Tag Archives: exchange 2013

exchange stuff may 2016

Hi all – it is traditional to start this with “it’s been a while”…


Rollups and cumulative updates

Useful and interesting links

Blog articles

Interesting kb articles

Hot news…

FREE exchange 2016 online training course provided by Microsoft on edX, complete with exams and hands on labs (but no videos- it’s all reading, by the look). There are three pretty cheap ones there as well as the initial infrastructure course. It looks like about 20 hours of free stuff (they reckon…). Given the lack of 2016 material on MVA at the moment (all MVA exchange stuff), it’ll have to do, I guess. Give it a go. It’s free.


First up – We appear to be falling behind a bit with our rollup rollouts, so it is likely there will be a new Exchange Stabilisation project shortly. For the avoidance of doubt, I’ll restate the Microsoft support policies:

Exchange 2013/2016 – you are supported by Microsoft on the latest and next latest CU only.

Exchange 2010 – if you are on service pack 3 you are in extended support until November 2020

Exchange 2007 – if you are on service pack 3 you are in extended support until November 2017

Exchange 2003 – you are unsupported. No, really.

With 2007/2010, while you may be supported on sp3 rollup1, it is my experience that unless the problem is a simple configuration issue you will be asked to update to the latest rollup as part of the troubleshooting process. They hate analysing old code.

the latest rollups were released March 15th, and are here:

Useful and interesting links

As part of an investigation last week, I came across a highly useful article that references loadbalancer settings for exchange 2013 – they are the same as for 2010, but it’s nice to have that stated explicitly – it also suggests a great list of other useful and exciting things to do to stave off ever having to log a support call. I know I sent it out earlier, but it bears repeating.

Our colleague Mark Bodley has hunted out a number of extremely useful links:

Database corruption and dirty shutdown decigeons* tree on Exchange server pro. There’s a picture. It’s great. print it out and stick it over your desk.

He emailed a reminder of how to upgrade the CU on Exchange 2013 and 2016, along with some extremely useful links to scripts written by our friend and colleague, Michael Van Hybrid (yes, he’s on the GAL!):

  Not sure if you are aware that the recommend steps for installing CU updates on E2013/2016 are a bit different to what we may have gotten used to with Exchange 2010 – assuming that your local hostile SDM ever agreed to an update!!

There’s an article on the steps required for Exchange 2013 SP2 2016 at http://exchangeserverpro.com/installing-cumulative-updates-on-exchange-server-2016/ with 2013 being quite similar. Confusingly though Exchange continues to ship with the StartDAGServerMaintenance.ps1 scripts, these appear really to be for 2010 and should not be used on 2013 or later.

Michael van Horenbeeck has written 2 scripts for starting and stopping maintenance mode on Exchange 2013 and as they support a multi-role deployment they should work for 2016. Certainly looking at the above article, the steps for 2016 are the same as for an E2013 Multi-role server.

The scripts are at :-

· Stop-ExchanegServerMaintenanceMode.ps1 : https://gallery.technet.microsoft.com/scriptcenter/Exchange-Server-2013-77a71eb2

· Start-ExchanegServerMaintenanceMode.ps1 : https://gallery.technet.microsoft.com/scriptcenter/Exchange-Server-2013-ff6c942f

The exchange 2010 search troubleshooting guide – invaluable. Note this is for exchange search, not instant search – outlook uses exchange search in online mode, and instant search in cached mode – instant search is based on windows search, and searches the .ost file, not the server. Shall I bore you with exchange store search…? No? ok. Be aware that exchange 2013 has a different search engine again – Microsoft search foundation. try this article.

Understanding the Outlook Connection Status window. Recently (slightly) updated.

How to troubleshoot free/busy issues in a hybrid deployment of on-premises Exchange Server and Exchange Online in Office 365

The latest guided walkthroughs for Office servers – lync, exchange online, office 365 etc – are here. Some of them are brand shiny and new, others are a little long in the tooth. PF repl for 2003? Wow.

Blog articles

Rhoderick Milne explains why Network Location Profiles are giving you neckache – I’ve come across this myself, it stops Exchange working properly, and is tricky to spot.

The PFE Exchange 2013 tips and tweaks post (also Mr Milne). The 2010 article was a standard. You need to read this if you look after 2013, or are about to. CSAs should read it also…

Anyone looking at moving from 2007 to 2013 should review the links from this 2013 upgrade workshop.

My friend Ingo has an update to his activesync user script here: Get-ActiveExchangeUsers 2.0

Released: March 2016 Quarterly Exchange Updates on the official “you had me at EHLO…” blog.

Deferred Lagged Copy playdown in Exchange 2016

Messing around with how powershell proxying works causes headaches. Read this to make sure you are aware of how cu11/cu12 will affect you.

