Hi Guys,

I have two exchange organisations on two different AD domains, contoso.com (echange 2013) and fabrikam.com (exchange 2010)


I want to consolidate the exchange infrastructure such that contoso.com hosts email for fabrikam.com (accepted domains), I also want to create a domain trust between both AD domains and have users at fabrikam.com send authentication requests (mailbox and AD joined workstations) to their local AD DNS server (fabrikam.com)

Is this possible to setup?

What is my best option for moving the emails from fabrikam.com exchange infrastructure to contoso.com with minimum plexity?

I appreciate all the help ..

~Richard

..forever is just a minute away*

I have an Exchange installation that is giving me issues. The server was migrated from an old SBS system into a standalone exchange server. All exchange services are supported by a single server.

The issue is that when an internal client connects to the server a SSL error occurs, every time. (See Below) 

Any input is appreciated.  

Some other points:

• The Active Directory is a .local domain while the Email Addresses are .com 
• A certificate was purchased for the .com domain (OWA Access)
• The Server is a member of the domain 

There is zero Exchange Server 2013-specific documentation on how to set this up for Exchange Server 2013.

Microsoft has posted instructions only for Exchange Server 2010 in a 2012 blog posting.   The only reference to Exchange 2013 is a note on the top of the page that says:"Exchange Server 2013 Cumulative Update 5 and later supports certificate-based authentication with ActiveSync."

http://blogs.technet.com/b/exchange/archive/2012/11/28/configure-certificate-based-authentication-for-exchange-activesync.aspx

What are the differences in steps required to get this working for Exchange Server 2013 vs Exchange Server 2010?

We are using Exchange 2013 and Exchange 2007 in a mix mode. Exchange will be upgraded to Exchange 2013. We use OWA on our internal network but now we have been asked to make it available from Internet so users can connect to email from anywhere. How do I do it? I know Microsoft had TMG/ISA server to use as a reverse proxy but it is not longer available. I want to configure Reverse proxy on DMZ so client can connect to it and authenticate.

Any suggestion or good configuration document would be nice?

Thanks,

HP

I realize that this is an Exchange 2013 forum, but I think the answer should still apply.

We have an Exchange 2010 environment running on Win2008R2. I recently did some updates on our Exchange server that have caused the system/kernel to start utilizing excessively high CPU and disk I/O and degrading performance significantly. So, instead of wasting hours trying to figure out why and try to fix it, I decided that this would be as good a time as any to migrate off 2010. Unfortunately, the old server is not at SP3. So, I had to build an intermediate 2010 server that's on 2010 SP3 to get there (with the performance issues that the existing server is having, I seriously doubt that I would be able to install SP3 successfully). So, I have built and configured the new server and migrated almost all of the mailboxes (our journal is quite large and taking extra long because of the performance issues).

Here is the issue I have discovered.  In joining the new Exchange server to the system, I seem to have lost the ability for Domain Admins to mount/browse mailboxes...most notably the journal.  Prior to the upgrade (I suspect the ADPrep modified things), our domain admin credentials could attach any mailbox and view its folders.  Doing some research, I believe I have discovered the issue.  Using Powershell, I retrieved permissions for the journal mailbox:

PS C:\Windows> Get-Mailbox journal | Get-MailboxPermission | select User,AccessRights,Deny,IsInherited | ft -AutoSize

User                                         AccessRights                                                            Deny  IsInherited
----                                         ------------                                                            ----  -----------
NT AUTHORITY\SELF                            {FullAccess, SendAs, ReadPermission}                                    False       False
BUILTIN\Administrators                       {FullAccess}                                                            False       False
MYADDOMAIN\Domain Admins                     {FullAccess}                                                            True         True
MYADDOMAIN\Enterprise Admins                 {FullAccess}                                                            True         True
MYADDOMAIN\Organization Management           {FullAccess}                                                            True         True
MYADDOMAIN\ecadmin                           {FullAccess}                                                            True         True
MYADDOMAIN\Domain Admins                     {FullAccess}                                                            False        True
MYADDOMAIN\Enterprise Admins                 {FullAccess}                                                            False        True
MYADDOMAIN\Organization Management           {FullAccess}                                                            False        True
MYADDOMAIN\Exchange Servers                  {FullAccess}                                                            False        True
MYADDOMAIN\Exchange Domain Servers           {FullAccess}                                                            False        True
MYADDOMAIN\Organization Management           {ReadPermission}                                                        False        True
MYADDOMAIN\Public Folder Management          {ReadPermission}                                                        False        True
NT AUTHORITY\SYSTEM                          {FullAccess}                                                            False        True
NT AUTHORITY\NETWORK SERVICE                 {ReadPermission}                                                        False        True
MYADDOMAIN\Exchange Servers                  {ReadPermission}                                                        False        True
MYADDOMAIN\Exchange Domain Servers           {ReadPermission}                                                        False        True
MYADDOMAIN\Delegated Setup                   {ReadPermission}                                                        False        True
MYADDOMAIN\Organization Management           {FullAccess, DeleteItem, ReadPermission, ChangePermission, ChangeOwner} False        True
MYADDOMAIN\Exchange Trusted Subsystem        {FullAccess, DeleteItem, ReadPermission, ChangePermission, ChangeOwner} False        True
MYADDOMAIN\ecadmin                           {FullAccess, DeleteItem, ReadPermission, ChangePermission, ChangeOwner} False        True
BUILTIN\Administrators                       {FullAccess, DeleteItem, ReadPermission, ChangePermission, ChangeOwner} False        True
MYADDOMAIN\Enterprise Admins                 {FullAccess, DeleteItem, ReadPermission, ChangePermission, ChangeOwner} False        True
MYADDOMAIN\Domain Admins                     {FullAccess, DeleteItem, ReadPermission, ChangePermission, ChangeOwner} False        True

In the output, you can see where Domain Admins (as well as Enterprise Admins and my ECADMIN domain admin account) are Denied Full Access, but lower in the list are allowed Full Access.  Since Deny trumps Allow, we cannot connect.  I suspect the Denies were added/updated during the ADPrep.

