Exchange 2010 Receive Connector gets 530 5.7.1 Not Authenticated Error

Similar Messages

• Exchange 2010 Receive Connector intermittently getting an SMTP RSET from sending SMTP servers causing missing user email

  Users are receiving about 95% of their messages from sending SMTP servers. Intermittently, sending SMTP servers send the Exchange 2010 Server a SMTP RSET command for no apparent reason. The RSET Command (by SMTP specification) causes the Exchange 2010 Server
  to drop the message. The sending SMTP servers then do not resend the message after asking the Exchange server to drop the message. This means the message is marked as Sent by the sending servers but the dropped messages never show up in the users' Outlook
  inbox.
  Exchange 2010 Version 14.3 (Build 123.4)
  Roles: Hub Transport, Client Access, Mailbox
  What is going on?
  Exchange Receive Connector log showing a RSET example:
  2014-07-17T12:47:07.370Z,A1-S1\Windows SBS Internet Receive A1-S1,08D16FD38F3D3355,1,10.80.120.15:25,65.99.255.73:53479,*,SMTPSubmit SMTPAcceptAnySender SMTPAcceptAuthoritativeDomainSender AcceptRoutingHeaders,Set Session Permissions
  2014-07-17T12:47:07.370Z,A1-S1\Windows SBS Internet Receive A1-S1,08D16FD38F3D3355,2,10.80.120.15:25,65.99.255.73:53479,>,"220 vpn.a1expediting.com Microsoft ESMTP MAIL Service ready at Thu, 17 Jul 2014 08:47:06 -0400",
  2014-07-17T12:47:07.480Z,A1-S1\Windows SBS Internet Receive A1-S1,08D16FD38F3D3355,3,10.80.120.15:25,65.99.255.73:53479,<,EHLO inbound37.exchangedefender.com,
  2014-07-17T12:47:07.480Z,A1-S1\Windows SBS Internet Receive A1-S1,08D16FD38F3D3355,4,10.80.120.15:25,65.99.255.73:53479,>,250-vpn.a1expediting.com Hello [65.99.255.73],
  2014-07-17T12:47:07.480Z,A1-S1\Windows SBS Internet Receive A1-S1,08D16FD38F3D3355,5,10.80.120.15:25,65.99.255.73:53479,>,250-SIZE 52428800,
  2014-07-17T12:47:07.480Z,A1-S1\Windows SBS Internet Receive A1-S1,08D16FD38F3D3355,6,10.80.120.15:25,65.99.255.73:53479,>,250-PIPELINING,
  2014-07-17T12:47:07.480Z,A1-S1\Windows SBS Internet Receive A1-S1,08D16FD38F3D3355,7,10.80.120.15:25,65.99.255.73:53479,>,250-DSN,
  2014-07-17T12:47:07.480Z,A1-S1\Windows SBS Internet Receive A1-S1,08D16FD38F3D3355,8,10.80.120.15:25,65.99.255.73:53479,>,250-ENHANCEDSTATUSCODES,
  2014-07-17T12:47:07.480Z,A1-S1\Windows SBS Internet Receive A1-S1,08D16FD38F3D3355,9,10.80.120.15:25,65.99.255.73:53479,>,250-AUTH,
  2014-07-17T12:47:07.480Z,A1-S1\Windows SBS Internet Receive A1-S1,08D16FD38F3D3355,10,10.80.120.15:25,65.99.255.73:53479,>,250-8BITMIME,
  2014-07-17T12:47:07.480Z,A1-S1\Windows SBS Internet Receive A1-S1,08D16FD38F3D3355,11,10.80.120.15:25,65.99.255.73:53479,>,250-BINARYMIME,
  2014-07-17T12:47:07.480Z,A1-S1\Windows SBS Internet Receive A1-S1,08D16FD38F3D3355,12,10.80.120.15:25,65.99.255.73:53479,>,250 CHUNKING,
  2014-07-17T12:47:07.511Z,A1-S1\Windows SBS Internet Receive A1-S1,08D16FD38F3D3355,13,10.80.120.15:25,65.99.255.73:53479,<,MAIL FROM:<[email protected]> SIZE=165270,
  2014-07-17T12:47:07.511Z,A1-S1\Windows SBS Internet Receive A1-S1,08D16FD38F3D3355,14,10.80.120.15:25,65.99.255.73:53479,*,08D16FD38F3D3355;2014-07-17T12:47:07.370Z;1,receiving message
  2014-07-17T12:47:07.511Z,A1-S1\Windows SBS Internet Receive A1-S1,08D16FD38F3D3355,15,10.80.120.15:25,65.99.255.73:53479,>,250 2.1.0 Sender OK,
  2014-07-17T12:47:07.558Z,A1-S1\Windows SBS Internet Receive A1-S1,08D16FD38F3D3355,16,10.80.120.15:25,65.99.255.73:53479,<,RCPT TO:<[email protected]> ORCPT=rfc822;[email protected],
  2014-07-17T12:47:07.558Z,A1-S1\Windows SBS Internet Receive A1-S1,08D16FD38F3D3355,17,10.80.120.15:25,65.99.255.73:53479,>,250 2.1.5 Recipient OK,
  2014-07-17T12:47:10.496Z,A1-S1\Windows SBS Internet Receive A1-S1,08D16FD38F3D3355,18,10.80.120.15:25,65.99.255.73:53479,<,RSET,
  2014-07-17T12:47:10.496Z,A1-S1\Windows SBS Internet Receive A1-S1,08D16FD38F3D3355,19,10.80.120.15:25,65.99.255.73:53479,>,250 2.0.0 Resetting,
  2014-07-17T12:47:10.559Z,A1-S1\Windows SBS Internet Receive A1-S1,08D16FD38F3D3355,20,10.80.120.15:25,65.99.255.73:53479,<,QUIT ,
  2014-07-17T12:47:10.559Z,A1-S1\Windows SBS Internet Receive A1-S1,08D16FD38F3D3355,21,10.80.120.15:25,65.99.255.73:53479,>,221 2.0.0 Service closing transmission channel,
  Daniel

  Hi,
  According to the receive connector log, your emails were failed to be deliverd with DNR. If I misudnerstand the meaning, please feel free to let me know.  If yes, I'd like to confirm the detail information in the DNR to narrow down the
  cause.
  Additionally, based on my research, the RSET command performs an SMTP reset, and then aborts the message that is currently being sent. Thus, the log didn't provide more information for troubleshooting. Is there any other error in your event log? please check
  the event log when the issue happens again.
  Thanks,
  Angela Shi
  TechNet Community Support

• Exchange 2010 Send Connector to postfix (v. 2.11) smarthost uses STARTTLS and cannot connect

