Quantcast
Channel: Exchange Server 2013 - Administration, Monitoring, and Performance forum
Viewing all 9032 articles
Browse latest View live

Can't find the organizational unit that you specified. Make sure that you have typed the OU's identity correctly.

May 6, 2014, 12:02 am
$
0
0

Hello,

I recently installed a new Windows Server 2012 R2 environment with Exchange Server 2013.

The following error occurs when i double click a user in the Exchange Admin Center:

Can't find the organizational unit that you specified. Make sure that you have typed the OU's identity correctly.

I know there is already a question about this error, but it differents from my error.

Some things i notice:

  • User Logon name: Name is specified correctly
  • DNS Suffix is missing here. I can not use the drop down menu as it is blanc.

When i click on "More options" i can see the Organizational unit without problems.

If i use the AD to create a new user, go to ECP and create new mailbox to existing user, this works without problems.

I can not update any info on the new or existing users though.

I then get the error:

error

Property expression "Test@" isn't valid. Valid values are: Strings that includes '@', where '@' cannot be the last character

I hope someone can help me on this one.

Thanks in advance.

------------------------------------------------------------------------------------------

Update,

When i run Get-UserPrincipalNamesSuffix-OrganizationalUnit"miegrouphq.intra/users"i get back MIEGROUPHQ.intra, so it seems that works.

With kind regards, René de Meijer. MIEGroup.


Search

Distribution Groups

June 16, 2016, 8:53 am
$
0
0

Exchange 2013 CU12 in a Hybrid Environment

I am trying to create a new distribution group in the Enterprise portal on my Exchange server.  I am trying to browse out to the OU's in my domain but none of them are visible.  Since we are in a Hybrid configuration these have to be created on-prem so that mail routing is added.  I can create the DL and it will put the group in the default users OU at the top level domain in the forest but when I try to send email from outside to this DL it gets bounced back saying that the address cannot be found.  Once the address has synced with Office 365 it creates the SMTP address as groupname@domain.mail.onmmicrosoft.com

How can I browse out to view the OU's in my domains?

Event 12014, MSExchangeTransport

June 16, 2016, 10:54 pm
$
0
0
Hello,
I do get and error in event log:
Microsoft Exchange could not find a certificate that contains the domain name smth.name.lt in the personal store on the local computer. Therefore, it is unable to support the STARTTLS SMTP verb for the connector sendconnector with a FQDN parameter of smth.name.lt. If the connector's FQDN is not specified, the computer's FQDN is used. Verify the connector configuration and the installed certificates to make sure that there is a certificate with a domain name for that FQDN. If this certificate exists, run Enable-ExchangeCertificate -Services SMTP to make sure that the Microsoft Exchange Transport service has access to the certificate key.

All certificates of exchange server is valid and not expired. When I do get this error, and if any one tries to send mail - outlook hangs. How to deal with this error?

Move request failed with TimeoutErrorTransientException error on 25%

June 17, 2016, 2:12 am
$
0
0

Hi!

I have trouble with moving mailbox between two sites across slow WAN-channel.

I have two sites with Exchange 2013 CU10 servers. Sites connected slow WAN-ling with average delay 536ms.

Move-request success complete then mailbox with 1-2 Mb totalItemSize and failed them totalItemSize more that 50MB.

From get-moverequestStatistics -includeReport i have failures:

'net.tcp://servername/Microsoft.Exchange.MailboxReplicationService.ProxyService servername (15.0.1130.5 caps:1F7FFFFFCB07FFFF)' timed out. Error details: This request operation sent to net.tcp://vmshqex02.npr.nornick.ru/Microsoft.Exchange.MailboxReplicationService.ProxyService did not receive a reply within the configured timeout (00:00:50).  The time allotted to this operation may have been a portion of a longer timeout.  This may be because the service is still processing the operation or because the service was unable to send a reply message.  Please consider in creasing the operation timeout (by casting the channel/proxy to IContextChannel and setting the OperationTimeout property) and ensure that the service is able to connect to the client.--> This request operation sent to net.tcp://servername/Microsoft.Exchange.MailboxReplicationService.ProxyService did not receive a reply within the configured timeout (00:00:50).  The time allotted to this operation may have been a portion of a longer timeout.
This may be because the service is still processing the operation or because the service was unable to send a reply message.  Please consider increasing the operation timeout (by casting the channel/proxy to IContextChannel and setting the OperationTimeout property) and ensure that the service is able to connect to the client.

