Category Archives: Exchange 2013

Finding Exchange Database hidden mailboxes. ​

Finding Exchange Database hidden mailboxes.

Story:

Maybe you have been in this situation before, trying to delete an Exchange database after moving all of its mailboxes, arbitration or archives to another server or database but it didn’t work and said that there is still something in the database? 

Now I am in a similar situation however I checked nothing in the database as you can see in the below screenshot. 

I have noticed that these issues could happen when an Exchange server gets broken or forcefully deleted from AD without properlty uninstalling it. some traces of system mailboxes might remain there with database attributes pointing to the database. 

Solution:

Add-PSSnapin Microsoft.Exchange.Management.PowerShell.Snapin
Function Get-HiddenMailbox
{
    [CmdletBinding()]
    Param(
    [Parameter(Mandatory=$True)][string]$Path,
    [Parameter(Mandatory=$True)][string]$Database
    )
<#Check for any remaining mailboxes in a database that you can’t delete.

 

[PS] C:\Program Files\Microsoft\Exchange Server\V15\scripts>Remove-MailboxDatabase a-sb-com-udb1-v1
This mailbox database contains one or more mailboxes, mailbox plans, archive mailboxes, public folder mailboxes or
arbitration mailboxes, Audit mailboxes. To get a list of all mailboxes in this database, run the command Get-Mailbox
-Database <Database ID>. To get a list of all mailbox plans in this database, run the command Get-MailboxPlan. To get
a list of archive mailboxes in this database, run the command Get-Mailbox -Database <Database ID> -Archive. To get a
list of all public folder mailboxes in this database, run the command Get-Mailbox -Database <Database ID>
-PublicFolder. To get a list of all arbitration mailboxes in this database, run the command Get-Mailbox -Database
<Database ID> -Arbitration. To get a list of all Audit mailboxes in this database, run the command Get-Mailbox
-Database <Database ID> -AuditLog. To disable a non-arbitration mailbox so that you can delete the mailbox database,
run the command Disable-Mailbox <Mailbox ID>. To disable an archive mailbox so you can delete the mailbox database,
run the command Disable-Mailbox <Mailbox ID> -Archive. To disable a public folder mailbox so that you can delete the
mailbox database, run the command Disable-Mailbox <Mailbox ID> -PublicFolder. To disable a Audit mailbox so that you
can delete the mailbox database, run the command Get-Mailbox -AuditLog | Disable-Mailbox. Arbitration mailboxes should
be moved to another server; to do this, run the command New-MoveRequest <parameters>. If this is the last server in
the organization, run the command Disable-Mailbox <Mailbox ID> -Arbitration -DisableLastArbitrationMailboxAllowed to
disable the arbitration mailbox. Mailbox plans should be moved to another server; to do this, run the command
Set-MailboxPlan <MailboxPlan ID> -Database <Database ID>.
    + CategoryInfo          : InvalidOperation: (a-sb-com-udb1-v1:DatabaseIdParameter) [Remove-MailboxDatabase], Assoc
   iatedUserMailboxExistException
    + FullyQualifiedErrorId : [Server=SBG-MX03,RequestId=480ce97d-8492-41a9-82fa-93ed30efe652,TimeStamp=6/28/2022 9:04
   :09 AM] [FailureCategory=Cmdlet-AssociatedUserMailboxExistException] 45D30D02,Microsoft.Exchange.Management.System
  ConfigurationTasks.RemoveMailboxDatabase
    + PSComputerName        : server.domain.local
#>

 

#Fist get DB’s HomeMDB value

 

#Write-host ‘Enter your Database Name’ -ForegroundColor Red -BackgroundColor Black

 

$DN = (Get-MailboxDatabase $Database).distinguishedName
$Date = (Get-date).ToString(“MM-dd-yyyy”)

 

$Mailboxes = Get-ADObject -filter {(HomeMDB -eq $DN)}

 

$QueryResult = $Mailboxes.count
$CurrentCount = 0

 

foreach ($Mailbox in $Mailboxes){

 

     try{
         $ObjectProps = [Ordered]@{ ‘DisplayName’ = $Null; ‘UserPrincipalName’ = $Null; ‘Database’ = $Null; ‘Mailbox’ = $Null; ‘Arbitration’ = $Null; ‘Archive’ = $Null; ‘Audit’ = $Null; ‘Monitoring’ = $Null; ‘ErrorResponse’ = $Null}
 
