Category Archives: Microsoft Exchange

Everything related to Exchange

Slow Migration – Office 365

The story:

In office 365 when you’re working on Exchange 2010,2013, 2016 or 2019 in a hybrid environment things might look easy but in a big enterprises where Internet security is something being taken into account very seriously. It might cause many issues that you don’t expect at all.

One of my clients whom I was doing Exchange Migration for had an issue with the Migration. The error was as follows:

Error occurs after Office 365 Exchange online connects to Exchange on-premises 2010 mailbox server

Error in Office 365

         : 20.

                                           27.04.2016 08:03:17 [DB3PR05MB0778] Transient error DataExportTransientExcep

                                           tion has occurred. The system will retry (2/1280).

                                           27.04.2016 08:04:53 [DB3PR05MB0778] The Microsoft Exchange Mailbox Replicati

                                           on service ‘DB3PR05MB0778.eurprd05.prod.outlook.com’ (15.1.466.25 caps:03FFF

                                           F) is examining the request.

                                           27.04.2016 08:04:55 [DB3PR05MB0778] Connected to target mailbox ‘lcwonline.o

                                           nmicrosoft.com\ec96e315-1059-4710-b358-1c4b42f3edeb (Primary)’, database ‘EU

                                           RPR05DG049-db131′, Mailbox server ‘DB3PR05MB0778.eurprd05.prod.outlook.com’

                                           Version 15.1 (Build 466.0).RequestExpiryTimestamp                   : 03.04.2116 07:42:38

ObjectState                              : New

Troubleshooting:

To troubleshoot issues, You need to put so many things into account! The architecture of the infrastructure of where you are doing the project is very important and the need of knowing how things are working matters.

Things that could always come in mind and handy are what you will need to start your troubleshooting:

– Bandwidth Limitations or Performance:

https://technet.microsoft.com/en-us/library/dn592150(v=exchg.150).aspx

https://technet.microsoft.com/en-us/library/jj200581(v=exchg.150).aspx

– Exchange Configuration (MRS)

To troubleshoot the MRs, You need to know what kind of error you’re getting and to see this you can use the following powershell after you connect to Office 365 powershell.

Get-MoveRequest {email} | Get-MoveRequestStatistics -Diagnostic -IncludeReport | Export-Clixml c:\logfile.xml

The resultant report will reveal the error and shows you where is the exact culprit.

– Disk Latency
– Firewall Configuration (IPS/IDS)

From Exchange 2016 to 2019 or 2013 to 2016 The transient error might be related to MRSProxy or at least this is the case with me 90% of the time. To resolve this issue you will need to change the MRSProxy values on the target server and depending on the error might also be the Source server too.

SOLUTION:

===========

1. Some instability was detected in communications as well as saturation by the size of the link.
2. The procedure to increase the timeout for the service through the file MRSProxy

File: MsExchangeMailboxReplication.exe.config

Object / line: DataImportTimeout.

New Value: 00:10:00

clip_image001[4]

New Configuration

clip_image001[6]

3- Unified messaging Integration between Exchange 2016 and Skype for Business

Setting up UM

To setup UM between Exchange and Skype for business server, the most important step is how you configure the Certificates between both servers in order for them to trust each other.

For that you don’t have to use a public Certificate but rather an internal CA certificate that has its root certificate installed on all of the server where you intend to deploy the UM. (Exchange, S4B Servers..etc.).

To claim this certificate, the easiest step would be to get the CSR from Skype for Business’s Deployment Wizard

Run Deployment Wizard and click on the “Install or Update skype for business Server system”

clip_image001

Then click on step 3 (request, install or assign Cert)

clip_image002

I already have certificate deployed for S4B service but I’ll request CSR again to get one trusted certificate for both Exchange and S4B.