Google take me link to post in Exchange Blog about such problem while migrate between E2010 and EOnline. In the post i read that i should increese timeout in EWS web.config, but in E2013 EWS web.config not contains MRSProxyConfiguration section. I find this section in MailboxReplication Service config (MsExchangeMailboxReplication.exe.config) increase timeout up to 20minut, restart servers, but this not help.

Also in MsExchangeMailboxReplication.exe.config exist section "client"

<client>
      <!-- 
          MrsProxyClientHttpsEndpoint:    End point for E14 CAS or E15 CAFE connections.
          MrsProxyClientTcpEndpoint:      End point for connectiong to mrs proxy service without CAFE with tcp.
          MrsProxyClientMrsHttpsEndpoint: End point for connectiong to mrs proxy service without CAFE with https.
      --> 
      <endpoint 
          name="MrsProxyClientHttpsEndpoint" 
          address="https://RemoteHostName/EWS/mrsproxy.svc" 
          binding="customBinding"
          bindingConfiguration="MrsProxyClientHttpsBinding"
          contract="Microsoft.Exchange.MailboxReplicationService.IMailboxReplicationProxyService"
          behaviorConfiguration="MrsProxyEndpointBehavior"/>
      <endpoint
          name="MrsProxyClientMrsHttpsEndpoint"
          address="https://RemoteHostName/Microsoft.Exchange.MailboxReplicationService.ProxyService"
          binding="customBinding"
          bindingConfiguration="MrsProxyClientHttpsBinding"
          contract="Microsoft.Exchange.MailboxReplicationService.IMailboxReplicationProxyService"
          behaviorConfiguration="MrsProxyEndpointBehavior"/>
      <endpoint
          name="MrsProxyClientCertEndpoint"
          address="https://RemoteHostName/Microsoft.Exchange.MailboxReplicationService.ProxyService/Cert"
          binding="wsHttpBinding"
          bindingConfiguration="MrsCertBinding"
          contract="Microsoft.Exchange.MailboxReplicationService.IMailboxReplicationProxyService"
          behaviorConfiguration="MrsProxyEndpointBehavior"/>
      <endpoint 
          name="MrsProxyClientTcpEndpoint
          address="net.tcp://RemoteHostName/Microsoft.Exchange.MailboxReplicationService.ProxyService" 
          binding="netTcpBinding"
          bindingConfiguration="MrsProxyClientTcpBinding"
          contract="Microsoft.Exchange.MailboxReplicationService.IMailboxReplicationProxyService"
          behaviorConfiguration="MrsProxyEndpointBehavior"/>
</client>

in error message i see address net.tcp://servername/Microsoft.Exchange.MailboxReplicationService.ProxyService, that like address "net.tcp://RemoteHostName/Microsoft.Exchange.MailboxReplicationService.ProxyService" in MrsProxyClientTcpEndpointendpoint in <client> section. There are use bindingConfiguration MrsProxyClientTcpBinding that have own timeout:

<binding
          name="MrsProxyClientTcpBinding"
          maxReceivedMessageSize="100000000"
          receiveTimeout="00:20:00"
          sendTimeout="00:20:00"
  transactionFlow="false"
          transferMode="Buffered" >          
          <readerQuotas maxDepth="256"
                  maxStringContentLength="35000000"
                  maxArrayLength="35000000"
                  maxBytesPerRead="4096"
                  maxNameTableCharCount="16384" />         
          <security mode="Transport">
            <transport
              clientCredentialType="Windows"
              protectionLevel="EncryptAndSign" />
          </security>

        </binding>  

as you can see i increase receive and send timeout up to 20 min, but also this not help.

