Exchange 2013 Hybrid Configuration Wizard OAuth error

Similar Messages

• Exchange 2013 hybrid configuration

  Hi,
  I'm using Symantec Bridge mail with Exchange 2010.
  And I've planned for Hybrid configuration with Exchange 2010, for this I've created a trail O365 account.
  I'm planing to verify the TXT record for my domain, will this affect my present mail flow ?
  Sathish

  No, mail flow is controlled by the MX record. Creating a TXT record for the purposes of verifying the domain for Hybrid will not affect anything.

• Exchange Online mailbox configuration without Exchange Hybrid Configuration wizard.

  HI!
  We have on premise exchange server 2010 sp2 deployed with domain1.com. We have registered our tenant and verified the ownership of domain1.com on our office365 tenant.  We have successfully deployed EOP and configured inbound and outbound connectors
  and all the mailflow is working fine. We havenot deployed directory sync server and ADFS for the deployment of EOP. Our Mx is pointed to domain1-com.mail.protection.outlook.com and all the mails are sent and received through EOP. I
  want to move a user mailbox such as [email protected] to Exchange Online from on-premise exchange without configuring Dirsync and Exchange Hybrid configuration wizard. I already know the some of the limitations.
  If I create a user account [email protected] on the tenant and activate the Exchange License on office365 to create the Mailbox on Exchange online.
  I want to know that if I have to create any other send and receive connector or any other configuration either on office365 or exchange online if I cutover one user from our on-premise to exchange online without configuring Exchange Hybrid configuration
  wizard on our on premise exchange server??
  Will this effect the mailflow between onpremise and exchange online users?
  Regards,
  Abdullah Salam

  It's not clear to me what type of migration you're trying to do. A cutover migration would be an option as long as you understand the limitations of that process.  Otherwise are you looking to use a third-party migration tool or some other
  mechanism?
  The reason you would end up with two mailboxes is if when you assign an Exchange license to a user in the cloud without DirSync, a mailbox is provisioned for that user.  You can assign a license after the mailbox is moved assuming you have a mail-enabled
  user in the cloud and can do a remote move to it.
  Once you manage to get the mailbox to the cloud, now you have to deal with routing which means you'll need a mail-enabled user on-premises for every mailbox in the cloud and will need to have a target address with a coexistence domain such as "@tenant.mail.onmicrosoft.com". 
  Likewise, Exchange Online will need a mail-enabled user for every on-premises mailbox in order to have a populated GAL and route in that direction.
  For security reasons we don't to setup Dirsync and hybrid.
  I hear this occasionally and remind organizations that you're putting the actual data (the stuff the credentials protect) in Microsoft's datacenters.  If it's a question of trust, cloud services might not be the most appropriate solution for the
  organization.  The Office 365 Trust Center (http://trust.office365.com/) can provide some insight into the controls that Microsoft has in place to protect your data.
  DirSync or the new AADSync can be scoped such that they only sync limited objects.  From there, you have the options of Password (Hash) Sync with DirSync (not yet with AADSync) or using AD FS which leaves the authentication with your on-premises
  directory.
  Joseph Palarchio http://www.itworkedinthelab.com

• Cutover onprem mailbox to exchange online without Hybrid configuration wizard.

  HI!
  We have on premise exchange server 2010 sp2 deployed with domain1.com. We have registered our tenant and verified the ownership of domain1.com on our office365 tenant.  We have successfully deployed EOP and configured inbound and outbound connectors
  and all the mailflow is working fine. We havenot deployed directory sync server and ADFS for the deployment of EOP. Our Mx is pointed to domain1-com.mail.protection.outlook.com and all the mails are sent and received through EOP. I
  want to move a user mailbox such as [email protected] to Exchange Online from on-premise exchange without configuring Dirsync and Exchange Hybrid configuration wizard. I already know the some of the limitations.
  If I create a user account [email protected] on the tenant and activate the Exchange License on office365 to create the Mailbox on Exchange online.
  I want to know that if I have to create any other send and receive connector or any other configuration either on office365 or exchange online if I cutover one user from our on-premise to exchange online without configuring Exchange Hybrid configuration
  wizard on our on premise exchange server??
  Will this effect the mailflow between onpremise and exchange online users?
  Regards,
  Abdullah Salam

