Tag Archives: exchange

Get-MailboxDatabase doesn’t show last backup timestamp

This posting is ~3 years years old. You should keep this in mind. IT is a short living business. This information might be outdated.

Sometimes you have to check when the last backup of an Exchange mailbox database was taken. This is pretty simple, because the timestamps of the last full, incremental and differential backup is stored for each mailbox database. You can check these attributes using the Exchange Control Panel (ECP), or you can use the Get-MailboxDatabase cmdlet.

Backup successful, but no timestamp?

Take a look at this output. As you can see, there’s no timestamp for the last full, incremental and differential backup. But this database was successfully backuped some minutes before.

Missing -status switch

The solution is easy: The -status  switch was missing.

After adding the -status  switch to the Get-MailboxDatabase command, the timestamps were added to the output. If you run the command during a running backup session, this is also added to the output (BackupInProgress).

Disable Outlook cached mode for shared mailboxes

This posting is ~3 years years old. You should keep this in mind. IT is a short living business. This information might be outdated.

When you use Microsoft Outlook in cached mode, what I always recommend, and you add additional mailboxes to your outlook profile, you will notice that the OST file will grow. Outlook will download the mailbox items (mails, calendar entries, contacts etc.), and store them in the OST file. This is the default behaviour since Microsoft Outlook 2010. If you want to disable this behaviour, you have two options:

  • Edit the registry
  • Use a group policy object (GPO)

Edit the Windows registry

The easiest way is to use a reg file. Copy this text into a file and save it as disablecachedmode.reg. Then double click the file and confirm, that you want to import the registry file.

Please note the version number after “Office”.

OutlookVersion
Outlook 201616.0
Outlook 201315.0
Outlook 201014.0

Make sure that you use the appropriate version number for your Outlook! Otherwise this setting is applied, but not working.

Group Policy

If you want to apply this setting on a bunch of clients, you should use a GPO. Before you can use a GPO, you have to install the necessary template files for Microsoft Office/ Outlook. These ADMX files are part of the “Office 2013 Administrative Template files (ADMX/ADML)” or “Office 2016 Administrative Template files (ADMX/ADML)” package.

Copy the Outlk16.admx or Outlk15.admx files to the PolicyDefinitions folder (either C:\Windows or Central Store), and the Outlk16.adml or Outlk15.adml to the corresponding language folder.

Then you can create a new GPO. The desired setting can be found under User Configuration >> Administrative Templates >> Microsoft Outlook 201x >> Outlook Options >> Delegates >> Disable shared mail folder caching. Set this to “enable” and apply the GPO.

Still using Microsoft Outlook 2010?

Please note, that the GPO template for Microsoft Outlook 2010 doesn’t contain the necessary setting that controls this functionality!

Changes to supported .NET Frameworks for Exchange 2013/2016

This posting is ~3 years years old. You should keep this in mind. IT is a short living business. This information might be outdated.
EDIT: If you have already installed .NET 4.6.1, check this blog post on how to remove it (You Had Me At EHLO…)

Microsoft Exchange heavily relies on Microsoft .NET Framework. Because of this, Microsoft provides a matrix for the supported Microsoft .NET Frameworks. Mostly unknown is the fact, that Exchange doesn’t support the every Microsoft .NET Framework, and this is causing trouble sometimes. Some admins simply install the latest .NET releases because “it doesn’t hurt”. Well… it hurts!

Changes for .NET Framework 4.6.1

Microsoft has changed the support policy for .NET Framework 4.6.1 with the release of Exchange 2013 CU13 and Exchange 2016 CU2. Up to this versions, only .NET Framework 4.5.2 is supported. Starting with Exchange 2013 CU13 and Exchange 2016 CU2, Microsoft supports .NET Framework 4.6.1 together with a hotfix rollup (KB3146715 for Server 2012 R2, KB3146714 for Server 2012 and KB3146716 for Server 2008 R2). If you wish to install .NET Framework 4.6.1, make sure to install Exchange 2013 CU13 or 2016 CU2 first.