I will tick only the services that matters as in the below screenshot (Server default and Web services internal) later also will be used for OWA integration with UM.

clip_image003

Click on Request

clip_image004

Click on Advanced

clip_image005

Next

clip_image006

I’ll continue next until I’ve got to the important part which is “Name and Security settings” I’ll need to tick the “Mark the certificate’s private key as exportable” since we’ll export the certificate to Exchange servers

clip_image007

Next I’ll add Exchange servers’s FQDNs.

clip_image008

clip_image009

Click Next

clip_image010

clip_image011

Here is the CMDLET

Request-CSCertificate -New -Type Default,WebServicesInternal -CA “DC2016.moh10ly.com\moh10ly-DC2016-CA” -Country “TR” -FriendlyName “Skype for Business Server 2015 Default certificate 3/18/2016” -KeySize 2048 -PrivateKeyExportable $True -Organization “moh10ly” -OU “moh10ly” -DomainName “sip.moh10ly.com,ex2016.moh10ly.com,ex2016-2.moh10ly.com,ex2010.moh10ly.com” -AllSipDomain -Verbose -Report “C:\Users\administrator.MOH10LY\AppData\Local\Temp\2\Request-CSCertificate-[2016_03_18][11_16_35].html”

Click Next again and mark the thumbprint for the new Cert as we’ll need to see it later to make sure it’s properly configured for the UM on Exchange.

8BA9A2C4CD926B01C029F6B9A76D75BBEFDDE069

clip_image012

Click next to assign the Cert

clip_image013

clip_image014

Successfully, the certificate has been assigned to the Services

clip_image015

The CMDLET that was applied

Set-CSCertificate -Type Default,WebServicesInternal -Thumbprint 8BA9A2C4CD926B01C029F6B9A76D75BBEFDDE069 -Confirm:$false -Report “C:\Users\administrator.MOH10LY\AppData\Local\Temp\2\Set-CSCertificate-[2016_03_18][11_19_06].html”

Now it’s time to export this certificate and import it to Exchange servers

clip_image016

I’ll find the certificate that I have created today by looking at the expiration date which is 2 years from now with the same day.

clip_image017

Now I’ll right click on the certificate and export it with the private key.

clip_image018

I’ll open Exchange EMC and import the certificate

clip_image019

I’ll have to put the exported cert in a shared folder and provide the path and the password for it

clip_image020

I’ll add the two servers below

clip_image021

clip_image022

I’ll double click on the imported certificate and assign the UM services to it on each of the servers

clip_image023

clip_image024

I have got the below error due to not configuring the service to use TLS instead of TCP on both servers.

clip_image025

To fix this I’ll go on Exchange Management shell and run the following CMDLET

Get-UMService | Set-UMService -UMStartupMode TLS

clip_image026

clip_image027

Now I’ll try to save again

clip_image028

clip_image029

I’ll proceed with YES and continue to do the same to the other Server and restart the UM service on both servers

clip_image030

Now it’s time to create a UM Dial plan

clip_image031

I’ll configure the UM Dial plan according to my Skype for Business settings for users enabled for EV

clip_image032

To use powershell, you can use the following cmdlet

New-UMDialPlan –Name DialplanName –UriType SIPURI –NumberOfDigitsInExtension 4 –VoIPSecurity Secured –CountryOrRegionCode 1 –AccessTelephoneNumber +9012345678

Next, adding a gateway to the UM (NOTE: If configured incorrect, will cause the service not to start and errors with event ID (1057, 4999,1430, 1038) will appear.

Time to configure Gateway

clip_image033

In the gateway I’ll add my PBX (AsteriskNow) and place my already configured UMDP

clip_image034

clip_image035

When you create the dial plan, Exchange automatically creates a new UM mail policy along with it and it also generates a name that’s related to the Dial plan

In order to see this policy, you will have to double click on the new dial plan to view it and you can also change the policy in it .. Which I’m going to apply for the length of the policy to make it shorter

clip_image036

Double click on the Mailbox policy and navigate to Pin Polices and change it to the length you want to allow

clip_image037

Configure Auto Attendant

clip_image038

Set the AA as how you want it to be configured and make sure you add the full E.164 format as it won’t accept otherwise.

clip_image039

Click Save to continue

Now time to configure OVA (Outlook voice access)

Subscriber Access

If you want to configure Outlook Voice Access (OVA) , sometimes also referred to as Subscriber Access, click on the Configure button. Select Outlook Voice Access in the left hand menu and enter the telephone number you want to use to access OVA. This must be in the E.164 notation.

