Exchange 2013 Co-Existence Fail

Similar Messages

• Exchange 2013 co-existence with Exchange 2010 proxying issue.

  Hello,  
  I am testing Exchange 2010 and Exchange 2013 co-existence in my test lab at the moment, with
  a view to migrating our production environment to 2013 later in the year.  
  The lab is setup, and the problem I'm having is that internal Outlook clients cannot open
  their respective mailboxes once the 2013 CAS server is introduced into the mix.  
   The
  setup is listed below:  
  EXCHANGE 2010 Servers  
  TESTLABEXCH01 - CAS,HT,MBX - Exchange 2010 SP3  
  TESTLABEXCH02 - CAS,HT,MBX - Exchange 2010 SP3  
  Both servers are part of a CAS Array - casarray01.testlab.local  
  Both servers are part of a DAG - DAG01.testlab.local  
  RpcClientAccessServer on all 2010 databases set to casarray01.testlab.local  
  The A record for casarray01.testlab.local points to the IP of the VIP of a load balancer.  
  The loadbalancer serves
  the following ports: 25,80,443,143,993,110,995,135,60200,60201  
  OutlookAnywhere is enabled on both servers:  
  ClientAuthenticationMethod : Ntlm  
  IISAuthenticationMethods   : {Basic, Ntlm}  
  Internal and external mail flow works without issue before the 2013 server is introduced. 
  Internal and external client access works without issue before the 2013 server is introduced. 
  Part Two to follow.....
  Matt

  EXCHANGE 2013 Servers :
  TESTLABEXCH03 - CAS,MBX - Exchange 2013 SP1  
  OutlookAnywhere is enabled on the server:  
  ClientAuthenticationMethod : Ntlm  
  IISAuthenticationMethods   : {Basic, Ntlm}  
  RpcClientAccessServer on all 2013 databases set to casarray01.testlab.local
  (This an inherited setting I assume from the pre-existing 2010 organization)  
  Split DNS is in place and all internal/external URL's point to either:  
  autidiscover.external.com  
  mail.external.com  
  The A record for the mail.external.com points to the IP of the load balancer VIP  
  The CNAME record for autodiscover.external.com points to mail.external.com  
  When the TESTLABEXCH03 is added to the load balancer config,
  and given highest priority this is when the Outlook clients stop working.  
  Any existing profiles in Outlook 2010/Outlook 2013 can no be opened as there is a persistent
  credentials prompt.  
  Upon trying to create a new profile, the process errors when reaching the "Log onto server"
  stage and again prompts for credentials.  
  Running the test-outlookconnectivity cmdlet from
  either of the 2010 servers produces the following results.  
  [PS] C:\Windows\system32>Test-OutlookConnectivity -Protocol:http  
  ClientAccessServer   ServiceEndpoint                         
  Scenario                            Result  Latency  
  TESTLABEXCH02  autodiscover.external.com    Autodiscover:
  Web service request.  Success  343.20  
  TESTLABEXCH02  casarray01.testlab.local       RpcProxy::VerifyRpcProxy.  
  Success    0.00  
  TESTLABEXCH02  casarray01.testlab.local         RFRI::GetReferral.                 
  Failure   -1.00  
  TESTLABEXCH02  casarray01.testlab.local        NSPI::GetProfileDetails.           
  Failure   -1.00  
  TESTLABEXCH02  casarray01.testlab.local        
  Mailbox::Connect.                   Failure   -1.00 
  TESTLABEXCH02  casarray01.testlab.local        
  Mailbox::Logon.                     Skipped   -1.00  
  If remove the 2013 CAS server from the loadbalancer config and
  all connections go directly to the 2010 servers again, all of the above tests pass and Outlook connectivity is also restored.  
  IIS has been reset on all 3 servers incidentally, following any changes made whilst troubleshooting. 
  I'm struggling to see what I'm missing here, if anyone can assist in troubleshooting this
  matter further, or point out any errors in my setup it would be greatly appreciated.  
  Regards  
  Matt 
  Matt

• Exchange 2013 co-existence with 2007 can not send from 2013 - receives OK

  2013 SP1  -separate servers for MBX and CAS - 4 of each. Exchange 2007 configured as a CCR
  I am in co-existence mode but have not yet switched on the legacy.domainname.com. I have a new certificate installed on all servers - 2007 and 2013 with the legacy namespace included
  I can receive on the exchange 2013 servers and can send to exchange 2013 users but cannot send to 2007 users or externally. I have enabled protocol logging and I'm seeing:
  2014-04-02T00:57:31.476Z,Outbound Primary,08D1120CF8FEEDBA,0,,10.0.9.1:25,*,,attempting to connect
  2014-04-02T00:57:52.521Z,Outbound Primary,08D1120CF8FEEDBA,1,,10.0.9.1:25,*,,"Failed to connect. Winsock error code: 10060, Win32 error code: 10060, Error Message: A connection attempt failed because the connected party did not properly respond after a
  period of time, or established connection failed because connected host has failed to respond 10.0.9.1:25"
  The client has a pair of Axway mailgateway appliances (Tumbleweed). We can Telnet between the exchange 2013 servers and the Axways. There is a firewall between these mail gateways and the exchange servers and the following ports were opened - 25,443,465,995,110
  I used the existing send connectors from 2007 and just added the mailbox servers to them. I created 2 new receive connectors to match 2 specialist 2007 connectors.
  But I still can't send mail. Any suggestions where next to check?

