To give you the scenario; I have separate CAS and MBX servers for Exchange 2013. I am also using ISA 2004. The majority of my users are on Exchange 2007 still waiting to be migrated. I have tested with a couple of email accounts and have encountered a problem with Autodiscover internally. Externally, it is working fine. I have an internal address of CAS01.mycompany1.local and an external address of mail.mycompany.com.

I have discovered that Outlook needs to have the HTTP proxy set, pointing to mail.mycompany.com. If it isn't I get the error: "There is a problem with the proxy servers security certificate. The name on the certificate is invalid or does not match the name of the target site mail.mycompany.com. Outlook is unable to connect to the proxy server. (Error Code 0)." It also constantly prompts for credentials. If I cancel the credentials request, it then resolves to the GUID of the user for the Microsoft Exchange Server field and sets the mailbox to =SMTP:username@mycompany.com. I then have to cancel this and "manually configure the server settings". I choose Microsoft Exchange, click on more settings, go to the connection tab and under Outlook Anywhere, tick the "Connect to Microsoft Exchange using HTTP" and then click on "Exchange Proxy Settings". In the Connection settings, I then have to set the URL to http:// mail.mycompany.com. It then works.

Whilst I know this is not the cleanest way for this to operate, it is acceptable if I can get autodiscover to set the proxy settings automatically. I cannot expect users to manually set this.

Because ISA 2004 does not understand NTLM, I have set all the security to basic. I have also tried setting the Internal and External Hostname to mail.mycompany.com. With the internal set to CAS01.mycompany1.local it makes no difference. I can resolve the internal name and external name using nslookup. autodiscover is set to point to the CAS. The certprinciplename is set to *.mycompany.com (we are using a wildcard certificate) for both EXPR and EXCH. There is a certificate set on the CAS from our internal CA with CAS01.mycompany1.local as the primary name and then our other domains set as SAN's.

I am now out of ideas on getting this working. In an ideal world, outlook would just point directly to the CAS and pickup the settings. I find it strange how it can resolve the mailbox guid but then cannot connect. It suggests that there is some problem with authentication. Any ideas on how to resolve this would be appreciated. Thanks in advance.

Greetings,

With the introduce of Exchange Server 2013 along with its architecture, Microsoft has moved Transport services / roles to Mailbox Server Role. well, when it comes to anti malware / anti spam and viruses , Microsoft recommends deploying them on Mailbox Server role, while on CAS, not necessarily be deployed as long as messages are not inspected on CAS Servers.

While some articles say the opposite, and mention configuration of Anti malware ,etc.. on CAS Servers.

What is the best practice for deploying anti malware / spam / virus  Software on CAS, and what is the best recommended software for messaging and OS level protection, say Symantec for example.

Thanking you

Jamil

I'm trying to find out if there is a way to test Outlook (2010) connectivity to Exchange 2013 prior to moving to a co-existence state.  OWA tests out great, all certs are in and VD's/Outlook anywhere is configured on the 2013 system (NTLM authentication). I have configured the local machines hosts file to point to the autodiscover address of my 2013 CAS server.  I can communicate to the autodiscover service properly through IE receiving ErrorCode 600.  

I changed the SCP of my 2013 CAS Server to https://autodiscover.domain.com/autodiscover/autodiscover.xml - doing so did not allow outlook to connect - I received a prompt for credentials as well as error: outlook is unable to connect to the proxy server. (error code 0).  Entering credentials didn't work.

I've since changed the SCP to point to that of the 2007 Exchange server as users we're complaining they couldn't connect.

I've tried multiple avenues of manually setting up outlook with no success.  Outlook seems to be getting some settings properly as after I cancel the authentication prompt it shows me the GUID@domain.org as the exchange server its attempting to connect to.  

Further information:

Single 2007 SP3 Rollup 11 Exchange server, Server 2003 R2

Single 2013 SP1 CAS, Server 2012 R2 (fully updated 2 weeks ago)

Single 2013 SP1 MBX, Server 2012 R2 (fully updated 2 weeks ago)

Outlook 2010 SP2

Thank you.

