Hi All,

I am in middle of Exchange 2003 to 2010 migration. The exchange 2010 installation has been completed with legacy permission and all mailboxes are showing in exchange 2010. I am facing some issues which are getting hurdles for migrating mailboxes from exchange 2003 to 2010.

• I am unable to telnet exchange 2010 server on port 25 from local server and getting error "Service is not available.......Connection to the host lost" even not from any computer on the network.
• I am able to login on exchange 2010 server through OWA but when try to connect OWA from other computer on the network it gives error message that "page cannot displayed"
• The email flow from Exchange 2010 --->2003---->Internet (external email) is working fine no issue but unable to send email from exchange 2003 ---> 2010. Email get stuck in exchange 2003 queue and shows error similar like "remote computer unable to connect"

On exchange server having GFI mail essential which fetch emails from mail server.

I have read many blog and post but unable to resolve my issue.

Kindly guide that what I am missing ?

Thanks in advance.

Not sure why autodiscover is getting 401 unauthorized.

Edit: Not working on BOTH mac and windows. Already tried resetting Virtual Directory. Authentication settings are Anonymous, Basic, and Windows.

FYI- it's using port 80 instead of 443 because we are offloading SSL with a load balancer as per http://social.technet.microsoft.com/wiki/contents/articles/1267.how-to-configure-ssl-offloading-in-exchange-2010.aspx

Call me crazy, but it looks like in the first 2 requests it's not sending the username?

From IIS Logs:

2013-08-31 18:26:44 xx.16.192.70 POST /autodiscover/autodiscover.xml - 80 - xx.16.192.11 MacOutlook/14.3.2.130206+(Intel+Mac+OS+X+10.8.3) 401 0 0 4648
2013-08-31 18:26:45 xx.16.192.70 POST /autodiscover/autodiscover.xml - 80 - xx.16.192.11 MacOutlook/14.3.2.130206+(Intel+Mac+OS+X+10.8.3) 401 1 2148074254 46
2013-08-31 18:26:49 xx.16.192.70 GET / - 80 - xx.16.192.10 - 302 0 0 0
2013-08-31 18:26:49 xx.16.192.70 POST /autodiscover/autodiscover.xml - 80 MYDOMAIN\john-admin xx.16.192.11 MacOutlook/14.3.2.130206+(Intel+Mac+OS+X+10.8.3) 200 0 0 4664

From IIS Trace Logs:
ModuleName: ManagedPipelineHandler
Notification:128
HttpStatus: 401
HttpReason: Unauthorized
HttpSubStatus: 0
ErrorCode: 0
ConfigExceptionInfo
Notification: EXECUTE_REQUEST_HANDLER
ErrorCode:The operation completed successfully. (0x0)


ModuleName: WindowsAuthenticationModule
Notification: 2
HttpStatus: 401
HttpReason: Unauthorized
HttpSubStatus: 1
ErrorCode: 2148074254
ConfigExceptionInfo
Notification:AUTHENTICATE_REQUEST
ErrorCode: No credentials are available in the security package (0x8009030e)


ModuleName: WindowsAuthenticationModule
Notification: 2
HttpStatus: 401
HttpReason: Unauthorized
HttpSubStatus: 1
ErrorCode: 2148074254
ConfigExceptionInfo
Notification: AUTHENTICATE_REQUEST
ErrorCode: No credentials are available in the security package (0x8009030e)

We currently have our main Exchange servers in Germany, but have multiple locations in the United States.  We have MPLS connections to Germany, but they are fairly slow, and we have other traffic besides Exchange on these connections.  

When setting up a new computer for a user in the US, it takes multiple days for Outlook to copy the mail down for the first time setup (and with the speed, we definitely want the local cache).

I was thinking it may improve performance by setting up a server at the main location in the United States.  I'm assuming we can configure exchange to forward all incoming mail for the US accounts would from the German Exchange server to US server.

Would this be a recommended setup?  Any suggestions for best practices or making this as efficient as possible?

Thank you!

--Kent

I have a virtual test network with Windows Server 2008r2 consisting of 1 dc, 2 mail servers with Exchange server 2010 and 2 workstations windows 7.  The test network email runs great with mail1 on line.  I added a second mail2 to do some testing.  It is recognised in the console.  In testing, if I shut down mail1 the user accounts on the workstations lose email connectivity.

How do I get the second server to pick up the email services for the network.  All are on the same subnet. My goal is to do the testing on the test network before installing a second mail server on my production network.  I also want to install a DAG on the production network, but thats another step.

John Inman

Hi All,

I am having issues updating my install of Exchange 2013 CU1, it fails every time at the Mailbox Service install point.

And now the install of Exchange 2013 is broken.

