Exchange 2010 - 2013 random auth.owa error

Similar Messages

• Exchange 2010/2013 coexistence: OWA proxy not working properly ":-( Something went wrong"

  Hi
  Exchange 2010 users are NOT able to connect to their mailboxes when they go through exchange 2013 OWA address.  We get a message that says following ---> "Something went wrong"
  Following is our URL.  The address is pointing to 2013 CAS loadbalancer VIP.  Outlook anywhere is working fine.  What is going on?
  Important: All my exchange 2010 / 2013 URIs are the same as suggested by Microsoft (Owa, ecp, activesync, ews, autodiscover): --> mail.domain.com/XXX

  Hello Rawa,
  Can you log on Exchange 2010 OWA using its localhost address?
  Please make sure the intenralurl value is set to Exchange 2010’s local host name and set the Externalurl to Null.
  http://technet.microsoft.com/en-us/library/bb310763(v=exchg.141).aspx
  Thanks,
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
  [email protected]
  Simon Wu
  TechNet Community Support

• Exchange 2010-2013 co-existence - need for OWA/ActiveSync legacy namespace?

  Hi all
  Straight to the point: how to I update units that were set up manually with Exchange ActiveSync (pointing to owa.domain.com) with a temporary legacy namespace owa-legacy.domain.com, and then back to owa.domain.com?
  Background: I did a test run of migrating a single-server installation from Exchange 2010 to Exchange 2013. As expected, after moving a user's mailbox to the new Exchange 2013 CAS with owa.domain.com still pointing to Exchange 2010, the user
  was unable to log in at the Exchange 2010 OWA, and the ActiveSync unit was unable to fetch mail.
  So I created a legacy namespace (owa-legacy.domain.com) and set this as the URL on the Exchange 2010 server, and waited for it to populate, then switched owa.domain.com to Exchange 2013. But the URL on ActiveSync units was still pointing to the wrong URL.
  What did I overlook or not understand, or am I making migration more complex than needed?
  Thanks for reading and best regards
  /Maurice
  PS: here were some of my pre-post readings:
  Exchange 2003-2013 co-existence, even better
  Exchange 2003-2013 co-existence,
  Exchange 2010-2013 co-existence slides,
  Upgrading ActiveSync to Exchange 2010,

  Hi
  Is that because External URL on Internet facing CAS servers were set to Blank，and Users are not able to get Updated URL
  Please try to Add the External URL and made sure that all the required configurations are set Appropriately.
  Also I suggest posting on Exchange ActiveSync Forum as well
  http://social.technet.microsoft.com/Forums/en-US/home?forum=exchangesvrmobility
  Cheers
  If you have any feedback on our support, please click
  here
  Zi Feng
  TechNet Community Support

• Outlook client requirements and Exchange 2010/2013 coexistence

  Good morning!
  A question regarding Exchange 2010/2013 coexistence and the Outlook client requirement. I am upgrading and about to install Exhange 2013 into an existing Exchange 2010 Org. The current 2010 Org is patched to SP-3 and Outlook Anywhere is currently disabled.
  I have Outlook clients that do not yet meet the minimun requirements for 2013 (Outlook 2007/2010). When I install my first 2013 server will it effect the current downlevel clients? The mailboxes are still in 2010 so my thoughts were since the Office upgrade
  including Outlook has not yet taken place I didn't want to wait for them to at least get 2013 into the Org. The 2013 server should effect the clients until I configure the CAS on 2013 and only when they are at the proper version, is this correct? Does Outlook
  Anywhere need to be first enabled and configured on the 2010 CAS before I attempt the confgiuration on the 2013 CAS? I just dont want to install 2013 and have Outlook connectivity issues right out of the gate...
  Thanks in advance!

  Outlook 2007 and 2010 are supported for Exchange 2013, you just need to push out the latest patches.
  http://technet.microsoft.com/en-us/library/aa996719(v=exchg.150).aspx
  If you configure the URLs properly in Exchange 2013 to URLs that point to the Exchange 2010 servers, your clients shouldn't try to talk to the Exchange 2013 server.
  Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."

• Search-Mailbox not attaching the infected emails in target folder and deleting the contents in exchange 2010 & 2013 coexistence

  Dear All,
  I have an issue with deleting circulated spam emails in my environment through search-mailbox
  We have Exchange 2010 & 2013  CU5 environment 
  I followed the search and destroy document for exchange 2010 
  http://windowsitpro.com/exchange-server-2010/search-destroy-email-content-exchange-2010
  Added the user to Discovery Management group
  Created a new role group as below 
  New-RoleGroup "Mailbox Import-Export Management" -Roles "Mailbox Import Export"
  Add-RoleGroupMember "Mailbox Import-Export Management" -Member Administrator
  I ran the below commands
  Search-Mailbox -Identity "[email protected]" -SearchQuery "Subject:'report'" -TargetMailbox "Administrator" -TargetFolder "Filter" -LogOnly -LogLevel Full
  The above command gets completed successfully and sends the log report  however im unable to see any attachments
  Similarly the deletecontent also gets completed successfully and logs result. But it does not delete the infected emails 
  Search-Mailbox -Identity  "[email protected]" -SearchQuery "Subject:'report'" -TargetMailbox "administrator" -TargetFolder "filter" -deletecontent -LogLevel Full
  Any idea why it is not fetching the infected emails in zip file and why it is not deleting but it is able to log in the target folder 
  Any help much appreciated
  Remember to mark as helpful if you find my contribution useful or as an answer if it does answer your question.That will encourage me - and others - to take time out to help you Check out my latest blog posts on http://exchangequery.com Thanks Sathish (MVP)

  Hi All 
  I managed to find the solution. Below command helped me in solving the issue 
  get-mailbox -ResultSize unlimited -IgnoreDefaultScope | search-mailbox -SearchQuery ‘Subject:"virus infected"’ -LogOnly -TargetMailbox administrator -TargetFolder filter -LogLevel Full
  get-mailbox -ResultSize unlimited -IgnoreDefaultScope | search-mailbox -SearchQuery ‘Subject:"virus infected"’ -TargetMailbox administrator -TargetFolder filter -deletecontent -LogLevel Full
  Remember to mark as helpful if you find my contribution useful or as an answer if it does answer your question.That will encourage me - and others - to take time out to help you Check out my latest blog posts on http://exchangequery.com Thanks Sathish
  (MVP)

• Users with mailboxes on exchange 2010 cant proxy to OWA on exchange 2013

  We are in the process of migrating from 2010 to 2013.  Users with mailboxes on exchange 2010 can't proxy to the owa on Exchange 2013 - there is no error - just receiving a message "Still working on it"
  alex serdyukov

  Hi Alex,
  As the above suggestion mentioned, you can try to upgrade the Exchange 2013 to CU8 and check if any helps:
  Cumulative Update 8 for Exchange Server 2013
  Best regards,
  Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected]
  Niko Cheng
  TechNet Community Support

• Exchange 2010/2013 coexistance mailflow issues: 421 4.4.2 socket error.

  So I am in Exchange 2010 SP3 / Exchange 2013 SP1 co-existence. 
  I can send from a test 2013 user to external and 2010 users internally on the domain. But I cannot send to the 2013 test user. I get:
  451 4.4.0 Primary target IP address responded with: "421 4.4.2 Connection dropped due to SocketError." Attempted to failover to alternate host, but that did not succeed. Either there are no alternate hosts, or delivery failed to all alternate
  hosts.
  I've been looking at this for example: 
  http://support.microsoft.com/kb/979175
  But no matter where on the 2013 receive connectors I add Exchange Server Authentication, it still doesnt work.
  Theres so much stuff on this error message, but everyhing I find seems to be 2003 / 2010 or other coexistance which is different to my environment. 