         $MBX = $Mailbox.name
         $CurrentCount ++

 

         Write-Progress -Activity “Checking Hidden Mailboxes in the database $DB $CurrentCount of $QueryResult -Status “Fetching $MBX -PercentComplete (($CurrentCount / $QueryResult) * 100)
 
         $Result = New-Object -TypeName PSObject -Property $ObjectProps

 

         $MailboxResult = Get-mailbox -Identity $MBX -ErrorAction SilentlyContinue
         if ($MailboxResult){Write-Host “User $MBX. is a Mailbox” -ForegroundColor Green  }
 
            $ArbResult = get-mailbox -Identity $MBX -Arbitration -ErrorAction SilentlyContinue
            if($ArbResult){Write-host “User $MBX. is an Arbitration Mailbox” -ForegroundColor White }

 

                 $ArchiveResult = get-mailbox -Identity $MBX -Archive -ErrorAction SilentlyContinue
                    if($ArchiveResult){Write-host “User $MBX. is a Archive” -ForegroundColor Red}
 
                                $AuditResult = get-mailbox -Identity $MBX -AuditLog -ErrorAction SilentlyContinue
                                   if($AuditResult){Write-host “User $MBX. is a Audit Mailbox” -ForegroundColor DarkRed}
 
                                        $Monitoring =  get-mailbox -Identity $MBX -Monitoring -ErrorAction SilentlyContinue
                                            if ($Monitoring){Write-host “User $MBX. is a monitoring Mailbox” -ForegroundColor Yellow }
 

 

 
            $Result.DisplayName = $MBX
            $Result.UserPrincipalName = (Get-ADUser -Identity $Mailbox.DistinguishedName).UserprincipalName
            $Result.Database = $DB
            $Result.Mailbox = $MailboxResult
            $Result.Arbitration = $ArbResult
            $Result.Archive = $ArchiveResult
            $Result.Audit = $AuditResult
            $Result.Monitoring = $Monitoring
            $Result.ErrorResponse = ‘#N/A’
            $NewPath = $path.Split(‘.’)[0] + ‘_’ + $date + ‘.csv’

 

            $Result | export-csv -path $NewPath -Delimiter ‘;’ -NoTypeInformation -NoClobber -Append -Encoding utf8
 
 
            }
 
                Catch{
 
                Write-Warning $_.Exception.Message}

 

                $Result | export-csv -path $NewPath -Delimiter ‘;’ -NoTypeInformation -NoClobber -Append -Encoding utf8
 
       }
}

Prerequisites:

– You will have to run this script from Exchange Server.

– An account that can connect to Active Directory with at least read permission and Exchange admin read role. 

The script will utilize Active Directory and Exchange to get the Database’s distinguished name and scan any AD User Object that has this DB’s DN and post it to you as an output. 

Example:

Get-HiddenMailbox -Path ‘C:\example.csv’ -database ‘Affected Database’

As you can see in the below screenshot, I got mostly health mailboxes which should not really be a problme in case you’re deleting database, however I got one system mailbox that is still there and pointing to this Database however, I already have scanned the database for any arbitration mailboxes but Exchange CMDlet showed none. 

Now that I know which user it is, the solution for me to be able to remove/delete this database which I no longer need is to delete this AD user object since its no longer in use by Exchange. 

You won’t be able to get this mailbox through get-mailbox cmdlet because its not an active mailbox. however you will find it in AD. 

So I deleted the mailbox mentioned below and next I am going to try and delete the mailbox database in question. 

Result

Here’s the result after deleting the user in Question.

Exchange Server backdoor investigation tools

The Story

After the disastrous exploit that was found in Microsoft Exchange Servers lots of corporations started immediately patching their servers with the latest Cumulative update and Security patches. The question is would those patches be enough if the server is already hacked or have a backdoor installed already?

image

What are those 0-day exploits ?

The vulnerabilities recently being exploited were CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065 which are part of alleged “State-sponsored Chinese group” according to Microsoft.

