Recent Discussions
Usage data for Personal Bookings/Bookings with me
Is there a way (powershell cmdlet or graph call) to get a count of how many users in a tenant have created/enabled Personal Bookings? I'm not talking about shared Bookings calendars, but people who have turned on the "Bookings with me" feature. The reason I'm looking for this data is that right now we have some departments who are using other similar services, in some cases they are costing the org quite a bit of money. If we can demonstrate that a significant percentage of users are making use of this feature that we're already paying for, we have leverage to recoup some operating costs.20Views1like0CommentsEnable IPv6
Hello, Recently the Exchange Team has enabled IPv6 for the accepted domains. When I check the status with 'Get-IPv6StatusForAcceptedDomain' for our domains, I see that IPv6 is enabled. But I see a difference between the domains where IPv6 is enabled by Micorosft Support (before IPv6 was global available). In the 'AdditionalInfo'-field there is no info (as expected). For domains where IPv6 is enabled through global availability, the Additional Info says: Enabled status does not guarantee that IPv6 is enabled for your domain. For more information, please use Get-Help Get-IPv6StatusForAcceptedDomain. What does this means? And how can I check if IPv6 is really enabled? Disable and enable IPv6 again makes no difference. The Get-Help command doesn't show any extra information.15Views0likes0CommentsOrganization Sharing for specified group
Hello all, We have configured calendar sharing. All works well; we can see the calendars from the other organization and vice versa. The only issue is that the scope isn't right. The other organization can see all our users and we have to scope this. I have found the option to select a group, but this can only be an security group. I did some testing, but it seems like Dynamic lists cannot be used for this? And also nested groups - with distribution list as members - do not work? We are looking for a flexible solution, where we don't have to change groupmembership every week. Is there a working solution for this case? Kind regards, ArjanSolved47Views0likes4CommentsExchange Online Mailbox Retention
To utilize EXO for SEC Regulation and Purview eDiscovery. I think we need to have some kind of 7 years retention. What is the best way to accomplish this? MRM, Compliance Policy, Preservation lock, some kind hold policy, litigation hold ? So deleted items are not deleted and Primary mailbox will expand to Archive up to 1.5 TB. EX: under Data lifecycle management, create a 7 years retention policy for EXO, and other services. Would this be sufficient? For mailbox reaching 1.5TB with retention in place, how would I move mailbox data to secondary mailbox and allow users to access both. If a leaver mailbox is delete after 30 days, will the retention keep the data for purview searches?58Views0likes3CommentsExchange Server 2016 / 2019 coexistence CU update
Hi, We are running Exchange Server 2016 CU19 and Exchange Server 2019 CU14. We want to install the latest CU for Exchange Server 2016. Can we do this with Exchange Server 2019 CU14 already installed? Any pitfalls? I am thinking about the AD Schema perhaps. Any insights welcome! Greetings Nfs!45Views0likes2CommentsExchange Server 2019 HA & DR - Design
Hello Team, I'm asked to setup a HA & DR of Exchange Server 2019 (In-House) with only Internal Clients connecting to it. There will be no Internet or external access. There are 2 Sites, A & B connected by Dark Fibre of 10G and though users are around 3000 but their usage is very minimum as it is only for internal purposes. They are keen to have HA & DR and in current setup I had setup HA with 3 servers. I was reading about cross-site DAG and need little assistance in setting up the same. I need to design HA & DR so that if there is a site failure then automatically the DR should continue the work. I thought Active-Active would be best because if anyone of the site fails, say Site A fails, the 40-50% of the users who would have their mailboxes on them would move to Site B. 1. Is it best to setup Active-Active or Active-Passive, benefits, safety, Administrator's Tasks in failover scenario? 2. Is it better to keep even nodes on each side with Witness Server (for Site A - Witness Server will be on B) & Alternate Witness Server ? If anyone has a sample design document with key configuration to keep in mind, if you can share it, please let me know,32Views0likes1CommentPublic Folder Migration Failed
