Now this creates a user in my Exchange 2007 Server store with the specific Mailbox Store GUID of cd747c5d-aa8e-4f81-a136-ea4ff89e2896. Now the issue I am having is when I port this to a C# application I have developed. When I execute the same script through the following code:
Database "cd747c5d-aa8e-4f81-a136-ea4ff89e2896" was not found. Please make sure you have typed it correctly.
Description:
An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: Microsoft.Exchange.Configuration.Tasks.ManagementObjectNotFoundException: Database "cd747c5d-aa8e-4f81-a136-ea4ff89e2896" was not found. Please make sure you have typed it correctly.
Now mind you that I can execute any other Exchange 2007 Powershell command without any issues through this same code and the script I am using works flawlessly in powershell. Why can it find the database in powershell but not in the C# application which
have been executed off the same server? Any suggestions are greatly appreciated.
Why can it find the database in powershell but not in the C# application which have been executed off the same server?
Different identities during code execution?
Seems your "C# application" is a web-application ;-). So, code is executed under identity of application pool (Network Service by default). If is true, then it is shouldn't be a surprise to have such error ;-)
Thanks for the reply. No this application is not running as a web based application or as a web service. Its a WCF. If it were a permissions issue, I would be getting:
Access to the address list service on all Exchange 2007 servers has been denied.
This would be because that Exchange 2007 and Powershell do not allow impersonated accounts to be run. The only way to run these are to use the old school DOTNET remoting or the WCF (Which I have done the latter). The issues only occurs when I execute the
service from my Application Server (even though I have installed Powershell and Exchange 2007 ESM on it).
If you read you error message carefully, you will see that it says "An unhandled exception occurred during the execution of the current
web request." Just try to change change DefaultAppPool identity to you account and try it again.
Thank you for your reply. That was one of the first things I had done. Although when I change the process to start up as an administrative account that we use to create exchange, that particular web pool fails to start up (I created an isolated pool just
for this process). I will do some more research and see what it will take to get this service account running in my pool. Thanks for the tip and I will let you know what my findings conclude.
First the bad: the fact of it all is that you CANNOT run the Exchange Management Shell from ANY ASP>NET application. Why is this you ask? Well our friends over at Microsoft have taken the ability to impersonate out of their new environment. I know I am in
the same boat as you as I automated 3 companies with wonderful web services for Exchange 2000 and 2003 using CDOEXM....
SO what is the good new? Well its this, you can run your scripts under a NON impersonated account. So what I did was create a new service account for Exchange 2007 and then tested to made sure it worked. Now that I had that account I created a new WCF Workflow
library in VS2008. Once I did that I was able to install it in IIS 7 and run the WF as my new service account.
We can now get to work by taking an interface application via the web into our new WCF Workflow. Not only does the workflow make things nice and easy on programming, but custom error handling and even rollbacks are done for me. Now if something fails, I
notify the user via an AJAX panel of the status of the job and dont let them submit the same one again until the issiues are fixed. This allowed me to teach the WF all about how to solve certain error codes making my applications moron proof.
I am writing an article for the Code Project and DevX on it and I will have it posted out soon. Let me know if this helps you or what other direction you have gone down.
1. You CANNOT use impresonation (we both agree)
2. You have replaced an entire APP Pool with a Valid Services account (this goes along with statement #1).
What you have done is created a massive vulnerability. If I hijeck and website running in your app pool, I can do some terrible things to your server and all servers in that domain. This would be a NONO on security best practices.
However, if you dont care about security, this is a totally valid way of doing it. I recomend using WCF/WF since I can run that in a different security context while serving an application in an APP Pool. How is this different? Well if you hijack any of
my web apps, they are running with no permissions that can hurt the server. I also control access to my WCF/WF through a security provider which has either customer certificates cut (which means you dont have a cert, you get no service) or some sort of service
account.
At the end of the day its all about how much risk you wish to expose yourself too.
loxschpen
Member
84 Points
26 Posts
New-Mailbox Issues
Jun 07, 2008 10:25 PM|LINK
Hi Everyone,
I have created the following powershell script to create a new mailbox-enabled user in Exchange 2007:
($Private:secureString = ConvertTo-SecureString "Hello" -AsPlainText -Force) | foreach {New-mailbox -UserPrincipalName chris@contoso.com -alias chris -Name ChrisAshton -OrganizationalUnit aod -FirstName Chris -LastName Ashton -DisplayName "Chris Ashton" -Database "cd747c5d-aa8e-4f81-a136-ea4ff89e2896" -Password $secureString}Now this creates a user in my Exchange 2007 Server store with the specific Mailbox Store GUID of cd747c5d-aa8e-4f81-a136-ea4ff89e2896. Now the issue I am having is when I port this to a C# application I have developed. When I execute the same script through the following code:
ExchangeManagementShellWrapper ems = ExchangeManagementShellWrapper.Instance; ICollection results;
results = ems.RunspaceInvoke("($Private:secureString = ConvertTo-SecureString \"password\" -AsPlainText -Force) | foreach {New-mailbox -UserPrincipalName chris@contoso.com -alias chris -Name ChrisAshton -OrganizationalUnit aod -FirstName Chris -LastName Ashton -DisplayName \"Chris Ashton\" -Database \"cd747c5d-aa8e-4f81-a136-ea4ff89e2896\" -Password $secureString}");
//results = ems.RunspaceInvoke("$input | New-mailbox -UserPrincipalName chris@contoso.com -alias chris -database 'delaprv2\\resellers\\resellers' -Name ChrisAshton -OrganizationalUnit aod -password -FirstName Chris -LastName Ashton -DisplayName ChrisAshton", secString.ToString());
foreach (PSObject item in results)
{
TextBox5.Text = item.Members["Name"].Value.ToString();
} It yields the following error:
Now mind you that I can execute any other Exchange 2007 Powershell command without any issues through this same code and the script I am using works flawlessly in powershell. Why can it find the database in powershell but not in the C# application which have been executed off the same server? Any suggestions are greatly appreciated.
