Federation Trust Gateway broken - OrgCertificate cannot be uploaded
Hey guys, last week we have done Windows Server updates and this broke some stuff. Some certificates have been unbound and so on. Until then the full classic hybrid worked quite good in our Exchange Server 2016 CU23 environment. We are just in the process of upgrading/migrating. But after this point of time the On-Premises users stopped being able to see the calendars of the cloud users, other way around still worked. So we started trying to fix the hybrid deployment with several runs of the HCW (which is always fine) and rebuilding the organizational relationship and the trust federation gateway. This was quite exhausting, as we updated a bunch of domains in global DNS several times. Currently, neither direction is functioning. Now it looks like the Federation Trust Gateway is in an inconsistent state. When I try... Set-FederationTrust -Identity "Microsoft Federation Gateway" -PublishFederationCertificate then I get the message, that the rollover certificate (OrgNextPrivCertificate) is not set and that I only can publish, when this is done. When I try to define a rollover certificate, then I get the message, that the rollover certificate cannot be set until the OrgCertificate has been published. So, we have a chicken-and-egg situation here. Thanks for any help.
Update Dynamic Distribution List
we are a hybrid environment, running exchange 2019 and have a few DDLs which have been around from previous exchange versions. One of the DDLs i need to modify is the below. Its hard to read and i am trying to work out where i add the extra fields i want to include. I am looking to add another custom attribute and possibly include members of a security group. Is there anyway to make this easier to read so i know where to add things? Any other tips? ((((((((((((((((((((((((((Company -eq 'Contoso') -and (CustomAttribute4 -eq 'City'))) -and (((((CustomAttribute7 -eq 'Group') -or (CustomAttribute7 -eq 'Contractor'))) -or (CustomAttribute7 -eq 'Permanent'))))) -and (((RecipientType -eq 'UserMailbox') -or (((RecipientType -eq 'MailUser') -and (CustomAttribute12 -ne 'Excluded'))))))) -and (-not(Name -like 'SystemMailbox{*')))) -and (-not(Name -like 'CAS_{*')))) -and (-not(RecipientTypeDetailsValue -eq 'MailboxPlan')))) -and (-not(RecipientTypeDetailsValue -eq 'DiscoveryMailbox')))) -and (-not(RecipientTypeDetailsValue -eq 'PublicFolderMailbox')))) -and (-not(RecipientTypeDetailsValue -eq 'ArbitrationMailbox')))) -and (-not(RecipientTypeDetailsValue -eq 'AuditLogMailbox')))) -and (-not(RecipientTypeDetailsValue -eq 'AuxAuditLogMailbox')))) -and (-not(RecipientTypeDetailsValue -eq 'SupervisoryReviewPolicyMailbox')))) -and (-not(Name -like 'SystemMailbox{*')) -and (-not(Name -like 'CAS_{*')) -and (-not(RecipientTypeDetailsValue -eq 'MailboxPlan')) -and (-not(RecipientTypeDetailsValue -eq 'DiscoveryMailbox')) -and (-not(RecipientTypeDetailsValue -eq 'PublicFolderMailbox')) -and (-not(RecipientTypeDetailsValue -eq 'ArbitrationMailbox')) -and (-not(RecipientTypeDetailsValue -eq 'AuditLogMailbox')) -and (-not(RecipientTypeDetailsValue -eq 'AuxAuditLogMailbox')) -and (-not(RecipientTypeDetailsValue -eq 'SupervisoryReviewPolicyMailbox')))
Exchange 2016 with Hybrid Configuration
We have Exchange Server 2016 configured in a hybrid environment. We encountered an error when one of our administrators attempted to install a cumulative update that was the same version as the one already installed. After that, we were unable to access OWA, ECP, or the Exchange Management Shell. Exchange Server 2016 CU23 (2022H1) 15.1.2507.6Exchange synch/profile issue
Dear community, I need help to solve a problem. 1.) I'm using Outlook classic 2016 2.) I need two mail accounts in outlook a.) my gmail account - all good with that one b.) my AWS Workmail account 3.) all used to work fine till I had another problem with teams integration into my calendar which I tried to fix without success. After a while I thought, that when I setup outlook from scratch that this could solve the problem - but it got worse. 4.) when I started the newly installed outlook, I can load my gmail account, and when I add my AWS Workmail account, I get the message that the account was successfully added and need to restart Outlook. 5.) After the restart I get the two messages: - The name cannot be matched to a name in the address list. - Cannot start Microsoft Outlook. Cannot open the Outlook window. The set of folders cannot be opened. An unexpected error has occurred. 6.) so the AWS Workmail is not loaded. I also tried to add the account manually in all different ways but without success. The integration of the AWS mail account on my Android Outlook works perfectly fine. I dont know where the problem is and tried to get answers from AI and Microsoft Support without success. Anyone has an idea? Many thanks, RobResolved: Hybrid Exchange Duplicate (Ghost) Mailbox Created After Assigning Exchange Online License
