Hi all !

I'm currently unable to complete a mailbox migration between Exchange 2013 and Office365 in a Full Hybrid migration because the Migration Endpoint cannot be created.

The only related error messages are for instance the Test-MigrationServerAvailability returning the error code 503 saying something like the MRSProxy service is unavailable and IIS logs showing codes 503 and 401 with access denied.

I've parsed several forum and technotes discussing about this and tried the following suggestions with no success so far :
- manually disabling/re-enabling MRSProxy via ECP
- admincount attribute set to 0 in AD
- setting same value to msExchExternalHostName and msExchInternalHostName

We've got one Exchange Server 2013 holding all roles but EdgeProxy.

Until recently we also had a distinct server dedicated to external access  with only the CAS role but we finally uninstalled it because the ReplicationService would not start on this server.

And of course the Test-MRSHealth reports that everything is OK.

Any help would be greatly appreciated.

Good Day

I have an SBS 11 Server I am busy migrating to 2013

It has a pop3 connector on the SBS 11 server

I have installed a pop3 connector from Pop3connex and everything works on my account.

As soon as I remove the pop3 account from SBS 11 all incommoding mail stops and does not flow to the exchange 2013 server

I have already migrated the mailboxes over to 2013

The Pop3connex works with my mailbox but not with any others sometimes it downloads sometimes it does not.

I am at my wits end with this . the company is on dynamic IP with smart host thus MX records routing is not possible and port 25 is blocked.  I have a mikrotik router . Could it be port 110 is open for both and the new server and will it cause issues?

After migrated 80% of mailboxes into Office 365 and running Hybrid environment, would like to remove drives/mailboxes from the Exchange on-premise VM . Please see attached screen shot.

As you see per the screen shot is it possible to merge all the database into one mailbox?

If possible than i can move all the database into one drive and the rest can be discounted from Exchange Virtual machine

Thanks,

Yousuf

Yousuf

From few days I am struggling on finding a right solution to export Zimbra desktop mails on Windows but continuously failing. I was using Zimbra 8 and recently switched to another Windows based email platform. But still there are few Zimbra files that are important for me and unable to open them in Windows, repeatedly error is occurring. So, anybody has a solution, please recommend, I need it ASAP!!!!

Good evening,

Let me first say that I have some experience with Exchange 2013, but I am by far no expert. I have setup Exchange 2013 as a multi-tenancy mail server. Currently we are hosting email for 4 separate companies on a single server. Everything is setup and working great, however we recently found an issue that I am trying to resolve.

We would like to setup one or more users from each OU to serve as admins for their particular OU. Their purpose would be to create/modify recipient mailboxes and distributions groups. The purpose for this is so that someone from each company can login to the ECP and manage ONLY the recipients and groups for their particular OU, while the other OU's recipients and groups are not visible to them. We want these admin users to be able to manage recipients within their OU ONLY, without any knowledge of the other OUs.

The problem is when we setup a user as an admin and grand them permissions under the admin role policies, each admin can see ALL of the OUs, ALL of the recipients on the server, and ALL of the distribution groups. Of course, that allows any admin, regardless of which company they are with to view ALL recipient email addresses, etc. and that is what we are trying to change.

At this point, I don't know how to proceed. I read a similar post in these forums where the only response was to use a third party application to accomplish this, but if that is truly the only solution, which third party app COULD accomplish this?

<style type="text/css">.tmid_modified { background: #E4F1FD !important; border: 1px solid #3385D6 !important; } .tmid_modifying { background: #E4F1FD !important; } .tmid_popoutblock { display: table; ; top: 1px; left: 1px; visibility: hidden; width: 120px; height: 40px; background-color: #FFFFFF; z-index: 9999; color: #666666; font-size: 16px; box-shadow: 0px 5px 10px rgba(0, 0, 0, 0.25); text-shadow: 1px 0px 0px rgba(170, 170, 170, 1); }.tmid_formFillHint { display: table-cell; vertical-align: middle; font-size: 16px; }.tmid_icon { width: 24px; height: 24px; }.tmid_popoutblockicon { display: table-cell; vertical-align: middle; width: 24px; height: 24px; padding: 8px 8px 8px 8px; }</style>

Hi,

I'm working on migrating from 2010 to 2013.

I have special AD site in my enviroment only for mail routing requirements.
Is it mandatory to have at least CAS role per ADSite? Or not?

Thanks for answers.

