SuperTekBoy

Practical Help for Exchange & Office 365

Header Right

Main navigation

Don’t install .NET Framework 4.7 on Exchange Servers

By Leave a Comment

50 Shares
Share
+1
Share
Reddit

T.NET Framework 4.7he Exchange Team posted a quick note Tuesday addressing the release of .NET Framework 4.7 and Exchange. As of right now (June 2017) .NET 4.7 is not supported. While the Exchange team has not documented any known compatibility issues (like we saw when previous releases first shipped) they report the update has not been fully tested with Exchange and recommend all customers block the update until further notice.

As with any series of patching it is always critical to review all updates against the Exchange Supportability Matrix. If you want support from Microsoft you must be within the boundaries of that matrix. At the time of writing .NET 4.6.2 is the latest version supported by Exchange 2013 and Exchange 2016, provided you are on the latest cumulative updates. Older cumulative updates only support older versions of .NET. The Exchange Supportability matrix states that any version of .NET not listed on that site should be considered unsupported.

If you have already applied .NET 4.7 to your Exchange servers the product group recommends rolling back. The have identified this process in their latest blog post.

For environment that use patch management software such as WSUS or System Center, it is always a good idea to put Exchange servers in their own update group. This allows you to isolate Exchange into its own update cycle. If you don’t have a patch management system you can temporarily block .NET through the registry. Although this registry change will need to be performed against each Exchange server.

With future cumulative updates .NET Framework 4.7 will eventually be supported. We will update this space when this occurs.

TwitterDo you think Exchange should have day one support for the .NET Framework? Come join the conversation on Twitter @SuperTekBoy.

Exchange March 2017 Updates

By Leave a Comment

36 Shares
Share
+1
Share
Reddit

Exchange 2016 CU5It was a big month for Exchange updates. Not only did we get Cumulative Update 16 for Exchange 2013, but we also got Cumulative Update 5 for Exchange 2016.

As always, test these updates in a lab first! I recommend checking out this 7-part guide on configuring Exchange in your lab. It doesn’t take much to get one going.

The updates are as follows:

Exchange 2016 MiniExchange Server 2016 Cumulative Update 5 | KB4012106 UM Language Pack

Exchange 2013 Cumulative Update 9Exchange Server 2013 Cumulative Update 16 | KB4012112 | UM Language Pack

Exchange 2010 MiniExchange Server 2010 SP3 Update Rollup 17 | KB4011326

Exchange 2007 MiniExchange Server 2007 SP3 Update Rollup 23 | KB4011325 (final update for 2007)

A quick word on Exchange 2007

It’s time to update. Exchange 2007 will go end of life on April 11th 2017. At the time of writing that is 20 days. On April 12th you will receive no more patches and no more telephone support. In fact Update Rollup 23 will be the final patch for Exchange 2007. No more daylight savings updates will be provided from here on out.

If the lack of security updates from Microsoft isn’t convincing enough, check this article for a list of cool things Exchange 2013 can do. (P.S. Like the fact Exchange 2013 uses less IOPS per mailbox than 2007…say what?)
[Read more…] about Exchange March 2017 Updates

Three65 podcast with MVP Mark Vale – What’s new in Exchange

By 5 Comments

55 Shares
Share
+1
Share
Reddit

On March 4th I had the great pleasure of being a guest on the Three65 podcast. I joined host Mark Vale to discuss the latest from Exchange and Exchange Online.

Three65 Podcast with MVP Mark Vale & Gareth Gudger

(Originally posted at https://channel9.msdn.com/Blogs/MVP-Office-Servers-and-Services/Three65-Exchange-Exchange-Updates-with-Gareth-Gudger)

[Read more…] about Three65 podcast with MVP Mark Vale – What’s new in Exchange

Changing the meeting layout in Skype for Business

By 2 Comments

39 Shares
Share
+1
Share
Reddit

When you enter a Skype for Business meeting it is launched in speaker view. Speaker view adds the portrait of the presenter to the lower right of the screen. The portrait will change to whoever is currently speaking. This view is especially useful when the presenter is using a webcam as the picture is replaced with their video stream. Unfortunately, this can cover part of the presentation as shown below. This view can be changed but the option to do so is not in an intuitive location. In total there are three views for a Skype meeting. In this article we will look at all three and how to switch between them.