Exmon is finally available for Exchange 2013 and 2016

Interesting KB articles


May 3, 2016, update for Outlook 2016 (KB3115101)

Office 2016 Applications crash or cannot start

Lync 2013 (Skype for Business) or Outlook 2013 Crash after installing the april 2016 upates

Performance problems when you try to access folders in a secondary mailbox in Outlook –I know at least one account is struggling with this.


“The remote server returned an Error 404” or "HTTP request has exceeded the allotted timeout" error when you move a mailbox from on-premises Exchange Server to Exchange Online

Intermittent "500" error occurs for EWS requests in an Exchange Server 2013/2007 coexistence scenario

"Cannot display the folder properties" or "could not be updated" error when Exchange hybrid deployment users open a room calendar in Outlook

Can’t open a shared folder in Outlook on the web in Exchange Server

Users in your Exchange 2013-based hybrid deployment experience mail issues after April 15, 2016

Incorrect output when you run the Get-CASMailbox cmdlet to view the HasActiveSyncDevicePartnership attribute

"Cannot display the folder properties" or "could not be updated" error when Exchange hybrid deployment users open a room calendar in Outlook

"Nullable object must have a value" error when you run the Hybrid Configuration wizard

"Execution of the Get-WebServicesVirtualDirectory cmdlet has thrown an exception" error when you run the Hybrid Configuration wizard

Exchange Online users cannot access free/busy information of users in a non-Internet-facing Active Directory site

"The user isn’t assigned to any management roles" error when you run the Hybrid Configuration wizard

"Secure Mail Certificate on server is not bound to the SMTP Service" error when you run the Hybrid Configuration wizard

"The SMTP address template is invalid" error when you run the Hybrid Configuration wizard

"The length of the property is too long. The maximum length is 64" error message when you run the Hybrid Configuration wizard

"RequiredTls flag should be set to true if TlsCertificateName is specified" error when you run the Hybrid Configuration wizard

"The remote server returned an error: (403) Forbidden" error when you try to move mailboxes from on-premises Exchange Server to Exchange Online

"The term ‘Get-HybridMailflowDatacenterIPs’ is not recognized" error when you run the Hybrid Configuration wizard

On-premises users in an Exchange hybrid deployment can see availability but not capacity or description information of a resource when they schedule a meeting

Can’t reserve a resource for a meeting after the resource mailbox is migrated to Exchange Online

"An error occurred while working on your domain" when you try to verify your domain in Office 365 in an Exchange hybrid deployment

Users in a hybrid deployment can’t access a shared mailbox that was created in Exchange Online

Out-of-office replies and voting options in email messages between on-premises users and Exchange Online users do not appear correctly in a hybrid deployment

Slow mail delivery in an Exchange environment that has transport rules configured – I’m particularly keen that you understand this article – I’ve been asked a few times lately about transport rules, so anyone thinking of implementing them needs to understand that they can have a performance impact.

Outlook Anywhere users prompted for credentials when they try to connect to Exchange Server 2013 or Exchange Server 2016

Information about the Calendar Checking Tool for Outlook (CalCheck)

Feedback is of course welcome.


Roderick, by John Sladek. Probably my favouritest book about robots ever.


“Oi, Admin! you’re not as clever as you think you are!”, or, the importance of doing simple things right.

just had a call from a customer who was having terrible trouble exporting discovery search data to pst from Exchange 2013. The search was apparently running fine, but the download failed with a long error message.


i asked for problem steps recorder output to see what they were doing… (this is from my repro):


if you can spot what they’re doing wrong without reading the error message, well done. have a muttley medal.

this throws the error message:

PLATFORM VERSION INFO Windows : 6.2.9200.0 (Win32NT) Common Language Runtime : 4.0.30319.34209 System.Deployment.dll : 4.0.30319.34274 built by: FX452RTMGDR clr.dll : 4.0.30319.34209 built by: FX452RTMGDR dfdll.dll : 4.0.30319.34274 built by: FX452RTMGDR dfshim.dll : 6.3.9600.16384 (winblue_rtm.130821-1623) SOURCES Deployment url : /microsoft.exchange.ediscovery.exporttool.application?name=ce66od_1&ews=https%3A%2F%2Flocalhost%2Fews%2FExchange.asmx">https://localhost/ecp/15.0.1076.9/exporttool/<servername>/microsoft.exchange.ediscovery.exporttool.application?name=ce66od_1&ews=https%3A%2F%2Flocalhost%2Fews%2FExchange.asmx ERROR SUMMARY Below is a summary of the errors, details of these errors are listed later in the log. * Activation of /microsoft.exchange.ediscovery.exporttool.application?name=ce66od_1&ews=https%3A%2F%2Flocalhost%2Fews%2FExchange.asmx">https://localhost/ecp/15.0.1076.9/exporttool/<servername>/microsoft.exchange.ediscovery.exporttool.application?name=ce66od_1&ews=https%3A%2F%2Flocalhost%2Fews%2FExchange.asmx resulted in exception. Following failure messages were detected: + Downloading /microsoft.exchange.ediscovery.exporttool.application?name=ce66od_1&ews=https://localhost/ews/Exchange.asmx">https://localhost/ecp/15.0.1076.9/exporttool/<servername>/microsoft.exchange.ediscovery.exporttool.application?name=ce66od_1&ews=https://localhost/ews/Exchange.asmx did not succeed. + The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. + The remote certificate is invalid according to the validation procedure.

