We are using O365 and we have Onpremise exchange hybrid server which has a disk space issue.

Mail.que file has grown to 272+Gb and its still growing.
1. How to shrink it and whats the best way to handle it. (I do not want to loose any mail or crash the server. )

2. when checked the mail queue, (Get-queue) its 0. Am not sure whats holding the space in that file. 

3. Deleting that file will cause any issue or loss of data ?

please help. 

Dear all,

we are currently running Exchange Server 2010.

I often have a request from users to delete the email that they have accidentally sent out and failed to recall from specific mailboxes. may I know whether any command that I could run? Maybe it is best that we can delete based on subject name or maybe based on sender name within specific period of time.

Please advise.

Thanks.

Hi All,

I hope you guys have dealt with this scenario.

Scenario

Source: Exchange 2013 -Forest A, Domain functional level 2012 R2

Destination:Exchange 2010 -Forest B, Domain function level 2012 R2

Cross forest migration task has to be accomplished. However destination is at lower version.

1. Is this supported? Can I have reference/KB for the same

2. Are there any risks in this migration

Thank you,

Preetam

Searching results on the Client are missing or not appearing.

I'm using Outlook 2013. When I'm conducting a search for an email I have the settings to entire mailbox.

The email was yesterday and I can see the email. I took a word from the subject line and tried to search for this email. It did not come up even though I can see the email. I tried other searches and they are not finding it either. So then I tried to search for the same email in OWA and I didn't get good results there either. I upgraded to CU11 for Exchange 2013. What else can I do to improve results when searching? Do I need to rebuild an index with Exchange 2013 or what function do I need to do to improve searches with Exchange 2013?

Dear all, 

I am facing an issue with connecting to the Exchange 2013 server from Exchange Management Shell. Once I click on the icon, the following message shows: 

