TLS connection failure with Exchange 2013 (SEC_E_WRONG_PRINCIPAL)

Similar Messages

• Can we connect Outlook with Exchange 2013 with the default Self-signed certificate?

  Hi,
  the question is very simple, but after several days searching in this forums and in the web I have not been able to find a definitive answer YES or NOT. I know that Self-signed certificates are not for a production enviroment and only for labs and we must
  purchase a third party certificate or get one from a internal CA.
  Anyone can answer this question with no doubt?
  Thanks in advance!
  jspt

  Hi Abhi,
  I wrote this question because in a recent migration to 2013 from 2007 we've found with this problem: you can view it in the post http://social.technet.microsoft.com/Forums/exchange/en-US/1ddd1e81-1061-4461-95dd-13de653ef8fe/outlook-cant-connect-with-exchange-2013-after-migration-from-exchange-2007?forum=exchangesvrdeploy.
  Also I have installed a new exchange 2013 in a lab enviroment and I also have unabled to connect from a Outlook 2013. The problem is the same Outlook is unable to detect the exchange server. Many people in this forums told me that have to be a certificate
  problem and for that I posted this question. Honestly, I don't know how to do for Outlook can be connect with Exchange 2013. I don't know what I'm doing wrong.
  Anyway thanks for your answer.
  jspt

• Outlook 2013 connection issue with exchange 2013

  my exchange 2013 was upgrade from exchange 2010. after the upgrade (migration), i using outlook 2013 connect to exchange 2013. some very
  weird issues happened.
  when i using auto discovery to create profile and connect to exchange will success. but when i manually create the profilewill failed. the following pic for your reference. (same account, same PC)
  please help, thanks lots!!!!

  This is what changed in Exchange 2013. It uses RPC or HTTPs (Outlook Anywhere) and uses Server GUID to connect...
  "As a result of these architectural changes, there have been some changes to client connectivity. First, RPC is no longer a supported direct access protocol. This means that all Outlook connectivity must take place using RPC over HTTP (also known as
  Outlook Anywhere). At first glance, this may seem like a limitation, but it actually has some added benefits. The most obvious benefit is that there is no need to have the RPC client access service on the Client Access server. This results in the reduction
  of two namespaces that would normally be required for a site-resilient solution. In addition, there is no longer any requirement to provide affinity for the RPC client access service.
  Second, Outlook clients no longer connect to a server FQDN as they have done in all previous versions of Exchange. Outlook uses Autodiscover to create a new connection point comprised of mailbox GUID, @ symbol, and the domain portion of the user’s primary
  SMTP address. This simple change results in a near elimination of the unwelcome message of “Your administrator has made a change to your mailbox. Please restart.” Only Outlook 2007 and higher versions are supported with Exchange 2013."
  From : What's New in Exchange 2013-
  http://technet.microsoft.com/library/jj150540%28EXCHG.150%29.aspx#BKMK_arch
  Blog |
  Get Your Exchange Powershell Tip of the Day from here

• Internal outlook client connectivity in exchange 2010 when coexist with exchange 2013

  Hi all ,
  on my side i would like to clarify few queries.
  Say for instance i am coexisting exchange 2010 with exchange 2013 .Unfortunately if all of my exchange 2013 servers goes down .
  Q1 .On that time will the internal outlook users having their mailboxes on exchange 2010 can be able to connect mailboxes without any issues ? In case if they face any issues what kind of issues will they be? Because why i am asking is we should have pointed
  the autodiscover service to exchange 2013 during coexistence.
  When an user closes and reopens the outlook after whole exchange 2013 environment failure ,outlook will first query the autodiscover service for the profile changes to get it updated on users outlook profile.In such case autodiscover service will not be
  reachable and i wanted to know will that affects the internal client connectivity for outlook users having their mailboxes on exchange 2010.
  Q2. Apart from outlook internal users connectivity ,what kind of exchange services(i.e owa,active sync,pop,external OA and imap) will get affected when whole exchange 2013 environment goes down during coexistence ?
  I have read the below mentioned statement on this awesome blog but still i wanted to clarify with you all on my scenario.
  http://blogs.technet.com/b/exchange/archive/2014/03/12/client-connectivity-in-an-exchange-2013-coexistence-environment.aspx<o:p></o:p>
  Internal Outlook Connectivity
  For internal Outlook clients using RPC/TCP connectivity whose mailboxes exist on Exchange 2010, they will still connect to the Exchange 2010 RPC Client Access array endpoint.
  For internal Outlook clients using RPC/TCP connectivity whose mailboxes exist on Exchange 2007, they will still connect directly to the Exchange 2007 Mailbox server instance hosting the mailbox.
  Please share me your suggestions and that would help me a lot .
  Regards
  S.Nithyanandham