  It's not clear to me what type of migration you're trying to do. A cutover migration would be an option as long as you understand the limitations of that process.  Otherwise are you looking to use a third-party migration tool or some other
  mechanism?
  The reason you would end up with two mailboxes is if when you assign an Exchange license to a user in the cloud without DirSync, a mailbox is provisioned for that user.  You can assign a license after the mailbox is moved assuming you have a mail-enabled
  user in the cloud and can do a remote move to it.
  Once you manage to get the mailbox to the cloud, now you have to deal with routing which means you'll need a mail-enabled user on-premises for every mailbox in the cloud and will need to have a target address with a coexistence domain such as "@tenant.mail.onmicrosoft.com". 
  Likewise, Exchange Online will need a mail-enabled user for every on-premises mailbox in order to have a populated GAL and route in that direction.
  For security reasons we don't to setup Dirsync and hybrid.
  I hear this occasionally and remind organizations that you're putting the actual data (the stuff the credentials protect) in Microsoft's datacenters.  If it's a question of trust, cloud services might not be the most appropriate solution for the
  organization.  The Office 365 Trust Center (http://trust.office365.com/) can provide some insight into the controls that Microsoft has in place to protect your data.
  DirSync or the new AADSync can be scoped such that they only sync limited objects.  From there, you have the options of Password (Hash) Sync with DirSync (not yet with AADSync) or using AD FS which leaves the authentication with your on-premises
  directory.
  Joseph Palarchio http://www.itworkedinthelab.com

• Ramifications of assigning a wildcard certificate to the SMTP service (needed for Exchange 2010 Hybrid Configuration - Office 365)

  Hello All:
  I am receiving an error when I run the Manage Hybrid Configuration wizard - ERROR:Updating hybrid configuration failed with error 'Subtask NeedsConfiguration execution failed: Configure Recipient Settings. I have opened a SR, but figured I'd try the forums,
  too. I have a wildcard certificate from GoDaddy (MS says they support wildcards from GoDaddy) & that cert has only the IIS service applied to it on the CAS. I've read in the Exchange Server Deployment Assistant that it should have the SMTP & IIS services
  assigned to it, but my question is - SMTP on the CAS (separate server) or on the Mailbox/Hub Transport (separate server)? And what are the ramifications of assigning the SMTP service to, let's say, the CAS? We have had multiple issues every time the servers
  get updated/changed; I do not want to disrupt services further, as the Manage Hybrid Configuration will be done during business hours.
  If anyone can provide any assistance/clarification, it would be most appreciated.
  Thank you.

  Hi,
  We can enable a Wildcard certificate with SMTP service for Exchange Hybird Deployment. The SMTP service can be assigned to multiple certificates. For some Exchange services such as OWA, Ecp, ActiveSync, Autodiscover service, OOF, it is used with Exchange
  certificate with IIS service. And there is usually only one certificate can be assigned with IIS service.
  Please just make sure your Wildcard certificate can contain all namespaces which are used for all internal URL and External URL configuration in Exchange services. About how to import an existing wildcard certificate on the Exchange 2010 Hybird servers,
  please refer to the Import & Enable Third Party Certificate on Hybrid Servers
  part in the following article:
  http://www.msexchange.org/articles-tutorials/office-365/exchange-online/configuring-exchange-hybrid-deployment-migrating-to-office-365-exchange-online-part9.html
  Note: Microsoft is providing this information as a convenience to you. The sites are not controlled by Microsoft. Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. Please
  make sure that you completely understand the risk before retrieving any suggestions from the above link.
  Regards,
  Winnie Liang
  TechNet Community Support

• Default frontend receive connector settings exchange 2013 hybrid edition?

