MVP - Most Valuable Professional
rss

Just can't get enough of IT

This blog is about mostly anything in IT. But the primary focuses are Microsoft technologies like Exchange Server, Microsoft 365, Microsoft Teams, and Cloud Security.

IllustrationThe Problem

Mail flow from on-premises devices and applications to Exchange Online is a tricky topic. The documentation allows for different solutions.

Recently a client ran into a situation where an on-premises application was not able to deliver messages to a configured inbound connector in the Exchange Online tenant. The connector was configured for remote IP address selection.

Exchange Online responded to each connection attempt with the following error message:

  • 451 4.4.3 Temporary server error. Please try again later ATTR3.1

There weren't any changes on the on-premises configuration and the setup was in use for multiple months without any issues.

 

The Solution

It took some time to identify the solution, but in the end, the solution was easy.

Disabling and re-enabling solved the issue.  

 

Enjoy Exchange Online.

 

Read More »

Microsoft 365 Collaboration BootCamp 2021The Microsoft 365 Collaboration BootCamp takes place on 21th & 21st  August 2021.

The event addresses collaboration and best practices for using Microsoft Teams, SharePoint, Lists, Groups, and Microsoft Security & Governance.

I am honored to speak about one of my favorite Topics: Microsoft Teams and On-Premises Mailboxes - Troubleshooting 101

Join my session on Saturday 21st August at 12:00 pm (GMT/UTC)

 

 

 

 

 

 

Read More »

Exchange ServerWhen you create or update an Exchange hybrid configuration using the Hybrid Configuration Wizard magic things happen. That's why it is called a Wizard.

One essential step of the Hybrid Configuration Wizard (HCW) is the configuration of the hybrid mail-flow. The hybrid mail-flow is required for both, classic and modern Exchange hybrid. 

The wizard asks you to select one or more Exchange servers that you will utilize for handling inbound mail traffic from Exchange Online to your on-premises organization. You either configure direct mail flow to your Exchange Mailbox Servers in your internal company network, or to your Edge Transport Servers located in the perimeter network.

The following screenshot example shows the selection dialogue.

Screenshot - Hybrid Configuration Wizard Receive Connector Server Selection

 

You can only select a server object, but not a receive connector on that selected server. The HCW chooses the "right" receive connector on the selected servers for you. If you are using the default set of receive connectors, you will not encounter any issues. HCW will use the default frontend connector on a mailbox server. When you use an Edge Transport Server you will run into any trouble as well. There is only one receive connector which you must extend by setting some additional parameters.

But what about an Exchange Organization where each mailbox server hosts multiple receive connectors bound to TCP port 25? 

 

The Problem

When you use multiple receive connectors bound to TCP 25 you will see that HCW will choose a receive connector that you won't expect. You might think that HCW will select always the default frontend connector. That is not the case. 

When you select multiple servers for hybrid mail-flow, and each server has a different receive connector configuration, you might get the impression that HCW selects the receive connector randomly. That is not the case either.

While doing some testing in a large enterprise infrastructure with five different Exchange forests (development, testing, staging, pre-production, production) we saw an interesting behavior.

From all available receive connectors having a TCP 25 binding, HCW selects the receive connector with matching RemoteIPRanges values of:

  • IPv6 all (::-ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff) and IPv4 all (0.0.0.0-255.255.255.255)
    This is normally the default frontend receive connector when you do not adjust the RemoteIPRanges parameter
  • Just IPv4 all (0.0.0.0-255.255.255.255)
  • Just IPv6 all (::-ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff)
  • IPv6 any address and IPv4 any address
  • Just an IPv4 address

Adjusting the default receive connector does have a direct impact on how HCW selects a receive connector in your Exchange environment. When you use multiple receive connectors for internal relay purposes, your receive connectors might end up in a messing situation. As mentioned, HCW selects receive connectors with a TCP 25 binding, regardless of the transport location of the connectors, frontend, or hub transport. The enterprise environment mentioned had some deviations between the different environments and we saw TCP 25 receive connectors in frontend transport and hub transport. 

 

The Solution (sort of)

Run the HCW and select only one server for hybrid mail-flow and identify the receive connector configured by HCW. Configure an appropriate receive connector on all other mailbox servers used for hybrid mail flow. Update the hybrid configuration object of your on-premises Exchange Organization accordingly. 

Verify the following two Tls* parameters of the receive connector:

Get-ReceiveConnector 'EXSRV01\Default Frontend EXSRV01' | fl tls*
TlsCertificateName    : <I>CN=Sectigo RSA Domain Validation Secure Server CA, O=Sectigo Limited, L=Salford, S=Greater
                        Manchester, C=GB<S>CN=mail.varunagroup.de, OU=PositiveSSL, OU=Domain Control
                        Validated
TlsDomainCapabilities : {mail.protection.outlook.com:AcceptCloudServicesMail}

 

You must ensure that the hybrid receive connector uses the correct TLS certificate, enabled for SMTP. Additionally, you must set the TlsDomainCapabilitiers to allow cloud mail for connections incoming connections with a TLS certificate for mail.protection.outlook.com.

Keep your receive connectors at frontend transport.   

 

Links

 

Enjoy Exchange Server.

 

Read More »

The use of Microsoft Viva requires using a modern SharePoint site as a home site. 

The documentation for enabling Microsoft Viva describes how to set a new SharePoint Online Home Site, but lacks an important step.

You must swap the new home site and current home site, in addition to setting the SharePoint Online home site. The swap cmdlet archives the current home site. 

# Replace with the new home site URL
$NewHomeSiteUrl = 'https://varunagroup.sharepoint.com/sites/Varuna'

# Replace with current home site URL
$CurrentHomeSiteUrl = 'https://varunagroup.sharepoint.com/'

# Replace with an archive URL
$ArchiveUrl = 'https://varunagroup.sharepoint.com/sites/oldhomepage'

Invoke-SPOSiteSwap -SourceUrl $NewHomeSiteUrl -TargetUrl $CurrentHomeSiteUrl -ArchiveUrl $ArchiveUrl

 

Links

 

 

Read More »
This post was published first on April 1st 2021

 

Wouldn't it be nice if you could stay in Microsoft Teams even when working with your emails? Microsoft Teams is getting even more mature by providing an App for integrating Outlook into the Microsoft Teams client.

At least it seems that this is the case. or was it?

 

The Outlook App (Preview)

Last week a new App, still in preview, showed up in the Teams Admin Center (TAC) of some demo tenants. I filtered the list of available apps using Outlook as a search term.

Teams Admin Center Screenshot

 

When selecting the app, the details showed that the app was still in preview (v0.41).

Outlook App Details

 

As long as the app is enabled within Teams, you can add the app to a Teams Setup Policy and make it available for users.

Your users can then access the Outlook App using the Teams app bar.

Outlook App in the Teams App Bar

 

You can simply click on Outlook in the app bar and, voilá, you have your Outlook inbox in Microsoft Teams. Due to the architecture of Microsoft Teams, you have access to your Outlook on the Web version of your inbox.

Outlook App (Preview) in Microsoft Teams

 

Links

 

Enjoy Microsoft Teams and Microsoft Outlook. - And remember today's date.

 

 

Read More »