Exchange 2010 Resource '(Mdb)MailboxDatabase001' is unhealthy and shouldn't be accessed.

Similar Messages

• Can't move Exchange 2003 mailbox to Exchange 2010 Resource forest (Linked Mailbox)

  Problem Description:
  Can’t move Exchange 2003 mailbox to Exchange 2010 resource forest
  Error message:
  Failed to reconnect to Active Directory server SRVUMVMDC02.umfolozi.local. Make sure the server is available, and that you have used the correct credentials.
  Source Environment Configuration:
  Active Directory
  FQDN: umfolozi.local
  Domain name (pre-Windows 2000): UMFOLOZI
  Domain Function Level: Windows Server 2003
  Domain Controllers:
  Hostname
  OS
  Operation Master
  SRVUMVMDC01.umfolozi.local
  Windows Server 2008 R2 Standard SP1
  Schema Master, Domain Naming, RID, PDC
  SRVUMVMDC01.umfolozi.local
  Windows Server 2008 R2 Standard SP1
  Infrastructure
  Exchange
  Version: Microsoft Exchange 2003 Standard SP2 Build 7638.2
  Server Information:
  Hostname
  OS
  TUSKUMFMAIL.umfolozi.local
  Windows Server 2003 R2 SP2
  DNS Zones
  Zone Name
  Zone Type
  Domain Controllers
  umfolozi.local
  Active Directory-Integrated (Primary)
  SRVUMVMDC01.umfolozi.local
  SRVUMVMDC01.umfolozi.local
  peermont.com
  Secondary
  SRVPGVMDC01.peermont.com
  SRVPGVMDC02.peermont.com
  Trusts
  Domain Name
  Trust Type
  Transitive
  Validated
  peermont.com
  Forest
  Yes
  Yes
  Target Environment Configuration:
  Active Directory
  FQDN: peermont.com
  Domain name (pre-Windows 2000): PG
  Domain Functional Level: Windows Server 2008 R2
  Domain Controllers:
  Hostname
  OS
  Operation Master
  SRVPGVMDC01.peermont.com
  Windows Server 2008 R2 Std SP1
  SRVPGVMDC02.peermont.com
  Windows Server 2008 R2 Std SP1
  Domain naming, RID, PDC, Infrastructure, Schema Master
  Exchange
  Resource Exchange Forest
  Server Information:
  Hostname
  OS
  Role
  Version
  Client Access Array
  SRVPGVMEXCH01.peermont.com
  Windows Server 2012 Std
  HUB, CAS
  Version 14.3 (Build 123.4)
  exchange.peermont.com
  SRVPGVMEXCH02.peermont.com
  Windows Server 2012 Std
  HUB, CAS
  Version 14.3 (Build 123.4)
  exchange.peermont.com
  Hostname
  OS
  Role
  Version
  Database Availibility Group
  SRVPGVMEXCH03.peermont.com
  Windows Server 2012 Std
  MBX
  Version 14.3 (Build 123.4)
  PeermontDAG
  SRVPGVMEXCH04.peermont.com
  Windows Server 2012 Std
  MBX
  Version 14.3 (Build 123.4)
  PeermontDAG
  DNS Zones
  Zone Name
  Zone Type
  Domain Controllers
  peermont.com
  Active Directory-Integrated (Primary)
  SRVPGVMDC01.peermont.com
  SRVPGVMDC02.peermont.com
  umfolozi.local
  Secondary
  SRVUMVMDC01.umfolozi.local
  SRVUMVMDC01.umfolozi.local
  Trusts       
  Domain Name
  Trust Type
  Transitive
  Validated
  umfolozi.local
  Forest
  Yes
  Yes
  Migration Process
  Task
  Description
  Successful/Error
  1