  Hi,
  I am busy setting up a hybrid environment with exchange 2007 , exchange 2013 hybrid edition and office 365.
  When installing exchange 2013 it creates a default frontend receive connector, on the security tab anonymous user is also selected.
  Should i leave it this way?
  At the moment the mx record is pointing to the exchange 2007, in the future i will change the mx record to the exchange cloud.
  I can telnet and mail to the exchange 2013 server, but there is no spam protection, do i need the anonymous user if i am not intended to use this for the mx record, i suppose office 365 is going to use this connector.
  (ps: still have to run the hybrid configuration wizard, waiting for dns ownership txt record)

  Hi Steven,
  Just as Ed said, the connector restrict access via IP address. We can also create another ones.
  If you worry about the spam, I suggest enabling the Anti-Spam function on MBX server.
  More details in the following articles:
  Spam Protection 
  http://technet.microsoft.com/en-us/library/jj218660(v=exchg.150).aspx
  Enable Anti-Spam Functionality on Mailbox Servers
  http://technet.microsoft.com/en-us/library/bb201691(v=exchg.150).aspx
  Hope it is helpful
  Thanks
  Mavis
  If you have feedback for TechNet Subscriber Support, contact
  [email protected]
  Mavis Huang
  TechNet Community Support

• Seemingly successful install of Exchange 2013 SP1 turns into many errors in event logs after upgrade to CU7