-Timothy
Exchange 2007 SP1 HMC4 powershell c#
DmitriG
Contributor
4212 Points
1101 Posts
Re: New-Mailbox Issues
Jun 09, 2008 04:32 AM|LINK
Different identities during code execution?
Seems your "C# application" is a web-application ;-). So, code is executed under identity of application pool (Network Service by default). If is true, then it is shouldn't be a surprise to have such error ;-)
Dmitri Gaikovoi
loxschpen
Member
84 Points
26 Posts
Re: New-Mailbox Issues
Jun 09, 2008 04:51 AM|LINK
Thanks for the reply. No this application is not running as a web based application or as a web service. Its a WCF. If it were a permissions issue, I would be getting:
Access to the address list service on all Exchange 2007 servers has been denied.
This would be because that Exchange 2007 and Powershell do not allow impersonated accounts to be run. The only way to run these are to use the old school DOTNET remoting or the WCF (Which I have done the latter). The issues only occurs when I execute the service from my Application Server (even though I have installed Powershell and Exchange 2007 ESM on it).
Any other thoughts on what it may be?
DmitriG
Contributor
4212 Points
1101 Posts
Re: New-Mailbox Issues
Jun 10, 2008 03:05 AM|LINK
Well ...
If you read you error message carefully, you will see that it says "An unhandled exception occurred during the execution of the current web request." Just try to change change DefaultAppPool identity to you account and try it again.
Dmitri Gaikovoi
loxschpen
Member
84 Points
26 Posts
Re: New-Mailbox Issues
Jun 10, 2008 11:22 AM|LINK
Dimitri,
Thank you for your reply. That was one of the first things I had done. Although when I change the process to start up as an administrative account that we use to create exchange, that particular web pool fails to start up (I created an isolated pool just for this process). I will do some more research and see what it will take to get this service account running in my pool. Thanks for the tip and I will let you know what my findings conclude.
-Timothy
NiNe9
Member
6 Points
4 Posts
Re: New-Mailbox Issues
Aug 27, 2008 07:29 AM|LINK
Dear
i'm trying to execute Exchange PS command in asp.net
it's working fine when i run this command from my local machine
this is url http://localhost:1975/meABC/test.aspx
but wehn i run this code inside the server i got this error http://me.ABC.com.sa/test.aspx
Server Error in '/PS_Enable' Application.
Database "ABCCNTMSG02\ABCCNTMSG02-SG7\ABCCNTMSG02-DB7" was not found. Please make sure you have typed it correctly.
here is my code
<div dir=ltr>'references to work with Powershell command</div> <div dir=ltr>Imports System.Management.Automation</div> <div dir=ltr>Imports System.Management.Automation.Host</div> <div dir=ltr>Imports System.Management.Automation.Runspaces</div> <div dir=ltr>'references to work with Powershell command</div> <div dir=ltr>Imports System.Collections.Generic</div> <div dir=ltr>Imports System.Collections.ObjectModel</div> <div dir=ltr> </div> <div dir=ltr>Partial Class _Default</div> <div dir=ltr> Inherits System.Web.UI.Page</div> <div dir=ltr> Protected Sub Button1_Click(ByVal sender As Object, ByVal e As System.EventArgs) Handles Button1.Click</div> <div dir=ltr> Dim rsConfig As RunspaceConfiguration = RunspaceConfiguration.Create</div> <div dir=ltr> Dim snapInException As PSSnapInException = Nothing</div> <div dir=ltr> Dim info As PSSnapInInfo = rsConfig.AddPSSnapIn("Microsoft.Exchange.Management.PowerShell.Admin", snapInException)</div> <div dir=ltr> Dim myRunSpace As Runspace = RunspaceFactory.CreateRunspace(rsConfig)</div> <div dir=ltr> myRunSpace.Open()</div> <div dir=ltr> Dim pipeLine As Pipeline = myRunSpace.CreatePipeline</div> <div dir=ltr> Dim vid As String = "ABC.corp\uid"</div> <div dir=ltr> Dim PrimarySMTP As String = "uid.c@ABC.com.sa"</div> <div dir=ltr> Dim valias As String = "uid"</div> <div dir=ltr> Dim vdb As String = "CN=ABCCNTMSG02-DB7,CN=ABCCNTMSG02-SG7,CN=InformationStore,CN=ABCCNTMSG02,CN=Servers,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=ABC,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=root,DC=ad"</div> <div dir=ltr> Dim EMSCmd As Command = New Command("Enable-Mailbox")</div> <div dir=ltr> EMSCmd.Parameters.Add("DomainController", "ABCCNTDC21")</div> <div dir=ltr> EMSCmd.Parameters.Add("Identity", vid)</div> <div dir=ltr> EMSCmd.Parameters.Add("Alias", valias)</div> <div dir=ltr> EMSCmd.Parameters.Add("Database", vdb)</div> <div dir=ltr> EMSCmd.Parameters.Add("PrimarySmtpAddress", PrimarySMTP)</div> <div dir=ltr> pipeLine.Commands.Add(EMSCmd)</div> <div dir=ltr> Dim cmdData1 As Collection(Of PSObject) = pipeLine.Invoke()</div> <div dir=ltr> End Sub</div> <div dir=ltr>End Class</div> <div dir=ltr> <div dir=ltr> </div>when i added this line to see more error details Response.Write("IsOpen: " & pipeLine.Error.IsOpen)
