Quantcast
Channel: Exchange Server 2013 - General Discussion forum
Viewing all 13303 articles
Browse latest View live

Insufficient access when trying to install update 10

$
0
0

Hi

we receive the following error when trying to install the cumulative update 10.

Error:
The following error was generated when "$error.Clear();  
          try
          {
            $Target = $env:COMPUTERNAME
            try
            { 
              $exSrv = get-ExchangeServer $Target -ErrorAction SilentlyContinue 
            } 
            catch 
            {
              Write-ExchangeSetupLog -Warning "Unable to set monitoring and server state to inactive.  Setup will continue.";
            }

            if ($exSrv -eq $null)
            {
              Write-ExchangeSetupLog -Warning "$Target is not an Exchange Server. Unable to set monitoring and server state to inactive.  Setup will continue.";
              return
            }

            Set-ServerComponentState $Target -Component Monitoring -Requester Functional -State Inactive
            Write-ExchangeSetupLog -Info "Monitoring has been set to Inactive while setup is running."

            Set-ServerComponentState $Target -Component RecoveryActionsEnabled -Requester Functional -State Inactive
            Write-ExchangeSetupLog -Info "RecoveryActionsEnabled has been set to Inactive while setup is running."

            Set-ServerComponentState $Target -Component ServerWideOffline -Requester Functional -State InActive
            Write-ExchangeSetupLog -Info "The server state has been set to Inactive while setup is running."
          }
          catch 
          {
            Write-ExchangeSetupLog -Warning "Unable to set monitoring and server state to inactive.  Setup can not continue.";
            throw;
          }
        " was run: "Microsoft.Exchange.Data.Directory.ADOperationException: Active Directory operation failed on server.domain.tld. This error is not retriable. Additional information: Insufficient access rights to perform the operation.
Active directory response: 00002098: SecErr: DSID-03150E47, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
 ---> System.DirectoryServices.Protocols.DirectoryOperationException: The user has insufficient access rights.
   at System.DirectoryServices.Protocols.LdapConnection.ConstructResponse(Int32 messageId, LdapOperation operation, ResultAll resultType, TimeSpan requestTimeOut, Boolean exceptionOnTimeOut)
   at System.DirectoryServices.Protocols.LdapConnection.SendRequest(DirectoryRequest request, TimeSpan requestTimeout)
   at Microsoft.Exchange.Data.Directory.PooledLdapConnection.SendRequest(DirectoryRequest request, LdapOperation ldapOperation, Nullable`1 clientSideSearchTimeout, IActivityScope activityScope, String callerInfo)
   at Microsoft.Exchange.Data.Directory.ADDataSession.ExecuteModificationRequest(ADObject entry, DirectoryRequest request, ADObjectId originalId, Boolean emptyObjectSessionOnException, Boolean isSync)
   --- End of inner exception stack trace ---
   at Microsoft.Exchange.Data.Directory.ADDataSession.AnalyzeDirectoryError(PooledLdapConnection connection, DirectoryRequest request, DirectoryException de, Int32 totalRetries, Int32 retriesOnServer)
   at Microsoft.Exchange.Data.Directory.ADDataSession.ExecuteModificationRequest(ADObject entry, DirectoryRequest request, ADObjectId originalId, Boolean emptyObjectSessionOnException, Boolean isSync)
   at Microsoft.Exchange.Data.Directory.ADDataSession.ExecuteModificationRequest(ADObject entry, DirectoryRequest request, ADObjectId originalId, Boolean emptyObjectSessionOnException)
   at Microsoft.Exchange.Data.Directory.ADDataSession.Save(ADObject instanceToSave, IEnumerable`1 properties, Boolean bypassValidation)
   at Microsoft.Exchange.Management.SystemConfigurationTasks.SetServerComponentState.InternalProcessRecord()
   at Microsoft.Exchange.Configuration.Tasks.Task.<ProcessRecord>b__b()
   at Microsoft.Exchange.Configuration.Tasks.Task.InvokeRetryableFunc(String funcName, Action func, Boolean terminatePipelineIfFailed)".

Error:
The following error was generated when "$error.Clear();  
          try
          {
            $Target = $env:COMPUTERNAME
            try
            { 
              $exSrv = get-ExchangeServer $Target -ErrorAction SilentlyContinue 
            } 
            catch 
            {
              Write-ExchangeSetupLog -Warning "Unable to set monitoring and server state to inactive.  Setup will continue.";
            }

            if ($exSrv -eq $null)
            {
              Write-ExchangeSetupLog -Warning "$Target is not an Exchange Server. Unable to set monitoring and server state to inactive.  Setup will continue.";
              return
            }

            Set-ServerComponentState $Target -Component Monitoring -Requester Functional -State Inactive
            Write-ExchangeSetupLog -Info "Monitoring has been set to Inactive while setup is running."

