Most Common ESM Public Folder Expansion Errors
Most Common ESM Public Folder Expansion Errors
Most Common ESM Public Folder Expansion Errors
Error Message The object is no longer available. Press F5 to refresh the display, and then try again Possible Causes
Improper IP address binding in Internet Information Services (IIS). Host header for the default Web site is incorrect in IIS. Incorrect path name listed in IIS under the Home Directory tab. Metabase may be corrupted. URLScan may be installed on IIS blocking specific extensions or verbs. Non-working public folder store is selected in ESM. Invalid folderpathname set for the http public folder in Active Directory directory service. Other third-party ISAPI filters installed in IIS. Public folder hierarchy on the Exchange server is associated with the public folder store on another server.
Troubleshooting
Verify proper IP address, host header, and port in the properties of the Default Web Site. By default, the IP address is set to all unassigned with no host header bound to port 80. Set this back to the default settings for testing purposes. If multiple IP addresses are bound to the network card because of the "All in one" syndrome with running multiple Web sites on an Exchange server, try using the first bound IP address. Add host header if necessary to get around this. Change port if necessary. If this error is occurring on a cluster server, you may need to add a host header for the Exchange cluster virtual name to the Web site to get this working. Check to make sure that URLScan is not installed on the server. This information can be found by getting the master WWW properties in the Internet Information Services (IIS) Manager and selecting the ISAPI filters tab. If URLScan is listed, the best thing to do to see if URLScan is causing the problem. To see if it is the problem, check the urlscan.log file that is created in the \winnt\system32\inetsrv\urlscan folder. The following is a sample urlscan.log file:
[08-23-2004 - 14:39:36] Client at 192.168.254.67: URL contains extension '.com', which is disallowed. Request will be rejected. Site Instance='1', Raw URL='/ExAdmin/Admin/domain.com/Public%20Folders/' [08-23-2004 - 14:56:10] Client at 192.168.251.11: URL contains extension '.com', which is disallowed. Request will be rejected. Site Instance='1', Raw URL='/ExAdmin/Admin/domain.com/Public%20Folders/' [08-23-2004 - 14:57:02] Client at 192.168.251.11: URL contains extension '.com', which is disallowed. Request will be rejected. Site Instance='1', Raw URL='/ExAdmin/Admin/domain.com/Public%20Folders/NON_IPM_SUBTREE/'
As you can see, Urlscan is denying the .com extension when expanding the public folders in the ESM. For more information about this problem, see Microsoft Knowledge Base article 328659, "Error 80040E19 when you try to expand public folders in Exchange 2000 Server." Additionally, for more information about configuring URLScan on an Exchange server, see Microsoft Knowledge Base article 309508, "IIS lockdown and URLscan configurations in an Exchange environment."
Important:
After a setting in the urlscan.ini file is changed for use with URLScan, the IISAdmin service must be restarted for the change to take effect. Keep in mind that this will stop the Information Store which will affect Microsoft Office Outlook and Outlook Web Access clients.
Connect to another public folder store, if available, to see if the issue persists. To do this, right click on Public Folders, click Connect to, and then select another public folder store. Check the properties in IIS on the public and exadmin folders to see whether they are pointing to the proper home directory paths. Be default, exadmin should point to \\.\BackOfficeStorage and public should point to m:\domain.com\public folders. Having incorrect directory paths will cause this issue even if it is off by one letter. For example, if public folders was spelled public folder. Verify the correct folderpathname is listed for the http public folder. In the Internet Information Services (IIS) Manager, under properties of the actual virtual server object, on the Home Directory tab, the local path may be listed incorrectly, for example, "M:\example.com\MBX" (where example.com is the name of your domain). Change it to "M:\example.com\" and save the changes. Then, use the following procedure to clear the value of the folderPathname attribute.
Caution:
If you incorrectly modify the attributes of Active Directory objects when you use Active Directory Service Interfaces (ADSI) Edit, the LDP (ldp.exe) tool, or another Lightweight Directory Access Protocol (LDAP) version 3 client, you may cause serious problems. These problems may require that you reinstall Microsoft Windows Server 2003, Exchange Server 2003, or both. Modify Active Directory object attributes at your own risk.
