In this case a FIM 2010 Server open a new pssession to an Exchange 2013 server by using an URI including https and Kerberos as authentication method.  

$cred=Get-Credential

$session =New-PSSession-AuthenticationKerberos-ConfigurationNameMicrosoft.Exchange-ConnectionUri'https://<HOSTNAME>/Powershell' -Credential $cred

The combination of Kerberos and 'http://<HOSTNAME>/Powershell'  works.

And also the combination of 'https://<HOSTNAME>/Powershell' and basic authentication.

get-PowerShellVirtualDirectory -server <HOSTNAME>|fl *auth*

CertificateAuthentication     : True
InternalAuthenticationMethods : {Basic}
ExternalAuthenticationMethods : {Basic}
LiveIdNegotiateAuthentication : False
WSSecurityAuthentication      : False
LiveIdBasicAuthentication     : False
BasicAuthentication           : True
DigestAuthentication          : False
WindowsAuthentication         : False
OAuthAuthentication           : False
AdfsAuthentication            : False

The combination of https and Kerberos will bring access denied if I change 'WindowsAuthitication' of 'PowerShellVirtualDirectory' from 'False' to 'True'.

According to this blog 'no authentication is configured by default.' So I had to enable basic authentication first: 

https://justaucguy.wordpress.com/2014/05/21/exchange-2013-remote-powershell-ssl/

Another information which could be important is WSManConfig:

WSManConfig: Microsoft.WSMan.Management\WSMan::localhost\Listener

Type            Keys                                Name
----            ----                                ----
Container       {Transport=HTTPS, Address=*}        Listener_1305953032
Container       {Transport=HTTPS, Address=*}        Listener_874393735
Container       {Transport=HTTP, Address=*}         Listener_1084132640

[PS] C:\Windows\system32>get-Item wsman:\localhost\listener\listener*\port

   WSManConfig: Microsoft.WSMan.Management\WSMan::localhost\Listener\Listener_1305953032

Type            Name                           SourceOfValue   Value
----            ----                           -------------   -----
System.String   Port                                           5986

   WSManConfig: Microsoft.WSMan.Management\WSMan::localhost\Listener\Listener_874393735

Type            Name                           SourceOfValue   Value
----            ----                           -------------   -----
System.String   Port                                           443

WSManConfig: Microsoft.WSMan.Management\WSMan::localhost\Listener\Listener_1084132640

Type            Name                           SourceOfValue   Value
----            ----                           -------------   -----
System.String   Port                                           5985

I have no idea why Kerberos authentication does not work here.

Soheil

inherited a exchange 2013 setup that's labeling incoming email as "Forward report: 5.7.5 (Cryptographic failure)". The email makes it to the user as a attachment. The senders are from hotmail.com, sbcglobal.com, and other big email providers.

The forward message says

"Reason: Cryptographic failure

A transport system otherwise authorized to validate or decrypt a message in transport was unable to do so because necessary information such as key was not available or such information was invalid.

Additional info:

The message has an invalid DKIM-Signature"

Is there a way to disable this and just receive the email directly?

Hi,

I have a problem where Event ID 3028 Source MSExchangeApplicationLogic is beeing logged every 6 hours with 4 same type of events. Here is the log:

Scenario: ProcessKillBit. Failed to read killbit list file because of exception System.IO.IOException: The process cannot access the file 'C:\Program Files\Microsoft\Exchange Server\V15\ClientAccess\owa\prem\15.0.995.29\ext\killbit\killbit.xml' because it is being used by another process.
   at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
   at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy, Boolean useLongPath, Boolean checkHost)
   at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String msgPath, Boolean bFromProxy)
   at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share)
   at System.IO.File.Open(String path, FileMode mode, FileAccess access, FileShare share)
   at Microsoft.Exchange.Data.ApplicationLogic.Extension.KillBitHelper.TryReadKillBitFile(Int32& refreshRate, DateTime& lastModifiedTime)

The environment is single virtual MS Exchange 2013 server running on Windows 2012 R2. DC is running on a separate server.

I can't seem to find any articles or blogs relating to this issue.

Thanks for any help.

We have an Exchange 2013 / Hybrid O365 deployment.  We have most mailboxes migrated to Office 365 and have Exchange Online Archive enabled.