Skype for Business Speaker View

To change from speaker view we use the Pick a Layout button (  ). This button is located at the top right of screen in the title bar. If you select this button a checkmark will indicate what view you are currently in. In our case we are in Speaker View. To pick another view select it from the list. [Read more…] about Changing the meeting layout in Skype for Business

Hybrid mail flow: TLS negotiation failed with error NoCredentials

By 5 Comments

39 Shares
Share
+1
Share
Reddit

Ran into a strange problem recently where an Exchange 2016 server could not send mail to Office 365 via hybrid mail flow. What made this situation particularly strange is that other Exchange servers in the environment had no problem sending messages over the hybrid connection. On the problem server messages would get stuck in the queue and eventually time out.

The queues were filled with retries such as these.

451 4.4.0 Primary target IP address responded with: "421 4.2.1 Unable to connect." Attempted failover to alternate host, but that did not succeed. Either there are no alternate hosts, or deliver failed to all alternate hosts.

This message tells us that the server was unable to connect to Office 365. Unfortunately, it does not give us much detail beyond that. For that level of detail we need to enable logging on the SMTP send connector used to send mail to Office 365.

Turn up logging on the SMTP Send Connector

To enable logging on an send connector log into the Exchange Admin Center (EAC) and select the Mail Flow tab and Send Connectors sub tab. Double click the send connector named Outbound to Office 365 and select Verbose under the General tab. Click Save.

Configure verbose logging on Exchange 2016 send connector

To perform this same action through the Exchange Management Shell (EMS) type the following command.

 C:\> Set-SendConnector -Identity "Outbound to Office 365" -ProtocolLoggingLevel Verbose
Note: Protocol logging can take some time before it starts creating log files. You can jump start this process by restarting the Microsoft Exchange Transport service. Keep in mind this will disrupt mail flow on that server while the service restarts. The default location for SMTP send logs in Exchange 2016 is  %ExchangeInstallPath%TransportRoles\Logs\Hub\ProtocolLog\SmtpSend.

While we waited for logging to generate some entries we also confirmed that we could successfully make a connection from the problem server to Office 365. For this task we confirmed that we could telnet over port 25 to Office 365 and send an email message. This confirmed two things. First that this server was not being blocked on outbound port 25. Second that this server could resolve and reach Office 365 servers. [Read more…] about Hybrid mail flow: TLS negotiation failed with error NoCredentials

An error occurred while testing the Mail Store (Mailbox logon returned ecLoginFailure -2147221231)

By 1 Comment

24 Shares
Share
+1
Share
Reddit

Ran into a strange issue recently when a client upgraded from Exchange 2010 to Exchange 2016. The client had already decommissioned Exchange 2010 so coexistence was not a factor. Their configuration was a single-server running Exchange 2016. All mailboxes were located on a single database.

Outlook clients would work fine internally. Externally Outlook would never connect. The status bar would simply report ‘Trying to connect’. Outlook on the Web and all ActiveSync clients were working fine. In addition, the Autodiscover test on the Microsoft Remote Connectivity website was passing.

In contrast the Outlook Connectivity test from the same site was failing. The following error was reported.

Testing the MAPI Mail Store endpoint on the Exchange server.
  An error occurred while testing the Mail Store.

Additional Details

Elapsed Time: 919 ms.

Test Steps

Attempting to log on to the Mailbox.
  An error occurred while logging on to the Mailbox.

