EXCHANGE 2013 - setup.exe schema prep error

Similar Messages

• Error reported after Exchange 2013 Setup (initialize-ExchangeUniversalGroups)

  My Exchange 2013 setup reported the error below. Just wondering if someone has experienced this and how easy it was to fix.
  Error:
  The following error was generated when "$error.Clear(); 
  initialize-ExchangeUniversalGroups -DomainController $RoleDomainController -ActiveDirectorySplitPermissions $RoleActiveDirectorySplitPermissions
  " was run: "Microsoft.Exchange.Management.Tasks.InvalidWKObjectException: The well-known object entry B:32:C262A929D691B74A9E068728F8F842EA:CN=Organization Management\0ADEL:81ee6b49-29e5-41ff-93d4-30c547de15b1,CN=Deleted Objects,DC=ad,DC=mydomain,DC=co
  on the otherWellKnownObjects attribute in the container object CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=ad,DC=mydomain,DC=co points to an invalid DN or a deleted object.  Remove the entry, and then rerun the task.
     at Microsoft.Exchange.Configuration.Tasks.Task.ThrowError(Exception exception, ErrorCategory errorCategory, Object target, String helpUrl)
     at Microsoft.Exchange.Configuration.Tasks.Task.WriteError(Exception exception, ErrorCategory category, Object target)
     at Microsoft.Exchange.Management.Tasks.InitializeExchangeUniversalGroups.CreateGroup(ADOrganizationalUnit usgContainer, String groupName, Int32 groupId, Guid wkGuid, String groupDescription, GroupTypeFlags groupType, Boolean createAsRoleGroup)
     at Microsoft.Exchange.Management.Tasks.InitializeExchangeUniversalGroups.CreateRoleGroup(ADOrganizationalUnit usgContainer, RoleGroupDefinition roleGroup)
     at Microsoft.Exchange.Management.Tasks.InitializeExchangeUniversalGroups.CreateAndValidateRoleGroups(ADOrganizationalUnit usgContainer, RoleGroupCollection roleGroups)
     at Microsoft.Exchange.Management.Tasks.InitializeExchangeUniversalGroups.InternalProcessRecord()
     at Microsoft.Exchange.Configuration.Tasks.Task.<ProcessRecord>b__b()
     at Microsoft.Exchange.Configuration.Tasks.Task.InvokeRetryableFunc(String funcName, Action func, Boolean terminatePipelineIfFailed)".
  Roger

  Thanks for replying.
  My domain is actually routable (I just renamed it thinking that perhaps its more secure to withhold the info).
  I had previously installed Es2013 and had to delete the VM. So this is a re-install on the Active Directory. I'm wondering if there isn't something in the "deleted folder" that is causing hassles.
  Roger

• Seemingly successful install of Exchange 2013 SP1 turns into many errors in event logs after upgrade to CU7