Best Regards,

Edin

Hello

    before hybrid then user can update avatar by exchange local , but now when hybrid then I do know do how to update avatar .

    I thing it must update on AD local to Azure ad connect sync to cloud , but how to user update it

Best Regards,

Thanks

Hi,

I'm currently merging 2 AD environments. There is Forest A (Exchange 2010) with existing users, and Forest B (Exchange 2013), also with existing users. The goal is to migrated everything to Forest B.

What I have done so far:

• Creation of an AD Trust between two forests
• Installation and configuration of ADMT with SID History
• DNS Configuration
• Configuration of Cross Forest Availability between both Exchange Environments
• Deploying Root Certificates of each forest as a trusted root certificate for the other one
• SMTP Mailflow Configuration

My migration process:

• Using Prepare-MoveRequest.ps1 script from Microsoft to create the object in the Forest B
• Using ADMT to migrate and merge the user with SID History to Forest B
• Create a remote move request to migrate the mailbox to Forest B

My Problem:

Everything is working so far (SMTP Mail Flow, Free/Busy Access) except one important thing: a mailbox migrated from Forest A to Forest B that had Full Access rights on another mailbox in Forest A can no longer have access to that mailbox... I always have a prompt when I try to add it in Outlook, and it still doesn't work even when I enter the credential of the user.

I have been scratching my head for days to solve that issue but I can't find anything...

Does anyone have an idea about that problem ?

Thanks in advance

Hello Everyone,

I am looking for some feedback from the community. Is there a way to use Exchange on premise and integrate with SharePoint Online (part of Office 365) for user authentication and login? Or both the application has to be in cloud (part of office 365).

Appreciate your feedback!

Ajay Mandal

Dear all,

We have on premise exchange server 2016. We are doing the office 365 hybrid configuration. We ran hybrid configuration wizard and were able to create connector between office 365 and exchange 2016. But while creating migration endpoint, we got an error. While checking the logs as recommended by the documentation i found the following error. The server ews/mrsproxy.svc is pointing is an exchange 2013  server that's been shutdown. 

