Good evening,

Following TechNet closely I'm currently in the process of moving my exchange 2010 environment to 2013.  I have single exchange server on a SBS 2011 box.  Sadly I've failed at the first hurdle installing SP3, the result is that my Exchange 2010 is refusing all client connections.

During the SP3 install I passed all prerequisites but during the actual upgrade it failed at the Hub Transport Role with the following error:

Summary: 8 item(s). 3 succeeded, 1 failed.
Elapsed time: 00:20:46
Language Files
Completed

Elapsed Time: 00:10:25

Restoring services
Completed

Elapsed Time: 00:00:02

Languages
Completed

Elapsed Time: 00:03:32

Hub Transport Role
Failed

Error:
The following error was generated when "$error.Clear();
          Write-ExchangeSetupLog -Info "Creating SBS certificate";

          $thumbprint = [Microsoft.Win32.Registry]::GetValue("HKEY_LOCAL_MACHINE\Software\Microsoft\SmallBusinessServer\Networking", "LeafCertThumbPrint", $null);

          if (![System.String]::IsNullOrEmpty($thumbprint))
          {
            Write-ExchangeSetupLog -Info "Enabling certificate with thumbprint: $thumbprint for SMTP service";
            Enable-ExchangeCertificate -Thumbprint $thumbprint -Services SMTP;
           
            Write-ExchangeSetupLog -Info "Removing default Exchange Certificate";
            Get-ExchangeCertificate | where {$_.FriendlyName.ToString() -eq "Microsoft Exchange"} | Remove-ExchangeCertificate;

            Write-ExchangeSetupLog -Info "Checking if default Exchange Certificate is removed";
            $certs = Get-ExchangeCertificate | where {$_.FriendlyName.ToString() -eq "Microsoft Exchange"};
            if ($certs)
            {
              Write-ExchangeSetupLog -Error "Failed to remove existing exchange certificate"
            }
          }
          else
          {
            Write-ExchangeSetupLog -Warning "Cannot find the SBS certificate";
          }
        " was run: "The certificate with thumbprint 355E62E464DCF42A08BCB7A8CF39C819D42B760E was not found.".

The certificate with thumbprint 355E62E464DCF42A08BCB7A8CF39C819D42B760E was not found.
Click here for help... http://technet.microsoft.com/en-US/library/ms.exch.err.default(EXCHG.141).aspx?v=14.3.123.3&e=ms.exch.err.Ex88D115&l=0&cl=cp

Elapsed Time: 00:06:46

Client Access Role
Cancelled
Mailbox Role
Cancelled
Management Tools
Cancelled
Finalizing Setup
Cancelled

The setup log shows the following details:

Ending processing Get-ExchangeCertificate
[07/31/2013 20:50:46.0516] [1] The following 1 error(s) occurred during task execution:
[07/31/2013 20:50:46.0516] [1] 0.  ErrorRecord: The certificate with thumbprint 355E62E464DCF42A08BCB7A8CF39C819D42B760E was not found.
[07/31/2013 20:50:46.0516] [1] 0.  ErrorRecord: System.InvalidOperationException: The certificate with thumbprint 355E62E464DCF42A08BCB7A8CF39C819D42B760E was not found.
[07/31/2013 20:50:46.0531] [1] [ERROR] The following error was generated when "$error.Clear();
          Write-ExchangeSetupLog -Info "Creating SBS certificate";

          $thumbprint = [Microsoft.Win32.Registry]::GetValue("HKEY_LOCAL_MACHINE\Software\Microsoft\SmallBusinessServer\Networking", "LeafCertThumbPrint", $null);

          if (![System.String]::IsNullOrEmpty($thumbprint))
          {
            Write-ExchangeSetupLog -Info "Enabling certificate with thumbprint: $thumbprint for SMTP service";
            Enable-ExchangeCertificate -Thumbprint $thumbprint -Services SMTP;
           
            Write-ExchangeSetupLog -Info "Removing default Exchange Certificate";
            Get-ExchangeCertificate | where {$_.FriendlyName.ToString() -eq "Microsoft Exchange"} | Remove-ExchangeCertificate;

