How to fix the alert - Script Based Test Failed to Complete “The script 'AD Op Master Response' failed to create object 'McActiveDir.ActiveDirectory'.”

If you receive the alert “Script Based Test Failed,” in the System Center Operations Manager Console with the following in the Alert description: “AD Op Master Response : The script 'AD Op Master Response' failed to create object 'McActiveDir.ActiveDirectory'. This is an unexpected error.
The error returned was: 'ActiveX component can't create object' (0x1AD) “

There are 2 things that you need to do to fix this

1. Make sure that the “AD MP Account” run as profile is properly configured and assigned to the system generating the alert. The requirements for this account is documented in the management pack guide.
2. Install the Active Directory Helper Object (oomads.msi) on the system generating the alert.

Once the Run as profile is set and OomADs.msi is installed the alert should not reoccur. The existing alerts are created by rules not monitors, and therefore will have to be manually closed.

Dave Pavone
M3 Postmasters

www.m3tg.com

Create a "Check Alert in Google" lookup task in SCOM 2007

In System Center Operations Manager you can create custom tasks in the console to perform actions based on a alert. A really easy to create, and incredibly useful console task is a “Check Google” alert task. What this task will do is open up a browser and query Google for the name of a particular alert. Google then may find more information or possibly solution for the alert in Technet, blogs, or many of the SCOM websites.

To Create the Google lookup console task:

1. Open Up the System Center Operations Manager 2007 Console
2. Click on the Authoring tab
3. Expand Management pack objects
4. Right Click Tasks and Select Create a New Task… This will start the Create Task Wizard
5. In the Task Type pane Select Alert Command Line Under Console Tasks
6. Select a Management Pack to store the task in ( I recommend creating a separate management pack for this) Click Next
7. Type a name for the task such as !Check Google – Note: This is the label for the task in the action pane of the console. Click Next
8. Under Application: type (with quotes) “%programfiles%\Internet Explorer\iexplore.exe”
9. Under Parameters: type (without quotes) “http://google.com/search?q= $Name$”
10. Uncheck Display output when this task is run and then click OK

Another cool thing you can do with this is search internal knowledge bases using SharePoint search. Just swap out your SharePoint search URL for Google in the Parameters.

Remember to keep the $Name$ Parameter because this actually passes the Alert Name to the search URL.

You can also search the public “Research this” knowledge base by substituting “http://www.systemcenterforum.org/search/ $Name$” (no quotes) in for the parameters.

Dave Pavone
M3 Postmasters
www.m3tg.com

What to do when you get "POP3 Error 'Err Command is not valid in this state"

When attempting to connect to an Exchange 2007 using the POP3 protocol you receive the error” Err Command is not valid in this state”.

In testing, you telnet to the Client Access Server on port 110. You pass the appropriate credentials and password and still receive the same error.

Issue:
The application that is attempting to logon or also using the above example, the logon is being performed via Plain Text and by default Exchange 2007 POP3 will not allow a Plain Text logon.

Resolution:
Open the Exchange Management Shell and enter the following cmdlt:Set-PopSettings -LoginType PlainTextLoginRestart the POP3 service.

What To Do When BES Users Can't Activate

When attempting to add new users to a BES, the following events are generated in the Application Log on the BES server:

Event Type: WarningEvent Source: BlackBerry Messaging Agent SERVERNAME Agent 1Event Category: NoneEvent ID: 20400Date: 3/6/2008Time: 10:02:31 AMUser: N/AComputer: SERVERNAMEDescription:mailto:%7Buser@domain.com} MAPIMailbox::MAPIMailbox(2) - OpenMsgStore (0×80004005) failed, MailboxDN=/o=ORGNAME/ou=First Administrative Group/cn=Recipients/cn=User, ServerDN=/o=OrgName/ou=First Administrative Group/cn=Configuration/cn=Servers/cn=SERVERNAME/cn=Microsoft Private MDB Event Type: Warning
Event Source: BlackBerry Messaging Agent SERVERNAME Agent 1Event Category: NoneEvent ID: 20154Date: 3/6/2008Time: 10:02:31 AMUser: N/AComputer: SERVERNAMEDescription:User Doe, John not started

