O-Xchange Notes from the Field!

Thursday, July 31, 2014

Set up an Exchange connection to your email in Outlook 2010 or Outlook 2013

Follow these steps.

1. Open Outlook 2010 or Outlook 2013. If the Microsoft Outlook Startup wizard appears, on the first page of the wizard, click Next. Then, on the E-mail Accounts page, click Next to set up an email account.
If the Microsoft Outlook Startup wizard doesn't appear, on the Outlook toolbar, click the File tab. Then, just above the Account Settings button, click Add Account.

2. On the Auto Account Setup page, Outlook may automatically fill in the Your Name and E-mail Address settings based on how you're logged on to your computer. If the settings are filled in and they're correct, click Next to have Outlook finish setting up your account. If the settings on the Auto Account Setup page aren't filled in or aren't correct, do the following:

      If the settings on the Auto Account Setup page aren't filled in, type the correct settings based on the information that was provided to you by the person who manages your email account.
      If the name in the Your Name box isn't correct, you may need to reset the options on the Auto Account Setup page before you can edit your name. To reset the options, click the option button next to Manually configure server settings or additional server types, and then click the option button next to E-Mail Account.

3. After you click Next on the Auto Account Setup page, Outlook will search online to find your email server settings. You'll be prompted to enter your user name and password during this search. Make sure that you enter your full email address (for example, tony@contoso.com) as your user name.

If Outlook is able to set up your account, you'll see the following text: “Congratulations! Your email account is successfully configured and ready to use.” Click Finish.


Wednesday, July 30, 2014

Configuring a new identity for Outlook 2011

Scenario:  You wish to create a new identity for Outlook 2011 and re-configure Outlook 2011 with your exchange mailbox.

1. Open the Microsoft Database Utility. The default location is in /Applications/Microsoft Office 2011/Office/.  Tip: You can also open the Database Utility if you close Outlook, hold down the OPTION key, and then click the Outlook icon in the Dock.

2. Do one of the following:
   1. Create a new identity:  Click Add via the + button and type a name for the new identity.
   2. Rename an identity: Double-click the identity, and then type a new name for the identity.
   3. Delete an identity: Click the identity you wish to remove and click delete via the - button.

3. Switch the identity:
   1. Click on the identity you wish to become active.
   2. Click the gear button and choose 'Set as Default'.

4. Open Outlook:
   1. If this is the first time you've opened Outlook 2011, you will be automatically prompted to add an account. If you have an account configured already, click on Tools --> Accounts from the menu bar. Click the + and add an Exchange… account.
   2. In the Welcome to Outlook for Mac window, check Make Outlook the default application for e-mail, calendar, and contacts.  Click on Add Account.
   3. In the Add an Account window, click on Exchange Account.
   4. In the Enter your Exchange account information, enter the following and click Add Account.
        a. E-Mail Address
        b. Select User Name and Password for the Method.
        c. User name *include Domain\ in front of the user name.
        d. Password
        e. Check configure automatically.

5. Exit out of the Accounts window.

Outlook 2011 is now configured and your email will start downloading momentarily.

Tuesday, July 29, 2014

Issue: Not able to see outbox in OWA with IE,  if your account is in O365 or if you don't have the option to pick enable the light version of Outlook Web App for the blind and low vision experience.

Solution. Enable Light version of OWA by modifying the url.

Type "/?layout=light" after /owa without the quotes.
Example: the URL now looks like this:

Exchange Health Manager has restarted a server even though a Global Monitor Override was in place.

Scenario:  You have a GlobalMonitoringOverride configured to prevent the reboot of an Exchange Server for a specific Exchange Health Monitor responder, but MSExchangeHMWo still rebooted the server anyways.   In our example below, we have an existing global monitor override that should prevent reboots for the responder "ActiveDirectoryConnectivityConfigDCServerReboot". 

Cause:   The globalmonitoringoverride had an expiration date for 60 days after it was set.