Additional Details

Mailbox logon returned ecLoginFailure -2147221231. Possible causes are:

    
 	
  1. The user doesn't have any access to a private mailbox or public folder messaging data.
    2. 
 	
  2. There are no private mailboxes or public folders on the server.
    3. 
 	
  3. The server is exiting or is about to exit.
    4. 



StatusCode: -2147221231

The possible causes identified by the error were equally vague. We confirmed these user credentials were working fine with Outlook on the Web and internally for the user. In addition, this was the only server hosting all the mailboxes and we could access them just fine with Outlook internally. As part of our troubleshooting we disabled MAPI over HTTP in favor of the older RPC over HTTP connection method. Unfortunately, this provided the exact same result.

Fixing logon returned ecLoginFailure -2147221231

The remedy for us was to move all users to a new database. We tested this first by creating a new database and moving a single user over. When that user passed the Outlook connectivity test (and Outlook also connected externally) we moved all other users and system mailboxes to this database.

It is uncertain what was wrong with the original database. It was barely a week old and was the default database installed by Exchange. In any case the fix was quite simple and it was easier to move the users than to continue troubleshooting for a root cause.

TwitterHave you run into this error? What was your solution? Drop a comment below or come join the conversation on Twitter @SuperTekBoy.

Unexpected result from Windows Live. 1007 Access Denied – Federation Trust

By Leave a Comment

25 Shares
Share
+1
Share
Reddit

Recently while trying to remove a domain from the federation trust I received the following error.

The URI couldn't be released. An unexpected results was received from Windows Live 1007 Access Denied

The URI "supertekboy.com" for domain "supertekboy.com" on application identifier "000000004804735E" couldn't be released. Detailed information: "An unexpected result was received from Windows Live. Detailed information: "1007 AccessDenied: Access Denied.".".

Despite the almost cryptic error this one is actually quite simple to fix. In this particular case the time in my domain was 5 minutes behind the rest of the world. Or more importantly, 5 minutes offset from the Microsoft Federation Gateway. As soon as I brought my time forward I was able to immediately release the shared domain from the federation trust.

Error 1007 can occur while making other configuration changes to the federation trust. It is not just linked to releasing a domain. So if you see this error while performing any task with the federation trust, check the time on your Exchange boxes.

TwitterHave you run into this error? What was your solution? Drop a comment below or come join the conversation on Twitter @SuperTekBoy.

The delegation token is NULL – Hybrid Free/Busy

By Leave a Comment

30 Shares
Share
+1
Share
Reddit

Ran into a strange issue recently where on-premises users could not see the free/busy information for test users I had migrated to Exchange Online. Exchange Online on the other hand had no problem seeing the free/busy of the on-premises users. I had just run the hybrid configuration wizard and it completed without incident. The environment had not been previously enabled for the Microsoft Federation Gateway so I let the wizard take care of that step as well.

When we tested the trust with the federation gateway we received the following error on Step 5 of 6: Requesting delegation token.

 C:\> Test-FederationTrust -UserIdentity rsong@exchangeservergeek.com

<...edited...>

RunspaceId : e4e42cab-62f4-4d70-be15-69143b273823
Id : TokenRequest
Type : Error
Message : Failed to request delegation token.

Error. Attempted to get delegation token, but token came back as null.

The token coming back as null seemed to be the key here. Unfortunately, the web seemed to lack any real way to fix the existing trust. We resolved to delete and recreate the trust with the federation gateway.

Recreating the Federation Trust

Warning: Before we get started with the process you will need access to external DNS zone. Recreating the trust voids the current TXT record that was used for domain validation.

To delete the federation trust navigate to the Organization > Sharing tabs in the Exchange Admin Center. Under the section titled Federation Trust click the Remove button. Click Yes to confirm.

Removing the trust with the Microsoft Federation Gateway

[Read more…] about The delegation token is NULL – Hybrid Free/Busy

Get Tips from SuperTekBoy

How-to articles! How-to videos! Time saving tips and tricks!

We guarantee 100% privacy! Your info will NOT be shared.