Exchange 2013 Certificates for Hybrid Deployment Clarification

Similar Messages

• Howto deploy a temporary exchange 2013 server for migration between two Office 365 accounts?

  Objective:
  We plan to migrate our office 365 from our current tennant (E3) to a new tennant (M) to drastically cut our annual costs for the same services, while retaining the mail and group memberships of all our users. This will involve installing an exchange server
  to download and upload mail from the old tennant to the new tennant.
  Background: 
  We are a longtime O365 customer, and have been a customer since before the "Midsize business" plans existed. There is no "cookie cutter" migration path from E3 to M. Microsoft currently recommends deploying an MS exchange server and off-boarding
  the mailboxes from your E3 subscription and then On-boarding them to a new account under the M plan.  As ridiculous as this is, this is indeed the path our company has decided to go. It isn't cool/fair that we're being shackled to the E plans (that are
  vastly more expensive) when we're a small/midsize business that has been a longtime customer of O365, while new customers of equal size to us can expect to save over $4000 annually. The services (when compared) offered are nearly identical.
  After calling MS support several times for guidance for this issue, I am advised that we should contact a 'partner' and ask for their support in doing this migration. We did as requested and were provided a quote to the tune of approximately $15,000 to do this
  migration for us. Obviously this is unacceptable, and thus our business has decided to rely on my abilities to get it done. Again, involving an MS partner is not an option.
  Environment:
  1 MS AD domain:
  - Original FQDN was @contoso.ca of this domain and UPNs were [email protected]
  - UPN has been changed to [email protected] to allow for ADFS
  - ADFS has been deployed and SSO works for all users with UPN [email protected]
  - An "On-Prem exchange server" does not yet exist
  1 O365 Account where main tennant FQDN is @corp.com
  - There are 5 registered domains
  -contoso.ca
  -corp.com
  - contoso.legacy.ca
  -deprecated/will be deleted
  -deprecated/will be deleted
  - There are 40 E3 licenses, all using a @corp.com UPN
  - There are 5 E1 licenses (we acknowledge that these will be upgraded to an M following the migration) that use the UPN contoso.legacy.ca
  - No accounts currently use contoso.ca for email
  - O365 was upgraded to 'the latest version' sometime in summer 2013.
  Migration Plan (High Level):
  Setup a local windows server (trial license)  
    Deploy an exchange 2013 server (trial license) on the aforementioned windows server  http://technet.microsoft.com/en-us/evalcenter/hh973395.aspx
    Prepare and deploy Dirsync Deployment
  of Dirsync
    Add exchange to office 365 and begin replicating the mailboxes from the cloud to the exchange server. Wait for synchronization to complete.
  More information: http://technet.microsoft.com/en-us/library/hh534377(v=exchg.150).aspx
  http://help.outlook.com/en-us/140/ff633682.aspx
    Evaluate total time it took to sync data. 
  Time it takes to download data to exchange should be relatively similar to time it takes to restore mail to the new service.
    Open a new office365 account under the M plan.
    Plan a 1 hour mail & contoso.ca domain login outage
    temporarily change all user UPN's to match the new tennant
    perform a dirsync to the new tennant
    disable dirsync after all accounts have been auto-created/provisioned
    re-establish UPN + mail access.
    Plan a date and time for the cut over.
    remove the exchange hybrid server from the old tennant. 
    Point MX records directly to the exchange server.
    Cut office 365 service.
    After the 30 minutes ~ 1 hour 'mandatory' wait time imposed by MS to 'register' the domain with O365, add @corp.com to
  the new tennant
    fix all user UPN's in the cloud to match their real UPN's.
  This can be done with powershell.
    attach exchange hybrid server to new tennant
    Point MX records to the new tennant 
    Migrate all data from the local exchange server to the cloud under the new plan.
  Current progress (Lab):
  I have created a sandbox (Lab with no internet access or connectivity to production) environment in VMware and cloned the following servers to it:
  1x Domain Controller (DC) running windows server 2012 (named DC02)
  1x DC running windows server 2008 R2 (named DC01)
  1x windows server 2012 R2 - prepped with all the pre-requisites to install exchange 2013. (named EXC01)
  Where I am stuck / Problem:
  I have installed exchange on the server EXC01 in the lab environment using my account. I am a domain administrator in the contoso.ca domain, but my UPN is [email protected]. 
  After the installation of exchange, I notice that my email address in Active Directory changed from @corp.com to @contoso.ca. By default, I do not see @corp.com to be an available email address to select as my email address, and changing it in AD does not resolve
  the problem. 
  In the exchange portal, I found "Mail flow ---> Accepted Domains", and believe I should add @corp.com to the accepted domain list. Questions:
  1) Must I add corp.com and the other domains that exist in office 365 to the local exchange before I go through with the hybrid wizard?
  2) If I must add them to exchange, I am provided with three choices: 
  - Authoritative Domain
  - Internal Relay Domain
  - External Relay Domain
  Given that the domain is currently in office365 and is authoritative there, which of these applies?
  3) Most documentation I have found has been about a one way migration from on-prem to the cloud. I have had a hard time finding a step by step guide for cloud to local (new server) and then back to cloud. Does anyone here have any good documentation for this
  process? Would love it if it took into consideration multiple UPN/email addresses.