As i am doing transition from Exchange 2007 to Exchange 2013, i am not able to configure OAB

ON my EXchange 2013 i ran the following powershell commands


[PS] C:\Windows\system32>Get-OfflineAddressBook

Name                                    Versions                                AddressLists
----                                    --------                                ------------
Default Offline Address List            {Version2, Version3, Version4}          {\Default Global Address List}
Default Offline Address List (Ex2013)   {Version4}                              {\Default Global Address List}


[PS] C:\Windows\system32>Get-MailboxDatabase | Set-MailboxDatabase -OfflineAddressBook "\Default Offline Address List (Ex2013)"


On my Exchange 2007 Server i am trying move OAB but i am getting error( mail is my exchange 2007, mail1 is my exchange 2013)


[PS] C:\Users\Administrator\Desktop>Move-OfflineAddressBook -Identity "Default offline Address List" -Server mail1

Confirm
Are you sure you want to perform this action?
Moving Offline Address Book "Default offline Address List" to Server "mail1".
[Y] Yes  [A] Yes to All  [N] No  [L] No to All  [S] Suspend  [?] Help (default is "Y"): Y
Move-OfflineAddressBook : Failed to create the 'ExchangeOAB' folder on the target server 'MAIL1'. Two possible reasons for the failure are that the System Attendant Service is not running or you do not have permission to perform this operation. Error message : 'Catastrophic failure (Exception from HRESULT: 0x8000FFFF
 (E_UNEXPECTED))'.
At line:1 char:24
+ Move-OfflineAddressBook <<<<  -Identity "Default offline Address List" -Server mail1
    + CategoryInfo          : InvalidResult: (Default offline Address List:OfflineAddressBookIdParameter) [Move-OfflineAddressBook], LocalizedException
    + FullyQualifiedErrorId : BC0D046F,Microsoft.Exchange.Management.SystemConfigurationTasks.MoveOfflineAddressBook

all my exchange services are up and running.and then i used the below three commands in exchange 2007 and tried to move OAB but still same error



[PS] C:\Users\Administrator\Desktop>Get-MailboxDatabase | Where {$_.OfflineAddressBook -eq $Null} | FT Name,OfflineAddressBook -AutoSize
[PS] C:\Users\Administrator\Desktop>Get-MailboxDatabase | Where {$_.OfflineAddressBook -eq $Null} | Set-MailboxDatabase -OfflineAddressBook (Get-OfflineAddressBook | Where {$_.IsDefault -eq $True})

[PS] Get-MailboxDatabase | Set-MailboxDatabase -OfflineAddressBook "Default Offline Address List"
The command completed successfully but no settings of 'MAIL\First Storage Group\Mailbox Database' have been modified'

PS] C:\Users\Administrator\Desktop>Move-OfflineAddressBook -Identity "Default offline Address List" -Server mail1
same error as above

Current Setup

1.       Currently Exchange 2010 is in Hybrid setup with Office 365 (Version 15) in Datacenter 1. This does not have any DR datacenter.
2.       New Exchange 2013 servers have been introduced in same domain and forest and in the existing Exchange 2010 Organization.
3.       Exchange 2013 environment has DR datacenter. And Exchange 2013 user all old excahgne 2010 certificates and namespace for OWA, Outlook anywhere, Activesync and also for Autodiscover.

Name Spaces are

1.                    OWA – Webmail.company.com
2.                   Outlook anywhere – External host name – webmail.company.com
3.                 Activesync – mobile.company.com
4.                 Autodiscover – Autodiscover.company.com
   1. But still Hybrid configuration wizard is yet to run from Exchange 2013 servers.
   2.       There is no firewall or any restrictions between any of the Datacenters.
   3.       Exchange 2013 has been installed and all urls have been configured for all above urls.But still DNS change/cutover both in Public and internal has not been done.
   4.       Both Exchange 2010 and Exchange 2013 has been installed with Edge servers and the edge servers also configured using same name space – edge.company.com
   5.       ADFS and Dirsync are already ready and configured they are working perfectly.
   6.       Currently we are able to see free busy information between Exchange 2010 and2013 from the mailboxes which are in both Exchange 2010 and Exchange 2013.
   7.   And unable to see free busy of Office 365 mailboxes from Exchange 2013 mailbox because we have not configured Hybrid on Exchange 2013.Hope our assumption is correct.

