showing posts tagged with 'exchange'
by lunarg on August 14th 2015, at 09:14

In an Office365 hybrid configuration, you may get the following error after the Sign in to Office 365 prompt in the EAC:

Cookies Are Disabled :(
Please make sure that you enabled cookies in your browser settings and that your Exchange Admininstration Center domain has been added to trusted sites or local intranet zones.

To resolve, you need to do just that:

  1. Go to Internet Options, tab Security.
  2. Click the Intranet zone, then click the Websites button, then the Advanced button.
  3. Add your EAC FQDN to the list (e.g.
  4. Completely close the browser, then log back in.
by lunarg on August 12th 2015, at 15:47
In an Exchange cluster with a Database Availability Group (DAG), you can easily "switch over" one, more or all mailbox databases to another node.

If you need to take a node offline, it's better to put it in maintenance mode. This will properly notify the cluster that the node is in maintenance and prevents automatic failover (of other services, if any) to other nodes.

Switchover can be done through EAC, or through the EMS (Powershell).

To switch over all mailbox databases to a server called EX2:

Move-ActiveMailboxDatabase -Server EX2

To switch over the database called DB1 to a server called EX2:

Move-ActiveMailboxDatabase DB1 -ActivateOnServer EX2

The switchover will  ...
by lunarg on June 29th 2015, at 17:14
Users that have access to a number of shared mailboxes in their Outlook may notice the contents of those shared mailboxes are no longer synchronized properly. Their own personal mailbox does not seem to have this problem. On the server running the Exchange Information Store (MSExchangeIS), a variation of the following event is logged when this occurs:

Event ID 9646
Mapi session "ba765653-5439-437a-993f-806575b85fbb: /o=My Company/ou=First Administrative Group/cn=Recipients/cn=user" exceeded the maximum of 500 objects of type "objtFolder".

The reason for this error is that the Outlook client has hit the maximum number of MAPI connections allowed for the specified object   ...
by lunarg on June 25th 2015, at 16:46
When attempting to send an e-mail, you get a non-delivery report containing the following error code:


Usually, this error is caused if you are sending mail on behalf of someone else, and don't have permission to do so. Note that send on behalf and send as are two different, exclusive permissions. Having one permission does not automatically allow the other.

In rare cases, this error can also occur when a user's mailbox has been migrated to Exchange 2013, and the shared mailbox is still on the old Exchange server. This causes problems with permissions, and can quickly be resolved by setting the required permissions on the shared mailbox (send as/on behalf), t  ...
by lunarg on June 16th 2015, at 09:22

The attached VBScript allows you to set an Out-of-Office reply for another user on an Exchange 2003. You'll need the required permissions on the Exchange server to set a user's out-of-office (either Mail Recipients or User Options Management roles).

I found the script in the comments section of this Technet blog article. Special thanks go to the author (Bill Prentice) for sharing.

This script is only for Exchange 2003. Starting from 2007, the Powershell cmdlet Set-MailboxAutoReplyConfiguration is available.

by lunarg on June 11th 2015, at 15:09

You can easily convert an Exchange mailbox from one type to another through the Exchange Management Shell.

Set-Mailbox -Identity -Type Regular

There are four types you can use to convert to:

  • Regular (User mailbox);
  • Shared
  • Equipment
  • Room

The Equipment and Room types are used for reservations of meeting rooms and equipment (DLP).

by lunarg on March 19th 2015, at 14:43
You can quickly configure message tracking logging through the Exchange Management Shell (EMS). Among the things you can set up are: the time the logs are to be kept, where they should be stored, the individual log file size, the total maximum size for the tracking logs directory, etc.

Retrieve the current settings for a server with:

Get-TransportServer <server-name> | Select MessageTracking*

Change those values with:

Set-TransportServer <server-name> <parameters>

In case your mailbox role is running on different servers, you also need to run:

Set-MailboxServer <server-name> <parameters>

Example: set the message tracking log for a server called EXCH01 to   ...
by lunarg on March 18th 2015, at 16:05

After deleting an unused mailbox database from Exchange 2013, you may see warnings appearing in the Application log (Event Log):

The Microsoft Exchange Mailbox Replication service was unable to process jobs in a mailbox database.
Database: Missing database (GUID)
Error: Database 'GUID' doesn't exist.

If removed very recently, wait for replication of AD throughout your domain, but the Mailbox Replication service will also cache the existence of the database. You can resolve this by simply restarting the Microsoft Exchange Mailbox Replication service (can be done during operation).

by lunarg on March 13th 2015, at 13:08

Since Exchange 2010 SP1, when giving users Full access to another mailbox, they automatically get that mailbox added to their Outlook (2007 and up). This feature is called mailbox auto-mapping, and has made life a little easier for us IT administrators. But sometimes, you do not want a mailbox to be auto-mapped in Outlook for a particular user.

This can be achieved by setting the access permission through Powershell, and including the parameter -AutoMapping:$false in the cmdlet.

Add-MailboxPermission "Shared Mailbox" -User <user> -AccessRights FullAccess -AutoMapping:$false
by lunarg on March 10th 2015, at 16:12
You can easily view message tracking logs through the Exchange Management Shell (EMS). The cmdlet to use is called Get-MessageTrackingLog, and roughly provides the same search queries as before, and to be honest, it's faster than using the GUI in older Exchange versions, once you get to know the syntax. And thanks to the power of Powershell, you have a lot more options about exporting said data (e.g. to CSV).

