Category: Exchange 2013

15 Minute Message Delays when Receiving email

Scenario:  It was reported that mailboxes were receiving message delays when receiving a message.​ The customer stated the time was 15-20 minutes before the message would make it into the mailbox. The message header was showing the delay, but not showing what was causing the delay.

Cause: We found that one of the servers was not accepting any messages, thus causing that hop to be delayed.  15 minutes was how long it would take for the next hop to occur again. When the next hop would happen it would select a different server to send the message.

Troubleshooting: We ran the following command to see where the message was being delayed.

get-transportserver | Get-messagetrackinglog -eventID Defer -Start 3/18/15 | Export-csv C:defer.csv

When we opened the csv file we found the common Servername that was having the issue.  When we logged onto the server to attempt to restart some Exchange services, it was apparent the server was having other issues. We rebooted the server and all was well when it came online again.

 

Exchange Powershell Script to output certificate information

Scenario:  You need to export specific certificate info for all Exchange 2013 Servers.  The script below will output to a txt file the server names along with the Thumbprint, NotAfter, Services, and Subject  properties.

Script:

$servers = Get-ExchangeServer  | Where AdminDisplayVersion -like *15*

$servers | %{

$Name = $_.Name
$Cert = Get-ExchangeCertificate -server $_.name | Where Subject -like *mail.* | FT Thumbprint, NotAfter, Services, Subject -autosize
Write-Host $_.name
$name, $cert | Out-file C:certs.txt -append
}

 

Send email from another Person or Group

Scenario: When sending an email, you want to Send as/Send on behalf as someone else.

Via OWA:  

1. Log in to your mailbox using Outlook Web App.
2. Click + New mail above the folder list. A new message form will appear in the reading pane.
3. Click the more options menu … , and then click Show from.
4. Select the email address that displays in the From field and delete it.
5. Type the name of the user for which you have permission to send email. If you don’t see the name in of the person you want to send From box, you can click Search contact & directory to search the directory of your organization.
6. Add recipients, a subject, and the contents of the message as you typically do, and then click send Send.

Via Outlook 2013/2010

1. Click on New Email.
2. Click the From box and select Other E-mail Address… from the dropdown. (The From field is hidden click Options from within the message and then select From.)
3. You will now be able to type in or select the email address you wish to send as/send on behalf as.

A Mailbox Move Request Failed with the following Error: “An error occurred while updating a user object after the move operation. –> You cannot have ArchiveDomain set when archive is not enabled for this user”

Scenario: A mailbox fails once it tries to complete the move request. When you run get-moverequeststatistics mailboxname | FL , you see the following listed in the Message property:

An error occurred while updating a user object after the move operation. –> You cannot have ArchiveDomain set when archive is not enabled for this user

Cause: Its a mailbox attribute thats left over from a previous Office 365 migration.

Resolution: Run the following:

Set-mailbox mailboxname -archivedomain $null

Exchange 2013 Connect mailbox

Exchange 2013 this cmdlet no longer exists but the same problem persists: disconnected mailboxes are not visible immediately after being removed or disabled…. Clean-MailboxDatabase has been replaced by Update-StoreMailboxState, which forces the mailbox store state in the Exchange store to be synchronized with Active Directory.

Its syntax is as follows:

Update-StoreMailboxState -Database “DatabaseIdParameter” -Identity “StoreMailboxIdParameter” [-Confirm [SwitchParameter]] [-WhatIf [SwitchParameter]]

Both the –Database and –Identity parameters are required, meaning we need to know the identity of the mailbox (mailbox GUID) that we want to update the store state for. To do so, we can run the following cmdlet for example:

Get-MailboxDatabase | Get-MailboxStatistics | Format-List DisplayName, MailboxGuid, Database, DisconnectReason, DisconnectDate

Once we know the mailbox’s GUID and in which database it was located, we can update its mailbox state by running:

Update-StoreMailboxState -Database “db_name” -Identity “mailbox_guid”

If we want to update the mailbox state for all mailboxes on a particular database, we can adapt the cmdlet to:

Get-MailboxStatistics -Database “db_name” | ForEach {Update-StoreMailboxState -Database $_.Database -Identity $_.MailboxGuid -Confirm:$False}

Finally, if we want to just update the mailbox state for all disconnected mailboxes on a particular database:

Get-MailboxStatistics -Database “db_name” | Where {$_.DisconnectReason -ne $null } | ForEach { Update-StoreMailboxState -Database $_.Database -Identity $_.MailboxGuid -Confirm:$False}

 

“The Message can’t be moderated because the approval system is too busy and can’t accept messages now” when emailing to a moderated distribution group.

Scenario: You receive the following bounce back when sending to a distribution group that has moderation enabled:

Delivery has failed to these recipients or groups:

The Message can’t be moderated because the approval system is too busy and can’t accept messages now. Please try resending this message later, or contact the recipient directly.

Resolution:  The arbitration mailbox that the distribution group is using for moderation is having problems processing the message or located on legacy Exchange servers that is no longer accessible.  To resolve this,  set the arbitration mailbox to another arbitration mailbox.