  I have a new Exchange 2013 server with plans to migrate from my current Exchange 2007 Server. 
  I installed Exchange 2013 SP1 and the only errors I saw in the event log seemed to be long standing known issues that did not indicate an actual problem (based on what I read online). 
  I updated to CU7 and now lots of errors have appeared (although the old ones seem to have been fixed so I have that going for me). 
  Currently the Exchange 2013 server is not in use and clients are still hitting the 2007 server.
  Issue 1)
  After each reboot I get a Kernel-EventTracing 2 error.  I cannot find anything on this on the internet so I have no idea what it is.
  Session "FastDocTracingSession" failed to start with the following error: 0xC0000035
  I did read other accounts of this error with a different name in the quotes but still can’t tell what this is or where it is coming from.
  Issue 2)
  I am still getting 5 MSExchange Common 106 errors even after reregistering all of the perf counters per this page:
  https://support.microsoft.com/kb/2870416?wa=wsignin1.0
  One of the perf counters fails to register using the script from the link above.
  66 C:\Program Files\Microsoft\Exchange Server\V15\Setup\Perf\InfoWorkerMultiMailboxSearchPerformanceCounters.xml
  New-PerfCounters : The performance counter definition file is invalid.
  At C:\Users\administrator.<my domain>\Downloads\script\ReloadPerfCounters.ps1:19 char:4
  +    New-PerfCounters -DefinitionFileName $f
  +    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      + CategoryInfo         
  : InvalidData: (:) [New-PerfCounters], TaskException
      + FullyQualifiedErrorId : [Server=VALIS,RequestId=71b6bcde-d73e-4c14-9a32-03f06e3b2607,TimeStamp=12/18/2014 10:09:
     12 PM] [FailureCategory=Cmdlet-TaskException] 33EBD286,Microsoft.Exchange.Management.Tasks.NewPerfCounters
  But that one seems unrelated to the ones that still throw errors. 
  Three of the remaining five errors are (the forum is removing my spacing between the error text so it looks like a wall of text - sorry):
  Performance counter updating error. Counter name is Count Matched LowFidelity FingerPrint, but missed HighFidelity FingerPrint, category name is MSExchange Anti-Malware Datacenter Perfcounters. Optional code: 3. Exception: The
  exception thrown is : System.InvalidOperationException: The requested Performance Counter is not a custom counter, it has to be initialized as ReadOnly.
     at System.Diagnostics.PerformanceCounter.InitializeImpl()
     at System.Diagnostics.PerformanceCounter.set_RawValue(Int64 value)
     at Microsoft.Exchange.Diagnostics.ExPerformanceCounter.set_RawValue(Int64 value)
  Last worker process info : System.ArgumentException: Process with an Id of 7384 is not running.
     at System.Diagnostics.Process.GetProcessById(Int32 processId)
     at Microsoft.Exchange.Diagnostics.ExPerformanceCounter.GetLastWorkerProcessInfo()
  Performance counter updating error. Counter name is Number of items, item is matched with finger printing cache, category name is MSExchange Anti-Malware Datacenter Perfcounters. Optional code: 3. Exception: The exception thrown
  is : System.InvalidOperationException: The requested Performance Counter is not a custom counter, it has to be initialized as ReadOnly.
     at System.Diagnostics.PerformanceCounter.InitializeImpl()
     at System.Diagnostics.PerformanceCounter.set_RawValue(Int64 value)
     at Microsoft.Exchange.Diagnostics.ExPerformanceCounter.set_RawValue(Int64 value)
  Last worker process info : System.ArgumentException: Process with an Id of 7384 is not running.
     at System.Diagnostics.Process.GetProcessById(Int32 processId)
     at Microsoft.Exchange.Diagnostics.ExPerformanceCounter.GetLastWorkerProcessInfo()
  Performance counter updating error. Counter name is Number of items in Malware Fingerprint cache, category name is MSExchange Anti-Malware Datacenter Perfcounters. Optional code: 3. Exception: The exception thrown is : System.InvalidOperationException:
  The requested Performance Counter is not a custom counter, it has to be initialized as ReadOnly.
     at System.Diagnostics.PerformanceCounter.InitializeImpl()
     at System.Diagnostics.PerformanceCounter.set_RawValue(Int64 value)
     at Microsoft.Exchange.Diagnostics.ExPerformanceCounter.set_RawValue(Int64 value)
  Last worker process info : System.ArgumentException: Process with an Id of 7384 is not running.
     at System.Diagnostics.Process.GetProcessById(Int32 processId)
     at Microsoft.Exchange.Diagnostics.ExPerformanceCounter.GetLastWorkerProcessInfo()
  Issue 3)
  I appear to have some issues related to the healthmailboxes. 
  I get MSExchangeTransport 1025 errors for multiple healthmailboxes.
  SMTP rejected a (P1) mail from 'HealthMailbox23b10b91745648819139ee691dc97eb6@<my domain>.local' with 'Client Proxy <my server>' connector and the user authenticated as 'HealthMailbox23b10b91745648819139ee691dc97eb6'. The Active Directory
  lookup for the sender address returned validation errors. Microsoft.Exchange.Data.ProviderError
  I reran setup /prepareAD to try and remedy this but I am still getting some.
  Issue 4)
  I am getting an MSExchange RBAC 74 error. 
  (Process w3wp.exe, PID 984) Connection leak detected for key <my domain>.local/Admins/Administrator in Microsoft.Exchange.Configuration.Authorization.WSManBudgetManager class. Leaked Value 1.
  Issue 5)
  I am getting MSExchange Assistants 9042 warnings on both databases.
  Service MSExchangeMailboxAssistants. Probe Time Based Assistant for database Database02 (c83dbd91-7cc4-4412-912e-1b87ca6eb0ab) is exiting a work cycle. No mailboxes were successfully processed. 2 mailboxes were skipped due to errors. 0 mailboxes were
  skipped due to failure to open a store session. 0 mailboxes were retried. There are 0 mailboxes in this database remaining to be processed.
  Some research suggested this may be related to deleted mailboxes however I have never had any actual user mailboxes on this server. 
  If they are healthmailboxes or arbitration mailboxes that might make sense but I am unsure of what to do on this.
  Issue 6)
  At boot I am getting an MSExchange ActiveSync warning 1033
  The setting SupportedIPMTypes in the Web.Config file was missing. 
  Using default value of System.Collections.Generic.List`1[System.String].
  I don't know why but this forum is removing some of my spacing that would make parts of this easier to read.