To clear the value on the folderPathname attribute 1. Start the ADSI Edit tool from Windows 2000 Support Tools or from Windows Server 2003 Support Tools. 2. Expand the following nodes: Configuration Container Configuration Services Microsoft Exchange
Organization_Name Administrative Groups Administrative_Group_Name Servers Exchange_Server_Name Protocols HTTP 3. Right-click CN=100, and then click Properties. 4. Click folderPathname in the Attributes list, and then click Edit. 5. Remove the value that contains the incorrect path of the server by selecting the value and clicking Clear. Click OK two times to apply the change. Take a netmon trace when the client is attempting to connect to the public folders in the ESM. This trace will tell you what is being returned from IIS. The client, in this case, would ESM on another computer besides the Exchange server itself so that you can see the proper network traffic.
There are instances where you are prompted for your network password and, after three attempts, you may receive this Access Denied error. This usually occurs when HTTP keep-alives are not configured for the default Web site.
Troubleshooting
Get properties of the default Web site and then select the Enable HTTP Keep-Alives check box.
Possible Causes
Anonymous-only authentication is set for the exadmin virtual directory. This error normally occurs if the DS2MB replication process if broken and an administrator changed the access permissions for this virtual directory to anonymous-only.
Troubleshooting
Select the check box to enable Integrated Authentication and then find out why the DS2MB process is failing to replicate this information from Active Directory in to the Metabase.
This error can occur if you are attempting to propagate permissions in the ESM for a top level folder in a mixed mode organization in which you have no local Microsoft Exchange Server version 5.5 replicas on this server.
Troubleshooting
For more information about this problem, see Microsoft Knowledge Base article 317675, "XADM: You Receive an Error Message When You Propagate Public Folder Rights with No Replica on Exchange 2000"
This error can occur if you are requiring SSL for the exadmin virtual directory under the default Web site, but there is no certificate bound to the Web site. Incorrect host header is configured for the default Web site.
Troubleshooting
To resolve this issue, open the Internet Information Services (IIS) Manager. Get the properties of the exadmin virtual directory and select the Directory Security tab. From there, select the Edit button under Secure Communications. Clear the Require 128-bit encryption and the Require secure channel (SSL) check boxex. Click OK and then expand Public Folders again. If you do not have access to change this information in the Internet Information Services (IIS) Manager, you can manually remove this. Open a command prompt and go to the \inetpub\adminscripts folder. Run cscript adsutil.vbs enum w3svc/1/root/exadmin to view the settings for that virtual directory. You should see the following if you are experiencing this error. AccessSSL : (BOOLEAN) True AccessSSL128 : (BOOLEAN) True To change this to not require SSL, perform the following command.
cscript adsutil.vbs set w3svc/1/root/exadmin/AccessSSL False cscript adsutil.vbs set w3svc/1/root/exadmin/AccessSSL128 False
Troubleshooting
Add or remove the correct host headers to Exchange virtual server in Internet Information Services (IIS) Manager.
Possible Causes
This error can occur if you have multiple IP addresses bound to the network card on the Exchange server and you have the default Web site bound to the secondary IP address. An invalid host header or IP address has been set for the default Web site Incorrect IP addresses or host header is set on the cluster virtual server.
Troubleshooting
Try setting the default Web site to All Unassigned and then reopen the ESM and try to expand public folders. Correct the host header value or remove it completely.
The default Web site is listening on a port other than port 80. Davex In-Process ISAPI application is not loaded or missing on the master WWW properties. ExchangeApplicationPool has been deleted in IIS.
Troubleshooting
Check the IIS logs to see if all http requests are connecting over port 80. If any other port is listed, you will get this error. Use Metaedit or MBExplorer to add the Davex information back. A Metaedit sample view is shown in the following figure. After you add this back in, public folders should be able to expand immediately. The path to get to this is LM/W3SVC and then doubleclick InProcessIsapiApps to get the view shown in the figure.
Note:
Davex is also explicitly set at the virtual directory level, but that is not used for administration, only for viewing public folders through Outlook Web Access.
If ExchangeApplicationPool appears to have been deleted, contact Microsoft Product Support Services for assistance with re-creating it. For a complete list of Microsoft Product Support Services telephone numbers and information about support costs, see the Microsoft Help and Support Web site. If all else fails, try the following: 1. Perform a backup of the IIS Metabase. Right-click the servername in IIS Manager, select All Tasks, and then click Backup/Restore. 2. Remove the Exadmin virtual directory. 3. Open up a command prompt and go to the C:\Inetpub\AdminScripts directory 4. Run cscript.exe adsutil delete ds2mb (this deletes the ds2mb in the Metabase). 5. Restart the Exchange System Attendant (this will restart the Information Store serrvice and the MTA stacks, and re-create the Exadmin virtual directory). 6. Verify that the Exadmin folder had been re-created in IIS Manager. 7. Test to see if you can expand the public folder tree. For more information about IIS logging properties reference, see the IIS 6.0 Documentation Web site.
Possible Causes
Improper authentication method set in IIS for the public and exadmin virtual directories DS2MB process has not populated the proper entries in the IIS metabase Internet Explorer security settings are incorrect. Permissions in Active Directory are set incorrectly Realtime virus software is scanning the M: drive The msExchDS2MBOptions for the exadmin virtual directory is set incorrectly. There is an incorrect path listed for the properties of the exadmin virtual directory in IIS. This value should be \\.\BackOfficeStorage.
Troubleshooting
Ensure that a proper authentication method is selected for the HTTP public virtual directory in ESM. If none is listed, you will receive this error. If the correct authentication method shows up in ESM, open the Internet Information Services (IIS) Manager to see if the same authentication method is listed for the public virtual directory. Also check the exadmin vdir for the same authentication method. If this authentication method is not present, then there is a problem with DS2MB replicating this information from Active Directory to the IIS metabase. Check the event log for additional information regarding the failing DS2MB process. Open ESM on another computer or server. If this works, this error is computer-specific. Set your Internet Explorer security settings to a lower setting such as Medium-low. Check permissions on the top level public folder using ADSIEdit or ESM to ensure no specific denies are set. Correct if necessary. Exclude the M: drive or hidden EXIFS mapping from any antivirus file-level scanning. Restart the server to release any locked or open files. If msExchDS2MBOptions is set to 0 for the exadmin virtual directory, this error will occur. Reset this back value to the default of 66 and allow time for replication to the metabase.
The exadmin virtual directory local path has a trailing backslash (\) in the path such as the following \\.\BackOfficeStorage
Troubleshooting
Remove the trailing backslash for the virtual directory properties in IIS and then refresh ESM.
This error can occur if you have multiple Web sites configured and the default Web site is currently stopped. This Web site includes the associated virtual directories (exadmin, exchange, public, exchweb) that are not available when that site is stopped. The exadmin virtual directory is missing within IIS.
Troubleshooting
Check to see if the exadmin directory exists in IIS under the default Web site. If it does not, at a command prompt in the \inetpub\adminscripts folder, type cscript adsutil.vbs delete ds2mb and press ENTER. This will remove the information from the metabase. Restart the System Attendant service to get this information repopulated in IIS.
Possible Causes
This error can occur if there is another service taking up port 80.
Troubleshooting
Run fport.exe 80 to find the offending service and either disable it or change its port number.
You are unable to resolve the DNS name for the server you are trying to connect to in ESM.
Troubleshooting
Try pinging the server by both the NetBIOS name and the fully qualified domain name (FQDN). If the server's name is not registered in DNS, go ahead and register it. At a command prompt on the remote server, type ipconfig /registerdns. Verify in the DNS manager that this name was registered properly.
The Recipient Update Service (RUS) is not stamping public folders with proxy addresses. The Microsoft Exchange System Objects folder is not located in the root of the domain. The public folder in question is not mail enabled. The ExchangeApplicationPool attribute has been deleted from IIS.
Troubleshooting
To troubleshoot the Recipient Update Service (RUS), see Microsoft Knowledge Base article 321318, "Top support issues for the Exchange directory service" If you require assistance with the other possible causes, contact Microsoft Product Support Services for assistance. For a complete list of Microsoft Product Support Services telephone numbers and information about support costs, see the Microsoft Help and Support Web site.
You are unable to resolve the DNS name for the server you are trying to connect to in ESM.
Troubleshooting
Try pinging the server by both the NetBIOS name and the FQDN name. If the server's name is not registered in DNS, go ahead and register it. At a command prompt on the remote server, type ipconfig /registerdns. Verify in the DNS manager that this name was registered properly.
