Quantcast
Channel: Exchange Server 2013 - Administration, Monitoring, and Performance forum
Viewing all 9032 articles
Browse latest View live

Is it possible to create my own "Certification Authority-Signed Certificate" for Exchange 2013?

July 9, 2018, 11:28 am
$
0
0

Hello,

I have a coworker who is supposed to be knowledgeable in Exchange 2013, and although I myself am not knowledgeable in Exchange 2013, something he's telling me doesn't seem right, so I'm posting here as a sanity check.

We have a single Exchange 2013 server, and it doesn't have any secure connections of any sort to any other exchange servers or domains in the outside world - connections to client Outlook 2013 instances is done only on the local domain/network.  In the Exchange Administration Center's "Certificates" section, we have a Certification Authority-Signed Certificate that is expiring on August 13 this year:

You can't see it in the screenshot, but the certificate is assigned to the IMAP, POP, IIS, and SMTP services.

I also can see errors in the Event Logs, for this particular certificate:

My coworker says, in order for this certificate to be renewed, we have to go through a process described in the below link; basically we have to send a file to a third party and have it approved:

https://practical365.com/exchange-server/renewing-an-ssl-certificate-for-exchange-server-2013/

However, what doesn't make sense to me, is in my first above screenshot of the Exchange Admin Center, on the right hand side of it, the "Issuer" field which I've blanked out, that value is the name of our domain controller.  So, that field looks like:

CN=DomainControllerName-CA

So, to me, I would think an Issuer would be the entity that actually created ("issued") and signed/approved the certificate.  Meaning that our Domain controller issued the certificate in this case, which means that we can generate the certificate and have it ready for use ourselves.

But, I could be wrong on that.  Perhaps "Issuer" doesn't mean what I think it does.

So, my question is - is it possible for us to totally renew this certificate ourselves without involving a third party, or do we indeed have to go through the process outlined in that "practical365.com" link I put earlier?  If it's possible to renew this certificate from start-to-finish ourselves, can someone link me to a step-by-step guide I can show my coworker?

Thanks for your time.




Search

System mailbox Delete

July 5, 2018, 4:37 pm
$
0
0

I am migrating to 2016 from 2013. During this process I mistakenly added a 2012 server with exchange 2016. To get the job done, I just created 2 new 2016 servers and moved on. Now I am cleaning up my 2013 environment, and I find I can't remove/delete the 2012 server, because it has a mailbox on it, and it is listed as a SYSTEM{1234}.

Normally I understand the answer to deleting the SYTEM mailbox's is HELL NO!

But, all the arbitration mailboxes have been moved, and the command

Get-Mailbox -Arbitration | fl name,servername,Database,PersistedCapabilities

this mailbox is NOT listed.  I tried moving it anyway to be safe, but it will not move.  I did dismount the DB with no ill effects, and this is the last mailbox to be handled

So,

1) is this safe to delete? 

2) and if not, then how do I remove this server from the farm/cluster

BlankMonkey

Self Signed Certificate

June 29, 2018, 10:23 am
$
0
0
May I know whether there is any draw back to use a self signed certificate? Thanks.

mailbox database usage

July 9, 2018, 9:05 pm
$
0
0

Dear Forum,

we have one concerned about mailbox database usage. after disable some mailbox users space is still keep eating size. so could u check how to clean up disable mailbox user to gain more space on DB. did someone have experience  on this? thanks Advance.

cannot connect outlook to exchange 2013 server with server 2012 after new exchange 2013 installation

July 8, 2018, 6:25 pm
$
0
0
I have just done a fresh installation of Windows server 2012R2 Standard and have also successfully set up Exchange 2013 SP1 standard Edition.  I have tested Mail delivery in outlook web access via web browser and it is all working.  However when trying for the first time to setup outlook profile to connect via exchange client from a laptop which is also on the same internal network or domain as the new server, it gives the first two tests; Green ticks (Establishing Network Connection and Searching for "user@domain" settings). But on the Last Test "Logging onto the Mail Server"  I always get the following error message "The Connection to Microsoft Exchange is unavailable, Outlook must be online or connected to complete this action."  I can successfully ping the server name and IP address so there are no network connectivity issues.  I have a feeling the problem is with Exchange 2013 Config as from the same machine I can connect to other exchange 2010 server with no problem.  Please Help! 

Cutover mailboxes to be linked back to on-prem

July 3, 2018, 11:05 pm
$
0
0

I have a customer running E2013 who installed Azure AD connect, synced identities to the cloud & then did a cut-over migration of all their mailboxes to O365.