  Hi Tony 
  Based on the protocol logs error looks like there is connectivity problem between Ex2007 and Ex2013
  First you can try dropping an email through Telnet from Exchange 2013 to Exchange 2007 to see the message failure happens at which transit.
  You can add the IP address of Exchange 2013 in Exchange 2007 default receive connector and vice versa.
  Restart the transport service and try sending an email from exchange 2013 to Exchange 2007 and see the results
  Also you can try creating a dedicated receive connector for Exchange 2007 in Exchange 2013 and vice versa if the above step does not work 
  Also try disabling the firewall and see if it helps.
  Remember to mark as helpful if you find my contribution useful or as an answer if it does answer your question.That will encourage me - and others - to take time out to help you

• Exchange 2013 SP1 Setup fails

  I am getting very frustrated. It really shouldn't take over a week to install Exchange.
  I have two domain controllers, Windows 2003 and Windows 2008 R2. The 2008 is now all Operations Masters for all roles.
  I have a clean install of W2K8 R2 SP1 installed under Hyper-V on a separate physical W2K8 server. Before starting the install I used ADSIEdit to ensure there was nothing left in the AD of prior Exchange install attempts. This is the first and only installation
  of Exchange.
  I am running the install as the Domain\Administrator and naturally that account is a member of all the appropriate security groups. RSAT are installed on the Exchange server and using them to access Users and Computers clearly shows this. The install fails
  with the errors below, all of which appear to be incorrect.
  *** BEGIN ERROR ***
  Error:
  Global updates need to be made to Active Directory, and this user account isn't a member of the 'Enterprise Admins' group.
  For more information, visit: http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.GlobalUpdateRequired.aspx
  Error:
  You must be a member of the 'Organization Management' role group or a member of the 'Enterprise Admins' group to continue.
  For more information, visit: http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.GlobalServerInstall.aspx
  Error:
  You must use an account that's a member of the Organization Management role group to install or upgrade the first Mailbox server role in the topology.
  For more information, visit: http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.DelegatedBridgeheadFirstInstall.aspx
  Error:
  You must use an account that's a member of the Organization Management role group to install the first Client Access server role in the topology.
  For more information, visit: http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.DelegatedCafeFirstInstall.aspx
  Error:
  You must use an account that's a member of the Organization Management role group to install the first Client Access server role in the topology.
  For more information, visit: http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.DelegatedFrontendTransportFirstInstall.aspx
  Error:
  You must use an account that's a member of the Organization Management role group to install or upgrade the first Mailbox server role in the topology.
  For more information, visit: http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.DelegatedMailboxFirstInstall.aspx
  Error:
  You must use an account that's a member of the Organization Management role group to install or upgrade the first Client Access server role in the topology.
  For more information, visit: http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.DelegatedClientAccessFirstInstall.aspx
  Error:
  You must use an account that's a member of the Organization Management role group to install the first Mailbox server role in the topology.
  For more information, visit: http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.DelegatedUnifiedMessagingFirstInstall.aspx
  Error:
  Setup encountered a problem while validating the state of Active Directory: Couldn't find the Enterprise Organization container.  See the Exchange setup log for more information on this error.
  For more information, visit: http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.AdInitErrorRule.aspx
  Error:
  The forest functional level of the current Active Directory forest is not Windows Server 2003 native or later. To install Exchange Server 2013, the forest functional level must be at least Windows Server 2003 native.
  For more information, visit: http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.ForestLevelNotWin2003Native.aspx
  Error:
  This computer requires the Microsoft Unified Communications Managed API 4.0, Core Runtime 64-bit. Please install the software from http://go.microsoft.com/fwlink/?LinkId=260990.
  For more information, visit: http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.UcmaRedistMsi.aspx
  Error:
  This computer requires the update described in Microsoft Knowledge Base article KB974405 (http://go.microsoft.com/fwlink/?LinkId=262357). Please install the update, and then restart Setup.
  For more information, visit: http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.Win7WindowsIdentityFoundationUpdateNotInstalled.aspx
  Error:
  Either Active Directory doesn't exist, or it can't be contacted.
  For more information, visit: http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.CannotAccessAD.aspx
  Warning:
  Setup will prepare the organization for Exchange 2013 by using 'Setup /PrepareAD'. No Exchange 2007 server roles have been detected in this topology. After this operation, you will not be able to install any Exchange 2007 servers.
  For more information, visit: http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.NoE12ServerWarning.aspx
  Warning:
  Setup will prepare the organization for Exchange 2013 by using 'Setup /PrepareAD'. No Exchange 2010 server roles have been detected in this topology. After this operation, you will not be able to install any Exchange 2010 servers.
  For more information, visit: http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.NoE14ServerWarning.aspx
  *** END ERROR
  Why can't Exchange installation see the AD when everything else can?

  It appears that these error messages are pure fiction. I went back to ADSI Edit and removed some MS Exchange container and then reran setup /prepareschema again followed by setup /preparead and finally setup /mosde:install /role:clientaccess,mailbox and
  it churned away for a long time, apparently working.
  It appears than when it says you aren't a member of Schema Admins and that it can't access Active Directory, what it really means is it could find the AD just fine, but didn't like what it saw.
  My guess would be very sloppy programming in which the low level error doesn't bubble up and so when something fails it just assumed you didn't have permissions.
  It's not quite finished yet, but I am beginning to believe it will finish. So that's almost 6 days of non stop effort to install Exchange. It's hard top believe they are allowed to charge for this stuff.