Let’s get into details of those exploits one by one:

CVE-2021-26855 is a server-side request forgery (SSRF) vulnerability in Exchange which allowed the attacker to send arbitrary HTTP requests and authenticate as the Exchange server.

CVE-2021-26857 is an insecure deserialization vulnerability in the Unified Messaging service. Insecure deserialization is where untrusted user-controllable data is deserialized by a program. Exploiting this vulnerability gave HAFNIUM the ability to run code as SYSTEM on the Exchange server. This requires administrator permission or another vulnerability to exploit.

CVE-2021-26858 is a post-authentication arbitrary file write vulnerability in Exchange. If HAFNIUM could authenticate with the Exchange server then they could use this vulnerability to write a file to any path on the server. They could authenticate by exploiting the CVE-2021-26855 SSRF vulnerability or by compromising a legitimate admin’s credentials.

CVE-2021-27065 is a post-authentication arbitrary file write vulnerability in Exchange. If HAFNIUM could authenticate with the Exchange server then they could use this vulnerability to write a file to any path on the server. They could authenticate by exploiting the CVE-2021-26855 SSRF vulnerability or by compromising a legitimate admin’s credentials.

How to proceed ?

Microsoft released couple of tools that could diagnose your servers and check if you already have been infected with a backdoor or any of these nasty malware and also remove those infected files or clean them and ask you for a restart if it’s required.

Tools:

  1. MSERT (Microsoft Safety Scanner) detects web shells, Download here .
  2. Health Checker (Scans your server for any vulnerabilities and whether you have updated Server CU and installed patches). Download here
  3. Exchange WebShell Detection (A simple PowerShell that is fast and checks if your IIS or Exchange directory has been exploited). Download here
  4. Scan your exchange server for proxy logon:
    https://github.com/microsoft/CSS-Exchange/tree/main/Security
  5. Microsoft very recently created a mitigation tool for Exchange on-premises that would rewrite url for the infected servers and recover the files that were changed. You can download the tools from this github link.

    https://github.com/microsoft/CSS-Exchange/tree/main/Security

    Copy the Test-ProxyLogon code into Notepad
    Save As “Test-ProxyLogon.ps1” with the quotes in your C:\Temp folder
    Run in Exchange Management Shell: .\Test-ProxyLogon.ps1 -OutPath C:\Temp

Scan Result

Scan result should show you the following if your servers has been exploited already.

This will remove the infections and asks for a restart.

clip_image001

References:

https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers/

https://www.bleepingcomputer.com/news/security/microsoft-exchange-updates-can-install-without-fixing-vulnerabilities/

https://github.com/dpaulson45/HealthChecker?mkt_tok=eyJpIjoiTURRMk5HRTFaV1V6TkRrMCIsInQiOiJcL3ZOTkRUVzdXdkJmTm5ibUIzTExKTDVxXC9ObFAxTmZLanFRZ0xpcDkxMW5raVE0dlRwV2FhVFFmWlVUVFZaZUdFM1NlcEFNTEZ6dTh5aWlqcVBpV3J2R2IxbGJxMmNUZ1ppYjJyZklnMjZFZngrM2tBUnNsM1JKcHJsSU1ib3BTIn0%3D#download

Microsoft Exchange Vulnerability affects all Exchange versions

image

CVE-2020-0688 | Microsoft Exchange Validation Key Remote Code Execution Vulnerability

Security Vulnerability

Date of Publishing: February/11/2020

Microsoft has announced a vulnerability has been found in all Exchange Server 2010 through 2019 versions, The vulnerability allows an attack to send a specially crafted request to the affected server in order to exploit it.

When could this happen?

A remote code execution vulnerability exists in Microsoft Exchange Server when the server fails to properly create unique keys at install time.

Knowledge of a the validation key allows an authenticated user with a mailbox to pass arbitrary objects to be deserialized by the web application, which runs as SYSTEM.

The security update addresses the vulnerability by correcting how Microsoft Exchange creates the keys during install.

Affected Versions:

  • Microsoft Exchange Server 2010 Service Pack 3 Update Rollup 30
  • Microsoft Exchange Server 2013 Cumulative Update 23   
  • Microsoft Exchange Server 2016 Cumulative Update 14   
  • Microsoft Exchange Server 2016 Cumulative Update 15   
  • Microsoft Exchange Server 2019 Cumulative Update 3   
  • Microsoft Exchange Server 2019 Cumulative Update 4

image

Solution:

Until now Microsoft has not provided any solution or work around to cover this vulnerability.

