to do some modifications on a specific zone, this will get your zone back before the changes.

For more information:


Monday, April 14, 2008

Creating a custom address list

In the previous article we imported a group of contacts from different companies into our AD, the good thing is that those contacts are categorized into OUs based on different company name. I believe we can create a custom address list based on the company names. but first of all we have to change the company name for each contact !

Actually, this is an easy process with ADModify. Just download the tool and extract it. Note: you will need .Net frame work in order to work.

Once you run the tool, click on Modify Attribute, and then you will get this screen:

In the Domain List, choose your domain. In the Domain controller List, choose any available DC.

Then click on contacts only, to filter your search. Now click on the green arrow, after that browse to the required OU, once you find it, just click it and click Add to List->, then Select All, and click Next, go to the Organization tab, now we can change the company property for the selected group of contacts in one shot, just check mark company and write the company name, then click Go.

Now let's go to Exchange Management Console to create the customized address list.

Open your EMC, browse to Organization Configuration->Mailbox, right click Mailbox and choose New Address List, give it a name and click the following specific types, then check mark contacts with external e-mail addresses and click next. In the next screen check mark recipient is in a company in Step 1 and click specified in step 2 to fill the company name. To make sure you are filtering the right contacts click preview. Now click next and Next to create the address list immediately.

Now your customized address list has been created and should be accessible to your outlook clients either through MS outlook or OWA.

Enjoy it!

Thursday, March 27, 2008

Importing Mail Contacts to exchange 2007 in bulk!


Your company needs to have an address list that contains contacts from multiple companies. I was talking with Alaa in this regards, he suggest implementing MIIS, but unfortunately it needs some requirements that is not available yet in our servers room :). So we need something fast to import those contacts to our exchange 2007 server.



  • Solution:
    First, we need a CSV file that contains some columns to be exported from those companies (exported from the Domain Controllers), this file will have some attributes of the users like display name and e-mail address.
    Login to the domain controller in each company (or ask the in charge person) and do the following:
    - Open AD Users & Computers, go to View->add/remove columns, then add the following columns, in the same order:
    Display Name
    E-mail address
    Exchange Alias


  • Browse to the OU that contain the users accounts that need to be imported, make sure that the view is showing the columns that you had select in the previous step, if not, choose them again, go to Action->Export List, and save the file as (comma delimited) ( *.csv). You need now to work on this file using MS excel.




  • Open this file with excel, now we have to rename the columns as the following:
    Name DisplayName MailAddress Alias
    It should looks like this:


  • Save the file, then copy it to C:\ on the Exchange server (where you want to import the contacts)


  • Start Exchange Management Shell, copy and paste the following command:

    import-csv c:\contacts.csv | foreach { new-mailcontact -alias $_.Alias -name $_.displayName -ExternalEmailAddress $_.MailAddress -org contacts }

Note: before running this command you must have an OU on the AD called contacts otherwise the command will return an error. You can also create your own OU, but change the OU name after –org switch in the previous command.

The contacts is created now, in the next article am gonna show how to create a custom address list for each company based on the imported contacts.

Wednesday, March 5, 2008

How to enable Remote desktop remotely.

Most administrators prefer to administer their servers remotely through remote desktop (formerly known as terminal services). But what if you forget to enable remote desktop before shipping the server to a remote site, well, you still have the chance to do it remotely through remote registry.

First of all you should have access to the server with administrative privilege.

  • -On your xp machine, start->Run->regedit
  • - On the File menu, click Connect Network Registry.
  • - type the computer name and then click Check Names
  • -provide your administrative credential in the next dialog and click ok
  • -now in the computer node that appear in the registry editor, drill down to the following key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server

  • -click Terminal Server, then in the detail pane double-click fDenyTSConnections
  • - in Value data, type 0, and then click OK

Now you need to restart the server remotely in order to implement the change, this can be done through command prompt, run the following command:

shutdown -m \\ComputerName –r

You can now start your RDP sessions.

Tuesday, March 4, 2008

Server name, #5.0.0 SMTP; 550 failed to meet SPF requirements

One of our clients report that he can’t send e-mail to certain domain, the bounce back message state the following:
The following recipient(s) cannot be reached: on 3/4/2008 10:01 AM
The e-mail system was unable to deliver the message, but did not report a specific reason. Check the address and try again. If it still fails, contact your system administrator. #5.0.0 SMTP; 550 failed to meet SPF requirements

What I understand from this message is that our server doesn’t have SPF record.
SPF record is a single TXT entry in the DNS database for each domain, the main purpose of inventing this record is to fight spammers and ensure the identity of the senders.

So, how to create and test it?

By googling SPF, I found useful information; here is how to create your SPF record.
If you are hosting your own DNS server (external DNS), you can follow up in this article, otherwise, follow only step one and contact your ISP to create the record (that is if your ISP hosting your MX record).

Marc Grote wrote a good article regarding this topic, any way, here is what you have to do:

Step one: follow this wizard that will give you your SPF record, copy this string.
Step Two: go to your DNS server, under forward lookup zone, right click your (domain name) zone, and choose other new record, then select TXT record, paste your SPF record in the Text textbox. You should have something similar to this.

Now how to ensure that you create the record successfully, in other word how to query it?
This web site provide this facility, moreover you can test your SPF string before implement it.

That is it, my client start sending e-mail again and no bounce back messages.

Monday, March 3, 2008

WSUS 3.0 Error: The server is failing to download some updates.

The following errors start appearing in my WSUS 3.0 server application log:

Event Source: Windows Server Update Services
Event ID: 10032
The server is failing to download some updates.

Event Source: Windows Server Update Services
Event Category: Synchronization
Event ID: 364
Content file download failed. Reason: The server does not support the necessary HTTP protocol. Background Intelligent Transfer Service (BITS) requires that the server support the Range protocol header.
Source File: /msdownload/update/software/crup/2008/02/ Destination File: c:\WSUS\WsusContent\DA\9C8D60AEF0FAF5BA4A7B71BA3647241B89C19DDA.CAB.

To solve the problem I did the following:
-Stop the Background Intelligent Transfer Service.
-Run the following command:

%programfiles%\Update Services\Setup\ExecuteSQL.exe -S %Computername%\MICROSOFT##SSEE -d "SUSDB" -Q "update tbConfigurationC set BitsDownloadPriorityForeground=1"

-Start the Background Intelligent Transfer Service.
-Restart the Update service.
And that’s it, the service start downloading the updates successfully, and you will get the following information event in your app log.