Unable to run Office 365 / Exchange Hybrid Wizard – “Content was blocked because it was not signed by a valid security certificate”

Unable to run Office 365 / Exchange Hybrid Wizard – “Content was blocked because it was not signed by a valid security certificate”

Problem

From the Exchange Admin Center you run the Hybrid configuration setup

Hybrid1

You are prompted to login to Office 365

Hybrid2

You enter your credentials

Hybrid3

And then receive this message / warning

Hybrid4

You are unable to complete the Hybrid configuration

Solution

You can resolve this issue by installing the certificate as follows: read more

Error creating a public folder migration batch when the “Folder to Mailbox Map” CSV file has more than 1000 rows

Problem Description

Trying to migrate public folders from Exchange 2007 to 2013 using the batch migration process detailed here

On step 5, when running the New-Migration cmdlet to create the migration batch as follows

New-MigrationBatch -Name PFMigration -SourcePublicFolderDatabase (Get-PublicFolderDatabase -Server SERVER01) -CSVData (Get-Content Public_Folder_to_mailbox_map.csv -Encoding Byte) -NotificationEmails user@domain.com -BadItemLimit $BadItemLimitCount    read more

Mailbox Management & SSO after Office 365 Hybrid Migration

So you are coming to the end of an Exchange Online Hybrid migration, and are considering decommissioning the on-premise Hybrid Exchange server.  Are there any considerations that need to be taken into account?

By the end of the mailbox migrations, you may have configured Azure AD Sync and made the on-premises Active Directory the source of authority. Therefore, going forward, you must perform any required changes on the objects in the on-premises Active Directory and not in Office 365, as most attributes on  are read only. read more

Exchange Active Sync not working for some users due to Kerberos Token Bloat

Problem

  • You have deployed Exchange or are in the middle of a migration from an older version.
  • You discover that Active Sync is not working for some users, but it’s working fine for other users
    • In my case I was migrating from Exchange 2007 to Exchange 2013.

    Other Symptoms

    • HTTP Proxy Log contains the following error
      • WebExceptionStatus=ProtocolError;ResponseStatusCode=400;WebException=System.Net.WebException: The remote server returned an error: (400) Bad Request.

      Cause

      The problem in my case was a Kerberos Token Bloat cause by the affected users being a member of a larger number of Active Directory Groups (in my case 150)

      As per this Technet article:

      “This issue may occur when the user is a member of many Active Directory user groups. When a user is a member of a large number of active directory groups the Kerberos authentication token for the user increases in size. The HTTP request that the user sends to the IIS server contains the Kerberos token in the WWW-Authenticate header, and the header size increases as the number of groups goes up.  If the HTTP header or packet size increases past the limits configured in IIS, IIS may reject the request and send this error as the response.” read more

Exchange 2013 – Event ID 17, 23 and 258 HealthMailbox: No role Assignments

Problem

The following 3 errors are filling up the application log

Event ID 17, 23 and 258

(Process w3wp.exe, PID 6828) “RBAC authorization returns Access Denied for user domain.local/Microsoft Exchange System Objects/Monitoring Mailboxes/HealthMailbox6abb348c643845acaee87941bd609e63. Reason: No role assignments associated with the specified user were found on Domain Controller dc.domain.local” read more

Exchange 2013 Server Component State Inactive

I came across a problem recently with an Exchange 2013 server component showing as inactive which had me puzzled for a while, but in the end was an easy fix.

Problem

The Exchange 2013 server OWAProxy component showing as inactive.  Further, running the Set-ServerComponentState to change the component state to active had no affect read more

MSExchange DAG Replication Bandwidth Script

I’m in the process of planning a migration from Exchange 2007 to 2013 for one of my multinational customers.  The solution will include multiple DAG’s split across datacentres in EMEA and North America.

A key component of the planning is estimating the bandwidth requirements between datacentres.  And to do this, I needed to collect the log file usage from the current Exchange 2007 environment. read more

Troubleshoot & Health Check Microsoft Exchange 2013 with M.A.T.S

Microsoft Exchange 2013 introduced us to Managed Availability, with the aim of providing a mechanism to “detect and recover from problems as soon as they occur and are discovered by the system

However, as Tony Redmond explains with great clarity and insight here

“Because of the blizzard of data generated by Managed Availability and the sheer number of probes, monitors, and responders required to measure all of the interactions and processing that happen within a complex software product like Exchange, it can be confusing to understand just what data is being gathered and why” read more

Links to content, scripts and tools from MSIgnite 2015

msignite

For anyone that missed MSIgnite this year in Chicago, see below for a list of links to content, scripts and tools from the sessions:

How to migrate Resource (room) mailboxes to Office 365

This guide is based on an Exchange 2013 Hybrid environment and describes the steps required to migrate resources mailboxes (in this case Room mailboxes) from On-premise Exchange to Exchange Online (Office 365)

Step 1:          Connect to Exchange Online via Powershell

Open Windows PowerShell and run the following command: read more