  I have a new Exchange 2013 server with plans to migrate from my current Exchange 2007 Server. 
  I installed Exchange 2013 SP1 and the only errors I saw in the event log seemed to be long standing known issues that did not indicate an actual problem (based on what I read online). 
  I updated to CU7 and now lots of errors have appeared (although the old ones seem to have been fixed so I have that going for me). 
  Currently the Exchange 2013 server is not in use and clients are still hitting the 2007 server.
  Issue 1)
  After each reboot I get a Kernel-EventTracing 2 error.  I cannot find anything on this on the internet so I have no idea what it is.
  Session "FastDocTracingSession" failed to start with the following error: 0xC0000035
  I did read other accounts of this error with a different name in the quotes but still can’t tell what this is or where it is coming from.
  Issue 2)
  I am still getting 5 MSExchange Common 106 errors even after reregistering all of the perf counters per this page:
  https://support.microsoft.com/kb/2870416?wa=wsignin1.0
  One of the perf counters fails to register using the script from the link above.
  66 C:\Program Files\Microsoft\Exchange Server\V15\Setup\Perf\InfoWorkerMultiMailboxSearchPerformanceCounters.xml
  New-PerfCounters : The performance counter definition file is invalid.
  At C:\Users\administrator.<my domain>\Downloads\script\ReloadPerfCounters.ps1:19 char:4
  +    New-PerfCounters -DefinitionFileName $f
  +    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      + CategoryInfo         
  : InvalidData: (:) [New-PerfCounters], TaskException
      + FullyQualifiedErrorId : [Server=VALIS,RequestId=71b6bcde-d73e-4c14-9a32-03f06e3b2607,TimeStamp=12/18/2014 10:09:
     12 PM] [FailureCategory=Cmdlet-TaskException] 33EBD286,Microsoft.Exchange.Management.Tasks.NewPerfCounters
  But that one seems unrelated to the ones that still throw errors. 
  Three of the remaining five errors are (the forum is removing my spacing between the error text so it looks like a wall of text - sorry):
  Performance counter updating error. Counter name is Count Matched LowFidelity FingerPrint, but missed HighFidelity FingerPrint, category name is MSExchange Anti-Malware Datacenter Perfcounters. Optional code: 3. Exception: The
  exception thrown is : System.InvalidOperationException: The requested Performance Counter is not a custom counter, it has to be initialized as ReadOnly.
     at System.Diagnostics.PerformanceCounter.InitializeImpl()
     at System.Diagnostics.PerformanceCounter.set_RawValue(Int64 value)
     at Microsoft.Exchange.Diagnostics.ExPerformanceCounter.set_RawValue(Int64 value)
  Last worker process info : System.ArgumentException: Process with an Id of 7384 is not running.
     at System.Diagnostics.Process.GetProcessById(Int32 processId)
     at Microsoft.Exchange.Diagnostics.ExPerformanceCounter.GetLastWorkerProcessInfo()
  Performance counter updating error. Counter name is Number of items, item is matched with finger printing cache, category name is MSExchange Anti-Malware Datacenter Perfcounters. Optional code: 3. Exception: The exception thrown
  is : System.InvalidOperationException: The requested Performance Counter is not a custom counter, it has to be initialized as ReadOnly.
     at System.Diagnostics.PerformanceCounter.InitializeImpl()
     at System.Diagnostics.PerformanceCounter.set_RawValue(Int64 value)
     at Microsoft.Exchange.Diagnostics.ExPerformanceCounter.set_RawValue(Int64 value)
  Last worker process info : System.ArgumentException: Process with an Id of 7384 is not running.
     at System.Diagnostics.Process.GetProcessById(Int32 processId)
     at Microsoft.Exchange.Diagnostics.ExPerformanceCounter.GetLastWorkerProcessInfo()
  Performance counter updating error. Counter name is Number of items in Malware Fingerprint cache, category name is MSExchange Anti-Malware Datacenter Perfcounters. Optional code: 3. Exception: The exception thrown is : System.InvalidOperationException:
  The requested Performance Counter is not a custom counter, it has to be initialized as ReadOnly.
     at System.Diagnostics.PerformanceCounter.InitializeImpl()
     at System.Diagnostics.PerformanceCounter.set_RawValue(Int64 value)
     at Microsoft.Exchange.Diagnostics.ExPerformanceCounter.set_RawValue(Int64 value)
  Last worker process info : System.ArgumentException: Process with an Id of 7384 is not running.
     at System.Diagnostics.Process.GetProcessById(Int32 processId)
     at Microsoft.Exchange.Diagnostics.ExPerformanceCounter.GetLastWorkerProcessInfo()
  Issue 3)
  I appear to have some issues related to the healthmailboxes. 
  I get MSExchangeTransport 1025 errors for multiple healthmailboxes.
  SMTP rejected a (P1) mail from 'HealthMailbox23b10b91745648819139ee691dc97eb6@<my domain>.local' with 'Client Proxy <my server>' connector and the user authenticated as 'HealthMailbox23b10b91745648819139ee691dc97eb6'. The Active Directory
  lookup for the sender address returned validation errors. Microsoft.Exchange.Data.ProviderError
  I reran setup /prepareAD to try and remedy this but I am still getting some.
  Issue 4)
  I am getting an MSExchange RBAC 74 error. 
  (Process w3wp.exe, PID 984) Connection leak detected for key <my domain>.local/Admins/Administrator in Microsoft.Exchange.Configuration.Authorization.WSManBudgetManager class. Leaked Value 1.
  Issue 5)
  I am getting MSExchange Assistants 9042 warnings on both databases.
  Service MSExchangeMailboxAssistants. Probe Time Based Assistant for database Database02 (c83dbd91-7cc4-4412-912e-1b87ca6eb0ab) is exiting a work cycle. No mailboxes were successfully processed. 2 mailboxes were skipped due to errors. 0 mailboxes were
  skipped due to failure to open a store session. 0 mailboxes were retried. There are 0 mailboxes in this database remaining to be processed.
  Some research suggested this may be related to deleted mailboxes however I have never had any actual user mailboxes on this server. 
  If they are healthmailboxes or arbitration mailboxes that might make sense but I am unsure of what to do on this.
  Issue 6)
  At boot I am getting an MSExchange ActiveSync warning 1033
  The setting SupportedIPMTypes in the Web.Config file was missing. 
  Using default value of System.Collections.Generic.List`1[System.String].
  I don't know why but this forum is removing some of my spacing that would make parts of this easier to read.