  Hi guys, thanks for the responses, please keep in mind I am not a specialist Exchange Admin, I'm a IT jack of all trades.
  We do not use Windows firewalls on the domain network. Both my 2010 and 2013 setups are in DAGs. Telnet client is not installed on the Exchange 2013 servers, only on the 2010 servers.
  How do I "drop an email...through Telnet"? 
  Telnet from SiteA Exc2010 to SiteA Exc2013:
  220 Exc2013.MyDomain.local Microsoft ESMTP MAIL Service ready at Wed, 4 Jun 201
  4 09:42:39 +1000
  451 4.7.0 Timeout waiting for client input
  Connection to host lost.
  Telnet from SiteA Exc2010 to SiteB Exc2013:
  Blank window, nothing comes up, no response at all. Doesnt seem to time out either.
  Telnet from SiteC Exc2010 to SiteA and SiteB Exchange 2013:
  Exactly the same as from SiteA Exc2010.
  IPConfig:
  Windows IP Configuration
     Host Name . . . . . . . . . . . . : Exc2010
     Primary Dns Suffix  . . . . . . . : MyDomain.local
     Node Type . . . . . . . . . . . . : Hybrid
     IP Routing Enabled. . . . . . . . : No
     WINS Proxy Enabled. . . . . . . . : No
     DNS Suffix Search List. . . . . . : MyDomain.local
  Ethernet adapter Exchange MAPI Network:
     Connection-specific DNS Suffix  . :
     Description . . . . . . . . . . . : BASP Virtual Adapter
     Physical Address. . . . . . . . . : 00-26-B9-5E-E7-47
     DHCP Enabled. . . . . . . . . . . : No
     Autoconfiguration Enabled . . . . : Yes
     IPv4 Address. . . . . . . . . . . : 172.16.2.8(Preferred)
     Subnet Mask . . . . . . . . . . . : 255.255.255.0
     IPv4 Address. . . . . . . . . . . : 172.16.2.31(Preferred)
     Subnet Mask . . . . . . . . . . . : 255.255.255.0
     Default Gateway . . . . . . . . . : 172.16.2.2
     DNS Servers . . . . . . . . . . . : 172.16.2.12
                                         172.16.2.1
     NetBIOS over Tcpip. . . . . . . . : Enabled
  Ethernet adapter Exchange Receive:
     Connection-specific DNS Suffix  . :
     Description . . . . . . . . . . . : Broadcom BCM5709C NetXtreme II GigE (NDIS
   VBD Client) #50
     Physical Address. . . . . . . . . : 00-10-18-FC-16-76
     DHCP Enabled. . . . . . . . . . . : No
     Autoconfiguration Enabled . . . . : Yes
     IPv4 Address. . . . . . . . . . . : 172.16.2.15(Preferred)
     Subnet Mask . . . . . . . . . . . : 255.255.255.0
     Default Gateway . . . . . . . . . : 172.16.2.2
     DNS Servers . . . . . . . . . . . : 172.16.2.12
                                         172.16.2.1
     NetBIOS over Tcpip. . . . . . . . : Enabled
  Ethernet adapter Local Area Connection* 9:
     Connection-specific DNS Suffix  . :
     Description . . . . . . . . . . . : Microsoft Failover Cluster Virtual Adapte
  r
     Physical Address. . . . . . . . . : 02-26-B9-5E-E7-46
     DHCP Enabled. . . . . . . . . . . : No
     Autoconfiguration Enabled . . . . : Yes
     Link-local IPv6 Address . . . . . : fe80::3c54:d53e:e2ea:8d9f%19(Preferred)
     IPv4 Address. . . . . . . . . . . : 169.254.1.173(Preferred)
     Subnet Mask . . . . . . . . . . . : 255.255.0.0
     Default Gateway . . . . . . . . . :
     DHCPv6 IAID . . . . . . . . . . . : 604120761
     DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-4C-3C-35-00-10-18-6B-C0-36
     DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
                                         fec0:0:0:ffff::2%1
                                         fec0:0:0:ffff::3%1
     NetBIOS over Tcpip. . . . . . . . : Enabled
  Ethernet adapter Exchange DAG Replication:
     Connection-specific DNS Suffix  . :
     Description . . . . . . . . . . . : Broadcom BCM5709C NetXtreme II GigE (NDIS
   VBD Client) #49
     Physical Address. . . . . . . . . : 00-10-18-FC-16-74
     DHCP Enabled. . . . . . . . . . . : No
     Autoconfiguration Enabled . . . . : Yes
     IPv4 Address. . . . . . . . . . . : 10.10.2.8(Preferred)
     Subnet Mask . . . . . . . . . . . : 255.255.255.0
     Default Gateway . . . . . . . . . :
     NetBIOS over Tcpip. . . . . . . . : Enabled
  Ethernet adapter Backup Network:
     Connection-specific DNS Suffix  . :
     Description . . . . . . . . . . . : Broadcom BCM5709C NetXtreme II GigE (NDIS
   VBD Client) #5
     Physical Address. . . . . . . . . : 00-10-18-6B-C0-36
     DHCP Enabled. . . . . . . . . . . : No
     Autoconfiguration Enabled . . . . : Yes
     IPv4 Address. . . . . . . . . . . : 192.168.2.8(Preferred)
     Subnet Mask . . . . . . . . . . . : 255.255.255.0
     Default Gateway . . . . . . . . . :
     NetBIOS over Tcpip. . . . . . . . : Enabled
  Tunnel adapter isatap.{7282FD1F-E6A4-4BD2-8D40-B2586BF4130D}:
     Media State . . . . . . . . . . . : Media disconnected
     Connection-specific DNS Suffix  . :
     Description . . . . . . . . . . . : Microsoft ISATAP Adapter
     Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
     DHCP Enabled. . . . . . . . . . . : No
     Autoconfiguration Enabled . . . . : Yes
  Tunnel adapter isatap.{C38886F3-875D-4403-A95B-C1BF2243D6BE}:
     Media State . . . . . . . . . . . : Media disconnected
     Connection-specific DNS Suffix  . :
     Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
     Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
     DHCP Enabled. . . . . . . . . . . : No
     Autoconfiguration Enabled . . . . : Yes
  Tunnel adapter isatap.{46074087-7F11-4414-8B45-8EE71DA621D4}:
     Media State . . . . . . . . . . . : Media disconnected
     Connection-specific DNS Suffix  . :
     Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
     Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
     DHCP Enabled. . . . . . . . . . . : No
     Autoconfiguration Enabled . . . . : Yes
  Tunnel adapter isatap.{73064E78-05CB-4279-8EA8-3E5094067025}:
     Media State . . . . . . . . . . . : Media disconnected
     Connection-specific DNS Suffix  . :
     Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
     Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
     DHCP Enabled. . . . . . . . . . . : No
     Autoconfiguration Enabled . . . . : Yes
  Tunnel adapter isatap.{4F2BDC5B-35FF-49D7-9431-67FA2EB1D327}:
     Media State . . . . . . . . . . . : Media disconnected
     Connection-specific DNS Suffix  . :
     Description . . . . . . . . . . . : Microsoft ISATAP Adapter #5
     Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
     DHCP Enabled. . . . . . . . . . . : No
     Autoconfiguration Enabled . . . . : Yes
  Tunnel adapter Reusable ISATAP Interface {C3216126-6DDC-4523-958A-5907C784EC1F}:
     Media State . . . . . . . . . . . : Media disconnected
     Connection-specific DNS Suffix  . :
     Description . . . . . . . . . . . : Microsoft ISATAP Adapter #6
     Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
     DHCP Enabled. . . . . . . . . . . : No
     Autoconfiguration Enabled . . . . : Yes
  Tunnel adapter Teredo Tunneling Pseudo-Interface:
     Media State . . . . . . . . . . . : Media disconnected
     Connection-specific DNS Suffix  . :
     Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
     Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
     DHCP Enabled. . . . . . . . . . . : No
     Autoconfiguration Enabled . . . . : Yes

• Problems with archive mailbox in Outlook, with exchange 2010+2013 co-existence

  Hi!
  We have an Exchange 2010 environment plus one Exchange 2013 MBX server meant for archive mailbox purpose. (We are going to upgrade to 2013 but with over 20.000 mailboxes it will take som time. Therefore we need to co-exist with primary mbx on 2010 and archive
  mbx on 2013 for some time.)
  My primary mailbox is on a 2010 MBX server, and I have today given myself an archive mbx on 2013 MBX server.
  When I use OWA, both my primary mailbox and my archive shows up and everything works 100% fine!
  But when I try Outlook 2010 or Outlook 2013, only my primary mailbox works. The archive mailbox shows up, but generates an error when accessing it:
  "The set of folders cannot be opened. Microsoft Exchange is not available. Either there are network problems or the Exchange server is down for maintenance"
  Anyone who knows about this issue? Would we nice to know why it works in OWA but not in Outlook.
  Thanks!
  Trond Jenssen

  Hi，
  Please try to recreate a profile to access archieve mailbox.
  If it doesn't make sense, also try Uncheck “Download shared folders” and check it again.
  If you have any feedback on our support, please click
  here
  Wendy Liu
  TechNet Community Support

• Exchange 2010-2013 Migration - Outlook Client gets "Your administrator has made a change..."

  So we're migrating from an Exchange 2010 environment to Exchange 2013. We use a single namespace ("exchange.contoso.com") for both internal and external clients.
  In testing, we have taken a few machines running outlook 2013 and 2010, and edited their hosts file such that "exchange.contoso.com" points toward the new exchange 2013 environment, rather than the 2010 environment for our users. So far so good,
  they can connect, no issues.
  However, when we move a mailbox to the 2013 environment, the outlook client comes back with "Your Exchange Administrator has made a change which requires you to restart outlook". This error affects both Outlook 2013 and 2010. We do have public
  folders in place in exchange 2010, but we have not yet migrated them to 2013 (because the user's still are on 2010).
  Repairing the profile is no help, and recreating the profile does not work either. Any thoughts?

  Hi ,'
  On you first post you have said you have put host file entries for the namespace "exchange.contoso.com"
  in few of the client machines .
  what about for autodiscover namespace did you have put any host entries for that .If not please put that
  too in the host file of the client machines and then check by moving anyone of the mailbox from exchange 2010 to exchange 2013 .
  Same time please check this blog especially on the end of the page .
  http://blogs.msdn.com/b/aljackie/archive/2013/11/14/outlook-and-rpc-end-point-the-microsoft-exchange-administrator-has-made-a-change-that-requires-you-quit-and-restart-outlook.aspx
  Regards
  S.Nithyanandham
  Thanks S.Nithyanandham

• Exchange 2010/2013 coexistence published in TMG 2010

  Environment:
  Two Windows 2008 R2, Exchange 2010 SP3 servers, currently holding all mailboxes
  Two Windows 2012 R2, Exchange 2013 SP1 servers, setup in progress
  Two Windows 2008 R2, TMG 2010, V7.0.9193.540 publishing both Exchange 2010 servers.
  Scenario:
  I need to continue having Exchange 2010 setup in TMG as is as the mailbox migration to 2013 will take weeks if not months and I have a project requirement to have Exchange Database Availability Group (DAG) functionality for all mailboxes throughout the project,
  so 4 servers are an absolute must. So I need to add Exchange 2013 in TMG and not just replace the 2010 setup with the 2013 setup and I cannot run one 2010 and one 2013 server. 
  Questions:
  1. I currently only have 2 public IP addresses available to SMTP, mapped to the external interfaces of TMG, to allow my environment to be able receive emails on 4 Exchange servers (two 2010 and two 2013) I need to have 4 public IP addresses, is that correct?
  2. Does anyone have a good general guide/blog for doing this (setting up Exchange 2013 in TMG in a coexistance scenario)? 
  This is nice, but doesn't really approach it from a coexistance scenario:
  http://blogs.technet.com/b/exchange/archive/2012/11/21/publishing-exchange-server-2013-using-tmg.aspx
  Thanks!

