Hello,

We are currently in the process of migrating from Exchange 2007 to Exchange 2013, coexistence has been implemented and 20% of our mailboxes have been migrated.

In the past week or so I have had two occurrences where mailbox migration batches containing a high number of mailboxes with small mailbox size appear to have caused one or all of the Exchange 2013 servers to fall over. These batches are all started through PowerShell from a CSV containing mailbox primary email address and target database so as to target multiple databases at in a single batch:

New-MigrationBatch -Local -Name $BatchName -CSVData ([System.IO.File]::ReadAllBytes($CSV)) -BadItemLimit 100 -NotificationEmails $AdminEmail -AutoStart

In addition the concurrent mailbox move limit has been left at the default of 20, in both the occurences of this issue the batches contained target databases on 3 Exchange 2013 servers meaning as I understand it we can have up to 60 synchronisations in progress at any one time during the batch.

The initial occurrence of this was a migration batch of 408 users, all of whom have small mailboxes, so the entire batch totalled only 43GB. Roughly 2 hours after the batch had begun its initial sync our service desk began to receive reports of mail delay, following investigation it appeared that one of the three target servers had begun to get its submission queue backed up with messages unable to connect to target databases on that server in order to deliver the messages. Worrying that the migration batch was the cause we stopped the job and within about 15minutes everything had returned to normal. The batch was then deleted and split into 3 separate batches of roughly 130 users each based on target server and re-run in order to identify if this was an issue with the target server which had the problem, however all 3 completed without issue separately.

The second occurrence of the issue has however been far more severe, in this case the batch was 120 mailboxes (again all small totalling 17GB for the entire batch) as we had drawn the conclusion that smaller batches are were better following the previous issue. In this case roughly an hour following the start of the synchronisation all 3 target servers began to be unresponsive in varying degrees:

• Users on all three servers were disconnected from Outlook
• One would not load ECP, however this degraded to none loading ECP as time went on
• SMTP continued to process initially, however this gradually begin to fail on each server
• Exchange Management Shell would not load on two servers, the remaining server would hang processing any EMS commands
• One of the three would not accept any new RDP connections and the majority of applications would not run
• All three however showed no noticeable problems from a resource point of view, CPU and memory and disk latency were all normal.

From the experience of the previous issue the first thing to be done was to stop the suspected migration batch, however up until the point where ECP and EMS stopped functioning none of the move requests went into a stopping or suspended state, and in turn this had no corrective impact on the issue.

On the surface in initially appeared that IIS was unhappy on all three target servers, iisreset however had no impact.

We took the view that restarting the worst impacted server was the only course of action for that device, this reboot took a lot longer than normal but did restore connection to mailboxes on that server, as such the other more severely impacted server was also rebooted.

During these reboots the Exchange Search service was stopped on the least impacted server, this lead to EMS commands completing and a manual suspension of the move requests was done. This server however continued to be unable to offer any client connectivity or access to ECP. As such this ended up being rebooted once the others had returned.

I have concerns around this now as I am unable to track down why this issue happened. I'm of the suspicion that the number of frequent and concurrent move requests doing their initial sync on such small mailboxes is causing one of the transport services to go into a tailspin and take other services out along the way, that said no services crashed and there was no unusually high resource usage from any of the Exchange services during these events. I have been toying with the idea that it is may be related to indexing the mailboxes as the drop into a 'Synced' state, and the number of  indexing jobs running based on how quickly the mailboxes are syncing. Hence the delay in symptoms occurring after the batch is started and that stopping the Search Service seemed to somewhat alleviate some of the symptoms. If this were the case however I would have thought the noderunner.exe would have been chewing up CPU permanently, however it only appeared to be intermittently spiking up the resource tables during the course of the problems.

Is this likely to simply be a concurrency issue in move requests be it by the amount syncing at once or the amount sat open in total? Or is there something I'm missing here?

Thanks for any assistance anyone can offer.

Hi,

We've recently migrated our on-premise Exchange to Office 365 but we keep management of users in our on-premise Active directory and dirsynced the attribute changes to Office 365. As per Microsoft recommendation, an Exchange server with CAS and Mailbox role should still be on-premise to manage the Exchange attributes. I have two Exchange 2013 servers, one CAS and one Mailbox, I wanted to decommission the Mailbox role server so that I can reuse the storage.