so… what’s wrong there? well, the remote certificate is invalid. fine… but it’s the local machine… the url says “localhost”…. oh… sigh.

they’ve done the standard admin shortcut of going to localhost because they can’t be bothered to type out the unfeasibly long servername, and the client then throws an error, because “localhost” isn’t a subject alternative name on the cert, unsurprisingly. the little red address bar in the screenshot above is a clue, there.

sure enough, when they use the servername instead of the url, everything works like a charm:



the lesson there is “do things right”. localhost will throw errors with https other than just needing to click through a cert warning, so don’t use it. if you are using it, and you get weird behaviour, try attaching to the site with a url that is actually on the SSL certificate.

also, a post script: when it says “if you experience problems, try clearing cookies and signing in again”, why not try clearing the cookies and signing in again, before you ring me up and tell me it doesn’t work? 😀

why *wouldn’t* you want a group called “Content Submitters”?

I can’t think of a good reason…

My colleague Mark Bodley has drawn my attention to this KB article: Content Index status of all or most of the mailbox databases in the environment shows “Failed”. He has recently experienced this on an exchange 2013 CU5 estate, and, during the course of his research, has seen evidence that it occurs in CU6. My money would be on it persisting in CU7 as well. He points out that while the article states “all or most” of the databases will be affected, he only saw a minority of databases suffering.

if you read the article you can see that the problem is caused by Exchange failing a permissions check on an AD security group called “Content Submitters”, because it doesn’t exist. The fix is to ummm… create an AD security group called “Content Submitters” and grant full access to “Administrators” and “NetworkService”.

I can’t think of a single reason not to go ahead and create that group as part of an install. If you’ve already got Exchange 2013 up and running, why not create the group anyway? That’s one less cause of failed databases you need to worry about.

Exchange 2013: setting diagnostic logging levels the quick way

TL;DR how to set a bunch of logging levels with similar names to a specific level, plus a script that sets *everything* back to the defaults.


I’ve got a customer who is having trouble with Exchange 2013 and Active Directory, flip-flopping between DCs. i can see it occurring in the event log, but there’s no suggestion of what the problem might be. No worries, lets just hoik* the logging level up on ADAccess, and have a look at what’s happening.mmmm…

first problem with that; with the demise of anything approaching a usable GUI in exchange 2013, we’ll have to use powershell. it’s the “set-eventloglevel” cmdlet that i need, but usage examples are pretty thin on the ground. in fact, there’s just one.

Set-EventLogLevel -Identity "Exchange01\MSExchangeTransport\SmtpReceive" -Level High

which is peachy, but i don’t know which of the many adaccess logging objects i need. there are quite a few:


i don’t fancy running that cmdlet ten times, and my customer fancies it even less. what we need is some powershell magic. Why don’t we get the objects, and then feed them via the pipeline into the set-eventloglevel cmdlet? we can use the get-eventloglevel cmdlet. unfortunately it returns a great long list of objects, so we’ll need to filter them.


oh well, worth a try**. to do that we’ll need the where-object cmdlet and the “–like” comparator.

get-EventLogLevel | Where-Object {($_.identity) –like “*adaccess*”}


now we can feed that straight into the set-eventlogginglevel cmdlet:

get-EventLogLevel | Where-Object {($_.identity) –like “*adaccess*”} | set-EventLogLevel –level medium


you’ll not want to leave it there, though. that’ll fill your event log up quicksmart. once you’re done, set everything back. the handy “default” radio button that used to work in 2010 is gone:



so what you’ll need is a little script that puts everything back where you found it. if you run get-eventloglevel you’ll see that nearly everything is set at lowest, but there are one or two exceptions:


is that MSExchange RBAC\RBAC that’s set to low, there? god knows. my eyesight isn’t all that. let’s run a bit more powershell and dump out all the objects that aren’t set to lowest:


Bugger. that didn’t work. let’s run get-eventloglevel | gm and find out why .level didn’t select the –level parameter:


aha – why call your property after the parameter it sets? what we want isn’t called .level, it’s called .eventlevel. duh.


great, so everything needs to be set to “lowest” apart from those objects.

so, we could run a script that sets everything to ”lowest”, and then sets them to”low” afterwards, except… what about those “2”s there. you can’t set a value of 2 with set-EventLogLevel .I’ve tried. there’s two things we could do there, either ignore them, or use the registry powershell provider to set them back to 2 afterward. ignoring them is the easiest way, isn’t it? mm?


so my script looks like this:

<# this script returns Exchange 2013 server diagnostic levels to their default.

