Category: Exchange 2013

Exchange Activesync Monitor for Specific Devices

Scenario:  Monitor specific ActiveSync Devices and report when a device has not made a successful ActiveSync connection for over an hour.  Report the time in local time and not Greenwich.  

Script: I ran the following Exchange PS script every hour . Depending on your requirements, you may need to manipulate or move the script around.

#Format Date to Greenwich
$currentdate = get-date
$currentdate = $currentdate.Addhours(-1)
$currentdate = $currentdate.touniversaltime()

#Pull the devices that have not connected to LastSuccessSync in over an hour
$devices = get-activesyncdevicestatistics DeviceID  | Where {$_.LastSuccessSync -lt $currentdate} | Sort LastSuccessSync | Select DeviceID, DeviceOS, deviceFriendlyName, LastSuccessSync, LastSyncAttemptTime, DeviceModel, Identity

#For the device(s) found, format the information
ForEach ($entry in $devices){
$Device = “Device: “+$entry.DeviceFriendlyName
$DeviceOS = “Device OS:   “+$entry.DeviceOS
$DeviceLastAttempt = “Last Sync Attempt (EST):   “+$entry.LastSyncAttemptTime.ToLocalTime()
$DeviceLastSync = “Last Success Sync (EST):   “+$entry.LastSuccessSync.ToLocalTime()
$DeviceModel = “Device Model:   “+$entry.DeviceModel
$DeviceIdentity = “DeviceID:   “+$entry.Identity
$DeviceIdentity = $DeviceIdentity -replace “Domain/OU/”,””
$DeviceIdentity = $DeviceIdentity -replace “/ExchangeActiveSyncDevices/”,”_”
}

#Email the results if there is a device that has not reported in over 1 hour.
If ($Devices -ne $null){
$SmtpClient = new-object system.net.mail.smtpClient 
$MailMessage = New-Object system.net.mail.mailmessage 
$SmtpClient.Host = “smtp.domain.com” 
$mailmessage.from = (“EASMonitoring@domain.com”) 
#$mailmessage.To.add(“User@domain.com”) 
$mailmessage.Subject = “Alert: A mobile device has not connected to e-mail in over 60 minutes.”
$mailmessage.Body = “The mobile device below has not connected to e-mail in over 60 minutes.
$DeviceIdentity
$Device
$DeviceOS
$DeviceLastAttempt
$DeviceLastSync

$smtpclient.Send($mailmessage)
}

Some Powershell One-Liners

​Run this one liner command to disable client access to a mailbox
Set-CASMailbox “testmbox” -EwsEnabled $false -ActiveSyncEnabled $false -MAPIEnabled $false -OWAEnabled $false -ImapEnabled $false -PopEnabled $false
Disable single item recovery and remove the mailbox from litigation hold.
 
Set-Mailbox “Mickey Mouse” -SingleItemRecoveryEnabled $false -LitigationHoldEnabled $false
 
Copy items from the Recoverable Items folder to a folder in the Discovery Search Mailbox and delete the contents from the source mailbox.
 
Search-Mailbox -Identity “testmbox” -SearchDumpsterOnly -TargetMailbox “Discovery Search Mailbox” -TargetFolder “GurinderSingh-RecoverableItems” -DeleteContent
  
If you need to delete only messages that match specified conditions, use the SearchQuery parameter to specify the conditions. This example deletes messages that have the string “card statement” in the Subject field.
 
Search-Mailbox -Identity “testmbox” -SearchQuery “Subject:’card statement'” -SearchDumpsterOnly -TargetMailbox “Discovery Search Mailbox” -TargetFolder “testmbox-RecoverableItems” -DeleteContent

Reporting Mailbox Folder sizes with Powershell

​Reporting Mailbox Folder sizes with Powershell
report on individual folders and sizes:
Get-MailboxFolderStatistics testmbox
get folder stats and display folder size and items in folder:
Get-MailboxFolderStatistics testmbox | Ft name,FolderSize,ItemsinFolder
look at specific folders and sub folders:
Get-MailboxFolderStatistics testmbox -FolderScope Inbox | Select Name,FolderSize,ItemsinFolder

Exchange Script: Find ActiveSync Device Statistics for users in a Distribution Group

Scenario: You want to Find ActiveSync Device Statistics for users that are in a Distribution Group. If the Distribution Group does not contain members, it will not send the email. If it contains members, it will send an email for each member. Copy the content below and paste it into a .ps1 file and execute from Exchange Mangaement Shell.   
$mbox = Get-DistributionGroup “group-name”| Get-DistributionGroupMember
If ($mbox -ne $null)
{
$email = $mbox | ForEach {
$name = $_ | Select Name |Out-String
$body = get-activesyncdevicestatistics -mailbox $_.name | Sort DeviceFriendlyName | FT DeviceFriendlyName, DeviceModel, LastSyncAttemptTime, LastSuccessSync | Out-string
$SmtpClient = new-object system.net.mail.smtpClient
$MailMessage = New-Object system.net.mail.mailmessage
$SmtpClient.Host = “servername”
$mailmessage.from = (“EASMonitoring@domain.com”)
$mailmessage.To.add(“easstatistics@domain.com“)
$mailmessage.Subject = “EAS Statistics”
$mailmessage.Body = “
EAS Statistics for:$name
$body

$smtpclient.Send($mailmessage)
}
}

IMAP/POP Certificate issue after Install of Ex2013 CU3

Scenario: After the installation​ of Ex2013 CU3, the certificate that was assigned the POP and IMAP services became unassigned and assigned to another certificate.  The error clients were receiving:
“IMAP Error: Server Certificate was rejected by the verifier because the certificate’s common name ‘mail.domain.com’ does not match the hostname ‘imap.domain.com’.
Resolution:  From Ex2013 Management Shell, run the following: 
1. Determine the thumbprint of the certificate that should have IMAP and POP enabled by running: Get-ExchangeCertificate 
2. Then run: Enable-ExchangeCertificate -Thumbprint XXXXXXXXXX -Services POP,IMAP
3. Restart the Imap and Pop frontend and backend services.

