MVP - Most Valuable Professional
rss

Just can't get enough of IT

This blog is about mostly anything in IT. But the primary focuses are Microsoft technologies like Exchange Server, Microsoft 365, Microsoft Teams, and Cloud Security.

You might encounter a situation when the MSExchangeSA service is stopped and you are not able to start the service.

When you try to start the service the follow event log error is logged:

MSExchangeSA-Error-1005

Log Name:      Application
Source:        MSExchangeSA
Date:          08.01.2016 09:40:33
Event ID:      1005
Task Category: General
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      SERVER01.MCSMEMAIL.DE
Description:
Unexpected error Access is denied. Facility: Win32 ID no: c0070005 Microsoft Exchange System Attendant  occurred.

This issue happens most likely due to an endpoint protection solution (aka AV Scanner) blocking access to the MSExchangeSA executable.

The simple apporach to get the service running is to restart the server.

If you need to run local endpoint protection on your Exchange servers, keep in mind to configure the appropriate scan exclusions:

Read More »

An Exchange Receive Connector requires a configuration for who can submit messages to the connector. The original TechNet description of the Set-ReceiveConnector cmdlet and the PermissionGroups attribute is as follows:

"The PermissionGroups parameter specifies the groups or roles that can submit messages to the Receive connector and the permissions assigned to those groups. A permission group is a predefined set of permissions granted to well-known security principals. The valid values for this parameter are as follows: None, AnonymousUsers, Custom, ExchangeUsers, ExchangeServers, ExchangeLegacyServers, and Partners. The default permission groups assigned to a Receive connector depend on the connector usage type specified by the Usage parameter when the Receive connector was created. "

The description implies that it is possible to set the PermissionGroups attribute to Custom.

When you try to set the permission group to Custom, you will notice that this results in an error. You will encounter this error especially when you try to copy a receive connector from one Exchange Server to another Exchange Server.

The attribute itself is being set to Custom by Exchange itself when add AD permission explicitly.

Example

The example shows the configuration of a FerrariFax receive connector that needs to be configured across all Exchange 2013 DAG member servers.

Receice connector set to None

Receive Connector with PermissionGroups set to None

Add a dedicated Permission

Get-ReceiveConnector "SERVER\Connector for UMS (SERVER-FAX)" | Add-ADPermission -User DOMAIN\FaxUser -ExtendedRights ms-Exch-SMTP-Submit,ms-Exch-Bypass-Anti-Spam,ms-Exch-SMTP-Accept-Any-Recipient

Receive connector set to Custom by Exchange

Receive Connector with PermissionGroups set to Custom

 

Note

You can copy a receive connector across a number of Exchange servers using the PowerShell script Copy-ReceiveConnector.ps1 hat has been published at TechNet Gallery.

The script has not been modified to handle this situation, yet. The source code repository is available at Github

Read More »

The standard configuration of the ENow Management System (EMS) provides automatic Refresh for the One-View Dashboard Homepage only.

If an automatic refresh is required for any other page of the EMS Dashboard, i.e. Exchange 2013 Namespace, you need to modify the associated ASPX file.

Example

Modification of ExchangeWorkloadTest.aspx

Original ASPX file:

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
<HTML>
	<HEAD>
		<meta http-equiv="X-UA-Compatible" content="IE=edge" />
		<title><%=GetHeadTitle()%></title>
		<meta name="GENERATOR" Content="Microsoft Visual Studio .NET 7.1">
		<meta name="CODE_LANGUAGE" Content="C#">
		<meta name="vs_defaultClientScript" content="JavaScript">
		<meta name="vs_targetSchema" content="http://schemas.microsoft.com/intellisense/ie5">
		<%
			skin.WriteCommonHtmlHeadEntries(Response);
		%>
	</HEAD>

Modified ASPX file:

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
<HTML>
	<HEAD>
		<meta http-equiv="X-UA-Compatible" content="IE=edge" />
		<title><%=GetHeadTitle()%>
		</title>
		<meta name="GENERATOR" Content="Microsoft Visual Studio .NET 7.1">
		<meta name="CODE_LANGUAGE" Content="C#">
		<meta name="vs_defaultClientScript" content="JavaScript">
		<meta name="vs_targetSchema" content="http://schemas.microsoft.com/intellisense/ie5">
		<%
		   skin.WriteCommonHtmlHeadEntries(Response);
		   skin.WriteAutoRefreshHeader(Response);
		%>
	</HEAD>

Be aware that changes made to the APSX files will be overwritten by a software update. Any changes made need to be applied after updating the ENow Management System.

