Exchange Server 2010 is in evaluation mode after installation or repair in SBS 2011 Standard

To resolve this issue if you experience Condition 1 or Condition 2, follow the steps in the "PowerShell script to resolve Exchange Server issues" section. Then, install the hotfix that is described in the "Hotfix information" section.

To resolve this issue if you experience Condition 3, install the hotfix that is described in the "Hotfix information" section.

PowerShell script to resolve Exchange Server issues

Important Before you complete these steps, Exchange Server 2010 must be installed correctly. Do not complete the steps that are described in this article if the following Exchange Server 2010 roles are installed incorrectly:

• Mailbox
• Hub/Transport
• CAS (Client Access server)
• Management

The following steps configure Exchange Server 2010 to the default settings of a successful Windows SBS 2011 Setup.

Note If you have manually configured settings in Exchange, the settings may be changed and mail flow may stop until you finish the correct Windows SBS wizards or until Exchange Server is reconfigured. Additionally, you must have a supported network topology of a single network adapter and of a class C subnet.

These steps make the following changes:

• Sets the Mailbox Database name in the registry
• Fixes the Admin tools role version in the registry
• Adds a default value of the msSBSEmailQuota Active Directory attribute for the three default Windows SBS roles
• Configures the correct security roles to manage the server that is running Exchange Server
• Adds permissions at the organization level to give access to the system account
• Creates the following groups if the groups were not created:
  • SBSAdmins
  • Allusers
  • Postmaster
  • FSRMReports
• Sets the same membership and settings for each of these groups
• Configures transport settings for internal servers and a postmaster address
• Rebinds the default receive connector to the internal network, not including the router internal IP
• Deletes the default client receive connector
• Enables the Windows SBS self-issued certificate that has CN=Sites
• Removes the Exchange Server self-signed certificate
• Configures outgoing email message settings in Microsoft SharePoint
• Adds a host record in DNS for the SharePoint Simple Mail Transfer Protocol (SMTP) server
• Adds miscellaneous registry keys to remove the installation issues
• Activates the Exchange server by using the provided tool

To resolve these issues if Exchange Server 2010 was installed manually after Windows SBS 2011 was installed, or if Exchange Server 2010 was re-installed on the Windows SBS 2011 server, follow these steps:

1. Select the Run as Administrator command to run Exchange Management Shell in an elevated mode.
2. In the Exchange Management Shell, run the following commands in this order:
   
   #SBS 2011 Std
   #Launch from Exchange Management Shell as an admin.
   #This script completes the missing tasks after a failed Exchange setup during a migration.
   
   # Run each section, separated by the comments individually.
   
   ##Exchange setup should be completed using the proper parameters before running this script.
   
   
   ##Configure Mailbox Name in the registry
   $mbx = Get-MailboxDatabase -server $env:COMPUTERNAME
   Set-ItemProperty "HKLM:\SOFTWARE\Microsoft\SmallBusinessServer\Messaging" -name "MailboxDatabaseName" -value $mbx.Name
   
   ##Add reg key for admin tools, this is needed due to the way SBSSetup is packaged.
   $Version = get-itemproperty "HKLM:\Software\Microsoft\ExchangeServer\V14\AdminTools"
   Set-ItemProperty "HKLM:\Software\Microsoft\ExchangeServer\V14\AdminTools" -name "ConfiguredVersion" -value $Version.UnpackedVersion
   
   ##Configure Exchange attribute in user roles. This might fail if the User Roles are missing.
   Import-Module ActiveDirectory
   set-aduser "Standard User" -Add @{msSBSEmailQuota=2097152}
   set-aduser "WebWorkplaceTools" -Add @{msSBSEmailQuota=2097152}
   set-aduser "Network Admin" -Add @{msSBSEmailQuota=2097152}
   
   ##ExchangeAdminPrep
   Add-RoleGroupMember -Identity "Organization Management" -Member "$env:USERDOMAIN\Domain Admins" -BypassSecurityGroupManagerCheck
   Add-RoleGroupMember -Identity "View-Only Organization Management" -Member "$env:USERDOMAIN\$env:COMPUTERNAME$" -BypassSecurityGroupManagerCheck
   $org = Get-OrganizationConfig
   add-adpermission -Identity $org.DistinguishedName -User "SYSTEM" -AccessRights "GenericAll" -InheritanceType "All"
   
   ##CreateMailDisributionGroupsTask
   # If the groups already exist you may get an error, that is ok, it is just a sign that the SBS Setup was done multiple times and the source never never restored from a backup.
   
