Recent Discussions
DMARC rejection after Exchange upgrade
I'm having problems with inbound emails getting bounced as Undeliverable due to DMARC rejection. For many years I've had my email come through Fasthosts / Livemail to my own domain (qts.org.uk) with catch-all forwarding set to forward everything to my GMail account. Just recently Fasthosts have upgraded their servers to Exchange and I've started getting DMARC rejections from GMail which start Diagnostic information for administrators: Generating server: exchange2019.livemail.co.uk Total retry attempts: 1 (my gmail email address) t1-hex-xprelay.gem.livemail.co.uk Remote Server returned '550 5.7.26 Message rejected by DMARC policy by gmail.com. Please use your own email address as the sender, instead of (sender's email address). [MSG0009]' Which bounce from Fasthosts / Livemail back to my GMail address. My own domain has SPF, DMARC, and DKIM configured I've done a little digging and it appears to only affect senders from originating domains with DMARC set to reject. So either GMail has coincidentally become much more strict (possible) or Fasthosts are somehow failing to forward emails fully transparently. I have spoken to Fasthosts and logged the issue with them and was not impressed so I hope the experts here can offer a solution I can forward to them.Microsoft Previews userConfiguration Graph API
A new userConfiguration API is available to retrieve data from Folder Associated Items (FAIs) in Exchange mailboxes. The new Graph API is part of the EWS migration project and is intended to allow application developers to migrate EWS code that updates FAIs with Graph equivalents. Most Microsoft 365 tenants will never use this API, but it’s nice to know how things work. https://office365itpros.com/2026/02/05/userconfiguration-api-beta/
Exchange 2010 to Microsoft 365 Migration – Recommended Approach and Tools
I’m looking for guidance on migrating Exchange 2010 (on-premises) to Microsoft 365 / Office 365. Is a direct migration from Exchange 2010 supported, or is an intermediate hop (such as upgrading Exchange or setting up a hybrid configuration) required? Additionally, could you please recommend any reliable tools that can help with this migration? I also have a few PST files that need to be migrated as part of the process. I’d appreciate insights on best practices, common challenges, and lessons learned from real-world migrations. Thanks in advance for your help.
Report for email reply time for shared mailbox
Hi All, i am looking to crate report for management for our KPI. Management want to to know how quick teams are replying to email once it's landed to mailbox. Also, average reply time for the particular mailbox for a day or week or month. if nay one know how to achieve this please let me know it will be grate help. Thanks, PreyashExchange 2019 Certificate Error
Hello guys, I plan to migrate my users on Exchange 2019, currently, i have 2 Exchange 2013 servers. As soon as i installed the exchange Server 2019, I changed all the virtual directories and i also runned the command to make sure the users doesn't connect on the new server. But now every users who uses Microsoft Outlook from the environment have a pop up that says that the certificate is not valid, and its normal because I can't apply the services SMTP and IIS on my wildcard certificate. Indeed, when i enable the services SMTP and IIS on my new certificate, it doesn't apply. I tried to enable from the ECP, it says "Are you sure you want to replace the existing certificate", when i say yes, it doesn't change anything, the smtp service is still unchecked. I also tried to stop IIS and restart IIS, restart the server but it doesn't changed anything, and I also tried to enable the services directly with the powershell command with the correct thumbprint of the wildcard certificate as it is said on the event viewer : "Enable-ExchangeCertificate -Server "EX01-2019" -Thumbprint A6BC992FDD... -Services SMTP,IMAP,IIS -Force" But it still don't work, when i check the certificate, only the service IIS is active. I had to uninstall completely the exchange server, because users were complaining about the pop up. Have anyone faced this problem before? Thank you very much for your advices guys
Keep user account but provision new empty mailbox
i did ask in another forum but thought i would ask here as it seems impossible... we are hybrid exchange. We have litigation hold and purview retention policies in place. We have a scenario where an existing user is moving to a new role and her existing mailbox needs to be dissociated from her AD account and a new clean mailbox provisioned. The original mailbox needs to stay as inactive and searchable via ediscovery. Is it possible? I have asked AI and its said: Make sure all the holds and retention policies are in place Move the AD account to a non-syncing OU and run a delta sync The mailbox should show as inactive in exchange online Then it tells me to run Set-User <UserUPN> -PermanentlyClearPreviousMailboxInfo but ONLY if the recipient type shows as MailUser or User This is where i am stuck as it is still UserMailbox. It told me to restore the cloud only object which i did. But it still shows as RecipientType = UserMailbox when i check. Its now just a cloud only account, it has no license. The mailbox is inactive but its still a UserMailbox Is what i am trying to do possible? Would now just changing the cloud only account to have a new email address be the only way to retain it and then sync back the on-prem account?OWA “Manage Add-ins” Stuck Loading After Clicking Settings (Exchange 2019 CU15 / Exchange SE RTM)
I have an Exchange Server environment with three versions: Exchange Server 2019 CU14 Dec25SU, Exchange Server 2019 CU15 Sept25H, Exchange Server SE RTM, and Exchange Server SE RTM Dec25SU. Issue: When users click the Settings icon/button in OWA/Outlook on the web and then click Manage add-ins, the page does not redirect and remains stuck on an external loading screen. Tested environments: Exchange Server 2019 CU14 Dec25SU: Works without issues Exchange Server 2019 CU15 Sept25H, Exchange Server SE RTM, and Exchange Server SE RTM Dec25SU: Does not work on any of them Troubleshooting performed: Moved all arbitral mailboxes to a database on Exchange Server SE RTM Dec25SU (the most recent version in the forest). (No success) Migrated all servers to Exchange Server SE RTM Dec25SU. (No success) Isolated testing using the hosts file (DNS) pointing to each host individually, and all hosts have the issue. All SE RTM Dec25SU servers were installed in admin mode via Command Prompt. I also ran the two .ps1 scripts below on a test host after installing the SU: #learn.microsoft.com/en-us/troubleshoot/exchange/client-connectivity/owa-stops-working-after-update cd "C:\Program Files\Microsoft\Exchange Server\V15\Bin" .\UpdateCas.ps1 .\UpdateConfigFiles.ps1 iisreset /restart Workaround: With the user already authenticated, if I manually open the URL below in the same authenticated session, it loads normally: webapp.mydomain.com/owa/#path=/options/manageapps Does anyone know how to fix this, or if this is a bug that started with CU15 (or a later SU)?
