The source data is corrupted or not properly Base64 encoded when Importing Cetificate in exchange.

You can get error when importing wildcard certificate or certificate from Public certification Authority.

Import-ExchangeCertificate : The source data is corrupted or not properly Base64 encoded.
At line:1 char:27
+ Import-ExchangeCertificate <<<<  -Path “C:\cert\certs\www.mydomain.crt.csr”
+ CategoryInfo          : ReadError: (:) [Import-ExchangeCertificate], InvalidOperationException
+ FullyQualifiedErrorId : 76D5CB03,Microsoft.Exchange.Management.SystemConfigurationTasks.ImportExchangeCertificate

This is happening because the certificate is missing private key.

Import the certificate in Personal store and export it in cer format form mmc. Delete the certificate from mmc.

In Exchange Power shell run :

Import-ExchangeCertificate -FileData ([Byte[]]$(Get-Content -Path “<Path of the certificate>.cer” -Encoding Byte -ReadCount 0))

This imports the certificate in mmc but it will not be visible in ECP or IIS.

Run :

Certutil -repairstore my “xx xx xx 02 03 1b c9 fd c5 40 xx a6 55 0a 91 xx”

Where “xx xx xx 02 03 1b c9 fd c5 40 xx a6 55 0a 91 xx” is the Serial number of the newly certificate.

Now the certificate will be visible in ECP and IIS and you can assign services to it.

 

Advertisements

Outlook 2016 – Legacy Public Folders cannot be expanded (No error when expanding)

Lately I came across to a new issue in Outlook  when accessing Legacy Public Folder.

In order to access legacy PF in coexistance exchange 2016/2013 – 2010 you have to configure Proxy mailboxes on mailbox databases as described here.

Now autodiscover will return the Public folder proxy mailbox . in Test e-mail autoconfiguration under XML tab on the bottom

<PublicFolderInformation>
<SmtpAddress>PFMailbox1@e13.local</SmtpAddress>
</PublicFolderInformation>

If the UPN of this proxy mailbox is different form the UPN of the mailbox and it is for example internal .local outlook will not display the PF. No error messages. Public folder root is visible but cannot expand.

It seams that Outlook 2016 is creating autodiscover request for the PF Mailbox and when this Mailbox has .local domain cannot resolve it.

There is no such issues with older outlook versions.

Exchange 2013- Cannot update to newer version from CU1 because of interim update KB2874216

If you have never updated your Exchange 2013 you can came across of one installation error caused by interim update KB2874216

When you try install new er verso you will be greats by error message similar to this:

Unable to install because a previous Interim Update for Exchange Server 2013 Cumulative Update 1 has been installed.  Please use Add/Remove Programs to uninstall the Interim Update before running this setup again

If you try to uninstall it it will ask for exchangeserver.msi form CU1. Most likely you do not have this, because it is 3+ Years old and there is no way to find it on Microsoft site also.

The solution is to delete the following key in the registry:

deleted: HKLM\Software\Microsoft\ExchangeServer\V15\Setup\Interim Update 284216 from Registry.

restart the server and try again to install newer update.

 

 

Exchange 2010/2013 – MSExchange Management Application Error 5000 Events

Error 5000 in application log indicates error saving the Admin audit log. There is many variations depending on the reason for the error. It looks like this :

 

Failed to save admin audit log for this cmdlet invocation.
Organization: First Organization
Log content:
Cmdlet Name: Set-Mailbox
Object Modified:
Parameter: SingleItemRecoveryEnabled = True
Parameter: Identity =domains/xxxxx/Users/xxxxxxxx/xxxxx
Caller: NT AUTHORITY\SYSTEM (powershell)
ExternalAccess: True
Succeeded: True
Run Date: 2016-07-19T10:23:50
OriginatingServer: RZ1GRP01 (15.00.1178.000)

Error:
Microsoft.Exchange.Data.ApplicationLogic.AuditLogServiceException: The Exchange Web Service returned an error while trying to access the audit log. Reason: ‘Error’,’ErrorQuotaExceeded’,’Mailbox has exceeded maximum mailbox size.’.
at Microsoft.Exchange.Data.ApplicationLogic.EwsAuditClient.CallEwsWithRetries(LID lid, Func`1 delegateEwsCall, Func`3 responseMessageProcessor, Func`3 responseErrorProcessor)
at Microsoft.Exchange.Data.ApplicationLogic.EwsAuditLog.WriteAuditRecord(IAuditLogRecord auditRecord)
at Microsoft.Exchange.ProvisioningAgent.EwsAuditLogger.WriteAuditRecord(IAuditLogRecord auditRecord)
at Microsoft.Exchange.ProvisioningAgent.AdminLogProvisioningHandler.WriteAuditRecord(Stopwatch stopwatch)

The Error part in red can be different. Important is to know that for Admin audit logging is used one system mailbox – SystemMailbox{e0dc1c29-89c3-4034-b678-e6c29d823ed9} 

If the Database were this mailbox is located is dismounted, we get error “MapiExeptionMailboxOffline” if hte mailbox is too big you get “‘Error’,’ErrorQuotaExceeded’,’Mailbox has exceeded maximum mailbox size.'” and you have to increase this quotas for this mailbox.