   New-DistributionGroup -SamAccountName "sbsadmins" -Alias "sbsadmins" -Name "Windows SBS Administrators" -OrganizationalUnit $env:USERDNSDOMAIN"/MyBusiness/Distribution Groups" -Type "Distribution" -ErrorAction SilentlyContinue
   
   New-DistributionGroup -SamAccountName "allusers" -Alias "allusers" -Name "All Users" -OrganizationalUnit $env:USERDNSDOMAIN"/MyBusiness/Distribution Groups" -Type "Distribution" -ErrorAction SilentlyContinue
   
   Enable-DistributionGroup -Identity "All Users" -Alias "allusers" -WarningAction SilentlyContinue -ErrorAction SilentlyContinue
   
   Enable-DistributionGroup -Identity "Windows SBS Administrators" -Alias "sbsadmins" -WarningAction SilentlyContinue -ErrorAction SilentlyContinue
   
   Set-DistributionGroup -RequireSenderAuthenticationEnabled $false -Identity "Windows SBS Administrators" -ForceUpgrade
   
   New-DistributionGroup -SamAccountName "postmaster" -Alias "postmaster" -Name "Postmaster and Abuse Reporting" -OrganizationalUnit $env:USERDNSDOMAIN"/MyBusiness/Distribution Groups" -Type "Distribution" -WarningAction SilentlyContinue -ErrorAction SilentlyContinue
   
   Set-DistributionGroup -Identity "Postmaster and Abuse Reporting" -RequireSenderAuthenticationEnabled $false -HiddenFromAddressListsEnabled $true -EmailAddresses "SMTP:postmaster@$env:USERDNSDOMAIN","SMTP:abuse@$env:USERDNSDOMAIN" -EmailAddressPolicyEnabled $false -ForceUpgrade -WarningAction SilentlyContinue -ErrorAction SilentlyContinue
   
   Add-DistributionGroupMember -Identity "Postmaster and Abuse Reporting" -Member "Windows SBS Administrators"
   
   New-DistributionGroup -SamAccountName "fsrmreports" -Alias "fsrmreports" -Name "File Server Resource Manager Reports" -OrganizationalUnit $env:USERDNSDOMAIN"/MyBusiness/Distribution Groups" -Type "Distribution" -WarningAction SilentlyContinue -ErrorAction SilentlyContinue
   
   Set-DistributionGroup -Identity "File Server Resource Manager Reports" -HiddenFromAddressListsEnabled $true -ForceUpgrade
   Add-DistributionGroupMember -Identity "File Server Resource Manager Reports" -Member "Windows SBS Administrators"
   
   ##ConfigureIntranetSMTPTask
   
   Set-TransportConfig -InternalSMTPServers 127.0.0.1
   set-transportconfig -ExternalPostmasterAddress "postmaster@$env:USERDNSDOMAIN"
   
   ##rebind Default receive connector
   # This section is going to change the Default receive connector to only listen on the Internal subnet (minus router), mail flow may stop at this point.
   
   $ip=(gwmi Win32_NetworkAdapterConfiguration | ? { $_.IPAddress -ne $null }).ipaddress.get(0)
   $gateway=(gwmi Win32_NetworkAdapterConfiguration | ? { $_.IPAddress -ne $null }).DefaultIPGateway
   $gw="$gateway"
   $gwIp=$gw.split('.')
   $subnet=$gw.Remove($gw.LastIndexOf('.'))+".0"
   $range=$subnet+"-"+$gw.Remove($gw.LastIndexOf('.'))+"."+($gwIp.get(3)-1)+","+$gw.Remove($gw.LastIndexOf('.'))+"."+([int]$gwIp.get(3)+1)+"-"+$gw.Remove($gw.LastIndexOf('.'))+".255"
   