  SYNC AD Domain account from source forest (umfolozi.local) to target forest (peermont.com) using BinaryTree SMART Directory Sync (ADMT can be used as alternative)
  Successful
  2
  Create mailed enabled user
  Successful
  3
  Run Prepare-MoveRepuest with –OverWriteLocalObject
  Command Example:
  .\Prepare-MoveRequest.ps1 -Identity [email protected] -RemoteForestDomainController SRVUMVMDC01.umfolozi.local
  -RemoteForestCredential $RemoteCredentials -UseLocalObject -LocalForestDomainController SRVPGVMDC01.peermont.com -LocalForestCredential $LocalCredentials -OverWriteLocalObject
  Successful
  4
  Submit mailbox request
  Command Example:
  New-MoveRequest -Identity "0fa7d17e-3637-4708-a51b-f14eaae17968" -BadItemLimit "50" -TargetDeliveryDomain
  "internal.peermont.com" -TargetDatabase "{c5d6ea95-07b3-4a52-9868-e41e808a76fe}" -RemoteCredential (Get-Credential "umfolozi\svcmigration") -RemoteGlobalCatalog "SRVUMVMDC02.umfolozi.local" -RemoteLegacy:$True
  Error
  All the standard migration task works as expected until the mailbox migration move request is submitted. See move request verbose detail below:
  [PS] C:\Windows\system32>New-MoveRequest -Identity "0fa7d17e-3637-4708-a51b-f14eaae17968" -BadItemLimit "50" -TargetDeli
  veryDomain "internal.peermont.com" -TargetDatabase "{c5d6ea95-07b3-4a52-9868-e41e808a76fe}" -RemoteCredential (Get-Crede
  ntial "umfolozi\svcmigration") -RemoteGlobalCatalog "SRVUMVMDC02.umfolozi.local" -RemoteLegacy:$True -Verbose
  VERBOSE: [11:34:27.346 GMT] New-MoveRequest : Active Directory session settings for 'New-MoveRequest' are: View Entire
  Forest: 'False', Default Scope: 'peermont.com', Configuration Domain Controller: 'SRVPGVMDC02.peermont.com', Preferred
  Global Catalog: 'SRVPGVMDC02.peermont.com', Preferred Domain Controllers: '{ SRVPGVMDC02.peermont.com }'
  VERBOSE: [11:34:27.362 GMT] New-MoveRequest : Runspace context: Executing user: peermont.com/Admin/Users/Admin
  Accounts/Information Technology/SoarSoft/Johann Van Schalkwyk, Executing user organization: , Current organization: ,
  RBAC-enabled: Enabled.
  VERBOSE: [11:34:27.362 GMT] New-MoveRequest : Beginning processing &
  VERBOSE: [11:34:27.362 GMT] New-MoveRequest : Instantiating handler with index 0 for cmdlet extension agent "Admin
  Audit Log Agent".
  WARNING: When an item can't be read from the source database or it can't be written to the destination database, it
  will be considered corrupted. By specifying a non-zero BadItemLimit, you are requesting that Exchange not copy such
  items to the destination mailbox. At move completion, these corrupted items won't be available in the destination
  mailbox.
  VERBOSE: [11:34:27.362 GMT] New-MoveRequest : Searching objects "{c5d6ea95-07b3-4a52-9868-e41e808a76fe}" of type
  "MailboxDatabase" under the root "$null".
