showing posts tagged with 'exchange'
by lunarg on September 15th 2017, at 14:25
On October 31 2017, RPC over HTTP will be deprecated in Office 365, as stated here. This means that older Outlook versions (those that use RPC over HTTP) will no longer be able to connect to Office 365. The reason for this is that RPC over HTTP will be replaced in favor of the much newer MAPI over HTTP.

This switchover has an impact on all (older) Outlook versions that do not have the required update (incorporating MAPI over HTTP) functionality installed. Only Outlook versions that get this update will be able to connect to Office 365, resulting in the following changes:

Outlook 2007: no longer supported (there is no update).

Outlook 2010: only supported with SP2 and KB 2878264 installed   ...
by lunarg on September 12th 2017, at 10:31

One of the most common Exchange admin tasks is setting mailbox delegations. Personally, I usually do this through EAC but once you're familiar with the Powershell counterparts, it can be quicker to use that instead. I've created this post as a reference to do just that.

In the reference below, the user "Ellen Somebody" requires access to the mailbox of "John Doe".

Send on Behalf

Set-Mailbox john.doe -GrantSendOnBehalfTo ellen.somebody

Send As

Add-ADPermission john.doe -ExtendedRights Send-As -user ellen.somebody

Full Access

Add-MailboxPermission -Identity john.doe -User ellen.somebody -AccessRights FullAccess -InheritanceType All
by lunarg on June 14th 2017, at 14:25
By default, when the Private computer checkbox is visible, it is checked by default, meaning that OWA will store some things in your browser by default. Sometimes, this may not be desirable, and you may prefer the checkbox is unchecked by default so as to prevent this. There is no setting to change this default, but there's a workaround, allowing you to obtain the same result. The only downside of this workaround is that it needs to be done anew after each update of Exchange.

To show the Private Computer checkbox in the first place, read this article about enabling the option.

To apply the workaround, you need to manually edit the logon.aspx page so it does not check the checkbox by defaul  ...
by lunarg on June 14th 2017, at 14:22
Exchange OWA stores data offline in your browser for a better user experience and performance. In older releases of Exchange, this behaviour could be turned off at the logon page by unchecking a checkbox, but since Exchange 2013, this checkbox is no longer visible on the logon page. But, this option can be turned on again by changing a configuration option of OWA in Exchange.

The option can be enabled through EMS on the CAS server. If you have more than one CAS server, this needs to be done on all of them.

Get-OwaVirtualDirectory | Set-OwaVirtualDirectory -LogonPagePublicPrivateSelectionEnabled $true

After the change, don't forget to reload IIS:

iisreset /noforce

Optionally, you can a  ...
by lunarg on January 23rd 2017, at 11:03
In a hybrid Exchange environment, you may get an error when attempting to log in to Office 365 when performing a management task involving Office 365. When clicking the "Sign in to Office 365" link, the following error is displayed:

critical error
The web page isn't loading correctly. Please reload the page by refreshing your browser.

Technical information: Unable to set the property "mkt" of a null reference or undefined

Not really a solution, but you can work around the issue by performing these steps:

In EAC, navigate to Hybrid.

Click Modify.

Click Sign in to Office 365, type in your Office 365 username and password.

Once logged in, click on the Enterprise tab and try per  ...
by lunarg on January 23rd 2017, at 10:17

If you have the Exchange Management Tools installed, you can easily import the Exchange module into a standard Powershell by running the Add-PSSnapin cmdlet.

Depending on the Exchange version, the module to add is slightly different:

Exchange 2007Microsoft.Exchange.Management.PowerShell.Admin
Exchange 2010Microsoft.Exchange.Management.PowerShell.E2010
Exchange 2013Microsoft.Exchange.Management.PowerShell.SnapIn

If you're not sure about the version, you can also use wildcard characters:

Add-PSSnapin *Exchange*

If you don't want to install the management tools, you can also use PS remoting to remotely access the management shell from a standard Powershell.

by lunarg on November 18th 2016, at 14:44

When running Get-ReceiveConnector, the contents of the RemoteIPRanges field may be truncated if there are a lot of entries. You can "expand" the list:

Get-ReceiveConnector MyConnector | Select -expand RemoteIPRanges | FT

This will expand each of the IP range objects and FT makes sure it's nicely formatted in a table. For single addresses, you only need the LowerBound column, but if ranges have been specified, you probably want both columns.

by lunarg on August 10th 2016, at 15:31
It may not seem evident to find out which mailboxes are accessible by a particular user or group. Through EAC, there is no apparent way to do this, as giving access for a user to a (shared) mailbox can only be done through the shared mailbox and then providing the user/group access. There is no way to query a particular user/group and show a list of mailboxes that user/group has access to. Fortunately, it seems that Powershell (EMS) does provide an easier answer.

These cmdlets work in both Office365 and on-premise Exchange 2007 or newer.

List mailboxes to which a user/group has access to:

Get-Mailbox | Get-MailboxPermission -User user1

Although the cmdlet states a user name, replacing th  ...
by lunarg on June 30th 2016, at 13:11
When you migrated your mail from an on-premise Exchange to Office 365, and you did not (yet) uninstall Exchange and/or clean up AD, Outlook will still try to configure itself to connect to the on-premise Exchange when adding a new account, even though Autodiscover has been configured correctly (autodiscover.domain.tld pointing to

The reason for this is in the way how Outlook performs its autodiscovery attempts. The first step in the discovery process is trying to configure the account using Service Connection Point (SCP), which is defined in AD (or in rare cases, in the registry of the computer). As the SCP is still configured in AD/registry, Outlook will use thos  ...
by lunarg on June 21st 2016, at 15:31
Even when using Exchange SSL certificates that are signed by an internal CA, you will still occasionally have to renew them. Using EAC (https://your-exchange-server/ecp), this should be pretty straightforward, or is it?