            Set-ServerComponentState $Target -Component RecoveryActionsEnabled -Requester Functional -State Inactive
            Write-ExchangeSetupLog -Info "RecoveryActionsEnabled has been set to Inactive while setup is running."

            Set-ServerComponentState $Target -Component ServerWideOffline -Requester Functional -State InActive
            Write-ExchangeSetupLog -Info "The server state has been set to Inactive while setup is running."
          }
          catch 
          {
            Write-ExchangeSetupLog -Warning "Unable to set monitoring and server state to inactive.  Setup can not continue.";
            throw;
          }
        " was run: "Microsoft.Exchange.Data.Directory.ADOperationException: Active Directory operation failed on server.domain.tld. This error is not retriable. Additional information: Insufficient access rights to perform the operation.
Active directory response: 00002098: SecErr: DSID-03150E47, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
 ---> System.DirectoryServices.Protocols.DirectoryOperationException: The user has insufficient access rights.
   at System.DirectoryServices.Protocols.LdapConnection.ConstructResponse(Int32 messageId, LdapOperation operation, ResultAll resultType, TimeSpan requestTimeOut, Boolean exceptionOnTimeOut)
   at System.DirectoryServices.Protocols.LdapConnection.SendRequest(DirectoryRequest request, TimeSpan requestTimeout)
   at Microsoft.Exchange.Data.Directory.PooledLdapConnection.SendRequest(DirectoryRequest request, LdapOperation ldapOperation, Nullable`1 clientSideSearchTimeout, IActivityScope activityScope, String callerInfo)
   at Microsoft.Exchange.Data.Directory.ADDataSession.ExecuteModificationRequest(ADObject entry, DirectoryRequest request, ADObjectId originalId, Boolean emptyObjectSessionOnException, Boolean isSync)
   --- End of inner exception stack trace ---
   at Microsoft.Exchange.Data.Directory.ADDataSession.AnalyzeDirectoryError(PooledLdapConnection connection, DirectoryRequest request, DirectoryException de, Int32 totalRetries, Int32 retriesOnServer)
   at Microsoft.Exchange.Data.Directory.ADDataSession.ExecuteModificationRequest(ADObject entry, DirectoryRequest request, ADObjectId originalId, Boolean emptyObjectSessionOnException, Boolean isSync)
   at Microsoft.Exchange.Data.Directory.ADDataSession.ExecuteModificationRequest(ADObject entry, DirectoryRequest request, ADObjectId originalId, Boolean emptyObjectSessionOnException)
   at Microsoft.Exchange.Data.Directory.ADDataSession.Save(ADObject instanceToSave, IEnumerable`1 properties, Boolean bypassValidation)
   at Microsoft.Exchange.Management.SystemConfigurationTasks.SetServerComponentState.InternalProcessRecord()
   at Microsoft.Exchange.Configuration.Tasks.Task.<ProcessRecord>b__b()
   at Microsoft.Exchange.Configuration.Tasks.Task.InvokeRetryableFunc(String funcName, Action func, Boolean terminatePipelineIfFailed)".

Error:
The following error was generated when "$error.Clear();  
          try
          {
            $Target = $env:COMPUTERNAME
            try
            { 
              $exSrv = get-ExchangeServer $Target -ErrorAction SilentlyContinue 
            } 
            catch 
            {
              Write-ExchangeSetupLog -Warning "Unable to set monitoring and server state to inactive.  Setup will continue.";
            }

            if ($exSrv -eq $null)
            {
              Write-ExchangeSetupLog -Warning "$Target is not an Exchange Server. Unable to set monitoring and server state to inactive.  Setup will continue.";
              return
            }

            Set-ServerComponentState $Target -Component Monitoring -Requester Functional -State Inactive
            Write-ExchangeSetupLog -Info "Monitoring has been set to Inactive while setup is running."

            Set-ServerComponentState $Target -Component RecoveryActionsEnabled -Requester Functional -State Inactive
            Write-ExchangeSetupLog -Info "RecoveryActionsEnabled has been set to Inactive while setup is running."

