Exchange 2013 CU3 Can't Access ECP from Office365 Enabled Account
We recently upgraded our Exchange 2013 server to CU3 to fix the OWA redirection error. Unfortunately, we've now noticed that any admin mailboxes that have been 'moved' to Office365 can not access ECP and instead get a redirect warning to OWA.
I had to create a new, onprem admin account to access in the meantime. This is the message I see:
Use the following link to open this mailbox with the best performance:
http://outlook.com/owa/ACME.onmicrosoft.com
X-FEServer: EXCHANGE
Date: 12/3/2013 6:13:23 PM
more detail...
I assume this is due to the fix for OWA redirection? How do I manage Exchange with my 'oncloud' mailbox accounts?
Hi,
I think it will be more suitable to ask this question on Exchange Online forum:
http://social.technet.microsoft.com/Forums/msonline/en-US/home?forum=onlineservicesexchange
Thanks,
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
[email protected]
Simon Wu
TechNet Community Support
Similar Messages
-
I installed Firefox on laptop under Admin acct--now I can't access it from std user account
I installed Firefox on a laptop under Admin acct--now I can't access it from std user account. If I installed Firefox onto the laptop under the Admin account, why didn't it put a desktop icon on the std user account also? I don't recall ever having this problem on an any other computer I've had. I have already tried looking under the program files folders for a Mozilla folder while logged into the std user account-- there is no Mozilla folder to be found. Also, when I try to install Firefox on the Std user account, the parental controls keeps me from doing it. I have went in and added the Firefox install web link as an allowable website under the parental controls, but it does not help. Please help me figure out how to get Firefox installed on my std user account.
Check the date and time in the clock on your computer: (double) click the clock icon on the Windows Taskbar.
Check out why the site is untrusted and click "Technical Details to expand this section.<br>If the certificate is not trusted because no issuer chain was provided (sec_error_unknown_issuer) then see if you can install this intermediate certificate from another source.
You can retrieve the certificate and check details like who issued certificates and expiration dates of certificates.
*Click the link at the bottom of the error page: "I Understand the Risks"
Let Firefox retrieve the certificate: "Add Exception" -> "Get Certificate".
*Click the "View..." button and inspect the certificate and check who is the issuer of the certificate.
You can see more Details like intermediate certificates that are used in the Details pane.
If <b>"I Understand the Risks"</b> is missing then this page may be opened in an (i)frame and in that case try the right-click context menu and use "This Frame: Open Frame in New Tab".
*Note that some firewalls monitor (secure) connections and that programs like Sendori or FiddlerRoot can intercept connections and send their own certificate instead of the website's certificate.
*Note that it is not recommended to add a permanent exception in cases like this, so only use it to inspect the certificate. -
Exchange 2013 CU3 Can't view permissions on mailbox in EAC
Recently upgraded to CU3. I'm not sure if my EAC problems are due to that or something else. I could have swore this worked before, but I am not 100% positive.
If I go to "Recipients > Mailboxes > Properties on a mailbox > Mailbox Delegation" it says "Please wait...". It stays like that for about 15-20 seconds, then finally comes back with: "error. Your request
couldn't be completed. Please try again in a few minutes". I hit OK and the boxes for Send As, Send on Behalf, and Full Access are all empty.
I can view permissions on that same mailbox with PowerShell.
Also, if I do the same process for a Distribution Group, then that works okay in EAC!Hi
Almost the same problem here...
Editing a Resorce Room...
Request for URL 'https://InternalServerName:444/ecp/UsersGroups/EditRoomMailbox.aspx?pwmcid=8&ReturnObjectType=1&id=21b9ba56-12cf-4138-ba3d-9de2342f28b2(https://LoadBalancedExternalName/UsersGroups/EditRoomMailbox.aspx?pwmcid=8&ReturnObjectType=1&id=21b9ba56-12cf-4138-ba3d-9de2342f28b2)'
failed with the following error:
System.Web.HttpUnhandledException (0x80004005): Exception of type 'System.Web.HttpUnhandledException' was thrown. ---> System.Reflection.TargetInvocationException: Exception has been thrown by the target of an invocation. ---> System.Reflection.TargetInvocationException:
Exception has been thrown by the target of an invocation. ---> Microsoft.Exchange.Data.Directory.Recipient.NonUniqueRecipientException: Multiple objects with Sid S-1-5-32-548 were found.
