I am starting my transition to Exchange 2013 and I have a few questions. 

First, I am installing my mailbox servers. The management want a phased rollout and install the CAS servers next month. Are the mailbox servers OK to run on their own until then?

Second, I have some new and old namespaces, and I want to know how I configure these.

Old names:

internal webmail : https://webmail.domain.com.owa

activesync: webmail.domain.com

internal autodiscover: autodiscover.domain.com

CAS Array name: mapi.domain.com (MXserver10 and MXserver11)

We also have a DR with:

DRactivesync: DRwebmail.domain.com

We want to use the following names in our environment. Is it still wise to have different names for our DR activesync?

We are not using a CAS Array. We will be running exchange.domain.com as a CNAME to both serverCAS01 and serverCAS02

EAS: email.domain.com

DR EAS DRemail.domain.com

Am I missing something? Please help! How do I go about setting these names so that all mail for my 2010 servers gets routed through Exchange 213, and so that there is no disruption when i set these things up.

I'm on one of my last steps in migrating from 2010 to 2013.  When I issue the command to  Resume the migration request after the Autosuspend happens, I get a StalledDueToMailBoxLock, and it retries but never completes.  I've removed the request and tried it again, but I get the same thing.  The requests were 24 hours apart.  I have no clients that are connecting to the 2010 server anymore, and all the user mailboxes have been migrated to 2013 successfully.  I haven't found much online about this status, so I'm at a loss.  By the way, this is during my Public Folder migration process.  Sorry for leaving that out.

Thank you.

mail client use ms.outlook 2007, everything ok when it's use first time after setup, next business day it's show error and status disconnect

"Task 'Microsoft Exchange Server' reported error (0x8004011d): 'The server is not available. Contact your administrator is this condition persists."

i've follow this instruction,but not works.

*support.microsoft.com/kb/923575

*forums.msexchange.org/Error_%280x8004011D%29_The_server_is_not_available/m_30795900/tm.htm

note.first time after setup mail client,there's no certificate required pop-up, now each time open it, it's show certificate alert

in security alert,show cross : the name on the security certificate is invalid or does not match the name of the site

Hi guys,

I'm hoping for a bit of assistance. I have stepped into an environment where there is one production Exchange 2010 server and one Exchange 2013 server. The Exchange 2013 server is in a unrecoverable state however it contains the domain administrators mailbox and therefore I cannot remove it manually. As it was a vm, I took it offline, created an identical server (name, os version(Windows 2008 R2 with latest updates), ip address etc.), installed all the prerequisite components and then ran setup /m:RecoverServer /IAcceptExchangeServerLicenseTerms. Everything runs through successfully until it gets to the Mailbox role: Transport service where it fails with "Unable to set shared config DC.". After some searching on Google, it suggests that ipv6 is disabled on the DC. We have two DC's in our environment and both have ipv6 enabled as does the exchange server. If I try to re-run the installation for the role alone, i.e. Setup /mode:install /IAcceptExchangeServerLicenseTerms /role:HubTransport, it fails with "The machine is not configured for installing "BridgeheadRole" Datacenter Role." 

Any help would be greatly appreciated. 

In Exchange 2013, the RPC client access service now runs exclusively on mailbox role and no longer on CAS servers.  THis has caused a rather unique issue wit ha client I'm at.

Said client uses a firewall to separate client machines from server VLAN.  While thye normally only expose RPC/HTTP to the CAS servers in 2010, in 2013 this causes problems.  WHat happens currently is if a client queries for an RPC CAS server he will get the current CAS 2010 servers and the 2013 MBX servers... which have no client ports open to them (nor do they want them).  Eventually the problem will be solved on it's own when clients are upgraded to 2013, things are defaulted to MAPI over HTTPS etc ... but for now what it means is if anyone tries to setup a new profile there is a chance the service will attempt to bind to a mailbox server to which the client has no port access to.

with the remove-rpcclientaccessserver cmdlet gone in 2013, is there any way to disable the the publishing of the mailbox clienta ccess service in 2013?  If I used the blockedclientversions option on just the 2013 servers ... would clients auto-attempt to connect to the 2010 CAS?  