The first line sets everything but "msexchange oauth\server" and

"msexchange backendrehydration\server" objects to "lowest".

these objects are set to 2 by default, a value that can’t be set using set-EventLogLevel.

you can set them in the registry at

HKLM\currentcontrolset\services\msexchange backendrehydration\diagnostics


HKLM\currentcontrolset\services\msexchange oauth\diagnostics

the rest of the script sets the exceptions to their correct level

this script will only work on the local server, obviously#>

Get-EventLoglevel | where-object {($_.eventlevel) -notlike "2"} | set-eventloglevel -level lowest

set-eventloglevel -identity "MSExchange RBAC\RBAC" -level low

set-eventloglevel -identity "MSExchange ADAccess\Topology" -level low

set-eventloglevel -identity "MSExchange ADAccess\Validation" -level low

set-eventloglevel -identity "MSExchangeADTopology\Topology" -level low

set-eventloglevel -identity "MSExchange OAuth\Configuration" -level low

set-eventloglevel -identity "MSExchange BackEndRehydration\Configuration" -level low

how could it be improved? well, adding the two lines to set those values to 2 in the registry would make it quicker, rather than filtering them out. adding in a line for server identity that defaults to the local host would be good. signing it might be a good idea. maybe later.


why am i using “–notlike” in the first line, instead of “–ne”? i *think* it’s because the value is an integer, and –ne is interpreting the input as a string… whatever. “-ne” doesn’t work. “-notlike” does.


* yeah, that’s a word. hoik.

** turns out that get-EventLogLevel “msexchange adaccess*” DOES work though…never mind, this way is betterish.

Where the hell did that 1TB limit come from?

TL;DR Exchange 2013 RTM std retains an undocumented feature from Exchange 2010; the 1TB limit on database size. This persists even after applying cumulative updates for databases created while Exchange was at RTM. The fix is to follow advice for Exchange 2010, and then move your mailboxes to a new database.


So what actually happened? Well, my customer experienced a forced dismount of a database. Digging through the event logs, there were these events:


When they tried to mount the DB, they saw this error:


Note the warning event occurred 24 hours before the error event. Also note that the size of the database really wasn’t 3.3 petabytes. As it happens, the customer was migrating huge and unwieldy mailboxes into the db at the time, so didn’t really have time to digest the warning.

That really looks like the sort of thing we might have seen on Exchange 2010, back in the day, but according to the literature, there is no 1024GB limit in Exchange 2013 standard, and never has been. The registry key referred to in Error event id 40011 doesn’t exist. So… what do we do? we follow the advice for Exchange 2010, here: How to prevent your Exchange Database Drives filling up completely and set the limit to, say, 3072GB. That’s not quite complete, though. It may work very well for 2010, but to get it to work in 2013 you need to use mount-database with the –force parameter. If you try and mount from the EAC (or without the –force) it will continue to fail. It will also need to be mounted with –force *every time*. ouch.

Which is why it’s worth writing  this blog article. Any database created with the RTM code will be affected by this, so anyone who has had Exchange Standard installed since the early days, or thought they had to install RTM and then install a CU on top of it, may see this problem as their databases grow. My advice is to consider moving mailboxes to a new database created  on a later CU.

Intersting things I have seen on the internet, October 14th

Afternoon. Lots of stuff in the last week-and-a-bit. Firstly, you may be interested to take part in the Global Knowledge IT Skills and Salary survey – if you take part then you’ll get the results mailed to you in March. Interesting stuff. Also please be aware that organisations running Exchange 2007 (like us) may be affected by this issue, causing meetings in Russian time zones to appear incorrectly after October 26. This will be fixed around the middle of November, or the 128th of Mitwoof if you’re in Russia. Anyway, on with it.


Exchange Design:

There’s a new version of the JetStress tool available.

How to integrate Exchange Online with Lync Online, Lync Server 2013, or a Lync Server 2013 hybrid deployment and How to integrate Exchange Server 2013 with Lync Server 2013, Lync Online, or a Lync Server 2013 hybrid deployment.

Need to move mailboxes from one office 365 tenant to another? You need the Microsoft Office 365 merger migration guide for Microsoft Exchange Online and Microsoft Lync Online. Yes you do.


Exchange Troubleshooting:

I get bored of saying it. Microsoft get bored of saying it. Now you can get bored of reading it (actually, it’s been around a while, but it’s just been updated and it’s worth reading) Fix Outlook connection problems by upgrading to the latest version

Exchange 2013 has a problem with lazy indices causing unexpected x-overs. This is discussed here – Those Pesky Lazy Indices. The article is remarkable for two reasons – firstly, it’s written by Mr McMichael, and secondly it refers to “failovers”. I thought that was verboten? It appears it’s 2013 CU5 that is mostly affected.

Damian Scoles has a really nice article on troubleshooting mailflow during migrations. Not just how to fix it, but actually how to troubleshoot it. Nice.