.NET Framework/ Microsoft ExchangeExchange 2007 SP3Exchange 2010 SP3Exchange 2013 CU13 and laterExchange 2016 CU2 and later
.NET Framework 3.5.1XX
.NET Framework 4.0
.NET Framework 4.5X
.NET Framework 4.5.1X
.NET Framework 4.5.2XX
.NET Framework 4.6.1
.NET Framework 4.6.2

¹ .NET 3.5 or 3.5.1 must be installed

² Supported with hotfix rollup (KB3146715 for Server 2012 R2, KB3146714 for Server 2012 and KB3146716 for Server 2008 R2)

Other .NET Framework versions

Microsoft .NET Framework 4.6.2 isn’t supported for any version of Microsoft Exchange. Other example: If you’re running Exchange 2010 SP3, don’t install anything above .NET Framework 4.5, not even 4.5.1. Check the Exchange Server Supportability Matrix for the supported .NET Framework for the Exchange version you’re running.

Side notes

Microsoft PowerShell is part of the Windows Management Framework (WMF). Microsoft Exchange only supports the WMF built into the underlying Windows Server version.

This also applies to Microsoft Outlook. I wonder how many Exchange projects fail because the Microsoft Outlook version, that is used by the customer, isn’t supported.

Receive Connector role not selectable in Exchange 2016 CU2

This posting is ~3 years years old. You should keep this in mind. IT is a short living business. This information might be outdated.

Another bug in Exchange 2016 CU2. The Role of a new receive connector is greyed out. You can select “Front-End-Transport”. This is a screenshot from a german Exchange 2016 CU2.

receive_connect_role_not_selectable

Patrick Terlisten/ www.vcloudnine.de/ Creative Commons CC0

Solution

Use the Exchange Management Shell to create a new receive connector. Afterwards, you can modify it with the Exchange Control Panel (ECP).

Microsoft has confirmed, that this is a bug in Exchange 2016 CU2.

Exchange 2013 Offline Address Book visible after Exchange 2016 deployment?!

This posting is ~3 years years old. You should keep this in mind. IT is a short living business. This information might be outdated.

After deploying a new Microsoft Exchange organization with Exchange 2016, or after deploying a Microsoft Exchange 2016 into an existing organization, you might notice a strange behaviour regarding the Offline Address Books (OAB).

Huh?! Where does this Exchange 2013 OAB come from? As you can see in the cmdlet output, there’s no Exchange 2013 in this organization.

There is no Exchange 2013 server in this organization. Only Exchange 2010 (Build 14.3) and 2016 (Build 15.1).

This is nothing to worry about. Microsoft has confirmed that this is a bug. The OAB simply has the wrong name and Microsoft will fix it in an upcoming cumulative update. It’s not fixed in the latest CU2 for Exchange 2016! There’s also no need to change the name of the OAB.

So don’t panic, if you deploy a Microsoft Exchange 2016 CU2 and you see “Ex2013” in the OAB name. Ignore it.

Setting up split DNS using Windows DNS server

This posting is ~3 years years old. You should keep this in mind. IT is a short living business. This information might be outdated.

Sometimes it’s necessary to have two DNS servers that are authoritative for the same DNS namespace. This is the case if you use the same namespace for your web site and your internal Active Directory domain, e.g. terlisten-consulting.de. Or that you have created the zone terlisten-consulting.de in your Windows DNS to point specific hosts to internal IP addresses. The DNS servers at your ISP would be authoritative, and the domain controllers of your Active Directory would also be authoritative for the same domain. The response to a query depends on which DNS server you ask. So what would happen if you try to resolve www.terlisten-consulting.de, and the internal DNS has no record for it?

In this case, the domain controller in my lab is authoritative for terlisten-consulting.de. But he doesn’t has a A record for www.terlisten-consulting.de. If I remove the zone from my domain controller, or if I use an external DNS server, I get a non-authoritative answer.

This, the same DNS namespace on different DNS server, is called “split DNS” (sometimes also called split-horizon DNS, split-view DNS or split-brain DNS).