Summary During a hybrid Exchange migration, a user’s mailbox failed to migrate and mail flow broke due to a duplicate (ghost) mailbox automatically created in Exchange Online. Root Cause An Exchange Online Plan 2 license was mistakenly assigned to the user before migration. Azure AD sync then provisioned a cloud mailbox, even though the user already had an on-prem mailbox. This caused a hybrid mismatch — the user appeared in both environments, and migration failed with mailbox lookup errors. Resolution Steps Removed the Exchange Online Plan 2 license from the user account. Forced a DirSync (AAD Connect) synchronization. Verified that the mailbox existed only on-prem via PowerShell Get-Mailbox -Identity email address removed for privacy reasons | fl Name,RecipientTypeDetails,ExchangeGuid Confirmed the ghost mailbox was removed from Exchange Online. Re-ran migration batch successfully to Exchange Online. Verification Get-MailboxStatistics -Identity email address removed for privacy reasons | fl TotalItemSize,ItemCount,LastLogonTime Ensure only one mailbox object exists and mail flow routes correctly. Prevention Tips Don’t assign Exchange Online licenses to hybrid mailboxes before migration. Always verify mailbox location prior to assigning any license. Use PowerShell or EAC to check where the mailbox resides (on-prem vs. cloud). Environment Hybrid Exchange Deployment Exchange 2016 On-Premises Exchange Online (M365) Azure AD Connect This issue is not caused by connectors or mail flow settings, but by improper licensing before migration. Removing the license and resyncing resolves the ghost mailbox problem.
Exchange 2016 and 2019 End of Life and Some Interesting Exchange Online Developments
On Oct 14, 2025, Exchange 2019 and 2016 reach end-of-life and Exchange SE becomes the only supported on-premises Exchange server. In other news, we discuss Microsoft guidance for moving to cloud first identity, HVE and ECS and the extension of basic authentication support to September 2028, the introduction of auto-archiving for Exchange Online, and why Microsoft is deprecating the Contact object from Exchange Online. https://office365itpros.com/2025/10/09/exchange-se-news/
Exchange Migration Cross forest
Hello, I planning to do an exchange Migration from forest A to forest B and the email address will be changed. I don't want to set any trust between the two, i will simply create the active directory users from scratch with new passwords and will install and configure the exchange environment in the target forest and will create the mailboxes. i will use a third-party tool to migrate the mailboxes between the two forests and after cutover i will add the alias of the old email as additional proxy address to the mailboxes. i am assuming everything will work fine however i have seen lot of articles on the internet about we have to migrate the legacyexchangeDN from the source environment and to add it as X500 proxy address as well in the destination or we might face issues in the migrated recurrent meetings when someone wants to edit or when someone reply to a migrated email.... I can afford having some meeting corrupted after migration but i cant afford the headache of NDR when someone reply to the migrated emails it will be a disaster.... anyone had this experience before to share it with me especially regarding the reply to the migrated emails and i did not lot of documentation from Microsoft about such scenario? Thank You.Exchange 2019 Mailbox Migration Error - Folder conflicts with Exchange Online folder
Hi Exchange Experts, I'm migrating a small Exchange 2019 environment to 365. Been pulling my hair out becuase of just one mailbox giving this error Error description --------------------------- Error: AggregateMailboxFolderConflictPermanentException: The folder 'Files' conflicts with Exchange Online folder 'Files', please move the messages to another folder and restart the job. Data migrated: 0 B (0 bytes) Migration rate: -------------------------------------- Migration user report: 5/14/2025 12:32:05 PM [MEUP300MB0105] Request processing continued, stage CreatingFolderHierarchy. 5/14/2025 12:32:05 PM [MEUP300MB0105] Stage: CreatingFolderHierarchy. Percent complete: 10. 5/14/2025 12:32:12 PM [MEUP300MB0105] Stage: CreatingFolderHierarchy. Percent complete: 10. 5/14/2025 12:32:12 PM [MEUP300MB0105] Fatal error AggregateMailboxFolderConflictPermanentException has occurred. ---------------------- It seems to be a system folder and I've tried to remove files from it (although there're no files in it) using MFCMAPI tool with no success. Renamed the folder and tried to re-run the migration with no luck. Has anyone experience this issue? any thoughts or tips are much appreciated ! Thank you.
