Exchange 2016/2016 DC and exchange on one server – No mailflow All messages are stuck in drafts

If you have installed exchange and DC on single server and you have disabled the IPv6 on the network Adapter this can cause the mails landing in the Drafts folder (OWA) internal and external.

Do not disable IPv6 on DC+Exchange server!


Disable Out of Office Autoreplays for all external Recipients in Exchange Server

I spend some time trying to acheave this goal so I decided to share it with you.

Fists I tried to create a Transport rule following this article.

It does not helped.

So i made some research and found that I can disable Autoreply to recipients outside the organisation in Outlook and OWA with Set-mailbox command:

Set-Mailbox  username -ExternalOofOptions InternalOnly

What this does is that it make grayed out the option to set up autoreplay to external organisation in OWA or ECP. But if the Autoreplay is set by the time of this change, it will continue to send Autoreplay messages to external receipents. Autoreplay needs to eb turned off and one again, then the Field for external organisation will be greyed out.

This can be solved by setting the “AllowedOOFType None” for the  Default remote domain in EMS

Set-Remotedomain default –AllowedOOFType None

This is disabling the OOF to all external domains.

If you want to disable it only for specific domains, you have to add every domain to remote domains and then put the value to None for each of them




Exchange 2013 – getting lots of EventID 1040 – Warnings

Issue – Event log is flooded with getting lots of EventID 1040 – Warnings –

The average of the most recent heartbeat intervals [470] for request [Sync] used by clients is less than or equal to [540].

Make sure that your firewall configuration is set to work correctly with Exchange ActiveSync and direct push technology. Specifically, make sure that your firewall is configured so that requests to Exchange ActiveSync do not expire before they have the opportunity to be processed.

Since the avarage is 470, changed the value of HeartbeatAlertThreshold from 540 to 400. in C:\program files\Microsoft\Exchange Server\v15/Client access\Sync\web.config file

recycled active sync apppool.


Exchange 2010 – OWA and ECP not opening “”

Recently we had an issue with OWA. Page cannot be displayed with Hollowing error:

Error browsing OWA:
<!– Web.Config Configuration File –>

<customErrors mode=”RemoteOnly”/>

Hinweise: Die aktuelle Seite kann durch eine benutzerdefinierte Fehlerseite ersetzt werden, indem Sie das defaultRedirect-Attribut des <customErrors>-Konfigurationstags dieser Anwendung so setzen, das es auf einen benutzerdefinierten Fehlerseiten-URL zeigt.

<!– Web.Config Configuration File –>

<customErrors mode=”On” defaultRedirect=”mycustompage.htm”/>

This issue can be caused by corrupted web.config file in clinetaccess\owa .

Usually in this folder there is some web.bak file which is form the previous version of exchange server. This file can be renamed to web.config for troubleshooting purposes. After replacing this file the issue exist still. We event tooke a config file form working server.

The next step / possible solution was:

Navigated to C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG

Renamed web.config to .old and renamed web.config.default to web.config.

Ran iisreset in elevated command prompt

The issue still exists.

changed the %temp% and %tmp% variable path to the default Temp folder .

There can be also issues if the installation path for exchange is given with variables %exchangeinstallpath%. but this was not the case.

Since nothing from the steps above do not helped we decided to copy the clientaccess\owa folder from working server to the affected one.

After that OWA virtual Directory was recreated and the OWA can be open again.

Unfortunately it appeared that onli the Administrator can open OWA. We have errors in application log:

error 2280 with the description “The Module DLL C:\Program Files\Microsoft\Exchange Server\V14\ClientAccess\Owa\auth\exppw.dll failed to load. The data is the error”

Found that the authenticated users have only read permissions on the DLL. Granted Read, Read&execute permissions to the dll and on the cline access folder.

After that all users are able to access OWA.


Send as Permissions automatically disappear from specific users.

I had an case  where the send as permissions for one user cannot be set in ECP. he gets error in ECP and Shell:

Active Directory-Antwort: 00000005: SecErr: DSID-03152612, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0

After giving full control on Exchange trusted subsiste over the account we are able to grand send as permissions, but after 20 minutes the permissions are gone and we are again not able to grant them because of the same error.


Disappearing of permissions let me in direction Protected Groups. There is an Artikel form Microsoft regarding this issue:

it turns out that the customer is member of administrators group, which is a protected Group. It was nested in one other made by customer security group.

This is causing the AdminCount to be increased to 1


This is causing the permissions reset and also the inheritance for this account is disabled.


this is causing the insufficient permissions error.

After removing the user form the administrator group, deleted, the admin count and enabled the inheritance the issue got resolved.


Other Protected groups are :

  • Enterprise Admins
  • Schema Admins
  • Domain Admins
  • Administrators
  • Account Operators
  • Server Operators
  • Print Operators
  • Backup Operators
  • Domain Admins
  • Schema Admins
  • Enterprise Admins
  • Cert Publishers





Exchange 2007/2010 Public Folder migration to Exchange 2013 with PST import/export.

Warning: with this method of Migration all PF permissions will be lost. You can export them with EXfolders but they must be added manually after that to Exchange 2013, so it is useful only if you have a small PF database.


If you for some reason cannot complete the migration as described in Technet you can export the whole PF database content to PST and import them back in newly created Exchange 2013 Public Folder Mailbox.

  1. You need an account with full permissions to all PF in the exchange 2010 Public folder database
  2. Export all the PF to one or more PSTs
  3. In order to create a public folder mailbox in exchange 2013, all existing legacy PF databases schuld be deleted. from ADSI or EMC mostof the cases it is not working from EMC because of various reasons so just delete it from ADSI edit. or

    Open Adsiedit.msc-> Connect to the configuration partition.
    Expand Configuration-Services-Microsoft Exchange–Administrative Groups-Servers–Information Stores.
    Delete the database.

  4. Remove the following attribut  for all MailboxDatabases in the same location as above : MsExchHomePublicMDBpf
  5. Create new Public Folder mailbox on Exchange 2013 . If there is already existing PF mailboxes created by older migration attempts delete them. In ADSIedit remove “msExchDefaultPublicFolderMailbox” under “CN=e13,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=e13,DC=de”.The new mailbox schuld be created as Primary hierarchy. If this is not the case take the Mailbox GUID and set it in set-OrganizationConfig -RootPublicFolderMailbox. or in “msExchDefaultPublicFolderMailbox” after  “1;1;3;36;”
  6. Set the mailbox  and Database quotas to unlimited for the mailbox and database where the PF mailbox is located.
  7. Migrate the user with which you have made the export to Exchange 2013
  8. Run on 2013 exchange get-mailbox | set-mailbox -DefaultPublicFoldermailbox “pfmailbox”
  9. Use Outlook –>option–>advanced–> Export outlook Information to a File…. and choose import from pst  select the “import in selection” new PF Structure in Outlook should be selected and import the PST to the new PF mailbox.
  10. Correct the permissions. All users schuld be granted permissions separat.
  11. You can use excel to open the export made with EXfolders and create Formulas to input the needed paths and user names in add-publicfoldercleintpermissions CMD led. This is hard work, but can automate the permission assigment.



Exchange 2013 after installing Lync -The access control entry defines the ObjectType that can’t be resolved in EAC

After installing Lync on the same Domian with exchange sometimes errors occurring in EAC .”The object has been corrupted, and it’s in an inconsistent state. The following validation errors happened:
The access control entry defines the ObjectType that can’t be resolved”


This is most probably caused by cached information in  MS exchange Application Pools .

The issue can be resolved with IISreset on all servers.