Our Plan to Migrate

1. First give DNS name space cutover defined in point 3 above (Not the edge name space) to Exchange 2013.I believe that this will not affect the existing federation or free busy information between Office 365 and Exchange 2010 as Exchange 2013 is also in same Exchange Organization. Please correct me if the assumption is wrong.
2. After 2 or 3 days run through the Hybrid wizard in Exchange 2013 to change the entire mail flow from Office 365 to Exchange 2013.This is the grey area where I am not pretty sure what the changes it is going to create. How it will affect the existing setup. What are the precautionary steps to be followed before doing this process? Because I believe it will modify the existing send and receive connectors which are currently pointing to Exchange 2010 also create new connectors in DC2 through the Exchange 2013 and edge servers.
3. But there is no idea how to have a parallel DR Hybrid setup to co-exist along with the existing or new Hybrid Production servers in DC2.
4. Please let us know if there is any better way to migrate seamlessly without affecting the existing setup like co-existence migration. Because this seems to be a big bang approach which might or might not work. We tried to follow the Exchange deployment setup, but it is not dealing combined with Exchange 2013 and Hybrid parallel cutover in single document.

Regards, Ghouse

Hi People,

The ladies at the reception are having issues with Outlook 2010 meeting room calendars, they are out of syncing. Sometimes appointment are visible for the other, some times they are not showing up or they do when adding a new appointment. For example: If we look at one day with 5 room calendars near each other all looks the same except 1 meeting is not shown.

Can someone advice where to check sync settings or something like that? 

I created the room mailboxes the regular way with default room settings, just granted them access so they can read/write.

Running a Windows Server 2008 R2 SP1 x64 with exchange 2010 v. 14.2.247.5

Thanks in advance.

Hello,

We followed this blog post to migrate from Exchange 2007 to Exchange 2013:

http://blogs.technet.com/b/meamcs/archive/2013/07/25/part-1-step-by-step-exchange-2007-to-2013-migration.aspx

Before decommissioning Exchange 2007, we created a new user on the Exchange 2013 server using ECP and migrated an existing Exchange 2007 user using ECP.

Autodiscovery, Outlook Web Access and Active Sync are working fine.

However, we cannot open these two mailboxes in Outlook 2010 or 2013 on Windows 7.

When I add one of the mailboxes in Outlook, AutoDiscovery is working fine. However, Outlook then complains that "the action cannot be completed. the microsoft exchange address book was unable to log on to exchange."

When I do the same in Outlook with a user that is not yet migrated, the Mailbox is setup just fine.

Any idea?

Best regards,
Florian

Upgraded Lotus Notes version into newer 8.5 it has complex functionalities. These functions are not easily graspable and it takes long time to understand, I decide to export my data into another (MS Outlook) platform, is it possible, I want new updates about conversion in cost-effective manner. And if yes then suggests me the way?

So I've decided to start testing SSL offloading with Exchange 2013 SP1 now that it is supported. I have followed this guide: http://technet.microsoft.com/library/dn635115(EXCHG.150).aspx. It is fairly straightforward, remove the "Require SSL" option on the VDIRS and IISRESET.

To test, I load up http://CAS/OWA and it immediately redirects to HTTPS://CAS/OWA. I do not see why it is doing this or how to configure it otherwise. So while my server is accepting connections on port 80, it's just bouncing them over to 443. How do we disable this?

I checked the HTTP Redirect option on the VDIRs, which is not present. Also, I am going straight to the server, so there is not a device in front that is redirecting my requests. Any thoughts?