The error is below.

   Mailbox role: Mailbox service                                                                    FAILED
     The following error was generated when "$error.Clear();
            if ($RoleIsDatacenter -ne $true -and $RoleIsDatacenterDedicated -ne $true)
            {
if (Test-ExchangeServersWriteAccess -DomainController $RoleDomainController -ErrorAction SilentlyContinue)
{
$sysMbx = $null;
$name = "SystemMailbox{bb558c35-97f1-4cb9-8ff7-d53741dc928c}";
$dispName = "Microsoft Exchange";
Write-ExchangeSetupLog -Info ("Retrieving mailboxes with Name=$name.");
$mbxs = @(Get-Mailbox -Arbitration -Filter {name -eq $name} -IgnoreDefaultScope -ResultSize 1 );
if ($mbxs.Length -eq 0)
{
Write-ExchangeSetupLog -Info ("Retrieving mailbox databases on Server=$RoleFqdnOrName.");
$dbs = @(Get-MailboxDatabase -Server:$RoleFqdnOrName -DomainController $RoleDomainController);
if ($dbs.Length -ne 0)
{
Write-ExchangeSetupLog -Info ("Retrieving users with Name=$name.");
$arbUsers = @(Get-User -Filter {name -eq $name} -IgnoreDefaultScope -ResultSize 1);
if ($arbUsers.Length -ne 0)
{
Write-ExchangeSetupLog -Info ("Enabling mailbox $name.");
$sysMbx = Enable-Mailbox -Arbitration -Identity $arbUsers[0] -DisplayName $dispName -database $dbs[0].Identity;
}
}
}
else
{
if ($mbxs[0].DisplayName -ne $dispName )
{
Write-ExchangeSetupLog -Info ("Setting DisplayName=$dispName.");
Set-Mailbox -Arbitration -Identity $mbxs[0] -DisplayName $dispName -Force;
}
$sysMbx = $mbxs[0];
}

# Set the Organization Capabilities needed for this mailbox
if ($sysMbx -ne $null)
{
# We need 1 GB for uploading large OAB files to the organization mailbox
Write-ExchangeSetupLog -Info ("Setting mailbox properties.");
set-mailbox -Arbitration -identity $sysMbx -UMGrammar:$true -OABGen:$true -GMGen:$true -ClientExtensions:$true -MailRouting:$true -MessageTracking:$true -MaxSendSize 1GB -Force;
}
else
{
Write-ExchangeSetupLog -Info ("Cannot find arbitration mailbox with name=$name.");
}
}
else
{
Write-ExchangeSetupLog -Info "Skipping creating E15 System Mailbox because of insufficient permission."
}
            }
        " was run: "There cannot be more than one Organization Mailbox with the 'ClientExtensions' capability.".

I am not sure how to check what other mailboxes have this capability and how to change it.

The network has another Exchange server version 2010 running, and they were running fine together until this update.

There used to be an Exchange 2003 server, but this was removed before installation of 2013 began.

Luckily I was in the process of upgrading to 2013 so all the mailboxes are still on 2010.

Thanks,

-Tim

Hi I have tried to upgrade Exchange 2010 to Exchange 2013 in my lab environment.
I have Exchange 2010 organization, a DC HubCas EdgeServer and MBX1, all mail flow and everything working fine. I went through the process according to the technet defined at, http://technet.microsoft.com/enus/library/bb124350(v=exchg.150).aspx.
1. First I installed Exchange 2010 SP3 on HubCas EdgeServer and MBX1  
2. Completed the pre requisits for Domain Controller
3. Ran the setup /ps setup /PrepareAD and setup /PD on Domain Controller through CU1 setup
4. Installed Windows Server 2008 R2 and completed all the pre requisits for Exchange 2013 on this new fresh server Ex2013
5. Successfully ran and completed the CU1 setup on Ex2013, installing both Mailbox and CAS role

but after all these steps I am unable to connect EMS or EAC on Ex2013
Get-ExchangeServer on MBX1 dosnt shows this new Ex2013 Server
and also there is no exchange installation showed in Ex2013 control panel programes 

Please advise me where I am gone wrong because I have to deploy it in production after successful testing

Virgo

Hi,

Exchange Version: Exchange 2013 CU2

Im trying to import our public Wildcard Certificate onto our two new Exchange 2013 CAS servers (this is a clean demo environment which has never had any other version of Exchange installed).

When I try to access OWA and ECP I get the below message:

Any ideas? I found some articles buit they are related to certificates assigned by a private PKI.

Server Error in '/owa' Application.

---

Invalid provider type specified.

Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.            

Exception Details: System.Security.Cryptography.CryptographicException: Invalid provider type specified.