  VERBOSE: [11:34:27.362 GMT] New-MoveRequest : Previous operation run on domain controller 'SRVPGVMDC02.peermont.com'.
  VERBOSE: [11:34:27.393 GMT] New-MoveRequest : Current ScopeSet is: { Recipient Read Scope: {{, }}, Recipient Write
  Scopes: {{, }}, Configuration Read Scope: {{, }}, Configuration Write Scope(s): {{, }, }, Exclusive Recipient Scope(s):
   {}, Exclusive Configuration Scope(s): {} }
  VERBOSE: [11:34:27.393 GMT] New-MoveRequest : Searching objects "0fa7d17e-3637-4708-a51b-f14eaae17968" of type "ADUser"
   under the root "$null".
  VERBOSE: [11:34:27.471 GMT] New-MoveRequest : Previous operation run on domain controller 'SRVPGVMDC02.peermont.com'.
  VERBOSE: [11:34:27.471 GMT] New-MoveRequest : Processing object "$null".
  VERBOSE: [11:34:27.487 GMT] New-MoveRequest : [DEBUG] No RequestJob messages found.
  VERBOSE: [11:34:27.487 GMT] New-MoveRequest : [DEBUG] MDB c5d6ea95-07b3-4a52-9868-e41e808a76fe found to belong to Site:
   peermont.com/Configuration/Sites/Peermont
  VERBOSE: [11:34:27.487 GMT] New-MoveRequest : [DEBUG] MRSClient: attempting to connect to 'SRVPGVMEXCH02.peermont.com'
  VERBOSE: [11:34:27.627 GMT] New-MoveRequest : [DEBUG] MRSClient: connected to 'SRVPGVMEXCH02.peermont.com', version
  14.3.178.0 caps:07
  VERBOSE: [11:34:27.627 GMT] New-MoveRequest : [DEBUG] Loading source mailbox info
  VERBOSE: [11:34:28.844 GMT] New-MoveRequest : Failed to reconnect to Active Directory server
  SRVUMVMDC02.umfolozi.local. Make sure the server is available, and that you have used the correct credentials. --> A
  local error occurred.
  VERBOSE: [11:34:28.844 GMT] New-MoveRequest : Admin Audit Log: Entered Handler:OnComplete.
  Failed to reconnect to Active Directory server SRVUMVMDC02.umfolozi.local. Make sure the server is available, and that
  you have used the correct credentials.
      + CategoryInfo          : NotSpecified: (0:Int32) [New-MoveRequest], RemoteTransientException
      + FullyQualifiedErrorId : F48FD74B,Microsoft.Exchange.Management.RecipientTasks.NewMoveRequest
      + PSComputerName        : srvpgvmexch02.peermont.com
  VERBOSE: [11:34:28.859 GMT] New-MoveRequest : Ending processing &
  Troubleshooting Performed
  1. When submitting mailbox move request tried the following credential inputs:
  1.1. DOMAIN\Username
  1.2. FQDN\Username
  1.3. userPrincipalName
  2. Confirmed domain trust between source and target domain is in place and validated.
  3. Confirmed name resolution in source and target domain is functioning as expected.
  4. Confirmed network connectivity between source and target domain controllers as well as source and target exchange servers.
  5. Tried to create new Linked Mailbox to account in source forest, can’t select Global Catologue via the wizard;
  Tried to specify the credentials for the account forest and got the following error when tried to select Global Catalog from wizard:

  The error talk about the credential. Did you check the credential
  Did you tried this command?
  New-MoveRequest -Identity "Distinguished name of User in Target Forest" -RemoteLegacy -TargetDatabase "E2K10 Mailbox Database Name" -RemoteGlobalCatalog "FQDN of Source DC" -RemoteCredential $Remote -TargetDeliveryDomain "Target
  domain name"
  http://blogs.technet.com/b/exchange/archive/2010/08/10/3410619.aspx
  Cheers,
  Gulab Prasad
  Technology Consultant
  Blog:
  http://www.exchangeranger.com    Twitter:
    LinkedIn:
     Check out CodeTwo’s tools for Exchange admins
  Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

• Exchange 2010 disconnect AD user from mailbox and reconnect the mailbox to a new copy of the same user with a different username

  How can i get the following done:
  Exchange 2010 disconnect AD user from mailbox and reconnect the mailbox to a new copy of the same user with a different username?
  i nmust do this for 16 users TODAY, SO PLEASE HELP ME OUT HERE.
  Thanks in advance!!
  kind regards,
  Rene Veldman
  System Administrator Teidem bv, The Netherlands.

  Rene,
  Why are you not changing the username of the existing account, instead of deleting the existing one and creating a new one?
  If you truly need to delete and create new, you can save the GUID for the mailbox (Get-MailboxStatistics <mailbox alias> | Fl MailboxGuid), mail disable the existing account (Disable-Mailbox <mailbox alias>
  will work), clean the mailbox database it was hosted on (Clean-MailboxDatabase
  <database name>), then create your new account and recover the existing mailbox to that new account (Connect-Mailbox -Identity <Guid from before> -Database <Database name> -User <SAM account name of new account> -Alias
  <what you wish to set the alias to>).  In PowerShell, for all steps, you would do the following:
  $MbxAlias = <mailbox alias>
  $NewMbxAcct = <SAM Account Name for new account>
  $NewMbxAlias = <new alias for mailbox>
  $DomCtrl = (dir env:\LOGONSERVER).Value.Substring(2)
  $MbxGuid = (Get-MailboxStatistics $MbxAlias -DomainController $DomCtrl).MailboxGuid
  $MbxDb = (Get-Mailbox $MbxAlias -DomainController $DomCtrl).Database
  Disable-Mailbox $MbxAlias
  Clean-MailboxDatabase $MbxDb
  Connect-Mailbox -Identity $MbxGuid -Database $MbxDb -User $NewMbxAcct -Alias $NewMbxAlias -DomainController $DomCtrl
  You will need to supply the information in bold in the above commands, and you will need to create the new account before you run the above commands.  I include direct use of a specific domain controller so you won't need to worry about replication. 
  If you are changing the account from one domain to another, this will not help, and you will need to wait for replication throughout the process, running the commands individually.

• Exchange 2010 - Resource Mailbox won't send external notification email

  Exchange 2010 with SP1. These mailboxes used to respond to outside booking requests, when we were running Exchange 2007.  I've verified that -ProcessExternalMeetingMessages is set to $true.  The mailbox responds to internal requests with an email. 
  All users are allowed to make "Resource In-Policy Requests".
  I've tried booking from an email address that was setup as a Contact in Exchange - still no luck.
  Any ideas?
  Thanks.

  Martin
  Agency
  Could you share what settings did you use for SMTP connectors?
  I have tried:
  Authentication – Externally Secured
  Permission Group – Exchange Servers
  I can send emails via these connectors, but Room Mailbox still deletes requests from external sender.
  Both organizations have Exch 2010 sp3 RU6, and AD forest 2008R2 level.

• Exchange 2010 Resource Forest - Autodiscover

  Environment:
  Account Forest (No Exchange server installed)
  Resource Forest (Exchange 2010 SP3)
  I understand that a SCP record can be created in the account forest using the following command:  Export-AutoDiscoverConfig -DomainController <FQDN> -TargetForestDomainController <String> -TargetForestCredential $a -MultipleExchangeDeployments
  $true
  Questions:
  1.  Do I need to prep the schema in the Account Forest to create the relevant Exchange configuration before running Export-AutoDiscoverConfig?
  2.  Is the switch MultipleExchangeDeployments $true needed?  Technet states that it's only needed if both forests contain Exchange but also states it's needed for
  multiple accepted email domains? (which we do have) 
  http://technet.microsoft.com/en-us/library/aa998832(v=exchg.141).aspx3. 
  3. Can this change be backed out.  i.e. can the SCP record be removed by using ADSI edit.
  Thanks in advance

