Exchange 2013 CU3 - Problem with Retention Policies

Similar Messages

• Exchange 2013 CU3 Retention Policy Not working for Calendar & Tasks

  We are currently on Exchange 2013 CU3 with Online Archiving Enabled for the user
  Default policy is set to move  all the items in mailbox which are  older than 30 days to online archive mailbox.
  Calendar and Tasks Items are also getting archived alongwith other Outlook items from Inbox,Deleted Items etc
  Followed Technet website and created RPT for Calendar and Tasks with retention disabled
  Still DPT takes precedence and move all the items under Calendar and Task to Online Archive Mailbox

  Hi Sam,
  I recommend you refer to the following article, despite this for Exchange 2010, however the same applies to exhcnage 2013:
  Prevent archiving of items in a default folder in Exchange 2010
  To prevent the <acronym title="Default Policy Tag">DPT</acronym> from being applied to a default folder, you can create a disabled <acronym title="Retention Policy Tag">RPT</acronym> for that folder (or disable
  any existing RPT for that folder). The Managed Folder Assistant, a mailbox assistant that processes mailbox items and applies retention policies, does not apply the
  retention action of a disabled tag. Since the item/folder still has a tag, it's not considered untagged and the DPT isn't applied to it.
  Why are items in the Notes folder still archived?
  If you create a disabled <acronym title="Retention Policy Tag">RPT</acronym> for the
  Notes folder, you'll see items in that folder are not deleted, but they do continue to be moved to the archive! Why does this happen? How do you prevent it?
  It's important to understand that:
  A retention policy can have a <acronym title="Default Policy Tag">DPT</acronym> to
  archive items (using the Move to Archive retention action) and a DPT to
  delete items (using the Delete and Allow Recovery or
  Permanently Delete retention actions). Both apply to untagged items.
  The move and delete actions are exclusive of each other. Mailbox folders and messages can have both types of tags applied - an archive tag and a delete tag. It's not an either/or proposition.
  If you create a disabled RPT for the Notes folder to not delete items, the archive DPT for the mailbox would still apply and move items.
  When it comes to archiving, there's only one archive policy that administrators can enforce – the <acronym title="Default Policy Tag">DPT</acronym> with 'Move to archive' action.
  You can't create a <acronym title="Retention Policy Tag">RPT</acronym> with the 'Move to archive' action. This rules out using the disabled RPT approach to prevent items from being moved.
  Best regards,
  Niko Cheng
  TechNet Community Support

• Exchange 2010 mailbox not able to access auto-mapped Exchange 2013 CU3 mailbox

  Hi,
  We are in co-existence with Exchange 2010 SP3 and Exchange 2013 CU3.
  Outlook Anywhere and Autodiscover pointed towards Exchange 2013 CAS servers.  Everything works fine irrespective where is mailbox is located Exchange 2010 or 2013.
  When I tried to access auto-mapped mailbox from Exchange 2010 as primary mailbox accessing auto-mapped Exchange 2013 mailbox "Cannot expand the folder. The set of folders cannot be opened. Microsoft Exchange is not available. Either there are network
  problems or the Exchange server is down for maintenance".
  Exchange 2013 OutlookAnywhere "Externalclientauthenticationmethod" is Basic and "Internalclientauthencitcationmethod" is NTLM.  Everything is setup as per the Tech-net recommendations.
  Checked both these articles but still it is not working:
  http://support.microsoft.com/kb/2839517
  http://support.microsoft.com/kb/2834139
  Please let me know if there are any other ideas.
  Raman

  Hi,
  I recommend you refer to the following articles to troubleshoot the issue:
  Troubleshooting Mailbox Auto-Mapping : Autodiscover
  Details about the shared mailbox that is to be accessed will be returned to the Outlook client by the autodiscover process. This is really handy to know if you are ever in the position where you need to troubleshoot why the auto-mapping feature isn’t working
  correctly
  Troubleshooting Mailbox Auto-Mapping : Permissions
  When you use either the Exchange Management Console or the Exchange Management Shell to grant a user with full access permission against another mailbox, permissions changes are made to allow this as you might expect. Certain Active Directory attributes
  are also updated to reflect both the Active Directory account of the mailbox being accessed as well as the Active Directory account of the accessing mailbox. Specifically, you can check the contents of the msExchDelegateListLink and msExchDelegateListBL Active
  Directory attributes to see these details and it is worth checking these if you have any suspicions that things aren’t working correctly.
  Hope this helps!
  Thanks.
  Niko Cheng
  TechNet Community Support