clip_image040

To do so click on Configure

clip_image041

To assign the new dial plan to the UM services, both on the Client Access Server (UM Call Router) as well as on the Mailbox server. In an Exchange Management Shell windows enter the following commands:

1

2

Set-UMCallRouterSettings -DialPlans “Exchangelabs Dial Plan” –Server 2012E15FE04

Get-UMService | Set-UMService -DialPlans “Exchangelabs Dial Plan”

clip_image042

clip_image043

Now I’ll also change the UM call router to TLS and assign Certificate to the service then restart it

clip_image044

clip_image045

Restart the services of the Call router, then associate the service with the dialplan you created.

Set-UMCallRouterSettings -DialPlans “UMDP1” –Server EX2016

Set-UMCallRouterSettings -DialPlans “UMDP1” –Server EX2016-2

Configure Skype for Business Server

To configure the UM Service to be used with Skype for Business Server. Microsoft has a script that will create and configure all necessary components. This scripts is located in the scripts directory C:\Program Files\Microsoft\Exchange Server\V15\Scripts.

Run the following CMDLET

CD $ExScripts

.\ExchUCUtil.ps1

clip_image046

The first time you setup this script it’ll detect the Dial plan and set it up with Skype for Business Server

clip_image047

It will show that no setting has changed but the fact that the dial plan is showing here Not found means that there something has changed .. You’ll notice that if you run the same script again.

clip_image048

Let’s try it again

Here you can see that the dial plan has been assigned to the S4B Front end server.

clip_image049

This script performs the following:

  • Grants Skype for Business Server permission to read Exchange UM Active Directory components, specifically, the SIP URI dial plan that was created in the first step;
  • Creates a UM IP gateway for each Skype for business Server pool that hosts users who will be enabled for Enterprise Voice;
  • Create an Exchange UM hunt group for each UM IP gateway. The hunt group pilot identifier will be the name of the dial plan associated with the corresponding UM IP gateway. The hunt group must specify the UM SIP dial plan used with the UM IP gateway.

When the script has run you’ll see a new UM IP Gateway appear in the EAC. Since this script not only creates the UM IP Gateway but also sets the necessary permissions the UM IP Gateway was not created manually in the first step.

clip_image050

Next we’ll go to Skype for Business FE server and then run the OcsUmUtil.exe tool which creates the contact objects for Outlook Voice Access and for the auto attendants. This tool can be found in C:\Program Files\Common Files\Skype for Business Server 2015\Support

clip_image051

I’ll right click the file to run it as administrator

clip_image052

Click on Load Data

clip_image053

clip_image054

Select the SIP dial plan and click ADD

clip_image055

Click OK

Right after configuring this your Voice mail should be enabled once you enable your user for it

After I enable user for UM and assign a valid dialplan .. Now I can see the user has got his Voice Mail option available.

clip_image056

Hope this was useful

clip_image057

—-

UM gateway

clip_image058

clip_image059

clip_image060

Upgrading Exchange 2013 RTM to Latest SP and CU

To check for the current version use the following command line

Version 15.0 (Build 516.32)

Get-Exchangeserver | ft Name,Admin* -Autosize

How to upgrade your existing Exchange Server 2013 to CU7 using command-line

You will have to download CU7 pack, extract it and run the command line from CMD with administrative privileges.

http://www.microsoft.com/en-us/download/details.aspx?id=45221

Here we run the CMD as admin

Drag and drop the folder you extracted into CMD window to be able to enter into the path in order to run the setup file.

Run the following command to upgrade the existent server

Setup /Mode:Upgrade /IAcceptExchangeServerLicenseTerms

Below you can see the upgrade process to install the Cumulative Update 3.

