Retention Policy not working
Hello
I have read through multiple Q&A on this subject, but don't really see a solution or understand it
Exchange 2010 SP3 RU 5
RPT
Tag Type - Deleted Items
Age Limit 21 days
Action Permanently Delete
RP - Added to 3 users
Users have deleted email going back 3 years. If I check the deleted Items Policy tab, says policy is applied delete trash older that 21 days.
I set this policy 5 days ago, nothing being deleted.
Is it true I have to wait 21 days for the policy to take effect, I have seen a few people state that, which makes no sense.
Or is it simply not working
Thanks
Hi,
Could you please run the start-managedfolderassistant command against these users to check the result? Is it the same issue?
Did you run Outlook in cached mode? If so, please change to online mode to check if you still see these old emails in the Deleted Items folder.
Theoretically, in Microsoft Exchange Server 2010, the retention age for items in the Deleted Items default folder is calculated based on the date of delivery unless the item was moved or deleted from a folder that doesn't have an inherited or implicit retention
tag. If you need more information, please refer to following article:
How Retention Age is Calculated
http://technet.microsoft.com/en-us/library/bb430780(v=exchg.141).aspx
Thank you for your time. If you have any questions, please feel free to let me know.
Best regards,
Belinda
Belinda Ma
TechNet Community Support
Similar Messages
-
Retention Policy not working for OWA accounts
I have Exchange 2010 running, with 100% of users using OWA, not Outlook as their mail client.
I have one use that wants to have messages in all his folders deleted at the end of each day. Specifically, these folders are under the Inbox, but are subfolders in the Inbox, not the Inbox itself.
I set up a retention policy tag with the Tag Type "All other Folders in the Mailbox", with age limit for retention for 1 day, and the action to delete and allow recovery.
Then I applied the Retention policy just to that one users.
The next morning, all the messages from the day before were still there. Did I miss something in the setup?
Does the "1 day" retention delete messages after 24 hours of the message being there, or at the end of each day can I have it delete all the previous messages?
Does this have something to do with the fact that we are running OWA, not Outlook? I can right click on the folders and view retention policy...it just says "Use Parent Folder Policy"...nowhere can I find the parent folders policy.
Any advice would be appreciated.Hi,
For your retention policy not working issue, we can try the following troubleshooting:
1. Please check whether it has Event ID 9017 and 9018, to make sure the MRM working well.
2. Please check the Managed Folder Assistant service is working well.
3. Please use MFCMAPI Tool to check the "PR_MESSAGE_DELIVERY_TIME" and "PR_CREATION_TIME" properties on the items that should be removed.
If you have any question, please feel free to let me know.
Thanks,
Angela
Angela Shi
TechNet Community Support -
Exchange 2013 CU3 Retention Policy Not working for Calendar & Tasks
We are currently on Exchange 2013 CU3 with Online Archiving Enabled for the user
Default policy is set to move all the items in mailbox which are older than 30 days to online archive mailbox.
Calendar and Tasks Items are also getting archived alongwith other Outlook items from Inbox,Deleted Items etc
Followed Technet website and created RPT for Calendar and Tasks with retention disabled
Still DPT takes precedence and move all the items under Calendar and Task to Online Archive MailboxHi Sam,
I recommend you refer to the following article, despite this for Exchange 2010, however the same applies to exhcnage 2013:
Prevent archiving of items in a default folder in Exchange 2010
To prevent the <acronym title="Default Policy Tag">DPT</acronym> from being applied to a default folder, you can create a disabled <acronym title="Retention Policy Tag">RPT</acronym> for that folder (or disable
any existing RPT for that folder). The Managed Folder Assistant, a mailbox assistant that processes mailbox items and applies retention policies, does not apply the
retention action of a disabled tag. Since the item/folder still has a tag, it's not considered untagged and the DPT isn't applied to it.
Why are items in the Notes folder still archived?
If you create a disabled <acronym title="Retention Policy Tag">RPT</acronym> for the
Notes folder, you'll see items in that folder are not deleted, but they do continue to be moved to the archive! Why does this happen? How do you prevent it?
It's important to understand that:
A retention policy can have a <acronym title="Default Policy Tag">DPT</acronym> to
archive items (using the Move to Archive retention action) and a DPT to
delete items (using the Delete and Allow Recovery or
Permanently Delete retention actions). Both apply to untagged items.
The move and delete actions are exclusive of each other. Mailbox folders and messages can have both types of tags applied - an archive tag and a delete tag. It's not an either/or proposition.
If you create a disabled RPT for the Notes folder to not delete items, the archive DPT for the mailbox would still apply and move items.
When it comes to archiving, there's only one archive policy that administrators can enforce – the <acronym title="Default Policy Tag">DPT</acronym> with 'Move to archive' action.
You can't create a <acronym title="Retention Policy Tag">RPT</acronym> with the 'Move to archive' action. This rules out using the disabled RPT approach to prevent items from being moved.
Best regards,
Niko Cheng
TechNet Community Support -
Import/removal policy not working javax.naming.NameNotFound
Hi, i am experiencing some problems with my import/removal policy...more so the removal workstation policy not working.