VERBOSE: Connecting to mydomain.com.
New-PSSession : [mydomain.com] Connecting to remote server mydomain.com failed with the following
error message : WinRM cannot process the request. The following error with errorcode 0x8009030e occurred while using
Kerberos authentication: A specified logon session does not exist. It may already have been terminated.
 Possible causes are:
  -The user name or password specified are invalid.
  -Kerberos is used when no authentication method and no user name are specified.
  -Kerberos accepts domain user names, but not local user names.
  -The Service Principal Name (SPN) for the remote computer name and port does not exist.
  -The client and remote computers are in different domains and there is no trust between the two domains.
 After checking for the above issues, try the following:
  -Check the Event Viewer for events related to authentication.
  -Change the authentication method; add the destination computer to the WinRM TrustedHosts configuration setting or
use HTTPS transport.
 Note that computers in the TrustedHosts list might not be authenticated.
   -For more information about WinRM configuration, run the following command: winrm help config. For more
information, see the about_Remote_Troubleshooting Help topic.
At line:1 char:1+ New-PSSession -ConnectionURI "$connectionUri" -ConfigurationName Microsoft.Excha ...+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~+ CategoryInfo          : OpenError: (System.Manageme....RemoteRunspace:RemoteRunspace) [New-PSSession], PSRemotin
   gTransportException+ FullyQualifiedErrorId : 1312,PSSessionOpenFailed
VERBOSE: Connecting to mydomain.com.
New-PSSession : [mydomain.com] Connecting to remote server mydomain.com failed with the following
error message : WinRM cannot process the request. The following error with errorcode 0x8009030e occurred while using
Kerberos authentication: A specified logon session does not exist. It may already have been terminated.
 Possible causes are:
  -The user name or password specified are invalid.
  -Kerberos is used when no authentication method and no user name are specified.
  -Kerberos accepts domain user names, but not local user names.
  -The Service Principal Name (SPN) for the remote computer name and port does not exist.
  -The client and remote computers are in different domains and there is no trust between the two domains.
 After checking for the above issues, try the following:
  -Check the Event Viewer for events related to authentication.
  -Change the authentication method; add the destination computer to the WinRM TrustedHosts configuration setting or
use HTTPS transport.
 Note that computers in the TrustedHosts list might not be authenticated.
   -For more information about WinRM configuration, run the following command: winrm help config. For more
information, see the about_Remote_Troubleshooting Help topic.
At line:1 char:1+ New-PSSession -ConnectionURI "$connectionUri" -ConfigurationName Microsoft.Excha ...+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~+ CategoryInfo          : OpenError: (System.Manageme....RemoteRunspace:RemoteRunspace) [New-PSSession], PSRemotin
   gTransportException+ FullyQualifiedErrorId : 1312,PSSessionOpenFailed
VERBOSE: Connecting to mydomain.com.
New-PSSession : [mydomain.com] Connecting to remote server mydomain.com failed with the following
error message : WinRM cannot process the request. The following error with errorcode 0x8009030e occurred while using
Kerberos authentication: A specified logon session does not exist. It may already have been terminated.
 Possible causes are:
  -The user name or password specified are invalid.
  -Kerberos is used when no authentication method and no user name are specified.
  -Kerberos accepts domain user names, but not local user names.
  -The Service Principal Name (SPN) for the remote computer name and port does not exist.
  -The client and remote computers are in different domains and there is no trust between the two domains.
 After checking for the above issues, try the following:
  -Check the Event Viewer for events related to authentication.
  -Change the authentication method; add the destination computer to the WinRM TrustedHosts configuration setting or
use HTTPS transport.
 Note that computers in the TrustedHosts list might not be authenticated.
   -For more information about WinRM configuration, run the following command: winrm help config. For more
information, see the about_Remote_Troubleshooting Help topic.
At line:1 char:1+ New-PSSession -ConnectionURI "$connectionUri" -ConfigurationName Microsoft.Excha ...+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~+ CategoryInfo          : OpenError: (System.Manageme....RemoteRunspace:RemoteRunspace) [New-PSSession], PSRemotin
   gTransportException+ FullyQualifiedErrorId : 1312,PSSessionOpenFailed
Exception calling "FindAll" with "0" argument(s): "Unknown error (0x80005000)"
At C:\Program Files\Microsoft\Exchange Server\V15\bin\ConnectFunctions.ps1:253 char:2+     $search.FindAll()+     ~~~~~~~~~~~~~~~~~+ CategoryInfo          : NotSpecified: (:) [], MethodInvocationException+ FullyQualifiedErrorId : COMException

_AutoDiscoverAndConnect : No Exchange servers are available in any Active Directory sites. You can't connect to remote
Powershell on a computer that only has the Management Tools role installed.
At C:\Program Files\Microsoft\Exchange Server\V15\bin\ConnectFunctions.ps1:45 char:4
+             _AutoDiscoverAndConnect $credential $Forest -useWIA:$useWIA -ClientApplicatio ...+    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~+ CategoryInfo          : NotSpecified: (:) [Write-Error], WriteErrorException+ FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,_AutoDiscoverAndConnect

Failed to connect to an Exchange server in the current site.
Enter the server FQDN where you want to connect.:
VERBOSE: Connecting to .
New-PSSession : Cannot bind parameter 'ConnectionUri'. Cannot convert value
"http:///powershell?serializationLevel=Full;ExchClientVer=15.0.847.32;clientApplication=ManagementShell;TargetServer="
to type "System.Uri". Error: "Invalid URI: The hostname could not be parsed."
At line:1 char:30+ New-PSSession -ConnectionURI "$connectionUri" -ConfigurationName Microsoft.Excha ...+                              ~~~~~~~~~~~~~~~~+ CategoryInfo          : InvalidArgument: (:) [New-PSSession], ParameterBindingException+ FullyQualifiedErrorId : CannotConvertArgumentNoMessage,Microsoft.PowerShell.Commands.NewPSSessionCommand

Surprisingly I can log into the Exchange Administrative Center with no issues. I didn't change the password since I built the exchange server. Also the Admin password didn't change from the domain controller since it was built.

