Error: A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider. (Exception from HRESULT: 0x800B0109)

You may get this error during certificate request/assign.

Error: A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider. (Exception from HRESULT: 0x800B0109)

Install the Root CA cert chain on the server and run the wizard again to resolve the problem.

Lync 2010 Server Control Panel returns that error "Insufficient access rights to perform the operation" when attempting a move user or enable user command

When using the Lync 2010 Server Control Panel to enable or move an Active Directory, directory service domain user for use with Lync Server 2010 the following errors are returned:

Active Directory operation failed on "DC1.contoso.com". You cannot retry this operation: "Insufficient access rights to perform the operation"

The error that is described in the SYMPTOMS section of this article is caused by the combination of the following two reasons:

*The user account that is part of the Lync 2010 Server move or enable operation is a member of an Active Directory, directory service protected domain security group. Since the user account belongs to a protected domain security group it is unable to keep the RTCUniversalUserAdmins and RTCuniversalUserReadOnlyGroup Universal Security groups and their permissions as Access Control Entries (ACEs) to the protected domain security group's default Access Control List (ACL).
*The Lync 2010 Server Control Panel is not designed to delegate the permissions that are needed to complete the user account move or enable operation

Use the Lync Server Management shell to administer the following Lync 2010 Server PowerShell cmdlets to perform the user account enable of move operations:


Enable-CsUser -Identity "Bill Anderson" -RegistrarPool "pool01.contoso.com" -SipAddressType EmailAddress -SipDomain contoso.com

To view a list of examples for the usage of the Enable-CsUser Lync Server 2010 PowerShell cmdlet use the Lync Management Shell and enter the following PowerShell cmdlet: Get-Help Enable-CsUser -Examples

Move-CsUser -Identity "Bill Anderson" -Target "pool01.contoso.com"

To view a list of examples for the usage of the Move-CsUser Lync Server 2010 PowerShell cmdlet use the Lync Management Shell and enter the following PowerShell cmdlet: Get-Help Move-CsUser -Examples

Move-CsLegacyUser -Identity "Bill Anderson" -Target "pool01.contoso.com"

To view a list of examples for the usage of the Move-CsLegacyUser Lync Server 2010 PowerShell cmdlet use the Lync Management Shell and enter the following PowerShell cmdlet: Get-Help Move-LegacyCsUser -Examples

KB2466000

Lync Server Installation Error: Prerequisite installation failed: Wmf2008R2

Trying to Install Lync 2010 on Server 2008 R2 SP1, the installation failed with the following error while adding the first Lync Server Components:

“C:\Windows\servicing\Packages\Microsoft-Windows-Media-Format-Package~31bf3856ad364e35~amd64~~6.1.7600.16385.mum” Cannot be found.

I looked for that file. It’s no where to be found. But it looks like it has a different version:

%systemroot%\system32\dism.exe /online /add-package /packagepath:%windir%\servicing\Packages\Microsoft-Windows-Media-Format-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.mum

I copied the file name mentioned in the error message, changed both file names (both .cat and .mum, didn’t know if they need each other during installation) and tried installing again.That Solved the problem. YA!!!

The official workaround for this issue has been released in Microsoft KB2522454

如何確認Exchange Update-Rollup的Build Number

在Exchange 2007之後更新Rollup Hotfix後,其Build number指的是位在Exchange Setup Folder\BIN目錄底下ExSetup.exe的版本

請參考官方部落格文章的說明:
http://blogs.technet.com/b/exchange/archive/2010/03/08/dude-where-s-my-rollup.aspx

所以執行下列指令後就可以得到正確的Build Number了

Exchange Server and Update Rollups Builds Numbers

Expired Exchange 2007 Certificate

Exchange 2007 憑證到期造成服務無法正常運作,此時需要將舊憑證重新延長使用期限

首先透過Exchange Management Shell執行下列指令來確認憑證是否到期
Get-ExchangeCertificate | List

完成上述指令後,確認到期憑證的thumbprint值,接著執行下列指令來延長憑證時間
Get-ExchangeCertificate -thumbprint “XXXXXXXXXXXX Old” | New-ExchangeCertificate

完成上述指令後,接著執行下列指令再確認憑證到期時間是否延長
Get-ExchangeCertificate -thumbprint “XXXXXXXXXXXX New” | fl

上述指令確認後,接著執行下列指令將相關服務套用使用期限已延長的憑證
Enable-ExchangeCertificate -thumbprint “XXXXXXXXXXXX New” -services IIS

上述全部完成後,再執行下列指令將已到期的憑證移除
Remove-ExchangeCertificate -thumbprint “XXXXXXXXXXXX Old”

Exchange 2010 #554 5.6.0 NDR

Exchange 2010用戶正常連線,傳送郵件至Internet沒有錯誤,但是由Internet傳送郵件至Exchange 2010用戶,會產生下列#554 5.6.0 NDR

#554 5.6.0 STOREDRV.Deliver.Exception:MailboxInfoStaleException.DatabaseNotFoundException; Failed to process message due to a permanent exception with message ExchangePrincipal ; DatabaseNotFoundException: 8146963c-c733-40a1-a82a-ac5c645a4602 ##

發生此問題的原因為Exchange DB所在的硬碟槽已經空間不足,請手動備份騰出硬碟空間,或者啟用循環記錄檔壓縮DB容量,完成上述動作重新啟用Exchange服務後,即可恢復正常.

參考資料:
http://technet.microsoft.com/en-us/library/bb331958.aspx

如何完整移除OCS Server

1. 停用SIP Account User
2. 照下列順序停用伺服器角色

Response Group Service
Outside Voice Control
Conferencing Announcement Service
Conferencing Attendant
Application Host
Application Sharing Server
A/V Conferencing Server
Web Conferencing Server
Web Components Server
Front End Server - If deactivation fails, run this again but check the force option.

3. 完成停用角色後,接著照下列順序移除應用程式

Application Host
Application Sharing Server
Audio/Video Conferencing Server
Conferencing Announcement Service
Conferencing Attendant
Outside Voice Control
Response Group Service
Web Conferencing Server
Standard Edition Server (Front-End)
Managed API 2.0 Core 64-bit
Managed API 2.0 Speech x64
Managed API 2.0 Windows Workflow Activities Server Speech Language Pack
OCS 2007 R2 Administrative Tools
Web Components Server
Core Components

4. 如有需要,將OCS Server退出網域並且移除AD Computer Account,接著在DNS Server上移除A Record & SRV Record,這樣就可以完整的移除OCS Server