Exchange Management Console (EMC) Very Slow loading

I have been getting this issue multiple times in my working life and I always forgot to put this up in the blog for future reference. Since, I’m getting this once again while troubleshooting an issue for a client, I decided to put this up.

There are multiple reason why your EMC loading very slowing

Your server is having a performance issue

This may sound obvious but sometimes system admins tends to look at only CPU and memory not disk I/O. Check the resource monitor and see which resource are bottlenecked. You might be surprised that AV or backup is running in the background.

Solution: paused or stop those resource hogging or use EMS.

EMC tries to connect to the certificate revocation list (CRL) Web site.

Exchange examines the CRL list to verify the code signing certificate. Since its connecting to the internet, most probably it’s using some of the IE components which we can control.

Solution: Turn off (Uncheck) “Check for publisher’s certificate revocation” & “Check for server certificate revocation” options on the server/workstations you are starting the EMC (Exchange Management Console) on. (ref)

Note: Proceed with cautions This is a security option and unchecking this represent a risk unless the machine is in a secure environment, please be aware the of consciences of this change.

  1. In Windows Internet Explorer –> Tools –> Internet Options –> Advanced tab
  2. In the Security section, uncheck the below two options “Check for publisher’s certificate revocation” & “Check for server certificate revocationCapture111

 EnableTCPA is enabled

I haven’t had any situation which requires me to disable this setting. Richard Roddy in his Technet article, wrote that if you disable the TCPChimney and RSS, you will to also disbale TCPA. Here is the excerpt of this article.

After much troubleshooting by our Directory Services team, including debug tracing of the AD processes, etc., that showed that AD performance was just fine, it was finally found that the problem was due to the EnableTCPA setting under HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters. The value was set to 1, enabling the feature, while the other Scalable Networking Pack (SNP) features (EnableTCPChimney, EnableRSS) were disabled.

According to the Windows Networking team this combination can cause the TCP driver on that machine to think that the sender has reduced its sending capacity. The TCP driver then begins to perform regular jobs in response to the low sending capacity, rather than just immediately responding to the requests. This behavior causes the slow response/pauses that we could see in the network traces. However, the fact that the TCP driver is waiting to send the outgoing packets is something that cannot be seen.

The solution: disable the feature by setting EnableTCPA to 0.

You can read the whole article here

http://blogs.technet.com/b/richardroddy/archive/2011/02/16/exchange-2010-management-tools-are-very-slow-to-open-and-respond.aspx

Personal note: I’ve always prefer to use Exchange Management Shell (EMS) since it is faster and it provides more options whether for reporting, troubleshooting, configuring or day-to-day management. I think it’s worth for a new or existing Exchange admin to invest some of his/her time learning PowerShell 😉

aaaaa

Domain Controller Missing SRV in DNS

I was assisting a client of mine on their issue with a new DC that they have install on a remote site. Suffice to say that the new DC is not properly deployed causing a lot of issues such as replication and AD DB inconsistent.

So, I assisted them to make it right. One of the thing that I did was to demote the remote site DC and repromote it back. It should be a quick fix. AD replication was working fine, SYSVOL is shared and NTDS  files is synced with other DC. But when we did a test, the remote site user aren’t able to authenticate to the local DC.

To check which site is the user machine in using command prompt

nltest /dsgetsite

To get which Domain Controller the user/machine is authenticating to

echo %logonserver%

In our case, the user is in the correct site but it’s authenticating to a HQ Domain Controller. When we check the DNS under Forward Lookup > zone_name > _msdsc  there is no record for the new DC. same goes in Forward Lookup > zone_name > _msdsc > _tcp.

After googling around, some community member suggest to restart the Netlogon service but it doesn’t work for us.

The search continue for a few hours but I then came to social.technet.microsoft.com (https://social.technet.microsoft.com/Forums/windowsserver/en-US/52675ea9-e4ce-4b46-9994-3ecd37dd61e6/srv-records-are-missing-with-dns-issues?forum=winserverDS) and someone suggested to add a DNS suffix on the NIC card. and check the “Register this connection in DNS” box and restart Netlogon. Voila! The missing SRV record is now has been added correctly in DNS!

Capture2

Resolution step

  1. Add DNS suffix under the NIC card IPV4 advanced TCP/IP settings. If your AD domain is abc.com, the put abc.com in the text box.
  2. Make sure “Register this connection’s addresses in DNS” is check.
  3. Click OK
  4. Restart NetLogon service.
  5. “net stop netlogon” to stop Netlogon service and “net start Netlogon” to start Netlogon service.
  6. Verify SRV, _ldap records in DNS.

A new chapter in my life

After some time, it’s finally here. One of the biggest and riskiest decision I have ever made in my life. I have officially resigned from my current position as a senior IT executive, managing a team of IT engineers and technicians in one of the largest construction and ship repair/conversion yard in Malaysia. The time is right and the opportunity is there. It’s up to me to grab it.