  Dear all,
  I am having problems with exchange 2010 sending emails through a postfix smarthost server which disconnects the sessions. I also use a sendmail as a smarthost
  server which is working just fine but I have to switch to postfix and cannot do this as long as the encryption does not work.
  Here is the log file of the postfix server:
  Jan  4 14:18:59 server7 postfix/smtpd[1659]: initializing the server-side TLS engine
  Jan  4 14:18:59 server7 postfix/smtpd[1659]: connect from server1.mydomain.com[192.168.20.10]
  Jan  4 14:18:59 server7 postfix/smtpd[1659]: setting up TLS connection from server1.mydomain.com[192.168.20.10]
  Jan  4 14:18:59 server7 postfix/smtpd[1659]: server1.mydomain.com[192.168.20.10]: TLS cipher list "aNULL:-aNULL:ALL:+RC4:@STRENGTH"
  Jan  4 14:18:59 server7 postfix/smtpd[1659]: SSL_accept:before/accept initialization
  Jan  4 14:18:59 server7 postfix/smtpd[1659]: read from 7F4823FA5210 [7F4823FAB1B0] (11 bytes => -1 (0xFFFFFFFFFFFFFFFF))
  Jan  4 14:18:59 server7 postfix/smtpd[1659]: read from 7F4823FA5210 [7F4823FAB1B0] (11 bytes => 11 (0xB))
  Jan  4 14:18:59 server7 postfix/smtpd[1659]: 0000 16 03 01 00 5a 01 00 00|56 03 01                 ....Z... V..
  Jan  4 14:18:59 server7 postfix/smtpd[1659]: read from 7F4823FA5210 [7F4823FAB1BE] (84 bytes => 84 (0x54))
  Jan  4 14:18:59 server7 postfix/smtpd[1659]: 0000 54 a9 3d b9 0d 5e 8b 64|7c 6b b5 21 f2 93 e7 84  T.=..^.d |k.!....
  Jan  4 14:18:59 server7 postfix/smtpd[1659]: 0010 17 ea 33 d7 e5 13 f2 75|3a 87 38 32 01 85 82 5b  ..3....u :.82...[
  Jan  4 14:18:59 server7 postfix/smtpd[1659]: 0020 00 00 18 00 2f 00 35 00|05 00 0a c0 13 c0 14 c0  ..../.5. ........
  Jan  4 14:18:59 server7 postfix/smtpd[1659]: 0030 09 c0 0a 00 32 00 38 00|13 00 04 01 00 00 15 ff  ....2.8. ........
  Jan  4 14:18:59 server7 postfix/smtpd[1659]: 0040 01 00 01 00 00 0a 00 06|00 04 00 17 00 18 00 0b  ........ ........
  Jan  4 14:18:59 server7 postfix/smtpd[1659]: 0050 00 02 01                                         ...
  Jan  4 14:18:59 server7 postfix/smtpd[1659]: 0053 - <SPACES/NULLS>
  Jan  4 14:18:59 server7 postfix/smtpd[1659]: SSL_accept:SSLv3 read client hello A
  Jan  4 14:18:59 server7 postfix/smtpd[1659]: SSL_accept:SSLv3 write server hello A
  Jan  4 14:18:59 server7 postfix/smtpd[1659]: SSL_accept:SSLv3 write certificate A
  Jan  4 14:18:59 server7 postfix/smtpd[1659]: SSL_accept:SSLv3 write key exchange A
  Jan  4 14:18:59 server7 postfix/smtpd[1659]: SSL_accept:SSLv3 write server done A
  Jan  4 14:18:59 server7 postfix/smtpd[1659]: write to 7F4823FA5210 [7F4823FB8B70] (1911 bytes => 1911 (0x777))
  Jan  4 14:18:59 server7 postfix/smtpd[1659]: 0774 - <SPACES/NULLS>
  Jan  4 14:18:59 server7 postfix/smtpd[1659]: SSL_accept:SSLv3 flush data
  Jan  4 14:18:59 server7 postfix/smtpd[1659]: read from 7F4823FA5210 [7F4823FAC803] (5 bytes => 0 (0x0))
  Jan  4 14:18:59 server7 postfix/smtpd[1659]: SSL_accept:failed in SSLv3 read client certificate A
  Jan  4 14:18:59 server7 postfix/smtpd[1659]: SSL_accept error from server1.mydomain.com[192.168.20.10]: lost connection
  Jan  4 14:18:59 server7 postfix/smtpd[1659]: lost connection after STARTTLS from server1.mydomain.com[192.168.20.10]
  Jan  4 14:18:59 server7 postfix/smtpd[1659]: disconnect from server1.mydomain.com[192.168.20.10]
  I
  have read in the post at https://social.technet.microsoft.com/Forums/exchange/en-US/6db38364-cb08-45c0-b159-3ddf30ef0b3e/exchange-2010-send-connector-uses-ssltls-and-cannot-connect-to-smarthost-how-to-deactivate-ssl?forum=exchange2010
  how to deactivate the SSL encryption, but this is of course a security flaw, if I am not mistaken. I would like to encrypt the connection between the servers for obvious security
  reasons but I have come to a standstill...
  My Exchange server certificate is configured
  as follows:
  AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System.Security.AccessControl.CryptoKeyAcc
                       ule, System.Security.AccessControl.CryptoKeyAccessRule, System.Security.AccessControl.CryptoKe
                       essRule}
  CertificateDomains : {server1, server1.solid-con.com}
  HasPrivateKey      : True
  IsSelfSigned       : True
  Issuer             : CN=server1
  NotAfter           : 22/01/2017 13:18:02
  NotBefore          : 22/01/2012 13:18:02
  PublicKeySize      : 2048
  RootCAType         : None
  SerialNumber       : 6925D91285B649BD4D5E4297F1A48471
  Services           : IMAP, POP, IIS, SMTP
  Status             : Valid
  Subject            : CN=server1
  Thumbprint         : 939A37173BF84E352CEDC74F7D9A3D71F498A005
  AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System.Security.AccessControl.CryptoKeyAcc
                       ule, System.Security.AccessControl.CryptoKeyAccessRule}
  CertificateDomains : {WMSvc-SERVER1}
  HasPrivateKey      : True
  IsSelfSigned       : True
  Issuer             : CN=WMSvc-SERVER1
  NotAfter           : 19/01/2022 12:56:44
  NotBefore          : 22/01/2012 12:56:44
  PublicKeySize      : 2048
  RootCAType         : Registry
  SerialNumber       : 1DB8711F7ADC5CB54196468EF2FF5D21
  Services           : None
  Status             : Valid
  Subject            : CN=WMSvc-SERVER1
  Thumbprint         : 191D86BDE274510453D58DDB91D253DABBCF05F1
  And My Default Send Connector is configured as follows:
  AddressSpaces                : {SMTP:*;1}
  AuthenticationCredential     : System.Management.Automation.PSCredential
  Comment                      :
  ConnectedDomains             : {}
  ConnectionInactivityTimeOut  : 00:10:00
  DNSRoutingEnabled            : False
  DomainSecureEnabled          : False
  Enabled                      : True
  ErrorPolicies                : Default
  ForceHELO                    : False
  Fqdn                         :
  HomeMTA                      : Microsoft MTA
  HomeMtaServerId              : SERVER1
  Identity                     : Internet
  IgnoreSTARTTLS               : False
  IsScopedConnector            : False
  IsSmtpConnector              : True
  LinkedReceiveConnector       :
  MaxMessageSize               : unlimited
  Name                         : Internet
  Port                         : 25
  ProtocolLoggingLevel         : None
  RequireOorg                  : False
  RequireTLS                   : False
  SmartHostAuthMechanism       : None
  SmartHosts                   : {server7.mydomain.com, server6.mydomain.com}
  SmartHostsString             : server7.mydomain.com,server6.mydomain.com
  SmtpMaxMessagesPerConnection : 20
  SourceIPAddress              : 0.0.0.0
  SourceRoutingGroup           : Exchange Routing Group (DWBGZMFD01QNBJR)
  SourceTransportServers       : {SERVER1}
  TlsAuthLevel                 :
  TlsDomain                    :
  UseExternalDNSServersEnabled : False
  Any help would be greatly appreciated as I am
  stuck...
  Luca

