Wednesday, January 30, 2019

Microsoft Exchange Server 2013 Transport Service Stuck on Starting


You’ve noticed that you are unable to access the Microsoft Exchange Admin Center (EAC) via the /ECP directory to manage Exchange:

Server Error in ‘/ecp’ Application.

Configuration Error

Description: An error occurred during the processing of a configuration file required to service this request. Please review the specific error details below and modify your configuration file appropriately.

Parser Error Message: Could not load file or assembly ‘Microsoft.Exchange.Clients.Strings, Version-, Culture=neutral, PublicKeyToken=31bf3856ad364e35’ or one of its dependencies. The system cannot find the file specified.

Reviewing the services in the services console show that the Microsoft Exchange Transport service is stuck at Starting:

Attempting to launch the Management Shell will also fail:

Making an attempt to perform a recover server install of the will also fail during the Finalizing Setup step:

Performing Microsoft Exchange Server Prerequisite Check

Configuring Prerequisites COMPLETED

Prerequisite Analysis COMPLETED

Configuring Microsoft Exchange Server

Preparing Setup COMPLETED

Stopping Services COMPLETED

Copying Exchange Files COMPLETED

Language Files COMPLETED

Restoring Services COMPLETED

Language Configuration COMPLETED

Mailbox role: Transport service COMPLETED

Mailbox role: Client Access service COMPLETED

Mailbox role: Unified Messaging service COMPLETED

Mailbox role: Mailbox service COMPLETED

Exchange Management Tools COMPLETED

Client Access role: Client Access Front End service COMPLETED

Client Access role: Front End Transport service COMPLETED

Finalizing Setup FAILED

The following error was generated when "$error.Clear();

start-SetupService -ServiceName MSExchangeFrontendTransport

" was run: "Microsoft.Exchange.Configuration.Tasks.ServiceDidNotReachStatusExcep

tion: Service 'MSExchangeFrontendTransport' failed to reach status 'Running' on

this server.

at Microsoft.Exchange.Configuration.Tasks.Task.ThrowError(Exception exception

, ErrorCategory errorCategory, Object target, String helpUrl)

at Microsoft.Exchange.Configuration.Tasks.Task.WriteError(Exception exception

, ErrorCategory category, Object target)

at Microsoft.Exchange.Management.Tasks.ManageSetupService.WaitForServiceStatu

s(ServiceController serviceController, ServiceControllerStatus status, Unlimited

`1 maximumWaitTime, Boolean ignoreFailures, Boolean sendWatsonReportForHungServi


at Microsoft.Exchange.Management.Tasks.ManageSetupService.StartService(Servic

eController serviceController, Boolean ignoreServiceStartTimeout, Boolean failIf

ServiceNotInstalled, Unlimited`1 maximumWaitTime, String[] serviceParameters)

at Microsoft.Exchange.Management.Tasks.ManageSetupService.StartService(String

serviceName, Boolean ignoreServiceStartTimeout, Boolean failIfServiceNotInstall

ed, Unlimited`1 maximumWaitTime, String[] serviceParameters)

at Microsoft.Exchange.Management.Tasks.StartSetupService.InternalProcessRecor


at Microsoft.Exchange.Configuration.Tasks.Task.<ProcessRecord>b__b()

at Microsoft.Exchange.Configuration.Tasks.Task.InvokeRetryableFunc(String fun

cName, Action func, Boolean terminatePipelineIfFailed)".

The Exchange Server setup operation didn't complete. More details can be found

in ExchangeSetup.log located in the <SystemDrive>:\ExchangeSetupLogs folder.

C:\SP3 CU10>


This issue had me stumped for a while because there was no way to get into the management console or shell to review the configuration and determine how the receive and send connectors were configured and which one of them was causing the transport service to be stuck starting.  What I ended up being to find as a workaround for this issue was to download the following tool:

Exchange Management Console Troubleshooter

Run the EMTshooter.ps1 PS script:

Run the following command to add the PowerShell snapin:

Add-PSsnapin Microsoft.Exchange.Management.PowerShell.E2010

Then use the Get-ReceiveConnector to review the receive connector configuration.  Having the ability to execute cmdlets allowed me to discover that one of the connectors (Allow Anonymous Relay) was mistakenly created as a HubTransport receive connector when it was supposed to be a FrontendTransport type causing the transport service to not be able to start:

Get-ReceiveConnector | where-object {$_.TransportRole -match "HubTransport"} | where-object {$_.Identity -like "SVR-MAIL-03*"}

Disabling the connector allowed with the cmdlet allowed the transport service to start and the EAC to be accessible again.

Friday, January 25, 2019

Batch file to disable a Windows service that can be deployed via Group Policy (GPO)

I’ve been asked several times in the past by colleagues about what I typically use to disable services on domain joined Windows desktops or servers and my response is that it depends. One of the ways through the use of importing Security Templates, which I’ve used in the past is demonstrated in this old blog post:

Creating a new security policy and applying it via GPO to disable VMware View 5.0 Thinprint’s “TP AutoConnect Service” and “TP VC Gateway Service” service

In the event that using the Security Template is not a viable option then I would use a GPO to apply a batch file as a startup script. The following is an example of the breakdown of what the batch file does to disable the TightVNC service:

  1. Check to see if the TightVNC service exists
  2. If TightVNC service exists then:
    1. Set service to disabled
    2. Gracefully stop service
    3. Taskkill the service
  3. If it doesn’t exist then do nothing

The following are the actual commands in the batch file that can be modified for any Windows service:

@echo off

REM --- Set variables for service name and task manager process

SET serviceName=tvnserver

SET taskManagerProcess=tvnserver.exe

REM --- Test to see if service exists in the services console

SC QUERY %serviceName% > NUL


REM --- Set service to disabled, gracefully stop service and taskkill process

sc config %serviceName% start= disabled

net stop %serviceName%

taskkill /im %taskManagerProcess% /f

REM --- ECHO Disabled and stopped TightVNC


Thursday, January 17, 2019

Citrix NetScaler CLI command cheat sheet

I worked with a Citrix NetScaler engineer a year ago on a case where we had to had to review historic and live logs to troubleshoot an issue and was told that they had a cheat sheet of commonly used commands so I asked her to send it to me.  Below are commands I’ve come to find very useful during troubleshooting:

Uncompress an archived log file:

gunzip newnslog.21.gz

Discover the time period covered by the log:

nsconmsg -K newnslog.21 –d setime

View load-balancing statistics from the archived log:

nsconmsg -K newnslog.21 -s ConLb=2 -d oldconmsg

Extract logging information for a shorter duration:

nsconmsg -K newnslog.21 -s time=12Jan2006:00:00 -k short_log.nsl -T 1200 -d copy

Start the log process for newnslog:

nsconmsg -k /var/nslog/newnslog -T 172800 &

If you want to:

View the time span of the current newnslog file:

nsconmsg -K newnslog -d setime

View the time span of the archived newnslog file:

zcat filename | nsconmsg -K pipe -d setime

View events in the current newnslog file:

nsconmsg -K newnslog -d event

View console messages in the current newnslog file:

nsconmsg -K newnslog -d consmsg

View counter values in the current newnslog file:

nsconmsg -K newnslog -d stats

View counter values in the current newnslog file:

nsconmsg -K newnslog -d stats –d current

View non-zero counter values in the current newnslog file:

nsconmsg -K newnslog -d statswt0 –d current

To display event information, such as entity up/down, alerts and configuration saves in the shell:

nsconmsg -K newnslog -d event

To display CPU usage in the shell:

nsconmsg -K newnslog -s totalcount=200 -g cpu_use -d current

To display memory utilization in the shell:

nsconmsg -s ConMEM=1 -d oldconmsg

To display established HTTP connections in the shell:

nsconmsg -j server_NSSVC_HTTP_vserver -d current

To display load balancing statistics in the shell:

nsconmsg -K newnslog –s ConLb=x –d oldconmsg

This command gives basic information when x=1 and detailed information when x=2.

Use the following command to view traffic distribution from the shell:

nsconmsg -K /var/nslog/newnslog -s time -s ConLB=2 -2 distrconmsg

To display load-balancing information in the shell:

nsconmsg -s ConLb=1 -d oldconmsg

To display monitoring statistics in the shell:

nsconmsg -K newnslog –s ConMon=x –d oldconmsg

This command gives basic information when x=1 and gives detailed information when x=2.

If you want to:

View SSL stats for front-end connections:

nsconmsg -K newnslog -s ConSSL=1 -d oldconmsg

View SSL stats for back-end connections:

nsconmsg -K newnslog -s ConSSL=2 -d oldconmsg

View SSL stats for front and back-end connections:

nsconmsg -K newnslog -s ConSSL=3 -d oldconmsg

To display content switching statistics in the shell:

nsconmsg -K newnslog –s ConCSW=1 -d oldconmsg

To display compression statistics in the shell:

nsconmsg -K newnslog –s ConCMP=x -d oldconmsg

This command gives old compression method related statistics when x=1 and gives new compression method related statistics when x=2

To display integrated caching statistics in the shell:

nsconmsg -K newnslog -s ConIC=1 -d oldconmsg

Tuesday, January 15, 2019

Attempting to open Excel files within Outlook 2016 in protected mode fails with: “Microsoft Excel cannot open or save any more documents because there is not enough available memory or disk space.”


You’ve noticed that attempting to open Excel files from within Outlook 2016:


… fails with the following message:

Microsoft Excel cannot open or save any more documents because there is not enough available memory or disk space.

To make more memory available, close workbooks or programs you no longer need.

To free disk space, delete files you no longer need from the disk you are saving to.



Further troubleshooting of the issue shows that this only happens to Excel files received from external senders outside of the Exchange organization and files sent from internal users are fine because files received from external senders are blocked:


… while files from internal senders are not:


**Note that you can determine where the temporary Excel file is stored when you launch Outlook by navigating to the following registry key item:




Reviewing forums and KB articles suggest the following workaround of disabling Enable Protected View for Outlook attachments:



While this solution works, it reduces the security protection for users because they will now open Excel Outlook attachments in non-protected mode.

Attempting to add the Outlook OutlookSecureTempFolder path as a Microsoft Office Trusted Location would not be a good solution because it also reduces security and Excel would not allow it either:



I wasn’t able to figure this out as all the forum posts I came across suggested the workaround so I opened up a ticket with Microsoft and the engineer eventually found the following KB:

Unable to open to Microsoft Word Documents or Excel Spreadsheets from Outlook 2013

Reviewing the RDS server that had this problem revealed that the firewall was indeed disabled:


Re-enabling it and restarting the server corrected the problem.