• Exchange 2013 cu3 setup fails with 'problem... validating the state of Active Directory... supplied credential... invalid'

  Windows Server 2013; Exchange Server 2013 with Cumulative Update 1
  Cannot install Cumulative Update 3 for Exchange Server 2013. It fails with
  [xxx] [0] [ERROR] Setup encountered a problem while validating the state of Active Directory: Active Directory operation failed on . The supplied credential for 'XXX\Xxx' is invalid.  See the Exchange setup log for more information on this error.
  [xxx] [0] [ERROR] Active Directory operation failed on . The supplied credential for 'XXX\Xxx' is invalid.
  [xxx] [0] [ERROR] The supplied credential is invalid.
  (Crosses - XXX - replace original values.)
  I have found that a few others have experienced the same problem but found no solution, nor could come up with anything myself. If it is any hint, Event 40961 was logged in the Event Viewer around the same time on almost all installation attempts to be purely
  conincidental:
  The Security System could not establish a secured connection with the server
  ldap/xxx.xxx/[email protected] No authentication protocol was available.
  Both Windows Server and Exchange Server otherwise work OK, and do not recall any issues with Cumlative Update 1 installation.

  Hi vhr1,
  Based on my knowledge, the Event ID 40961 is a warning message.
  This behavior occurs when we restart the server that was promoted to a DC. The Windows Time service tries to authenticate before Directory Services has started.
  Found some resources for your reference even if the Exchange Version is mismatched:
  http://blogs.technet.com/b/jhoward/archive/2005/04/20/403946.aspx
  http://support.microsoft.com/kb/823712/en-us
  About the error message, "Setup encountered a problem while validating the state of Active Directory: Active Directory operation failed on . The supplied credential for 'XXX\Xxx' is invalid."
  The error message InvalidCredentials means: the wrong password was supplied or the SASL credentials cannot be processed.
  Found a similar thread for your reference, hope it is helpful:
  http://social.technet.microsoft.com/Forums/en-US/98e26ad6-8e43-4ef5-8ff9-e9fee6e76bda/bind-operation-is-invalid?forum=exchangesvrdeploylegacy
  Feel free to contact me if there is any problem.
  Thanks
  Mavis
  Mavis Huang
  TechNet Community Support

• Exchange 2013 Domain Prep Fails: Setup /prepareschema, setup /PrepareAD, Setup /PrepareDomain

  Whenever I try to prep for a 2013 exchange install I always get:
  "earlier versions of the server roles that are installed were detected"
  whenever I try to run Setup /prepareschema OR setup /PrepareAD OR Setup /PrepareDomain
  I am working on a Server 2012 standard machine with Exchange 2010 currently installed. This server is a DC (bad I know), DNS, DHCP.
  I am trying to prep the domain so that I can install Exchange 2013 on a VM and eventually remove Exchange 2010 from the organization altogether.
  There are no other domain controlelrs in the domain. The domain started life as a SBS 2003 machine which was demoted and removed once the server 2012 box was up with exchange 2010 running.
  Any help would be greatly appreciated.
  Here is some info that may help:
  1. PrePare Schema
  Navigated an elevated command prompt to the folder with Exchange 2013 CU3.
  Ran setup /PrepareSchema
  This command should perform the following tasks:
  A: Connects to the schema master and imports LDAP Data Interchange Format (LDIF) files to update the schema with 
  Exchange 2013 specific attributes. The LDIF files are copied to the Temp directory and then deleted after they are imported 
  into the schema.
  B: Sets the schema version (ms-Exch-Schema-Verision-Pt) to a Exchange 2013 value.
  This command fails with: Earlier versions of server roles that were installed were detected.
  First I confirmed that administrator account for domain is a member of schema admins and enterprise admins.
  Next I ran asdiedit.
  I navigated to: "CN=ms-Exch-Schema-Version-Pt,CN=Schema,CN=Configuration,DC=BDA,DC=LAN"
  and reviewed the current "rangeUpper" attribute.
  The ms-Exch-Schema-Verision-Pt is not updated to CU3 range Upper setting.
  The current range upper 14734 which means its still at Exchange 2010 SP3 settings. 
  In short, updaing the schema fails.
  2. Prepare Active Directory
  Navigated an elevated command prompt to the folder with Exchange 2013 CU3.
  setup /PrepareAD [/OrganizationName:<organization name>]
  This command fails with: Earlier versions of server roles that were installed were detected.
  schema update version 56
  I began reviewing the long, long list of the following containers and objects under
   CN=<Organization Name>,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=<root domain>
  which are required for Exchange 2013:
  missing cn=Auth Configuration
  missing CN=ExchangeAssistance
  missing CN=Monitoring Settings
  missing CN=Monitoring Settings
  missing CN=Monitoring Settings
  missing CN=Workload Management Settings
  Checked Management role groups within the Microsoft Exchange Security Groups OU
  missing Compliance Management group  --- Manually created this entry
  Step 3 Prepare Domain:
  Navigated an elevated command prompt to the folder with Exchange 2013 CU3.
  Ran setup /PrepareDomain
  This command fails with: Earlier versions of server roles that were installed were detected.
  confirmed the following:
  ObjectVersion property fails as it is still set to Echange 2010 sp3 -  13040
  You have a new global group in the Microsoft Exchange System Objects container called Exchange Install Domain Servers-DONE
  The Exchange Install Domain Servers group is a member of the Exchange Servers USG in the root domain.-DONE
  On each domain controller in a domain in which you will install Exchange 2013, the Exchange Servers USG has permissions 
  on the Domain Controller Security Policy\Local Policies\User Rights Assignment\Manage Auditing and Security Log policy.-DONE
  Thanks.

  Whenever I try to prep for a 2013 exchange install I always get:
  "earlier versions of the server roles that are installed were detected"
  Hi,
  That tells us that you are trying to run the prep on your combined DC and Exchange 2010 Server - That will not work. Run it on the Server where you plan to install Exchange 2013.
  It is not mandatory to run this before the actuall Exchange install - It will run automatically for you, if it hasn't been done already and if you are logged on with an account with the proper permissions.
  Martina Miskovic

• Exchange 2013 ECP Login fails HTTP 404 Requested URL: /owa/auth/logon.aspx

  Hi,
  One of our Exchange servers stopped allowing access to OWA and ECP. I have now managed to get OWA working but ECP is still failing. When connecting to ECP using https://servername/ecp/ it asks me for my username and password. After hitting enter it shows
  me an error page:
  Server Error in '/owa' Application.
  The resource cannot be found.
  Description: HTTP 404. The resource you are looking for (or one of its dependencies) could have been removed, had its name changed, or is temporarily unavailable.  Please review the following URL and make sure that it is spelled correctly.
  Requested URL: /owa/auth/logon.aspx
  URL in the address bar while on this screen: https://exchangeserver:444/owa/auth/logon.aspx?url=https://exchangeservera:444/ecp/&reason=0
  Question: When the URL points to servername:444/owa/auth/logon.aspx - Is it trying to find the logon.aspx in C:\Program Files\Microsoft\Exchange Server\V15\ClientAccess\Owa\auth? There is no such file in that directory?
  I have removed and recreated the ECP and OWA virtual directories several times.
  I am trying to login using a domain administrator account.
  Thanks,

  Hi,
  Is there any Exchange server 2010 coexistence with your Exchange 2013 server? If it is, please try the URL
  https://CAS15-NA/ecp?ExchClientVer=15 to access ECP.
  Also run the following to check your OWA and ECP virtual directories:
  Get-EcpVirtualDirectory -ShowMailboxVirtualDirectories | FL Identity,*Authentication*
  Get-OwaVirtualDirectory -ShowMailboxVirtualDirectories | FL Identity,*Authentication*
  And make sure the Basic and Forms authentications are enabled in
  Default Web Site and Ntlm, WindowsIntegrated
  authentication methods are enabled in
  Exchange Back End. Then restart IIS service by running
  iisreset /noforce from a command prompt window.
  If the issue persists, please collect any event logs or IIS logs for further analysis.
  Thanks,
  Winnie Liang
  TechNet Community Support

• Exchange 2013 SP1 - healthsets failing

  Hi,
  I have recently installed two Exchange 2013 SP1 servers in different environments and are experiencing issues on both. Issues that I haven't seen on Exchange 2013 without SP1.
  I have 6 healthsets which are unhealthy. 
  Autodiscover...
  ActiveSync.P...
  EWS.Proxy
  OAB.Proxy
  Outlook.Proxy
  OutlookMapiH...
  I found this article: 
  http://technet.microsoft.com/en-us/library/ms.exch.scom.ecp.proxy(v=exchg.150).aspx
  Which describes, that try to restart the app pool, then an iisreset - and lastly reboot the server. Tried all and none of them helped.
  But then I found this error in the Exchang event log:
  RecycleApplicationPool-MSExchangePowerShellAppPool-RpsDeepTestPSProxyRestart: Throttling rejected the operation
  Which fails almost every minute.
  And I guess that this could be the issue. But I can't figure out which throttling that is causing this.
  Any one else with this issue on Exchange 2013 SP1?
  Thanks in advance.
  /Kim

  Hi,
  I have seen a lot of similar issues with health manager service. For IIS services, we can safely ignore these warnings. Personal experience, we just need to monitor whether there are related
  error reports in event log.
  Thanks,
  Simon Wu
  TechNet Community Support

• Exchange 2013 IMAP Connectivity Failing

  I have gone through all of the troubleshooting i can find, and can't get IMAP connectivity to work to my Exchange 2013 server.  I have an application that uses IMAP to connect to a mailbox to create and update help tickets.
  I get the following in the log:
  2014-04-03T14:03:25.783Z,00000000000000C7,0,10.10.50.55:993,10.10.50.18:56287,,18,0,53,OpenSession,,
  2014-04-03T14:03:25.798Z,00000000000000C8,0,10.10.50.55:993,10.10.50.18:56288,,14,0,53,OpenSession,,
  2014-04-03T14:03:26.079Z,00000000000000C8,1,10.10.50.55:993,10.10.50.18:56288,,1,27,125,capability,,R=ok
  2014-04-03T14:03:26.236Z,00000000000000C8,2,10.10.50.55:993,10.10.50.18:56288,imaptest,95,37,35,login,imaptest *****,"R=""1274136704c94dce NO LOGIN failed."";Msg=User:imaptest:0a2fa0f8-47d9-4ad0-b6a5-8c4853d301d9:SCS_EX2013DB:SCS-VM-EX2013.*****.com;Proxy:SCS-VM-EX2013.****.com:9933:SSL;ProxyNotAuthenticated"
  I have tried a few different users, and get the same error with each.
  Any ideas??

  Hi,
  To understand more about the issue, I’d like to confirm the following information:
  The detail error message when you login your account in IMAP mode.
  The result when you use telnet to check the IMAP connectivity:
  http://support.microsoft.com/kb/189326/en-us
  If you have any question, please feel free to let me know.
  Thanks,
  Angela Shi
  TechNet Community Support

• Exchange 2013 (co-existence 2007) - 2013 mailbox can not connect with Outlook 2010

  This was working but after some problems with third party pop3 its been broken. Grrrrrrr
  OWA internally works fine for my 2013 test mailboxes. It doesn't work externally yet because I have yet to cutover to co-existence. (Still pointing to the 07 CAS externally)
  Internally Outlook 2010 is working for 2007 users. But for my three test 2013 mailboxes it is not. Outlook 2010 is patched to the correct level (even tried sp2)
  It finds the user name - finds the server but refuses to authenticate. I have checked the outlook anywhere url on the 2013 server and I get the correct urls- internal and external set the same. I have set the service control point for autodiscover
  on 2013.
  Now I haven't yet cut over externally to 2013 - and my internal urls for OWA are still set to webmail. But the legacy name exists and is set internally for all others. Authentication? basic externally NTLM internally
  Where do I start looking. .

  Hi 
  Did you try running ExRCA test ?
  If you have tried whats the result for EXRCA?
  Do you have a valid Certificate assigned for Exchange 2013 ?
  Do you have a valid cert principal Name for Exchange 2013 ?
  Do you get any errors while trying to open outlook for test migrated users ?
  If so can you paste the errors
  You can also use test-outlookconnectivity cmdlet to test connectivity and see the results for any errors
  Note :The outlook that you are using should patched with latest patch at-least with Nov 2013 patch.
  Since Exchange 2013 has minimum requirement on the outlook version. Also check the authentication for Outlook Anywhere should be NTLM in co-existence mode of Exchange 2007 and 2013.
  you can verify them using ps Get-OutlookAnywhere | fl and check the Authentication method for external and internal.
  Remember to mark as helpful if you find my contribution useful or as an answer if it does answer your question.That will encourage me - and others - to take time out to help you Check out my latest blog posts on www.exchangequery.com

• Exchange 2013 -DiscoveryMaxMailboxes Search Fails

  I have set up a throttling policy using the following command Set-ThrottlingPolicy –Name Discovery -DiscoveryMaxConcurrency 2 -DiscoveryMaxMailboxes 25000 , I have applied the policy to a
  user who has search permissions in Exchange. I have confirmed its been applied. I have confirmed that DiscoveryMaxMailboxes is 25000. I run the search, and it fails complaining about searching less than 5000 mailboxes.
  Exchange 2013 SP1 CU5
  Robert Watt
  Hold
  None
  Search
  Status:
  Run by:
  Run on:
  Size: 0 B
  Items: 0
  Errors:
  An unknown error occurred on the   search server. Please contact your administrator for assistance. The message   from the search server
  is 'The search exceeded the maximum number of   mailboxes that can be searched at a time. Please try searching less than 5000   mailboxes.'.
  Statistics:

  Hi,
  I'm afraid that you can't specify the value of DiscoveryMaxMailboxes parameter is more than 5000, there is a limitation to the number of mailboxes that can be searched and it is 5,000*. Any number beyond this and the specified query will return
  the following error: An unknown error occurred on the search server. Please contact your administrator for assistance. The message from the search server is 'The search exceeded the maximum number of mailboxes that can be searched at a time. Please try searching
  less than 5000 mailboxes.'.
  More details refer to the following article:
  http://blogs.technet.com/b/johnbai/archive/2014/02/11/exchange-2013-ediscovery-changes.aspx
  Best regards!
  Niko
  Niko Cheng
  TechNet Community Support

• Exchange2010 migration to Exchange 2013 federation trust failed (Outlook Provider Failure)

  We are in a migration Exchange 2010 to Exchange 2013.
  On the 'old' Exchange 2010 we are using a Federation Trust to 2 order company's. The federation trust for mailbox's on the exchange 2013 wont work.
  We removed the federation trust on the old exchange 2010 server and create a new federation trust on the new Exchange 2013 server. We also changes the DNS TXT records. Creating the new federation trust without errors. But when the 2 order company's trying
  to connect (add our company name for trust) they get a error.
  A have trying to run a couple tests on the new Exchange 2013 server and found this error:
  [PS] C:\Windows\system32>Test-OutlookWebServices -debug -Identity [email protected] -MailboxCredential(Get-Credential
  cmdlet Get-Credential at command pipeline position 1
  Supply values for the following parameters:
  Credential
  Source                              ServiceEndpoint                    
  Scenario                       Result  Latency
  (MS)
  AM111.AM.LAN                        autodiscover.company.nl            Autodiscover: Outlook
  Provider Failure     144
  AM111.AM.LAN                        webmail.company.nl                
  Exchange Web Services          Success     134
  AM111.AM.LAN                        webmail.company.nl                
  Availability Service           Success     207
  AM111.AM.LAN                                                           
  Offline Address Book           Skipped       0

  Hi,
  Are you add primary SMTP domain as a federated domain? If not, please run below command to achieve this function:
  Add-FederatedDomain -DomainName contoso.com
  Configure federated sharing for the Exchange 2013 organization. Complete the steps in
  Configure federated sharing.
  Configure federated delegation (previous name for federated sharing) for the Exchange 2010 SP2 organization. Complete the steps in
  Configure federated delegation.
  Besides, I find an similar thread about Autodiscover service failed within federated trust, for your convenience:
  https://social.technet.microsoft.com/Forums/ie/en-US/ea192e0a-1363-4cb6-9fc4-2973f64afc23/the-response-from-the-autodiscover-service-at?forum=exchange2010
  Best Regards,
  Allen Wang