Thanks,

Brandon

I hope this is the right forum to ask this design question.  We are currently running Exchange 2007 and looking to migrate to Exchange 2013 in a hybrid approach so we can also leverage Office 365 for some mailboxes.

In the near future we want to setup some type of new email and sharepoint infrastructure for our partners (600+ users) to use and of course single sign on for all other services that we may provide.  There's nothing in place for them as of now.

Internally, we are a single forest 2008R2 mode (2012 in the near future), with multiple child domains. 

Should we setup another child domain for the partner accounts or should we setup a totally separate forest. ADFS?

Ideally, we would like to put all the partner mailboxes/sharepoint access in O365 but have a single pane of glass to manage both partner mailboxes/sharepoint and our corporate users that we decide to migrate to O365. 

Are there any design guides, case studies out there from MS that kind of touches base on what I'm asking.  Thanks for any feedback.

Dan

My servers and direct attach storage hardware have arrived, the first server is setup and attached to the DAS but how do I setup JBOD, I see the drives in Open Manager but I can only use RAID 0 their, I see them in the server startup H810 adapter utility but how do I set them up as JBOD? I want to take advantage of the new Exchange 2013 features that can automatically recover a failed drive.

We just installed Exchange Server 2013 with sp1 included. Everything is good except IE11 users don't get the premium OWA site. I know that this was fixed in CU3, but you can't install it because SP1 is supposed to contain all the fixes through CU3.

Does anyone have any idea?

Hi,

I've changed the user mailbox and user by running the following command on the linked mailbox

Set-User -Identity "alias" -LinkedMasterAccount $null

Issue is that the previous user (the msexchmasteraccount) still has access, and yes, that user is still enabled. 

My question is - how can I remove that access to the mailbox? The msexchmasteraccount is empty in adsiedit. 

Hai

I try to install exchange 2013 but there is a problem showed at below:

This computer requires the Microsoft Unified Communications Managed API 4.0, Core Runtime 64-bit. Please install the software from http://go.microsoft.com/fwlink/?LinkId=260990.

Finally I follow it to install the Microsoft Unified Communications Managed API 4.0, but i got error like this:

Microsoft Unified Communications Managed API 4.0, Runtime cannot be installed side by side with the following components. Installation cannot continue.
Microsoft Server Speech Platform Runtime (x64)

I already uninstall the Microsoft server speech, but i still got the same error. 

Thank you

Hi all. 

I encounter an issue in my migration from Exchange 2007 to Exchange 2013 server. 

My Exchange 2007 infrastructure is (2007 Server SP3 rollup 12): 

- Server1 : cluster of 2 Exchange 2007 mailbox server nodes

- Server2 : CAS Server

I have a new Exchange 2013 infrastructure : 

- Server 3 and 4 : Multirole servers, configured in a DAG. I use round robin to point to these 2 servers with the mail.domain.org name. I created a self-signed cert with new names. 

Actually, users have mailboxes on Exchange 2007 platform. Everything is working fine. 
Now, I want to migrate users to Exchange 2013. I test my own mailbox. OWA is working fine with https://mail.domain.org/owa, I can send and receive mail. 
But, on a new computer, I cannot create a profile on Outlook with my adress. 
When I do this, I have a cert accept request from the OLD CAS server. I accept. Then, I have another request for the domain.fr. Then, Outlook says that Exchange Server is not reachable and must be online to create profile. 
I cannot go further. 

This is the same result if I manually configure the profile. It's not possible. 

Did someone have this kind of configuration? I'm lost and situation begins to be very critical for the projet. 

Thanks a lot. 

Hello All,

I`m unable to roll Alternate Service account to the following env:

2x Exchange 2013 SP1 CAS Only Servers on Windows Server 2012 R2

3X Exchange 2013 SP1 MB Only Servers on Windows Server 2012 R2

It was working fine on the same environment in the same domain, but with Exchange 2013 CU3 on Windows Server 2012.

