Author: Steve Man

Exchange 2010 is no longer connecting with Outlook Anywhere

Scenario: After the installation of additional Exchange 2013 servers​, we noticed that Outlook Anywhere is broke in our Exchange 2010 environment. The Exchange 2013 environment and mailboxes are unaffected by the connection problems, but the Exchange 2010 mailboxes cannot use Outlook Anywhere. Ex2010 mailboxes have to make a connection directly to the CAS Array or connect via other protocols as workarounds.

Symptoms:

◦We are seeing 503 HTTP Statuses (Service Unavailable) in the Ex2013 IIS logs when trying to connect to Exchange 2010 for Outlook Anywhere.

◦Outlook Clients either cannot establish a Outlook Anywhere connection, or their connection failback’s to a standard TCP connection.

◦Exchange 2013 mailboxes may have problems connecting to Public Folders on Exchange 2010 via Outlook.

◦Running the powershell command below fails when trying to get a referral and gives a 0x0000006BA or 0x6Ba error:

test-outlookconnectivity -protocols HTTP -credential $mycreds -verbose

◦Using the following command, you are unable to make a connection to ports 6001, 6002, and 6004.

rpcping -t ncacn_http -o RpcProxy=mail.domain.com -P “user,domain,password” -H 1 -F 3 -a connect -u 9 -v 3 -s casarray.domain.com -I “user,domain,password” -e 6001

 

Cause:  Ex2010 has a limit of servers that can be entered into a ServerFarm value in the Registry.   The addition of the new Ex2013 servers took us over the 64 server limit. When this happened, Outlook Anywhere (RPC/HTTP) in Ex2010 broke. Troubleshooting various symptoms pointed to different areas of Exchange that could be the cause of this behavior.  Later it was discovered that it was a bug confirmed by Microsoft. The real kicker of this ‘bug’ is that the Exchange 2013 servers, regardless if their frontend (CAS) or backend (MBX) servers, gets populated in this Ex 2010 key because of the Ex2013 architectural differences.

 

2 Resolutions:

1. Microsoft has an IU (interium update) for Exchange 2010 to fix this issue. You just need to remove this IU before you proceed with other installs. Supposedly this issue will be fixed in Exchange 2010 RU9 for SP3.   This was our fix

Or

2. You can edit the registry manually. Note this worked for us for a while, but we did have problems with this and resorted to the IU method. Regardless , this method may get you by for a little while:

Turn the Polling for the RPCHttpConfigurator off by going setting the PeriodicPollingMinutes to 0:

HKEY_LOCAL_MACHINESYSTEMCurrentControlSetservicesMSExchangeServiceHostRpcHttpConfiguratorPeriodicPollingMinutes

Manually remove the Exchange 2013 servers from the ServerFarm Registry Key to take the number of entries below 64:

HKEY_LOCAL_MACHINESOFTWAREMicrosoftRpcRpcProxyLBSConfigurationca5b08e5-4a52-5701-0000-000000000000

Rename Volume Labels by Powershell

To bulk rename Volume Labels for disks, use the following Powershell command:

get-ciminstance win32_Volume -filter “Label = ‘Old Label'” | set-ciminstance -Property @{Label =’New Label’}

If these volumes are mount points and you have to change the folder name as well, use the following Powershell command:

Rename-Item C:OldFolderName C:NewFolderName

Re-Activate inactive Server Component States for Exchange 2013

Scenario: After Exchange Patching/Upgrades (both failed and successful attempts) you may notice that the ​Server Component States become Inactive. For Example, even though the IMAP service is started, the server may be refusing the connection. To check to see the Server Component States state, run the following command:

get-servercomponentstate <servername>

To re-activate a Server Component State, run the following

set-servercomponentstate <servername> -component <component name> -State Active -Requester HealthAPI.