  Hi Eric
  Yes I have uninstalled and reinstalled Exchange 2013 CU7 for the 3^rd time. 
  I realize you said one issue per forum thread but since I already started this thread with many issues I will at least post what I have discovered on them in case someone finds their way here from a web search.
  I have an existing Exchange 2007 server in the environment so I am unable to create email address policies that are defined by “recipient container”. 
  If I try and do so I get “You can't specify the recipient container because legacy servers are detected.”
   So I cannot create a normal email address policy and restrict it to an OU without resorting to some fancy filtering. 
  Instead what I have done is use PS to modify extensionAttribute1 (otherwise known as Custom Attribute 1 to exchange) for all of my users. 
  I then applied an address policy to them and gave it the highest priority. 
  Then I set a default email address policy for the entire organization. 
  After reinstalling Exchange all of my system mailboxes were created with the internal domain name. 
  So issue number 3 above has not come up. 
  For issue number one above I have created a new thread:
  https://social.technet.microsoft.com/Forums/office/en-US/7eb12b89-ae9b-46b2-bd34-e50cd52a4c15/microsoftwindowskerneleventtracing-error-2-happens-twice-at-boot-ex2013cu7?forum=exchangesvrdeploy
  For issue number four I have posted to this existing thread where there is so far no resolution:
  https://social.technet.microsoft.com/Forums/exchange/en-US/2343730c-7303-4067-ae1a-b106cffc3583/exchange-error-id-74-connection-leak-detected-for-key?forum=exchangesvradmin
  Issue number Five I have managed to recreate and get rid of in more than one way. 
  If I create a new database in ECP and set the database and log paths where I want, then this error will appear. 
  If I create the database in the default location and then use EMS to move it and set the log path, then the error will not appear. 
  The error will also appear (along with other errors) if I delete the health mailboxes and let them get recreated by restarting the server or the Health Manager service. 
  If I then go and set the retention period for deleted mailboxes to 0 days and wait a little while, these will all go away. 
  So my off hand guess is that these are caused by orphaned system mailboxes.
  For issue number six I have posted to this existing thread where there is so far no resolution:
  https://social.technet.microsoft.com/Forums/exchange/en-US/dff62411-fad8-4d0c-9bdb-037374644845/event-1033-msexchangeactivesync-warning?forum=exchangesvrmobility
  So for the remainder of this thread we can try and tackle issue number two which is the perf counters. 
  The exact same 5 perf counter were coming up and this had been true each time I have uninstalled and reinstalled Exchange 2013CU7. 
  Actually to be more accurate a LOT of perf counter errors come up after the initial install, but reloading the perf counters using the script I posted above reduces it to the same five. 
  Using all of your suggestions so far has not removed these 5 remaining errors either.  Since there is no discernible impact other than these errors at boot I am not seriously bothered by them but as will all event log errors, I would prefer
  to make them go away if possible.

• Exchange 2013 Hybrid Deployment, on-premise to multiple Office 365 tenants

  Hello, we are in the early stages of planning an Exchange 2013 hybrid deployment for a federation of education organisations.
  We are planning to use a single on-premise Exchange organisation for staff mailboxes across all member organisations, each member already has it's own Office 365 tenancy for students, which we would like to maintain if possible.
  My question is, is it possible (and supported) for an Exchange hybrid deployment with a single on-premise organisation with multiple Office 365 tenants, my understanding is that only a 1:1 deployment is supported, can somebody confirm or clarify this ?
  Thanks

  I think if you have different AD sites then you can install the DirSync or ADFS for each of them and have one way replication. I 'd aks this question to Office365 Forum and support.
  Where Technology Meets Talent

• Exchange 2013 Hybrid setup & DNS

  Greetings!  We currently have an Exchange 2010 on prem environment and I have been tasked with getting us into a hybrid state with O365.  We already have the tenet portions set up, AD Sync working, etc.  My initial thought was to just use
  our existing Exchange 2010 servers for the hybrid role, however, upon research it appears that standing up new Exchange 2013 servers specifically as hybrid servers is the suggested route.
  My main goal is to do this hybrid deployment with as little impact and change to our environment (and thus user impact) as possible.  From what I have read, I will have to change the autodiscover and ews records to point to the new Exchange 2013 servers. 
  Is it also the case that I will have to redirect OWA to the Exchange 2013 servers?  Is there any way to deploy Exchange 2013 hybrid servers in a way that I do not have to change owa, autodiscover, etc? 
  Thanks in advance!