            Write-ExchangeSetupLog -Info "Checking if default Exchange Certificate is removed";
            $certs = Get-ExchangeCertificate | where {$_.FriendlyName.ToString() -eq "Microsoft Exchange"};
            if ($certs)
            {
              Write-ExchangeSetupLog -Error "Failed to remove existing exchange certificate"
            }
          }
          else
          {
            Write-ExchangeSetupLog -Warning "Cannot find the SBS certificate";
          }
        " was run: "The certificate with thumbprint 355E62E464DCF42A08BCB7A8CF39C819D42B760E was not found.".
[07/31/2013 20:50:46.0531] [1] [ERROR] The certificate with thumbprint 355E62E464DCF42A08BCB7A8CF39C819D42B760E was not found.
[07/31/2013 20:50:46.0531] [1] [ERROR-REFERENCE] Id=SbsBridgeHeadComponent___6464a0ee0fd04f6b893a3c81d7eb3f26 Component=EXCHANGE14:\Current\Release\Shared\Datacenter\Setup\SBS
[07/31/2013 20:50:46.0531] [1] Setup is stopping now because of one or more critical errors.
[07/31/2013 20:50:46.0531] [1] Finished executing component tasks.
[07/31/2013 20:50:46.0594] [1] Ending processing Install-BridgeheadRole

 My application event log is flooded with the following error:

Log Name:      Application
Source:        Microsoft-Windows-IIS-W3SVC-WP
Date:          31/07/2013 21:59:43
Event ID:      2280
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      SRV-SBS.lawrencedavid.local
Description:
The Module DLL C:\Program Files\Microsoft\Exchange Server\V14\ClientAccess\Owa\auth\exppw.dll failed to load.  The data is the error.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-IIS-W3SVC-WP" Guid="{670080D9-742A-4187-8D16-41143D1290BD}" EventSourceName="W3SVC-WP" />
    <EventID Qualifiers="49152">2280</EventID>
    <Version>0</Version>
    <Level>2</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2013-07-31T20:59:43.000000000Z" />
    <EventRecordID>975085</EventRecordID>
    <Correlation />
    <Execution ProcessID="0" ThreadID="0" />
    <Channel>Application</Channel>
    <Computer>SRV-SBS.lawrencedavid.local</Computer>
    <Security />
  </System>
  <EventData>
    <Data Name="ModuleDll">C:\Program Files\Microsoft\Exchange Server\V14\ClientAccess\Owa\auth\exppw.dll</Data>
    <Binary>05000000</Binary>
  </EventData>
</Event>

I've tried to re-register exppw.dll following instructions in the TechNet forums but this hasn't helped to restore functionality or complete the SP3 installation.  Any guidance would be most appreciated.  Thanks in advance!

Setup.exe /prepareschema /IAcceptExchangeserverlicenseterms

gives error:  [ERROR] An attempt was made to load an assembly from a network location which would have caused the assembly to be sandboxed in previous versions of the .NET Framework. This release of the .NET Framework does not enable CAS policy by default, so this load may be dangerous. If this load is not intended to sandbox the assembly, please enable the loadFromRemoteSources switch. Seehttp://go.microsoft.com/fwlink/?LinkId=155569 for more information. ; Any hints how to solve this?

bostjanc

Hi All,

Getting extremely frustrated now with a new Exchange 2013 installation on a Windows Server 2012 VM...

After having a lot of problems with the installation (didn't uninstall visual c++ which caused failure, then needed to delete the AD Microsoft Exchange System Objects group due to permission failures, etc) I've now got a fully installed Exchange server. Still, now I cannot figure out how to fix my next problem - Accessing the EAC/ECP.

I've searched every possible web guide/forum thread and the only one which is the same issue I'm having is this one: http://social.technet.microsoft.com/Forums/en-US/exchangesvradmin/thread/89c42771-78c9-4d94-88e5-557320eccc71 

Unfortunately, as you can see in that thread, it is still unresolved. 

Current Issue: trying to access https://localhost/ecp (or any other variation) returns a 404 Not Found.

The error page points the physical path to c:\inetpub\wwwroot\ecp however that folder does not exist. I have tried manually changing the IIS site (Exchange Back End) to point its physical path to C:\Program Files\Microsoft\Exchange Server\V15\ClientAccess\ecp which seems to be valid, however it doesn't work...

Not sure what else to do... HELP!

Oli

Dear All,

We are running Single forest with two child domains in our organization. The forest DC is on windows 2008 with all FSMO roles and have ADC as well, Exchange servers are running with SCC roles and HUB/CAS is on additional domain controller.

In child domain one site has windows 2008 DC and Exchange servers are running on CCR without storage and HUB/CAS on additional domain controller. The other child domain site has one DC and single exchange with all roles installed.

Now the query is first I want to migrate my one child domain site that installed single exchange server to my primary site. Kindly guide is that possible to move/migrate all users mailbox from same exchange 2007 child domain to same Exchange 2007 forest domain ? if yes what approach should to adopt.

