Microsoft Exchange

Recreate Microsoft Exchange Security Group in Exchange 2010

Posted on Updated on

Yesterday, when i checked exchange problem at my customer i got microsft exchange security group like Organization Management, Recipient Management, etc. is missing in Active Directory.

This article will explain how to recreate microsoft exchange security group.

Now Running /preparead won’t allow you to recreate it as OtherWellKnownObjects attribute on the Microsoft Exchange Container  will be pointing to Deleted Objects , It has to be Removed


i cannot remove attribute via adsi edit


then i try to remove via LDP

type windows+R type LDP

Click Connection then connect, Click Ok if you running on the Server itself


View tree


Choose > Configuration Container


Now You won’t be Expand it . Unless you Bind it

Connection –> Bind


Double Click on Configuration > To Expand

Scroll down to Microsoft Exchange Container > Right Click > Modify


Now we got to Edit OtherWellKnownObject attribute

Attribute : OtherWellKnownObject

Choose : Replace

Click on Enter


Now Empty Value has been Added, Click Run


Now you could see in ADSI Edit Other Well known Objects have been Cleared


Now /preparead is successful


and now microsoft exchange security group are back


Note : you need to assign access to user account exchange administrator and computer exchange server like “exchange trusted subsystem” “Exchange Servers” “organizatoin management”and others.

good luck


Upgrade Exchange 2010 SP3 : Error Message “The ‘IIS 6 WMI Compatibility’ component is required”

Posted on

Last week when upgrade exchange 2010 to sp3 at my customer.

i got this error when readliness check for client access role prerequisites.

“The ‘IIS 6 WMI Compatibility’ component is required”


Solution :

you need to install role services IIS 6 WMI Compatibality in Server manager


after install iis wmi compatibality you can retry upgrade exchange 2010 sp3.

Good luck

Access denied when you try to give user “send-as” permission for a Distribution Group in Exchange Server 2013

Posted on Updated on

Yesterday i want to give access Send As Permission for distribution list and i got some error :

This error is not retriable. Additional information: Access is denied. Active directory response: 00000005: SecErr: DSID-031521D0, problem 4003 (INSUFF_ACCESS_RIGHTS)

then after i read this article i found root cause this problem cause by default Exchange Trusted Subsystem is not granted the “modify permissions” permission.

Resolution for this problem you can add Exchange Trusted Subsystem to Permission in OU that contains the Distribution Group by following these steps:

  1. Open Active Directory Users and Computers.
  2. Click View, and then click Advanced Features.
  3. Right-click the OU that contains the distribution lists, and then click Properties.
  4. In the Security tab, click Advanced.
  5. In the Permissions tab, click Add.
  6. In the Enter object name to select box, type Exchange trusted subsystem, and then click OK.
  7. In the Object tab, select This object and all descendants objects in the Apply into list, locate Modify Permissions in the Permissions list, and then set it to Allow.
  8. Click OK

Try again and it works now 😀

error Exchange 2013 Mailbox role fails stating to upgrade the discovery mailboxes to R5 version

Posted on Updated on

I was doing installation of second Exchange Server 2013 Mailbox Role for my DAG (Production) today and got this error. This error reminded me my Microsoft Exchange PSS days.

I have seen this error before when exchange server 2010 was RTM.


After reading different articles, I was able to resolve this issue by performing the following steps:

  1. open up ADSIEDIT.msc
  2. Open the Default Naming Context
  3. Locate the Users container
  4. Go to the properties of a 2010 user acount and locate the value that is set in the homMDB attribute. Make a copy of the contents that are set in that attribute
  5. Locate the CN=DiscoveryMailbox Search and go to properties
  6. In the homeMDB attribute paste in the value that was copied from the regular 2010 user account
  7. Repeat step 6 for the following system mailbox CN=SystemMailbox{1f05a927-30df-4fe0-8a40-136e6d78e2d1}
  8. Repeat step 6 for the following system mailbox CN=SystemMailbox{e0dc1c29-89c3-4034-b678-e6c29d823ed9}

After updating the homeMDB value for the Discovery and two System Mailboxes restart the Information Store.

and it works now Open-mouthed smile

integrate MS.Lync and after reset owa virtual directory

Posted on Updated on

mostly after reset owa virtual directory,we cant chating via owa used lync solved this problem. we need to re configure integrate between ms lync and ms exchange. windows power shell and type this command

Get-ExchangeServer server | Get-OWAVirtualDirectory | Set-OWAVirtualDirectory -InstantMessagingType OCS -InstantMessagingEnabled:$true -InstantMessagingCertificateThumbprint idcertificatethumbprint –nstantMessagingServerName


2.iis reset on you exchange server


Reset Owa virtual directory

Posted on Updated on emc and navigate to server configuration> client access > select server and klik outlook web app,than klik reset virtual directory

image what you want to reset, in this case I want to reset OWA

image specifie path and name


4.than klik reset


5.the last klik finish


Upgrade exchange 2013 CU2 to Cu3 “Error occurred while uninstalling Search Foundation for Exchange.System.Exception: Cannot determine the product name registry subkey, neither the ‘RegistryProductName’ application setting nor the ‘CERES_REGISTRY_PRODUCT_NAME’ environment variable was set”

Posted on Updated on

Problem : Error when running Step 7 Mailbox Role:Transport Service


Solution : You can disable IPV6 via regedit

1.Open registry.exe

2.Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters \

3.Double-click DisabledComponents to change the DisabledComponents entry

Note : If the DisabledComponents entry is unavailable, you must create it. To do this, follow these steps:

  1. In the Edit menu, point to New, and then click DWORD (32-bit) Value.
  2. Type DisabledComponents, and then press ENTER.
  3. Double-click DisabledComponents.

4.Type any one of the following values in the Value data field to configure the IPv6 protocol to the desired state, and then click OK:

Type 0xffffffff to disable all IPv6 components except the IPv6 loopback interface. This value also configures

5.To use the DisabledComponents registry value to check whether IPv6 was disabled, run the following command at a Windows command prompt:

reg query HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters /v DisabledComponents

6.Restart computer and,try again to upgrade CU3.

good luck Open-mouthed smile