The goal here is to get the clients to ignore the 2013 RPC service until all upgrades and migrations are ready rather than exposing the mailbox servers before they've been tested/cleared.

When I am trying to install Exchange Server 2013 SP1 on Server 2012r2, I am getting this error at Mailbox Role: Mailbox Services.  We will be doing a migration from Exchange 2010 SP3.

Error:

The following error was generated when "$error.Clear();

          if ($RoleIsDatacenter -ne $true -and $RoleIsDatacenterDedicated -ne $true)

          {

          if (Test-ExchangeServersWriteAccess -DomainController $RoleDomainController -ErrorAction SilentlyContinue)

          {

          $sysMbx = $null;

          $name = "SystemMailbox{bb558c35-97f1-4cb9-8ff7-d53741dc928c}";

          $dispName = "Microsoft Exchange";

          Write-ExchangeSetupLog -Info ("Retrieving mailboxes with Name=$name.");

          $mbxs = @(Get-Mailbox -Arbitration -Filter {name -eq $name} -IgnoreDefaultScope -ResultSize 1 );

          if ($mbxs.Length -eq 0)

          {

          Write-ExchangeSetupLog -Info ("Retrieving mailbox databases on Server=$RoleFqdnOrName.");

          $dbs = @(Get-MailboxDatabase -Server:$RoleFqdnOrName -DomainController $RoleDomainController);

          if ($dbs.Length -ne 0)

          {

          Write-ExchangeSetupLog -Info ("Retrieving users with Name=$name.");

          $arbUsers = @(Get-User -Filter {name -eq $name} -IgnoreDefaultScope -ResultSize 1);

          if ($arbUsers.Length -ne 0)

          {

          Write-ExchangeSetupLog -Info ("Enabling mailbox $name.");

          $sysMbx = Enable-Mailbox -Arbitration -Identity $arbUsers[0] -DisplayName $dispName -database $dbs[0].Identity;

          }

          }

          }

          else

          {

          if ($mbxs[0].DisplayName -ne $dispName )

          {

          Write-ExchangeSetupLog -Info ("Setting DisplayName=$dispName.");

          Set-Mailbox -Arbitration -Identity $mbxs[0] -DisplayName $dispName -Force;

          }

          $sysMbx = $mbxs[0];

          }

          # Set the Organization Capabilities needed for this mailbox

          if ($sysMbx -ne $null)

          {

          # We need 1 GB for uploading large OAB files to the organization mailbox

          Write-ExchangeSetupLog -Info ("Setting mailbox properties.");

          set-mailbox -Arbitration -identity $sysMbx -UMGrammar:$true -OABGen:$true -GMGen:$true -ClientExtensions:$true -MailRouting:$true -MessageTracking:$true -PstProvider:$true -MaxSendSize 1GB -Force;

          }

          else

          {

          Write-ExchangeSetupLog -Info ("Cannot find arbitration mailbox with name=$name.");

          }

          }

          else

          {

          Write-ExchangeSetupLog -Info "Skipping creating E15 System Mailbox because of insufficient permission."

          }

          }

        " was run: "Database is mandatory on UserMailbox.".