  Hi Joe,
  Based on my knowledge, we didn't need to install Exchange 2013 to perform routing.
  We can just deploy an Exchange 2010-based Hybrid Deployments.
  Please make sure the Exchange 2010 upgrade to SP3.
  More details to see:
  Hybrid Deployments
  https://technet.microsoft.com/en-us/library/gg577584(v=exchg.141).aspx
  Thanks
  If you have feedback for TechNet Subscriber Support, contact
  [email protected]
  Mavis Huang
  TechNet Community Support

• Exchange 2013 Hybrid Deployment issues.

  Hello.
  i have an issue when configuring Exchange hybrid deployment in my environment.
  when i complete the Exchange hybrid wizard and OAuth is finished our exchange environment will not receive emails from the "internet" as in senders outside the company.
  mail will can be sent out and will flow between internal users.
  when i check the message trace on 365 the emails were failing with the following error.
  Users were also getting a bounce back saying 
  Diagnostic-Code: smtp;550 5.4.1 [[email protected]]: Recipient address rejected: Access denied
  i wondered if it had anything to do with the MX record on our public DNS, i changed this to the one recommended by O365 domain DNS assistant, but this made no odds,
  it looks like it could be a receive connector issue however i am new to exchange so i am still learning.
  the only way to fix the issue was to run Remove-Hybridconfiguration on the Exchange 2013 server, when this finished and few moments had passed mail began being received from the internal again.
  Any Suggestions on what could be caused 
  many thanks

  Hello.
  i have an issue when configuring Exchange hybrid deployment in my environment.
  when i complete the Exchange hybrid wizard and OAuth is finished our exchange environment will not receive emails from the "internet" as in senders outside the company.
  mail will can be sent out and will flow between internal users.
  when i check the message trace on 365 the emails were failing with the following error.
  Users were also getting a bounce back saying 
  Diagnostic-Code: smtp;550 5.4.1 [[email protected]]: Recipient address rejected: Access denied
  i wondered if it had anything to do with the MX record on our public DNS, i changed this to the one recommended by O365 domain DNS assistant, but this made no odds,
  it looks like it could be a receive connector issue however i am new to exchange so i am still learning.
  the only way to fix the issue was to run Remove-Hybridconfiguration on the Exchange 2013 server, when this finished and few moments had passed mail began being received from the internal again.
  Any Suggestions on what could be caused 
  many thanks
  Make sure the accepted SMTP domains in the Office 365 EAC are set to Internal Relay rather then Authoritative.
  Twitter!:
  Please Note: My Posts are provided “AS IS” without warranty of any kind, either expressed or implied.

• Migration From Exchange 2010 Hybrid to Exchange 2013 Hybrid Deployment

  hi,
  I have existing Exchange Server 2010 Hybrid Deployment. Planning to migrate to Exchange 2013. However, while schema update, i am facing some errors/warnings as can be seen in attached screenshot. 
  I have already checked and current functional level in DC is Windows Server 2003. What could be the best steps to troubleshoot the problems and proceed further with Exchange 2013 installation?
  Thanks

  Hi Muhammad
  Can you please give few more information about your environment  so that people around here can help you out
  I have existing Exchange Server 2010 Hybrid Deployment - Do you have Exchange 2010 and Office 365 in a
  hybrid setup now ?
  Are you trying to upgrade your on premise Exchange 2010 servers to Exchange 2013 ?
  Or Are you trying to migrate your on premise Exchange 2010 to a different forest to Exchange 2013 ?
  You can try the below suggestions-
  I would better suggest you to follow Microsoft Exchange Server Deployment Assistant - http://technet.microsoft.com/en-us/office/dn756393.aspx
  Also i would recommend you to check the prerequisites for hybrid deployment with office 365 
  http://technet.microsoft.com/en-us/library/hh534377(v=exchg.150).aspx
  Cheers !!!
  Remember to mark as helpful if you find my contribution useful or as an answer if it does answer your question.That will encourage me - and others - to take time out to help you Check out my latest blog posts on http://exchangequery.com Thanks Sathish
  (MVP)

