Wednesday, December 12, 2007

Username and password are incorrect connecting to IMAP server on a iphone

When you try to connect to the Exchange Server, Exchange 2003, 2007 using iphone you receive an error message, indicating that your Username and password is incorrect, even though you know that you are typing the correct username and password to connect to the Exchange Server.


For IMAP the Username must be in the format Domain\Username, make sure that you enter your username in the above format. And if your Email alias is different from your username then you need to enter your username as follows Domain\Username\Alias. See examples below:

1. In this case the Username is Asmith and the default email alias is
So in the iphone IMAP userid field you will put the username in the format

2. In this case the Username is Asmith and the default email alias is
So in the iphone IMAP userid field you will put the username in the format

Please note that there are other requirements for IPHONE to connect to the IMAP server such as Port 143 should be open on your firewall and Port 993 must be open if you are using SSL, also IMAP must be enabled on the Exchange server and the User must be enabled for IMAP in the Active Directory Users and Computers

The above username format is not required for SMTP to work.

Tuesday, December 11, 2007

440 Login Timeout in Exchange 2007 OWA

After I installed my SSL Cert on the Exchange 2007, and I tinkered around with some security in IIS my OWA stopped working both internally and externally.

I kept receiving this message:

"440 Login Timeout"

After couple days of struggling with this error and trying to fix the issue, I finally landed on the fix, so I wanted to put this out here for anyone who might experience this issue.

I basically had to blow the OWA virtual directory and then recreate it through Exchange Management shell. Please follow the specifics below


here's what i did to solve the problem on my server:
We have only one Exchange server (2007), so all the roles are on the same box.

a) In the Exchange management console, I made a note of all the settings for OWA.
Go to "server configuration\ClientAccess", then pick the correct server, then "OWA" tab, right click owa (default web site): properties (Make a note of all the settings for your environment, you will need to restore these settings manually.

b) use the Exchange Management shell and run the following:
(please refer to for details)
1) Get-OwaVirtualDirectory -Server to check the settings
2) Remove-OwaVirtualDirectory -Identity to remove the existing virtual dir (only owa in this case, I didn't touch the others)
3) New-OWAVirtualDirectory --Name "owa" (I only used the -name parameter, that worked for me)

c)Go back to the management console and restore properties of owa.

d) restart IIS via command iisreset /noforce

Web Outlook was running again after that.

Wednesday, September 19, 2007

Setting Mailbox Quota Powershell

I will provide an example of powershell script that you can customize to use in order to setup the Exchange 2007 Mailbox Quota. In the example below the Powershell script will set the Quota Warning for 200mb and then Prohibit Send at 250mb and Prohibit Send and Receive at 280mb. Also it will run the Quota Notification between 2:00 AM - 3:AM on Sunday and Wednesday

Set-MailboxDatabase -Identity "Server1\MailboxDatabase1" -IssueWarningQuota 209715200 -ProhibitSendQuota 262144000 -ProhibitSendReceiveQuota 293601280 -QuotaNotificationSchedule "Sun.2:00-Sun.3:00","Wed.2:00-Wed.3:00"

Wednesday, July 18, 2007

Using NSLookup to find mx records

If you need to find mx record for a domain you can use the NSlookup tool within Windows. This is often used when you are having problems sending emails across to a certain server. You can lookup their mail servers and see if you can ping them. The best test is to be able to telnet them on port 25.

I can show you that in a short tutorial. In my example below I am trying to get the mx records for the domain

Quick NSlookup commands

If you are wondering how to use the NSLookup tool it is quite handy.