            Set-ServerComponentState $Target -Component ServerWideOffline -Requester Functional -State InActive
            Write-ExchangeSetupLog -Info "The server state has been set to Inactive while setup is running."
          }
          catch 
          {
            Write-ExchangeSetupLog -Warning "Unable to set monitoring and server state to inactive.  Setup can not continue.";
            throw;
          }
        " was run: "Microsoft.Exchange.Data.Directory.ADOperationException: Active Directory operation failed on server.domain.tld. This error is not retriable. Additional information: Insufficient access rights to perform the operation.
Active directory response: 00002098: SecErr: DSID-03150E47, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
 ---> System.DirectoryServices.Protocols.DirectoryOperationException: The user has insufficient access rights.
   at System.DirectoryServices.Protocols.LdapConnection.ConstructResponse(Int32 messageId, LdapOperation operation, ResultAll resultType, TimeSpan requestTimeOut, Boolean exceptionOnTimeOut)
   at System.DirectoryServices.Protocols.LdapConnection.SendRequest(DirectoryRequest request, TimeSpan requestTimeout)
   at Microsoft.Exchange.Data.Directory.PooledLdapConnection.SendRequest(DirectoryRequest request, LdapOperation ldapOperation, Nullable`1 clientSideSearchTimeout, IActivityScope activityScope, String callerInfo)
   at Microsoft.Exchange.Data.Directory.ADDataSession.ExecuteModificationRequest(ADObject entry, DirectoryRequest request, ADObjectId originalId, Boolean emptyObjectSessionOnException, Boolean isSync)
   --- End of inner exception stack trace ---
   at Microsoft.Exchange.Data.Directory.ADDataSession.AnalyzeDirectoryError(PooledLdapConnection connection, DirectoryRequest request, DirectoryException de, Int32 totalRetries, Int32 retriesOnServer)
   at Microsoft.Exchange.Data.Directory.ADDataSession.ExecuteModificationRequest(ADObject entry, DirectoryRequest request, ADObjectId originalId, Boolean emptyObjectSessionOnException, Boolean isSync)
   at Microsoft.Exchange.Data.Directory.ADDataSession.ExecuteModificationRequest(ADObject entry, DirectoryRequest request, ADObjectId originalId, Boolean emptyObjectSessionOnException)
   at Microsoft.Exchange.Data.Directory.ADDataSession.Save(ADObject instanceToSave, IEnumerable`1 properties, Boolean bypassValidation)
   at Microsoft.Exchange.Management.SystemConfigurationTasks.SetServerComponentState.InternalProcessRecord()
   at Microsoft.Exchange.Configuration.Tasks.Task.<ProcessRecord>b__b()
   at Microsoft.Exchange.Configuration.Tasks.Task.InvokeRetryableFunc(String funcName, Action func, Boolean terminatePipelineIfFailed)".



Restore Exchange server in Hyper-V, only c:drive - reuse db disks?

$
0
0

Hi

We have a server in a DAG that is gone. I know the "best practise" way to restore it but - now the question.

It is a virual server, and only the c:\drive is gone. Can we create a new server and mount the healty disks?

Then we will save a lot of time.'

I think, reset ad object, install a new Windows Server with the excisting disks (dbs) and then install exchange with /recoverserver.

What will then happend? CAn it reuse the disks and dbs?

BR
Steen



Certificate Based Authentication Exchange Server 2013?

$
0
0

I can't find setup information specific to Exchange Server 2013.  I only see information for 2010.

http://blogs.technet.com/b/exchange/archive/2012/11/28/configure-certificate-based-authentication-for-exchange-activesync.aspx

Has Microsoft or anyone else posted step by step instructions for setting up certificate based authentication for Exchange Server 2013 or have any Exchange Server 2013 books been released or updated in the last few months that include the steps needed to set up Activesync CBA from scratch in an Exchange Server 2013 environment?

List of users with access to other users calenders

$
0
0

I am looking for command/script that provides me information with all users who have calendar access to other users in excel sheet so that we can migrate those together.

Outlook sees calendar OWA sees an email

$
0
0

Here is an interesting one I'm interested if anyone else has come across or if we are the only people seeing it.

If you recieve a meeting forward notification in your oulook it will read the item as a calendar item.  If I go to forward the item in my inbox its as if I open the calendar entry and am forwarding the the original meeting.  in the inbox however its just a blank body email.

If I open the same item in OWA it reads it as the forward meeting notification email and displays the body as such.  If I forward the same item from owa I can then open it in outlook as an email not a calendar entry. 

The issue appears to be in the code rendering difference between the two applications.  not sure if this is fixed in later rollups (currently Exchange 2013 SP1 RU5) or if this was introduced in one of these as we where not experiencing this fault before, and I'm unsure if it popped up when the system was updated not that long ago.

