MVP - Most Valuable Professional
rss

Just can't get enough of IT

This blog is about mostly anything in IT. But the primary focuses are Microsoft technologies like Exchange Server, Microsoft 365, Microsoft Teams, and Cloud Security.
Thomas Stensitzki | MVP
Thomas Stensitzki | MVP

MVP LogoThomas Stensitzki is a leading technology consultant focusing on the Microsoft messaging and collaboration technologies and the owner of Granikos GmbH & Co. KG.

He is an MVP for Office Apps & Services since 2018.

Thomas is an MCT Regional Lead for Germany and delivers Microsoft Learning training courses for Office 365, Microsoft Teams, and Exchange Server.

He holds Master certifications as Microsoft Certified Solutions Master Messaging and as Microsoft Certified Master for Exchange Server 2010. These certifications make him a subject matter expert for any messaging topic related to Microsoft Exchange, Exchange Online, Microsoft 365, and hybrid configurations.

Follow Thomas: LinkedIn, Twitter

His sessions: https://sessionize.com/thomas-stensitzki

MVP Blog: https://blogs.msmvps.com/thomastechtalk
Personal blog: http://justcantgetenough.granikos.eu
Personal website: http://www.stensitzki.de
Thomas' Tech Talk: youtube.com/ThomasStensitzki

Contact Thomas at thomas@mcsmemail.de

 

IllustrationThe Problem

Mail flow from on-premises devices and applications to Exchange Online is a tricky topic. The documentation allows for different solutions.

Recently a client ran into a situation where an on-premises application was not able to deliver messages to a configured inbound connector in the Exchange Online tenant. The connector was configured for remote IP address selection.

Exchange Online responded to each connection attempt with the following error message:

  • 451 4.4.3 Temporary server error. Please try again later ATTR3.1

There weren't any changes on the on-premises configuration and the setup was in use for multiple months without any issues.

 

The Solution

It took some time to identify the solution, but in the end, the solution was easy.

Disabling and re-enabling solved the issue.  

 

Enjoy Exchange Online.

 

Read More »

Exchange Server 2019 LogoThe Problem

You might face a situation during an Exchange Server migration where your Exchange Server 2019 mailbox users are not able to open their public folder favorites when using Outlook on the Web (OWA).

When your users try to access a public folder, they receive an error message.

Screenshot Public No Folders available

 

This error occurs when the public folder mailboxes are still hosted on a previous version of Exchange Server. This includes Exchange Server 2016 and 2013.

The online documentation explains, why this is happening:

  • Access public folders located on servers running previous versions of Exchange

 

The Solution

The solution to this problem is easy. Move the public folder mailboxes to Exchange Server 2019 before you migrate any user mailboxes. 

This approach ensures that mailboxes hosted on Exchange Server 2019 and previous versions of Exchange Server are able to access public folders using Outlook on the Web.

 

Links

 

Enjoy Exchange Server.

 

 

Read More »

Microsoft 365 Collaboration BootCamp 2021The Microsoft 365 Collaboration BootCamp takes place on 21th & 21st  August 2021.

The event addresses collaboration and best practices for using Microsoft Teams, SharePoint, Lists, Groups, and Microsoft Security & Governance.

I am honored to speak about one of my favorite Topics: Microsoft Teams and On-Premises Mailboxes - Troubleshooting 101

Join my session on Saturday 21st August at 12:00 pm (GMT/UTC)

 

 

 

 

 

 

Read More »

The Exchange Product Group announced Exchange Server vNEXT for fall 2021. angekündigt. We are all very excited to see what the new version has to offer.

But what is the current situation in on-premises Exchange organizations? I have put a short questionnaire online for gathering information from you. 

The questionnaire deals with the currently used product versions of Exchange Server, the size of your Exchange organization in terms of the number of servers and mailboxes, and the use of planning for a hybrid configuration with Exchange Online.