Is it possible to uninstall the Mailbox role and then add the role in the existing Exchange CAS server?

Or, I'll just uninstall Exchange on the 2 servers and setup a new Exchange server with both CAS and Mailbox role?

Hello!

We are on an hybrid deployment with some users on Exchange 2013 on-premises and others on Exchange Online (Office 365 E3 plan). We have enabled photo sync (PhotosEnabled attribute) in the organization relationship, both on-premises and online, but while Exchange Online users can see all profile pictures, Exchange on-premises can see only on-premises pictures.

It also looks like that online users can see only a low resolution version of on-premises users' pictures.

Do you have any idea how to troubleshoot or fix this, please?

Hello, 

We recently moved our frontend server over to Exchange 2013. So now both internally and externally all mail traffic will flow through the new servre. After battling issue after issue I was able to get the new exchange environment working as it should. The only problem is that IMAP and POP3 logins do not work for 2013 mailboxes. It works fine for 2010 but not 2013. Here are the results from the testconnectivity website:

The IMAP service is being tested.
There was an error testing the IMAP service

Additional Details

Secured: CN=mail.domain.com, OU=Unified Communications, O=Companhy, POBox=United States, S...
S: * OK The Microsoft Exchange IMAP4 service is ready.
C: 1 CAPABILITY
S: * CAPABILITY IMAP4 IMAP4rev1 AUTH=PLAIN UIDPLUS CHILDREN IDLE NAMESPACE LITERAL+
1 OK CAPABILITY completed.
C: 2 LOGIN user <password>
S: 2 NO LOGIN failed.
C: 3 LIST "" *
S: 3 BAD Command received in Invalid state.

Microsoft.Exchange.Tools.ExRca.Tests.ImapPop.MailProtocolException: 3 BAD Command received in Invalid state.
at Microsoft.Exchange.Tools.ExRca.Tests.ImapPop.ImapProtocolTester.SendCommand(String command, String logString)
at Microsoft.Exchange.Tools.ExRca.Tests.ImapPop.BaseProtocolTest.PerformTestReally()
Elapsed Time: 1829 ms.

Here are my Get-ImapSettings from the mailbox server

The IMAP service is being tested.
	There was an error testing the IMAP service
	Additional Details   Secured: CN=mail.willowcreek.org, OU=Unified Communications, O=Willow Creek Community Church, POBox=United States, STREET=67 E Algonquin Road, L=South Barrington, S=IL, PostalCode=60010, C=US S: * OK The Microsoft Exchange IMAP4 service is ready. C: 1 CAPABILITY S: * CAPABILITY IMAP4 IMAP4rev1 AUTH=PLAIN UIDPLUS CHILDREN IDLE NAMESPACE LITERAL+ 1 OK CAPABILITY completed. C: 2 LOGIN ssimpson <password> S: 2 NO LOGIN failed. C: 3 LIST "" * S: 3 BAD Command received in Invalid state. Microsoft.Exchange.Tools.ExRca.Tests.ImapPop.MailProtocolException: 3 BAD Command received in Invalid state. at Microsoft.Exchange.Tools.ExRca.Tests.ImapPop.ImapProtocolTester.SendCommand(String command, String logString) at Microsoft.Exchange.Tools.ExRca.Tests.ImapPop.BaseProtocolTest.PerformTestReally() Elapsed Time: 1829 ms.

The IMAP service is being tested.
	There was an error testing the IMAP service
	Additional Details   Secured: CN=mail.willowcreek.org, OU=Unified Communications, O=Willow Creek Community Church, POBox=United States, STREET=67 E Algonquin Road, L=South Barrington, S=IL, PostalCode=60010, C=US S: * OK The Microsoft Exchange IMAP4 service is ready. C: 1 CAPABILITY S: * CAPABILITY IMAP4 IMAP4rev1 AUTH=PLAIN UIDPLUS CHILDREN IDLE NAMESPACE LITERAL+ 1 OK CAPABILITY completed. C: 2 LOGIN ssimpson <password> S: 2 NO LOGIN failed. C: 3 LIST "" * S: 3 BAD Command received in Invalid state. Microsoft.Exchange.Tools.ExRca.Tests.ImapPop.MailProtocolException: 3 BAD Command received in Invalid state. at Microsoft.Exchange.Tools.ExRca.Tests.ImapPop.ImapProtocolTester.SendCommand(String command, String logString) at Microsoft.Exchange.Tools.ExRca.Tests.ImapPop.BaseProtocolTest.PerformTestReally() Elapsed Time: 1829 ms.