• Exchange 2013 SP 1 fails MSSpeech_SR_TELE.ca-ES.msi

  Hi
  After trying to install exchange 2013 SP 1 it fails with the following error : MSSpeech_SR_TELE.ca-ES.msi couldn't be opened.
  I'm running the upgrade through the command line with elevated privileges.
  I've re downloaded the sp already 2 times to no avail.
  The file exists in the extracted version.
  Same error occurred in CU 2 I've read on forums.
  [03/03/2014 13:27:57.0852] [1] [ERROR] The following error was generated when "$error.Clear();
            Install-MsiPackage `
              -PackagePath ([System.IO.Path]::Combine($RoleLanguagePacksPath, "Setup\ServerRoles\UnifiedMessaging\MSSpeech_SR_TELE.ca-ES.msi")) `
              -PropertyValues ("ARPSYSTEMCOMPONENT=1 ALLUSERS=1") `
              -LogFile ([System.IO.Path]::Combine($RoleSetupLoggingPath, "InstallSpeech-ca-ES.msilog"))
          " was run: "Couldn't open package 'C:\Program Files\Microsoft\Exchange Server\V15\bin\Setup\ServerRoles\UnifiedMessaging\[03/03/2014 13:27:57.0852] [1] [ERROR] The following error was generated when "$error.Clear();
            Install-MsiPackage `
              -PackagePath ([System.IO.Path]::Combine($RoleLanguagePacksPath, "Setup\ServerRoles\UnifiedMessaging\MSSpeech_SR_TELE.ca-ES.msi")) `
              -PropertyValues ("ARPSYSTEMCOMPONENT=1 ALLUSERS=1") `
              -LogFile ([System.IO.Path]::Combine($RoleSetupLoggingPath, "InstallSpeech-ca-ES.msilog"))
          " was run: "Couldn't open package 'C:\Program Files\Microsoft\Exchange Server\V15\bin\Setup\ServerRoles\UnifiedMessaging\[03/03/2014 13:27:57.0852] [1] [ERROR] The following error was generated when "$error.Clear();
            Install-MsiPackage `
              -PackagePath ([System.IO.Path]::Combine($RoleLanguagePacksPath, "Setup\ServerRoles\UnifiedMessaging\MSSpeech_SR_TELE.ca-ES.msi")) `
              -PropertyValues ("ARPSYSTEMCOMPONENT=1 ALLUSERS=1") `
              -LogFile ([System.IO.Path]::Combine($RoleSetupLoggingPath, "InstallSpeech-ca-ES.msilog"))
          " was run: "Couldn't open package 'C:\Program Files\Microsoft\Exchange Server\V15\bin\Setup\ServerRoles\UnifiedMessaging\MSSpeech_SR_TELE.ca-ES.msi'. This installation package could not be opened. Verify
  that the package exists and that you can access it, or contact the application vendor to verify that this is a valid Windows Installer package. Error code is 1619.".
  [03/03/2014 13:27:57.0852] [1] [ERROR] Couldn't open package 'C:\Program Files\Microsoft\Exchange Server\V15\bin\Setup\ServerRoles\UnifiedMessaging\MSSpeech_SR_TELE.ca-ES.msi'. This installation package could not be opened. Verify that the package exists and
  that you can access it, or contact the application vendor to verify that this is a valid Windows Installer package. Error code is 1619.
  [03/03/2014 13:27:57.0852] [1] [ERROR] This installation package could not be opened. Verify that the package exists and that you can access it, or contact the application vendor to verify that this is a valid Windows Installer package
  [03/03/2014 13:27:57.0852] [1] [ERROR-REFERENCE] Id=SpeechComponent___c2c075b985784599a14e8fa90dbc0403 Component=EXCHANGE14:\Current\Release\Shared\Datacenter\Setup'. This installation package could not be opened. Verify that the package exists and that you
  can access it, or contact the application vendor to verify that this is a valid Windows Installer package. Error code is 1619.".
  [03/03/2014 13:27:57.0852] [1] [ERROR] Couldn't open package 'C:\Program Files\Microsoft\Exchange Server\V15\bin\Setup\ServerRoles\UnifiedMessaging\MSSpeech_SR_TELE.ca-ES.msi'. This installation package could not be opened. Verify that the package exists and
  that you can access it, or contact the application vendor to verify that this is a valid Windows Installer package. Error code is 1619.
  [03/03/2014 13:27:57.0852] [1] [ERROR] This installation package could not be opened. Verify that the package exists and that you can access it, or contact the application vendor to verify that this is a valid Windows Installer package
  [03/03/2014 13:27:57.0852] [1] [ERROR-REFERENCE] Id=SpeechComponent___c2c075b985784599a14e8fa90dbc0403 Component=EXCHANGE14:\Current\Release\Shared\Datacenter\Setup'. This installation package could not be opened. Verify that the package exists and that you
  can access it, or contact the application vendor to verify that this is a valid Windows Installer package. Error code is 1619.".
  [03/03/2014 13:27:57.0852] [1] [ERROR] Couldn't open package 'C:\Program Files\Microsoft\Exchange Server\V15\bin\Setup\ServerRoles\UnifiedMessaging\MSSpeech_SR_TELE.ca-ES.msi'. This installation package could not be opened. Verify that the package exists and
  that you can access it, or contact the application vendor to verify that this is a valid Windows Installer package. Error code is 1619.
  [03/03/2014 13:27:57.0852] [1] [ERROR] This installation package could not be opened. Verify that the package exists and that you can access it, or contact the application vendor to verify that this is a valid Windows Installer package
  [03/03/2014 13:27:57.0852] [1] [ERROR-REFERENCE] Id=SpeechComponent___c2c075b985784599a14e8fa90dbc0403 Component=EXCHANGE14:\Current\Release\Shared\Datacenter\Setup

