It happend again.
A new .Net Framework version has been released via the Windows Update distribution channel and the Exchange Server Team has decided to skip support for the new release.
You're only option is to block the automatic installation by the local Windows Update Agent using a registry.
The follow BlockNetFramework472.reg file simplifies setting the registry key.
As always... Enjoy Exchange Server
Sometimes you need to know the version of the installed .NET Framework version quickly.
Simply use the following PowerShell one-liner:
(Get-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full' ).Release
Enjoy!
When you use Symantec NetBackup 7.x you might encounter Error 5, when you try to restore an Exchange Server 2013 DAG mailbox database backup to a Recovery database or to the original datrabase.
The error message in Backup, Archive, and Restore Tool looks similar to this
Enabling NetBackup debug logging by using the mklogdir.bat file located in C:\Program Files\Veritas\NetBackup\logs does not necessarily provide additional input. The restore job fails before entering the job section for local restore activities. So no TAR log is being created.
When following the NetBackup Admin Guide and several Symantec HowTo’s you have already configured the following two services to run using a dedicated Service Account
There are some circumstances (not clearly defined by Symantec) when an additional NetBackup Service performs Exchange PowerShell commands as part of a restore process. Therefore the following NetBackup service must be configured to run using the same Service Account as the other two NetBackup services.
In addition be aware that the Service Account required Debug permission on the Exchange Server. It might be helpful to propagate the permissions for the Service Account using a GPO.
You can block an user from logging on to Office 365 by setting the BlockCredential attribute to $true.
Set-MsolUser -UserPrincipalName myuser@mcsmemail.de -BlockCredential $true
But the MSOL user attribute is reverted to $false, when ADD Connect synchonization cycle runs.
This happens, because the local Active Directory attribute accountEnabled is used to controll the BlockCredential attribute in Azure AD.
If your IT operation requires the ability to have enabled users in your local Active Directory infrastructure and you need to prevent logon to cloud services you need to prevent the accountEnabled attribute from being synchronized to Azure AD. This might not necessarily be a general requirement during normal operations, but might be useful while doing a Proof-of-Concept.
Just exclude the attribute from the Azure Active Directory connector in the Synchronization Service Manager.
The following script disables all users excluding
# Userfilter $UserExceptions = ("Sync_SYNC01_add98768492f@mcsmemail.onmicrosoft.com","SPO-SRV-ACCOUNT@mcsmemail.de","SynchedAdmin@mcsmemail.de") # Fetch synchronized users $DomainAccounts = Get-MsolUser -EnabledFilter EnabledOnly -MaxResults 5000 | Where-Object -Property LastDirSyncTime -ne $null # Select synchronized users not following the pattern ADM*@mcsmemail.de (admin accounts in this case) $DomainAccountsWithoutAdmins = $DomainAccounts | Where-Object -Property UserPrincipalName -notlike "ADM*@mcsmemail.de" # Exclude accounts listed in $UserExceptions $DomainAccountsWithoutAdminsFiltered = $DomainAccountsWithoutAdmins | Where-Object -Property UserPrincipalName -NotIn $UserExceptions # Now block cloud logon for all filtered users ForEach ($User2Block in $DomainAccountsWithoutAdminsFiltered) { Write-Host ('Disabling User: {0}.UserPrincipalName)' -f $User2Block) Set-MsolUser -UserPrincipalName $User2Block.UserPrincipalName -BlockCredential $true }
Enjoy Office 365.
Public folders are one solution to provide a team collaboration tool for companies. Legacy public folders utilized a proprietary multi-master replication mechanism which was not planned to handle today's data volumes. Therefore, Exchange 2013 introduced modern public folders which utilize the robust DAG replication functionality. Due to the technology change between legacy public folders and modern public folders a migration is required.
You can migrate legacy public folders hosted on Exchange 2007 or Exchange 2010 to modern public folders hosted on Exchange 2013. Or you can migrate legacy public folders hosted on Exchange 2010 to modern public folders hosted on Exchange 2016. If a cloud migration is a viable option for your company, you are able to migrate legacy public folders hosted on Exchange 2007 or Exchange 2010 to modern public folders hosted in Exchange Online.
The requirements for legacy Exchange Servers are:
Since Exchange Server 2013 RTM the public folder migration scripts and the migration guidance have quite often been updated. The information provided at TechNet is very detailed for each migration option and there is no need to repeat each step in this blog post. Please see the link section for all hyperlinks.
Preparing a legacy public folder migration is pretty straight forward. The main issue companies are facing is the required downtime for finalizing the public folder migration batch. The required downtime cannot be determined exactly (not as exactly as requested by upper management). This means that you have to plan for scheduled maintenance during off-hours. In the past, a single migration request has been used to migrate legacy public folders. The new batch approach migrates public folder content using multiple requests within a single batch.
The Create-PublicFolderMailboxesForMigration.ps1 script uses the parameter EstimatedNumberOfConcurrentUsers to determine the overall number of public folder mailboxes serving the hierarchy. The TechNet articles explain this parameter as follows:
The estimated number of simultaneous user connections browsing a public folder hierarchy is usually less than the total number of users in an organization.