I have searched the web at length to figure out exactly where to change these settings, but I am not able to find where the Deny is being set.  Using ADSIEdit, I have found where the Allow for Domain Admins is being set (at the CN=Mailbox Database 0123456790 object), but I cannot find where the Deny is being set.  If it were being set in an upstream object, inheritance would show it being denied, but it isn't.  I don't see anywhere in ADSIEdit that Full Control is being denied.

I need to find out where the Denies are being set so that I can remove them.  If the Deny isn't at the DB level, but is at the mailbox level and is being inherited, then I am not sure where to look.  I don't know of anything between the two.

Any help would be immensely appreciated.

Thanks,

Eric 

We had configured Availability service across two Exchange 2010 Org without using federation services but following TechNet article https://technet.microsoft.com/en-us/library/bb125182(v=exchg.141).aspx using org-wide configuration using a service account in each forest. This worked flawless without any issue as all auto-discovery information for availability address space was configured correctly and accessible. 

Recently one of the Exchange 2010 went in the mixed mode by introduction of Exchange 2013 in a new site while the other remained native Exchange 2010. The cross forest availability configuration continued to work for address space which were already in place without any issue. 

However when we tried to introduce new address space using Add-AvailabilityAddressspace -Forestname '2013.Domain' -Accessmethod OrgWideFB -Credential:$a in the native exchange 2010 org , even though the command executed successfully we are not able to access the free/busy information of the users on Exchange 2013 cross forest.

After adding the availability address space we started getting error Event ID  4012 indicating - 

How do we fix it? Even if the exchange 2013 is not working we should be able to get the address space on exchange 2010 working. Has anything change in 2013 other than giving permission to mailbox server?

Any help is appreciate. This is one of the topic I didn't get much help on the web. Now days the premier support has become pathetic hence don't want to waste hours there. For them this will be either a non supported scenario or   third party issue. 

With Regards.
M S Ali.

With Regards, M S Ali

Dear All ,

I have issue with one user mailbox , Exchange Server 2013 is quarantined this user in registry , when Exchange server release this user after 24 hours the  mailbox database immediately dismounted and  this user mailbox again quarantined in registry .

Could you please help me to fix this issue ?

Thank you .

Hello All ,

I have Exchange 2013 , one of the user mailboxes   need to  rapier corrupted mailbox  using this command "New-MailboxRepairRequest"

kindly please Which "RBAC " need to add on Exchange admin permission to perform this action ?

Thank you . 

Setup.exe /prepareschema /IAcceptExchangeserverlicenseterms

gives error:  [ERROR] An attempt was made to load an assembly from a network location which would have caused the assembly to be sandboxed in previous versions of the .NET Framework. This release of the .NET Framework does not enable CAS policy by default, so this load may be dangerous. If this load is not intended to sandbox the assembly, please enable the loadFromRemoteSources switch. Seehttp://go.microsoft.com/fwlink/?LinkId=155569 for more information. ; Any hints how to solve this?

bostjanc

Configuration:

Exchange Servers 2007 With SP1 On Server 2008 (Qty=3) All servers have OutlookAnywhere configured.

Newly Installed Exchange Server 2013 With CU9 on Windows 2012 R2 With all updates.

OWA and Mobile email works perfectly.

When I use the Microsoft RCA tool, for user 1, All tests pass.

When I test with user 2, Test fails. Both users are located on the same legacy 2007 Server and are contained in the same mailbox database. THey are also located in the same OU. The user that works is a normal user. The user that fails is a domain admin (not sure if that matters). Enable inheritance is enabled for both users. Have been working with Microsoft Support for the last week and still not resolved.

Here is the result for the failing user:

Attempting to ping RPC proxy mydomain.myorg.com.
  RPC Proxy can't be pinged.
 
 Additional Details
 
An unexpected network-level exception was encountered. Exception details:
Message: The remote server returned an error: (401) Unauthorized.
Type: Microsoft.Exchange.Tools.ExRca.Extensions.MapiTransportException
Stack trace:
 at Microsoft.Exchange.Tools.ExRca.Extensions.MapiRpcTestClient.PingProtocolProxy(String endpointIdentifier)
 at Microsoft.Exchange.Tools.ExRca.Tests.MapiPingProxyTest.PerformTestReally()
Exception details:
Message: The remote server returned an error: (401) Unauthorized.
Type: System.Net.WebException
Stack trace:
 at System.Net.HttpWebRequest.GetResponse()
 at RpcPingLib.RpcPing.PingProxy(String internalServerFqdn, String endpoint)
 at Microsoft.Exchange.Tools.ExRca.Extensions.MapiRpcTestClient.PingProtocolProxy(String endpointIdentifier)


Elapsed Time: 392 ms. 

