Hi All,

OWA doesn`t sign out from Chrome and Safari, in IE 11 its works fine.

I am using Exch2013 CU8

Regards

<g class="gr_ gr_189 gr-alert gr_spell gr_run_anim ContextualSpelling ins-del multiReplace" data-gr-id="189" id="189">mohammed</g> Eliyas

Hi All,

My environment running exchange 2013 servers with several remote forests. We are using linked mailbox and the users find that they cant change their password in ecp.

It will prompt an Error "Your password couldn't be changed. Make sure the old password you typed is correct and that the new password meets the minimum security requirements."

Also, i find that the error should be a false prompt, the linked mailbox user password is actual changed to the new password they have been entered.

I search for this issue, but i cannot find any related information about linked mailbox is supported to change password in owa or not.

BTW, i ensure that the gpo password policy is same for both resources forest and remote forests. I have no idea why it prompt an error but the password has been changed correctly.

Any help will be appreciated.

Best regards,

Andrew Hon

Hello all - We recently upgraded our Exchange environment to CU13.  We noticed now that when a user creates a distribution group via ECP..the "Select an organizational unit" is blank.  This was working prior to the CU13 upgrade.  The windows says "There are more results available than are currently displayed.  There are no items to show in this view."

I attempted to adjust the web.config file to display more results, but that did not do anything either. Screen shot is attached...please let me know if anyone has any ideas

Hi,

We are using Exchange 2013 CU9.

We are planned Journaling External mail’s (Outgoing/Incoming) for whole organization.

For Journaling External mail’s and other services, we have planned to go for third party solution.

We have standard CAL only. How to Journal only External mail’s to Journal mailbox because Standard Journaling supports at Mailbox Database Level.

Any suggestion please.. 

Thanks & Regards, Kumar N

We are trying to setup custom messages with New-SystemMessage. The new messages we set aren't showing the customized content but the old messages are correct. I want to say these messages are stored in files somewhere and you can modify the entire message contents. Am I missing something? 5.5.3 is what we are having trouble with.

Identity                  Text
--------                  ----
en\Internal\5.2.3         This message exceeds the maximum message size allowed. Microsoft Exchange will not try to
en\WarningMailbox         <p>Your mailbox is approaching capacity. When it reaches 100%, you can no longer se
en\ProhibitSendReceive... <p>Your mailbox is at or exceeded capacity. You can no longer send or receive messa
en\Internal\5.5.3         <p>You are receiving this email because you have tried to send an email to too many recip

Hi all,

I created a CSR for *.domain.com from IIS on my exchange server.

Submitted the CSR to Go Daddy, downloaded the cert, completed the cert request from within IIS. The cert appears in exchange with no problem, i also assign the correct services, for example SMTP and IIS. (i also added the intermediate cert)

I then browse to the OWA address and i can see the cert is applied, its issued to *.domain.com and issued from go daddy, valid to date is correct.

The issue is with my outlook clients, they are complaining about the name on the cert. It looks like the *. is causing issues. The error is saying the name on the cert is invalid, or words to that affect (i can get the exact error when in the office)

Is there anything else i need to do to get a wildcard cert to work with exchange?

Auto discover seems to be configured correctly. For example, from the exchange, if i ping the external domain name, i get a reply from the internal IP address of the exchange server. The internal domain name and external domain names are different.

The previous cert worked fine from go daddy but the previous cert was issued to mail.domain.com rather than *.domain.com.

Any help would be greatly appreciated.

Thanks

Hello all,

I have a couple questions about maintenance mode. Before I ask my questions, here is my setup. We have three Exchange 2013 servers. Each of the servers are in the same site and have both the transport and mailbox services installed. All of the servers are part of a DAG.

I want to move one of the servers from the main site to our DR site offsite. I thought the best way to do this is to put the server into maintenance mode, turn it off, move it to the site, boot the server, configure it for the DR site (IP address, gateway, etc.), and take the server out of maintenance mode. However, even when the server is in maintenance mode some of our users still connect to it and when we have turned off the server in the past people are not able to get email. I thought that maintenance mode would prevent people from connecting to the server so you could perform some type of maintenance on it, like updating or configuration. Is the not how maintenance mode works? Is there a better way to accomplish what I am trying to do? How can I determine that a server is in maintenance mode?

Thank you in advanced,

Andy

Andy Richards

Hi There,

I have a DC and an Exchange server both running Server 2012 standard. Both have all the updates installed and necessary Exchange 2013 pre requisites. No AV running on the network yet either.

