Hi,
I have two mailbox servers, on one I have a problem when I try to install CU11 (or CU10) : Another version of this product is already installed :
The version installed is Microsoft Exchange 2013 Service Pack 1 (15.0.847.32)
On the second server I didn't have this problem.
Any idea ?
Thank you in advance
Hi,
I am doing an Inter Forest Migration and I have an Exchange 2010 environment in the source and an Exchange 2013 environment in the target.
I am using the New-MoveRequest command to migrate the mailbox and the process is working fine but every now and again I am getting mailbox failing with Fatal error TooManyLargeItemsPermanentException has occurred.
These messages that are failing the migration are from 30MB to over 100MB in size. I have work arounds like
get-moverequest 'JOE BLOGGS'|set-moverequest –LargeItemLimit 3
resume-moverequest 'JOE BLOGGS'
My questions are -
Thanks
Dear NC,
i am unable to edit the CAS Server virtual directories settings and CAS Server settings like "outlook anywhere" from the Exchange ECP.
I get the following errors:
The version of Internet Information Services (IIS) that is running on server 'CAS01.domain.tld' can't be determined. This error can occur due to network connectivity issues. Check the availability of your network and try again. Parameter name: Server
and
An error occurred while accessing the registry on the server "CAS01.domain.tld". The error that occurred is: "the network path was not found. ".
At the same time i get following Warning entry in the Event Log:
ID: 1309, ASP.NET 4.0.30319.0
Event code: 3005
Exception information:
Exception type: HttpException
Exception message: the client has disconnected the connection.
bei Microsoft.Exchange.HttpProxy.ProxyRequestHandler.EndProcessRequest(IAsyncResult result)
bei System.Web.HttpApplication.CallHandlerExecutionStep.OnAsyncHandlerCompletion(IAsyncResult ar)
I have a fully new clean and fresh installation with 1 ADS, 1 MBX and 1 CAS Server all running on Windows 2012 Server Standard.
Editing the MBX Servers settings works fine.
Hi AL
I have this problem where I have created a new Cert with StartSLL. I have done this via EAC to create the request. When trying to compete the new cert it allows to find the new cert but then just competes and doesn’t allow me to add to any services. Also states pending request. I have tried to use power shell to finish as suggested in some other forums. When running power shell commands
cmdlet Enable-ExchangeCertificate at command pipeline position 1 Supply values for the following parameters:
Services: SMTP,IIS,IMAP,POP Thumbprint: 9A88FEFDCDC8D551208CF5FE0E4FBDB9B7268C13 A special Rpc error occurs on server SERVER2012: The certificate with thumbprint 9A88FEFDCDC8D551208CF5FE0E4FBDB9B7268C13 was found but is not valid for use with Exchange Server (reason: PrivateKeyMissing). + CategoryInfo : NotSpecified: (:) [Enable-ExchangeCertificate], InvalidOperationException + FullyQualifiedErrorId : [Server=SERVER2012,RequestId=ab311308-0170-419d-a80a-667b6ddad948,TimeStamp=06/03/2016 1 5:49:51] [FailureCategory=Cmdlet-InvalidOperationException] FE608A15,Microsoft.Exchange.Management.SystemConfigura tionTasks.EnableExchangeCertificate
Then trying to fix via this method
certutil -repairstore my “Serial Number”
I get the following error
CertUtil: -repairstore command FAILED: 0x8009000b (-2146893813 NTE_BAD_KEY_STATE)
The reason I am trying to resolve this is because I am getting the following “the name on the security certificate is invalid or does not match the name of the site”
This only stated happening when getting Autodiscover to work correctly
I am out of ideas and would appreciate any help
Cafahag
Based on my question here:
https://social.technet.microsoft.com/Forums/windowsserver/en-US/af63cd8d-a9c4-4575-a3b6-bfb7959c7fae/fresh-recommendations-for-ad-install-valid-fqdn-or-locallike?forum=winserver8setup
I would like to ask the same question in terms of Exchange issue.
If I chosse .local, .lan TLD's or domain nanes that we do not own, will I get into any issues regarding Exchange setup? Certificates or similar?