Mitigations

Microsoft has not identified any mitigating factors for this vulnerability.

Workarounds

Microsoft has not identified any workarounds for this vulnerability.

NOTE:

Keep an eye on the below link for any change

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0688

Slow Migration – Office 365

The story:

In office 365 when you’re working on Exchange 2010,2013, 2016 or 2019 in a hybrid environment things might look easy but in a big enterprises where Internet security is something being taken into account very seriously. It might cause many issues that you don’t expect at all.

One of my clients whom I was doing Exchange Migration for had an issue with the Migration. The error was as follows:

Error occurs after Office 365 Exchange online connects to Exchange on-premises 2010 mailbox server

Error in Office 365

         : 20.

                                           27.04.2016 08:03:17 [DB3PR05MB0778] Transient error DataExportTransientExcep

                                           tion has occurred. The system will retry (2/1280).

                                           27.04.2016 08:04:53 [DB3PR05MB0778] The Microsoft Exchange Mailbox Replicati

                                           on service ‘DB3PR05MB0778.eurprd05.prod.outlook.com’ (15.1.466.25 caps:03FFF

                                           F) is examining the request.

                                           27.04.2016 08:04:55 [DB3PR05MB0778] Connected to target mailbox ‘lcwonline.o

                                           nmicrosoft.com\ec96e315-1059-4710-b358-1c4b42f3edeb (Primary)’, database ‘EU

                                           RPR05DG049-db131′, Mailbox server ‘DB3PR05MB0778.eurprd05.prod.outlook.com’

                                           Version 15.1 (Build 466.0).RequestExpiryTimestamp                   : 03.04.2116 07:42:38

ObjectState                              : New

Troubleshooting:

To troubleshoot issues, You need to put so many things into account! The architecture of the infrastructure of where you are doing the project is very important and the need of knowing how things are working matters.

Things that could always come in mind and handy are what you will need to start your troubleshooting:

– Bandwidth Limitations or Performance:

https://technet.microsoft.com/en-us/library/dn592150(v=exchg.150).aspx

https://technet.microsoft.com/en-us/library/jj200581(v=exchg.150).aspx

– Exchange Configuration (MRS)

To troubleshoot the MRs, You need to know what kind of error you’re getting and to see this you can use the following powershell after you connect to Office 365 powershell.

Get-MoveRequest {email} | Get-MoveRequestStatistics -Diagnostic -IncludeReport | Export-Clixml c:\logfile.xml

The resultant report will reveal the error and shows you where is the exact culprit.

– Disk Latency
– Firewall Configuration (IPS/IDS)

From Exchange 2016 to 2019 or 2013 to 2016 The transient error might be related to MRSProxy or at least this is the case with me 90% of the time. To resolve this issue you will need to change the MRSProxy values on the target server and depending on the error might also be the Source server too.

SOLUTION:

===========

1. Some instability was detected in communications as well as saturation by the size of the link.
2. The procedure to increase the timeout for the service through the file MRSProxy

File: MsExchangeMailboxReplication.exe.config

Object / line: DataImportTimeout.

New Value: 00:10:00

clip_image001[4]

New Configuration

clip_image001[6]

Upgrading Exchange 2013 RTM to Latest SP and CU

To check for the current version use the following command line

Version 15.0 (Build 516.32)

Get-Exchangeserver | ft Name,Admin* -Autosize

How to upgrade your existing Exchange Server 2013 to CU7 using command-line

You will have to download CU7 pack, extract it and run the command line from CMD with administrative privileges.

http://www.microsoft.com/en-us/download/details.aspx?id=45221

Here we run the CMD as admin

Drag and drop the folder you extracted into CMD window to be able to enter into the path in order to run the setup file.

Run the following command to upgrade the existent server

Setup /Mode:Upgrade /IAcceptExchangeServerLicenseTerms

Below you can see the upgrade process to install the Cumulative Update 3.