Amending the distribution lists in EXchange2010

$
0
0

HI wonderful people

Some of the manager have distribution list which they manage to keep it update  if anyone join the organisation or left

since upgrading to exchange 2010 even the manager have the correct permission to manage the groups they can not modify for some reason

thanks in advance

CAS servers in separate city's

$
0
0

Hi, what are the options for deploying multiple CAS servers, same country but in separate datacenter's in separate cities?

I thought GeoDNS might do the trick, but that seems limited to continental regions, and there doesn't appear to be many providers in NZ.

The aim is to have the following:

CAS1 - Residing in DC1 in City 1 - Companies in this City, or proximity will connect to this server as their MBX server is located in this DC as well.

CAS2 - Residing in DC2 in City 2 - Companies in this City, or proximity will connect to this server as their MBX server is located in this DC as well.

If a user in City 1 goes to City2, they will still go through CAS1 as this is the default for their site because they are only there temporarily. I think I could use Netmask ordering internally (for Citrix/RDS etc) based on origin subnet but that doesn't solve the issue for external clients.

This is a multi-tennant environment. Any ideas appreciated.


David Robertson

Users Getting All Cert's Prompt

$
0
0

Exchange 2013 SP1 in a 2 member DAG. We have some users getting the logon prompt multiple times while outlook is running. These clients are using outlook 2007. My understanding is you will get the login prompt once when you open outlook. Here is a pic of the login box. Notice this box is connecting to autodiscover.domain.tld (shouldn't it be domain.tld?):

I have set OA auth method from negotiate to NTLM. Should that fix the many login pop-up boxes?


Autodiscover Redirect

$
0
0

Exchange 2013 SP1, 2 server DAG. We need to use autodiscover redirect method in order to avoid the cert warning prompt. I have the redirect site installed a different then exchange server. The external url for oa is oa.domain.tld. The internal url for oa is mail.domain.tld. I have a cname in public DNS that points back to autodiscover.domainA.tld (which is on the cert). The redirect site redirects to https://mail.domainA.tld/autodiscover. Here are the results from connectivity test:

Attempting to contact the Autodiscover service using the HTTP redirect method.
 	The attempt to contact Autodiscover using the HTTP Redirect method failed.

	Additional Details

	Test Steps

	Attempting to resolve the host name autodiscover.domainA.com in DNS.
 	The host name resolved successfully.

	Additional Details
	Testing TCP port 80 on host autodiscover.domainA.com to ensure it's listening and open.
 	The port was opened successfully.

	Additional Details
	The Microsoft Connectivity Analyzer is checking the host autodiscover.domainA.com for an HTTP redirect to the Autodiscover service.
 	The Microsoft Connectivity Analyzer failed to get an HTTP redirect response for Autodiscover.

	Additional Details

A Web exception occurred because an HTTP 404 - NotFound response was received from Unknown.
HTTP Response Headers:
Content-Length: 0
Date: Thu, 24 Sep 2015 00:48:18 GMT
Server: Microsoft-IIS/8.5
Elapsed Time: 401 ms.

In a web browser, autodiscover.domainA.tld DOES redirect to https://mail.domain.tld/autodiscover. What am i missing?

OWA not accessible in one of the CAS server

$
0
0

Hi,

We have 2 CAS server using NLB between them. If we try to access owa from internal or external, we are able to access only on 1 server and if we disable the working server.  We are getting time out for owa.

If i browse the server https://servername/owa... this is working fine. 

Can anyone can suggest some troubleshooting steps.

Thanks

Sandeep

New Exchange Node

$
0
0

hi all , 

currently we have two exchange Server 2013 ( CAS01 , MBX01 ) and ( CAS02 , MBX02) . we need to add one more node as following ( CAS03 and MBX03) .

i have done the create and configuring the MBX03 .

after adding (CAS03 ) to windows NLB all users are start pointing to New CAS server (Owa and Outlook ) which is still not configured so i stopped the node from the Windows NLB .

is there is any explanation why the users start pointing to new node ! 

is it possible to force the users to point to another node ?

Autodiscover - not working correctly/timing out?

$
0
0

Ok. So, on my PC, I can go to control panel-mail-show profiles. Then add new profile.

When it gets to auto-account setup I replace the email address which is there (which is mine) with the one for profile I want. Then it goes off and searches. Sometimes it works straight away - job done. Sometime it will fail with user not found, sometimes you can retry and it works second time. Sometimes it wont work at all but 30 mins later it will work first time.