  Hi Allen,
  Thank you very much for your reply.
  The Postfix TLS Manager is enabled in master.cf
  tlsmgr    unix  -       -       n       1000?   1       tlsmgr
  and running
  server7:/etc/postfix # ps -efa|grep tls
  postfix  11967 11863  0 11:21 ?        00:00:00
  tlsmgr -l -t unix -u
  Every other (Linux/UNIX) server has no problem e.g.:
  Jan  5 11:28:36 server7 postfix/smtpd[12215]: connect from server2.mydomain.com[192.168.20.20]
  Jan  5 11:28:36 server7 postfix/smtpd[12215]: Anonymous TLS connection established from server2.mydomain.com[192.168.20.20]: TLSv1 with cipher DHE-DSS-AES256-SHA (256/256 bits)
  Jan  5 11:28:36 server7 postfix/smtpd[12215]: B5502946AB0: client=server2.mydomain.com[192.168.20.20]
  Jan  5 11:28:36 server7 postfix/cleanup[12221]: B5502946AB0: message-id=<[email protected]>
  Jan  5 11:28:36 server7 postfix/qmgr[12200]: B5502946AB0: from=<[email protected]>, size=1026, nrcpt=1 (queue active)
  Jan  5 11:28:36 server7 postfix/smtpd[12215]: disconnect from server2.mydomain.com[192.168.20.20]
  Jan  5 11:28:37 server7 postfix/smtpd[12225]: connect from localhost[127.0.0.1]
  Jan  5 11:28:37 server7 postfix/smtpd[12225]: 4076A946AB1: client=localhost[127.0.0.1]
  Jan  5 11:28:37 server7 postfix/cleanup[12221]: 4076A946AB1: message-id=<[email protected]>
  Jan  5 11:28:37 server7 postfix/qmgr[12200]: 4076A946AB1: from=<[email protected]>, size=1778, nrcpt=1 (queue active)
  Jan  5 11:28:37 server7 postfix/smtpd[12225]: disconnect from localhost[127.0.0.1]
  Jan  5 11:28:37 server7 postfix/smtp[12222]: B5502946AB0: to=<[email protected]>, relay=127.0.0.1[127.0.0.1]:10024, delay=0.54, delays=0.05/0.01/0.01/0.47, dsn=2.0.0, status=sent
  (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 4076A946AB1)
  Jan  5 11:28:37 server7 postfix/qmgr[12200]: B5502946AB0: removed
  Jan  5 11:28:37 server7 postfix/cleanup[12221]: 4401F946AB0: message-id=<[email protected]>
  Jan  5 11:28:37 server7 postfix/qmgr[12200]: 4401F946AB0: from=<[email protected]>, size=1920, nrcpt=1 (queue active)
  Jan  5 11:28:37 server7 postfix/local[12226]: 4076A946AB1: to=<[email protected]>, relay=local, delay=0.02, delays=0/0.01/0/0, dsn=2.0.0, status=sent (forwarded as 4401F946AB0)
  Jan  5 11:28:37 server7 postfix/qmgr[12200]: 4076A946AB1: removed
  Jan  5 11:28:37 server7 postfix/smtp[12227]: Untrusted TLS connection established to 192.168.20.10[192.168.20.10]:25: TLSv1 with cipher AES128-SHA (128/128 bits)
  Jan  5 11:28:37 server7 postfix/smtp[12227]: 4401F946AB0: to=<[email protected]>, orig_to=<[email protected]>, relay=192.168.20.10[192.168.20.10]:25,
  delay=0.29, delays=0/0.01/0.02/0.25, dsn=2.6.0, status=sent (250 2.6.0 <[email protected]> [InternalId=619] Queued
  mail for delivery)
  Jan  5 11:28:37 server7 postfix/qmgr[12200]: 4401F946AB0: removed
  and if you take a look at the lines in bold you will see that mails can be delivered over TLS to that very Exchange server (the mailboxes are on that server)...
  To summarise:
  exchange --> postfix with TLS = session disconnected (and everything seems to be initiated by the exchange server -if I read the logs correctly)
  postfix --> exchange with TLS = works
  any further hints?
  Thank you very much in advance,
  Luca

• I'm getting a message "404 (page not found error)" I think I entered an incorrect URL into my browser's address bar. How do I fix that?

  I was trying to post a comment on a support group site. I was asked what web address I was using, or something along those lines. In hindsight, I stupidly typed a '?' and pressed send. Now, when I try to access that site I get the message "404 (page not found error)
  If you're the site owner, one of two things happened:
  1. 1) You entered an incorrect URL into your browser's address bar, or
  2. 2) You haven't uploaded content."
  How can I fix this.

  I spoke with a Dell technician about this problem. He tried to access the site in question from his computer, i.e. separate from my computer, and he also got the same "404 (page not found error)". He said the problem lies with the site itself, not my computer, and that I should notify the site. Problem is I can't notify the site if I can't access it.

• Exchange Server 2010 - Receive Connector for Client Computers

  I have one customer with a SBS 2011 with Exchange Server 2010 - a pretty standard setup except for some customisation with Receive Connectors in order to cater for an application which is installed on a number of computers that requires to use an SMTP Server
  to send notifications. In order to accomplish this (allow to be sent using Exchange Server) we added the IP Address of client computer (which we also set as a DHCP reservation) to a pre-configured Receive Connector (Anonymous setup for Printer/Scanner).
  This worked fine, but we now find that there are other applications that require the same function to use SMTP to send.
  How should/could this be better configured so an application can send if they authenticate?

  Hi 
  For this  you need to create a seperate receive connector to be used for Relay in your organizations.
  Follow the below steps
  1) Create a dedicated Relay Receive Connector
  2) Add only the Ip addresses of the applications which needs to relay on Exchange servers 
  3) You can use either anonymous or authenticated relay according to your relay config
  You can follow the below link as well
  http://exchangequery.com/2013/12/02/steps-to-configure-anonymous-and-authenticated-relay-in-exchange-2013/
  Remember to mark as helpful if you find my contribution useful or as an answer if it does answer your question.That will encourage me - and others - to take time out to help you Check out my latest blog posts on http://exchangequery.com Thanks Sathish
  (MVP)

• Migrate from 2003 to 2010 - Receive Connector Authentication

  I'm in the process of upgrading a remote office from Exchange 2003 to Exchange 2010.  Today, we changed the IP's on their firewall so that 2010 Hub Transport is handling mail.  Normally, I always create a new Receive Connector for receiving mail
  from the internet.  I leave it as Anonymous users only and receive on internal IP of the server.
  When I send an e-mail from the internet to a 2010 user, the mail is delivered fine, I'm assuming through the new "Anonymous" access connector I created.  However, when I send e-mail from the internet to a 2003 user, I get the following NDR
  with this error:
  Reason: 530 5.7.1 Client was not authenticated
  I was able to fix the problem by adding Anonymous authentication to the Default receive connector.  I'm wondering why this connector is being chosen over the Internet connector though, and why only for 2003 users?  Is it bad to leave the Default
  Connector allowing anonymous access?  I've always left that connector alone and created a new Internet connector which has seemed to work in the past.

  Hi,
  According to your description, exchange 2010 like a relay server, and relay the email to exchange 2003 when you send a email from the internet to a 2003 user.
  As Ed mentioned, when you add the correct IP address where the traffic comes from on the receive connector, then it would ensure that the correct receive connector would be used.
  The following article for your reference:
  Resolve 530 5.7.1 Client was not authenticated
  Hope this helps!
  Thanks.
  Niko Cheng
  TechNet Community Support

• Exchange 2010 SMTP Connector

  Hello,
  We are having an issue with our exchange 2010 hub transport server and its external SMTP connector.  We use an external DNS CNAME as the smart host, this works on 2003 (As a FQDN of the host, not a smart host) but we receive DNS query failures on 2010.
  We can successfully route to the relay if we use an A record but an CNAME doesn't seem to work, is this as per design? Can we only use A records or IPs?
  Thanks

  You mean Send Connector, right?  (SMTP Connector is an Exchange 2000 or 2003 thing.)
  Are you sure you entered the CNAME correctly in the connector properties?  Can you ping the smart host or establish a telnet session over port 25?
  I've never heard of that issue before.  You might consider opening a ticket with Microsoft Support.
  Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."

• Exchange 2010 - Send Connector High Availability

  Hi All,
  I performed a successful migration a few years back from a single node Exchange 2003 server to a two node Exchange 2010 organisation with a DAG and Kemp load balanced CAS array.  The solution works well and when we simulate a site failure
  I am able to get the second node to handle all mail functions.
  The one problem I have though is that I have to manually disable the send connector on the primary server in order for the one on the secondary server to be in use.  I should explain that I have two send connectors as I do not want the secondary server
  to be used unless the primary server is down or the route is unavailable.  I realise that Exchange 2010 does not know whether the SMTP route is down or not so will just continue trying to use the send connector from the primary server (until I tell it
  not to by disabling it).
  My question is how do I get this to happen automatically?  Does anyone else have an example of how this could be done or use a PowerShell script to achieve this?  I guess a script could check the route and disable the send connector on the primary
  server if necessary, but how would one do this?
  Any help greatly appreciated.
  Rob

  Hi,
  According to your description, your secondary send connector cannot be automatically used when the first one is down. If I misunderstand your meaning, please feel free to let me know.
  If yes, I’d like to confirm if the settings of the secondary one is same with the first one and we can check the connectivity logs including diagnostic information for Healthy Server Selector.
  For more information, you can refer to the following article:
  http://technet.microsoft.com/en-us/library/ff634392(v=exchg.141).aspx
  Thanks,
  Angela Shi
  TechNet Community Support

• Exchange 2007 Receive Connector

  Hi, We are using Exchange Server 2007 and are using Receive Connectors to allow application servers to relay emails both internally and externally. I would like to make sure that the application servers can send email only to the internal users and not outside
  users. I would like to know how can I achieve this. Any suggestion would be welcome.
  - Fazal Ur Rehman Shah
  Fazal Ur Rehman Shah | Senior Consultant