Resolution: Remove the existing GlobalMonitoringOverride and replace it.

step 1 - View the current globalmonitoringoverride


step 2 - View the log file associated with the reboot for the Repsonder

(Get-WinEvent -LogName Microsoft-Exchange-ActiveMonitoring/responderdefinition | % {[XML]$_.toXml()}).event.userData.eventXml | ?{$_.Name -like “ActiveDirectoryConnectivityConfigDCServerReboot"} | ft name,enabled

 step 3 (only if you have override setup already)

remove-GlobalMonitoringOverride -Identity Exchange\ActiveDirectoryConnectivityConfigDCServerReboot -ItemType Responder -PropertyName Enabled  

Step 4  - Apply Either of the options below.

Apply based on duration of 60 days

Add-GlobalMonitoringOverride -Identity Exchange\ActiveDirectoryConnectivityConfigDCServerReboot  -ItemType Responder -PropertyName Enabled -PropertyValue 0 -Duration 60.00:00:00

Apply based on Exchange version

Add-GlobalMonitoringOverride -Identity AD\ActiveDirectoryConnectivityConfigDCServerReboot -ItemType Responder -PropertyName Enabled -PropertyValue 0 –ApplyVersion "15.00.0847.32"
Step 5 - Restart the "Microsoft Exchange Health Manager" service

Monday, July 28, 2014

Outlook 2013: Conditional formatting settings will not save.
Resolution: run outlook from command line with the /cleanviews switch.
Example: "C:\Program Files (x86)\Microsoft Office\Office15\OUTLOOK.EXE" /cleanviews

Thursday, July 24, 2014

Working with Mailbox Rules in Powershell

Working with Mailbox Rules in Powershell

1. Get all forwarding rules in an organization:

foreach ($i in (Get-Mailbox -ResultSize unlimited)) { Get-InboxRule -Mailbox $i.DistinguishedName | where {$_.ForwardTo} | fl MailboxOwnerID,Name,ForwardTo >> C:\AllForwardRules.txt }

2. To get inbox rules for a mailbox:

Get-Inboxrule. You can also do get-inboxrule | Fl to see details of the rule

3. Type Get-command *inboxrule* to see list of commands for inbox rules

4. To remove a rule, type get-inboxrule | remove-inboxrule

5. Create inbox rule called Junk for a set of users in a particular OU called Test. this will rule will move messages with subject 'spam" to a folder called
Junk email

$mailboxes = Get-mailbox -organizationalUnit test
$mailboxes | % { }
$mailboxes | % { New-inboxrule -Name Junk -mailbox $_.alias -subjectcontainswords "[spam]" -movetofolder "$($_.alias):\Junk Email" }

Scenario: Customer is running Exchange 2010 and Exchange 2013 servers in coexistence. The servers have the latest rollups and patches. Users using Outlook 2013 with mailbox on Exchange 2013 are not able to edit calendar of an Exchange 2010 mailbox user.

Note that customer is running Windows 7(sp1) and Outlook 2013 sp1

Resolution:  Run windows update and ensure Outlook and Office 2013 are all patched to this version: 15.0.4615.1000

Wednesday, July 23, 2014

Exchange server is unavailable error from a CX 600 Lync Phone

Error:  Exchange server is unavailable error from a CX 600 Lync Phone

Synopsis: This error is expected. No matter which Lync Phone Edition - Information Worker (Aastra 6725ip, HP 4120 and Polycom CX600) or Common Area device that supports "PIN and Extension Login" you like to use. This is because the Authentication Method that really is used when PIN & Extension Login is performed is: the new Lync TLS-DSK, a kind of certificate based (Derived Session Key - DSK) authentication.

TLS-DSK is not supported by the Exchange Webservices (EWS,UM, OAB, etc.). So a device that only has a Derived Session Key (an not the full AD user credentials, for e.g. NTLM Authentication, which is supported by Exchange Webservices), will never be able to Logon to Exchange, till Exchange also supports TLS-DSK.

When tethering an Information Worker Phone via USB, you provide your full AD user credentials to the device (via a Lync client POP-UP-Dialog). This credentials allow the device to use NTLM Authentication when it logs into Exchange Webservices. The same, if you use a Tanjay (CX700 or LG Nortel IP8540) and enter your full credentials via the full quertz keyboard in Touch-Display. But no matter if you use devices or the Lync client itself, all of them support TLS-DSK, cause it is the only authentication method that can work without an DC (Domain Controller) available. In case of outages or SBA (Branch Survivabilty) scenarios, TLS-DSK will continue to work, while NTLM or Kerberos will stop till a DC becomes available again.