  Hi,
  Here are my answers you can refer to:
  1. Yes, we should select the primary SMTP domain for our organization and any other accepted domains that will be used in the hybrid deployment:
  http://technet.microsoft.com/en-us/library/jj200787(v=exchg.150).aspx
  2. It depends on the usage of the specific accepted domain. And Exchange version has no influence.
  To determine it, you can firstly check the function of the three types in the following article:
  http://technet.microsoft.com/en-us/library/bb124423(v=exchg.150).aspx
  3. Here are some reference about the migration from on-premise Exchange server to Office 365:
  http://www.msexchange.org/articles-tutorials/office-365/exchange-online/configuring-exchange-2013-hybrid-deployment-migrating-office-365-exchange-online-part1.html
  Additionally, since the issue is related to Exchange online, I recommend you ask for help on our Exchange online forum to get more professional help:
  http://social.technet.microsoft.com/Forums/msonline/en-US/home?forum=onlineservicesexchange
  If you have any question, please feel free to let me know.
  thanks,
  Angela Shi
  TechNet Community Support

• Exchange 2013 Office 365 Hybrid Cloud On-Premise Outlook Connection Problem

  Hi Everyone,
     We are required to migrate FROM the cloud TO an on-premise Exchange 2013 server.  We set up a trial of Office365 and linked our test domain to that account.  The test domain mimics our current domain, but ends in .net instead of .org.
   We set up a test Exchange 2013 server with a few database servers.  Internally, we can connect without issue (Outlook).  We mapped our test CAS to face the Internet, and can access what we need without issue.  We also set up the Hybrid
  configuration on both the Exchange 2013 and Office365 servers.  We have validated that DirSync works, and migration can occur up to the cloud and back down to the on-premise server.
  Now, here is the issue:
  We have our DNS records still pointing to Office365, so when we add an Office365 mailbox to Outlook (internal to the network or outside the network) we see absolutely no issues.  We migrated a mailbox today to our on-premise server, but upon doing so,
  can no longer connect to, or add, that mailbox to Outlook.  When we put this integration in to effect for production, we want to be able to migrate mailboxes on-premise from the cloud, and we want to make sure users can still access their mailboxes.  This
  also goes for distribution groups, conference rooms, etc.
  I see that most suggestions say to change your DNS record to point to the on-premise Exchange server, which is great, but after doing so Office365 accounts experience the same issue as above.  We NEED to make sure that when we batch migrate, the users
  DO NOT lose connectivity to their accounts.  We need both Office365 accounts and Exchange on-premise accounts are accessible internally and externally.  As an extra tid-bit, we HAVE configured Outlook Anywhere on Exchange 2013, but see no difference.
  Any thoughts on this?  Office365 and Exchange 2013 see eachother and recognize that the hybrid environment is set up good, but it appears we are missing some configurations.  Currently, we have a CNAME record points our autodiscover to autodiscover.outlook.com.
  Any help would be MUCH appreciated.  Thanks!
  Dan