  Hi Trana,
  In TMG you can use single IP address to publish multiple Web address and below are the options which you can explore.
  Hope your OWA ECP etc are Https
  You need a SSL certificate which has all the URL SAN entry of both old and new Exchange server.
  Create a listener and select the IP address (Say public IP address 195.219.x.x)
  Link the SSL certificate
  Public DNS entry
   A record , Single IP
  195.219.x.x 
  Point to           
  Owa1.exchange1.com   - Old Server
  195.219.x.x 
  Point to           
  ECP1.exchange1.com     - Old Server
  195.219.x.x 
  Point to           
  ECP2.exchange2.com      - New Server
  195.219.x.x 
  Point to           
  Owa2.exchange2.com     - New Server
  Create a Web publishing rule as below
  Old server Exchange 1
  Owa1.exchange1.com  
  ECP1.exchange1.com    
  One Web publishing Rule with all the URL added on it and link the Rule with the listener we created
  Point the Web publishing to Exchange1.com server which is old
  New server Exchange 2
   Web publishing Rule with all the URL added on it and link the Rule with the listener we created
  Point the Web publishing to Exchange2.com server which is New
  ECP2.exchange2.com     
  Owa2.exchange2.com    

• Trying to install Exchange Server 2013 and receive this error.

  Hello,
  I have a computer running Windows Server 2012 R2 Standard. I have completed all the prerequisites to install Exchange Server 2013. It all was going good until the install started. Then I received the below error. Does anyone have any suggestions? I am new
  to Exchange Server so would thank and appreciate any help I could get to resolve this issue.
  Thank You,
  Stan
  Error:
  The following error was generated when "$error.Clear(); 
  initialize-ExchangeUniversalGroups -DomainController $RoleDomainController -ActiveDirectorySplitPermissions $RoleActiveDirectorySplitPermissions
  " was run: "Microsoft.Exchange.Management.Tasks.InvalidWKObjectException: The well-known object entry B:32:A7D2016C83F003458132789EEB127B84:CN=Exchange Servers\0ADEL:16cd035a-6201-492f-b85f-1e28cc9f9ee0,CN=Deleted Objects,DC=MULTIAXCNC,DC=local on
  the otherWellKnownObjects attribute in the container object CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=MULTIAXCNC,DC=local points to an invalid DN or a deleted object.  Remove the entry, and then rerun the task.
     at Microsoft.Exchange.Configuration.Tasks.Task.ThrowError(Exception exception, ErrorCategory errorCategory, Object target, String helpUrl)
     at Microsoft.Exchange.Configuration.Tasks.Task.WriteError(Exception exception, ErrorCategory category, Object target)
     at Microsoft.Exchange.Management.Tasks.InitializeExchangeUniversalGroups.CreateGroup(ADOrganizationalUnit usgContainer, String groupName, Int32 groupId, Guid wkGuid, String groupDescription, GroupTypeFlags groupType, Boolean createAsRoleGroup)
     at Microsoft.Exchange.Management.Tasks.InitializeExchangeUniversalGroups.CreateGroup(ADOrganizationalUnit usgContainer, String groupName, Int32 groupId, Guid wkGuid, String groupDescription)
     at Microsoft.Exchange.Management.Tasks.InitializeExchangeUniversalGroups.InternalProcessRecord()
     at Microsoft.Exchange.Configuration.Tasks.Task.<ProcessRecord>b__b()
     at Microsoft.Exchange.Configuration.Tasks.Task.InvokeRetryableFunc(String funcName, Action func, Boolean terminatePipelineIfFailed)".