 

Mailscape is a component of the ENow Management System to monitor your Exchange Server Infrastructure. To learn more about Mailscape visit https://www.granikos.eu/en/Products/ENowManagementSuite

 

 

Read More »

Changes to AutoDiscover settings in Exchange are cached by each AutoD IIS application for approximately 2 hours. If you want to have configuration changes available quickly, it required to restart the AutoD application pool on each Client Access Server serving AutoD request. Additionally you have top restart the MSExchangeServiceHost process as well.

You can use the following PowerShell code to restart the application pool and the MSExchangeServerHost process across all Exchange 2013 servers.

Restart Application Pool

Get-ExchangeServer | ? { $_.AdminDisplayVersion -like '*15.*'} | % { Invoke-Command -ComputerName $_.Name -ScriptBlock {Restart-WebAppPool MSExchangeAutodiscoverAppPool } }

 

Restart MSExchangeServiceHost

Get-ExchangeServer | ? { $_.AdminDisplayVersion -like '*15.*'} | % { Invoke-Command -ComputerName $_.Name -ScriptBlock {Restart-Service MSExchangeServiceHost } }

 

Enjoy.

 


You need assistance with your Exchange Server setup? You have questions about your Exchange Server infrastructure and going hybrid? You are interested in what Exchange Server 2016 has to offer for your environment?

Contact me at thomas@mcsmemail.de
Follow at https://twitter.com/stensitzki

Read More »

When you run your Exchange Organization in hybrid mode with Office 365 and you migrate your on-premise Public Folders to Office 365, you are required to configure a remote Public Folder Mailbox in the Exchange Organization settings.

Organization Configs with Exchange 2013 Public Folders On-Premise

With Public Folders on-premise your Exchange Online Org looks like this:

Get-OrganizationConfig | fl *public*

DefaultPublicFolderAgeLimit             :
DefaultPublicFolderIssueWarningQuota    : 1.7 GB (1,825,361,920 bytes)
DefaultPublicFolderProhibitPostQuota    : 2 GB (2,147,483,648 bytes)
DefaultPublicFolderMaxItemSize          : Unlimited
DefaultPublicFolderDeletedItemRetention : 30.00:00:00
DefaultPublicFolderMovedItemRetention   : 7.00:00:00
PublicFoldersLockedForMigration         : False
PublicFolderMigrationComplete           : False
PublicFoldersEnabled                    : Remote
PublicComputersDetectionEnabled         : False
RootPublicFolderMailbox                 : 00000000-0000-0000-0000-000000000000
RemotePublicFolderMailboxes             : {PublicFolder-Mailbox001}

With Public Folders on-premise your On-Premise Exchange Org looks like this:

Get-OrganizationConfig | fl *public*

DefaultPublicFolderAgeLimit             :
DefaultPublicFolderIssueWarningQuota    : Unlimited
DefaultPublicFolderProhibitPostQuota    : Unlimited
DefaultPublicFolderMaxItemSize          : Unlimited
DefaultPublicFolderDeletedItemRetention : 30.00:00:00
DefaultPublicFolderMovedItemRetention   : 7.00:00:00
PublicFoldersLockedForMigration         : True
PublicFolderMigrationComplete           : True
PublicFoldersEnabled                    : Local
PublicComputersDetectionEnabled         : False
RootPublicFolderMailbox                 : ae0ef819-90d2-45d0-92b6-8b2062cf71a3
RemotePublicFolderMailboxes             : {}