Once the upgrade process is finished you will be able to see the new version in the cmdlet after you apply the cmdlet

Get-ExchangeServer | ft Name,Admin* -AutoSize

The version must show 15.00.1044.025

Testing Exchange ActiveSync

If you have an issue with ActiveSync on Exchange 2010/2013 and you want to troubleshoot it, you will have to first test ActiveSync from Microsoft Exchange Management shell for any failing user

You can use the following cmdlet to start

Test-ActiveSyncConnectivity -MailboxCredential (Get-Credential domain\user) -UseAutodiscoverForClientAccessServer

clip_image001

As you can see in the previous snapshot, the test failed in folder syncing part. But in order to get the full report on the failure we’ll have to add the option | fl and if you want to export the report to a text file you can use the parameter >c:\1.txt which will export the command output to a text file name called 1.txt on the C root drive.

clip_image002
clip_image003

Resolution:

As you can see the eror says “Internal server error” and if you proceed to read the error in the middle it says “Active Directory operation failed on DC.server.local. This error is not retriable. Additional information: Access is denied. Active Directory response: 000000005 up to <INSUFF_ACCESS_RIGHTS>. Searching for this error a little bit I found that it’s related to Inheritance under the user’s security advanced settings.

clip_image004
clip_image005

Once this was applied the user was able to log in from mobile without an issue

Owa Redirection results in 401 Unauthorized access message

I have been asked by one client of mine to do a redirection to their mail.domain.com to go directly to the Owa page but after applying the redirection configuration I faced an issue.

Whenever I try to go to the OWA page using only the FQDN mail.domain.com I get a 401 unauthorized access page.

Resolution:

The solution was to add authenticated users to wwwroot with full permission and restart the IIS with noforce parameter.

OWA an unexpected error occurred and your request couldn’t be handled

OWA an unexpected error occurred and your request couldn’t be handled

Resolution 1:

The error happens due to a redirection of OWA has been configured. To fix the issue simply remove the redirect option.

Resolution 2:

Another resolution that works without turning Redirection off for default site is to turn off redirection from the Public folder.

Outlook 2007 keeps prompting users for password

After migration from Exchange 2003 to Exchange 2010 outlook 2007 keeps prompting users for password:

Symptoms

After migration of Exchange 2003 to Exchange 2010, some outlook 2007 client users keeps getting prompted to enter their credentials once again.

Cause

The problem might be related to the authentication method used on Outlook Anywhere. (Basic Authentication). (due to password being not saved in windows authentication mode.).

Resolution:

Changing the authentication method of Outlook anywhere to NTLM will resolve the issue.

Offline Address book Issue after migration from Exchange 2003 to Exchange 2010

Error: event ID: 9360

OABGen encountered an error while generating the changes.oab file for version 2 and 3 differential downloads of address list

RESOLUTION 1

Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:

322756 How to back up and restore the registry in Windows

To resolve this issue, follow these steps on the server that is running Exchange Server 2003:

  1. Click Start, click Run, type regedit in the Open box, and then click OK.
  2. Locate and then right-click the following registry subkey:
  3. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSExchangeSA\Parameters
  4. Point to New, and then click DWORD Value.
  5. Type OAL post full if diff fails to name the new value.
  6. Right-click OAL post full if diff fails, and then click Modify.
  7. In the Value data box, type 1, and then click OK.
  8. Exit Registry Editor.
  9. Dismount and then mount the Public Folder Store again. To dismount and then mount the public folder store, follow these steps:
    1. Start Exchange System Manager.
    2. Expand Servers, expand the server that you want, expand Storage_Group_Name, and then right-click Public Folder Store.
    3. Note If administrative groups are defined, follow these steps:
      • Expand Administrative Groups.
      • Expand Administrative_Group_Name.
      • Expand Servers.
      • Expand the server that you want.
      • Expand Storage_Group_Name.
      • Right-click Public Folder Store.
    4. Click Dismount Store, and then click Yes to continue.
    5. Right-click Public Folder Store, click Mount Store, and then click OK.

A new parent Legacy Exchange DN container value ‘/o=HEMA/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients’ was found during generation of the differential update file for offline address list ‘\Global Address List’. This will force clients using this offline address list to do a full download of the offline address list.

– \Default Offline Address List

Resolution 2:

If the first resolution didn’t work, try to disable version 2 and 3 OAB, then update again and see if you get any errors.

Note that this may take some time to take effect.

New Mailbox migration suspended or queued with the error below generated

Detailed Error:

Database redundancy health check failed.