  Hi Eric
  Yes I have uninstalled and reinstalled Exchange 2013 CU7 for the 3^rd time. 
  I realize you said one issue per forum thread but since I already started this thread with many issues I will at least post what I have discovered on them in case someone finds their way here from a web search.
  I have an existing Exchange 2007 server in the environment so I am unable to create email address policies that are defined by “recipient container”. 
  If I try and do so I get “You can't specify the recipient container because legacy servers are detected.”
   So I cannot create a normal email address policy and restrict it to an OU without resorting to some fancy filtering. 
  Instead what I have done is use PS to modify extensionAttribute1 (otherwise known as Custom Attribute 1 to exchange) for all of my users. 
  I then applied an address policy to them and gave it the highest priority. 
  Then I set a default email address policy for the entire organization. 
  After reinstalling Exchange all of my system mailboxes were created with the internal domain name. 
  So issue number 3 above has not come up. 
  For issue number one above I have created a new thread:
  https://social.technet.microsoft.com/Forums/office/en-US/7eb12b89-ae9b-46b2-bd34-e50cd52a4c15/microsoftwindowskerneleventtracing-error-2-happens-twice-at-boot-ex2013cu7?forum=exchangesvrdeploy
  For issue number four I have posted to this existing thread where there is so far no resolution:
  https://social.technet.microsoft.com/Forums/exchange/en-US/2343730c-7303-4067-ae1a-b106cffc3583/exchange-error-id-74-connection-leak-detected-for-key?forum=exchangesvradmin
  Issue number Five I have managed to recreate and get rid of in more than one way. 
  If I create a new database in ECP and set the database and log paths where I want, then this error will appear. 
  If I create the database in the default location and then use EMS to move it and set the log path, then the error will not appear. 
  The error will also appear (along with other errors) if I delete the health mailboxes and let them get recreated by restarting the server or the Health Manager service. 
  If I then go and set the retention period for deleted mailboxes to 0 days and wait a little while, these will all go away. 
  So my off hand guess is that these are caused by orphaned system mailboxes.
  For issue number six I have posted to this existing thread where there is so far no resolution:
  https://social.technet.microsoft.com/Forums/exchange/en-US/dff62411-fad8-4d0c-9bdb-037374644845/event-1033-msexchangeactivesync-warning?forum=exchangesvrmobility
  So for the remainder of this thread we can try and tackle issue number two which is the perf counters. 
  The exact same 5 perf counter were coming up and this had been true each time I have uninstalled and reinstalled Exchange 2013CU7. 
  Actually to be more accurate a LOT of perf counter errors come up after the initial install, but reloading the perf counters using the script I posted above reduces it to the same five. 
  Using all of your suggestions so far has not removed these 5 remaining errors either.  Since there is no discernible impact other than these errors at boot I am not seriously bothered by them but as will all event log errors, I would prefer
  to make them go away if possible.

• I can not publish my software I get "_An error occurred while signing: Failed to sign bin\Debug\app.publish\\setup.exe. SignTool Error: No certificates were found that met all the given criteria."

  Error 2
  An error occurred while signing: Failed to sign bin\Debug\app.publish\\setup.exe. SignTool Error: No certificates were found that met all the given criteria.
  Yesterday I could publish, today no code changes, but I get the above error.
  Help

  Hi El-sid,
  So glad that you have solved your issue, and thanks for your sharing.
  Have a nice day.
  Best Regards,
  Youjun Tang
  We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
  Click
  HERE to participate the survey.

