Tag Archives: Exchange

Generate UC Certificate

When generating a UC Certificate via the snap in i get this from the MMC:

Error:  “Certificate Request Processor The request contains no certificate template information. 0x80094801 (-2146875391) Denied by Policy Module 0x80094801 the request does not contain a certificate template extension or the Certificate Template request attribute”

Microsoft’s resolution: Generate the request some other way. yeah ok

J’s solution: certreq -submit -attrib “CertificateTemplate: WebServer” WebServerCertReq.txt

Exchange stops working due to diskspace

Try using following if issue is low disk space on system drive, this will come as a backpressure alert
  1. Open the following file by using Notepad:

    C:\Program Files\Microsoft\Exchange Server\Bin\EdgeTransport.exe.config.

  2. Modify the following line in the <appSettings> section:
    <add key="QueueDatabasePath" value="<LocalPath>" />

    For example, to create a new location for your transaction logs at the location “C:\Queue\QueueDB”, modify the QueueDatabasePath parameter as follows:

    <add key="QueueDatabasePath" value="C:\Queue\QueueDB" />
  3. Save and close the EdgeTransport.exe.config file.
  4. Restart the Microsoft Exchange Transport service.
  5. Verify that the new Mail.que and Trn.chk files are created at the new location.
  6. Remove the unused Mail.que and Trn.chk files from the original location.

Exchange OAB Issues

Exchange 10 server was deployed, this organisation was not using Address List Segregation.

Despite this, I cannot get any items to display in the Global Address List in Outlook – however the list is fine in OWA.

Some relevant attributes in ADSI:

CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=mail,DC=local

addressBookRoots: CN=All Address Lists,CN=Address Lists Container,CN=mail,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=mail,DC=local

globalAddressList: CN=Default Global Address List,CN=All Global Address Lists,CN=Address Lists Container,CN=mail,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=mail,DC=local

CN=Default Global Address List,CN=All Global Address Lists,CN=Address Lists Container,CN=mail,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=mail,DC=local


Make sure all users can read list and there are no user Denys.



Exchange 2003 to 2007 Permissions issues

After moving some mailboxes i got the following error:

Exchange ActiveSync doesn’t have sufficient permissions to create the “CN=[user name],OU=[User OU],DC=[domain],DC=com” container under Active Directory user “Active Directory operation failed on [DC server name]. This error is not retriable. Additional information: Access is denied.
Active directory response: 00000005: SecErr: DSID-03151E07, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
Make sure the user has inherited permission granted to domain\Exchange Servers to allow List, Create child, Delete child of object type “msExchActiveSyncDevices” and doesn’t have any deny permissions that block such operations.



Open Active Directory console, make sure advanced features are on then:

Open user account properties in Active Directory Users and Computers, change to Security tab > Advanced – check Include inheritable permissions from this object’s parents.

This fixes error.