• Exchange 2013 CU3 Databases only activate on one mailbox server

  Hi, guys
  I have two Exchange 2013 CU3 Mailbox servers installed, one DAG, 5 databases, each has one copy. I found that if I activated three databases on Mailboxserver1 or Mailboxserver2, then after a few hours, all databases will  be activated on the mailbox
  server which has three databases activated. All the databases can be activated on Mailboxserver1 or Mailboxserver2, and they work well. I disabled DAC mode for preventing Event 4133 and 4376. And it has the same problem if I enable DAC mode.
  From the event log, I found the log when activate one database on another mailbox server, it is Event 3169:
  Managed availability system failover initiated by Responder=OutlookMapiHttpDeepTestFailover Component=Outlook.
  This caused the database activated on another server.
  And I got the message from SCOM, like this:
  Alert: Health Set unhealthy
  Source: test-mbx - Outlook.Protocol
  Path: test-mbx.contoso.local;test-mbx.contoso.local
  Last modified by: System
  Last modified time: 11/12/2013 5:15:46 AM Alert description: EMSMDB.DoRpc(Logon) step of OutlookRpcDeepTestProbe/DB-01 has failed against test-mbx.contoso.local proxying to test-mbx.contoso.local for [email protected].
  Latency: 00:00:00.0320000
  ActivityContext:
  Outline: [30] EMSMDB.Connect(); [1][FAILED!] EMSMDB.DoRpc(Logon); Likely root cause: Momt
  Details:
  Error: Error returned in LogonCallResult. Error code = WrongServer (0x00000478)
  Log:     Mailbox logon verification
          EMSMDB.Connect()
          Task produced output:
          - TaskStarted = 11/12/2013
  5:15:25 AM
          - TaskFinished = 11/12/2013
  5:15:25 AM
          - ErrorDetails =
          - RespondingRpcClientAccessServerVersion
  = 15.0.712.4012
  Latency = 00:00:00.0303884
          - ActivityContext =
      EMSMDB.Connect() completed successfully.
          EMSMDB.DoRpc(Logon)
          Task produced output:
          - TaskStarted = 11/12/2013
  5:15:25 AM
          - TaskFinished = 11/12/2013
  5:15:25 AM
          - Exception = Microsoft.Exchange.RpcClientAccess.RopExecutionException:
  Error returned in LogonCallResult. Error code = WrongServer (0x00000478)
          - ErrorDetails =
          - Latency = 00:00:00.0018801
          - ActivityContext =
      EMSMDB.DoRpc(Logon) failed.
      Task produced output:
      - TaskStarted = 11/12/2013 5:15:25 AM
      - TaskFinished = 11/12/2013 5:15:25 AM
      - Exception = Microsoft.Exchange.RpcClientAccess.RopExecutionException:
  Error
  States of all monitors within the health set:
  Note: Data may be stale. To get current data, run: Get-ServerHealth -Identity 'test-mbx' -HealthSet 'Outlook.Protocol'
  State               Name                                   
  TargetResource                     HealthSet                    
  AlertValue     ServerComponent    
  NotApplicable       OutlookMapiHttpDeepTestMonitor                                            
  Outlook.Protocol              Unhealthy      None               
  NotApplicable       OutlookRpcDeepTestMonitor                                                 
  Outlook.Protocol              Healthy        None               
  NotApplicable       OutlookRpcSelfTestMonitor                                                 
  Outlook.Protocol              Healthy        None               
  NotApplicable       OutlookMapiHttpSelfTestMonitor                                             Outlook.Protocol             
  Healthy        None               
  NotApplicable       PrivateWorkingSetWarning....cclienta... microsoft.exchange.rpcclientacc... Outlook.Protocol              Healthy       
  None               
  NotApplicable       PrivateWorkingSetError....rpcclienta... microsoft.exchange.rpcclientacc... Outlook.Protocol              Healthy       
  None               
  NotApplicable       ProcessProcessorTimeWarning....ienta... microsoft.exchange.rpcclientacc... Outlook.Protocol              Healthy       
  None               
  NotApplicable       ProcessProcessorTimeError....clienta... microsoft.exchange.rpcclientacc... Outlook.Protocol              Healthy       
  None               
  NotApplicable       ExchangeCrashEventError....pcclienta... microsoft.exchange.rpcclientacc... Outlook.Protocol              Healthy       
  None               
  NotApplicable       LongRunningWatsonWarning....cclienta... microsoft.exchange.rpcclientacc... Outlook.Protocol              Healthy       
  None               
  NotApplicable       LongRunningWerMgrWarning....cclienta... microsoft.exchange.rpcclientacc... Outlook.Protocol              Healthy       
  None                
  This test is a cause that mailbox databases in DAG is doing  failover to another server
  Log Name:      Application
  Source:        MSExchangeRepl
  Date:          12.11.2013 4:49:46
  Event ID:      3169
  Task Category: Service
  Level:         Information
  Keywords:      Classic
  User:          N/A
  Computer:      test-mbx-2
  Description:
  (Active Manager) Database DB-01 was successfully moved from test-mbx.contoso.local to test-mbx-1.contoso.local. Move comment: Managed availability system failover initiated by Responder=OutlookRpcDeepTestFailover Component=Outlook.
  Event Xml:
  <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    <System>
      <Provider Name="MSExchangeRepl" />
      <EventID Qualifiers="16388">3169</EventID>
      <Level>4</Level>
      <Task>1</Task>
      <Keywords>0x80000000000000</Keywords>
      <TimeCreated SystemTime="2013-11-12T00:49:46.000000000Z" />
      <EventRecordID>1606248</EventRecordID>
      <Channel>Application</Channel>
      <Computer>test-mbx-2.contoso.local</Computer>
      <Security />
    </System>
    <EventData>
      <Data>DB-01</Data>
      <Data>test-mbx.contoso.local</Data>
      <Data>test-mbx-1.contoso.local</Data>
      <Data>Managed availability system failover initiated by Responder=OutlookRpcDeepTestFailover Component=Outlook.</Data>
    </EventData>
  </Event>
  I don't know why, anyone know what's the problem?
  Thank you.
  Nile Jiang- Please mark the post as answer if it answers your question.
  http://www.usefulshare.com

  Hi,
  After deleting all the health mailboxes and restart
  the Exchange Health Manager service, the health mailboxes are recreated successfullly, but when I check the outlook.protocol health, the OutlookRpcDeepTestMonitor or the OutlookMapiHttpDeepTestMonitor is still unhealthy. How can I fix it?
  [PS] C:\Windows\system32> Get-ServerHealth -Identity 'MAILBOX1' -HealthSet 'Outlook.Protocol' | ft server,state,name,ale
  rtvalue -AutoSize
  Server   state Name                                              AlertValue
  MAILBOX1       OutlookRpcDeepTestMonitor                            Healthy
  MAILBOX1       OutlookMapiHttpDeepTestMonitor                     Unhealthy
  MAILBOX1       OutlookRpcSelfTestMonitor                            Healthy
  MAILBOX1       OutlookMapiHttpSelfTestMonitor                       Healthy
  MAILBOX1       PrivateWorkingSetWarning....cclientaccess.service    Healthy
  MAILBOX1       PrivateWorkingSetError....rpcclientaccess.service    Healthy
  MAILBOX1       ProcessProcessorTimeWarning....ientaccess.service    Healthy
  MAILBOX1       ProcessProcessorTimeError....clientaccess.service    Healthy
  MAILBOX1       ExchangeCrashEventError....pcclientaccess.service    Healthy
  MAILBOX1       LongRunningWatsonWarning....cclientaccess.service    Healthy
  MAILBOX1       LongRunningWerMgrWarning....cclientaccess.service    Healthy
  Nile Jiang- Please mark the post as answer if it answers your question.
  http://www.usefulshare.com

• Exchange 2013 CU3 - Outlook Web App LogOff

  Hello All,
  I have Exchange 2013 CU3 installed and i'm using TMG server for authentication. I am able to login through OWA but when i try to logoff it shows me message of "Close All your Browser Windows.." but OWA does not sign out. 
  On TMG, only Basic and NTLM authentication is supported. And in IIS Authentication for the OWA Virtual Directory is set to basic.
  Can anyone please help me for TMG settings for exchange server 2013? Thankyou for the answers.

  Hi,
  Thank you for your patience and support.
  I am trying to involve someone familiar with this topic to further look at this issue. There might be some time delay. Appreciate your patience.
  Thank you for your understanding and support.
  Best Regards
  Quan Gu

• Problem with Access Policies (create multiple resources)

  I'm having a problem with Access Policies:
  The first policy must create a resource.
  And the following policies should create childs on the resource.
  The problem here is that when policies will add the childs, the resource is not provisioned yet.
  And then each one will create a resource but i just want one resource with the childs.
  When the resource is already provisioned, the policies update this resource properly.
  How can I fix this?
  tks

  Ricardo,
  I had a similar problem. In a post-process handler I was managing the user membership in specific roles through the removeMemberUser and the addMemberUser of the tcGroupOperationsIntf class.
  The last parameter of this method was a boolean which, when true, would automatically trigger the access policies programmatically in the post-process.
  The problem is that there also is an OOTB event handler for triggering access policies, so I was basically triggering the access policies twice and duplicated resources were appearing.
  Hope this helps.
  Cheers

• Exchange 2013 EAC coexistence with Exchange 2007

  Dear All,
  I have an exchange organization comprized of single Exchange 2007 SP3 UR 15 running on Win2008 SP2 and two recently installed Exchange 2013 SP1 CU7 with CAS and Mailbox role running on Win 2012 R2.
  Imidiantly after Exchange 2013 install, I am not able to login to Exchange 2013 EAC. When I enter my credentials domain\username, the EAC page simpli dose a quick refresh and I am back where I started.
  I have tryid mutiple UTLs to access EAC page, such as:
  https://localhost/ecp?ExchClientVer=15
  https://localhost/ecp?ExchClientVer=14
  https://localhost/ecp
  Each of them show the same result, a page gets refreshet. I have tryid to move my Exchange Organization user mailbox to Exchange 2013 to see if that helps but the result.
  I also noticed that OWA dosent work for mailboxes that are on Exchange 2013, they are redirected to Exchange 2007 even thou they are on Exchange 2013.
  Any idea on this one?
  Thank you
  b.

  Hi,
  From your description, I would like to verify if you have configured Exchange 2013 namespace and virtual directories (such as OWA, ECP, OAB, Web Services, AutoDiscover)correctly. Please make sure these virtual directories are configured correctly and check
  the result.
  For more information about Exchange 2007  migration to Exchange 2013, here is a helpful blog for your reference.
  Step-by-Step Exchange 2007 to 2013 Migration
  http://blogs.technet.com/b/meamcs/archive/2013/07/25/part-2-step-by-step-exchange-2007-to-2013-migration.aspx
  Hope this can be helpful to you.
  Best regards,
  If you have feedback for TechNet Subscriber Support, contact
  [email protected]
  Amy Wang
  TechNet Community Support

• Problem with Group policies and Administrator count

  I have one problem with Group policies and Admnistrator count.
  Win XP, Client 4.91, Client Zen 4
  I use DLU for users.
  the Group policies are well applied and i keep them after logout for
  security reasons.
  But my problem is, after logout, the Administrator count becomes this
  Group policies, and the only technique that I use, is to remove the
  repertories c:\windows\system32\GroupPolicy*. Administrator must
  loguing again for having good policies.
  Can you help me?

  Bill,
  It appears that in the past few days you have not received a response to your
  posting. That concerns us, and has triggered this automated reply.
  Has your problem been resolved? If not, you might try one of the following options:
  - Do a search of our knowledgebase at http://support.novell.com/search/kb_index.jsp
  - Check all of the other support tools and options available at
  http://support.novell.com.
  - You could also try posting your message again. Make sure it is posted in the
  correct newsgroup. (http://support.novell.com/forums)
  Be sure to read the forum FAQ about what to expect in the way of responses:
  http://support.novell.com/forums/faq_general.html
  If this is a reply to a duplicate posting, please ignore and accept our apologies
  and rest assured we will issue a stern reprimand to our posting bot.
  Good luck!
  Your Novell Product Support Forums Team
  http://support.novell.com/forums/

• Exchange 2013 CU3 and Firefox 26.0

  I upgraded Exchange 2013 to CU3 last night.  I tested the mail flow and everything worked fine sending and recieving.  The problem that I am having is with OWA in firefox 26.0 (currently newest version).  I get weird graphical glitches when
  OWA first loads.  Once you click around the display stabilizes but the biggest problem is that not all of the emails are displayed in a folder.  I have a folder with a bunch of system data emails that are collected throughout the day and in firefox
  I can see ~20 while in IE 9 I can see them all.  The inbox also has 5 emails in it but there is a scroll bar that is completely unnecessary in firefox but not IE 9.  Do you have any thoughts on this?  Thank you in advance.

  There's no way, as there's nothing wrong with the server.
  You will have to wait for the update from Firefox to get it fixed.
  It's purely Browser issue As I said before.
  Cheers,
  Gulab Prasad,
  Technology Consultant
  Blog:
  www.exchangeranger.com 
  Twitter:   
  LinkedIn:   
  Check out CodeTwo’s tools for Exchange admins   
  Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

• Lync 2013 to Exchange 2013 Oauth problem - Error:[OAuthTokenBuilder:GetAppToken] unable to continue building token; no locally configured issuer