They planned to use ADSIEDIT to modify any attributes ( i know its not supported by Microsoft ) and assumed they dint need an exchange server on-premise.

a month after they did this, they realized the pains of using ADSIEDIT and decided they want to switch-over to hybrid. ( old mailboxes are still present in the exchange server which is kept shutdown.

Questions: how can we connect the Ad accounts with exchange attributes to the O365 mailboxes which were cut-over previously ?

removing old exchange server

July 2, 2018, 7:36 am
$
0
0
we have 2010 exchange server in place and want to remove a 2007 exchange server. We have moved all mailboxes/public folders. I have had the 2007 exchange server off for 2 weeks and received no complaints. Does just deleting the exchange server off the server remove all instances in active directory?

Message submission rate for this client has exceeded the configured limit

July 10, 2018, 4:15 am
$
0
0

Hi,

Our contractor uses our smtp server (exchange) to send emails through some of their application. Before several days they wrote that there is a error in their application log: "4.4.2 Message submission rate for this client has exceeded the configured limit" and the application do not send the mail to all the mailboxes that are in their application list (what's a big problem). According to the internet reference, I found it necessary to increase MessageRateLimit on the connectors. The flood limit was 100, the increase did not help (150-200-unlimited). The vendor still has the same error message. How can I solve this problem?

I looked at event logs on our exchange server, and I found the following error.

Event 1035
Inbound authentication failed with error logondenied for receiving connector client frontend EXCHANGESERVERNAME. The authentication mechanism is Gssapi. The source IP address of the client who attempted to autheticate to Microsoft Exchange is [IP address where the application is running)].

thx for reply&help

Search

Drop Blank from feild

July 10, 2018, 7:10 am
$
0
0

Hello

I am getting undeliverable spam in my exchange when I look at the message I see the following.

From Address: <>
Status: Active
Size (KB): 72
Message Source Name: DSN
Source IP: 255.255.255.255
SCL: -1

How can I create a rule to drop messages with a blank From Address?

Devin Berard I.T Support Renfrew Victoria Hospital, Renfrew ON berardd@renfrewhosp.com

Server shutdown, who is using it

July 10, 2018, 9:07 am
$
0
0

I am almost done with my migration, and I want to shut done the server. I am sure that there are a series of devices still using it as the primary email host. How do I query exchange for all the email it is using?? Logically

All email using server1 between since time1

BlankMonkey

Exchange 2013 DAG with non-DAG Exchange 2016 for in-place archives?

July 10, 2018, 9:25 am
$
0
0

Good morning, all!  We currently have an Exchange 2013 CU20 two-site DAG, and are ramping up to get in-place archives going for our heaviest users.   Knowing that you can't combine Ex2013 and Ex2016 servers in the same DAG, can I create an Ex2016 server *not* in the DAG and use it for in-place archive mailbox storage for the 2013 DAG?  I see the recommendation is that archive servers *not* be a DAG member, but I was curious whether I can put this system together as suggested, knowing the no-mix policy for DAG members.

Suggestions welcome!

Steve

Exchange 2010 automatic text inserted on every outgoing email

July 11, 2018, 2:31 am
$
0
0

We have been asked to implement a disclaimer text on every outgoing email in a company. 

We have set up a transport rule in hub transport in exchange server that appends the disclaimer text in every outgoing email.

Question : 

Is there a way to not insert that text on every reply or forward of the first email?  The reason we want to do this is because we print all emails and after 10 messages in a conversation with replies and forwards, that text is repeated resulting to many papers printed for no reason.


Number of outlook users

June 25, 2018, 1:42 am
$
0
0

Hi,

is there any way to know the exact number of users that use outlook to connect to their mailboxes?

I tried looking in to the iis logs, but the logs are in text format.

should i look into the mapi logs too (as we use outlook 2016) and is there a way just to get the number of users?

Response email time reports for a user/group email address

July 11, 2018, 8:45 am
$
0
0

My Organization requires reports on email response time for a specific group on a weekly or monthly basis. Is there a way to generate it? I'm trying e-discovery to generate all emails received by the group and sent by the same group , but that generates all emails(in GBs) and then consumes time in preparing and then downloading reports and filtering according to our needs.

Thanks

Vivek

IP address and Domain restrictions for ECP

July 11, 2018, 9:51 am
$
0
0

So I did some reading and wanted to try this out. Restricting who gets to the ECP virtual directory by LAN  This seems pretty straight forward and I guess is maybe and IIS issue if needs to be removed.  I've enabled the feature, gone to the virtual directory and added my ip address to the allow.  Only thing that shows, then go to 'edit feature settings' and deny unspecified.  after IISreset my IP address is denied, if I reverse the feature settings i'm allowed, why does it not see my IP as white listed. In the logs I do not see my IP anywhere.

thoughts?