  Hi,
  Here is an article on Move mailboxes between on-premises and Exchange Online organizations in 2013 hybrid deployments, for your reference:
  http://technet.microsoft.com/en-us/library/jj906432(v=exchg.150).aspx
  I want to make sure OWA works well with the moved mailbox.
  To use CNAME based autodiscover method, we need to have all domain names present in a SAN certificate.
  With Exchange 2013 CU1, we now have the option of adding multiple SMTP domains to Exchange Federation/Hybrid configuration and we can specify which of these domains should act the "autodiscover" domain.
  To configure an SMTP domain as the autodiscover domain, you can run following command:
  Set-HybridConfiguration -Domains "domain1.com, domain2.com, domain3.com", "autod:domain.com"
  More details, please refer following blogs:
  http://www.msexchange.org/articles-tutorials/office-365/exchange-online/configuring-exchange-2013-hybrid-deployment-and-migrating-office-365-exchange-online-part11.html
  http://www.msexchange.org/articles-tutorials/office-365/exchange-online/configuring-exchange-2013-hybrid-deployment-and-migrating-office-365-exchange-online-part12.html
  Disclaimer:
  Microsoft is providing this information as a convenience to you. The sites are not controlled by Microsoft. Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. Please make sure
  that you completely understand the risk before retrieving any suggestions from the above links.
  Thanks
  Mavis Huang
  TechNet Community Support

• Reading Exchange Online tenant version failed due to an exception when trying to install Exchange 2013 in a hybrid environment.

  We currently have an Exchange 2010 hybrid install and we have migrated all of our email accounts to Office 365.  Now, I want to do an on-premise install of Exchange 2013 to better manage the hybrid setup.  When I try to install Exchange 2013 it
  asks for my O365 credentials to do a hybrid check but always fails with the above message.  I've done quite a bit of searching but haven't come up with anything useful.
  Here is what appears in the exchange setup log:  
  [09/22/2014 15:48:27.0024] [0] Reading the Exchange Online tenant version information failed due to an exception. Please check the Exchange setup log for more information.
  [09/22/2014 15:48:27.0024] [0] Could not load type 'Microsoft.Exchange.Data.Directory.DirectoryBackendType' from assembly 'Microsoft.Exchange.Data.Directory, Version=15.0.0.0, Culture=neutral, 
  [09/22/2014 15:48:27.0024] [0] Could not load type 'Microsoft.Exchange.Data.Directory.DirectoryBackendType' from assembly 'Microsoft.Exchange.Data.Directory, Version=15.0.0.0, Culture=neutral, 
  [09/22/2014 15:48:27.0147] [0] Session=Tenant Total Cmdlet Time=1.6931035s
  [09/22/2014 15:48:27.0148] [0] Microsoft.Exchange.Management.Deployment.HybridConfigurationDetection.HybridConfigurationDetectionException: Reading the Exchange Online tenant version information failed due to an exception. Please check the Exchange setup log
  for more information. ---> System.TypeLoadException: Could not load type 'Microsoft.Exchange.Data.Directory.DirectoryBackendType' from assembly 'Microsoft.Exchange.Data.Directory, Version=15.0.0.0, Culture=neutral,

  Hi,
  I recommend you post this in
  office 365 forum also, as they should have more professional knowledge on hybrid deployments
  and you may get effective solution timely.
  In addition, I found a similar thread for you reference:
  http://community.office365.com/en-us/f/156/t/255739.aspx
  According to the reply of this thread, if you run the HCW (Hybrid Configuration Wizard) to deploy the Exchange Hybrid environment, there will generate an HCW log
  file for this deployment.
  Additional troubleshooting information is available in the Update-HybridConfiguration log file located at C:\Program Files\Microsoft\Exchange Server\V1*\Logging\Update-HybridConfiguration\HybridConfiguration****.log
  Best regards,
  Niko Cheng
  TechNet Community Support

• Exchange 2013 DNS for internal and external domain

  Hi All,
  I have been assigned a task to implement Microsoft Exchange Server 2013. I need some help in setting up DNS namespaces and design a strategy to have same internal and external names. Let me share some details here.
  We have an Active Directory domain myinternaldomain.net, and we have a public domain
  mypublicdomain.com and we have setup email policy to have
  mypublicdomain.com as the SMTP domain for all the users. We have created another DNS zone in Active directory integrated DNS and created a records for
  mail.mypublicdomain.com and autodiscover.mypublicdomain.com which will point to CAS NLB IP. We have 2 CAS servers and 2 MBX servers, we have configured DAG for MBX High availability and planning to implement WNLB for CAS as
  hardware LB is out of scope due to budget constrains.
  We want to have same URLs for OWA, Autodiscover, ECP and other services from internal network as well as from public network. Users should not be bothered to remember two URLs, using one from internal and other from public networks. I also want to confirm
  that with this setup in place do i need to have myinternaldomain.net and server names in SAN certificate?
  Thanks

