I've read through every article about the "constant credential" issue and can not solve it.  The issue specific to my environment is:

I migrated Exchange 2007 to Exchange 2013. Everything is working now, except for one thing...

Mail.server.org and NewMail.server.org both point to the same IP, however:

mail.server.org/autodiscover/autodiscover.xml will not authenticate no matter what credentials I use
newmail.server.org/autodiscover/autodiscover.xml works just fine.

Why would one work and the other fail?  Autodiscover is working but somehow also still pointing to "mail.server.org" which is causing everyone's Outlook client to constantly pop up a credential box that won't accept anything put into it.  

If anyone has any ideas please let me know - I'm really racking my brain over this one.

Just wanted to confirm the below information is still current for Exchange 2016 for patching a 12 node single dag cluster. 

Patching Scenario – Medium Sized Deployment

This is a slightly larger environment – a single DAG with 4 or more servers in the DAG, all located in one location. Let’s use a 6-member DAG for our example this time. Refer to this diagram for this example:

Also note that for this example, we’re going to say that we have designed this DAG to support two concurrent failures. This means that if we take two servers out of actively hosting mailboxes for patching, by having three copies of all databases, we are assured that we can continue to provide email services. It is possible to modify this solution to only take a single server out of service at a given time, and that is a perfectly acceptable solution – this is just an example presented here for discussion.

1. Ensure that your replication is healthy and all copies are up to date.
2. In our example we are going to patch two servers at a time, starting with Server 5 and Server 6. 
3. Activation block Server 5 and Server 6 so that a failure at this time won’t activate copies of the mailbox databases on those servers.
4. Perform a switchover of all databases away from Server 5 and Server 6 to the other four servers in the DAG.
5. Drain-stop all connections to the CAS on Server 5 and Server 6, and then remove them from the load-balanced array
6. Patch Server 5 and Server 6.
7. Add Server 5 and Server 6 back into the load-balanced array, drain-stop all other servers and remove them from the load-balanced array.
   1. Notice that for a short period, we have both upgraded and not-upgraded servers in the load-balanced array. This is not an issue, because we still have all mailboxes on the not-upgraded mailbox servers.
8. Remove activation block from Server 5 and Server 6, activation block Server 3 and Server 4, perform the switchover of all databases from Server 3 and Server 4 to the other four servers, patch Server 3 and Server 4 and add them back into the load-balanced array.
9. Remove activation block from Server 3 and Server 4, activation block Server 1 and Server 2, perform the switchover of all databases from Server 1 and Server 2 to the other four servers, patch Server 1 and server 2 and add them back into the load-balanced array.
10. Remove activation block from Server 1 and Server 2, and redistribute your databases evenly across all three servers.

Impact(s) of this process:

• For a period of time, you will be running with a possibly lower availability stance than normal operating conditions. You only have 2 servers providing CAS services until you have patched those other servers and added them back into the load-balanced array. (If you only have 4 servers in the DAG, this might not be the case.)
• In the case where you have very high numbers of users in this physical location, it is possible that you would introduce a performance impact on CAS services, because of the reduced number of Client Access servers in service.
  • Think about the situation where you have 8 or 10 servers in the DAG in this physical location, and you have only patched 2 servers. In that case, those 2 servers could probably not handle the load of all users under full production load. But, you typically won’t be patching during a “full production” time of the day – you’ll have a maintenance window that you will be working in, and users will know to have a lower expectation of availability and such. As long as you understand this and are willing to accept this risk, this is fine, but you should almost certainly make sure that you document this case and make sure that it really is acceptable!
  • The other way to think about this is to make sure that the two servers you bring back into the load-balanced array have enough processing power and memory to support the entire load. This is probably the best engineering solution for a highly available Exchange 2010 environment, but it does have a cost associated with it just like everything else in HA. If I were going to recommend a solution, this is how I would recommend it – make sure you have enough processing that if you end up in a production environment on two upgraded servers, that they can handle your full production peak load.

https://blogs.technet.microsoft.com/exchange/2010/07/22/patching-the-multi-role-server-dag/ 

Hello

I can see in my firewall my Exchange 2013 is trying to connect to different ips using port 80 and port 443.

Now, navigation is not allowed in that servers. I've tried to find information about that ips and I've found connections to port 443 are for some Microsoft updates but I couldn't find anything else.

What are they asking for?

Do they need to navigate?