Resolution: Plug usb port of lync phone to a computer with Lync enter AD credentials when prompted. USB cable can unplugged given that the AD credentials will now be cached on the Lync phone

Troubleshooting Lync Phone Edition Issues

The link below is an article that helps troubleshoot Lync Phone Edition Issues

Troubleshooting Lync Phone Edition Issues

Script for converting Bounce Back LegacyExchangeDN to the X500 format

Scenario:  You have to convert the LegacyExchangeDN that is being provided to you in bounce back emails with the special charter formatting into an X500 address.  This may need to be done if mailboxes are disabled and recreated as new mailboxes or when performing migrations.  

From the bounce back message, copy and paste the address into the $Addr variable below and then execute this script:


$Repl= @(@("_","/"), @("\+20"," "), @("\+28","("), @("\+29",")"), @("\+2C",","), @("\+5F", "_" ), @("\+40", "@" ), @("\+2E", "." ))

$Repl | ForEach { $Addr= $Addr -replace $_[0], $_[1] }

$Addr= "X500:$Addr" -replace "IMCEAEX-","" -replace "@.*$", ""

Write-Host $Addr

Install the Exchange 2013 Management Tools

Follow the link below for instruction on how to install the Exchange 2013 Management Tools.

Install the Exchange 2013 Management Tools

Script to see ActiveSync Device Statistics from a filtered Mailbox List.

Scenario: Customer wants to a list of all users with active mobile devices so they can see lastsuccesssync, devicepolicyapplied, etc of the devices

$Mailboxes = Get-CasMailbox -Filter {HasActiveSyncDevicePartnership -eq $True -and -not displayname -like "CAS_{*" -and -not displayname -like "Extest_*"} –ResultSize Unlimited

$Devices = $Mailboxes | %{Get-ActiveSyncDeviceStatistics –Mailbox $_.Identity}

$Devices | Export-CSV -Path C:\scripts\test.csv

Monday, July 21, 2014

Get a list of all the servers with a specific eventid in the eventlog.
Example below is for finding eventid 6008.

$servers = gc C:\servers.txt
foreach ($server in $servers)
    $events = Get-EventLog -ComputerName $server -LogName "System" | Where-Object {$_.EventID -eq "6008"}
    if ($events -ne $null)
        foreach ($event in $events)
            $time = $event.TimeGenerated
     Write-host $time $server

Accessing a shared Calendar of a Exchange 2010 mailbox from an Exchange 2013 mailbox via OWA

Scenario:  A mailbox on Exchange 2013 SP1 cannot open or edit calendar entries of an Exchange 2010 SP3 mailbox using OWA (Outlook Web App).  Attempting to open the calendar entry does not appear to do anything. The user has explicit rights to this shared calendar.

Cause:  Per Microsoft, this is an unsupported configuration for OWA.  This is by Microsoft design.

Work Arounds: 
1. Use an Outlook client to view calendar information between the 2013 and 2010 mailboxes.  
2. Move the Exchange 2010 mailbox to Exchange 2013.

Reseed Exchange Database Copy via Exchange Powershell

Below are the steps to reseed a Database Copy via Exchange PowerShell. The database copy that needs to be reseeded is DB01 on the mailbox Server MBX04.  We will use the server MBX03 that has a healthy database copy to perform the reseed.

1. Check to see if the problematic database copy has a failed and/or suspended status:
          get-mailboxdatabasecopystatus DB01

2. If the database copy is already failed and/or suspended, you can skip this step. If the database copy you wish to reseed has a status of healthy, you must suspend the database copy:
          suspend-mailboxdatabasecopy  DB01\MBX04

3. To reseed the mailbox database copy, run the following:
          update-mailboxdatabasecopy DB01\MBX04 -sourceserver MBX03 -DeleteExistingFiles

Tuesday, July 15, 2014

Set accepted IP ranges to a receive connector with powershell

Task: Set accepted IP ranges to a receive connector with powershell

Set-ReceiveConnector -RemoteIPRanges '','','' -Identity 'server\Default server'

Configure message throttling for your organization with recipient rate limit of 5000 and message rate limit of 20

Task: Configure message throttling for your organization with recipient rate limit of 5000 and message rate limit of 20

Use this command:

New-ThrottlingPolicy -Name fightspam -RecipientRateLimit 5000 -MessageRateLimit 20  

Now Apply policy to particular mailbox:

Set-Mailbox -Identity user_alias -ThrottlingPolicy fightspam

Use this command to apply to an Organizational Unit:

get-mailbox -OrganizationalUnit 'domain/OU' -resultsize unlimited | set-mailbox -Throttling

Policy fightspam

Outlook 2013 slow to connect to exchange server.