  Hi Sccmnb,
  You can easily achieve this using split DNS.
  Internal DNS hostname "mail.mypublicdomain.com" will be pointing to your internal CAS NLB IP and the external public DNS hostname"mail.mypublicdomain.com" will be pointing to the Network device or
  Reverse proxy server IP.
  Depending upon users access location(internal\external) the IPs would vary and they should be able to access the website with same name.
  The names that you would require on the certificate(Use EAC or powershell to raise the request) for client connectivity would be
  SN= mail.mypublicdomain.com
  SAN= autodiscover.mypublicdomain.com
  You don't need to have the active directory domain name present in the certificate.
  Additional  to this you need to update the AutodiscoverURI for all servers and OWA,ECP,Autodiscover Virtual Directories InternalURL and ExternalURL fields with appropiate public names.
  Some additional Info:
  *Internal vs. External Namespaces
  Since the release of Exchange 2007, the recommendation is to deploy a split-brain DNS infrastructure for the Internet-based client namespaces. A split-brain DNS infrastructure enables different IP addresses to be returned for a given namespace
  based on where the client resides – if the client is within the internal network, the IP address of the internal load balancer is returned; if the client is external, the IP address of the external gateway/firewall is returned.
  This approach simplifies the end-user experience – users only have to know a single namespace (e.g., mail.contoso.com) to access their data, regardless of where they are connecting. A split-brain DNS infrastructure, also simplifies the configuration of Client
  Access server virtual directories, as the InternalURL and ExternalURL values within the environment can be the same value.
  *Managing Certificates in Exchange Server 2013 (Part 2)
  *Nice step by step article
  Designing a simple namespace for Exchange 2013
  Regards,
  Satyajit
  Please“Vote As Helpful”
  if you find my contribution useful or “MarkAs Answer” if it does answer your question. That will encourage me - and others - to take time out to help you.

• Exchange 2013 on-prem hybrid to O365

  design:
  Exchange 2013 deployment on-prem including UM being used for UM for users.  Domain and Exchange are set to companyA.net
  companyA.com is set up in O365 for email\calendars etc.
  ADFS and DirSync already configured to O365.
  Available UPN's in AD  are already companyA.com and companyA.net.
  Plan:
  Setup hybrid so some users can have mailboxes on-prem and others on O365.
  Have companyA.com be the primary smtp address
  Questions:
  1) which domain would be used as the autod when running
  Set-HybridConfiguration –Domains "companyA.com, companyA.net", "autod:<>"
  2)  The speech attendant part of UM on prem is a non-negotiable requirement.  could the mailboxes be on O365 and still work correctly?
  Other considerations:
  1) Lync 2013 on-prem is deployed for all features including Enterprise voice.  Presence, calendars, and voicemail from exchange required.

  Sorry if I am asking a lot of questions.
  I am trying to setup test accounts and make sure this is working like we want it to.  The production system is 30,000 accounts and I do NOT want to affect any of them until we are ready.
  I have the on-prem domain of companyA.net and have setup test.companyA.net as a UPN suffix in AD domains and trusts.  ADFS has been setup as well as DirSync (limited to one test OU).  I have set up both the companyA.net and test.companyA.net
  as additional domains and both show active in Office365 of companyA.com.
  I started the hybrid wizard on-prem and got as far as the Domain and token page. Only companyA.net is listed, not test.companyA.net. Again, I ONLY want for now to have test.companyA.net working. Should I be able to proceed or how do I get test.companyA.net
  on that list?
  Sorry to be skittish, but any really detailed articles (step-by-step is nice) or help on how to get this setup for testing?
  I am open to questions and providing what info I can if given how to find it.

