Recent Discussions
Information about Exchange SE trough SPLA
Does anyone have any information about the possible availability of Microsoft Exchange Subscription Edition (SE) through SPLA ? As you may know, SharePoint Subscription Edition (SE) was already released since a few years, however it never approved by Microsoft to be used in SPLA, it is not mentioned in the SPUR and they don’t provide the installations keys for this version to SPLA hosters. If they follow the same policy with Exchange SE, we will not have any solution to run an Exchange Server on a supported version after 14th of October 2025 when Exchange 2019 reaches end of support. Thanks for your comments Thierry
Licensing question: Exchange Server SE for CSP M365 E3/E5 customers without Extended Use Rights
Does anyone have any information on licensing the new Exchange Server SE for customers who have M365/O365 E3/E5 purchased via CSP but do not have Extended Use Rights (i.e., no EA/EAS -> no on-prem Office server licenses included)? Specifically: Is it enough to license Exchange Server SE per node only, or Do customers also need to purchase Exchange Server CALs per user (even if they already have M365 E3/E5)? I’ve spoken with multiple licensing distributors and a Microsoft partner contact, but I still haven’t been able to get a definitive answer. According to a comment from Jeremy Carlson and Microsoft’s licensing documentation, certain licenses appear to include "CAL-equivalency rights". Can anyone here confirm whether these CAL-equivalency rights cover access to Exchange Server SE in the CSP E3/E5 (no Extended Use Rights) scenario? licensing reference: https://www.microsoft.com/licensing/terms/product/CALandMLEquivalencyLicenses/MCA#clause-2165-h3-1Our mail domain isn't safe by default for Exchange Online users
Hello all, Our PR Team requested to force automatic download of pictures for internal letters that are sent by the team. We decide to use GP setting "Automatically download content for e-mail from people in Safe Senders and Safe Recipients Lists" from Office an administrative template. It works fine for users with on-prem mailboxes because our mail domain is in the Safe Senders by default, but it doesn't work for users with mailboxes in Exchange Online. For EO mailboxes, pictures of internal letters are not downloaded automatically in classic Outlook. They have to add "@<our mail domain" to Safe Senders list to download pictures automatically. Any attempts to add the same domain by using Set-MailboxJunkEmailConfiguration fail because "the domain is the default mail domain"! (And should be treated as safe). Headers show that letters are not "Anonymous" but internal. It looks like a bug, or we missed something in our Hybrid configuration. Any ideas? King regards, Dmitry HorushinExchange Hybrid Wizard won't run
Hi all, 2 x Exchange 2019 (CU 14 and April SU) in a dag Windows Server 2022 I'm trying to run the Hybrid Configuration Wizard but nothing happens. From one of the servers I go to https://aka.ms/HybridWizard. Using Edge it offers to Open Microsoft.Online.CSE.Hybrid.Client.application but nothing happens when I click Open. I downloaded the application and tried to run it manually but absolutely nothing happens. Nothing in the event logs to say why nothing happened. I had a look and ClickOnce Application Deployment Support Library is the default to open .application files. Tried using the old IE to run it (as some posts online suggest) but again nothing happens. If I run the application from another PC (Windows 10), it attempts to run but fails and I get the error: Deployment and application do not have matching security zones Has anyone else had this issue and was able to resolve? thanks justin EDIT: I am looking at doing the Classic Full hybrid.
Microsoft some server IP not in SPF List?
We Have add DNS record v=spf1 include:spf.protection.outlook.com -all , but find to SPF is failed spf:demo.com:2603:1096:301:11b::15 how can we solve this problem , because we need increase the security Level , would like quarantine / set to junk mailbox for SPF Fail mail Thank
Configure Dedicated Exchange Server Application
Currently our product ranning exchange 2019 CU15 with Exchange hybrid, so what else need configure other task for configuration of the dedicated application for Exchange Server. HCW8126 - Admin consent was not granted during the configuration of the dedicated application for Exchange Server. The application will be created but will not function until consent is provided. Please re-run the Hybrid Configuration Wizard (HCW) or grant consent via the Entra ID portal before using the application.
Hotfix update for 2016 CU23 HU18: (KB5066370) breaks OWA and leaves all services disabled
Has anyone else applied the latest hotfix? First of all it tries to validate open files instead of just killing these processes as part of the update, then after rebooting all the services are left in a disabled state. Then I discover it has broken IIS and OWA doesnt work. We have had client issues all day in the office. It looks like another update has been pushed out without sufficient testing. Any help would be grateful at this point, I am looking to take 2 out of 4 servers offline.Exchange 2019 Mailbox Migration Error - Folder conflicts with Exchange Online folder
Hi Exchange Experts, I'm migrating a small Exchange 2019 environment to 365. Been pulling my hair out becuase of just one mailbox giving this error Error description --------------------------- Error: AggregateMailboxFolderConflictPermanentException: The folder 'Files' conflicts with Exchange Online folder 'Files', please move the messages to another folder and restart the job. Data migrated: 0 B (0 bytes) Migration rate: -------------------------------------- Migration user report: 5/14/2025 12:32:05 PM [MEUP300MB0105] Request processing continued, stage CreatingFolderHierarchy. 5/14/2025 12:32:05 PM [MEUP300MB0105] Stage: CreatingFolderHierarchy. Percent complete: 10. 5/14/2025 12:32:12 PM [MEUP300MB0105] Stage: CreatingFolderHierarchy. Percent complete: 10. 5/14/2025 12:32:12 PM [MEUP300MB0105] Fatal error AggregateMailboxFolderConflictPermanentException has occurred. ---------------------- It seems to be a system folder and I've tried to remove files from it (although there're no files in it) using MFCMAPI tool with no success. Renamed the folder and tried to re-run the migration with no luck. Has anyone experience this issue? any thoughts or tips are much appreciated ! Thank you.Domain not routing mail or logins correctly after tenant transfer
Hello Please i need your help on this issue. Domain not routing mail or logins correctly after tenant transfer. I recently removed the domain sustainable.XXXX from an old Microsoft 365 tenant (based in Chile) and added it as the default domain in my new tenant (based in Spain). The domain is showing as Authoritative and in a healthy state in the Microsoft 365 Admin Center. DNS records (MX, SPF, CNAME autodiscover) are all configured correctly and propagate globally (checked with multiple DNS tools). However, I am still experiencing two critical issues: Authentication / Login Redirect. When I try to log in with rphilippe@ sustainable.XXXX in Office apps (desktop and mobile), the login is automatically redirected to the old Chile tenant (…onmicrosoft.com), which no longer has my domain or licenses. This prevents me from signing into Office apps with my licensed email address in the new Spain tenant. Mail Flow – No Inbound Delivery I can send outbound emails from rphilippe@ sustainable.XXX without problems. But inbound emails from Gmail/Yahoo do not appear in Message Trace in Exchange Online. This indicates that messages are not reaching my new tenant at all, despite correct MX records. Steps already taken: Removed domain completely from old tenant. Verified domain ownership in new tenant. Configured all required DNS records at my registrar (Wix). Waited more than X hours since DNS propagation completed (global MX records confirmed). Tested with Message Trace and Quarantine: no trace of inbound messages. Request: Please verify and force a refresh of Home Realm Discovery (HRD) and Exchange Online domain routing for sustainable.XXX, to ensure: Authentication requests for @ sustainable.XXXX point to the correct (Spain) tenant. Inbound email is routed correctly to the new tenant. This appears to be an internal Microsoft propagation/cache issue, not a DNS or local client issue.
How to perform Windows Update for Exchange 2016 DAG Cluster
Hello, I need to install windows server security update on Exchange 2016 DAG which require reboot the server. I will install the updates on the first server Tuesday, and the seconde server on Wednesday. I'm wondering if installing patches on separated days may impact Exchange services, also i need to know the steps to follow before restart each server after installing the patch.I need help with migration
Hello I need to migrate our account to a wider business due to a merger. In general, I need to change the domain name while keeping my email history without losing any data. On top, I need to ensure after that after the change the extensions of our emails from (i.e @ abc.com to @ abd.com) to have access to the emails which are still being sent to @ abc.com, for example being automatically forwarded to the new email addresses.
Update Federation Trust Certificate
Almost five years ago, I had set this up. I realized the cert is about to expire. I only have on test account on prem, everything else is in the cloud. Oauth is set up and we do have token based auth. I followed the steps to generate a new self signed cert, everything looks good even the text file in DNS. The issue is, when I run set-federationtrust - identity "Microsoft Federation Gateway -publishfederationcertificate, I get the following error. [FailureCategory=Cmdlet-Live DomainServicesException] 2B0D1031,Microsoft.Exchange.Management.SystemConfigurationTasks.SetFederationTrust + PSComputerName I have search and and tried several things for TLS 1.2 Enforcing TLS 1.2 on Windows 2019 via the reg Windows Registry Editor Version 5.00 enforce SchUseStrongCrypto Force Powershell to run tls1.2 I had to remove some of the verbage - i think the forum does not like it. Does anyone have any ideas Thanks Paul
Exchange SE and Domain / Forest Functional Level 2025 Support
Does anyone have any general idea on when they may test support for Domain / Forest Functional Level 2025? We're still rocking hybrid with Exchange SE and ExO and as such we're waiting on the supportability matrix (https://learn.microsoft.com/en-us/exchange/plan-and-deploy/supportability-matrix#supported-active-directory-environments) to get updated so we can raise the DFL/FFL. Currently Exchange SE supports 2025 AD servers so they've verified the schema update from 88 to 91 is good to go but our Exchange team doesn't want us to raise the functional level until this matrix shows that it's supported for our current Exchange version. Thanks for any insight. Supported Active Directory environments The following table lists the supported Active Directory environments for Exchange Server. Version Active Directory servers Forest Functional Levels Exchange Server SE Windows Server 2025 Windows Server 2022 Windows Server 2019 Windows Server 2016 Windows Server 2012 R2 Windows Server 2016 Windows S
Convert resource mailbox to cloud only
Hi During migration to 365 we migrated our resource mailboxes (room/equipment) by using AAD Connect and New-MailboxMove command. Now we would like to clean up in on premise AD and convert these mailboxes to be cloud only, it is also a requirement since we want to use MTRs in the rooms. Is there any support way to convert them to cloud only and remove the link to on prem? Thanks PeterApplying On-Prem EAP with New-Remote Mailbox
BACKGROUND: my org is in a hybrid AD/Exchange environment, and will remain so for some time. All mailboxes, other than a very small number with on-prem dependencies, were migrated to M365 a few years ago; we will continue to have 1-2 Exchange Servers on-premises for both management and some legacy on-prem processes. All user accounts are created on-premises, and synchronized to M365 through Entra Connect Sync. Our on-prem EAP has the exact address syntaxes that we need [applies to "Users with Exchange mailboxes" + "Resource mailboxes" + "Mail-enabled groups"]. I haven't found a clear answer to the question: with an Exchange 2019 (and soon SE) server on-premises - with users initially created on-premises - is there a way to provision new EXO mailboxes [using the 'new-remotemailbox' cmdlet], such that the on-prem EAP applies during creation? I've been working with these two references, but so far haven't found a way to make the "new-remotemailbox..." cmdlet work to (a) create a new account on-premises and (b) ultimately have an EXO mailbox provisioned with the on-prem EAP addresses in place: On provisioning mailboxes in Exchange Online when in Hybrid | Microsoft Community Hub https://learn.microsoft.com/en-us/powershell/module/exchangepowershell/new-remotemailbox?view=exchange-ps Any thoughts or suggestions would be welcomed! (OR - perhaps it just can't be done?)Use PowerShell to Send Messages from Shared Mailboxes, Groups, and Distribution Lists
Everyone probably knows how to use Exchange's Send As and Send on Behalf of permissions to send email from user mailboxes. Here we venture into the same task, but for Microsoft 365 Groups, shared mailboxes, distribution lists, and mail-enabled security groups. Once your permissions are aligned, everything is pretty simple. https://practical365.com/sendas-send-on-behalf-of-mail-objects/Authentication issues after upgrading to 2019/CU15
After upgrading to Exchange Server 2019 CU15, we started having many authentication issues. They appear in many forms. Executing a get powershell command on any virtual directory will fail for the remote system (I currently have 2 servers configured). It will log in the event viewer a DCOM 10028 error: DCOM was unable to communicate with the computer (other system FQDN name) using any of the configured protocols; requested by PID 570 (c:\windows\system32\inetsrv\w3wp.exe), while activating CLSID {2B72133B-3F5B-4602-8952-803546CE3344}. It is intermittent in nature. At first, I thought executing the Reset-ComputerMachinePassword would solve the issue, but it does not always work. We have one Windows 2025 DC in our infrastructure as we have seen some domain trust issues that have been a result of the 2025 DC. Microsoft recommends running this for those client systems. But those systems usually had an event logged in the DC indicating the need for resetting this password. This is not appearing for the Exchange servers. When the get command fails, other issues such as Outlook clients not authenticating occur as well. The Outlook clients continuously prompt for credentials without accepting them, even though correct values have been entered. However, when the get command succeeds, so does Outlook. Anyone experiencing this as well?SMIME not working in OWA
Help needed for S/MIME setup on M365 with Exchange Online and Windows/macOS What was done: Installed the .pfx key on Windows and macOS locally with the password Deployed the root and intermediate certificate via Intune on the Windows and macOS devices Exported the root and intermediate certificate via certmgr.msc and uploaded the .sst via Connect-ExchangeOnline Set-SmimeConfig -SMIMECertificateIssuingCA ([IO.File]::ReadAllBytes('C:\Temp\certificate_CA.sst')) Published the public S/MIME signature via “Publish to GAL” in classic Outlook manually for each user (Windows users). Current Status: Working Sending Encrypted email from a signed Reply (Old/classic Outlook) Sending Encrypted email from new email (Old Outlook) (Works after publishing in GAL/saving the Signature to contact for External) Sending Encrypted email from new email (Outlook for Mac) to windows user who published their certificate via GAL NOT working Sending Encrypted email from new email (New Outlook [Windows]) – Error message: Certificate is not trusted by this organization Sending Encrypted email from new email (OWA on Edge [Windows]) – Error message: Certificate is not trusted by this organization Sending Encrypted email from new email (Old Outlook Windows) to mac users, since certificate was not published
Recent Blogs
- A reminder that on September 16 2025, we will enforce the first temporary block of shared security principal use for our hybrid customers.Sep 12, 2025