What could be the possible issue?

Hello all,

I am currently working on a project where there is an application server that has to send out an email to users automatically through the Exchange server. Exchange server 2013 is deployed on a VM.

The idea very simply is to send out a confirmation email from the application - through the exchange -  once the candidate  submits the CV. The application is using SMTP, consequently the SMTP connector was created for the application server.

My issue is that when the application is sending an email to the user, it sends ONLY to users within the domain. I want it to be able to send out an email to any email mailbox. Logically speaking the candidates won't be users on my domain, so anyone with Gmail or hotmail or yahoo or any other domain must be able to receive the email from the application.

What should I tweak/configure?

Diagram: http://s7.postimg.org/xh9l1bnsr/Exchange_email_issue.jpg

I have to client access server and it is running out of space

Is there anywhere in the C:\ drive where I can delete some space (e.g. log files)

We have 2 exchange servers in our organization. Exchange 2010 and Exchange 2013. When I run the command Get-Mailboxdatabase -status from the 2013 server it only shows the 2010 database. I seem to remember being able to see both databases when running this command. When I use the ECP to view the two databases show up healthy and mounted in the GUI. I tested the command from the Exchange 2010 server and it shows the same result. No obvious errors in either server event logs. I have recently updated both servers to the CU11 release.

Any ideas?

Hi all,

I have the existing scenario:

A shared mailbox with name "shared" (messagecopyforsendasenabled=true) which forwards to a distribution group shared_group.

Users A and B are members of the group, and also have send as permission for mailbox shared.

The feature works as expected when user A sends as Shared, a copy of sent items is saved in both A and shared mailboxes.

The problem is that, user B also has a copy of a message send by A (as shared) in his personal sent items and vice versa.

So users do not only get a copy of the sent items they send in their personal mailbox, the get a copy of every email that gets send as regardless who sent it.

Im sure thats not expected behavior.

Can anyone advise?

I have a security problem that I can't seem to find the answer to, and I'm hoping someone here who knows EWS better than I do can point me in the right direction.

We have a policy of only allowing access to files and email externally via methods that support 2FA/MFA. We use Azure MFA with ADFS and WAP to protect our Remote Desktop, SharePoint and OWA external access. For EAS we've been using device quarantining and we're now looking at moving that to Conditional Access via Intune. For all of these access methods, Microsoft have good solutions for integrating MFA.

We're looking at moving our mail from on-prem Exchange to Exchange Online in the near future, and all of the above methods work well for Exchange Online as well. No hassles there.

EWS is a problem for me. I'd always vaguely thought of EWS as a way for desk phones to display calendar details or look up contacts, that sort of thing, but of course EWS can be used to access email too. Most of the various Mac mail clients that support Exchange use EWS. Unfortunately, I can't seem to find a way of making EWS and MFA play nicely. None of the clients that connect using EWS can handle MFA. Right now I block EWS at the WAP reverse proxy, so it's only available to internal clients, and that complies with our security policy. That approach has two problems:

a) offsite clients that use EWS for calendar lookups (e.g. Lync 2013 mobile client on company-owned iPhones) are semi-broken without EWS, and

b) as I understand it, I won't be able to do this with Exchange Online. EWS will become available from everywhere. Staff will be able to use EWS clients to download their entire mailbox with only username and password.

Going forward on Exchange Online, I can see only two options:

1) Disable EWS across the board, breaking all sorts of things. Lync/Skype4B stops working properly, UM voicemail breaks, Lync desk phones become semi-functional, and I don't know what else breaks, but I'm sure plenty of other stuff will.

2) Use an EWS Allow List to whitelist certain client types that don't download email (e.g. Lync iPhone client), while blocking things known to download email.
https://exchangeserverpro.com/managing-exchange-web-services-in-office-365/

The problem with the second approach is that it's just matching a string that the client sends. It wouldn't be hard at all to download the EWS API bits from MSDN and build a client that spoofed the known client header of the Lync iPhone client. I don't think I can really argue that this meets our requirement for MFA on email access.