  Hi,
  I am having a problem getting OAuth to work from Exchange 2013 to Lync 2013.
  I have read and following the instructions online and cannot see what I am doing wrong.
  On the Exchange 2013 server, I get the following error when I run:
  Test-OAuthConnectivity -Service EWS -TargetUri
  https://exchserver2.domainname.local/ews/ -Mailbox "Jack"
  RunspaceId : 920118a3-6ab2-45dc-9b68-de68133de95e
  Task : Checking EWS API Call Under Oauth
  Detail : The configuration was last successfully loaded at 01/01/0001 00:00:00 UTC. This was 1059263714 minutes
  ago.
  The token cache is being cleared because "use cached token" was set to false.
  Exchange Outbound Oauth Log:
  Client request ID: 19ad80f6-7751-429f-aac5-e802105fbbc6
  Information:[OAuthCredentials:Authenticate] entering
  Information:[OAuthCredentials:Authenticate] challenge from
  'https://exchserver2.domainname.local/ews/Exchange.asmx' received: Bearer
  client_id="00000002-0000-0ff1-ce00-000000000000",
  trusted_issuers="[email protected]",Negotiate,NTLM
  Information:[OAuthCredentials:GetToken] client-id: '00000002-0000-0ff1-ce00-000000000000', realm: '',
  trusted_issuer: '[email protected]'
  Information:[OAuthCredentials:GetToken] start building a token for the user domain 'domainname.co.uk'
  Information:[OAuthTokenBuilder:GetAppToken] start building the apptoken
  Information:[OAuthTokenBuilder:GetAppToken] checking enabled auth servers
  Error:[OAuthTokenBuilder:GetAppToken] unable to continue building token; no locally configured issuer
  was in the trusted_issuer list, realm from challenge was also empty. trust_issuers was
  [email protected]
  Error:The trusted issuers contained the following entries
  '[email protected]'. None of them are configured locally.
  Exchange Response Details:
  HTTP response message:
  Exception:
  System.Net.WebException: The request was aborted: The request was canceled. --->
  Microsoft.Exchange.Security.OAuth.OAuthTokenRequestFailedException: The trusted issuers contained the
  following entries '[email protected]'. None of them are
  configured locally.
  at Microsoft.Exchange.Security.OAuth.OAuthTokenBuilder.GetAppToken(String applicationId, String
  destinationHost, String realmFromChallenge, IssuerMetadata[] trustedIssuersFromChallenge, String
  userDomain)
  at Microsoft.Exchange.Security.OAuth.OAuthTokenBuilder.GetAppWithUserToken(String applicationId,
  String destinationHost, String realmFromChallenge, IssuerMetadata[] trustedIssuersFromChallenge, String
  userDomain, ClaimProvider claimProvider)
  at Microsoft.Exchange.Security.OAuth.OAuthCredentials.GetToken(WebRequest webRequest,
  HttpAuthenticationChallenge challengeObject)
  at Microsoft.Exchange.Security.OAuth.OAuthCredentials.Authenticate(String challengeString, WebRequest
  webRequest, Boolean preAuthenticate)
  at Microsoft.Exchange.Security.OAuth.OAuthCredentials.OAuthAuthenticationModule.Authenticate(String
  challenge, WebRequest request, ICredentials credentials)
  at System.Net.AuthenticationManager.Authenticate(String challenge, WebRequest request, ICredentials
  credentials)
  at System.Net.AuthenticationState.AttemptAuthenticate(HttpWebRequest httpWebRequest, ICredentials
  authInfo)
  at System.Net.HttpWebRequest.CheckResubmitForAuth()
  at System.Net.HttpWebRequest.CheckResubmit(Exception& e, Boolean& disableUpload)
  at System.Net.HttpWebRequest.DoSubmitRequestProcessing(Exception& exception)
  at System.Net.HttpWebRequest.ProcessResponse()
  at System.Net.HttpWebRequest.SetResponse(CoreResponseData coreResponseData)
  --- End of inner exception stack trace ---
  at System.Net.HttpWebRequest.GetResponse()
  at Microsoft.Exchange.Monitoring.TestOAuthConnectivityHelper.SendExchangeOAuthRequest(ADUser user,
  String orgDomain, Uri targetUri, String& diagnosticMessage, Boolean appOnly, Boolean useCachedToken,
  Boolean reloadConfig)
  ResultType : Error
  Identity : Microsoft.Exchange.Security.OAuth.ValidationResultNodeId
  IsValid : True
  ObjectState : New
  It appears to work fine from Lync 2013 to Exchange 2013.
  When I run: Test-CsExStorageConnectivity -sipuri [email protected] -Binding Nettcp -Verbose in Lync 2013 I get a successful outcome:
  VERBOSE: Successfully opened a connection to storage service at localhost using
  binding: NetNamedPipe.
  VERBOSE: Create message.
  VERBOSE: Execute Exchange Storage Command.
  VERBOSE: Processing web storage response for ExCreateItem Success.,
  result=Success, activityId=0bbdc565-4a05-4b57-bf95-0c75488a1ef6, reason=.
  VERBOSE: Activity tracing:
  2015/01/02 19:15:55.616 Autodiscover, send GetUserSettings request,
  [email protected], Autodiscover
  Uri=https://exchserver2.domainname.local/autodiscover/autodiscover.svc, Web
  Proxy=<NULL>
  2015/01/02 19:15:55.616 Autodiscover.EWSMA trace,
  type=AutodiscoverRequestHttpHeaders, message=<Trace
  Tag="AutodiscoverRequestHttpHeaders" Tid="30" Time="2015-01-02 19:15:55Z">
  POST /autodiscover/autodiscover.svc HTTP/1.1
  Content-Type: text/xml; charset=utf-8
  Accept: text/xml
  User-Agent: ExchangeServicesClient/15.00.0516.004
  </Trace>
  2015/01/02 19:15:55.624 Autodiscover.EWSMA trace, type=AutodiscoverRequest,
  message=<Trace Tag="AutodiscoverRequest" Tid="30" Time="2015-01-02 19:15:55Z"
  Version="15.00.0516.004">
  <?xml version="1.0" encoding="utf-8"?>
  <soap:Envelope
  xmlns:a="http://schemas.microsoft.com/exchange/2010/Autodiscover"