Once the upgrade process is finished you will be able to see the new version in the cmdlet after you apply the cmdlet

Get-ExchangeServer | ft Name,Admin* -AutoSize

The version must show 15.00.1044.025

Installing “Only” Trend Micro 11.0 on Exchange 2013 server

This guide will show you how to installing order to Install “Only” Trend Micro 11.0 on Exchange 2013 server

You will have to make sure that before you install Trend Micro you have enough resources on the mail servers or Edge servers depending on where you are intending to install it.

Prerequisites:

  1. You will need to install Windows IIS CGI role.
  2. Net Framework 3.5
  3. Trend Micro Setup.

If you did not install CGI you will get the following error, so you must install it

clip_image001

To install it you will need to go to Add Roles and then choose and install it.

clip_image002

If Net Framework 3.5 is not install the setup won’t proceed unless you do so and you will get the following error:

clip_image003

To install Net Framework 3.5 , you can use the wizard or you can use the Powershell but you’ll need to attach Windows Server ISO File to the VM or the physical machine.

clip_image004

Setup will restart from the beginning

NetFrame work fails from the Server Manager

clip_image005

Instead, I imported the Windows 2012 r2 server ISO into the VM and ran the powershell command line

Dism /online /enable-feature /featurename:NetFx3 /All /Source:D:\sources\sxs /LimitAccess

Where D is the ISO drive name where Windows is.

clip_image006

Restarted the Trend Micro Setup and the setup is working

I already have copied the setup files on my mailbox servers, in my scenario I have 2 mail box servers which I am going to install it on.

I will launch the setup and go through the following wizard

clip_image007

As I mentioned earlier, I am planning to install it on Exchange 2013 Mailbox servers, so I will go ahead and choose Mailbox servers

clip_image008

I will click Browse and Add exchange servers and as in the following snapshot it’ll show me total server count

clip_image009

Next I will type the Exchange Admin account which I used to setup Exchange with and login to the admin Center which is also a local admin.

clip_image010

This is set by default so you will need to leave it as it is.

clip_image011

You can keep the following default settings or change the port in case it’s already used or enable SSL.

clip_image012

In my case I will enable SSL as well as it’s more preferable for security purposes.

clip_image013

Trend micro setup will check if there’s any previous instance on the target Mailbox server in order to check if it’s an upgrade or a fresh install.

clip_image014

I have no proxy so I will proceed without it.

clip_image015

I’m planning to ignore this now and register later, so you can provide the key if you already have it and want to register.

clip_image016

When you continue without activating the product you will get the following warning.

clip_image017

Depending on if you wanna be useful or not, you can just to participate with this program or just ignore it.

clip_image018

In case you would like to direct or send all incoming spam messages to the user to take the decision him/her self you can choose to integrate with Outlook junk e-mail or integrate with End user’s quarantine. In this case incoming infected or suspicious mails will be delivered to the user’s Quarantine but can be restored from/with trend micro.

clip_image019

Trend Micro have also a control manager for centralized management, so if you have it you can configure it and manage all those scanmail from one location. If not then just click next

clip_image020

Click browse and choose your domain in order to select the domain admin groups to manage the trend micro scan mail application.

clip_image021

All server details and configuration is going to be listed in the next snapshot.

clip_image022

And now installation should start.

clip_image023
clip_image024
clip_image025

The credentials to login might be standard but you could also try your domain admin which you have assigned during the setup to login to the portal.

clip_image026

Any configuration that you do on the Mailbox server 1, you will have to re-do it on Server 2 since this is not centralized management.

clip_image027

So first thing I’ll do is update the product to the latest version.

clip_image028

After selecting the components to update click on Update and wait for the process to finish.

clip_image029

After setting and configuring couple of rules and restarting Exchange transport service on each server . I was able to test It and see that it works as in the following snapshot.

clip_image030

Exporting and Importing PST from Exchange 2003 to Exchange 2013

In order to export mails from Exchange 2003 (should not exceed 2 GB) you will have to copy Administrator user into another user “admin” and give that user the rights to access all other mailboxes.

You will have to navigate to the Mailbox store

clip_image001

Right click the mailbox store and click on Properties

Go to Security tab and add the new user (Admin) and give it full control as below

clip_image002

Apply, then sign out of the windows session to the Exchange machine and use the newly added domain admin to login and then open the Exmerge application

clip_image003

Select the second step (Extract or Import)

clip_image004

Select step1

clip_image005

Select the Exchange name and the DC (They should be set automatically)

clip_image006

Select the users that you want to be exported (shouldn’t exceed 2 GB).

clip_image007

Select the local language

clip_image008

Select the destination folder (In my case I mapped a network drive)

clip_image009

Save settings for later use if you want or just click Next.

clip_image010

Once done, the mailbox will be exported.

clip_image011

Importing into Exchange 2013

In exchange 2013 Open the EMS as administrator

Before you start, you should move all the PST files into a shared folder in the network and add the “Exchange Trusted Subsystem” user to its permission.

clip_image001[5]
clip_image002[5]

The same user should be added to the security tab

clip_image003[4]
clip_image004[4]

Providing import and export permission on Exchange 2013

In order to import the PST files to Exchange 2013 users you will have first to assign the Exchange Admin account the capability of importing these PST files then sign out from the EAC portal and back in

To do so you will have to go to EAC then go to Permissions and double click on the Recipient Management

Click Add and select the Mailbox Import Export and click Add then OK

clip_image005[4]
clip_image006[4]

I will add members to this role group

clip_image007[4]
clip_image008[4]

After signing in back to the EAC with the administrator I got the Import PST options.

clip_image009[4]
clip_image010[4]
clip_image011[4]
clip_image012

For Management shell usage

http://technet.microsoft.com/en-us/library/ff607310(v=exchg.150).aspx

Importing PST using EAC and following up with EMS

clip_image013

Importing Single folder from source PST file into a target folder in email

Importing the folder Sent Items from the file basakc_backup.pst into target folder Sent Items in Mhamada user.

Note:

The parameter -TargetRootFolder will create a folder inside the existing Sent Items folder

clip_image014
clip_image015
clip_image016
clip_image017
clip_image018
clip_image019

Importing large items into mailbox in Exchange

clip_image020

Exchange 2013 not installing due to pending restart on Windows 2012

Error:

A reboot from a previous installation is pending. Please restart the system and then rerun Setup.

For more information, visit

Solution:

Delete the below key from the registry:

HKLM\SYSTEM\CurrentControlSet\Control\SessionManager\PendingFileRenameOperations

Step by Step Installating Exchange server 2013 from scratch (Part 1)

Step by Step Installing Exchange server 2013 from scratch (Part 1)

In this part, I will be demonstrate how to Install exchange 2013 and prepare new Databases along with preparing the servers for high availability (DAG).

Prerequisites:

– Two Microsoft Windows 2012 R2 servers with 16 GB ram and 200GB disk divided unto two partitions.

– Two NIC, one for MAPI and one for replication.

– Exchange 2013 CU8 setup to directly go to the latest available update.

Installing Prerequisites on all exchange servers

Launch Powershell as administrator and copy then paste the following.

Install-WindowsFeature RSAT-ADDS

From <http://technet.microsoft.com/en-us/library/bb691354(v=exchg.150).aspx>

When finished continue with the following Cmdlet on each Exchange server.

  • Install only the Mailbox server role on a computer.
  • Install only the Client Access server role on a computer.
  • Install both the Mailbox and Client Access server roles on the same computer.

Install-WindowsFeature AS-HTTP-Activation, Desktop-Experience, NET-Framework-45-Features, RPC-over-HTTP-proxy, RSAT-Clustering, RSAT-Clustering-CmdInterface, RSAT-Clustering-Mgmt, RSAT-Clustering-PowerShell, Web-Mgmt-Console, WAS-Process-Model, Web-Asp-Net45, Web-Basic-Auth, Web-Client-Auth, Web-Digest-Auth, Web-Dir-Browsing, Web-Dyn-Compression, Web-Http-Errors, Web-Http-Logging, Web-Http-Redirect, Web-Http-Tracing, Web-ISAPI-Ext, Web-ISAPI-Filter, Web-Lgcy-Mgmt-Console, Web-Metabase, Web-Mgmt-Console, Web-Mgmt-Service, Web-Net-Ext45, Web-Request-Monitor, Web-Server, Web-Stat-Compression, Web-Static-Content, Web-Windows-Auth, Web-WMI, Windows-Identity-Foundation