Exchange Server 2013 and Exchange Server 2016 currently support 2.000 concurrent connections to a single mailbox. This limit (2.000) is used by the Create-PublicFolderMailboxesForMigration.ps1 in conjunction with EstimatedNumberOfConcurrentUsers to determine the number of public folder mailboxes required to serve the public folder hierarchy. The current version of the script uses a coded limit of max 100 public folder mailboxes. This means that you can only serve 100 x 2.000 = 200.000 concurrent users accessing the public folder hierarchy.
Finalizing the migration request and setting the PublicFolderMigrationComplete attribute requires the legacy public folder information store to be restarted. Otherwise, the configuration change will not be picked up in the information store in a timely fashion. Remember to restart the information store service on all legacy public folder servers.
If your current public folder infrastructure is based on Exchange 2007 and you want to get rid of that Exchange version, you might think of replicating all content to Exchange 2010. This is not the best approach. Due to known content conversion issues, you might encounter data loss when replicating public folder content between Exchange 2007 and Exchange 2010.
The recommended approach is to migrate Exchange 2007 legacy public folders to Exchange 2013 modern public folders directly.
A recommended reading on legacy public folder migration from Exchange 2010 to Exchange 2016 is Butch Waller’s blog post “Migration to Modern Public Folders – Notes from the Field”
The PowerShell script referenced in that blog post does not work with Exchange 2007. You can use my PowerShell script which utilizes UTF8 encoding and runs with Exchange 2007 and Exchange 2010: https://gallery.technet.microsoft.com/Exchange-2010-Public-315ea9aa
Remark All limits mentioned in this post reflect the information available at the time of writing.
Do you need assistance with your Exchange Server setup? You have questions about your Exchange Server infrastructure and going hybrid with Office 365? Contact us at office365@granikos.eu or visit our website https://www.granikos.eu.
WIth Exchange Server 2013 CU11 and Exchange 2016 CU1 the Exchange Product Group introduced a new feature named Mailbox Anchoring.
The workaround provided by Veritas in KB article 107463 recommends to set a new registry key for the NetBackup process responsible for running PowerShell queries.
There is no guarantee that this workaround will fix your backup issuesd with Exchange Server 2013 CU11 or Exchange Server 2016 CU1. It seems that the only workaround is by creating a new service account for NetBackup service due to rights assignments being removed during Exchange Server CU setup.
Steps required:
Enjoy classic backup with Exchange Server 2013 and Exchange Server 2016.
You might see the following error in the Windows Application Event Log:
The request failed. Mailbox: Url: https://officeclient.microsoft.com/config16?CV=15.1.2308.14&Client=WAC_Outlook&corr=910a665e-fd34-4c4b-8ed9-8a38fb515483 Exception: System.Net.WebException: The underlying connection was closed: An unexpected error occurred on a send. ---> System.IO.IOException: Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host. ---> System.Net.Sockets.SocketException: An existing connection was forcibly closed by the remote host at System.Net.Sockets.Socket.EndReceive(IAsyncResult asyncResult) at System.Net.Sockets.NetworkStream.EndRead(IAsyncResult asyncResult) --- End of inner exception stack trace --- at System.Net.TlsStream.EndWrite(IAsyncResult asyncResult) at System.Net.ConnectStream.WriteHeadersCallback(IAsyncResult ar) --- End of inner exception stack trace --- at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult) at Microsoft.Exchange.Data.ApplicationLogic.Extension.BaseAsyncOmexCommand.<>c__DisplayClass18_0.<EndGetResponseCallback>b__0()
The request is successful when you try to connect to the URL provided in the error details using a browser on the Exchange server.
You can verify that the issue by trying to access the URL using the PowerShell Invoke-WebRequest cmdlet. Open a new PowerShell session and try connecting to the URL.
$uri='https://officeclient.microsoft.com/config16?CV=15.1.2308.14&Client=WAC_Outlook&corr=910a665e-fd34-4c4b-8ed 9-8a38fb515483' Invoke-WebRequest -Uri $uri
You will receive the same error message as stated in the event log by MSExchangeApplicationLogic. A successful connection returns XML as content.
The reason for this error is related to the .NET Framework TLS configuration, not Exchange Server. The .NET Framework lacks configuration for the use of TLS 1.2.
The solution for this issue is to configure the .NET Framework to correctly use TLS 1.2. You can follow the description for TLS 1.2 enforcement for Azure AD Connect, or you can simply use this Gist.
Due to the changes made to the SCHANNEL configuration you just restart the computer to bring the changes into effect.
Changing the TLS settings does not only affect outgoing connections but incoming connections as well.
Test the TLS changes in a test environment before adjusting your servers in the production environment. If you have not already enabled TLS 1.2 for your Exchange Servers, I recommend reading the 3-part series by the Exchange product group.
Enjoy Exchange Server!