The tool is used from the command prompt and can be used to determine the name of your DNS server. Often used by us I.T support Engineers/professionals/guys whatever you want to call us to troubleshoot DNS problems. So to use NSlookup simply go to a command prompt and type:


this should give you the IP address of all the DNS servers that you are using on your computer to resolve IP address from domain names, see below

C:\Documents and Settings\rajk>nslookup
*** Can't find server name for address Non-existent domain
*** Default servers are not available
Default Server: UnKnown


At the next prompt type ? (this will give you all the commands that you can use), see the list below

> ?
Commands: (identifiers are shown in uppercase, [] means optional)
NAME - print info about the host/domain NAME using default server
NAME1 NAME2 - as above, but use NAME2 as server
help or ? - print info on common commands
set OPTION - set an option
all - print options, current server and host
[no]debug - print debugging information
[no]d2 - print exhaustive debugging information
[no]defname - append domain name to each query
[no]recurse - ask for recursive answer to query
[no]search - use domain search list
[no]vc - always use a virtual circuit
domain=NAME - set default domain name to NAME
srchlist=N1[/N2/.../N6] - set domain to N1 and search list to N1,N2, etc.
root=NAME - set root server to NAME
retry=X - set number of retries to X
timeout=X - set initial time-out interval to X seconds
type=X - set query type (ex. A,ANY,CNAME,MX,NS,PTR,SOA,SRV)
querytype=X - same as type
class=X - set query class (ex. IN (Internet), ANY)
[no]msxfr - use MS fast zone transfer
ixfrver=X - current version to use in IXFR transfer request
server NAME - set default server to NAME, using current default server
lserver NAME - set default server to NAME, using initial server
finger [USER] - finger the optional NAME at the current default host
root - set current default server to the root
ls [opt] DOMAIN [> FILE] - list addresses in DOMAIN (optional: output to FILE)
-a - list canonical names and aliases
-d - list all records
-t TYPE - list records of the given type (e.g. A,CNAME,MX,NS,PTR etc.)
view FILE - sort an 'ls' output file and view it with pg
exit - exit the program


To see how you can get mx records for a domain please see my posting called Using NSLookup to find mx records

If for some reason you

Friday, July 13, 2007

Error when moving mailbox


When moving a mailbox from Legacy E2k Server to E2k7 server, you receive an error message:
Summary: 1 item(s). 0 succeeded, 1 failed.
Elapsed time: 00:00:00

Domain Controller 'OLDDCNAME' Operating System version is 5.0 (2195) Service Pack 4. The minimum version required is 5.2 (3790) Service Pack 1.


Just to give you a little background I have a Windows 2000 DC with Exchange 2000 installed on it, and a Windows 2003 R2 running SP2. So what I had to do to fix the problem was to Remove the checkbox for Global Catalog for Windows 2000 DC from Active Directory Sites and Services and then restart the Windows 2000 DC.

After that the Mailbox Move did not give me the above error message

Thursday, July 12, 2007


While installing or Uninstalling Microsoft Exchange 2007 from the command line using and various applicable switches you receive the following error message:
"An unexpected error has occurred and a Watson dump is being generated: Unexpect
ed error [0x116DCE11] while executing command '$error.Clear(); uninstall-Exsetda
taAtom -AtomName SMTP -DomainController $RoleDomainController'.
Unexpected error [0x116DCE11] while executing command '$error.Clear(); unin
stall-ExsetdataAtom -AtomName SMTP -DomainController $RoleDomainController'.

Exchange Server Encountered and Error



I was installing the hub transport, client access, mailbox and management tools using the /mode:install /r:h,c,m,t /t:"d:\program files\Microsoft Exchange Server"

So when Uninstalling i received the error message. I was using the following command /mode:uninstall

Changing the above command slightly by including the roles that I wanted to uninstall I was able to complete the command successfully /mode:uninstall /r:h,c,m,t

An unexpected error has occurred and a Watson dump is being generated: Access t

Problem: When doing an Unattended setup for Microsoft Exchange 2007 using the command and switches you receive the following error message:

An unexpected error has occurred and a Watson dump is being generated: Access t
o the path 'X:\Setup\ServerRoles\Common\64' is denied.I had same problems as some of you indicated, where X is the drive letter for your DVD ROM drive.