Source Error:

[CryptographicException: Invalid provider type specified.
]
   System.Security.Cryptography.Utils.CreateProvHandle(CspParameters parameters, Boolean randomKeyContainer) +5598202
   System.Security.Cryptography.Utils.GetKeyPairHelper(CspAlgorithmType keyType, CspParameters parameters, Boolean randomKeyContainer, Int32 dwKeySize, SafeProvHandle& safeProvHandle, SafeKeyHandle& safeKeyHandle) +138
   System.Security.Cryptography.RSACryptoServiceProvider.GetKeyPair() +221
   System.Security.Cryptography.X509Certificates.X509Certificate2.get_PrivateKey() +516
   Microsoft.Exchange.HttpProxy.FbaModule.ParseCadataCookies(HttpApplication httpApplication) +1222
   Microsoft.Exchange.HttpProxy.FbaModule.OnBeginRequestInternal(HttpApplication httpApplication) +254
   Microsoft.Exchange.HttpProxy.<>c__DisplayClass8.<OnBeginRequest>b__7() +1539
   Microsoft.Exchange.Common.IL.ILUtil.DoTryFilterCatch(TryDelegate tryDelegate, FilterDelegate filterDelegate, CatchDelegate catchDelegate) +40
   Microsoft.Exchange.HttpProxy.Diagnostics.SendWatsonReportOnUnhandledException(MethodDelegate methodDelegate) +408
   System.Web.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +80
   System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +165

Hello!

I have a following situation:

2013 DAG group, 2 mailbox servers (MB2013_1 and _2) + 2 CAS servers (CAS2013_1 and _2)

2010 stand-alone mailbox server (MB2010) + CAS server (CAS2010)

in co-existence mode.

I've created a database on 2013 and put it on both MB servers.

I've started a migration batch for 48 users from 2010 database to 2013 database.

7 Users were migrated successfully, then a disaster happened /power offline/ and server with one of 2013 mailboxes (MB2013_1), one of 2013 CAS (CAS2013_2)  and 2010 mailbox and CAS went down.

After it was brought up I've restored database on MB2013_1 from MB2013_2 (it was corrupted on MB2013_1).

Batch, obviously, failed with an error.  For four users migration was not finalized, but was in process (7 users were Finalized).

I've deleted the batch and created new one for remaining 41 users.

It's still "Syncing" (for 2+ days) with Synced/Finalized/Failed = 0.

Database state is "Active Mounted" and Index is heathy.

Why mailboxes are not being migrated from 2010 database to 2013?

Thank you in advance!

I am in the process of integrating an Exchange Server 2013 server with my Server 2012 Essentials server, and I have a question about some information the Exchange 2013 Deployment Assistant is asking me about my organization.

I have a Server 2012 Essentials server named ESSENTIALS, my active directory domain is MYDOMAIN.LOCAL, and my external name for this server is REMOTE.MYDOMAIN.COM.

I have a second Server 2012 Standard server named EXCHANGE, it is joined as a member server to the MYDOMAIN.LOCAL domain, and it will have an external name of MAIL.MYDOMAIN.COM.  I am in the process of installing Exchange 2013 on this server using the Deployment Assistant.

The Exchange 2013 Deployment Assistant is asking me some information about my organization, and I am not certain how to answer these questions.  Specifically, it is asking me for:

- Active Directory forest root --> I assume it is MYDOMAIN.LOCAL

- External Exchange 2013 FQDN for the following services:

• Outlook Anywhere
• Offline Address Book
• Exchange Web Services (EWS)
• Exchange ActiveSync --> I assume this will be MAIL.MYDOMAIN.COM

- Internal Exchange 2013 FQDN for the following services:

• Outlook Anywhere
• Offline Address Book
• Remote PowerShell
• Exchange Web Services (EWS)
• Exchange ActiveSync

           Internal URL different than external URL   --> I assume this also will be MAIL.MYDOMAIN.COM  because the guide I am reading says"If you need to configure virtual directories, we recommend that you also set the InternalUrl property to be the same URL as the ExternalUrl property for each virtual directory"

- External Exchange 2013 FQDN for the following services:

• Outlook Web App
• ECP (Exchange Admin Center) --> I assume this will be MAIL.MYDOMAIN.COM

- Internal Exchange 2013 FQDN for the following services:

• Outlook Web App
• ECP (Exchange Admin Center)

           Internal URL different than external URL   --> I assume this also will be MAIL.MYDOMAIN.COM  because the guide I am reading says"If you need to configure virtual directories, we recommend that you also set the InternalUrl property to be the same URL as the ExternalUrl property for each virtual directory"

- Autodiscover FQDN --> I assume this will be AUTODISCOVER.MYDOMAIN.COM  

- Primary SMTP namespace --> I assume this will be MYDOMAIN.COM  

- User principal name domain --> I assume this will be MYDOMAIN.COM  

If anyone that has successfully integrated Exchange Server 2013 with Server 2012 Essentials has any recommendations on any of these answers asked by the Exchange 2013 Deployment Assistant about my organization, your help and advice would be greatly appreciated.