Outlook 2013 users who have installed the September 2014 Update may experience a certificate error when they open outlook. Microsoft are investigating this.

MRSProxyConfiguration settings are not honoured when they are configured. This will be fixed in CU7, they say.


Exchange General:

Tony Redmond discusses the implications for Exchange on-prem of Satya Nadella’s statement “Office 365 is the new Exchange and one will cannibalize the other. The key is to ensure that current Exchange customers can transition on their own terms.” Even if he’s right (and he usually is…), the opportunities for basing a career around Exchange are going to be limited, at the least. Still at least we’ll have exchange 16 to look forward to in the near future. It might be interesting to have a look at some of the stuff that might make it into the next version.

Paul Cunningham has a nice explanation of the 2013 Autoreseed feature on his blog.


Core General:

Probably the coolest article in this post: Introducing the Netlogon Parser (v1.0.1) for Message Analyzer 1.1. This is awesome. If you only click on one link, this one should be it. It really showcases the power of Message Analyzer. Paul E Long also has made a plea for MessageAnalyzer feedback. He’s particularly after feedback on performance issues. So, while it’s true, “It’s great, Paul!”  isn’t going to cut it.

There’s an interesting video on virtual networks within Azure on Channel 9. Also got some info on internal load balancing. Sounds like a recipe for calls, to me.

Lakshman Hariharan has a second post on Network Trace Analysis using message analyzer. I’m really keen on this tool (really? Who knew) I’m thinking of doing some online training on it if anyone is interested.

For those of you intending to do your MCSA 2012 R2, there’s an offer on the 70-412 ebook here. Offer expires next Sunday (19th).

Microsoft are really an open source company. Honest, guv. That link is worth looking at, however, for the link to Introduction to Programming with Python on the Microsoft virtual academy. Except I’ve just posted it, there. Oh well. It’s got a picture of a man holding a toaster too.


Office 365:

FREE EXCHANGE KEYS! FREE EXCHANGE KEYS! How to obtain an Exchange Hybrid Edition product key for your on-premises Exchange 2007 or Exchange 2003 organization

Office 365 and azure visio stencils from Keith Mayer. If Visio stencils do it for you, then here they are.

New Azure AD enhanced auditing and activity reports coming soon.

Another update to the “how to troubleshoot Azure Active Directory Sync tool installation and Configuration Wizard error messages”. I wish I could come up with snappy product names like that.

Turns out you might find outlook 2010 suddenly runs verrrry slowly with Office 365 – in which case install the August 2013 hotfix package. Note this is a hotfix package, not a rollup. Confusing.

Archive mailbox issues for a mailbox that’s migrated to or from Office 365

There’s going to be a lot of startled admins out there (step 2 of the solution) On-premises users aren’t getting email messages from Office 365 users in an Exchange hybrid deployment

Office 365: Outlook and mobile device connectivity troubleshooting resources

Another general troubleshooting article: Domain errors in the Office 365 portal. You need to expand the table, otherwise it looks like it’s just taunting you.

How to change the AD FS 2.0 service communications certificate after it expires. Useful information regarding certificate manipulation…

NEW! “The server cannot service this request” error when you use In-Place eDiscovery & Hold to search a large number of mailboxes “may be corrected in a future update!”

Troubleshooting Azure Multi-Factor Authentication issues

There’s been an update to the Office 365 mail flow troubleshooting index.

The latest “From Inside the Cloud” post deals with mail and transport encryption in Office 365.

Damian Scoles (again?) has posted a couple of troubleshooting articles on his “Just a UC guy” website. They’re a bit specialised, but I really like his writing style and his systematic approach, both to troubleshooting and documentation, so I’m going to link to them here. Have a look; you could learn a thing or two. Manager’s Team Calendars with Exchange / Office 365 Hybrid  and Free/Busy Hybrid Troubleshooting.



Jeff Schertz has written a long and detailed article on configuring QoS for Lync IP phones. Lots of pictures. Lots of links. I’m still out of my depth with it.


It’s October. That means it must be time for the September 2014 Cumulative Update 5.0.8308.813 for Lync Server 2013 (conferencing server). What does this fix? Nothing at all. A bit like the unified comms, apparently. The front end and edge updates, web components, core components and conferencing attendant updates all appear to actually do something. I’m sure I’ve mentioned in the past that each Microsoft update contains a handful of fixes to public intersting things that i have seen on the internet, october 14thproblems, and a lorryload of fixes to stuff that Microsoft don’t tell people about. They may all be downloaded here. This article contains a list of the most recent updates for Lync Server 2013. If you bookmark it, you can look at it regularly. Or use something like follow that page to tell you when it changes. Or, god forbid, Microsoft’s own RSS feed.


And finally…


Damn fine cherry pie.