  Hi,
  Here are my answers you can refer to:
  1. It depends.
  If Exchange deployment has two or more trusted forests, you must update Active Directory so that Outlook users in one forest can access the CAS servers in the remote (or target) forest to use the Autodiscover service. To do this, we must extend the schema in
  the user forest by running Exchange 2010 Setup with the /PrepareAD or /PrepareSchema switch, and then run the Export-AutodiscoverConfig cmdlet in the resource forest that contains the Client Access servers that provide the Autodiscover service against the
  target forests.
  If you do not want to extend the schema in the user forest, you can update DNS in the user forest with a host record that points to the internal IP address of the Client Access server in the resource forest where Autodiscover is hosted.
  For more information, you can refer to the following article:
  http://www.testlabs.se/blog/2010/11/06/configuring-the-autodiscover-service-for-multiple-forests/
  Note: Microsoft is providing this information as a convenience to you. The sites are not controlled by Microsoft. Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. Please make
  sure that you completely understand the risk before retrieving any suggestions from the above link.
  2. It doesn’t need in your environment.
  When the parameter MultipleExchangeDeployments is set to TRUE you will tell the forests that you have multiple Exchange forests. The parameter will also export the accepted domains which are defined in the Exchange environment.
  3. SCP record can be removed by using ADSI edit:
  On your account domain, open adsiedit.msc, locate the SCP records in 
  CN=Autodiscover,CN=Protocols,CN=<CAS_SERVER>,CN=Servers,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=<ORG>,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=domain,DC=com
  For more information, you can refer to the following thread:
  http://social.technet.microsoft.com/Forums/exchange/en-US/a06686ec-f1dc-4738-b4c5-76c41088e145/configuring-autodiscover-in-resource-forest?forum=exchangesvrdeploylegacy
  If you have any question, please feel free to let me know.
  Thanks,
  Angela Shi
  TechNet Community Support

• Exchange 2010: Resource mailbox not sending conflict notification

  Hi,
  I configured meeting room mailbox on exchange 2010, and I configured it to not allow conflict reservation.
  I tried to sent two meeting requests in same time and it accepted both.
  please advice.

  I have the same issue as above "Resource mailbox not sending conflict notifications and ran the command as suggested but no luck.
  Set-CalendarProcessing -Identity "Conf 212" -AutomateProcessing AutoAccept
  Here are the mailroom settings:
  AutomateProcessing                  : AutoAccept
  AllowConflicts                      : False
  BookingWindowInDays                 : 180
  MaximumDurationInMinutes            : 1440
  AllowRecurringMeetings              : True
  EnforceSchedulingHorizon            : True
  ScheduleOnlyDuringWorkHours         : False
  ConflictPercentageAllowed           : 0
  MaximumConflictInstances            : 0
  ForwardRequestsToDelegates          : True
  DeleteAttachments                   : True
  DeleteComments                      : True
  RemovePrivateProperty               : True
  DeleteSubject                       : False
  AddOrganizerToSubject               : False
  DeleteNonCalendarItems              : True
  TentativePendingApproval            : True
  EnableResponseDetails               : True
  OrganizerInfo                       : True
  AllBookInPolicy                     : False
  RequestInPolicy                     : {}
  AllRequestInPolicy                  : True
  AddAdditionalResponse               : False
  AdditionalResponse                  :
  RemoveOldMeetingMessages            : True
  AddNewRequestsTentatively           : True
  ProcessExternalMeetingMessages      : False
  RemoveForwardedMeetingNotifications : False
  Any help would be greatly appreciated.
  Thai

• Exchange 2010 add new email address space and additional smtp address to all recipients

  HI
  Our company is being bought and we need to change the email address for every recipient within the business group/user.
  I have added the new domain to the Accepted Domains and have confirmed that if I manually change a users smtp address that mail flow works and the postmaster account receives email.
  looking in the E-mail address policies section within the EMC we currently have 2 polices one for the current company policy call company.co.uk with a priority 1 and one called Default policy.
  when I try to edit these I get a warning message which states that this policy was created with an earlier version of exchange I have looked on our exchange 2003 environment and have found the polices and can edit them.
  Now my questions are 
  1. should I create the policy on the exchange 2003 environment or 2010
  2. if I create a new policy on the exchange 2010 environment what will happen to the old addresses?
  3. I must be able to preserve the old addresses and must make the new address space the primary address?
  if anyone could help with the steps required or if there are any gotcha to avoid.
  thanks