After verifying the permissions were correct, it appeared this was being caused by Outlook being installed on the BES. To uninstall Outlook the following procedure was performed which ended up resolving the issue:

1. Uninstall Outlook 2003.
2. Search for and remove any MAPI32.dll files with file versions of 1.0.2536.0.
3. Uninstall the Exchange System Management Tools from the Blackberry Enterprise Server.
4. Reboot the Blackberry Enterprise Server.
5. Reinstall the Exchange System Management Tools on the Blackberry Enterprise Server.
6. Install Exchange 2003 SP2 on the Blackberry Enterprise Server.
7. Delete the existing MAPI profile for BESAdmin from the registry.(HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\BESADMIN (or whatever your profile is called))
8. Recreate the MAPI Profile by going to Start->Programs->Blackberry Enterprise Server->Edit MAPI Profile.
9. Reboot the Blackberry Enterprise Server.

After the reboot users should be added to the BES without errors.

ISA, Exchange 2007 and Exchange 2000 Coexistence OWA Issue

Issue:
During coexistance between Exchange 2000 and Exchange 2007, you will see issues when implementing typical Exchange 2007 ISA publishing rules. There are instances where you will see Authentication Challenges. You might also be seeing the graphics for Exchange 2000 mailboxes not being properly displayed.

Things to look at:
On the OWA publishing rule’s listener, try setting the rule to allow “all users” instead of only allowing “authenticated users”. To make sure that security is not an issue with this, use HTTPS for your inetrnal URL redirection then instead of HTTP.

Also check to see if you are performing any link redirection, e.g. internal url of webmail.domain.com redirects to a different internal url of owa.domain.com. If so, make sure add link translation to the rule. This will assist with the graphics issues.

Error code 3221685931 when installing an Exchange 2007 CCR cluster

I ran into an interesting problem the other day when I was building out a new CCR cluster in an existing Exchange 2007 environment.

I had received new IBM hardware from my customer and they had staged the OS and all the SAN connections. Everything looked good from an installation standpoint prior to beginning the Exchange build.

I proceeded to commence the CCR build and all went really well when adding both nodes of my 2 node CCR cluster into a clustered windows configuration. I started experiencing issues when installing the Exchange bits directly from the Exchange 2007 SP1 media.

During installation, the admin tools and mailbox role would complete successfully but when setup reached the CMS installation phase, the following error was reported:

Mailbox Role
Failed
Error:
An error occurred. The error code was 3221685931.
The message was The network address is invalid..

After closing out of the installation, the mailbox role and admin tools would be installed but none of the shared cluster resources would be created in the cluster administrator. Checking the Exchange setup logfile, the following snippet was provided:

[08/02/2008 04:30:11] [2] DsRoleGetPrimaryDomainInformation returned:[08/02/2008 04:30:11] [2] DSROLE_PRIMARY_DOMAIN_INFORMATION::MachineRole = 3[08/02/2008 04:30:11] [2] DSROLE_PRIMARY_DOMAIN_INFORMATION::Flags = 1000000[08/02/2008 04:30:11] [2] DSROLE_PRIMARY_DOMAIN_INFORMATION::DomainNameFlat = “COMPANY”[08/02/2008 04:30:11] [2] DSROLE_PRIMARY_DOMAIN_INFORMATION::DomainNameDns = “COMPANY.AD.LOCAL”[08/02/2008 04:30:11] [2] DSROLE_PRIMARY_DOMAIN_INFORMATION::DomainForestName = “AD.LOCAL”[08/02/2008 04:30:11] [2] User has specified a DC; m_strDC = “bdhw3ka3.COMPANY.AD.LOCAL”[08/02/2008 04:30:12] [2] CDirectoryManager::ScGetLocalDomainInformation (f:8.01.0240\sources\dev\admin\src\udog\setupbase\tools\dsmgr.cxx:436) Error code 0XC00706AB (1707): The network address is invalid.[08/02/2008 04:30:12] [2] Leaving CDirectoryManager::ScGetLocalDomainInformation[08/02/2008 04:30:12] [2] CDirectoryManager::ScReInitWithDC (f:8.01.0240\sources\dev\admin\src\udog\setupbase\tools\dsmgr.cxx:267) Error code 0XC00706AB (1707): The network address is invalid.[08/02/2008 04:30:12] [2] Leaving CDirectoryManager::ScReInitWithDC[08/02/2008 04:30:12] [2] ScInitializeManagedCodeContext (f:8.01.0240\sources\dev\admin\src\udog\exsetdata\exsetds.cxx:384) Error code 0XC00706AB (1707): The network address is invalid.[08/02/2008 04:30:12] [2] ScSetupAtom (f:8.01.0240\sources\dev\admin\src\udog\exsetdata\exsetds.cxx:897) Error code 0XC00706AB (1707): The network address is invalid.[08/02/2008 04:30:12] [2] Leaving ScSetupAtom[08/02/2008 04:30:12] [2] [ERROR] An error occurred. The error code was 3221685931. The message was The network address is invalid..[08/02/2008 04:30:12] [1] The following 1 error(s) occurred during task execution:[08/02/2008 04:30:12] [1] 0. ErrorRecord: An error occurred. The error code was 3221685931. The message was The network address is invalid..[08/02/2008 04:30:12] [1] 0. ErrorRecord: Microsoft.Exchange.Management.Deployment.ExsetdataException: An error occurred. The error code was 3221685931. The message was The network address is invalid..[08/02/2008 04:30:12] [1] [ERROR] An error occurred. The error code was 3221685931. The message was The network address is invalid..[08/02/2008 04:30:12] [1] Setup is halting task execution because of one or more errors in a critical task.[08/02/2008 04:30:12] [1] Finished executing component tasks.[08/02/2008 04:30:12] [1] Ending processing.

After doing a bit of troubleshooting, including disabling the scalable networking pack for Windows Server 2003 (see http://msexchangeteam.com/archive/2007/07/18/446400.aspx for additional information on this), I ultimately identified the issue to be an incorrect DNS registration in AD DNS.

The CCR network name was resolving back to an incorrect static entry that the customer had setup. Once that entry was removed setup continued on as normal and I was able to complete the installation.

Exchange 2007 Install Error : Read The Security Descriptor

Problem:
When installing Exchange 2007 x64 on a Windows 2003 SP1 x64 system and running setup.com /preparead and you receive th following error:
“You do not have permissions to read the security descriptor on CN=Deleted Objects,CN=Configuration,DC=domain,DC=com.”

Solution:
If you are connected to the Windows System via Remote Desktop, make sure that you are connected using a Console Session (e.g. mstsc /console).

Passive Copy Of Database Getting Hammered During VSS Backups

Check out checksum throttling:

The Online Maintenance Checksum task can be enabled via the registry:

Registry Hive: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSExchangeIS\ParametersSystem
DWORD Key: Online Maintenance ChecksumDWORD Value: 1 (enabled), 0 (disabled)DWORD Key: Throttle ChecksumDWORD Value:

For more information, please see: http://technet.microsoft.com/en-us/library/bb676537.aspx

Computer Account Does Not Replicate In Time On CCR Install

Re-run the setup with the following:

Setup /NewCms /CmsName: /CmsIpAddress:

Example:
Setup /NewCms /CmsName:madcluster/CmsIpAddress:10.54.5.5

If it still fails then move the PDC Emulator to the site that you are setting the cluster up in temporarily.

Taken from experience and
http://support.microsoft.com/kb/947345