  xmlns:wsa="http://www.w3.org/2005/08/addressing"
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
  <soap:Header>
  <a:RequestedServerVersion>Exchange2013</a:RequestedServerVersion>
  <wsa:Action>http://schemas.microsoft.com/exchange/2010/Autodiscover/Autodiscove
  r/GetUserSettings</wsa:Action>
  <wsa:To>https://exchserver2.domainname.local/autodiscover/autodiscover.svc</
  wsa:To>
  </soap:Header>
  <soap:Body>
  <a:GetUserSettingsRequestMessage
  xmlns:a="http://schemas.microsoft.com/exchange/2010/Autodiscover">
  <a:Request>
  <a:Users>
  <a:User>
  <a:Mailbox>[email protected]</a:Mailbox>
  </a:User>
  </a:Users>
  <a:RequestedSettings>
  <a:Setting>InternalEwsUrl</a:Setting>
  <a:Setting>ExternalEwsUrl</a:Setting>
  <a:Setting>ExternalEwsVersion</a:Setting>
  </a:RequestedSettings>
  </a:Request>
  </a:GetUserSettingsRequestMessage>
  </soap:Body>
  </soap:Envelope>
  </Trace>
  2015/01/02 19:15:55.704 Autodiscover.EWSMA trace,
  type=AutodiscoverResponseHttpHeaders, message=<Trace
  Tag="AutodiscoverResponseHttpHeaders" Tid="30" Time="2015-01-02 19:15:55Z">
  HTTP/1.1 200 OK
  Transfer-Encoding: chunked
  request-id: 5917d246-64b0-48e2-ad79-f9b6cffb5bea
  X-CalculatedBETarget: exchserver2.domainname.local
  X-DiagInfo: EXCHSERVER2
  X-BEServer: EXCHSERVER2
  Cache-Control: private
  Content-Type: text/xml; charset=utf-8
  Set-Cookie: ClientId=FTFXWUQWWRJVBMNBG; expires=Sat, 02-Jan-2016 19:15:55 GMT;
  path=/;
  HttpOnly,X-BackEndCookie=actas1(sid:S-1-5-21-3691024758-535552880-811174816-113
  5|smtp:[email protected]|upn:[email protected])=u56Lnp2ejJqBx8jIn
  sqbxpvSz8rHx9LLzp7O0sbOzcnSzcqcmZqem8aempmcgYHNz87K0s/N0s/Oq87Gxc7KxcrK;
  expires=Sun, 01-Feb-2015 19:15:55 GMT; path=/autodiscover; secure; HttpOnly
  Server: Microsoft-IIS/8.5
  X-AspNet-Version: 4.0.30319
  X-Powered-By: ASP.NET
  X-FEServer: EXCHSERVER2
  Date: Fri, 02 Jan 2015 19:15:55 GMT
  </Trace>
  2015/01/02 19:15:55.704 Autodiscover.EWSMA trace, type=AutodiscoverResponse,
  message=<Trace Tag="AutodiscoverResponse" Tid="30" Time="2015-01-02 19:15:55Z"
  Version="15.00.0516.004">
  <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"
  xmlns:a="http://www.w3.org/2005/08/addressing">
  <s:Header>
  <a:Action
  s:mustUnderstand="1">http://schemas.microsoft.com/exchange/2010/Autodiscover/Au
  todiscover/GetUserSettingsResponse</a:Action>
  <h:ServerVersionInfo
  xmlns:h="http://schemas.microsoft.com/exchange/2010/Autodiscover"
  xmlns:i="http://www.w3.org/2001/XMLSchema-instance">
  <h:MajorVersion>15</h:MajorVersion>
  <h:MinorVersion>0</h:MinorVersion>
  <h:MajorBuildNumber>1044</h:MajorBuildNumber>
  <h:MinorBuildNumber>21</h:MinorBuildNumber>
  <h:Version>Exchange2013_SP1</h:Version>
  </h:ServerVersionInfo>
  </s:Header>
  <s:Body>
  <GetUserSettingsResponseMessage
  xmlns="http://schemas.microsoft.com/exchange/2010/Autodiscover">
  <Response xmlns:i="http://www.w3.org/2001/XMLSchema-instance">
  <ErrorCode>NoError</ErrorCode>
  <ErrorMessage />
  <UserResponses>
  <UserResponse>
  <ErrorCode>NoError</ErrorCode>
  <ErrorMessage>No error.</ErrorMessage>
  <RedirectTarget i:nil="true" />
  <UserSettingErrors />
  <UserSettings>
  <UserSetting i:type="StringSetting">
  <Name>InternalEwsUrl</Name>
  <Value>https://exchserver2.domainname.local/EWS/Exchange.asmx</Value>
  </UserSetting>
  <UserSetting i:type="StringSetting">
  <Name>ExternalEwsUrl</Name>
  <Value>https://exchserver2.domainname.co.uk/EWS/Exchange.asmx</Value>
  </UserSetting>
  <UserSetting i:type="StringSetting">
  <Name>ExternalEwsVersion</Name>
  <Value>15.00.1044.000</Value>
  </UserSetting>
  </UserSettings>
  </UserResponse>
  </UserResponses>
  </Response>
  </GetUserSettingsResponseMessage>
  </s:Body>
  </s:Envelope>
  </Trace>
  2015/01/02 19:15:55.704 Autodiscover, received GetUserSettings response,
  duration Ms=88, response=NoError
  2015/01/02 19:15:55.706 Lookup user details,
  sipUri=sip:[email protected], [email protected],
  sid=S-1-5-21-3691024758-535552880-811174816-1135, [email protected],
  tenantId=00000000-0000-0000-0000-000000000000
  VERBOSE: Items choice type: CreateItemResponseMessage.
  VERBOSE: Response message, class: Success, code: NoError.
  VERBOSE: Item: Microsoft.Rtc.Internal.Storage.Exchange.Ews.MessageType, Id:
  AAMkADAwNWZkZWI0LWM5NGYtNDUxNy05Nzk3LWZhZjRiY2Y4MTU4NwBGAAAAAADLP1MgTEXdQ7zQSlb
  qPl++BwBauhRZTfLbTYZ+hBWtK784ANcdmUYqAACSqIurRqgYSZwMhT/IBw89AACnT6G9AAA=,
  change key: CQAAABYAAACSqIurRqgYSZwMhT/IBw89AACnip6b, subject: , body: .
  VERBOSE: Is command successful: True.
  Test passed.
  All my certificates on the Exchange 2013 and Lync 2013 servers are from my local CA.
  I use APP with the public certificates as my reverse proxy for people connecting from outside the network.
  In Lync, the OAuthTokenIssuer certificate created through the Lync deployment wizard is issued to domainname.local (my primary sip domain) and the Subject Alternative names include domainname.co.uk
  I then exported this certificate to the Exchange Server and use the Set-AuthConfig to use this certificate for OAuth.
  from what I read this was what I was supposed to do.
  is this correct?
  I have tried so many things I don't know what do to next.
  Should the OAuth certificate in exchange be the one exported from Lync?
  In Lync, should the OAuthTokenIssuer certificate include the servername or lyncserver.domainname.local or just be domainname.local like it is at the moment?
  thank-you
  jack