We will have clients accessing our local network that we do not have ownership on (BYOD) and that are not joined into out AD. I am saying this in terms of deployment of root certificates which will be hard to deploy automatically.
Regards, Lars.
Hello,
Virtual Server - Windows server 2012 R2 latest updates w/ Exchange 2013 Update 11.
If I add an RD Gateway Certificate, it relates itself to the IIS Exchange Back End 443 certificate. Exchange Back End doesn't have a 443 port, only a 444 port so RD Gateway automatically creates a 443 port in the Exchange Back End site. There is already a 443 in the Default Web Site so the Exchange Back End won't start. I can get the Exchange Back End to start by removing the 443 binding but next time I open RD Gateway, it gives me the error below.
So the question is, is there a way to get RD Gateway to look at the Default Web Site for its associated 443 port and certificate instead of looking at, and automatically creating the port and certificate in the Exchange Back End site?
Thank for all your help,
Robert
I am migrating mailboxes from Exchange 2010 to Exchange 2013.
I migrated a few test mailboxes, in a batch which worked fine. I then migrated a batch of two old mailboxes that are active but not really used and they worked fine. I then migrated my mailbox and another IT users in separate batches and the migration completed with errors. The error is as follows:
"Warning: Failed to set RehomeRequest on some of the requests related to the mailbox after the move. Error details: Too many cleanup retries, giving up."
I followed the advice here and the same thing still happens:
https://social.technet.microsoft.com/Forums/office/en-US/8898e822-c371-4dd2-9814-6c1fea5c6305/failed-to-set-rehomerequest-too-many-cleanup-retries?forum=exchangesvrdeploy
I am using the same account that worked on the previous batches.
Any advice?
Good morning,
We have an issue regarding two shared mailboxed that has been migrated from Exchange 2013 to Office 365, let's call them "Shared1" and "Shared2".
We have a local Exchange 2013 server (CU9) on site and we have split DNS for the namespace.
When users are connected to the corporate network and are using internal DNS, the content of "Shared1" is the same as "Shared2". When users are on an external network and using external DNS, the content of "Shared1" is as expected, but we have to set up a new profile or run repair on an existing one to fix it.
When checking the mailboxes via OWA, the content is always as expected.
Any comments or help regarding how to troubleshoot this issue is much appreciated. Thanks!
Dear all,
I have a question. I applied a wildcard cerificate and enabled it on a existed CAS/mailbox server, I found the IIS enabled on both certificates.
A33A1A36D8A75rr982924D2B726FF15EA5894870 ...WS.. CN=*.contoso.com, OU=Technical & Product, O…
7B384E579rr359F9A64786DD1EABFFF22970E14DAF IP.WS.. CN=mail.contoso.com, OU=IT, O=contoso, L=sh, S=sh, C=CN
242FCttwqe24CFEF3D52741F49EC2ECFF3F8B829E96 ....S.. CN=CAS03
FD3103EC59EA0reqw906BEC515BD0FF36BE2A1ABBA ....... CN=WMSvc-CAS03
98Are7B6B6BC06684CDC704FB6F71282CCF3D99 ....S.. CN=Microsoft Exchange Server Auth Certificate
I installed a new CAS and imported and enabled the wildcard certificate on it, and found the same problem. I also tested it in my lab and the same issue. I search it on internet and found someone have the same issue.
B5299C189EAA9F26C184EBEF04A663BCBF78105B ...WS.. CN=*.domain.ca, OU=Domain Control Validated
154A8E170A7D63A652ABB170EE2A78F8EF216C56 ....S.. CN=Microsoft Exchange Server Auth Certificate
4EA39FFBDC3E34C9F4744E68401260E90881952E ....S.. CN=SV-EXC01
00A7A40DF43537773E55B80DB40481E0838BB6F4 ....S.. CN=SV-EXC01
2B036F91D7CA4B40DBBA89AF39EFA3DB113E21CA ....S.. CN=Microsoft Exchange Server Auth Certificate
4963004A657CBE913DD2CACA4D40C25DD80B5DD3 ...WS.. CN=SV-EXC01
0E005F4443C44880A50C41EFAAD1378CA9C701EB ....... CN=WMSvc-SV-EXC01
Can you please have a check it? Thanks.