2018-10-03T08:05:32.608Z,153eb3b4-c33f-41ae-a65e-f8c4ccd90c95,15,1,1466,10,,Ews,mail.janatabank.com.np,/EWS/mrsproxy.svc,,Negotiate,true,JANATABANK\Administrator,,OrganizationId~OrganizationAnchor@,,40.100.28.117,WS2K16EXG16,500,,ServerLocatorError,POST,,,,,ForestWideOrganization,,,2806,663,,,,3,2831,0;0;,0,18;,18,2;2;,4,22,,0,2834,0,,,,,,,,,0,2831,0,,2831,,2834,2834,,,,BeginRequest=2018-10-03T08:05:29.773Z;CorrelationID=<empty>;ProxyState-Run=None;GlsGuard=1;AccountForestGuard_janatabank.com.np=1;ServerLocatorCall=DM:cecd83ac-5068-48ce-a8ff-d425058e1581~~janatabank.com.np;ProxyState-Complete=CalculateBackEnd;SharedCacheGuard=0;EndRequest=2018-10-03T08:05:32.608Z;S:ServiceCommonMetadata.Cookie=85db79c219554b4da14025b68a8db744;I32:ADS.C[WS2K16PDC]=1;F:ADS.AL[WS2K16PDC]=1.994043;I32:ADS.C[WS2K16ADC]=1;F:ADS.AL[WS2K16ADC]=3.736813;I32:ATE.C[WS2K16ADC.janatabank.com.np]=1;F:ATE.AL[WS2K16ADC.janatabank.com.np]=13;I32:ATE.C[WS2K16PDC.janatabank.com.np]=2;F:ATE.AL[WS2K16PDC.janatabank.com.np]=0;I32:ADR.C[WS2K16PDC]=1;F:ADR.AL[WS2K16PDC]=1.900702,HttpProxyException=Microsoft.Exchange.HttpProxy.HttpProxyException: Server Locator Service call had a communication error. ---> Microsoft.Exchange.Data.ServerLocator.ServerLocatorClientTransientException: Server Locator Service call had a communication error. ---> System.ServiceModel.EndpointNotFoundException: Could not connect to net.tcp://ws2k12exg-13.janatabank.com.np:64337/Exchange.HighAvailability/ServerLocator. The connection attempt lasted for a time span of 00:00:02.8011252. TCP error code 10060: A connection attempt failed because the connected party did not properly respond after a period of time  or established connection failed because connected host has failed to respond 10.2.0.5:64337. ---> System.Net.Sockets.SocketException: A connection attempt failed because the connected party did not properly respond after a period of time or established connection failed because connected host has failed to respond 10.2.0.5:64337   at System.Net.Sockets.Socket.InternalEndConnect(IAsyncResult asyncResult)   at System.Net.Sockets.Socket.EndConnect(IAsyncResult asyncResult)   at System.ServiceModel.Channels.SocketConnectionInitiator.ConnectAsyncResult.OnConnect(IAsyncResult result)   --- End of inner exception stack trace ---  Server stack trace:    at System.Runtime.AsyncResult.End[TAsyncResult](IAsyncResult result)   at System.ServiceModel.Channels.ServiceChannel.SendAsyncResult.End(SendAsyncResult result)   at System.ServiceModel.Channels.ServiceChannel.EndCall(String action Object[] outs  IAsyncResult result)   at System.ServiceModel.Channels.ServiceChannelProxy.InvokeEndService(IMethodCallMessage methodCall ProxyOperationRuntime operation)    at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message) Exception rethrown at [0]:     at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg IMessage retMsg)    at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData Int32 type)    at ServerLocator.EndGetActiveCopiesForDatabaseAvailabilityGroupExtended(IAsyncResult result)   at Microsoft.Exchange.Data.ServerLocator.ServerLocatorServiceClient.EndGetActiveCopiesForDatabaseAvailabilityGroupExtended(IAsyncResult result)   --- End of inner exception stack trace ---    at Microsoft.Exchange.Data.ApplicationLogic.Cafe.MailboxServerLocator.EndGetDatabaseToServerMappingInfo(IAsyncResult result)   at Microsoft.Exchange.Data.ApplicationLogic.Cafe.MailboxServerLocator.EndGetServer(IAsyncResult result)   at Microsoft.Exchange.HttpProxy.MailboxServerCache.ServerLocatorEndGetServer(MailboxServerLocator locator IAsyncResult asyncResult  Guid initiatingRequestId)   at Microsoft.Exchange.HttpProxy.ProxyRequestHandler.ProcessMailboxServerLocatorCallBack(IAsyncResult asyncResult MailboxServerLocatorAsyncState asyncState)    at Microsoft.Exchange.HttpProxy.ProxyRequestHandler.InternalOnCalculateTargetBackEndCompleted(TargetCalculationCallbackBeacon beacon)   at Microsoft.Exchange.HttpProxy.ProxyRequestHandler.<>c__DisplayClass281_0.<OnCalculateTargetBackEndCompleted>b__0()   --- End of inner exception stack trace ---;,,|RoutingDB:cecd83ac-5068-48ce-a8ff-d425058e1581,,,

Please can you tell me, what should i do?

Hello,

We are installing HCW and I have a strange issue with a 3rd party certificate. When I execute get-exchangecertificate, it show that is ThirdParty, but that cert is not showed in the last step of the HWC as a transport. Looking logs I see the list of all certs installed and the ThirdParty cert appears as SelfSigned but it is not SelfSigned.

Can you help me with that?

Thank you in advance

So with PCI compliance we have to disable TLS1.0 and 1.1. Does anyone know of the right way to do this. Here is what we have tried, according to Microsoft we did it wrong.

Upgrade to needed CU of exchange

Exchange Server 2016

Install Cumulative Update (CU) 8 in production for TLS 1.2 support and be ready to upgrade to CU9 after its release if you need to disable TLS 1.0 and TLS 1.1.

Install the newest version of .NET and associated patches supported by your CU (currently 4.7.1).

Exchange Server 2013

Install CU19 in production for TLS 1.2 support and be ready to upgrade to CU20 after its release if you need to disable TLS 1.0 and TLS 1.1.

Install the newest version of .NET and associated patches supported by your CU (currently 4.7.1).

Install needed updates

Windows Server 2016

TLS 1.2 is the default security protocol for Schannel and consumable by WinHTTP.

Ensure you have installed the most recent Monthly Quality Update along with any other offered Windows updates.

Windows Server 2012 R2

TLS 1.2 is the default security protocol for Schannel and consumable by WinHTTP

Ensure your server is current on Windows Updates.

This should include security update KB3161949 for the current version of WinHTTP.

