showing posts tagged with 'exchange'
by lunarg on September 2nd 2015, at 17:02
Exchange 2013 uses Managed Availability to monitor its own health. One part of this monitoring is achieved through the use of synthetic transactions, mimicking regular user activity, such as accessing mailboxes, send/receive e-mail, etc. For this to work properly, the monitoring system uses so-called Health Mailboxes. These are just regular mailboxes (with a regular AD account), but are created automatically and used for the sole purpose of health monitoring. Depending on the CU-version of Exchange 2013, these are created for every database on every CAS (or just one per CAS and one per database, starting from CU6).

Sometimes, these mailboxes may become corrupt or unusable, in which case the  ...
by lunarg on September 2nd 2015, at 16:29
If you notice that SCOM is not properly discovering services on a particular server (e.g. it does not detect the presence of Exchange), you can resolve this by clearing the cache of the agent on the server. This will trigger a new full discovery, and the agent should now be able to detect the new services:

Log on the server of which services are not discovered properly.

Stop the agent (System Center Management service): net stop HealthService

Delete the contents of the Health Service State folder, located in the installation folder of the agent.
(default location: %PROGRAMFILES%\System Center Operations Manager\Agent).

Start the agent again (System Center Management service): net start  ...
by lunarg on September 1st 2015, at 16:24
If a mailbox gets migrated or disabled (= disconnected), the mailbox is not removed from the mailbox database right away. Instead, Exchange uses the retention configuration of the mailbox database in which the mailbox was stored. This is useful if a restore of the mailbox is needed (e.g. in case of accidental deletion).

However, sometimes it may not be necessary to have the mailbox available for undelete. E.g. when you have migrated a large number of mailboxes, you may not wish to keep the old mailbox copies to free up disk space. In that case, you can manually "purge" the mailbox from the mailbox database.

Note that this only works with a disconnected mailbox. These are mailboxe  ...
by lunarg on August 28th 2015, at 10:05
Exchange mailbox database files (EDB-files) grow in size as the data within them grows. But when data is removed, their file sizes will not shrink back. Instead, the file will contain "white space", which will be re-used if additional space is needed again.

Older versions of Exchange (2007 and earlier) did (limited) automatic space reclamation as part of their online database maintenance routines. Starting from Exchange 2010, these maintenance routines have changed and space reclamation no longer occurs. It is up to the Exchange administrator to perform space reclamation if the need arises.

There are two viable methods for reclaiming disk space, each having their pros and cons:

by lunarg on August 27th 2015, at 11:51

You can reboot a DAG witness server but only if your DAG cluster is operating with all of its members online.

An FSW (file share witness) will only come into play during a failover scenario. This means that it will become a problem if a DAG member fails at the exact same moment your FSW is rebooting, because the remaining DAG member will then not achieve majority, causing the cluster to fail completely.

Note that if you reboot the FWS often in a short period, the cluster will mark the FWS as unreliable and fail the cluster. In that case, you should manually bring it back online by running the following PS cmdlet on a DAG member:

Get-ClusterResource | Start-ClusterResource
by lunarg on August 26th 2015, at 10:38
Exchange 2013 has several performance counters running by default. While this is useful for diagnostic purposes, it also can take up a lot of disk space (can go over 1 GB a day). You can use Powershell to clear out older performance logs.

gci 'S:ExchangeLoggingDiagnosticsDailyPerformanceLogs','S:ExchangeLoggingDiagnosticsPerformanceLogsToBeProcessed' | gci -Include '*.log','*.blg' -Recurse | ? LastWriteTime -lt (Get-Date).AddDays(-7) | Remove-Item

Replace the paths to the daily performance logs and performance logs to be processed. You can also adjust the number of days it needs to keep (in the example, it's 1 week). In the example, we remove the files, but you could just as easily move th  ...
by lunarg on August 24th 2015, at 16:09
Certain Certificate Authority providers, such as GoDaddy allow you to renew an SSL certificate using the same CSR and private key. This greatly simplifies the procedure to renew a certificate, but this can also complicate things if you don't have your private key readily available.

