This morning, after No on-Premise Updates, our on-premise users sending to Exchange-Online users could not send attachments. The message would all come though, though the attachment would be a winmail.dat file. You can open it in Notepad and see the encoded message.

On-Premise to On-Premise works.
Exchange-Online to Exchange-Online works.
Exchange-Online to On-Premise works.

To Fix the issue we went to the On-Premise EMC and went to Org, Hub Transport, remote domains and for the <tenant>.mail.onmicrosoft.com domain we set the RTF to Never (Was User Selected) and Encoding to UTF-8 (Was Western ISO). Not  knowing if this was only happening to our internal domain, we also did this for the Default Remote Domain too just in case.

My Question is, why did this start happing bright and early today?

Not a hint of it yesterday, and we have not dont any updates on the On-Premise Server.   I can't say if the Clients Updated last night or not. But it was ALL On-Premise users having the issue.

Came across a weird one today. Email forwarding from O365 to On-Premise was failing for just this one user.  Email functions fine otherwise but I cannot run a command against this user. A simple 'Get-Mailbox -identity this.user' fails.

The command fails with: 'The operation couldn't be performed because 'domain.com/ou/ou/this user\' couldn't be found. Notice the trailing slash after the user? That is not a typo. I cannot find this anywhere in the user properties. Any thoughts?

HI,

We have Exchange 2010 environment.

Site A: 

CAS/Mailbox Server 1 & CAS/MBX Server 2

Approx. 700 GB of Public folder with replica copy on both the servers for HA.

Site B: (Newly deployed)

CAS/MBX Server 1 & CAS/MBX Server 2

There is a requirement to replicate the Public folder content from Mailbox server in Site A to Mailbox Server in Site B.

I have already created the PF database on both new servers.

Could you please help me in about next steps how to replicate the public folder structure and content on new servers.

Considering the huge volume of data, I would like to update the content in off hours without impacting the bandwidth.

Thanks

Pawan

We have one of the user which was move to office 365 as test and then move back to exchange 2010 on-primse and now when user on exchange 2010 send email to this user they get

Hi,

We use Exchange 2010 Standard version. We have 2 mailbox servers, 2 hub servers and 2 cas servers.

We need to add three new internal accepted domains. We will create the users in the Exchange server so we will add these three domains as authoritative.

The important thing is that we do not want these 3 domain names changing the smtp address of existing mailboxes. Please let me know the steps to do this.

Hi!

As per TechNet Article https://technet.microsoft.com/en-us/library/bb123716(v=exchg.141).aspx  the InternetWebProxy Parameter is defined as "The InternetWebProxy parameter specifies which Web proxy servers, such as Microsoft Internet Security and Acceleration (ISA) Server computers, Exchange should use to reach the Internet."

In short if you have Proxy in your environment and you want your exchange server to reach Internet for o365 endpoint or Federation gateway you will end up configuring InternetWebProxy parameter for each CAS Server to use the company Proxy.

My Question is how does Exchange server know what url to access thru the proxy and what url it will directly access? How does exchange make the distinction between a end point in local network vs End point in Internet? Like with any Internet Browser like IE we can configure it with proxy setting and we can also provide exceptions as to which url to access directly and which one thru proxy? Do we anything equivalent when we set InternetWebProxy  setting for exchange server.

With Regards, M S Ali

Hi,

Since upgrade to High Sierra , we have version 16.22.19 (outlook) we can't connect to Exchange 2010 sp3 Rollout 24.

We even downgraded outlook to many different version of 15 or 16, it does not work. SAME, it timeout while verifying the server...

The autodiscover seems to works fine ...

Any ideas ?

Thanks.

Exchange version 14.3.382.4000

Event ID 9877 with error code 0x800700c1

Can't search OWA, The action couldn't be completed Please try again later

Does anyone know the fix for this error?  The closest I could find was to repair symlinks and then rebuild index catalog.  Rebuild catalog by itself did not resolve the issue, and I can't find a legitimate source for the symlinks script.

I have my Exchange server receiving TLS mail without issue from a internal IIS6 smarthost running Mail Essentials.  No trouble there, incoming mail shows as TLS from the source to the Outlook client on the desktop.

The problem is with the send connector.  I have three certificates on the machine.

The first certificate says it's not self-signed but appears to be from the DC.  It's the machine name, say exchangebox@mycompany.ca.

The second certificate is self-signed and says WMSvc-exchangebox

The last certificate was purchased through GoDaddy and uses the external name of the server which is mail.mycompany.ca. (plus a few others: www.mail.mycompany.ca, exchangebox.mycompany.ca, autodiscover.mycompany.ca).

All three say they are valid for Exchange Server usage and have SMTP assigned to them.

When I look at the SMTP send logs the send connector doesn't even appear to be trying to send TLS.

Send-Connector configuration:

FQDN: mail.mycompany.ca

Address Space: SMTP * 1

Network: Use domain name system MX records to route mail, use external DNS lookup settings on the transport server

I've tried sending both to my personal gmail.com account and my personal Microsoft 365 domain account, they always come up as not encrypted.