Windows 2012 + exchange 2013 cu10
And Windows 2012 r2 + exchange 2013 cu10
<p style="margin:0cm 0cm 0pt"><span lang="EN-US" style="color:#0070c0; font-family:"Segoe UI","sans-serif"; font-size:10pt">Frank Wang<br/> TechNet Community Support</span></p><p style="margin:0cm 0cm 0pt"><a href="http://blogs.technet.com/b/onescript" rel="nofollow"><img src="https://xnoegg.bay.livefilestore.com/y1plmwd9pFqoTZWcmr6-bsBuS7hTcNbr8YdT4WL3RRAuhDPVyUUOVchQt3EexNEBj4xYyornsD1kyLmtVqqsDfKv3PEEg9ejQzT/signature.jpg?psid=1" alt="" width="430" height="30.2"></a></p>
Hi,
I installed Exchange Server 2010 on Windows server 2012 Essentials. I demoted the 2012 server and made it a member server to the Domain Controller, Windows 2012 and Installed Exchange 2010. I prepared and did the pre-requirements and the schema was updated.
After the install of Ex2010 I installed service pack 3 and that's when everything went to hell. The Exchange Management shell would initialize and open and I can see the roles. I just can't expand the roles. I researched some of the things suggested and didn't work.
Trying to fix the problem solved nothing and the server became slow, almost unstable. I tried to use the recover switch and didn't fix nothing. So I decided, if this doesn't work then I will uninstall Exchange 2010 and start over. There was error, said there was a mailbox in the database.
I found the tech article to remove the mailbox. Turns out there was two of them. I was able to delete one, but not the other one. I tried to figure out why, but was unsuccessful.
I ended up using the restore to default factory on the server as the last resort. I forgot about the schema and it's still in the domain controller. I did try to install Exchange 2013 and I get an error that tells me to remove the 2010 exchange server.
So how do I fix this on a live production server to remove the Schema. The DC servers only purpose is for file storage and user authorization and 1 program that looks at a flat database file for the software that runs on the clients computers. Only 3 computers have access to this flat database file.
Please help. I know I might be missing some information that you may need to know. Just ask, I hope what I explained helps.
Hello,
I'd like to use command ( on my Exchange 2013 CU5 / to test MAPI over HTTP ):
Test-OutlookConnectivity -RunFromServerId <ServerName> -ProbeIdentity OutlookMapiHttpSelfTestProbe
I checked by Get-MonitoringItemIdentity that probe OutlookMapiHttpSelfTestProbe doesn't exist in my environment.
Is it possible to change this ?
best regards Janusz Such
Hi,
I upgraded two separate test forests from CU10 to CU11. The versions before the upgrade are Exchange 2010 Sp3 RU11 and Exchange 2013 CU10. In both forest I see the same behavior;
The accounts used worked and still work fine in CU10 and have not been altered. Accounts I tested with are member of Domain Admins and Organization Management. I should be able to virtually anything.
With account 1, I connect to the CU11 server I cannot see the Exchange 2013 servers anymore. I also cannot see any databases or other resources on the other Exchange 2013 servers. If I connect to the Exchange 2013 CU10 server I can see all the other Exchange 2013 servers including the CU11 server.
With account 2, I connect to the CU11 server and I can see everything. Connecting to a CU 10 server still works fine
The only workaround that I could find is to create a new account and that works flawlessly. Moving the failing account to an Exchange 2013 CU11 database did not make a difference.
Using the account that fails using CU11 I also cannot perform a get-mailboxdatabase.When I try to do a new-moverequest for instance and I get an accessdenied exception...
The operation couldn't be performed because object 'mbxdb13100' couldn't be found on 'dc001.testdomain.com'.
below some examples using a simple get-exchangeserver cmdlet.