We have a problem migrating public folders from an Exchange 2019 OnPremise to an Exchange Online. We followed the Microsoft guide: Batch migrate Exchange Server public folders to Microsoft 365 or Office 365 | Microsoft Learn We get to step 7. When completing the PublicFolderMigration job, the status changes to “Completing” and then to “Failed”. The error message in the EXO Shell is: Status: Failed Message: Error calling “net.tcp://be1p281mb2001.deup281.prod.outlook.com:9821/Microsoft.Exchange.MailboxReplicationService BE1P281MB2001.DEUP281.PROD.OUTLOOK.COM (15.20.8207.17 ServerCaps:FFFFFFFF, ProxyCaps:1FFFFFFFFFFFFFFFC7DD2DFDBF5FFFFFCB07EFFF, MailboxCaps:, legacyCaps:FFFFFFFF)”. Error details: The communication object System.ServiceModel.Channels.ServiceChannel cannot be used for communication because it is in a Faulted state. --> The communication object System.ServiceModel.Channels.ServiceChannel cannot be used for communication because it is in a Faulted state. Does anyone have an idea what this error means? We have already removed and restarted the entire migration, but the same error occurs again.43Views0likes2CommentsHybrid Centralized Transport sending emails to EXO
I've discovered that Microsoft hosted tenants emails we receive is going directly to our EXO tenant and using the Hybrid Outbound connector going directly to on-prem Exchange by passing our on-prem Email Gateway fitlers. Also saw some quarantined emails in the EXO from EXO Antimalware scanning. With Hybrid Centralized Transport, I need all mail flow to work just like before the Hybrid configuration based on our MX records. None Microsoft tenants email goes directly to our on-prem Email Gateway for processing before delivered to Exchange on-prem. How do I change this behavior for Microsoft hosted tenants? I do not want email processed by EXO at all. I need all emails go through our on-prem Email Gateway for processing published with our MX records. This is currently bypassing our on-prem anti-virus, anti-spam among other safety features and using EXO's feature.Solved50Views0likes2CommentsPopDeepTestProbe Issue
I've recently built two Exchange 2019 servers in a DAG to replace our 2016 servers which are in their own unique DAG. They are not yet active but are ready with the exception of an Exchange HealthSet failing on one of the servers. Running Get-ServerHealth -Identity 'Server' -HealthSet 'POP.Protocol' shows the PopDeepTestMonitor is Unhealthy. Running Invoke-MonitoringProbe -Identity:"POP.Protocol\PopDeepTestProbe" -Server:Server | fl returns "WARNING: No mailboxes were found to use in the DeepTest probe." I've tried rebooting the server multiple times along with recreating the Exchange monitoring mailboxes multiple times. Nothing has solved this issue. Does anyone have ideas?14Views0likes1Comment'$skiptoken' limit error for Microsoft Exchange online Reporting web service API
I was working on integratingMessageTrace report APIas a part of my SIEM integration: https://reports.office365.com/ecp/reportingwebservice/reporting.svc/MessageTrace[?ODATA options] I have noticed that, whenever my $skiptoken reaches the limit 999999 , it throws the following error with 500 status code: { "odata.error": { "code": "UnknownError", "message": { "lang": "", "value": "An error has occurred on the server." } } } It was working fine for the 999998 value, but wasn't for the $skiptoken value 999999. Is there any limitations on $skiptoken value from the API itself? Also, need information, if $skiptoken value 999999 exists, for example, "odata.nextLink": "../../reportingwebservice/reporting.svc/MessageTrace?$filter=StartDate%20eq%20DateTime'2024-12-02T00%3A00%3A00Z'%20and%20EndDate%20eq%20DateTime'2024-12-02T23%3A59%3A59Z'&$skiptoken=999999" then how can we request the data from next set of events? Can someone let me know, is there any max limit from Microsoft API side or for the $skiptoken?21Views0likes0CommentsIncorrect processing of messages with multiple DKIM signatures?