Intersting things that i have seen on the internet, october 3rd

Right, this is hopefully a little more timely than the last one. Those of you sitting an MCP exam at a Pearson VUE testing centre may notice that the interface is slightly different. Hopefully this will help you feel good about your exam. Probably not as good as passing the thing, though.


Exchange Troubleshooting:

Short and sweet – how to check the autodiscover SRV record using NSLookup, from Rhoderick Milne

Having problems accessing automapped mailboxes in Exchange 2010 recently? Have a look at this article.

New! Exciting! An exchange 2013 CU6 bug design feature! Load balancer marks Exchange server as down in an Exchange Server 2013 Cumulative Update 6 environment.

Can’t create an Exchange 2013 public folder mailbox? “An existing Public Folder deployment has been detected” error when you try to create a public folder mailbox in Exchange Server 2013.


Exchange General:

Good news, bad news. Good news; my friend Justin Harris has earned a “2014 Microsoft Exchange Server MVP” Award. Thoroughly deserved! Congratulations Justin. He does an excellent podcast with Larry Novak, a great Exchange engineer at Microsoft.

Bad news; Microsoft layoff senior technical writers. I can’t see how this is possibly a good thing. The writers in question produce some of the most authoritative and in-depth articles on exchange available. Exchange 2010 has been really well documented, Exchange 2013 less so (where is all the performance monitoring stuff, for instance?) – it looks like 2015 will be barely detailed.


Core General:

Some interesting and useful information from the Defrag show on the latest and greatest Microsoft product; not Sway, not windows 10, but Minecraft. I can’t begin to tell you how excited my boys are that their father is now officially a minecraft support engineer. There’s also some stuff on Windows perfmon counters for HDDs, and yes, some stuff on windows 10. Who cares? “It looks like you’re building an underground labyrinth filled with zombies. Would you like help?”


Clippy has his own Realm, where his army of countless slaves build mile high idols in his image.

Also very exciting (if you support stuff) is Mark Russinovich discussing SysMon on the defrag tool show. Also his latest novel, Rogue Code.

Keith Mayer has advice on using Azure to look at the windows 10 technical preview here, if that’s what floats your boat.

The recommended hotfixes for 2008 R2 clusters article has been updated.


Office 365:

Free/busy lookups between Exchange Online and on-premises users stop working after you set up OAuth authentication. You’ll need (it says) to have a mix of Ex2k13 and Ex2k10 on prem, so hopefully it won’t be a problem, but it’s worth checking for if you see any issues with free/busy and OAuth.

The EHLO blog has an article on the new bulk email feature in Exchange Online Protection. If you’re at all interested in how Microsoft handles your spam, then you may enjoy the linked video – “How does Microsoft handle my spam?

I know there have been a few comments about the wealth of material available for the office 365 exams. Just when you think you can’t possibly fit any more in, along comes the official Microsoft Learning Study Group for MCSA : Office 365.

Once again, Microsoft would like to reassure us all that Office 365 does not mean that we will all lose our jobs. Ummm. More kool-aid here. Strangely, they never wrote a part 2.

How to enable a debug trace for the Microsoft Online Services Sign-in Assistant, but not how to analyze it. Sigh.

Troubleshoot single sign-on setup issues in Office 365, Windows Intune, or Azure.

Refreshed advice on Using WAN Optimization Controller devices with Office 365. That’s those riverbed steelhead things… Tricksy.

Mixing Office 2007 and Office 365 causes problems editing Office documents in OWA.

Troubleshooting Lync Online DNS configuration issues in Office 365.

Troubleshooting *more* sign-in issues in Office 365, Azure or Windows Intune.

A List of Attributes that are Synced by the Windows Azure Active Directory Sync Tool.



Having problems with Lync after migrating your users to office 365? Richard Brynteson explains how to force lync to autodiscover again.

Troubleshooting Lync Sign in issues. Not new, but good. Plus it was linked to in this excellent article that explains a bit about the troubleshooting process…


And finally, those crazy cats at MSL have another video for you. If you can bear it, see super sigma and psychomagician explain how online proctored exams work. What, girls? No hats?


That’s it for now. Keep an eye out for that creeper.

interesting things i see on the internet – 27/01/2014

first of all, you should all be planning your SP3 upgrades, if you haven’t started already. MSExchange.org are starting a new series this week on this very topic, so as well as reading my earlier blog post on this, you should read their article as well.

Exchange design:

Here are some nice test lab guides/posters on cross product solutions with exchange, lync and sharepoint, and here’s a brief (very brief) article on setting up an exchange 2013 lab from Steve Goodman.

Exchange troubleshooting:

I’ve seen a wonderful script for troubleshooting unexpected database growth. This script will snapshot a database and compare it to previous snapshots, and then tell which mailbox is growing, by how much and how many items. Like using exmon, but about a million time easier. I heartily recommend that everyone has a good play with this, so that when you come to use it in anger (and you probably will), you know exactly what you’re doing with it.