The ips they are trying to connect are:

93.184.221.200

157.56.77.149

195.77.23.51

130.206.192.8

213.162.193.244

185.43.182.73

...

I have Exchange 2007 and 2013 in coexistence mode, and we are preparing to migrate users.  I'm seeing an issue where users that are still on Exchange 2007 are having intermittent results accessing free/busy data for mailboxes on the Exchange 2013 system. Error is noted below, and is generated on my Exchange 2007 CAS servers.  I can add multiple 2013 mailboxes to an appointment, and sometimes free/busy will appear for some mailboxes and not others, and sometimes none of them at all.  Generally, refreshing free/busy data on the Outlook appointment one to several times will display the free/busy data.  So, the data is accessible, but intermittently.  All systems are in the same AD Forest and Site.   EWS URLs are correct (legacy url for 2007, current url for 2013).

Mailboxes on the Exchange 2013 system do not have any issue accessing free/busy of Exchange 2007 mailboxes.

I've seen references to modifying the maximumQueryIntervalDays on 2007 to 62 - that's done, but this is still happening.

Any suggestions?

I have an onsite exchange 2013 that I am starting to migrate to exchange online and have reached the stage of running the Hybrid setup wizard.  This is the first hybrid setup that I have carried out. 

The current set up is as follows (set up before I joined) in that the internal domain name is company-name.co.uk and the external domain and email domain is companyname.co.uk.  The external and internal autodiscover is configured to use the companyname.co.uk URL.

The hybrid wizard has completed with the follwoing error:

HCW8057 - office 365 was unable to communicate with your on-premises Autodiscover endpoint.  The Office 365 tenant is currently configured to use the following url for autodiscovery queries: http://autodiscover.company-name.co.uk/autodiscover/autodiscover.svc/wssecurity

My question is this: Is it ok just to manually change the URL that the office 365 tenant is using to the correct autodiscovery url?

thanks in advance.

New exchange 2013 install with coexistent with exchange 2007 to move mail boxes. All data moved over. installed go daddy ucc certificate. Everything working. After updates and a reboot the server outlook 2013 on win 7 machines will not connect to the exchange 2013. Same account set up on a win 10 with outlook 2013 or 2016 connects. SSl now fails connectivity test.  

Had to adsi edit remove the public folders from the exchange 2007 box. We didn't use them. don't think this could affect it but thought I would throw it in.

I ran check with digicert and the ssl chain is good. All phones and remote outlook 2013 on win 10 work remotely.

I have been over all urls on the virtual directory's and autodiscover. We have installed a bunch of these and have never had anything close to this.

Nothing in the event viewer.

The Microsoft Connectivity Analyzer wasn't able to obtain the remote SSL certificate.

I cannot find anything causing this

Any ideas greatly appreciated.

Why would outlook 2013 or 2016 on win 10 connect and on win 7 machines not?

How can the connectivity analyzer fail with below and our remotes all work?  

thanks in advance

Attempting to test potential Autodiscover URL https://autodiscover.pdcsoftware.com:443/Autodiscover/Autodiscover.xml
	Testing of this potential Autodiscover URL failed.
	Additional Details   Elapsed Time: 1023 ms.
	Test Steps   Attempting to resolve the host name autodiscover.pdcsoftware.com in DNS.   The host name resolved successfully.   Additional Details   IP addresses returned: 68.67.245.24 Elapsed Time: 352 ms. Testing TCP port 443 on host autodiscover.pdcsoftware.com to ensure it's listening and open.   The port was opened successfully.   Additional Details   Elapsed Time: 338 ms. Testing the SSL certificate to make sure it's valid.   The SSL certificate failed one or more certificate validation checks.   Additional Details   Elapsed Time: 332 ms.   Test Steps   The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server autodiscover.pdcsoftware.com on port 443.   The Microsoft Connectivity Analyzer wasn't able to obtain the remote SSL certificate.   Additional Details   The certificate couldn't be validated because SSL negotiation wasn't successful. This could have occurred as a result of a network error or because of a problem with the certificate installation. Elapsed Time: 301 ms.