  Hi Fazal,
  Thank you for your question.
  We could refer to the following steps to create transport rule:
  Navigate EMC-Organization Configuration-Hub Transport-Transport Rules
  Click “New Transport Rule” and type transport rule name which is “Restrict to Internet”
  In Conditions, Click “from people” and type
  [email protected]
  In Conditions, Click “sent to users inside or outside the organization” and choose “Outside”
  In Actions, choose “silently drop the message”
  Then we could enable this transport rule
  If there are any questions regarding this issue, please be free to let me know. 
  Best Regard,
  Jim
  Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected]
  Jim Xu
  TechNet Community Support

• Exchange 2010 mailbox moves get stalled

  I am Experiencing an issue with Exchange 2010 SP3 UR2 two node DAG environment (server01 and server02). While moving mailboxes from old Exchange 2007 environment I get following errors.
  Move for mailbox xxxxxxxxxxxx is stalled because DataMoveReplicationConstraint is not satisfied for the database 'MDB01' (agent MailboxDatabaseReplication). Failure Reason: Database does not satisfy constraint SecondCopy. Throttling completion as database copies
  are falling behind.
  Get-MailboxDatabaseCopyStatus informs me that server02 Copy and ReplayQueue length on the passive copy are getting big (from 10-500) while moving and the throttling will always pause the move for a while and then start again until it stops again because the
  second copy is falling behind. This only happens when I move mailboxes to databases that have active copy of the database on my server01 and passive on server 02. If the active copy is moved to server02 and server01 is the passive copy this does not happen.
  So this leads to a conclusion that there is something wrong with server02 replication from server01.
  I've traced the replication network and there are no issues. What could be the reason that only the second node suffers from falling back during moves? I would not like to se the datamovereplicationconstraint value to none since this is the only Exhchange
  2010 DAG environment where I am facing this issue and the replication should keep up while mailbox moves.

  Hello,
  " I would not like to see the datamovereplicationconstraint value to none". Do you mean you set
  DataMoveReplicationConstraint to SecondCopy? If so, I recommend you use test-replicationhealth cmdlet to check all aspects of the replication and replay status.
  Please check if you
  configure a lagged database copy.
  Please check if there is a witness server, and whether the witness is online.
  If not, please set DataMoveReplicationConstraint to SecondCopy.
  Besides, please check if there is any error in application log.
  Here are some articles for your reference.
  http://technet.microsoft.com/en-us/library/dd335158(v=exchg.150).aspx
  http://blogs.technet.com/b/exchange/archive/2011/05/06/exchange-2010-mailbox-moves-and-mailbox-resiliency.aspx
  If you have any feedback on our support, please click
  here
  Cara Chen
  TechNet Community Support

• Exchange 2010/2013 coexistance mailflow issues: 421 4.4.2 socket error.

  So I am in Exchange 2010 SP3 / Exchange 2013 SP1 co-existence. 
  I can send from a test 2013 user to external and 2010 users internally on the domain. But I cannot send to the 2013 test user. I get:
  451 4.4.0 Primary target IP address responded with: "421 4.4.2 Connection dropped due to SocketError." Attempted to failover to alternate host, but that did not succeed. Either there are no alternate hosts, or delivery failed to all alternate
  hosts.
  I've been looking at this for example: 
  http://support.microsoft.com/kb/979175
  But no matter where on the 2013 receive connectors I add Exchange Server Authentication, it still doesnt work.
  Theres so much stuff on this error message, but everyhing I find seems to be 2003 / 2010 or other coexistance which is different to my environment. 

  Hi guys, thanks for the responses, please keep in mind I am not a specialist Exchange Admin, I'm a IT jack of all trades.
  We do not use Windows firewalls on the domain network. Both my 2010 and 2013 setups are in DAGs. Telnet client is not installed on the Exchange 2013 servers, only on the 2010 servers.
  How do I "drop an email...through Telnet"? 
  Telnet from SiteA Exc2010 to SiteA Exc2013:
  220 Exc2013.MyDomain.local Microsoft ESMTP MAIL Service ready at Wed, 4 Jun 201
  4 09:42:39 +1000
  451 4.7.0 Timeout waiting for client input
  Connection to host lost.
  Telnet from SiteA Exc2010 to SiteB Exc2013:
  Blank window, nothing comes up, no response at all. Doesnt seem to time out either.
  Telnet from SiteC Exc2010 to SiteA and SiteB Exchange 2013:
  Exactly the same as from SiteA Exc2010.
  IPConfig:
  Windows IP Configuration
     Host Name . . . . . . . . . . . . : Exc2010
     Primary Dns Suffix  . . . . . . . : MyDomain.local
     Node Type . . . . . . . . . . . . : Hybrid
     IP Routing Enabled. . . . . . . . : No
     WINS Proxy Enabled. . . . . . . . : No
     DNS Suffix Search List. . . . . . : MyDomain.local
  Ethernet adapter Exchange MAPI Network:
     Connection-specific DNS Suffix  . :
     Description . . . . . . . . . . . : BASP Virtual Adapter
     Physical Address. . . . . . . . . : 00-26-B9-5E-E7-47
     DHCP Enabled. . . . . . . . . . . : No
     Autoconfiguration Enabled . . . . : Yes
     IPv4 Address. . . . . . . . . . . : 172.16.2.8(Preferred)
     Subnet Mask . . . . . . . . . . . : 255.255.255.0
     IPv4 Address. . . . . . . . . . . : 172.16.2.31(Preferred)
     Subnet Mask . . . . . . . . . . . : 255.255.255.0
     Default Gateway . . . . . . . . . : 172.16.2.2
     DNS Servers . . . . . . . . . . . : 172.16.2.12
                                         172.16.2.1
     NetBIOS over Tcpip. . . . . . . . : Enabled
  Ethernet adapter Exchange Receive:
     Connection-specific DNS Suffix  . :
     Description . . . . . . . . . . . : Broadcom BCM5709C NetXtreme II GigE (NDIS
   VBD Client) #50
     Physical Address. . . . . . . . . : 00-10-18-FC-16-76
     DHCP Enabled. . . . . . . . . . . : No
     Autoconfiguration Enabled . . . . : Yes
     IPv4 Address. . . . . . . . . . . : 172.16.2.15(Preferred)
     Subnet Mask . . . . . . . . . . . : 255.255.255.0
     Default Gateway . . . . . . . . . : 172.16.2.2
     DNS Servers . . . . . . . . . . . : 172.16.2.12
                                         172.16.2.1
     NetBIOS over Tcpip. . . . . . . . : Enabled
  Ethernet adapter Local Area Connection* 9:
     Connection-specific DNS Suffix  . :
     Description . . . . . . . . . . . : Microsoft Failover Cluster Virtual Adapte
  r
     Physical Address. . . . . . . . . : 02-26-B9-5E-E7-46
     DHCP Enabled. . . . . . . . . . . : No
     Autoconfiguration Enabled . . . . : Yes
     Link-local IPv6 Address . . . . . : fe80::3c54:d53e:e2ea:8d9f%19(Preferred)
     IPv4 Address. . . . . . . . . . . : 169.254.1.173(Preferred)
     Subnet Mask . . . . . . . . . . . : 255.255.0.0
     Default Gateway . . . . . . . . . :
     DHCPv6 IAID . . . . . . . . . . . : 604120761
     DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-4C-3C-35-00-10-18-6B-C0-36
     DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
                                         fec0:0:0:ffff::2%1
                                         fec0:0:0:ffff::3%1
     NetBIOS over Tcpip. . . . . . . . : Enabled
  Ethernet adapter Exchange DAG Replication:
     Connection-specific DNS Suffix  . :
     Description . . . . . . . . . . . : Broadcom BCM5709C NetXtreme II GigE (NDIS
   VBD Client) #49
     Physical Address. . . . . . . . . : 00-10-18-FC-16-74
     DHCP Enabled. . . . . . . . . . . : No
     Autoconfiguration Enabled . . . . : Yes
     IPv4 Address. . . . . . . . . . . : 10.10.2.8(Preferred)
     Subnet Mask . . . . . . . . . . . : 255.255.255.0
     Default Gateway . . . . . . . . . :
     NetBIOS over Tcpip. . . . . . . . : Enabled
  Ethernet adapter Backup Network:
     Connection-specific DNS Suffix  . :
     Description . . . . . . . . . . . : Broadcom BCM5709C NetXtreme II GigE (NDIS
   VBD Client) #5
     Physical Address. . . . . . . . . : 00-10-18-6B-C0-36
     DHCP Enabled. . . . . . . . . . . : No
     Autoconfiguration Enabled . . . . : Yes
     IPv4 Address. . . . . . . . . . . : 192.168.2.8(Preferred)
     Subnet Mask . . . . . . . . . . . : 255.255.255.0
     Default Gateway . . . . . . . . . :
     NetBIOS over Tcpip. . . . . . . . : Enabled
  Tunnel adapter isatap.{7282FD1F-E6A4-4BD2-8D40-B2586BF4130D}:
     Media State . . . . . . . . . . . : Media disconnected
     Connection-specific DNS Suffix  . :
     Description . . . . . . . . . . . : Microsoft ISATAP Adapter
     Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
     DHCP Enabled. . . . . . . . . . . : No
     Autoconfiguration Enabled . . . . : Yes
  Tunnel adapter isatap.{C38886F3-875D-4403-A95B-C1BF2243D6BE}:
     Media State . . . . . . . . . . . : Media disconnected
     Connection-specific DNS Suffix  . :
     Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
     Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
     DHCP Enabled. . . . . . . . . . . : No
     Autoconfiguration Enabled . . . . : Yes
  Tunnel adapter isatap.{46074087-7F11-4414-8B45-8EE71DA621D4}:
     Media State . . . . . . . . . . . : Media disconnected
     Connection-specific DNS Suffix  . :
     Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
     Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
     DHCP Enabled. . . . . . . . . . . : No
     Autoconfiguration Enabled . . . . : Yes
  Tunnel adapter isatap.{73064E78-05CB-4279-8EA8-3E5094067025}:
     Media State . . . . . . . . . . . : Media disconnected
     Connection-specific DNS Suffix  . :
     Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
     Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
     DHCP Enabled. . . . . . . . . . . : No
     Autoconfiguration Enabled . . . . : Yes
  Tunnel adapter isatap.{4F2BDC5B-35FF-49D7-9431-67FA2EB1D327}:
     Media State . . . . . . . . . . . : Media disconnected
     Connection-specific DNS Suffix  . :
     Description . . . . . . . . . . . : Microsoft ISATAP Adapter #5
     Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
     DHCP Enabled. . . . . . . . . . . : No
     Autoconfiguration Enabled . . . . : Yes
  Tunnel adapter Reusable ISATAP Interface {C3216126-6DDC-4523-958A-5907C784EC1F}:
     Media State . . . . . . . . . . . : Media disconnected
     Connection-specific DNS Suffix  . :
     Description . . . . . . . . . . . : Microsoft ISATAP Adapter #6
     Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
     DHCP Enabled. . . . . . . . . . . : No
     Autoconfiguration Enabled . . . . : Yes
  Tunnel adapter Teredo Tunneling Pseudo-Interface:
     Media State . . . . . . . . . . . : Media disconnected
     Connection-specific DNS Suffix  . :
     Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
     Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
     DHCP Enabled. . . . . . . . . . . : No
     Autoconfiguration Enabled . . . . : Yes