I'm trying to update Ex2010 to SP3 and Im getting the following error when the readiness check runs:

Error:
There was a problem accessing the registry on this computer. This may happen if the Remote Registry service is not running. It may also indicate a network problem or that the TCP/IP Netbios Helper service is not running. 

Ive seen posts all over and I've gone through all the recommendations, but it continues to happen.  

Any ideas?  Thanks.

Scott

Need expert assistance uninstalling on premise exchange 2010 server from windows 2008 server std.

Hello,

We have exchange server 2010 and roles are installed in 4 server , 2 mailbox (physical) and 2hub transport (virtual server ) with clientaccess server for load balancing . We lost our both Hub transport client access  server because virtual machine was stored in a Vdisk is crashed . We have tried to setup new hubtransport server but it was not helpful . OWA redirection from external URL to maibox is not working also mailbox is showing disconnected even after creating new hubtransport . We are unble to create new hubtrsport / client access with the same name as of we have removed old entry from ADSIedit .

Any one can suggest how we can setup new exchange server for the same activedirectory user .

Thank you.

Hi all,

In my organization, I have exchange 2010 SP1 with the following topology:

2 network load balanced client access server

2 mailbox servers joined to one DAG.

I have 4 self-signed certificates that are expired

According to the self-signed certificate associated to the hubCAS array  servers,it is assigned to the SMTP service also the smtp service is assigned to a certificate that it's issued from  A private CA, I read that it's best practice to renew self-signed certificate as it used to secure SMTP sessions between hub transport servers in the exchange organization. When I renew self-signed certificate associated with the hub server, is it applicable to assign the SMTP service to both certificate

what I mean in details :

The certificate that is issued from the private certificate authority is assigned the following services (iis,imap,pop,smtp).

The self-signed certificate that will be renewed ,when I assign SMTP service to it wha will happen the SMTP service will work with which certificate

According to the certificates associated to the mailbox sever it is has no services assigned to it

Also is this the way I should use to renew self-signed certificate

Generate a new self-signed certificate: This command pipes the existing certificate object to the New-ExchangeCertificate cmdlet, which uses its properties to generate a new self-signed certificate.

Get-ExchangeCertificate -thumbprint “C5DD5B60949267AD624618D8492C4C5281FDD10F” | New-ExchangeCertificate

Written below all the certificate that I have in my servers

SRVHC01

AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System.Security.AccessControl.CryptoKeyAccessR

                     ule, System.Security.AccessControl.CryptoKeyAccessRule}

CertificateDomains : {mail.company.com.eg, srvhc02.companydc.local, srvhc01.companydc.local, mail.company.com, autodiscover.company.

                     com.eg, autodiscover.companydc.local, autodiscover.company.com}

HasPrivateKey      : True

IsSelfSigned       : False

Issuer             : CN=company-CA, DC=companydc, DC=local

NotAfter           : 7/18/2019 12:17:56 PM

NotBefore          : 8/24/2017 10:45:37 AM

PublicKeySize      : 2048

RootCAType         : Enterprise

SerialNumber       : ************************

Services           : IMAP, POP, IIS, SMTP

Status             : Valid

Subject            : CN=mail.company.com.eg, OU=company, O=company, L=town, S=town, C=EG

Thumbprint         : *****************************************************

AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System.Security.AccessControl.CryptoKeyAccessR

                     ule, System.Security.AccessControl.CryptoKeyAccessRule, System.Security.AccessControl.CryptoKeyAcc

                     essRule}

CertificateDomains : {SRVHC01, SRVHC01.companydc.local}

HasPrivateKey      : True

IsSelfSigned       : True

Issuer             : CN=SRVHC01

NotAfter           : 9/18/2016 6:19:15 PM

NotBefore          : 9/18/2011 6:19:15 PM

PublicKeySize      : 2048

RootCAType         : Unknown

SerialNumber       : ******************************

Services           : SMTP

Status             : Invalid

Subject            : CN=SRVHC01

Thumbprint         : *************************************

*********

SRVHC02

*********

AccessRules        :

CertificateDomains : {mail.company.com.eg, srvhc02.companydc.local, srvhc01.companydc.local, mail.company.com, autodiscover.company.

                     com.eg, autodiscover.companydc.local, autodiscover.company.com}

HasPrivateKey      : True

IsSelfSigned       : False

Issuer             : CN=company-CA, DC=companydc, DC=local

NotAfter           : 7/18/2019 12:17:56 PM

NotBefore          : 8/24/2017 10:45:37 AM

PublicKeySize      : 2048

RootCAType         : Enterprise

SerialNumber       : ***********************

Services           : IMAP, POP, IIS, SMTP

Status             : Valid

Subject            : CN=mail.company.com.eg, OU=company, O=company, L=town, S=town, C=EG

Thumbprint         : ***********************

AccessRules        :

CertificateDomains : {SRVHC02, SRVHC02.companydc.local}

HasPrivateKey      : True

IsSelfSigned       : True

Issuer             : CN=SRVHC02

NotAfter           : 9/18/2016 6:29:26 PM

NotBefore          : 9/18/2011 6:29:26 PM

PublicKeySize      : 2048

RootCAType         : Unknown

SerialNumber       : *************************************

Services           : SMTP

Status             : Invalid

Subject            : CN=SRVHC02

Thumbprint         : *************************************

********

SRVmbx01

********

AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System.Security.AccessControl.CryptoKeyAccessR

                     ule, System.Security.AccessControl.CryptoKeyAccessRule}

CertificateDomains : {SRVMBX01, SRVMBX01.companydc.local}

HasPrivateKey      : True

IsSelfSigned       : True

Issuer             : CN=SRVMBX01

NotAfter           : 9/18/2016 5:59:54 PM

NotBefore          : 9/18/2011 5:59:54 PM

PublicKeySize      : 2048

RootCAType         : Unknown

SerialNumber       : ***********************************

Services           : None

Status             : Invalid

Subject            : CN=SRVMBX01

Thumbprint         : ***********************************

***********

SRVMBX02

***********

AccessRules        :

CertificateDomains : {SRVMBX02, SRVMBX02.companydc.local}

HasPrivateKey      : True

IsSelfSigned       : True

Issuer             : CN=SRVMBX02

NotAfter           : 9/18/2016 6:42:50 PM

NotBefore          : 9/18/2011 6:42:50 PM

PublicKeySize      : 2048

RootCAType         : Unknown

SerialNumber       : *****************************

Services           : None

Status             : Invalid

Subject            : CN=SRVMBX02

Thumbprint         : ***************************************

I've been working with Microsoft for nearly a month on this issue and we just aren't making progress.

I have an RBAC role group that contains the Mailbox Import Export role. The user is assigned. The user is also a member of Domain Users -- and no other groups.

All we know, at this moment, is if we add the user to the Exchange Admins group, the New-MailboxExportRequest works. Without that group, he gets that error that the SystemMailbox could not be found.

It seems like an AD issue --- some rights are not being granted correctly? Or something is being denied?

The SystemMailbox that cannot be found is the one for the Database of the target mailbox we are trying to export. Somehow, the user who is trying to export doesn't seem to have access to the SystemMailbox on the other database.

Bearing in mind that this functions correctly if the user is in the Exchange Admins group, it would appear that on the Exchange side, all the parts are at least working correctly. The problem must be specific to some kind of AD rights for the user.

My question, more than anything, that Microsoft cannot answer is this:

What rights --- exactly --- are required to do a New-MailboxExportRequest?

Assume that we have disabled / denied ALL rights across the board. Which would have to be set to Allow for this cmdlet to function? For the user & Exchange Trusted Subsystem (and whatever other account requires rights for this)?

Thanks!

Hello, we have 2 CAS servers and one of them has started having an issue were random emails get stuck in the queue. The queue is still able to process email but I think as the day goes on the number of stuck emails increase and the queue slows down.

The emails did have the error 432 4.3.2 storedrv.deliver recipient thread limit. I tried applying the fix people talk about by applying the following code:

<add key="RecipientThreadLimit" value="2" />
    <add key="MaxMailboxDeliveryPerMdbConnections" value="3" />

The messages don't display this error now but we are still getting messages stuck in the queue. The only way I've found to clear the queue is to restart the transport service but this has affected outlook clients connecting to exchange.

Hi you all

I have a curious situation... Up till now the company I'm working at didn't have any distribution lists / groups. I went ahead and made one with a few members. After a day of waiting it didn't showed up in the GAL. 

For another problem I reset my Outlook Profile and realized that after resetting I could see the DL in the GAL. But it disappeared again after a few minutes.  When I now delete my Outlook Profile again I see the DL in the GAL again. I tested it with another one, same problem.

Can anybody make a guess why this is happening?

We are working with Exchange 2010 and Outlook 2016.

Thank you 

LLips

Hi all,

In my organization, I have exchange 2010 SP1 with the following topology:

2 network load balanced client access server that have client access and hub roles (hubcas1,hubcas2)

2 mailbox servers joined to one DAGthat have only mailbox role (MB1,MB2)

I'm planning to install service pack 3 on my exchange server 

but it has forefront protection for exchanged installed on all servers ,also I have kasperesky security 9 for microsoft exchange instaled only on hubcas1 and hubcas2 not the mailbox servers

I have 2 questions 

1-I think that I have to unistall forefront from all the servers right or not 

2-I read in the installing service pack ,I should uncheck "enable  anti spam " and "anti virus scan "

so for kasperesky I believe that I only have the following options ,uncheck the ena

this the guide I use to upgrade service pack 

https://practical365.com/exchange-server/installing-exchange-server-2010-service-pack-3

Hi there,

Sorry for putting this in the 2016 forum but the 2010 forum seems to have vanished now.  We are in the process of migrating to 2016.

Just wondering if anyone else has noticed that the latest exchange 2010 sp3 rollup (25) seems to have broken functionality related to forcing users to change their password at next logon via outlook web access.

We use this quite extensively and since the latest rollup, it no longer works.  Instead, we simply receive the message that the username or password is incorrect or it just allows us to log in without forcing the reset.

This behavior doesn't exist when we check it against a 2016 environment when I go to one of the 2016 hosts (we are migrating).

This was working fine just before the patch.  No settings have changed (that we have made).

-Darryl