  Here is the error I am getting and the last setup log I can find. Any help how to get past the error would be helpful.
  Thank You,
  Stan
  Error
  The following error was generated when "$error.Clear();
            Install-ExchangeCertificate -WebSiteName "Exchange Back End" -services "IIS, POP, IMAP" -DomainController $RoleDomainController -InstallInTrustedRootCAIfSelfSigned $true
            if ($RoleIsDatacenter -ne $true -And $RoleIsPartnerHosted -ne $true)
              Install-AuthCertificate -DomainController $RoleDomainController
          " was run: "Microsoft.Exchange.Management.SystemConfigurationTasks.AddAccessRuleCryptographicException: Could not grant Network Service access to the certificate with thumbprint 845C42A131A8A73487400A91491182FB95B81612
  because a cryptographic exception was thrown. ---> System.Security.Cryptography.CryptographicException: Access is denied.
     at Microsoft.Exchange.Security.Cryptography.X509Certificates.TlsCertificateInfo.CAPIAddAccessRule(X509Certificate2 certificate, AccessRule rule)
     at Microsoft.Exchange.Security.Cryptography.X509Certificates.TlsCertificateInfo.AddAccessRule(X509Certificate2 certificate, AccessRule rule)
     at Microsoft.Exchange.Management.SystemConfigurationTasks.ManageExchangeCertificate.EnableForServices(X509Certificate2 cert, AllowedServices services, String websiteName, Boolean requireSsl, ITopologyConfigurationSession dataSession, Server server,
  List`1 warningList, Boolean allowConfirmation, Boolean forceNetworkService)
     --- End of inner exception stack trace ---
     at Microsoft.Exchange.Configuration.Tasks.Task.ThrowError(Exception exception, ErrorCategory errorCategory, Object target, String helpUrl)
     at Microsoft.Exchange.Configuration.Tasks.Task.WriteError(Exception exception, ErrorCategory category, Object target)
     at Microsoft.Exchange.Management.SystemConfigurationTasks.InstallExchangeCertificate.EnableForServices(X509Certificate2 cert, AllowedServices services)
     at Microsoft.Exchange.Management.SystemConfigurationTasks.InstallExchangeCertificate.InternalProcessRecord()
     at Microsoft.Exchange.Configuration.Tasks.Task.<ProcessRecord>b__b()
     at Microsoft.Exchange.Configuration.Tasks.Task.InvokeRetryableFunc(String funcName, Action func, Boolean terminatePipelineIfFailed)".
  Setup Log Below
  # Default Install steps for ClientAccessRole.
  # Programmatically generated on 7/5/2014 10:58:24 PM.
  # Variable Declarations
  $RoleAllRoles = 'BridgeheadRole,GatewayRole,ClientAccessRole,MailboxRole,UnifiedMessagingRole,FrontendTransportRole,AdminToolsRole,MonitoringRole,CentralAdminRole,CentralAdminDatabaseRole,CentralAdminFrontEndRole,LanguagePacksRole,CafeRole,FfoWebServiceRole,OSPRole'
  $RoleBinPath = 'C:\Program Files\Microsoft\Exchange Server\V15\Bin'
  $RoleCustomerFeedbackEnabled = $True
  $RoleDatacenterPath = 'C:\Program Files\Microsoft\Exchange Server\V15\Datacenter'
  $RoleDatacenterServiceEndpointABCHContactService = '<ServiceEndpoint><Url>http://pvt-contacts.msn.com/abservice/abservice.asmx</Url></ServiceEndpoint>'
  $RoleDatacenterServiceEndpointDomainPartnerManageDelegation = '<ServiceEndpoint><Url>https://domains.live.com/service/managedelegation.asmx</Url></ServiceEndpoint>'
  $RoleDatacenterServiceEndpointDomainPartnerManageDelegation2 = '<ServiceEndpoint><Url>https://domains.live.com/service/managedelegation2.asmx</Url></ServiceEndpoint>'
  $RoleDatacenterServiceEndpointLiveFederationMetadata = '<ServiceEndpoint><Url>https://nexus.passport.com/FederationMetadata/2006-12/FederationMetadata.xml</Url></ServiceEndpoint>'
  $RoleDatacenterServiceEndpointLiveGetUserRealm = '<ServiceEndpoint><Url>https://login.live.com/GetUserRealm.srf</Url></ServiceEndpoint>'
  $RoleDatacenterServiceEndpointLiveServiceLogin2 = '<ServiceEndpoint><Url>https://login.live.com/RST2.srf</Url></ServiceEndpoint>'
  $RoleDatacenterServiceEndpointMsoFederationMetadata = '<ServiceEndpoint><Url>https://nexus.microsoftonline-p.com/FederationMetadata/2006-12/FederationMetadata.xml</Url></ServiceEndpoint>'
  $RoleDomainController = 'MULTIAX2012.MULTIAXCNC.local'
  $RoleExternalCASServerDomain = $null
  $RoleFqdnOrName = 'MULTIAX2012.MULTIAXCNC.local'
  $RoleInstallationMode = 'Install'
  $RoleInstallPath = 'C:\Program Files\Microsoft\Exchange Server\V15\'
  $RoleInvocationID = '20140705-2258240578829153548'
  $RoleIsAdminToolsRoleInstalled = $True
  $RoleIsBridgeheadRoleInstalled = $True
  $RoleIsDatacenter = $False
  $RoleIsDatacenterDedicated = $False
  $RoleIsFfo = $False
  $RoleIsPartnerHosted = $False
  $RoleLanguagePacksPath = 'C:\Exchange\'
  $RoleLoggedOnUser = 'MULTIAXCNC\Administrator'
  $RoleLoggingPath = 'C:\Program Files\Microsoft\Exchange Server\V15\Logging'
  $RoleNetBIOSName = 'MULTIAX2012'
  $RoleNoSelfSignedCertificates = $False
  $RolePreviousVersion = $null
  $RoleProductPlatform = 'amd64'
  $RoleRoleName = 'ClientAccessRole'
  $RoleRoles = 'BridgeheadRole,AdminToolsRole'
  $RoleSetupLoggingPath = 'C:\ExchangeSetupLogs'
  $RoleTargetVersion = '15.00.0913.022'
  $RoleUpdatesDir = $null
  # Component tasks
  # Tasks for 'All Roles Common First' component
  # [ID = AllRolesCommonFirst___3e69ba31a53e4c29a2d6bffcf78cc614, Wt = 5, isFatal = True] "Starting the WMI service."
  7/5/2014 10:58:24 PM:
            if (Get-Service winmgmt* | ?{ $_.Name -ieq "winmgmt" })
              Set-Service winmgmt -StartupType Automatic
              Start-SetupService -ServiceName winmgmt
  # [ID = AllRolesCommonFirst___56139ce4432346ecb7936afae4c3a9cc, Wt = 1, isFatal = True] "Creating the Exchange server configuration object in Active Directory."
  7/5/2014 10:58:24 PM:
            & $RoleBinPath\ServiceControl.ps1 EnableServices $RoleRoleName.Replace('Role','')
  # [ID = AllRolesCommonFirst___edc23bc11a4e4119a6a4ee802ff1ea49, Wt = 1, isFatal = True] "Creating the Exchange server configuration object in Active Directory."
  7/5/2014 10:58:24 PM:
            if ($RoleRoles)
              & $RoleBinPath\ServiceControl.ps1 EnableServices $RoleRoles.Replace('Role','').Split(',')
  # [ID = AllRolesCommonFirst___62f13a063b2846a5ab20765bb7a3fc51, Wt = 5, isFatal = True] "Starting the Remote Registry service."
  7/5/2014 10:58:25 PM:Start-SetupService -ServiceName RemoteRegistry
  # [ID = AllRolesCommonFirst___00573a17b6e34c26842a6646830d57fa, Wt = 1, isFatal = True] "Creating the Exchange server configuration object in Active Directory."
  7/5/2014 10:58:25 PM:Set-LocalPermissions
  # [ID = AllRolesCommonFirst___77668249568048d3812fb7cdba08c58b, Wt = 1, isFatal = False] "Creating the Exchange server configuration object in Active Directory."
  7/5/2014 10:59:35 PM:
            $mofFilePath =  ($RoleInstallPath + "bin\Exchange.MOF");
            $mflFilePath =  ($RoleInstallPath + "bin\en\Exchange.MFL");
            compile-moffile -MofFilePath:$mofFilePath;
            compile-moffile -MofFilePath:$mflFilePath;
  # [ID = AllRolesCommonFirst___f557448f44964e5eaa5dba792a3c4f09, Wt = 1, isFatal = True] "Creating the Exchange server configuration object in Active Directory."
  7/5/2014 10:59:35 PM:
             Add-FirewallException -FirewallRule (New-Object Microsoft.Exchange.Security.WindowsFirewall.MSExchangeRPCByPortRule)
  # [ID = AllRolesCommonFirst___84a0f0e2c2f44db2b537e9696c26fc3e, Wt = 1, isFatal = True] "Creating the Exchange server configuration object in Active Directory."
  7/5/2014 10:59:35 PM:
             Add-FirewallException -FirewallRule (New-Object Microsoft.Exchange.Security.WindowsFirewall.MSExchangeRPCEPMapByPortRule)
  # Tasks for 'ClientAccess Permissions Configuration' component
  # [ID = ClientAccessLocalPermissionsComponent___6246589bb8494a3580c22c26e18451d1, Wt = 1, isFatal = True] "Setting folder or registry permissions for the Mailbox role: Client Access service. "
  7/5/2014 10:59:35 PM:Set-LocalPermissions -Feature:"ClientAccess"
  # Tasks for 'Exchange 2003 Registry Configuration' component
  # [ID = LegacyRegistryMarkersComponent___7d6dadc1069b42ac93eadd1143c04a1a, Wt = 1, isFatal = True] "Installing/Removing registry values used by Exchange 2003 components"
  7/5/2014 11:00:01 PM:set-ExsetdataRegistryMarkers
  # Tasks for 'Client Access Perf Counters' component
  # [ID = ClientAccessPerfCountersComponent___deb99c54869843b68426390615283ab7, Wt = 1, isFatal = False] "Installing or removing Client Access performance counters."
  7/5/2014 11:00:01 PM:new-PerfCounters -DefinitionFileName OwaInstallSingleCounters.xml
  # [ID = ClientAccessPerfCountersComponent___ca78563ec1f1468982d1a2e59c6001bd, Wt = 1, isFatal = False] "Installing or removing Client Access performance counters."
  7/5/2014 11:00:15 PM:new-PerfCounters -DefinitionFileName EcpPerfCounters.xml
  # [ID = ClientAccessPerfCountersComponent___e69a559428fb42029ca3261e795b216d, Wt = 1, isFatal = False] "Installing or removing Client Access performance counters."
  7/5/2014 11:00:21 PM:new-PerfCounters -DefinitionFileName RwsPerfCounters.xml
  # [ID = ClientAccessPerfCountersComponent___c335490f948a4b16b5e2d2ce5f1eb9e7, Wt = 1, isFatal = False] "Installing or removing Client Access performance counters."
  7/5/2014 11:00:26 PM:new-PerfCounters -DefinitionFileName InfoworkerAvailabilityPerformanceCounters.xml
  # [ID = ClientAccessPerfCountersComponent___5af856aa00ae485ca206c5cdd13e9128, Wt = 1, isFatal = False] "Installing or removing Client Access performance counters."
  7/5/2014 11:00:31 PM:new-PerfCounters -DefinitionFileName InfoworkerSharingPerformanceCounters.xml
  # [ID = ClientAccessPerfCountersComponent___86121d1b951e43fb934f1f1d573362eb, Wt = 1, isFatal = False] "Installing or removing Client Access performance counters."
  7/5/2014 11:00:35 PM:new-PerfCounters -DefinitionFileName ThrottlingPerformanceCounters.xml
  # [ID = ClientAccessPerfCountersComponent___ea5896b92c494834b1a93c4620fcaef4, Wt = 1, isFatal = False] "Installing or removing Client Access performance counters."
  7/5/2014 11:00:42 PM:new-PerfCounters -DefinitionFileName MiddleTierStoragePerformanceCounters.xml
  # [ID = ClientAccessPerfCountersComponent___dab6f03bdf5141efb7b017c3009fb9e6, Wt = 1, isFatal = False] "Installing or removing Client Access performance counters."
  7/5/2014 11:00:48 PM:new-PerfCounters -DefinitionFileName ActiveManagerClientPerfmon.xml
