Category Archives: Exchange 2003

Exchange 2003

Exchange 2003 failing to start, Restoring while keeping latest mailbox store. Using eseutil /r /i

I came up -just now- with a failing to boot VM running an Exchange 2003.

Thank God:
I had Backup of the VM
Had Seperated Exchange Mailboxes from system and had put them to another attached vhd.

When I tried to attach the system vhd to the host, failure was coming up…don’t even remember the exact error message since I was rather frustrated! Fortunately the mailbox vhd was attached succesfully, somehow luckily! So mailboxes are intact!

Restored both vhds from backup-while keeping in mind, that if I replace the mailbox vhd users will lose -at least- one day of mails (don’t even want to think about it).

Therefore I kept the mailbox vhd as present, while restoring the system vhd from the previous night’s backup.

Booted the VM and all services came up…with no problem…Come on, be a sport, can’t be that easy!

Well after launching Exchange system manager Mailbox store and Public Folder store were unable to be mounted!

Ok…fingers crossed and we fire up the restore process.

Navigate to your logs folder (there where the e00xxx files are in, x:\mdbdata\)

Copy in x:\mdbdata the

that you will find in c:\program files\Exchsrvr\bin

These files need to be in the same folder with the logs (just to make the process easier, while not loosing time with paths).

Fire up command prompt and type

x:\mdbdata\eseutil /r /i

and hit enter.

/i switch will ignore mismatched/missing database attachments

The process of regeneration of Exchange databases will start and you may monitor it by refreshing your application log.

Be patient, the more e00 logs you have in, the more time it will take.

After eseutil has finished its job go ahead and manually mount your Mailbox and Public Folder store.

Till next time:) Goodnight!

see more on


Renew a custom IIS Certificate that is about to expire, without affecting clients

A custom (non paid) certificate is about to expiry and you are afraid that your web clients won’t be able to login, or have problems logging in due to that certificate expiration?

A great example of this would be OWA (outlook web access) certificates renewal.

1.Go to your IIS web server.

2.Right Click on the website having the expiring certificate and click properties

3.Click on Directory Security tab and then on Server Certificate and click next

4.Click on Renew the current Certificate and then Prepare the request now, but send it later.

5.The wizard will save the Certificate request on a file on your drive (c:\certreq.txt)

6.After the wizard finishes you should fire up your certificate authority web site. IE is recommended for this job!


This should look like this.

7.Click on Request a Certificate link and then on “advanced certificate request”

8.Click on the second link saying:

Submit a certificate request by using a base-64-encoded CMC or PKCS #10 file, or submit a renewal request by using a base-64-encoded PKCS #7 file.

Browse for a file to insert (take the file you created on your certificate request back on step 5). If your IE has its security settings enabled then you may just copy and paste the contents of the txt file created on step 5.

REMEMBER!!! Certificate template should be “Web Server”

Click on submit on your bottom right.

9.Download the certificate created and in case you need it in the future its chain as well.

10.Go back to your IIS that waits for the renewal. Do again steps 2 and 3 in order to go back to Security>Certificates configuration.

11.This time the server waits for the certificate you created and downloaded on step 9.

12.Proceed with submiting the certificate.

13.Export the certificate in pfx format directly from your IIS using the appropriate button on your Certificate Wizard. You will need this in order to publish this certificate again on your firewall/ISA/TMG

Now there is a case that in front of your web server you have an ISA or other Firewall to initially do the “talking” with your external clients. Therefore you need to install this certificate (step 13) to the “talker”

In case of an ISA/TMG:

14.Launch mmc>Add Certificates>LOCAL COMPUTER

15.Remove all old expiring certs from your Personal Directory

16.Import new pfx file (step 13)

17.Check your rule in OWA Publish in SSL/https Web listener –change Certificate.

Have a nice day 🙂

Creative People

Outlook RPC over SSL/HTTPS works for all accounts except some…

It is not long ago that I stepped into another “everyday IT problem”…All accounts in and out work perfect with RPC over ISA configuration except 2 of them.
Those two accounts had been initialized after a copy in the AD console from other users in the same departments, having exactly the same user permissions and Exchange advanced capabilities. However those 2 accounts had something in common between them, and different from the rest at the same time.
Hide from Exchange address lists checked in Exchange Advanced tab as in the snapshot below.
This seems logical of course, if you consider the fact that the RPC infrastructure uses the Exchange address lists for passing credentials from the Active Directory to your Global Catalog/RPC proxy. Thus if you hide a user from this list…no matter much you try, how correct your certificates are, along with your Outlook clients correct configuration, you will never initiate a NEW connection to your Exchange RPC over HTTPS.
I say NEW, since if the connection is established once (with the user visible to Exchange Address lists), then you may hide the user again. However don’t take this for granted, since I survived over two controversial examples. The one worked…the other did not.
Hope this saves you some timeJ.

Cannot connect to Exchange 2003 RPC with Outlook 2007/2010

I am looking in to this problem some days now, not only on Outlook 2003 but on 2007 and 2010 as well. 
I have followed all the needed procedures found around the web but nothing. Outlook 2007 keeps asking for username/pass without going anywhere. 
The run command outlook.exe /rpcdiag shows that there is no active or actually working connection.
My solution came after doing the following:
At first on the client side:
Added the following on registry  key [HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\RPC]
12.0/11.0 for prior Outlook versions
(if no rpc key, then simply create it, right click on Outlook>new key)
“DefConnectOpts”=dword:00000000 (as colleagues mention above)
Also add the following under RPC as well
“ConnectTimeout”=dword value with hex value 000493e0
“ConnectTimeoutLow”=dword value with hex value 000493e0
“RFRTimeout”=dword value with hex value 000493e0
Secondly on the server:
On you will find the best way to resolve it….but as we ITs are on hurry all the time, we don’t usually see what “exists” right in front of our eyes.
Download the tool called RPCNoFrontEnd (19kb) mentioned on the page (mid). Execute after putting your external fqdn. This tool will make all the necessary registry changes needed on the server part and till now I have not found elsewhere. God bless the guy who wrote it, Harry Bates.
Restart your server in order the registry changes to have effect.
Test your Outlook client Exchange connection through RPC/HTTPs (/rpcdiag if you want). It will take a while in the first time but I worked for me.
Hope this helps…I’m going to sleep now, cause I have a tough day tomorrow.
PS. The best walkarounds I have got till now are the following:

PS2. Be sure that the following registry entries are made on RPC and/or GC server


Here you need to change the value of the ValidPorts key, the values should be entered in the below format:
ExchangeServer:593; ExchangeServerFQDN:593; ExchangeServer:6001-6002; ExchangeServerFQDN:6001-6002; ExchangeServer:6004; ExchangeServerFQDN:6004; GlobalCatalogServer:593; GlobalCatalogServerFQDN:593; GlobalCatalogServer:6004; GlobalCatalogServerFQDN:6004
This means if your Exchange server is named Exchange01 and your Global Catalog server is called GlobalCatalog01 and both are members of the AD domain , it should look like:
Exchange01:593;; Exchange01:6001-6002;; Exchange01:6004;; GlobalCatalog01:593;; GlobalCatalog01:6004;
Now we need to logon to the Global Catalog server (which would be the Domain Controller), here we need to add a string to the registry as well, so navigate to:
– Then click Edit in the menu > New then click Multi-String Value
– Name it “NSPI interface protocol sequences”
– Right-click the NSPI interface protocol sequences multi-string value, and then click Modify
– Type ncacn_http:6004 in the value box

Now restart the Global Catalog Server.

Mine worked! 🙂
%d bloggers like this: