Troubleshoot & Health Check Microsoft Exchange 2013 with M.A.T.S

Microsoft Exchange 2013 introduced us to Managed Availability, with the aim of providing a mechanism to “detect and recover from problems as soon as they occur and are discovered by the system

However, as Tony Redmond explains with great clarity and insight here

“Because of the blizzard of data generated by Managed Availability and the sheer number of probes, monitors, and responders required to measure all of the interactions and processing that happen within a complex software product like Exchange, it can be confusing to understand just what data is being gathered and why” read more

Links to content, scripts and tools from MSIgnite 2015

msignite

For anyone that missed MSIgnite this year in Chicago, see below for a list of links to content, scripts and tools from the sessions:

How to change the primary SMTP address of an Exchange Online mailbox in a Hybrid environment

Edit:  I’ve posted a video of this here

In a hybrid environment, when a mailbox is migrated from on-premise to Exchange online, it will retain its primary SMTP email address.  But what about when you create a new user who has never had a mailbox on-premise?

When you assign an Office 365 license, and a mailbox is created, you might find that the primary email address is set to the Microsoft Online Email Routing Address (e.g. domain.onmicrosoft.com). read more

Top Tips when preparing for an Office 365 & Exchange Online migration

Here are my top tips when preparing for an on-premise to Exchange Online & Office 365 migration

  1.  Active Directory
    1. Identify Active Directory objects requiring remediation
    2. Install and run the Office 365 IDFix tool.  IdFix identifies errors such as duplicates and formatting problems in your directory before you synchronize to Office 365.  http://www.microsoft.com/en-us/download/details.aspx?id=36832
    3. Remediate any Active Directory objects identified by the IdFix tool
    User Principle Names (UPN’s)
    1. Identify the User Principle Name (UPN) of all accounts to be migrated that are not internet routable
    2. Office 365 requires that users have a valid, internet routable User Principal Name suffix, such as contoso.com instead of contoso.local
    3. Change the User Principal Name on the accounts to be migrated to Office 365 to match the primary SMTP address
      1. Office 365 requires that users have a valid, internet routable User Principal Name suffix, such as contoso.com instead of contoso.local.
      2. Email addresses are internet routable.
      3. Changing the UPN to the primary SMTP address solves many of the UPN validation problems like invalid characters, spaces, or even duplicate UPNs.
      4. Many times Office 365 services will ask for email address and password when it really wants a UPN.
      Large Items
      1. Mailboxes with items larger than 150MB cannot be migrated to Office 365.  Download and run one of numerous scripts to help identify mailboxes with items larger than 150MB
      2. https://gallery.technet.microsoft.com/PowerShell-Script-Office-54d367ea
      Dynamic Distribution Groups
      1. Identify any Dynamic Distribution Groups.  These cannot be migrated to office 365.
      2. Summary of Problem
        1. When a mailbox is migrated from on-premise to Office 365, the mailbox no longer appears in the on-premise Dynamic Distribution Group
        2. Mailboxes in Office 365 cannot see on-premise Dynamic Distribution Group’s in the Global Address List (GAL)
        Summary of Solution
        1. Expand the filter on your Dynamic Distribution Lists to include “Users with external email addresses”.  This way , when the mailbox is migrated to Office 365 it will continue to appear in the Dynamic Distribution Group
        2. Create a contact in Exchange Online to represent the dynamic distribution group
        3. Exchange Online users can now select the dynamic distribution group from the global address list (GAL). When they do, messages will be delivered to the members of the group as defined by the settings for the group.
        4. Once all mailboxes are migrated recreate the dynamic distribution groups in Office 365
        Shared Mailboxes
        1. Identify any shared mailboxes and their delegates.   A shared mailbox and its delegates need to be migrated together
        Public Folders
        1. If your public folders are on Exchange 2010 or later servers, then you need to install the Client Access Server role (if not already installed) on all mailbox servers that have a public folder database. This allows the Microsoft Exchange RpcClientAccess service to be running, which allows for all clients (on-premise and O365) to access public folders
        Office 365 Tenancy
        1. Ensure you have the license and login details
        2. Verify if tenancy has been created
        Hybrid
        1. Provision a new public IP address on your firewall for your Hybrid environment
        2. Create an A record in your public DNS to represent your Hybrid environment pointing to this public IP address
        Unified Messaging (UM)
        1. UM needs to be disabled on a mailbox before it can be migrated to Office 365
        2. Office 365 can be enabled / configured for UM, but it requires a compatible telephony / voice system to be available to provide the dial tone.  This can be e.g. Lync / IP PBX.
        3. Verify that a compatible telephony / voice system to be available to provide the dial tone
        Journaling
        1. You can’t designate an Office 365 mailbox as a journaling mailbox. You can deliver journal reports to an on-premises archiving system or a third-party archiving service. If you’re running a hybrid deployment with your mailboxes split between on-premises servers and Office 365, you can designate an on-premises mailbox as the journaling mailbox for your Office 365 and on-premises ailboxes. Office 365 cannot host journaling mailboxes.
        Operating System
        1. Please ensure all clients who’s mailbox are being migrated are running the latest operating systems service packs
        2. Also, please review if you are likely to be in the following scenario.  If yes, you will need to implement the hotfix(es) (and registry entry) in the link below
          1. You have a third-party proxy server that enables communication only over port 80.
          2. You configure a computer that is running one of the following operating systems to use this proxy server for all protocols:
            1. Windows 8.1
            2. Windows Server 2012 R2
            3. Windows 7
            4. Windows Server 2008 R2
            You configure the proxy bypass list to contain settings for internal servers. You enable the Bypass proxy server for local addresses option. You configure Microsoft Outlook 2010 or Microsoft Outlook 2013 to connect to the newest Microsoft Office 365 mailbox (Wave15). http://support.microsoft.com/kb/2916915 Mail Routing
            1. Ensure that all outbound on-premise SMTP sending IP addresses are included in the inbound connector in Office 365.  E.g. if customer is using 2 separate firewalls outbound SMTP might go out on 2 public ip addresses – both addresses need to be included in the Office 365 inbound connector
            Firewall Rules Office 365 URLs and IP address ranges Ensure the following URL’s and IP addresses are accessible from computers on the network

            https://technet.microsoft.com/en-us/library/hh373144.aspx read more

Ambigous URL’s prevent Exchange 2013 proxy to 2010

I was recently working on a project migrating a customer from MS Exchange 2010 to MS Exchange 2013.  We were preparing to cutover the client access namespace to 2013 by updating DNS to point at the 2013 CAS.

Problem

However, during testing, I found that 2013 was not proxying connections to mailboxes on 2010. My outlook client would remain in a disconnected state. read more

Access Denied” connecting to Office365 using Remote Powershell

Problem
Connecting to Exchange Online using Remote Powershell as per this procedure I was getting the following “Access Denied” error

RemotePoShAccessDenied

As per KB2905767 I logged into the Office 365 portal and verified the password was correct and that the account was a global admin.

Solution

I my case I was copying and pasting the username read more

External Outlook Anywhere “Cant login” / “Trying to Connect” via IIS ARR & MSExchange 2013

Recently I worked on an Exchange 2007 to Exchange 2013 on premise migration.  We had cut over the client access services from Exchange 2007 to 2013.  Client Access was published externally via IIS ARR.  I used this post by my good friend (and Lync Guru) Yoav Barzilay  to configure IIS ARR.  Although the post is for Lync, it is a great guide that will also apply to Exchange. read more

MSExchange 2013 Health Check Powershell Scripts

Sometimes I am asked to carry out a health check on an Exchange environment.  Other times I simply want to quickly verify the health of an environment before any changes are made.

Here are 4 powershell scripts that I use to quickly give me a good overview of an Exchange environment and its health

Starting with 2 great scripts from Microsoft Exchange MVP Paul Cunningham at http://exchangeserverpro.com/ read more