Database copy: DATABASE_3

Redundancy count: 1

Error: Passive copy ‘DATABASE_3\EXCH02’ is not in a good state. Status: DisconnectedAndResynchronizing.

Name Status RealCopyQueu InspectorQue ReplayQueue CIState

e ue

—- —— ———— ———— ———– ——-

DATABASE_3\EX Disconnected And Resynchronizing 426 0 0 Healthy

CH02

DATABASE_3\EX Mounted 0 0 0 Healthy

CH01

===============

Full Status

===============

Identity : DATABASE_3\EXCH02

Name : DATABASE_3\EXCH02

DatabaseName : DATABASE_3

Status : DisconnectedAndResynchronizing

MailboxServer : EXCH02

ActiveDatabaseCopy : exch01

ActivationSuspended : False

ActionInitiator : Unknown

ErrorMessage : The Microsoft Exchange Replication service w

as unable to perform an incremental reseed o

f database copy ‘DATABASE_3\EXCH02’ due to a

network error. The database copy status wil

l be set to Disconnected. Error An error occ

urred while communicating with server ‘EXCH0

1′. Error: Unable to read data from the tran

sport connection: A connection attempt faile

d because the connected party did not proper

ly respond after a period of time, or establ

ished connection failed because connected ho

st has failed to respond.

ErrorEventId : 2058

ExtendedErrorInfo :

SuspendComment :

SinglePageRestore : 0

ContentIndexState : Healthy

ContentIndexErrorMessage :

CopyQueueLength : 426

ReplayQueueLength : 0

LatestAvailableLogTime : 14.01.2014 07:13:37

LastCopyNotificationedLogTime : 14.01.2014 07:13:37

LastCopiedLogTime : 14.01.2014 07:11:52

LastInspectedLogTime : 14.01.2014 07:11:52

LastReplayedLogTime : 14.01.2014 07:11:52

LastLogGenerated : 592826

LastLogCopyNotified : 592400

LastLogCopied : 592400

LastLogInspected : 592400

LastLogReplayed : 592400

LogsReplayedSinceInstanceStart : 0

LogsCopiedSinceInstanceStart : 0

LatestFullBackupTime :

LatestIncrementalBackupTime :

LatestDifferentialBackupTime :

LatestCopyBackupTime :

SnapshotBackup :

SnapshotLatestFullBackup :

SnapshotLatestIncrementalBackup :

SnapshotLatestDifferentialBackup :

SnapshotLatestCopyBackup :

LogReplayQueueIncreasing : False

LogCopyQueueIncreasing : False

OutstandingDumpsterRequests : {}

OutgoingConnections :

IncomingLogCopyingNetwork :

SeedingNetwork :

ActiveCopy : False

Identity : DATABASE_3\EXCH01

Name : DATABASE_3\EXCH01

DatabaseName : DATABASE_3

Status : Mounted

MailboxServer : EXCH01

ActiveDatabaseCopy : exch01

ActivationSuspended : False

ActionInitiator : Service

ErrorMessage :

ErrorEventId :

ExtendedErrorInfo :

SuspendComment :

SinglePageRestore : 0

ContentIndexState : Healthy

ContentIndexErrorMessage :

CopyQueueLength : 0

ReplayQueueLength : 0

LatestAvailableLogTime :

LastCopyNotificationedLogTime :

LastCopiedLogTime :

LastInspectedLogTime :

LastReplayedLogTime :

LastLogGenerated : 0

LastLogCopyNotified : 0

LastLogCopied : 0

LastLogInspected : 0

LastLogReplayed : 0

LogsReplayedSinceInstanceStart : 0

LogsCopiedSinceInstanceStart : 0

LatestFullBackupTime :

LatestIncrementalBackupTime :

LatestDifferentialBackupTime :

LatestCopyBackupTime :

SnapshotBackup :

SnapshotLatestFullBackup :

SnapshotLatestIncrementalBackup :

SnapshotLatestDifferentialBackup :

SnapshotLatestCopyBackup :

LogReplayQueueIncreasing : False

LogCopyQueueIncreasing : False

OutstandingDumpsterRequests : {}

OutgoingConnections :

IncomingLogCopyingNetwork :

SeedingNetwork :

ActiveCopy : True

Resolution:

To resolve this issue, check if the database which is having the issue is over 1TB and if that’s the case try to remove some users from this database to another database.