Hello, I've been noticing strange behavior on our Exchange online where legitimately spoofed incoming messages that are double signed (Usually one unaligned DKIM signature for the sending infrastructure and one aligned for the RFC5322.From domain) are being falsely rejected by DMARC because exchange is using the unaligned signature for it's DMARC test. This is not limited to a specific From or MailFrom domain, I can find examples of this every day (large tenant, many subcompanies on one environment) and looks to me like a flaw in Exchange's implementation of the DMARC standard... According to the DMARC spec, this shouldn't be a problem: Note that a single email can contain multiple DKIM signatures, and it is considered to be a DMARC "pass" if any DKIM signature is aligned and verifies. (Source: RFC7489, Section 3.1.1) Kind regards, Jordy1.6KViews4likes3CommentsExchange SMTP Auth Fails with: 451 4.7.0 Temporary server error. Please try again later. PRX5
Office 365 refuses SMTP authentication with error: 451 4.7.0 Temporary server error. Please try again later. PRX5 This is when accessing External Send SMTP AUTH through OAUTH2 authentication. Initial authentication is successful (and is logged as so in Entra ID) but when trying to send send messages through authenticated SMTP, you get the above error. Working with multiple support reps, we looked through login logs and could not find any trace of the error in Entra ID. Support reps all blame the third party application. The issue is connected to a special use case, where a user has both the GLOBAL ADMIN role, as well as certain other admin roles. When you have a certain combination of those roles, for a selected user, OAUTH2 will fail, even though OAUTH2 for (apparently) ALL OTHER SERVICES - work without error! - ONLY SMTP Auth is affected. RESOLUTION: Keeping Global Admin while simply removing excess roles will almost immediately resolve the issue. This bug has been publicly noted as far back as August 2022, perhaps earlier. This needs to be fixed.212Views0likes1CommentExchange Availability service
I'm looking for clarification about the configuration on cross forest availability services explained in the followin article Configure the Availability service for cross-forest topologies | Microsoft Learn We have two forests with an exchange org on each of them. Forest A --- AD companyA.local ---SMTP companyA.com Forest B --- AD companyB.local ---SMTP companyB.com There's a bidirectional trusts between the two forests they need to be able to share the user's free/busy information between the two forest and the article seems to be what we need. It mentions to complete two steps Get-MailboxServer | Add-ADPermission -Accessrights Extendedright -Extendedrights "ms-Exch-EPI-Token-Serialization" -User "<Remote Forest Domain>\Exchange servers" Add-AvailabilityAddressSpace -Forestname ContosoForest.com -AccessMethod PerUserFB -UseServiceAccount $true given our setup am I correct if I do the following ? IN FOREST A Get-MailboxServer | Add-ADPermission -Accessrights Extendedright -Extendedrights "ms-Exch-EPI-Token-Serialization" -User "companyB\Exchange servers" Add-AvailabilityAddressSpace -Forestname CompanyB.com -AccessMethod PerUserFB -UseServiceAccount $true IN FOREST B Get-MailboxServer | Add-ADPermission -Accessrights Extendedright -Extendedrights "ms-Exch-EPI-Token-Serialization" -User "companyA\Exchange servers" Add-AvailabilityAddressSpace -Forestname CompanyA.com -AccessMethod PerUserFB -UseServiceAccount $true Thanks26Views0likes0CommentsExchange Org Relationship
Hi all I need some advice about exchange Org relationship to enable sharing free-busy information and resources mailbox between two Exchange organization We are migrating From ForestA to ForestB and from Exchange Org in the ForestA to Exchange Org to ForestB. The two forest obviously share the SMTP namespace and all is already in plce and working fine as per the mailflow. The issue is with sharing the free/busy information between users migrated and those still to be migrated as well as the access to the resource mailbox on either side of the migration. So I looked into information about exchange Org relationship but couldn't find is this could and would work in our case and how to implement it47Views0likes2CommentsHybrid Server Removal post CU12