I understand that this is autodiscover? We also get intermittent problems with Out of office in outlook - sometimes it says cant conenct to server. Is this also autodiscover?

Difficult one because its so intermittent.....

Any ideas?

Global catalog sizing

$
0
0

Good morning ladies & gentlemen,

I have a question about the correct Global catalog sizing for an Exchange 2013 deployment.

On technet page, recommandation is to have a 1:8 ratio of active mailbox cores and global catalog cores.

In the Exchange 2013 sizer, If I have a design with 2 sites, I have the following results :

Number of Processor Cores Utilized : 6
Total Number of Servers / DAG / datacenter : 8

So based on my calculation, 6x8 = 48 then divide by 8 = 6 cores required

The calculator displays : 4 Global Catalog Cores required. Why ?

Thanks for your help & regards.

J.

Add admin user to have full access to every mailbox - powershell?

$
0
0

Want to add our admin user to have full access to every mailbox. So that we can log in as admin user and create mail profile to be able to access any mailbox.

Does this have to be done on an individual mailbox basis or can it be done at a system level?

If its got to be done, per mailbox, then assume powershell is best way to do this?

Exchange 2013 - 2010 co-existence. Outlook Anywhere issue - some of the test clients cant connect using Outlook Anywhere

$
0
0

Hi all, we just installed Exchange 2013 into our Exchange 2010 SP3 Organization, and are now having a few problems. 

We have the following:-
2010 Edge * 2
2010 CAS * 2 (also UM)
2010 Mailbox * 2
2010 UM * 1 (for a separate company in the group)

The current 2010 environment has an entirely separate incoming and outgoing internet route and an F5 loadbalancer.

2013 CAS * 3
2013 Mailbox * 3
Kemp LoadMaster with ESP
We are using a different internet connection entirely for this (for reasons I won’t go into, as it’s of no relevance to the issue)

All DNS records still point all users to the Exchange 2010 CAS and all mailboxes (with the exception of a couple of Exchange admins and test accounts) still reside on the Exchange 2010 infrastructure.  

However, now that co-existence is happening, we have run into some issues.

We have configured the new Exchange 2013 CAS servers with our public CA SSL certificates.  
We have also configured Outlook Anywhere on the Exchange 2013 CAS to use public DNS name.  
We have also used the Configure External Access Domain option under Virtual Directories to configure the External Access name.  Please see table:-

Get-VirDirInfo.ps1
Report generated on: 16 September 2015 15:48:23
General Client Access Server Information
ServerExchange VersionRolesEdition
GS1ADVMEXHV03Microsoft Exchange Server 2010 SP3ClientAccess, UnifiedMessaging, HubTransportEnterprise
GS1ADVMEXHV04Microsoft Exchange Server 2010 SP3ClientAccess, UnifiedMessaging, HubTransportEnterprise
SL1ACSEXCCAS01Exchange Server 2013 Service Pack 1 (SP1) (CU4)ClientAccessEnterprise
SL1ACSEXCCAS03Exchange Server 2013 Service Pack 1 (SP1) (CU4)ClientAccessEnterprise
SL1ACSEXCCAS02Exchange Server 2013 Service Pack 1 (SP1) (CU4)ClientAccessEnterprise

Autodiscover
ServerInternal UriInternalURLExternalUrlAuth. (Int.)Auth. (Ext.)Site ScopeLast modified on:
GS1ADVMEXHV03https://mail.domain.com/autodiscover/autodiscover.xmlBasic Ntlm WindowsIntegrated WSSecurity Basic Ntlm WindowsIntegrated WSSecurityGS1,SL106/10/2015 14:38:07
GS1ADVMEXHV04https://mail.domain.com/autodiscover/autodiscover.xmlBasic Ntlm WindowsIntegrated WSSecurity Basic Ntlm WindowsIntegrated WSSecurityGS1,SL106/10/2015 14:38:07
SL1ACSEXCCAS01https://mail.domain.com/autodiscover/autodiscover.xmlBasic Ntlm WindowsIntegrated WSSecurity OAuthBasic Ntlm WindowsIntegrated WSSecurity OAuthGS1,SL108/12/2015 16:37:22
SL1ACSEXCCAS03https://mail.domain.com/autodiscover/autodiscover.xmlBasic Ntlm WindowsIntegrated WSSecurity OAuthBasic Ntlm WindowsIntegrated WSSecurity OAuthGS1,SL108/12/2015 16:33:40
SL1ACSEXCCAS02https://mail.domain.com/autodiscover/autodiscover.xmlBasic Ntlm WindowsIntegrated WSSecurity OAuthBasic Ntlm WindowsIntegrated WSSecurity OAuthGS1,SL108/12/2015 16:34:06