This looks like it may save some of you some pain in the near future; the right way to create additional receive connectors in Exchange 2013.

An old post, but an interesting one – do you have sleepy NICs? A common cause of databases moving around unexpectedly in a DAG. We’ve got a couple of customers experiencing this, and we’ve checked that this isn’t the case, but it would be great if people would check again. This is one for the best practices document, i think.

The Romanian exchange support engineers have suddenly become active on their blog, after years of very occasional posting. There’s a couple of pretty detailed posts covering some interesting troubleshooting issues up there at the moment. The mailflow troubleshooting guide is good, if brief.

Rhoderick Milne has a great post on mailbox quarantine that’s got some great hands on advice on configuration, which may explain to you why some users cannot reach their mailboxes.

Exchange general:

Here’s an interesting article on the new restrictions on upgrading the database schema in Exchange 2013. Note that’s the DATABASE SCHEMA, not the DIRECTORY SCHEMA. In exchange 2010 the database schema of each dag member upgraded as soon as the service pack/rollup was applied, making it tricky to then move databases around until all the nodes were on the correct version. In 2013 the schema won’t update until all members of the dag are at the correct software level to support the updated version. Why is this good? Because it means we are less likely to get in a situation where nodes get stuck on the wrong version and are unable to support an active database. It does happen. Twice, in my experience – 2007 was particularly prone to it.

As usual Tony Redmond has a batch of interesting posts;  how exchange 2013 measures and monitors server healthten predictions for exchange in 2014, calcualting client access licenses, service packs and cumulative updates, and the reappearance of powershell command logging. yay. There’s a lot of other posts there, all of which are great. You should read them.

Here’s a great way to start reporting message flow statistics – how many messages are generated, NDRs and so on, using the ExLogAnalyzer.

The Redmond Interoperability Plugfest 2013 has a video on MAPIHttp, the replacement for RPC over HTTP which i mentioned in the last mail. There’s also one on exchange 2013 protocols and one on outlook 2013 protocols. They’re not long, which is probably just as well. Soo… sleeepy…

Msexchange.org are starting a new series on monitoring exchange 2013 with scom 2012. Given that we are sooo up on monitoring exchange 2010 with SCOM 2007 r2, we should probably start reading this now, yes?

They’ve also got a new series on transport high availability in exchange 2013, which looks like it may be useful  – shadow redundancy and safety are in there, somewhere.

Here’s a really nice script for automating exchange mailbox audit logging. Remember to keep an eye on your disk space. What does the mailbox audit log contain? Who accessed a mailbox, what was deleted, if mail was sent using a “send as” permission and lots more. Of course you want to keep this information.

Tony Redmond (again?) has published an article on managing activesync partnerships for multiple devices on his personal blog.

Core general:

Perfmon incorrectly calculates disk latency in windows server 2008. If we don’t apply this hotfix, then we can’t trust what perfmon is telling us; given that disk latency is a major cause of poor user experience, you really need to get this installed.

MS have published a complete and updated list on microsoft product virtualization – what is supported and what is not, here.

there is a new MATS tool released for analysing the storage stack on windows 2012 and 2008. What’s MATS?

It’s not great, yet, but it’s highly promising – the solutions node in technet. How-to guides for all things, eventually. In the meantime, single sign on federation in hybrid environments…

Office 365:

Ali Larter demonstrates how office 365 stops her from trashing banks, cop cars, hotel rooms and so on. Save the cheerleader an that.

MS is developing a series of Test Lab Guides on Hybrid solutions – the Office 365 trial subscription guide is discussed here. Is it great? Well no, but it’s just part of the whole hybrid stack of test lab guides – see also the solutions stuff above – if MS manage to pull this off, it’ll be awesome. If they don’t, well, hopefully it will have given you some ideas. Here is the first step on the stack, the windows 2012 configuration test lab for public cloud technologies.

The EHLO blog has some useful, if basic, guided walkthroughs on mailbox and folder sharing scenarios. It’s Nino Bilic – if he thinks it’s worth writing about, it’s probably worth you reading about it.

it’s windows azure jump start week at the Microsoft virtual academy. live video from 8pm til midnight every night from now until Friday. or you can wait a week or so until the recordings get posted.

MS have published a useful collection of KB articles on troubleshooting common Office 365 issues.

and that’s it. my inbox is now clear. time to move to Asana. not.

Exciting things i have seen on the internet, 29/11/13

2013 sp1 has been announced – edge servers, support for 2012 r2 and a shift in how service packs work – from now on they’re going to be a lot more like cumulative updates, and we need to see them as such. SP1 will be in place of CU4, and CU5 will include SP1, which is different to previous releases where rollups were for a particular service pack – from now on it will all flow in together. in an earlier mail i suggested that the difference between a service pack and a cumulative update is a schema update, however CU1, CU2 and CU3 include a schema update, so that blows that out of the water. expect a post on how we need to redefine our services in response to this in the near future.


