I was working with a customer who changed some TLS 1.0/1.1 setting on their Exchange server that broken mail flow to Exchange Online. They were in the process of migrating to Exchange Online from their four server Exchange DAG. I found that two servers were unable to send messages to the Edge server and then Exchange Online:
421 4.4.2 Connection dropped due to Socket Error Attempted failover to alternate host, but that did not succeed. Either there are alternate hosts, or delivery failed to all alternate hosts.
In this situation I was able to place the server component Hub Transport in maintenance mode by running:
I ran into the following error when uninstalling an Exchange 2010 server:
This computer is responsible for expanding the membership of 15 distribution groups. These must be reassigned to another server before setup can continue.
To find which distribution groups have an Expansion Server set you can run the following from the Exchange Management Shell:
I recently completed a migration from Exchange 2013 to Exchange 2016 and after the Exchange 2013 server was uninstalled that’s when the issues with OAB started. I confirmed that all the mailbox databases were set with the Offline Address Book.
I confirmed that the OAB Virtual Directory was set with the correct URL.
I ran the Outlook Test Email AutoConfiguration and noticed that in the output it didn’t have a line for OAB.
It turns out that the Offline Address Book needed to be set for Global Web Distribution.
Fixing a corrupt content index on an Exchange database with only one copy can be done in the following method:
If you run the following command you can see the content index state and error message.
1
2
3
Get-MailboxDatabaseCopyStatus<databasename>|fl
Next you will need to stop the following services:
1
2
3
Stop-Service MSExchangeFastSearch
Stop-Service HostControllerService
Now you will need to delete the content index folder which is a GUID in the same location as the database edb file. It has three sub folders that all need to be deleted.
NOTE: If you try and delete the files without stopping the search services you will get an error that the file is in use.
With the files successfully deleted you can start the services:
1
2
3
Start-Service MSExchangeFastSearch
Start-Service HostControllerService
Now wait a few minutes for the content index folder to be re-created.
To verify this worked you can run the same command from before:
SCOM Alerts can be related to SSL certificates and it is worth checking the IIS BackEnd Site Binding to see if the certificate is valid. One example of this is the alert for OutlookRpcDeepTestMonitor. Also note that if the server alerting is getting a “proxying to unknown” error that the Certificate issue is likely on a different Exchange Server.
Open IIS, browse down to Site and Exchange Back End. Click bindings and edit the site bindings on port 444. The site should be bound with the certificate called “Microsoft Exchange”. When you view the certificate I found the certificate being used had an error “The CA Root certificate is not trusted”.
To fix this issue the self signed certificate needs to be exported from the Personal Store and imported into the Trusted Root CA.
Run mmc
Add the Snap-in for Certificates
Browse down to Personal and Certificates and Export the self-signed certificate where the friendly name is “Microsoft Exchange”.
Export it using the format P7B and select the option to “Include all certificates in the certification path if possible”
Name the file and Save it anywhere you like.
Browse down to Trusted Root Certification Authorities and right click Certificates -> All Tasks and Import…
Select the certificate you exported, click next and ensure the certificate is placed in the Trusted Root CA.
Now back to IIS when you view the certificate that is bound to the Exchange Back End Site it should look like this:
Now you need to restart the Exchange Health Manager service MSExchangeHM on the server that reported the issue or restart it across all the Exchange Servers:
1
2
3
4
5
$Servers=Get-ExchangeServer
ForEach($server in$servers){
Write-Host Restarting Health Manager Service on$Server
The SCOM alert for MSExchangeDelivery service is failing due to this exception:
1
2
3
4
5
6
7
8
Microsoft.Forefront.Monitoring.ActiveMonitoring.Smtp.Probes.MailboxDeliveryAvailabilityProbe+MailDeliveryAvailabilityProbeException:Multiple different exceptions
at Microsoft.Forefront.Monitoring.ActiveMonitoring.Smtp.Probes.MailboxDeliveryAvailabilityProbe.CheckAllInstancesForDifferentFailures()
at Microsoft.Forefront.Monitoring.ActiveMonitoring.Smtp.Probes.MailboxDeliveryAvailabilityProbe.DoWork(CancellationToken cancellationToken)
at Microsoft.Office.Datacenter.WorkerTaskFramework.WorkItem.Execute(CancellationToken joinedToken)
at Microsoft.Office.Datacenter.WorkerTaskFramework.WorkItem.<>c__DisplayClass2.<StartExecuting>b__0()
at System.Threading.Tasks.Task.Execute()
It turns out the health mailbox was full and unable to accept new messages.