Outlook Web App (OWA):
ServerName InternalURLExternalUrlInt. Auth.Last modified on:
GS1ADVMEXHV03owa (Default Web Site)https://mail.domain.com/OWAhttps://mail.domain.com/OWABasic Fba Ntlm WindowsIntegrated06/10/2015 14:38:07
GS1ADVMEXHV04owa (Default Web Site)https://mail.domain.com/OWAhttps://mail.domain.com/OWABasic Fba Ntlm WindowsIntegrated06/10/2015 14:38:07
SL1ACSEXCCAS01owa (Default Web Site)https://mail.domain.com/OWAhttps://mail.domain.com/OWABasic08/24/2015 15:39:00
SL1ACSEXCCAS03owa (Default Web Site)https://mail.domain.com/OWAhttps://mail.domain.com/OWABasic08/24/2015 15:39:30
SL1ACSEXCCAS02owa (Default Web Site)https://mail.domain.com/OWAhttps://mail.domain.com/OWABasic08/24/2015 15:39:00

Exchange Control Panel (ECP):
ServerName InternalURLExternalUrlInt. Auth.Last modified on:
GS1ADVMEXHV03ecp (Default Web Site)https://mail.domain.com/ecphttps://mail.domain.com/ecpBasic Fba Ntlm WindowsIntegrated06/10/2015 14:38:09
GS1ADVMEXHV04ecp (Default Web Site)https://mail.domain.com/ecphttps://mail.domain.com/ecpBasic Fba Ntlm WindowsIntegrated06/10/2015 14:38:09
SL1ACSEXCCAS01ecp (Default Web Site)https://mail.domain.com/ECPhttps://mail.domain.com/ECPBasic08/24/2015 15:40:30
SL1ACSEXCCAS03ecp (Default Web Site)https://mail.domain.com/ECPhttps://mail.domain.com/ECPBasic08/24/2015 15:41:00
SL1ACSEXCCAS02ecp (Default Web Site)https://mail.domain.com/ECPhttps://mail.domain.com/ECPBasic08/24/2015 15:40:30

Outlook Anywhere:
ServerInternal HostnameExternal HostnameAuth.(Int.)Auth. (Ext.)Auth. IISLast modified on:
GS1ADVMEXHV03mail.domain.comNtlmBasicBasic Ntlm08/06/2015 14:24:11
GS1ADVMEXHV04mail.domain.comNtlmBasicBasic Ntlm08/06/2015 14:24:11
SL1ACSEXCCAS01mail.domain.commail.domain.comNtlmNtlmBasic Ntlm09/08/2015 13:27:53
SL1ACSEXCCAS03mail.domain.commail.domain.comNtlmNtlmBasic Ntlm09/08/2015 13:27:53
SL1ACSEXCCAS02mail.domain.commail.domain.comNtlmNtlmBasic Ntlm09/08/2015 13:27:53

MAPI/HTTP:
ServerInternal URLExternal URLAuth.(Int.)Auth. (Ext.)Auth. IISLast modified on:
GS1ADVMEXHV03Server isn't running Exchange 2013 SP1 or later.
GS1ADVMEXHV04Server isn't running Exchange 2013 SP1 or later.
SL1ACSEXCCAS01https://mail.domain.com/mapihttps://mail.domain.com/mapiBasicBasic09/04/2015 17:12:42
SL1ACSEXCCAS03https://mail.domain.com/mapihttps://mail.domain.com/mapiBasicBasic09/04/2015 17:12:42
SL1ACSEXCCAS02https://mail.domain.com/mapihttps://mail.domain.com/mapiBasicBasic09/04/2015 17:12:42