Many users have large mailboxes, so we changed the default Retention Policy to only have 1 retention tag, which moves all email older than 1 year to the Archive.

Any other suggestions for retention tags to add to the Default MRM Policy?  Best practices?

Hello,

Does anyone know if Exchange 2010 SP3 Rollup 14 is compatible with Server 2012 R2?  I have searched for an answer on this and cant find anything current.   I will be installing a fourth cas server in our Exchange environment and would like to install it on Server 2012 R2, which leads me to my next question.  Can I have mixed OS versions (e.g. 3 CAS servers running Server 2008 R2 and 1 CAS server running Server 2012 R2)?

Thank you,

Kristine

Kristine

I run get-ServerHealth -identity "ServerName" | Where {$_.AlertValue -eq "Unhealthy"} | FL Server,Name,HealthSetName
Result:
Server : Servername
Name  : SmtpProxyEhloOptionsDoNotMatchContinueProxyingMonitor
HealthSetName : HubTransport

Next Run:
Invoke-MonitoringProbe  HubTransport\SmtpProxyEhloOptionsDoNotMatchContinueProxyingMonitor -Server ServerName | Format-List

Which results in:
WARNING: Could not find assembly or object type associated with monitor identity 'HubTransport\SmtpProxyEhloOptionsDoNotMatchContinueProxyingMonitor'. Please ensure that the given monitor identity exists on the server.

- So if the monitor doesn't exist...how can it be reported as unhealthy??

Any ideas how to solve this piece of meat?
Brett

I disabled or removed one exchange account and want to reconnect it,

after update-storemailboxstate -database comman on the mailbox , i find the key of disconnectreason is null, and the account can not be find in ECP.

Is there any other method to change the disconnectreason ,or reconnect it 

Hello,

I'm getting intermittent application errors on the EventViewer of our mail server.

Due to the erratic nature of when the errors appear I would like to be able to establish which email message is triggering the event.

I'm trying to match up exchangle logs with event times but I could do with something more specific.

Is this possible?

Cheers,

Lee 

I am using Exchange 2010 but could not easily find the category for Exchange 2010. 

I have two old archive databases that I created 3 years ago in hopes that my users would start using the archiving functionality in Exchange 2010.  We tinkered with it but it never caught on and my users still backup email to pst files.  Anyway I want to remove both archive databases.  When I look at the EMC I don't have anyone that is assigned an archive database.  I can't see where they are being used at all.  I used to back them up using Windows Server Backup but I don't back them up any more because they are not being used.  Anyway I want to remove the archive databases.  What do I need to check or verify before I remove them?  thanks

Hello everyone,

In order to troubleshoot some IMAP issues we have, I have just enabled IMAP4 Logging Protocol on our CAS server (Exchange 2013).

However, looking at the log(s), I do not see anything useful, because it only logs "Open Session", "Close Session" for the IMAP connection.

Is there anyway to reconfigure IMAP4 protocol logging to get more details? Like receiving message, sending message, importing and so on?

Thank you,

Sava,

Hello All,

I could see the below logs, I am interested in EWS logs, I am working on troubleshooting an application issue which uses EWS.

When I look at the logs (EWS logs) inside EWS folder, I could see the logs only for last 1 day. How can I make sure that I have the logs for the last 2 or 3 days, Can I change this log retention some where in Exchange using some command ?

Since upgrading to Exchange 2013 from 2007 I see that admin rights come from membership in the management role groups, such as Organization Management. However, I also see that the legacy groups, such as Exchange Organization Administrators and Exchange Recipient Administrators still exist in the Microsoft Exchange Security Groups container in AD.

Are those groups still needed and, if so, what are they used for?

Thank you.

Kenny

Hi guys!

David Soares MCTS:MBS - MCTS - MCITP

HI; We have One Exchange Server 2010 in our organization; there are some problems:

When I open Exchange Management Shell:

When I open Exchange Management Console:

the outlook client can't set automatically exchange users mailbox and the outlook says not responding; but IMAP and SMTP Service already worked; but other outlook clients that add exchange account before the exchange problem already works fine.

we have another site in exchange IIS and I Delete that and uninstall 3 program plugins that uses for IIS for Other website. after that we have this problem.

and the powershell if I use: 

add-pssnapin Microsoft.Exchange.Management.PowerShell.E2010
command works fine for configuring exchange and other things.

how can I fix that?