Error:

The following error was generated when "$error.Clear();

          if ($RoleIsDatacenter -ne $true -and $RoleIsDatacenterDedicated -ne $true)

          {

          if (Test-ExchangeServersWriteAccess -DomainController $RoleDomainController -ErrorAction SilentlyContinue)

          {

          $sysMbx = $null;

          $name = "SystemMailbox{bb558c35-97f1-4cb9-8ff7-d53741dc928c}";

          $dispName = "Microsoft Exchange";

          Write-ExchangeSetupLog -Info ("Retrieving mailboxes with Name=$name.");

          $mbxs = @(Get-Mailbox -Arbitration -Filter {name -eq $name} -IgnoreDefaultScope -ResultSize 1 );

          if ($mbxs.Length -eq 0)

          {

          Write-ExchangeSetupLog -Info ("Retrieving mailbox databases on Server=$RoleFqdnOrName.");

          $dbs = @(Get-MailboxDatabase -Server:$RoleFqdnOrName -DomainController $RoleDomainController);

          if ($dbs.Length -ne 0)

          {

          Write-ExchangeSetupLog -Info ("Retrieving users with Name=$name.");

          $arbUsers = @(Get-User -Filter {name -eq $name} -IgnoreDefaultScope -ResultSize 1);

          if ($arbUsers.Length -ne 0)

          {

          Write-ExchangeSetupLog -Info ("Enabling mailbox $name.");

          $sysMbx = Enable-Mailbox -Arbitration -Identity $arbUsers[0] -DisplayName $dispName -database $dbs[0].Identity;

          }

          }

          }

          else

          {

          if ($mbxs[0].DisplayName -ne $dispName )

          {

          Write-ExchangeSetupLog -Info ("Setting DisplayName=$dispName.");

          Set-Mailbox -Arbitration -Identity $mbxs[0] -DisplayName $dispName -Force;

          }

          $sysMbx = $mbxs[0];

          }

          # Set the Organization Capabilities needed for this mailbox

          if ($sysMbx -ne $null)

          {

          # We need 1 GB for uploading large OAB files to the organization mailbox

          Write-ExchangeSetupLog -Info ("Setting mailbox properties.");

          set-mailbox -Arbitration -identity $sysMbx -UMGrammar:$true -OABGen:$true -GMGen:$true -ClientExtensions:$true -MailRouting:$true -MessageTracking:$true -PstProvider:$true -MaxSendSize 1GB -Force;

          }

          else

          {

          Write-ExchangeSetupLog -Info ("Cannot find arbitration mailbox with name=$name.");

          }

          }

          else

          {

          Write-ExchangeSetupLog -Info "Skipping creating E15 System Mailbox because of insufficient permission."

          }

          }

        " was run: "Database is mandatory on UserMailbox.".

I finally got my Exchange server installed and mostly configured and then I tried to create a self signed certificate using the EAC. It responds with:

The Exchange Certificate operation has failed with an exception on server EXCHANGE. The error message is: Unknown error (0xe0434352)

Can anyone shed any light on this?

Hello,

Exchange 2010 SP3 and Exchange 2013 Version 15.0 (Build 913.22) Living in Co-Existence mode.

When I move a test mail box from 2010 to 2013 the outlook client continues to look for the old CAS server. IT appear recycling Exchange Application pools and/or a forced AD replication solves the issue. repadmin /syncall. I would like to have this resolved. I have thousands of mailboxes and recycling or replicating after each mailbox is moved is not acceptable. I see multiple posts on these forums that talk about the issue but none with a solid solution. Can any one point me in the right direction?

Hello,

I am migrating all on-premise exchange 2010 SP3 to Exchange 2013 SP1. I am testing mailbox migrations, each mailbox that gets moved to 2013 the user keeps getting prompted for credentials. I have read several posts in the forums yet none which solve my problem. Can someone point me in the right direction. All 2013 setting are currently at default.

When I log on as Administrator to either .../ecp or .../owa, authenticaion, I believe, succeeds but then I get HTTP 500.

When I do this on another server hosting the Exchange server for the same Organisation, I succeed - can get into both the mailbox and the Exchange server ECP interface. Unlike the first server, this Exchange server does not host any mailboxes but otherwise has identical Exchange roles installed.

When I log on as another non-administrator user to the first server that hosts mailboxes, I again succeed.

The problem seems to relate the administrative interface that the first server somehow fails to display but what could be the reason for that?

Thank you.