To determine the arbitration mailbox that the distribution group is currently using, run this:

get-distributiongroup “All Users” | Select ArbitrationMailbox

To determine the arbitration mailboxes in the organization to choose from:

get-mailbox -arbitration   

-or get-mailbox -arbitration -domaincontroller RootDCName

Now set the new arbitration mailbox on the distribution group:

Set-distributiongroup “All Users” -arbitrationmailbox “SystemMailbox”be42da……..02ed2}”

Create a CSV of mailbox delegate permissions to a mailbox

Scenario: You want to find who has delegate permissions to a mailbox and export the users, folders, and access permissions to a CSV File.

Run the following:

$AllUsers = get-mailbox  test*

ForEach ($Alias in $AllUsers)
 {
 $Mailbox = “” + $Alias.Name
 Write-Host “Getting folders for mailbox: ” $Mailbox
 $Folders = Get-MailboxFolderStatistics $Mailbox | % {$_.folderpath} | % {$_.replace(“/”,””)}

 $list = ForEach ($F in $Folders)
  {
  $FolderKey = $Mailbox + “:” + $F
  $Permissions = Get-MailboxFolderPermission -identity $FolderKey -ErrorAction SilentlyContinue
  $Permissions | Where-Object {$_.User -notlike “Default” -and $_.User -notlike “Anonymous” -and $_.AccessRights -notlike “None” -and $_.AccessRights -notlike  “Owner” }| Select $Mailbox, User, FolderName, AccessRights, *path*
  }
 }

$list | Export-csv C:delegates.csv

Reference: This code is edited from the original

Test Exchange 2013 Anti-malware with the EICAR Virus

Scenario: If you want to check to see if your Exchange 2013 Anti-malware policies are working, send EICAR virus through email.  Its not a actual virus, but Exchange 2013 will treat it as if it was due to the contents of the file.

1. Put the string below in the contents of a text file:

X5O!P%@AP[4PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

2. Save it as EICAR.txt

3. Attempt to email this file as an attachment to someone and observe the behavior set in your anti-malware policies.

 

 

Mailbox can’t be archive-enabled because it has a managed folder mailbox policy assigned.

Scenario:  When attempting to create an archive mailbox for an Exchange 2013 mailbox, the following error is displayed:

Mailbox ‘user1’ can’t be archive-enabled because it has a managed folder policy assigned. Archives are supported only with a retention policy, the message records management feature introduced in Exchange 2010.

Resolution:  Although you can see the ManagedFolderMailboxPolicy property for a mailbox, Exchange 2013 does not support Ex2010 MRM and it ignores its functionality. By attempting to set the managedfoldermailboxpolicy to null, it would not do anything on the mailbox:

set-mailbox user1 -managedfoldermailboxpolicy $null 

A work around is to add a temporary retention policy to the mailbox and remove the retention policy:

set-mailbox user1 -retentionpolicy “My Retention Policy”

set-mailbox user1 -retentionpolicy $null

When you add a retention policy to the mailbox, it automatically nulls out the managedfoldermailboxpolicy value.  By setting the retention policy back to null, it removes the 2013 retention policy completely as well.  You will now be able to create a archived mailbox for that user.

Integrate Exchange 2013 OWA and LYNC

Scenario:  Integrate Exchange 2013 OWA and LYNC together. The steps are from the Exchange perspective

Steps:

1. Configure Partner Applications with Exchange and Lync:

“C:Program FilesMicrosoftExchange ServerV15ScriptsConfigure-EnterprisePartnerApplication.ps1 -AuthMetaDataUrl ‘https://atl-cs-001.litwareinc.com/metadata/json/1’ -ApplicationType Lync”

2.  Configure OWA Virtual Directories to enable Instant Messaging and to assign OCS as the Instant Messaging Type. Note: InstantMesaging should be enabled but the InstantMessagingType is set to none by default.

Get-OwaVirtualDirectory | Set-OwaVirtualDirectory -InstantMessagingEnabled $True -InstantMessagingType OCS

3.  Copy the Thumbprint of the Certificate you are using for Exchange  by running:

Get-ExchangeCertificate -server Srv2013CM1

4. Add the 2 keys under the <appsettings> section of the web.config file located on C:Program FilesMicrosoftExchange ServerV15ClientAccessOWA for each of the backend servers.

<add key=”IMCertificateThumbprint” value=”EA5A332496CC05DA69B75B66111C0F78A110D22d”/><add key=”IMServerName” value=”atl-cs-001.litwareinc.com”/>

5. Recycle the MSExchangeOWAAppPool:

C:WindowsSystem32InetsrvAppcmd.exe recycle apppool /apppool.name:”MSExchangeOWAAppPool”

 

If you use Outlook Web App Policies:

You will have to enable  InstantMessaging and set the InstantMessagingType to OCS. By default, policies are not assigned to any user. Therefore any user will use the settings of the OWA Virtual Directory.  OWA Policies override the settings set on the virtual directories.

Get-OwaMailboxPolicy | Set-OwaMailboxPolicy -InstantMessagingEnabled $True -InstantMessagingType “OCS”

 

More instruction can be found here.