Hi All,

Unable to find this issue anywhere else, please excuse if it's a duplicate of another issue.  

Basically, I have a new 2008 R2 server setup, added it to a domain, and want to install Exchange 2013 on this new server.  There are no Exchange servers anywhere on the domain.

The server is fully up to date, including .Net 4, and looking for updates results in zero new updates found.

When I run setup.exe for Exchange 2013, a command prompt appears for less than a second, then closes, then nothing else happens.

Did a fresh reboot before trying to install, and after waiting about 20 minutes to see if anything happened after the vanishing command prompt, rebooted again, tried again, same result.

There is nothing called Exchange anywhere on the server that I can find, no setup logs or anything, and I am totally stumped.

Thanks in advance for any advice.

Michael

Hello,

I cant find my solution that woks.

I have a fresh install of windows 2012R2 server.

I was installing exchange 2013 R1 on the server and i got the error:

Error:
The following error was generated when "$error.Clear();
          Install-ExchangeCertificate -WebSiteName "Exchange Back End" -services "IIS, POP, IMAP" -DomainController $RoleDomainController -InstallInTrustedRootCAIfSelfSigned $true
          if ($RoleIsDatacenter -ne $true -And $RoleIsPartnerHosted -ne $true)
          {
            Install-AuthCertificate -DomainController $RoleDomainController
          }
        " was run: "Could not grant Network Service access to the certificate with thumbprint 9A9744EF8A9251AF974C6D8C25466D602D08B82C because a cryptographic exception was thrown.".

I think the error has to do with a certicate??

I dont know.

Greetings,

Albert Koenders

Using Exchange 2013 (e2013), SP1.
Three locations.  (Let's say  Location-A, -B, and C.)
Each Location is an AD site, and physically "remote" from the others.
Each location will have one e2013 server,  each server running both CAS and Mailbox function.

The main location ( LOC-A) is where all external OWA and EAS will "enter" from the Internet, via a firewall.
The E2013 server there will "connect" (?) to the e2013 server for "this mailbox",...at any of the 3 locations.

What "special" configuration do we need on the 2 remote/other e2013 servers for OWA virtual directory (or similar).

It looked like it was working "out of the box".

Some users work OK, with no special changes to anything.

But some users have OWA in a "never ending wait" (browser appears to spin forever), 

and that might be due to a different Language at the other locations.

I guess Exchange knows how to "internally route" the OWA traffic from the LOC-A CAS to the LOC-B CAS.

(In Exchange 2007 we called this "Exchange CAS proxy" as I recall, but not sure that term is correct in e2013.)

Thanks.

==

I'm using Exchange 2010 Edge Transport in our organization that I've recently upgraded to Exchange 2013. I like Edge Transport - along with our spam filter it is an effective and simple way to send and receive external e-mail - and I don't want to get rid of it.  But it seems like it needs a 2010 Hub Transport server to interact with. 

Right now the only other Exchange 2010 Server I have left running in the organization is the one Hub Transport server that interacts with the Edge Server.  Is there a way to undeploy this server too and connect the Edge Server directly to one of the 2013 Mailbox Servers?  Or will this need to stay as part of the organization as a pair with Edge Transport?

I noticed mail flow was running just fine while the Hub Transport server was turned off.  So it seems like it's possible.  But I want to be able to undeploy it safely without hurting mail flow.  Are there any links or white papers that show how best do do this?