After few years dreaming, exploring and planning, I’m finally an independent IT contractor!

Wish me luck!

Exchange 2013: Exchange Admin Center (EAC) blank

Recently we have extra servers in our environment idling for quite sometime and since I’m also have some extra time that I can squeeze out of my day, I decided to test Exchange 2013. Sadly, after almost 18 months it was released I’m able to test it fully.

The installation is a breeze since Microsoft have simplified the Exchange 2013 server roles as in Exchange 5.5 – 2003 with only 2 roles, CAS & Mailbox. Anyway, installation part will be in another post.

One of the major changes in Exchange 2013 is that there is no more EMC (Exchange Management Console) and that’s really a good news for me as I have always hated using EMC due to the time it takes to present the information and lack of filtering feature as well as details information. It has been replaced with Exchange Admin Center or EAC.

I believe the most common issue for someone who testing Exchange 2013 is, you don’t know how to access EAC and when you have the address you are getting a blank screen.

How to access EAC

Https://servername.fqdn/ecp

Capture

if you are getting a blank screen

open your Exchange Management Shell (EMS) and run this command

Get-EcpVirtualDirectory | FL *URL*

Capture

Look for the InternalURL and copy and paste into your browser. Viola! You will get the the interface as in the 1st screenshot!

Hope this helps people who have the same problem like mine.

-Lokman-

Exchange 2010: Check Exchange Service and Start/Stop Service

We had an issue yesterday where some of our exchange services was stopped. You can easily check this using these command from Exchange Management Shell (EMS)  for Exchange 2010.

Test-ServiceHealth

Screenshot of the command from CAS/Hub Transport servers
Capture-cashub-ems
Screenshot of the command from Mailbox servers
Capture-mbx-ems
Take note on the “ServicesNotRunning”.

Here is the command you need to start/stop any of the Exchange Services. If you want to properly restart Exchange Service without rebooting the servers, copy and paste this in Powershell console/Exchange Management Shell. Make sure you its in the same order of the one listed below.

Stop-Service MSExchangeAB
Stop-Service MSExchangeADTopology
Stop-Service MSExchangeAntispamUpdate
Stop-Service MSExchangeEdgeSync
Stop-Service MSExchangeFBA
Stop-Service MSExchangeFDS
Stop-Service MSExchangeIS
Stop-Service MSExchangeMailboxAssistants
Stop-Service MSExchangeMailboxReplication
Stop-Service MSExchangeMailSubmission
Stop-Service MSExchangeProtectedServiceHost
Stop-Service MSExchangeRepl
Stop-Service MSExchangeRPC
Stop-Service MSExchangeSA
Stop-Service MSExchangeSearch
Stop-Service MSExchangeServiceHost
Stop-Service MSExchangeThrottling
Stop-Service MSExchangeTransport
Stop-Service MSExchangeTransportLogSearch

Start-Service MSExchangeAB
Start-Service MSExchangeADTopology
Start-Service MSExchangeAntispamUpdate
Start-Service MSExchangeEdgeSync
Start-Service MSExchangeFBA
Start-Service MSExchangeFDS
Start-Service MSExchangeIS
Start-Service MSExchangeMailboxAssistants
Start-Service MSExchangeMailboxReplication
Start-Service MSExchangeMailSubmission
Start-Service MSExchangeProtectedServiceHost
Start-Service MSExchangeRepl
Start-Service MSExchangeRPC
Start-Service MSExchangeSA
Start-Service MSExchangeSearch
Start-Service MSExchangeServiceHost
Start-Service MSExchangeThrottling
Start-Service MSExchangeTransport
Start-Service MSExchangeTransportLogSearch

Hope this helps someone. Ping me

-Lokman-

Exchange 2010: Allow Anonymus Receive Connector for in-house application

If you are working or doing some migration work for a 40 years old company, chances are you bump into one or few legacy applications that don’t support SMTP authentication but it is still being used and will not be retired any soon. These application sends out email for notifcation.

To resolves this, we need to allow Exchange Receive Connector to allow relay without any form of authentication. Here’s how to do it form Exchange Management Shell(EMS).

Get-ReceiveConnector -Identity “Anonymous Relay Connector” | Add-ADPermission -User “NT AUTHORITY\ANONYMOUS LOGON” -ExtendedRights “Ms-Exch-SMTP-Accept-Any-Recipient”

As a best practice, make sure that you only allow connection from specific IP address. This can be done from Exchange Management Console (EMC) > Microsoft Exchange On-premises (your server name) > Server Configuration > Hub Transport > Receive Connectors

restricted

source: http://www.cgoosen.com/2012/01/exchange-2010-anonymous-relay-receive-connector/