Internal email marked as Junk - Exchange 2013

Similar Messages

• Unable to send to external email recipients - Multi Tenant Exchange 2013 - MultiRole servers in DAG

  Greetings all, I hope someone can help.
  I have created a Exchange 2013 multi-tenant organization, with two servers, both multi-role - CAS and Mailbox roles.
  Internal mail flow is fine (external email addresses can send to the domain).
  External firewall port forwards ports 443 and 25 to the Internal DAG IP address.
  There are two multi-role Exchange servers that are members of the DAG.
  I am able to connect to OWA and ECP via https://externalIP/OWA and https://alias.domain.com/OWA
  No SSL certificates have been purchased or installed yet.
  Exchange URLs have not been changed since default configuration at install.
  OWA and ECP works both internal and external.
  External DNS works with SPF and PTR records correctly configured
  Exchange RCA - Send test only fails with one Spam Listing (this Blacklist provider now flags all domains and you cannot ask to be removed)
  Send Connectors are the default ones created during install. Receive connector is standard configuration with  - * - 
  When sending email to an external address, I receive a failure notice
  ServerName.test.corp.int gave this error:
  Unable to relay 
  Your message wasn't delivered due to a permission or security issue. It may have been rejected by a moderator, the address may only accept email from certain senders, or another restriction may be preventing delivery.
  More Info - 
  ServerName.test.corp.int
  Remote Server returned '550 5.7.1 Unable to relay'
  I have been troubleshooting this for many hours with no progress.
  I have created new Send Connectors for the server that is advising that it is unable to relay, but they have all failed.
  I have tried setting the Internal IP address for Exhange Server 1 (Exchange Server 2 reports failure), with most combinations of Security (Anonymous, Exchange Users, etc).
  I have also tried with the IP range 192.168.11.0/24 to allow the whole the subnet, I still receive the unable to relay failure notice.
  I have tried this guide - hxxps://glazenbakje.wordpress.com/2012/12/30/exchange-2013-how-to-configure-an-internal-relay-connector/ - with different combinations, still no resolution.
  I am at a loss as to why I can't send out with the default configuration. I would assume that email would flow out without any changes, but this does not happen.
  Can someone please assist before I lose my sanity.
  Thanks in advance,
  Terry

  Greetings all, I hope someone can help.
  I have created a Exchange 2013 multi-tenant organization, with two servers, both multi-role - CAS and Mailbox roles.
  Internal mail flow is fine.
  Incoming mail from external senders is also fine. - 
  external email addresses can send to the domain).
  External firewall port forwards ports 443 and 25 to the Internal DAG IP address.
  There are two multi-role Exchange servers that are members of the DAG.
  I am able to connect to OWA and ECP via https://externalIP/OWA and https://alias.domain.com/OWA
  No SSL certificates have been purchased or installed yet.
  Exchange URLs have not been changed since default configuration at install.
  OWA and ECP works both internal and external.
  External DNS works with SPF and PTR records correctly configured
  Exchange RCA - Send test only fails with one Spam Listing (this Blacklist provider now flags all domains and you cannot ask to be removed)
  Receive Connectors are the default ones created during install. Send connector is standard configuration with  - * - 
  When sending email to an external address, I receive a failure notice
  ServerName.test.corp.int gave this error:
  Unable to relay 
  Your message wasn't delivered due to a permission or security issue. It may have been rejected by a moderator, the address may only accept email from certain senders, or another restriction may be preventing delivery.
  More Info - 
  ServerName.test.corp.int
  Remote Server returned '550 5.7.1 Unable to relay'
  I have been troubleshooting this for several days with no progress.
  I have created new Receive Connectors for the server that is advising that it is unable to relay, but they have all failed.
  I have tried setting the Internal IP address for Exhange Server 1 (Exchange Server 2 reports failure), with most combinations of Security (Anonymous, Exchange Users, etc).
  I have also tried with the IP range 192.168.11.0/24 to allow the whole the subnet, I still receive the unable to relay failure notice.
  I have tried this guide - hxxps://glazenbakje.wordpress.com/2012/12/30/exchange-2013-how-to-configure-an-internal-relay-connector/ - with different combinations, still no resolution.
  Even more info - Further troubleshooting -
  I found my one of my Exchange servers had an extra NIC. I have since added a second NIC to the other server, so now both Exchange servers have dual NICs. I removed the DAG cleanly and recreated the DAG from scratch, using this link -
  hxxp://careexchange.in/how-to-create-a-database-availability-group-in-exchange-2013/ 
  The issue still exists, even with a newly created DAG. I also found that the Tenant Address Books were not 'applied'. I applied them but still no resolution
  I think the issue is related to multi-tenant configuration even though the error says that it can't relay. The unable to relay message can appear when sending from a domain that the Organization does not support. Like trying to email as [email protected]
  when you domain name is apple.com - But through extensive research I still can't resolve the issue.
  Can someone please assist before I lose my sanity.
  Thanks in advance,
  Terry

• Some Outlook clients getting internal FQDN of newly installed Exchange 2013 CAS server as Outlook Anywhere Proxy address

  Hello Folks,
  I have this problem and is making me crazy if anyone have any idea please shed some light on this:-
  1. Working Outlook 2010 and 2013 clients with webmail.xyz.com as Outlook Anywhere proxy address.
  2. Installed new Exchange 2013 server (server02)with CAS and Mailbox role, Exchange install wizard finished and server is rebooted.
  3. Server came up online started changing internal and external FQDN's of Virtual Directories and Outlook Anywhere to webmail.xyz.com
  4. As soon as Fqdn's changed some outlook clients create support request that Outlook suddenly white's out and after reopening it is giving error  cannot connect to exchange. upon checking Clients Exchange Proxy address is set to http://server02.xyz.com,
  even though OA/OWA/ECP/OAB/EWS/Autodiscover/ActiveSync FQDN's Point to webmail.xyz.com, on all servers if i create new outlook profile for same user it picks up correct settings through autodiscover and connects fine, this is happening to about 20% of outlook
  clients every time i am introducing new Exchange 2013 server in Organization. we have around 2000 users and planning on installing 4 exchange servers to distribute load and everytime changing outlook profile of close to 150-200 users is not possible.
  Any help is greatly appreciated.
  Thanks
  Cool

  Here are the EXCRA results
  Here IP (x.x.x.x) returned is my Load Balancer IP (Webmail.xyz.com).    
  Connectivity Test Successful with Warnings
  Test Details
       Testing Outlook connectivity.
       The Outlook connectivity test completed successfully.
            Additional Details
       Elapsed Time: 9881 ms.
            Test Steps
            The Microsoft Connectivity Analyzer is attempting to test Autodiscover for [email protected].
       Autodiscover was tested successfully.
            Additional Details
       Elapsed Time: 2063 ms.
            Test Steps
            Attempting each method of contacting the Autodiscover service.
       The Autodiscover service was tested successfully.
            Additional Details
       Elapsed Time: 2063 ms.
            Test Steps
            Attempting to test potential Autodiscover URL https://xyz.com:443/Autodiscover/Autodiscover.xml
       Testing of this potential Autodiscover URL failed.
            Additional Details
       Elapsed Time: 186 ms.
            Test Steps
            Attempting to resolve the host name xyz.com in DNS.
       The host name couldn't be resolved.
         Tell me more about this issue and how to resolve it
            Additional Details
       Host xyz.com couldn't be resolved in DNS InfoNoRecords.
  Elapsed Time: 186 ms.
       Attempting to test potential Autodiscover URL https://autodiscover.xyz.com:443/Autodiscover/Autodiscover.xml
       Testing of the Autodiscover URL was successful.
            Additional Details
       Elapsed Time: 1876 ms.
            Test Steps
            Attempting to resolve the host name autodiscover.xyz.com in DNS.
       The host name resolved successfully.
            Additional Details
       IP addresses returned: x.x.x.x
  Elapsed Time: 338 ms.
       Testing TCP port 443 on host autodiscover.xyz.com to ensure it's listening and open.
       The port was opened successfully.
            Additional Details
       Elapsed Time: 173 ms.
       Testing the SSL certificate to make sure it's valid.
       The certificate passed all validation requirements.
            Additional Details
       Elapsed Time: 318 ms.
            Test Steps
            The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server autodiscover.xyz.com on port 443.
       The Microsoft Connectivity Analyzer successfully obtained the remote SSL certificate.
            Additional Details
       Remote Certificate Subject: CN=webmail.xyz.com, Issuer: CN=VeriSign Class 3 Secure Server CA - G3, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US.
  Elapsed Time: 219 ms.
       Validating the certificate name.
       The certificate name was validated successfully.
            Additional Details
       Host name autodiscover.xyz.com was found in the Certificate Subject Alternative Name entry.
  Elapsed Time: 1 ms.
       Certificate trust is being validated.
       The certificate is trusted and all certificates are present in the chain.
            Test Steps
            The Microsoft Connectivity Analyzer is attempting to build certificate chains for certificate CN=webmail.xyz.com, OU=Terms of use at www.verisign.com/rpa (c)05,.
       One or more certificate chains were constructed successfully.
            Additional Details
       A total of 1 chains were built. The highest quality chain ends in root certificate CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign,
  Inc.", C=US.
  Elapsed Time: 36 ms.
       Analyzing the certificate chains for compatibility problems with versions of Windows.
       Potential compatibility problems were identified with some versions of Windows.
            Additional Details
       The Microsoft Connectivity Analyzer can only validate the certificate chain using the Root Certificate Update functionality from Windows Update. Your certificate may not be trusted on Windows if the "Update Root Certificates" feature
  isn't enabled.
  Elapsed Time: 5 ms.
       Testing the certificate date to confirm the certificate is valid.
       Date validation passed. The certificate hasn't expired.
            Additional Details
       The certificate is valid. NotBefore = 1/3/2013 12:00:00 AM, NotAfter = 11/16/2015 11:59:59 PM
  Elapsed Time: 0 ms.
       Checking the IIS configuration for client certificate authentication.
       Client certificate authentication wasn't detected.
            Additional Details
       Accept/Require Client Certificates isn't configured.
  Elapsed Time: 289 ms.
       Attempting to send an Autodiscover POST request to potential Autodiscover URLs.
       The Microsoft Connectivity Analyzer successfully retrieved Autodiscover settings by sending an Autodiscover POST.
            Additional Details
       Elapsed Time: 756 ms.
            Test Steps
            The Microsoft Connectivity Analyzer is attempting to retrieve an XML Autodiscover response from URL https://autodiscover.xyz.com:443/Autodiscover/Autodiscover.xml for user [email protected].
       The Autodiscover XML response was successfully retrieved.
            Additional Details
       Autodiscover Account Settings
  XML response:
  <?xml version="1.0"?>
  <Autodiscover xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">
  <Response xmlns="http://schemas.microsoft.com/exchange/autodiscover/outlook/responseschema/2006a">
  <User>
  <DisplayName>Test Exch1</DisplayName>
  <LegacyDN>/o=DOMAIN/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=add423106fbb47d5bf237462f52b8dab-Test Exch1</LegacyDN>
  <DeploymentId>4ec753c9-60d9-4c05-9451-5b24e2d527a7</DeploymentId>
  </User>
  <Account>
  <AccountType>email</AccountType>
  <Action>settings</Action>
  <Protocol>
  <Type>EXCH</Type>
  <Server>[email protected]</Server>
  <ServerDN>/o=DOMAIN/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/[email protected]</ServerDN>
  <ServerVersion>73C0834F</ServerVersion>
  <MdbDN>/o=DOMAIN/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/[email protected]/cn=Microsoft Private MDB</MdbDN>
  <ASUrl>https://webmail.xyz.com/ews/exchange.asmx</ASUrl>
  <OOFUrl>https://webmail.xyz.com/ews/exchange.asmx</OOFUrl>
  <OABUrl>https://webmail.xyz.com/OAB/6a6a06ad-4717-4636-bd98-0b4fa3aaf4a5/</OABUrl>
  <UMUrl>https://webmail.xyz.com/ews/UM2007Legacy.asmx</UMUrl>
  <Port>0</Port>
  <DirectoryPort>0</DirectoryPort>
  <ReferralPort>0</ReferralPort>
  <PublicFolderServer>webmail.xyz.com</PublicFolderServer>
  <AD>DC-03.domain.xyz.com</AD>
  <EwsUrl>https://webmail.xyz.com/ews/exchange.asmx</EwsUrl>
  <EmwsUrl>https://webmail.xyz.com/ews/exchange.asmx</EmwsUrl>
  <EcpUrl>https://webmail.xyz.com/ecp/</EcpUrl>
  <EcpUrl-um>?rfr=olk&amp;p=customize/voicemail.aspx&amp;exsvurl=1&amp;realm=domain.xyz.com</EcpUrl-um>
  <EcpUrl-aggr>?rfr=olk&amp;p=personalsettings/EmailSubscriptions.slab&amp;exsvurl=1&amp;realm=domain.xyz.com</EcpUrl-aggr>
  <EcpUrl-mt>PersonalSettings/DeliveryReport.aspx?rfr=olk&amp;exsvurl=1&amp;IsOWA=&lt;IsOWA&gt;&amp;MsgID=&lt;MsgID&gt;&amp;Mbx=&lt;Mbx&gt;&amp;realm=domain.xyz.com</EcpUrl-mt>
  <EcpUrl-ret>?rfr=olk&amp;p=organize/retentionpolicytags.slab&amp;exsvurl=1&amp;realm=domain.xyz.com</EcpUrl-ret>
  <EcpUrl-sms>?rfr=olk&amp;p=sms/textmessaging.slab&amp;exsvurl=1&amp;realm=domain.xyz.com</EcpUrl-sms>
  <EcpUrl-photo>PersonalSettings/EditAccount.aspx?rfr=olk&amp;chgPhoto=1&amp;exsvurl=1&amp;realm=domain.xyz.com</EcpUrl-photo>
  <EcpUrl-tm>?rfr=olk&amp;ftr=TeamMailbox&amp;exsvurl=1&amp;realm=domain.xyz.com</EcpUrl-tm>
  <EcpUrl-tmCreating>?rfr=olk&amp;ftr=TeamMailboxCreating&amp;SPUrl=&lt;SPUrl&gt;&amp;Title=&lt;Title&gt;&amp;SPTMAppUrl=&lt;SPTMAppUrl&gt;&amp;exsvurl=1&amp;realm=domain.xyz.com</EcpUrl-tmCreating>
  <EcpUrl-tmEditing>?rfr=olk&amp;ftr=TeamMailboxEditing&amp;Id=&lt;Id&gt;&amp;exsvurl=1&amp;realm=domain.xyz.com</EcpUrl-tmEditing>
  <EcpUrl-extinstall>Extension/InstalledExtensions.slab?rfr=olk&amp;exsvurl=1&amp;realm=domain.xyz.com</EcpUrl-extinstall>
  <ServerExclusiveConnect>off</ServerExclusiveConnect>
  </Protocol>
  <Protocol>
  <Type>EXPR</Type>
  <Server>webmail.xyz.com</Server>
  <ASUrl>https://webmail.xyz.com/ews/exchange.asmx</ASUrl>
  <OOFUrl>https://webmail.xyz.com/ews/exchange.asmx</OOFUrl>
  <OABUrl>https://webmail.xyz.com/OAB/6a6a06ad-4717-4636-bd98-0b4fa3aaf4a5/</OABUrl>
  <UMUrl>https://webmail.xyz.com/ews/UM2007Legacy.asmx</UMUrl>
  <Port>0</Port>
  <DirectoryPort>0</DirectoryPort>
  <ReferralPort>0</ReferralPort>
  <SSL>On</SSL>
  <AuthPackage>Ntlm</AuthPackage>
  <EwsUrl>https://webmail.xyz.com/ews/exchange.asmx</EwsUrl>
  <EmwsUrl>https://webmail.xyz.com/ews/exchange.asmx</EmwsUrl>
  <EcpUrl>https://webmail.xyz.com/ecp/</EcpUrl>
  <EcpUrl-um>?rfr=olk&amp;p=customize/voicemail.aspx&amp;exsvurl=1&amp;realm=domain.xyz.com</EcpUrl-um>
  <EcpUrl-aggr>?rfr=olk&amp;p=personalsettings/EmailSubscriptions.slab&amp;exsvurl=1&amp;realm=domain.xyz.com</EcpUrl-aggr>
  <EcpUrl-mt>PersonalSettings/DeliveryReport.aspx?rfr=olk&amp;exsvurl=1&amp;IsOWA=&lt;IsOWA&gt;&amp;MsgID=&lt;MsgID&gt;&amp;Mbx=&lt;Mbx&gt;&amp;realm=domain.xyz.com</EcpUrl-mt>
  <EcpUrl-ret>?rfr=olk&amp;p=organize/retentionpolicytags.slab&amp;exsvurl=1&amp;realm=domain.xyz.com</EcpUrl-ret>
  <EcpUrl-sms>?rfr=olk&amp;p=sms/textmessaging.slab&amp;exsvurl=1&amp;realm=domain.xyz.com</EcpUrl-sms>
  <EcpUrl-photo>PersonalSettings/EditAccount.aspx?rfr=olk&amp;chgPhoto=1&amp;exsvurl=1&amp;realm=domain.xyz.com</EcpUrl-photo>
  <EcpUrl-tm>?rfr=olk&amp;ftr=TeamMailbox&amp;exsvurl=1&amp;realm=domain.xyz.com</EcpUrl-tm>
  <EcpUrl-tmCreating>?rfr=olk&amp;ftr=TeamMailboxCreating&amp;SPUrl=&lt;SPUrl&gt;&amp;Title=&lt;Title&gt;&amp;SPTMAppUrl=&lt;SPTMAppUrl&gt;&amp;exsvurl=1&amp;realm=domain.xyz.com</EcpUrl-tmCreating>
  <EcpUrl-tmEditing>?rfr=olk&amp;ftr=TeamMailboxEditing&amp;Id=&lt;Id&gt;&amp;exsvurl=1&amp;realm=domain.xyz.com</EcpUrl-tmEditing>
  <EcpUrl-extinstall>Extension/InstalledExtensions.slab?rfr=olk&amp;exsvurl=1&amp;realm=domain.xyz.com</EcpUrl-extinstall>
  <ServerExclusiveConnect>on</ServerExclusiveConnect>
  <EwsPartnerUrl>https://webmail.xyz.com/ews/exchange.asmx</EwsPartnerUrl>
  <GroupingInformation>Default-First-Site-Name</GroupingInformation>
  </Protocol>
  <Protocol>
  <Type>WEB</Type>
  <Port>0</Port>
  <DirectoryPort>0</DirectoryPort>
  <ReferralPort>0</ReferralPort>
  <Internal>
  <OWAUrl AuthenticationMethod="Basic, Fba">https://webmail.xyz.com/owa/</OWAUrl>
  <Protocol>
  <Type>EXCH</Type>
  <ASUrl>https://webmail.xyz.com/ews/exchange.asmx</ASUrl>
  </Protocol>
  </Internal>
  <External>
  <OWAUrl AuthenticationMethod="Fba">https://webmail.xyz.com/owa/</OWAUrl>
  <Protocol>
  <Type>EXPR</Type>
  <ASUrl>https://webmail.xyz.com/ews/exchange.asmx</ASUrl>
  </Protocol>
  </External>
  </Protocol>
  <Protocol>
  <Type>EXHTTP</Type>
  <Server>webmail.xyz.com</Server>
  <ASUrl>https://webmail.xyz.com/ews/exchange.asmx</ASUrl>
  <OOFUrl>https://webmail.xyz.com/ews/exchange.asmx</OOFUrl>
  <OABUrl>https://webmail.xyz.com/OAB/6a6a06ad-4717-4636-bd98-0b4fa3aaf4a5/</OABUrl>
  <UMUrl>https://webmail.xyz.com/ews/UM2007Legacy.asmx</UMUrl>
  <Port>0</Port>
  <DirectoryPort>0</DirectoryPort>
  <ReferralPort>0</ReferralPort>
  <SSL>On</SSL>
  <AuthPackage>Ntlm</AuthPackage>
  <EwsUrl>https://webmail.xyz.com/ews/exchange.asmx</EwsUrl>
  <EmwsUrl>https://webmail.xyz.com/ews/exchange.asmx</EmwsUrl>
  <EcpUrl>https://webmail.xyz.com/ecp/</EcpUrl>
  <EcpUrl-um>?rfr=olk&amp;p=customize/voicemail.aspx&amp;exsvurl=1&amp;realm=domain.xyz.com</EcpUrl-um>
  <EcpUrl-aggr>?rfr=olk&amp;p=personalsettings/EmailSubscriptions.slab&amp;exsvurl=1&amp;realm=domain.xyz.com</EcpUrl-aggr>
  <EcpUrl-mt>PersonalSettings/DeliveryReport.aspx?rfr=olk&amp;exsvurl=1&amp;IsOWA=&lt;IsOWA&gt;&amp;MsgID=&lt;MsgID&gt;&amp;Mbx=&lt;Mbx&gt;&amp;realm=domain.xyz.com</EcpUrl-mt>
  <EcpUrl-ret>?rfr=olk&amp;p=organize/retentionpolicytags.slab&amp;exsvurl=1&amp;realm=domain.xyz.com</EcpUrl-ret>
  <EcpUrl-sms>?rfr=olk&amp;p=sms/textmessaging.slab&amp;exsvurl=1&amp;realm=domain.xyz.com</EcpUrl-sms>
  <EcpUrl-photo>PersonalSettings/EditAccount.aspx?rfr=olk&amp;chgPhoto=1&amp;exsvurl=1&amp;realm=domain.xyz.com</EcpUrl-photo>
  <EcpUrl-tm>?rfr=olk&amp;ftr=TeamMailbox&amp;exsvurl=1&amp;realm=domain.xyz.com</EcpUrl-tm>
  <EcpUrl-tmCreating>?rfr=olk&amp;ftr=TeamMailboxCreating&amp;SPUrl=&lt;SPUrl&gt;&amp;Title=&lt;Title&gt;&amp;SPTMAppUrl=&lt;SPTMAppUrl&gt;&amp;exsvurl=1&amp;realm=domain.xyz.com</EcpUrl-tmCreating>
  <EcpUrl-tmEditing>?rfr=olk&amp;ftr=TeamMailboxEditing&amp;Id=&lt;Id&gt;&amp;exsvurl=1&amp;realm=domain.xyz.com</EcpUrl-tmEditing>
  <EcpUrl-extinstall>Extension/InstalledExtensions.slab?rfr=olk&amp;exsvurl=1&amp;realm=domain.xyz.com</EcpUrl-extinstall>
  <ServerExclusiveConnect>On</ServerExclusiveConnect>
  </Protocol>
  <Protocol>
  <Type>EXHTTP</Type>
  <Server>webmail.xyz.com</Server>
  <ASUrl>https://webmail.xyz.com/ews/exchange.asmx</ASUrl>
  <OOFUrl>https://webmail.xyz.com/ews/exchange.asmx</OOFUrl>
  <OABUrl>https://webmail.xyz.com/OAB/6a6a06ad-4717-4636-bd98-0b4fa3aaf4a5/</OABUrl>
  <UMUrl>https://webmail.xyz.com/ews/UM2007Legacy.asmx</UMUrl>
  <Port>0</Port>
  <DirectoryPort>0</DirectoryPort>
  <ReferralPort>0</ReferralPort>
  <SSL>On</SSL>
  <AuthPackage>Ntlm</AuthPackage>
  <EwsUrl>https://webmail.xyz.com/ews/exchange.asmx</EwsUrl>
  <EmwsUrl>https://webmail.xyz.com/ews/exchange.asmx</EmwsUrl>
  <EcpUrl>https://webmail.xyz.com/ecp/</EcpUrl>
  <EcpUrl-um>?rfr=olk&amp;p=customize/voicemail.aspx&amp;exsvurl=1&amp;realm=domain.xyz.com</EcpUrl-um>
  <EcpUrl-aggr>?rfr=olk&amp;p=personalsettings/EmailSubscriptions.slab&amp;exsvurl=1&amp;realm=domain.xyz.com</EcpUrl-aggr>
  <EcpUrl-mt>PersonalSettings/DeliveryReport.aspx?rfr=olk&amp;exsvurl=1&amp;IsOWA=&lt;IsOWA&gt;&amp;MsgID=&lt;MsgID&gt;&amp;Mbx=&lt;Mbx&gt;&amp;realm=domain.xyz.com</EcpUrl-mt>
  <EcpUrl-ret>?rfr=olk&amp;p=organize/retentionpolicytags.slab&amp;exsvurl=1&amp;realm=domain.xyz.com</EcpUrl-ret>
  <EcpUrl-sms>?rfr=olk&amp;p=sms/textmessaging.slab&amp;exsvurl=1&amp;realm=domain.xyz.com</EcpUrl-sms>
  <EcpUrl-photo>PersonalSettings/EditAccount.aspx?rfr=olk&amp;chgPhoto=1&amp;exsvurl=1&amp;realm=domain.xyz.com</EcpUrl-photo>
  <EcpUrl-tm>?rfr=olk&amp;ftr=TeamMailbox&amp;exsvurl=1&amp;realm=domain.xyz.com</EcpUrl-tm>
  <EcpUrl-tmCreating>?rfr=olk&amp;ftr=TeamMailboxCreating&amp;SPUrl=&lt;SPUrl&gt;&amp;Title=&lt;Title&gt;&amp;SPTMAppUrl=&lt;SPTMAppUrl&gt;&amp;exsvurl=1&amp;realm=domain.xyz.com</EcpUrl-tmCreating>
  <EcpUrl-tmEditing>?rfr=olk&amp;ftr=TeamMailboxEditing&amp;Id=&lt;Id&gt;&amp;exsvurl=1&amp;realm=domain.xyz.com</EcpUrl-tmEditing>
  <EcpUrl-extinstall>Extension/InstalledExtensions.slab?rfr=olk&amp;exsvurl=1&amp;realm=domain.xyz.com</EcpUrl-extinstall>
  <ServerExclusiveConnect>On</ServerExclusiveConnect>
  </Protocol>
  </Account>
  </Response>
  </Autodiscover>HTTP Response Headers:
  request-id: 9d325a80-f1fd-4496-ac48-2be6bb782c28
  X-CalculatedBETarget: Server01.domain.xyz.com
  X-DiagInfo: Server01
  X-BEServer: Server01
  Persistent-Auth: true
  X-FEServer: Server01
  Content-Length: 11756
  Cache-Control: private
  Content-Type: text/xml; charset=utf-8
  Date: Mon, 25 Aug 2014 19:12:25 GMT
  Set-Cookie: X-BackEndCookie=S-1-5-21-1293235207-2459173341-1304346827-14544=u56Lnp2ejJqBypqcnsfJx5nSy8ucnNLLnJzP0sfKz8/Sy5nHmsiamZrMyZrLgYHPxtDNy9DNz87L387Gxc7Nxc3J; expires=Thu, 25-Sep-2014 00:12:26 GMT; path=/Autodiscover; secure; HttpOnly
  Server: Microsoft-IIS/8.5
  X-AspNet-Version: 4.0.30319
  X-Powered-By: ASP.NET
  Elapsed Time: 756 ms.
       Autodiscover settings for Outlook connectivity are being validated.
       The Microsoft Connectivity Analyzer validated the Outlook Autodiscover settings.
            Additional Details
       Elapsed Time: 0 ms.
       Testing RPC over HTTP connectivity to server webmail.xyz.com
       RPC over HTTP connectivity was verified successfully.
            Additional Details
       HTTP Response Headers:
  request-id: 835acf95-78b7-40ae-b232-117318d1577e
  Server: Microsoft-IIS/8.5
  WWW-Authenticate: Basic realm="webmail.xyz.com",Negotiate,NTLM
  X-Powered-By: ASP.NET
  X-FEServer: Server01
  Date: Mon, 25 Aug 2014 19:12:26 GMT
  Content-Length: 0
  Elapsed Time: 7817 ms.
            Test Steps
            Attempting to resolve the host name webmail.xyz.com in DNS.
       The host name resolved successfully.
            Additional Details
       IP addresses returned: x.x.x.x
  Elapsed Time: 107 ms.
       Testing TCP port 443 on host webmail.xyz.com to ensure it's listening and open.
       The port was opened successfully.
            Additional Details
       Elapsed Time: 180 ms.
       Testing the SSL certificate to make sure it's valid.
       The certificate passed all validation requirements.
            Additional Details
       Elapsed Time: 303 ms.
            Test Steps
            The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server webmail.xyz.com on port 443.
       The Microsoft Connectivity Analyzer successfully obtained the remote SSL certificate.
            Additional Details
       Remote Certificate Subject: CN=webmail.xyz.com, OU=Terms of use at www.verisign.com/rpa (c)05, Issuer: CN=VeriSign Class 3 Secure Server CA - G3, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign,
  Inc.", C=US.
  Elapsed Time: 224 ms.
       Validating the certificate name.
       The certificate name was validated successfully.
            Additional Details
       Host name webmail.xyz.com was found in the Certificate Subject Common name.
  Elapsed Time: 0 ms.
       Certificate trust is being validated.
       The certificate is trusted and all certificates are present in the chain.
            Test Steps
            The Microsoft Connectivity Analyzer is attempting to build certificate chains for certificate CN=webmail.xyz.com, OU=Terms of use at www.verisign.com/rpa (c)05,
       One or more certificate chains were constructed successfully.
            Additional Details
       A total of 1 chains were built. The highest quality chain ends in root certificate CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign,
  Inc.", C=US.
  Elapsed Time: 34 ms.
       Analyzing the certificate chains for compatibility problems with versions of Windows.
       Potential compatibility problems were identified with some versions of Windows.
            Additional Details
       The Microsoft Connectivity Analyzer can only validate the certificate chain using the Root Certificate Update functionality from Windows Update. Your certificate may not be trusted on Windows if the "Update Root Certificates" feature
  isn't enabled.
  Elapsed Time: 5 ms.
       Testing the certificate date to confirm the certificate is valid.
       Date validation passed. The certificate hasn't expired.
            Additional Details
       The certificate is valid. NotBefore = 1/3/2013 12:00:00 AM, NotAfter = 11/16/2015 11:59:59 PM
  Elapsed Time: 0 ms.
       Checking the IIS configuration for client certificate authentication.
       Client certificate authentication wasn't detected.
            Additional Details
       Accept/Require Client Certificates isn't configured.
  Elapsed Time: 298 ms.
       Testing HTTP Authentication Methods for URL https://webmail.xyz.com/rpc/[email protected]:6002.
       The HTTP authentication methods are correct.
            Additional Details
       The Microsoft Connectivity Analyzer found all expected authentication methods and no disallowed methods. Methods found: Basic, Negotiate, NTLMHTTP Response Headers:
  request-id: 835acf95-78b7-40ae-b232-117318d1577e
  Server: Microsoft-IIS/8.5
  WWW-Authenticate: Basic realm="webmail.xyz.com",Negotiate,NTLM
  X-Powered-By: ASP.NET
  X-FEServer: Server01
  Date: Mon, 25 Aug 2014 19:12:26 GMT
  Content-Length: 0
  Elapsed Time: 296 ms.
       Attempting to ping RPC proxy webmail.xyz.com.
       RPC Proxy was pinged successfully.
            Additional Details
       Elapsed Time: 454 ms.
       Attempting to ping the MAPI Mail Store endpoint with identity: [email protected]:6001.
       The endpoint was pinged successfully.
            Additional Details
       The endpoint responded in 0 ms.
  Elapsed Time: 1007 ms.
       Testing the MAPI Address Book endpoint on the Exchange server.
       The address book endpoint was tested successfully.
            Additional Details
       Elapsed Time: 2177 ms.
            Test Steps
            Attempting to ping the MAPI Address Book endpoint with identity: [email protected]:6004.
       The endpoint was pinged successfully.
            Additional Details
       The endpoint responded in 906 ms.
  Elapsed Time: 918 ms.
       Testing the address book "Check Name" operation for user [email protected] against server [email protected].
       The test passed with some warnings encountered. Please expand the additional details.
         Tell me more about this issue and how to resolve it
            Additional Details
       The address book Bind operation returned ecNotSupported. This typically indicates that your server requires encryption. The Microsoft Connectivity Analyzer will attempt the Address Book test again with encryption.
  NSPI Status: 2147746050
  Elapsed Time: 825 ms.
       Testing the address book "Check Name" operation for user [email protected] against server [email protected].
       Check Name succeeded.
            Additional Details
       DisplayName: Test Exch1, LegDN: /o=DOMAIN/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=add423106fbb47d5bf237462f52b8dab-Test Exch1
  Elapsed Time: 433 ms.
       Testing the MAPI Referral service on the Exchange Server.
       The Referral service was tested successfully.
            Additional Details
       Elapsed Time: 1808 ms.
            Test Steps
            Attempting to ping the MAPI Referral Service endpoint with identity: [email protected]:6002.
       The endpoint was pinged successfully.
            Additional Details
       The endpoint responded in 953 ms.
  Elapsed Time: 949 ms.
       Attempting to perform referral for user /o=DOMAIN/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=add423106fbb47d5bf237462f52b8dab-Test Exch1 on server [email protected].
       We got the address book server successfully.
            Additional Details
       The server returned by the Referral service: [email protected]
  Elapsed Time: 858 ms.
       Testing the MAPI Address Book endpoint on the Exchange server.
       The address book endpoint was tested successfully.
            Additional Details
       Elapsed Time: 626 ms.
            Test Steps
            Attempting to ping the MAPI Address Book endpoint with identity: [email protected]:6004.
       The endpoint was pinged successfully.
            Additional Details
       The endpoint responded in 156 ms.
  Elapsed Time: 154 ms.
       Testing the address book "Check Name" operation for user [email protected] against server [email protected].
       Check Name succeeded.
            Additional Details
       DisplayName: Test Exch1, LegDN: /o=DOMAIN/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=add423106fbb47d5bf237462f52b8dab-Test Exch1
  Elapsed Time: 472 ms.
       Testing the MAPI Mail Store endpoint on the Exchange server.
       We successfully tested the Mail Store endpoint.
            Additional Details
       Elapsed Time: 555 ms.
            Test Steps
            Attempting to ping the MAPI Mail Store endpoint with identity: [email protected]:6001.
       The endpoint was pinged successfully.
            Additional Details
       The endpoint responded in 234 ms.
  Elapsed Time: 228 ms.
       Attempting to log on to the Mailbox.
       We were able to log on to the Mailbox.
            Additional Details
       Elapsed Time: 326 ms.

• Unread Emails in Outlook 2010 Clients shows both UNREAD AND READ emails when connected to Exchange 2013 Server SP1

  We recently upgraded to Exchange 2013 SP1 with a client user-base of Office 2010 Professional Plus / Outlook 2010 SP3.
  All Unread Email favorites folders show both Unread and Read emails, just like the inbox. Removal of the folder and recreating yields the same results, as does creating a custom folder. However, in Outlook 2013 there is no problem. 
  Is there a patch or hot fix for this issue? Or does anyone know how to fix this issue so that the UNREAD EMAILS SHOW UP IN THE UNREAD FOLDER AND NOT INCLUDE THE READ EMAILS? 
  Thank you!
  Kim Parker-Polito / Newhall Land

  Go down to Search Folders
  - Right click on Search Folders and create New Search Folder leave default "Unread Mail1" and click OK
  - Right click on the new “Unread Mail1” folder and choose “Customize this search folder”
  - Click on Browse
  - Select the checkbox for “Search subfolders”
  - Press OK and OK again.
  - Right click on old "Unread Mail" Folder and delete.

• Outbound emails from one specific email address blocked by Exchange 2013

  Hi
  We have a hybrid environment Exchange Online and are using Exchange 2013 as hybrid server. We have an application that submits emails to Exchange using SMTP and sends emails from [email protected] Since almost half of our user base is already in Exchange
  Online, many of these emails which are generated on-premises need to be routed to Exchange Online. This configuration has been working for months. On 24/06/2014, the emails from this application stopped getting delivered. 
  On examination of message tracking logs, I found SMTP FAIL events - excerpt below.
  ConnectorId             : Outbound to Office 365
  Source                  : SMTP
  EventId                 : FAIL
  InternalMessageId       : 39560943768623
  RecipientStatus         : {[{LRT=};{LED=550 5.1.8 Access denied, bad outbound sender};{FQDN=};{IP=}]}
  Doing a search for the error in recipient status did not return anything but doing a search for "access denied, bad sender" did return results that suggested a scenario when a user in Exchange Online would be prevented from sending outbound email
  after having been identified as sending spam - see http://technet.microsoft.com/en-GB/library/dn458545(v=exchg.150).aspx
  It seems our on-premises Exchange 2013 server has enacted a similar block on our noreply address which sends out a lot of emails. I have been able to confirm that if the 'from address' is changed to something like [email protected], all emails from
  the application get delivered successfully.
  I now need to find out how I can unblock our noreply address so these emails can be sent with the original from address.
  Appreciate all help I can get on this one.

  Hi,
  From your description, only one email address can't send messages from the application server. I recommend you check if there is any transport rule on Office 365 blocking this problematic email address.
  What's more, please check your outbound spam policy, verify if there is any policy blocking this problematic email address.
  For more information, here is a thread for your reference.
  Configure the outbound spam policy
  http://technet.microsoft.com/en-us/library/jj200737(v=exchg.150).aspx
  Hope it helps.
  Best regards,
  Amy Wang
  TechNet Community Support

• Unable to send or recive email Internal & Externa ... Exchange 2013

  Hi all
  duo to some previse problem I hade to recover the server hard drive with a backup image.
  I recover the server with the windows installation cd &  backup image that I stored  on external HD
  the recover was done successfully & fix this issue and return the server to the time that the image was taken
  now after recovering the server unable to sent or receive e-mail from
  Internal & External
  for all users
  outlook is connected Internal & External for all users
  the web app is working Internal & External for all users
  all Exchange services are started and running
  the Exchange Server is on a one machine
  the domain is on another machineall server
  at the same network
  all servers is behind TMG server
        Thank you all

  Amy Wang
  thank you for your organized steps
  sure I disconnected all server
  that are not using with Exchange from the beginning.
  and I also reconfigure the DNS  Server\<Exchange server name>
  and I recheck the reverse lookup zone.
  as I said before the exchange was working fine until a power loss make me unable to open the ECP
  witch lead me to recover the server from a backup image
  PS. the recover was made at 8/10/2014 & the image that I use to recover was taken on 8/2/2014
  the domain server is another machine & did not recovered to that date 8/2/2014 couse it has no problem
  could this effect the relation between the domain & the exchange
  knowing that the recovering is made by windows installation cd 
  first format the HD than recopy the image that was taken on 8/2/2014
  thank you

• How to configure users for internal mail routing only in exchange 2013

  Hi Guys!
  I have a scenario here that i have three (3) group of users, one group is able to have an inbound and outbound mail, meaning they can send and recieved emails from internal and external.The second group of users should have inbound mail(local mail) only
  (cannot send and recieved mails from internet), and the third (3) user is they can recieved an outbound mail but they are not allowed to send mail directly to the client,(Ex.
  [email protected],[email protected],[email protected]) instead they will use the
  [email protected] as the reply to the client. Please let me know how to configure group user 2 and 3.
  Thank you.
  regards,
  Paul

  Hi Paul,
  Great advice from Maganti, just elaborating steps:
  Prevent Group 2 send e-mail to internet by transport rule:
  1. Login EAC with administrator, Mail Flow---> Rule, click “Create a new rule, then give a name “Group2 - No Internet Mail”.
  2. Conditions: select "From a member of a distribution list" & select group "Group2"
  3. Select another condition "Sent to users inside or outside the organization" & Select Outside.
  4. Actions: select "send bounce message to sender with enhanced status code" & write your custom message like “You are not authorized to send mails to internet”.
  Prevent Group 3 directly send e-mail to internet, however it can send message as group:
  We also can create a transport rule which is same with Group2, then open Active Directory Users and Computers to add send as permission with another group (contain same users as group3).
  Best Regards,
  Allen Wang

• Exchange 2013 Issue: Outlook 2010 auto populating the From Tab when forwarding email

  Exchange 2013 Issue: Outlook 2010 auto populating the From Tab when forwarding email        
  I am running Exchange 2013 and I have an end user who connects to it via Outlook 2010. All was going well till he went to forward an email and he noticed that the From button appeared and auto populated the sender's email address.
  I have clicked the Empty Auto Complete List in Outlook's Send messages... still displayed the From tab when forwarding.
  I recreated the profile in outlook... same thing.
  I created the profile with outlook 2013... same thing.
  There is only one user profile setup in Outlook.
  (I know the from tab usually appears when you have multiple profiles setup in Outlook and/or when you configure the "From" tab.)
  I opened the end user's email in Exch 2013's OWA... what was different here was when I clicked on the email and it opened, it did NOT have the Reply or Forward option... and it displayed as a "Draft" email.
  Does anyone have any ideas?

  So are you saying that the from button is filling the option with the original senders address (eg the person who sent the message to your user), or that it's filling in the your users address (in which case I don't understand what the issue is, since
  it IS going from your user)?

• Outlook 2010/2013 not able to connect to Exchange 2013

  Hi, I'm the midst of co-exist between Exchange 2010/2013. I have issues where none of internal users that migrated to Exchange 2013 not able to connect via Outlook 2010/2013. OWA is running fine without issue. Using MCA, the issue due to port is blocked
  but I have verified that firewall on Exchange 2013 server is turn off all.
      1. Exchange 2010/2013 cert is using public CA cert.
      2. Both outlook anywhere external URL for Exchange2010/2013 is set to outlook.domain.com. internal pointing to server.domain.com. while autodiscover is set to autodiscover.domain.com.
     3. user mailbox in exchange 2010 do not have any issue
  while if I try to logon, the error look like below:
  Cannot open your default e-mail forlders. You must connect to microsoft exchange with the current profile before you can synchronuze your folder with your outlook data file (.ost).
  what else should I check ?
  many thanks.

  Hello,
  What server does “outlook.domain.com” and “autodiscover.domain.com” point to, Exchange 2013 FE or 2010 CAS?
  You can also do a Outlook Test Email AutoConfiguration by the following steps:
  a. While Outlook is running, click the CTRL key and then right-click the Outlook icon in the system tray and then select “Test Email Autoconfiguration”.
  b. Confirm that your email address is in the address field, uncheck “Use Guessmart” and “secure Guessmart authentication” boxes. Then click the “Test” button.
  Thanks,
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
  [email protected]
  Simon Wu
  TechNet Community Support

• OWA still redirects to Exchange 2007 (legacy) after mailbox-move to Exchange 2013

  Hi,
  I am in the process of implementing Exchange 2013 in coex with 2007. I am testing now in a copy of the production environment and have installed the Exchange 2007 SP3 RU11 prior to installing Exchange 2013 using the SP1 media.
  We use a wildcard certificate and I prepared the Exchange 2007 internal/external URLs for OWA/OAB/etc to use the legacy.domain.com names and in Exchange 2013 I set them all to email.domain.com. Exchange 2013 has Outlook Anywhere configured.
  All tests like autodiscover (internally via SCP) run fine and for a new Exchange 2013 mailbox the Outlook and OWA functionality is as expected. A mailbox still on 2007 also connects fine via Outlook and while connecting to OWA (using the htps://email.domain.com/owa
  url) also redirects me to https://legacy.domain.com/owa just fine.
  HOWEVER: after a successfull mailbox-move from 2007 to 2013 my OWA logon-request STILL get's redirected to the 2007 legacy URL. When I then logon again on the 2007 OWA I get the message that I should connect to the 2013 URL and end-up in a loop.
  Anyone any tips where to search?
  Many thanks in advance.
  Best regards and many thanks in advance, Eric Vegter

  This seems to be an outstanding issue.
  We just performed a fresh install of Exchange 2013 on a Windows Server 2012 R2 operating system. We're migrating from our existing Exchange 2007 server. At the moment we have everything properly setup in a co-existence state. All we lack is to complete the
  migration of our mailboxes from the 2007 DB to the 2013 DB.
  In performing the first mailbox move, to test the migration process and make certain mail flows as expected, we noticed this same problem. Before reading through this thread, I was able to assign Full Access to a delegate user and then perform the "Open
  Mailbox" feature from a 2013 user's account. This was successful in opening the mailbox within OWA 2013. However, I still could not access the account by simply logging into the Outlook Web App. It would login, then proxy back to OWA 2007 with the message,
  "Use the following link to open this mailbox with optimal performance:
  http://mail.domainname.com/"
  After reading about cycling the OWA app pool, I immediately tried it as a workaround and it worked. It is a little frustrating going about it in this way. Hoping to see more activity on this thread.
  -Lorne

• Exchange 2013 co-existence with 2007 can not send from 2013 - receives OK

  2013 SP1  -separate servers for MBX and CAS - 4 of each. Exchange 2007 configured as a CCR
  I am in co-existence mode but have not yet switched on the legacy.domainname.com. I have a new certificate installed on all servers - 2007 and 2013 with the legacy namespace included
  I can receive on the exchange 2013 servers and can send to exchange 2013 users but cannot send to 2007 users or externally. I have enabled protocol logging and I'm seeing:
  2014-04-02T00:57:31.476Z,Outbound Primary,08D1120CF8FEEDBA,0,,10.0.9.1:25,*,,attempting to connect
  2014-04-02T00:57:52.521Z,Outbound Primary,08D1120CF8FEEDBA,1,,10.0.9.1:25,*,,"Failed to connect. Winsock error code: 10060, Win32 error code: 10060, Error Message: A connection attempt failed because the connected party did not properly respond after a
  period of time, or established connection failed because connected host has failed to respond 10.0.9.1:25"
  The client has a pair of Axway mailgateway appliances (Tumbleweed). We can Telnet between the exchange 2013 servers and the Axways. There is a firewall between these mail gateways and the exchange servers and the following ports were opened - 25,443,465,995,110
  I used the existing send connectors from 2007 and just added the mailbox servers to them. I created 2 new receive connectors to match 2 specialist 2007 connectors.
  But I still can't send mail. Any suggestions where next to check?

  Hi Tony 
  Based on the protocol logs error looks like there is connectivity problem between Ex2007 and Ex2013
  First you can try dropping an email through Telnet from Exchange 2013 to Exchange 2007 to see the message failure happens at which transit.
  You can add the IP address of Exchange 2013 in Exchange 2007 default receive connector and vice versa.
  Restart the transport service and try sending an email from exchange 2013 to Exchange 2007 and see the results
  Also you can try creating a dedicated receive connector for Exchange 2007 in Exchange 2013 and vice versa if the above step does not work 
  Also try disabling the firewall and see if it helps.
  Remember to mark as helpful if you find my contribution useful or as an answer if it does answer your question.That will encourage me - and others - to take time out to help you

• Exchange 2013 - External Windows XP/Outlook 2007 Password Prompt

  I have an Exchange 2013 server and everything is working correctly internal with XP clients that are connected to the domain.  My problem is that the Windows XP computers that are connecting from outside of the office that aren't connected to the domain
  and have local usernames and passwords keep getting the password prompts.  I put in the correct domain\username and password and it connects.  The if I close and reopen it asks me for the password, I have saved the credentials but it still asks.
   I have look and applied these settings from these articles but I'm still having the issue.  All of the internal and external names match my GoDaddy SSL certificate (mail.domain.com). Get-OutlookAnywhere shows:
  ExternalHostname                   : mail.domain.com
  InternalHostname                   : mail.domain.com
  ExternalClientAuthenticationMethod : Negotiate
  InternalClientAuthenticationMethod : Ntlm
  IISAuthenticationMethods           : {Basic, Ntlm, Negotiate}
  http://jaworskiblog.com/2013/04/13/setting-internal-and-external-urls-in-exchange-2013/
  http://pickettsproblems.wordpress.com/2013/04/08/windows-xp-users-not-connecting-to-exchange-2013-server/

  Here is my XML log from Test E-mail AutoConfiguration if you need it:
  <?xml version="1.0" encoding="utf-8"?>
  <Autodiscover xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">
    <Response xmlns="http://schemas.microsoft.com/exchange/autodiscover/outlook/responseschema/2006a">
      <User>
        <DisplayName>Ryan Laurie</DisplayName>
        <LegacyDN>/o=First Organization/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=03614938e08f481b8f7e1bbc7346aa22-Ryan</LegacyDN>
        <AutoDiscoverSMTPAddress>[email protected]</AutoDiscoverSMTPAddress>
        <DeploymentId>463444fb-5651-4b0f-91e5-6356fc132a95</DeploymentId>
      </User>
      <Account>
        <AccountType>email</AccountType>
        <Action>settings</Action>
        <MicrosoftOnline>False</MicrosoftOnline>
        <Protocol>
          <Type>EXCH</Type>
          <Server>[email protected]</Server>
          <ServerDN>/o=First Organization/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/[email protected]</ServerDN>
          <ServerVersion>73C08204</ServerVersion>
          <MdbDN>/o=First Organization/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/[email protected]/cn=Microsoft Private MDB</MdbDN>
          <PublicFolderServer>Exchange.mydomain.local</PublicFolderServer>
          <AD>SERVER2.mydomain.local</AD>
          <ASUrl>https://mail.mydomain.com/ews/exchange.asmx</ASUrl>
          <EwsUrl>https://mail.mydomain.com/ews/exchange.asmx</EwsUrl>
          <EmwsUrl>https://mail.mydomain.com/ews/exchange.asmx</EmwsUrl>
          <EcpUrl>https://mail.mydomain.com/ecp/</EcpUrl>
          <EcpUrl-um>?rfr=olk&amp;p=customize/voicemail.aspx&amp;exsvurl=1&amp;realm=mydomain.local</EcpUrl-um>
          <EcpUrl-aggr>?rfr=olk&amp;p=personalsettings/EmailSubscriptions.slab&amp;exsvurl=1&amp;realm=mydomain.local</EcpUrl-aggr>
          <EcpUrl-mt>PersonalSettings/DeliveryReport.aspx?rfr=olk&amp;exsvurl=1&amp;IsOWA=&lt;IsOWA&gt;&amp;MsgID=&lt;MsgID&gt;&amp;Mbx=&lt;Mbx&gt;&amp;realm=mydomain.local</EcpUrl-mt>
          <EcpUrl-ret>?rfr=olk&amp;p=organize/retentionpolicytags.slab&amp;exsvurl=1&amp;realm=mydomain.local</EcpUrl-ret>
          <EcpUrl-sms>?rfr=olk&amp;p=sms/textmessaging.slab&amp;exsvurl=1&amp;realm=mydomain.local</EcpUrl-sms>
          <EcpUrl-publish>customize/calendarpublishing.slab?rfr=olk&amp;exsvurl=1&amp;FldID=&lt;FldID&gt;&amp;realm=mydomain.local</EcpUrl-publish>
          <EcpUrl-photo>PersonalSettings/EditAccount.aspx?rfr=olk&amp;chgPhoto=1&amp;exsvurl=1&amp;realm=mydomain.local</EcpUrl-photo>
          <EcpUrl-extinstall>Extension/InstalledExtensions.slab?rfr=olk&amp;exsvurl=1&amp;realm=mydomain.local</EcpUrl-extinstall>
          <OOFUrl>https://mail.mydomain.com/ews/exchange.asmx</OOFUrl>
          <UMUrl>https://mail.mydomain.com/ews/UM2007Legacy.asmx</UMUrl>
          <OABUrl>https://mail.mydomain.com/OAB/a9a90db6-fd7f-492b-9e29-4848f16cae2f/</OABUrl>
          <ServerExclusiveConnect>off</ServerExclusiveConnect>
        </Protocol>
        <Protocol>
          <Type>EXPR</Type>
          <Server>mail.mydomain.com</Server>
          <SSL>On</SSL>
          <AuthPackage>Ntlm</AuthPackage>
          <ASUrl>https://mail.mydomain.com/ews/exchange.asmx</ASUrl>
          <EwsUrl>https://mail.mydomain.com/ews/exchange.asmx</EwsUrl>
          <EmwsUrl>https://mail.mydomain.com/ews/exchange.asmx</EmwsUrl>
          <EcpUrl>https://mail.mydomain.com/ecp/</EcpUrl>
          <EcpUrl-um>?rfr=olk&amp;p=customize/voicemail.aspx&amp;exsvurl=1&amp;realm=mydomain.local</EcpUrl-um>
          <EcpUrl-aggr>?rfr=olk&amp;p=personalsettings/EmailSubscriptions.slab&amp;exsvurl=1&amp;realm=mydomain.local</EcpUrl-aggr>
          <EcpUrl-mt>PersonalSettings/DeliveryReport.aspx?rfr=olk&amp;exsvurl=1&amp;IsOWA=&lt;IsOWA&gt;&amp;MsgID=&lt;MsgID&gt;&amp;Mbx=&lt;Mbx&gt;&amp;realm=mydomain.local</EcpUrl-mt>
          <EcpUrl-ret>?rfr=olk&amp;p=organize/retentionpolicytags.slab&amp;exsvurl=1&amp;realm=mydomain.local</EcpUrl-ret>
          <EcpUrl-sms>?rfr=olk&amp;p=sms/textmessaging.slab&amp;exsvurl=1&amp;realm=mydomain.local</EcpUrl-sms>
          <EcpUrl-publish>customize/calendarpublishing.slab?rfr=olk&amp;exsvurl=1&amp;FldID=&lt;FldID&gt;&amp;realm=mydomain.local</EcpUrl-publish>
          <EcpUrl-photo>PersonalSettings/EditAccount.aspx?rfr=olk&amp;chgPhoto=1&amp;exsvurl=1&amp;realm=mydomain.local</EcpUrl-photo>
          <EcpUrl-extinstall>Extension/InstalledExtensions.slab?rfr=olk&amp;exsvurl=1&amp;realm=mydomain.local</EcpUrl-extinstall>
          <OOFUrl>https://mail.mydomain.com/ews/exchange.asmx</OOFUrl>
          <UMUrl>https://mail.mydomain.com/ews/UM2007Legacy.asmx</UMUrl>
          <OABUrl>https://mail.mydomain.com/OAB/a9a90db6-fd7f-492b-9e29-4848f16cae2f/</OABUrl>
          <ServerExclusiveConnect>on</ServerExclusiveConnect>
          <EwsPartnerUrl>https://mail.mydomain.com/ews/exchange.asmx</EwsPartnerUrl>
        </Protocol>
        <Protocol>
          <Type>WEB</Type>
          <Internal>
            <OWAUrl AuthenticationMethod="Basic, Fba">https://mail.mydomain.com/owa/</OWAUrl>
            <Protocol>
              <Type>EXCH</Type>
              <ASUrl>https://mail.mydomain.com/ews/exchange.asmx</ASUrl>
            </Protocol>
          </Internal>
          <External>
            <OWAUrl AuthenticationMethod="Fba">https://mail.mydomain.com/owa/</OWAUrl>
            <Protocol>
              <Type>EXPR</Type>
              <ASUrl>https://mail.mydomain.com/ews/exchange.asmx</ASUrl>
            </Protocol>
          </External>
        </Protocol>
        <Protocol>
          <Type>EXHTTP</Type>
          <Server>mail.mydomain.com</Server>
          <SSL>On</SSL>
          <AuthPackage>Ntlm</AuthPackage>
          <ASUrl>https://mail.mydomain.com/ews/exchange.asmx</ASUrl>
          <EwsUrl>https://mail.mydomain.com/ews/exchange.asmx</EwsUrl>
          <EmwsUrl>https://mail.mydomain.com/ews/exchange.asmx</EmwsUrl>
          <EcpUrl>https://mail.mydomain.com/ecp/</EcpUrl>
          <EcpUrl-um>?rfr=olk&amp;p=customize/voicemail.aspx&amp;exsvurl=1&amp;realm=mydomain.local</EcpUrl-um>
          <EcpUrl-aggr>?rfr=olk&amp;p=personalsettings/EmailSubscriptions.slab&amp;exsvurl=1&amp;realm=mydomain.local</EcpUrl-aggr>
          <EcpUrl-mt>PersonalSettings/DeliveryReport.aspx?rfr=olk&amp;exsvurl=1&amp;IsOWA=&lt;IsOWA&gt;&amp;MsgID=&lt;MsgID&gt;&amp;Mbx=&lt;Mbx&gt;&amp;realm=mydomain.local</EcpUrl-mt>
          <EcpUrl-ret>?rfr=olk&amp;p=organize/retentionpolicytags.slab&amp;exsvurl=1&amp;realm=mydomain.local</EcpUrl-ret>
          <EcpUrl-sms>?rfr=olk&amp;p=sms/textmessaging.slab&amp;exsvurl=1&amp;realm=mydomain.local</EcpUrl-sms>
          <EcpUrl-publish>customize/calendarpublishing.slab?rfr=olk&amp;exsvurl=1&amp;FldID=&lt;FldID&gt;&amp;realm=mydomain.local</EcpUrl-publish>
          <EcpUrl-photo>PersonalSettings/EditAccount.aspx?rfr=olk&amp;chgPhoto=1&amp;exsvurl=1&amp;realm=mydomain.local</EcpUrl-photo>
          <EcpUrl-extinstall>Extension/InstalledExtensions.slab?rfr=olk&amp;exsvurl=1&amp;realm=mydomain.local</EcpUrl-extinstall>
          <OOFUrl>https://mail.mydomain.com/ews/exchange.asmx</OOFUrl>
          <UMUrl>https://mail.mydomain.com/ews/UM2007Legacy.asmx</UMUrl>
          <OABUrl>https://mail.mydomain.com/OAB/a9a90db6-fd7f-492b-9e29-4848f16cae2f/</OABUrl>
          <ServerExclusiveConnect>On</ServerExclusiveConnect>
        </Protocol>
        <Protocol>
          <Type>EXHTTP</Type>
          <Server>mail.mydomain.com</Server>
          <SSL>On</SSL>
          <AuthPackage>Ntlm</AuthPackage>
          <ASUrl>https://mail.mydomain.com/ews/exchange.asmx</ASUrl>
          <EwsUrl>https://mail.mydomain.com/ews/exchange.asmx</EwsUrl>
          <EmwsUrl>https://mail.mydomain.com/ews/exchange.asmx</EmwsUrl>
          <EcpUrl>https://mail.mydomain.com/ecp/</EcpUrl>
          <EcpUrl-um>?rfr=olk&amp;p=customize/voicemail.aspx&amp;exsvurl=1&amp;realm=mydomain.local</EcpUrl-um>
          <EcpUrl-aggr>?rfr=olk&amp;p=personalsettings/EmailSubscriptions.slab&amp;exsvurl=1&amp;realm=mydomain.local</EcpUrl-aggr>
          <EcpUrl-mt>PersonalSettings/DeliveryReport.aspx?rfr=olk&amp;exsvurl=1&amp;IsOWA=&lt;IsOWA&gt;&amp;MsgID=&lt;MsgID&gt;&amp;Mbx=&lt;Mbx&gt;&amp;realm=mydomain.local</EcpUrl-mt>
          <EcpUrl-ret>?rfr=olk&amp;p=organize/retentionpolicytags.slab&amp;exsvurl=1&amp;realm=mydomain.local</EcpUrl-ret>
          <EcpUrl-sms>?rfr=olk&amp;p=sms/textmessaging.slab&amp;exsvurl=1&amp;realm=mydomain.local</EcpUrl-sms>
          <EcpUrl-publish>customize/calendarpublishing.slab?rfr=olk&amp;exsvurl=1&amp;FldID=&lt;FldID&gt;&amp;realm=mydomain.local</EcpUrl-publish>
          <EcpUrl-photo>PersonalSettings/EditAccount.aspx?rfr=olk&amp;chgPhoto=1&amp;exsvurl=1&amp;realm=mydomain.local</EcpUrl-photo>
          <EcpUrl-extinstall>Extension/InstalledExtensions.slab?rfr=olk&amp;exsvurl=1&amp;realm=mydomain.local</EcpUrl-extinstall>
          <OOFUrl>https://mail.mydomain.com/ews/exchange.asmx</OOFUrl>
          <UMUrl>https://mail.mydomain.com/ews/UM2007Legacy.asmx</UMUrl>
          <OABUrl>https://mail.mydomain.com/OAB/a9a90db6-fd7f-492b-9e29-4848f16cae2f/</OABUrl>
          <ServerExclusiveConnect>On</ServerExclusiveConnect>
        </Protocol>
      </Account>
    </Response>
  </Autodiscover>

• Exchange 2013 Search Issues

  We are having many issues with users being able to search old emails since migrating to Exchange 2013.  We have renamed the search index files and rebuilt multiple times and they all state healthy at this time but users are still having issues finding
  old emails.  Trying to see if this is a product issue or a server issue and if so what needs to be done.  Using Standard edition with 5 databases at this time.

  Hi,
  Thank you for your question.
  Is there any error when we search email in outlook or OWA? I suggest we could post error to
  [email protected] for our troubleshooting.
  Did user search email within a week? Because we want to know if those emails were deleted by Retention Policy.
  Are there relevant event id or application log?
  We could make sure the service of “Microsoft Exchange Search” is running on all Exchange mailbox server. if the service of “Microsoft Exchange Search” is running on all Exchange mailbox server. we could restart it to check if the issue persist.
  If OWA could search email, we could rebuild the outlook profile to check if the issue persist.
  If there are any questions regarding this issue, please be free to let me know. 
  Best Regard,
  Jim
  Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected]
  Jim Xu
  TechNet Community Support

• Exchange 2013 w/Outlook 2013 "The name of the security certificate is invalid or does not match the name of the site"

  I've completed an upgrade from Exchange 2003 to Exchange 2013 and I have one last SSL message that I can't get rid of.  I've installed a 3rd party cert that is working great for webmail and cell phone access but for some reason the Outlook 2010/2013
  clients get prompted for a security warning.  I just implemented the SSL cert yesterday and I've noticed that new installs of Outlook seem to work just fine.  My Outlook 2013 client doesn't prompt me with the message but I have other users who are
  still getting the "The name of the security certificate is invalid or does not match the name of the site" error.  The domain on the cert error show up as server.mydomain.local.  I've gone through all the virtual directories and pointed
  all of my internal and external URL's to https://mail.mydomain.com.   This made one of the two warnings go away but not the second.  I've dug around on google and gone through everything I could find here and as far as I can tell my internal
  and external url's are configured properly and I can't figure out where this error is originating from.  Any ideas on where I should look outside of the virtual directories? 
  I'm including a good link I found that contains all of the virtual directories I updated.  I've checked them through both CLI and GUI and everything looks good.
  http://www.mustbegeek.com/configure-external-and-internal-url-in-exchange-2013/
  http://jaworskiblog.com/2013/04/13/setting-internal-and-external-urls-in-exchange-2013/

  Hi,
  When the Outlook connect to Exchange 2013/Exchange 2010, the client would connect to Autodiscover service to retrieve Exchange service automatically from server side. This feature is not available in Exchange 2003 Outlook profile.
  Generally, when mailbox is moved to Exchange 2013, the Outlook would connect to server to automatically update these information. It needs time to detect and update the changes in server side. I suggest we can do the following setting For autodiscover service:
  Get-ClientAccessServer | Set-ClientAccessServer –AutodiscoverServiceInternalUri https://mail.mydomain.com/autodiscover/autodiscover.xml
  Please restart IIS service by running IISReset in a Command Prompt window after all configuraions.
  Regards,
  Winnie Liang
  TechNet Community Support

• Single CAS NameSpace in Multi-Data Center Model With Exchange 2013

  Hi
  We are in process of transitioning from Exchange 2007 to Exchange 2013. Our Exchange 2007 infrastructure is as follows:
  2 Data centers (DC 1 and DC 2). Both with active user population. Both have their own direct Internet Connectivity
  Standalone Exchange 2007 mailbox servers in each data center
  Load Balanced CAS (HT co-located) servers using Hardware Load Balancers in each data center. Load balancers are configured with VIP and FQDNs (LoadBalancer1.Com and LoadBalancer2.com)
  Currently No access allowed from Internet except ActiveSync (No OWA or OA)
  Outlook anywhere is disabled in Exchange 2007 organization but once mailboxes will be moved to Exchange 2013, OA will definitely be used – we will provide OA on Intranet as well as Internet
  All the internal URLs including Autodiscover point to VIP (Load Balancer IP)
  Autodiscover is not currently published on Internet, but we have a plan to publish it now once Exchange 2013 is introduced
  We want to keep a single CAS NameSpace BYOD.ABC.Com for our ActiveSync and OA (and not going to allow OWA) access from Internet. We want to have Split-DNS for our new Exchange 2013 infrastructure due to
  the simplicity it brings. So we are going to use one name BYOD.ABC.Com from the Internet. We have GSLB that provide Fault Tolerance and Geo-Load Balance to external requests coming from Exchange clients, between two data centers. When we will
  install new Exchange 2013 servers, they’ll be part of new VIP so:
  In a 2 data center model, can we name our internal VIPs same in both data centers (i:e BYOD.ABC.Com) as we have decided to go with Split-DNS? Do you see any caveats to this strategy
  If the above strategy will not work, what are the alternate approach(es).
  If we configure same names for the VIPs in both data centers, it will mean that the Autodiscover SCPs for all the Exchange 2013 CAS objects (and Exchange 2007 CAS objects during co-existence) will point to BYOD.ABC.Com. This should not be a problem for
  AD joined systems as they’ll find and contact Autodiscover endpoints in their own sites (based on Keywords attribute that tells which AD site SCP belongs to) –
  Please correct me if this is wrong.
  If we configure same names for the VIIPs in both data centers, this also means that we have to configure BYOD.ABC.Com on External as well as Internal URLs on all the Exchange 2013 servers across both the data centers – Wouldn’t that be a problem – in terms
  of loops during CAS-CAS Proxy/Redirection?
  If we configure different names of the VIPs (say BYOD1.ABC.Com and BYOD2.ABC.Com), how will the Outlook Anywhere requests be handled in both data centers. The OA requests from DC1 will expect the Certificate Principle Name to be BYOD1.ABC.Com and requests
  from DC2 will expect the Certificate Principle Name to be BYOD2.ABC.Com. How to get this stuff working. As far as I know, OA expects CPN to match with it’s name.
  Thanks
  Taranjeet Singh
  zamn

  Any comments/suggestions from community......
  Thanks
  Taranjeet Singh
  zamn