From <http://technet.microsoft.com/en-us/library/bb691354(v=exchg.150).aspx>

First thing we extract the setup file and then from command line as administrator we run Setup as below

Setup /PrepareSchema /IAcceptExchangeServerLicenseTerms

clip_image001

setup /PrepareAd /IacceptExchangeServerLicenseTerms /OrganizationName: Organization Name

clip_image002

Setup /Preparedomain /IAcceptExchangeServerLicenseTerms

clip_image003

Setup /PrepareAllDomains /IAcceptExchangeServerLicenseTerms

clip_image004

You should download and install the following software prerequisites as per Microsoft’s TechNet article regarding the installation. the software is available the link I posted earlier above or through this link Exchange_Prerequesties

clip_image005
clip_image006

After running all the prerequisites , we can start installation of Exchange 2013

clip_image007
clip_image008
clip_image009
clip_image010
clip_image011
clip_image012
clip_image013
clip_image014

Here I am going to change Exchange’s default installation path and place it on a different partition to avoid any data loss in case of Windows server crash or booting issues.

clip_image015
clip_image016
clip_image017
clip_image018
clip_image019

Now we install the second Exchange server, that will hold the same roles on it as the first one (Mailbox and CAS).

The steps are going to be exactly the same except that you won’t have to prepare the schema or AD since it’s already prepared.

Installation has finished for both servers

clip_image020

Creating DATABASES:

NOTE:

It’s better to mount the database upon creation and not restart the IS instantly after that.

Now it’s time to create new Databases and replace them with the default ones that come with the Installation

First we’ll have to start off by creating our targeted databases which we want to use them. Note that for the standard version of Exchange 2013 you can only create up to 5 databases per mailbox server.

In order to demonstrate all benefits of Exchange 2013 and its features including DAG. I will create 2 databases. One database on each server.

The first database will be called DB1SRV1

clip_image021

As soon as we have created the Database, we faced the following error with event ID 106

clip_image022

Then another warnıng from MSExchangeFastSearch wıth event id 1006

clip_image023

This indicates that a database should not be mounted upon creation, you should untick the mount DB option when you create one.

After waiting a bit the following logs should appear and show a healthy indexing start.

clip_image024
clip_image025

Once the DB has been created, Exchange AC will require that you restart the IS (Information store Service) in order for replication to happen without an issue.

clip_image026

Database is showing healthy and no issues so far.

clip_image027

Now we’ll create a new DB on the second server without ticking the mount DB option.

clip_image028
clip_image029

Microsoft Exchange Server Locator Service failed to find active server for database ‘de5f3051-c202-4976-b8e4-65bbbe0c2395’. Error: The database with ID de5f3051-c202-4976-b8e4-65bbbe0c2395 couldn’t be found.

clip_image030

The same exact errors came after creating the Database without mounting it.

clip_image031

Now let’s restart the IS service and mount our database then see what happens..

clip_image032

Upon restarting the service, we get the following error which is related to the MS Exchange replication service . It noticed that the database that we have created has never been mounted in order to start the indexing.

clip_image033

Let’s mount the database and see the changes

clip_image034

Mounting the database have got the AM to report successfully and after couple of seconds the MSExchangeFastSearch will check out if the database have any indexing files.

clip_image035

No indexing state have been found and so the FastSearch service will give you a 1013 warning report. This is a good warning because it reports that the service is working properly and that it will create the indexing folder after couple of minutes as we’ll see later.

It takes approximately 3-5 minutes for the database to start the indexing.

clip_image036

Now on the EAC, the DB should report healthy. Let’s see

clip_image037

Removing Default databases

First step before deleting the default databases is to move any system mailboxes or arbitrary mailboxes in them to the newly created databases…

Paul Cunningham wrote a great article on how to do this using Powershell … in the following link

Get-Mailbox -Database “Mailbox Database 2” | New-MoveRequest -TargetDatabase “Mailbox Database 1”

First we’ll have to copy the default databases’ names in notepad to run the command properly.