Note, other Requester’s you could try are:

Maintenance,  Sidelined, Functional, Deployment

Cert Work! Querying, Removing, Assigning Services to Exchange Servers via Powershell

Scenario:  You want to clean up Exchange Certificates on your Exchange Servers. The following steps are examples of querying and building your query to perform an action.

1. Check to see what Exchange Certs are on your server.

get-exchangecertificate -server  ExSvr1

2. Query a list of Certificates that have the subject mail.domain.com:

get-exchangecertificate – Server ExSvr1 | Where Subject -like CN=Mail.dom*

3.  Query a list of Certificates that have the subject mail.domain.com and have a Expiration less than a specific date:

Get-ExchangeCertificate -Server ExSvr1 | Where {($_.NotAfter -lt “3/22/2019”) -and ($_.Subject -like “CN=Mail.dom*”)} 

4.  Remove the list of Certificates that have the subject mail.domain.com and an expiration less than a specific date:

Get-ExchangeCertificate -Server ExSvr1 | Where {($_.NotAfter -lt “3/22/2019”) -and ($_.Subject -like “CN=Mail.dom*”)}  | Remove-Exchangecertificate -confirm:$false

 

Lets say you want to query all Ex2013 servers to find and remove the certs:

1. Gather your Servers into a Variable:

$Servers = Get-ExchangeServers | Where AdminDisplayVersion -like *15*

2. Use that variable in a loop to loop through the certs:

$Servers | %{

Write-Host $_.name;

Get-ExchangeCertificate -server $_.nameWhere {($_.NotAfter -lt “3/22/2019”) -and ($_.Subject -like “CN=M*”)}  | Remove-Exchangecertificate -confirm:$false

}

 

How to move/enable services on an Exchange Certificate:

1. Determine the Thumbprints of the Certificate you want to move Exchange Services to:

Get-exchangecertificate -server ExSrv1

2. Move/Enable services on an Exchange Certificate

Enable-ExchangeCertificate -thumbprint <thumpbrint> -server ExSrv1 -services IIS,SMTP,POP,IMAP

 

Now lets say you want to loop it:

1. Gather your servers into a variable:

$Servers = Get-ExchangeServers | Where AdminDisplayVersion -like *15*

2. Enable Services on all your servers certs with a Loop:

$Servers | %{ 

Write-Host $_.name;

Enable-ExchangeCertificate -thumbprint <thumpbrint> -server $_.name -services IIS,SMTP,POP,IMAP

}

 

15 Minute Message Delays when Receiving email

Scenario:  It was reported that mailboxes were receiving message delays when receiving a message.​ The customer stated the time was 15-20 minutes before the message would make it into the mailbox. The message header was showing the delay, but not showing what was causing the delay.

Cause: We found that one of the servers was not accepting any messages, thus causing that hop to be delayed.  15 minutes was how long it would take for the next hop to occur again. When the next hop would happen it would select a different server to send the message.

Troubleshooting: We ran the following command to see where the message was being delayed.

get-transportserver | Get-messagetrackinglog -eventID Defer -Start 3/18/15 | Export-csv C:defer.csv

When we opened the csv file we found the common Servername that was having the issue.  When we logged onto the server to attempt to restart some Exchange services, it was apparent the server was having other issues. We rebooted the server and all was well when it came online again.

 

Exchange Powershell Script to output certificate information

Scenario:  You need to export specific certificate info for all Exchange 2013 Servers.  The script below will output to a txt file the server names along with the Thumbprint, NotAfter, Services, and Subject  properties.

Script:

$servers = Get-ExchangeServer  | Where AdminDisplayVersion -like *15*

$servers | %{

$Name = $_.Name
$Cert = Get-ExchangeCertificate -server $_.name | Where Subject -like *mail.* | FT Thumbprint, NotAfter, Services, Subject -autosize
Write-Host $_.name
$name, $cert | Out-file C:certs.txt -append
}

 

Send email from another Person or Group

Scenario: When sending an email, you want to Send as/Send on behalf as someone else.