Here is the result of the working user:

Testing Outlook connectivity.
  The Outlook connectivity test completed successfully.
 
 Additional Details
 
Elapsed Time: 9279 ms.  

 
 
 Test Steps
 
 Testing RPC over HTTP connectivity to server mydomain.myorg.com
  RPC over HTTP connectivity was verified successfully.
 
 Additional Details
 
HTTP Response Headers:
request-id: 12b3bcd6-ea1a-4658-b2c5-a06adf5ad78d
Set-Cookie: ClientId=BRASCDK0XUESOOXJZSNLA; expires=Wed, 31-Aug-2016 18:40:28 GMT; path=/; HttpOnly
Server: Microsoft-IIS/8.5
WWW-Authenticate: Basic realm="mydomain.myorg.com",Negotiate,NTLM
X-Powered-By: ASP.NET
X-FEServer: 01SERVER014
Date: Tue, 01 Sep 2015 18:40:28 GMT
Content-Length: 0


Elapsed Time: 9279 ms.  

 
 
 Test Steps
 
 Attempting to resolve the host name mydomain.myorg.com in DNS.
  The host name resolved successfully.
 
 Additional Details
 
IP addresses returned: 8.36.32.164

Elapsed Time: 240 ms.  

 

 Testing TCP port 443 on host mydomain.myorg.com to ensure it's listening and open.
  The port was opened successfully.
 
 Additional Details
 
Elapsed Time: 176 ms.  

 

 Testing the SSL certificate to make sure it's valid.
  The certificate passed all validation requirements.
 
 Additional Details
 
Elapsed Time: 189 ms.  

 
 
 Test Steps
 
 The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server mydomain.myorg.com on port 443.
  The Microsoft Connectivity Analyzer successfully obtained the remote SSL certificate.
 
 Additional Details
 
Remote Certificate Subject: CN=01SERVER.myorg.com, OU=Domain Control Validated, Issuer: CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US.

Elapsed Time: 146 ms.  

 

 Validating the certificate name.
  The certificate name was validated successfully.
 
 Additional Details
 
Host name mydomain.myorg.com was found in the Certificate Subject Alternative Name entry.

Elapsed Time: 1 ms.  

 

 Certificate trust is being validated.
  The certificate is trusted and all certificates are present in the chain.
 
 Test Steps
 
 The Microsoft Connectivity Analyzer is attempting to build certificate chains for certificate CN=01server.myorg.com, OU=Domain Control Validated.
  One or more certificate chains were constructed successfully.
 
 Additional Details
 
A total of 1 chains were built. The highest quality chain ends in root certificate CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US.

Elapsed Time: 17 ms.  

 

 Analyzing the certificate chains for compatibility problems with versions of Windows.
  Potential compatibility problems were identified with some versions of Windows.
 
 Additional Details
 
The Microsoft Connectivity Analyzer can only validate the certificate chain using the Root Certificate Update functionality from Windows Update. Your certificate may not be trusted on Windows if the "Update Root Certificates" feature isn't enabled.

Elapsed Time: 3 ms.  

 
 
 

 Testing the certificate date to confirm the certificate is valid.
  Date validation passed. The certificate hasn't expired.
 
 Additional Details
 
The certificate is valid. NotBefore = 8/31/2015 5:22:03 PM, NotAfter = 8/17/2016 5:19:38 PM

Elapsed Time: 0 ms.  

 
 
 

 Checking the IIS configuration for client certificate authentication.
  Client certificate authentication wasn't detected.
 
 Additional Details
 
Accept/Require Client Certificates isn't configured.

Elapsed Time: 333 ms.  

 

 Testing HTTP Authentication Methods for URL https://mydomain.myorg.com/rpc/rpcproxy.dll?01server14.myorg.com:6002.
  The HTTP authentication methods are correct.
 
 Additional Details
 
The Microsoft Connectivity Analyzer found all expected authentication methods and no disallowed methods. Methods found: Basic, Negotiate, NTLM
HTTP Response Headers:
request-id: 12b3bcd6-ea1a-4658-b2c5-a06adf5ad78d
Set-Cookie: ClientId=BRASCDK0XUESOOXJZSNLA; expires=Wed, 31-Aug-2016 18:40:28 GMT; path=/; HttpOnly
Server: Microsoft-IIS/8.5
WWW-Authenticate: Basic realm="mydomain.myorg.com",Negotiate,NTLM
X-Powered-By: ASP.NET
X-FEServer: 01SERVER14
Date: Tue, 01 Sep 2015 18:40:28 GMT
Content-Length: 0


Elapsed Time: 221 ms.  

 

 Attempting to ping RPC proxy mydomain.myorg.com.
  RPC Proxy was pinged successfully.
 
 Additional Details
 
Elapsed Time: 470 ms.  

 

 Attempting to ping the MAPI Mail Store endpoint with identity: 01SERVER14.myorg.com:6001.
  The endpoint was pinged successfully.
 
 Additional Details
 
The endpoint responded in 78 ms.

Elapsed Time: 83 ms.  

 

 Testing the MAPI Address Book endpoint on the Exchange server.
  The address book endpoint was tested successfully.
 
 Additional Details
 
Elapsed Time: 2463 ms.  