I was installing Exchange 2007 from Production Copy DVD of Exchange 2007 Standard. Here is the strategy that I took after receiving the errors on multiple occassions.


We have 1 Win2K SP4 DC and 1 Win2k3 R2 DC, so installing Exchange 2007 from GUI is a NONO, atleast according to all the readings that I have done. So the only option is to install from command line using the Unattended setup ( with various different switches. You can not use Setup.exe with switches.

When I was receiving the error message of:
"An unexpected error has occurred and a Watson dump is being generated: Access to the path 'X:\Setup\ServerRoles\Common\64' is denied.", I was installing all the roles at one time using the following command line: /mode:install /r:h,c,m,t /t:"d:\program files\Microsoft\Exchange S
erver" /DomainController:DCNAME /EnableLegacyOutlook /LegacyRoutingServer:
LegacyExchangeName /EnableErrorReporting

and I would receive the error message.

I then tried to install all the roles seperately using the following command lines one at a time and every thing was successful.


PS: Please replace DCNAME with the name of your Win2k3 SP1 DC and LegacyExchangeName with your E2k or E2k3 Exchange Server.

1. Client Access /mode:Install /r:c /t:"d:\program files\microsoft\exchange server"

Welcome to Microsoft Exchange Server 2007 Unattended Setup

Preparing Exchange Setup

The following server roles will be installed
Management Tools
Client Access Role

Performing Microsoft Exchange Server Prerequisite Check

Client Access Role Checks ......................... COMPLETED

Configuring Microsoft Exchange Server

Copying Exchange files ......................... COMPLETED
Client Access server role ......................... COMPLETED

2. Hub Transport Role /mode:Install /r:h /domaincontroller:
DCNAME /LegacyRoutingServe

Welcome to Microsoft Exchange Server 2007 Unattended Setup

Preparing Exchange Setup

The following server roles will be installed
Hub Transport Role

Performing Microsoft Exchange Server Prerequisite Check

Hub Transport Role Checks ......................... COMPLETED

Configuring Microsoft Exchange Server

Copying Exchange files ......................... COMPLETED
Hub Transport Server Role ......................... COMPLETED

3. /mode:Install /r:m /domaincontroller:
DCNAME /EnableLegacyOutloo

Welcome to Microsoft Exchange Server 2007 Unattended Setup

Preparing Exchange Setup

The following server roles will be installed
Mailbox Role

Performing Microsoft Exchange Server Prerequisite Check

Mailbox Role Checks ......................... COMPLETED
If Outlook Web Access is in use, you should replicate the free/busy folder on t
his server to every other free/busy server in the organization. This step should
be performed once Setup completes.

Configuring Microsoft Exchange Server

Copying Exchange files ......................... COMPLETED
Mailbox Server Role ......................... COMPLETED

The Microsoft Exchange Server setup operation completed successfully.

Hope this helps someone out.

Tuesday, June 26, 2007

The local policy of this system does not permit you to logon interactively on Citrix Metaframe Server after adding Windows 2003 DC to domain

Today we added our first Windows 2003 DC to Windows 2000 domain. After the AD replication completed successfully, users who used to login to the domain via citrix started receiving a message upon logging into the server:

The local policy of this system does not permit you to logon interactively

After digging through a lot of blog posts and MS Knowledgebase article everything pointed to the Local Security settings of the Citrix Machine not having appropriate permissions. Apparently this was not a problem before in Windows 2000 ad.

So I went into AD, threw the citrix server in it's own OU. Created a new GPO. Under GPO setttings

Go to
Computer Configuration => Windows Settings => Security Settings =>Local Policies=>User Rights Assignment

Under User Rights Assignment Look for following setting:

If Using Win2k3 - Allow Login to Terminal Server
If Using Win2K - Log on Locally

Double click on above policy and assign the appropriate group permission

After you have assigned the permission, make sure that the group that you assigned the permission to has the rights to Read and Apply Group Policy for that GPO

If you do the first and not the second the problem will still exist.