• Exchange 2013 fails Active Directory Prep

  This is a new, new, installation of Windows Server 2012 R2 Essentials followed by Exchange 2013, all on a single server that is also the DC, in a lab environment.   This is to replace an existing SBS2000 installation in a small business. 
  Server 2012 setup without any significant issues.  The first pass at Exchange 2013 resulted in "access denied" when attempting to access the Exchange Management PS and login credentials failure for Exchange EAC (ECP).   After manually
  adding the installation Administrator to a number of the Exchange security groups, I was able to access Exchange Manager.  I checked that there was a mailbox associated with the Installation Admin ID, attempted to reset passwords and a number of other
  things to no avail.  I uninstalled Exchange (what a pain).
  I reinstalled Exchange.  As with the first time, no prerequisite errors and no installation failure alerts.   Again, I could not access Exchange Manager (access denied) or the EAC (login credentials failure).   This time, I was not
  able change the security group permissions to gain access to Exchange Manager.  Again, checked about everything there was to check on the web and found a reference to Exchange possibly not installing correctly due to lingering entries from the first install.  
  As I could not access Exchange Manager to perform the uninstall prerequisites, I attempted to manually delete it (nothing to loose at this point), but made the anticipated mess.
  Wiped the RAID and started over with a clean sheet install of Server 2012 Essentials-OK.  Progressed in the Exchange install prep to "Prepare Active Directory and Domains" (http://technet.microsoft.com/en-us/library/bb125224(v=exchg.150).aspx)
  and stopped when I could not detect the confirming ADSI entries of AD prep set forth at the close of the TechNet document.
  I methodically stepped through the install procedure and again received no prerequisite failures or installation failure alerts.  I examined the install logs and found no errors, either.
  Any words of wisdom?

  Hi,
  From your description, Windows Server 2012 R2 Essentials and Exchange 2013 are installed on a single server that is also the DC.
  Microsoft does not support installing Exchange Server on a server that is running Windows Server Essentials. You need to install Exchange Server on a second server and then join the second server to the Windows Server Essentials domain.
  And it is not recommended to install Exchange server on DC.
  Here is a related article for your reference.
  Integrate an On-Premises Exchange Server with Windows Server Essentials
  http://technet.microsoft.com/en-us/library/jj200172.aspx
  Best regards,
  Belinda Ma
  TechNet Community Support

• Exchange 2013 Services pack 1 installation Error

  Hey Guys ,
   I'm facing an issue while installing exchange 2013 on server 2012 R2  , below are the details . I'm installing it on test bed however i'm failing at organisation preparation stage.
  Error:
  The following error was generated when "$error.Clear();
  install-RuleCollection -Name:"ClassificationDefinitions" -DomainController $RoleDomainController;
            New-ClassificationRuleCollection -InstallDefaultCollection
          " was run: "Unable to continue processing classification rule collection payload for decryption or further validations. Payload may contain invalid data.".
  Please Help me 
  Sandy Carlos

  Hi,
  I got a error when i run this command 
  Setup.exe /PrepareAD /OrganizationName:<name> /IAcceptExchangeServerLicenseTerms
  then i got a error 
  on Organization Configuration Step.
  and i got same error when run the setup when setup is going for Organization Preparation.
  Thanks

• Exchange 2013 event ID 36888 SChannel error 12 and 1203

  I am running Windows Server 2012 STD with Exchange 2013 installed on the same server. I know that Microsoft doesnt recommend to do this, but I had no choice. Errors are follow:
  A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 12.
  A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 1203.
  - System
  - Provider
  [ Name] Schannel
  [ Guid] {1F678132-5938-4686-9FDC-C8FF68F15C85}
  EventID 36888
  Version 0
  Level 2
  Task 0
  Opcode 0
  Keywords 0x8000000000000000
  - TimeCreated
  [ SystemTime] 2014-11-25T23:30:34.120233400Z
  EventRecordID 121125
  Correlation
  - Execution
  [ ProcessID] 1064
  [ ThreadID] 20184
  Channel System
  Computer server
  - Security
  [ UserID] S-1-5-18
  - EventData
  AlertDesc 10
  ErrorState 12
  System
  - Provider
  [ Name] Schannel
  [ Guid] {1F678132-5938-4686-9FDC-C8FF68F15C85}
  EventID 36888
  Version 0
  Level 2
  Task 0
  Opcode 0
  Keywords 0x8000000000000000
  - TimeCreated
  [ SystemTime] 2014-11-26T05:45:22.650086300Z
  EventRecordID 121230
  Correlation
  - Execution
  [ ProcessID] 1064
  [ ThreadID] 45336
  Channel System
  Computer SERVER
  - Security
  [ UserID] S-1-5-18
  - EventData
  AlertDesc 10
  ErrorState 1203
  Process ID 1064 is Isass.exe
  I found somewhere that error 1203 could be ignored, but nothing about error 12. 
  Server is running with selfsigned SAN certificate, hosted 2 exchange domains (10 mailboxes, 5 local, 5 linked for remote domain connected via external 2 way non transitive domain trust).
  Thank you very much for any advise.
  Regards,
  Jan
  Šerý