Did you fix it?
Regards
Robban -
How can I access documents from multiple iCloud accounts on my iPhone?
I have a business and a personal life that are both heavily influenced by my Apple products and all stay in sync via iCloud. My only issue is that in order to access both personal and business iwork documents on the go, I have to carry two iphones with me - which really is inconvenient. Of course I could just use the business iphone but then I would not be able to access my family photo stream which is very important to me.
Any help would be appreciated. I would think that there would be a simple solution to my issue but I need your help finding it.
Thank you!There has to be a better solution than deleting and switching icloud accounts on my iphone each time I need to look at my work documents...
-
Exchange 2013 - Admins can only log into one ECP server
Simple run down of my environment:
• Two AD sites (Site1 and Site2)
• One 2008 R2 domain controller at each site (DC1 w/ FSMOs and DC2) running AD forest function level 2008 R2
• One 2012 Std server with Exchange 2012 Std CU3 at each site (EX1 and EX2) – CAS/MBX on both, No DAG
• Half of mailboxes on each server
Using https://webmail.domain.com for all of our internal and external virtual directories. Adding /OWA or /ECP will get you into the respective site from either internal or external.
All Domain Admin/Exchange Admin (Organization Management) do NOT have mailboxes. Those individuals can log into ECP from https://webmail.domain.com/ecp, or FQDN or IP of EX2 only. If John Smith has no mailbox then he must use:
https://webmail.domain.com/ecp
or
https://ex2.domain.com/ecp
or
https://10.16.109.31/ecp
If EX2 goes offline or they use https://ex1.domain.com/ecp or https://10.16.108.31/ecp then none of the admins can login and they get the following:
Use the following link to open this mailbox with the best performance:
https://webmail.domain.com/owa/auth.owa
X-FEServer: EX2
Date: 2/18/2014 10:37:42 PM
s ECP or the https://webamil.domain.com/ecps ECP.
They can access EMS from either server and run Get-ECPVirtualDirectory and it shows what we would expect:
– https://webmail.domain.com/ecp
– https://webmail.domain.com/ecp
Why can an admin with no mailbox only log into the ECP on EX2? What is forcing the login to EX2 only? How can I move that “forced login” to EX1 if we ever get into a situation where EX2 is having problems? What happened in Active Directory or Exchange that
made EX2 the primary login server for ECP and OWA? My FSMOs are located at Site 1…the same location where EX1 is located. The same server that I cannot log into ECP directly.
~RickAny admin that is mail enabled can then only log into the server that hosts his mailbox. Admins without mailboxes can only log into EX2. And again, all admins can log into https://webmail.domain.com/ecp unless one of the servers goes offline
and that's when the problems occur. Nothing obvious or unusual regarding mail flow. Done various internal and external tests and have not seen anything obvious or in the logs.
Yesterday's change that MS Support had me do was to delete the ExternalURL for the ECP virtual directories. No difference. So, my latest update from MS Support that requested me to try today's change...
set-owavirtualdirectory “owa (default web site)” -RedirectToOptimalOWAServer $false
After performing an IIS reset and making sure replication had completed there was no difference. So, I am now forced to wait till Monday for MS to respond if the pattern stays at one email per day.
Has anyone with multiple servers at different AD sites been able to log directly into the either server like I'm trying? I get this problem in my labs and I even had MS, while on the phone, remote in to make sure I was setting it up properly.
The guy on the phone never said if their labs do the same thing cause they don't have multiple AD sites in their labs. In my lab if I have two servers at each site then I can log into both servers at the site, but not the other site. It appears it becomes
site dependent then.
MS has taken numerous logs and they are acting like this is the first time they've seen this. Yet I can reproduce it with no problem time after time. I'll create new VMs and start all over from scratch and make this happen every time I create a new AD/Exchange
environment (it does take me a while to build all those VMs from scratch). No fancy GPOs to AD and no radical changes to the Exchange servers. Other than obvious config changes to make sure email can flow internally and externally, this is pretty much out
of the box.