  Thomas,
  thanks for giving this the time. I have run the Configure-EnterpriseApplication.ps1 script following by remove-PartnerApplication so many times that I was wondering if there are other setting that
  Configure-EnterpriseApplication.ps1 creates that aer not removed when you run
  remove-PartnerApplication.
  is there a way to completely remove everything that is confirmed when you run
  Configure-EnterpriseApplication.ps1 so I can run Configure-EnterpriseApplication.ps1 without there being any configurations left from when I previously run that command?
  thanks
  jack
  [PS] C:\Windows\system32>Get-PartnerApplication |fl
  RunspaceId : cb2fb328-769d-4b32-8b7b-1fa35e2994f5
  Enabled : True
  ApplicationIdentifier : 00000004-0000-0ff1-ce00-000000000000
  CertificateStrings : {MIIGcDCCBVigAwIBAgITPgAAARIHL+ig32UAAQAAAAABEjANBgkqhkiG9w0BAQUFADBcMRUwEwYKCZIm
  iZPyLGQBGRYFbG9jYWwxHTAbBgoJkiaJk/IsZAEZFg1HdWlkZUNsb3RoaW5nMSQwIgYDVQQDExtHdWlkZ
  UNsb3RoaW5nLUFQUFNFUlZFUjEtQ0EwHhcNMTUwMTEwMTIxODIzWhcNMTcwMTA5MTIxODIzWjB7MQswCQ
  YDVQQGEwJHQjEPMA0GA1UECBMGTG9uZG9uMQ8wDQYDVQQHEwZMb25kb24xHzAdBgNVBAoTFkd1aWRlIEN
  sb3RoaW5nIExpbWl0ZWQxCzAJBgNVBAsTAkhRMRwwGgYDVQQDExNHdWlkZUNsb3RoaW5nLmNvLnVrMIIB
  IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyzDzaLsjJfktsbwIJ998ihsZM/0rKGdIt8rIx00oc
  HA7w0uVyz2UqnP9a8uRi6HkA7djbynlmGG0hKSUUQngXxz7q2dY6q9rcY5Rw2mJOMeppounx44FFp4+4e
  5HQKviLTYo+3DBGIR0mYDqxanKPS00d0f7HDLvmVb90hjdrbE372JBdcNNHs2OHRqg37bN2fAbwd22c9x
  2kvi0rESFnr+KcIGECVInCTHLJ7fwVqvi4hvRqtz7KLZsMXprpgeVDs45EMMRtwJ5Hw8uZR4CFz4dHSlo
  dIVgDPn8Ns2vGhcUK0JU4WkDbjnqo1SJzHlqtNjiu//wGcn77PAiM0yhyQIDAQABo4IDCjCCAwYwCwYDV
  R0PBAQDAgWgMCEGCSsGAQQBgjcUAgQUHhIAVwBlAGIAUwBlAHIAdgBlAHIwEwYDVR0lBAwwCgYIKwYBBQ
  UHAwEwHQYDVR0OBBYEFOY3whPicRAXNsTDSIg3FexpaCKdMHUGA1UdEQRuMGyCH0x5bmNTZXJ2ZXIyLkd
  1aWRlQ2xvdGhpbmcuY28udWuCH0x5bmNTZXJ2ZXIyLkd1aWRlQ2xvdGhpbmcubG9jYWyCE0d1aWRlQ2xv
  dGhpbmcuY28udWuCE0d1aWRlQ2xvdGhpbmcubG9jYWwwHwYDVR0jBBgwFoAUDHst3gUSMGwvkiNTPavmi
  UEWgtQwggEuBgNVHR8EggElMIIBITCCAR2gggEZoIIBFYaBzWxkYXA6Ly8vQ049R3VpZGVDbG90aGluZy
  1BUFBTRVJWRVIxLUNBLENOPURvbVNlcnZlcjIsQ049Q0RQLENOPVB1YmxpYyUyMEtleSUyMFNlcnZpY2V
  zLENOPVNlcnZpY2VzLENOPUNvbmZpZ3VyYXRpb24sREM9R3VpZGVDbG90aGluZyxEQz1sb2NhbD9jZXJ0
  aWZpY2F0ZVJldm9jYXRpb25MaXN0P2Jhc2U/b2JqZWN0Q2xhc3M9Y1JMRGlzdHJpYnV0aW9uUG9pbnSGQ
  2h0dHA6Ly9jcmwuZ3VpZGVjbG90aGluZy5sb2NhbC9jcmxkL0d1aWRlQ2xvdGhpbmctQVBQU0VSVkVSMS
  1DQS5jcmwwgdUGCCsGAQUFBwEBBIHIMIHFMIHCBggrBgEFBQcwAoaBtWxkYXA6Ly8vQ049R3VpZGVDbG9
  0aGluZy1BUFBTRVJWRVIxLUNBLENOPUFJQSxDTj1QdWJsaWMlMjBLZXklMjBTZXJ2aWNlcyxDTj1TZXJ2
  aWNlcyxDTj1Db25maWd1cmF0aW9uLERDPUd1aWRlQ2xvdGhpbmcsREM9bG9jYWw/Y0FDZXJ0aWZpY2F0Z
  T9iYXNlP29iamVjdENsYXNzPWNlcnRpZmljYXRpb25BdXRob3JpdHkwDQYJKoZIhvcNAQEFBQADggEBAD
  87GUPi02czEMO2Op0CeKBBpGwsfjYR9+RlC2uKAoH8PbWAxYNP3Ke6BtPeFy+95GGAJd5Z0+6LpO/AagA
  +zeY/tocZQjy0pYaU4/TPZgD+ZB/8sU982msu+8waO316ipBcf/87n9ZW3Jjk5DcVbtwrZErrGRe9DEn8
  QArN0jroLfaRtbDumse1Lp76+dxFuVhlLWcUXtIKaxm+UU9DS94EwJMtN54lDm3EG6hVdiGUR7TYqZU0K
  HGm7HciIhuO+2rhAazOBiIAAW6wZRUpFKZONSVD6bKrQCzL12LvynQ7XC6Itgr4JGzNCmoN43dXwVCkWo
  amTDdZY4h+QBqUvvY=}
  AuthMetadataUrl : https://lyncserver2.domainname.local/metadata/json/1
  Realm : domainname.local
  UseAuthServer : False
  AcceptSecurityIdentifierInformation : True
  LinkedAccount : domainname.local/Users/LyncEnterprise-ApplicationAccount
  IssuerIdentifier :
  AppOnlyPermissions :
  ActAsPermissions :
  AdminDisplayName :
  ExchangeVersion : 0.20 (15.0.0.0)
  Name : LyncEnterprise-786f61476b634278a3c9b9e4ec08b660
  DistinguishedName : CN=LyncEnterprise-786f61476b634278a3c9b9e4ec08b660,CN=Partner
  Applications,CN=Auth Configuration,CN=domainname,CN=Microsoft
  Exchange,CN=Services,CN=Configuration,DC=domainname,DC=local
  Identity : LyncEnterprise-786f61476b634278a3c9b9e4ec08b660
  Guid : 07495125-ccd4-4443-82d9-74fc3b955cdf
  ObjectCategory : domainname.local/Configuration/Schema/ms-Exch-Auth-Partner-Application
  ObjectClass : {top, msExchAuthPartnerApplication}
  WhenChanged : 10/01/2015 17:14:55
  WhenCreated : 10/01/2015 17:14:55
  WhenChangedUTC : 10/01/2015 17:14:55
  WhenCreatedUTC : 10/01/2015 17:14:55
  OrganizationId :
  Id : LyncEnterprise-786f61476b634278a3c9b9e4ec08b660
  OriginatingServer : DomServer2.domainname.local
  IsValid : True
  ObjectState : Unchanged

