Forum Widgets
Latest Discussions
How to perform Windows Update for Exchange 2016 DAG Cluster
Hello, I need to install windows server security update on Exchange 2016 DAG which require reboot the server. I will install the updates on the first server Tuesday, and the seconde server on Wednesday. I'm wondering if installing patches on separated days may impact Exchange services, also i need to know the steps to follow before restart each server after installing the patch.
I need help with migration
Hello I need to migrate our account to a wider business due to a merger. In general, I need to change the domain name while keeping my email history without losing any data. On top, I need to ensure after that after the change the extensions of our emails from (i.e @ abc.com to @ abd.com) to have access to the emails which are still being sent to @ abc.com, for example being automatically forwarded to the new email addresses.
Update Federation Trust Certificate
Almost five years ago, I had set this up. I realized the cert is about to expire. I only have on test account on prem, everything else is in the cloud. Oauth is set up and we do have token based auth. I followed the steps to generate a new self signed cert, everything looks good even the text file in DNS. The issue is, when I run set-federationtrust - identity "Microsoft Federation Gateway -publishfederationcertificate, I get the following error. [FailureCategory=Cmdlet-Live DomainServicesException] 2B0D1031,Microsoft.Exchange.Management.SystemConfigurationTasks.SetFederationTrust + PSComputerName I have search and and tried several things for TLS 1.2 Enforcing TLS 1.2 on Windows 2019 via the reg Windows Registry Editor Version 5.00 enforce SchUseStrongCrypto Force Powershell to run tls1.2 I had to remove some of the verbage - i think the forum does not like it. Does anyone have any ideas Thanks PaulDomain not routing mail or logins correctly after tenant transfer
Hello Please i need your help on this issue. Domain not routing mail or logins correctly after tenant transfer. I recently removed the domain sustainable.XXXX from an old Microsoft 365 tenant (based in Chile) and added it as the default domain in my new tenant (based in Spain). The domain is showing as Authoritative and in a healthy state in the Microsoft 365 Admin Center. DNS records (MX, SPF, CNAME autodiscover) are all configured correctly and propagate globally (checked with multiple DNS tools). However, I am still experiencing two critical issues: Authentication / Login Redirect. When I try to log in with rphilippe@ sustainable.XXXX in Office apps (desktop and mobile), the login is automatically redirected to the old Chile tenant (…onmicrosoft.com), which no longer has my domain or licenses. This prevents me from signing into Office apps with my licensed email address in the new Spain tenant. Mail Flow – No Inbound Delivery I can send outbound emails from rphilippe@ sustainable.XXX without problems. But inbound emails from Gmail/Yahoo do not appear in Message Trace in Exchange Online. This indicates that messages are not reaching my new tenant at all, despite correct MX records. Steps already taken: Removed domain completely from old tenant. Verified domain ownership in new tenant. Configured all required DNS records at my registrar (Wix). Waited more than X hours since DNS propagation completed (global MX records confirmed). Tested with Message Trace and Quarantine: no trace of inbound messages. Request: Please verify and force a refresh of Home Realm Discovery (HRD) and Exchange Online domain routing for sustainable.XXX, to ensure: Authentication requests for @ sustainable.XXXX point to the correct (Spain) tenant. Inbound email is routed correctly to the new tenant. This appears to be an internal Microsoft propagation/cache issue, not a DNS or local client issue.
Exchange SE and Domain / Forest Functional Level 2025 Support
Does anyone have any general idea on when they may test support for Domain / Forest Functional Level 2025? We're still rocking hybrid with Exchange SE and ExO and as such we're waiting on the supportability matrix (https://learn.microsoft.com/en-us/exchange/plan-and-deploy/supportability-matrix#supported-active-directory-environments) to get updated so we can raise the DFL/FFL. Currently Exchange SE supports 2025 AD servers so they've verified the schema update from 88 to 91 is good to go but our Exchange team doesn't want us to raise the functional level until this matrix shows that it's supported for our current Exchange version. Thanks for any insight. Supported Active Directory environments The following table lists the supported Active Directory environments for Exchange Server. Version Active Directory servers Forest Functional Levels Exchange Server SE Windows Server 2025 Windows Server 2022 Windows Server 2019 Windows Server 2016 Windows Server 2012 R2 Windows Server 2016 Windows S
Convert resource mailbox to cloud only
Hi During migration to 365 we migrated our resource mailboxes (room/equipment) by using AAD Connect and New-MailboxMove command. Now we would like to clean up in on premise AD and convert these mailboxes to be cloud only, it is also a requirement since we want to use MTRs in the rooms. Is there any support way to convert them to cloud only and remove the link to on prem? Thanks PeterApplying On-Prem EAP with New-Remote Mailbox
BACKGROUND: my org is in a hybrid AD/Exchange environment, and will remain so for some time. All mailboxes, other than a very small number with on-prem dependencies, were migrated to M365 a few years ago; we will continue to have 1-2 Exchange Servers on-premises for both management and some legacy on-prem processes. All user accounts are created on-premises, and synchronized to M365 through Entra Connect Sync. Our on-prem EAP has the exact address syntaxes that we need [applies to "Users with Exchange mailboxes" + "Resource mailboxes" + "Mail-enabled groups"]. I haven't found a clear answer to the question: with an Exchange 2019 (and soon SE) server on-premises - with users initially created on-premises - is there a way to provision new EXO mailboxes [using the 'new-remotemailbox' cmdlet], such that the on-prem EAP applies during creation? I've been working with these two references, but so far haven't found a way to make the "new-remotemailbox..." cmdlet work to (a) create a new account on-premises and (b) ultimately have an EXO mailbox provisioned with the on-prem EAP addresses in place: On provisioning mailboxes in Exchange Online when in Hybrid | Microsoft Community Hub https://learn.microsoft.com/en-us/powershell/module/exchangepowershell/new-remotemailbox?view=exchange-ps Any thoughts or suggestions would be welcomed! (OR - perhaps it just can't be done?)Use PowerShell to Send Messages from Shared Mailboxes, Groups, and Distribution Lists
Everyone probably knows how to use Exchange's Send As and Send on Behalf of permissions to send email from user mailboxes. Here we venture into the same task, but for Microsoft 365 Groups, shared mailboxes, distribution lists, and mail-enabled security groups. Once your permissions are aligned, everything is pretty simple. https://practical365.com/sendas-send-on-behalf-of-mail-objects/
Authentication issues after upgrading to 2019/CU15
After upgrading to Exchange Server 2019 CU15, we started having many authentication issues. They appear in many forms. Executing a get powershell command on any virtual directory will fail for the remote system (I currently have 2 servers configured). It will log in the event viewer a DCOM 10028 error: DCOM was unable to communicate with the computer (other system FQDN name) using any of the configured protocols; requested by PID 570 (c:\windows\system32\inetsrv\w3wp.exe), while activating CLSID {2B72133B-3F5B-4602-8952-803546CE3344}. It is intermittent in nature. At first, I thought executing the Reset-ComputerMachinePassword would solve the issue, but it does not always work. We have one Windows 2025 DC in our infrastructure as we have seen some domain trust issues that have been a result of the 2025 DC. Microsoft recommends running this for those client systems. But those systems usually had an event logged in the DC indicating the need for resetting this password. This is not appearing for the Exchange servers. When the get command fails, other issues such as Outlook clients not authenticating occur as well. The Outlook clients continuously prompt for credentials without accepting them, even though correct values have been entered. However, when the get command succeeds, so does Outlook. Anyone experiencing this as well?