  Hi Jan,
  Based on my research for the Event 36888, the issue may be caused by not standard or corrupted behavior of web browsers or users, such as user use HTTP protocol to access Exchange service which is a SSL site on port 443.
  Please check whether there is a HTTP redirect configured in your IIS Manager of Exchange server. Also reset web browsers to have a try. Here are some similar thread for this issue:
  https://social.technet.microsoft.com/Forums/forefront/en-US/92c63737-c2a3-41f7-8878-3b0cf5ee95ff/new-install-event-log-schannel-event-id-36888?forum=Forefrontedgegeneral
  http://ficility.net/2013/10/21/exchange-2013-exchange-2010-windows-server-2012-schannel-event-id36888-1203-tlsssl-error-the-root-cause/
  Note: Microsoft is providing this information as a convenience to you. The sites are not controlled by Microsoft. Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. Please make
  sure that you completely understand the risk before retrieving any suggestions from the above link.
  Regards,
  Winnie Liang
  TechNet Community Support

• Exchange 2013 Hybrid Configuration Wizard OAuth error

  Hi,
  We are facing following error when we run OAuth configuration after complete the Hybrid Configuration Wizard.
  Error:
  ScenarioFailureException
  Message:
  Exchange OAuth authentication couldn‎'t find any accepted domains in your on-premises organization.
  Verify you‎'ve configured at least one on-premises accepted domain.
  Location:
     at Microsoft.Online.CSE.HRC.Activities.OAuthActivities.GetCertificateActivity.Run‎()‎
     at Microsoft.Online.CSE.HRC.Workflow.Activity.WorkflowBaseActivity.Launch‎()‎
     at Microsoft.Online.CSE.HRC.Workflow.Runtime.WorkflowActivityHelper.Execute‎(ActivityContext context, Boolean launch)‎
     at System.Activities.NativeActivity.InternalExecute‎(ActivityInstance instance, ActivityExecutor executor, BookmarkManager bookmarkManager)‎
     at System.Activities.Runtime.ActivityExecutor.ExecuteActivityWorkItem.ExecuteBody‎(ActivityExecutor executor, BookmarkManager bookmarkManager,
  Location resultLocation)‎
  Environment:
  2x Exchange 2013 CU6 (DAG+one ClientAccess)
  Directory Sync Server
  No ADFS server since we don't need single sign on
  Office 365 E3 Tenant
  We have tried manually setup the OAuth configuration according to the below TechNet article but failed when running the ExportAuthCert.ps1
  script file. It couldn't match the certificate thumbprint with the location "Cert:\LocalMachine\My"
  http://technet.microsoft.com/en-us/library/dn594521%28v=exchg.150%29.aspx
  Please help!
  Thanks in Advance
  Roshan

  We have the exact same Issue, tried the exact same setup and NO JOY!! - any resolution yet?
  Also found this article:
  http://consulting.risualblogs.com/blog/2014/09/10/exchange-2013-cu6-hybrid-users-with-o365-unable-to-query-freebusy-for-on-premises-users/comment-page-1/#comment-5192  
  ..... but did not fix the free/busy
  Best Regards,
  Francois

• Which exchange 2013 setup file should I use ?

  I am seeing exchange 2013 RTM setup file for download from microsoft, as well as exchange 2013 CU3 setup file. This is my first exchange 2013 box. which file should I use to install exchange ?
  Anand_N

  Hi,
  For new installs you should usethe most current build, CU3: http://www.microsoft.com/en-us/download/details.aspx?id=41175
  Cumulative Update builds are full Exchange server installers so there is no need to install RTM version and then apply CU.
  Robert Mandziarz | IT Administrator:
  CodeTwo
  If this post helps resolve your issue, please click the "Mark as Answer" or "Helpful" button at the top of this message. By marking a post as Answered, or Helpful you help others find the answer
  faster.

