Get-MailboxFolderPermission – The security principal specified is already on the permission set

Are you getting this error when running Get-MailboxFolderPermission?

PS E:\> Get-MailboxFolderPermission\calendar
The security principal specified is already on the permission set.
    + CategoryInfo          : NotSpecified: (:) [Get-MailboxFolderPermission], CorruptDataException
    + FullyQualifiedErrorId : [Server=ZN1UR12MB0288,RequestId=b4f155be-a238-4a98-8b3f-f3d9258e22d2,TimeStamp=6/19/2018 10:10:41 PM] [FailureCategory=Cmdlet-CorruptDataException] F8D77EE2,Microsoft.Exchange.Management.StoreTasks.GetMailboxFolderPermission
    + PSComputerName        :

The error message seems cryptic, right? But it is not. It means there is a DUPLICATE entry for the same user (security principal) is in the permission set for the calendar folder permissions.

So how do we fix it?

The ONLY way is to use Outlook to remove the duplicate entry.

Yes, that means

  1. give yourself full access permission to the mailbox,
  2. create an Outlook profile (or just a calendar),
  3. go to Calendar, right click and go to properties, & then Permissions
  4. remove the duplicate user entry

Enjoy. 🙂


Exchange: list mailbox folders size and items count

As Exchange Administrator, if you want to find out any user’s mailbox size information by folder and number of items in each folder, you can to the right place. Here is the PowerShell Command to list the folders, number of items in the folder and size of the folders.

Replace the with user’s primarySMTPAddress.

(Get-MailboxFolderStatistics -Identity |sort itemsinfolder -descending |ft folderpath,itemsinfolder,FolderSize


The results will look like this:

FolderPath                                       ItemsInFolder FolderSize
----------                                       ------------- ----------
/Inbox/Important_email                                 1907851 2.661 GB (2,857,213,378 bytes)
/Junk E-Mail                                            461173 1.801 GB (1,933,977,887 bytes)
/Inbox/S - Archived/KIRA                                 15085 539.8 MB (566,024,075 bytes)
/Deleted Items                                           12202 418.3 MB (438,663,132 bytes)
/Recoverable Items                                        9109 56.48 MB (59,219,680 bytes)
/Calendar                                                 3276 127.2 MB (133,343,630 bytes)
/Inbox/1 - Archived/Munchkins                             2558 48.49 MB (50,848,487 bytes)
/Sent Items                                               1355 45.74 MB (47,961,704 bytes)
/Inbox/0 - YOps Mist                                      1339 389.1 MB (408,029,942 bytes)
/Inbox/1 - Archive                                          1147 118 MB (123,761,904 bytes)
/Inbox/5 - Alerts                                          929 33.92 MB (35,571,617 bytes)
/Inbox/1 - Archive2                                        920 142.1 MB (149,002,073 bytes)


Group Policy is failed to update on Windows 10 computer

On my Windows 10 computer, I found Group Policy is not being applied anymore. If I ran group policy update on a administrative command shell, I get this:

PS C:\WINDOWS\system32> gpupdate /force
Updating policy…
Computer Policy update has completed successfully.
User Policy could not be updated successfully. The following errors were encountered:

The processing of Group Policy failed. Windows could not determine if the user and computer accounts are in the same forest. Ensure the user domain name matches the name of a trusted domain that resides in the same forest as the computer account.

To diagnose the failure, review the event log or run GPRESULT /H GPReport.html from the command line to access information about Group Policy results.

So after some research I found the issue and fixed it. The solution is

Make the freaking NETLOGON service to start automatically and start the service.

Did this solution helped you? leave me a reply here.

Firefox: Website Certificate Warning–“This website does not supply ownership information”

Are you seeing this error on Firefox (which is common for intranet websites)?


There is two reasons for this warning. 

1. You may have meddled with OCSP settings. Firefox checks Certificate validity by checking “Certificate Revocation List” (CRL) using OCSP. Firefox couldn’t get the CRL info, thus this error.