The installation ran with no problems but I get the below error when I try and login to https://servername/ecp

Server Error in '/owa' Application.
--------------------------------------------------------------------------------

The user has insufficient access rights.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: System.DirectoryServices.Protocols.DirectoryOperationException: The user has insufficient access rights.

Source Error:

An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.  

Stack Trace:


[DirectoryOperationException: The user has insufficient access rights.]
   System.DirectoryServices.Protocols.LdapConnection.ConstructResponse(Int32 messageId, LdapOperation operation, ResultAll resultType, TimeSpan requestTimeOut, Boolean exceptionOnTimeOut) +1904
   System.DirectoryServices.Protocols.LdapConnection.SendRequest(DirectoryRequest request, TimeSpan requestTimeout) +381
   Microsoft.Exchange.Data.Directory.PooledLdapConnection.SendRequest(DirectoryRequest request, LdapOperation ldapOperation, Nullable`1 clientSideSearchTimeout) +9836289
   Microsoft.Exchange.Data.Directory.ADDataSession.ExecuteModificationRequest(ADObject entry, DirectoryRequest request, ADObjectId originalId, Boolean emptyObjectSessionOnException, Boolean isSync) +1215

[ADOperationException: Active Directory operation failed on FA01.fa.local. This error is not retriable. Additional information: Insufficient access rights to perform the operation.
Active directory response: 00002098: SecErr: DSID-03150BC1, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
]
   Microsoft.Exchange.Data.Directory.ADDataSession.AnalyzeDirectoryError(PooledLdapConnection connection, DirectoryRequest request, DirectoryException de, Int32 totalRetries, Int32 retriesOnServer) +3682
   Microsoft.Exchange.Data.Directory.ADDataSession.ExecuteModificationRequest(ADObject entry, DirectoryRequest request, ADObjectId originalId, Boolean emptyObjectSessionOnException, Boolean isSync) +1978
   Microsoft.Exchange.Data.Directory.ADDataSession.ExecuteModificationRequest(ADObject entry, DirectoryRequest request, ADObjectId originalId, Boolean emptyObjectSessionOnException) +27
   Microsoft.Exchange.Data.Directory.ADDataSession.Save(ADObject instanceToSave, IEnumerable`1 properties, Boolean bypassValidation) +2068
   Microsoft.Exchange.Data.Directory.Recipient.ADRecipientObjectSession.Save(ADRecipient instanceToSave) +98
   Microsoft.Exchange.Data.Storage.ExchangePrincipal.Save() +1078

[StoragePermanentException: There was a problem accessing Active Directory. Check your network connections and try again.]
   Microsoft.Exchange.Data.Storage.ExchangePrincipal.Save() +1600
   Microsoft.Exchange.Clients.Owa2.Server.Core.RequestDispatcher.HandleLanguagePost(RequestContext requestContext, CultureInfo culture, String timeZoneKeyName, Boolean isOptimized, String destination) +2072
   Microsoft.Exchange.Clients.Owa2.Server.Core.RequestDispatcher.DispatchIfLanguagePost(RequestContext requestContext) +642
   Microsoft.Exchange.Clients.Owa2.Server.Core.RequestDispatcher.InternalDispatchRequest(RequestContext requestContext) +620
   Microsoft.Exchange.Clients.Owa2.Server.Core.RequestDispatcher.DispatchRequest(RequestContext requestContext) +297
   Microsoft.Exchange.Clients.Owa2.Server.Core.OwaRequestHandler.OnPostAuthorizeRequest(Object sender, EventArgs e) +352
   System.Web.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +80
   System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +165

--------------------------------------------------------------------------------
Version Information: Microsoft .NET Framework Version:4.0.30319; ASP.NET Version:4.0.30319.18033

Hi,

I have a problem where Event ID 3028 Source MSExchangeApplicationLogic is beeing logged every 6 hours with 4 same type of events. Here is the log:

Scenario: ProcessKillBit. Failed to read killbit list file because of exception System.IO.IOException: The process cannot access the file 'C:\Program Files\Microsoft\Exchange Server\V15\ClientAccess\owa\prem\15.0.995.29\ext\killbit\killbit.xml' because it is being used by another process.
   at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
   at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy, Boolean useLongPath, Boolean checkHost)
   at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String msgPath, Boolean bFromProxy)
   at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share)
   at System.IO.File.Open(String path, FileMode mode, FileAccess access, FileShare share)
   at Microsoft.Exchange.Data.ApplicationLogic.Extension.KillBitHelper.TryReadKillBitFile(Int32& refreshRate, DateTime& lastModifiedTime)

The environment is single virtual MS Exchange 2013 server running on Windows 2012 R2. DC is running on a separate server.

