Forum Widgets
Latest Discussions
Microsoft Exchange refers to an older certificate that no longer exists, ID 12023.
We have one Microsoft Exchange 2013 server. The Windows Application log periodically displays the ID 12023 entry, which states that Microsoft Exchange could not load the certificate with the thumbprint 3E8XXXXXXXXXXXXXXXXXXXXXXXXXXXX from the local computer's personal certificate store. This certificate was deleted because it expired, and a new self-signed Auth certificate was created. Now, when running the Get-AuthConfig | Format-List CurrentCertificateThumbprint, PreviousCertificateThumbprint, NextCertificateThumbprint command, only the current certificate is displayed. The Microsoft Exchange 2013 server is running. The question is, what should I do to remove the ID 12023 entry from the Windows Application log?The Exchange EnforcedTimestamps Mailbox Property
While examining mailbox properties, I noticed that the EnforcedTimeStamps property held some information that I just couldn’t explain. Google search was no help, but Microsoft Copilot told me that the information related to the management of compliance holds. Basically, the data are guardrails to help the Managed Folder Assistant do the right thing, which is nice, even if no documentation exists. https://office365itpros.com/2025/12/30/enforcedtimestamps/
Does Exchange Online have an internal search Index for people ?
Hello everyone, I'm managing users with Office 365 E3 licences. We have an hybrid Exchange Online / Exchange On-Premise architecture. My problem is the following: After I create an user with E3 licence, and after AAD Synchronisation between Azure / AD, the user is created on Azure but also the email mailbox (Exchange Online). But within the "To" input, through the Autocomplete suggestions, this user cannot be found, neither with Outlook Desktop Client nor with OWA Outlook (Web version of Otlook), even several hours later of the creation. I can use the mailbox (can login to OWA Outlook), can send / receive. So the mailbox is created correctly. I can connect to Exchange-Online via PowerShell and get all informations for the target mailbox (like others) with: Get-Recipient -Identity "email address removed for privacy reasons" And also via Get-Recipient -Anr "elon" (this gives me "Elon, Musk" as a suggestion through PowerShell). But why the autocomplete cannot suggest me this user ? Through the GAL (Global Address List) the user is visible (when I click on "To" button within Outlook Desktop Client -> Popup showing the Global Address List). But it's not suggested automatically, like others (old users). I made several hours of searches but I do not found any concluant result. My only question is: does Exchange Online infrastructure have an internal Search Index for People ? And if so, how often it's updated to include newly added users to the tenant? On what is based the autosuggestions within the inputs "To" / "CC" / "CCI". In my case (at least), the search for autosuggestions cannot be based on Global Address List / Offline Address Book from our On-Premise Exchange server, because EVEN the Web based OWA Outlook cannot find the newly created user! Thank you in advance for your precious help! Best Regards, Adam J.
TEST-OAuthConnectivity | The remote server returned an error: (403) Forbidden
Hello Exchange Tech Community, I have setup a lab environment of Exchange Server 2016 in Hybrid Configuration. I can successfully onboard and offboard mailboxes. OnPrem Exchange Server is I have a Microsoft 365 Business Basic subscription for Exchange Online. Entra ID Sync is working seamlessly. Email flow between OnPrem and EXO and vice versa work perfectly. When I am testing OAuth functionality from OnPrem to EXO, I am getting this error highlighted in yellow Do I need assign any role to synchronized user in Entra ID ? Currently, they are just MEU in EXO. When OAuth is test from EXO to OnPrem, I am getting this error Please advise.
