Recent Discussions
Mystery Emails for Meeting
Hello I have this weird issue that I have been tracking down. A user's mailbox sends emails out every night as reminders to an appointment that they setup. The email goes to all participants in the meeting, regardless of whether they accepted or not. I used message trace to track the source IP and it trusted, none network within my management, which wouldn't have devices unaccounted for. I am not concerned that it is malicious or an account takeover situation, since there isn't any content added to the meeting. It is the same email every morning this week. Is there a cause for this? Are there any options in Exchange or outlook that this could be attributed to? For example one that would effectively say "keep reminding participants of this"? A few other details, which may or may not be relevant: On at least one occasion, I verified that their computer was turned off. So, it is either their iPad or there iPhone, but I am not sure if that is relevant. I have this posted to an apple forum as well. Of the 6 participants that the message goes to (according to exchange message trace) only 1 actually says that it shows up in his mailbox. Which makes me think that the other mailboxes are simply processing the redundant meeting message and there is something special about this one. But, I don't want to focus on that because it is too dependent on user input. It's really a question of why the messages are being sent in the first place. Thanks! This is a weekly recurring meeting and these mystery emails are going out daily.Solved73Views0likes1Comment
Request for Official Cleanup Script to Retire Exchange 2016 After Migrating to Exchange SE
Subject: Request for Official Cleanup Script to Retire Exchange 2016 After Migrating to Exchange SE Hi Exchange Team, I've successfully migrated mail flow and management to Exchange Server Subscription Edition (SE) and am now preparing to retire our legacy Exchange 2016 server (EXCHANGE2016). I’ve followed the documented steps from the Decommissioning Exchange Server 2016 blog post, but I recall that a script—Cleanup-ExchangeLegacyServer.ps1—was referenced or released separately to automate the final cleanup. I’m unable to locate the actual script and would appreciate guidance on where to find it. Here’s a summary of what I’ve completed so far: Steps Completed Mail Flow Migration Reconfigured send connectors: Set-SendConnector "Outbound to Office 365" -SourceTransportServers @("EXCHANGESE") Verified SmartHost routing and TLS settings. Receive Connector Cleanup Disabled all receive connectors on EXCHANGE2016: Get-ReceiveConnector -Server EXCHANGE2016 | Disable-ReceiveConnector Mailbox Migration Moved all user, arbitration, audit log, and monitoring mailboxes: Get-Mailbox -Server EXCHANGE2016 Get-Mailbox -Server EXCHANGE2016 -Arbitration Get-Mailbox -Server EXCHANGE2016 -AuditLog Get-Mailbox -Server EXCHANGE2016 -Monitoring Queue Validation Confirmed no active queues on EXCHANGE2016. Connector Scope Audit Verified EXCHANGE2016 is no longer listed in any send connector: Get-SendConnector | Where-Object {$_.SourceTransportServers -contains "EXCHANGE2016"} Remaining Question Should I now: Run an official cleanup script (e.g., Cleanup-ExchangeLegacyServer.ps1) to safely remove EXCHANGE2016’s configuration objects while keeping Exchange SE intact? Or simply uninstall Exchange 2016 from EXCHANGE2016 and decommission the server manually? I want to ensure I follow Microsoft’s best practices and avoid breaking hybrid management or leaving orphaned AD objects. If the script is available, could you please share the official download link and any updated guidance? Thanks in advance for your help! —MichaelSolved97Views0likes2Comments
Assistance with Database Transaction log relocation
Dear Exchange Community, Recently, I have been tasked to relocate the Database log files and folders to another partition. to elaborate further, I have 2 mailbox servers with DAG configured and 4 Databases. As everyone is aware, one partition for databases and one dedicated for DBs logs (On both servers). I would like to know how can I do this, What are the requirements? and what precautionary measures should I take in order to minimize the failure or even database corruption. Any help regarding this matter would be appreciated a lot ThanksSolved85Views3likes5CommentsO365 hybrid connector to onprem failing TLS
We're having issue with the connector to on-prem from Exchange Online If we enable the TLS it fails with the error Cannot connect to remote server [Message=451 5.7.3 STARTTLS is required to send mail Looking at the on-prem server we noticed that if connecting to port 25 STARTLS is missing but connecting to port 587 is present PORT 587 250-SIZE 20971520 250-PIPELINING 250-DSN 250-ENHANCEDSTATUSCODES 250-STARTTLS 250-AUTH NTLM 250-8BITMIME 250-BINARYMIME 250 CHUNKING 451 4.7.0 Timeout waiting for client input PORT 25 250-SIZE 62423040 250-PIPELINING 250-DSN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250-BINARYMIME 250 CHUNKING 451 4.7.0 Timeout waiting for client input Is there a way to have it enabled on port 25 as well ?Solved182Views0likes7Comments