Also make sure to refresh the Group policy by going to DOS Prompt and giving following commands

If Win2K : secedit /refreshpolicy machine_policy /force
If Win2k3: gpupdate /force

Reboot the Terminal or Citrix Server.

this resolved the problem for me.

Monday, June 25, 2007

Windows 2003 SP2 throws printer offline

After I installed Windows 2003 SP2 on one of my client's Windows 2003 Server which was also a print server the printer queue went offline.
I would restart the Print spooler service on the Server and the printer would stay online only for 1 job, and it would go offline immediately after 1 job.
After researching for over an hour I found out that apparent SP2 has some changes in the way SNMP is handling printer queues.
It now dows multiple SNMP threads for the printer queues instead of 1 round robin.
To resolve this, check if your printer's SNMP is working properly.
For a workaround, in the Printers and Faxes folder
File => Server Properties
Go to the Ports tab
Click the port that is going offline
Configure Port
Uncheck "SNMP Status Enable"

PS: This is a workaround only, after I have found out a permanent fix to the situation I will post it here.

This will turn off SNMP querying and set the printer to always Online.

Saturday, June 23, 2007

How to shut down a remote server from DOS

In Windows 2003 there is a shutdown command that can be used to shutdown the computer whether it is local or remote computer. There are often times when the remote server can not be reached via Terminal services ( Remote Desktop) and needs to be forced a restart using another tool. The shutdown command built into Windows 2003 is a handy tool and has worked for me in those situations more than a few times.

For all parameters for the command go to the DOS prompt and type:

Shutdown /?

If you are looking to give a remote computer/server a quick restart type this command, replace computername with the Name of the computer that you want to restart.

shutdown /r /m \\computername /t seconds /f {force shutdown, no warning}

Monday, June 18, 2007

Event ID 7023 on Windows 2000 Server

Problem: I had a problem on one of the Windows 2000 Server which was a member server. Everytime on bootup there would be a service/driver failure error.

In the application log the following error was being reported:

Event ID 7023
The Kerberos Key Distribution Center service terminated with the following error:
The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation.


Kerberos Key Distribution is a service that should only be running on DC. Since this is not a DC, microsoft recommends that startup type of this service be disabled.

Please see this MS Knowledgebase article for more info.

Tuesday, June 12, 2007

Black Screen when connecting with Remote Desktop

When connecting to terminal server behind a firewall some of the users who were connecting over a DSL or a Cable connection they would receive a black screen upon connection.

Usually the problem is with the MTU settings.  One can adjust the setting using Dr. TCP which is a free download from This will let you adjust your MTU settings on the network adapter of the PC that you are using to connect to the terminal server. Adjusting MTU setting to 1400 did the trick for me.
But this became a nuisance as we had several users connecting to the Terminal server using the remote desktop.
After much investigation I found out that I can change the MTU settings on the WAN interface of our firewall. In our case we were using Watchguard Firebox.
In order to make the changes on the Watchguard firebox. Follow these particular tweak settings to permanently adjust the MTU settings.
nstruction is as follow.

!!! As a configuration hack, and not a GUI feature, we do not support this and will not be responsible for problems caused by this or a invalid configuration setting added manually. Keep in mind, changing MTU size may fix speed for the services that use the bigger size, but mess things up for other things that prefer 1500.

1) Save you Firebox config to a file and open it in a text editor

2) Find the following lines:

scripts.startup.00 here0

3) Insert the following between them:

ifconfig eth0 mtu XXXX
ifconfig eth1 mtu XXXX
ifconfig eth2 mtu XXXX

The ''XXXX'' will be the MTU size you want on that interface card. eth0 is external, 1 is trusted and 2 optional. So if you wanted a MTU size of 1500 for external but 4096 on the other interfaces you would do as follows:

ifconfig eth0 mtu 1500
ifconfig eth1 mtu 4096
ifconfig eth2 mtu 4096

The lines should now appear as:

scripts.startup.00 here0
ifconfig eth0 mtu 1500
ifconfig eth1 mtu 4096
ifconfigeth2 mtu 4096

Once this is done, save this text edited file and reopen it in Policy manager and save it to the Firebox.