• Exchange 2010 GAL Export script working from EMS but not as a scheduled task

  I have been asked to get a script together to export the GAL on an Exchange 2010 server and then email it to a manager. I have been playing it with days, and have pruned it to the very minimum to at least try and get it working before improving it. At the
  moment I have the text as below:
  Del c:\GALexport.csv
  Get-Recipient -ResultSize unlimited | where {$_.HiddenFromAddressListsEnabled -eq $false} | Select DisplayName,PrimarySMTPAddress,sAMAccountName,alias | Export-Csv "c:\GALexport.csv"
  This works just fine in Exchange Management Shell and deletes the previous report before creating a new one. However, when I set it up as a scheulded task, it does nothing.
  The task is set up as follows:
  Action - Start a Program
  Program/ Script C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell.exe
  Add arguments -version 2.0 -NonInteractive -WindowStyle Hidden -command ". 'C:\Program Files\Microsoft\Exchange Server\V14\bin\RemoteExchange.ps1'; Connect-ExchangeServer -auto; d:\Scripts\GalExportReport.ps1"
  This is set to run under my administrator account with the highest privileges and I have the logon as batch right.
  Unfortunately, when I run it as a scheduled task, nothing happens. The last run result is (0x0) and in the history it says 'task completed', but no report is produced. Can anyone advise please?

  Does it delete the c:\GALexport.csv file? If not, then its not even executing the ps1 script...
  - Open cmd prompt and run below command to confirm that there isn't any typo or any other small error...
  C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell.exe -version
  2.0 -NonInteractive -WindowStyle Hidden -command ". 'C:\Program Files\Microsoft\Exchange Server\V14\bin\RemoteExchange.ps1'; Connect-ExchangeServer -auto; d:\Scripts\GalExportReport.ps1"
  - If above works then something wrong with task scheduler configuration...
  Blog |
  Get Your Exchange Powershell Tip of the Day from here

• Exchange 2010 Autodiscovery & Outlook Anywhere kind of but really not working

  This is driving me nuts. We have a single Exchange Server 2010 running (everything is on one box). It works fine internally (all Outlook clients can see and grab the login info from the user login). OWA works from outside, mail delivers nicely. My problems
  all seem to stem around some mysterious problem in autodiscover and outlook anywhere.
  Our domain is internally like this: mycompany2.com and outside like this: mycompanyllc.com
  So the mail server inside looks like server1.mycompany2.com and outside: mail.mycompanyllc.com - from what I can see it's all set up correctly in both.
  I've run the connectivity analyzer and apart from a minor certificate warning ('Your certificate may not be trusted on Windows if the "Update Root Certificates" feature isn't enabled) it passes every test on the site for EAS and Outlook Anywhere
  (and for good measure I ran everything, all green checks!). Autodiscover works in the test, everything gets found and pointed to the right place.
  When I have a user that wants to configure Outlook 2010 or 2013 outside
  the org. they start the wizard, type their name, their email, their password. The server or user can't be found and no matter what they do it won't find it. If you go in and manually configure the
  internal server name, domain, username you can connect. It just won't set it up automatically. The odd thing is, in the analyzer the autodiscovery XML is found and downloaded fine, all the server name info and detail is displayed.
  In Outlook 2013, both Exchange and EAS connection doesn't work even though phones can be set up through EAS (although they require the same kind of manual setup--autodiscover doesn't seem to work even though it keeps telling me everything
  is fine).
  I'm at wits end, all the tests show it's working, but in the real world the server can't be found. It's right on the DNS servers, it's right in the tests, it responds correctly manually. I'd love users to be able to set up their own mail without a 10 page
  printout of all the manual settings. It's all relatively late model hardware, Outlook 2010 or 2013, and a fully patched up to date Exchange 2010 server. Anyone have an idea?
  Curt Kessler - FLC