get-mailbox -arbitration -identity “SystemMailbox{e0dc1c29-89c3-4034-b678-e6c29d823ed9}” | get-mailboxstatistics | fl *size*

checked the quota limits on this mailbox:
get-mailbox -arbitration -identity “SystemMailbox{e0dc1c29-89c3-4034-b678-e6c29d823ed9}” | fl *quota*
ProhibitSendQuota : Unlimited
ProhibitSendReceiveQuota : Unlimited
RecoverableItemsQuota : 30 GB (32,212,254,720 bytes)
RecoverableItemsWarningQuota : 20 GB (21,474,836,480 bytes)
CalendarLoggingQuota : 6 GB (6,442,450,944 bytes)
UseDatabaseQuotaDefaults : False
IssueWarningQuota : Unlimited
RulesQuota : 64 KB (65,536 bytes)
ArchiveQuota : 100 GB (107,374,182,400 bytes)
ArchiveWarningQuota : 90 GB (96,636,764,160 bytes)

Use set-mailbox -arbitration -identity “SystemMailbox{e0dc1c29-89c3-4034-b678-e6c29d823ed9}” -RecoverableItemsQuota unlimited -RecoverableItemsWarningQuota unlimited  -CalendarLoggingQuota unlimited  to set the quotas to unlimied.

 

 

Exchange 2013- ActiveSync “message was rejected by the server” Cannot read the body of messages

One very strange issue. ActiveSync devices cannot send e-mail. The are getting error “message was rejected by the server” on Iphone or just “unsuccessful” on Android . Account can be created, messages are received but cannot be viewed.

Test-activesyncconnectivity aswell as remoteconnectovity analyser are showing no errors. Application logs are also clean.

After some Hours of troubleshooting finally we stumbled upon one error on the backend in IIS backend logs:

2016-07-15 07:38:00 ::1 POST /Microsoft-Server-ActiveSync/Proxy/default.eas Cmd=Ping&User=username&DeviceId=androidc2027050747&DeviceType=Android&Log=PrxFrom:%3a%3a1_V141_HH:mail.domain.de_SmtpAdrs:xxxxxxxxxxxx%xxxx-xxxxxxxxxx.de_Fc4_Fid:4_ProvSyncTypeN_Fid:7_ProvSyncTypeN_Fid:8_ProvSyncTypeN_Fid:11_ProvSyncTypeN_Hb1080_Hang0_Fet858_S1_Error:NMStolen_Mbx:serverexchange.domain.local_Throttle0_SBkOffD:BBkOff%3aL%2f-469%2c+ABBkOff%3aL%2f-480%2c+EffBkOff%3aL%2f-469_SyncHC-

It turns out that the issue is caused byt the wildcard ‘*’ character in the beginning of the default accepted Domian.

*.domain.com

After removing the * and restart of transport and frontedn transport the issue got resolved. You will have to assign temporally some other accepted Domain as default and change the e-mail policy to be able to edit the one with the *.

The same issue appears if the default accepted domain and the UPN of the user in AD do not mach.

Update: The same error message appears if the uploadReadAheadSize is smaller then the attachement.

 “Default Web Site/Microsoft-Server-ActiveSync” -section:system.webServer/serverRuntime /uploadReadAheadSize:”52428800″

Exchange 2013 – getting lots of EventID 1040 – Warnings

Issue – Event log is flooded with getting lots of EventID 1040 – Warnings –

The average of the most recent heartbeat intervals [470] for request [Sync] used by clients is less than or equal to [540].

Make sure that your firewall configuration is set to work correctly with Exchange ActiveSync and direct push technology. Specifically, make sure that your firewall is configured so that requests to Exchange ActiveSync do not expire before they have the opportunity to be processed.

Since the avarage is 470, changed the value of HeartbeatAlertThreshold from 540 to 400. in C:\program files\Microsoft\Exchange Server\v15/Client access\Sync\web.config file

recycled active sync apppool.

Exchange 2010 – OWA and ECP not opening “”

Recently we had an issue with OWA. Page cannot be displayed with Hollowing error:

Error browsing OWA:
<!– Web.Config Configuration File –>

<configuration>
<system.web>
<customErrors mode=”RemoteOnly”/>
</system.web>
</configuration>

Hinweise: Die aktuelle Seite kann durch eine benutzerdefinierte Fehlerseite ersetzt werden, indem Sie das defaultRedirect-Attribut des <customErrors>-Konfigurationstags dieser Anwendung so setzen, das es auf einen benutzerdefinierten Fehlerseiten-URL zeigt.

<!– Web.Config Configuration File –>

<configuration>
<system.web>
<customErrors mode=”On” defaultRedirect=”mycustompage.htm”/>
</system.web>
</configuration>

This issue can be caused by corrupted web.config file in clinetaccess\owa .

Usually in this folder there is some web.bak file which is form the previous version of exchange server. This file can be renamed to web.config for troubleshooting purposes. After replacing this file the issue exist still. We event tooke a config file form working server.

The next step / possible solution was:

Navigated to C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG

Renamed web.config to .old and renamed web.config.default to web.config.

Ran iisreset in elevated command prompt

The issue still exists.

changed the %temp% and %tmp% variable path to the default Temp folder .

There can be also issues if the installation path for exchange is given with variables %exchangeinstallpath%. but this was not the case.

Since nothing from the steps above do not helped we decided to copy the clientaccess\owa folder from working server to the affected one.

After that OWA virtual Directory was recreated and the OWA can be open again.

Unfortunately it appeared that onli the Administrator can open OWA. We have errors in application log:

error 2280 with the description “The Module DLL C:\Program Files\Microsoft\Exchange Server\V14\ClientAccess\Owa\auth\exppw.dll failed to load. The data is the error”

Found that the authenticated users have only read permissions on the DLL. Granted Read, Read&execute permissions to the dll and on the cline access folder.

After that all users are able to access OWA.