Exchange 2016 Maximum number of recipients in a message that's sent by the specific sender
Hello, I want to know if the RecipientLimits value on a mailbox can override the MaxRecipientEnvelopeLimit. For example, if I set the MaxRecipientEnvelopeLimit to 50 to limit all organization mailboxes to a maximum of 50 recipients, and then I set the RecipientLimits of a specific mailbox, let’s say user10@mylab.local, to unlimited. Can user10 send an email with 100 recipients or not?Solved107Views2likes6Comments
Discrepancy with shared mailbox when removing user-mailbox
Hello, When we remove a mailbox from Exchange 365, we see a discrepancy with the shared mailboxes the user had access/permissions for. - the user-object is deleted for "Full-Access" - the user-object is not deleted for "Send As". Because the user/mailbox does not exist anymore, now the SSID (S-1-5-21-.......) is displayed instead of the users mailaddress. Why isn't 'Send As' cleaned up; 'Full-Access' is? Now we have several old permissions on the shared mailboxes. Kind regards, ArjanSolved102Views1like4Comments
Centralized mail transport and sending outgoing messages directly from EXO
Dear Community I have a following question: my company is using Exchange hybrid environment, with centralized mail transport. Both incoming and outgoing messages are routed through on-prem mail gateway, also MX points to it. We would like to deprecate the on-prem gateway soon and the first step might be changing routing for outbound emails, so they go directly from EXO to gmail.com for example. And here is the real concern - is there any tricky way, to set this routing selectively, for a pilot user group first, before we change it globally? I know about Set-OutboundConnector and RouteAllMessagesViaOnPremises parameter, but I wouldn't like to change it before doing some test on selected mailboxes. Will be happy for any suggestion. Best Regards MarcinSolved184Views0likes7Comments
Exchange hybrid removal – partial
I have full hybrid configured. I have no mailboxes on prem. I use Exchange as mail relay (auth and non auth SMTP). With on extra information. One of SMTP domains is configured as internal relay. So, emails address to unknown recipients is routed to exchange on premise, that I use Target address SMTP:*.mail.onmicrosoft.com on existing object to rout email to valid O365 mailbox. I was looking in to this article : https://jaapwesselius.com/2020/12/15/remove-exchange-hybrid-configuration/#:~:text=Disable%20OAuth%20on%2Dpremises,on%2Dpremises%20and%20Exchange%20Online.&text=These%20are%20the%20steps%20needed,option%20in%20Azure%20AD%20Connect. Remove certificates : I will run command .\ConfigureExchangeHybridApplication.ps1 -ResetFirstPartyServicePrincipalKeyCredentials This will brake Free/Busy, MailTips, and Photos. Disable Oath: On Prem and in Cloud. Get-intraOrganizationConnector | Set-IntraOrganizationConnector -Enabled $False SMTP Routing I will not run Remove-HybridConfiguration, i dont see mail issue if setting is left in AD. And i don’t need to recreate connectors. Should I run Remove-IntraOrganizationConnector on premise that include domain domain.mail.onmicrosoft.com which i use for routing, and same on O365, which include all registered domains. I believe I can. Should I left both connector intact in on prem and in O365. I have created Dedicated send connector : AddressSpaces : {smtp:*;1} SmartHosts : {********.mail.protection.outlook.com} CloudServicesMailEnabled : True Fqdn, TlsCertificateName, RequireTLS … True I also have the following connector : Outbound to Office 365 - ******-********-******* TlsDomain : mail.protection.outlook.com AddressSpaces : {smtp:********.mail.onmicrosoft.com;1} The default receive connector is configured to accept mail from O365. The firewall allows only mail originating from Exchange Online IP addresses. Existing receive and send connector configurations established by the hybrid setup will be maintained. Remove-OrganizationRelationship : I already run this command on premise and O365. SCP and AutoDiscover : Public CNAM record all points to O365 autodiscover.outlook.com Internal entries remain, and I have many domains to update. If I run the commands now, will they immediately disrupt on-premises Autodiscover, or continue working as usual? Can I gradually set up CNAME records and finally set AutoDiscoverServiceInternalUri to $null?Solved89Views0likes2Comments
CVE-2025-53786 - Anyone knows what to do?