----------- Ron E Biggs Chief Tech Officer Entertainment Studios

hi guys,

recently I finished Exchange 2013 installation and i want to do migration from exchange 2010 sp3 to exchange 2013.

first off all when i want to migrate one of the test mailbox from 2010 database to 2013 database this error has appeared:

 Cannot open mailbox /o=First Organization/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/cn=EXC2013/cn=Microsoft System Attendant.

after that i open the adsiedit and look at this path in my organization but i couldn't find my exchange 2013 server.

guys everything is working so good, i mean i can send an receive internal and external mail but mailbox migration doesn't work.

what can i do?

I have just installed my first Exchange 2013 deployment.  Small single server install, no Edge Server.  Things seem to have gone pretty well.  I haven't enabled external mail yet but just wanted to do a bit of testing.  I can send test messages and log in via OWA just fine.

However, when I try to connect an Outlook client I get the message: "Outlook cannot log on.  Verify you are connected to the network.  The connection to Microsoft Exchange is unavailable."  I have an internal DNS record for autodiscover and the internal urls in Exchange.

Before I go much further, I will also add that I have not yet installed the cert.  So I do get the certificate error when setting up Outlook.  I think I read that without a valid cert install, Outlook will not connect to Exchange 2013.  Is that true?  I will be finishing things up and installing the cert soon.  Once I do that, do you suspect the above error message will go away?

Also, after the error above, the dialog box appears that lists the server name.  Instead of what I would consider a valid server name, the name shows up as 505ef3b4-5d84-458e-b084-53d45c532bf0@domain.com.  Is that normal?

Thanks for any clarification

We are in the process of migrating our company from Lotus Notes to Exchange 2013.  We installed Exchange with split permissions and I use my Account Operator to administer Exchange. We have calendars in Notes that are set up as Mail users for divisions to use as their "Shared Calendar" to put vacation time, hours, etc...  I wanted to create a Shared Mailbox in Exchange to be used at the "Shared Calendar". I tried to create the shared mailbox in the EAC, but I got access denied/insufficient rights.

I then added a new user to AD then went into the EAC and created the mailbox from the user I just created.  All is fine there.  The issue comes when I try to use the Powershell and run this command: 'Set-Mailbox -Identitydisproce.calendar@abc.org -Type Shared'.  I once again get the access denied/insufficient access error.  What roles/permissions need to be modified to be able to create a shared mailbox?

We have been having issue with our Exchange Server 2010's Transport Service failing due to a database corruption. I was hoping that maybe applying the Roll-up 7 for Exchange might fix this issue, however after applying the patch we are unable to start the MSExchangeMailboxAssistants "Error 1053: The service did not respond to the start or control request in a timely fashion."Then I notice that we were unable to connect to the Management Console or through PowerShell. 

Event 1000, Application Error

Faulting application name: MSExchangeMailboxAssistants.exe, version: 14.3.210.2, time stamp: 0x53e2bf34
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18409, time stamp: 0x5315a05a
Exception code: 0xe0434f4d
Fault offset: 0x000000000000940d
Faulting process id: 0x%9
Faulting application start time: 0x%10

Faulting application path: %11

Faulting module path: %12

Report Id: %13

PowerShell error:

I have been reading a bunch of links on setting up a Windows 2012 R2 server to house Exchange Server standard 2013.   My company is small  <100 mailboxes.  My thought was to have two disk volumes.  Let's call them C: and D:.  I was planning on installing the operating system on the C: drive and all of the Exchange system on the D: drive (configured as a Raid 10 drive).  Does this make sense or should I be doing something else.

TIA for ideas.

Bob

I migrated all functions and mailboxes to a new Exchange 2013 server with all updates.

I further installed a public SSL certificate. Access seemed fine to all mailboxes.

I clicked on the gear button for all options and some of them return with a page 500 error:

Here are the ones not working:

Set automatic replies:
https://my server/ecp/?rfr=owa&owaparam=modurl%3D0&p=organize/AutomaticReplies.slab

Manage apps:
https://myserver/ecp/?rfr=owa&owaparam=modurl%3D0&p=installed

Change password:
https://myserver/ecp/?rfr=owa&owaparam=modurl%3D0&p=PersonalSettings/Password.aspx

Options:
https://myserver/ecp/?rfr=owa&owaparam=modurl%3D0&p=account

They seem to go to the virtual directory ecp. I checked the virtual directory settings and the External is set correctly to the outside URL (https://myserver/ecp) and the internal is set to an internal URL (https://servername/ecp). Not sure if they both should have the external settings.