   1. should I create the policy on the exchange 2003 environment or 2010
   You have to create in Exchange2010
  2. if I create a new policy on the exchange 2010 environment what will happen to the old addresses?
  Email address policy will change the email address if applied immediately except for the users which has "Automatically update email addresses based on e-mail address policy" option turned on
  You will get the list of users with "Automatically update email addresses based on e-mail address policy" option turned off by the below command.
  Get-Mailbox -ResultSize Unlimited | Where {$_.EmailAddressPolicyEnabled -eq $False}
  3. I must be able to preserve the old addresses and must make the new address space the primary address?
  Yes but you can keep only one as replying address.
  Please keep both address in the email address policy to preserve old email address to the users.
  If you want an autoreply, then use a hub transport rule in Exchange an Outlook rule and allow auto-replies to the internet. (auto-replies to the outside network is not a good idea)
  Here is a similar case
  http://exchangeserverpro.com/email-address-policies-in-mixed-exchange-20032007-organisations/
  Thanks, MAS
  Please mark as helpful if you find my comment helpful or as an answer if it does answer your question. That will encourage me - and others - to take time out to help you.

• Same CAS Array Exchange 2010 (HLB), with OS Windows 2008R2 and Windows 2012.

  Hello,
  We have a 10 node DAG (Exchange 2010 SP3, Windows 2008 R2), with 2 CasArray.
  We are planning to add news (multirole) servers and create a new DAG (Exchange 2010 SP3, Windows 2012) in this infra, in the same AD site, to migrate all mailbox from the other DAG (Migration from virtual servers to physical servers).
  So we use the same CasArray (HLB, with F5) with différent OS version, during the migration time (1 month or more). I haven't found anything that say it's not supported or can be problematic.
  Have you feedback or advice?
  Thanks,
  Sébastien

  Hi,
  Based on my knowledge, there is no need to deploy a CAS array with CAS servers running on the same Window version. The version can be different.
  After a Client Access server array is defined within an Active Directory site, all Client Access servers within that Active Directory site are automatically part of the Client Access server array.
  Best regards,
  Belinda
  Belinda Ma
  TechNet Community Support

• SharePoint 2010 User Integration with Exchange 2010 New Users Created as Hidden and Later Unhidden not receiving email from SharePoint

  When we have a new employee transfer to us from another department, their email is created and hidden until they actually make the transfer so they don't have two different email addresses in our global address list.  When the transfer is made, the
  email address is unhidden, but then we are unable to send emails to them from sharepoint 2010 without doing an IISReset.  We are using Exchange 2010.  Does anyone have suggestions on how to alleviate this issue?

  Hi,
  I have done a test, no matter the email address is hidden or not, we can both send email to the email address in the same domain.
  How was the new employee from another department transferred to your department?
  Whether sending emails to them need do an IIS Reset everytime.
  Here is a similar post, you can take a look at:
  https://social.technet.microsoft.com/forums/sharepoint/en-US/6a9043bb-2055-46a9-8e76-8b2698c1dbe5/user-not-receiving-sharepoint-emails
  Best Regards,
  Lisa Chen

• ISA 2006 publish Exchange 2010 Outlook Anywhere with KCD/NTLM and IPSEC - Problem

  Hi
  I have setup ISA 2006 to publish Exchange 2010 Outlook Anywhere with Kerberos Constrained Delegation and IPSEC.
  The clients have an IPSEC policy pushed to them via GPO.  The clients are windows 7 laptops and the ISA server is server 2003, so the IPSEC connection is IKE not AuthIP.
  However, it seems that the connection will work for a while, then all of a sudden stop working with zero trace of why.  I cant get the Oakley log to work and I cant see any traffic on the ISA.
  I am wondering if I need to publish the CRL's externally?  Currently we don't, and the Outlook Anywhere uses private certificates (as the whole point of IPSEC is to validate the internal certificate, there is no point in using
  public certificates).
  I have tried using the StrongCRLCheck=0 registry key in the IPsec Policy Agent on the windows 7 machine but it doesn't seem to make a difference.
  Any advice would be appreciated.
  Steven