Do it right

Split DNS is pretty handy, and sometimes it’s necessary. When it comes to Microsoft Exchange, it a common practice to use the same external DNS namespace for the internal and external URLs. This requires, that I create a zone for the externally used DNS namespace on my internal DNS (in most cases: Microsoft Windows Activice Directory domain controllers). The downside: I must create all DNS entries on my internal DNS, and I must point them to their external IP addresses, except the ones that should point to an internal IP.

FQDNInternal/ External IP address
www.terlisten-consulting.deexternal IP address
exchange.terlisten-consulting.deinternal IP address
shop.terlisten-consulting.deexternal IP address

Otherwise, users that use the domain controllers as DNS server, wouldn’t be able to resolve www or shop. This is challenging. But there’s a solution.

Create split DNS for single hosts

The Domain Name System is hierarchy organized. Because of this, I can tell my DNS server to be authoritative only for a sub-tree of a domain, e.g. exchange.terlisten-consulting.de. If I try to resolve www.terlisten-consulting.de, the DNS server would go down the hierarchy starting at the DNS root servers (or it would ask a forwarder). Instead of creating a zone for the whole namespace, create a zone for the host. Simply add

  • a new primary zone
  • don’t allow dynamic updates to the zone, and
  • create a new A or AAAA record for the host

Make sure

  • to leave the name field empty
  • don’t create a PTR record
  • point it to the internal IP of the host
single_host_zone

Patrick Terlisten/ www.vcloudnine.de/ Creative Commons CC0

A simple nslookup will show if split DNS works as expected.

Works as expected. Make sure to clear the DNS server cache after you have added the zones.

Windows DNS Server Policies

Windows Server 2016 will introduce Windows DNS Server Policies. DNS Policies will allow you to control how a DNS Server handles answers to queries based on parameters like source IP address, IP address of the network interface that has received the query etc. In future, DNS Server Policies can be used to configure split DNS.

Data Protector: Exchange backup failes because of database lock

This posting is ~3 years years old. You should keep this in mind. IT is a short living business. This information might be outdated.

Today I had a customer call, where a Exchange 2010 backup repeatedly failed. HPE Data Protector was unable to create a differential or incremental backup. For each database, the following error was logged:

Interestingly, there was no other backup session running. But the night before, the backup jobs failed because of a network failure.

The solution is easy. This error is caused by a wrong information in the Data Protector database. To remove this, open an administrative CMD on the Data Protector Cell Manager and run this omnidbutil command:

This command  will free up the locked resources in the Data Protector database.Then, run the job again.

Exchange Management Shell (EMS) and new PowerShell releases

This posting is ~3 years years old. You should keep this in mind. IT is a short living business. This information might be outdated.

Some day ago, I installed a new Exchange 2013 CU11 for some test ins my lab. Nothing fancy, just a single server deployment on a Windows Server 2012 R2 VM. I deployed this Windows Server from a template, which was updated with the latest Windows Patches and WMF some days ago. The Exchange setup went smooth. I updated the SSL certificates and the internal and external URLs for the virtual directories. Then I started the Exchange Management Shell (EMS), to update the Autodiscover URL in the service connection point (SCP) of the Active Directory.

Well… that doesn’t look successful. I quickly switched to a PowerShell windows and imported the Exchange snap-in manually.

Looks better, isn’t it?

I compared my lab setup to a running Exchange 2013 single server deployment and I stumbled over the PowerShell version. In addition, I found the Windows Management Framework 5 Production Preview (KB3066437) on my freshly deployed Windows Server 2012 R2 VM.

After checking the Exchange Server Supportability Matrix, it was clear what had happened: WMF 5 is not supported (Source). Not supported with Exchange 2013, and also not supported with Exchange 2016.

exchange_supported_wmf

After I had removed KB3066437 from my Exchange server, the EMS loaded successfully.

You should ALWAYS check if installed applications are supported with newer version of PowerShell/ WMF! Currentyl, no Exchange version is supported with PowerShell 5/ WMF 5.