• Exchange 2013 Certificate Question

  Hi,
  I have an Exchange 2013 and AD servers running on server 2008 R2. When you go to create an outlook account you are prompted that a certificate for mydomain.com.au has expired. When you click to view this certificate, it is referring to "www.mydomain.com.au".
  Once you accept the message it goes away, the outlook account sets up OK and the message does not show again unless you set up another account.
  The internal domain name is internal.mydomain.com.au. The Exchange server has a valid purchased SSL certificate that applies to autodiscover.mydomain.com.au, mail.mydomain.com.au, mydomain.com.au and the exchange servers internal name until 2015. The "www."
  cert and website for this domain is separate to the internal servers and mail. The cert for the website has indeed expired but my question is even though it is the same domain why would this internal exchange server be querying the www. certificate when creating
  an outlook account.
  Bit of a tricky question hope I have explained it OK.
  Thanks Robbie

  Hi Robbie,
  Your certificate expired issue may occur when using the Autodiscover service and Outlook Anywhere service. Please follow these steps to have a check:
  1. verify the FQDN that the client users to access the resource from Outlook:
  a. Start Microsoft Outlook.
  b. Click File > Account Settings, click Account Settings.
  c. Click the E-mail tab, click the Exchange account, and then click Change.
  d. Click More Settings, and then click the Connection tab.
  e. “Connect to Microsoft Exchange using HTTP” should be checked, then click Exchange Proxy Settings.
  f. Note the FQDN that is listed in the Only connect to proxy servers that have this principal name in their certificate box. For example, mail.contoso.com.
  2. Run the following command in Exchange to determine the value for the CertPrincipalName attribute for EXPR name:
  Get-OutlookProvider
  For example, the command returns the following: 
  msstd:server1.contoso.com
  3. Modify the CertPrincipalName attribute to match the FQDN that Outlook uses to access the resource:
  Set-OutlookProvider EXPR -CertPrincipalName:"msstd:<FQDN the certificate is issued to>"
  For the Autodiscover service checking, please open outlook - press CTRL key - right click on the Outlook icon from right bottom corner taskbar - Test Email AutoConfiguration. Put your email address - uncheck use guessmart and secure guessmart authentication
  - click Test to check your Autodiscover service. If possible, please post the Results tab here for more troubleshooting.
  Thanks,
  Winnie Liang
  TechNet Community Support

• Lync 2013 Certificates for DR Pool

  Hello, I'm kind of new to Lync 2013 so I could use a little guidance.....  
  My question is regarding edge server certificates for my DR site. We have 2 geographic locations, one for Prod, and one for DR in an active/passive arrangement. The pools are paired for resiliency.
  The prod site is up and running, everything is functioning as it should. We recently decided to deploy Lync in DR. The prod site is using sip.x.com in DNS and SRV records for access edge. Knowing that we cannot use the same DNS
  name for the DR pool, I have used sip_DR.x.com. It is recommended to use the same cert for all edge servers. Does that mean I should use the same cert for both pools? If so, should I then add the SAN sip_dr.x.com to my existing UC cert from digicert, and
  import it to all my edge servers in both pools, or should I have a separate cert for DR? Or, would I request a duplicate cert from digicert and generate the request from one of my edge servers in the DR pool?
  Any help you can provide will be greatly appreciated.
  Thank you. 

  The same cert requirement is for all Edge servers in an Edge pool. You can use a new certificate for the DR Edge pool.
  Take a look at Jeff Schertz' blog: http://blog.schertz.name/2012/07/lync-edge-server-best-practices/
  "The exact same certificate must be used on all common interfaces across the pool, regardless of whether DNS load balancing or hardware load balancing is utilized.  This means that the original certificate request must provide the ability to export
  the private key as the exact same certificate and private key pair must be able to be exported from one Edge server into all other Edge servers.  This is required so that in the event of a failover any existing sessions can be moved to another server
  in the pool and the data can still be decrypted by the same certificate that was used to encrypt the session just prior to the failover."
  Please mark posts as answers/helpful if it answers your question.
  Blog
  Lync Validator - Used to assist in the validation and documentation of Lync Server 2013.

• Assigning exchange online licenses for hybrid deployments

  Please help me understand the following:
  a) If I have an exchange Hybrid deployment, what happens if I activate Exchange online license for a user hosted on prem?
  b) what happens if I add my domain to office 365 tenant and assign Exchange online licenses to users without having a hybrid?
  Thanks

  Hi,
  This is the forum to discuss questions and feedback for Microsoft Office client, better to post your question to the forum for Exchange
  http://social.technet.microsoft.com/Forums/en-US/category/exchangeserver/
  The reason why we recommend posting appropriately is you will get the most qualified pool of respondents, and other partners who read the forums regularly can either share their knowledge or learn from your interaction with us. Thank you for your understanding.
  The following TechNet article may help you:
  http://technet.microsoft.com/en-us/library/jj200581(v=exchg.150).aspx
  http://technet.microsoft.com/en-us/library/hh852414.aspx
  Tony Chen
  TechNet Community Support