  Hi Winnie Liang ,
  Thanks a lot for your reply.
  Scenario  1 : for internal outlook connectivity 
  We have below settings for exchange 2010 autodiscover.
  mail.domain.com - will be the namespace for internal autodiscover URI for all the exchange 2010 cas serves
  We are going to have below settings for exchange 2013 autodiscover.
  mail.domain.com - will be the namespace for internal autodiscover URI for all the exchange 2013 cas serves
  During coexistence mail.domain.com will be pointed to exchange 2013 cas servers . I mean to say if we try to resolve the mail.domain.com it will get resolved in to the exchange 2013 cas servers.
  So on such case if anything happened wrong to the new environment or else if entire environment goes down .Do we face any issues while outlook users connect to existing mailboxes in exchange 2010 ?
  Because why i am asking is ,on the below mentioned article i have read all the autodiscover request will go via exchange 2013 cas servers during coexistence.That means all the existing mailboxes in exchange 2010 will also have to query exchange 2013 cas
  servers for autodiscover request.During the whole exchange 2013 environemnt failure whenever the user tries to close and open outlook .Outlook will first queries the autodiscover service for any changes happened on that particular mailbox and it will try to
  get it updated on user profile.
  http://blogs.technet.com/b/exchange/archive/2014/03/12/client-connectivity-in-an-exchange-2013-coexistence-environment.aspx
  Would it be possible to make the exchange 2010 mailbox users to query only the scp points which belongs to the exchange 2010 cas servers for autodiscover request ?
  Scenario 2: For exchange services
  mail.domain.com - will be the namespace for all the exchange 2010 services (i.e owa,activesync,external outlook anywhere,pop,imap)
  mail.domain.com - will be the namespace for all the exchange 2013 services (i.e owa,activesync,external outlook anywhere,pop,imap)
  What about the above services will it get affected during whole exchange 2013 environment failure ?
  Note : We are not facing this issue , i hope everything goes well in my environment while doing coexistence i am just asking this question on my own interest?
  Regards
  S.Nithyanandham
  Thanks S.Nithyanandham

• Support for TLS 1.2 over Exchange 2013 on Server 2012?

  Greetings,
  We're trying to roll out TLS 1.2 in our test environment and can't seem to get Exchange to work with the protocol.
  We've been using this method to enable TLS 1.2 (and disable the other protocols - TLS1.0, SSL2.0, SSL3.0, PCT1.0): http://www.adminhorror.com/2011/10/enable-tls-11-and-tls-12-on-windows_1853.html
  We originally tried using Exchange 2010 on 2008 R2, but then I ran across this article saying that it is not supported: http://support.microsoft.com/kb/2709167/en-us
  We've since tried to set it up with Exchange 2013 on Server 2012. Still no luck. The only time Exchange wants to work is when TLS1.0 is enabled.
  I suspect that TLS1.1 and TLS 1.2 are also not supported on Exchange 2013, or that I'm changing the wrong registry keys, but I wanted to find confirmation. I've searched extensively and can't find any documentation leading me to believe one way or the other
  if it's supported.
  Any help or insight would be greatly appreciated. Thanks!
  --Aric