Organization Configs with Exchange 2013 Public Folders in Exchange Online

With Public Folders in Exchange Online your Exchange Online Org looks like this:

Get-OrganizationConfig | fl *public*

DefaultPublicFolderAgeLimit             :
DefaultPublicFolderIssueWarningQuota    : 1.7 GB (1,825,361,920 bytes)
DefaultPublicFolderProhibitPostQuota    : 2 GB (2,147,483,648 bytes)
DefaultPublicFolderMaxItemSize          : Unlimited
DefaultPublicFolderDeletedItemRetention : 30.00:00:00
DefaultPublicFolderMovedItemRetention   : 7.00:00:00
PublicFoldersLockedForMigration         : False
PublicFolderMigrationComplete           : False
PublicFoldersEnabled                    : Local
PublicComputersDetectionEnabled         : False
RootPublicFolderMailbox                 : 5810bb30-cdda-4287-85a4-8a2547bb9b01
RemotePublicFolderMailboxes             : {}

With Public Folders in Exchange Online your Exchange On-Premise Org looks like this:

Get-OrganizationConfig | fl *public*

DefaultPublicFolderAgeLimit             :
DefaultPublicFolderIssueWarningQuota    : Unlimited
DefaultPublicFolderProhibitPostQuota    : Unlimited
DefaultPublicFolderMaxItemSize          : Unlimited
DefaultPublicFolderDeletedItemRetention : 30.00:00:00
DefaultPublicFolderMovedItemRetention   : 7.00:00:00
PublicFoldersLockedForMigration         : True
PublicFolderMigrationComplete           : True
PublicFoldersEnabled                    : Remote
PublicComputersDetectionEnabled         : False
RootPublicFolderMailbox                 : 00000000-0000-0000-0000-000000000000
RemotePublicFolderMailboxes             : {mcsmemail.de/Users/PF365-Mailbox-01-55e3d544-ed5a-4557-9008-d8c1b6f06d86}

The remote public folder mailbox has been added to the on-premise Exchange confguration by using:

Set-OrganizationConfig -RemotePublicFolderMailboxes PF365-Mailbox-001 -PublicFoldersEnabled Remote

To be able to add the remote public folder mailbox in a hybrid configuration you are required to add the public folder mailbox (or mailboxes, if you have more than one serving the hierarchy) as a mail user.

Microsoft provides a PowerShell script as part of a script collection here.

The issue with Import-PublicFolderMailboxes.ps1

When you run the Import-PublicFolderMailboxes.ps1 script you might run into the following error:

Cannot bind parameter 'Name' to the target. Exception setting "Name": "The length of the property is too long. The
maximum length is 64 and the length of the value provided is 65."
    + CategoryInfo          : WriteError: (:) [New-MailUser], ParameterBindingException
    + FullyQualifiedErrorId : ParameterBindingFailed,Microsoft.Exchange.Management.RecipientTasks.NewMailUser
    + PSComputerName        : ex2013.mcsmemail.de

The name attribute for a mail user is limited to 64 characters. But why are you exceeding the length when the mailbox name is only 17 characters long?

It turns out that the PowerSheel script adds a prefix name "" and ther mailbox GUID as a suffix. And voilá, the name exceeds the allowed length for the mail user name attribute.

Recommendation

Don't use more than 16 characters when naming the Public Folder mailboxes in Office 365.

Or modify the Import-PublicFolderMailboxes.ps1 script to fit your needs.

$hasPublicFolderServingHierarchy = $true;
$displayName = $publicFolderMailbox.Name.ToString().Trim();
# ORIG: $name = "RemotePfMbx-" + $displayName + "-" + [guid]::NewGuid();
$name = $displayName + "-" + [guid]::NewGuid();
$externalEmailAddress = $publicFolderMailbox.PrimarySmtpAddress.ToString();

 

 

Links

 


You need assistance with your Exchange Server setup? You have questions about your Exchange Server infrastructure and going hybrid? You are interested in what Exchange Server 2016 has to offer for your environment?
Contact me at thomas@mcsmemail.de
Follow at https://twitter.com/stensitzki

Read More »