	Attempting to contact the Autodiscover service using the HTTP redirect method.
	The attempt to contact Autodiscover using the HTTP Redirect method failed.
	Additional Details   Elapsed Time: 962 ms.
	Test Steps   Attempting to resolve the host name autodiscover.pdcsoftware.com in DNS.   The host name resolved successfully.   Additional Details   IP addresses returned: 68.67.245.24 Elapsed Time: 4 ms. Testing TCP port 80 on host autodiscover.pdcsoftware.com to ensure it's listening and open.   The port was opened successfully.   Additional Details   Elapsed Time: 334 ms. The Microsoft Connectivity Analyzer is checking the host autodiscover.pdcsoftware.com for an HTTP redirect to the Autodiscover service.   The Microsoft Connectivity Analyzer failed to get an HTTP redirect response for Autodiscover.   Additional Details   A Web exception occurred because an HTTP 404 - NotFound response was received from Unknown. HTTP Response Headers: Connection: close Content-Length: 315 Content-Type: text/html; charset=us-ascii Date: Wed, 18 Jan 2017 21:15:39 GMT Server: Microsoft-HTTPAPI/2.0 Elapsed Time: 623 ms.

Wade

Hi,

I have created a new Exchange server 2013 on Windows Server 2008 R2.

I am at the final step where I receive the following message...

Warning:
Setup will prepare the organization for Exchange 2013 by using 'Setup /PrepareAD'. No Exchange 2010 server roles have been detected in this topology. After this operation, you will not be able to install any Exchange 2010 servers.

We have a 2007 Exchange Server currently which I need to keep functional for the time being until I migrate the Databases/Mailboxes/Configuration over to the Exchange 2013.

My question is, am I good to go again and press next here? Or will it have a negative effect of the functionality of our 2007 Exchange Server? Or will it make the mailbox migrations impossible later?

Is there anything else I should be doing prior to hitting next?

We have no 2010 Exchange servers and I dont see why we'd need one.

Goal is to get Exchange 13 up and running and then migrate the 2007 Exchange data to it one night off hours, but keep 2007 functional until I do this.

From what I understand, I believe Im good to go but wanted to make double triple sure.

Thanks!

-Mike

So we created a new forest/domain. Our current domain is running Exchange 2010. We want to install 2013 on the new domain and we will be migrating users AD/Exchange accounts to the new forest. 

I'm having issues installing 2013 in the new domain. It keeps failing on the Readiness Checks. It's spitting out all kinds of errros but the big thing is it seems like it's looking at the wrong domain and site. One of the errors is that it can't contact the DC and thus can't connect to port 53 but from the server, I'm able to hit the new domain DC's and telnet. Obviously I'm missing something here. Any help or advice would be welcomed.

Thank you

I have downloaded Exchange 2013 CU2 and attempted to install it from a local drive.  Exchange 2013 is installed on a Server 2012 Standard VM in Hyper-V.  I ran the two following commands before trying to install

setup.exe /PrepareSchema /IAcceptExchangeServerLicenseTerms

setup.exe /PrepareAD /IAcceptExchangeServerLicenseTerms

Upon trying to run the installer, I recieve the following error.

Error:
The following error was generated when "$error.Clear();
                    & $RoleBinPath\ServiceControl.ps1 EnableServices Critical
                " was run: "AuthorizationManager check failed.".

During my first install attept, the error was on step 4 of 15. I have tried to rerun the setup with no luck.  I noticed the installer leaves all the Exchange services disabled, as well as winmgmt, remoteregistry, w3svc, iisadmin.  These four services are the critical services the errors refer to.  I have verified my execution policy is correct

PS C:\Windows\system32> Get-ExecutionPolicy -list

                                                      Scope                                             ExecutionPolicy
                                                      -----                                             ---------------
                                              MachinePolicy                                                Unrestricted
                                                 UserPolicy                                                   Undefined
                                                    Process                                                   Undefined
                                                CurrentUser                                                   Undefined
                                               LocalMachine                                                RemoteSigned

Upon trying to rerun the setup, I have ran the following commands in order to start the critical services manually

Get-Service-namewinmgmt,remoteregistry,w3svc,iisadmin|set-service-startuptypeautomatic

Get-Service-namewinmgmt,remoteregistry,w3svc,iisadmin|Start-Service

No matter what I do, the Exchange 2013 CU2 installer seems to fail.  I'd appreciate any possible help with this.

Thanks,

Chris

To add to what I posted, I also have the following error in the event log.