--------------------Situation 1------------------
Working, CU10, administrator@testdomain.com
VERBOSE: Connected to Exchange201302.testdomain.com
[PS] C:\Windows\system32>Get-ExchangeServer | select name,edition, admin*
Name Edition AdminDisplayVersion
---- ------- -------------------
EXCHANGE201001 StandardEvaluation Version 14.3 (Build 123.4)
EXCHANGE201302 StandardEvaluation Version 15.0 (Build 1130.7)
EXCHANGE201303 StandardEvaluation Version 15.0 (Build 1156.6)
____________Situation 2___________________
Fault - CU11 administrator@testdomain.com
VERBOSE: Connected to exchange201303.testdomain.com
[PS] C:\Windows\system32>Get-ExchangeServer | select name,edition, admin*
Name Edition AdminDisplayVersion
---- ------- -------------------
EXCHANGE201001 StandardEvaluation Version 14.3 (Build 123.4)
--------------Situation 3, another account who appearently kept its permissions--------------
Correct, CU11 admin2@testdomain.com
VERBOSE: Connected to Exchange201303.testdomain.com
[PS] C:\Windows\system32>Get-ExchangeServer | select name,edition, admin*
Name Edition AdminDisplayVersion
---- ------- -------------------
EXCHANGE201001 StandardEvaluation Version 14.3 (Build 123.4)
EXCHANGE201302 StandardEvaluation Version 15.0 (Build 1130.7)
EXCHANGE201303 StandardEvaluation Version 15.0 (Build 1156.6)
__________________
Regards,
Thorwald
Thorwald van Elburg
Hi,
Got a bit of a strange question here... hoping someone may be able to offer some advice.
I’ve inherited an Exchange 2007 email environment with 1700 ish mailboxes. In my Exchange Organisation there is also a 2013 server presence which consists of 2 x Client Access Servers and 3 Mailbox servers, which have been set-up as part of a DAG (along with a DAG Witness Server).
The person who set this up, has since left the company, and left no documentation – great…
Anyway, to cut a long story short, I’m totally in the dark as to where he got to with the set-up and configuration. I know for certain that no mailboxes ever got to the 2013 servers, and apart from being physically there, they are not used for anything. I’m having various issues (mailbox databases won’t mount, can’t move mailboxes from 2007 to 2013 etc) and I’m starting to think I’d be better off starting again. To be honest the DAG set-up is most probably overkill for our environment, especially as we are hosting all of these servers in VMWare.
So, basically, my question is, has anyone ever had to remove 2013 Server from their organisation, and then re-introduce a fresh installation? What are the pitfalls, and should it be attempted?
Is it just a case of removing Exchange from the said servers, keeping a couple of servers that will run all the exchange roles and start again? (I definitely want to ditch the DAGS)
Any advice would be very much appreciated.
Thanks
Hi All,
Getting extremely frustrated now with a new Exchange 2013 installation on a Windows Server 2012 VM...
After having a lot of problems with the installation (didn't uninstall visual c++ which caused failure, then needed to delete the AD Microsoft Exchange System Objects group due to permission failures, etc) I've now got a fully installed Exchange server. Still, now I cannot figure out how to fix my next problem - Accessing the EAC/ECP.
I've searched every possible web guide/forum thread and the only one which is the same issue I'm having is this one: http://social.technet.microsoft.com/Forums/en-US/exchangesvradmin/thread/89c42771-78c9-4d94-88e5-557320eccc71
Unfortunately, as you can see in that thread, it is still unresolved.
Current Issue: trying to access https://localhost/ecp (or any other variation) returns a 404 Not Found.
The error page points the physical path to c:\inetpub\wwwroot\ecp however that folder does not exist. I have tried manually changing the IIS site (Exchange Back End) to point its physical path to C:\Program Files\Microsoft\Exchange Server\V15\ClientAccess\ecp which seems to be valid, however it doesn't work...
Not sure what else to do... HELP!
Oli
hi,
i've got problem when update to cu8.
the file 'c:\program files\microsoft\exchange server\v15\transportroles\agents\hygiene\asdat.msi' is not a valid installation package for the product microsoft exchange 2007 standard anti-spam filter updates. try to find the installation package 'asdat.msi' in a folder from which you can install microsoft exchange 2007 standard anti-spam filter updates.
please help me..