Move request continue fail on 20-25% with same error and in error's message timeout 50 sec, as previously.

Inside sites move request execute success. But beetwen two sites they failed. I try both direction, defferent mailbox database as source and target database, different mailbox.

Sorr for my english. Can someone help me?


MessageTrackingLog not showing correct results

June 8, 2016, 6:35 am
$
0
0

I am trying to find out when a set of users has last sent and received an email. In my search for the right command, I can see that I not always get the right result. 

As an example:

Get-TransportService | Get-MessageTrackingLog -Recipients me@domain.com -EventId deliver | sort TimeStamp -Descending | select -First 1|fl

This returns:

Timestamp               : 09-05-2016 16:25:29

However, if I specify the -Sender I get the correct result:

Timestamp               : 08-06-2016 15:00:02

Is there any other way to get this task done from the Shell?

Logging logon failures in Event Log that concern me

June 17, 2016, 8:53 am
$
0
0

I'm getting a lot of Event 4625, which is a logon failure. The logon Subject user account on these failures is the my Exchange server. The target account is a Null SID with no name. The error says that the account is disabled.

I will post the entire error message below, but it seems odd that our server couldn't talk to itself.  I am concerned about what is causing this and what side effects it may have.

Note that we are not experiencing any particular problem with our mail flow.  I found this by accident while looking for something else.

An account failed to log on.

Subject:
	Security ID:		SYSTEM
	Account Name:		EX-2013-SRV$
	Account Domain:		OURDOMAIN.COM
	Logon ID:		0x3E7

Logon Type:			3

Account For Which Logon Failed:
	Security ID:		NULL SID
	Account Name:
	Account Domain:

Failure Information:
	Failure Reason:		Account currently disabled.
	Status:			0xC000006E
	Sub Status:		0xC0000072

Process Information:
	Caller Process ID:	0x1240
	Caller Process Name:	C:\Windows\System32\inetsrv\w3wp.exe

Network Information:
	Workstation Name:	EX-2013-SRV
	Source Network Address:	-
	Source Port:		-

Detailed Authentication Information:
	Logon Process:		Authz
	Authentication Package:	Kerberos
	Transited Services:	-
	Package Name (NTLM only):	-
	Key Length:		0

This event is generated when a logon request fails. It is generated on the computer where access was attempted.

The Subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The Logon Type field indicates the kind of logon that was requested. The most common types are 2 (interactive) and 3 (network).

The Process Information fields indicate which account and process on the system requested the logon.

The Network Information fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
	- Transited services indicate which intermediate services have participated in this logon request.
	- Package name indicates which sub-protocol was used among the NTLM protocols.

Exchange 2013 unable to access ECP | 403 Sorry Access Denied

June 17, 2016, 12:09 am
$
0
0

Hi All,

Not sure what happened overnight but I am not able to access Exchange 2013 ECP and I am getting

403 Sorry! Access Denied ! error. I don't see any error being logged in application.

I am not able to connect to exchange management shell either and getting the following error. I can connect to the shell by importing pss snapin using native powershell however we need access to ecp restored.

VERBOSE: Connecting to cas01.domain.com.
New-PSSession : [cas01.domain.com] Processing data from remote server
cas01.domain.com failed with the following error message: [AuthZRequestId=c
b0430fd-a11a-4d3a-9b95-931d223b4773][FailureCategory=AuthZ-CmdletAccessDeniedEx
ception] The operation couldn't be performed because 'domain\exchadmin' couldn't
be found. For more information, see the about_Remote_Troubleshooting Help
topic.
At line:1 char:1
+ New-PSSession -ConnectionURI "$connectionUri" -ConfigurationName
Microsoft.Excha ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~
    + CategoryInfo          : OpenError: (System.Manageme....RemoteRunspace:Re
   moteRunspace) [New-PSSession], PSRemotingTransportException
    + FullyQualifiedErrorId : IncorrectProtocolVersion,PSSessionOpenFailed

The account does exist.