Thank-you!

Tony Paletti

Tony Paletti PCMD Computer Service, LLC. Milwaukee, WI 53214 (414) 475-5777 tony@pcmdusa.com

We currently do not use an Edge transport server and are having trouble with greylisting mail-recipient-servers and emails not being delivered.

I am to modify a setting called QueueGlitchRetryInterval. But it seems the behaviour is managed in the Edge transport config-file but since we are not using edge transport this file is probably not even used???

How to solve this?

I am in the middle of migrating from Exchange 2010 to 2013 but having some problems migrating public folders, but because I only got a few, I decided to move them by PST – but now I am not able to create the public folder mailbox on the 2013 server.

new-Mailbox -PublicFolder -Name PFMailbox  

returns ->

An existing Public Folder deployment has been detected. To migrate existing Public Folder data, create new Public Folder mailbox using -HoldForMigration switch.

I can create the PF if I use the switch but the I cannot create any folders

No active public folder mailboxes were found. This happens when no public folder mailboxes are provisioned or they are provisioned in 'HoldForMigration' mode. If you're not currently performing a migration, create a public folder mailbox.

Get-OrganizationConfig | fl PublicFoldersLockedforMigration -> PublicFolderMigrationComplete  : False

Thank you in advance

Hi all,

I have a fresh installation of Exchange 2013 CU2 with a seperate Mailbox Server and Client Access server.

The EMS and ECP work fine but as soon as I start OWA with a mail enabled account I get the "something went wrong" message.

The event logs don't show anything relevant.

Are there any other logs or troubleshooting I can do for this error?

Cheers!

Hi,

I want to setup a new Microsoft CRM environment and I have license key for Microsoft CRM 4.0 Enterprise.

Can I install the latest Microsoft CRM with the same serial key or should I buy a new one ?

Regards

Karthik

Hello,

I have strange problem with my fresh Exchange 2013 Multi-tenant setup (Cu1), the public folder doesn't appear in Outlook 2013 and Outlook 2010 (not a problem with Ctrl+6) but I can see it in Outlook 2007 and with OWA perfectly. I use autodiscover and testexchangeconnectivity.com tell me that all my config is all-right.

Help will be much appreciate !

Thanks.

Our setup before we applied Rollup 7:

Exchange 2010, SP2 Update Rollup 6 running on all servers.

2 Mailbox servers w/ DAG

3 CAS/HUB Servers using a hardware load balancer

No problems prior to the Rollup 7 installation.

The Rollup went fine on 4 out of the 5 Exchange Servers. On the 5th server, however, there are problems. The first time I tried to install RU7 it was about 5 hours in when I cancelled it. So I tried again and the install has been running for 13 hours and it appears to be only about 40% complete. The progress bar has been stuck in the same spot for nearly all of that time. Per an article I found on Susan Bradley site (SBS Diva) I had verified that "Check for publisher's certificate revocation" was disabled in IE prior to the start of the install.

I have seen Service Packs take a long time in the past and I have Rollup Updates take a long time too, but this is taking a very long time.

Anyone else  observing this issue with this latest Update Rollup for Exch10, SP2?

Thanks.

After applying the latest available updates to my Exchange 2010 server (all roles on the same server), I experienced many problems with all Exchange services.  Finally got everything working after applying SP3 and Rollup 2.  However, I still can't access EMC or EMS.  I've tried every fix posted on the net, including the Kerberos settings, authentication settings, removing/creating the Powershell virtual directory, etc.  OWA and Activesync appear to be working well.  The problem I am having is related to the powershell assembly microsoft.exchange.configuration.redirectionmodule, which won't load.  Note that I have checked redirection on the default website and redirection is NOT enabled.  Also, SSL is NOT enabled on the powershell virtual directory.

Note that all references to the server name have been changed for security purposes.