  We don't use TMG we use a WatchGuard Firewall and it is configured to allow all traffic to this server (that's why manual works fine with Outlook and OWA).
  When I run the get-autodiscovervirtualdirectory it returns my internal server under the Server, and nothing more, so this possibly could be it?? I'm definitely not good at IIS at all, I would need guidance to investigate that further...
  This is my EXRCA results, the first fail is because it tests the root of mydomain.com rather than mail.mydomain.com which is a different server. I've replaced some names for security purposes:
  The Microsoft Connectivity Analyzer is attempting to test Autodiscover for
  [email protected].
  Autodiscover was tested successfully.
  Test Steps
  Attempting each method of contacting the Autodiscover service.
  The Autodiscover service was tested successfully.
  Test Steps
  Attempting to test potential Autodiscover URL https://mydomain.com/AutoDiscover/AutoDiscover.xml
  Testing of this potential Autodiscover URL failed.
  Test Steps
  Attempting to resolve the host name franklinlc.com in DNS.
  The host name resolved successfully.
  Additional Details
  IP addresses returned: 76.79.142.101
  Testing TCP port 443 on host franklinlc.com to ensure it's listening and open.
  The port was opened successfully.
  Testing the SSL certificate to make sure it's valid.
  The SSL certificate failed one or more certificate validation checks.
  Test Steps
  The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server franklinlc.com on port 443.
  The Microsoft Connectivity Analyzer successfully obtained the remote SSL certificate.
  Additional Details
  Remote Certificate Subject: CN=apps.franklinlc.com, OU=Domain Control Validated, O=apps.franklinlc.com, Issuer: SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale,
  S=Arizona, C=US.
  Validating the certificate name.
  Certificate name validation failed.
   <label for="testSelectWizard_ctl12_ctl06_ctl00_ctl00_ctl02_ctl01_tmmArrow">Tell
  me more about this issue and how to resolve it</label>
  Additional Details
  Host name franklinlc.com doesn't match any name found on the server certificate CN=apps.franklinlc.com, OU=Domain Control Validated, O=apps.franklinlc.com.
  Attempting to test potential Autodiscover URL https://autodiscover.mydomain.com/AutoDiscover/AutoDiscover.xml
  Testing of the Autodiscover URL was successful.
  Test Steps
  Attempting to resolve the host name autodiscover.mydomain.com in DNS.
  The host name resolved successfully.
  Additional Details
  IP addresses returned: 76.xx.xx.xx this is the mail server IP address
  Testing TCP port 443 on host autodiscover.franklinlc.com to ensure it's listening and open.
  The port was opened successfully.
  Testing the SSL certificate to make sure it's valid.
  The certificate passed all validation requirements.
  Test Steps
  The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server autodiscover.mydomain.com on port 443.
  The Microsoft Connectivity Analyzer successfully obtained the remote SSL certificate.
  Additional Details
  Remote Certificate Subject: CN=mail.franklinlc.com, OU=Domain Control Validated, O=mail.mydomain.com, Issuer: SERIALNUMBER=xxxxxxxxxxxxx, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale,
  S=Arizona, C=US.
  Validating the certificate name.
  The certificate name was validated successfully.
  Additional Details
  Host name autodiscover.mydomain.com was found in the Certificate Subject Alternative Name entry.
  Testing the certificate date to confirm the certificate is valid.
  Date validation passed. The certificate hasn't expired.
  Additional Details
  The certificate is valid. NotBefore = 9/28/2012 10:20:20 PM, NotAfter = 9/28/2015 10:20:20 PM
  Checking the IIS configuration for client certificate authentication.
  Client certificate authentication wasn't detected.
  Additional Details
  Accept/Require Client Certificates isn't configured.
  Attempting to send an Autodiscover POST request to potential Autodiscover URLs.
  The Microsoft Connectivity Analyzer successfully retrieved Autodiscover settings by sending an Autodiscover POST.
  Test Steps
  The Microsoft Connectivity Analyzer is attempting to retrieve an XML Autodiscover response from URL https://autodiscover.mydomain.com/AutoDiscover/AutoDiscover.xml for user [email protected].
  The Autodiscover XML response was successfully retrieved.
  Additional Details
  Autodiscover Account Settings
  XML response:
  <?xml version="1.0"?>
  <Autodiscover xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">
    <Response xmlns="http://schemas.microsoft.com/exchange/autodiscover/outlook/responseschema/2006a">
      <User>
        <DisplayName>Curt Kessler</DisplayName>
        <LegacyDN>/o=mydomain/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=Curt Kessler</LegacyDN>
        <DeploymentId>14a1e263-943a-4609-865c-ba22802e45aa</DeploymentId>
      </User>
      <Account>
        <AccountType>email</AccountType>
        <Action>settings</Action>
        <Protocol>
          <Type>EXCH</Type>
          <Server>FLC5.internaldomainname.com</Server>
          <ServerDN>/o=mydomain/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/cn=FLC5</ServerDN>
          <ServerVersion>7383807B</ServerVersion>
          <MdbDN>/o=mydomain/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/cn=FLC5/cn=Microsoft Private MDB</MdbDN>
          <ASUrl>https://mail.mydomain.com/ews/exchange.asmx</ASUrl>
          <OOFUrl>https://mail.mydomain.com/ews/exchange.asmx</OOFUrl>
          <OABUrl>https://mail.mydomain.com/OAB/9c85c0c4-48f4-4aa8-99b2-f640651b130a/</OABUrl>
          <UMUrl>https://mail.mydomain.com/ews/UM2007Legacy.asmx</UMUrl>
          <Port>0</Port>
          <DirectoryPort>0</DirectoryPort>
          <ReferralPort>0</ReferralPort>
          <PublicFolderServer>FLC5.internaldomainname.com</PublicFolderServer>
          <AD>PRIME.internaldomainname.com</AD>
          <EwsUrl>https://mail.mydomain.com/ews/exchange.asmx</EwsUrl>
          <EcpUrl>https://flc5.internaldomainname.com/ecp/</EcpUrl>
          <EcpUrl-um>?p=customize/voicemail.aspx&amp;exsvurl=1</EcpUrl-um>
          <EcpUrl-aggr>?p=personalsettings/EmailSubscriptions.slab&amp;exsvurl=1</EcpUrl-aggr>
          <EcpUrl-mt>PersonalSettings/DeliveryReport.aspx?exsvurl=1&amp;IsOWA=&lt;IsOWA&gt;&amp;MsgID=&lt;MsgID&gt;&amp;Mbx=&lt;Mbx&gt;</EcpUrl-mt>
          <EcpUrl-ret>?p=organize/retentionpolicytags.slab&amp;exsvurl=1</EcpUrl-ret>
          <EcpUrl-sms>?p=sms/textmessaging.slab&amp;exsvurl=1</EcpUrl-sms>
        </Protocol>
        <Protocol>
          <Type>EXPR</Type>
          <Server>mail.mydomain.com</Server>
          <ASUrl>https://mail.mydomain.com/ews/exchange.asmx</ASUrl>
          <OOFUrl>https://mail.mydomain.com/ews/exchange.asmx</OOFUrl>
          <OABUrl>https://mail.mydomain.com/OAB/9c85c0c4-48f4-4aa8-99b2-f640651b130a/</OABUrl>
          <UMUrl>https://mail.mydomain.com/ews/UM2007Legacy.asmx</UMUrl>
          <Port>0</Port>
          <DirectoryPort>0</DirectoryPort>
          <ReferralPort>0</ReferralPort>
          <SSL>On</SSL>
          <AuthPackage>Ntlm</AuthPackage>
          <EwsUrl>https://mail.mydomain.com/ews/exchange.asmx</EwsUrl>
          <EcpUrl>https://mail.mydomain.com/ecp/</EcpUrl>
          <EcpUrl-um>?p=customize/voicemail.aspx&amp;exsvurl=1</EcpUrl-um>
          <EcpUrl-aggr>?p=personalsettings/EmailSubscriptions.slab&amp;exsvurl=1</EcpUrl-aggr>
          <EcpUrl-mt>PersonalSettings/DeliveryReport.aspx?exsvurl=1&amp;IsOWA=&lt;IsOWA&gt;&amp;MsgID=&lt;MsgID&gt;&amp;Mbx=&lt;Mbx&gt;</EcpUrl-mt>
          <EcpUrl-ret>?p=organize/retentionpolicytags.slab&amp;exsvurl=1</EcpUrl-ret>
          <EcpUrl-sms>?p=sms/textmessaging.slab&amp;exsvurl=1</EcpUrl-sms>
        </Protocol>
        <Protocol>
          <Type>WEB</Type>
          <Port>0</Port>
          <DirectoryPort>0</DirectoryPort>
          <ReferralPort>0</ReferralPort>
          <Internal>
            <OWAUrl AuthenticationMethod="Basic, Ntlm, Fba, WindowsIntegrated">https://flc5.internaldomainname.com/owa/</OWAUrl>
            <Protocol>
              <Type>EXCH</Type>
              <ASUrl>https://mail.mydomain.com/ews/exchange.asmx</ASUrl>
            </Protocol>
          </Internal>
          <External>
            <OWAUrl AuthenticationMethod="Fba">https://mail.mydomain.com/owa/</OWAUrl>
            <Protocol>
              <Type>EXPR</Type>
              <ASUrl>https://mail.mydomain.com/ews/exchange.asmx</ASUrl>
            </Protocol>
          </External>
        </Protocol>
      </Account>
    </Response>
  </Autodiscover>
  I've replaced my public domain with mydomain.com and my internal domain with internaldomainname.com, and hidden the IP, but everything else is the same. The tests all pass
  Curt Kessler - FLC

