blog Microsoft Windows

Recreate Exchange 2003 OWA Virutal Directories

Lately I have had a few client servers that needed this done for various reason. usually it has something to do with troubleshooting Windows Mobile 5 and 6 devices getting email via the OMA portion of Outlook Web Access on Exchange 2003. Some of them were getting the error, “ActiveSync encountered a problem on the server support code: 0×85010001″ or similar on the hand held devices. In all of the cases the following fix resolved each client’s particular problem.

Exchange 2003 has 6 total virtual directories. They are as follows:

Exchange | Exchweb | Exadmin | OMA | Public | Microsoft-Server-ActiveSync

For more information on the function of each virtual directory please visit this Daniel Petri’s website which is where I normally go to get the how-to for this function.

Now that we have identified the virtual directories associated with OWA, we need to backup the configuration and then delete them. I know, this seems like a really huge step, it was for me the first time I did it but now I do it on a regular basis. You will need to backup the configuration from IIS Manager by right clicking on the Default Web Site and going to “Save Configuration to a File”. I don’t think I need to walk you through the rest of the dialog boxes, you’ll figure it out.

Now that the configuration is backed up, delete the 6 virtual directories mentioned above. You may also, depending on OS version, have a virtual directory “exchange-oma”. Leave it alone for right now, we will get to it in a bit. Before we recreate the virtual directories, we need to delete a key out of the IIS Metabase. For this you will need to download the IIS 6.0 Resource Kit from here. Go ahead and install the package and navigate to “Metabase Explorer” which is part of the resource kit you just installed. In Metabase Explorer you will have some keys on the left hand side, LM being one of them. Expand the LM key and you will find the first one (ususally) to be DS2MB. Delete it the key DS2MB. DS2MB stands for Directory Service to Metabase. It’s purpose is to transfer configuration information from AD to IIS. It’ll get recreated during the next process.

Now that the virtual directories and the DS2MB keys are deleted, you can restart the “Microsoft Exchange System Attendant” service. That will recreate what we have deleted.

For some reason when the virtual directories are recreated you still have to fix a permissions issue to get it to function. Do this by going into IIS Manager and right clicking on the virtual directory “Exchweb” and select properties. Then go to the Directory Security tab and click Edit under Authentication and Access control. Ensure that Anonymous and Integrated Authentication are checked. An Inheritance Override dialog box will appear, make sure you click Select All. Click OK to finish. After you have completed that, go back into Authentication and Access control and uncheck Integrated Windows Authentication. (Yes I know, seems odd). Ok out and you are finished.

That pretty much sum’s the fix up. You will need to redo your SSL stuff but other than that you should have a fully functional OWA configuration.

Now, this is where the support code stuff and the exchange-oma virtual directory I mentioned earlier comes in. There are a number of mobile devices that are capable of connecting to Exchange to get email, contacts, calendar and tasks from their account. Some of them work with SSL / Forms Based Authentication and some don’t. To fix the ones that don’t support it, follow the steps below to get your non SSL Windows Mobile devices to connect to Exchange.

First delete the virtual directory (if you have it) exchange-oma. Now to finish this we will need to create a second virtual directory for OMA access. First, open IIS Manager and right click on the Exchange virtual directory and select “Save Configuration to File”.  Name is something like exchange-oma. Now, right click on “Default Website” and select new virtual directory from file.  Find the file you just saved (i.e. exchange-oma).  You will get a dialog box saying the virtual directory already exists.  In the alias box, type exchange-oma (or similar).

Lets, make it non SSL bound now.  Right click on the virtual directory you just created and go to the Directory Security Tab and then Authentication and Access control.  Make sure that Integrated and Basic authentications are enabled. Ok out and then under Secure communications click edit and uncheck “require SSL”.  Ok out and close IIS Manager.

To get IIS and Exchange to use the new virtual directory correctly we need to make a slight registry change.  Open the Registry Editor and find “HKLMSYSTEMCurrentControlSetServicesMasSyncParameters” If it does not exist, in the right pane right click and create a new String Value.  Name it ExchangeVDir and press Enter.  Modify the value of the key and put /exchange-oma in that field.