To resolve this issue I stopped the MSExchange Health Manager service and deleted all the AD accounts for Health Mailboxes. Health Mailboxes can be found in the Monitoring Mailboxes OU which is inside the Microsoft Exchange System Objects OU by default. After removing the AD objects I restarted the health manager service and new health mailboxes are created automatically.
Now the results of the previous command show it was disabled and also the ECP shows the mailbox can be reconnected.
When the mailbox doesn’t have a disconnect date or reason it is still possible to reconnect it to the AD account from the exchange management shell by running:
I was recently asked to determine how much of the mailbox database is taken up by recover deleted items?
It’s good to understand that the recoverable items folder resides in the non-IPM subtree of each mailbox. The non-IPM subtree is a storage area within the mailbox that contains operational data about the mailbox. This subtree isn’t visible to users using Outlook, Microsoft Office Outlook Web App, or other email clients.
With Exchange 2013 this provides the following key benefits:
When a mailbox is moved to another mailbox database, the Recoverable Items folder moves with it.
The Recoverable Items folder is indexed by Exchange Search and can be discovered using In-Place eDiscovery.
The Recoverable Items folder has its own storage quota.
Exchange can prevent data from being purged from the Recoverable Items folder.
Exchange can track edits of certain content.
The Recoverable Items folder contains the following subfolders:
Deletions This subfolder contains all items deleted from the Deleted Items folder. (In Outlook, a user can permanently delete an item by pressing Shift+Delete.) This subfolder is exposed to users through the Recover Deleted Items feature in Outlook and Outlook Web App.
Versions If In-Place Hold or Litigation Hold is enabled, this subfolder contains the original and modified copies of the deleted items. This folder isn’t visible to end users.
Purges If either Litigation Hold or single item recovery is enabled, this subfolder contains all items that are purged. This folder isn’t visible to end users.
Audits If mailbox audit logging is enabled for a mailbox, this subfolder contains the audit log entries.
DiscoveryHolds If In-Place Hold is enabled, this subfolder contains all items that meet the hold query parameters and are purged.
Calendar Logging This subfolder contains calendar changes that occur within a mailbox. This folder isn’t available to users.
If you wanted to know how much data you had in recoverable items you can try the following:
The above shows each of the recoverable item folders for each mailbox
Now I have the total size of all the recoverable items for all the mailboxes in Bytes. Thankfully powershell has an easy way to convert that to GB for me. You don’t need to divide by 1024 then divide by 1024 then divide by 1024 etc. You can copy the result of the Sum and divide it by 1GB.
54GB is the total amount of space used by Recoverable Items.
Now the question came around how much space is taken up by Legal using In-Place Hold. I ran the following command:
I was recently working with a customer who had issues with logging into OWA. The users would get the following error:
Something went wrong
We can’t get that information right now. Please try again later.
X-FEServer: <servername>
Date: 8/3/2017 4:13:24 PM
In the event viewer under the application logs I found the following warnings:
Log Name: Application
Source: MSExchange OAuth
Date: 8/3/2017 11:13:08 AM
Event ID: 2004
Task Category: Configuration
Level: Warning
Keywords: Classic
User: N/A
Computer: <servername>
Description:
Unable to find the certificate with thumbprint EF6392A5E64713AD43598B7A0FF75080964FB096 in the current computer or the certificate is missing private key. The certificate is needed to sign the outgoing token.
To find the existing certificate for which the authentication configuration is looking you can run:
1
2
3
Get-AuthConfig|fl CurrentcertificateThumbPrint
I found that the certificate returned wasn’t listed when I ran the command Get-ExchangeCertificate. I was required to create a new exchange certificate by running the following commands:
1
2
New-ExchangeCertificate-KeySize2048-SubjectName"cn= Microsoft Exchange ACS Certificate"-FriendlyName"Microsoft Exchange Server ACS Certificate"-PrivateKeyExportable$true-Services SMTP-DomainName yourdomain.com
Now to set the AuthConfig to the newly created certificate we need to run the following:
1
2
3
4
$date=get-date
Set-AuthConfig-NewCertificateThumbprint&lt;paste your thumbprint here&gt;-NewCertificateEffectiveDate$date
Set-AuthConfig-PublishCertificate
Now when I check the AuthConfig you can see the update certificate:
