SuperTekBoy

Practical Help for Exchange & Office 365

Recover deleted email using the new Exchange Admin Center

By Leave a Comment

31 Shares
Share
Tweet
Share
Reddit
Print

The PowerShell command to recover deleted email for a user has been around for some time. However, these PowerShell commands now have a graphical interface in the new Exchange Admin Center.

In this article, we explore how to recover deleted email for a user. But first, there are some permission prerequisites.

Assigning your admin account recovery permissions

Before we can restore mail for a user we need permission to do so. The permission in question is the Mailbox Import / Export permission. By default, no one is assigned this permission in Exchange.

Log onto the Exchange Admin Center and navigate to Permissions > Admin Roles.

At this point, we have two options. We can either assign the Mailbox Import / Export role to an existing role group (such as Organization Management) or, we can create a new role group. Let’s do the latter.

Click the New button (). This launches the new role group dialog.

Creating a new role group for Mailbox Import Export

Type a Name and Description for your role. In our example, we went with Email Recovery Role.

If needed select a custom write scope, or, leave at default. The default scope allows the role holder to apply these permissions to the entire organization. You can define a custom write scope to limit the scope of this permission. For example, the scope could be limited to a specific business unit or group of users. This is particularly useful if you need to delegate this role.

Under Roles click the Add button ().

Double-click Mailbox Import Export and click Ok.

Under Members click the Add button ().

Double-click each administrator you want to assign this role and click Ok.

Click Save.

Note: Once the role group is created it can take up to one hour for the permissions to take effect.

[Read more…] about Recover deleted email using the new Exchange Admin Center

How to continue a failed Exchange uninstall

By 2 Comments

4 Shares
Share
Tweet
Share
Reddit
Print

If you receive an error during an uninstall that is never a good thing. But what happens when you clear the error and Exchange is in a partially uninstalled state. Restarting the uninstall from Control Panel > Programs and Features may result in an error like this.

An incomplete installation was detected - Run setup to complete Exchange installation
An incomplete installation was detected. Run setup to complete Exchange installation.

To uninstall you are going to need the Exchange installation ISO. Once you have the ISO mounted open an elevated command prompt and change to the ISO drive letter (e.g. “cd D:”). Then run the following command.

D:\> setup.exe /mode:uninstall

The mode parameter allows you to specify the installation method. In our case, we specify we want to perform an uninstall. You can read about the various parameters in the following article.

The Exchange uninstall will then pick up where it left off. In my case, the Exchange installation failed during the removal of the Transport Services. The Mailbox and Client Access roles had already been successfully removed, so that is where it picked back up.

Microsoft Exchange Server 2013 Cumulative Update 23 Unattended Setup
Mailbox role: Mailbox service
Mailbox role: Unified Messaging service
Mailbox role: Client Access service
Mailbox role: Transport service
Client Access role: Front End Transport service
Client Access role: Client Access Front End service
Languages

Performing Microsoft Exchange Server Prerequisite Check

   Configuring Prerequisites                            COMPLETED
   Prerequisite Analysis                                COMPLETED

Configuration Microsoft Exchange Serve

   Preparing Setup                                      COMPLETED
   Mailbox role: Transport Services                     COMPLETED
   Client Access role: Front End Transport service      COMPLETED
   Client Access role: Client Access Front End service  COMPLETED
   Languages                                            COMPLETED
   Stopping Services                                    COMPLETED
   Removing Exchange Files                              COMPLETED
   Restoring Services                                   COMPLETED
   Finalizing Setup                                     COMPLETED

The Exchange Server setup operation completed successfully.

With the uninstall of Exchange complete you can now continue with the remainder of your decommission process.

Twitter

Have you seen this issue before? What did you do to fix it? Drop a comment below or join the conversation on Twitter @SuperTekBoy

Cannot connect to the Remote Procedure Call service – Microsoft Exchange

By 1 Comment

19 Shares
Share
Tweet
Share
Reddit
Print

When accessing the certificates from a remote Exchange Server via the Exchange Admin Center you may receive the following error.

Cannot connect to the remote procedure call service on the server B
Cannot connect to the remote procedure call service on the server named <server name>. Verify that a valid computer name was used and the Microsoft Exchange Service Host service is started.

What makes this error difficult to troubleshoot are the other areas of remote management (such as managing the virtual directories of another server) work as expected.

This error also occurs in the Exchange Management Shell when running the Get-ExchangeCertificate command.

 C:\> Get-ExchangeCertificate -Server EX16-02

Cannot connect to the remote procedure call service on the server named EX16-02. Verify that a valid computer name was used and the Microsoft Exchange Service Host service is started.
[Read more…] about Cannot connect to the Remote Procedure Call service – Microsoft Exchange

Hybrid Configuration Wizard fails: WinRM client cannot process the request

By 1 Comment

19 Shares
Share
Tweet
Share
Reddit
Print

Ran into the following error when running the Hybrid Configuration Wizard. The error occurred during the gathering configuration information screen, immediately after authenticating to Office 365.

The WinRM client cannot process the request - Basic Authentication is currently disabled
Connecting to remote server failed with the following error message: Connecting to remote server outlook.office365.com failed with the following error message:  The WinRM client cannot process the request. Basic authentication is currently disabled in the client configuration . Change the client configuration and try the request again.

From the error message we can see the issue lies with basic authentication being disabled in the WinRM client. Basic authentication is enabled by default, so the fact it is disabled is likely due to security being hardened in the operating system.