• Exchange 2013 owa integration with ADFS and cooexistance with exchange 2007

  Team,
  I have successfully integrated adfs 3.0 and Exchange 2013 owa and ecp.  However, we have a coexistence environment with exchange 2007.  When you access owa, which then redirects you to adfs, sign-in, and then get redirected back to owa. If your
  mailbox is still within exchange 2007, you get a blank login page.  If you mailbox is in exchange 2013 then you successfully get the owa page for 2013.  The problem is that all exchange 2007 mailbox users get blank pages at login. So I have determined
  that exchange 2013 cas is not doing the service location lookup on the mailbox to determine if a redirect to the legacy owa address is needed.  Is there a configuration setting that I might be missing? Or does the integration with adfs and owa not support
  the much needed mailbox lookup for a coexistance environment?  A side note: if we enable FBA with owa, both login scenarios work just fine (legacy and new 2013). The legacy namespace has been created, and applied to the exchange 2007 urls.  

  Hi,
  Try using AD FS claims-based authentication with Outlook Web App and EAC
  http://technet.microsoft.com/en-us/library/dn635116(v=exchg.150).aspx
  Thanks,
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
  [email protected]
  Simon Wu
  TechNet Community Support

• Exchange 2013 co-existence with 2007 can not send from 2013 - receives OK

  2013 SP1  -separate servers for MBX and CAS - 4 of each. Exchange 2007 configured as a CCR
  I am in co-existence mode but have not yet switched on the legacy.domainname.com. I have a new certificate installed on all servers - 2007 and 2013 with the legacy namespace included
  I can receive on the exchange 2013 servers and can send to exchange 2013 users but cannot send to 2007 users or externally. I have enabled protocol logging and I'm seeing:
  2014-04-02T00:57:31.476Z,Outbound Primary,08D1120CF8FEEDBA,0,,10.0.9.1:25,*,,attempting to connect
  2014-04-02T00:57:52.521Z,Outbound Primary,08D1120CF8FEEDBA,1,,10.0.9.1:25,*,,"Failed to connect. Winsock error code: 10060, Win32 error code: 10060, Error Message: A connection attempt failed because the connected party did not properly respond after a
  period of time, or established connection failed because connected host has failed to respond 10.0.9.1:25"
  The client has a pair of Axway mailgateway appliances (Tumbleweed). We can Telnet between the exchange 2013 servers and the Axways. There is a firewall between these mail gateways and the exchange servers and the following ports were opened - 25,443,465,995,110
  I used the existing send connectors from 2007 and just added the mailbox servers to them. I created 2 new receive connectors to match 2 specialist 2007 connectors.
  But I still can't send mail. Any suggestions where next to check?

  Hi Tony 
  Based on the protocol logs error looks like there is connectivity problem between Ex2007 and Ex2013
  First you can try dropping an email through Telnet from Exchange 2013 to Exchange 2007 to see the message failure happens at which transit.
  You can add the IP address of Exchange 2013 in Exchange 2007 default receive connector and vice versa.
  Restart the transport service and try sending an email from exchange 2013 to Exchange 2007 and see the results
  Also you can try creating a dedicated receive connector for Exchange 2007 in Exchange 2013 and vice versa if the above step does not work 
  Also try disabling the firewall and see if it helps.
  Remember to mark as helpful if you find my contribution useful or as an answer if it does answer your question.That will encourage me - and others - to take time out to help you

• Exchange 2013 co-existence with Exchange 2010 proxying issue.