What I really need is something like Conditional Access blocking unknown clients from connecting to EWS as well as EAS. Or, better yet, the ability to toggle in an organizational config policy which types of content can be accessed over EWS. If I could say Calendar and Contacts objects are allowed, but Email objects are blocked via EWS everywhere, then I could happily allow EWS without MFA.

Does anyone have any suggestions for me on properly securing EWS? We're running Exchange 2013 CU10 at the moment, but have SA on our Exchange licenses and CALs and I'd be happy to upgrade to 2016 if that gave me a feature that helped with this problem.

Hi.

Exchange 2010 Database Redundancy Check Script is a powershell script which gets configured by Exchange automatically. the account which is being used by this script has been disabled. i would like to create a new account to run this script. Would like to know what permissions are required to run this script so that i can assign it to the new the account i create.

Thank You

Continuing in my growing list of oddball events on my exchange 2013 cu7 server that no one else on earth has apparently had are:

* Event Time: 26 Jan 2016 03:23:41 PM  

* Source: MSExchangeIS             

* Event Log: Application               

* Type: Warning              

* Event ID: 40013            

* Event User: N/A          

* The tombstone table has reached an excessive number of entries and/or total size. A maintenance task has been dispatched to perform urgent cleanup.               

Database: dbase1 (CN= dbase1,CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=mylocation,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=domain,DC=local)             

Number of entries (estimated): 100342               

Total size of entries (estimated): 0 bytes             

* Event Time: 26 Jan 2016 03:25:51 PM 

* Source: MSExchangeIS             

* Event Log: Application               

* Type: Warning              

* Event ID: 40017            

* Event User: N/A          

* The urgent tombstone table cleanup task has finished executing.                       

Database: dbase1 (CN= dbase1,CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=mylocation,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=domain,DC=local)             

Message tombstones deleted: 50317                   

Subobject tombstones deleted: 62280                 

Total size of deleted entries: 0 bytes                     

Remaining number of entries (estimated): 565                

Total size of remaining entries (estimated): 0 bytes        

Elapsed time: 130.3283973 seconds        

Pass completed: True                   

Subobjects in-use: 0                      

Mailboxes quarantined: 0          

Mailboxes locked: 0                       

Mailboxes missing: 0                   

 I can find nothing at all on these events.  The database appears to be working fine. No user complaints.

 I want to ensure that this database is not heading for a fall. Any suggestions as to how to determine this?

Thx

The following error occurred while searching for the on-premises Exchange server: 

[ex-cas.yss.com] Connecting to remote server failed with the following error message : The WinRM client cannot process the request because the server name cannot be resolved. For more information, see the about_Remote_Troubleshooting Help topic. It was running the command 'Discover-ExchangeServer -UseWIA $true -SuppressError $true -CurrentVersion 'Version 14.3 (Build 123.4)''. 