• Exchange 2013 CU5 - Outlook Web Access - Error 9646 with HTTP - No error with HTTPS

  Hello everyone
  i have a strange issue which i actually do not have an idea about what is going wrong.
  - Exchange 2013 CU5
  - SSL Offloading enabled - Virtual directories configured accordingly
  When a user logs in to OWA via HTTP - after a while he sees the inbox but does not see any mail details.
  He only sees "Error: Your request can't be completed right now. Please try again later."
  After a while i also get an eventlog "9646" with too many open OWA sessions for that user.
  Regardless which limit i set in the registry for this - the error does come back - even with 512 sessions allowed.
  Working with HTTPS instead of HTTP then EVERYTHING works fine ... ?
  Any idea on this?
  Actually i am totally lost ...
  Best regards
  Jörg
  Ihr zertifizierter VMware Partner Enterprise Solution Provider, IBM Advanced Partner, Datacore Partner, Microsoft Silver Partner / Solution Provider und Microsoft Small Business Partner. HEGO Informationstechnologie GmbH Telegrafenstrasse 8 D 42929 Wermelskirchen
  Geschäftsführer: Jörg Hermanns, Ralf Gogolin Amtsgericht Köln HRB 36509 Fon: +49 (0) 21 96 / 8 82 97 - 0 Fax: +49 (0) 21 96 / 8 82 97 - 23 Web: www.hego-it.com

  Hi,
  Please confirm if the following features are added in your server manager:
  •.NET framework 4.5 -> WCF Services -> HTTP Activation
  •Windows process activation service -> Process model
  •Windows process activation service -> Configuration APIs
  If not, please add these features. Then ran IISReset \noforce from a Command Prompt window to restart IIS service. Also recycle Application Pools in IIS manager.
  For more information about the IIS Prerequisites for Exchange 2013, please check the windows feature listed in the following article:
  http://technet.microsoft.com/en-us/library/bb691354(v=exchg.150).aspx
  Regards,
  Winnie Liang
  TechNet Community Support

• Exchange 2013 OWA,Async,And OA error MsExchange BackEndRehydration event id 3002

  Hi team,
  I had issue in My Exchange system.
  I had two Exchange 2013 muli role with CAS and MBX
  Server A had no problem connection when client access OWA directly (https://servernamefqdn/owa)
  but, theres issue when I pointing to server B OWA (https://serverBfqdn/owa). its same when outlook connect (using OA ),and Aysnc connection.
  when I failed to connect OWA, theres event id 3002 MsExchange BackEndRehydration event id 3002.
  the error show at Server A ( server at a good condition )
  heres the error
  Thanks

  Hello Team,
  I have a similar issue with Event ID 3002 filling up the App log on both Mailbox servers.  Here is a snippet of the error.  Any help is greatly appreciated.  Thank you.
  "Protocol /EWS failed to process request from identity DOMAIN\CASServer. Exception: Microsoft.Exchange.Security.OAuth.InvalidOAuthTokenException: The user specified by the user-context in the token is ambiguous.
     at Microsoft.Exchange.Security.OAuth.OAuthActAsUser.InternalCreateFromAttributes(OrganizationId organizationId, Boolean calledAtFrontEnd, Dictionary`2 rawAttributes, Dictionary`2 verifiedAttributes)
     at Microsoft.Exchange.Security.Authentication.BackendAuthenticator.OAuthAuthenticator.ExtractActAsUser(OrganizationId organizationId, CommonAccessToken token)
     at Microsoft.Exchange.Security.Authentication.BackendAuthenticator.OAuthAuthenticator.InternalRehydrate(CommonAccessToken token, Boolean wantAuthIdentifier, String& authIdentifier, IPrincipal& principal)
     at Microsoft.Exchange.Security.Authentication.BackendAuthenticator.Rehydrate(CommonAccessToken token, BackendAuthenticator& authenticator, Boolean wantAuthIdentifier, String& authIdentifier, IPrincipal& principal, IAccountValidationContext&
  accountValidationContext)
     at Microsoft.Exchange.Security.Authentication.BackendRehydrationModule.ProcessRequest(HttpContext httpContext)
     at Microsoft.Exchange.Security.Authentication.BackendRehydrationModule.OnAuthenticateRequest(Object source, EventArgs args).