Exchange Hybrid Migration Endpoint cannot be created
We cannot create an Exchange hybrid migration endpoint using remote server and the error when we create bypass verification is Error: CommunicationErrorTransientException: The call to 'https://mail.foxvalleyfire.com/EWS/mrsproxy.svc' failed. Error details: The HTTP request was forbidden with client authentication scheme 'Negotiate'.. --> The HTTP request was forbidden with client authentication scheme 'Negotiate'. We have check on Exchange on prem server and found that the MRSproxy has turned on. What do we need to check from on premise? Please refer to below for the errorThe Final Countdown to Remove EWS from Exchange Online Begins
Microsoft announced the dates leading to the final retirement of Exchange Web Services from Exchange Online. If all goes well, the EWS retirement in the cloud will happen by May 2027. Challenges still exist. Microsoft must remove EWS from its own apps, including Outlook, and help tenants and ISVs make the leap to Graph APIs. Plans are in place and progress is being made, but will everyone be ready when Microsoft starts to remove EWS permanently from Exchange Online in April 2027? https://office365itpros.com/2026/02/06/ews-retirement-may-2027/Microsoft Delays Retirement of Basic Authentication for SMTP AUTH
Microsoft has delayed the retirement of basic authentication for the SMTP AUTH client submissions protocol to 2027 or beyond. New tenants will be the first to be blocked and Microsoft will disable basic authentication for SMTP AUTH in a way that existing tenants can reenable the protocol. Eventually, we’ll get a date for final retirement sometime in 2027. These things take time! https://office365itpros.com/2026/01/29/smtp-auth-basic-retirement/M365 tenant emails marked as spam (SCL:5, CAT:PHISH) despite perfect authentication
Hello, Our business emails from our M365 tenant are consistently marked as spam when sent to other M365 tenants, despite perfect email authentication. Technical status: - SPF: Pass ✓ - DKIM: Pass ✓ (recently enabled) - DMARC: Pass ✓ (recently enabled) - Composite Authentication: Pass (reason=100) ✓ But messages are still marked as: - X-MS-Exchange-Organization-SCL: 5 - X-Forefront-Antispam-Report: CAT:PHISH;SFV:SPM We suspect a tenant reputation issue, possibly because the tenant ran for months without DKIM enabled. Now that all authentication is correct, how can we request a reputation review? Thank you!Using the Exchange Online Message Trace API
January 22 saw the announcement of the beta version of an Exchange Online Graph-based message trace API. The API can retrieve message trace records and their details and offers equivalent functionality to the message trace cmdlets in the Exchange Online management PowerShell module. However, sometimes applications simply want to access data without going through a module, and that’s what this API delivers. The article includes a complete PowerShell script to demonstrate how to use the API. https://office365itpros.com/2026/01/27/message-trace-api/
some sent emails are missing and moving to "recover deleted items"
hello , we are using on-premises exchange server 2016 in my environment. and we are using microsoft outlook 2019 & 2021 . i have one question : i notice that the sent emails for all users are appear in "recover deleted items" , however these emails are not deleted and still exist in sent items folder . so it is appear the same emails in "sent item" folder and in "recover deleted items" , which i think very weird . i have one incident : one of my user is encounter a weird problem , that some sent emails are weirdly disappear from "sent item" folder but he never delete them , and we can found these items in "recover deleted items" , but the restore option in "recover deleted items" didn't restore the email to the user mailbox . however i don't have any problem mention in healthreport for my exchange server , all in good condition . what may be the problem ?
Teams calendar for exchange on prem users not working
Hello I am having issues to make Exchange On prem users use Calendar on teams. Initially Client autodiscover was blocked externally but they added a cname and open flows but I am still having issues to makecalendar on teams work HCW as passed and new hybrid dedicated app was used any help is welcomeFeedback to users who report phishing
Hi, is it possible to create a power automate flow to find submissions from users and as soon as MS has added a verdict to a submission as real phish send a notification back to the user who has reported it? Trying to figure out what is needed for such integration and build a flow but I am stuck. Anyone who has built that and like to share learning?Microsoft Exchange refers to an older certificate that no longer exists, ID 12023.
We have one Microsoft Exchange 2013 server. The Windows Application log periodically displays the ID 12023 entry, which states that Microsoft Exchange could not load the certificate with the thumbprint 3E8XXXXXXXXXXXXXXXXXXXXXXXXXXXX from the local computer's personal certificate store. This certificate was deleted because it expired, and a new self-signed Auth certificate was created. Now, when running the Get-AuthConfig | Format-List CurrentCertificateThumbprint, PreviousCertificateThumbprint, NextCertificateThumbprint command, only the current certificate is displayed. The Microsoft Exchange 2013 server is running. The question is, what should I do to remove the ID 12023 entry from the Windows Application log?
Recent Blogs
- We’re excited to share that Multi-Geo In-Region Routing reached General Availability in December 2025.Feb 13, 2026
- Exchange Online PowerShell -Credential parameter will be deprecated soon.Feb 12, 2026