  Hi,
  Firstly, have you received any related error messages in ISA server or on the clients' side? Besides, as you mentioned IPsec, did you have a VPN connection?
  In addition,
  While ISA 2006 only includes a Client Access Web Publishing Wizard for both Exchange 2003 and Exchange 2007. Which Exchange version you have chosen when publishing Exchange 2010?
  Please also make sure that you have selected the
  External interface for the web listener to listen on.
  Besides, the link below would be helpful to you:
  OWA publishing using Kerberos Constrained Delegation
  method for authentication delegation
  Best regards,
  Susie

• Exchange 2010, Outlook Anywhere, Autodiscover, SAN Certs and ISA 2004

  Hi
  Everything I have read says that SAN certs do not work with ISA 2004.  However I have read through the "White Paper: Understanding the Exchange 2010 Autodiscover Service" document to understand my options (url below) and notice that the SAN
  cert option in the "Summary of supported scenarios for connecting to the Autodiscover service from the Internet" section implies that ISA 2004 may be able to work:
  "Requires additional configuration if used together with either ISA Server 2004 or ISA Server 2006"
  http://technet.microsoft.com/en-us/library/jj591328(v=exchg.141).aspx
  Does anyone know if there is a supported ISA 2004 scenario where SAN certs can work?
  Thanks!

  It's highly doubtful, since ISA 2004 has been in extended support for two years.  See
  http://blogs.technet.com/b/isablog/archive/2009/10/05/mainstream-support-ending-for-isa-server-2004-standard-edition-sp3.aspx for details about ISA 2004 support - it goes totally out of support next year.

• Exchange 2010 - All users can delete scheduled and accepted meetings in a room mailbox

  Hello Everyone,
       I have a strange situation.  I created 4 conference room "room" mailboxes for calendaring of the conference rooms.  We tested to see if user A booked a meeting in room 1 - that user B could not go delete or change
  that meeting if it was accepted.
       Now - for some reason - user B (or any other user on Exchange) can now go delete any meeting made by anyone and has been accepted on the calendar.  I cannot figure out what has happened to my permissions that is letting this
  happen. As far as I know - we have not made any changes to these room mailboxes.   We are Exchange 2010  version 14.01.0355.002.

  Hi
  Have a try with the steps on this thread
  http://social.technet.microsoft.com/Forums/en-US/exchangesvradmin/thread/ed89d6ac-0c48-43a8-8ed4-3d4f5d441737
  1.       Create a test mailbox as a new room mailbox, remove all permission on the Properties of “Mailbox” and “Calendar”
  Notes: Confirm the permission under “Default” and “Anonymous” account is “None”
  2.       Use “Delegate” function in “Tools” menu to share calendar for “TESTALL” group as “Author”
  3.       Go to the Properties of calendar in room mailbox, confirm “Author” permission
  4.       In User C’s outlook, see if you still can delete the calendar item that User A created
  Cheers
  Zi Feng
  TechNet Community Support

• Opportunistic TLS between our Exchange 2010 SP3 on Premise (WIth Edge) and Exchange Online Protection.

  Hi,
  We would like to configure Opportunistic TLS between our Exchange 2010 SP3 On Premise Systems (with Edge) and EOP.
  I can see that Opportunist TLS is enabled on both the send and receive connectors in EOP. SO I think no change required here.
  The On premise Send Connector (Configured by EdgeSync) does not have the option for Opportunistic TLS. Under "Configure Smart Host Authentication Settings" it is currently set to "None". I have the option for "Basic Authentication
  over TLS" but this requires a Username and Password. No option for Opportunistic TLS. When I look at the properties of the send connector (get-sendconnector "sendconnector_name" | fl) I
  can see that the IgnoreSTARTTLS parameter is set to FALSE - so I think that means it is enabled. So I think no changes required here- right?
  The receive connector on the Edge Server has the TLS option on the Authentication tab - so I guess I just check that option right?
  The Edge servers also run TMG and the two are integrated. I don't think this changes anything but thought I would include it in case it does.
  Anything I have missed?
  Thanks very much.
  Geoff
  ilmuro69

