WSUS – The file for this update failed to download

Edit:  I’ve posted this on youtube here 

Problem

During a recent deployment of WSUS on Windows 2012 R2, using WID database, I ran into a problem whereby after I approved updates, they would fail to download.  The WSUS console show the following error “The files for this update failed to download” read more

Error creating a public folder migration batch when the “Folder to Mailbox Map” CSV file has more than 1000 rows

Problem Description

Trying to migrate public folders from Exchange 2007 to 2013 using the batch migration process detailed here

On step 5, when running the New-Migration cmdlet to create the migration batch as follows

New-MigrationBatch -Name PFMigration -SourcePublicFolderDatabase (Get-PublicFolderDatabase -Server SERVER01) -CSVData (Get-Content Public_Folder_to_mailbox_map.csv -Encoding Byte) -NotificationEmails user@domain.com -BadItemLimit $BadItemLimitCount    read more

Mailbox Management & SSO after Office 365 Hybrid Migration

So you are coming to the end of an Exchange Online Hybrid migration, and are considering decommissioning the on-premise Hybrid Exchange server.  Are there any considerations that need to be taken into account?

By the end of the mailbox migrations, you may have configured Azure AD Sync and made the on-premises Active Directory the source of authority. Therefore, going forward, you must perform any required changes on the objects in the on-premises Active Directory and not in Office 365, as most attributes on  are read only. read more

Exchange Active Sync not working for some users due to Kerberos Token Bloat

Problem

  • You have deployed Exchange or are in the middle of a migration from an older version.
  • You discover that Active Sync is not working for some users, but it’s working fine for other users
    • In my case I was migrating from Exchange 2007 to Exchange 2013.

    Other Symptoms

    • HTTP Proxy Log contains the following error
      • WebExceptionStatus=ProtocolError;ResponseStatusCode=400;WebException=System.Net.WebException: The remote server returned an error: (400) Bad Request.

      Cause

      The problem in my case was a Kerberos Token Bloat cause by the affected users being a member of a larger number of Active Directory Groups (in my case 150)

      As per this Technet article:

      “This issue may occur when the user is a member of many Active Directory user groups. When a user is a member of a large number of active directory groups the Kerberos authentication token for the user increases in size. The HTTP request that the user sends to the IIS server contains the Kerberos token in the WWW-Authenticate header, and the header size increases as the number of groups goes up.  If the HTTP header or packet size increases past the limits configured in IIS, IIS may reject the request and send this error as the response.” read more

Exchange 2013 – Event ID 17, 23 and 258 HealthMailbox: No role Assignments

Problem

The following 3 errors are filling up the application log

Event ID 17, 23 and 258

(Process w3wp.exe, PID 6828) “RBAC authorization returns Access Denied for user domain.local/Microsoft Exchange System Objects/Monitoring Mailboxes/HealthMailbox6abb348c643845acaee87941bd609e63. Reason: No role assignments associated with the specified user were found on Domain Controller dc.domain.local” read more

Exchange 2013 Server Component State Inactive

I came across a problem recently with an Exchange 2013 server component showing as inactive which had me puzzled for a while, but in the end was an easy fix.

Problem

The Exchange 2013 server OWAProxy component showing as inactive.  Further, running the Set-ServerComponentState to change the component state to active had no affect read more

Microsoft Exchange ActiveSync Error 500

Problem

On a new deployment of Exchange 2013, Active Sync is not working

Symptoms

  1. Mobile device fails to connect to mailbox “Unable to connect to server”
  1. You see the following error in the HTTP Proxy log:

EAS_500-1

  1. Also, in the application event log on your Exchange server you see Event ID 1053

EAS_500-2

Cause

Inheritance is disabled on the user account

EAS_500

As per this Microsoft KB article:

“The first time that a user tries to synchronize an EAS device, the Microsoft Exchange Server tries to create a container of the type msExchActiveSyncDevices under the user object in Active Directory Domain Services (AD DS). The Exchange Server then tries to change permissions on the container. read more

Microsoft Exchange DAG database copy queue length 9223372036854773269

Background

As part of testing a new Exchange 2013 DAG before going into production, I was simulating different scenarios including server failure.  One of the 3 servers in the DAG was powered off.  Active databases failed over automatically to the other servers, and the databases mounted automatically. read more

Using PowerShell & Task Scheduler to Purge Microsoft Exchange Logs

Microsoft Exchange creates a lot of logs.  Unless these are managed, they can quickly fill up your disk space.  The following describes one way to use PowerShell and Task Scheduler to automatically purge the Exchange 2013 / 2016 and IIS logs:

Scheduled Task Summary

Task Name Purge Exchange logs older than 7 days
Function Deletes all Exchange logs older than 7 days from the following location ‘c:\program files\microsoft\exchange server\V15\Logging’
Schedule Daily at 1am
Program Called C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Parameters gci ‘c:\program files\microsoft\exchange server\V15\Logging’ -Directory | gci -Include ‘*.log’,’*.blg’ -Recurse | ? LastWriteTime -lt (Get-Date).AddDays(-7) | Remove-Item
Runs As SYSTEM
Task Name Purge IIS logs older than  14 days
Function Deletes all IIS logs older than 14 days from the following location ‘c:\inetpub\logs’
Schedule Daily at 1am
Program Called C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Parameters gci ‘C:\inetpub\logs’ -Directory | gci -Include ‘*.log’,’*.blg’ -Recurse | ? LastWriteTime -lt (Get-Date).AddDays(-14) | Remove-Item
Runs As SYSTEM

Step by Step

 1.  Open Task Scheduler and select “Create Basic Task” read more

How to copy Receive Connectors from Exchange 2007 / 2010 to Exchange 2013

During a migration from Exchange 2007 to Exchange 2013 I was looking for a way to easily copy or migrate the non-default Receive Connectors from Exchange 2007 to Exchange 2013.  It was a large deployment and therefore manually creating all the Receive Connectors would have been very time consuming.

I came across this excellent blog from Steve Goodman  describing how to do it using the Exchange Management Shell. read more