The error I get from the EMC is:
Connecting to remove server failed with the following error message: The WinRM client cannot process the request.  It cannot determine the content type of the HTTP response from the destination computer.  The content type is absent or invalid.  It was running the command 'Discover-ExchangeServer -UseWIA $true -SuppressError $true -CurrentVersion 'Version 14.3 (Build 123.4)"

When I try to browse to the path http:\\localhost\powershell I get this error:

Configuration Error

Line 40:     <compilation debug="true">
Line 41:       <assemblies>Line 42:         <add assembly="Microsoft.Exchange.Configuration.RedirectionModule, Version=14.0.0.0, Culture=neutral, publicKeyToken=31bf3856ad364e35" />Line 43:         <add assembly="Microsoft.Exchange.Configuration.CertificateAuth, Version=14.0.0.0, Culture=neutral, publicKeyToken=31bf3856ad364e35" />
Line 44:         <add assembly="Microsoft.Exchange.Data, Version=14.0.0.0, Culture=neutral, publicKeyToken=31bf3856ad364e35" />

Log Name:      Application
Source:        ASP.NET 2.0.50727.0
Date:          9/3/2013 9:37:14 AM
Event ID:      1310
Task Category: Web Event
Level:         Warning
Keywords:      Classic
User:          N/A
Computer:      email.internal.domain
Description:
Event code: 3008
Event message: A configuration error has occurred.
Event time: 9/3/2013 9:37:14 AM
Event time (UTC): 9/3/2013 2:37:14 PM
Event ID: 431f044ca41840608befc3b349f74463
Event sequence: 1
Event occurrence: 1
Event detail code: 0
 
Application information:
    Application domain: /LM/W3SVC/1/ROOT/Powershell-5-130226926347440719
    Trust level: Full
    Application Virtual Path: /Powershell
    Application Path: C:\Program Files\Microsoft\Exchange Server\V14\ClientAccess\PowerShell\
    Machine name: EMAILVM1
 
Process information:
    Process ID: 4404
    Process name: w3wp.exe
    Account name: NT AUTHORITY\SYSTEM
 
Exception information:
    Exception type: ConfigurationErrorsException
    Exception message: Could not load file or assembly 'Microsoft.Exchange.Configuration.RedirectionModule, Version=14.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35' or one of its dependencies. The system cannot find the file specified. (C:\Program Files\Microsoft\Exchange Server\V14\ClientAccess\PowerShell\web.config line 42)
 
Request information:
    Request URL: http://email.internal.domain/powershell?serializationLevel=Full;ExchClientVer=14.3.123.4;clientApplication=EMC;PSVersion=2.0
    Request path: /powershell
    User host address: ::1
    User: 
    Is authenticated: False
    Authentication Type: 
    Thread account name: NT AUTHORITY\SYSTEM
 
Thread information:
    Thread ID: 1
    Thread account name: NT AUTHORITY\SYSTEM
    Is impersonating: False
    Stack trace:    at System.Web.Configuration.ConfigUtil.GetType(String typeName, String propertyName, ConfigurationElement configElement, XmlNode node, Boolean checkAptcaBit, Boolean ignoreCase)
   at System.Web.Configuration.Common.ModulesEntry..ctor(String name, String typeName, String propertyName, ConfigurationElement configElement)
   at System.Web.HttpApplication.BuildIntegratedModuleCollection(List`1 moduleList)
   at System.Web.HttpApplication.GetModuleCollection(IntPtr appContext)
   at System.Web.HttpApplication.RegisterEventSubscriptionsWithIIS(IntPtr appContext, HttpContext context, MethodInfo[] handlers)
   at System.Web.HttpApplication.InitSpecial(HttpApplicationState state, MethodInfo[] handlers, IntPtr appContext, HttpContext context)
   at System.Web.HttpApplicationFactory.GetSpecialApplicationInstance(IntPtr appContext, HttpContext context)
   at System.Web.Hosting.PipelineRuntime.InitializeApplication(IntPtr appContext)
 
 
Custom event details:

Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="ASP.NET 2.0.50727.0" />
    <EventID Qualifiers="32768">1310</EventID>
    <Level>3</Level>
    <Task>3</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2013-09-03T14:37:14.000000000Z" />
    <EventRecordID>262884</EventRecordID>
    <Channel>Application</Channel>
    <Computer>email.internal.domain</Computer>
    <Security />
  </System>
  <EventData>
    <Data>3008</Data>
    <Data>A configuration error has occurred.</Data>
    <Data>9/3/2013 9:37:14 AM</Data>
    <Data>9/3/2013 2:37:14 PM</Data>
    <Data>431f044ca41840608befc3b349f74463</Data>
    <Data>1</Data>
    <Data>1</Data>
    <Data>0</Data>
    <Data>/LM/W3SVC/1/ROOT/Powershell-5-130226926347440719</Data>
    <Data>Full</Data>
    <Data>/Powershell</Data>
    <Data>C:\Program Files\Microsoft\Exchange Server\V14\ClientAccess\PowerShell\</Data>
    <Data>EMAILVM1</Data>
    <Data>
    </Data>
    <Data>4404</Data>
    <Data>w3wp.exe</Data>
    <Data>NT AUTHORITY\SYSTEM</Data>
    <Data>ConfigurationErrorsException</Data>
    <Data>Could not load file or assembly 'Microsoft.Exchange.Configuration.RedirectionModule, Version=14.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35' or one of its dependencies. The system cannot find the file specified. (C:\Program Files\Microsoft\Exchange Server\V14\ClientAccess\PowerShell\web.config line 42)</Data>
    <Data>http://email.internal.domain/powershell?serializationLevel=Full;ExchClientVer=14.3.123.4;clientApplication=EMC;PSVersion=2.0</Data>
    <Data>/powershell</Data>
    <Data>::1</Data>
    <Data>
    </Data>
    <Data>False</Data>
    <Data>
    </Data>
    <Data>NT AUTHORITY\SYSTEM</Data>
    <Data>1</Data>
    <Data>NT AUTHORITY\SYSTEM</Data>
    <Data>False</Data>
    <Data>   at System.Web.Configuration.ConfigUtil.GetType(String typeName, String propertyName, ConfigurationElement configElement, XmlNode node, Boolean checkAptcaBit, Boolean ignoreCase)
   at System.Web.Configuration.Common.ModulesEntry..ctor(String name, String typeName, String propertyName, ConfigurationElement configElement)
   at System.Web.HttpApplication.BuildIntegratedModuleCollection(List`1 moduleList)
   at System.Web.HttpApplication.GetModuleCollection(IntPtr appContext)
   at System.Web.HttpApplication.RegisterEventSubscriptionsWithIIS(IntPtr appContext, HttpContext context, MethodInfo[] handlers)
   at System.Web.HttpApplication.InitSpecial(HttpApplicationState state, MethodInfo[] handlers, IntPtr appContext, HttpContext context)
   at System.Web.HttpApplicationFactory.GetSpecialApplicationInstance(IntPtr appContext, HttpContext context)
   at System.Web.Hosting.PipelineRuntime.InitializeApplication(IntPtr appContext)
</Data>
  </EventData>
</Event>

Also, the following error is logged to the Windows Remote Management log:
Log Name:      Microsoft-Windows-WinRM/Operational
Source:        Microsoft-Windows-WinRM
Date:          9/3/2013 9:37:15 AM
Event ID:      142
Task Category: Response handling
Level:         Error
Keywords:      Client
User:          TEKRA\administrator
Computer:      email.internal.domain
Description:
WSMan operation CreateShell failed, error code 2150858999
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-WinRM" Guid="{A7975C8F-AC13-49F1-87DA-5A984A4AB417}" />
    <EventID>142</EventID>
    <Version>0</Version>
    <Level>2</Level>
    <Task>10</Task>
    <Opcode>2</Opcode>
    <Keywords>0x4000000000000002</Keywords>
    <TimeCreated SystemTime="2013-09-03T14:37:15.202050400Z" />
    <EventRecordID>6377923</EventRecordID>
    <Correlation ActivityID="{0190DC40-F800-0000-D358-209A97A6CE01}" />
    <Execution ProcessID="6120" ThreadID="3752" />
    <Channel>Microsoft-Windows-WinRM/Operational</Channel>
    <Computer>email.internal.domain</Computer>
    <Security UserID="S-1-5-21-2144219272-1324115150-410060929-500" />
  </System>
  <EventData>
    <Data Name="operationName">CreateShell</Data>
    <Data Name="errorCode">2150858999</Data>
  </EventData>
</Event>

PLEASE note that I have been through every blog post, KB article, and anything else I can find and nothing has worked.  I'm hoping someone can come up with a new approach.

Thanks!!
Joe

Exchange 2013 w/2007 co-existence/ CU2 v1 Uninstall removes Public Folders, Exchange Security Groups Items, then prepareAD duplicates Exchange Security Group items

Written by Noel Dorobek August 2013

I spent 7 weeks on the phone with MS regarding these issues. I ultimately resolved myself. Here are the steps I took to resolve all of the above issues. I have written this up to save anyone else the fumbling. No two environments are alike, but hopefully this information is helpful to someone.

I Installed exchange 2013 RTM, Then applied CU1, and the first release of Cu2. During the CU2 upgrade the process failed. Couldn’t continue. According to technet the issue I faced could easily be resolved if I uninstalled Exchange and Installed Exchange directly from CU2. I uninstalled Exchange & noticed that our public folders, meeting rooms, and the like were removed. (Verified by looking at the Default naming context\ms exchange All Exchange Security Groups in AD were also removed. Running co-existence with Exchange 2007 so without the security groups it is now down, and as AD permissions are now hosed, the services won’t start, with access denied errors, and missing guid’s errors in exchange gui.

