Category: Exchange 2013

Message Tracking to find the first hop into Exchange 2013

Scenario: You have added new Exchange 2013 servers to your existing Exchange 2013 environment and you just configured your perimeter devices to route SMTP email to the new servers in addition to the old servers.  You want to gather a log of emails to review to make sure no issues are occurring, but you first need to trace down which emails are coming into the new Exchange 2013 servers so you can trace those emails down until they are delivered into the mailbox.

Determine the IP address or the DNS host name of your perimeter devices and run the command below.  We will use the IP 10.10.1.2 as the perimeter system delivering email into the new Exchange 2013 servers.

PowerShell:

Get-transportserver NewServerName | Get-messagetrackinglog -start “7/7/2015 9:00am” -eventID Receive | Where EventData -like “*10.10.1.2*”

Note: The event data will display the term “firstforesthop” and the proxied connection info (Info of the Perimeter Devices). The term ‘FirstForestHop’  wasn’t a good way for us to rely on a query as we have had a mix of Exchange 2010 and Exchange 2013.  When it entered into Exchange 2013, it would have ‘FirstForestHop’ listed in the event data even if it wasn’t really the first forest hop as it came in from Exchange 2010.  But it did have the Perimeter device info in which did provide successful queries.

 

Check the Total Physical Memory via Powershell

Scenario:  You add a bunch of memory to multiple servers and you want to check the amount on each server to verify it.

Powershell:

Check one Server in GB:   [math]::Round((Get-WmiObject -Class Win32_ComputerSystem  -computer ServerName).TotalPhysicalMemory/1GB)

Check one server in MB: [math]::Round((Get-WmiObject -Class Win32_ComputerSystem  -computer ServerName).TotalPhysicalMemory/1MB)

Check Multiple Exchange Servers:

$server = Get-exchangeservers

$server | %{ Write-Host $_; [math]::Round((Get-WmiObject -Class Win32_ComputerSystem  -computer $_).TotalPhysicalMemory/1GB)}

Cannot Remove a Exchange 2013 Database

Scenario: When you are trying to remove an Exchange Database,  you receive the following error below.

This mailbox database contains one or more mailboxes, mailbox plans, archive mailboxes, public folder mailboxes or
arbitration mailboxes. To get a list of all mailboxes in this database, run the command Get-Mailbox -Database
<Database ID>. To get a list of all mailbox plans in this database, run the command Get-MailboxPlan. To get a list of
archive mailboxes in this database, run the command Get-Mailbox -Database <Database ID> -Archive. To get a list of all
public folder mailboxes in this database, run the command Get-Mailbox -Database <Database ID> -PublicFolder. To get a
list of all arbitration mailboxes in this database, run the command Get-Mailbox -Database <Database ID> -Arbitration.
To disable a non-arbitration mailbox so that you can delete the mailbox database, run the command Disable-Mailbox
<Mailbox ID>. To disable an archive mailbox so you can delete the mailbox database, run the command Disable-Mailbox
<Mailbox ID> -Archive. To disable a public folder mailbox so that you can delete the mailbox database, run the command
Disable-Mailbox <Mailbox ID> -PublicFolder. Arbitration mailboxes should be moved to another server; to do this, run
the command New-MoveRequest <parameters>. If this is the last server in the organization, run the command
Disable-Mailbox <Mailbox ID> -Arbitration -DisableLastArbitrationMailboxAllowed to disable the arbitration mailbox.
Mailbox plans should be moved to another server; to do this, run the command Set-MailboxPlan <MailboxPlan ID>
-Database <Database ID>.

You have also verified that there are no mailbox/mailbox types on the database you wish to remove by running the following commands:

get-mailbox -database DB01
get-mailbox -archive -database DB01 -DomainController <root dc>
get-mailbox -PublicFolder -database DB01
get-mailbox -Arbitration -database DB01

Resolution:  Although an archive mailbox did not reside on the database we are trying to remove, we found that the database was still referenced in an archive mailbox that resided on a different database.  The archive mailbox was referencing the database via the msExchArchiveDatabaseLink property in ADSIEdit.

Once we discovered the archive mailbox, we moved it to another database, thus refreshing the properties in ADSI Edit and removing the database we wished to remove.