I can't seem to find any articles or blogs relating to this issue.

Thanks for any help.

I would like to find out if it is possible to go straight from exchange 2013 cu 8/9 to exchange 2013 cu 14 or there are intermediate steps that should be followed?

Also what procedure should be followed for the upgrade.

We have 2 CAS servers behind a load balancer.

And 2 mailbox servers in a DAG.

Should I be upgrading 1 server, reboot that server and go to next server and so on

OR

Specific procedure should be followed?

And what backups to take before the upgrade.

And what will be the restore procedure ?

Should I keep 1 Domain Controller shutdown during the upgrade and that way in case of issues just restore the exchange servers from backup and power on this DC(and shutdown others)?

Hello,

While running the Search-AdminAuditLog cmdlet using the powershell script, we are getting below error.

Search-AdminAuditLog : The attempt to search the administrator audit log failed. Please try again later.
[FailureCategory=Cmdlet-AdminAuditLogSearchException] 5DE55415,Microsoft.Exchange.Management.SystemConfigurationTasks.SearchAdminAuditLog

We have exchange server 2013 setup on a single system that hosts Mailbox as well as ClientAccess roles. We have already enabled the adminaudit logs.

Can anyone please help?

Thanks,

Pratik

Hello,

While running the Search-MailboxAuditLog using the powershell script, We are getting the below error even though the user has Organization Management and Records Management permissions.

Search-MailboxAuditLog : The requesting account doesn't have permission to access the audit log.
[FailureCategory=Cmdlet-AuditLogAccessDeniedException] 55801942,Microsoft.Exchange.Management.SystemConfigurationTasks.SearchMailboxAuditLog

Can anyone please help?

Thanks,

Pratik

hi 

i have created distributed group for exchange server 2013 and i am unable to receive email internally and externally to this group ? 

any idea ? 

Hello,

I have an issue with setting delegates for a single mailbox in my organization. When I try to save the delegates in Outlook I receive the following error:

The delegate settings were not saved correctly. Cannot activate free/busy information.

The version of Exchange is 2013 and Outlook 2013.

I found this: https://support.microsoft.com/en-us/kb/958443, so I tested it, but it doesn't work. /cleanfreebusy switch is deprecated in Outlook 2013.

I'm able to set delegates via OWA, but when allow delegates to see private items, this doesn't work in Outlook.

Can you please help.

#CSV = alias,addnewemailaddress

import-csv .\AddSmtpMakePrimaryProxy.csv | foreach {
$user = Get-Mailbox $_.alias
$user.emailAddresses+= $_.addnewemailaddress
$user.primarysmtpaddress = $_.addnewemailaddress
Set-Mailbox $user -emailAddresses $user.emailAddresses
set-Mailbox $user -PrimarySmtpAddress $user.primarysmtpaddress
}

[PS] C:\Scripts\Primary SMTP>.\AddSmtpMakePrimaryProxy.ps1

The operation couldn't be performed because object 'XXX' couldn't be found on 'DC'.
    + CategoryInfo          : NotSpecified: (:) [Get-Mailbox], ManagementObjectNotFoundException
    + FullyQualifiedErrorId : CE8CDFE8,Microsoft.Exchange.Management.RecipientTasks.GetMailbox
    + PSComputerName        : DC

. : Property 'emailAddresses' cannot be found on this object; make sure it exists and is settable.
At C:\Scripts\Primary SMTP\AddSmtpMakePrimaryProxy.ps1:5 char:7
+ $user. <<<< emailAddresses+= $_.addnewemailaddress
    + CategoryInfo          : InvalidOperation: (emailAddresses:String) [], RuntimeException
    + FullyQualifiedErrorId : PropertyNotFound

. : Property 'primarysmtpaddress' cannot be found on this object; make sure it exists and is settable.
At C:\Scripts\Primary SMTP\AddSmtpMakePrimaryProxy.ps1:6 char:7
+ $user. <<<< primarysmtpaddress = $_.addnewemailaddress
    + CategoryInfo          : InvalidOperation: (primarysmtpaddress:String) [], RuntimeException
    + FullyQualifiedErrorId : PropertyNotFound

Cannot bind argument to parameter 'Identity' because it is null.
    + CategoryInfo          : InvalidData: (:) [Set-Mailbox], ParameterBindingValidationException
    + FullyQualifiedErrorId : ParameterArgumentValidationErrorNullNotAllowed,Set-Mailbox
    + PSComputerName        : DC

Cannot process argument transformation on parameter 'PrimarySmtpAddress'. Cannot convert null to type "Microsoft.Exchan
ge.Data.SmtpAddress".
    + CategoryInfo          : InvalidData: (:) [Set-Mailbox], ParameterBindin...mationException
    + FullyQualifiedErrorId : ParameterArgumentTransformationError,Set-Mailbox
    + PSComputerName        : DC

Long story short, I am an exchange and AD admin for a fairly sized company. We utilize a citrix environment for our employees.