  Hi,
  We would like to configure Opportunistic TLS between our Exchange 2010 SP3 On Premise Systems (with Edge) and EOP.
  I can see that Opportunist TLS is enabled on both the send and receive connectors in EOP. SO I think no change required here.
  The On premise Send Connector (Configured by EdgeSync) does not have the option for Opportunistic TLS. Under "Configure Smart Host Authentication Settings" it is currently set to "None". I have the option for "Basic Authentication
  over TLS" but this requires a Username and Password. No option for Opportunistic TLS. When I look at the properties of the send connector (get-sendconnector "sendconnector_name" | fl) I
  can see that the IgnoreSTARTTLS parameter is set to FALSE - so I think that means it is enabled. So I think no changes required here- right?
  The receive connector on the Edge Server has the TLS option on the Authentication tab - so I guess I just check that option right?
  The Edge servers also run TMG and the two are integrated. I don't think this changes anything but thought I would include it in case it does.
  Anything I have missed?
  Thanks very much.
  Geoff
  ilmuro69

• Exchange 2010 Email not Syncing, but Contacts and Calendar do???

  Anyone have any feedback on this? I have tried deleting and readding my Exchange 2010 account several times and same result.
  No emails are displaying at all. However, all of my contacts are appearing in the contacts app and so are calendar entries. Also, when I go into the settings and choose which folders to have push email, I see a list of all of my exchange folders, so I know it is seeing the server.
  Any idea why the emails are not appearing? I have tried all combinations of different settings and can't get them to appear.
  Thanks

  Are either of you part of protected groups in active directory/exchange? Such as the built ins. i.e Domain Admin/Account Operator etc?

• Exchange 2010 Mailboxes - Can't search delegate's subfolders without full access permission?

  Has anyone run into this situation?  Might be straightforward but I'm not running into a solution..
  I have two users on an Exchange 2010 server, accessing through Outlook 2010.  One is a delegate of the other's mailbox, and has owner permissions to see all the mail, subfolders, send on their behalf, etc...but when they go to search for an email
  (control-shift-F, then click on browse, find a folder that has subfolders...and select it), they don't have access to "include subfolders".  It's grayed out.  
  If I go to the main mailbox and grant full mailbox permissions to the other user, they CAN search and "include subfolders" isn't grayed out, all works properly...but obviously is a bit overkill permission-wise.    
  ...question is, what permission would be allowing a delegate to send on behalf, delete, read, list, etc. another person's email, but not letting the search be more than one folder level deep?
  Thanks in advanace
  Pete 

  Hi,
  First please try to tick “Enable indexing of online delegate mailboxes”
   via the steps below:
  1.Please run gpedit.msc from a command prompt.
  2. Expand Computer Configuration ->Administrator templates->windows components->click “Search”
  3. Double Click on “Enable indexing of online delegate mailboxes” option
  4. Select “Enabled” and click “ok” to close “Local Group Policy Editor”
  5. After that please run “gpupdate /force”
  6. Restart Microsoft Outlook
  Also please add the following registry key to the user computer to enable index in delegate mailboxes.
  Key: HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windows search
  DWORD: EnableIndexingDelegateMailboxes
  Value: 1
  Note: Indexing the contents of delegate mailbox folder. Using this method we can search through the delegate mailbox folders but we have to specify the folder in which one wants to search an
  Outlook items.
  After that, please rebuild the indexing with
  ResetSearchIndex.ps1
  How to Rebuild the Full-Text Index Catalog
  http://technet.microsoft.com/en-us/library/aa995966(v=exchg.80).aspx
  Please test the issue via outlook online mode after you have rebuild the indexing.
  Xiu Zhang
  TechNet Community Support