[07/22/2013 13:57:01.0279] [1] Executing:
                    & $RoleBinPath\ServiceControl.ps1 EnableServices Critical
                
[07/22/2013 13:57:01.0373] [1] The following 1 error(s) occurred during task execution:
[07/22/2013 13:57:01.0373] [1] 0.  ErrorRecord: AuthorizationManager check failed.
[07/22/2013
13:57:01.0373] [1] 0.  ErrorRecord:
System.Management.Automation.PSSecurityException: AuthorizationManager
check failed. ---> System.Runtime.InteropServices.COMException: The
service cannot be started, either because it is disabled or because it
has no enabled devices associated with it. (Exception from HRESULT:
0x80070422)
   at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode, IntPtr errorInfo)
   at System.Management.ManagementScope.InitializeGuts(Object o)
   at System.Management.ManagementScope.Initialize()
   at System.Management.ManagementObject.Initialize(Boolean getObject)
   at System.Management.ManagementObject.Get()
   at System.Management.Automation.PsUtils.GetParentProcess(Process current)
   at System.Management.Automation.SecuritySupport.GetExecutionPolicy(String shellId, ExecutionPolicyScope scope)
   at System.Management.Automation.SecuritySupport.GetExecutionPolicy(String shellId)
   at Microsoft.PowerShell.PSAuthorizationManager.CheckPolicy(ExternalScriptInfo script, PSHost host, Exception& reason)
  
at Microsoft.PowerShell.PSAuthorizationManager.ShouldRun(CommandInfo
commandInfo, CommandOrigin origin, PSHost host, Exception& reason)
  
at
System.Management.Automation.AuthorizationManager.ShouldRunInternal(CommandInfo
commandInfo, CommandOrigin origin, PSHost host)
   --- End of inner exception stack trace ---
  
at
System.Management.Automation.AuthorizationManager.ShouldRunInternal(CommandInfo
commandInfo, CommandOrigin origin, PSHost host)
   at
System.Management.Automation.CommandDiscovery.ShouldRun(ExecutionContext
context, PSHost host, CommandInfo commandInfo, CommandOrigin
commandOrigin)
   at
System.Management.Automation.CommandDiscovery.LookupCommandProcessor(CommandInfo
commandInfo, CommandOrigin commandOrigin, Nullable`1 useLocalScope,
SessionStateInternal sessionState)
   at
System.Management.Automation.CommandDiscovery.LookupCommandProcessor(String
commandName, CommandOrigin commandOrigin, Nullable`1 useLocalScope)
   at System.Management.Automation.ExecutionContext.CreateCommand(String command, Boolean dotSource)
  
at
System.Management.Automation.PipelineOps.AddCommand(PipelineProcessor
pipe, CommandParameterInternal[] commandElements, CommandBaseAst
commandBaseAst, CommandRedirection[] redirections, ExecutionContext
context)
   at
System.Management.Automation.PipelineOps.InvokePipeline(Object input,
Boolean ignoreInput, CommandParameterInternal[][] pipeElements,
CommandBaseAst[] pipeElementAsts, CommandRedirection[][]
commandRedirections, FunctionContext funcContext)
   at System.Management.Automation.Interpreter.ActionCallInstruction`6.Run(InterpretedFrame frame)
   at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(InterpretedFrame frame)
[07/22/2013 13:57:01.0373] [1] [ERROR] The following error was generated when "$error.Clear();
                    & $RoleBinPath\ServiceControl.ps1 EnableServices Critical
                " was run: "AuthorizationManager check failed.".
[07/22/2013 13:57:01.0373] [1] [ERROR] AuthorizationManager check failed.
[07/22/2013
13:57:01.0373] [1] [ERROR] The service cannot be started, either
because it is disabled or because it has no enabled devices associated
with it. (Exception from HRESULT: 0x80070422)
[07/22/2013
13:57:01.0388] [1] [ERROR-REFERENCE]
Id=AllRolesMidFileCopyComponent___af0f15afe35c4e7cba121e546f405214
Component=EXCHANGE14:\Current\Release\Shared\Datacenter\Setup
[07/22/2013 13:57:01.0388] [1] Setup is stopping now because of one or more critical errors.
[07/22/2013 13:57:01.0388] [1] Finished executing component tasks.
[07/22/2013 13:57:01.0435] [1] Ending processing Start-MidFileCopy
[07/22/2013 13:58:09.0121] [0] End of Setup
[07/22/2013 13:58:09.0121] [0] **********************************************

I also have these two errors in event viewer that keep occuring. 