• Exchange 2013 CU5 - Outlook Web Access - Error 9646 with HTTP - No error with HTTPS

  Hello everyone
  i have a strange issue which i actually do not have an idea about what is going wrong.
  - Exchange 2013 CU5
  - SSL Offloading enabled - Virtual directories configured accordingly
  When a user logs in to OWA via HTTP - after a while he sees the inbox but does not see any mail details.
  He only sees "Error: Your request can't be completed right now. Please try again later."
  After a while i also get an eventlog "9646" with too many open OWA sessions for that user.
  Regardless which limit i set in the registry for this - the error does come back - even with 512 sessions allowed.
  Working with HTTPS instead of HTTP then EVERYTHING works fine ... ?
  Any idea on this?
  Actually i am totally lost ...
  Best regards
  Jörg
  Ihr zertifizierter VMware Partner Enterprise Solution Provider, IBM Advanced Partner, Datacore Partner, Microsoft Silver Partner / Solution Provider und Microsoft Small Business Partner. HEGO Informationstechnologie GmbH Telegrafenstrasse 8 D 42929 Wermelskirchen
  Geschäftsführer: Jörg Hermanns, Ralf Gogolin Amtsgericht Köln HRB 36509 Fon: +49 (0) 21 96 / 8 82 97 - 0 Fax: +49 (0) 21 96 / 8 82 97 - 23 Web: www.hego-it.com

  Hi,
  Please confirm if the following features are added in your server manager:
  •.NET framework 4.5 -> WCF Services -> HTTP Activation
  •Windows process activation service -> Process model
  •Windows process activation service -> Configuration APIs
  If not, please add these features. Then ran IISReset \noforce from a Command Prompt window to restart IIS service. Also recycle Application Pools in IIS manager.
  For more information about the IIS Prerequisites for Exchange 2013, please check the windows feature listed in the following article:
  http://technet.microsoft.com/en-us/library/bb691354(v=exchg.150).aspx
  Regards,
  Winnie Liang
  TechNet Community Support

• New exchange 2013 setup

  my existing 2010 environment:
  EXCH1 - datacenter 1
  EXCH2 - datacenter 2
  DAG, both Internet Facing.
  Today I installed 3 Exchange 2013 CAS/Mail servers.
  EXCH3 - datacenter 1
  EXCH4 - datacenter 2
  EXCH5 - DR site
  I haven't setup mailboxes or anything yet, just external and internal URL's, a wildcard cert and internally OWA successfully proxy's via 2013 then redirect back to 2010 OWA as it should. All 3 2013 servers setup identical... :-)
  However, and here is the problem - when EXCH5 is turned on users get prompted for the EXCH5 server cert, when I turn EXCH5 off they do not get prompted.
  Any ideas where I should look?
  info update -------------------------------------------
  while the cert prompt is for the exch5 server cert when I view the cert its actually the correct wildcard public cert I'm using and want.
  I have verified that all the virtual directories (via EAC) have the correct internal and external URL's and that the cert is bound to the SMTP and IIS services. One other clue, when I try to launch ecp from exch5 it redirects and logs me into OWA.
  Not doing this on any other exch server.
  open to suggestions :-)

  Hi,
  According to your description, it’s wildcard certificate in your environment. And I recommend you check the Outlook provider configuration: get-outlookprovider |fl identity, CertPrincipalName
  Additionally, I’d like to confirm the name in the security alert.
  If you have any question, please feel free to let me know.
  Thanks,
  If you have feedback for TechNet Subscriber Support, contact
  [email protected]
  Angela Shi
  TechNet Community Support

• Exchange 2013 OWA,Async,And OA error MsExchange BackEndRehydration event id 3002

  Hi team,
  I had issue in My Exchange system.
  I had two Exchange 2013 muli role with CAS and MBX
  Server A had no problem connection when client access OWA directly (https://servernamefqdn/owa)
  but, theres issue when I pointing to server B OWA (https://serverBfqdn/owa). its same when outlook connect (using OA ),and Aysnc connection.
  when I failed to connect OWA, theres event id 3002 MsExchange BackEndRehydration event id 3002.
  the error show at Server A ( server at a good condition )
  heres the error
  Thanks