Good day, there is the CVE-2025-53786 and even there is a lot of articles around about the security leak, it's not clear what to do exactly. A hotfix seems to be available for Exchange 2016 and 2019: Released: April 2025 Exchange Server Hotfix Updates | Microsoft Community Hub According to MS, https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53786, Exchange SE is affected. The Hotfix mentioned above does not apply to Exchange SE so whats the solution? KB5047155 is the very first version of Exchange SE. So can Exchange SE be affected and be the solution at the same time? I dont think so. Can someone please tell what exactly to do on an Exchange SE server to close the leak? Best RegardsSolved770Views0likes1CommentRequest on Exchange Server SE CU1 Codebase and Trial Version Behavior
Dear Microsoft Exchange Team and Community, I have questions about Exchange Server Subscription Edition (SE): Codebase of Exchange SE CU1 vs. Exchange 2019 CU15 The roadmap says Exchange SE RTM matches Exchange 2019 CU15 codebase, with new features starting in SE CU1. Is SE CU1 a standalone codebase or a direct continuation of Exchange 2019 CU15 with added features? Behavior after Exchange SE trial expiration What happens when the SE trial expires? Are all functions fully retained? Are any services or features restricted or disabled? Will the server remain usable? Thanks for your clarification!Solved280Views0likes4CommentsOn-prem shared mailbox access in hybrid Environment
Migrating user's mailboxes from exchange 2016 on-prem to exchange Online in Hybrid configuration. What is the best approach regarding the shared-mailbox present on-prem ? Users migrated to exchange online lost access to the shared mailbox, outlook removed the shared mailbox from profile, until the shared mailbox is not migrated as well. Is there a way to have the migrated users still able to access the on-prem shared mailbox ? thanks SCSolved93Views0likes1CommentDeveloping Apps for Exchange Server
Hello everyone, I've built an AI Assistant for Outlook that works fine with the API's (email/calendar/todos). However some of the customers are asking how can they use it on their Microsoft Exchange accounts (on-premise servers). I don't have much experience in the Microsoft Exchange world, but I'm quite technical. Is technically possible to build an app that can integrate with hosted Exchange accounts and read emails, do AI Analysis, integrate with Calendar and everything like in the cloud? If yes, how is the authentication done? And not last, is hosted Exchange Server worth being investing in from a third party like me that wants to build on top of it, or businesses are switching to the cloud?Solved58Views0likes2Comments
Issue: NDR When Running Python File via Microsoft Graph API
Hi everyone, I'm experiencing an NDR (Non-Delivery Report) error when running a Python script that uses the Microsoft Graph API. Here is my current setup: Trial tenant App registered in Azure Portal Required permissions granted Inbound connector configured in Exchange admin centre Python code being executed from a VM (workgroup) Error Details: email address removed for privacy reasons Remote server returned '550 5.7.708 Service unavailable. Access denied, traffic not accepted from this IP. For more information please go to http://go.microsoft.com/fwlink/?LinkId=526653 AS(7186). I've followed the documentation and believe I've set up everything required. Is there any step or configuration I might have missed? Any guidance or suggestions would be greatly appreciated. Thanks!Solved145Views0likes4CommentsIncrease space on Exchange Servers
Hello, We have a 2016 DAG exchange enivrement made by Two Windows server 2016, lastly the disks start getting full and i want to increase disks space from vCenter. is the operation safe on a production environnement ? is there any thing should be aware about ? Thank youSolved143Views0likes6CommentsApplicationAccessPolicy vs Azure Automation Account
Hi all. I have an Azure Automation Account (AAA) with enabled system managed identity. I added Graph API permission Mail.Send (application) to this identity and in script I'm able to send behalf of any email mailboxes. It works correctly. I want to restrict this AAA to specific mailboxes. So, I followed the https://learn.microsoft.com/en-us/graph/auth-limit-mailbox-access. I created Service Principal for AAA by "New-ServicePrincipal" command and created new Application Access Policy. When I test it via Test-ApplicationAccessPolicy command I see correct result. But AAA is still able to send an email behalf of an email mailbox. Do you have the same experience?Solved101Views0likes2CommentsImplementing DKIM and BIMI with Exchange 2016