Offline Address Book (OAB):
ServerOABs Internal URLExternal UrlAuth.(Int.)Auth. (Ext.)Last modified on:
GS1ADVMEXHV03\Default Offline Address Bookhttps://mail.domain.com/oabhttps://mail.domain.com/oabWindowsIntegratedWindowsIntegrated06/10/2015 14:38:08
GS1ADVMEXHV04\Default Offline Address Bookhttps://mail.domain.com/oabhttps://mail.domain.com/oabWindowsIntegratedWindowsIntegrated06/10/2015 14:38:08
SL1ACSEXCCAS01\DOMAIN Ex2013 OAB \Default Offline Address Book (Ex2013)https://mail.domain.com/oabhttps://mail.domain.com/oabWindowsIntegrated OAuthWindowsIntegrated OAuth08/24/2015 15:40:00
SL1ACSEXCCAS03\DOMAIN Ex2013 OABhttps://mail.domain.com/oabhttps://mail.domain.com/oabWindowsIntegrated OAuthWindowsIntegrated OAuth08/24/2015 15:40:30
SL1ACSEXCCAS02\DOMAIN Ex2013 OABhttps://mail.domain.com/oabhttps://mail.domain.com/oabWindowsIntegrated OAuthWindowsIntegrated OAuth08/24/2015 15:40:00

ActiveSync (EAS):
ServerInternal URLExternal UrlAuth. (Ext.)Last modified on:
GS1ADVMEXHV03https://mail.domain.com/Microsoft-Server-Activesynchttps://mail.domain.com/Microsoft-Server-Activesync06/10/2015 14:38:08
GS1ADVMEXHV04https://mail.domain.com/Microsoft-Server-Activesynchttps://mail.domain.com/Microsoft-Server-Activesync06/10/2015 14:38:08
SL1ACSEXCCAS01https://mail.domain.com/Microsoft-Server-Activesynchttps://mail.domain.com/Microsoft-Server-Activesync08/24/2015 15:39:30
SL1ACSEXCCAS03https://mail.domain.com/Microsoft-Server-Activesynchttps://mail.domain.com/Microsoft-Server-Activesync08/24/2015 15:40:00
SL1ACSEXCCAS02https://mail.domain.com/Microsoft-Server-Activesynchttps://mail.domain.com/Microsoft-Server-Activesync08/24/2015 15:40:00

Exchange Web Services(EWS):
ServerInternal URLExternal UrlAuth. (Int.)Auth. (Ext.)MRS Proxy EnabledLast modified on:
GS1ADVMEXHV03https://mail.domain.com/ews/exchange.asmxhttps://mail.domain.com/ews/exchange.asmx Basic Ntlm WindowsIntegrated WSSecurityBasic Ntlm WindowsIntegrated WSSecurityTrue06/10/2015 14:38:09
GS1ADVMEXHV04https://mail.domain.com/ews/exchange.asmxhttps://mail.domain.com/ews/exchange.asmx Basic Ntlm WindowsIntegrated WSSecurityBasic Ntlm WindowsIntegrated WSSecurityTrue06/10/2015 14:38:09
SL1ACSEXCCAS01https://mail.domain.com/EWS/Exchange.asmxhttps://mail.domain.com/EWS/Exchange.asmx Basic Ntlm WindowsIntegrated WSSecurity OAuth Basic Ntlm WindowsIntegrated WSSecurity OAuth True08/24/2015 15:38:08
SL1ACSEXCCAS03https://mail.domain.com/EWS/Exchange.asmxhttps://mail.domain.com/EWS/Exchange.asmx Basic Ntlm WindowsIntegrated WSSecurity OAuth Basic Ntlm WindowsIntegrated WSSecurity OAuth True08/24/2015 15:38:23
SL1ACSEXCCAS02https://mail.domain.com/EWS/Exchange.asmxhttps://mail.domain.com/EWS/Exchange.asmx Basic Ntlm WindowsIntegrated WSSecurity OAuth Basic Ntlm WindowsIntegrated WSSecurity OAuth True08/24/2015 15:38:23

The next step was to repoint the mail. and autodiscover. records to the address of the new loadbalancer to pass to a 2013 CAS and repoint MX records to use the new incoming route…..  However…..

Some testing has been a pain, as given that I’m having to use hosts files to prove this, EXRCA (https://testconnectivity.microsoft.com/) is not a lot of use in this situation.

I have attempted to test using a modified hosts file on client machines to prove that, when repointing these DNS records to the 2013 environment, everything will continue to work correctly and the 2013 CAS should proxy to 2010.

What does work:-
OWA – works regardless of whether the mailbox resides on 2010 or 2013 infrastructure.
AutoDiscover – appears to work (using Test E-Mail Auto Configuration by Ctrl + Right Click on the client tray icon) 
Internally, everything works for my 2010 based test users, whether pointed at the internal address for the Kemp CAS loadbalancing or the internet facing address that routes to the Kemp for CAS loadbalancing.  Myself and a couple of others on the 2013 environment also work whether pointed at the internal address for the Kemp CAS loadbalancing or the internet facing address that routes to the Kemp for CAS loadbalancing.
Externally, and therefore Outlook Anywhere, using hosts files it works for the 2013 based users and SOME 2010 based users.  