Exchange 2010 sp3 rollup 3 has also been announced. note the large numbers of fixes for CAS crashes. be aware that issues with the client access service crashing may be fixed (or substantially altered) by the code changes made in this rollup.


Rhod Milne has highlighted some useful Microsoft Virtual Academy courses in a post here. if you’ve not yet tried the MVA stuff then i urge you to find some time for it – it’s much better than free training has any right to be.


He has also posted an exceptionally handy list of things you should do to Exchange 2010.You should consider these things best practice, and think about how to incorporate them into your Exchange 2010 environment. if you are unsure if they apply to you, then please give me a ring. there are also some recommendations here that Rhod refers to; these are interesting and useful, but less likely to apply to everybody.


Scott Schnoll is always an interesting read, and he’s just published some new documentation for Exchange 2013 managed availability.


after last week’s post about IPv6, Microsft have updated their article on how to re-enable it or temporarily disable it for troubleshooting purposes only.


Microsoft have changed article 297019 again. this is the networked PST article. it no longer explicitly states that PST files accessed over a network are not supported (although it is still heavily implied). for the avoidance of doubt; PST files that are accessed on a network share are not supported. there are too many issues associated with it, and if MS find out that you have PST files stored on a network share then they will stop doing any troubleshooting until you disable them all. Please do not store PST files on a network share, and please don’t suggest to your customers that it won’t be a problem. it ALWAYS causes a problem. the MS document that is referenced in the kb article is titled “network stored pst files: don’t do it“. That should be a good clue as to what the product group think about it.


no-one has reported a problem with iOS 7 to me, but just in case, here’s a hotfix that Microsoft have released for a problem that iOS7 created.


and just to prove it’s not just apple, the latest version of android (kitkat, or 4.4) breaks active sync. google have marked the problem as “closed (to be fixed in a later release)”, so basically there’s a reasonable chance that upgrading to kitkat on an android device will BREAK exchange activesync for the long-term. not a good idea.

Review: Microsoft Exchange 2013 Cookbook

I’ll put my hand up here and say that Packt gave me a free copy of this book to review; hopefully this hasn’t influenced my opinion too much, but free stuff is always nice. If someone would like me to review a Lamborghini (or even a new Volvo), I’m prepared to put myself out.

The technical content of this book is very good, as you’d expect from a team that includes Michael Van Horenbeeck. It’s one of the Packt “cookbook” series, and so is not intended to be an exhaustive catalogue of features like the “unleashed” books, nor a guide to design. This book is solidly in the “how do i…?” end of the market with the pocket consultant series, only more so. Each section follows a pattern where the task is introduced, instructions are given on how to perform it with the exchange admin centre, then with powershell, along with advice on which is appropriate for a given need, then there is a section explaining how the task is accomplished in more depth, then there is a short section containing references and a little bit of further information. It starts out with installing the prerequisites, goes through all the common config requirements, explains the basics of high availability, transport rules, certificate config, RBAC and so on.

There’s no fat here. Unlike, say, the “unleashed 2013” book which repeats the same information three or four times to fill its thousand-odd pages (even when it’s incorrect!), if you blink with this book you’ll miss something important. In a more in-depth book this might be an issue, but the content here covers the common scenarios with only the occasional digression into the unusual, such as how to prevent noderunner holding a database you want to delete, or the plain weird, such as how to do autodiscover redirection.

It’s plain that pretty much everything in the book is a result of real-world experience. Again, other books are clearly just reworded versions of technet articles – this is absolutely not the case with this one. The authors have carried out all the tasks in the book (many times, I would think) and so the procedures you get are the ones you need, and will work for most common scenarios. The authors are also happy to cover community resources as well as official Microsoft ones, so there are references to Paul Cunningham’s excellent powershell tools, among others. The writing style is easy and mostly engaging, and the layout is clear and obvious. Michael Van Horenbeeck is an active Exchange and UC community member and blogger and I’m sure would be happy to answer any questions people might have regarding the content.

It’s not all sunshine, however. The authors have an awesome amount of experience and knowledge, but the book itself could use a little sympathetic editing – at times the idiom is clumsy and unclear*, and there are some howling misprints and typos – for example the command to disable admin audit logging is the same as the command to enable it, apparently. In one case, this strays from the obvious misprint into slightly murkier waters – eseutil is referred to as “repairing” a database in dirty shutdown, when the command given is for the altogether less scary recovery (recovery is correct, here…). Having said that, proofreading costs both time and money; this book is well priced and timely, and I’d suggest that those are possibly more important than elegant grammar.

If what you want is a straightforward “how to” then this book is a good price, and will cover most of what a small to medium business would want from an email system. Given that the “pocket consultant” series now runs to two volumes, and is significantly more money, this is the front runner in the market. If design or exhaustive technical detail is your bag, then this isn’t aimed at you.

*given that all I can do in any language other than English is swear and order a beer, I am clearly in a great position to criticise.