Outlook license requirements for Exchange features

This posting is ~3 years years old. You should keep this in mind. IT is a short living business. This information might be outdated.

Microsoft Exchange Server licensing is rather simple. You can choose between two Exchange licenses:

  • Standard (up to 5 mailbox databases)
  • Enterprise (up to 100 mailbox databases)

Standard and Enterprise only differ in the number of supported databases! Feedl free to use Exchange DAG with Exchange Standard and Windows Server Standard! To license your clients, you have to purchase a Client Access License (CAL) for each user or device that accesses your Exchange server environment. There are two types of CALs:

  • Standard
  • Enterprise (add-on for Standard CAL)

The Standard CAL is always necessary and enables most features of Exchange. The Enterprise CAL is an add-on license. If a user needs one of the Enterprise CAL features, you have to purchase a Standard AND an Enterprise CAL. The Enterprise CAL enables the following features:

  • In-Place Archive
  • Retention policies
  • Apply Information Rights Management (IRM)
  • Site mailboxes
  • DLP Policy Tips

Pretty simple, isn’t it? But have you thought about your Microsoft Outlook license? To use the Exchange Enterprise CAL features, you have to consider your Microsoft Outlook licensing! You have to use a Outlook version that is supported with your specific Exchange Server version, and you also have to consider if you have retail or volume license licenses. Microsoft Exchange Enterprise CAL features can be used with the following Microsoft Outlook licenses:

Outlook 2016

  • Outlook 2016 stand-alone (Retail or Volume License)
  • Outlook 2016 included with Microsoft Office Professional Plus 2016 (Volume License)

Outlook 2013

  • Outlook 2013 stand-alone (Retail or Volume License)
  • Outlook 2013 included with Microsoft Office Professional Plus 2013 (Volume License)

Outlook 2010

  • Outlook 2010 stand-alone (Retail or Volume License)
  • Outlook 2010 included with Microsoft Office Professional Plus Subscription (Retail)
  • Outlook 2010 included with Microsoft Office Professional Plus (Volume License)

Outlook 2007

  • Outlook 2007 stand-alone (Retail or Volume License)
  • Outlook 2007 included with Microsoft Office Ultimate 2007 (Retail)
  • Outlook 2007 included with Microsoft Office Professional Plus 2007 (Volume License)
  • Outlook 2007 included with Microsoft Office Enterprise 2007 (Volume License)

The correct Outlook client license is important! If you try to use Outlook 2013 included with Microsoft Office Professional (Retail) with In-Place Archive for example, the archive will not show up in Outlook. If everything is licensed correctly, your Outlook with enabled archiving should look like this:

in-place_archive_outlook2016

Patrick Terlisten/ www.vcloudnine.de/ Creative Commons CC0

Please note, that Outlook 2007 is not supported with Exchange 2016. Please also note, that the Enterprise CAL features “Site mailboxes” and “DLP Policy Tips” can only be used with Outlook 2013 and later.

Microsoft Exchange 2013 shows blank ECP & OWA after changes to SSL certificates

This posting is ~4 years years old. You should keep this in mind. IT is a short living business. This information might be outdated.
EDIT
This issue is described in KB2971270 and is fixed in CU6.

I ran a couple of times in this error. After applying changes to SSL certificates (add, replace or delete a SSL certificate) and rebooting the server, the event log is flooded with events from source “HttpEvent” and event id 15021. The message says:

If you try to access the Exchange Control Panel (ECP) or Outlook Web Access (OWA), you will get a blank website. To solve this issue, open up an elevated command prompt on your Exchange 2013 server.

Check the certificate hash and appliaction ID for 0.0.0.0:443, 0.0.0.0:444 and 127.0.0.1:443. You will notice, that the application ID for this three entries is the same, but the certificate hash for 0.0.0.0:444 differs from the other two entries. And that’s the point. Remove the certificate for 0.0.0.0:444.

Now add it again with the correct certificate hash and application ID.

That’s it. Reboot the Exchange 2013 server and everything should be up and running again.