I cam across this article https://support.microsoft.com/en-sg/kb/2898571 and ensured that exchange/casservers are not member of any of the following groups or group which is member of these groups.

Note Typically, this issue occurs if a computer object is added to a group that is denied thems-Exch-EPI-Token-Serialization user right. By default, the following groups are denied the ms-Exch-EPI-Token-Serialization user right:

  • Domain Admins
  • Schema Admins
  • Enterprise Admins
  • Organization Management

When I ran the following command, I get the below output but what does that output means (is it expected or something is not right here), I don't see CAS01 being member of below listed groups.

Get-ADPermission -Identity CAS01 | where {($_.ExtendedRights -like "ms-Exch-EPI-Token-Serialization") -and ($_.Deny -like "True")} | ft -autosize

Identity                User                         Deny Inherited
--------                ----                         ---- ---------
CAS01               Domain\Domain Admins           True True     
CAS01               Domain\Organization Management True True     
CAS01               Domain\Schema Admins           True True     
CAS01               Domain\Enterprise Admins       True True     
CAS01\CAS01   Domain\Domain Admins           True True     
CAS01\CAS01   Domain\Organization Management True True     
CAS01\CAS01   Domain\Schema Admins           True True     
CAS01\CAS01   Domain\Enterprise Admins       True True

I would appreciate if someone can help me get this issue resolved.

Regards, Navdeep

Deny sending external Mails in exchange 2013

June 19, 2016, 5:46 am
$
0
0

Dear All,

I am using Exchange 2013 CU10 and i want to deny sending external mails for few users..Please suggest how to achieve this.

Thanks in advance.

Thank

Dravil

Search

Providing administrator(s) full mailbox access to all mailboxes (database) not working

February 22, 2013, 10:36 am
$
0
0

I'm setting up a new Exchange 2013 org.  Everything is pretty fresh, only a few mailboxes have been added for testing.

I've added this permission, to provide full access to all the mailboxes in the database:

Get-MailboxDatabase -identity “Mailbox Database” | Add-ADPermission -user netadmin -AccessRights GenericAll -ExtendedRights Receive-As, Send-As
.
I've verified the permission in ADSI Edit.

I have verified the permission in the recipient's mailbox delegation properties. 

However, while logged into OWA using the admin account, if I try to open another user's mailbox from OWA, I just get a sad face that says "Something went wrong :( " .

Any ideas? I've tried resetting the owa virtual directory...reset IIS, rebooted several times, no luck.

Thanks

can a shared mailbox be pop3 enabled?

June 20, 2016, 9:16 am
$
0
0
A shared mailbox in exchange 2010 by default has no password associated with it. Can a shared mailbox be pop3 enabled? How do i test a pop3 enabled account? Our exchange servers have POP3 service started

Connection dropped on the hub servers

June 7, 2016, 11:43 am
$
0
0

Hello,

We have an exchange 2010 environment with two sites, Let's say one in Chicago and the other one in Delhi. When users send messages within the same site with attachments below the size limit on the hub transport servers, The messages go through fine. However between sites the message get stuck in the queue with error 421 4.4.2 Connection dropped due to ConnectionReset and eventually get NDR after the retry threshold. I enabled verbose traffic on the hub servers but I am seeing any entry on the smtperceive logs what so ever. My next plan is to run wireshark or netmon but Not sure what to look for. Any one has had this issue before?

Sending Emails from a Third Party Application

June 20, 2016, 2:13 pm
$
0
0

I am trying to send emails to external email addresses through our helpdesk software but it keeps failing. When I reply to emails from internal company addresses they send fine.