  Thanks for the update John!
  From what I have read, it can work running the upgrade in Windows Powershell, but the syntax must be right.
  .\Setup.exe /m:upgrade /IAcceptExchangeServerLicenseTerms
  compared to:
  Setup.exe /m:upgrade /IAcceptExchangeServerLicenseTerms
  Rhoderick Milne has a great blog post about this, so check it out: 
  6 Mistakes To Avoid With Exchange 2013 CU Command Line Installations . Personally I haven't tried that - So used to always run any exchange CU/SP or Rollup in the command line :)
  Martina Miskovic

• Installing Exchange 2013 CU 6 failed

  Hello, we have a big problem with installing CU6 on a new installed exchange 2013 server. Here's the error message:
  Error:
  The following error was generated when "$error.Clear();
            if ($RoleIsDatacenter -ne $true -and $RoleIsDatacenterDedicated -ne $true)
            if (Test-ExchangeServersWriteAccess -DomainController $RoleDomainController -ErrorAction SilentlyContinue)
            $sysMbx = $null;
            $name = "SystemMailbox{bb558c35-97f1-4cb9-8ff7-d53741dc928c}";
            $dispName = "Microsoft Exchange";
            Write-ExchangeSetupLog -Info ("Retrieving mailboxes with Name=$name.");
            $mbxs = @(Get-Mailbox -Arbitration -Filter {name -eq $name} -IgnoreDefaultScope -ResultSize 1 );
            if ($mbxs.Length -eq 0)
            Write-ExchangeSetupLog -Info ("Retrieving mailbox databases on Server=$RoleFqdnOrName.");
            $dbs = @(Get-MailboxDatabase -Server:$RoleFqdnOrName -DomainController $RoleDomainController);
            if ($dbs.Length -ne 0)
            Write-ExchangeSetupLog -Info ("Retrieving users with Name=$name.");
            $arbUsers = @(Get-User -Filter {name -eq $name} -IgnoreDefaultScope -ResultSize 1);
            if ($arbUsers.Length -ne 0)
            Write-ExchangeSetupLog -Info ("Enabling mailbox $name.");
            $sysMbx = Enable-Mailbox -Arbitration -Identity $arbUsers[0] -DisplayName $dispName -database $dbs[0].Identity;
            else
            if ($mbxs[0].DisplayName -ne $dispName )
            Write-ExchangeSetupLog -Info ("Setting DisplayName=$dispName.");
            Set-Mailbox -Arbitration -Identity $mbxs[0] -DisplayName $dispName -Force;
            $sysMbx = $mbxs[0];
            # Set the Organization Capabilities needed for this mailbox
            if ($sysMbx -ne $null)
            # We need 1 GB for uploading large OAB files to the organization mailbox
            Write-ExchangeSetupLog -Info ("Setting mailbox properties.");
            set-mailbox -Arbitration -identity $sysMbx -UMGrammar:$true -OABGen:$true -GMGen:$true -ClientExtensions:$true -MailRouting:$true
  -MessageTracking:$true -PstProvider:$true -MaxSendSize 1GB -Force;
            Write-ExchangeSetupLog -Info ("Configuring offline address book(s) for this mailbox");
            Get-OfflineAddressBook | where {$_.ExchangeVersion.CompareTo([Microsoft.Exchange.Data.ExchangeObjectVersion]::Exchange2012)
  -ge 0 -and $_.GeneratingMailbox -eq $null} | Set-OfflineAddressBook -GeneratingMailbox $sysMbx.Identity;
            else
            Write-ExchangeSetupLog -Info ("Cannot find arbitration mailbox with name=$name.");
            else
            Write-ExchangeSetupLog -Info "Skipping creating E15 System Mailbox because of insufficient permission."
          " was run: "Microsoft.Exchange.ProvisioningAgent.RusException:  Failed to generate proxy address. Additional information:
  General Error.
     at Microsoft.Exchange.DefaultProvisioningAgent.Rus.SingleProxySession.CheckReturnCode(ReturnCode rc)
     at Microsoft.Exchange.DefaultProvisioningAgent.Rus.SingleProxySession.CheckProxy(RecipientInfo pRecipientInfo, String pwszProxyAddr)
     at Microsoft.Exchange.DefaultProvisioningAgent.Rus.ProxySession.CheckSingleProxy(ProxyAddressTemplate baseAddress, RecipientInfo recipientInfo, ProxyAddress oldProxyAddress)
     at Microsoft.Exchange.DefaultProvisioningAgent.Rus.ProxySession.GenerateProxies(IConfigurationSession configSession, IRecipientSession recipientSession, IRecipientSession
  globalCatalogSession, IEnumerable`1 baseAddresses, IEnumerable`1 oldProxies, RecipientInfo recipientInfo, ADRecipient recipient, LogMessageDelegate logger)
     at Microsoft.Exchange.DefaultProvisioningAgent.Rus.ProxySession.CreateProxies(IConfigurationSession configSession, IRecipientSession recipientSession, IRecipientSession
  globalCatalogSession, IEnumerable`1 baseAddresses, ADRecipient recipient, LogMessageDelegate logger)
     at Microsoft.Exchange.DefaultProvisioningAgent.Rus.EmailAddressPolicyHandler.UpdateEmailAddresses(List`1 allPolicies, ADRecipient recipient, LdapFilterProvider filterProvider)
     at Microsoft.Exchange.DefaultProvisioningAgent.Rus.EmailAddressPolicyHandler.UpdateRecipient(ADRecipient recipient)
     at Microsoft.Exchange.ProvisioningAgent.DefaultRUSProvisioningHandler.UpdateRecipient(ADRecipient recipient)
     at Microsoft.Exchange.ProvisioningAgent.RUSProvisioningHandler.UpdateAffectedIConfigurable(IConfigurable writeableIConfigurable)
     at Microsoft.Exchange.Provisioning.ProvisioningLayer.UpdateAffectedIConfigurable(Task task, IConfigurable writeableIConfigurable, Boolean checkProvisioningLayerAvailability)
     at Microsoft.Exchange.Configuration.Tasks.SetTaskBase`1.InternalValidate()
     at Microsoft.Exchange.Configuration.Tasks.SetRecipientObjectTask`3.InternalValidate()
     at Microsoft.Exchange.Management.Common.SetMailEnabledRecipientObjectTask`3.InternalValidate()
     at Microsoft.Exchange.Management.RecipientTasks.SetUserBase`2.InternalValidate()
     at Microsoft.Exchange.Management.RecipientTasks.SetMailboxBase`2.InternalValidate()
     at Microsoft.Exchange.Management.RecipientTasks.SetMailbox.InternalValidate()
     at Microsoft.Exchange.Configuration.Tasks.Task.<ProcessRecord>b__b()
     at Microsoft.Exchange.Configuration.Tasks.Task.InvokeRetryableFunc(String funcName, Action func, Boolean terminatePipelineIfFailed)".
  After this error message, the exchange installation is incomplete, there is no repair possible. Also remove the installation is not possible because there is an incomplete update installed.
  Any ideas how to solve this?

