2016
716 TopicsMultiple Exchange Org in hybrid
Hi all, we have the following configuration. One tenant. Two companies each with their AD Forest and Exchange Organization. The two forest are in trust with each other. On Forest A we have the EntraID Connector that is already configured to sync users from both the companies. On each forest there's an Exchange organization completely on-prem each responsible for their namespace. Now we'd like to configure both the exchange organization in hybrid mode with the common Tenant and perform the mailbox migration to exchange online to have the users of both companies to be able to share calendars, resources atc. Is that possible to configure exchange Hibryd on two exchange Org to the same tenant ? Are there any issues we must be aware of ? thanks SC2Views0likes0CommentsHybrid Centralized Transport sending emails to EXO
I've discovered that Microsoft hosted tenants emails we receive is going directly to our EXO tenant and using the Hybrid Outbound connector going directly to on-prem Exchange by passing our on-prem Email Gateway fitlers. Also saw some quarantined emails in the EXO from EXO Antimalware scanning. With Hybrid Centralized Transport, I need all mail flow to work just like before the Hybrid configuration based on our MX records. None Microsoft tenants email goes directly to our on-prem Email Gateway for processing before delivered to Exchange on-prem. How do I change this behavior for Microsoft hosted tenants? I do not want email processed by EXO at all. I need all emails go through our on-prem Email Gateway for processing published with our MX records. This is currently bypassing our on-prem anti-virus, anti-spam among other safety features and using EXO's feature.Solved50Views0likes2CommentsAutodiscover for IMAP , POP3 Services MS Exchange Server 2019
Hello! Colleagues, Local Exchange, for some mailboxes MAPI is enabled, and for others it is unavailable. Is it possible to configure Autodiscover so that Outlook automatically connects mailboxes with available MAPI via this protocol, and those for which MAPI is unavailable are connected via IMAP, without manual user settings? Questions: 1. Is it possible to configure this only through Autodiscover? 2. What Autodiscover settings need to be changed so that Outlook can distinguish mailboxes with and without MAPI support? 3. Is there a way in Exchange to automatically determine the required connection protocol for different mailbox categories? Best regards, Max.51Views0likes1CommentCVE-2024-49040: Mitigating a Critical Microsoft Exchange Server Vulnerability
CVE-2024-49040 is a spoofing vulnerability identified in Microsoft Exchange Server versions 2016 and 2019. This flaw allows attackers to forge legitimate sender addresses on incoming emails, potentially making malicious messages appear trustworthy. The vulnerability arises from improper verification of the P2 FROM header during email transport, permitting non-RFC 5322 compliant headers to pass through and be displayed as legitimate by email clients like Microsoft Outlook. Recommended Mitigation Steps To protect your organization from this vulnerability, consider the following steps: Apply Security Patches: Enhance Email Security: Educate Users: Implement Strong Password Policies: Monitor Network Traffic: By taking these steps, organizations can significantly reduce the risk of exploitation and protect their sensitive data. It is essential to stay informed about the latest security threats and to adopt a proactive approach to cybersecurity. These patches are available in WSUS. If the concerned team has not yet synchronized, please proceed with the synchronization and apply the latest patches. Alternatively, you can find these patches on the official Note: These patches are applicable for the following Exchange versions: Microsoft Exchange Server 2016 Cumulative Update 23 Microsoft Exchange Server 2019 Cumulative Update 14 Microsoft Exchange Server 2019 Cumulative Update 132.1KViews0likes2CommentsHow to connect to exchange in domain from non-domain network
Hi I'm trying to connect from my home PC to Exchange (via VPN) like this $username = "mylogin" $password = "p@$$w0rd" $securePassword = ConvertTo-SecureString $password -AsPlainText -Force $cred = New-Object System.Management.Automation.PSCredential($username, $securePassword) $session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://mail.mydomain.com/powershell/ -Credential $cred -Authentication Basic -AllowRedirection I get an error The WinRM client received HTTP status code "440" from the remote WS-Management service. I also tried to connect like this and execute commands Enter-PSSession -ComputerName 10.10.0.42 -Credential $cred [10.10.0.42]: PS C:\Users\mylogin\Documents> Add-PSSnapin Microsoft.Exchange.Management.PowerShell.SnapIn [10.10.0.42]: PS C:\Users\mylogin\Documents> GET-mailbox I also get an error Active Directory operation failed in . Invalid credentials provided for 'domain\mylogin'. How to properly connect to Exchange and execute commands from a non-domain PC?Solved74Views0likes4CommentsTest connectivity fails Mapi/https
we're using the https://testconnectivity.microsoft.com URL to test external connectivity to our on-prem Exchange 2016 servers. the test failis with MAPI/HTTPS check as follows Looking at the server's event log we found the following error. And running the exchange healthchecker Is it possible that the connectivity test is using an old cypher algorithm or is something wrong in the exchange configuration ?29Views0likes2CommentsShared mailbox: Use send-as, not send on behalf from Outlook 2016
Hello, We have a lot of shared mailboxes. For every shared mailbox, we create a specific security group that contains the members who should have access to that particular shared mailbox. We give full mailbox permissions and send-as permissions for that particular security group onto the shared mailbox. For example, security group A has full mailbox access and send-as permissions onto shared mailbox A. By adding users to security group A, they have full access to the shared mailbox. We create every new shared mailbox/security group combo using Powershell. That has been working flawlessly for the last years. However, for a recent new shared mailbox/security group combination, when a user that's member of the related security group wants to send an e-mail from the shared mailbox (by changing the from field in Outlook and selecting the shared mailbox from the global address list), Outlook tries to send every time 'send-on behalf'. This only happens for that newly created mailbox. I compared the output of Get-Mailbox and Get-RecipientPermission for the new problem shared mailbox and an older shared mailbox (which enable users to send mail send-as from outlook just fine) but I couldn't find any differences. For your information, that's the error we get back immediately after trying to do a send-as for the new shared mailbox: Your message did not reach some or all of the intended recipients. Subject: Test from Outlook Sent: 23/11/2017 9:27 The following recipient(s) cannot be reached: name of sending user on 23/11/2017 9:27 This message could not be sent. Try sending the message again later, or contact your network administrator. You do not have the permission to send the message on behalf of the specified user. Error is [0x80070005-0x0004dc-0x000524]. Why does Outlook always tries to do a send on behalf (what we don't want) where else for other shared mailboxes, send-as works fine? Using send-as from OWA however works just fine for the newest shared mailbox. It only seems a problem related to Outlook (tested on multiple clients that have access to the shared mailbox) and that particular new shared mailbox. Thanks in advance.Solved308KViews3likes12CommentsExchange server transport logs reading tool
Hi Exchange Brain Trust, I need to get rid of any inactive IP addresses out of my SMTP receive connectors in Exchange 2019 server (Hybrid environment). Is there a free tool to monitor/study transport logs which provides a good UI as opposed to notepad readings? Appreciate any suggestions. Thank you!109Views0likes1CommentExRCA testing issue
we're using ExRCA to test the external accessibility to the internal exchange servers ( 2 servers in DAG ) The firewall is configured with "simple" DNAT with no protcol inspection. Th error we get while testing for Outlook connectivity with autodiscover. If we test the autodiscver url directly https://autodiscover.domain.com/autodiscover/autodiscover.xml we're prompted for user and password and when we insert them we got <Autodiscover> <Response> <Error Time="10:54:33.7520471" Id="3179205853"> <ErrorCode>600</ErrorCode> <Message>Invalid Request</Message> <DebugData/> </Error> </Response> </Autodiscover> what can we check for ?81Views0likes0Comments