Screenshot Exchange Server Questionnaire

Take the questionnaire following this link: https://forms.office.com/r/d9syBcgkMk

Thank you for your participation.

 

Viel Spaß mit Exchange Server.

 

Read More »

Exchange ServerWhen you create or update an Exchange hybrid configuration using the Hybrid Configuration Wizard magic things happen. That's why it is called a Wizard.

One essential step of the Hybrid Configuration Wizard (HCW) is the configuration of the hybrid mail-flow. The hybrid mail-flow is required for both, classic and modern Exchange hybrid. 

The wizard asks you to select one or more Exchange servers that you will utilize for handling inbound mail traffic from Exchange Online to your on-premises organization. You either configure direct mail flow to your Exchange Mailbox Servers in your internal company network, or to your Edge Transport Servers located in the perimeter network.

The following screenshot example shows the selection dialogue.

Screenshot - Hybrid Configuration Wizard Receive Connector Server Selection

 

You can only select a server object, but not a receive connector on that selected server. The HCW chooses the "right" receive connector on the selected servers for you. If you are using the default set of receive connectors, you will not encounter any issues. HCW will use the default frontend connector on a mailbox server. When you use an Edge Transport Server you will run into any trouble as well. There is only one receive connector which you must extend by setting some additional parameters.

But what about an Exchange Organization where each mailbox server hosts multiple receive connectors bound to TCP port 25? 

 

The Problem

When you use multiple receive connectors bound to TCP 25 you will see that HCW will choose a receive connector that you won't expect. You might think that HCW will select always the default frontend connector. That is not the case. 

When you select multiple servers for hybrid mail-flow, and each server has a different receive connector configuration, you might get the impression that HCW selects the receive connector randomly. That is not the case either.

While doing some testing in a large enterprise infrastructure with five different Exchange forests (development, testing, staging, pre-production, production) we saw an interesting behavior.

From all available receive connectors having a TCP 25 binding, HCW selects the receive connector with matching RemoteIPRanges values of:

  • IPv6 all (::-ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff) and IPv4 all (0.0.0.0-255.255.255.255)
    This is normally the default frontend receive connector when you do not adjust the RemoteIPRanges parameter
  • Just IPv4 all (0.0.0.0-255.255.255.255)
  • Just IPv6 all (::-ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff)
  • IPv6 any address and IPv4 any address
  • Just an IPv4 address

Adjusting the default receive connector does have a direct impact on how HCW selects a receive connector in your Exchange environment. When you use multiple receive connectors for internal relay purposes, your receive connectors might end up in a messing situation. As mentioned, HCW selects receive connectors with a TCP 25 binding, regardless of the transport location of the connectors, frontend, or hub transport. The enterprise environment mentioned had some deviations between the different environments and we saw TCP 25 receive connectors in frontend transport and hub transport. 

 

The Solution (sort of)

Run the HCW and select only one server for hybrid mail-flow and identify the receive connector configured by HCW. Configure an appropriate receive connector on all other mailbox servers used for hybrid mail flow. Update the hybrid configuration object of your on-premises Exchange Organization accordingly. 

Verify the following two Tls* parameters of the receive connector:

Get-ReceiveConnector 'EXSRV01\Default Frontend EXSRV01' | fl tls*
TlsCertificateName    : <I>CN=Sectigo RSA Domain Validation Secure Server CA, O=Sectigo Limited, L=Salford, S=Greater
                        Manchester, C=GB<S>CN=mail.varunagroup.de, OU=PositiveSSL, OU=Domain Control
                        Validated
TlsDomainCapabilities : {mail.protection.outlook.com:AcceptCloudServicesMail}

 

You must ensure that the hybrid receive connector uses the correct TLS certificate, enabled for SMTP. Additionally, you must set the TlsDomainCapabilitiers to allow cloud mail for connections incoming connections with a TLS certificate for mail.protection.outlook.com.

Keep your receive connectors at frontend transport.   

 

Links

 

Enjoy Exchange Server.

 

Read More »