The basic syntax is as follows:

Get-MessageTrackingLog [-Server <ServerIdentity.] [-ResultSize <Integer> | Unlimited] [-Start <DateTime>] [-End <DateTime>] [-EventId <EventId>] [-InternalMessageId <InternalMessageId>] [-MessageId <MessageId>] [-M  ...
by lunarg on March 5th 2015, at 12:35
By default, when opening up OWA (Outlook Web App) access to the internet, you could technically also get into Exchange Admin Center (EAC) by appending /ecp after the external OWA URL, potentionally creating a security vulnerability and increasing the chance for a brute-force attack to succeed.

While it is generally a good idea to deny access to the Administrator user to manage the Exchange-server, this is not always possible or desireable. Additionally, because EAC is a VirtualDirectory within a site in IIS, it is not possible to have it listen on a separate internal IP address and secure it through the edge firewall. Luckily, IIS also has some other mechanisms to secure access. There's an   ...
by lunarg on March 4th 2015, at 17:18

You can easily find quarantined mailboxes through Powershell:

Get-Mailbox | Get-MailboxStatistics | Where { $_.IsQuarantined -eq $True } | Select Name,Alias

More information about quarantined mailboxes: KB2603736.

by lunarg on March 4th 2015, at 15:09
By default, when a user first logs on to Outlook Web App, they are prompted to choose their language and time zone. Sometimes, it's required to change these settings for a certain user, or even, for all users. This can be done by an administrative user through Exchange Management Shell (EMS), and works for both Exchange 2010/2013 and Office365, with the cmdlet Set-MailboxRegionalConfiguration.

First, open EMS for your on-premise Exchange, or for Office365, connect to Exchange Online using Powershell.

You can then set/change the language and time zone for a user like so:

Set-MailboxRegionalConfiguration -Identity -Language -TimeZone

identity speaks for itself: it can be an alia  ...
by lunarg on February 27th 2015, at 12:06
By default, in Exchange 2013, OWA prompts the user to type in their username including the logon name. This can be altered so OWA accepts usernames in a different format.

Log on to EMS and run the following Powershell cmdlet:

Set-OwaVirtualDirectory "owa (Default Web Site)" -LogonFormat Username -DefaultDomain your-domain-name

Change your-domain-name to your domain name.

Next, restart IIS to apply the changes:

iisreset /noforce

Note: not entirely correct as, in fact, you change it to the UserPrincipalName, which is not necessarily the same as the e-mail address.

Log on to EMS and run the following Powershell cmdlet:

Set-OwaVirtualDirectory "owa (Default Web Site)" -LogonFormat Pr  ...
by lunarg on February 17th 2015, at 12:45

Using EMS (Exchange Management Shell), you can quickly retrieve a list of mailboxes not using the default quotas:

Get-Mailbox | Where { $_.UseDatabaseQuotaDefaults -eq $False } | Select Name,UseDatabaseQuotaDefaults,ProhibitSendQuota
by lunarg on January 20th 2015, at 17:04

Open an EMS (Exchange Management Shell), and type these in, one by one:

Get-GlobalAddressList | update-GlobalAdressList
Get-AddressList | update-AddressList
Get-OfflineAddressBook | Update-OfflineAddressBook

Some users report having to restart the Exchange File Distribution service after running these PS cmdlets.

by lunarg on September 3rd 2014, at 14:56

Wanted to install the latest BES Express (at the time of writing, this was 5.0.4) on a fresh Windows-server. Starting Setup.exe briefly shows the Blackberry splash-screen, then immediately crashes ("this program has stopped working...").

Apparently, RIM did some sloppy programming: changing the regional settings to English (US) or English (UK) resolves the issue.

by lunarg on August 28th 2014, at 15:05
You can install the Exchange 2013 management tools on a standard workstation or on another server to remotely administer your Exchange 2013 servers. This is particular useful if you need to run Exchange Management Shell often, and don't want to log on to the Exchange-server in order to do so.

You need this:

A supported operating system, such as Windows 7, Windows 8, 2008R2, 2012, or 2012R2

The target computer must be domain-joined.

The following Windows Features: IIS 6 Metabase Compatibility

IIS 6 Management Console

IIS Management Console

and obviously: the Exchange 2013 DVD or ISO

For Windows 7 and 2008R2, these are extra:

Microsoft .NET Framework 4.5 (Windo  ...
by lunarg on August 28th 2014, at 13:11
For migrations from other e-mail platforms to Exchange, you probably want to have full access enabled for a certain Exchange-account to facilitate the migration without having to set up complex access rights. Exchange has something called application impersonation, which allows a user to impersonate other users to access individual mailboxes, which comes in very handy during a migration.

In order to set up application impersonation, you need access to the Exchange Management Shell (EMS), with an account which has permissions to set up access rights.

Exchange 2007 does not support application impersonation as in Exchange 2010 and up. Impersonation does exist but has to be set on each indivi  ...
showing posts tagged with 'exchange'
« January 2019»
« Most people tend to avoid true conflict. Ironically this breeds more conflict. »