I got this error IsOpen: False
then after searchinig in many articles i've read this Post from asp.net forum and i follow the steps but still same problem
</div>http://forums.asp.net/p/1272317/2408799.aspx
one i change DefaultAppPool identity to my account and try to browse web site
I got error Service Unavaliable
Plz help me to to solve this issue so i can sleep good
Thanks in advance
Exchange c#
loxschpen
Member
84 Points
26 Posts
Re: New-Mailbox Issues
Aug 27, 2008 12:41 PM|LINK
Well I have good news and bad news for you.
First the bad: the fact of it all is that you CANNOT run the Exchange Management Shell from ANY ASP>NET application. Why is this you ask? Well our friends over at Microsoft have taken the ability to impersonate out of their new environment. I know I am in the same boat as you as I automated 3 companies with wonderful web services for Exchange 2000 and 2003 using CDOEXM....
SO what is the good new? Well its this, you can run your scripts under a NON impersonated account. So what I did was create a new service account for Exchange 2007 and then tested to made sure it worked. Now that I had that account I created a new WCF Workflow library in VS2008. Once I did that I was able to install it in IIS 7 and run the WF as my new service account.
We can now get to work by taking an interface application via the web into our new WCF Workflow. Not only does the workflow make things nice and easy on programming, but custom error handling and even rollbacks are done for me. Now if something fails, I notify the user via an AJAX panel of the status of the job and dont let them submit the same one again until the issiues are fixed. This allowed me to teach the WF all about how to solve certain error codes making my applications moron proof.
I am writing an article for the Code Project and DevX on it and I will have it posted out soon. Let me know if this helps you or what other direction you have gone down.
Regards,
Timothy
Exchange 2007 New-Mailbox Workflow WF WCF
KarlMitschke
Member
2 Points
1 Post
Re: New-Mailbox Issues
Aug 27, 2008 08:12 PM|LINK
Hello;
That's not exactly true. See my posts on powershellcommunity.org:
http://powershellcommunity.org/Forums/tabid/54/forumid/3/postid/524/view/topic/Default.aspx
http://powershellcommunity.poshcode.org/505 - MailboxTasks.aspx
http://powershellcommunity.poshcode.org/506 - MailboxTasks.aspx.cs
http://powershellcommunity.poshcode.org/507 - MailboxConfirm.aspx
http://powershellcommunity.poshcode.org/508 - MailboxConfirm.aspx.cs
http://powershellcommunity.poshcode.org/509 - MailboxTaskResults.aspx
http://powershellcommunity.poshcode.org/510 - MailboxTaskResults.aspx.cs
Karl
Exchange 2007 SP1 HMC4 powershell Exchange 2007
loxschpen
Member
84 Points
26 Posts
Re: New-Mailbox Issues
Aug 27, 2008 08:21 PM|LINK
Hi Karl,
Actually you have done exactly what I said.
1. You CANNOT use impresonation (we both agree)
2. You have replaced an entire APP Pool with a Valid Services account (this goes along with statement #1).
What you have done is created a massive vulnerability. If I hijeck and website running in your app pool, I can do some terrible things to your server and all servers in that domain. This would be a NONO on security best practices.
However, if you dont care about security, this is a totally valid way of doing it. I recomend using WCF/WF since I can run that in a different security context while serving an application in an APP Pool. How is this different? Well if you hijack any of my web apps, they are running with no permissions that can hurt the server. I also control access to my WCF/WF through a security provider which has either customer certificates cut (which means you dont have a cert, you get no service) or some sort of service account.
At the end of the day its all about how much risk you wish to expose yourself too.
Regards,
Timothy
NiNe9
Member
6 Points
4 Posts
Re: New-Mailbox Issues
Sep 26, 2008 04:27 PM|LINK
I solved this issue with easy step
by adding the impersonation user to identity in application pool
and add this user to WPG group in hosting system
WPG(Work Proccess Group)
that's it
Thanks for all to all answers
NiNe