Hello,

We have 2 Exchange 2013 (build 712) servers in a DAG with distinct subnets. Cisco ASA in between was set to have no filtering between servers in subnet.

We cannot add database copies nor move mailboxes.

Tes-Mapiconnectivty fails with

unspaceId  : e8a087f1-6197-48df-b094-d5c93a7b6070
Server      : CLI-SRV01
Database    : CLI-MDB01
Mailbox     : SystemMailbox{376e8d54-7154-484a-a0a3-58f22d73236f}
MailboxGuid :
IsArchive   :
Result      : *FAILURE*
Latency     : 00:00:00
Error       : [Microsoft.Exchange.Data.Storage.MailboxOfflineException]: Cannot open mailbox /o=First
              Organization/ou=Exchange Administrative Group
              (FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/cn=CLI-SRV01/cn=Microsoft System Attendant. Inner error
              [Microsoft.Mapi.MapiExceptionMdbOffline]: MapiExceptionMdbOffline: Unable to make connection to the
              server. (hr=0x80004005, ec=1142)

In event log:

Adding database copy fails with

The seeding operation failed. Error: An error occurred while performing the seed operation. Error: Failed to open a log truncation context to source server 'CLI-SRV02.CLI.ch'. Hresult: 0xc7ff07d7. Error: Failed to open a log truncation context because the Microsoft Exchange Information Store service is not running. [Database: CLI-PFDB02, Server: CLI-SRV01.CLI.ch]

How can I further verify communication from CLI-SRV02 to CLI-SRV01 ?

Any help welcome

/Patrice

How many NICS do I need for Exchange 2013 ETR, and what is the best practice for their configurations. and can I use Exchange 2013 ETRs with Exchange 2010

i installed a dc and a mem. installed exchange on the mem, but moving the database doesn't work.

Am getting an error that the dabase cannot befound on the dc,

anyone who can tell me what i am doing wrong?

Hi,

I renewed our Exchange certificate today with GoDaddy. They are pushing a new policy of NOT allowing internal domains in certificates.

Our previous UCC certificate covered the following address

webmail.domain.co.uk
autodiscover.domain.co.uk
exchange1.domain.local

This worked fine. When renewing today, I needed to drop 'exchange1.domain.local' from the UCC cert. 

I thought I would create an internal certificate for Exchange1, authorised by my domain's CA, which I have done and disctributed to all clients using group policy. 

My UCC renewal with GoDaddy therefore only had webmail.domain.co.uk and autodiscover.domain.co.uk. When this cert was issued, I added to IIS on Exchange1. I set the binding to https for this new certificate and tested by visiting webmail.domain.co.uk, which showed the new certificate.

However, shortly after, my internal clients then called complaining about certificate warnings in Outlook. I see that Outlook is connecting to exchange1.domain.local but being presented with the 'web' certificate I just renewed with GoDaddy. I understand Outlook communicates over HTTP/S now so how do I overcome the problem I have and secure my internal server name (exchange1.domain.local) without using this name in the GoDaddy UCC cert?

Many thanks

Hi,

I am busy with a migration of mailboxes from Exchange 2003 to Exchange 2013.  I have migrated all the mailboxes from Exchange 2003 to 2010 and then uninstalled the Exchange 2003 server.  I am currently migrating from Exchange 2010 to Exchange 2013 and I am experiencing some problems that I have not seen before.

I migrated a few small mailboxes, the in progress time show as 4.5 hrs. The migration completed with errors.  I have had a look at the report and the error is as follows:

"Warning: Failed to set RehomeRequest on some of the requests related to the mailbox after the move. Error details: Too many cleanup retries, giving up."

Please can someone assist in resolving this, I have no idea where to look now.

Hello...