The other query is that once all migration done from exchange 2007 to exchange 2013 want to implement DR site. If primary site goes down, what is the action performed to up and user connect to DR site.

Please guide the process.

Hi,

I'm currently planning out an Exchange 2013 migration from an existing 2007 environment. The current environment has 2 Edge 2007 servers with edge subscriptions in place.

After I have installed 2013 MBX+CAS and then installed the Edge Transport servers the Exchange Deployment Assistant talks about creating new Edge Subscriptions to the 2013 Edge and the 2013 MBX+CAS boxes. If I do this will this have any effect on current email routing? Will this cause outbound email to start going out via the 2013 Edge Servers?

I'm thinking it probably wont unless the user has a mailbox on 2013 but I'm not 100% sure as I haven't encountered this before and would like to know so I can plan whether to do this activity during a downtime window so as not to disrupt mail flow.

Thanks

I viewed the other link but no help.

Here is my issue, only when sending new meeting requests or invites I get the above mentioned error.

550 4.4.7 QUEUE.Expired

My setup as follows,

Server 2012 , Exchange 2013

I can telnet to the mail.domain.com 25

Again this only happens when i try to send calender requests

Diagnostic information for administrators:

Generating server: domain.local

#550 4.4.7 QUEUE.Expired; message expired ##

Received: from domain.local (10.1.0.232) bydomain.local (10.1.0.232) with Microsoft SMTP  Server (TLS) id 15.0.516.32; Fri, 3 May 2013 12:09:33 +0200 Received: from domain.local ([fe80::b564:f085:a8f2:145b]) by domain.local ([fe80::b564:f085:a8f2:145b%12]) with mapi id 15.00.0516.029; Fri, 3 May 2013  12:09:33+0200 Content-Type: application/ms-tnef; name="winmail.dat" Content-Transfer-Encoding: binary From: User@domain.com> To: User@domain.com Subject: Online Systems Thread-Topic: Online Systems Thread-Index: Ac5H4f5gxTOOCpaRRAaDWHMdTJxJogAA+uZA Date: Fri, 3 May 2013 12:09:32 +0200 Message-ID: <c63f24d0f51941bd8cecea624ad8a742@ONLINEXCH1.OnlineIntelligencePtyLtd.local> Accept-Language: en-US, en-ZA Content-Language: en-US X-MS-Has-Attach: yes X-MS-TNEF-Correlator: <c63f24d0f51941bd8cecea624ad8a742@ONLINEXCH1.OnlineIntelligencePtyLtd.local> MIME-Version: 1.0 X-Originating-IP: [10.1.1.220] Return-Path: User@domain.com X-EsetResult: clean, is OK X-EsetId: 1961053D22C734334D265E

David Jenkins

Hi,

I'm trying to apply CU10 to my Exchange 2013 SP1 but i'm getting these errors:

Error:
The Mailbox server role isn't installed on this computer.
For more information, visit: http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.UnifiedMessagingRoleNotInstalled.aspx

Error:
The Mailbox server role isn't installed on this computer.
For more information, visit: http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.BridgeheadRoleNotInstalled.aspx

I have tried this also for CU9 and even for the latest CU11.

i already prepared Schema and AD and using admin user with all access required.

The errors in my setup logs file are:

[12/18/2015 10:22:41.0297] [1] Failed [Rule:UnifiedMessagingRoleNotInstalled] [Message:The Mailbox server role isn't installed on this computer.]
[12/18/2015 10:22:41.0297] [1] Failed [Rule:BridgeheadRoleNotInstalled] [Message:The Mailbox server role isn't installed on this computer.]
[12/18/2015 10:22:41.0312] [1] [REQUIRED] The Mailbox server role isn't installed on this computer.
[12/18/2015 10:22:41.0312] [1] Help URL: http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.UnifiedMessagingRoleNotInstalled.aspx
[12/18/2015 10:22:41.0312] [1] [REQUIRED] The Mailbox server role isn't installed on this computer.
[12/18/2015 10:22:41.0312] [1] Help URL: http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.BridgeheadRoleNotInstalled.aspx
[12/18/2015 10:22:41.0375] [1] Ending processing test-SetupPrerequisites
[12/18/2015 10:22:41.0375] [0] Exchange Server installation failed during prereq check. Trying to restore the server state back to active.
[12/18/2015 10:22:41.0375] [0] RestoreServer Script Path: C:\Windows\Temp\ExchangeSetup\RestoreServerOnPrereqFailure.ps1

could you please help me on this.

Thanks

Alaa

alaaabdou

Virtual directory settings between 2007 and 2013 Migration.

Do all virtual directories have to have the same authentication settings between the 2007 and 2013 servers, I am finding a bit of inconsitancy in various posts on what should be set, I found some help blogs but they don't cover the permissions side or are conflicting, can I ask if they need to match like for like.

eg:

Hello,

Virtual Server - Windows server 2012 R2 latest updates w/ Exchange 2013 Update 11.

If I add an RD Gateway Certificate, it relates itself to the IIS Exchange Back End 443 certificate. Exchange Back End doesn't have a 443 port, only a 444 port so RD Gateway automatically creates a 443 port in the Exchange Back End site. There is already a 443 in the Default Web Site so the Exchange Back End won't start. I can get the Exchange Back End to start by removing the 443 binding but next time I open RD Gateway, it gives me the error below.

So the question is, is there a way to get RD Gateway to look at the Default Web Site for its associated 443 port and certificate instead of looking at, and automatically creating the port and certificate in the Exchange Back End site?

Thank for all your help,

Robert

Hi All,

I would like to know that, how many LDAP query thorws during exchange server installation? Kindly consider standalone (DC+ All Exchange server roles on one machine) env and in DAG env (DC+ CAS+MBX1+MBX2)?

Thanks,

Sudhir

We currently have an Exchange 2013 Hybrid server along with a DirSync VM that syncs our AD with Office 365.  The domain functional level is 2003.  I just installed a pair of 2012R2 DCs and I'm ready to remove AD from the 2003 DCs and upgrade the DFL to 2012R2.

In regard to raising DFL and decommissioning the old DCs, are there any known issues or configuration changes required for either the Exchange 2013 server or the Dirsync server?  Of course we need to change IP configuration so the Exchange and Dirsync servers have the IP address of the new DNS server.  But I'm wondering if there's anything else in the server config that points to a particular DC, or will have trouble with the DFL upgrade.  Any guidance here would be appreciated.

I really thought I had everything configured right, but I'm just not able to get past this error...

[PS] C:\Program Files\microsoft\Exchange Server\v15\Scripts>Import-csv C:\temp\Test.csv | .\Prepare-MoveRequest.ps1 -RemoteForestDomainController <remote.exchange.2010> -RemoteForestCredential $Remote -LocalForestDomainController <local.exchange.2013> -LocalForestCredential $Local -TargetMailUserOU "OU=TestUsers,dc=<domain>,dc=local" -UseLocalObject -Verbose
C:\Program Files\microsoft\Exchange Server\v15\Scripts\Prepare-MoveRequest.ps1 : Error looking up source MBX
DiscoverySearchMailbox {D919BA05-46A6-415f-80AD-7E09334BB852}@<local.exchange.2013> in source forest.
At line:1 char:31
+ Import-csv C:\temp\Test.csv | .\Prepare-MoveRequest.ps1 -RemoteForestDomainContr ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [Write-Error], WriteErrorException
    + FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Prepare-MoveRequest.ps1

Where <remote.exchange.2010>, <local.exchange.2013>, and <domain> are the appropriate values. What don't I have configured right?

Hey All

\Exchange 2013\Scripts\Prepare-MoveRequest.ps1 : Error looking up source MBX email@domain.local in source
rest.
 line:1 char:1
.\Prepare-MoveRequest.ps1 -Identity email@domain.local -RemoteForestDomainC ...
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  + CategoryInfo          : NotSpecified: (:) [Write-Error], WriteErrorException
  + FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Prepare-MoveRequest.ps1



I am running this:  

.\Prepare-MoveRequest.ps1 -Identity email@domain.local -RemoteForestDomainController server.domain.local -RemoteForestCredential $remotecredential  -LocalForestDomainController dc01.domain1.com
cal -LocalForestCredential $localcredential

I am at wits end with this one... any help would be appriciated..

------++++++---

New information as of 29/06/2015

Server does not appear to query the AD servers within the domain.

when trying to move a user that does not exist the same error comes up.

Standard AD queries work correctly on the exchange server, so get-aduser blah brings back information of users.

Hi all,

Due to the POODLE vulnerability and TLS 1.0 showing as enabled on one of our external scans, we were informed that we would need to disable SSL 3.0 and TLS 1.0 on our Exchange server.

