Disable Out of Office Autoreplays for all external Recipients in Exchange Server

I spend some time trying to acheave this goal so I decided to share it with you.

Fists I tried to create a Transport rule following this article.

It does not helped.

So i made some research and found that I can disable Autoreply to recipients outside the organisation in Outlook and OWA with Set-mailbox command:

Set-Mailbox  username -ExternalOofOptions InternalOnly

What this does is that it make grayed out the option to set up autoreplay to external organisation in OWA or ECP. But if the Autoreplay is set by the time of this change, it will continue to send Autoreplay messages to external receipents. Autoreplay needs to eb turned off and one again, then the Field for external organisation will be greyed out.

This can be solved by setting the “AllowedOOFType None” for the  Default remote domain in EMS

Set-Remotedomain default –AllowedOOFType None

This is disabling the OOF to all external domains.

If you want to disable it only for specific domains, you have to add every domain to remote domains and then put the value to None for each of them

 

 

 

Advertisements

Exchange 2013 – getting lots of EventID 1040 – Warnings

Issue – Event log is flooded with getting lots of EventID 1040 – Warnings –

The average of the most recent heartbeat intervals [470] for request [Sync] used by clients is less than or equal to [540].

Make sure that your firewall configuration is set to work correctly with Exchange ActiveSync and direct push technology. Specifically, make sure that your firewall is configured so that requests to Exchange ActiveSync do not expire before they have the opportunity to be processed.

Since the avarage is 470, changed the value of HeartbeatAlertThreshold from 540 to 400. in C:\program files\Microsoft\Exchange Server\v15/Client access\Sync\web.config file

recycled active sync apppool.

Exchange 2010 – OWA and ECP not opening “”

Recently we had an issue with OWA. Page cannot be displayed with Hollowing error:

Error browsing OWA:
<!– Web.Config Configuration File –>

<configuration>
<system.web>
<customErrors mode=”RemoteOnly”/>
</system.web>
</configuration>

Hinweise: Die aktuelle Seite kann durch eine benutzerdefinierte Fehlerseite ersetzt werden, indem Sie das defaultRedirect-Attribut des <customErrors>-Konfigurationstags dieser Anwendung so setzen, das es auf einen benutzerdefinierten Fehlerseiten-URL zeigt.

<!– Web.Config Configuration File –>

<configuration>
<system.web>
<customErrors mode=”On” defaultRedirect=”mycustompage.htm”/>
</system.web>
</configuration>

This issue can be caused by corrupted web.config file in clinetaccess\owa .

Usually in this folder there is some web.bak file which is form the previous version of exchange server. This file can be renamed to web.config for troubleshooting purposes. After replacing this file the issue exist still. We event tooke a config file form working server.

The next step / possible solution was:

Navigated to C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG

Renamed web.config to .old and renamed web.config.default to web.config.

Ran iisreset in elevated command prompt

The issue still exists.

changed the %temp% and %tmp% variable path to the default Temp folder .

There can be also issues if the installation path for exchange is given with variables %exchangeinstallpath%. but this was not the case.

Since nothing from the steps above do not helped we decided to copy the clientaccess\owa folder from working server to the affected one.

After that OWA virtual Directory was recreated and the OWA can be open again.

Unfortunately it appeared that onli the Administrator can open OWA. We have errors in application log:

error 2280 with the description “The Module DLL C:\Program Files\Microsoft\Exchange Server\V14\ClientAccess\Owa\auth\exppw.dll failed to load. The data is the error”

Found that the authenticated users have only read permissions on the DLL. Granted Read, Read&execute permissions to the dll and on the cline access folder.

After that all users are able to access OWA.

Send as Permissions automatically disappear from specific users.

I had an case  where the send as permissions for one user cannot be set in ECP. he gets error in ECP and Shell:

Active Directory-Antwort: 00000005: SecErr: DSID-03152612, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0

After giving full control on Exchange trusted subsiste over the account we are able to grand send as permissions, but after 20 minutes the permissions are gone and we are again not able to grant them because of the same error.

Solution

Disappearing of permissions let me in direction Protected Groups. There is an Artikel form Microsoft regarding this issue: https://support.microsoft.com/en-us/kb/2983209

it turns out that the customer is member of administrators group, which is a protected Group. It was nested in one other made by customer security group.

This is causing the AdminCount to be increased to 1

admincount

This is causing the permissions reset and also the inheritance for this account is disabled.

inheritance

this is causing the insufficient permissions error.

After removing the user form the administrator group, deleted, the admin count and enabled the inheritance the issue got resolved.

 

Other Protected groups are :

  • Enterprise Admins
  • Schema Admins
  • Domain Admins
  • Administrators
  • Account Operators
  • Server Operators
  • Print Operators
  • Backup Operators
  • Domain Admins
  • Schema Admins
  • Enterprise Admins
  • Cert Publishers

 

 

 

Exchange 2007/2010 Public Folder migration to Exchange 2013 with PST import/export.