Issue: Outlook 2013 slow to connect to exchange server.

Resolution: Enabled diagnostic logging and reviewed the OPMLOG.Log file.
Found this error message; Failed to initialize resource manager (hr = 0x80040401)

Steps to resolution: Closed and reopened Outlook. Still didn't work

Exit Outlook. Check task manager for outlook.exe and end process
Exit Lync

Restarted Outlook and It worked

Create transport rule that forwards emails

Task: create transport rule that forwards emails sent to test@test.com and copy to test2@test.com

New-TransportRule -Name 'test' -Comments '' -Priority '0' -Enabled $true -SentTo 'test@test.com' -CopyTo 'test2@test.com'

event ids 7001/17106

Issue: event ids 7001/17106

Transport Mail Database: MSExchangeTransport has detected a critical storage error, updated the registry key (SOFTWARE\Microsoft\ExchangeServer\v14\Transport\QueueDatabase) and as a result, will attempt self-healing after process restart.

The transport service will be stopped. Reason: A failure occurred in a transport database operation.


stopped transport

remove old queue database

restart transport service

Mail started flowing

Monday, July 14, 2014

Configure Automatic Reply for a mailbox via Powershell

Setting Automatic Reply, or Out of Office Message, via Exchange Powershell. Below shows you how to schedule an Automatic Reply, enable it, and disable it.

Enable it (It stays on until its disabled):
Set-MailboxAutoReplyConfiguration -Identity batman -AutoReplyState Enabled -InternalMessage "Internal auto-reply message." -ExternalMessage "External auto-reply message."

Scheduled (must use start and end time parameters) :
Set-MailboxAutoReplyConfiguration -Identity batman -AutoReplyState Scheduled -StartTime "7/10/2012 08:00:00" -EndTime "7/15/2012 17:00:00" -InternalMessage "Internal auto-reply message" -ExternalMessage "External auto-reply message"

Disable it:
Set-MailboxAutoReplyConfiguration -Identity batman -AutoReplyState Disabled

Setup wizard for Update rollup for Exchange ended prematurely because of an error.

Error: Setup wizard for Update rollup for Exchange ended prematurely because of an error. Your system has
Not been modified.

Synopsis: When you check event viewer, you see this error: Microsoft Exchange Server - Update 'Update Rollup 6 for Exchange Server 2010 Service Pack 3 (KB2936871)'
Could not be installed. Error code 1603.

Resolution:  The recommended process for installing update on a server is by using an elevated command prompt.
Open a CMD with run as administrator and start the installation with this command:

Msiexec  /update  Exchange-KBtest-x64-en.msp

Outlook is unable to connect to the proxy server. (Error Code 0)

Scenario:  Users using Microsoft Outlook receive a pop up saying that Outlook is unable to connect to the proxy server. The exact error is:

There is a problem with the proxy server's security certificate. The name on this security certificate is invalid or does not match the name of the target site mail.domain.com.  

Outlook is unable to connect to the proxy server. (Error Code 0) 

Resolution:  We noticed that the Certificate Principal Name had a invalid value in the Outlook Profile.  In our case it showed a '-' in the field for 'Only connect to proxy servers that have this principal name in their certificate:'.  When we ran this command-let in Exchange Shell: Get-Outlook Provider, we saw there was a '-' for the Server and CertPrincipalName property.  This was causing autodiscover to hand this value out to Outlook Clients.  We resolved by resetting these values to $null:

Set-OutlookProvider EXPR  -server $null -CertPrincipalName $null

Cannot Remove a Move Request in Exchange

Scenario:  Currently a mailbox move has been stuck 'in progress'.  The database it was moving to is now down or cannot be accessed.  You cannot remove a move request for a mailbox. Running the Remove-moverequest with the -moverequestqueue and -mailboxguid parameters did not work either as suggested by other articles.