Monday, June 11, 2007

Redirection of Folders in Group Policy not working

We redirect users MY Documents folder from their workstation to a server location. Recently we moved the location of the share on 1 server to another server. After the moving of the files the redirection stopped working and would show errors in the workstation event viewer.

The MY Documents folder was not being redirected to the new server share. We checked the security for the new share and NTFS permissions and nothing seemed to give a clue as to what was going on. After googling the problem, could not come up with any specific solution.

One thing I noticed was that on the AD server running Group Policies, the server was running Windows 2000 Server SP3.
I upgraded the server to Windows 2000 SP4.

This resulted in resolution of the problem.

Apparently this is an issue in SP3 resolved in Sp4.

owa 440 login timeout

Problems with OWA. When a user logs into OWA session or to the Remote Workplace website there is an error message

"owa 440 login timeout"

I ran into this problem with one of my clients using SBS 2K3 server for exchange and sharepoint services.

It turned out that someone had changed the password for either the IUSR_ or IWAM_ in the AD and the old password was still being used in the IIS. Basically you have to sync the passwords between the AD and IIS for the above 2 users. Before you follow the steps listed below make sure to go into AD and check that these user accounts are not locked out and also make sure Password Never Expires and Cannot change password checkboxes are checked.

Anyways to resolve this issue follow these steps listed below:

1) Open AD Users & Computers. Expand the Users OU, right-click on the IUSR_ account and select 'Reset password' Reset the password to anything you want (however, it can't be blank).

2) Open this User Account's properties and verify that the account is not locked out :^) Also, make sure that 'Password never expires' and 'User cannot change password' are selected.

3) Repeat steps 1 & 2 for the IWAM_ account. Close AD Users & Computers.

4) Open Internet Information Services (Start | Administrative Tools)

5) Expand | Web Sites

6) Right-click on 'Default Web Site' and select Properties.

7) Go to the 'Directory Security' tab and click the Edit button under 'Authentication & Access Control'

8) Enter the new password for the IUSR_ account and click OK.

9) Enter the password again to confirm and click OK.

10) Click OK.

11) Open a command prompt and enter iisreset

12) At the command prompt, enter the following commands:
cd c:\inetpub\adminscripts
adsutil SET w3svc/WAMUserPass (Where = the password you entered for the IWAM_ account in AD Users & Computers)
c:\windows\system32\cscript.exe "c:\inetpub\adminscripts\synciwam.vbs" -v

Wednesday, April 11, 2007


I recently upgraded one of our clients from Symantec Corporate Edition 10 to 10.2. After the install of the new version on the clients. Some of the Windows XP machines with SP2 had a problem with outlook.

When they launched outlook they received a message:

“The add-in”C:/Program Files/Symantec AntiVirus/vpmsece3.dll” could not be installed or loaded. This problem may be resolved by using Detect and Repair on the Help menu.”


I resolved the problem by deleting the Extend.dat file.

Here are specific instructions.
1. Go to MY Computer
Double click on C: drive
Go to Tools => Folder Options (Make sure, show hidden files and folders is checked)
Double click on the documents and settings folder
Double click on the folder that has your Username
Double click on Local Settings Folder
Double click on Application Data Folder
Double click on Microsoft
9. Double click on Outlook
10. Delete the file Extend.dat


Tuesday, April 10, 2007

Exchange 2000 Storage Limits (Big Problems)

I am sure that everyone working with Microsoft Exchange has had their share of problems. The problem I was faced with yesterday was that Exchange reached it's database storage limit of 16GB. The Exchange database consists of Mailbox store (priv1.edb), public folder store (pub1.edb) and the stem files priv1.stm and pub1.stm.
Once Exchange reaches the above limit you will not be able to mount the Mailbox store and your users will not be able to log into Exchange client (outlook). If you are running your clients in Online mode, I am mixed... Offline for mobile users, online for users that stay in the office.