To determine which mailbox may be holding you up from removing an Exchange Database, follow these steps:

1. Remove the database in verbose:   remove-mailboxdatabase DB01 -verbose

2. Before it shows the error message, pay attention to the Verbose logging as it references the mailbox which is preventing the database from being removed.
VERBOSE: [18:03:27.819 GMT] Remove-MailboxDatabase : Runspace context: Executing user:
domain.com/users/exadmin, Executing user organization: , Current organization: , RBAC-enabled:
Enabled.
VERBOSE: [18:03:27.851 GMT] Remove-MailboxDatabase : Active Directory session settings for ‘Remove-MailboxDatabase’
are: View Entire Forest: ‘False’, Default Scope: ‘domain.com’, Configuration Domain Controller:
‘DC1.domain.com’, Preferred Global Catalog: ‘DC1.domain.com’, Preferred Domain Controllers: ‘{
DC1.domain.com }’
VERBOSE: [18:03:27.866 GMT] Remove-MailboxDatabase : Beginning processing Remove-MailboxDatabase
VERBOSE: [18:03:27.866 GMT] Remove-MailboxDatabase : Instantiating handler with index 0 for cmdlet extension agent
“Admin Audit Log Agent”.
VERBOSE: [18:03:27.866 GMT] Remove-MailboxDatabase : Current ScopeSet is: { Recipient Read Scope: {{, }}, Recipient
Write Scopes: {{, }}, Configuration Read Scope: {{, }}, Configuration Write Scope(s): {{, }, }, Exclusive Recipient
Scope(s): {}, Exclusive Configuration Scope(s): {} }
VERBOSE: [18:03:27.866 GMT] Remove-MailboxDatabase : Searching objects “db01” of type “MailboxDatabase” under the
root “$null”.
VERBOSE: [18:03:27.882 GMT] Remove-MailboxDatabase : Previous operation run on domain controller
‘DC1.domain.com’.
VERBOSE: [18:03:27.960 GMT] Remove-MailboxDatabase : Verifying that there is no associated mailbox user or move request
 on the mailbox database “db01”.
VERBOSE: [18:03:28.023 GMT] Remove-MailboxDatabase : Mailbox with DistinguishedName
“CN=jdoe1,CN=Users,DC=domain,DC=com” is still present in this database.
VERBOSE: [18:03:28.038 GMT] Remove-MailboxDatabase : Admin Audit Log: Entered Handler:OnComplete.

 

Add a IP Address to the RemoteIPRanges of an existing Receive Connector

Scenario:  Your Exchange 2013 Servers Receive Connector already has multiple values assigned to it.  Because its a multi-valued field,  you cannot easily add a single IP address to it without overwriting the contents of the field using a command similar to: set-receiveconnector -remoteipranges 10.10.0.2

Solution: In order to add a IP address to an existing set of RemoteIPRanges for a receiveconnector, run the following:

$RC = Get-ReceiveConnector "Ex2013-1Default FrontEnd Ex2013-1"

$RC.RemoteIPRanges += "10.10.0.2"

Set-ReceiveConnector "Ex2013-1Default FrontEnd Ex2013-1" -RemoteIPRanges $RC.RemoteIPRanges

 

Determine the IP Address and check to see if a PTR record exists for each Exchange Server

Scenario:  You want to determine the IP Address and PTR record for each Exchange Server in your environment.   Below is the script I used.  This will query for DNS and put the results into a table called $final.

Script:

$servers = get-exchangeserver ex2013* | Where AdminDisplayVersion -like *15*

$final = @()

$Servers | %{ 
write-host $_.Name
$Name = ([System.Net.Dns]::GetHostEntry("$_")).HostName;
$Address = ([System.Net.Dns]::GetHostEntry("$_")).AddressList;
$PTR = ([System.Net.Dns]::GetHostByAddress($Address)).HostName

$returnobj = new-object psobject
$returnobj |Add-Member -MemberType NoteProperty -Name "ServerName" -Value $Name
$returnobj |Add-Member -MemberType NoteProperty -Name "IPAddress" -Value $Address
$returnobj |Add-Member -MemberType NoteProperty -Name "PTR" -Value $PTR
$final += $returnObj

$Name = $null
$address = $null
$ptr = $null


}

$final

 

 

 

Working with Mailbox Database Copy Activation

This example only suspends activation for the copy of the database DB1 hosted on the Mailbox server MBX3.
Suspend-MailboxDatabaseCopy –identity DB1MBX3 –ActivationOnly

To Resume activation
Resume-MailboxDatabaseCopy –identity DB1MBX3

To block all databases hosted on a server from activating.
Set-MailboxServer –identity MBX3 –DatabaseCopyAutoActivationPolicy Blocked

Resume activation of server
Set-MailboxServer –identity MBX3 –DatabaseCopyAutoActivationPolicy Unrestricted

To block all databases hosted on a group of servers from activating. Use wildcard (MBX*)
Set-MailboxServer –identity MBX* –DatabaseCopyAutoActivationPolicy Blocked

Determine the true size of a mailbox by adding together the TotalItemSize and TotalDeletedItemSize values.

Scenario:  Determine the true size of a mailbox by adding together the TotalItemSize and TotalDeletedItemSize values together via a script and put the values into a table.  These values are properties of the Get-MailboxStatistics commandlet.

Note:  The TotalDeletedItemSize is not included in the TotalItemSize value for a mailbox.  Test it by deleting all of your mailbox content and comparing the values before and after.  Then perform a mailbox move and Exchange will show the total size of the mailbox which is a combination of the two.