~Rick -
Exchange 2010 mailbox not able to access auto-mapped Exchange 2013 CU3 mailbox
Hi,
We are in co-existence with Exchange 2010 SP3 and Exchange 2013 CU3.
Outlook Anywhere and Autodiscover pointed towards Exchange 2013 CAS servers. Everything works fine irrespective where is mailbox is located Exchange 2010 or 2013.
When I tried to access auto-mapped mailbox from Exchange 2010 as primary mailbox accessing auto-mapped Exchange 2013 mailbox "Cannot expand the folder. The set of folders cannot be opened. Microsoft Exchange is not available. Either there are network
problems or the Exchange server is down for maintenance".
Exchange 2013 OutlookAnywhere "Externalclientauthenticationmethod" is Basic and "Internalclientauthencitcationmethod" is NTLM. Everything is setup as per the Tech-net recommendations.
Checked both these articles but still it is not working:
http://support.microsoft.com/kb/2839517
http://support.microsoft.com/kb/2834139
Please let me know if there are any other ideas.
RamanHi,
I recommend you refer to the following articles to troubleshoot the issue:
Troubleshooting Mailbox Auto-Mapping : Autodiscover
Details about the shared mailbox that is to be accessed will be returned to the Outlook client by the autodiscover process. This is really handy to know if you are ever in the position where you need to troubleshoot why the auto-mapping feature isn’t working
correctly
Troubleshooting Mailbox Auto-Mapping : Permissions
When you use either the Exchange Management Console or the Exchange Management Shell to grant a user with full access permission against another mailbox, permissions changes are made to allow this as you might expect. Certain Active Directory attributes
are also updated to reflect both the Active Directory account of the mailbox being accessed as well as the Active Directory account of the accessing mailbox. Specifically, you can check the contents of the msExchDelegateListLink and msExchDelegateListBL Active
Directory attributes to see these details and it is worth checking these if you have any suspicions that things aren’t working correctly.
Hope this helps!
Thanks.
Niko Cheng
TechNet Community Support -
Exchange 2013 CU3 Databases only activate on one mailbox server
Hi, guys
I have two Exchange 2013 CU3 Mailbox servers installed, one DAG, 5 databases, each has one copy. I found that if I activated three databases on Mailboxserver1 or Mailboxserver2, then after a few hours, all databases will be activated on the mailbox
server which has three databases activated. All the databases can be activated on Mailboxserver1 or Mailboxserver2, and they work well. I disabled DAC mode for preventing Event 4133 and 4376. And it has the same problem if I enable DAC mode.
From the event log, I found the log when activate one database on another mailbox server, it is Event 3169:
Managed availability system failover initiated by Responder=OutlookMapiHttpDeepTestFailover Component=Outlook.
This caused the database activated on another server.
And I got the message from SCOM, like this:
Alert: Health Set unhealthy
Source: test-mbx - Outlook.Protocol
Path: test-mbx.contoso.local;test-mbx.contoso.local
Last modified by: System
Last modified time: 11/12/2013 5:15:46 AM Alert description: EMSMDB.DoRpc(Logon) step of OutlookRpcDeepTestProbe/DB-01 has failed against test-mbx.contoso.local proxying to test-mbx.contoso.local for [email protected].
Latency: 00:00:00.0320000
ActivityContext:
Outline: [30] EMSMDB.Connect(); [1][FAILED!] EMSMDB.DoRpc(Logon); Likely root cause: Momt
Details:
Error: Error returned in LogonCallResult. Error code = WrongServer (0x00000478)
Log: Mailbox logon verification
EMSMDB.Connect()
Task produced output:
- TaskStarted = 11/12/2013
5:15:25 AM
- TaskFinished = 11/12/2013
5:15:25 AM
- ErrorDetails =
- RespondingRpcClientAccessServerVersion
= 15.0.712.4012
Latency = 00:00:00.0303884
- ActivityContext =
EMSMDB.Connect() completed successfully.