Coming son, we'll deploy Exchange 2013 with high availability in all roles. The CAS and Hub Transport roles, are with a HLB; and the Mailbox with DAG. The infrastructure is formed by:

Citi1:

- AD Site 1

- 1 Hardware Load Balance: HLB01 to load balance the CAS and Hub Transport of Exc01 and Exc02

- 2 Exchange: Exc01 and Exc02 multiroles Exchange Server 2013

- 1 DAG for Citi1 databases: conformed by the Exc01 and Exc02

Citi2:

- AD Site 2

- 1 Hardware Load Balance: HLB02 to load balance the CAS and Hub Transport of Exc03 and Exc04

- 2 Exchange: Exc03 and Exc04 multiroles Exchange Server 2013

- 1 DAG for Citi2 databases: conformed by the Exc03 and Exc04

The Active Directory is one forest with one domain. The Domain Controllers are Windows Server 2012. The Site1 and Site 2 are connected by a WAN link. The accepted domain is domain.com. The smtp address is @domain.com

How to make that users of Citi1 always connect throught the HLB01 to their mailboxes; and the users of Citi2 always connect throught the HLB02 to their mailboxes if the autodiscover.domain.com is the same for all users?

I have not founddocumentationabout this architecture. Please help me.

Thank you very much.

Best regards, Javier Uribe

Hi All, 

I was hoping to get some information around which of these values are applied by the client for outlook anywhere connections: 

ExternalClientAuthenticationMethod or InternalClientAuthenticationMethod

We have tested externally and found that NTLM works for mail but fails when trying to auth the directory connection in outlook. So we would like to have external set to basic (Works without issues) and internal to NTLM (Fine within the network) 

Our HLB is F5 and with the source addresses coming from the SNAT local IP I was wondering if the external Auth value will do anything? 

Do we know how client works out whether they are internal or external and which auth setting is used? 

Thanks

Joshua Bines

Here's a fun one that hopefully someone can give me a hand with.

2008 R2 servers, Exchange 2013.

three years ago setup internal domain as M***.com.  Email was hosted on web under their domain of M****acceptance.com with all their emails as such.  Fast forward to January this year.  Setting up Exchange 2013 on system, external (Internet facing) is mail.m****acceptance.com, but the internal names are still mail.m***.com.  We don't own the m***.com domain but there is no mail.m***.com operating either, which was a lucky break.  Our security certificates cover the m***acceptance.com domains, but can't cover the m***.com domain since we don't own it.  I have pretty much worked around the security certificate mismatch warnings since the only thing wrong is m***.com is not on the certificate.  

So I thought, why not just go through and rename the domain (all the desktops are virtual on one of the servers) since it primarily affected the servers.  Wow, all of a sudden red flags everywhere about not renaming domains, but I found a bunch of conflicting ways to handle this issue.  

so what I am asking is, how do I change the internal domain with an Exchange 2013 server on it, to a name that the Exchange server is already using for communications (m***acceptance.com).  mail.m***acceptance.com is already a resolved FQDN on the internet.

So, if I am successful in changing the internal domain, it will stop the 200ms TCP latency between the servers because of the constant security certificate issues, and smooth operations since I won't have two different domains to mess with on the same server (external and internal). 

Paul Clemmons, Owner, MCP PC Networks Inc MPN

Hello,

I cant find my solution that woks.

I have a fresh install of windows 2012R2 server.

I was installing exchange 2013 R1 on the server and i got the error:

Error:
The following error was generated when "$error.Clear();
          Install-ExchangeCertificate -WebSiteName "Exchange Back End" -services "IIS, POP, IMAP" -DomainController $RoleDomainController -InstallInTrustedRootCAIfSelfSigned $true
          if ($RoleIsDatacenter -ne $true -And $RoleIsPartnerHosted -ne $true)
          {
            Install-AuthCertificate -DomainController $RoleDomainController
          }
        " was run: "Could not grant Network Service access to the certificate with thumbprint 9A9744EF8A9251AF974C6D8C25466D602D08B82C because a cryptographic exception was thrown.".

I think the error has to do with a certicate??

I dont know.

Greetings,

Albert Koenders