The error message I am receiving is SMTPAddressFailedException: 550 5.7.1 Unable to relay.

Any ideas?


Event ID 36888 Exchange 2013 Schannel error

June 20, 2016, 5:49 pm
$
0
0

Exchange 2013 CU6 (15.0.995.29) is running on Server 2012 R2

started logging Schannel errors very frequently (8 errors every minute) in the system event log.

System performance is degraded 

If issue IISRESET /STOP, the errors stop.

If I disable the NIC the errors stop.

"A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10."

What approach could be used to identify the root cause of this error?

disabled account's disconnectreason is null

June 21, 2016, 9:24 am
$
0
0

I disabled or removed one exchange account and want to reconnect it,

after update-storemailboxstate -database comman on the mailbox , i find the key of disconnectreason is null, and the account can not be find in ECP.

Is there any other method to change the disconnectreason ,or reconnect it 


Set primary SMTP address as UPN suffix

June 21, 2016, 6:33 am
$
0
0

i need a powershell command to find users who has mailbox on exchange server with spesific UPN suffix life - user1@contoso.com.

and then i need other command line it should be ; Check primary SMTP address on AD attiribute and set it as UPN suffix.

how can i do that ?


Search

Transfer Rule not work

July 11, 2016, 11:48 pm
$
0
0


New-TransportRule -name spoof2  -SubjectOrBodyContainsWords blablabla -PrependSubject "blaaaaa"

case1: if the message is forwarded message. 

case2: if keyword with "" , like "blablabla"


delete specific folder on a user mailbox exchange 2013

July 12, 2016, 7:02 am
$
0
0

I meet a Lync bug the lync contact is duplicate with 3 thousand contacts record and the contact folder is read only, it can't delete on outlook client, even I disconnect the connection between Lync client to outlook client. It need delete on OWA mode.

I run the below exchange powersehll with export-mailbox which died already on exchange 2013.

get-mailbox -Identity name | Export-mailbox -DeleteContent -IncludeFolders "\Inbox"

Any advise?

Thanks.

Equipment calendar doesn't accept invitations

July 12, 2016, 7:18 am
$
0
0

Hello,

We have some equipment mailboxes in our on-premises Exchange 2013 server and a couple of days ago I changed the booking delegate of one of them. Since then, people cannot invite the equipment anymore: I tried to remove the delegate, selecting the automatically accept feature, put myself as a delegate, change the mailbox type to Standard and to Room, updating calendar permission, but still nothing.
Basically, when a user invites the equipment, nothing happens: no reply, no event in the calendar, no notification to the delegate.

Do you have any idea, please?

Thank you,
Luca

Multiple Hosted Connection Filter Policies in the Exchnage Online

July 13, 2016, 3:38 am
$
0
0

Hello, 

I'm looking for correct way to add my IP address to white list on tenant. 

I found a cmdlet New-HostedConnectionFilterPolicy which allows to create a new policy with new set of IP addresses. I found that i can have a few connection policies. And i found no way to specify policy scope etc.

The question is : if i have multiple connection filter policies how is it calculated effective policies set? Is it enough to add my IP to default connection policy and can it  be overridden by another policy?

For example:

I have a three policies:

  • Default - empty
  • MyIpAlloweed - ip 1.1.1.1 in white list
  • MyIpDisallowed - ip 1.1.1.1 in black list

How it will works?

Thank You!

ECP not retrieving all my OUs when creating new mailboxes

September 5, 2013, 2:01 am
$
0
0

Hello,

In EAC, when I want to create a new standard mailbox, shared mailbox, Group, ... I can't see all organizational unit of my active directory. And if I use search in the "OU selection" Pop-up it can't find OU that are not showed in the list. In EMS I have no problems for creation of mailbox in that OU.

We have Exchange 2013 CU2v2, and I use an admin user member of "Organization Management".

Is anyone can help me ?

Viewing all 9032 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>