Event 2280, IIS-W3SVC-WP

The Module DLL C:\Program Files\Microsoft\Exchange Server\V15\Bin\kerbauth.dll failed to load.  The data is the error.

Event 2300, IIS-W3SVC-WP

The
worker process cannot access the CLR configuration file at 'C:\Program
Files\Microsoft\Exchange
Server\V15\bin\GenericAppPoolConfigWithGCServerEnabledFalse.config'. 
Verify that the file exists and that the worker process has read access
to the file.

Hello,

I have took receipt of a number of PST files which have been imported into new mailboxes created in Exchange 2010 - the export process ran by another IT company I believe has simply been from an Outlook client. I've used the shell and the command I have used for each PST import looks similar to this:

New-MailboxImportRequest -FilePath "\\Path\To\File\person@domain.com.pst" -Mailbox MailboxtoImportTo -BadItemLimit 5000 -AcceptLargeDataLoss -Name NameofImportJob

These are relatively large PSTs, some are 10GB and have been devided into 3 seperate PSTs all sized at 10GB for some users.

There were a high number of "Bad Items Encountered" during the import, some as high as 6000. So I had to accept large data loss. However, one particular PST which only encountered 4 bad items during import had a large disparity between what Exchange imported and what I could see when I loaded the same PST into a local installation of Outlook. For example, the mailbox imported to by Exchange shell had some empty subfolders - the PST loaded into Outlook had a lot of additional mail items in these subfolders.

Am I missing something? Is the Import CMDlet behaving differently from a simple PST load in Outlook for a reason?

Many thanks in advance if anyone has any ideas on this.

Cheers,

Sam

Hi All,

Good Day!!!,

Scenario Explanation:

We have 2 Data Centers in 2 different geographical locations

We have single AD forest 

Data Center-1 we are installed Exchange 2013 CU10 with IP less DAG and enabled mailbox for all the users in the organization

Currently our organization has planned to setup Exchange server at Data Center-2 and move some mailbox users who are belongs to Data Center-2 site.

My Query is :

If we setup Exchange server in Data Center-2 with IP Less DAG and Configure Database then how can we move the mailbox from Data Center-1 to Data Center-2 site , is that the same migration batch we can use?

What about the Email Flow, The respective send/receive Connectors will be updated and new server name added into that

What about GAL / Address book for Data center-2 site?

What are the best practice & pre-requisites for this setup?

Since then worked with single site DAG exchange environment this is something new for me, so that looking for some guides from the experts.

any Technet article , document shared  it will help me lot.

thanks in advance.

Regards,

Regards, Kesavan K M. Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Hi all,

Our company is hosting e-mail for multiple domains on Exchange 2013. This is done by creating AD accounts on our Exchange AD domain for different clients and use accepted domains + email address policies to assign these users the proper SMTP addresses.

However, one of our clients have their own AD domain at their office location. They prefer to use the same account to login to their email as they use to login to their domain computers. Right now they have 2 accounts. One account for their Exchange e-mail on our Exchange platform and one AD account in their own office AD environment.

Would it be possible to setup some kind of trust relationship or federation trust between our Exchange AD domain and their office AD domain so we can create mailboxes for AD accounts in a remote domain? One thing to mention: Our Exchange AD and the client's office AD domain are not connected to each other in any way (no branch/subdomain not in the same forest).

If the above is possible can anyone provide me with any guidance on how to achieve this?

Thanks!

Hi all,

         Migrating 2007 to 2013 public folders.

In this organisation there are a large number of large items (in excess of 100mb).

I am well aware the public folders are not meant as a file store and I have expressed this to the client - but they don't care...

I have also informed them that items of these size will hamper this migration and future migrations to perhapos O365 - they don't care.

Do not tell me to use -largeitemlimit, as this merely sets the number of large items that can be skipped before the job is marked as failed.

Anyway, I would like to migrate these large items. There seems to be no mention of how to define the "large item size" in the official doco https://technet.microsoft.com/en-us/library/dn912663(v=exchg.150).aspx

Some articles talk about setting the maximum post size limit on the public folders - however, since the PF's on exchange 2013 are currently "held for migration" I cannot set that parameter.

Setting the transport size, as suggested in other articles (e.g. Set-TransportConfig -MaxReceiveSize 500MB) has no effect.

So.... where is the size of a "large message" for public folder migration purposes defined ? and more importantly, how do I increase it ?