Solution:  In ADSI Edit (Default Naming Context mode), locate the user account and right click for properties. Clear the two attributes associated with that user account:   msExchMailboxMoveFlag  &   msExchMailboxMoveStatus

Friday, July 11, 2014

Get Mailbox Folder Statistics that includes Dates of the Oldest and Newest Mail Items

Get-MailboxFolderStatistics rdanie21 -IncludeOldestAndNewestItems  | Sort name | Select Name, Folderpath, ItemsInFolder, FolderSize, OldestItemReceivedDate You want to list the mailbox folders for a mailbox and include the date of the oldest item within that folder.

Run the following:

Get-MailboxFolderStatistics mailbox -IncludeOldestAndNewestItems  | Sort name | Select Name, Folderpath, ItemsInFolder, FolderSize, OldestItemReceivedDate

Tuesday, July 8, 2014

Perform IIS reset on multiple servers at once.

Perform IIS reset on multiple servers at once. Displays status after reset. 

#Specify servers in an array variable, Make sure you change the where statement.
[array]$servers = get-exchangeserver | where {$_.identity -like "esg*" -and $_.AdminDisplayVersion -match "version 15.0*"}

#Step through each server in the array and perform an IISRESET
#Also show IIS service status after the reset has completed

foreach ($server in $servers)
    Write-Host "Restarting IIS on server $server..."
    IISRESET $server
    Write-Host "IIS status for server $server"
    IISRESET $server /status
Write-Host "IIS has been restarted on all servers"


#Specify servers in an array variable
[array]$servers = "Server1","Server2","Server3","Server4"
#Step through each server in the array and perform an IISRESET
#Also show IIS service status after the reset has completed
foreach ($server in $servers)
    Write-Host "Restarting IIS on server $server..."
    IISRESET $server
    Write-Host "IIS status for server $server"
    IISRESET $server /status
Write-Host IIS has been restarted on all servers

Search all mailboxes for phishing email and count.

Scenario 1: You are asked to search mailboxes and estimate the number of mailboxes that got a phishing email with subject SERVICE DESK, sent on July 3 through July 4, 2014, where sender is test@test.com. Use the following one liner:

$Recipients = (Get-Transportservice | Get-MessageTrackingLog —messagesubject "SERVICE DESK" -Start "07/03/2014 09:00:00" -End "07/04/2014 23:00:00" -Sender "test@test.com").recipients

When the command-let completes, you can perform the following:

1. Select unique Recipients by running:
$Recipients = $Recipients | Select -unique

2. Display unique Recipients by running:

3. Count the unique Recipients by running: (this will include internal and external email addresses)

4.  Get a better count for the internal recipients. There are two methods provided, either method will get you the count:
a. Output the $Recipients to a file and massage in Excel to filter what you want to see:
          $Recipients | Out-file C:\recipients.txt

b. Use PowerShell to get a count of each internal domain you are looking for by running the one liner below. Make sure you edit domain.com with an internal email domain. Repeat for each of the other internal domains. Add the counts.
$count = 0; $recipients | ForEach {If($_ -like "*domain.com"){$count = $count + 1}};$count


$count = 0; $recipients | ForEach {If($_ -like "*domain.com"){$count = $count + 1}};$count
$count = 0; $recipients | ForEach {If($_ -like "*domain2.com"){$count = $count + 1}};$count
$count = 0; $recipients | ForEach {If($_ -like "*exchange.domain.com"){$count = $count + 1}};$count

Scenario 2: You need to search and destroy phishing email from the mailboxes that received the email. Please note that the search-mailbox command has a limit of removing 10,000 items per mailbox. In the event you are removing items that exceeds that limit, a loop will be required. See sample script below:

$Recipients | Foreach {write-host $_; search-mailbox $_ -searchquery Subject:"SERVICE DESK" -deletecontent -force}

Monday, July 7, 2014

Find the distribution groups that a user is a manager of

Scenario:  You need to find the Distribution Groups that a specific user is a manager of.

Resolution:  Run the following in Exchange PowerShell:

get-distributiongroup -resultsize unlimited | Where {$_.Managedby -like "*username"}