Here is the output:

[PS] D:\Exchange Server\scripts>.\RollAlternateServiceAccountPassword.ps1 -ToSpecificServers server6,server7

GenerateNewPasswordFor contoso\casasa$ -Verbose

========== Starting at 04/09/2014 14:57:42 ==========

VERBOSE: Effective parameters that were passed to this script:

Key                                                        Value

---                                                        -----

ToSpecificServers                                          True

GenerateNewPasswordFor                                     contoso\casasa$

Verbose                                                    True

Identity                                                   {server6, server7}

VERBOSE: Examining the state of the local runspace ...

VERBOSE: Preparing the destination ...

VERBOSE: Destination server identities: server6 server7

VERBOSE: Retrieving CAS server objects with credentials (passwords=False):

 server6, server7

VERBOSE: Retrieving ASA credentials from server server6

VERBOSE: Creating a new PowerShell session for server6. contoso.com

VERBOSE: Connecting to server6. contoso.com

Cannot process argument transformation on parameter 'Identity'. Cannot convert value "server6" to type

"Microsoft.Exchange.Configuration.Tasks.ClientAccessServerIdParameter". Error: "Cannot convert hashtable to an object

of the following type: Microsoft.Exchange.Configuration.Tasks.ClientAccessServerIdParameter. Hashtable-to-Object

conversion is not supported in restricted language mode or a Data section."

    + CategoryInfo         : InvalidData: (:) [Get-ClientAccessServer], ParameterBindin...mationException

    + FullyQualifiedErrorId : ParameterArgumentTransformationError,Get-ClientAccessServer

    + PSComputerName       : server6.contoso.com

VERBOSE: Retrieving ASA credentials from server server7

VERBOSE: Creating a new PowerShell session for server7. contoso.com

VERBOSE: Connecting to server7. contoso.com

Cannot process argument transformation on parameter 'Identity'. Cannot convert value "server7" to type

"Microsoft.Exchange.Configuration.Tasks.ClientAccessServerIdParameter". Error: "Cannot convert hashtable to an object

of the following type: Microsoft.Exchange.Configuration.Tasks.ClientAccessServerIdParameter. Hashtable-to-Object

conversion is not supported in restricted language mode or a Data section."

    + CategoryInfo         : InvalidData: (:) [Get-ClientAccessServer], ParameterBindin...mationException

    + FullyQualifiedErrorId : ParameterArgumentTransformationError,Get-ClientAccessServer

    + PSComputerName       : server7. contoso.com

VERBOSE: Destination servers:

VERBOSE: Checking version requirements for the destination servers ...

VERBOSE: Preparing the credential source ...

VERBOSE: Looking up account casasa$ in domain contoso

RecordErrors : Couldn't figure out valid servers from the specified destination scope. Check your parameters and try

again.

At D:\Exchange Server\scripts\RollAlternateServiceAccountPassword.ps1:996 char:1

+ RecordErrors -ExceptionsOnly { $script:success = Body }

+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    + CategoryInfo         : NotSpecified: (:) [Write-Error], WriteErrorException

    + FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,RecordErrors

Retrieving the current Alternate Service Account configuration from servers in scope

VERBOSE: Retrieving CAS server objects with credentials (passwords=False):

Alternate Service Account properties:

Per-server Alternate Service Account configuration as of the time of script completion:

========== Finished at 04/09/2014 14:58:18 ==========

        THE SCRIPT HAS FAILED

[PS] D:\Exchange Server\scripts>

I also noticed differences in the behavior of other cmdlets. I guess these are coming from PS 4.0 that comes with Server 2012 R2.

Can someone suggest resolution, different then revisiting the script?

Thanks

Not sure if I've done something wrong, or if this is an issue with Ex2013.

When I activate an on-line archive on an account, if I then go to
In-Place Archive > View Details and when finished click on OK, I get an error message

error
Your request couldn't be completed. Please try again in a few minutes.


But the error message will not go away. To exit the pop-out window I need to click on cancel.
Is this normal?

I'm seeing similar errors on some Public Folder views as well.

Joe