Microsoft Active Directory - Exchange Extension has encountered a problem and needs to close
Background
Windows Server 2003 / 2008 domain
Windows Server Active Directory Forest Schema upgraded to Server 2008
Member or DC Windows 2003 Servers with Exchange 2003 Management Tools installed
Problem
Active Directory Users and Computers MMC crashes on Windows Server 2003 machines with Exchange 2003 Management Tools installed. Crash normally occurs after opening a second AD object in Active Directory Users and Computers MMC.
Following Crash Error is displayed:
Users can’t logon on Terminal Server using mandatory profiles "The filename or extension is too long"
Background
Windows Server 2003 / 2008 domain
Windows Terminal Server 2003
Terminal Server set to use a mandatory profiles
Problem
Occasionally users are not able to logon using on the Terminal Server using their Remote Desktop Clients.
Thy get error message similar to this:
Windows cannot copy file C:\Documents and Settings\tms-profile\Local Settings\Temporary Internet Files\Content.IE5\C6RWUIVV\filename
to location:
C:\Documents and Settings\<username>\Local Settings\Temporary Internet Files\Content.IE5\C6RWUIVV\filename
Possible causes of this error include network problems or insufficient security rights. If this problem persists, contact your network administrator.
DETAIL – The filename or extension is too long
Cause
Problem seems to be caused by some websites leaving files with very long file names in Temporary Internet Files folder. Even though with mandatory profiles the locally cached profile is not written back to the server, next time user logs on the long filename causes the error.
Solution
Problem was resolved by enabling Group Policy "Delete cached copies of roaming profiles" for the Terminal Server.
Policy is located in Computer Configuration > Administrative Templates > System > User Profiles.
This policy deletes locally cached profile copy when user logs off, therefore even if a website drops a file with very long path name, the file is discarded during the log-off process.
Enable LDAP over SSL (LDAPS) on Windows Sever 2003 Domain Controller
More about enabling LDAP over SSL and certificate requirements – MS KB321051
To test LDAP over SSL functionality I installed CA role on Windows Server 2003 Domain Controller and used it to issue a server certificate to the same machine. I performed everything on a single server in a test environment. Be aware that Microsoft does not recommend installing CA on a Domain Controller and recommends using a dedicated server for CA role.
Read more: Enable LDAP over SSL (LDAPS) on Windows Sever 2003 Domain Controller
Add first Windows Server 2008 R2 Domain Controller to Server 2003 domain.
Note that you do not need to run adprep if you are merely joining Windows Server 2008 R2 server to the domain as a member server.
Before running adprep:
- Backup your Active Directory.
- If possible try the procedure in a test environment to make sure there are no conflicting applications in your environment.
- Make sure you are member of Domain Admin, Schema Admin and Enterprise Admin groups.
- Make sure replication is working properly:
On a domain controller run repadmin /showreps and check Last attempt date and status.
Also run repadmin /replsum and check for errors.
Prepare forest
- Log on to your schema master Domain Controller (DC)
To find out which server is your Schema Master, run netdom query fsmo on any DC. - Insert Windows Server 2008 R2 DVD into DVD drive.
- Open Command Prompt and run:
- on 32 bit computer D:\support\adprep\adprep32.exe /forestprep
- on 64 bit computer D:\support\adprep\adprep.exe /forestprep
- Let opration to complete. Make sure there were no errors.
- Allow Active Direcotry to replicate changes throughout the forest
Prepare domain
- Log on to your infrastructure operations master Domain Controller (DC).
To find out which server is your infrastructure operations master, run netdom query fsmo on any DC. - Insert Windows Server 2008 R2 DVD into DVD drive.
- Open Command Prompt and run:
- on 32 bit computer D:\support\adprep32.exe\adprep /domainprep /gpprep
- on 64 bit computer D:\support\adprep\adprep.exe /domainprep /gpprep
- Let operation to complete. Make sure there were no errors.
- Allow Active Directory to replicate changes throughout the domain
Add a new Server 2008 R2 Domain Controller
- Log-on onto Windows Server 2008 R2 member server machine using domain admin account
- Start > Run > dcpromo > OK
- Follow the wizard to install the first Server 2008 R2 DC
- Windows 2003 Terminal Server - Prevent roaming profile changes from propagating to the server for certain users
- Windows cannot log you on because your profile cannot be loaded - Indexing Service (cidaemon.exe) locks files in roaming profiles.
- VMware vSphere Client error - Error parsing the se...
- Logon Failure: The target account name is incorrect
- Message rejected as spam by Content Filtering
- View emails filtered by Exchange Intelligent Message Filter (EIMF)
- Enable Journaling on Exchange 2007
- Set up and customize Folder Redirection on SBS2008
- Enable Internal Relay on Exchange 2007
- SMTP Response / Error Codes