Script:

#query for your mailboxes
$stat = get-mailboxdatabase DB* | Get-mailboxstatistics | Select DisplayName,TotalDeletedItemSize, TotalItemSize,ItemCount

#Define array variable
$final = @()

#Loop
$stat | %{

$TIS = $_.TotalItemSize.Value.ToMB() | Measure-object -sum

$TDIS = $_.TotalDeletedItemSize.Value.ToMB() | Measure-object -sum

$Total = $TIS.sum + $TDIS.sum


#Build the Array
 $ServerObj = New-Object PSObject
 $ServerObj | Add-Member NoteProperty -Name "DisplayName" -Value $_.DisplayName
 $ServerObj | Add-Member NoteProperty -Name "MbxSize(InMB)" -Value $total
 $Final += $ServerObj    
}

$Final

 

 

 

Collect and Email the Exchange 2013 Malware Protection Engine Update Information.

Scenario:  You want a report that will email you the Engine Update Information for all of your Exchange 2013 Servers that are using the native Malware Protection.

Script:

#Create Variables
$ExchangeServers = Get-ExchangeServer | Where AdminDisplayVersion -like "Version 15*"
$final = @()
$strCurrentTimeZone = (Get-WmiObject win32_timezone).StandardName
$TZ = [System.TimeZoneInfo]::FindSystemTimeZoneById($strCurrentTimeZone)

#Check for Malware Engine Updates. Loop and Invoke Commands.
$Exchangeservers | %{
$server = $_.name
$LC = Invoke-Command –Computername $_ -ScriptBlock {Add-PSSnapin microsoft.forefront.filtering.management.powershell;(Get-EngineUpdateInformation).LastChecked } -ErrorAction STOP
$LU = Invoke-Command –Computername $_ -ScriptBlock {Add-PSSnapin microsoft.forefront.filtering.management.powershell;(Get-EngineUpdateInformation).LastUpdated } -ErrorAction STOP
$EV = Invoke-Command –Computername $_ -ScriptBlock {Add-PSSnapin microsoft.forefront.filtering.management.powershell;(Get-EngineUpdateInformation).EngineVersion } -ErrorAction STOP

#Convert from UTC to Local Time Zone.
$LCLocal = [System.TimeZoneInfo]::ConvertTimeFromUtc($LC, $TZ)
$LULocal = [System.TimeZoneInfo]::ConvertTimeFromUtc($LU, $TZ)

#Build the Array
 $ServerObj = New-Object PSObject
 $ServerObj | Add-Member NoteProperty -Name "ServerName" -Value $server
 $ServerObj | Add-Member NoteProperty -Name "LastChecked" -Value $LCLocal
 $ServerObj | Add-Member NoteProperty -Name "LastUpdated" -value $LULocal
 $ServerObj | Add-Member NoteProperty -Name "EngineVersion" -value $EV
    $Final += $ServerObj    
}

$EngineUpdates = $final | Sort ServerName | Convertto-HTML

#Email
$body =""
$smtp = "mail.domain.com"
$to = "steve@domain.com"
$from = "EngineUpdateMonitor@domain.com"
$subject = "Engine Update Monitor" 
$body += "<b><Font color=#0404B4>Malware Engine Updates: </b></font><br><br>"
$body += "$EngineUpdates <br><br><br>"
send-MailMessage -SmtpServer $smtp -To $to -From $from -Subject $subject -Body $body -BodyAsHtml -Priority high

Content Index State is Unknown or Failed and has an error message of: “An internal error occurred for the database or its index.”

 Scenario:  Users cannot search in OWA or when in Outlook in Online mode. When you run the command below you notice that the Content Index State is Failed or Unknown.

get-mailboxdatabasecopystatus DB123 | FL Content*

ContentIndex:  Failed or Unknown
ContentIndexErrorMessage:  An internal error occurred for the database or its index.ContentIndexErrorCode:2

In the Application Event Log you see the following:

Event 1009, MSExchangeFastSearch:

The indexing of mailbox database DB123 encountered an unexpected exception. Error details: Microsoft.Exchange.Search.Core.Abstraction.OperationFailedException: The component operation has failed. —> Microsoft.Exchange.Search.Core.Abstraction.OperationFailedException: The component operation has failed. —> System.ServiceModel.FaultException`1[System.ServiceModel.ExceptionDetail]: Internal error while processing request

You have also verified that the Microsoft Exchange Search and Microsoft Exchange Search Host Controller services are started.

Solution: Follow these steps.

  1. Create an security group called ContentSubmitters.
  2. This security group will have no members, but you need to add Full Control in the security of the group to:
    • Administrators
    • Network Service
  3.  Now on the affected Exchange servers,  Restart the following services:
    • MSExchangeFastSearch  (Microsoft Exchange Search)
    • HostControllerService (Microsoft Exchange Search Host Controller)