Sysadminsblog.com Anything for sysadmins!

2May/130

Forcing a full sync with Office 365 Dir Sync

There was a warning in the Application part of the event viewer.

The management agent "TargetWebService" completed run profile "Delta Confirming Import" with a delta import or delta synchronization step type. The rules configuration has changed since the last full import or full synchronization.
</p><p>User Action
</p><p>To ensure the updated rules are applied to all objects, a run with step type of full import and full synchronization should be completed.

Every time you run the Directory Sync Configuration you will force a delta sync, which is an incremental sync and not a full sync. To force a full sync you'll have to do the following.

  1. Start the registry editor - regedit
  2. Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSOLCoExistence
  3. Find the FullSyncNeeded DWORD and set it to 1
  4. Start the Dir Sync Config Shell –
    %programfiles%\Microsoft Online Directory Sync\DirSyncConfigShell.psc1
  5. Run the CMDlet Start-OnlineCoexistenceSync

You can follow the sync steps by opening the Miisclient located at –

C:\Program Files\Microsoft Online Directory Sync\SYNCBUS\Synchronization Service\UIShell\miisclient.exe

Good luck!

2May/130

Dir Sync: Unable to establish a connection to the authentication service

Users reported that they couldn't access their personal archives. The archives are stored on the Office 365 services and should always be accessible. Of course the first clue was located in the event viewer where I found the following errors.

Log Name:      Application
</p><p>Source:        Directory Synchronization
</p><p>Date:          2-5-2013 8:31:38
</p><p>Event ID:      0
</p><p>Task Category: None
</p><p>Level:         Error
</p><p>Keywords:      Classic
</p><p>User:          N/A
</p><p>Computer:      &lt;servername&gt;
</p><p>Description:
</p><p>Unable to establish a connection to the authentication service. Contact Technical Support. GetAuthState() failed with -2147186688 state. HResult:0. Contact Technical Support.  (0x80048862)
</p><p>Event Xml:
</p><p>&lt;Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"&gt;
</p><p>  &lt;System&gt;
</p><p>    &lt;Provider Name="Directory Synchronization" /&gt;
</p><p>    &lt;EventID Qualifiers="0"&gt;0&lt;/EventID&gt;
</p><p>    &lt;Level&gt;2&lt;/Level&gt;
</p><p>    &lt;Task&gt;0&lt;/Task&gt;
</p><p>    &lt;Keywords&gt;0x80000000000000&lt;/Keywords&gt;
</p><p>    &lt;TimeCreated SystemTime="2013-05-02T06:31:38.000000000Z" /&gt;
</p><p>    &lt;EventRecordID&gt;27537&lt;/EventRecordID&gt;
</p><p>    &lt;Channel&gt;Application&lt;/Channel&gt;
</p><p>    &lt;Computer&gt;&lt;servername&gt;&lt;/Computer&gt;
</p><p>    &lt;Security /&gt;
</p><p>  &lt;/System&gt;
</p><p>  &lt;EventData&gt;
</p><p>    &lt;Data&gt;Unable to establish a connection to the authentication service. Contact Technical Support. GetAuthState() failed with -2147186688 state. HResult:0. Contact Technical Support.  (0x80048862)&lt;/Data&gt;
</p><p>  &lt;/EventData&gt;
</p><p>&lt;/Event&gt;

Log Name:      Application
</p><p>Source:        FIMSynchronizationService
</p><p>Date:          2-5-2013 8:31:50
</p><p>Event ID:      6803
</p><p>Task Category: Management Agent Run Profile
</p><p>Level:         Error
</p><p>Keywords:      Classic
</p><p>User:          N/A
</p><p>Computer:      &lt;servername&gt;
</p><p>Description:
</p><p>The management agent "TargetWebService" failed on run profile "Full Confirming Import" because the server encountered errors.
</p><p>Event Xml:
</p><p>&lt;Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"&gt;
</p><p>  &lt;System&gt;
</p><p>    &lt;Provider Name="FIMSynchronizationService" /&gt;
</p><p>    &lt;EventID Qualifiers="49152"&gt;6803&lt;/EventID&gt;
</p><p>    &lt;Level&gt;2&lt;/Level&gt;
</p><p>    &lt;Task&gt;1&lt;/Task&gt;
</p><p>    &lt;Keywords&gt;0x80000000000000&lt;/Keywords&gt;
</p><p>    &lt;TimeCreated SystemTime="2013-05-02T06:31:50.000000000Z" /&gt;
</p><p>    &lt;EventRecordID&gt;27539&lt;/EventRecordID&gt;
</p><p>    &lt;Channel&gt;Application&lt;/Channel&gt;
</p><p>    &lt;Computer&gt;&lt;servername&gt;&lt;/Computer&gt;
</p><p>    &lt;Security /&gt;
</p><p>  &lt;/System&gt;
</p><p>  &lt;EventData&gt;
</p><p>    &lt;Data&gt;TargetWebService&lt;/Data&gt;
</p><p>    &lt;Data&gt;Full Confirming Import&lt;/Data&gt;
</p><p>  &lt;/EventData&gt;
</p><p>&lt;/Event&gt;