Server: Exchange 2013 Standard fully updated

Journal mailbox: local journal mailbox

Journal type: Standard (journal mailbox configured as journal destination of mailbox database)

Archiving software: on-premises application that downloads mail from journal mailbox and archives it in a repository

This setup has been working fine for years.

Problem: I wanted to test an external mail archiving software so I added a journal rule for all mail (inbound, outbound and internal) with destination to archive@externalservice.com (i.e. both journal standard and premium being actives at a time).

At first, it seemed to work fine archiving the same mails in both local journal mailbox & external service. But in fact we have confirmed some emails are not being archived.

First question: Is it possible to have both Standard & Premiun journal working at a time?

After that, we removed the journal rule (Premium) expecting Standard journal works fine again, however it is still not archiving some emails and we think they're not being copied to journal mailbox.

Note: it looks like the non-archived items are almost always from same senders.

How can I debug journal operations item-level?

FYI, we have confirmed same problem in Exchange 2016

Good Morning,

I have two situations with archive that are generating me problems.

Currently I have the Exchange Server 2016 .

When I use the Get -Mailbox -Database db -archive command does not return anything to me .

But if I use the Get- MailboxDatabase command | Get- Mailbox | { $_.ArchiveDatabase -eq "db"} it returns me the appropriate boxes.

The other problem it comes to moving the archive .

I'm doing a cross forest migration procedure when I do move the remote forest to mine, I can do normally , but when I do move the location of the archive only when the error in the end:

30/08/2016 09:34:16 [mail]
'domain.com/users/administrator'
created move request.
30/08/2016 09:34:21 [mail] The Microsoft Exchange Mailbox Replication
service 'mail.domain.com' (15.1.225.37 caps:7FFF) is examining the
request.
30/08/2016 09:34:21 [mail] Connected to target mailbox
'GUIDMAILBOX (Archive)', database 'archive',
Mailbox server 'mail.domain.com' Version 15.1 (Build 225.0).
30/08/2016 09:34:21 [mail] Sync state for request
638bfd14-c387-48b1-ac1e-76bdc901c614 is null.
30/08/2016 09:34:21 [mail] Restarting the move because checkpoint data
doesn't exist or is invalid in 'GUIDMAILBOX
(Archive)'.
30/08/2016 09:34:21 [mail] Connected to source mailbox
'GUIDMAILBOX (Archive)', database 'archivesource',
Mailbox server 'mail.domain.com' Version 15.1 (Build 225.0).
30/08/2016 09:34:21 [mail] Request processing started.
30/08/2016 09:34:21 [mail] Source archive mailbox information:
Regular Items: 13, 1.179 MB (1,235,862 bytes)
Regular Deleted Items: 552, 190.2 MB (199,398,229 bytes)
FAI Items: 1, 4.86 KB (4,977 bytes)
FAI Deleted Items: 0, 0 B (0 bytes)
30/08/2016 09:34:21 [mail] Cleared sync state for request
GUIDMAILBOX due to 'CleanupOrphanedMailbox'.
30/08/2016 09:34:21 [mail] An old copy of the mailbox was removed from
the destination database. The operation will try again in 30 seconds.
30/08/2016 09:34:56 [mail] Stage: CreatingFolderHierarchy. Percent
complete: 10.
30/08/2016 09:34:56 [mail] Initializing folder hierarchy from mailbox
'GUIDMAILBOX (Archive)': 59 folders total.
30/08/2016 09:34:56 [mail] Folder creation progress: 0 folders created in
mailbox 'GUIDMAILBOX (Archive)'.
30/08/2016 09:34:57 [mail] Folder hierarchy initialized for mailbox
'GUIDMAILBOX (Archive)': 58 folders created.
30/08/2016 09:34:57 [mail] Stage: CreatingInitialSyncCheckpoint. Percent
complete: 15.
30/08/2016 09:34:57 [mail] Initial sync checkpoint progress: 0/59 folders
processed. Currently processing mailbox 'GUIDMAILBOX
(Archive)'.
30/08/2016 09:34:57 [mail] Initial sync checkpoint completed: 57 folders
processed.
30/08/2016 09:34:57 [mail] Stage: LoadingMessages. Percent complete: 20.
30/08/2016 09:34:58 [mail] Messages have been enumerated successfully.
566 items loaded. Total size: 191.3 MB (200,634,091 bytes).
30/08/2016 09:34:58 [mail] Stage: CopyingMessages. Percent complete: 25.
30/08/2016 09:34:58 [mail] Copy progress: 0/566 messages, 0 B (0
bytes)/191.3 MB (200,634,091 bytes), 51/59 folders completed.
30/08/2016 09:35:49 [mail] Copying messages is complete. Copying rules
and security descriptors.
30/08/2016 09:35:50 [mail] Initial seeding completed, 566 items copied,
total size 191.3 MB (200,634,091 bytes).
30/08/2016 09:35:50 [mail] Stage: IncrementalSync. Percent complete: 95.
30/08/2016 09:35:50 [mail] Folder hierarchy changes reported in source
'GUIDMAILBOX (Archive)': 0 changed folders, 0
deleted folders.
30/08/2016 09:35:50 [mail] Incremental Sync
'GUIDMAILBOX (Archive)' completed: 0 hierarchy
updates, 0 content changes.
30/08/2016 09:35:50 [mail] Stage: IncrementalSync. Percent complete: 95.
30/08/2016 09:35:50 [mail] Final sync has started.
30/08/2016 09:35:50 [mail] Folder hierarchy changes reported in source
'GUIDMAILBOX (Archive)': 0 changed folders, 0
deleted folders.
30/08/2016 09:35:50 [mail] Incremental Sync
'GUIDMAILBOX (Archive)' completed: 0 hierarchy
updates, 0 content changes.
30/08/2016 09:35:50 [mail] Source archive mailbox information:
Regular Items: 13, 1.179 MB (1,235,862 bytes)
Regular Deleted Items: 552, 190.2 MB (199,398,229 bytes)
FAI Items: 1, 4.86 KB (4,977 bytes)
FAI Deleted Items: 0, 0 B (0 bytes)
30/08/2016 09:35:50 [mail] Stage: FinalIncrementalSync. Percent complete:
95.
30/08/2016 09:35:50 [mail] Copying per user read/unread data.
30/08/2016 09:35:50 [mail] Per user read/unread data copied successfully.
30/08/2016 09:35:50 [mail] Mailbox store finalization is complete.
30/08/2016 09:35:50 [mail] SessionStatistics updated.
30/08/2016 09:35:50 [mail] Verifying mailbox contents...
30/08/2016 09:35:50 [mail] Mailbox contents verification complete: 57
folders, 566 items, 191.3 MB (200,634,091 bytes).
30/08/2016 09:35:50 [mail] Mailbox 'user' was loaded from
domain controller 'dc.domain.com'.
30/08/2016 09:35:50 [mail] Fatal error CommandExecutionException has
occurred.

Thanks.

Back on our Exchange 2003 server, I had a conference room calendar (resource mailbox) managed by a couple of users but which (if I recall correctly) allowed everyone to submit scheduled items and which was visible to everyone. Several months back, I migrated from Exchange 2003 to 2010 and then to 2013. Now I cannot figure out how to make that calendar visible to everyone. Unlike Exchange 2003, there is no longer a public folders DB (not sure if that bit of information is even relevant, since I cannot recall now how I made the resource box available to users).

When I log on as one of the mailbox managers, then go to File → Account Settings and manually add it, I see the entire resource mailbox, replete with an Inbox and Deleted Items. Users need to see the calendar only, and what I see in that Inbox & Deleted items brings up the issue of what I am missing--I thought those would be managed automatically.

What am I missing here?

I'm wondering if anyone else is seeing this.

I continuously see mail for "MapiSubmitLAMProbe" queing up with an error of  "ambiguous address".  Sure enough, if I look at my health mailboxes, there are several with the same proxy address and/or LegacyExchangeDN (ie - I'll have 3 Health mailboxes with a Primary SMTP address of SMTP:_1d4837@domain.com).  So, I'll manually change these, and things will be good for a few days - and then I'll see mail queuing again, because of Health Mailboxes having ambiguous addresses again.

I have deleted the Health Mailboxes and let them automatically recreate by restarting the health service, and this has not rectified the issue.

Is/has anyone else seen this issue?  I can't figure out HOW Exchange would even allow something to be created with an ambiguous address

TAG