  Hello Team,
  I have a similar issue with Event ID 3002 filling up the App log on both Mailbox servers.  Here is a snippet of the error.  Any help is greatly appreciated.  Thank you.
  "Protocol /EWS failed to process request from identity DOMAIN\CASServer. Exception: Microsoft.Exchange.Security.OAuth.InvalidOAuthTokenException: The user specified by the user-context in the token is ambiguous.
     at Microsoft.Exchange.Security.OAuth.OAuthActAsUser.InternalCreateFromAttributes(OrganizationId organizationId, Boolean calledAtFrontEnd, Dictionary`2 rawAttributes, Dictionary`2 verifiedAttributes)
     at Microsoft.Exchange.Security.Authentication.BackendAuthenticator.OAuthAuthenticator.ExtractActAsUser(OrganizationId organizationId, CommonAccessToken token)
     at Microsoft.Exchange.Security.Authentication.BackendAuthenticator.OAuthAuthenticator.InternalRehydrate(CommonAccessToken token, Boolean wantAuthIdentifier, String& authIdentifier, IPrincipal& principal)
     at Microsoft.Exchange.Security.Authentication.BackendAuthenticator.Rehydrate(CommonAccessToken token, BackendAuthenticator& authenticator, Boolean wantAuthIdentifier, String& authIdentifier, IPrincipal& principal, IAccountValidationContext&
  accountValidationContext)
     at Microsoft.Exchange.Security.Authentication.BackendRehydrationModule.ProcessRequest(HttpContext httpContext)
     at Microsoft.Exchange.Security.Authentication.BackendRehydrationModule.OnAuthenticateRequest(Object source, EventArgs args).

• Exchange 2013 EMS throwing Access Denied error and Toolbox giving MMC error

  Hi,
  I am getting a very strange problem with an Exchange 2013 server deployed at a customer's site. After some hours of usage, EMS or Toolbox will not open and will throw below errors. However, if I restart the server, everything works fine for some hours before
  the error start coming again. This does not affect mail flow or ECP but, I wonder if something is going wrong in the background and may cause a severe failure in future.
  I tried hard but could not find the source of the problem.
  EMS error:
  VERBOSE: Connecting to CARISSA.skc.mru.
  New-PSSession : [carissa.skc.mru] Connecting to remote server carissa.skc.mru failed with the following error message
  : Access is denied. For more information, see the about_Remote_Troubleshooting Help topic.
  At line:1 char:1
  + New-PSSession -ConnectionURI "$connectionUri" -ConfigurationName Microsoft.Excha ...
  + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      + CategoryInfo          : OpenError: (System.Manageme....RemoteRunspace:RemoteRunspace) [New-PSSession], PSRemotin
     gTransportException
      + FullyQualifiedErrorId : AccessDenied,PSSessionOpenFailed
  VERBOSE: Connecting to CARISSA.skc.mru.
  New-PSSession : [carissa.skc.mru] Connecting to remote server carissa.skc.mru failed with the following error message
  : Access is denied. For more information, see the about_Remote_Troubleshooting Help topic.
  At line:1 char:1
  + New-PSSession -ConnectionURI "$connectionUri" -ConfigurationName Microsoft.Excha ...
  + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      + CategoryInfo          : OpenError: (System.Manageme....RemoteRunspace:RemoteRunspace) [New-PSSession], PSRemotin
     gTransportException
      + FullyQualifiedErrorId : AccessDenied,PSSessionOpenFailed
  VERBOSE: Connecting to CARISSA.skc.mru.
  New-PSSession : [carissa.skc.mru] Connecting to remote server carissa.skc.mru failed with the following error message
  : Access is denied. For more information, see the about_Remote_Troubleshooting Help topic.
  At line:1 char:1
  + New-PSSession -ConnectionURI "$connectionUri" -ConfigurationName Microsoft.Excha ...
  + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      + CategoryInfo          : OpenError: (System.Manageme....RemoteRunspace:RemoteRunspace) [New-PSSession], PSRemotin
     gTransportException
      + FullyQualifiedErrorId : AccessDenied,PSSessionOpenFailed
  VERBOSE: Connecting to CARISSA.skc.mru.
  New-PSSession : [carissa.skc.mru] Connecting to remote server carissa.skc.mru failed with the following error message
  : Access is denied. For more information, see the about_Remote_Troubleshooting Help topic.
  At line:1 char:1
  + New-PSSession -ConnectionURI "$connectionUri" -ConfigurationName Microsoft.Excha ...
  + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      + CategoryInfo          : OpenError: (System.Manageme....RemoteRunspace:RemoteRunspace) [New-PSSession], PSRemotin
     gTransportException
      + FullyQualifiedErrorId : AccessDenied,PSSessionOpenFailed
  VERBOSE: Connecting to CARISSA.skc.mru.
  New-PSSession : [carissa.skc.mru] Connecting to remote server carissa.skc.mru failed with the following error message
  : Access is denied. For more information, see the about_Remote_Troubleshooting Help topic.
  At line:1 char:1
  + New-PSSession -ConnectionURI "$connectionUri" -ConfigurationName Microsoft.Excha ...
  + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      + CategoryInfo          : OpenError: (System.Manageme....RemoteRunspace:RemoteRunspace) [New-PSSession], PSRemotin
     gTransportException
      + FullyQualifiedErrorId : AccessDenied,PSSessionOpenFailed
  Failed to connect to an Exchange server in the current site.
  Enter the server FQDN where you want to connect.:
  Hope someone has a solution to this.
  Pramod