Log Name:      Application
</p><p>Source:        FIMSynchronizationService
</p><p>Date:          2-5-2013 8:31:50
</p><p>Event ID:      6110
</p><p>Task Category: Management Agent Run Profile
</p><p>Level:         Warning
</p><p>Keywords:      Classic
</p><p>User:          N/A
</p><p>Computer:      &lt;servername&gt;
</p><p>Description:
</p><p>The management agent "TargetWebService" step execution completed on run profile "Full Confirming Import" but the watermark was not saved.
</p><p> 
 </p><p> Additional Information
</p><p> Discovery Errors       : "0"
</p><p> Synchronization Errors : "0"
</p><p> Metaverse Retry Errors : "0"
</p><p> Export Errors          : "0"
</p><p> Warnings               : "0"
</p><p> 
 </p><p> User Action
</p><p> View the management agent run history for details.
</p><p>Event Xml:
</p><p>&lt;Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"&gt;
</p><p>  &lt;System&gt;
</p><p>    &lt;Provider Name="FIMSynchronizationService" /&gt;
</p><p>    &lt;EventID Qualifiers="32768"&gt;6110&lt;/EventID&gt;
</p><p>    &lt;Level&gt;3&lt;/Level&gt;
</p><p>    &lt;Task&gt;1&lt;/Task&gt;
</p><p>    &lt;Keywords&gt;0x80000000000000&lt;/Keywords&gt;
</p><p>    &lt;TimeCreated SystemTime="2013-05-02T06:31:50.000000000Z" /&gt;
</p><p>    &lt;EventRecordID&gt;27540&lt;/EventRecordID&gt;
</p><p>    &lt;Channel&gt;Application&lt;/Channel&gt;
</p><p>    &lt;Computer&gt;&lt;servername&gt;&lt;/Computer&gt;
</p><p>    &lt;Security /&gt;
</p><p>  &lt;/System&gt;
</p><p>  &lt;EventData&gt;
</p><p>    &lt;Data&gt;TargetWebService&lt;/Data&gt;
</p><p>    &lt;Data&gt;Full Confirming Import&lt;/Data&gt;
</p><p>    &lt;Data&gt;0&lt;/Data&gt;
</p><p>    &lt;Data&gt;0&lt;/Data&gt;
</p><p>    &lt;Data&gt;0&lt;/Data&gt;
</p><p>    &lt;Data&gt;0&lt;/Data&gt;
</p><p>    &lt;Data&gt;0&lt;/Data&gt;
</p><p>  &lt;/EventData&gt;
</p><p>&lt;/Event&gt;

When I started the Synchronization Service Manager at

C:\Program Files\Microsoft Online Directory Sync\SYNCBUS\Synchronization Service\UIShell\miisclient.exe

, it showed the error stopped-server-down.

Seeing that it couldn't connect to some server I had to find out what server it was trying to connect to. In the Synchronization Service Manager I checked the Management Agents where in the properties of the TargetWebService I found the server that it was trying to connect to; https://adminwebservice.microsoftonline.com/ProvisioningService.svc.

After clearing the cache of the DNS services and flushing the DNS locally on the server I forced another full import which ran without problems.

Hope this helps you with solving your problem!

7Dec/123

PST Capture errors

I'm currently in the process of configuring PST Capture in order to migrate all the user's PST files to the recently configured cloud based Online Archive. As this wasn't working properly, I contacted Microsoft and opened a support ticket. I'm getting the error "Import error: Error opening mailbox <mail address>" when I try to import the PST file into my Online Archive. During the troubleshooting of this error I came across a nice list of requirements for the PST Capture tool to function properly. This might help you to configure everything correctly.