• Exchange 2013 event ID 36888 SChannel error 12 and 1203

  I am running Windows Server 2012 STD with Exchange 2013 installed on the same server. I know that Microsoft doesnt recommend to do this, but I had no choice. Errors are follow:
  A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 12.
  A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 1203.
  - System
  - Provider
  [ Name] Schannel
  [ Guid] {1F678132-5938-4686-9FDC-C8FF68F15C85}
  EventID 36888
  Version 0
  Level 2
  Task 0
  Opcode 0
  Keywords 0x8000000000000000
  - TimeCreated
  [ SystemTime] 2014-11-25T23:30:34.120233400Z
  EventRecordID 121125
  Correlation
  - Execution
  [ ProcessID] 1064
  [ ThreadID] 20184
  Channel System
  Computer server
  - Security
  [ UserID] S-1-5-18
  - EventData
  AlertDesc 10
  ErrorState 12
  System
  - Provider
  [ Name] Schannel
  [ Guid] {1F678132-5938-4686-9FDC-C8FF68F15C85}
  EventID 36888
  Version 0
  Level 2
  Task 0
  Opcode 0
  Keywords 0x8000000000000000
  - TimeCreated
  [ SystemTime] 2014-11-26T05:45:22.650086300Z
  EventRecordID 121230
  Correlation
  - Execution
  [ ProcessID] 1064
  [ ThreadID] 45336
  Channel System
  Computer SERVER
  - Security
  [ UserID] S-1-5-18
  - EventData
  AlertDesc 10
  ErrorState 1203
  Process ID 1064 is Isass.exe
  I found somewhere that error 1203 could be ignored, but nothing about error 12. 
  Server is running with selfsigned SAN certificate, hosted 2 exchange domains (10 mailboxes, 5 local, 5 linked for remote domain connected via external 2 way non transitive domain trust).
  Thank you very much for any advise.
  Regards,
  Jan
  Šerý

  Hi Jan,
  Based on my research for the Event 36888, the issue may be caused by not standard or corrupted behavior of web browsers or users, such as user use HTTP protocol to access Exchange service which is a SSL site on port 443.
  Please check whether there is a HTTP redirect configured in your IIS Manager of Exchange server. Also reset web browsers to have a try. Here are some similar thread for this issue:
  https://social.technet.microsoft.com/Forums/forefront/en-US/92c63737-c2a3-41f7-8878-3b0cf5ee95ff/new-install-event-log-schannel-event-id-36888?forum=Forefrontedgegeneral
  http://ficility.net/2013/10/21/exchange-2013-exchange-2010-windows-server-2012-schannel-event-id36888-1203-tlsssl-error-the-root-cause/
  Note: Microsoft is providing this information as a convenience to you. The sites are not controlled by Microsoft. Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. Please make
  sure that you completely understand the risk before retrieving any suggestions from the above link.
  Regards,
  Winnie Liang
  TechNet Community Support

• Exchange 2013 Services pack 1 installation Error

  Hey Guys ,
   I'm facing an issue while installing exchange 2013 on server 2012 R2  , below are the details . I'm installing it on test bed however i'm failing at organisation preparation stage.
  Error:
  The following error was generated when "$error.Clear();
  install-RuleCollection -Name:"ClassificationDefinitions" -DomainController $RoleDomainController;
            New-ClassificationRuleCollection -InstallDefaultCollection
          " was run: "Unable to continue processing classification rule collection payload for decryption or further validations. Payload may contain invalid data.".
  Please Help me 
  Sandy Carlos

  Hi,
  I got a error when i run this command 
  Setup.exe /PrepareAD /OrganizationName:<name> /IAcceptExchangeServerLicenseTerms
  then i got a error 
  on Organization Configuration Step.
  and i got same error when run the setup when setup is going for Organization Preparation.
  Thanks