Please note that there is a microsoft registry hack that will let you increase the above database size of 16GB to 17GB temporarily by applying a hotfix, however this is not a permanent fix and it did not work for me.

The only way for me to be able to mount my database was as following:

1. Run ESEUTIL (Exchange offline defrag) for syntax see below
2. Run Exchange Mailbox Management with custom settings to shrink the mailbox sizes of users with excessive attachments. I customized the Mailbox management settings under the Recepient policy to delete all emails that are more that 3mb in size. We are a cpa firm and often receive file attachments that are massive. Most of the times the 3mb files will become obsolete very quickly.

ESEUTIL syntax:

Exchange 2000 server includes a utility called Eseutil that replaces Edbutil and Eseutil utiliites that are included with earlier versions of Exchange

For more information on how to use Eseutil and various switches available for the utility please read this article on MS Knowledgebase

Saturday, March 31, 2007

"Stop 0x50 BSOD in Windows XP"

I've had several machines show this message 0x50 BSOD error in Windows XP Service Pack 2. In all the cases where I saw this message the computer boots back up on the next cold boot. For the error not to reoccur follow the steps in the KB Article:

What worked for me:

I started out by updating the Video adapter and then the BIOS update and then running the chkdsk utility. For detailed instructions on how to run chkdsk and different parameters... click this link... If the error re-occurs after a few days or so, the best option is to run one of many free RAM tests available on the Internet. You can also download one from Microsoft's website

If the test fails YES, it is time to replace the memory.

Windows XP built-in firewall a nuisance

Microsoft has been very proud of including built-in firewall with Windows XP and Vista. In my experience in a small shop run only by 1 person this has turned out to be a complete Nuisance. When we first installed Windows SP2 which automatically turned on the Windows XP firewall on all the 60 desktop machines that I Manager and support, several of our applications either failed to work and or they were just very slow. Virus Management software and one of our line of business application CCH's Engagement would not work. Besides users complained about their computers running slower than usual, not to mention outgoing messages in their Outlook client would just sit in the outbox until they hit send/receive.. ( Yes we are running Exchange server).. and Yes they are working in a LAN environment with Gigabit speed to the desktop. Well the culprity... you guessed it right.. Windows XP firewall.

File Restoring Tools and Utilities

File restore utilities and tools are really not cut out to be what they promise. I have in desperation tried a couple of the utilities available in the market place to restore deleted files from Windows with very little success.
The 2 utilities that I used were
1. File Restore - Part of the Winternals Admin Pak 5 (now owned by Microsoft)
2. Recover My Files - Get Data

The first one being more expensive than Recover My files as it is only sold as part of the entire Admin Pak which runs around $1199. That's a steep price to pay for a file restore utility that promises to restore your deleted data from command prompt, recycle bin data that was deleted.
As I understand part of the problem with restoring permanently deleted files from windows is that the deleted files get overwritten as the computer is in use by your Internet cache files, so there is a high likelihood that part of the files could get overwritten and even if you are able to restore some files they might be corrupted.

I used Recover my files for a user who had deleted some important folders on their computer. The install was simple and the user interface easy enough for anyone with little PC experience to use.

The file restore utility from Admin Pak 5 of Winternals was not that great either. I had deleted some files on one of the servers by accident by writing an incorrect script that deleted files under a wrong path. I installed it on a windows 2000 server, it took about 3 hours to seach my hard-drive and came with nothing.

If anyone out there has worked with some good windows file restore utilities that have worked for them, I am all ears.