When the policy schedule time initiates - the following shows up on the zenworks removal workstation removal screen:
30-Oct-2009 17:35:39 javax.naming.NameNotFoundException [Root exception is com.novell.service.jncp.NDSException: ccode = -601 (0xfffffda7)]
I keep seeing this on the screen and in the zenwsrem.log file.
I am running:
Zenworks 6.5 sp2
Netware 6.5 sp5
Can anyone help as i want to keep my tree clean from all the thousands of workstation objects that are generating and are mostly redundant.
Any help with this would be very helpful.
I do not know why this is happening...i have read a few tids, but the naming of my container does not use any special characters, just "Workstations".
regards
DennisDid any of the removals succeed?
i.e.
20-Sep-2009 23:00:31 Removed workstation:T82715.Workstations.BilletRd.WF
20-Sep-2009 23:00:32 Removed workstation:T87490.Workstations.BuxtonRd.WF
20-Sep-2009 23:00:32 Removed workstation:T87810.Workstations.BuxtonRd.WF
Are they still in eDir?
I'm assuming that edir is clean.. so the only other thing that would come to
mind is that the server/workstation policy doesn't have rights to delete
from the OU's your workstations are in?
I didn't go thru the log exactly line by line, but it looks like its always
bombing on workstations in
your BuxtonRd.WF and CecilRd.WF containers.
>>> On 11/5/2009 at 10:26 AM, in message
<[email protected]>,
dchitolie<[email protected]> wrote:
> In relation to the tid, i do not have any / in my containers?
> Here is my Zenwsrem.log:
>
> NameNotFoundException [Root exception
> iscom.novell.service.jncp.NDSException: ccode = -601 (0xfffffda7)]
> 27-Dec-2008 23:00:04 javax.naming.NameNotFoundException [Rootexception
> is com.novell.service.jncp.NDSException: ccode = -601(0xfffffda7)]
> 03-Jan-2009 23:00:03 Removed
workstation:T87306.Workstations.BuxtonRd.WF
> 03-Jan-2009 23:00:04 javax.naming.NameNotFoundException [Rootexception
> is com.novell.service.jncp.NDSException: ccode = -601(0xfffffda7)]
> 10-Jan-2009 23:00:50 Removed
workstation:T84740.Workstations.BilletRd.WF
> 10-Jan-2009 23:00:50 Removed
workstation:T87424.Workstations.BilletRd.WF
> 10-Jan-2009 23:00:50 Removed
workstation:T87324.Workstations.BuxtonRd.WF
> 10-Jan-2009 23:00:51 javax.naming.NameNotFoundException [Rootexception
> is com.novell.service.jncp.NDSException: ccode = -601(0xfffffda7)]
> 17-Jan-2009 23:00:16 javax.naming.NameNotFoundException [Rootexception
> is com.novell.service.jncp.NDSException: ccode = -601(0xfffffda7)]
> 31-Jan-2009 23:00:07 Removed
workstation:T85290.Workstations.BilletRd.WF
> 31-Jan-2009 23:00:08 javax.naming.NameNotFoundException [Rootexception
> is com.novell.service.jncp.NDSException: ccode = -601(0xfffffda7)]
>
> 14-Mar-2009 23:00:36 Removed
workstation:T87327.Workstations.BuxtonRd.WF
> 14-Mar-2009 23:00:37 Removed
workstation:T87484.Workstations.BuxtonRd.WF
> 14-Mar-2009 23:00:39 Removed workstation:T93380.Workstations.CecilRd.WF
> 14-Mar-2009 23:00:39 javax.naming.NameNotFoundException [Rootexception
> is com.novell.service.jncp.NDSException: ccode = -601(0xfffffda7)]
> 22-Mar-2009 23:00:04 javax.naming.NameNotFoundException [Rootexception
> is com.novell.service.jncp.NDSException: ccode = -601(0xfffffda7)]
> 28-Mar-2009 23:00:48 Removed workstation:T88849.Workstations.CecilRd.WF
> 28-Mar-2009 23:00:49 javax.naming.NameNotFoundException [Rootexception
> is com.novell.service.jncp.NDSException: ccode = -601(0xfffffda7)]