  # [ID = ClientAccessPerfCountersComponent___5471455db0ef4610bf68fe7ad9417e19, Wt = 1, isFatal = False] "Installing or removing Client Access performance counters."
  7/5/2014 11:00:53 PM:new-PerfCounters -DefinitionFileName RmsPerfCounters.xml
  # [ID = ClientAccessPerfCountersComponent___81ad52cb2950483196b52371b4d992c8, Wt = 1, isFatal = False] "Installing or removing Client Access performance counters."
  7/5/2014 11:00:58 PM:new-PerfCounters -DefinitionFileName InfoworkerMailTipsPerformanceCounters.xml
  # [ID = ClientAccessPerfCountersComponent___072bf6737f1c42a0a8847ce35cf8a0c7, Wt = 1, isFatal = False] "Installing or removing Client Access performance counters."
  7/5/2014 11:01:03 PM:new-PerfCounters -DefinitionFileName InfoworkerUserPhotosPerformanceCounters.xml
  # [ID = ClientAccessPerfCountersComponent___50b64611f7444bb49d50e00c206d2c13, Wt = 1, isFatal = False] "Installing or removing Client Access performance counters."
  7/5/2014 11:01:08 PM:new-PerfCounters -DefinitionFileName AirSyncCounters.xml
  # [ID = ClientAccessPerfCountersComponent___f2620ff8c3754396a8ea7d77257e2895, Wt = 1, isFatal = False] "Installing or removing Client Access performance counters."
  7/5/2014 11:01:14 PM:new-PerfCounters -DefinitionFileName ClientAccessRulesPerformanceCounters.xml
  # [ID = ClientAccessPerfCountersComponent___4ef0f16c017840a583ace9f062300207, Wt = 1, isFatal = False] "Installing or removing Client Access performance counters."
  7/5/2014 11:01:19 PM:new-PerfCounters -DefinitionFileName Imap4Counters.xml
  # [ID = ClientAccessPerfCountersComponent___135fb06dadd9403a83ceebb290638efe, Wt = 1, isFatal = False] "Installing or removing Client Access performance counters."
  7/5/2014 11:01:24 PM:new-PerfCounters -DefinitionFileName Pop3Counters.xml
  # [ID = ClientAccessPerfCountersComponent___312e8d44e92b45e0809f9d3d5dc2cfc0, Wt = 1, isFatal = False] "Installing or removing Client Access performance counters."
  7/5/2014 11:01:29 PM:new-PerfCounters -DefinitionFileName WsPerformanceCounters.xml
  # [ID = ClientAccessPerfCountersComponent___3c333497697041cb854190ec31c17b18, Wt = 1, isFatal = False] "Installing or removing Client Access performance counters."
  7/5/2014 11:01:48 PM:new-PerfCounters -DefinitionFileName UMClientAccessCounters.xml
  # [ID = ClientAccessPerfCountersComponent___ba015b97cc0b4beba7b25b6cb297fcac, Wt = 1, isFatal = False] "Installing or removing Client Access performance counters."
  7/5/2014 11:01:54 PM:new-PerfCounters -DefinitionFileName AutodiscoverPerformanceCounters.xml
  # [ID = ClientAccessPerfCountersComponent___3daffea50d5a4318aab4aa737e508146, Wt = 1, isFatal = False] "Installing or removing Client Access performance counters."
  7/5/2014 11:01:59 PM:new-PerfCounters -DefinitionFileName OAuthCounters.xml
  # [ID = ClientAccessPerfCountersComponent___c71073d7f1ab4c119af83efb513b3a9d, Wt = 1, isFatal = False] "Installing or removing Client Access performance counters."
  7/5/2014 11:02:04 PM:new-PerfCounters -DefinitionFileName InfoWorkerMessageTrackingPerformanceCounters.xml
  # [ID = ClientAccessPerfCountersComponent___abdaf0bf21f4473b88819ee85cada219, Wt = 1, isFatal = False] "Installing or removing Client Access performance counters."
  7/5/2014 11:02:10 PM:new-PerfCounters -DefinitionFileName RpcClientAccessPerformanceCounters.xml
  # [ID = ClientAccessPerfCountersComponent___9f160f3e42984edfa25b62424ebc05b5, Wt = 1, isFatal = False] "Installing or removing Client Access performance counters."
  7/5/2014 11:02:15 PM:new-PerfCounters -DefinitionFileName RpcClientAccessServerPerformanceCounters.xml
  # [ID = ClientAccessPerfCountersComponent___e55cb179521a4dacbeaa588c6948cf14, Wt = 1, isFatal = False] "Installing or removing Client Access performance counters."
  7/5/2014 11:02:15 PM:new-PerfCounters -DefinitionFileName AddressBookServicePerformanceCounters.xml
  # [ID = ClientAccessPerfCountersComponent___064a7856cf7c4b0399c85cf4f3bc2f1c, Wt = 1, isFatal = False] "Installing or removing Client Access performance counters."
  7/5/2014 11:02:20 PM:new-PerfCounters -DefinitionFileName RpcEntryPointsPerformanceCounters.xml
  # [ID = ClientAccessPerfCountersComponent___42325F33-A961-41FE-B6B5-5CFB3AA9820A, Wt = 1, isFatal = False] "Installing or removing Client Access performance counters."
  7/5/2014 11:02:22 PM:new-PerfCounters -DefinitionFileName MapiHttpEmsmdbPerformanceCounters.xml
  # [ID = ClientAccessPerfCountersComponent___4C04D747-3B5C-400A-980F-45504324EF42, Wt = 1, isFatal = False] "Installing or removing Client Access performance counters."
  7/5/2014 11:02:28 PM:new-PerfCounters -DefinitionFileName MapiHttpNspiPerformanceCounters.xml
  # [ID = ClientAccessPerfCountersComponent___5ab36fffacd04975bb1bc681a214bf71, Wt = 1, isFatal = False] "Installing or removing Client Access performance counters."
  7/5/2014 11:02:33 PM:new-PerfCounters -DefinitionFileName ThrottlingServiceClientPerformanceCounters.xml
  # [ID = ClientAccessPerfCountersComponent___6ca23933132d44b39d6586cb3f9f8f21, Wt = 1, isFatal = False] "Installing or removing Client Access performance counters."
  7/5/2014 11:02:39 PM:new-PerfCounters -DefinitionFileName MSExchMailboxReplicationServicePerformanceCounters.xml
  # [ID = ClientAccessPerfCountersComponent___6602c41b35254405bed412fab7d527fe, Wt = 1, isFatal = False] "Installing or removing Client Access performance counters."
  7/5/2014 11:02:44 PM:new-PerfCounters -DefinitionFileName MSExchMailboxReplicationServicePerMdbPerformanceCounters.xml -FileMappingSize 2097152
  # [ID = ClientAccessPerfCountersComponent___74e45a45ea8c449092a10929ae24ba4b, Wt = 1, isFatal = False] "Installing or removing Client Access performance counters."
  7/5/2014 11:02:50 PM:new-PerfCounters -DefinitionFileName MlbPerformanceCounters.xml
  # [ID = ClientAccessPerfCountersComponent___a3bcb686add64cf296c8616d387d0323, Wt = 1, isFatal = False] "Installing or removing Client Access performance counters."
  7/5/2014 11:02:55 PM:new-PerfCounters -DefinitionFileName MlbMultiInstancePerformanceCounters.xml -FileMappingSize 2097152
  # [ID = ClientAccessPerfCountersComponent___c00c15c4ef6f479b9f5deb852d8eda7d, Wt = 1, isFatal = False] "Installing or removing Client Access performance counters."
  7/5/2014 11:03:01 PM:new-PerfCounters -DefinitionFileName ProvisioningPerfCounters.xml
  # [ID = ClientAccessPerfCountersComponent___fe1a2a7c828f4b57abc2e50dc09baddf, Wt = 1, isFatal = False] "Installing or removing Client Access performance counters."
  7/5/2014 11:03:06 PM:new-PerfCounters -DefinitionFileName GalsyncPerfCounters.xml
  # [ID = ClientAccessPerfCountersComponent___35D14CB8B01949818832943A391D77B9, Wt = 1, isFatal = False] "Installing or removing Client Access performance counters."
  7/5/2014 11:03:11 PM:new-PerfCounters -DefinitionFileName BackSyncPerfCounters.xml
  # [ID = ClientAccessPerfCountersComponent___e69599d235234effb6d2740f3c52f7e1, Wt = 1, isFatal = False] "Installing or removing Client Access performance counters."
  7/5/2014 11:03:11 PM:new-PerfCounters -DefinitionFileName AdminAuditPerfCounters.xml
  # [ID = ClientAccessPerfCountersComponent___09bd11b57f6445e890391a507262cf32, Wt = 1, isFatal = False] "Installing or removing Client Access performance counters."
  7/5/2014 11:03:16 PM:new-PerfCounters -DefinitionFileName InfoworkerMultiMailboxSearchPerformanceCounters.xml
  # [ID = ClientAccessPerfCountersComponent___324687361E1C473A834C22A66104679f, Wt = 1, isFatal = False] "Installing or removing Client Access performance counters."
  7/5/2014 11:03:16 PM:new-PerfCounters -DefinitionFileName ProvisioningCachePerformanceCounters.xml
  # [ID = ClientAccessPerfCountersComponent___98C36FFEC7944065889DB24067CFD3EE, Wt = 1, isFatal = False] "Installing or removing Client Access performance counters."
  7/5/2014 11:03:21 PM:new-PerfCounters -DefinitionFileName OABRequestHandlerPerformanceCounters.xml
  # [ID = ClientAccessPerfCountersComponent___1F5A7B68C95B42568E02FAA15A05EF17, Wt = 1, isFatal = False] "Installing or removing Client Access performance counters."
  7/5/2014 11:03:26 PM:new-PerfCounters -DefinitionFileName DlpPolicyTipsPerformanceCounters.xml
  # [ID = ClientAccessPerfCountersComponent___995DEA7A1AC5467C89939F5F8CE5F2AF, Wt = 1, isFatal = False] "Installing or removing Client Access performance counters."
  7/5/2014 11:03:31 PM:new-PerfCounters -DefinitionFileName ConfigurationCachePerformanceCounters.xml
  # Tasks for 'Client Access Configuration' component
  # [ID = ClientAccessComponent___d5119205104847bcb275cb63b65160b6, Wt = 5, isFatal = False] "Pre-compiling setup binaries."
  7/5/2014 11:03:35 PM:
            $fullPath = [System.IO.Path]::Combine($RoleInstallPath, "ClientAccess\Owa\Bin\Microsoft.Exchange.Clients.Owa.dll");
            $appBase = [System.IO.Path]::Combine($RoleInstallPath, "bin");
            precompile-ManagedBinary -BinaryName  $fullPath -AppBase $appBase;
  # [ID = ClientAccessComponent___954344d74d8849e9ae7123b91761ed9d, Wt = 5, isFatal = False] "Pre-compiling setup binaries."
  7/5/2014 11:03:57 PM:
            $fullPath = [System.IO.Path]::Combine($RoleInstallPath, "ClientAccess\Sync\Bin\Microsoft.Exchange.AirSyncHandler.dll");
            $appBase = [System.IO.Path]::Combine($RoleInstallPath, "bin");
            precompile-ManagedBinary -BinaryName  $fullPath -AppBase $appBase;
  # [ID = ClientAccessComponent___6632d6c1d5054563942db4f180976238, Wt = 5, isFatal = False] "Pre-compiling setup binaries."
  7/5/2014 11:04:01 PM:
            $fullPath = [System.IO.Path]::Combine($RoleInstallPath, "ClientAccess\AutoDiscover\Bin\Microsoft.Exchange.AutoDiscover.dll");
            $appBase = [System.IO.Path]::Combine($RoleInstallPath, "bin");
            precompile-ManagedBinary -BinaryName  $fullPath -AppBase $appBase;
  # [ID = ClientAccessComponent___390b4ffddd484dcb9edc01dd725e020a, Wt = 5, isFatal = False] "Pre-compiling setup binaries."
  7/5/2014 11:04:07 PM:
            $fullPath = [System.IO.Path]::Combine($RoleInstallPath, "ClientAccess\exchweb\ews\bin\Microsoft.Exchange.Services.dll");
            $appBase = [System.IO.Path]::Combine($RoleInstallPath, "bin");
            precompile-ManagedBinary -BinaryName  $fullPath -AppBase $appBase;