Redistribute Exchange Databases

​To redistribute Exchange databases so they are mounted on the Mailbox Server that holds the first activation preference, run the following:
1. Open up Exchange Management Shell
2. Change the directory to the Scripts folder located in the Exchange Install Directory; 
Example: CD  “C:Program FilesMicrosoftExchange ServerV14Scripts”
3. Run the following command:
 .RedistributeActiveDatabases.ps1 -DagName <dagname> -BalanceDbsByActivationPreference –ShowFinalDatabaseDistribution –Confirm:$false
 Note: To find the DagName, you can run the get-databaseavailabilitygroup powershell command to list your Dags.

Importing pst to mailbox

Scenario: Import pst into a mailbox
Note: Must have mailbox export/import permissions to be able to do this. targetrootfolder is good if you are importing multiple psts into the mailbox. This way content is not merged under existing folders.
From Powershell, type:
New-MailboxImportRequest -Mailbox newmbox -filepath serverpstfilesnewmbox.pst-BadItemLimit 50 -T
argetRootFolder “Mailbox -newmbox”

Working with Recoverable Items Folder

​The Recoverable Items folder (known in earlier versions of Exchange as the dumpster) exists to protect from accidental or malicious deletions and to facilitate discovery efforts commonly undertaken before or during litigation or investigations
To retrieve the following quota settings:
* RecoverableItemsQuota
◦ RecoverableItemsWarningQuota
◦ ProhibitSendQuota
◦ ProhibitSendReceiveQuota
◦ UseDatabaseQuotaDefaults
◦ RetainDeletedItemsFor
◦ UseDatabaseRetentionDefaults
use this one liner:
 
Get-Mailbox “testmbox” | Format-List RecoverableItemsQuota, RecoverableItemsWarningQuota, ProhibitSendQuota, ProhibitSendReceiveQuota, UseDatabaseQuotaDefaults, RetainDeletedItemsFor, UseDatabaseRetentionDefaults
 
2.To retrieve the current size of the Recoverable items folder:
Get-MailboxFolderStatistics “testmbox” -FolderScope RecoverableItems | Format-List Name,FolderAndSubfolderSize
 
please note that quota for recoverable items folder can be raised.The default is 30GB
 
To make sure no items are deleted from the Recoverable Items folder, increase the Recoverable Items quota. You can also increase the Recoverable Items warning quota, and set the deleted item retention period to a value higher than the current size of the user’s Recoverable Items folder. This is particularly important for preserving messages for mailboxes placed on In-Place Hold or litigation hold. It’s recommended to raise these settings to twice their current size.
 
3. Increase recoverable items quota
 
Set-Mailbox “testmbox” -RecoverableItemsQuota 80Gb -RecoverableItemsWarningQuota 80Gb -RetainDeletedItemsFor 3650 -ProhibitSendQuota 80Gb -ProhibitSendRecieveQuota 80Gb -UseDatabaseQuotaDefaults $false -UseDatabaseRetentionDefaults $false
 
 
4. This example retrieves the size of the Recoverable Items folder and its subfolders and an item count in the folder and each subfolder.
Get-MailboxFolderStatistics -Identity “Mickey Mouse” -FolderScope RecoverableItems | Format-Table Name,FolderAndSubfolderSize,ItemsInFolderAndSubfolders -Auto

HTTP 413 Errors in IIS logs with ActiveSync and Certificate Based Authentication

Scenario: After setting up Certificate Based Authentication for ActiveSync, users on mobile devices may experience the following error message: “Cannot Send Mail.The message was rejected by the server because it is too large”. When you check the IIS logs, you may see HTTP 413 errors. Our Environment: Exchange 2013, Windows Server 2012, IIS 8.0.
Reason: The client connection was dropped to prevent DeadLock. The server requests renegotiation for certificate authentication, and the content length the client is trying to send is larger than the value of the UploadReadAheadSizemetabase property in IIS.
WorkAround: The workaround below will re-bind the certificate to enable client certificate negotiation upfront.
Re-bind the certificate and enable ClientCertNegotiation:
1. netsh http show sslcert <– Copy the results to notepad.
2. netsh http delete sslcert hostnameport=<hostnameport>:443
3. netsh http add sslcert hostnameport=<hostname>:443 certhash=<certhash> appid=<appid> certstorename=MY clientcertnegotiation=enable <– Use copied results from step 1 to fill in these values)
Note: We have a separate IIS Site with EAS setup for Certificate Based Authentication. We use a separate certificate on this site so we can enable clientcertnegotiation on the certificate. Another work around would be to change the UploadReadAheadSize on the Web Server, the website that hosts the EAS subsite, and the EAS subsite.