To view the users of this database using the following powershell cmdlet.

Get-MailboxDatabase “Mailbox Database 1” | Get-MailboxStatistics | Sort totalitemsize -desc | Export-CSV C:\mailboxes.csv

Installing “Only” Trend Micro 11.0 on Exchange 2013 server

This guide will show you how to installing order to Install “Only” Trend Micro 11.0 on Exchange 2013 server

You will have to make sure that before you install Trend Micro you have enough resources on the mail servers or Edge servers depending on where you are intending to install it.

Prerequisites:

  1. You will need to install Windows IIS CGI role.
  2. Net Framework 3.5
  3. Trend Micro Setup.

If you did not install CGI you will get the following error, so you must install it

clip_image001

To install it you will need to go to Add Roles and then choose and install it.

clip_image002

If Net Framework 3.5 is not install the setup won’t proceed unless you do so and you will get the following error:

clip_image003

To install Net Framework 3.5 , you can use the wizard or you can use the Powershell but you’ll need to attach Windows Server ISO File to the VM or the physical machine.

clip_image004

Setup will restart from the beginning

NetFrame work fails from the Server Manager

clip_image005

Instead, I imported the Windows 2012 r2 server ISO into the VM and ran the powershell command line

Dism /online /enable-feature /featurename:NetFx3 /All /Source:D:\sources\sxs /LimitAccess

Where D is the ISO drive name where Windows is.

clip_image006

Restarted the Trend Micro Setup and the setup is working

I already have copied the setup files on my mailbox servers, in my scenario I have 2 mail box servers which I am going to install it on.

I will launch the setup and go through the following wizard

clip_image007

As I mentioned earlier, I am planning to install it on Exchange 2013 Mailbox servers, so I will go ahead and choose Mailbox servers

clip_image008

I will click Browse and Add exchange servers and as in the following snapshot it’ll show me total server count

clip_image009

Next I will type the Exchange Admin account which I used to setup Exchange with and login to the admin Center which is also a local admin.

clip_image010

This is set by default so you will need to leave it as it is.

clip_image011

You can keep the following default settings or change the port in case it’s already used or enable SSL.

clip_image012

In my case I will enable SSL as well as it’s more preferable for security purposes.

clip_image013

Trend micro setup will check if there’s any previous instance on the target Mailbox server in order to check if it’s an upgrade or a fresh install.

clip_image014

I have no proxy so I will proceed without it.

clip_image015

I’m planning to ignore this now and register later, so you can provide the key if you already have it and want to register.

clip_image016

When you continue without activating the product you will get the following warning.

clip_image017

Depending on if you wanna be useful or not, you can just to participate with this program or just ignore it.

clip_image018

In case you would like to direct or send all incoming spam messages to the user to take the decision him/her self you can choose to integrate with Outlook junk e-mail or integrate with End user’s quarantine. In this case incoming infected or suspicious mails will be delivered to the user’s Quarantine but can be restored from/with trend micro.

clip_image019

Trend Micro have also a control manager for centralized management, so if you have it you can configure it and manage all those scanmail from one location. If not then just click next

clip_image020

Click browse and choose your domain in order to select the domain admin groups to manage the trend micro scan mail application.

clip_image021

All server details and configuration is going to be listed in the next snapshot.

clip_image022

And now installation should start.

clip_image023
clip_image024
clip_image025

The credentials to login might be standard but you could also try your domain admin which you have assigned during the setup to login to the portal.

clip_image026

Any configuration that you do on the Mailbox server 1, you will have to re-do it on Server 2 since this is not centralized management.

clip_image027

So first thing I’ll do is update the product to the latest version.

clip_image028

After selecting the components to update click on Update and wait for the process to finish.

clip_image029

After setting and configuring couple of rules and restarting Exchange transport service on each server . I was able to test It and see that it works as in the following snapshot.

clip_image030