You are almost done now, quit the registry editor and restart the IIS Admin Service.  You can also use iisrestart from the run line or command prompt.

Here are some of the links I used to put this post together and have used in the past successfully.

Petri IT Knowledgebase | Dev IT Weblog | Microsoft


Mass Disable the Computer Browser Service

At a larger client I needed an easier way to disable a service on 400+ workstations than manually stopping and disabling the service. Group Policy would have worked but I wanted something quicker. Something that would not require me to reboot or force a Group Policy update to all those workstations. I use PSexec for quite a few things. PSexec is a small application from Sysinternals who is now owned by Microsoft. The application lets you remotely execute commands on workstations and servers. You can also bring up a remote command prompt and do a number of things from there. In this case I wanted to disable and stop a service on all of those workstations. I did this with the following command:

psexec \* sc config browser start= disabled

PSexec is the app that we are using to send the command “sc config browser start= disabled”. \* is stating we want to run this command on all computers in the domain. You could specify a single server/computer with \computername or replace \ with @browser.txt and have file with that name in the same directory you are in via command prompt. The sc is Service Control followed by config which modify the configuration of a specific service. You could use start or stop there to start or stop a service which is the second command that I used. Browser in the command is the service in which we are working with and “start=” is a fixed line in which you need to specify an argument. In this case I used “disabled”. You have the option to do auto, manual or disabled.

Next we need to actually stop the service. This can be done with the following command:

psexec \* sc stop browser

Pretty simple huh. Afterwards I did a few spot checks to verify that it actually worked and then setup a Group Policy for an machines that I was unable to touch with psexec as well as new computers added in the future.

More information on options with SC can be found here. PSexec is part of the PStools suite. I recommend that everyone check this out if you have not in the past. PSinfo can be used for network documentation and PSshutdown can poke a stubborn computer in the eye.


Fixing OWA / Recreating Exchange 2003 Virtual Directories

The other day, one of they guys I work with at the office was troubleshooting a smart phone issue with Exchange 2003 at a client and asked me for some help.  Well, I setup the server initially to be able to do syncing with smart phones and PDA’s so natrually, I should be able to troubleshoot it.  Nope…  This one was a bear.  The IIS Admin service would shut off by itself (no errors in the event log) as well as the World Wide Web service.  Very strange.  Then finally, I noticed that the Microsoft Exchange Routing Engine service was off as well, so I tried starting it….didn’t work because one of its dependencies is IIS Admin, so I tried starting IIS Admin and I finally got an error.  Something about the metabase.bin file being currupt.  So I tried searching for this file….(IT DOESN’T EXIST).  Metabase.xml does though so I went with that one.  Turns out it became corrupt somehow and I remembered a post on Daniel Petri’s website on how to fix it.  That site is here.  The following is a quick guide for fixing the solution (copied from Daniel Petri’s webisite):

  1. Download and install the IIS6 Resource Kit from Microsoft here.
  2. Make a backup of the web site configuration with IIS Manager.
  3. Delete the Exchange Virtual Directories (Exadmin, Exchange, Exchweb,  Microsoft-Server-ActiveSync, OMA, and Public) There are 6 total.
  4. Open “Metabase Explorer” from the IIS6 Resource Kit and delete the DS2MB key.
  5. Restart Microsoft Echange System Attendant to recreate the virtual directories.
  6. Reset permissions on the ExchWeb virtual directory in IIS Manager.  Ensure that Anonymous and Integrated authentication are checked.  Click OK to accept, and Ok on any dialog boxes that pop up.
  7. Remote anonymous authentication from the ExchWeb virtual directory (I know that sounds funny to do after you just check it but trust me)

Everything at this point is 100% default as if you just installed Exchange 2003 for the first time.  This took care of the Mobile Access issues that were happening before and somehow sped up Outlook Web Access.  ??  Well, I hope this helps in some fashion, I know for me, It’ll help me remember how to find Daniel Petri’s website for this particular issue which brings me to another issue.  I use Daniel Petri’s website 2-3 times a month or more because the content on his pages are awesome.  I’ve been going to there for a few years now and it never fails to somehow point me in the right direction.  Thank you Daniel Petri.  Here’s a link to his website.