  1. Please make sure that you have the 64 Bit version of Outlook installed and that it is installed on the machine on which PST Capture Tool is running.
  2. Please check if the user has the Mailbox Import Export permissions. If it does not have them, then please assign them using the following command:
    </em>New-ManagementRoleAssignment -Role "Mailbox Import Export" -User "PSTImportUser"
  3. Please check that the Microsoft Exchange PST Capture Tool's Service Account has an Exchange 2010 Mailbox.
  4. Please check that the PST Capture Tool's Service Account is a member of Local Administrators Group.
  5. Please make sure that the PST Capture Tool's Service Account is a member of Organization Management and also the Public Folder Management.
  6. Check that the Service Account is mailbox-enabled and has an Outlook profile configured for it.
  7. Please make sure that the correct Service Account is chosen for the PST Capture Tool. To do this, please go to Properties of 'Microsoft Exchange PST Capture Service' > Log on tab  and check the Service Account.

 

Please comment below if you have questions about the PST Capture tool, or the above settings.

15May/122

Office 365 – Exchange Online

No doubt you've heard about Office 365. But have you checked it out already? I have recently checked out all the pros and cons and now it's time to make a small summary of the Exchange Online service.

The people in the company that I work for are quite demanding. I'm currently offering 2GB mailboxes and as expected they are not big enough. To make the entire setup future proof, I'll have to increase the capacity of the Exchange environment drastically - OR - introduce Office 365. Of course I needed to know the limitations of Office 365 to make sure that it meets the expectations of the people that are going to use it. Here are the most important limitations of Exchange Online.

  • Public folders are not available.
  • When using ADFS 2.0 for single sign-on users can't change their password from the Outlook web access.
  • The Office 365 Directory Synchronization toll ignores dynamic distribution groups in on-premise AD.
  • Hierarchical address lists, Global Address List segmentation, custom Global Address List views, and multiple address lists per organisation are not available in Exchange Online
  • Import of .pst files using the New-MailboxImportRequest is not available in Exchange Online. Microsoft introduced the PST Capture Tool to accommodate this need.
  • OWA does not support S/MIME.
  • Administrators can't search the Transport Logs, only Delivery Reports
  • SMTP relay has to be done with a valid licensed Exchange Online mailbox using TLS, which is not widely supported by applications.
  • A deleted Exchange Online mailbox is available for 30 days, after which it is not recoverable. To restore a mailbox within the 30 days, a call to Office 365 support has is required.
  • Granular recovery of deleted email is only available through the dumpster.
  • The personal archive quota is non-configurable.
  • Message limit is set to 25MB and can't be changed.
  • Exchange Online has restrictions that prevent users and applications from sending large volumes of email. Each Exchange Online mailbox can send messages to a maximum of 1,500 recipients per day. An email message can be addressed to a maximum of 500 recipients. These limits apply to emails sent within the internal domain as well as to messages delivered to external contacts. However, a distribution group that is stored in the Global Address List counts as one recipient but in a personal distribution group each recipient is counted separately. Keep in mind that this is not unique recipients per day!

This is just a summary of the most important limitations for my organization. Every organization has its own requirements so it's best to review the documents here: http://www.microsoft.com/en-us/download/details.aspx?id=13602

Here is some pricing information:

US: http://www.microsoft.com/en-us/office365/exchange-online.aspx#fbid=tT5iCI8N9Lr

NL: http://www.microsoft.com/nl-nl/office365/exchange-online.aspx

If you're considering Exchange Online you might want to look into the Office 365 subscriptions especially when you're also using Microsoft Office. The Microsoft Office suite is quite expensive and it might be interesting to take an Office 365 E3 or E4 subscription as that includes Office Professional Plus.

The whole Office 365 package might be a lot to take in, but when you start calculating the prices it's actually quite interesting. Just take into consideration the pricing of the storage, servers, backup, maintenance and upkeep.

The company I work for is now moving to a hybrid setup. The user mailboxes will be in an on-premise Exchange environment with the personal archives in the cloud using Office 365 Online Archiving.

I hope this helps anyone of you to make a decision!