On a server running ADFS 3.0 for instance, you do not have IIS available to allow an easy SSL certificate renewal (or even a request). Or perhaps, you lost the current private key, or it is located somewhere where it's not easily accessible.

Luckily, there's a fairly easy way to extract the private key from the previous SSL certificate on your Windows server. By using the Windows Certificate store functionality   ...
by lunarg on August 24th 2015, at 12:45
The following errors may be logged in an environment that has been upgraded to a new version of Exchange (usually 2003 to 2010), or a service pack to Exchange (2010) has been installed.

MSExchange ADAccess Event ID 2937
Log Name: Application
Source: MSExchange ADAccess
Date: 9/26/2010 9:12:29 AM
Event ID: 2937
Task Category: Validation
Level: Warning
Keywords: Classic
User: N/A

The reason for this error is that an AD attribute of an item (e.g. mailbox, connector, routing group, etc) is pointing to the DN of a server which has recently been deleted from AD. As long as the object is still physically present in   ...
by lunarg on August 24th 2015, at 12:06
You may encounter the following errors in the Application event log:

MSExchangeSA Event ID 9385
Microsoft Exchange System Attendant failed to read the membership of the universal security group '/dc=com/dc=domain/ou=Microsoft Exchange Security Groups/cn=Exchange Servers'; the error code was '8007203a'. The problem might be that the Microsoft Exchange System does not have permission to read the membership of the group.

If this computer is not a member of the group '/dc=com/dc=domain/ou=Microsoft Exchange Security Groups/cn=Exchange Servers', you should manually stop all Microsoft Exchange services, run the task 'add-ExchangeServerGroupMember,' and then restart all Microsoft Exchange servic  ...
by lunarg on August 21st 2015, at 11:06

You can mail-enable multiple accounts with a single Powershell command. Look below for some examples:

Mail-enable AD accounts whose first name is John:

Get-ADUser -Filter * | Where {$_.GivenName -like "John"} | ForEach-Object { Enable-Mailbox -Identity $_.DistinguishedName }

Mail-enable all accounts in an OU called Engineering:

Get-ADUser -Filter * -SearchBase "OU=Engineering,DC=contoso,DC=local" | ForEach-Object { Enable-Mailbox -Identity $_.DistinguishedName }
by lunarg on August 20th 2015, at 16:26
The way public folders work has been changed radically in Exchange 2013. Starting from Exchange 2013, public folders are basically stored in a regular mailbox, and then published as public folders. With Exchange 2010 being the last version to support so-called "legacy" public folders, Exchange 2013 is not able to access these folders. As a consequence, if you're in the middle of a migration from Exchange 2007/20102010 to 2013, or are running a mixed environment, and you still have these legacy public folders on your Exchange 2010, you will notice that users with a mailbox migrated on Exchange 2013 will no longer be able to access these public folders. As Exchange 2013 no longer sup  ...
by lunarg on August 18th 2015, at 15:07
If you have an Exchange Hybrid Configuration setup, you may have some users that use services of Office365 but still have their mailbox on-premise. These users probably have an Office365 license assigned to them. Selecting these users from the Users list in the Office365 Admin Portal reveals the following message when viewing the primary e-mail address for such a user:

The items you're trying to open couldn't be found.

Additionally, the same error is displayed when attempting to view or edit Exchange Online properties for such a user.

The error is actually a "bug" in the Office365 Admin Portal, caused because the user has an Exchange Online license assigned. Because of thi  ...
by lunarg on August 18th 2015, at 14:20
Exchange's AutoMapping feature allows shared mailboxes to be added automatically to a user's Outlook if that user obtains full access permissions to that mailbox. This eliminates the need for the user to add the mailbox manually in Outlook. Subsequently, the same mechanism is also used when access to a shared mailbox is removed for a particular user. The mailbox should then automatically disappear from Outlook. Unfortunately, this does not always work properly.

Because of an intermittent bug, sometimes it can occur that a shared mailbox is not automatically removed from Outlook after access to that mailbox has been revoked. In fact, manually removing the mailbox (through Registry) doesn't h  ...
by lunarg on August 17th 2015, at 13:25
EDIT: highlight required trailing dots + added CNAME for msoid.

