Fixing MAPI session exceeded error in message Exchange 2003

I have recently been suffering a spate of users being disconnected from Outlook.

We are running Exchange 2003 and the clients experiencing the problems are Outlook 2003 and 2007. All are on the same LAN.

In the Exchange server I got the following error message:

Event ID: 9646

Mapi session "/o=COMPANY NAME/ou=UK/cn=USERS/cn=JOHN.SMITH" exceeded the maximum of 32 objects of type "session".

IP connectivity was fine (they can browse shares on the mail server) and eventually (after an hour or so), they could connect back on to the Exchnage server.

I found this article http://support.microsoft.com/kb/842022 and made all the changes it recommended, increasing the limit from 32 to 64.

I've also got people to clear out their mailboxes so they don't have more than 3000 items.

but the disconnections still kept happening....

After contacting MS Support, I got the following suggestions:

On the Exchange servers:

1. HP network cards teaming enabled. This is a known cause for this type of scenario. If you have teaming enabled on the network cards, break it and retest without it.

2. TCP Chimney. Disable it by running the following command and rebooting afterwards: Netsh int ip set chimney DISABLED   (http://support.microsoft.com/default.aspx?scid=kb;EN-US;242468)

3. Add the following registry key on the servers: MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\KeepAliveTime  , DWORD, value 300000 ( that means 5 minutes in miliseconds)

We didn;t have network teaming enabled, so I just applied 2 and 3, and after a quick reboot, I had no more error messages.

I hope this hint helps you out, please feel free to click the ads on this page to show your thanks.

Fixing McAfee W32.wecorl.a false alerts

The issues with McAfee are caused by it incorrectly detecting the Trojan W32/wecorl.a.
When it detects it, McAfee then deletes the svchost.exe file, resulting in many services being unable to run.. especially the network service
The following instructions will help you to fix your PC.


Please copy the this file to a USB disk.

It is a file from McAfee which cancels out the detection of the W32.wecorl.a false alerts.

Log on to your PC.

Windows Key + R
        cmd

In the black box, type:
        net stop mcshield

You might need to enter this a few times until you get a message saying the service has been stopped.


This should stop your PC from restarting before you can complete the following procedures.


Plug in the USB drive. In this example we will assume that the USB drive is recognised as drive E:, but you will have to substitute your drive letter.

Type:
           copy E:\extra.dat "c:\Program Files\Common Files\McAfee\Engine"
           net start mcshield

Then right click on the VirusScan icon and select VirusScan Console and open up Quarantine Manager Policy

Click on the Manager Tab, highlight any files which have the detection type of W32.wecorl.a right click them and select “Restore”

You may receive some error messages, but you should be able ignore it. Reboot, and your PC should be restored.

Hopefully this will help you out of a sticky situation, feel free to click on an advert on the page to show your appreciation.

Cisco Router Break Sequence

Quick and dirty tip for somehting I'm always forgetting.

If you are doing a traceroute on your Cisco router and need to tell it to stop (it'll go on for ages otherwise) hit:

CTRL-SHIFT-6 three times in a row to break out of it.

Exchange ActiveSync errors with misconfigured firewall

I have recently been getting error messages on my Exchange server which has been implying that my Cisco ASA firewall is misconfigured.

Event Type: Warning
Event Source: Server ActiveSync
Event Category: None
Event ID: 3033
Date:
Time:
User:
Computer:
Computer_Name
Description:
The average of the most recent [200] heartbeat intervals used by clients is less than or equal to [9]. Make sure that your firewall configuration is set to work correctly with Exchange ActiveSync and direct push technology. Specifically, make sure that your firewall is configured so that requests to Exchange ActiveSync do not expire before they have the opportunity to be processed.
For more information about how to configure firewall settings when using Exchange ActiveSync, see Microsoft Knowledge Base article 905013, "Enterprise Firewall Configuration for Exchange ActiveSync Direct Push Technology" (http://go.microsoft.com/fwlink/?linkid=3052&kbid=905013).

This issue may occur if the firewall has not been configured to let HTTP(S) requests live longer than the minimum heartbeat interval that is configured on the server that is running Exchange Server 2003 SP2. By default, the minimum heartbeat interval at which the Exchange server triggers this event is nine minutes.


I hunted around for instructions on how to make these changes, and eventully had to contact Cisco to find out what changes to make:


1. Create an access-list to identify the traffic to the server & traffic initiated by the server. For example, server’s Internet IP Address is 1.1.1.1, use the following:
access-list outside-https-mail-servers extended permit ip any host 1.1.1.1
access-list outside-https-mail-servers extended permit ip host 1.1.1.1 any

2. Apply the access-list to the class map:
class-map https_server
 match access-list outside-https-mail-servers

3. Apply the class map to the policy map so that we can increase the timeout for that traffic:
 policy-map outside-policy
 class https_server
  set connection timeout half-closed 0:30:00

...and that should clear your errors!

Hopefully his helped you fix your problems, if yoiu want to show your appreciation, please click on one of the adverts on the side... no need to buy anything!

Get a Redhat/CentOS/Oracle Enterprise Linux box to register on a Windows DNS

I live mainly in a Windows world, but occasionally I have to got down and dirty with a Linux box.

One of my particular hates is the way Linux will use a DHCP address supplied by a Windows server, but won't register itself in the DNS, so I have to go and put a static entry into my DNS.

After MUCH hunting around, I finally managed to get it working... and it's actually a very simple problem to fix...

On your DHCP server, right click on the Scope and change the DNS tab page to match below. It seems that Linux machines don't send out a "register me in the DNS" message (which Windows machines do), and you need to make the below changes to force the DHCP server to always send new registrations to the DNS.

 

Hopefully this page has been of help to you, if so, please click on one of the advert to show your appreciation.