• MS Exchange 2013 certificate error.

  we just setup Exchange 2013 but I cant configure outlook . it brings two error messages.
  1. There is a problem with a proxy server's security certificate. the name on the certificate is invalid or does not match the name of the target site.
  2. The connection to Microsoft exchange is unavailable. outlook must be online or connected to complete this action

  Hi Stefo266,
  Great checklist from S.Nithyanandham.
  Which method do you setup your Exchange account into Outlook?Automatically or manually? If failed to setup account automatically, please try to setup manually.
  Thanks
  Mavis Huang
  TechNet Community Support

• Outlook 2013 - Exchange 2013 - Prompts for username and password when EWS basic authentication is enabled

  So we have an Exchange 2013 environment, and a CRM solution that requires basic authentication to EWS internally.  Problem is, after a reboot of our Exchange server, all of our Outlook clients begin prompting for username and password (which nothing
  works) which also starts locking users AD accounts out due to failed login attempts (somehow).  If I disabled basic authentication on EWS, Outlook authenticates as normal using NTLM and there are no issues.  Once Outlook has authenticated, I can
  turn back on basic authentication, and Outlook will be fine until the next time the Exchange server is rebooted.
  Any ideas?

  Hi,
  According to your description, I understand that Outlook client prompted for username and password when Exchange server restart and basic authentication is enabled for EWS.
  If I misunderstand your concern, please do not hesitate to let me know.
  It’s normal. This caused by the difference between basic authentication and NTML authentication:
  Basic, with any version of Outlook prior to 2010, results in a pop up dialog asking for creds. Outlook 2010 makes the 'save this password' actually work, so in an Outlook 2010 or later world, Basic can mean no need to authenticate every time you open/reconnect,
  but in all earlier versions, you will have to enter creds every time.
  NTLM, when used by a client that is domain joined and logged in with cached creds, results in the client simply sending the cached in creds to the server, resulting in what looks like a pretty seamless single sign on experience. However, if you want to do pre-authentication
  at something like TMG, and not let the traffic go all the way to CAS, you need to configure TMG for this.
  Thanks
  Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected]
  Allen Wang
  TechNet Community Support

• Need help regarding the location of Exchange 2013 Logs for parsing

  Hi, I am trying to create reports based on the logs that are created on my exchange server. I am using
  exchange 2013. My problem is that I cannot handle every log, and instead want specific types of logs.
  I need help finding the specific locations of the following types of logs (If they even exist), so that I can parse them and use them effectively:
  Audit Logs (Mailbox logons, Mailbox permission changes, Mailbox property changes,
  Exchange store changes)
  Mail Report Logs (Mailbox size and growth, Mailbox storage growth, Enabled users, Expired and Soon-to-Expire Mailboxes)
  Exchange Traffic Reports (Details on size and amount of messages sent and recieved, Internet traffic [to and from], Traffic between exchange users)
  I understand this might sound like a huge undertaking, but any help that can be provided would be appreciated.
  Again, I need information on the locations of these types of logs on the exchange server, so that I can parse them. Collecting them all and searching through them is not practical for my available resources.
  Thanks,
  Matt

  Audit Logs (Mailbox logons, Mailbox permission
  changes, Mailbox property changes, Exchange
  store changes) ---- these are two type of logs, 1. mailbox audit logs and that is stored in each mailbox under dumpster
  http://technet.microsoft.com/en-us/library/ff461930(v=exchg.150).aspx however you need to
  enable
  it for individual mailboxes... 2. admin audit log, this is stored into a system mailbox dumpster.... http://technet.microsoft.com/en-us/library/dd335052(v=exchg.141).aspx
  Mail Report Logs (Mailbox size and growth, Mailbox
  storage growth, Enabled users, Expired and Soon-to-Expire Mailboxes) ---- there isn't any specific log for this, you would need to create some time of script to collect this every day for you and store it somewhere... This is a good start... http://www.stevieg.org/2011/06/exchange-environment-report/
  Exchange Traffic Reports (Details on size and
  amount of messages sent and recieved, Internet traffic [to and from], Traffic between exchange users) ----- This you can get from message tracking log... http://technet.microsoft.com/en-us/library/bb124375(v=exchg.150).aspx

• First Exchange 2013 server in 2010 Deployment - 2010 edge is routing SOME inbound mail to new server where it fails.

  I have a Barracuda filter receiving all inbound internet mail which delivers to the edge server (both in DMZ).  I have one 2010 edge server and one 2010 ht,cas,mailbox server.   I have added a 2013 server and started working
  on configuring virtual directories.  This is a far as I have gotten. Goal is once new box is working to move all mailboxes to 2013 server and remove 2010 mail box server and keep Barracuda and 2010 edge server to pass mail to the 2013 box.
  My issue is the edge server is already passing inbound internet mail to the new 2013 server.  I see the mail being accepted by the Barracuda and message tracking on the edge shows it as delivered to the new 2013 server, but mailbox
  users never receive.
  Is my solution to simply create a new send connector from the 2013 server to the 2010 box or could this be something else?
  And why is it delivering to a server with now mailboxes on it yet?
  Thank you for any help
  dean

  Hello Dean,
  I understand that the message tracking log indicates the email delivered to Exchange 2013 server. Please check the message tracking log on both Exchange 2013 server and Exchange 2010 server.
  How about the result? Have you created new 2013 mailbox and tested if it works?
  As for the send connector, actually an intra-org send connector will be involved for internal mail flow within an organization. So there is no need to create another send connector.
  In addition, I’d like to share you an article about Edge Subscriptions:
  Title:
  Understanding Edge Subscriptions
  Link:
  http://technet.microsoft.com/en-us/library/aa997438(v=exchg.141).aspx
  Regards,

• Outlook Clients for Exchange 2013 Prompt for Password

  I have a co-existence of versions 2007 and Exchange Server 2013 CU2 and currently have the following problem: 
  - Customers now where I performed the migration to the 2013 version, when starting Outlook is always asking for password. The settings for Outlook Anywhere are as follows: 
  RunspaceId                         : b43cd829-a81f-4b00-bb4d-73389c9df50d
  ServerName                         : EXCH-HTCA13
  SSLOffloading                      : False
  ExternalHostname                   : webmail.first.pt
  InternalHostname                   : exch-htca13.first.pt
  ExternalClientAuthenticationMethod : Basic
  InternalClientAuthenticationMethod : Ntlm
  IISAuthenticationMethods           : {Basic, Ntlm, Negotiate}
  XropUrl                            :
  ExternalClientsRequireSsl          : True
  InternalClientsRequireSsl          : True
  Can anyone help me identify the problem?

  Hi,
  Agree with Andy,you can change the ExternalClientAuthenticationMethod to NTLM,
  In addition, I recommend you refer to the following article:
  Users Constantly Prompted for Credentials after Being Migrated to Exchange 2013
  Thanks.
  Note: Microsoft is providing this information as a convenience to you. The sites are not controlled by Microsoft. Microsoft cannot make any representations regarding the quality,
  safety, or suitability of any software or information found there. Please make sure that you completely understand the risk before retrieving any suggestions from the above link.
  Niko Cheng
  TechNet Community Support

• Unity Connection 9.1.2 - MS Exchange 2013 support for Single Mailbox?

  Hello,
  we are currently running a unity connection system in version 9.1.2TT1.11900 together with single mailbox enabled with our Exchange server in version 2007.
  We are now planning to upgrade the exchange server to version 2013. From my understanding Exchange 2013 is supported with CUCN 9.1.2 (see http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/connection/9x/design/guide/9xcucdgx/9xcucdg020.html).
  When i go to the configuration screens I cannot choose Exchange 2013 ... Is there a special way to configure this or is 2013 not supported with Unity connection 9.1.2 ?
  any hints ?
  Michael

  Exchange 2013 is supported.
  http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/connection/9x/unified_messaging/guide/9xcucumgx/9xcucumg020.html#17832
  If you choose to allow Unity Connection to search for Exchange servers, then you need to select from the following two options:
  – Exchange 2007 and/or 2010: Unity Connection can access every mailbox in the Exchange organization consisting of Exchange 2007, Exchange 2010, and Exchange 2013.
  – Exchange 2003, 2007 and/or 2010: Unity Connection can access every mailbox in the Exchange organization consisting of Exchange 2003, Exchange 2007, and Exchange 2010. When the Exchange organization includes Exchange 2003 servers, Unity Connection always communicates directly with the Exchange back-end servers, it never communicates with Exchange front-end servers.
  The drop down does not state 2013 but it will work fine for 2013..