• Exchange 2010 OWA access on internal LAN login form not working as expected

  hi
  We have exchange 2010 sp3 installed and working. we have two sites
  Site a
  1 x CAS
  2 X MBX
  Site b
  1 x cas
  2x mbx
  site A is the primary site we currently publish owa our through our TMG server located in the DMZ this is working as expected and carries out the forms authentication. our internal domain is company.local but our external domain is company.com
  we have created split DNS so that we could use a wildcard cert and to deal with CA new rules. All URL's in Exchange are configured to use the external reference of company.com/
  on the IIS server we have a redirection on the root of the site to redirect the requests through to OWA folder and we have basic Authentication enabled. on the OWA folder we have basic and windows authentication.
  The problem we have is that when users try to access OWA internally we get username and password box appears once you login with this it then takes you through to the the normal login screen and you have tyo login again I'm thinking that this is the windows
  authentication that is causing this but not sure?
  also would be good to get an understanding as to what the Authentication, SSL and redirection setting should be set to on your CAS servers as looking at the ECP and autodiscover folder within IIS this currently has a redirect set to go to OWA surely that
  cannot be right,
  thanks
  J

  Hi
  you are correct, the immediate concern is the double login to owa i do however want to also know what the settings/configuration for Authentication redirection and SSL should be set to on all virtual directories.
  we do not have any additional OWA virtual directories just the default
  These are the current live servers
  Identity                      : ACAS01\owa (Default Web Site)
  Url                           : {}
  Exchange2003Url               :
  FailbackUrl                   :
  InternalUrl                   : https://email.Company.com.com/owa
  ExternalUrl                   : https://email.Company.com/owa
  InternalAuthenticationMethods : {Basic, Ntlm, WindowsIntegrated}
  ExternalAuthenticationMethods : {Fba}
  Identity                      : BCAS01\owa (Default Web Site)
  Url                           : {}
  Exchange2003Url               : https://www.Companyt.co.uk/
  FailbackUrl                   :
  InternalUrl                   : https://webmail.Company.com/owa
  ExternalUrl                   : https://webmail.Company.com/owa
  InternalAuthenticationMethods : {Basic, Ntlm, WindowsIntegrated}
  ExternalAuthenticationMethods : {Fba}
  These are the new servers which i have just installed
  Identity                     : CAS05\owa (Default Web Site)
  Url                           : {}
  Exchange2003Url               :
  FailbackUrl                   :
  InternalUrl                   : https://webmail.Company.com/owa
  ExternalUrl                   : https://webmail.Company.com/owa
  InternalAuthenticationMethods : {Basic, Fba, Ntlm, WindowsIntegrated}
  ExternalAuthenticationMethods : {Fba}
  Identity                      : CAS06\owa (Default Web Site)
  Url                           : {}
  Exchange2003Url               :
  FailbackUrl                   :
  InternalUrl                   : https://webmail.Company.com/owa
  ExternalUrl                   : https://webmail.Company.com/owa
  InternalAuthenticationMethods : {Basic, Fba, Ntlm, WindowsIntegrated}
  ExternalAuthenticationMethods : {Fba}
  Identity                      : CAS04\owa (Default Web Site)
  Url                           : {}
  Exchange2003Url               :
  FailbackUrl                   :
  InternalUrl                   : https://webmail.Company.com/owa
  ExternalUrl                   : https://webmail.Company.com/owa
  InternalAuthenticationMethods : {Basic, Fba, Ntlm, WindowsIntegrated}
  ExternalAuthenticationMethods : {Fba}
  I have noticed that FBA is set on the new servers does this need turning off and if so is this on IIS or in Exchange?
  the link that you have provided talks about creating new Vdir for TMG we are looking at removing TMG and replacing it with KEMP load balancers would we still need to have two Vdir to make FBA work internally and externally
   to make a new vdir do you need a new IP address? and what are the steps required in Exchange and IIS to get this working.
  thanks
  Jason

• Exchange 2010 SP3 Move Mailbox fails on every mailbox with Fatal error MapiExceptionJetErrorIndexNotFound has occurred

  We are currently running Small Business Server 2003 with Exchange 2003 SP2 and are migrating to Server 2008 R2 with Exchange 2010 SP3 as an interim before moving to Server 2012 R2 with Exchange 2013 SP1. The mailbox move reaches 95% before failing with the
  message "Fatal error MapiExceptionJetErrorIndexNotFound has occurred.
  Error details: MapiExceptionJetErrorIndexNotFound: Unable to copy to target. (hr=0x80004005, ec=-1404)
  Diagnostic context:
      Lid: 45095   EMSMDB.EcDoRpcExt2 called [length=78]
      Lid: 61479   EMSMDB.EcDoRpcExt2 returned [ec=0x0][length=75][latency=0]
      Lid: 23226   --- ROP Parse Start ---
      Lid: 27962   ROP: ropGetPropsSpecific [7]
      Lid: 21921   StoreEc: 0x40380   
      Lid: 31418   --- ROP Parse Done ---
      Lid: 45095   EMSMDB.EcDoRpcExt2 called [length=45]
      Lid: 61479   EMSMDB.EcDoRpcExt2 returned [ec=0x0][length=140][latency=0]
      Lid: 23226   --- ROP Parse Start ---
      Lid: 27962   ROP: ropGetReceiveFolderTable [104]
      Lid: 31418   --- ROP Parse Done ---
      Lid: 45095   EMSMDB.EcDoRpcExt2 called [length=69]
      Lid: 61479   EMSMDB.EcDoRpcExt2 returned [ec=0x0][length=48][latency=0]
      Lid: 23226   --- ROP Parse Start ---
      Lid: 27962   ROP: ropGetAllPerUserLtids [125]
      Lid: 17082   ROP Error: 0xFFFFFA84
      Lid: 29793  
      Lid: 21921   StoreEc: 0xFFFFFA84
      Lid: 31418   --- ROP Parse Done ---
      Lid: 22753  
      Lid: 21817   ROP Failure: 0xFFFFFA84
      Lid: 25738  
      Lid: 18570   StoreEc: 0xFFFFFA84
      Lid: 23370   StoreEc: 0xFFFFFA84
      Lid: 24302  
      Lid: 32494   StoreEc: 0xFFFFFA84
     at Microsoft.Mapi.MapiExceptionHelper.ThrowIfErrorOrWarning(String message, Int32 hresult, Boolean allowWarnings, SafeExInterfaceHandle iUnknown, Exception innerException)
     at Microsoft.Mapi.MapiUnk.ThrowIfErrorOrWarning(String message, Int32 hr)
     at Microsoft.Mapi.MapiProp.CopyTo(MapiProp destProp, Boolean reportProgress, CopyPropertiesFlags copyPropertiesFlags, Boolean copySubObjects, ICollection`1 excludeTags)
     at Microsoft.Mapi.MapiProp.ExportObjectHelper(IMapiFxProxy dest, PropTag[] tags, CopyPropertiesFlags copyPropertiesFlags, Boolean useCopyProps)
     at Microsoft.Mapi.MapiProp.ExportObject(IMapiFxProxy fxProxy, CopyPropertiesFlags copyPropertiesFlags, PropTag[] excludeTags)
     at Microsoft.Exchange.MailboxReplicationService.LocalSourceMailbox.Microsoft.Exchange.MailboxReplicationService.ISourceMailbox.CopyTo(IFxProxy fxProxy, PropTag[] excludeTags)
     at Microsoft.Exchange.MailboxReplicationService.SourceMailboxWrapper.<>c__DisplayClass7.<Microsoft.Exchange.MailboxReplicationService.ISourceMailbox.CopyTo>b__6()
     at Microsoft.Exchange.MailboxReplicationService.ExecutionContext.Execute(GenericCallDelegate operation)
     at Microsoft.Exchange.MailboxReplicationService.SourceMailboxWrapper.Microsoft.Exchange.MailboxReplicationService.ISourceMailbox.CopyTo(IFxProxy destMailbox, PropTag[] excludeProps)
     at Microsoft.Exchange.MailboxReplicationService.MailboxMover.FinalSyncCopyMailboxData()
     at Microsoft.Exchange.MailboxReplicationService.MoveBaseJob.ForeachMailboxContext(MailboxMoverDelegate del)
     at Microsoft.Exchange.MailboxReplicationService.MoveBaseJob.FinalSync(Object[] wiParams)
     at Microsoft.Exchange.MailboxReplicationService.CommonUtils.CatchKnownExceptions(GenericCallDelegate del, FailureDelegate failureDelegate)
  Error context: --------
  Operation: ISourceMailbox.CopyTo
  OperationSide: Source"
  This is happening on every mailbox we attempt to move. Any help would be appreciated