 
 
 Test Steps
 
 Attempting to ping the MAPI Address Book endpoint with identity: 01SERVER14.myorg.com:6004.
  The endpoint was pinged successfully.
 
 Additional Details
 
The endpoint responded in 906 ms.

Elapsed Time: 1904 ms.  

 

 Testing the address book "Check Name" operation for user user.name@myorg.com against server 01SERVER14.myorg.com
  Check Name succeeded.
 
 Additional Details
 
DisplayName: Name, User, LegDN: /o=MYORG/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=user.name

Elapsed Time: 558 ms.  

 
 
 

 Testing the MAPI Referral service on the Exchange Server.
  The Referral service was tested successfully.
 
 Additional Details
 
Elapsed Time: 4301 ms.  

 
 
 Test Steps
 
 Attempting to ping the MAPI Referral Service endpoint with identity: 01server14.myorg.com:6002.
  The endpoint was pinged successfully.
 
 Additional Details
 
The endpoint responded in 359 ms.

Elapsed Time: 3354 ms.  

 

 Attempting to perform referral for user /o=MYORG/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=user.name on server 01server14.myorg.com.
  We got the address book server successfully.
 
 Additional Details
 
The server returned by the Referral service: 01SERVER14.myorg.com

Elapsed Time: 946 ms.  

 
 
 

 Testing the MAPI Address Book endpoint on the Exchange server.
  The address book endpoint was tested successfully.
 
 Additional Details
 
Elapsed Time: 568 ms.  

 
 
 Test Steps
 
 Attempting to ping the MAPI Address Book endpoint with identity: 01SERVER14.myorg.com:6004.
  The endpoint was pinged successfully.
 
 Additional Details
 
The endpoint responded in 78 ms.

Elapsed Time: 83 ms.  

 

 Testing the address book "Check Name" operation for user user.name@mydomain.com against server 01SERVER14.myorg.com.
  Check Name succeeded.
 
 Additional Details
 
DisplayName: Name, User, LegDN: /o=MYORG/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=user.name

Elapsed Time: 485 ms.  

 
 
 

 Testing the MAPI Mail Store endpoint on the Exchange server.
  We successfully tested the Mail Store endpoint.
 
 Additional Details
 
Elapsed Time: 229 ms.  

 
 
 Test Steps
 
 Attempting to ping the MAPI Mail Store endpoint with identity: 01server14.myorg.com:6001.
  The endpoint was pinged successfully.
 
 Additional Details
 
The endpoint responded in 78 ms.

Elapsed Time: 72 ms.  

 

 Attempting to log on to the Mailbox.
  We were able to log on to the Mailbox.
 
 Additional Details
 
Elapsed Time: 157 ms.  
 
 
 
 
 
 
 

I have two related companies--one in Europe, one in USA--each with their own AD domain, that use the same email domain. Both companies currently have Exchange 2007 in-house, and I'm looking to migrate to Exchange 2013.

Company USA:

Internal AD domain: USAcorp.local

Email domain: company.com

Company Europe:

Internal AD domain: Eurocorp.local

Email domain: company.com

Eurocorp has its Exchange server in a third domain, EuroExch.local, but that might be because they've set it up as a DMZ/perimeter network. My understanding is this won't work with 2013, so I'm planning on joining the new Exch2013 server to the Eurocorp.local domain.

THE CURRENT SETUP:

There is a spam filter that accepts all emails (MX records point to it) and filters out spam. It also rejects email to any recipients not on a manually-maintained recipient list. Approved messages go to USAcorp's Exchange server. Recipients not on the USA GAL get sent to Eurocorp's server.

AUTODISCOVER:

Autodiscover works for both sites, but it can be troublesome, and intermittently gives certificate errors. Exchange 2013 seems to rely more on autodiscover and I'm concerned we have a bad setup now that will be exposed with the migration. DNS records are:

MX:   spamfilter.company.com (US)  100.100.100.1

A:   email.company.com (US)   100.100.100.2

A:   webmail.company.com (Euro)  200.200.200.1

SRV:  _autodiscover._tcp.company.com    webmail.company.com  (Euro)

USAcorp has an internal DNS record for autodiscover pointing to the internal Exchange07 IP address, and this seems to work for the clients (will this cause problems with Exchange 2013?). Setting up internal DNS for Eurocorp autodiscover on Eurocorp's DNS server didn't seem to work. They claimed they were getting certificate notices for email.company.com (US), but they had a consultant who seemed hesitant to use anything but the SRV record.

QUESTIONS:

Is the current method of having each site house a CAS/Mailbox server, and routing mail to Euro clients via GAL the best way to go with Exchange 2013? 

What's the best way to handle autodiscover, given that clients from both companies need autodiscover to point them to different Exchange servers (100.100.100.2 vs 200.200.200.1)?

Thanks in advance

Good evening,

Following TechNet closely I'm currently in the process of moving my exchange 2010 environment to 2013.  I have single exchange server on a SBS 2011 box.  Sadly I've failed at the first hurdle installing SP3, the result is that my Exchange 2010 is refusing all client connections.