We are going to migrate 2007 exchange to 2013, CU15. We have only one 2007 exchange server and we are going to migrate to 2013 exchange server.

We built 2 2012 Windows server and going to use DAG, both server are in same datacenter and within same subnet 172.16.2.240 and 241. We want to use the same IP address what we are using for existing mail server which is 172.16.2.5.

that's how I am thinking

1: both 2012 windows servers installed and configured,

2: Server one 172.16.2.240 and server 2 is 172.16.2.241

3: DAG will be configured and IP address will be 172.16.2.5 which is the existing mail server IP address.

4: Install and configure exchange 2013 on both servers accordingly

QUESTION: How the incoming mail knows which servers to go ?

Really appreciating your quick response

A Friend

So I have a question regarding updating from CU9 to CU15 for Exchange Server 2013. I am a little newer to Exchange and I am not a domain admin and the task of updating AD, Schema, and Domain is delegated to another group.  Is using the setup.exe file from the CU15 acceptable to update the necessary domain components prior to the Exchange side or do I need to grab the setup.exe file from CU14? 

I under stand that CU15 includes all previous updates but I had ran across a post somewhere that stated updating the domain was not needed for CU15 if running X or newer; however, I was unable to locate said post and figured I'd ask here before getting myself into hot water.

Thank you for your time.

Hello Friends.

I am migrating from Exchange Server 2010 to 2013, with coexistence. This is my first migration and I am having doubts about autodiscover settings. Here we go...

The scenario is as follows:
Two forests/Two Exchange:
contoso.local - Exchange 2010
adatum.com - Exchange 2013

What step am I in?
As my client ran ADMT first, instead of running the prepare move reques, I enabled all users of adatum.com as mailusers, then run the prepare with the attributes -OverwriteLocalObject -UseLocalObject, so far so good.

I was able to execute the move successfully.

My doubt is: After the process of performing the move, at the end, the account takes about 5 minutes to identify the changes, I do not think that normal, I think it's missing some configuration on autodiscover.

Remembering that the workstations are in the domain contoso.local trying to access a mailbox on domain adatum.com

What would be the step-by-step autodiscover configuration between environments 2010 and 2013? With workstations applied on these two domains?

We have successfully installed Exchange 2013 and have created all legacy DNS records in order to Co-Exist. OWA works, active sync works, and I have also migrated some mailboxes to 2013 to test. That works as well. The issue is ActiveSync and Outlook constantly prompts for a password throughout the day. I can not figure out why this is causing it. Outlook anywhere is disabled on old 2007 servers and only active on new exchange 2013 servers. There are a total of 2 Exchange 2013 CAS/Mailbox servers that are being load balance with a Netscaler. So the IPs below are going to the VIP on the Netscaler.

External DNS                                                                    Internal DNS

legacy.domain.com              1.1.1.1                                   legacy.domin.local       1.1.1.1

mail.domain.com                1.1.1.2                                    mail.domain.local          1.1.1.2

autodiscover.domain.com->CNAME->mail.domain.com       autodiscover.domain.local           1.1.1.2

Anthony Zepeda

Hello,

In a test environment, I am doing a test run of migrating to Exchange 2013 from Exchange 2007 using virtual machines. I have restored our live server to a virtual machine (using StorageCraft ShadowProtect).

Background info:

Virtual machine - SBS 2008 with Exchange 2007 SP3 Rollup 21 (also the AD domain server)

Virtual machine - 2012R2 with Exchange 2013 CU 14 (purely just Exchange 2013 roles, no DNS role etc.)

I have been following the “Exchange Server Deployment Assistant” guide:

https://technet.microsoft.com/en-us/exdeploy2013/Checklist?state=3215-W-FwBEAgAAQBCIAMFHAQDAFAgAAAAAwAMAAAA%7e

DNS information:

Internal domain uses domain1.local

Email addresses are domain2.co.uk

All virtual directory links for internal and external are set to use:

remote.domain2.co.uk

autodiscover.domain2.co.uk

legacy.domain2.co.uk

internal.domain2.co.uk

I have a forward lookup zone setup for DNS for domain2.co.uk with the above pointing to their server IP’s. OWA works fine, you go to the Exchange 2013 landing page and if your account is in Exchange 2007 you get redirected to legacy.domain2.co.uk and are signed in etc.

I haven’t setup any SSL certificates, though I am only interested in making internal email work, so do I need to care? In live with Exchange 2007, when you first open Outlook and run through the auto account setup, you get an SSL error but can just ignore it and everything is fine (again I don’t want to use public facing email, just internal).