EMSMDB.DoRpc(Logon)
Task produced output:
- TaskStarted = 11/12/2013
5:15:25 AM
- TaskFinished = 11/12/2013
5:15:25 AM
- Exception = Microsoft.Exchange.RpcClientAccess.RopExecutionException:
Error returned in LogonCallResult. Error code = WrongServer (0x00000478)
- ErrorDetails =
- Latency = 00:00:00.0018801
- ActivityContext =
EMSMDB.DoRpc(Logon) failed.
Task produced output:
- TaskStarted = 11/12/2013 5:15:25 AM
- TaskFinished = 11/12/2013 5:15:25 AM
- Exception = Microsoft.Exchange.RpcClientAccess.RopExecutionException:
Error
States of all monitors within the health set:
Note: Data may be stale. To get current data, run: Get-ServerHealth -Identity 'test-mbx' -HealthSet 'Outlook.Protocol'
State Name
TargetResource HealthSet
AlertValue ServerComponent
NotApplicable OutlookMapiHttpDeepTestMonitor
Outlook.Protocol Unhealthy None
NotApplicable OutlookRpcDeepTestMonitor
Outlook.Protocol Healthy None
NotApplicable OutlookRpcSelfTestMonitor
Outlook.Protocol Healthy None
NotApplicable OutlookMapiHttpSelfTestMonitor Outlook.Protocol
Healthy None
NotApplicable PrivateWorkingSetWarning....cclienta... microsoft.exchange.rpcclientacc... Outlook.Protocol Healthy
None
NotApplicable PrivateWorkingSetError....rpcclienta... microsoft.exchange.rpcclientacc... Outlook.Protocol Healthy
None
NotApplicable ProcessProcessorTimeWarning....ienta... microsoft.exchange.rpcclientacc... Outlook.Protocol Healthy
None
NotApplicable ProcessProcessorTimeError....clienta... microsoft.exchange.rpcclientacc... Outlook.Protocol Healthy
None
NotApplicable ExchangeCrashEventError....pcclienta... microsoft.exchange.rpcclientacc... Outlook.Protocol Healthy
None
NotApplicable LongRunningWatsonWarning....cclienta... microsoft.exchange.rpcclientacc... Outlook.Protocol Healthy
None
NotApplicable LongRunningWerMgrWarning....cclienta... microsoft.exchange.rpcclientacc... Outlook.Protocol Healthy
None
This test is a cause that mailbox databases in DAG is doing failover to another server
Log Name: Application
Source: MSExchangeRepl
Date: 12.11.2013 4:49:46
Event ID: 3169
Task Category: Service
Level: Information
Keywords: Classic
User: N/A
Computer: test-mbx-2
Description:
(Active Manager) Database DB-01 was successfully moved from test-mbx.contoso.local to test-mbx-1.contoso.local. Move comment: Managed availability system failover initiated by Responder=OutlookRpcDeepTestFailover Component=Outlook.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="MSExchangeRepl" />
<EventID Qualifiers="16388">3169</EventID>
<Level>4</Level>
<Task>1</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2013-11-12T00:49:46.000000000Z" />
<EventRecordID>1606248</EventRecordID>
<Channel>Application</Channel>
<Computer>test-mbx-2.contoso.local</Computer>
<Security />
</System>
<EventData>
<Data>DB-01</Data>
<Data>test-mbx.contoso.local</Data>
<Data>test-mbx-1.contoso.local</Data>
<Data>Managed availability system failover initiated by Responder=OutlookRpcDeepTestFailover Component=Outlook.</Data>
</EventData>
</Event>
I don't know why, anyone know what's the problem?
Thank you.
Nile Jiang- Please mark the post as answer if it answers your question.
http://www.usefulshare.comHi,
After deleting all the health mailboxes and restart
the Exchange Health Manager service, the health mailboxes are recreated successfullly, but when I check the outlook.protocol health, the OutlookRpcDeepTestMonitor or the OutlookMapiHttpDeepTestMonitor is still unhealthy. How can I fix it?