2. Your internal Certificate Authority (CA) doesn’t have OCSP installed and/or Firefox doesn’t have Root and Sub-ordinate CA Certificate in the store (Freaking Firefox has it’s own Certificate Store).

For the first issue (OCSP), you can reset the settings and fix the issue.

  1. In a new tab, type or paste about:config in the address bar and press Enter/Return. Click the button promising to be careful or accepting the risk.
  2. In the search box above the list, type or paste ocsp and pause while the list is filtered
  3. If the security.OCSP.require preference is bolded and “modified” or “user set” to true, double-click it to restore the default value of false
  4. Close Firefox and reopen it. Try browsing the same website.

For the second issue (no CA certificate in Firefox Cert Store), you need to add the Internal CA certificates to the store.

  1. Get the Certificate Authority (CA) certificate chain in P7B format. e.g., CAChain.p7b
  2. Open Firefox
  3. Open the Firefox menu from the far right side of the Firefox toolbar
  4. Select “Options” from menu
  5. Select “Privacy & Security”
  6. Scroll to the bottom of the page and click on “View Certificates”
  7. Click “Import…”
  8. select the certificate to add click Open and navigate to the directory you know contains the p7b certificate chain file, select the file and click “Open”
  9. Scroll down within the Certificate Manager window that is open and verify the certificate you imported is listed.
  10. click “Ok” and now you can navigate to the page you want to browse.

If this fixed it for you, leave me a reply.

Exchange: How to convert IMCEAEX to X500 Address?

From the NDR message if you find the IMCEAEX address, you CAN convert this to X500 address & ADD it as another email address to the correct mailbox or distribution group. I have wrote an small PowerShell Script to convert IMCEAEX address to X500 address quickly.

Here is the script. Copy this script and paste into notepad. Save it as Convert-X500Address.ps1. Run the script with the parameter of IMCEAEX address.

E.g., Convert-X500Address  -IMCEAEXString “


Convert IMCEAEX string from NDR message to X500 Address format. This
Script simply displays the X500 string. Copy it and make a new
X.500 Email address to the Exchange object.

Parameter: Pass the IMCEAEX string from NDR message in double quotes

Written By: Anand, the Awesome, Venkatachalapathy


((((((($IMCEAEXString.Replace(“IMCEAEX-“,””)).Replace(“_”,”/”)).Replace(“+20″,” “)).Replace(“+28”,”(“)).Replace(“+29″,”)”)).Replace(“+2E”,”.”).Replace(“+2C”,”,”)).Replace(“+5F”,”_”))

#* * * End of the Script * * *

Enjoy! Smile with tongue out

Exchange: How to restore a soft deleted mailbox?

If you try Connect-Mailbox command to link the mailbox to the user account, sadly you will get this error on Soft-Deleted mailbox:

Mailbox “501e70da-059f-44f5-9811-77cefdfa14fd” doesn’t exist on database “EXCHDBxx”

I know what you thinking. Me too. Why doesn’t mailbox exist on the database?   I freaking checked the mailbox is in the database. It’s right there!!. Angry smile

Migrated or moved mailboxes were goes to soft-deleted mode in the database. Since it was soft-deleted mailbox, we CANNOT connect back to a user account to restore the mailbox.  BUT we can restore the mailbox contents to another mailbox (may be temporary test mailbox). Here is how you do it.

Open PowerShell and connect to your Exchange server, Or open Exchange Admin Shell on the Exchange server.

Step 1: Create a new mailbox restore request. We are telling Exchange to Restore the Source mailbox from Source database to Target folder named “RestoreMailboxContents” on a  specified Target mailbox.

New-MailboxRestoreRequest –SourceStoreMailbox <Soft-Deleted Mailbox name or GUID> –SourceDatabase <Database Name> 
-TargetMailbox <Temporary mailbox name> -AllowLegacyDNMismatch -TargetRootFolder “RestoredMailboxContents”


New-MailboxRestoreRequest -SourceStoreMailbox “John Freaking Doe” -SourceDatabase EXCHDB09 -TargetMailbox “MyTemp Mailbox” -AllowLegacyDNMismatch -TargetRootFolder “RestoredMailboxContents”

Step 2: Start the mailbox restore request to actually restore the mailbox to the target mailbox. 

If you know the Mailbox Request identity/name, then run this on the Exchange Admin Shell.

Get-MailboxRestoreRequest -Identity “MailboxRestoreRequestName” | Resume-MailboxRestoreRequest

Otherwise run this:

Get-MailboxRestoreRequest | Resume-MailboxRestoreRequest

Step 3: Wait for the restore to complete. Run “Get-MailboxRestoreRequest” to check status of the progress.

Step 4:  Once the Restore process is completed, Delete the Restore request from the system by running this:

Get-MailboxRestoreRequest | Remove-MailboxRestoreRequest

Now open the target mailbox in Outlook (or OWA) to find your restored mailbox contents under “RestoredMailboxContents” folder. Yay! Open-mouthed smile

Did it help. Leave me a comment.

Windows 10: How to setup NAT network for Hyper-V guests?

Windows 10 Hyper-V has NAT (Network Address Translation) network feature, but it needs to setup using PowerShell now.  I will show you step by step instructions how to do it. NAT Switch provides Internet access to the VM without creating External Switch (linking the switch to physical wired or wireless adaptor).

Before we start, here are the requirements to prepare it ahead of time.

1.  IP Network to be used in Guests. You need to find a subnet that is not being using in your Office network. If you are setting up on your Home, you can choose any subnet that is not used in your home. E.g.,

2. Guest VMs are needed to assign IP address/subnet/gateway manually from the subnet you choose on requirement 1 above. Or you may need to setup in DHCP server in one of the Guest VMs for automatic IP assignment. If you only have one or two guest VMs, you may set the IP address manually on NICs.

Now the step by step instruction.

Step 1: Open PowerShell with Administrative privileges.

Search PowerShell in Start menu search, right click on PowerShell and choose More ==> Run As Administrator.

Step 2: Create Hyper-V internal only switch.

Run this command on the PowerShell.

New-VMSwitch –SwitchName “NAT-Switch” –SwitchType Internal –Verbose

Step 3: Find the Interface Index number

Type this cmdlet and note down the interface index (ifIndex) for NAT-Switch adaptor.


Step 4: Create NAT Gateway

Run this cmdlet. Replace

  • IP Address (gateway) with your own (should be from the network subnet you chose in the requirements section above)
  • PrefixLength is the subnet mask number for the subnet you chose
  • Interface index you noted down on previous step.

New-NetIPAddress –IPAddress -PrefixLength 24 -InterfaceIndex 16 –Verbose

Step 4: Create NAT Network

Run this cmdlet and replace InternelIPInterfaceAddressPrefix with your chosen network.

New-NetNat –Name NATNetwork –InternalIPInterfaceAddressPrefix –Verbose

Step 5: Connect your VM to the NAT-Switch

You may manually assign the Guest NIC to the “NAT-Switch” which we created in Step-2.  Or you may run this cmdlet to assign NIC from all Guest VMs to the “NAT-Switch”

Get-VM | Get-VMNetworkAdapter | Connect-VMNetworkAdapter –SwitchName “NAT-Switch”

Step 6: Assign IP Address to the NICs in Guests

Open NIC properties in your Guest VMs, Assign IPv4 addresses from the network subject you setup in Step-4.  Or run DHCP server from one of your Guests to dish IP address automatically.


Guest VM 1:

IP Address:
DNS: and (or your own DNS server from the office network).

Guest VM 2:

IP Address:
DNS: and (or your own DNS server from the office network).

That’s all. By  now you guests should have access to External networks and Internet.

Hope this helped you. Leave me a reply below.