  hi All,
  Even i have tried enabling TLS 1.2 on Exchange 2013 from registry. i followed the below article.
  http://jackstromberg.com/2013/09/enabling-tls-1-2-on-iis-7-5-for-256-bit-cipher-strength/
  When i check OWA in chrome and check the connection information it says "The connection uses TLS 1.2.
  However when i run the below command to check for TLS 1.2 i get the following O/P.
  Command: java -jar TestSSLServer.jar ns-ex13.gtestexchange.com 443
  O/P:
  Supported versions: SSLv3 TLSv1.0 TLSv1.1
  Deflate compression: no
  Supported cipher suites (ORDER IS NOT SIGNIFICANT):
    SSLv3
       RSA_WITH_RC4_128_MD5
       RSA_WITH_RC4_128_SHA
       RSA_WITH_3DES_EDE_CBC_SHA
    TLSv1.0
       RSA_WITH_RC4_128_MD5
       RSA_WITH_RC4_128_SHA
       RSA_WITH_3DES_EDE_CBC_SHA
       RSA_WITH_AES_128_CBC_SHA
       RSA_WITH_AES_256_CBC_SHA
       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
    (TLSv1.1: idem)
  Server certificate(s):
    1979e6bdbd9b8e197d00c45534959eaba82b6f40: CN=ex10.gtestexchange.com, OU=Domain
   Control Validated
  Minimal encryption strength:     strong encryption (96-bit or more)
  Achievable encryption strength:  strong encryption (96-bit or more)
  BEAST status: vulnerable
  CRIME status: protected
  ===================================================
  It doesnt says anything about TLS 1.2.
  Any suggestions from your side?

• Can't get OWA to work on Essentials 2012 R2 with Exchange 2013 on second server 2012 R2 std.

  I have previously with success setup a working solution with server 2012 essentials, and a second server 2012 std. with exchange 2013, I did it following this guide: http://technet.microsoft.com/en-us/library/jj200172.aspx
  Unfortunately I lost the server due to a cooling error which led to an un-repairable essentials 2012, since this was a new setup and also a test setup I didn't have any working backup solution setup at the time...tsk.tsk.
  Since I had to make a complete do over I chose to try out the new R2 server editions, and set it up following the same guide, when it came to this part:
  Download KB2732764 for ARR 2.5, and then install the update on the server that is running Windows Server 2012 Essentials.
  Copy the SSL certificate file for Exchange Server to the server that is running Windows Server 2012 Essentials. The certificate file must contain the private key, and it must be in the PFX file format.
  Note
  If you are using a self-issued certificate, follow the instruction in the Exchange Server article Export an Exchange Certificate to export the certificate.
  Open a command window as an administrator, and then open the %ProgramFiles%\Windows Server\Bin directory.
  Based on you installation scenario, follow one of these steps to configure ARR:
  If you are performing a clean setup, run the following command:
  ARRConfig config –cert “path to the certificate file” –hostnames “host names for Exchange Server”
  I noticed that the version of "Application request routing" had changed to version 3, so obviously I didn't need to dl the 2.5 update.. When I came to the part where I wa instructed to run arrconfig config etc. I noticed
  that the ARRconfig file no longer where placed where the setup guide indicated, I then went ahead and tried som manual configuration regarding certificates and such. In the end I have a working solution where Exchange and OWA is working locally but OWA isn't
  working outside my local domain, the link get's placed in the RWA and is indicating the correct link for the exchange server www.remote.clinten.dk I have a certificate which include to separate domain names aforementioned and remote.clinten.dk and
  I get no errors indicating certificate errors, when I try to connect to www.remote.clinten.dk/owa from outside I get a 404 error, and when I connect to www.remote.clinten.dk I get the RWA login screen for the essentials RWA. Obviously I need to set up something
  in ISS probably in the url rewrite section, but I can't seem to find the right setting.. Can someone help with this?
  Btw. I have found the missing arrconfig file in c:\windows\system32\essentials" and tried to run the command as described in the guide "ARRConfig config –cert “path to the certificate file” –hostnames “host
  names for Exchange Server”" but it doesn't seem to work, it just prompts with a guide for using the arrconfig command and examples of correct use, I also tried removing the "" from the guide, like this "ARRConfig
  config –cert path to the certificate file –hostnames host names for Exchange Server",
  when I ran it without the "" It didn't prompt me with anything nor did It indicate any errors, it did not however make my OWA work either..
  I am aware that exchange 2013 atm. isn't officially supported on the R2 server, but the exchange works fine inside my domain, and the pop3/smtp also works from outside, since this Is a test environment, using only my own private domain and not a company
  domain I figured it would be ok to run the risk.. ;)

  Hi
  found this on
  https://social.technet.microsoft.com/Forums/en-US/1f099068-b3ed-44f3-a8c4-c22d760a8621/arr-broken-or-bad-syntax-exchange-2013-essentials-2012-r2?forum=winserveressentials
  "Ok just an update for anyone else how has this issue.
  The problem has been solved by Microsoft and I have included their findings below, but basically it comes down to a typo!
  I often use notepad to have all the commands I need on hand, and I must have copied the command direct from the TechNet article or other website and customised the required fields. The issue with this is one of the characters did not “convert” - for want
  of a better word. I should have retyped the whole command from scratch and it would have been right!
  Thanks for everyone’s input and for Microsoft for getting to the bottom of it.
  From Microsoft:
  We have tested on your environment and here is the investigation result from our senior engineer:
  ================================================================
  Basically the command fails due to invalid parameter, the invalid one is the ‘-‘. I think the one customer used is copied from the online document sample which translate to the unicode is 0x8211 means “en dash”, it
  can’t be input by normal keyboard, so I pretty sure it is from web (mostly HTML document).
  The one we check (compare) is ‘-‘ which has the code 0x45.
  So it always failed to compare the parameter and ARRconfig.exe thought it is invalid parameter.
  The solution is quite simple, just using keyboard to retype the command, using normal ‘-‘ and I have tried the password prompt shows
  Best Regards,
  Johnny Chen
  Microsoft Partner Support Community Technical Support Engineer
  Microsoft Global Partner Services"

• Exchange 2010 coexist with exchange 2013

  Hi All ,
  Planning to have a coexistence scenario in my environment which is mentioned below
  Exchange 2010 - ambiguous url in place - OA enabled 
  For mapi/rpc traffic - mail.domain.in -  exchange 2010
  For https traffic - mail.domain.in - exchange 2010
  mail.domain.in will get resolved in to cas array in exchange 2010 .
  After coexistence On our side we are not going to move the mail.domain.in namespace to exchange 2013 , Instead of that we are going to use a new namespace in exchange 2013 for internal outlook anywhere and it will be outlookmail.domain.in and for the remaining
  exchange 2013 services like pop,imap,owa,active sync url's,external OA will be having mail.domain.in as same as exchange 2010 namespace.
  just consider outlookmail.domain.in is available on the san certificate installed in exchange 2013.
  Note : 
  On my ide I would assume Internal outlook 2010 mapi users will connect directly to exchange 2010 servers on the namespace mail.domain.in
  Likewise i would assume Internal outlook anywhere 2013 users will connect directly to exchange 2013 servers on the namespace outlookmail.domain.in
  Services like pop,imap,owa,active sync ,external OA connections for both exchange 2010 and exchange 2013 from the external world will be routed from firewall to exchange 2013 servers .Then https traffic for exchange 2010 mailbox users will be proxied to 2010
  exchange server via exchange 2013 server.
  question : I would like to know above mentioned scenario is possible or not ?
  On my side I know in my environment i am having ambiguous url's in place and at the same time i don't want the exchange 2010 internal outlook users to connect via exchange 2013 rpc over http even though OA is enabled on exchange 2010.
  So simply i can say i need my internal exchange 2010 mailbox users has to connect via tcp/ip.
  All of you tell me your valuable suggestions.
  Regards
  S.Nithyanandham

  Hi,
  Going Straight to the point... and answering your question...
  The scenario above IS possible For a while... But going ahead in the migration process, You'd face problems once the Exch2013 doesn't know how to handle MAPI connections:
  As per Exchange Team...
  In this scenario where both the MAPI/RPC and HTTP workloads are using the same FQDN you cannot successfully move the FQDN to CAS 2013 without
  breaking your MAPI/RPC client connectivity entirely. I repeat, your MAPI/RPC clients will start failing to connect via MAPI/RPC once
  their DNS cache expires after the shared FQDN is moved to CAS 2013.
  As their recommendation, and I would tell you too by experience, the best option is to really use different internal and external URLs for the clients to connect to.
  change your design to use a specific internal-only FQDN for MAPI/RPC clients. If you are in the middle of a 2010 deployment using an Ambiguous
  URL I recommend you change your ClientAccessArray FQDN to a unique name and update the mailbox database RpcClientAccessServer values
  on all Exchange 2010 mailbox databases accordingly. Fixing this item mid-migration to Exchange 2010 or even in your fully migrated environment will ensure any newly created or manually repaired Outlook profiles are protected, but it will not automatically
  fix existing Outlook clients with the old value in the server field. 
  So the overall for this first point is to enable the OA for all internal users, so as to ease the migration process in the future, even if for the time being its not necessary.
  Also another point you should take into consideration is the version of yours OLK versions, as the minimum supported are as per below:
  Outlook 2007: 12.0.6665.5000 (SP3 + the November 2012 Public Update or any later PU)
  Outlook 2010: 14.0.6126.5000 (SP1 + the November 2012 Public Update or any later PU)
  Outlook 2013: 15.0.4420.1017 (RTM or later)
  I don't know the size of you network, but it might be necessary for you to use an inventory tool in order to identify that.
  As advised, its really worthy to have a look at the following article, thus to clarify your view about this issue.
  Ambiguous URLs and their effect on Exchange 2010 to Exchange 2013 Migrations
  From <http://blogs.technet.com/b/exchange/archive/2013/07/17/3574451.aspx> 
  Hope it can help you!
  Cheers,
  Think before you ask, give detail as much as possible, then ask and you will get help! Always have in mind, people do not guess! :)

• SBS2008: Move email from Exchange 2007 to new server with Exchange 2013

  We have an old server (SBS2008) and plan to buy a new server with (Server 2012). I need to move all the exchange emails, contacts & calendars to the new server. We will no longer use the old server. 
  Is there a document or migration tool that will help me understand how to move this data form the old exchange server to the new one? 
  Old Server:
  SBS2008 running Exchange 2007
  New Server:
  Server 2012
  Exchange 2013
  Any help is appreciated!

  Hi Dave,
  It can be done, and as Larry suggested you will consider two Server 2012 installs in order to achieve an environment that looks like your current SBS roles; Exchange 2013 on an Active Directory controller isn't a good long-term solution (SBS did this for
  you in the past).
  For your size operation, a virtual server host, with a Windows Server 2012 license, and two virtual machines would probably be a suitable design model.  In this manner, you have Server 2012 license that permits 1 +2 licenses (one host for virtualization,
  up to 2 Virtual Machines on same host).
  There's no migration tool. That comes with experience and usually trial and error. You earn the skills in this migration path, and for the average SBS support person you should plan on spending 3x (or more) your efforts estimate in hours planning your migration. 
  You can find a recommended migration path at this link to give you an idea of the steps, but its not exactly point by point going to cover you off for an sbs2008 to server 2012 w/exchange 2013 migration.  But the high points are in here. If it looks
  like something you would be comfortable with then you should research more.
  http://blogs.technet.com/b/infratalks/archive/2012/09/07/transition-from-small-business-server-to-standard-windows-server.aspx
  Specific around integrating Exchange 2013 into an Exchange 2007 environment, guidance for that can be found here:
  http://technet.microsoft.com/en-us/library/jj898582(v=exchg.150).aspx
  If that looks like something beyond your comfort level, then you might consider building a new 2012 server with Exchange 2013 environment out as new, manually export your exchange 2007 mailbox contents (to PST) and then import them into the new mail server,
  and migrate your workstations out of old domain into new domain.  Whether this is more or less work at your workstation count is dependent upon a lot of variables.
  If you have more questions about the process, update the thread and we'll try to assist.
  Hopefully this info answered your original question.
  Cheers,
  -Jason
  Jason Miller B.Comm (Hons), MCSA, MCITP, Microsoft MVP

• Upgrade of Integation Services (Windows 2012 R2) on Windows 2008 R2 with Exchange 2013 SP1 DAG fails

  Here is the scenario:
  Legacy Host: Windows 2008 R2
  Guest VM: Windows 2008 R2 with Exchange 2013 SP1 DAG cluster.
  After importing the VM (2008 R2 and Exchange 2013 DAG) into a 2012 R2 host (Cluster).  (copy VM files to new 2012 R2host) Everything works fine.
  Then upgrading "Installation Services" (for Windows 2012 R2 host) on the imported VM runs fine with no errors to the "Restart" prompt. VM than shows: "Configuring Windows updates 32% complete. Do not turn
  of your computer." Hangs there for about 20 minutes until is says "shutting down". Hangs there for 20 minutes until power off. Restart to normal start; "Preparing to configure Windows. Do not turnoff your computer." proceeds slowly
  to "Configuring Windows updates 32% complete. Do not turn of your computer." hangs there again indefinite. Sometime hangs at shutdown cycle and "Configuring Windows updates 32% complete. Do not turn of your computer." indefinitely.
  I moved 20 other machines from a 2008 R2 host to new Windows 2012 R2 hosts all of these machines install the 2012 R2 Integration services just fine on the 2008 R2 VM. Just the 2008 R2 VMs clustered (DAG) and Exchange 2013 SP1 do not take the Integration
  Services upgrade.
  Any advise from Microsoft? I know I could decommission the DAG and Exchange machines and install Integration services on the native box before Exchange and DAG and that would sure work, but I'd rather avoid that amount of work for a simple integration layer
  upgrade.
  Thanks
  Gerhard Waterkamp ACSLA Inc.

  Hi,
  Could you try use the following method to fix this issue first?
  1. Run the System Update Readiness Tool, then check if there is any error in the Checksur.log and checksur.persist.log.
   1. Please run the System Update Readiness Tool on this affected server. Please download this tool from the following Microsoft article:
   Description of the System Update Readiness Tool for Windows Vista, for Windows Server 2008, and for Windows 7
   http://support.microsoft.com/kb/947821/en-us
  2. The System Update Readiness Tool creates the log files that captures any issues that the tool found or fixed. The log files are located at the following location:
  %SYSTEMROOT%\Logs\CBS\
  3. Please paste the checksur.log here for analysis.
  If there is no error found, please try the following step.
  ==================================
  2. Use Fix it tool to reset the Windows Update components.
   1. Open the following link.
   http://support.microsoft.com/kb/971058/en-nz
   2. Select Windows 8.1, Windows 8 and Windows 7 in the product selection box.
   3. Click “Run Now” to reset the Windows Update components.
  Note: We can reset the Windows Updates manually by following the steps in the KB above.
  3. Use the System File Checker tool to repair missing or corrupted system files
   1. Open the command promote with Administrators.
   2. At the command prompt, type the following command, and then press ENTER:
       sfc /scannow
  Any errors are found in the steps above, please let me know.
  Hope this helpful.
  Best Regards,
  Jason Zeng
  Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

• Cannot write email body in OWA with Exchange 2013 SP1 CU6

  Hi,
  I have a problem with Exchange 2013 SP1 with CU6.
  All of OWA user cannot write in the body of email. They can write the Object and the recipient but they cannot select body and write the body message. We have try with multiple Web brother and desactivate all Add-on but the problem still there...
  The only way that works is to respond to an email, and in that case, it's working, we can write normally in the body of email.
  Have you an idea ?
  Thanks in advance!
  Sebastien

  Hi, 
  After contacting Microsoft support, we have found the solution.
  The problem appear after we have recently install the patch described in this KB 2997209:
  https://support.microsoft.com/kb/2997209?wa=wsignin1.0
  But on 2013 Mailbox Server, Echange is not installed in the default path C:\ but on D:\
  So we have to manually copy the content of folder D:\Program Files\Microsoft\Exchange Server\V15\ClientAccess\Owa\prem\15.0.995.29 in the folder 15.0.995.31 (MAKE a BACKUP of FOLDER BEFORE!)
  No need to reboot, or restart IIS, it's working after that!
  @+
  Sébastien

• How do i connect manually to Exchange 2013 from Outlook 2007/2010 in another forest?

  Hello All,
  I have a source organization: Windows 2003 domain + Exchange 2010 SP3 + smtp domain acme.com
  Target organization: Winows 2012 R2 domain + Exchange 2013 CU3 + smtp domain  acme.com
  We are migrating to target organization.
  I want to connect Outlook 2007/2010 to their target mailbox (Exchange 2013) from a machine which is joined to Source DOmain.
  I couldn't use autodiscover, because as the machine is joined to source domain, autodiscover it's mapping to Exchange 2010.
  It only works when I machine is joined to target domain.
  Any idea how to connect manually to eXCHANGE 2013 mailbox from a machine which is joined to source domain?
  Regards
  José Osorio

  Hi,
  Firstly, I’d like to explain, Autodiscover service can be used cross forest:
  1. the two forests must be trusted.
  2. configure a mail contact in the original forest.
  For more information, please refer to the partition named how to configure the Autodiscover service for cross-forest moves in the following article:
  http://technet.microsoft.com/en-us/library/jj591328(v=exchg.141).aspx#BKMK_ConfigureForCrossForestMoves
  Thanks,
  Angela Shi
  TechNet Community Support

• Creating a New Email address policy for users in another Domain with Exchange 2013 powershell?

  Hi
  Everyone
  Is it possible to create a new-emailaddress policy with Exchange
  2013 Powershell, for users within OU´s located on another different
  domain/forest than where Exchange 2013 is installed?
  There
  is a Transitive, two way trust between the domain/forest where the users are
  located - and the Exchange 2013, multi tenant domain.
  Further
  more, and if possible, I need to create linked mailboxes to all these users as
  well.
  Í have been struckling with this issue for weeks, so please anyone -
  advice - and comment.
  Best
  Regards
  Peter
  A-ONE Solutions

  Hi Siddharth
  I want to create a new e-mailaaddress policy - and after that create linked mailboxes/users in my account domain with powershell.
  Can you help me achieve that ?
  I have a powershell CMDlet, but i doesn´t work. (Cannot fint user OU in my account domain)
  CMDlet is as follows:
  New-EmailAddressPolicy -Name $CustomerName   -RecipientContainer "OU=$CustomerName, OU=kunder, DC=Domain, DC=local" -IncludedRecipients 'AllRecipients' -ConditionalCustomAttribute1 $CustomerName -Priority '1' -EnabledEmailAddressTemplates SMTP:%2g%1s@$AcceptedEmailDomain
  Where $Customername = test.dk
  and Account domain is = OU=kunder, DC=Domain, DC=local
  But the command fails with:
  New-EmailAddressPolicy : Couldn't find organizational unit "OU=Test.dk, OU=kunder, DC=Domain, DC=local". Make sure you have typed the name correctly.
  At line:52 char:1
  + New-EmailAddressPolicy -Name $CustomerName   -RecipientContainer "OU=$CustomerNa
  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      + CategoryInfo          : NotSpecified: (:) [New-EmailAddressPolicy], ManagementObjectNotFoundException
      + FullyQualifiedErrorId : [Server=HE-MBX03,RequestId=2cbe1b51-4af2-4c04-9f7e-e440000975e6,TimeStamp=24-03-2014 12:58:19] 2D00FD2A,Mi 
     crosoft.Exchange.Management.SystemConfigurationTasks.NewEmailAddressPolicy
  So, I cannot find the OU on the Account forest/Domain, even though the OU do exists in the Account domain. 
  Verifying with this: 
  Get-ADOrganizationalUnit -Identity "OU=$CustomerName,OU=kunder,DC=Domain,DC=local" –Server ‘DC01.domain.local’| FL
  This works fine, Can you please help/assist?
  Peter

• Java.io.IOException: Connection failure with 500

  Hi
  When i am trying to establish connection from applet to servlet using URLConnection..
  It is giving me java.io.ioexception Connection failure with 500.
  Can anybody let me know why and how to solve this.
  Thanks&Regards,
  Subba

  Error code 500 is "Internal Server Error." Unfortunately this could be loads of things. :-(
  What servlet / web-server are you using?
  Some general pointers.....
  - Check your web-server access log and see if the request is received. (I'd expect so as you're getting a 500 error)
  - Check your servlet log & see if it is init-ing correctly.
  - I always write a simple doGet() method in my servlets so that I can check whether the servlet is alive or not...
  public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
  PrintWriter out = new PrintWriter (response.getOutputStream());
  out.println("<html>");
  out.println("<head><title>ObjectServlet</title></head>");
  out.println("<body>doGet() called: "+new java.util.Date());
  out.println("</body></html>");
  out.close();
  Logger.log(this, "doGet", Logger.TRACE, Logger.TRACE_OUT);
  Then repost if you're still stuck.

• Please HELP!!! URGENT!!! Connection failure with 407 ALL my DUKE $$$$$$$$$

  Hi,
  problem:
  ========
  I have to give a demo of this program next week, I am trying to solve this F***ing problem since last week and can not figure it out....
  I am running my program and tomcat on Computer#1 and trying to run that program from computer#2 and getting
  java.io.IOException: Connection failure with 407...
  Brief Intro:
  ============
  I am hard coding my computer1 ip address.
  If i run my program in the computer#1 i works fine...
  But i am trying to run the program from computer#2 and getting the following error.
  There is nothing wrong with the null pointer....I am definitely sure about this....
  I can access the Servlet directly from the computer#2 by just using a browser.
  for example my Computer#1's IP is 10.121.121.21.
  i can access the tomcat by http:10.121.121.21:8080 from computer#2
  I think the problem is with the security (java.io.IOException: Connection failure with 407)...
  Also i know that 407 means proxy server, but we do have proxy server but i am not going through
  the proxy server...
  Solution:
  =========
  If anyone who can solve this i am going to give them all the duke $$$$$...
  Thanks in advance....
  Error:
  =========================
  java.io.IOException: Connection failure with 407
  Exception occurred during event dispatching:
  java.lang.NullPointerException
  at scanstation.LoginScreen.displayLogInInformation(LoginScreen.java:220)
  at scanstation.LoginScreen.jButton1_actionPerformed(LoginScreen.java:151)
  at scanstation.LoginScreen.passwordTextfield_actionPerformed(LoginScreen.java:255)
  at scanstation.LoginScreen$4.actionPerformed(LoginScreen.java:123)
  at javax.swing.JTextField.fireActionPerformed(Unknown Source)
  at javax.swing.JTextField.postActionEvent(Unknown Source)
  at javax.swing.JTextField$NotifyAction.actionPerformed(Unknown Source)
  at javax.swing.SwingUtilities.notifyAction(Unknown Source)
  at javax.swing.JComponent.processKeyBinding(Unknown Source)
  at javax.swing.JComponent.processKeyBindings(Unknown Source)
  at javax.swing.JComponent.processKeyEvent(Unknown Source)
  at java.awt.Component.processEvent(Unknown Source)
  at java.awt.Container.processEvent(Unknown Source)
  at java.awt.Component.dispatchEventImpl(Unknown Source)
  at java.awt.Container.dispatchEventImpl(Unknown Source)
  at java.awt.Component.dispatchEvent(Unknown Source)
  at java.awt.LightweightDispatcher.processKeyEvent(Unknown Source)
  at java.awt.LightweightDispatcher.dispatchEvent(Unknown Source)
  at java.awt.Container.dispatchEventImpl(Unknown Source)
  at java.awt.Component.dispatchEvent(Unknown Source)
  at java.awt.EventQueue.dispatchEvent(Unknown Source)
  at java.awt.EventDispatchThread.pumpOneEventForHierarchy(Unknown Source)
  at java.awt.EventDispatchThread.pumpEventsForHierarchy(Unknown Source)
  at java.awt.EventDispatchThread.pumpEvents(Unknown Source)
  at java.awt.EventDispatchThread.run(Unknown Source)

  Hy,
  this code is similar to 401 (Unauthorized), but indicates that the client must first authenticate itself with the proxy.
  This HTTP code is documented in the RFC 2616 and RFC 2617.
  http://www.ietf.org/rfc/rfc2616.txt
  http://www.ietf.org/rfc/rfc2617.txt

• Java.io.IOException: Connection failure with 400

  at sun.plugin.protocol.jdk12.http.HttpURLConnection.getInputStream(Unknown Source)
  This occurrs when using getInputStream()
  The URL can be cut and pasted into the browser and it works fine, but when the code executes and only using the plugin it gives this error.
  Any ideas??

  One of my customers is getting :
  java.io.IOException: Connection failure with 400
       at sun.plugin.protocol.jdk12.http.HttpURLConnection.getInputStream(Unknown Source)
  ...too, on this snippet of code:
  java.io.InputStream aInputStream=aURLConnection.getInputStream();
  Anybody find a cause or solution for this? I believe my customer is using JRun.
  Thanks in advance.