Exchange 2019 SMTP random delays of 1 minute when sending email
Hello, We recently moved from a 3 server Exchange 2016 DAG to a single Exchange 2019 server. We are in a hybrid set up, all mailboxes in Exchange Online, mainly using the on-prem Exchange Server for SMTP and user management. When we had the DAG, we also had a load balancer in the setup. We've since taken that out and changed all DNS to point to the IP of the new 2019 Exchange Server. Everything seems to be running fine except we have a lot of on-prem apps and printers that use SMTP to send email. We are facing an issue where most emails have a delay of 1 minute and a few seconds, which causes the page where a user submits the email to wait for a response and just sits there for that minute. In some instances, our SQL jobs see this as a failure and retry, but then we get duplicate emails for those task notifications. Sometimes it is working fine, I can send 10 emails from a printer in a row with no delay then the 11th has the delay. I've worked with Microsoft to check settings and logs and they are indicating it is related to a networking problem but the delay is on the server itself when I analyze the message header of a delayed message as seen in the image (blacked out hostname of Exchange server). Next step in the message analyzer is from our public IP to Exchange Online which has no delays. Any guidance would be appreciated.EWS Autodiscover Process in Hybrid with "internal" Exchange Servers
Hi everyone, i really need help about the EWS Autodiscover process in a specific hybrid Environment. Customer is starting to use Exchange Online. For Full Hybrid configuration there is a seperate new Exchange SE with a valid certificate, NAT for IP Ranges from M365 and public available URLs for Autodiscover,EWS,... There are internal Exchange Servers which are used only for internal access. Those are the servers with all mailboxes. All URLs are configured for internal use (mail.contoso.internal) Migration is working, access to own calender is working, mailfllow is working. But there are problems to access other users calender. If a user which is migrated to Exchange Online (or via Teams) try to access another calender which is onPrem, there is no access. So i tried to use connectivity analyzer for teams integration to find out whats the problem. Result: Autodiscover resolves, connects to Hybrid and gets EWS URL as answer. But it gets the internal EWS URL from the internal Exchange Servers, not from the public available URLs which are configured at the hybrid server. I visualised the two scenarios. Number1: Thats how i thought it would work Autodiscover to autodiscover.contoso.com Hybrid answers with EWS URL: hybrid.contoso.com Connect from EXO to hybrid EWS URL Proxy to Internal Exchange Number2 : Thats what really happens Autodiscover to autodiscover.contoso.com Hybrid relays request to internal Exchange (Mailbox Server) Server answers with internal EWS URL: mail.contoso.internal Connect from EXO to internal EWS URL (which is obviously not working) So as you can see, the autodiscover process asks the internal Exchange for its EWS URLs and not as i expected the hybrid server's URLs. I always thought, the hybrid server works as a sort of proxy for every external connection from EXO. But it seems that the hybrid just relays the autodiscover request to the server which holds the mailbox. And this servers in this scenario cannot change their EWS URLs to a public resolvable FQDN. So my question is: Is this correct? Does the process always works like this or did i do anything wrong in the configuration? I hope you understand my explanation. Thanks in advance!!!Exchange Online Mailbox cannot see Unsynchronized On-Premises mailbox Free/Busy info and vice versa
Hello Everyone! I originally posted an issue on Microsoft Learn https://learn.microsoft.com/en-us/answers/questions/5651848/free-busy-not-viewable-from-on-premises-mailbox-to?comment=answer-12418292&page=1#comment-2404594 regarding Free/Busy issues with our On Premises Exchange Server which is running the latest version of Exchange SE and Exchange Online which is on our Microsoft 365 Tenant. At first, it would fail the Test-OAuthConnectivity, but that now seems to be fixed with renewing the OAuth Certificate and in addition, enabling the Dedicated Exchange Hybrid App as per https://learn.microsoft.com/en-us/exchange/hybrid-deployment/deploy-dedicated-hybrid-app . On initial deployment, we could not see Free/Busy between EXO and On-Prem Exchange but after 2 hours, it started working but only between On-Premises Synchronized to Microsoft 365 Mailboxes and EXO Mailboxes Our final problem is the viewing of Free/Busy information of On-Premises 'NON-Synchronized to Microsoft 365' mailboxes and EXO Mailboxes. Running the Free/Busy Troubleshooter on ExRCA just gives me a warning during the Determining where the target mailbox is hosted. Also using 'Test-OAuthConnectivity -Service EWS -TargetUri https://outlook.office365.com/EWS/Exchange.asmx -Mailbox<onpremnonsynchedmailbox>@domain.com -verbose | fl ' on our On-Prem EMS leads to the following error System.Net.WebException: The remote server returned an error: (500) Internal Server Error. at System.Net.HttpWebRequest.GetResponse() at Microsoft.Exchange.Monitoring.TestOAuthConnectivityHelper.SendExchangeOAuthRequest(ADUser user, String orgDomain, Uri targetUri, String& diagnosticMessage, Boolean appOnly, Boolean useCachedToken, Boolean reloadConfig) ResultType : Error Identity : Microsoft.Exchange.Security.OAuth.ValidationResultNodeId IsValid : True ObjectState : New Please advise on how we can fix this error.