What doesn't work:-

Two of the four test users cannot connect when opening Outlook.  It just displays Disconnected.  
I have already proven that it is not a fault with the Kemp loadbalancer ESP settings, by pointing to the non-esp load balanced (internal load balance) address and setting a hosts entry for outlook1.domain.com (the 2010 CASarray address) to an unresolvable IP (128.0.0.1) which should force it to use Outlook Anywhere/RPC over HTTP(S).
Certificates all look good, it isn’t device specific (recreated mail profile and tried on other machines, which I can also get to work with another 2010 based account).
I have run Get-MailBoxUser |FL against both a working and non-working 2010 account (both of which reside on the same mailbox database) and compared them and nothing stands out that could be causing the problem.

Any/all advice appreciated!



Exchange 2003 to Exchange 2010 cross forest migration

$
0
0

what are the high level steps for a cross forest migration to incorporate an acquired 2003 org into 2010? need to also include message routing, ADMT, address book, connectors, trust, outlook behaviour/reconfiguration, autodiscover SPN, certificates etc etc

bullet points would be great...

users will still have their AD accounts on their original domains


***Don't forget to mark helpful or answer***

Is Exchange 2016 Calculator available yet?

$
0
0

Or can we still using 2013 calculator to size the environment for now?

Thanks.

Exchange Server EAC permissions

$
0
0
Hi we have a Custom Role for Helpdesk and they can perform all task as intended - one area having difficulty is when creating a contact or mail list, unable to browse Active Directory for relevant OU. Can anyone assist with this one ?

Yasar

sending to external bar.org domain changes to foo.local domain, how to fix??

$
0
0

We have people using Outlook 2013 to an Exchange 2013 server.

Their domain is @foo.org, and they do not have @foo.local email addresses.

Sometimes when they email to person@bar.org and only to @bar.org addresses, somewhere along the way, the @bar.org addresses get changed to @foo.local addresses and the mail does not go through b/c none of the people have @foo.local addresses nor do they have @foo.org addresses.

The NDR that we get shows the message was being tried to send to people who do not have @foo.local addresses, the NDR shows the intended @bar.org addresses got sent to @foo.local addresses, these people don't have @foo.local addresses.

Why is this happening?? How to fix it??

Is it caused by Outlook 2013?? (We don't think so.) 

Is something weird/funky in our Exchange 2013 server doing this??

I don't really know how to search this topic either...any suggestions??

This issue appears not to happen in OWA, why OWA works better than Outlook I have no idea. :) :)

Thank you, Tom



Access Denied when removing Stale ActiveSync Devices

$
0
0

We are starting to see a large number of stale devices in our organization.  I found a script online that exports all stale devices to a CSV, then the next script uses this list to remove them.  Everything works fine, but the final script errors our on each entry stating the following error:


Active Directory operation failed on (our E-mail Server). This error is not retriable. Additional information: Access
 is denied.
Active directory response: 00000005: SecErr: DSID-03152487, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
    + CategoryInfo          : InvalidOperation: (The stale device) [Remove-ActiveSy
   ncDevice], ADOperationException
    + FullyQualifiedErrorId : 8BE6740C,Microsoft.Exchange.Management.Tasks.RemoveMobileDevice


Clearly its stating it doesn't have the proper permissions, but I'm running this under the Domain Admin account which should have the rights to do everything.  I don't know where to being with this.  


Here are the scripts that we are running on this server:

$csvRows=@()
“==============================================================”
“Start Mailbox Retrieve”
“==============================================================”
$mbx = get-casmailbox -resultsize unlimited | where {$_.activesyncenabled -eq $true} ;
“==============================================================”
“End Mailbox Retrieve”
“==============================================================”
$mbx | foreach {
“Processing: “+$_.name
$name = $_.name;
$device = get-activesyncdevicestatistics -mailbox $_.identity | where {$_.LastSuccessSync -le (Get-Date).AddDays("-30")};
if($device){
foreach($dev in $device){
” Device: “+$dev.DeviceType
$csvRows += $dev
}
}
}
“==============================================================”
“Start CSV Write”
“==============================================================”
$csvRows | Export-Csv “c:\reports\staledevices.csv” -NoType
“==============================================================”
“End CSV Write”
“==============================================================”


And the second:


import-Csv .\staledevices.csv |foreach {remove-activesyncdevice -identity $_.guid -confirm:$false}


Viewing all 13303 articles
Browse latest View live


<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>