All of our exchange servers are 2010 SP2 but the only forums available were for 2013

I was going through a list of users that needed to be disabled and I ended up disabling several accounts that were not suppose to be on this list. I have been reactivating their accounts as they call into our helpdesk. One user in particular is trying to open outlook (ill remind you that we use a citrix environment so outlook is opening from citrix servers) and she gets threes prompt to verify a certificate. each prompt comes from 3 different exchange servers which makes no sense to me. Then she gets the following message "Allow this website to configure  FirstName.LastName2@company.com (This is not the email address that she has listed for her under exchange.) server settings?  Https://ip of exchange server/autodiscover/autodiscover.xml.  Your account was redirected to this website for settings.  You should only allow settings from sources you know and trust. When they click "allow". a error message pops up saying "cannot start microsoft outlook. cannot open the outlook window. the set of folders cannot be opened. 

I’m looking for some help with errors in the event log of our Exchange 2013 server. OS is 2012 R1. All three DCs are 2012 R2. We do not encrypt email and used –DoNotRequireSSL on cert commands. I’ve scoured the Internet and other forums but haven’t found an answer.

Schannel Error 36887 - A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 46.

The frequent Schannel errors go back as far as the event viewer’s start date (2 weeks) so I’m not sure how, why and when they began but they’re occurring too often to ignore. As far as we know everything is operational but the errors weren’t always there so something changed, and it could have been during the recent CA certificate renewal process. It could also be due to the fact there are two nearly identical self-signed certs, one with IIS,SMTP and one with only SMTP. I know from the SmtpReceive logs that the thumbprint being used by SMTP is the one that begins in BD0. Are the errors caused by IIS not assigned to this cert (see screen shots)? The Schannel error with code 46 specifically means TLS1_ALERT_CERTIFICATE_UNKNOWN.

When I use the Enable-ExchangeCertificate on the BD0 cert and assign it the IIS,SMTP services then IIS is ripped from the CA cert (thumbprint D18) services and certificate errors appear on Outlook clients.

What would happen if I delete either the BD0 or 570 cert? It seems like I need to get rid of one of these while not breaking everything. Again, all appears to be fully functional so I’m proceeding with caution to say the least.

Any thoughts or ideas are appreciated. Thanks in advance.

Hey guys,

I've been trying to look for an answer for this for some time but I haven't been able to find anything.

I have currently a 4 node DAG with around 30DBs.

I don't know why but every now and then the databases are being automatically failed over to another node. 

I initially detected this behavior on servers that were backed up. 

But now I am only backing up 1 of the DAG members and still the databases being hosted on the others failover to other nodes every now and then.

I am trying to detect the reason for this behavior because I think it could be storage performance issues, but still not 100% sure.

So I wanted to know if there is an event log somewhere in Exchange that says when an Active Database is being failed over to another node.

I did some research and found someone saying to look for event ID 102 but it doesn't really show this information.

I also tried looking for details on the High availabilty logs for exchange but didn't find anything.

Any ideas on how to look for this?

Thank you!

Eduardo Rojas

Having nothing but problems with this Exchange 2013 deployment, and its the simplest way to deploy Exchange. Single server, single domain controller, on the same box.

A few weeks ago, out of nowhere a server that was running fine, started reporting ASP errors and no access to the ECP or OWA would function.  Rebooting didn't help. Restarting IIS didn't help. Only Exchange and ADDS run on this server.

Was recommended through an Exchange 2013 forum to install SP1 to fix this issue.  That was a nightmare in itself, 18 steps, 50% of which failed one by one and had to work through those issues.  Once it completed, OWA and ECP worked again, but only for 24 hours or probably less if I  was up all day.  Now OWA works if I typehttps://ffws01/owa and login, but if I try https://ffws01/ecp I get a login prompt, then when logging in it goes 500 Internal Error.

PowerShell command Get-MailboxDatabaseCopyStatus shows ContentIndexStatus as "Failed and..."

There are three mailbox databases, the default randomly generated one, then MBX1 and MBX2.

I am at a loss right now, and have no idea what to do with this box. Users are able to access their mailboxes though from Outlook 2010 and Outlook 2013.  Just have no way of managing this server anymore.