Hi, My customer wants to implement BIMI. His environment is composed of an exchange server 2016. To receive and send mail he uses a provider as a smarthost that also acts as an antispam. From what I read in order to implement BIMI, SPF, DKIM and DMARC must be configured correctly. The spf record is already configured correctly. For the DKIM issue, the configuration must be done by the provider and then I will insert the dns record with the correct parameters in the public area. Once the DKIM is configured, I can configure the DMARC by creating the dns record in the public area. My first question is: If the provider does not support DKIM, is it possible to install a third-party solution and then continue to use the provider as a smarthost? My second question is: I imagine that exchange does not natively support BIMI, since it does not even support dkim. In my configuration the BIMI service must be implemented by the smarthost (provider)? ThanksSolved172Views0likes2Comments
DAG Exchange 2016 -> 2019 Migration, Certificate Question
Hello folks! I have a question regarding a migration from an existing Exchange 2016 2-Node DAG to an Exchange 2019 2-Node DAG (O/S Server 2022) and the Certificate for Exchange Services (mapi,ecp,oab,ews and so on....). The existing Exchange 2016 server both use the same RSA 2048bit certificate. I´m considering whether to issue an ECDA P-384 certificate for the new Exchange 2019 servers. This certificate would also serve as the basis for the later upgrade to Exchange SE. Could the different certificates cause problems during the migration?Solved118Views0likes1Comment
Upgrading from 2010
Hello I currently have an Exchange 2010 server running on Server 2008 R2 Standard. I believe the Exchange has been updated with service packs as far as it can go. We have been operating in hybrid mode for quite some time. I would like to upgrade to a later version so that I can run the powershell commands necessary since the GUI no longer works. I tried to run the Exchange 2013 CU23 install on this server and I get the message that exchange server is in an inconsistent state. As far as I know everything is/was working correctly up until the GUI would no longer run Before I start going down rabbit holes trying to fix this and break something I would like some advice on what would be the best way to get the Exchange management tools installed on a different server. I'd like to get to the point where I have the 2019 management tools on my 2019 domain controller. Any assistance or points to the online resources would be greatly appreciated. -DaveSolved86Views0likes1CommentGmail Emails Randomly Quarantined in Microsoft 365 with High Confidence Phish (SCL 8)
Hello Microsoft Tech Community, We’ve been encountering a recurring issue where emails sent from Gmail to recipients in Microsoft 365 are being randomly quarantined. The quarantine reason is marked as "High Confidence Phish" with a Spam Confidence Level (SCL) of 8, despite the emails being legitimate. What’s more puzzling is that when the same email is sent to multiple recipients: The email is successfully delivered to Recipient1. The same email to Recipient2 is quarantined. Has anyone else faced a similar issue? Could this be due to a misclassification in Microsoft Defender or some specific filtering behavior? Any insights or recommendations to prevent such false positives would be greatly appreciated. Thank you!Solved628Views5likes4CommentsHCW fails to detect an Exchange Server
I'd like to acquire a free hybrid license using the Hybrid Configuration Wizard. However to me that seems to require HCW detects the Exchange Server on the second page. However it doesn't detect any of my two Exchange Servers (yes, that worked in the past with the older one). No matter on which of both servers I execute HCW, it doesn't detect any of both servers. To me it appears like the cause is a remote powershell (Exchange Management Shell) session failing to be initiated. ECP and Exchange Management Shell work fine. I get the following error messages in the HCW log: ERROR 10085 (and 10084) Client UX, Activity Detection, Thread 6 Fehler bei der Remoteserververbindung mit der folgenden Fehlermeldung: Beim Verbinden mit dem Remoteserver MYNEWEXCHANGESERVER01 ist folgender Fehler aufgetreten: Eine angegebene Anmeldesitzung ist nicht vorhanden. Sie wurde gegebenenfalls bereits beendet (a specified logon session does not exist. it may already have been terminated) Could not connect to MYNEWEXCHANGESERVER01 When I try to start the Exchange Management Shell from the HCW window using F12 I get the following error, too: New-Pssession : MYNEWEXCHANGESERVER01 Beim Verbinden mit dem Remoteserver "MYNEWEXCHANGESERVER01" ist folgender Fehler aufgetreten: Eine angegebene Anmeldesitzung ist nicht vorhanden. Sie wurde gegebenenfalls bereits beendet. Der Domänen- oder Computername wurde nicht mit den angegebenen Anmeldeinformationen hinzugefügt. Beispiel: DOMAIN\UserName oder COMPUTER\UserName.Solved445Views0likes8Comments
Events
Recent Blogs
- A reminder that on September 16 2025, we will enforce the first temporary block of shared security principal use for our hybrid customers.Sep 12, 20253.6KViews3likes2Comments