> 29-Mar-2009 23:00:27 javax.naming.NameNotFoundException [Rootexception
> is com.novell.service.jncp.NDSException: ccode = -601(0xfffffda7)]
> 02-Apr-2009 17:51:08 Could not authenticate as policy:
> 05-Apr-2009 23:00:31 Removed workstation:T8102T.Workstations.CecilRd.WF
> 05-Apr-2009 23:00:32 javax.naming.NameNotFoundException [Rootexception
> is com.novell.service.jncp.NDSException: ccode = -601(0xfffffda7)]
> 12-Apr-2009 23:00:23 javax.naming.NameNotFoundException [Rootexception
> is com.novell.service.jncp.NDSException: ccode = -601(0xfffffda7)]
> 17-Apr-2009 11:12:04 Could not authenticate as policy:
> 19-Apr-2009 23:00:23 javax.naming.NameNotFoundException [Rootexception
> is com.novell.service.jncp.NDSException: ccode = -601(0xfffffda7)]
> 26-Apr-2009 23:00:21 javax.naming.NameNotFoundException [Rootexception
> is com.novell.service.jncp.NDSException: ccode = -601(0xfffffda7)]
> 03-May-2009 22:59:55 javax.naming.NameNotFoundException [Rootexception
> is com.novell.service.jncp.NDSException: ccode = -601(0xfffffda7)]
> 10-May-2009 23:00:04 Removed workstation:T88842.Workstations.CecilRd.WF
> 10-May-2009 23:00:04 javax.naming.NameNotFoundException [Rootexception
> is com.novell.service.jncp.NDSException: ccode = -601(0xfffffda7)]
> 17-May-2009 23:00:22 javax.naming.NameNotFoundException [Rootexception
> is com.novell.service.jncp.NDSException: ccode = -601(0xfffffda7)]
> 24-May-2009 22:59:47 javax.naming.NameNotFoundException [Rootexception
> is com.novell.service.jncp.NDSException: ccode = -601(0xfffffda7)]
> 31-May-2009 23:00:15 javax.naming.NameNotFoundException [Rootexception
> is com.novell.service.jncp.NDSException: ccode = -601(0xfffffda7)]
> 07-Jun-2009 23:00:49 javax.naming.NameNotFoundException [Rootexception
> is com.novell.service.jncp.NDSException: ccode = -601(0xfffffda7)]
> 14-Jun-2009 23:00:04 javax.naming.NameNotFoundException [Rootexception
> is com.novell.service.jncp.NDSException: ccode = -601(0xfffffda7)]
> 21-Jun-2009 23:00:38 Removed workstation:T88834.Workstations.CecilRd.WF
> 21-Jun-2009 23:00:38 javax.naming.NameNotFoundException [Rootexception
> is com.novell.service.jncp.NDSException: ccode = -601(0xfffffda7)]
> 28-Jun-2009 08:09:11 No removal policy found.
> 28-Jun-2009 09:08:54 No removal policy found.
> 28-Jun-2009 10:08:37 No removal policy found.
> 28-Jun-2009 11:08:20 No removal policy found.
> 28-Jun-2009 12:08:03 No removal policy found.
> 28-Jun-2009 13:07:45 No removal policy found.
> 28-Jun-2009 14:07:28 No removal policy found.
> 28-Jun-2009 15:07:11 No removal policy found.
> 28-Jun-2009 16:06:55 No removal policy found.
> 28-Jun-2009 17:06:37 No removal policy found.
> 28-Jun-2009 18:06:20 No removal policy found.
> 28-Jun-2009 19:06:03 No removal policy found.
> 28-Jun-2009 20:05:46 No removal policy found.
> 28-Jun-2009 21:05:29 No removal policy found.
> 28-Jun-2009 22:05:12 No removal policy found.
> 28-Jun-2009 22:55:58 No removal policy found.
> 28-Jun-2009 23:04:55 No removal policy found.
> 29-Jun-2009 00:04:38 No removal policy found.
> 29-Jun-2009 01:04:21 No removal policy found.
> 29-Jun-2009 02:04:04 No removal policy found.
> 29-Jun-2009 03:03:47 No removal policy found.
> 29-Jun-2009 04:03:30 No removal policy found.
> 29-Jun-2009 05:03:13 No removal policy found.
> 29-Jun-2009 06:02:56 No removal policy found.
> 29-Jun-2009 07:02:38 No removal policy found.
> 29-Jun-2009 08:02:22 No removal policy found.
> 29-Jun-2009 09:02:05 No removal policy found.