The problem with Outlook and an Exchange 2013 based account:

As mentioned I am not using SSL certificates, do you need an SSL certificate for Exchange 2013 on internal only connections with Outlook clients regardless?

Either way: when running Outlook 2013 for the first-time, account settings are pulled in automatically, even the GUID is filled in where you normally get the server name which is how it should work with Exchange 2013, but still get the below two errors:

• “The connection to Microsoft Exchange is unavailable. Outlook must be online or connected to complete this action.”
• “There is a problem with the proxy server's security certificate.

The name on the security certificate is invalid or does not match the name of the target site remote.domain2.co.uk.

Outlook is unable to connect to the proxy server. (Error Code 10)”

If I use the registry editor to add the “DS Server” on the Outlook machine to point to the SBS 2008 server FQDN, then I don’t get the “Exchange is unavailable” error and can continue to login (see: https://support.microsoft.com/en-gb/kb/319206). I don’t see this as an acceptable solution because it means I set something up wrong along the way?

Also, I can navigate successfully (choosing to ignore the certificate warning) to https://autodiscover.domain.co.uk/Autodiscover/Autodiscover.xml

Doesn’t this mean autodiscover should work? i.e. Outlook auto account setup

Aside: I’m having another problem, one with a Public Folder script – I haven’t posted here, but subject is “Exchange 2007 to Exchange 2013 Public Folder migration script problem”

Any help/direction would be very much appreciated. Please let me know if I have missed any key details that you need.

Thanks,

Graham

Hi,

I am trying to prepare AD for the install of my first Exchange 2016 server. Currently running Exchange 2010 in Hybrid mode.

As I have a hybrid setup I need to run setup.exe with prepareAD instead of PrepareSchema as I need to use the  /TenantOrganizationConfig switch, this takes care of the Schema as well. I have exported my 365 tenant XML config and specified the path with prepareAD.

I keep getting the below when running the setup -

----------------------------------------------------------------------------------------------------------------------------------------------------------

Setup will prepare the organization for Exchange Server 2016 by using 'Setup /PrepareAD'. No Exchange Server 2013 roles
have been detected in this topology. After this operation, you will not be able to install any Exchange Server 2013
roles.
For more information, visit: http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.NoE15ServerWarning.aspx

A hybrid deployment with Office 365 has been detected. Please ensure that you are running setup with the
/TenantOrganizationConfig switch. To use the TenantOrganizationConfig switch you must first connect to your Exchange
Online tenant via PowerShell and execute the following command: "Get-OrganizationConfig | Export-Clixml -Path
MyTenantOrganizationConfig.XML". Once the XML file has been generated, run setup with the TenantOrganizationConfig
switch as follows "/TenantOrganizationConfig MyTenantOrganizationConfig.XML".
If you continue to see this this message
then it indicates that either the XML file specified is corrupt, or you are attempting to upgrade your on-premises
Exchange installation to a build that isn't compatible with the Exchange version of your Office 365 tenant. Your Office
365 tenant must be upgraded to a compatible version of Exchange before upgrading your on-premises Exchange
installation. For more information, see: http://go.microsoft.com/fwlink/?LinkId=262888
For more information, visit: http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.DidTenantSettingCreatedAnException.aspx


The Exchange Server setup operation didn't complete. More details can be found in ExchangeSetup.log located in the
<SystemDrive>:\ExchangeSetupLogs folder.

----------------------------------------------------------------------------------------------------------------------------------------------------------

I have a ticket in with the 365 team who have executed a script that will upgrade the RBAC (Role based access control) on my 365 tenant? Not sure this will help but yet to hear if this has completed.

Has anyone had this or know what the issue is? I have seen the below which appears to be the same where creating a regkey to not perform the tenant check version appears to work -

https://social.technet.microsoft.com/Forums/exchange/en-US/d574ae01-b0fe-48aa-9f10-93c8fb9bbf07/mytenantorganizationconfig-error-still?forum=Exch2016GD

Before attempting this I would like to check if others have done this and it has been OK or aware of another solution. Do not really want to not perform the check if I can run into issues later. I see it looks for this key in the ExchangeSetupLog when the setup fails.

Running rollup 15 in my 2010 environment which is supported with the Hybrid deployment for 2016.

Any help would be appreciated, thanks!