  # [ID = ClientAccessComponent___178a10624c88445093855c4ede7e9b9c, Wt = 1, isFatal = True] "Configuring Mailbox role: Client Access service."
  7/5/2014 11:04:42 PM:
            . "$RoleInstallPath\Scripts\ConfigureNetworkProtocolParameters.ps1";
            Set-NtlmLoopbackCheck $false
  # [ID = ClientAccessComponent___14a6761e144e428b93c62249acc814fe, Wt = 1, isFatal = True] "Configuring Mailbox role: Client Access service."
  7/5/2014 11:04:42 PM:install-ClientAccessIisWebServiceExtensions
  # [ID = ClientAccessComponent___28fdfe8bec984e809cdeef6d4d59bf4e, Wt = 1, isFatal = True] "Configuring Mailbox role: Client Access service."
  7/5/2014 11:04:43 PM:
          if (get-service MSExchangeServiceHost* | where {$_.name -eq "MSExchangeServiceHost"})
              restart-service MSExchangeServiceHost
  # [ID = ClientAccessComponent___7816256880dc4be0baf5b005b2af8cd3, Wt = 1, isFatal = True] "Configuring Mailbox role: Client Access service."
  7/5/2014 11:04:45 PM:
          if (get-service MSExchangeProtectedServiceHost* | where {$_.name -eq "MSExchangeProtectedServiceHost"})
              restart-service MSExchangeProtectedServiceHost
  # [ID = ClientAccessComponent___e95499b43bd1484dbc03098fb1b4e592, Wt = 1, isFatal = True] "Configuring Mailbox role: Client Access service."
  7/5/2014 11:04:45 PM:set-ExchangeServerRole -Identity $RoleFqdnOrName -IsClientAccessServer:$true -DomainController $RoleDomainController
  # [ID = ClientAccessComponent___f4c48e196e374cf3af269b1cea0602c8, Wt = 1, isFatal = True] "Installing/Removing the WebReady Document Viewing service."
  7/5/2014 11:04:45 PM:Install-TranscodingServiceEx
  # [ID = ClientAccessComponent___f50fd59d231140eb9b2405bbed2b93d4, Wt = 1, isFatal = False] "Configuring Mailbox role: Client Access service."
  7/5/2014 11:04:45 PM:
            if ($RoleIsDatacenter -eq $false)
              uninstall-FBAService
  # [ID = ClientAccessComponent___9fad9d51b3ec4ecdad567ab58e470be7, Wt = 1, isFatal = False] "Configuring Mailbox role: Client Access service."
  7/5/2014 11:04:45 PM:
            if ($RoleIsDatacenter -eq $false)
              stop-setupservice -ServiceName MSExchangeFBA
  # [ID = ClientAccessComponent___1c7a7da2ab9d41bb8db75522ad28b9db, Wt = 1, isFatal = True] "Configuring Mailbox role: Client Access service."
  7/5/2014 11:04:45 PM:
            $tpath = "$env:SystemRoot\system32\inetsrv\microsoft.web.administration.dll";
            add-type -Path $tpath;
            $sm = new-object Microsoft.Web.Administration.ServerManager;
            if ($sm.Sites["Exchange Back End"] -eq $null)
              $ppath = "$env:SystemDrive\inetpub\wwwroot";
              $s = $sm.Sites.Add("Exchange Back End","http", "*:81:", $ppath);
              $s.ServerAutoStart = $true;
              $sb =$s.Bindings;
              $b = $sb.Add("*:444:","https");
              $sm.CommitChanges();
  # [ID = ClientAccessComponent___a5f211d837784aea931b9ba55c39996d, Wt = 1, isFatal = True] "Configuring Mailbox role: Client Access service."
  7/5/2014 11:04:45 PM:
            Get-ExchangeServer $RoleFqdnOrName | Add-AdPermission -User "S-1-5-20" -ExtendedRights "Exchange Web Services Token Serialization";
  # [ID = ClientAccessComponent__SetInstallPathInMrsAppConfig, Wt = 1, isFatal = True] "Configuring Mailbox role: Client Access service."
  7/5/2014 11:04:45 PM:
            Set-InstallPathInAppConfig -ConfigFileRelativePath "Bin" -ConfigFileName "MsExchangeMailboxReplication.exe.config"
  # [ID = ClientAccessComponent___765cc444ba07411aa81d58397b0401fd, Wt = 1, isFatal = True] "Configuring Mailbox role: Client Access service."
  7/5/2014 11:04:45 PM:
            if (!(get-service MSExchangeMailboxReplication* | where {$_.name -eq "MSExchangeMailboxReplication"}))
              install-MailboxReplicationService
  # [ID = ClientAccessComponent___151b722e327b42a69411df32afdbbcbb, Wt = 1, isFatal = True] "Configuring Mailbox role: Client Access service."
  7/5/2014 11:04:46 PM:
             Add-FirewallException -FirewallRule (New-Object Microsoft.Exchange.Security.WindowsFirewall.MSExchangeMailboxReplicationFirewallRule)
  # [ID = ClientAccessComponent___7d69bb94f08245589e49eb569c6d5f4f, Wt = 1, isFatal = True] "Configuring Mailbox role: Client Access service."
  7/5/2014 11:04:46 PM:
            if (!(get-service MSExchangeMigrationWorkflow* | where {$_.name -eq "MSExchangeMigrationWorkflow"}))
              install-MigrationWorkflowService
  # [ID = ClientAccessComponent___95f051d9dc5941c4b6014181b6e5ce93, Wt = 1, isFatal = True] "Configuring Mailbox role: Client Access service."
  7/5/2014 11:04:47 PM:
             Add-FirewallException -FirewallRule (New-Object Microsoft.Exchange.Security.WindowsFirewall.MSExchangeABRPCFirewallRule)
  # [ID = ClientAccessComponent___959c2d6566984da6b8e0e3235c1c11c2, Wt = 1, isFatal = True] "Configuring Mailbox role: Client Access service."
  7/5/2014 11:04:47 PM:
             Add-FirewallException -FirewallRule (New-Object Microsoft.Exchange.Security.WindowsFirewall.MSExchangePOPBeByPortRule)
  # [ID = ClientAccessComponent___29864e7462374fdb84fc75eec931d8e4, Wt = 1, isFatal = True] "Configuring Mailbox role: Client Access service."
  7/5/2014 11:04:47 PM:
            Add-FirewallException -FirewallRule (New-Object Microsoft.Exchange.Security.WindowsFirewall.MSExchangeIMAP4BeFirewallRule)
  # [ID = ClientAccessComponent___052e1b794d0641ada4d6d417061af2a8, Wt = 1, isFatal = True] "Configuring Mailbox role: Client Access service."
  7/5/2014 11:04:47 PM:
             Add-FirewallException -FirewallRule (New-Object Microsoft.Exchange.Security.WindowsFirewall.MSExchangeOWAByPortRule)
  # [ID = ClientAccessComponent___975efd8911fd41cca8b17462535d710e, Wt = 1, isFatal = True] "Configuring Mailbox role: Client Access service."
  7/5/2014 11:04:47 PM:
             Add-FirewallException -FirewallRule (New-Object Microsoft.Exchange.Security.WindowsFirewall.MSExchangeMailboxReplicationByPort)
  # [ID = ClientAccessComponent___023036e43f004bda9f4f4e0b1e0d233f, Wt = 1, isFatal = True] "Configuring Mailbox role: Client Access service."
  7/5/2014 11:04:47 PM:
            Install-ResourceHealthActiveFlags
  # [ID = ClientAccessComponent___3a51c2876e2c4643bc892d2665754228, Wt = 1, isFatal = True] "Configuring Mailbox role: Client Access service."
  7/5/2014 11:04:47 PM:set-InstallPathInAppConfig -ConfigFileRelativePath "ClientAccess\PushNotifications\" -ConfigFileName web.config
  # [ID = ClientAccessComponent___FCC16AC1FFED43518F8292DBE770C621, Wt = 1, isFatal = True] "Configuring Mailbox role: Client Access service."
  7/5/2014 11:04:47 PM:set-InstallPathInAppConfig -ConfigFileRelativePath "ClientAccess\mapi\emsmdb\" -ConfigFileName web.config
  # [ID = ClientAccessComponent___E9C71786D02E40CBB1403E2E1A4B0758, Wt = 1, isFatal = True] "Configuring Mailbox role: Client Access service."
  7/5/2014 11:04:47 PM:set-InstallPathInAppConfig -ConfigFileRelativePath "ClientAccess\mapi\nspi\" -ConfigFileName web.config
  # [ID = ClientAccessComponent___abcab6b91ac844848c58b4ee66fcbea6, Wt = 1, isFatal = True] "Configuring Mailbox role: Client Access service."
  7/5/2014 11:04:47 PM:
              ."$RoleInstallPath\Scripts\Install-OutlookServiceVirtualDirectory.ps1";
  # [ID = ClientAccessComponent___9D94915F-B12D-4579-93EE-36B6DF42CF4A, Wt = 1, isFatal = True] "Configuring Mailbox role: Client Access service."
  7/5/2014 11:04:47 PM:
            $CommandAppCmd = join-path $env:SystemRoot System32\inetsrv\appcmd.exe;
            $MapiClientAccessPath = [System.IO.Path]::Combine($RoleInstallPath, "ClientAccess\mapi");
            $MapiMailboxClientAccessPath = [System.IO.Path]::Combine($RoleInstallPath, "ClientAccess\mapi\emsmdb");
            $clrConfigFilePath = [System.IO.Path]::Combine($RoleInstallPath, "bin", "MSExchangeMapiMailboxAppPool_CLRConfig.config");
            Start-SetupProcess -Name "$CommandAppCmd" -args "add apppool /name:MSExchangeMapiMailboxAppPool /autostart:true /managedRuntimeVersion:v4.0 /queueLength:65535 /CLRConfigFile:`"$clrConfigFilePath`" /managedRuntimeLoader:`"`"
  /processModel.identityType:LocalSystem /managedPipelineMode:Integrated /recycling.periodicRestart.time:00:00:00 /processModel.idleTimeout:00:00:00 /processModel.pingingEnabled:false /failure.rapidFailProtection:false" -IgnoreExitCode @(183);
            Start-SetupProcess -Name "$CommandAppCmd" -args "add vdir /app.name:`"Exchange Back End/`" /path:`"/mapi`" /physicalPath:`"$MapiClientAccessPath`"" -IgnoreExitCode @(183);
            Start-SetupProcess -Name "$CommandAppCmd" -args "add app /site.name:`"Exchange Back End`" /physicalPath:`"$MapiMailboxClientAccessPath`" /applicationPool:MSExchangeMapiMailboxAppPool /path:`"/mapi/emsmdb`""
  -IgnoreExitCode @(183);
            Start-SetupProcess -Name "$CommandAppCmd" -args "set config `"Exchange Back End/mapi/emsmdb`" /section:system.webServer/security/access /sslFlags:Ssl /commit:apphost";
            Start-SetupProcess -Name "$CommandAppCmd" -args "set config `"Exchange Back End/mapi/emsmdb`" /section:system.webServer/security/authentication/anonymousAuthentication /enabled:false /commit:apphost";
            Start-SetupProcess -Name "$CommandAppCmd" -args "set config `"Exchange Back End/mapi/emsmdb`" /section:system.webServer/security/authentication/basicAuthentication /enabled:false /commit:apphost";
            Start-SetupProcess -Name "$CommandAppCmd" -args "set config `"Exchange Back End/mapi/emsmdb`" /section:system.webServer/security/authentication/clientCertificateMappingAuthentication /enabled:false /commit:apphost";
            Start-SetupProcess -Name "$CommandAppCmd" -args "set config `"Exchange Back End/mapi/emsmdb`" /section:system.webServer/security/authentication/digestAuthentication /enabled:false /commit:apphost";
            Start-SetupProcess -Name "$CommandAppCmd" -args "set config `"Exchange Back End/mapi/emsmdb`" /section:system.webServer/security/authentication/iisClientCertificateMappingAuthentication /enabled:false /commit:apphost";
            Start-SetupProcess -Name "$CommandAppCmd" -args "set config `"Exchange Back End/mapi/emsmdb`" /section:system.webServer/security/authentication/windowsAuthentication /enabled:true /commit:apphost";
  # [ID = ClientAccessComponent___B551AAAC-0F36-428B-B1BB-3B9AFDC9EAEF, Wt = 1, isFatal = True] "Configuring Mailbox role: Client Access service."
  7/5/2014 11:04:50 PM:
            $CommandAppCmd = join-path $env:SystemRoot System32\inetsrv\appcmd.exe;
            $MapiClientAccessPath = [System.IO.Path]::Combine($RoleInstallPath, "ClientAccess\mapi");
            $MapiAddressBookClientAccessPath = [System.IO.Path]::Combine($RoleInstallPath, "ClientAccess\mapi\nspi");
            $clrConfigFilePath = [System.IO.Path]::Combine($RoleInstallPath, "bin", "MSExchangeMapiAddressBookAppPool_CLRConfig.config");
            Start-SetupProcess -Name "$CommandAppCmd" -args "add apppool /name:MSExchangeMapiAddressBookAppPool /autostart:true /managedRuntimeVersion:v4.0 /queueLength:65535 /CLRConfigFile:`"$clrConfigFilePath`" /managedRuntimeLoader:`"`"
  /processModel.identityType:LocalSystem /managedPipelineMode:Integrated /recycling.periodicRestart.time:00:00:00 /processModel.idleTimeout:00:00:00 /processModel.pingingEnabled:false /failure.rapidFailProtection:false" -IgnoreExitCode @(183);
            Start-SetupProcess -Name "$CommandAppCmd" -args "add vdir /app.name:`"Exchange Back End/`" /path:`"/mapi`" /physicalPath:`"$MapiClientAccessPath`"" -IgnoreExitCode @(183);
            Start-SetupProcess -Name "$CommandAppCmd" -args "add app /site.name:`"Exchange Back End`" /physicalPath:`"$MapiAddressBookClientAccessPath`" /applicationPool:MSExchangeMapiAddressBookAppPool /path:`"/mapi/nspi`""
  -IgnoreExitCode @(183);
            Start-SetupProcess -Name "$CommandAppCmd" -args "set config `"Exchange Back End/mapi/nspi`" /section:system.webServer/security/access /sslFlags:Ssl /commit:apphost";
            Start-SetupProcess -Name "$CommandAppCmd" -args "set config `"Exchange Back End/mapi/nspi`" /section:system.webServer/security/authentication/anonymousAuthentication /enabled:false /commit:apphost";
            Start-SetupProcess -Name "$CommandAppCmd" -args "set config `"Exchange Back End/mapi/nspi`" /section:system.webServer/security/authentication/basicAuthentication /enabled:false /commit:apphost";
            Start-SetupProcess -Name "$CommandAppCmd" -args "set config `"Exchange Back End/mapi/nspi`" /section:system.webServer/security/authentication/clientCertificateMappingAuthentication /enabled:false /commit:apphost";
            Start-SetupProcess -Name "$CommandAppCmd" -args "set config `"Exchange Back End/mapi/nspi`" /section:system.webServer/security/authentication/digestAuthentication /enabled:false /commit:apphost";
            Start-SetupProcess -Name "$CommandAppCmd" -args "set config `"Exchange Back End/mapi/nspi`" /section:system.webServer/security/authentication/iisClientCertificateMappingAuthentication /enabled:false /commit:apphost";
            Start-SetupProcess -Name "$CommandAppCmd" -args "set config `"Exchange Back End/mapi/nspi`" /section:system.webServer/security/authentication/windowsAuthentication /enabled:true /commit:apphost";
  # [ID = ClientAccessComponent___178FD1A31B5949A0B4A819E39311B1FD, Wt = 1, isFatal = True] "Configuring Mailbox role: Client Access service."
  7/5/2014 11:04:52 PM:
              $ExchangeLabsRegKey = 'HKLM:\SOFTWARE\Microsoft\ExchangeLabs'
              $E4eCertificateDistinguishedNameRegValueName = 'E4eCertificateDistinguishedName'
              if ($RoleDatacenterE4eCertificateDistinguishedName -ne $null)
                  New-ItemProperty -path "$ExchangeLabsRegKey" -Name $E4eCertificateDistinguishedNameRegValueName -Value $RoleDatacenterE4eCertificateDistinguishedName -Force
                  Write-ExchangeSetupLog -Info "Wrote registry key: $ExchangeLabsRegKey\$E4eCertificateDistinguishedNameRegValueName. value: $RoleDatacenterE4eCertificateDistinguishedName"
              else
                  Write-ExchangeSetupLog -Info "Could not write registry key: $ExchangeLabsRegKey\$E4eCertificateDistinguishedNameRegValueName. Value is null."
              $E4eServiceUrlRegValueName = 'E4eServiceUrl'
              if ($RoleDatacenterE4eServiceUrl -ne $null)
                  New-ItemProperty -path "$ExchangeLabsRegKey" -Name $E4eServiceUrlRegValueName -Value $RoleDatacenterE4eServiceUrl -Force
                  Write-ExchangeSetupLog -Info "Wrote registry key: $ExchangeLabsRegKey\$E4eServiceUrlRegValueName. value: $RoleDatacenterE4eServiceUrl"
              else
                  Write-ExchangeSetupLog -Info "Could not write registry key: $ExchangeLabsRegKey\$E4eServiceUrlRegValueName. Value is null."
  # [ID = ClientAccessComponent___240c7e5d07f941cfbe69a692dc33a31a, Wt = 1, isFatal = True] "Configuring Mailbox role: Client Access service."
  7/5/2014 11:04:52 PM:
            ."$RoleInstallPath\Scripts\ConfigureCafeResponseHeaders.ps1";
            CreateCustomHeadersNodeForBackend 'autodiscover'
            CreateCustomHeadersNodeForBackend 'ecp'
            CreateCustomHeadersNodeForBackend 'ews'  
            CreateCustomHeadersNodeForBackend 'oab'
            CreateCustomHeadersNodeForBackend 'owa'
            CreateCustomHeadersNodeForBackend 'powershell'
            CreateCustomHeadersNodeForBackend 'pushnotifications'
            CreateCustomHeadersNodeForBackend 'rpcproxy'
            CreateCustomHeadersNodeForBackend 'sync'
            CreateCustomHeadersNodeForBackend 'mapi\emsmdb'
            CreateCustomHeadersNodeForBackend 'mapi\nspi'
            CreateCustomHeadersNodeForBackend 'outlookservice'
  # [ID = ClientAccessComponent___75f8c93d15314369983d33ec0742e189, Wt = 1, isFatal = True] "Configuring Mailbox role: Client Access service."
  7/5/2014 11:04:53 PM:
            New-PushNotificationsVirtualDirectory -Role Mailbox -DomainController $RoleDomainController;
  # Tasks for 'POP/IMAP Backend Configuration' component
  # [ID = PopImapBeComponent___d91be94d83bb4dc28e1fbdf7d94ca60e, Wt = 1, isFatal = True] "Configuring the server."
  7/5/2014 11:05:05 PM:
            if (!(get-service MSExchangeIMAP4BE* | where {$_.name -eq "MSExchangeIMAP4BE"}))
              install-Imap4BeService
  # [ID = PopImapBeComponent___e2debc6ecabf457eb6f278096ad5102c, Wt = 1, isFatal = True] "Configuring the server."
  7/5/2014 11:05:06 PM:
            if (!(get-service MSExchangePOP3BE* | where {$_.name -eq "MSExchangePOP3BE"}))
              install-Pop3BeService
  # [ID = PopImapBeComponent___7ee4dbb3fe884d26bb3e060ac68061ee, Wt = 1, isFatal = True] "Configuring the server."
  7/5/2014 11:05:06 PM:
            $file = 'Microsoft.Exchange.Pop3Service.exe.config';
            $template = $file + '.template';
            $relPath = 'ClientAccess\PopImap';
            $fullPath = [System.IO.Path]::Combine($RoleInstallPath, $relPath);
            $fullFilePath = [System.IO.Path]::Combine($fullPath, $file);
            Set-InstallPathInAppConfig -ConfigFileRelativePath $relPath -ConfigFileName $template;
            Preserve-AppSettings -RoleInstallPath $fullPath -ConfigFileName $file;
            set-appconfigvalue -ConfigFileFullPath:$fullFilePath -Element:configuration/runtime/generatePublisherEvidence -Attribute:enabled -NewValue:false
  # [ID = PopImapBeComponent___9b86c2af9f364990aa196cb6e69905b6, Wt = 1, isFatal = True] "Configuring the server."
  7/5/2014 11:05:06 PM:
            $file = 'Microsoft.Exchange.Pop3.exe.config';
            $template = $file + '.template';
            $relPath = 'ClientAccess\PopImap';
            $fullPath = [System.IO.Path]::Combine($RoleInstallPath, $relPath);
            Set-InstallPathInAppConfig -ConfigFileRelativePath $relPath -ConfigFileName $template;
            Preserve-AppSettings -RoleInstallPath $fullPath -ConfigFileName $file;
  # [ID = PopImapBeComponent___01c604c08fd6402e9de6b3c45e3431c8, Wt = 1, isFatal = True] "Configuring the server."
  7/5/2014 11:05:06 PM:
            $file = 'Microsoft.Exchange.Imap4Service.exe.config';
            $template = $file + '.template';
            $relPath = 'ClientAccess\PopImap';
            $fullPath = [System.IO.Path]::Combine($RoleInstallPath, $relPath);
            $fullFilePath = [System.IO.Path]::Combine($fullPath, $file);
            Set-InstallPathInAppConfig -ConfigFileRelativePath $relPath -ConfigFileName $template;
            Preserve-AppSettings -RoleInstallPath $fullPath -ConfigFileName $file;
            set-appconfigvalue -ConfigFileFullPath:$fullFilePath -Element:configuration/runtime/generatePublisherEvidence -Attribute:enabled -NewValue:false
  # [ID = PopImapBeComponent___2528980001a444fcb7097d123e879728, Wt = 1, isFatal = True] "Configuring the server."
  7/5/2014 11:05:06 PM:
            $file = 'Microsoft.Exchange.Imap4.exe.config';
            $template = $file + '.template';
            $relPath = 'ClientAccess\PopImap';
            $fullPath = [System.IO.Path]::Combine($RoleInstallPath, $relPath);
            Set-InstallPathInAppConfig -ConfigFileRelativePath $relPath -ConfigFileName $template;
            Preserve-AppSettings -RoleInstallPath $fullPath -ConfigFileName $file;
  # [ID = PopImapBeComponent___bbfdc492aaf748298977cb9b98e00029, Wt = 1, isFatal = True] "Configuring the server."
  7/5/2014 11:05:07 PM:install-Imap4Container -Name:"IMAP4" -DomainController $RoleDomainController
  # [ID = PopImapBeComponent___091c98cfe0f145189c0966717496795e, Wt = 1, isFatal = True] "Configuring the server."
  7/5/2014 11:05:07 PM:install-Pop3Container -Name:"POP3" -DomainController $RoleDomainController
  # [ID = PopImapBeComponent___42cb9f4ac2924c27b6ebf60b92a03628, Wt = 1, isFatal = True] "Configuring the server."
  7/5/2014 11:05:07 PM:new-ImapSettings -DomainController $RoleDomainController -ExchangePath $RoleInstallPath
  # [ID = PopImapBeComponent___181f5361a5df4e7ca009f21f26f8c0d5, Wt = 1, isFatal = True] "Configuring the server."
  7/5/2014 11:05:07 PM:new-PopSettings -DomainController $RoleDomainController -ExchangePath $RoleInstallPath
  # Tasks for 'ClientAccessExchangeCertificate' component
  # [ID = ClientAccessExchangeCertificate___fb5e9028e669404d94dba90aace8c2f9, Wt = 1, isFatal = True] "Installing Client Access server certificates."
  7/5/2014 11:05:07 PM:
            Install-ExchangeCertificate -WebSiteName "Exchange Back End" -services "IIS, POP, IMAP" -DomainController $RoleDomainController -InstallInTrustedRootCAIfSelfSigned $true
            if ($RoleIsDatacenter -ne $true -And $RoleIsPartnerHosted -ne $true)
              Install-AuthCertificate -DomainController $RoleDomainController