**Note - All the following steps assume healthy DC’s & AD replication, and that you have sufficient permissions to perform the steps. (rule of trade – “run as admin” FTW)

Exchange System Objects gone after Exchange 2013 CU2 v1 Uninstall.

1.       Get on a DC (fsmo role schema master preferred), and set it to stop incoming replication. (repadmin /options DCname +DISABLE_INBOUND_REPL)
2.       Drop to Safe Mode & select Directory Restore Mode. I used a Symantec backup to restore AD.
3.       Do a authoritative restore on the Default Naming Context\Microsoft Exchange System Objects. This will get your public folders, calendars, resources restored.
4.       Bring the DC back up, and repadmin /syncall. Wait a good 10minutes before going forward while everything sync’s. (verified by checking the restored AD object on other DC’s and verifying your removed items are back)

Exchange Security Groups Gone after Exchange 2013 CU2v1 Uninstall.

Now we have to correct the missing Exchange Security Groups & Permissions in AD. Before Exchange 2007 will work & before we can go back to Exchange 2013. AD now has permissions and item attributes corrupt/missing/wrong.

1.       First open ADSIEdit & connect to the default Naming context.
2.       Go to the properties of the MS Exchange Security groups & MS Exchange System Objects. Make sure you have no unknown (guid/ssid) items. If you have any remove them. Make sure any inherited unknown items are removed from the location they are inherited from. Make sure to check every folder from MS Exchange * Down.
3.       Now in ADSI edit connect to the Configuration Container\Services\MS Exchange\*enterprise name*\Administrative Groups\*admingroup name*\servers\*exchange server name*. Make sure you have no unknown (guid/ssid) items. If you have any remove them. Make sure any inherited unknown items are removed from the location they are inherited from. Make sure to check every folder from MS Exchange * Down.

That last step will leave orphaned attributes in the MS Exchange Security Group object. You cannot edit these attributes in adsiedit. You will have to use ldp.exe (built into windows).-= CAUTION: LDP.exe is not to be played with, you can get in real trouble using this tool if not very conscious and cautious=-

*NOTE - Exchange prepareAD is what will give us all our exchange security group items back, but exchange perpareAD will choke and won’t complete a run complaining of the following missing items items unless removed first. 

1.       Open ldp.exe on the same DC the above steps were performed. Connect to the local DC, Bind with credentials, View select Tree & give the BaseDN of your default naming context. (DC=domain,DC=suffix)
2.       Locate then double click the MS Exchange Security Groups object & find the otherWellKnownObjects attribute. You will see the deleted Group Objects listed out here. These all have to be removed. Copy them out and make a list.
3.   Right click the MS Exchange Security Groups object & select Modify.

In the Edit Entry Attribute:  type “otherWellKnownObjects” In the Values Field you will paste the objects one at a time here. In the Operation make sure you click the Delete button.

Example: B:32:C262A929D691B74A9E068728F8F842ED:CN=Organization Management1\0ADEL:ddf8a0b2-7683-4af5-9533-fa003645c879,CN=Deleted Objects,DC=Domain,DC=suffix

1.   Now copy the listed objects (example above) one by one into the Values Field, and click RUN. This will remove the attribute.
2.   Open Admin CMD prompt & repadmin /syncall (wait about 10min to do next steps, if a lot of DC’s or slow replication, wait longer.)

Now all remnants of the old deleted groups are gone from AD. We will now propagate the Exchange Security Groups again.

1.   On Exchange 2013 from an Admin CMD Prompt Run

setup.exe /prepareAD /iacceptexchangeserverlicenseterms

setup.exe /prepareschema /iacceptexchangeserverlicenseterms

1.   This will give you back your Exchange 2007 & 2013 Security Groups. Likely we just duplicated groups. Example: Exhange Organization Admin, and an Exchange Organization Admin1 will simultaneously exist, and so on down the list. I actually had 3 of each group.
2.   If your exchange services have been down. The server can now be brought up. Restart the Exchange AD Topology Service on the Exchange server. You may need to mount your store manually depending how bad it has been.

Exchange Security Groups are Duplicated after Exchange perpareAD

After this step I had all my exchange security group duplicate… example - Ex Org Admin, Ex Org Admin1, and Ex Org Admin2. No matter how many are loaded, the last will usually be the one exchange will use (Admin2 from my example above). You can verify this by launching your current exchange server, and looking in the ORG Management Permissions tab, which groups are associated with Exchange.

Now to remove the duplicates & get in position to do 2013 install from CU2 version 2. Unfortunately we will have to perform the above steps again, for the unused exchange security group removal.