  Hi,
  From the description of the error “ Microsoft.Exchange.ProvisioningAgent.RusException:  Failed to generate proxy address. Additional information: General Error. ”
  Appeared to have some valid proxy address. Please check if there are invalid characters in the admin account proxy address.
  To find the proxy address, take the following steps:
  Open ADUC, Click View in the menu then click
  Advanced Features.
  Navigate to yourOrganization >> Users, choose the admin account, right-click to
  Properties.
  Under Attributes Editor tab, find the proxyaddresses
  Attribute, then check the address.
  Hope this will be helpful for you.
  Best Regards.

• Upgrade of Integation Services (Windows 2012 R2) on Windows 2008 R2 with Exchange 2013 SP1 DAG fails

  Here is the scenario:
  Legacy Host: Windows 2008 R2
  Guest VM: Windows 2008 R2 with Exchange 2013 SP1 DAG cluster.
  After importing the VM (2008 R2 and Exchange 2013 DAG) into a 2012 R2 host (Cluster).  (copy VM files to new 2012 R2host) Everything works fine.
  Then upgrading "Installation Services" (for Windows 2012 R2 host) on the imported VM runs fine with no errors to the "Restart" prompt. VM than shows: "Configuring Windows updates 32% complete. Do not turn
  of your computer." Hangs there for about 20 minutes until is says "shutting down". Hangs there for 20 minutes until power off. Restart to normal start; "Preparing to configure Windows. Do not turnoff your computer." proceeds slowly
  to "Configuring Windows updates 32% complete. Do not turn of your computer." hangs there again indefinite. Sometime hangs at shutdown cycle and "Configuring Windows updates 32% complete. Do not turn of your computer." indefinitely.
  I moved 20 other machines from a 2008 R2 host to new Windows 2012 R2 hosts all of these machines install the 2012 R2 Integration services just fine on the 2008 R2 VM. Just the 2008 R2 VMs clustered (DAG) and Exchange 2013 SP1 do not take the Integration
  Services upgrade.
  Any advise from Microsoft? I know I could decommission the DAG and Exchange machines and install Integration services on the native box before Exchange and DAG and that would sure work, but I'd rather avoid that amount of work for a simple integration layer
  upgrade.
  Thanks
  Gerhard Waterkamp ACSLA Inc.

  Hi,
  Could you try use the following method to fix this issue first?
  1. Run the System Update Readiness Tool, then check if there is any error in the Checksur.log and checksur.persist.log.
   1. Please run the System Update Readiness Tool on this affected server. Please download this tool from the following Microsoft article:
   Description of the System Update Readiness Tool for Windows Vista, for Windows Server 2008, and for Windows 7
   http://support.microsoft.com/kb/947821/en-us
  2. The System Update Readiness Tool creates the log files that captures any issues that the tool found or fixed. The log files are located at the following location:
  %SYSTEMROOT%\Logs\CBS\
  3. Please paste the checksur.log here for analysis.
  If there is no error found, please try the following step.
  ==================================
  2. Use Fix it tool to reset the Windows Update components.
   1. Open the following link.
   http://support.microsoft.com/kb/971058/en-nz
   2. Select Windows 8.1, Windows 8 and Windows 7 in the product selection box.
   3. Click “Run Now” to reset the Windows Update components.
  Note: We can reset the Windows Updates manually by following the steps in the KB above.
  3. Use the System File Checker tool to repair missing or corrupted system files
   1. Open the command promote with Administrators.
   2. At the command prompt, type the following command, and then press ENTER:
       sfc /scannow
  Any errors are found in the steps above, please let me know.
  Hope this helpful.
  Best Regards,
  Jason Zeng
  Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.