> 05-Jul-2009 23:00:30 javax.naming.NameNotFoundException [Rootexception
> is com.novell.service.jncp.NDSException: ccode = -601(0xfffffda7)]
> 12-Jul-2009 23:00:44 Removed workstation:T82363.Workstations.CecilRd.WF
> 12-Jul-2009 23:00:44 javax.naming.NameNotFoundException [Rootexception
> is com.novell.service.jncp.NDSException: ccode = -601(0xfffffda7)]
> 19-Jul-2009 23:00:28 javax.naming.NameNotFoundException [Rootexception
> is com.novell.service.jncp.NDSException: ccode = -601(0xfffffda7)]
> 26-Jul-2009 23:00:19 javax.naming.NameNotFoundException [Rootexception
> is com.novell.service.jncp.NDSException: ccode = -601(0xfffffda7)]
> 02-Aug-2009 23:00:41 javax.naming.NameNotFoundException [Rootexception
> is com.novell.service.jncp.NDSException: ccode = -601(0xfffffda7)]
> 09-Aug-2009 23:00:22 javax.naming.NameNotFoundException [Rootexception
> is com.novell.service.jncp.NDSException: ccode = -601(0xfffffda7)]
> 16-Aug-2009 23:00:22 Removed
workstation:T85264.Workstations.BuxtonRd.WF
> 16-Aug-2009 23:00:22 Removed
workstation:T85266.Workstations.BuxtonRd.WF
> 16-Aug-2009 23:00:24 javax.naming.NameNotFoundException [Rootexception
> is com.novell.service.jncp.NDSException: ccode = -601(0xfffffda7)]
> 23-Aug-2009 23:00:20 Removed
workstation:T85261.Workstations.BuxtonRd.WF
> 23-Aug-2009 23:00:21 javax.naming.NameNotFoundException [Rootexception
> is com.novell.service.jncp.NDSException: ccode = -601(0xfffffda7)]
> 30-Aug-2009 23:00:02 javax.naming.NameNotFoundException [Rootexception
> is com.novell.service.jncp.NDSException: ccode = -601(0xfffffda7)]
> 06-Sep-2009 23:00:19 Removed workstation:T82722.Workstations.CecilRd.WF
> 06-Sep-2009 23:00:20 javax.naming.NameNotFoundException [Rootexception
> is com.novell.service.jncp.NDSException: ccode = -601(0xfffffda7)]
> 13-Sep-2009 23:00:13 Removed
workstation:T85336.Workstations.BilletRd.WF
> 13-Sep-2009 23:00:15 javax.naming.NameNotFoundException [Rootexception
> is com.novell.service.jncp.NDSException: ccode = -601(0xfffffda7)]
> 20-Sep-2009 23:00:31 Removed
workstation:T82715.Workstations.BilletRd.WF
> 20-Sep-2009 23:00:32 Removed
workstation:T87490.Workstations.BuxtonRd.WF
> 20-Sep-2009 23:00:32 Removed
workstation:T87810.Workstations.BuxtonRd.WF
> 20-Sep-2009 23:00:33 javax.naming.NameNotFoundException [Rootexception
> is com.novell.service.jncp.NDSException: ccode = -601(0xfffffda7)]
> 27-Sep-2009 23:00:03 Removed
workstation:T85179.Workstations.BilletRd.WF
> 27-Sep-2009 23:00:04 Removed
workstation:T87494.Workstations.BuxtonRd.WF
> 27-Sep-2009 23:00:05 javax.naming.NameNotFoundException [Rootexception
> is com.novell.service.jncp.NDSException: ccode = -601(0xfffffda7)]
> 04-Oct-2009 23:00:22 javax.naming.NameNotFoundException [Rootexception
> is com.novell.service.jncp.NDSException: ccode = -601(0xfffffda7)]
> 11-Oct-2009 23:00:03 javax.naming.NamingException [Root exception
> iscom.novell.service.jncp.NDSException: ccode = -637
> (0xfffffd83)];remaining name 'T87395'
> 11-Oct-2009 23:00:04 javax.naming.NameNotFoundException [Rootexception
> is com.novell.service.jncp.NDSException: ccode = -601(0xfffffda7)]
> 18-Oct-2009 23:00:35 Removed
workstation:T87395.Workstations.BuxtonRd.WF
> 18-Oct-2009 23:00:36 javax.naming.NameNotFoundException [Rootexception
> is com.novell.service.jncp.NDSException: ccode = -601(0xfffffda7)]
> 30-Oct-2009 17:30:31 javax.naming.NameNotFoundException [Rootexception
> is com.novell.service.jncp.NDSException: ccode = -601(0xfffffda7)]
> 30-Oct-2009 17:35:39 javax.naming.NameNotFoundException [Rootexception
> is com.novell.service.jncp.NDSException: ccode = -601(0xfffffda7)]
>
> Any ideas.....
> thanks
> regards
>
> Dennis--
dchitolie-------------------------------------------------------------------
-----dchitolie's Profile:
> http://forums.novell.com/member.php?userid=4304View this thread:
> http://forums.novell.com/showthread.php?t=391202 -
Throttling policy not working on Exchange 2013 CU6
Hi,
We have a test throttling policy to restrict a mailbox to send at most 2 messages
per minute in our live Exchange 2013 CU6 enviroment. It was associated to a test mailbox. We have separated installed 2 mailboxe and 2 cas server roles in our enviroment. I have checked latest CU-s (7 & 8) but these are
not fixing any related bugs.
We tried lots of workaround (see below list) and solutions to fix this but it is still not working with outlook MAPI and OWA client.
Throttling policy not working
smtp service restart
RPC Client Acces service restart
The policy details:
Get-ThrottlingPolicy low_rate_limit |fl *limit*
MessageRateLimit : 2
RecipientRateLimit : 1000
Get-mailbox [email protected] | fl ThrottlingPolicy
ThrottlingPolicy : low_rate_limit
Do you have any idea what is the problem?
Thank you in advance.
br,
ZoltanHi Zoltan,
Base on my research, you need to configure the MessageRateLimit parameter on receive connector also.