Via OWA:  

1. Log in to your mailbox using Outlook Web App.
2. Click + New mail above the folder list. A new message form will appear in the reading pane.
3. Click the more options menu … , and then click Show from.
4. Select the email address that displays in the From field and delete it.
5. Type the name of the user for which you have permission to send email. If you don’t see the name in of the person you want to send From box, you can click Search contact & directory to search the directory of your organization.
6. Add recipients, a subject, and the contents of the message as you typically do, and then click send Send.

Via Outlook 2013/2010

1. Click on New Email.
2. Click the From box and select Other E-mail Address… from the dropdown. (The From field is hidden click Options from within the message and then select From.)
3. You will now be able to type in or select the email address you wish to send as/send on behalf as.

A Mailbox Move Request Failed with the following Error: “An error occurred while updating a user object after the move operation. –> You cannot have ArchiveDomain set when archive is not enabled for this user”

Scenario: A mailbox fails once it tries to complete the move request. When you run get-moverequeststatistics mailboxname | FL , you see the following listed in the Message property:

An error occurred while updating a user object after the move operation. –> You cannot have ArchiveDomain set when archive is not enabled for this user

Cause: Its a mailbox attribute thats left over from a previous Office 365 migration.

Resolution: Run the following:

Set-mailbox mailboxname -archivedomain $null

Script to output the LastLogon in a readable format from a list of users

Scenario: You need to determine the LastLogon date in a readable format from a list of AD users in a csv file.

Edit your users.csv file  so that row1 = name and the following rows have the SamAccountName (or other get-ADUser property) separated by a new line.

Example of contents of users.csv =

name
testusr
testuser2
testuser3
testuser4

 

Script:

$users = Import-csv C:users.csv

$users | %{
$user = Get-ADUser $_.name

$dcs = Get-ADDomainController -Filter {Name -like “*”}
$time = 0
foreach($dc in $dcs)
{
$hostname = $dc.HostName
$user1 = Get-ADUser $user -Properties lastLogon
if($user1.LastLogon -gt $time)
{
$time = $user1.LastLogon
}
}
$dt = [DateTime]::FromFileTime($time)
Write-Host $user.name “last logged on at:” $dt
$x = $user.name + “:” + $dt
$x | Out-File C:results.txt -append
}

Exchange 2013 Connect mailbox

Exchange 2013 this cmdlet no longer exists but the same problem persists: disconnected mailboxes are not visible immediately after being removed or disabled…. Clean-MailboxDatabase has been replaced by Update-StoreMailboxState, which forces the mailbox store state in the Exchange store to be synchronized with Active Directory.

Its syntax is as follows:

Update-StoreMailboxState -Database “DatabaseIdParameter” -Identity “StoreMailboxIdParameter” [-Confirm [SwitchParameter]] [-WhatIf [SwitchParameter]]

Both the –Database and –Identity parameters are required, meaning we need to know the identity of the mailbox (mailbox GUID) that we want to update the store state for. To do so, we can run the following cmdlet for example:

Get-MailboxDatabase | Get-MailboxStatistics | Format-List DisplayName, MailboxGuid, Database, DisconnectReason, DisconnectDate

Once we know the mailbox’s GUID and in which database it was located, we can update its mailbox state by running:

Update-StoreMailboxState -Database “db_name” -Identity “mailbox_guid”

If we want to update the mailbox state for all mailboxes on a particular database, we can adapt the cmdlet to:

Get-MailboxStatistics -Database “db_name” | ForEach {Update-StoreMailboxState -Database $_.Database -Identity $_.MailboxGuid -Confirm:$False}

Finally, if we want to just update the mailbox state for all disconnected mailboxes on a particular database:

Get-MailboxStatistics -Database “db_name” | Where {$_.DisconnectReason -ne $null } | ForEach { Update-StoreMailboxState -Database $_.Database -Identity $_.MailboxGuid -Confirm:$False}