Warning: with this method of Migration all PF permissions will be lost. You can export them with EXfolders but they must be added manually after that to Exchange 2013, so it is useful only if you have a small PF database.

 

If you for some reason cannot complete the migration as described in Technet you can export the whole PF database content to PST and import them back in newly created Exchange 2013 Public Folder Mailbox.

  1. You need an account with full permissions to all PF in the exchange 2010 Public folder database
  2. Export all the PF to one or more PSTs
  3. In order to create a public folder mailbox in exchange 2013, all existing legacy PF databases schuld be deleted. from ADSI or EMC mostof the cases it is not working from EMC because of various reasons so just delete it from ADSI edit.https://technet.microsoft.com/en-us/library/bb201664.aspx or

    Open Adsiedit.msc-> Connect to the configuration partition.
    Expand Configuration-Services-Microsoft Exchange–Administrative Groups-Servers–Information Stores.
    Delete the database.

  4. Remove the following attribut  for all MailboxDatabases in the same location as above : MsExchHomePublicMDBpf
  5. Create new Public Folder mailbox on Exchange 2013 . If there is already existing PF mailboxes created by older migration attempts delete them. In ADSIedit remove “msExchDefaultPublicFolderMailbox” under “CN=e13,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=e13,DC=de”.The new mailbox schuld be created as Primary hierarchy. If this is not the case take the Mailbox GUID and set it in set-OrganizationConfig -RootPublicFolderMailbox. or in “msExchDefaultPublicFolderMailbox” after  “1;1;3;36;”
  6. Set the mailbox  and Database quotas to unlimited for the mailbox and database where the PF mailbox is located.
  7. Migrate the user with which you have made the export to Exchange 2013
  8. Run on 2013 exchange get-mailbox | set-mailbox -DefaultPublicFoldermailbox “pfmailbox”
  9. Use Outlook –>option–>advanced–> Export outlook Information to a File…. and choose import from pst  select the “import in selection” new PF Structure in Outlook should be selected and import the PST to the new PF mailbox.
  10. Correct the permissions. All users schuld be granted permissions separat.
  11. You can use excel to open the export made with EXfolders and create Formulas to input the needed paths and user names in add-publicfoldercleintpermissions CMD led. This is hard work, but can automate the permission assigment.

 

Exchange 2013 after installing Lync -The access control entry defines the ObjectType that can’t be resolved in EAC

After installing Lync on the same Domian with exchange sometimes errors occurring in EAC .”The object has been corrupted, and it’s in an inconsistent state. The following validation errors happened:
The access control entry defines the ObjectType that can’t be resolved”

shit

This is most probably caused by cached information in  MS exchange Application Pools .

The issue can be resolved with IISreset on all servers.

 

 

Error executing Move-PublicFolderBranch.ps1

This issue occurs when you try to move a lot of Public folders at once with move-PublicFolderBranch.ps1 Script in Exchange 2013.

WARNING: An unexpected error has occurred and a Watson dump is being generated: The call to’net.tcp://contoso.local/Microsoft.Exchange.MailboxReplicationService contoso.local (15.0.1104.4caps:1FFF)’ failed. Error details: The formatter threw an exception while trying to deserialize the message: Error in deserializing body of request message for operation ‘ValidateAndPopulateRequestJob’. The maximum string content length quota (262144) has been exceeded while reading XML data. This quota may be increased by changing the MaxStringContentLength property on the XmlDictionaryReaderQuotas object used when creating the XML reader..The call to ‘net.tcp://contoso.local/Microsoft.Exchange.MailboxReplicationService td-contoso.local(15.0.1104.4 caps:1FFF)’ failed. Error details: The formatter threw an exception while trying to deserialize the message: Error in deserializing body of request message for operation ‘ValidateAndPopulateRequestJob’. The maximum string content length quota (262144) has been exceeded while reading XML data. This quota may be increased by changing the MaxStringContentLength property on the XmlDictionaryReaderQuotas object used when creating the XML reader..
+ CategoryInfo          : NotSpecified: (:) [New-PublicFolderMoveRequest], CommunicationErrorPermanentException
+ FullyQualifiedErrorId : Microsoft.Exchange.Net.CommunicationErrorPermanentException,Microsoft.Exchange.Management.RecipientTasks.NewPublicFolderMoveRequest
+ PSComputerName        : contoso.local

I checked almost everyware but could not find a solution to this. No clue were this MaxStringContentLength property can be changed.

Finaly I stumpled on the MsExchangeMailboxReplication.exe.config located under “C:\Program Files\Microsoft\Exchange Server\V15\Bin”

blog

I went there to edit some values which were already correct , then I used ctrl + F to search for the value “262144” and Voala! Found that the MaxStringContentLength is actually there. So I give it a try and changed the value to 8388608, I assume that the value needs to be even of 2. All other values in this config are. So 8388608 is 32 times 262144. There two rows were MaxStringContentLength should be changed. Use find.

Saved the config file, restarted MsexchangeMailboxReplication service and Exchange Host service.

After that the script run without errors and the move was Successful!

This was “I feel lucky troubleshooting blind shot” 😀