Hello,
I am an Exchange newbie trying to setup Exchange 2013 on Server 2012 in a lab environment. I keep hitting an error (form the logs below). From what I can surmise, it is saying that the network service account cannot access the fqdn certificate
that corresponds to the server I am trying to install Exchange on (the thunmbprint matched). Can anyone tell me how to resolve this.......I would really appreciate some help. Thank you in advance! My email is
nigelgreen1@gmail.com
[03-10-2016 18:36:40.0786] [1] [ERROR] The following error was generated when "$error.Clear();
Install-ExchangeCertificate -WebSiteName "Exchange Back End" -services "IIS, POP, IMAP" -DomainController $RoleDomainController -InstallInTrustedRootCAIfSelfSigned $true
if ($RoleIsDatacenter -ne $true -And $RoleIsPartnerHosted -ne $true)
{
Install-AuthCertificate -DomainController $RoleDomainController
}
" was run: "Could not grant Network Service access to the certificate with thumbprint 707ACDEA1A37E11B3FB737B9DAF7E59ABA60BC70 because a cryptographic exception was thrown.".
[03-10-2016 18:36:40.0786] [1] [ERROR] Could not grant Network Service access to the certificate with thumbprint 707ACDEA1A37E11B3FB737B9DAF7E59ABA60BC70 because a cryptographic exception was thrown.
[03-10-2016 18:36:40.0786] [1] [ERROR] Access is denied.
We are deploying exchange 2013 into our existing 2007 Organisation and I am trying to do an initial mailbox migration of some test mailboxes. However, they are stuck at synching status.
Running Get-movemailboxstatistcs show the following messages:
Job is waiting for resource reservation. MRS will continue trying to pick up this request. Details: Resource reservation failed for 'DAG1-DB01/MdbWrite' (MdbReplication(DAG1-DB01)): load ratio 1.79769313486232E+308, load state'Critical', metric 52428800. This resource is currently unhealthy.
Job is waiting for resource reservation. MRS will continue trying to pick up this request. Details: Resource reservation failed for 'DAG1-DB02/MdbWrite' (MdbReplication(DAG1-DB02)): load ratio 25, load state 'Overloaded', metric 52428800. This resource is currently unhealthy.
There are two migration jobs trying to run moving one mailbox each. DB01 & DB02 are on different servers in the DAG.
The Exchange 2013 infrastructure is a 8 node DAG, cross site deployment with 4 nodes in Primary DC and 4 Passive nodes in DR DC.
Servers are physical with 16 cores and 64 GB of RAM.
Databases are located on local 1 TB NL-SAS in JBOD configuration.
Default databases created during install have been removed.
All DAG member are dual role with CAS load balanced through hardware LTM.
There servers are currently doing nothing so I don't understand why they are showing these load state errors.
Any pointers would be greatly appreciated, have I missed something?
Cheers, Andy
Good day,
We have:
* Existing E2007 Sp3 latest Rollup on SRV2008 (With user certs for ActiveSync(External + Internal)
* Fresh Installed Exchange 2013 CU10 on Server 20012 R2 (Only Test user on other side)
* Enterprise CA on Server 2008 (Ships SHA1 Certs no migrated to SHA256)
* User Cetrificate Authentication for Iphone and Android (No user cert auth W7 client side needed)
Problem:
A 2013 test user is able to do ActiveSync test with EAD Mobilitydojo.net tool (No cert/NO CBA)
Same test user is unable to authenticate with a user cert file and >User based Certificate Authentication (CBA) on E2013< for Activesync
* Second Exchange 2013 complete full Setup no errors for testing same behavior.
* Did rebuild of Acticesync Virtual Directory
In the Exchange Activesync MD test Tool from Mobilitydojo.net we have the cert correct with Filename and Password. H:\migration\exchange_2007_2013\eas\2007_personal.pfx.
* The IPHONE profile and Certificate is put on with USB cable and Apple Enterprise Utility
* if i switch back to the Exchange 2007 with CBA and same method it works. So it's the same IPHONE and i asume then the trust to the Internal CA (Which is the same for 2007/2013) is not the source.
--------------------------------------------- ERROR we see there if it does not work -----
testing HTTP GET:
Response: The remote server returned an error: (403) Forbidden.
Explanation:
The server requires SSL and will not let you connect over HTTP.
(For instance trying to connect over HTTP while IIS requires SSL.)
Status: Further action required
--------------------------------------------- ERROR we see there if it does not work -----
Please help if you can. ;-)