The MessageRateLimit parameter specifies the maximum number of messages that can be sent by a single client IP address per minute. The default value for a Receive connector configured in the Transport service on a Mailbox server is
unlimited. The default value for a Receive connector configured on an Edge server is 600 messages per minute. The valid input range for this parameter is 1 to 2147483647. To remove the message rate limit on a Receive connector, enter a value of
unlimited.
https://technet.microsoft.com/en-us/library/bb125140(v=exchg.150).aspx
Best regards,
Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected]
Niko Cheng
TechNet Community Support -
Personal tags in Retention Policy only working in OWA, not Outlook 2010 client
Version: Exchange 2010 SP2
Client: Office Professional Plus 2010 SP1
As we don't want to enforce retention or archiving policies, but still give users the options to add tags to folders I set up new Retention Policy with the following tags only:
-Personal 1 Year move to archive with age limit of 365
-Personal 2 Year move to archive with age limit of 730
After enabling the Archive for a test user and adding their mailbox to the retention policy, in Outlook client assigned the "Personal 1 Year move to archive" tag (from Ribbon) to a folder with email going back several years. I ran Folder Assistant
in PS for that mailbox, but nothing happened.
I then assigned same tag to same folder using in
OWA and it worked immediately after running the Folder Assistant.
ManagedFolderWorkCycle is set with default setting of 1 day.
I have seen other posts and have tried the above in non-cached mode with no change.
I posted this in the Partner Network forum too but not much luck there
Has anyone come across this before?
Thanks,I decided to document exact steps trying to use Message Management on a different mailbox. Steps and results below. Note all these steps
were with Outlook in online mode:
Executive summary
Adding tags to a folder in OWA works as expected. The same process in Outlook client (even in Online mode) does not.
1. Enabled Archive for mailbox
2. Assigned Policy
3. Opened Mailbox in Outlook client (2010 Professional Plus SP1)
4. Assigned 1 Year tag to a folder with emails going back 2+ years
5. Ran "Start-ManagedFolder Assistant" on Exch Svr
6. Opened mailbox in OWA, folder does not show as having policy assigned
7. Opened Outlook
8. Checked in Ribbon if policy still assigned to folder, none showing as selected
9. Checked Archive, only some mails moved to archive, many that are much older than 1 year not moved
10. Re-set same tag in Ribbon
11. Closed Outlook, re-opened, tag still not showing as assigned
12. Opened Mailbox in OWA
13. Added 1-year tag to another folder with emails going back 2+ years
14. Re-ran StartManagedFolderAssistant on Exch Svr
15. Opened Mailbox in OWA
16. All emails correctly matching the tag moved to the archive
17. Policy added to folder in OWA showing as assigned correctly
18. Policy added to folder in Outlook not showing as having a tag assigned
19. Opened Outlook
20. Tags in Ribbon still not showing as having policy assigned
21. Properties of folder changed through Outlook showing as having “Parent Policy”
22. Properties of folder changed through OWA showing correct tag/policy -
Retention policies not working
We are in the progress of migrating from Exchange 2007 to 2010, and I can't seem to get retention policies working in 2010. I want to delete everything in a mailbox at 180 days old. I have set a simple Retention tag via the EMC for "all other
folders in the mailbox" with an Action of "Permanently Delete". I have assigned this tag to a retention policy via the EMC, and then assigned mailboxes to the policy via the EMC. I then run Start-ManagedFolderAssistant -identity
"Last, First" from the command shell.
The process does not seem to delete items over 180 days. What am I doing wrong?Hi,
Please check whether there is the Event ID 9017 and 9018, make sure the MRM works well.
And please restart the Microsoft Exchange Mailbox Assistants service to check the result.
If possible, please create a new test user and apply retention policy to this user to check the result.
If the issue persists, I recommend you increase the diagnostic logging level for the MRM, and then monitor the events in the application log to check if there is related events.
Best regards,
Belinda
Belinda Ma
TechNet Community Support -
Retention policy not removing items after 14 days?
Hello and good day all.
I hope some one can help with this. I have an Exchange 2013 server and i need to set a Retention policy to delete items from select mailboxes after 14 days. These boxes get automated log emails that are only needed if a problem is reported that day. Otherwise
they are trash. no users check these boxes and so they tend to fill up.
The following was all done in the web interface.
In "Retention tags" screen I have a policy called "14Days" and it is set "Delete and allow Recovery" then period is "In Days" 14
This is then in the "Retention Policy" Screen added to a policy called "2Weeks"
I then added this in "Mailbox Features" screen to the select boxes.
All this done 26 days ago. I figured i need to wait the 14 days for the cycle to come around. However these boxes still have items from September in them. I used a command line to verify the policy is on the mail boxes.
Some items are in the in-boxes and some are in deleted items.
Steven Davis of Parabit SystemsHello and good morning. The mystery continues.
in event log is have items 9017 saying the work cycle started and there are 14 boxes on this data base. Then i have an event 9018 saying 14 were processed.
Does it matter that I have 4 Mailbox databases? the ones to have this policy are all in a single data base.
There are no other policy's created or defined other then the ones that came with exchange that we don't use.
I created a new policy with a 15 day retention and applied it to a box.