If you rely on SHA512 certificates; please seeKB2973337.

Windows Server 2012

TLS 1.2 is the default security protocol for Schannel.

Ensure your server is current on Windows Updates.

This should include security update KB3161949 for the current version of WinHTTP.

If you rely on SHA512 certificates; please seeKB2973337.

Exchange 2010 Installs Only: Install 3154519 for .NET Framework 3.5.1.

Create the following reg keys for .NET 4.X and TLS 1.2

DOTNet Reg

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319]

"SystemDefaultTlsVersions"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319]

"SystemDefaultTlsVersions"=dword:00000001

TLS Reg

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client]

"DisabledByDefault"=dword:00000000

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server]

"DisabledByDefault"=dword:00000000

"Enabled"=dword:00000001

Hi,

Root domain:  abc.com

Child domain 1 : abc1.com

Child domain 2 : abc2.com

Is it possible to keep the AD accounts in abc1.com and mailboxes of those accounts in abc2.com Exchange?

Thank you.

Hell All

We have a 2007, 2013 with Exchange Online Hybrid. I'm trying to create dynamic distribution group that includes both on-premises and cloud users and the top level domain and child domain. I have the following filter working for the top level domain, how can i tweak this to include the child domain?

Working Script (top level domain)

New-DynamicDistributionGroup -Name "TestDDG" -RecipientFilter {((RecipientTypeDetails -eq 'usermailbox') -or (RecipientTypeDetails -eq 'remotemailbox') -and (EmailAddresses -notlike '*domain.com*'))} -RecipientContainer "parent.domain.com"

None working (with both top and child domain)

new-DynamicDistributionGroup -Name "TestDDG" -RecipientFilter {((RecipientTypeDetails -eq 'usermailbox') -or (RecipientTypeDetails -eq 'remotemailbox') -and (EmailAddresses -notlike '*domain.com*'))} -RecipientContainer "parent.domain.com","child.domain.com"

How can i include both parent and child domain into the filter?

Hello

We are currently in the process of migrating our mailboxes from Exchange 2010 to Exchange 2013.

When migrating mailboxes of user who have IPhone, there is problem with email sync in their IPhones.

There are no issues when they connect to their mailbox through outlook and OWA. Only their phones do not sync after migration.

Kindly suggest.

Hi all,

we have an organization exchange 2013 containing:

-  Exch1 and Exch2 (mbx+cas)servers, Exch3 mbx server, Exch4 cas server.

- DAG database on Exch1, Exch2 and Exch3

We are facing 2 issues:

issue 1 – some mailboxs which are used for mail diffusion is overloading mail connection.

issue 2 – when Exch4 cas server is unavailable,  all clients are disconnected because there is no high availability between cas servers, we’ve tried round robin but it didn’t work properly, so we fixed client connection name to exch4.

 To resolve those issues, I 'll appreciate your valuable opinion on the following solutions before doing something stupid:

For issue 1:

1-     Add a another connection with secondary MX

2-     Add a new exchange mbx server Exch5 which will host mail diffusion mailbox

3-     Add a new send connector configured with new Exch5 as source server and new connection  as smart host, so this Exch5 server will send mail only through the new connection

 For issue 2:

1-  1- Add a new exchange cas server Exch6

2-  2- Create aNLB WindowsClusterwith Exch4 and Exch6 cas servers as members

3-  3-Clients (outlk, owa, activesync...) connect to cluster name rather than exch4

    am I right or did I miss something important?

Thanks for help

I started the process but it failed during prep - 

The Windows Component Server-GUi-MGMT-Infra isn't installed on this computer and needs to be installed before exchange setup can begin

I tried Install-WindowsFeature -Name Server-Gui-Shell,Server-Gui-Mgmt-Infra but it failed.

Hello,

We are migrating our on premise Exchange2013 mailboxes to O365. Exchange 2013 (SP4) is installed on our single Windows 2012 R2 Domain Controller. Once the MX records are cutover to O365, and we are satisfied all mail is migrated, etc., we no longer will need Exchange on the DC and would most likely on install it. We need direction on:

1. Prior to uninstalling it, what services, settings etc. should we disable/change so that no new mail, either internal or external, goes into the Exchange mailboxes.

2. We are particular concerned about the internal email usage and will be instructing users to use external email addresses only. so please be specific on how to disable this ability.

3. Have read steps on uninstalling Exchange but nothing particular about when it is on a Domain Controller?