During the SP3 install I passed all prerequisites but during the actual upgrade it failed at the Hub Transport Role with the following error:

Summary: 8 item(s). 3 succeeded, 1 failed.
Elapsed time: 00:20:46
Language Files
Completed

Elapsed Time: 00:10:25

Restoring services
Completed

Elapsed Time: 00:00:02

Languages
Completed

Elapsed Time: 00:03:32

Hub Transport Role
Failed

Error:
The following error was generated when "$error.Clear();
          Write-ExchangeSetupLog -Info "Creating SBS certificate";

          $thumbprint = [Microsoft.Win32.Registry]::GetValue("HKEY_LOCAL_MACHINE\Software\Microsoft\SmallBusinessServer\Networking", "LeafCertThumbPrint", $null);

          if (![System.String]::IsNullOrEmpty($thumbprint))
          {
            Write-ExchangeSetupLog -Info "Enabling certificate with thumbprint: $thumbprint for SMTP service";
            Enable-ExchangeCertificate -Thumbprint $thumbprint -Services SMTP;
           
            Write-ExchangeSetupLog -Info "Removing default Exchange Certificate";
            Get-ExchangeCertificate | where {$_.FriendlyName.ToString() -eq "Microsoft Exchange"} | Remove-ExchangeCertificate;

            Write-ExchangeSetupLog -Info "Checking if default Exchange Certificate is removed";
            $certs = Get-ExchangeCertificate | where {$_.FriendlyName.ToString() -eq "Microsoft Exchange"};
            if ($certs)
            {
              Write-ExchangeSetupLog -Error "Failed to remove existing exchange certificate"
            }
          }
          else
          {
            Write-ExchangeSetupLog -Warning "Cannot find the SBS certificate";
          }
        " was run: "The certificate with thumbprint 355E62E464DCF42A08BCB7A8CF39C819D42B760E was not found.".

The certificate with thumbprint 355E62E464DCF42A08BCB7A8CF39C819D42B760E was not found.
Click here for help... http://technet.microsoft.com/en-US/library/ms.exch.err.default(EXCHG.141).aspx?v=14.3.123.3&e=ms.exch.err.Ex88D115&l=0&cl=cp

Elapsed Time: 00:06:46

Client Access Role
Cancelled
Mailbox Role
Cancelled
Management Tools
Cancelled
Finalizing Setup
Cancelled

The setup log shows the following details:

Ending processing Get-ExchangeCertificate
[07/31/2013 20:50:46.0516] [1] The following 1 error(s) occurred during task execution:
[07/31/2013 20:50:46.0516] [1] 0.  ErrorRecord: The certificate with thumbprint 355E62E464DCF42A08BCB7A8CF39C819D42B760E was not found.
[07/31/2013 20:50:46.0516] [1] 0.  ErrorRecord: System.InvalidOperationException: The certificate with thumbprint 355E62E464DCF42A08BCB7A8CF39C819D42B760E was not found.
[07/31/2013 20:50:46.0531] [1] [ERROR] The following error was generated when "$error.Clear();
          Write-ExchangeSetupLog -Info "Creating SBS certificate";

          $thumbprint = [Microsoft.Win32.Registry]::GetValue("HKEY_LOCAL_MACHINE\Software\Microsoft\SmallBusinessServer\Networking", "LeafCertThumbPrint", $null);

          if (![System.String]::IsNullOrEmpty($thumbprint))
          {
            Write-ExchangeSetupLog -Info "Enabling certificate with thumbprint: $thumbprint for SMTP service";
            Enable-ExchangeCertificate -Thumbprint $thumbprint -Services SMTP;
           
            Write-ExchangeSetupLog -Info "Removing default Exchange Certificate";
            Get-ExchangeCertificate | where {$_.FriendlyName.ToString() -eq "Microsoft Exchange"} | Remove-ExchangeCertificate;

            Write-ExchangeSetupLog -Info "Checking if default Exchange Certificate is removed";
            $certs = Get-ExchangeCertificate | where {$_.FriendlyName.ToString() -eq "Microsoft Exchange"};
            if ($certs)
            {
              Write-ExchangeSetupLog -Error "Failed to remove existing exchange certificate"
            }
          }
          else
          {
            Write-ExchangeSetupLog -Warning "Cannot find the SBS certificate";
          }
        " was run: "The certificate with thumbprint 355E62E464DCF42A08BCB7A8CF39C819D42B760E was not found.".
[07/31/2013 20:50:46.0531] [1] [ERROR] The certificate with thumbprint 355E62E464DCF42A08BCB7A8CF39C819D42B760E was not found.
[07/31/2013 20:50:46.0531] [1] [ERROR-REFERENCE] Id=SbsBridgeHeadComponent___6464a0ee0fd04f6b893a3c81d7eb3f26 Component=EXCHANGE14:\Current\Release\Shared\Datacenter\Setup\SBS
[07/31/2013 20:50:46.0531] [1] Setup is stopping now because of one or more critical errors.
[07/31/2013 20:50:46.0531] [1] Finished executing component tasks.
[07/31/2013 20:50:46.0594] [1] Ending processing Install-BridgeheadRole

 My application event log is flooded with the following error:

Log Name:      Application
Source:        Microsoft-Windows-IIS-W3SVC-WP
Date:          31/07/2013 21:59:43
Event ID:      2280
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      SRV-SBS.lawrencedavid.local
Description:
The Module DLL C:\Program Files\Microsoft\Exchange Server\V14\ClientAccess\Owa\auth\exppw.dll failed to load.  The data is the error.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-IIS-W3SVC-WP" Guid="{670080D9-742A-4187-8D16-41143D1290BD}" EventSourceName="W3SVC-WP" />
    <EventID Qualifiers="49152">2280</EventID>
    <Version>0</Version>
    <Level>2</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2013-07-31T20:59:43.000000000Z" />
    <EventRecordID>975085</EventRecordID>
    <Correlation />
    <Execution ProcessID="0" ThreadID="0" />
    <Channel>Application</Channel>
    <Computer>SRV-SBS.lawrencedavid.local</Computer>
    <Security />
  </System>
  <EventData>
    <Data Name="ModuleDll">C:\Program Files\Microsoft\Exchange Server\V14\ClientAccess\Owa\auth\exppw.dll</Data>
    <Binary>05000000</Binary>
  </EventData>
</Event>

I've tried to re-register exppw.dll following instructions in the TechNet forums but this hasn't helped to restore functionality or complete the SP3 installation.  Any guidance would be most appreciated.  Thanks in advance!

Hello All ,

I recived the error  Event ID 5003 Source MSExchangeIS below on Exchange 2013  how can solve the issue.

Log Name:      Application
Source:        MSExchangeIS
Date:          9/3/2015 8:46:12 AM
Event ID:      5003
Task Category: Directory Services
Level:         Error
Keywords:      Classic
User:          N/A
Computer:     Mbx01
Description:
Microsoft Exchange Information Store service has encountered a permanent error while reading information from Active Directory. Details:

Microsoft.Exchange.Server.Storage.DirectoryServices.DirectoryInfoCorruptException: ErrorCode: ADPropertyError, LID: 43420 - RecipientType SystemMailbox is invalid for MailboxGuid .
   at Microsoft.Exchange.Server.Storage.DirectoryServices.Directory.CreateMailboxInfo(IExecutionContext context, ADRecipient adRecipient, MailboxGuidType mailboxGuidType, Guid mailboxGuid, IADTransportConfigContainer transportConfig, IADOrganizationContainer organizationContainer, Boolean tenantMailbox)
   at Microsoft.Exchange.Server.Storage.DirectoryServices.Directory.LoadMailboxInfoByGuid(IExecutionContext context, TenantHint tenantHint, String domainController, Guid mailboxGuid, GetMailboxInfoFlags flags)
   at Microsoft.Exchange.Server.Storage.DirectoryServices.Directory.GetMailboxInfoHelper(IExecutionContext context, TenantHint tenantHint, String domainController, Guid mailboxGuid, GetMailboxInfoFlags flags)
   at Microsoft.Exchange.Server.Storage.DirectoryServices.Directory.GetMailboxInfoImpl(IExecutionContext context, TenantHint tenantHint, Guid mailboxGuid, GetMailboxInfoFlags flags)
   at Microsoft.Exchange.Server.Storage.DirectoryServices.DirectoryBase.GetMailboxInfo(IExecutionContext context, TenantHint tenantHint, Guid mailboxGuid, GetMailboxInfoFlags flags)
   at Microsoft.Exchange.Server.Storage.MapiDisp.MailboxCleanup.GetMailboxInfoFromAD(Context context, TenantHint tenantHint, Guid mdbGuid, Guid mailboxGuid, MailboxInfo& directoryMailboxInfo).
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="MSExchangeIS" />
    <EventID Qualifiers="49156">5003</EventID>
    <Level>2</Level>
    <Task>5</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2015-09-03T05:46:12.000000000Z" />
    <EventRecordID>4026114</EventRecordID>
    <Channel>Application</Channel>
    <Computer>MBX01</Computer>
    <Security />
  </System>
  <EventData>
    <Data>Microsoft.Exchange.Server.Storage.DirectoryServices.DirectoryInfoCorruptException: ErrorCode: ADPropertyError, LID: 43420 - RecipientType SystemMailbox is invalid for MailboxGuid 6547a88b-872e-4f58-bad5-e958c6df161f.
   at Microsoft.Exchange.Server.Storage.DirectoryServices.Directory.CreateMailboxInfo(IExecutionContext context, ADRecipient adRecipient, MailboxGuidType mailboxGuidType, Guid mailboxGuid, IADTransportConfigContainer transportConfig, IADOrganizationContainer organizationContainer, Boolean tenantMailbox)
   at Microsoft.Exchange.Server.Storage.DirectoryServices.Directory.LoadMailboxInfoByGuid(IExecutionContext context, TenantHint tenantHint, String domainController, Guid mailboxGuid, GetMailboxInfoFlags flags)
   at Microsoft.Exchange.Server.Storage.DirectoryServices.Directory.GetMailboxInfoHelper(IExecutionContext context, TenantHint tenantHint, String domainController, Guid mailboxGuid, GetMailboxInfoFlags flags)
   at Microsoft.Exchange.Server.Storage.DirectoryServices.Directory.GetMailboxInfoImpl(IExecutionContext context, TenantHint tenantHint, Guid mailboxGuid, GetMailboxInfoFlags flags)
   at Microsoft.Exchange.Server.Storage.DirectoryServices.DirectoryBase.GetMailboxInfo(IExecutionContext context, TenantHint tenantHint, Guid mailboxGuid, GetMailboxInfoFlags flags)
   at Microsoft.Exchange.Server.Storage.MapiDisp.MailboxCleanup.GetMailboxInfoFromAD(Context context, TenantHint tenantHint, Guid mdbGuid, Guid mailboxGuid, MailboxInfo&amp; directoryMailboxInfo)</Data>
    <Binary>5B444941475F4354585D000024000000FF0B0000000000000002080000009CA9401072090000</Binary>
  </EventData>
</Event>

Hello everyone,

I'm thinking about installation of the 2nd Edge tranposrt server in my Exchange 2013 environment in case something happens with the 1st one I'll be able to receieve/send any messages anyway. Could you tell me whether it is possible or if there're any issues regarding this?