Next i cleared the entire event log and then ran "Start-ManagedFolderAssistant" to force it on
the mailbox.
so then just to check i ran "Get-RetentionPolicyTag
-Identity "15 day retention " | fl"
And it looks okay.
RunspaceId : b9b594a6-9e08-4ddd-aa68-5998e687388c
MessageClassDisplayName : All Mailbox Content
MessageClass : *
Description : Managed Content Settings
RetentionEnabled : True
RetentionAction : DeleteAndAllowRecovery
AgeLimitForRetention : 15.00:00:00
MoveToDestinationFolder :
TriggerForRetention : WhenDelivered
MessageFormatForJournaling : UseTnef
JournalingEnabled : False
AddressForJournaling :
LabelForJournaling :
Type : All
IsDefaultAutoGroupPolicyTag : False
IsDefaultModeratedRecipientsPolicyTag : False
SystemTag : False
LocalizedRetentionPolicyTagName : {}
Comment : for field techs retention and a test to see why 14 day is not working
RetentionId : a61c470b-367b-4cb9-b955-b02ff9c5a1c3
LocalizedComment : {}
MustDisplayCommentEnabled : False
LegacyManagedFolder :
AdminDisplayName :
ExchangeVersion : 1.0 (14.0.100.0)
Name : 15 day retention
DistinguishedName : CN=15 day retention,CN=Retention Policy Tag Container,CN=First
Organization,CN=Microsoft
Exchange,CN=Services,CN=Configuration,DC=parabit,DC=com
Identity : 15 day retention
Guid : a61c470b-367b-4cb9-b955-b02ff9c5a1c3
ObjectCategory : parabit.com/Configuration/Schema/ms-Exch-ELC-Folder
ObjectClass : {top, msExchELCFolder}
WhenChanged : 1/7/2015 12:18:29 PM
WhenCreated : 1/7/2015 12:18:29 PM
WhenChangedUTC : 1/7/2015 5:18:29 PM
WhenCreatedUTC : 1/7/2015 5:18:29 PM
OrganizationId :
OriginatingServer : DMZAD.parabit.com
IsValid : True
ObjectState : Unchanged
Steven Davis of Parabit Systems -
Hi!
I Have one AD Security group for each shared printer, I have one GPP that map the printer if the user is in the security group that belong to the printer. And one GPP to delete the printer if the user is NOT member of the security group. The security group
is also applied in “Security” tab on the printsrv with PRINT rights and “everyone” is removed. This works 100 % on Windows 7 clients and Windows 2003 Terminal Servers. But on Windows 2008 R2 RDS this dont work.The Delete Policy will not delete the shared
printer. No warning in any logs, and the gpresult shows that the gpo setting applyed sucessfully. The only way I can make the Delete policy work is if i give the user print rights on the printer on the printsrv. Looks like for the policy to work on 2008
R2 the user must have print rights on the printer object on the printserver. The GPP Delete Policy will not delete printers that have status : access denied. Anyone else had this problem?Hi,
Based on your description, it seems that we need to give users appropriate permissions, for the error
Access is denied is more or less related to permissions.
However, we can avoid deploying the GPP printer delete policy. As far as I know, we can use Item-Lvel Targeting of GPP to push the shared printers
to the targeted users or groups.
Regarding ILT, the following articles can be referred to for more information.
Preference Item-Level Targeting
http://technet.microsoft.com/en-us/library/cc733022.aspx
Security Group Targeting
http://technet.microsoft.com/en-us/library/cc772471.aspx
Best regards,
Frank Shen -
Group Policy not work in some client machine.
Hello All,
Existing environment is AD 2012. gpupdate /force command does not working in some client machine. And it's occur randomly. Error shown about 15-20% of client machine. Please suggest. Hopefully this time get reply from community.
The Error:
User policy could not be updated successfully. The following errors were encount
ered:
The processing of Group Policy failed. Windows attempted to read the file \\example.net\sysvol\example.net\Policies\{31B2F340-016D-11D2-945F-00C04FB
984F9}\gpt.ini from a domain controller and was not successful. Group Policy set
tings may not be applied until this event is resolved. This issue may be transie
nt and could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller
has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.
Computer policy could not be updated successfully. The following errors were enc
ountered:
The processing of Group Policy failed. Windows attempted to read the file \\example.net\sysvol\example.net\Policies\{31B2F340-016D-11D2-945F-00C04FB
984F9}\gpt.ini from a domain controller and was not successful. Group Policy set
tings may not be applied until this event is resolved. This issue may be transie
nt and could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.Thanks for your reply. basically this error occurs with in same location as well as branch location. i have check event log in AD but not got any specific error. AD health status is ok. AD to AD synchronization also working well. All the client machine running
on windows 7 64 bit and few of them are windows 8.
Please suggest. if you need any event log for analysis i can send you.
Thanks
I recommend you examine the event logs upon an affected client machine. Specifically, look for the surrounding events on that machine (both System, and Application logs), for the hours previous and the hour after.