Not sure what is going on. I did notice when I setup the SSL cert I choose domains pointing to my external URL of m1.myserver.domain.  I checked the subject alternate domains of the certificate and the only one there is the m1.myserver.domain. The autodiscovery.myserver.com is not listed. Not sure if this is an impact. Also the certificate is setup to use   IMAP, POP, IIS, SMTP. Please advise.

Hello Forum

We have two Exchange servers coexisting together. A new 2013 and a old 2010.

Everything was setup with the help of the Exchange Deployment Assistant.

I have had alot of trouble with Outlook 2013 Prompting for credentials on Exchange 2013 Mailboxes. None of the 2010 Mailboxes expericence this popup.

I solved most of the popup issues with this by changing the ExternalClientAuthenticationMethod to ntlm.(from negotiate)
http://blog.gothamtg.com/2013/10/15/users-constantly-prompted-for-credentials-after-being-migrated-to-exchange-2013/

and installing this update for Outlook:
http://support2.microsoft.com/kb/2899504/en-us

Now 2013 Mailboxes Work without any anoying popups. Except when they try to open another users mailbox that is located on the old 2010 server or a shared 2010 calander.

The connection to Exchange 2010 is working if I input the users password, but should it not work without this popup too?

This connections name acording to Outlook is called: Exchange-Mail RPC/HTTP (remote [NTLM])

We use the same domain for external and internal autodiscover connections.
Test Exchange Connectivity Analyzer shows everything ok.

If i run

get-outlookanywhere | fl *external*

(2013 server)

ExternalHostname                   : webmail.domain.com
ExternalClientAuthenticationMethod : Ntlm
ExternalClientsRequireSsl          : True

(2010 server)
ExternalHostname                   : webmail.domain.com
ExternalClientAuthenticationMethod : Basic
ExternalClientsRequireSsl          : True  

Only one thing I am wondering here is. If I change my old 2010 Auth Method to NTLM if that will break anything i OWA and so on.

What do you Guys have setup in your environments and can you point me towards any troubleshooting?

Thanks!

Followed https://technet.microsoft.com/en-us/library/ee861103(v=exchg.150).aspx to move mailboxes cross-forest between 2 EX2013 servers. Pull migration.

The moves pause for several hours at 99%, and ultimately complete with CompleteWithWarning status. So far, it happens every time. Occurs even with mailboxes created and immediately moved, so it is not a problem with specific, perhaps corrupt mailboxes.

Get-MailboxStatistics -IncludeMoveReport tells me this:

Warning: Unable to update Active Directory information for the source mailbox at the end of the move. Error details: Not connected.

There's a bi-directional forest & domain trust that appears to be working, cross-forest DNS works, and it's able to "connect" to AD in the remote forest for purposes of moving the mailbox, so I'm not sure why it's finding it's "Not connected" when it cleans up at the end.

After the move request goes from 99% to 100% (after a lengthy timeout), the source mailbox still exists, and both source and destination mailboxes can be logged on to. My understanding is that the user account in the source forest should be converted to a mail-enabled user.

I'm OK with troubleshooting and solving this if it's fast. But I'm also OK with writing a PowerShell script to post-process the user account in the source forest to get over the hurdle, since this is a one-time process...the source forest will ultimately go away.

So I'm guessing the script will be as simple as--

Disable-Mailbox someuser@domain.local

Enable-MailUser someuser@domain.local

Also, I'm not clear on whether this is relevant to the MEU, but inbound SMTP will continue to go to the source mail server until migration is complete, so the source server needs to redirect mail for moved mailboxes to the destination server. Both servers have the same external domain. I'm thinking this ends up being handled by a Transport Rule I can create in the same script, so the internal, secondary SMTP address stamped on the mailbox by Email Address Policies should do the job. But if there's something I need to include in Enable-MailUser, please advise.