  Hi 
  It can be possibly a WIN RM Issue. Run
  winrm quickconfig and see whether u are able to connect
  If you are unable to connect then Try reinstalling the WinRM
  Import-Module ServerManager
  Remove-WindowsFeatureWinRM-IIS-Ext
  Add-WindowsFeatureWinRM-IIS-Ext
  Also check if you have a certificate assigned to the Default Web Site - HTTPS Binding/Port 443, and Exchange
  Back End web site - HTTPS binding/Port 444
  Remember to mark as helpful if you find my contribution useful or as an answer if it does answer your question.That will encourage me - and others - to take time out to help you Check out my latest blog posts on http://exchangequery.com Thanks Sathish
  (MVP)

• Exchange 2013 CU2 to CU3 upgrade error

  I'm getting this error when running an Exchange 2013 CU2 to CU3 upgrade. Please help!
  Error:
  The following error was generated when "$error.Clear(); 
            $keyPath = "HKLM:\Software\Microsoft\WebManagement\Server";
            if (!(Get-Item $keyPath -ErrorAction SilentlyContinue))
              New-Item $keyPath -Force
            Set-ItemProperty -path $keyPath -name "EnableRemoteManagement" -value 0x1 -Type DWORD -Force;
            if (Get-Service WMSVC* | ?{$_.Name -eq 'WMSVC'})
              Set-Service WMSVC -StartupType Automatic
              Stop-SetupService -ServiceName WMSVC;
              Start-SetupService -ServiceName WMSVC
          " was run: "Service 'WMSVC' failed to reach status 'Running' on this server.".

            if (Get-Service WMSVC* | ?{$_.Name -eq 'WMSVC'})
              Set-Service WMSVC -StartupType Automatic
              Stop-SetupService -ServiceName WMSVC;
              Start-SetupService -ServiceName WMSVC
          " was run: "Service 'WMSVC' failed to reach status 'Running' on this server.".
  Is the certificate for Web Management Service (WMSvc) missing?
  If so, then you need to create a new one and assign it to the feature "Management Service" in IIS.
  Martina Miskovic

• Exchange 2013 setup

  Greetings
  Currently i am using Exchange 2007 setup (xyz.com) and it is not published to the internet i.e. only the Domain joined users have access to it and mx records are not hosted for xyz.com
  And have hosted solution (abc.com)
  Now, I am planning to upgrade the Exchange 2007 to Exchange 2013 infra. But here my requirement is to use abc.com as the email address domain.
  My plan is to migrate and add abc.com in accepted domain. Please suggest if this can be achieved by doing so and if yes, what other changes i need to plan as i want to have the same email address domain (abc.com) having the virtual directories by the same
  name (mail.abc.com)
  Please provide yours inputs.
  Thanks
  K2

  Hi,
  Thank you for your question.
  By my understanding, you want to use Exchange 2013 with domain abc.com to replace domain xyz, right? If I misunderstand, please be free to let me know.
  If that, we could refer to the following links to migrate Exchange 2007 to Exchange 2013 by crossing domains:
  https://social.technet.microsoft.com/Forums/exchange/en-US/35828bef-3eaa-4540-b2ef-0dc1da0d77ca/cross-forest-migration-from-exchange-2007-to-exchange-2013?forum=exchangesvrgeneral
  https://social.technet.microsoft.com/Forums/office/en-US/ccfaf77e-ae0f-47ac-94c4-c122df3efdf0/exchange-2007-to-2013-migrationcoexistance?forum=exchangesvrgeneral
  But we suggest you install Exchange 2010 in abc.com domain, then we perform cross domain migration from Exchange 2007 to Exchange 2010, then migrate to Exchange 2013.
  If there are any questions regarding this issue, please be free to let me know. 
  Best Regard,
  Jim
  Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected]
  Jim Xu
  TechNet Community Support