[PS] C:\Windows\system32> Get-ServerHealth -Identity 'MAILBOX1' -HealthSet 'Outlook.Protocol' | ft server,state,name,ale
rtvalue -AutoSize
Server state Name AlertValue
MAILBOX1 OutlookRpcDeepTestMonitor Healthy
MAILBOX1 OutlookMapiHttpDeepTestMonitor Unhealthy
MAILBOX1 OutlookRpcSelfTestMonitor Healthy
MAILBOX1 OutlookMapiHttpSelfTestMonitor Healthy
MAILBOX1 PrivateWorkingSetWarning....cclientaccess.service Healthy
MAILBOX1 PrivateWorkingSetError....rpcclientaccess.service Healthy
MAILBOX1 ProcessProcessorTimeWarning....ientaccess.service Healthy
MAILBOX1 ProcessProcessorTimeError....clientaccess.service Healthy
MAILBOX1 ExchangeCrashEventError....pcclientaccess.service Healthy
MAILBOX1 LongRunningWatsonWarning....cclientaccess.service Healthy
MAILBOX1 LongRunningWerMgrWarning....cclientaccess.service Healthy
Nile Jiang- Please mark the post as answer if it answers your question.
http://www.usefulshare.com -
Exchange 2013 CU3 Retention Policy Not working for Calendar & Tasks
We are currently on Exchange 2013 CU3 with Online Archiving Enabled for the user
Default policy is set to move all the items in mailbox which are older than 30 days to online archive mailbox.
Calendar and Tasks Items are also getting archived alongwith other Outlook items from Inbox,Deleted Items etc
Followed Technet website and created RPT for Calendar and Tasks with retention disabled
Still DPT takes precedence and move all the items under Calendar and Task to Online Archive MailboxHi Sam,
I recommend you refer to the following article, despite this for Exchange 2010, however the same applies to exhcnage 2013:
Prevent archiving of items in a default folder in Exchange 2010
To prevent the <acronym title="Default Policy Tag">DPT</acronym> from being applied to a default folder, you can create a disabled <acronym title="Retention Policy Tag">RPT</acronym> for that folder (or disable
any existing RPT for that folder). The Managed Folder Assistant, a mailbox assistant that processes mailbox items and applies retention policies, does not apply the
retention action of a disabled tag. Since the item/folder still has a tag, it's not considered untagged and the DPT isn't applied to it.
Why are items in the Notes folder still archived?
If you create a disabled <acronym title="Retention Policy Tag">RPT</acronym> for the
Notes folder, you'll see items in that folder are not deleted, but they do continue to be moved to the archive! Why does this happen? How do you prevent it?
It's important to understand that:
A retention policy can have a <acronym title="Default Policy Tag">DPT</acronym> to
archive items (using the Move to Archive retention action) and a DPT to
delete items (using the Delete and Allow Recovery or
Permanently Delete retention actions). Both apply to untagged items.
The move and delete actions are exclusive of each other. Mailbox folders and messages can have both types of tags applied - an archive tag and a delete tag. It's not an either/or proposition.
If you create a disabled RPT for the Notes folder to not delete items, the archive DPT for the mailbox would still apply and move items.
When it comes to archiving, there's only one archive policy that administrators can enforce – the <acronym title="Default Policy Tag">DPT</acronym> with 'Move to archive' action.
You can't create a <acronym title="Retention Policy Tag">RPT</acronym> with the 'Move to archive' action. This rules out using the disabled RPT approach to prevent items from being moved.
Best regards,
Niko Cheng
TechNet Community Support -
Exchange 2013 CU3 - Outlook Web App LogOff
Hello All,
I have Exchange 2013 CU3 installed and i'm using TMG server for authentication. I am able to login through OWA but when i try to logoff it shows me message of "Close All your Browser Windows.." but OWA does not sign out.
On TMG, only Basic and NTLM authentication is supported. And in IIS Authentication for the OWA Virtual Directory is set to basic.
Can anyone please help me for TMG settings for exchange server 2013? Thankyou for the answers.Hi,
Thank you for your patience and support.
I am trying to involve someone familiar with this topic to further look at this issue. There might be some time delay. Appreciate your patience.
Thank you for your understanding and support.