If you're using a hosting provider which uses DirectAdmin for its DNS management, it may be a hassle to correctly configure DNS records for Office 365, mainly because of syntax issues. After some trial-and-error and googling, I finally managed to correctly devise the proper syntax to configure Exchange Online and Lync Online.

The set up of the entries below is a left and right field in the DNS management, safe for MX-records, which are set up elsewhere. For most services, don't forget to add the trailing . at the end of each record pointing to a Microsoft Server. Otherwise, resolving will incorrectly add your own do  ...
by lunarg on August 17th 2015, at 10:10

Easily count the number of mailboxes located on an Exchange (mailbox) server with Powershell:

[PS] >Get-Mailbox | Group-Object -Property:ServerName | Select-Object Name,Count

Name                   Count
----                   -----
exchange01                43
exchange02               100
exchange03               252
by lunarg on August 14th 2015, at 14:22
Every once in a while you will have to perform maintenance (e.g. installing updates, troubleshooting, hardware maintenance) on your Exchange 2013 servers. In the past, you had to schedule proper downtime and do manual changes to configurations for this to work properly. Exchange 2013 SP1 introduced "Maintenance mode", allowing your Exchange 2013 servers to be put in maintenance mode. This allows you to perform maintenance on a server without the end users noticing it's gone, or without having to schedule downtime.

Maintenance mode was designed for mailbox servers (i.e. servers that have the mailbox role, either standalone or multi-role). However, it's worth noting that putting a s  ...
by lunarg on August 14th 2015, at 12:29
Setting up a hybrid configuration between Office 365 and on-premise Exchange may seem straight forward, but there are a lot of pitfalls to tackle. One of the more frequent issues is a problem with free/busy information not being visible, or the inability to migrate mailboxes from/to Exchange Online.

Additionally, you may have received this error during the initial configuration of the hybrid setup:

Hybrid Configuration Wizard
Office 365 was unable to communicate with your on-premises Autodiscover endpoint. This is typically due to incorrect DNS or firewall configuration. The Office 365 tenant is currently configured to use the following URL for Autodiscover queries from the Office 365 tena  ...
by lunarg on August 14th 2015, at 09:14

In an Office365 hybrid configuration, you may get the following error after the Sign in to Office 365 prompt in the EAC:

Cookies Are Disabled :(
Please make sure that you enabled cookies in your browser settings and that your Exchange Admininstration Center domain has been added to trusted sites or local intranet zones.

To resolve, you need to do just that:

  1. Go to Internet Options, tab Security.
  2. Click the Intranet zone, then click the Websites button, then the Advanced button.
  3. Add your EAC FQDN to the list (e.g.
  4. Completely close the browser, then log back in.
by lunarg on August 12th 2015, at 15:47
In an Exchange cluster with a Database Availability Group (DAG), you can easily "switch over" one, more or all mailbox databases to another node.

If you need to take a node offline, it's better to put it in maintenance mode. This will properly notify the cluster that the node is in maintenance and prevents automatic failover (of other services, if any) to other nodes.

Switchover can be done through EAC, or through the EMS (Powershell).

To switch over all mailbox databases to a server called EX2:

Move-ActiveMailboxDatabase -Server EX2

To switch over the database called DB1 to a server called EX2:

Move-ActiveMailboxDatabase DB1 -ActivateOnServer EX2

The switchover will  ...
by lunarg on June 29th 2015, at 17:14
Users that have access to a number of shared mailboxes in their Outlook may notice the contents of those shared mailboxes are no longer synchronized properly. Their own personal mailbox does not seem to have this problem. On the server running the Exchange Information Store (MSExchangeIS), a variation of the following event is logged when this occurs:

Event ID 9646
Mapi session "ba765653-5439-437a-993f-806575b85fbb: /o=My Company/ou=First Administrative Group/cn=Recipients/cn=user" exceeded the maximum of 500 objects of type "objtFolder".

The reason for this error is that the Outlook client has hit the maximum number of MAPI connections allowed for the specified object   ...
showing posts tagged with 'exchange'