   $con = get-receiveconnector -Identity "Default $env:computername"
   $ip+=":25"
   $con.Bindings=$ip
   set-receiveconnector -Identity "Default $env:computername" -Bindings $con.Bindings
   
   $ipAdd= $range.Split(',')
   $con.remoteipranges = $ipAdd[0]
   $con.remoteipranges += $ipAdd[1]
   
   set-receiveconnector -Identity "Default $env:computername" -RemoteIpRanges $con.remoteipranges
   
   
   ##delete default client receive connector
   # If in use by now, this step needs to be skipped or the connector recreated.
   remove-receiveconnector -Identity "Client $env:computername" -Confirm:$false
   
   ##Remove the default exchange cert and enable ours
   Get-ExchangeCertificate | ? {$_.Subject -eq "CN=Sites"} | Enable-ExchangeCertificate -services SMTP -force:$true
   #remove
   Get-ExchangeCertificate | ? {$_.FriendlyName -eq "Microsoft Exchange"} | Remove-ExchangeCertificate
   
   ##New receive connector
   #Create the internal receive connector for SharePoint, Fax and POP3 Connector
   
   new-receiveconnector -Name "Windows SBS Fax Sharepoint Receive $env:computername" -RemoteIPRanges 127.0.0.1-127.0.0.1 -Bindings "127.0.0.1:25" -AuthMechanism "BasicAuth" -PermissionGroups "AnonymousUsers, ExchangeUsers" -Usage "Custom" -Server "$env:COMPUTERNAME" -ConnectionTimeout "00.06:00:00"
   
   
   ##ConfigureWSSOutgoingEmailTask
   # Configures SharePoint outbound email routing to use Exchange.
   # This might not work if SharePoint is not using default settings or not working.
   
   Add-PsSnapin Microsoft.SharePoint.PowerShell
   $spWebApp=Get-SPWebApplication
   $mail="CompanyWebAdmin@"+$env:userdnsdomain
   $spWebApp.UpdateMailSettings("SharepointSMTPServer",$mail,$mail,65001)
   dnscmd $env:computername /recordadd $env:userdnsdomain SharepointSMTPServer A 127.0.0.1
   
   ##Add reg key messaging components
   $val = get-itemproperty "HKLM:\SOFTWARE\Microsoft\SmallBusinessServer\Components\"
   Set-ItemProperty "HKLM:\SOFTWARE\Microsoft\SmallBusinessServer\Components" -name "Messaging" -value $val.administration
   
   ##Fix Display Issues
   Set-ItemProperty "HKLM:\SOFTWARE\Microsoft\SmallBusinessServer\Setup" -name "DisplayIssues" -value False
   
   ##Tag script watermark
   $date=Get-Date
   Set-ItemProperty "HKLM:\SOFTWARE\Microsoft\SmallBusinessServer\Setup" -name "RepairScript" -value "ExchangeFailureCompleteSetup $date"
3. Add users by using the Windows SBS Console.
4. Complete the "Internet Address Management" wizard.
5. Install the realted hotfix package to activate the Exchange server.

Go to the next section to install the hotfix package to activate the Exchange server.

Hotfix information

A supported hotfix is available from Microsoft. However, this hotfix is intended to correct only the problem that is described in this article. Apply this hotfix only to systems that are experiencing this specific problem.

If the hotfix is available for download, there is a "Hotfix download available" section at the top of this Knowledge Base article. If this section does not appear, submit a request to Microsoft Customer Service and Support to obtain the hotfix.

Note If additional issues occur or if any troubleshooting is required, you might have to create a separate service request. The usual support costs will apply to additional support questions and issues that do not qualify for this specific hotfix. For a complete list of Microsoft Customer Service and Support telephone numbers or to create a separate service request, visit the following Microsoft Web site:

http://support.microsoft.com/contactus/?ws=support

Note The "Hotfix download available" form displays the languages for which the hotfix is available. If you do not see your language, it is because a hotfix is not available for that language.

Prerequisites

To apply this hotfix, you must be running Windows Small Business Server 2011.

Registry information

To use the hotfix in this package, you do not have to make any changes to the registry.

Restart requirement

You do not have to restart the computer after you apply this hotfix.

Hotfix replacement information

This hotfix does not replace a previously released hotfix.