EDIT: if I read correctly the logs show the source IP as my exchange server....so I whitelist that and it appears to be working, problem would be then every request looks like the whitelisted exchange server and defeats the purporse of the of the deny unspecified no?   I've tested from 2 different subnets.

Search

Event ID 3028 MSExchangeApplicationLogic

November 3, 2014, 1:16 am
$
0
0

Hi,

I have a problem where Event ID 3028 Source MSExchangeApplicationLogic is beeing logged every 6 hours with 4 same type of events. Here is the log:

Scenario: ProcessKillBit. Failed to read killbit list file because of exception System.IO.IOException: The process cannot access the file 'C:\Program Files\Microsoft\Exchange Server\V15\ClientAccess\owa\prem\15.0.995.29\ext\killbit\killbit.xml' because it is being used by another process.
   at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
   at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy, Boolean useLongPath, Boolean checkHost)
   at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String msgPath, Boolean bFromProxy)
   at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share)
   at System.IO.File.Open(String path, FileMode mode, FileAccess access, FileShare share)
   at Microsoft.Exchange.Data.ApplicationLogic.Extension.KillBitHelper.TryReadKillBitFile(Int32& refreshRate, DateTime& lastModifiedTime)

The environment is single virtual MS Exchange 2013 server running on Windows 2012 R2. DC is running on a separate server.

I can't seem to find any articles or blogs relating to this issue.

Thanks for any help.

The Diagnostics Aggregation Web Service has been failing for at least 20 minutes

July 24, 2017, 3:02 am
$
0
0

Hello All , 

I am getting the below mentioned error message in managed availability logs .Please someone suggest me the steps to overcome this issue in my end .

The Diagnostics Aggregation Web Service has been failing for at least 20 minutes.
The creator of this fault did not specify a Reason.
Probe Exception: 'System.ServiceModel.FaultException`1[Microsoft.Exchange.Net.DiagnosticsAggregation.DiagnosticsAggregationFault]: The creator of this fault did not specify a Reason. (Fault Detail is equal to ErrorCode: LocalQueueDataTooOld, Message: timestamp of queues: 7/15/2017 1:01:21 AM, current time utc: 7/23/2017 2:10:36 AM, TimeSpanForQueueDataBeingCurrent: 00:11:00, TimeSpanForQueueDataBeingStale: 01:00:00).'
Failure Context: ''
Execution Context: ''
Probe Result Name: 'DiagnosticsAggregationWebServiceProbe'
Probe Result Type: 'Failed'
Monitor Total Value: '4'
Monitor Total Sample Count: '4'
Monitor Total Failed Count: '0'
Monitor Poisoned Count: '0'
Monitor First Alert Observed Time: '7/15/2017 2:30:50 AM'

Thanks & Regards S.Nithyanandham

Exchange Healthset showing unhealthy - Hubtransport

July 12, 2018, 7:43 am
$
0
0

Hi,

I am facing issue with Hubtransport helathset of my exchange server, i did all steps mentioned in other blog no issues found with diskspace, queue, even all queue in ready state with no expired message still hubtransport state is showing unhelathy with this error

<HealthSet>HubTransport</HealthSet>
 <Subject>The Diagnostics Aggregation Web Service is unhealthy.</Subject>

 <Message>The Diagnostics Aggregation Web Service has been failing for at least 20 minutes. The creator of this fault did not specify a Reason. Probe Exception: 

Please suggest.

S


Find out what Sharedmailbox a user has access to

July 12, 2018, 5:58 pm
$
0
0

Hi What I'm trying to do is find out if a list of users in an csv file have either "Send As" or "Send on behalf" permission to a user mailbox or a sharedmailbox.

I found a few scripts that take care of getting the permissions for a user mailbox. But i'm stuck on getting a list for all shared mailboxes a user may have any type of delegation for.


Thanks

Exchange error id 74 Connection leak detected for key

March 31, 2014, 2:29 am
$
0
0

I found error on my Mailbox server and can't find any description for this error:

(Process w3wp.exe, PID 3728) Connection leak detected for key contoso.ua/Enterprise Administrators/Exch_administrator in Microsoft.Exchange.Configuration.Authorization.WSManBudgetManager class. Leaked Value 2.

Source:MSExchange RBAC

Event ID:74

Task Category:RBAC

Level: Error

Log Name: Application

Exch_administrator - this is my user account. Any suggestion what it is can be?

Viewing all 9032 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>