After logging on to EAC, and navigating to "Servers" → "Certificates", select the expired certificate, then on the right pane, you can click "Renew" to generate a certificate signing request with all the proper SANs. This CSR can then be used with your internal CA to sign the request and generate a new certificate.

Unfortunately, you will most likely hit a snare: the CSR generated by the Exchange server does not contain any certificate tem  ...
by lunarg on May 25th 2016, at 15:59

You can quickly check which mailbox has e-mail forwarding settings enabled through the EMS:

Get-Mailbox -Filter {ForwardingAddress -ne $null} | FT Name,ForwardingAddress,DeliverToMailboxAndForward -Autosize

You can use the cmdlet above and process its output or export it to a CSV (using Export-CSV).

by lunarg on April 20th 2016, at 15:47
A few steps to enable management of your Office 365 subscription using Powershell. One uses Powershell because not all configuration is available through the Office 365 Portal, and it's also useful for automation.

UPDATE (2016-04-20): updated links and information.

Download and install the Microsoft Online Services Sign-In Assistant.This is required in order to be able to sign in to Office 365.

Download and install Azure Active Directory Module for Windows PowerShell (64-bit version).Note: 32-bit users, see below.

Optionally, you can also download and install modules to manage Sharepoint Online and Skype for Business Online.

32-bit Azure AD Module
From October 20, 2014, the Azure Ac  ...
by lunarg on October 29th 2015, at 13:07

You can easily get the Exchange version for all Exchange servers in your domain with this one-liner. Run it from an Exchange Management Shell.

Get-ExchangeServer | Select Name,AdminDisplayVersion,Edition,ServerRole

The following information is displayed:

Name : the server name
AdminDisplayVersion :
the version and build of the server
You can cross-reference this with the Exchange version matrix to find out which updates are installed.
Edition : can be Standard or Enterprise
ServerRole : the roles on the server specified by Name
by lunarg on October 29th 2015, at 13:05

These version matrix pages (from Microsoft) contain the build numbers (how to check?) of Exchange, matched against their update "names" (RU, CU numbers), their release dates, and a link to the KB containing the update download:

by lunarg on October 13th 2015, at 14:46

DigiCert has a very handy tool to automatically change the internal and external URLs of an Exchange CAS server:

by lunarg on September 17th 2015, at 16:40
Sometimes, it may be handy to know how many CALs in Exchange are now actually in use. In Exchange 2010 and 2013, this can be done very easily.

There are two types of Exchange CALs: Standard and Enterprise. For the majority, the CALs provide the same feature, accept for Enterprise, which has the following additional features:

Mailbox archiving

Per-mailbox journaling

Unified Messaging

If a mailbox uses any of these "enterprise" features, then it is treated as an Enterprise CAL. If not, it is a Standard CAL.

License compliancy
This process "calculates" the current required CALs, not the CALs you have purchased. It's up to you to determine whether you are compliant.

In  ...
by lunarg on September 15th 2015, at 15:56
Rather than installing the Exchange 2013 management tools, you could also connect to the Exchange Management Shell (EMS) through Powershell "remoting".

Connect to EMS using the current credentials (i.e. the user running Powershell):

$session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http://exchange-server-fqdn/PowerShell -Authentication KerberosImport-PSSession $session

Replace exchange-server-fqdn with the FQDN or IP address of the Exchange server you wish to connect to. With this command, you will be using the credentials of the current logged in user, and authenticate through Kerberos. If the user is not a organizational admin, you will be able to l  ...
by lunarg on September 11th 2015, at 10:39
This is a very crude script to defrag (using eseutil) Exchange mailbox databases.

The script takes the database name as a mandatory parameter. It then dismounts the database, checks whether the database state has been shutdown cleanly, performs the defrag, verifies the state again, and finally, mounts it again.

Note that this is an offline process. The specified mailbox database will be offline, meaning that all mailboxes in the database will not be accessible until the process has been completed.

Use with caution!
This script has not been tested extensively and does not account for everything that can go wrong. I merely provide it as a good starting point to extend the script to somethin  ...
by lunarg on September 3rd 2015, at 14:08
The internal health monitoring system may report Unhealthy, and an error similar to the following is reported by SCOM:

Alert: {2} Resolution state: New
Alert: {2}
Source: EXCH02 - Compliance
Last modified by: System
Last modified time: 9/3/2015 11:43:37 AM Alert description: EMSMDB.DoRpc(Logon) step of ComplianceOutlookLogonToArchiveRpcCtpProbe/EXCHDB03 has failed against proxying to Unknown for
Latency: 00:00:00.9250000
Error: Error returned in LogonCallResult. Error code = WrongServer (0x00000478)
Log: RpcProxy connectivity verification  ...
by lunarg on September 3rd 2015, at 10:48
When running Blackberry Enterprise Server (BES) 5.0.4 in an environment with users whose mailboxes are located on Exchange 2013 servers, you may encounter the following problem: certain, but not all users lose their connectivity on their mobile devices. They can no longer send or receive e-mail, calendar, contacts.

When looking at the event viewer, an application crash is logged:

Event 1000 Application Error
Faulting application name: BlackBerryAgent.exe, version:, time stamp: 0x502e604b
Faulting module name: exmapi32.dll, version: 6.5.8320.0, time stamp: 0x517e1c40
Exception code: 0xc0000005
Fault offset: 0x00010188
Faulting process id: 0x1fbc
Faulting application start time: 0x0  ...
showing posts tagged with 'exchange'
« October 2017»
« I needed a password with eight characters so I picked Snow White and the Seven Dwarves. »