Greetings!  We currently have an Exchange 2010 on prem environment and I have been tasked with getting us into a hybrid state with O365.  We already have the tenet portions set up, AD Sync working, etc.  My initial thought was to just use our existing Exchange 2010 servers for the hybrid role, however, upon research it appears that standing up new Exchange 2013 servers specifically as hybrid servers is the suggested route.

My main goal is to do this hybrid deployment with as little impact and change to our environment (and thus user impact) as possible.  From what I have read, I will have to change the autodiscover and ews records to point to the new Exchange 2013 servers.  Is it also the case that I will have to redirect OWA to the Exchange 2013 servers?  Is there any way to deploy Exchange 2013 hybrid servers in a way that I do not have to change owa, autodiscover, etc? 

Thanks in advance!

Hi everyone,

I have a single Exchange 2007 VM as well as 4 x Exchange 2013 SP1  servers in a single organisation. Exchange 2013 SP1 servers are also VM's, with 2 x CAS and 2 x MBX and a single DAG. All of these existing servers use a single namespace for CAS services of mail.domain.com. In public and internal DNS that name resolves to the IP address of the Exchange 2013 DAG IP.

I'm replacing the above 5 VM's with 4 physical servers running 2013 CU7. In the architecture I'm using IIS Application Request Routing (ARR) as a clustered load balancer and reverse proxy. This will be used for all HTTP(S) traffic. (OWA, RPC/HTTPS, OAB, Autodiscover etc.).

e.g. oa.domain.com (Outlook Anywhere), outlook.domain.com (OWA), oab.domain.com etc. A key point in this design is that Outlook Anywhere will go via the reverse proxy / load balancer,including internal traffic.

The new Exchange 2013 servers are in place, as is the load balancer / RP, databases created etc. At the minute the virtual directories for the new servers have their URL's / Hostnames set to the Exchange 2007 / existing Exchange 2013 single namespace. So Outlook Anywhere, OWA, ECP, OAB etc. all have their URL's / Hostnames pointing to mail.domain.com (which resolves to the DAG IP of the current / legacy Exchange 2013 environment).

The next steps are to get the CAS traffic flowing over the new Exchange servers - which is a case of setting the virtual directories for the relevant services to point to the new per-protocol namespaces. So I'll set OWA to usehttps://outlook.domain.com/OWA.

My question is.... Do I do this ONLY for the new Exchange servers, or should I also update the URL's that the existing Exchange 2013 / 2007 servers use? For example:

Current Settings

Old Exchange 2013 Server 1
External OWA Virtual Directory: https://mail.domain.com/OWA

Old Exchange 2007 Server:
External OWA Virtual Directory: https://mail.domain.com/OWA

New Exchange 2013 Server 1:
External OWA Virtual Directory: https://mail.domain.com/OWA

New Setting

External OWA Virtual Directory: https://outlook.domain.com/OWA

Question

I need to set the NEW Exchange 2013 servers External URL for the OWA Virtual Directory to behttps://outlook.domain.com/OWA. But do I need to set this on the existing / legacy Exchange 2007 and Exchange 2013 Servers also? Or do I leave them, migrate the databases and then decommission the servers in due course without worrying about updating the URL's and hostnames on them?

In particular, what do I do about Outlook Anywhere? Again, I need to update the Internal and External Hostnames for the RPC Virtual Directory to point to the new name - oa.domain.com - but do I set this only on the NEW servers, or on all servers?

Any help greatly appreciated.

Big thanks in advance!

Steve

Hi Everyone,

I'm hoping others on this forum have some thoughts on whether it is worthwhile deploying only the Exchange 2013 CAS role for the purposes of SMTP relay.

When using Exchange Online, most guides suggest installing the IIS virtual SMTP component in an environment if SMTP relay is required. This is simple enough, however Microsofts future plans for IIS vSMTP look uncertain.

So my question is, has anyone deployed only the Exchange 2013 CAS role in an environment solely for the purposes of SMTP relay?
One pitfall I'm thinking about is the autodiscover service. Once the CAS role is installed an AD SCP is created, so this could cause potential problems.

I'm not concerned about having to extend the AD schema, or the cost. It's the other technical bits :)

cheers!