Apparently, this wouldn't even be possible until Update Rollup 9 was released on 3/16/15:

Rollup resolves:

KB 3029667 SMTP is not transported over TLS 1.1 or TLS 1.2 protocol in an Exchange Server 2010 environment

After installing this update, SSL 3.0 and TLS 1.0 were disabled and the servers rebooted (cross site, same domain, two Exchange servers).  After resolving some issues with certificates that apparently broke as a result of the changes, we found that EWS was not working - the log full of these errors:

Hi,

We are currently consolidating Root/Child domain infrastructure, to have only root domain and we are using ADMT to move users.

The problem is with Exchange "Send as" permissions. Exchange 2013 is in root domain.

After user migration to root domain "Send as" permissions are lost (Full Access permissions remain). Send As and Full Access permissions are granted to universal groups.

What could be the issue here?

IMAP crashed and not working after applying the CU10 on top of Exchange 2013 CU10. I read the KB that "This issue occurs because Internet Mail Access Protocol (IMAP) does not support the generic security services application programming interface (GSSAPI) as an authentication mechanism in a Microsoft Exchange Server 2013 environment "

and I tried to enable Set-IMAPSettings –EnableGSSAPIAndNTLMAuth:$FALSE

and no luck, still IMAP asking for a credentials again and again. POP is working fine.
I can see the IMAP protocol log, there are msgs

"IN:9933:SSL;ErrMsg=ProxyNotAuthenticated;LiveIdAR=OK""

"authenticate,NTLM,"R=""l7z2 NO AUTHENTICATE failed."";"

the IMAP settings are

[PS] C:\Windows\system32>Get-ImapSettings | format-list


RunspaceId                        : 32a6432b-de4f-4730-adf3-6595ccb25ce8
ProtocolName                      : IMAP4
Name                              : 1
MaxCommandSize                    : 10240
ShowHiddenFoldersEnabled          : False
UnencryptedOrTLSBindings          : {[::]:143, 0.0.0.0:143}
SSLBindings                       : {[::]:993, 0.0.0.0:993}
InternalConnectionSettings        : {essrv011.****.IN:993:SSL, essrv011.***.IN:143:TLS}
ExternalConnectionSettings        : {}
X509CertificateName               : email.***.ac.in
Banner                            : The Microsoft Exchange IMAP4 service is ready.
LoginType                         : SecureLogin
AuthenticatedConnectionTimeout    : 00:30:00
PreAuthenticatedConnectionTimeout : 00:01:00
MaxConnections                    : 2147483647
MaxConnectionFromSingleIP         : 2147483647
MaxConnectionsPerUser             : 16
MessageRetrievalMimeFormat        : BestBodyFormat
ProxyTargetPort                   : 9933
CalendarItemRetrievalOption       : iCalendar
OwaServerUrl                      :
EnableExactRFC822Size             : False
LiveIdBasicAuthReplacement        : False
SuppressReadReceipt               : False
ProtocolLogEnabled                : True
EnforceCertificateErrors          : False
LogFileLocation                   : C:\Program Files\Microsoft\Exchange Server\V15\Logging\Imap4
LogFileRollOverSettings           : Daily
LogPerFileSizeQuota               : 0 B (0 bytes)
ExtendedProtectionPolicy          : None
EnableGSSAPIAndNTLMAuth           : False
Server                            : ESSRV011
AdminDisplayName                  :
ExchangeVersion                   : 0.10 (14.0.100.0)
DistinguishedName                 : CN=1,CN=IMAP4,CN=Protocols,CN=ESSRV011,CN=Servers,CN=Exchange Administrative Group
                                    (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=****,CN=Microsoft
                                    Exchange,CN=Services,CN=Configuration,DC=***,DC=AC,DC=IN
Identity                          : ESSRV011\1
Guid                              : 4ed7aaa3-90b7-4c3b-b373-bccccf85fcf3
ObjectCategory                    : ****.IN/Configuration/Schema/ms-Exch-Protocol-Cfg-IMAP-Server
ObjectClass                       : {top, protocolCfg, protocolCfgIMAP, protocolCfgIMAPServer}
WhenChanged                       : 22-09-2015 20:02:07
WhenCreated                       : 22-07-2015 18:54:19
WhenChangedUTC                    : 22-09-2015 14:32:07
WhenCreatedUTC                    : 22-07-2015 13:24:19
OrganizationId                    :
Id                                : ESSRV011\1
OriginatingServer                 : ***.IN
IsValid                           : True
ObjectState                       : Unchanged

3 node CAS and 3 node Mailbox DAG is my environment.

Pl. help put