  Hello,  
  I am testing Exchange 2010 and Exchange 2013 co-existence in my test lab at the moment, with
  a view to migrating our production environment to 2013 later in the year.  
  The lab is setup, and the problem I'm having is that internal Outlook clients cannot open
  their respective mailboxes once the 2013 CAS server is introduced into the mix.  
   The
  setup is listed below:  
  EXCHANGE 2010 Servers  
  TESTLABEXCH01 - CAS,HT,MBX - Exchange 2010 SP3  
  TESTLABEXCH02 - CAS,HT,MBX - Exchange 2010 SP3  
  Both servers are part of a CAS Array - casarray01.testlab.local  
  Both servers are part of a DAG - DAG01.testlab.local  
  RpcClientAccessServer on all 2010 databases set to casarray01.testlab.local  
  The A record for casarray01.testlab.local points to the IP of the VIP of a load balancer.  
  The loadbalancer serves
  the following ports: 25,80,443,143,993,110,995,135,60200,60201  
  OutlookAnywhere is enabled on both servers:  
  ClientAuthenticationMethod : Ntlm  
  IISAuthenticationMethods   : {Basic, Ntlm}  
  Internal and external mail flow works without issue before the 2013 server is introduced. 
  Internal and external client access works without issue before the 2013 server is introduced. 
  Part Two to follow.....
  Matt

  EXCHANGE 2013 Servers :
  TESTLABEXCH03 - CAS,MBX - Exchange 2013 SP1  
  OutlookAnywhere is enabled on the server:  
  ClientAuthenticationMethod : Ntlm  
  IISAuthenticationMethods   : {Basic, Ntlm}  
  RpcClientAccessServer on all 2013 databases set to casarray01.testlab.local
  (This an inherited setting I assume from the pre-existing 2010 organization)  
  Split DNS is in place and all internal/external URL's point to either:  
  autidiscover.external.com  
  mail.external.com  
  The A record for the mail.external.com points to the IP of the load balancer VIP  
  The CNAME record for autodiscover.external.com points to mail.external.com  
  When the TESTLABEXCH03 is added to the load balancer config,
  and given highest priority this is when the Outlook clients stop working.  
  Any existing profiles in Outlook 2010/Outlook 2013 can no be opened as there is a persistent
  credentials prompt.  
  Upon trying to create a new profile, the process errors when reaching the "Log onto server"
  stage and again prompts for credentials.  
  Running the test-outlookconnectivity cmdlet from
  either of the 2010 servers produces the following results.  
  [PS] C:\Windows\system32>Test-OutlookConnectivity -Protocol:http  
  ClientAccessServer   ServiceEndpoint                         
  Scenario                            Result  Latency  
  TESTLABEXCH02  autodiscover.external.com    Autodiscover:
  Web service request.  Success  343.20  
  TESTLABEXCH02  casarray01.testlab.local       RpcProxy::VerifyRpcProxy.  
  Success    0.00  
  TESTLABEXCH02  casarray01.testlab.local         RFRI::GetReferral.                 
  Failure   -1.00  
  TESTLABEXCH02  casarray01.testlab.local        NSPI::GetProfileDetails.           
  Failure   -1.00  
  TESTLABEXCH02  casarray01.testlab.local        
  Mailbox::Connect.                   Failure   -1.00 
  TESTLABEXCH02  casarray01.testlab.local        
  Mailbox::Logon.                     Skipped   -1.00  
  If remove the 2013 CAS server from the loadbalancer config and
  all connections go directly to the 2010 servers again, all of the above tests pass and Outlook connectivity is also restored.  
  IIS has been reset on all 3 servers incidentally, following any changes made whilst troubleshooting. 
  I'm struggling to see what I'm missing here, if anyone can assist in troubleshooting this
  matter further, or point out any errors in my setup it would be greatly appreciated.  
  Regards  
  Matt 
  Matt

• Exchange 2013 CU3 Can't Access ECP from Office365 Enabled Account

  We recently upgraded our Exchange 2013 server to CU3 to fix the OWA redirection error. Unfortunately, we've now noticed that any admin mailboxes that have been 'moved' to Office365 can not access ECP and instead get a redirect warning to OWA.
  I had to create a new, onprem admin account to access in the meantime.  This is the message I see:
  Use the following link to open this mailbox with the best performance:
  http://outlook.com/owa/ACME.onmicrosoft.com
  X-FEServer: EXCHANGE
  Date: 12/3/2013 6:13:23 PM
  more detail...
  I assume this is due to the fix for OWA redirection?  How do I manage Exchange with my 'oncloud' mailbox accounts?

  Hi,
  I think it will be more suitable to ask this question on Exchange Online forum:
  http://social.technet.microsoft.com/Forums/msonline/en-US/home?forum=onlineservicesexchange
  Thanks,
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
  [email protected]
  Simon Wu
  TechNet Community Support

• Exchange 2013 S/MIME with Server 2008 R2

  So I am trying to configure S/MIME on my 2013 Exchange server, but the process in which I need to export the rootca is vague and only applies to Server 2012/Windows 8 because of the export-certificate command.  
  http://technet.microsoft.com/en-us/library/hh848628.aspx
  My domain consists of a single DC/CA and member server that hosts Exchange.  Both servers are on Server 2008 R2, and I have installed PowerShell v4.0 on my DC to try an export the certificate but it continues to fail with:
  export-certificate : The term 'export-certificate' is not recognized as the name of a cmdlet, function, script file,
  or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and
  try again.
  The examples given to set up the export are equally vague:
  PS C:\>$cert= (Get-ChildItem -Path cert:\CurrentUser\My\EEDEF61D4FF6EDBAAD538BB08CCAADDC3EE28FF) <--What path is this referencing??If anybody has experience doing this I would greatly appreciate some guidance.Mike

  I was able to figure out the export portion.  I needed to select both of my Root CA's certificates then run through the export wizard and export to .sst was available.  Now the problem I'm having is when attempt to import the certs into Exchange
  2013.
  [PS] C:\>Set-SmimeConfig -SMIMECertificateIssuingCA (Get-Content rootca1.sst -Encoding Byte)
  Starting a command on the remote server failed with the following error message : The WinRM client sent a request to the remote WS-Management service and was notified that the request size exceeded the configured MaxEnvelopeSize quota.
  For more information, see the about_Remote_Troubleshooting Help topic.
      + CategoryInfo          : OperationStopped: (exchange.contoso.com:String) [], PSRemotingTransportExcept
     ion
      + FullyQualifiedErrorId : JobFailure
      + PSComputerName        : exchange.contoso.com