The time period may vary according to your environment (e.g. what is expected/normal for your environment, your configured GP refresh cycle-time).
e.g., are there network drops, or power drops, or system crashes, restarts at the similar time.
if it's a laptop, is it wireless? Was there a transition from wireless to wired operation?
Is there VPN in use?
If you are able to compare with another machine (I would encourage that), to understand what "normal" looks like in the logs, so that you have some kind of baseline data for comparison.
Other checks, maybe confirm that the machines are updating as required (have the relevant WindowsUpdates etc), and consider if some security/protection/firewall software might be interfering with normal Windows operations.
Also the potential for malware or virus, which can disturb many basic services (ensure a scan is performed and returns clean).
If you have the opportunity for an affected user to contact you urgently when the symptom occurs, check that the gpt.ini file is accessible from their PC.
e.g.: \\example.net\sysvol\example.net\Policies\{31B2F340-016D-11D2-945F-00C04FB
984F9}\gpt.ini
This file is hosted within the replicated SYSVOL share on your DC's, so check that it is accessible.
You might also validate the particular GPO this refers to, and check each of your DC's holds the correct copy of the files for that GPO GUID.
If you open that GPO, and perform a minor change to it (e.g. add a comment), then click Apply, OK, this should cause the GPO contents to replicate an updated version (be cautious, depending upon the nature of that GPO !!!)
Don
(Please take a moment to "Vote as Helpful" and/or "Mark as Answer", where applicable.
This helps the community, keeps the forums tidy, and recognises useful contributions. Thanks!) -
OAM 11g "Failure URL" in Authoriztion policy not working?
Hi,
Per the subject, I am running OAM server 11g (11.1.1.3), with an OAM 10g Apache webgate.
In the OAM Authorization policy (protected), I have specified a full URL for the "Failure URL", to get the browser to redirect when an authorization failure occurs.
However, when I test with a user that does not have access (user authenticates ok, but doesn't have right to access the protected resource), instead of the browser being redirected, I am getting an "Oracle Access Manager Operations Error" page.
I've been trying to figure this out, and have found several threads about this, e.g.:
OAM 11g authz redirect URL not working?
But, as I said, I am using OAM 11g server, and there is no "Inconclusive URL" in the policy settings (I guess there was in 10g, but not in 11g).
I have trace logging enabled on the OAM server, and I can clearly see that the request is getting "results DENY", but there's no indication in the logs that OAM server is aware of any failure redirection URL.
I've also got a header trace, and I can see that the browser is simply being re-directed to the "/oberr.cgi...." URL, so it' not going "somewhere else".
So, does anyone know why the "Failure URL" is not working in OAM 11g in Authorization policies?
Thanks,
Jim
P.S. The URL that it's suppose to be re-directing the browser to is in the Public resources under Authorization, and as I said, I don't see the browser even attempting to go to the failure URL, either via header traces or the OAM server logs.
Edited by: jimcpl on Nov 5, 2011 8:53 PMHi,
Per the subject, I am running OAM server 11g (11.1.1.3), with an OAM 10g Apache webgate.
In the OAM Authorization policy (protected), I have specified a full URL for the "Failure URL", to get the browser to redirect when an authorization failure occurs.
However, when I test with a user that does not have access (user authenticates ok, but doesn't have right to access the protected resource), instead of the browser being redirected, I am getting an "Oracle Access Manager Operations Error" page.
I've been trying to figure this out, and have found several threads about this, e.g.:
OAM 11g authz redirect URL not working?
But, as I said, I am using OAM 11g server, and there is no "Inconclusive URL" in the policy settings (I guess there was in 10g, but not in 11g).
I have trace logging enabled on the OAM server, and I can clearly see that the request is getting "results DENY", but there's no indication in the logs that OAM server is aware of any failure redirection URL.
I've also got a header trace, and I can see that the browser is simply being re-directed to the "/oberr.cgi...." URL, so it' not going "somewhere else".
So, does anyone know why the "Failure URL" is not working in OAM 11g in Authorization policies?
Thanks,
Jim
P.S. The URL that it's suppose to be re-directing the browser to is in the Public resources under Authorization, and as I said, I don't see the browser even attempting to go to the failure URL, either via header traces or the OAM server logs.
Edited by: jimcpl on Nov 5, 2011 8:53 PM -
Windows 2008 Group Policy not working in Windows 8.1
Hi ,
We found that the GPO settings created in Windows 2008 is not working in a Windows 8.1 machine.
One example is the proxy settings.
We confirmed from gpresult that the GPO is in the list but checking the actual proxy settings, it is not applied.
Regards,
JhunHi,
How did we configure the proxy settings, using Internet Explorer Maintenance? If it is this case, just as Martin suggested, we can’t use IEM to manage
IE 10 and IE 11. However, we can configure the proxy setting via Group Policy Preferences (GPP).
Regarding this point, the following blog can be referred to for more information.
Configuring Internet Explorer 10′s
Proxy Via Group Policy
http://johnfail.wordpress.com/2013/06/15/configuring-internet-explorer-10s-proxy-via-group-policy/
In addition, when we use this GPP extension, pay attention to GPP F5-F8 keys.