< Message edited by porzza99 -- 27.Jan.2016 5:43:27 AM >

and error Evert  viewer

WebHost failed to process a request. 
Sender Information: System.ServiceModel.ServiceHostingEnvironment+HostingManager/32001227
Exception: System.ServiceModel.ServiceActivationException: The service '/Autodiscover/Autodiscover.xml' cannot be activated due to an exception during compilation. The exception message is: This collection already contains an address with scheme http. There can be at most one address per scheme in this collection. 
Parameter name: item. ---> System.ArgumentException: This collection already contains an address with scheme http. There can be at most one address per scheme in this collection. 
Parameter name: item 
at System.ServiceModel.UriSchemeKeyedCollection.InsertItem(Int32 index, Uri item) 
at System.Collections.Generic.SynchronizedCollection`1.Add(T item) 
at System.ServiceModel.UriSchemeKeyedCollection..ctor(Uri[] addresses) 
at System.ServiceModel.ServiceHost..ctor(Type serviceType, Uri[] baseAddresses) 
at System.ServiceModel.Activation.ServiceHostFactory.CreateServiceHost(Type serviceType, Uri[] baseAddresses) 
at System.ServiceModel.Activation.ServiceHostFactory.CreateServiceHost(String constructorString, Uri[] baseAddresses) 
at System.ServiceModel.ServiceHostingEnvironment.HostingManager.CreateService(String normalizedVirtualPath) 
at System.ServiceModel.ServiceHostingEnvironment.HostingManager.ActivateService(String normalizedVirtualPath) 
at System.ServiceModel.ServiceHostingEnvironment.HostingManager.EnsureServiceAvailable(String normalizedVirtualPath) 
--- End of inner exception stack trace --- 
at System.ServiceModel.ServiceHostingEnvironment.HostingManager.EnsureServiceAvailable(String normalizedVirtualPath) 
at System.ServiceModel.ServiceHostingEnvironment.EnsureServiceAvailableFast(String relativeVirtualPath) 
Process Name: w3wp 
Process ID: 16304 

The Module DLL 'C:\Program Files\Microsoft\Exchange Server\V14\Bin\kerbauth.dll' could not be loaded due to a configuration problem. The current configuration only supports loading images built for a x86 processor architecture. The data field contains the error number. To learn more about this issue, including how to troubleshooting this kind of processor architecture mismatch error, see

The emails sent and received have To: and From: addresses repeated at least 50+ times.

Initial email goes out fine. Several replies also do well. Then replies to the same email thread are having From and To addresses repeated several times.

Below is an example: I have just replaced the exact email IDs with some sample.

Naveed.DG MCITP, MCTS -SharePoint 2010 Administrator "Vote As Helpful" If it helps!!

Hello techies out there.

I am trying to build a simple script where I need a simple email alert if Any DB does not have an Activation preference of 1. Why i say simple because I have an environment over 500 DBs spread across and i dont want any complex methods to collect the data.

i took the reference from https://gallery.technet.microsoft.com/scriptcenter/Monitor-Databases-in-DAG-310b7bd1 but this only works for 2010 and I got an Exchange 2013 environment so I tried to dig more and build something with reference to the existing one.

########################### Add Exchange Shell##############################

If ((Get-PSSnapin | where {$_.Name -match "Microsoft.Exchange.Management.PowerShell"}) -eq $null)
{
    Add-PSSnapin Microsoft.Exchange.Management.PowerShell.SnapIn
}

#########################Get the Exchange Servers###########################

    $exchangeserver = Get-ExchangeServer | Format-List

##########################Define Variables & Strings########################
[Bool] $bolFailover = $False
[String] $errMessage = $null

$databases = Get-MailboxDatabase | Sort-Object Name

 ForEach ($database in $databases) {
    $db = $database.Name
    $curServer = $database.Server
    $ownServer = $database.ActivationPreference | ? {$_.Value -eq 1}

    # Compare the server where the DB is currently active to the server where it should be
    If ($curServer -ne $ownServer.value)
    {
            $errMessage += "`n$db on $curServer should be on $ownServer!"
        }

        $bolFailover = $True
    }

$errMessage += "`n`n"


If ($bolFailover) {
        
    #$errMessage
    Send-MailMessage -From "test@tesdomain.com" -To "test@testdomain.com" -Subject "Activation Pref Not Good!" -Body $errMessage -Priority High -SMTPserver "12345.testdomain.com"
}

Now I do get an email out but it lists all those 500 dbs and says should be on !

Also i dont get a value for the $ownserver.

I am now a bit lost and spent too much time thinking on this. So though would ask the experts here since I am no hardcore scripting guy. Thanks again for all your help.

I think if this can be completed may be will be of help to others as well. Please assist,

Hi All,

We have Exchange 2013 and we want to restricts users from Adding/changing their pictures thru OWA/OUTLOOK. only administrator should Add/change the picture from AD our ECP.

please guide.