This error can occur if the msExchSecureBindings or msExchServerBindings attributes are populated with invalid information. For example, if port 443 is listed and no SSL certificate is bound to the default Web site, this error can occur.
Troubleshooting
To resolve this issue, use the following procedure to remove the invalid information.
Caution:
If you incorrectly modify the attributes of Active Directory objects when you use Active Directory Service Interfaces (ADSI) Edit, the LDP (ldp.exe) tool, or another Lightweight Directory Access Protocol (LDAP) version 3 client, you may cause serious problems. These problems may require that you reinstall Microsoft Windows Server 2003, Exchange Server 2003, or both. Modify Active Directory object attributes at your own risk.
To remove the value on the msExchSecureBindings attribute 1. Start the ADSI Edit tool from Windows 2000 Support Tools or from Windows Server 2003 Support Tools. 2. Expand the following nodes: Configuration container Configuration Services Microsoft Exchange Organization_Name Administrative Groups First Administrative Group Servers Server_Name Protocols HTTP CN=1 3. Right-click Exadmin, and then click Properties 4. Click msExchSecureBindings in the Attributes list, and then click Edit 5. If the attribute value is set to 443, or any other value, remove the value by selecting the original value and clicking Remove. Click OK two times to apply the change. 6. Close out of ADSI Edit, close and reopen Exchange System Manager and test Public Folder access again.
This error can occur if the default Web site is not configured to use port 80 or an incorrect host header is configured. The default Web site is stopped in IIS, causing the exadmin virtual directory to be unavailable. The Web site is configured to use an external IP address, not an internal one. The msExchServerBindings attribute in Active Directory for the exadmin container has an incorrect port number populated.
Troubleshooting
Change the default Web site to listen on port 80 and remove any host header entries. Start the default Web site on the Exchange server that you are attempting to connect to in ESM. Try binding the Web site to All Unassigned or an internal IP address. Verify that the msExchServerBindings port number for the exadmin virtual directory matches the port bound to the default Web site. Try connecting to another Exchange public folder to see if the same issue occurs on another server.
This error can occur if you have a certificate bound to the default Web site, you have required SSL on the exadmin virtual directory, and the certificate common name does not contain the FQDN of the server name that IIS is installed on.
Troubleshooting
To resolve this issue, remove the certificate from the default Web site and request a new certificate that contains a common name of the FQDN of the server.
Possible Causes
The exadmin virtual directory local path is set to a value other than \\.\BackOfficeStorage This error can occur if the following are true. Multiple IP addresses are bound to the NIC card. Multiple Web sites are configured on the Exchange server. The default Web site is bound to the secondary IP address that is bound to the NIC card. No DNS mapping for the second IP that maps to the FQDN of the server.
Possible Causes
HTTP keep alives are not configured for the default Web site.
Troubleshooting
Get properties of the default Web site and then select the Enable HTTP Keep Alives check box.
Troubleshooting If you have installed Internet Explorer 7 on the Exchange server that also has Exchange System Manager installed, follow these steps:
1.
Stop all Exchange and Internet Information Services (IIS) services. a. Open the Services snap-in. b. Stop the Microsoft Exchange System Attendant service. Important Note the list of dependent services that will be stopped. For example, the list of dependent services may resemble the following: Microsoft Exchange Information Store Microsoft Exchange MTA Stacks Stop the IIS Admin Service.
c.
2.
Important Note the list of dependent services that will be stopped. For example, the list of dependent services may resemble the following: World Wide Web Publishing Service Simple Mail Transfer Protocol (SMTP) HTTP SSL AntigenIMC Rename the Psapi.dll file. To do this, follow these steps: a. Open a command prompt. b. Move to the following directory: Drive_Letter:\Program Files\Exchsrvr\bin c. Change the name of the Psapi.dll file to Psapi.dll.old. d. Close the Command Prompt window. Restart the Exchange services and the IIS services. This includes the dependent services that were stopped.
3.
Troubleshooting 1. Uncheck SSL on ExAdmin Virtual Directory under Default Web Site on Exchange 2007 server. 2. Make sure the all your interfaces IP-s are granted access to ExAdmin.