• EXchange 2010 & 2013 Co-existence

  Hi,
  I have Exchange 2010 Running currently in 3 Sites. Now I have to introduce Exchange 2013 CU6 on 4th Site (Same Exchange ORg) and migrate all E2k10 Mailboxes to E2k13.
  My Questions is ... What would be the Internal Hostname that I need to mentioned in E2k10 server in Out Look Anywhere ?
  Note: I am using Existing OWA & Autodiscover URL which is running for E2k10 server mai.abc.com & Autodiscover.abc.com .
  On E2k13 I have set External & Internal URL for Outlook anywhere is mail.abc.com .
  I am using E2k10 certificate on E2k13 server as it having same DNS name space mentioned.
  Please suggest !! 
  Amit

  Hi,
  I have Exchange 2010 Running currently in 3 Sites. Now I have to introduce Exchange 2013 CU6 on 4th Site (Same Exchange ORg) and migrate all E2k10 Mailboxes to E2k13.
  My Questions is ... What would be the Internal Hostname that I need to mentioned in E2k10 server in Out Look Anywhere ?
  Note: I am using Existing OWA & Autodiscover URL which is running for E2k10 server mai.abc.com & Autodiscover.abc.com .
  On E2k13 I have set External & Internal URL for Outlook anywhere is mail.abc.com .
  I am using E2k10 certificate on E2k13 server as it having same DNS name space mentioned.
  Please suggest !! 
  Amit
  You wouldn't need to define an internal host. It can be set to the internal FQDN of the 2010 CAS itself. or set to the same as the external hostname if using split DNS.
  Twitter!: Please Note: My Posts are provided “AS IS” without warranty of any kind, either expressed or implied.

• Ports Required to open between Exchange 2010 & 2013

  Hi,
  I have to introduce Exchange 2013 into Exchange 2010 environment that is in same Organization. There are 3 sites connected on which Exchange 2010 installed and 4 site will be Exchange 2013 and then mailbox will migrate to E2k13 servers.
  All 4 sites and connected to MPLS link, please let me know what ports are required to open for Communication between mail flow. 
  From Internet OWA : 443 & 25 is sufficient for Mail flow.
  Amit

  Exchange does not support blocking any ports between individual Exchange Servers as well as Exchange to DC communication, so for internal communication everything has to be opened.  
  If you are just talking client traffic (OWA, ActiveSync, Outlook Anywhere) and smtp mail traffic from external sources, then you should only need 443 (client traffic) and 25 (smtp traffic). 
  https://social.technet.microsoft.com/Forums/en-US/bc21b467-76bb-4c86-b7e1-21daa82cc37a/ports-required-for-exchange-2013-installation?forum=exchangesvrdeploy

• Exchange 2010 SP3 Installation Failed. - Error While Locating Source (Windows Installer)

  Hey Guys,
  Urgent question here:  I was trying to install SP3 for Exchange 2010. Unfortunately it failed on the install (all pre-requisites checked and passed). The problem: Windows Installer couldn't find a the exchangeserver.msi file. This happened immediately
  after setup stopped the services.
  I tried re-downloading the service pack and reinstalling, I got the same error. Anytime I selected the file using browse it failed and re-prompted me.
  Error:
  "click ok to try again or enter an alternate path to a folder containing the installation package "exchangeserver.msi" in the box below"
  So here is what I did:
  1) I reset all the services to automatic (the same way as before)
  2) Rebooted the server
  3) All Service started
  4) DAG replication is working
  I am going to work on figuring out how to fix the issue, however will this be a problem? will there be any data corruption? am I safe to let the server sit until I can open a ticket (if needed) ?
  Thanks,
  Robert
  Robert

  Hi,
  Thank you for your question.
  In order to resolve it, we could click the Browse button in the dialog box, locate the ExchangeServer.msi file, and then click OK
  to continue the installation. The ExchangeServer.msi file is located on the Exchange Server 2010 installation media。
  There are a referred link for us:
  https://support.microsoft.com/en-us/kb/2888399
  If there are any questions regarding this issue, please be free to let me know. 
  Best Regard,
  Jim
  Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected]
  Jim Xu
  TechNet Community Support

• When does a work cycle on a mailbox server actually start in Exchange 2010/2013?

  So the question came up in work today as to when a work cycle on a mailbox server (e.g. ManagedFolderWorkCycle) actually starts. For example if it's set for 7 days, what 7 days does it choose? Is the first day the day the server was last
  restarted? Or is it the day the MSExchangeMailboxAssistants service was restarted? Is there some set day and hour considered the start? Or something else i'm not thinking of? I've checked various technet
  library articles but it doesn't state how the exact start date and time is derived.

  Hi Iczersigma,
  According to your description, it seems ManagedFolderAssistantSchedule
  that Ed mentioned is the great method to specify the date of service restarting. And I notice that this parameter also used in both Exchange 2010 and Exchange 2013, not only for 2010 RTM.
  Detailed information about this parameter as below:
  The ManagedFolderAssistantSchedule parameter specifies the intervals each week during which the Managed Folder Assistant applies messaging records management (MRM) settings to managed folders. The format is StartDay.Time-EndDay.Time. You can use the following values for the start and end days:
  •Full name of the day
  •Abbreviated name of the day
  •Integer from 0 through 6, where 0 = Sunday
  The start time and end time must be at least 15 minutes apart. Minutes are rounded down to 0, 15, 30, or 45. If you specify more than one interval, there must be at least 15 minutes between each interval.
  The following are examples:
  •"Sun.11:30 PM-Mon.1:30 AM"
  •6.22:00-6.22:15 (The assistant will run from Saturday at 10:00 PM until Saturday at 10:15 PM.)
  •"Monday.4:30 AM-Monday.5:30 AM","Wednesday.4:30 AM-Wednesday.5:30 AM" (The assistant will run on Monday and Wednesday mornings from 4:30 until 5:30.)
  •"Sun.1:15 AM-Monday.23:00"
  If the managed folder assistant doesn't finish processing the mailboxes on the server during the time that you've scheduled, it automatically resumes processing where it left off the next time it runs.
  For your reference:
  http://technet.microsoft.com/en-us/library/aa998651(v=exchg.150).aspx
  http://technet.microsoft.com/en-us/library/aa998651(v=exchg.141).aspx
  Thanks
  If you have feedback for TechNet Subscriber Support, contact
  [email protected]
  Mavis Huang
  TechNet Community Support