[Read more…] about Hybrid Configuration Wizard fails: WinRM client cannot process the request

RunAs Radio #684 – Exchange in 2020 with Gareth Gudger

By Leave a Comment

26 Shares
Share
Tweet
Share
Reddit
Print

On February 29th I had the great pleasure of being a guest on the RunAs Radio podcast. I joined host Richard Campbell to discuss all the new security requirements coming to Exchange Online, specifically around the new modern authentication requirement and the deprecation of TLS 1.0 and 1.1.

Gareth on Runas Radio #684 - Exchange in 2020 with Gareth Gudger
[Read more…] about RunAs Radio #684 – Exchange in 2020 with Gareth Gudger

Blocking OneDrive may save attachments to the default SharePoint document library

By Leave a Comment

33 Shares
Share
Tweet
Share
Reddit
Print

I have had a few instances where customers have blocked OneDrive in their Office 365 tenant. This is often the result of a looming Exchange 2010 support deadline and a lack of time to establish governance, security, compliance, and training around both Exchange and every other service in Office 365. Unfortunately, the methods used to block some of these services may have unexpected consequences.

In each of these instances, OneDrive was blocked by removing the user’s ability to create OneDrive storage in the tenant. SharePoint Online was also in its default out-of-the-box state with default permissions. In each case we ran into the following symptoms:

  • Despite the OneDrive block, an Outlook Web App user could successfully select the option Save to OneDrive for their attachments
  • The attachment would not save to OneDrive, but instead, the default SharePoint document library inside a folder named Attachments

In the next sections, we show how the OneDrive block was put in place and how SharePoint was configured to cause this perfect storm of incorrect attachment saving. We will then identify a workaround for the issue.

How OneDrive was blocked

The method described in this section is commonly found on the internet to block OneDrive access for users. In all cases, OneDrive was configured using this method.

The block is configured by navigating to the SharePoint Admin Center and selecting More Features. From the More Features window, click the Open button under the User Profiles section.

Blocking users from accessing OneDrive

From the User Profiles screen, select Manage User Permissions. On the Permissions for User Profile dialog, select Everyone except external users. In the Permissions box, Create Personal Site was unchecked. When unchecked this removes the user’s ability to create a personal OneDrive site.

Blocking users from accessing OneDrive B

Note: This method does not affect users with existing OneDrive storage. To revoke access to existing storage, the site collection admin for each OneDrive personal store would need to be replaced.

[Read more…] about Blocking OneDrive may save attachments to the default SharePoint document library

Use Log Parser Studio in your Exchange & Office 365 migration planning

By 1 Comment

34 Shares
Share
Tweet
Share
Reddit
Print

One of the great unsung heroes is Log Parser Studio. This utility allows you to easily parse through gigabytes upon gigabytes of IIS logs to find the information you need. Without this tool, this task is tedious in a single Exchange server environment and orders of magnitude worse in Exchange environments with many servers.

Log Parser Studio is great when it comes to migration planning and discovery, and it is a tool I always have in my tool belt. It does not matter if you are migrating to a newer version of Exchange or Office 365; Log Parser Studio can aide in the planning for both scenarios. For discovery, I use it in the following two ways:

  • First, is to identify third-party integrations, such as those from a voicemail system, fax solution, or, conference room system
  • Second, is to identify all client software connecting to Exchange

With the third-party integrations and clients identified you can then add them to your migration plan and determine the next steps. This could include upgrading legacy Office clients, or, testing the integration of a third-party app against the target system.

Discovery with Log Parser Studio becomes especially useful in environments where Exchange predates the current IT team, or, knowledge and documentation have been lost over time.

In this article, we will explore how to use Log Parser Studio to identify the multitude of client software and third-party integrations.

Let’s get started!

Installing Log Parser Studio

Log Parser Studio comes in two downloads. The first is the original command-line utility known as Log Parser. The second is Log Parser Studio which was later developed to give a GUI to that command-line. We will need to download both components for this process.

Tip: I recommend installing Log Parser on a workstation and not directly on an Exchange server. That way we avoid adding unnecessary CPU cycles to the Exchange server.

First, we need to install Log Parser 2.2. Double-click on the LogParser.msi. On the installation screen, click Next. Accept the license agreement and click Next. On the Choose Setup Type screen click Complete. Click Install. After the install completes, click Finish.

Next, we need to install Log Parser Studio. Unzip the file LPSV2.D2.zip (I recommend unzipping this to your desktop). Open the newly created LPSV2.D2 folder and launch LPS.EXE.

Launching Log Parser Studio

This will launch Log Parser Studio.

Log Parser Studio
[Read more…] about Use Log Parser Studio in your Exchange & Office 365 migration planning

Improperly configured DNS causes internal mail to hairpin via firewall

By 2 Comments

30 Shares
Share
Tweet
Share
Reddit
Print

Ran into a strange issue recently during an Exchange 2010 to 2016 migration. Internal mail sent from Exchange 2016 to Exchange 2010 was stuck in the mail queue. The queue viewer on Exchange 2016 reported the following error.

{LED=451 4.4.397 Error communicating with target host. -> 421 4.2.1 Unable to connect -> SocketTimedout: Socket error code 10060};{MSG=};{FQDN=<external.companyname.com>};{IP=<external IP>};

This is a fairly generic error and I have changed the FQDN and IP address in the example above. But the key here is that the Exchange 2016 server was trying to send all internal mail to the public IP of the Exchange 2010 server versus the internal IP.

For example, if a test user on Exchange 2016 tried to send an email to a test user on Exchange 2010, 2016 was routing the mail externally out of the firewall, only to try and hairpin back to one of the public-facing IPs.

Improperly configured DNS causes internal mail routing to hairpin

This kind of hairpin attempted by Exchange was immediately blocked by the firewall which determined that internally sourced connections should not be trying to enter the public side of the firewall.

[Read more…] about Improperly configured DNS causes internal mail to hairpin via firewall