Get-Mailbox -Database “Mailbox Database 0043173996” | New-MoveRequest -TargetDatabase “DB1SRV1”

clip_image038

Time to remove arbitrary mailboxes from the default DB to the new DBs

The command is going to look like this

Get-Mailbox -Database “Mailbox Database 0043173996” -Arbitration | New-MoveRequest -TargetDatabase “DB1SRV1”

clip_image039

All mailboxes have already been moved to the new DB, now let’s check if there’s anything left in the Old DB.

clip_image040

To remove the DB, you will have to type the following command in EMC:

Remove-MailboxDatabase -Identity “Mailbox Database 0043173996”

clip_image041

The warning above is apparently due to Exchange permission on AD. It has been described in detail on how to solve this warning by Nuno Mota in the following Link.

From<http://www.msexchange.org/kbase/ExchangeServerTips/ExchangeServer2013/ManagementAdministration/exchange-2013-error-deleting-database.html>

For the second server, You will have to repeat the same steps as on the first deleted MB Database.

clip_image042

Hope you like this, Stay tuned for the second part

Exchange 2013 OWA,Async,And OA error MsExchange BackEndRehydration event id 3002

Users can’t access their mailboxes from anywhere as they get the error in the screenshot.

Related errors are 3002, 3005

Event code: 3005

Event message: An unhandled exception has occurred.

Event time: 7/29/2015 11:10:57 AM

Event time (UTC): 7/29/2015 8:10:57 AM

Event ID: 6f94ea40e3964fb1a05d9fc48ffb4299

Event sequence: 38

Event occurrence: 2

Event detail code: 0

Application information:

Application domain: /LM/W3SVC/1/ROOT/owa-2-130826309519814020

Trust level: Full

Application Virtual Path: /owa

Application Path: C:\Program Files\Microsoft\Exchange Server\V15\FrontEnd\HttpProxy\owa\

Machine name: EX2K1301

Process information:

Process ID: 19348

Process name: w3wp.exe

Account name: NT AUTHORITY\SYSTEM

Exception information:

Exception type: NullReferenceException

Exception message: Object reference not set to an instance of an object.

at Microsoft.Exchange.Clients.Common.UserAgent.HasString(String str)

at Microsoft.Exchange.Clients.Common.UserAgent.get_Layout()

at Microsoft.Exchange.Clients.Common.UserAgent.get_LayoutString()

at ASP.auth_logon_aspx.__Render__control1(HtmlTextWriter __w, Control parameterContainer)

at System.Web.UI.Control.RenderChildrenInternal(HtmlTextWriter writer, ICollection children)

at System.Web.UI.Page.Render(HtmlTextWriter writer)

at System.Web.UI.Control.RenderControlInternal(HtmlTextWriter writer, ControlAdapter adapter)

at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)

Request information:

Request URL: https://mail.Domain.com:443/owa/auth/logon.aspx?url=https://mail.Domain.com/owa/PowerShell-LiveID&reason=0

Request path: /owa/auth/logon.aspx

User host address: 10.16.0.172

User:

Is authenticated: False

Authentication Type:

Thread account name: NT AUTHORITY\SYSTEM

Thread information:

Thread ID: 67

Thread account name: NT AUTHORITY\SYSTEM

Is impersonating: False

Stack trace: at Microsoft.Exchange.Clients.Common.UserAgent.HasString(String str)

at Microsoft.Exchange.Clients.Common.UserAgent.get_Layout()

at Microsoft.Exchange.Clients.Common.UserAgent.get_LayoutString()

at ASP.auth_logon_aspx.__Render__control1(HtmlTextWriter __w, Control parameterContainer)

at System.Web.UI.Control.RenderChildrenInternal(HtmlTextWriter writer, ICollection children)

at System.Web.UI.Page.Render(HtmlTextWriter writer)

at System.Web.UI.Control.RenderControlInternal(HtmlTextWriter writer, ControlAdapter adapter)

at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)

Custom event details:

OWA PAGE

Solution:

On Exchange servers, Make sure that Exchange servers are not members of Organization Management group and if they are then remove them and run this cmdlet anyway on all Exchange Servers then restart the Servers.

Get-ClientAccessServer | Add-ADPermission -AccessRights ExtendedRight -ExtendedRights “ms-Exch-EPI-Token-Serialization”, “ms-Exch-EPI-Impersonation” -User (Exchange Server name)

Make sure you restart Exchange servers after you apply these cmdlet