Regarding this point, the following blog can be referred to for more information.
Group Policy Preferences F5 F6 F7 F8 “documentation”
http://msitpros.com/?p=1014
Please Note: Since the above two websites are not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy
of this information.
In addition, regarding the deprecation of IEM, the following article can be referred to for more information.
Appendix B: Replacements for Internet Explorer Maintenance
http://technet.microsoft.com/en-us/library/jj890998.aspx
Best regards,
Frank Shen -
Software restriction policy not working correctly
Ladies and Gents,
we run a windows server 2008r2 environment.
we have a software restriction policy in place for quite some time now and it's been working fine until about a week ago. here's how we have it setup:
Enforce = All Software files except libraries (such as DLLs). + All Users.
Security Level = Disallowed
Designated File Types=
Defaults
Additional Rules:
C:\* = Disallow.
The rest of the rules are paths for files and folders that we have set as Unrestricted.
Since about a week ago, our security team discovered that they can open any allowed file type such as text file, and then go to file and click on open. In the open dialog box they would type
in C:\Windows\System32\drivers\etc\hosts and then click and open it would actually open the hosts file.
I even tried adding a path rule for C:\Windows\System32\drivers\etc\hosts with Disallow, and it’s still allows opening this file for non admins.
Any ideas as to why is software restriction policy not blocking access to any files or folders that are not explicitly allowed via a path rule?
Any help or comments are much appreciated.
Mohsen AlmassudYou are moving in a wrong way. Software Restriction Policies are designed to prevent users to launch executables/applications. It cannot prevent you from opening TXT file, because it is not an executable. In order to prevent TXT files, you have to block
notepad.exe executable. It is very different technology.
You must move to a permission configuration. If there are folders users should not access, remove them from respective folder's ACL. You must be careful with restricting user access to system folders (%systemroot%), because you may block critical applications
and eventually no one will be able to log on to server, because logon-dependant paths are not accessible due to restrictions in the ACL.
My weblog: http://en-us.sysadmins.lv
PowerShell PKI Module: http://pspki.codeplex.com
Check out new:
PowerShell FCIV tool. -
ISE authorization Policy not working
Hi ,
I have configured the ISE as per the belwo link
https://supportforums.cisco.com/document/110031/central-web-authentication-cwa-guests-ise
but my authorization policy is not working as when user get connected to guest wlan it get authneticated but when it look for authorization
it going to default policy it should hit on above policy created screen shot as belowWhat version of ISE + patch are you running?. Could you please send an screenshot of AUTH policies including the default --- > USE part?. Are you using customized portal for the first authentication process?
CWA is pretty straightforward. Only issues I faced was multiple VM (ISE Personas) running on one single server was not replicating properly the AUTHZ policies so I added the PSN persona into the PAN Node and everything worked fine immediately. In addition to that, I realized that I needed at least ONE ENTRY into the ISE PAN Internal Endpoints DB so I could hit the AUTH Policy for MAB & user not found condition which sent me to the AUTHZ = User Unknown + Redirect. Once I authenticated the user using the Default Portal that meant I hit the GUEST FLOW policy. If you are using customized portals for the first authentication process, check: web portal mgmt. --- > Guest --- > MultiPortal Configurations --- > Customized Portal -- > Authentication part. -
Decryption policy not working with Goole chrome
Hi,
Good morning!!!!!!!
I have been facing the issue with the CX module decryption policy. I have applied decryption policy to facebook, working with IE and mozilla browsers but not working with Google chrome. When tried with google chrome, getting the certificate error.
Kindly find error screen shoots in the attachments.
Please help us.
Thanks in advance.
Ashok Kumar.Hi Colin,
Thank you for your reply.
Because of the certificate chrome is not trusting. I have imported the certificate from CX module and added the same certificate in google chrome browser, then it is working fine.
Thanks and regards,
Ashok Kumar S.
Maybe you are looking for
-
Network Printing Problem (cgpdftops)
I'm attempting to print to a networked HP color laserjet 2550 and I'm getting a strange error message in the print status dialog box on every print: The process "cgpdftops" terminated unexpectedly on signal 10 When this message appears, only the firs
-
Multiple documents opening at once.
When I open an app (such as Word or Preview) the last few documents I was working with open. Is there a way to turn this off? Leopard didn't do this.
-
Exponential File Size Reduction
Hi All, Attached is a .vi that I recieved from this forum (Altenbach I believe). Currently this vi copies every x line from a source file to a new file. It works great however now I am interested in reducing the sampling rate. For example I would lik
-
Approval WF after SC is saved: No selected agents assigned
Hi all, We are in SRM 7.0 and we have the following problem: We fill approval_table informing fields through BADI GET_REMAING_APPROVERS: approval_index = 1 approval_agent = USUSER name and description. (we only put one approver to do the testing easi
-
I need help I changed my credit card information to a card that active, now I can't even get a free app, it's telling my that I need to verify my information before I can make a purchase.... What's going on and how do I fix it??