Best Regards
Quan Gu -
How can I access files from a flash drive that were previously saved using a Windows computer? When I attempt to open the file on MacBook Pro, it is asking to "convert file to"; none of the options I choose work. I also have Microsoft Office (with Word) installed on the Mac as well.
Format the external drive as FAT32 or ExFAT. Both computers will then be able to read and write to it.
-
Can i access apps from itunes on my pc
can i access apps from itunes on my pc?
I want to download my apps to my pc so I can clear some space on my iphone 4.
Then I can use the space for other things e.g music.
However at a later date I would like to access these apps and the data they have stored using my PC
Is this possible?
Or is this just another Mac problem?Most apps will store their data locally on the device. This can be restored from a backup when restoring the device, but if you remove the app any data associated with it is removed, and then subsequently purged from the device's rolling backup set on the next backup. If the app supports iTunes File Sharing you may be able to export its data to your computer, then reimport at a later date when you add the app back to your device.
tt2 -
How can I access iMessages from iTunes backup?
I backed up my iPhone since I needed to backup a really large iMessage conversation and I read this was a way to do it
Now I want to access it from my computer
how can I do this?Anindan wrote:
how can i access sms from itunes back up
You will need a Backup Extractor program; there are many available. I use iScavenge for Mac, but there are many more. https://duckduckgo.com/?q=iphone+backup+extractor The one at the top of the search claims to be free, but it is not. Don't be fooled. I can't recommend for or against any of them, except iScavenge, which is OK.
If you are technically inclined the backup is a SQLite database, so a SQLite browser can also open the backup. -
Can I access music from multiple accounts on one cpu?
Can I access music from multiple accounts on one cpu
Here's one option: http://support.apple.com/kb/PH12366
But frankly you'd be better off creating unique user accounts on the computer and having seperate iTunes libraries for each user as described here: http://support.apple.com/kb/ht1495 -
I have recently got a Time Capsule with my Macbook pro retina 15". I am trying to setup my time capsule as a wifi station at my home. But the thing is I can only access wifi from my lap only.
How can I share my network from timecapsule to other devices, and im using OS X 10.8.2
Please help me!
Thanks in advance!
(sorry for the bad english)How is the TC currently connected into the network?
It should work fine in bridge and create a wireless network.. it should already be able to share the network without being the main router.
Setting up wireless from wireless is difficult.
I would recommend you buy the USB to ethernet cable Apple sell as an accessory for Air and MBPr so you can actually use ethernet when required. -
Hi,
I can not access CRM from outside the office network - Access denied You do not have sufficient access rights or privileges to perform this action. I can access CRM with same user id and password from our office inside the network. I can get
the page to give login details once I have login details I got below error. Please help me to solve this issue. It was working before.
Access denied You do not have sufficient access rights or privileges to perform this action.
Regards,
Noushad
[email protected]On Premise system Configured with AD FS server for claims-based authentication you need to update your host file with server url to access it from outside office network.
Refer
this on how to update host file.
Regards, Saad
Maybe you are looking for
-
FS10N Opening balance difference (Retained Earnings Account)
Hi, We are getting opeing balance difference in FS10N balances from 2007 to 2008 (retained earnings accounts) 1. We have carry forward the 2007 balances to 2008 through T.Code : F.16 2. We are getting difference in 4 company codes. 3. But there is no
-
To download cognos 8 business intelligence ...........................
Hi all, can anyone tell me where can i download cognos 8 business intelligence software for free like informatica,business objects. i know this is not a right place to put this question..as i need to get working practices on that tool please let me k
-
Show Swing Container JPanel in ADF Component
Hi ADF-Folk, I come out of the forms developer world. in forms i used pluggable java components to show graphical components in forms. Is it possible to use a show a Swing JPanel Class in a ADF Component like a PanelBox or something else? Application
-
Rename the portal Help link in the portal
I need to rename the help link in the portal masthead to some other name. Is there any option to change with out import the masthead par fil in to NWDS and hardcoding the help link name.
-
Unable to open CR2 files in PSE8 or Bridge CS4?
Unable to open CR2 files in PSE8 or Bridge CS4? Any help would be appreciated.