Thank you in advance

Hi,

We are in the process of migrating from Exchange 2010 to Exchange 2013 and all is going good except for 1 thing.

The Autocomplete list feature in OWA. It does not seem to have migrated when we moved the mailbox from 2010 to 2013.When a user is in OWA and they start to type a name it should automatically popup some suggestions, so if they where going to email jondoe@fakeemail.com and they start to type jon it would list jondoe@fakeemail.com as a suggestion

Now I have found some threads here that suggest when moving from 2007 to 2010 that this is by design.

Now I have not found anything in the Technet articles about Exchange 2013 migration that would suggest this is the case here.

So I am wondering if 

1 - Moving a users mailbox from 2010 to 2013, the autocomplete in OWA is not moved/lost as it is in 2007 - 2010

2 - Is there a technet article somewhere that lists what is not moved when doing the migration.

Hi,

We have a customer who has customized OW(below) and need to be migrated when we migrate their exchange 2007 to exchange 2013 Exchange 2013. Is it possible? If yes what we can do and how?

Hi Just a question i have a customer who currently has 1 x cas server and 2 x mbx server. They just bought a few other companies who are going to join them and will grow there numbers to close to 1600 users. I am looking at adding another cas server and was going to make it a multi role server cas+mbx. Once i do the install will this effect the environment i am reading that user could switch over the the new cas immediately even if its not configured. They Have 2 KEMP Loadbalancers which we are setting up right now also. But my question is more what will happen if i install this server just to get it ready. 

Thanks

Good afternoon, all!

I'm setting up a new Exchange infrastructure in our company.  The setup I have is very similar to this posting, except that I have double-checked the IPv6 on both domain controllers and the new 2012 R2 server that Exchange will run on. This server is the first in a planned four-server design: two CAS/Mailbox and two Edge Transport servers. We don't use IPv6 internally yet, so all the IPv6 configs point to link local.  The error after Transport service timed out was:

Error:
The following error was generated when "$error.Clear();
          $maxWait = New-TimeSpan -Minutes 8
          $timeout = Get-Date;
          $timeout = $timeout.Add($maxWait);
          $currTime = Get-Date;
          $successfullySetConfigDC = $false;

          while($currTime -le $timeout)
          {
            $setSharedCDCErrors = @();
            try
            {
              Set-SharedConfigDC -DomainController $RoleDomainController -ErrorVariable setSharedCDCErrors -ErrorAction SilentlyContinue;
              $successfullySetConfigDC = ($setSharedCDCErrors.Count -eq 0);

              if($successfullySetConfigDC)
              {
                break;
              }
              Write-ExchangeSetupLog -Info ("An error ocurred while setting shared config DC. Error: " + $setSharedCDCErrors[0]);
            }
            catch
            {
              Write-ExchangeSetupLog -Info ("An exception ocurred while setting shared config DC. Exception: " + $_.Exception.Message);
            }

            Write-ExchangeSetupLog -Info ("Waiting 30 seconds before attempting again.");
            Start-Sleep -Seconds 30;
            $currTime = Get-Date;
          }

          if( -not $successfullySetConfigDC)
          {
            Write-ExchangeSetupLog -Error "Unable to set shared config DC.";
          }" was run: "Unable to set shared config DC.".

I've checked the ping and DNS resolves, the new server is a domain member.  Here's a section toward the end of the Exchange Installation log:

[09/03/2015 18:21:51.0473] [2] Ending processing Write-ExchangeSetupLog
[09/03/2015 18:21:51.0473] [2] Beginning processing Write-ExchangeSetupLog
[09/03/2015 18:21:51.0473] [2] Waiting 30 seconds before attempting again.
[09/03/2015 18:21:51.0473] [2] Ending processing Write-ExchangeSetupLog
[09/03/2015 18:22:21.0462] [2] Active Directory session settings for 'Set-SharedConfigDC' are: View Entire Forest: 'True', Configuration Domain Controller: 'isc1.iscinternational.net', Preferred Global Catalog: 'isc1.iscinternational.net', Preferred Domain Controllers: '{ isc1.iscinternational.net }'
[09/03/2015 18:22:21.0462] [2] User specified parameters:  -DomainController:'isc1.iscinternational.net' -ErrorVariable:'setSharedCDCErrors' -ErrorAction:'SilentlyContinue'
[09/03/2015 18:22:21.0462] [2] Beginning processing Set-SharedConfigDC
[09/03/2015 18:22:21.0680] [2] The call to Microsoft Exchange Active Directory Topology service on server 'TopologyClientTcpEndpoint (localhost)' returned an error. Error details No Suitable Directory Servers Found in Forest iscinternational.net Site Default-First-Site-Name..
[09/03/2015 18:22:21.0680] [2] No Suitable Directory Servers Found in Forest iscinternational.net Site Default-First-Site-Name.
[09/03/2015 18:22:21.0680] [2] The call to Microsoft Exchange Active Directory Topology service on server 'TopologyClientTcpEndpoint (localhost)' returned an error. Error details No Suitable Directory Servers Found in Forest iscinternational.net Site Default-First-Site-Name..
[09/03/2015 18:22:21.0680] [2] No Suitable Directory Servers Found in Forest iscinternational.net Site Default-First-Site-Name.
[09/03/2015 18:22:21.0680] [2] Ending processing Set-SharedConfigDC
[09/03/2015 18:22:21.0680] [2] Beginning processing Write-ExchangeSetupLog
[09/03/2015 18:22:21.0696] [2] An error ocurred while setting shared config DC. Error: The call to Microsoft Exchange Active Directory Topology service on server 'TopologyClientTcpEndpoint (localhost)' returned an error. Error details No Suitable Directory Servers Found in Forest iscinternational.net Site Default-First-Site-Name..
[09/03/2015 18:22:21.0696] [2] Ending processing Write-ExchangeSetupLog
[09/03/2015 18:22:21.0696] [2] Beginning processing Write-ExchangeSetupLog
[09/03/2015 18:22:21.0696] [2] Waiting 30 seconds before attempting again.
[09/03/2015 18:22:21.0696] [2] Ending processing Write-ExchangeSetupLog
[09/03/2015 18:22:51.0690] [2] Beginning processing Write-ExchangeSetupLog
[09/03/2015 18:22:51.0690] [2] [ERROR] Unable to set shared config DC.
[09/03/2015 18:22:51.0690] [2] [ERROR] Unable to set shared config DC.
[09/03/2015 18:22:51.0690] [2] Ending processing Write-ExchangeSetupLog
[09/03/2015 18:22:51.0706] [1] The following 1 error(s) occurred during task execution:
[09/03/2015 18:22:51.0721] [1] 0.  ErrorRecord: Unable to set shared config DC.
[09/03/2015 18:22:51.0721] [1] 0.  ErrorRecord: System.Exception: Unable to set shared config DC.
   at Microsoft.Exchange.Configuration.Tasks.Task.WriteError(Exception exception, ErrorCategory category, Object target, Boolean reThrow, String helpUrl)
   at Microsoft.Exchange.Configuration.Tasks.Task.WriteError(Exception exception, ErrorCategory category, Object target)
   at Microsoft.Exchange.Management.Deployment.WriteExchangeSetupLog.InternalProcessRecord()
   at Microsoft.Exchange.Configuration.Tasks.Task.ProcessRecord()
[09/03/2015 18:22:51.0753] [1] [ERROR] The following error was generated when "$error.Clear();
          $maxWait = New-TimeSpan -Minutes 8
          $timeout = Get-Date;
          $timeout = $timeout.Add($maxWait);
          $currTime = Get-Date;
          $successfullySetConfigDC = $false;

          while($currTime -le $timeout)
          {
            $setSharedCDCErrors = @();
            try
            {
              Set-SharedConfigDC -DomainController $RoleDomainController -ErrorVariable setSharedCDCErrors -ErrorAction SilentlyContinue;
              $successfullySetConfigDC = ($setSharedCDCErrors.Count -eq 0);

              if($successfullySetConfigDC)
              {
                break;
              }
              Write-ExchangeSetupLog -Info ("An error ocurred while setting shared config DC. Error: " + $setSharedCDCErrors[0]);
            }
            catch
            {
              Write-ExchangeSetupLog -Info ("An exception ocurred while setting shared config DC. Exception: " + $_.Exception.Message);
            }

            Write-ExchangeSetupLog -Info ("Waiting 30 seconds before attempting again.");
            Start-Sleep -Seconds 30;
            $currTime = Get-Date;
          }

          if( -not $successfullySetConfigDC)
          {
            Write-ExchangeSetupLog -Error "Unable to set shared config DC.";
          }" was run: "Unable to set shared config DC.".
[09/03/2015 18:22:51.0753] [1] [ERROR] Unable to set shared config DC.
[09/03/2015 18:22:51.0753] [1] [ERROR-REFERENCE] Id=AllADRolesCommonServiceControl___ee47ab1c06fb47919398e2e95ed99c6c Component=EXCHANGE14:\Current\Release\Shared\Datacenter\Setup
[09/03/2015 18:22:51.0768] [1] Setup is stopping now because of one or more critical errors.
[09/03/2015 18:22:51.0768] [1] Finished executing component tasks.
[09/03/2015 18:22:51.0862] [1] Ending processing Install-BridgeheadRole

I suspect there's a problem with the Site Default-First-Site-Name part - I did specify a new Exchange Organization name during the first part of setup.

One other detail - this is a 2008 R2 domain, and the nearest DC had a problem with the Network Location - it thought the adapter was in the Public zone. I thought this might be the problem and fixed that by disabling/re-enabling the adapter, but that didn't help the Exchange install.  The second DC was probably registering the Exchange information.

Two questions, then: first, can I rescue this installation, or would I be faster or better off killing this server and spinning up a new one (this is on VMware 5.5)?  I would much rather fix this one than start again.  And second, what issues might I encounter as a result of this failed installation?  Will the install wizard pick up the changes to the AD schema?  I'm pretty sure that won't be a problem, but I don't know for certain.

Thanks to all for looking!

Gregg