1.   Check what group current Exchange is using from above.
2.   Open AD Users & Computers. Delete the Groups Exchange is NOT using. Rename the groups if it is admin1 and so on back to the default with no number, if you like. I did for cosmetics.
3.   Now we have both unknown permission accounts, and orphaned object attributes from above (steps 5-12). So we need torun through steps 5-12, making sure during the ldp.exe that we only remove the accounts we deleted in step17 from the otherWellKnownObjects.

Your current server is now healthy, but we have some work to do for the reinstall of Exchange 2013 CU2v2.

1.   Install Exchange 2013 Cu2 version 2

**NOTE - Unfortunately we will likely get MANY errors (You don’t have sufficient permissions opening exchange shell) due to RBAC being torn up now. The install of Exchange 2013 will fail likely on step 11 of 15 due to AD item attribute issues in the arbitration mailbox’s of Exchange 2013.

Correct Arbitration Mailbox issues

1. Likely the Exchange 2013 install has installed the mail database before you receive these errors. You can verify by checking adsiedit Configuration\Services\Microsoft Exchange\*enterprisename*\Administrative Groups\*exchange administrative group name*\Databases\ If you have one it did.Copy that whole string backwards from DB up.Example:  CN=Mailbox Database 0947437051,CN=Databases,CN=Exchange Administrative Group (blah),CN=Administrative Groups,CN=ENTERPRISE,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=domain,DC=suffix
   1.   Now we need to locate and correct the arbitration mailbox’s in AD Users & Computers, make a list of them.Arbitration Mailbox example. (these can be found in default naming context\rootdomain\Users by default.)FederatedEmail.4c1f4d8b-8179-4148-93bf-00a95gb182 SystemMailbox bb558c35-97f1-4cb9-8ff7-hg741dc9289 SystemMailbox*****and so on DiscoverySearchMailbox******and so on Migration******and so on Healthmailbox*****and so on
   2.   In ADSIEdit connect to the Default Naming Context, and open the Users container. Locate the account you collected in the last step. Right click them and select properties.
   3.   Scroll through the attributes tab till you find the HomeMDB Attribute. The value should be your exchange 2013 database path from above (step20). If it is blank or not pointing at the proper database. Correct that now for all the arbitration mailbox’s.

Correct RBAC

1.   Run a powershell session as admin
2. Get-ManagementRoleAssignment
3. Add-PSSnapin *setup
4. Install-CannedRbacRoleAssignments -InvocationMode Install –Verbose
5. Remove-PSSnapin *setup
6. Get-ManagementRoleAssignment

RBAC is now healthy, Group Permissions are now Correct.

You should now be able to open the exchange management shell & complete the install of Exchange 2013.

Issues should now all be resolved.

Hello every one,

I have a problem to migrate mailbox from exchange 2013 to exchange 2007 back.

Recently We have installed a pilot exchange 2013 and already migrate about 100 mailboxes.

But we still have some problems, and need transfer/migrate some mailboxes back to exchange 2007

i'm facing with this problem couple of days from now, can't move some mailboxes i'm geting this message:

Relinquishing job because the mailbox is locked. The job will attempt to continue again after 5/27/2013 10:27:43 AM.

When migrating or adding a new user to Exchange 2013, I get the following error when going into the Mailbox Delegation section in the Exchange Admin Center.

The object <Object CN> has been corrupted, and it's in an inconsistent state. The following validation errors happened:

The access control entry defines the ObjectType 'Object GUID' that can't be resolved.

I have done the following to try and resolve the GUID

Searched via LDP, ADSI, ADUC, Repadmin, with nothing found. I've converted the GUID from string to hex and searched with still no luck.

I get the identical error when running a Get-ADPermissions on the object as well.

There are no inheritance blocks on the object or OUs.

I've opened a Premier case, but wanted to ask the community if they have seen this or had any suggestions. As of right now, Exchange 2013 is the only app that can see this orphaned object.

Hi everyone,

I have a hybrid exchange test environment and everything appears to be working except Autodiscover for on-premise mailboxes.

My domain is vitaluk.com

My on-premise server is hermes.vitaluk.com and is externally accessible asexchange.piasuk.com

Users email: firstname.surname@piasuk.com

I have an SSL certificate for exchange.pias.com as this was necessary for Office 365. 

Autodiscover in outlook for Office 365 based mailboxes works totally fine.

The trouble is have is when I run outlook 2007 setup for a mailbox located on my on-premise exchange server.

I get the following error:

Security Alert: hermes.vitaluk.com

The name on the security certificate is invalid or does not match the name of the site

When I check the certificate I can see that it's for exchange.piasuk.com  This is the external certificate for my mailserver.

Trouble is, the client I'm trying to set up is inside the office, so internal autodiscover really needs to work for hermes.vitaluk.com

Is there anything I can do to have autodiscover work for on-premise user mailboxes?