Has anyone else successfully removed their last hybrid server using the process described here https://learn.microsoft.com/en-us/exchange/manage-hybrid-exchange-recipients-with-management-tools We’ve done this, seems to have worked, but now have a problem with loading the Exchange 2019 CU12 (or above) Management Tools on other admin machines so can’t access the PowerShell commands needed to run the remote recipient command set. We followed that article (and the steps it referred to in the one it links to) and all went as expected. After running the AD Clean Up script the machine we’d installed the Exchange 2019 Management Tools on errored when loading Exchange PowerShell with “AutoDiscoverAndConnect:No Exchange servers are available in any Active Directorey sites. You can’t connect to remote PowerShell on a computer that only has the Management role installed”. We CAN get round it on that machine by running WINDOWS PowerShell and from within that loading the Exchange snap-in with “Add-PSSnapin Microsoft.Exchange.Management.PowerShell.SnapIn” and then from there we can manage remote recipients as expected. However when we go to install the Exchange Management Tools on another machine Exchange setup states it needs to run ADPrep. We haven’t done that yet as it seems that we’d be reversing what the cleanup script is supposed to do, but we’re not sure if that means something is wrong or whether we have missed a step somewhere – the whole point of the exercise is to be able to remove the last hybrid server and just use PowerShell to manage the appropriate AD attributes for remote mailboxes/DLs etc., However we’re stuck at the moment with one server where we can do this (as described above) running but which is currently a single point of failure.55Views0likes4CommentsOutlook search and other issues after Exchange 2019 CU14
Hi, After Exchange 2019 CU14 users can't: - Search in cached mode. - Open other users calendar. - Set out of office. All of the above works perfectly in OWA. We did install the latest hotfix that should fix the search issue but no. We have installed latest outlook and reinstalled a computer, nothing helps. Regards JohanSolved627Views0likes4CommentsshowInAddressBook attribute
I am looking for a bit of expertise on Exchange attributes. I have a user who is reporting he is not appearing in the GAL. He is not hidden according to Exchange. His mailbox is there. It can even receive email. He is in same groups and ou of working users and get-mailbox | fl shows him as the same as other users. After some digging I discovered an AD attribute called "showInAddressBook". It was blank. My understanding is that this is supposed to contain an LDAP value(s) showing which address books the user is supposed to be in. Logically I can understand if this is blank then it means it won't show anywhere. The "Exchange Recipient Update Service" is named as what is supposed to update it. I can also see a cmdlet called "Update-Recipient". The cmdlet documentation suggests that it will populate AD with Exchange attributes. My question is relatively straightforward. Before I run this does anyone know if this cmdlet will fix the "showInAddressBook" and populate it with correct values. Alternatively, how is this done manually? Its all a bit of a mystery. I am contempating creating a VM to build a scenario of broken AD record where it's blank but before I do I thought I would ask.24KViews0likes4CommentsAutodiscover for IMAP , POP3 Services MS Exchange Server 2019
Hello! Colleagues, Local Exchange, for some mailboxes MAPI is enabled, and for others it is unavailable. Is it possible to configure Autodiscover so that Outlook automatically connects mailboxes with available MAPI via this protocol, and those for which MAPI is unavailable are connected via IMAP, without manual user settings? Questions: 1. Is it possible to configure this only through Autodiscover? 2. What Autodiscover settings need to be changed so that Outlook can distinguish mailboxes with and without MAPI support? 3. Is there a way in Exchange to automatically determine the required connection protocol for different mailbox categories? Best regards, Max.50Views0likes1CommentDisabling Outlook "Reactions" for a group of users
I've been asked for a solution to disable "Reactions" in Outlook for specific group of users, so looking to find out if there's any new information. There are multiple articles from roughly a year ago about creating a transport rule to add a specific message header - but not much else. Does anyone have any new information or references regarding disabling Outlook 'Reactions' for either specific group(s) of users; or even tenant-wide?80Views0likes3Comments
Events
Recent Blogs
- Today, we are announcing that Exchange Online will permanently remove support for Basic authentication with Client Submission (SMTP AUTH) in September 2025.Dec 06, 2024171KViews6likes87Comments
- Today we are re-releasing the November 2024 SUs for Exchange Server.Dec 06, 202420KViews4likes47Comments