  Thanks for responding
  I'm already using BadItemLimit of 50. The largest corrupt message that was skipped is 10.
  We're on Small Business Server Standard Edition which only permits one mailbox store. I should mention that the interim machine (where Exchange 2010 is installed) is a Hyper V virtual machine
  Here is the entire message from the log:
  11/28/2014 7:18:07 PM [VRTL-SVR2008] 'PeacePresbyterianChurch.local/MyBusiness/Users/SBSUsers/Dev Mathura' created move request.
  11/28/2014 7:18:27 PM [VRTL-SVR2008] The Microsoft Exchange Mailbox Replication service 'VRTL-SVR2008.PeacePresbyterianChurch.local' (14.3.123.2 caps:07) is examining the request.
  11/28/2014 7:18:27 PM [VRTL-SVR2008] Connected to target mailbox 'Primary (d3391cdd-bc37-41ad-9e44-9f8880c47270)', database 'Mailbox Database 0224662151', Mailbox server 'VRTL-SVR2008.PeacePresbyterianChurch.local' Version 14.3 (Build 123.0).
  11/28/2014 7:18:27 PM [VRTL-SVR2008] Connected to source mailbox 'Primary (d3391cdd-bc37-41ad-9e44-9f8880c47270)', database 'PEACE-SERVER\First Storage Group\Mailbox Store (PEACE-SERVER)', Mailbox server 'peace-server.PeacePresbyterianChurch.local' Version
  6.0 (Build 7654.0).
  11/28/2014 7:18:38 PM [VRTL-SVR2008] Request processing started.
  11/28/2014 7:18:38 PM [VRTL-SVR2008] Mailbox signature will not be preserved for mailbox 'Primary (d3391cdd-bc37-41ad-9e44-9f8880c47270)'. Outlook clients will need to restart to access the moved mailbox.
  11/28/2014 7:18:38 PM [VRTL-SVR2008] Source mailbox information before the move:
  Regular Items: 20, 1.906 MB (1,998,818 bytes)
  Regular Deleted Items: 3, 7.803 KB (7,990 bytes)
  FAI Items: 20, 0 B (0 bytes)
  FAI Deleted Items: 0, 0 B (0 bytes)
  11/28/2014 7:18:39 PM [VRTL-SVR2008] Initializing folder hierarchy in mailbox 'Primary (d3391cdd-bc37-41ad-9e44-9f8880c47270)': 31 folders total.
  11/28/2014 7:18:40 PM [VRTL-SVR2008] Folder hierarchy initialized for mailbox 'Primary (d3391cdd-bc37-41ad-9e44-9f8880c47270)': 31 folders total.
  11/28/2014 7:18:40 PM [VRTL-SVR2008] Stage: CreatingInitialSyncCheckpoint. Percent complete: 15.
  11/28/2014 7:18:40 PM [VRTL-SVR2008] Stage: LoadingMessages. Percent complete: 20.
  11/28/2014 7:18:40 PM [VRTL-SVR2008] Mailbox 'Primary (d3391cdd-bc37-41ad-9e44-9f8880c47270)' contains 3 soft-deleted items (7.803 KB (7,990 bytes)). They won't be migrated.
  11/28/2014 7:18:40 PM [VRTL-SVR2008] Stage: CopyingMessages. Percent complete: 25.
  11/28/2014 7:18:40 PM [VRTL-SVR2008] Copy progress: 0/38 messages, 0 B (0 bytes)/1.906 MB (1,998,550 bytes).
  11/28/2014 7:18:41 PM [VRTL-SVR2008] Messages have been enumerated successfully. 38 items loaded. Total size: 1.906 MB (1,998,550 bytes).
  11/28/2014 7:18:43 PM [VRTL-SVR2008] Initial seeding completed, 38 items copied, total size 1.906 MB (1,998,550 bytes).
  11/28/2014 7:18:44 PM [VRTL-SVR2008] Final sync has started.
  11/28/2014 7:18:45 PM [VRTL-SVR2008] Stage: FinalIncrementalSync. Percent complete: 95.
  11/28/2014 7:18:46 PM [VRTL-SVR2008] Fatal error MapiExceptionJetErrorIndexNotFound has occurred.
  Error details: MapiExceptionJetErrorIndexNotFound: Unable to copy to target. (hr=0x80004005, ec=-1404)
  Diagnostic context:
      Lid: 45095   EMSMDB.EcDoRpcExt2 called [length=78]
      Lid: 61479   EMSMDB.EcDoRpcExt2 returned [ec=0x0][length=75][latency=0]
      Lid: 23226   --- ROP Parse Start ---
      Lid: 27962   ROP: ropGetPropsSpecific [7]
      Lid: 21921   StoreEc: 0x40380  
      Lid: 31418   --- ROP Parse Done ---
      Lid: 45095   EMSMDB.EcDoRpcExt2 called [length=45]
      Lid: 61479   EMSMDB.EcDoRpcExt2 returned [ec=0x0][length=140][latency=0]
      Lid: 23226   --- ROP Parse Start ---
      Lid: 27962   ROP: ropGetReceiveFolderTable [104]
      Lid: 31418   --- ROP Parse Done ---
      Lid: 45095   EMSMDB.EcDoRpcExt2 called [length=69]
      Lid: 61479   EMSMDB.EcDoRpcExt2 returned [ec=0x0][length=48][latency=0]
      Lid: 23226   --- ROP Parse Start ---
      Lid: 27962   ROP: ropGetAllPerUserLtids [125]
      Lid: 17082   ROP Error: 0xFFFFFA84
      Lid: 29793 
      Lid: 21921   StoreEc: 0xFFFFFA84
      Lid: 31418   --- ROP Parse Done ---
      Lid: 22753 
      Lid: 21817   ROP Failure: 0xFFFFFA84
      Lid: 25738 
      Lid: 18570   StoreEc: 0xFFFFFA84
      Lid: 23370   StoreEc: 0xFFFFFA84
      Lid: 24302 
      Lid: 32494   StoreEc: 0xFFFFFA84
     at Microsoft.Mapi.MapiExceptionHelper.ThrowIfErrorOrWarning(String message, Int32 hresult, Boolean allowWarnings, SafeExInterfaceHandle iUnknown, Exception innerException)
     at Microsoft.Mapi.MapiUnk.ThrowIfErrorOrWarning(String message, Int32 hr)
     at Microsoft.Mapi.MapiProp.CopyTo(MapiProp destProp, Boolean reportProgress, CopyPropertiesFlags copyPropertiesFlags, Boolean copySubObjects, ICollection`1 excludeTags)
     at Microsoft.Mapi.MapiProp.ExportObjectHelper(IMapiFxProxy dest, PropTag[] tags, CopyPropertiesFlags copyPropertiesFlags, Boolean useCopyProps)
     at Microsoft.Mapi.MapiProp.ExportObject(IMapiFxProxy fxProxy, CopyPropertiesFlags copyPropertiesFlags, PropTag[] excludeTags)
     at Microsoft.Exchange.MailboxReplicationService.LocalSourceMailbox.Microsoft.Exchange.MailboxReplicationService.ISourceMailbox.CopyTo(IFxProxy fxProxy, PropTag[] excludeTags)
     at Microsoft.Exchange.MailboxReplicationService.SourceMailboxWrapper.<>c__DisplayClass7.<Microsoft.Exchange.MailboxReplicationService.ISourceMailbox.CopyTo>b__6()
     at Microsoft.Exchange.MailboxReplicationService.ExecutionContext.Execute(GenericCallDelegate operation)
     at Microsoft.Exchange.MailboxReplicationService.SourceMailboxWrapper.Microsoft.Exchange.MailboxReplicationService.ISourceMailbox.CopyTo(IFxProxy destMailbox, PropTag[] excludeProps)
     at Microsoft.Exchange.MailboxReplicationService.MailboxMover.FinalSyncCopyMailboxData()
     at Microsoft.Exchange.MailboxReplicationService.MoveBaseJob.ForeachMailboxContext(MailboxMoverDelegate del)
     at Microsoft.Exchange.MailboxReplicationService.MoveBaseJob.FinalSync(Object[] wiParams)
     at Microsoft.Exchange.MailboxReplicationService.CommonUtils.CatchKnownExceptions(GenericCallDelegate del, FailureDelegate failureDelegate)
  Error context: --------
  Operation: ISourceMailbox.CopyTo
  OperationSide: Source
  Primary (d3391cdd-bc37-41ad-9e44-9f8880c47270)
  PropTags: [ContainerHierarchy; ContainerContents]
  11/28/2014 7:18:46 PM [VRTL-SVR2008] Relinquishing job.