Category Archives: Exchange 2016

Migration status of mailboxes movement in Exchange 2016

Mailbox replication service is the service responsible for moving the mailboxes,mailbox imports,mailbox exports  and restore requests.

This article focuses on the migration status of the migration batch in Exchange 2016.

The move request statistics can be viewed by running the below command

Get-MoveRequestStatistics | Select DisplayName,StatusDetail,PercentComplete

Below were the status reasons of the migration notified for delayed migration batches:

From Exchange 2010 there is an Data Guarantee API that is used by Mailbox Replication service (MRS) to check the health of the database copy architecture based on a defined setting of the database.
This API is called by the MRS to see the following information:
Check Replication Health – Confirm that the prerequisite number of database copies is available.
Check Replication Flush – Confirm that the required log files have been replayed against the prerequisite number of database copies.
After this message If a Satisfied response is returned within the 15 minute stalling period, MRS will automatically resume the move request.

This is usually triggered during the move request to determine the health of the target database copies to which the mailboxes are moving from the legacy servers.
If the Data Guarantee API returns a NotSatisfied or a Retry response, MRS will queue the move request and retry the query every 30 seconds.

The parameters controlling these values can be seen in “MSExchangeMailboxReplication.exe.config” file located at “C:\Program Files\Microsoft\Exchange Server\V15\Bin”

Parameter Name                                        Default         Min        Max
DataGuaranteeCheckPeriod                     00:00:05      00:00:01   02:00:00
DataGuaranteeTimeOut                         00:10:00      00:00:00   12:00:00
DataGuaranteeLogRollDelay                   00:1:00       00:00:00   12:00:00
DataGuaranteeRetryInterval                   00:15:00      00:00:00   12:00:00
DataGuaranteeMaxwait                         1.00:00:00    00:00:00   7:00:00
EnableDataGuaranteeCheck                 True                    False       True

This value is also returned from Data Guarantee API on checking the replication health of the target database copies if they are member of DAG and have database copies.
We might get this message if the MRS service is waiting to get this information from the target server about the replication status of the database copies.

So in this case the passive copy must be:
2)Must have a replay queue with 10 mins of replay lag time.
3)Have a copy queue length less than 10 logs.
4)Have an average copy queue length less than 10 logs.

Below are the parameters controlling in the msexchangemailboxreplication config file:
mdb latency health threshold

So at the end all the database copies must be healthy if we are randomly distributing mailboxes to the target destination.


We might get this status if the Exchange server Workload management introduced from Exchange 2013 is making  the exchange system resources busy on other exchange operations and hence the move requests are affected.

First preferred option is we can submit the new move requests by modifying the Priority to emergency or highest by running the below command.
New-MoveRequest -Identity Mailbox -TargetDatabase “DB Name” -BatchName Test -Priority Highest

This is caused due to Content Indexing on the database copies, so to solve this by turning it off on the Mailbox Database till the migration is complete for that DB where the mailbox resides.

To turn it off run the below command :
Set-MailboxDatabase “your mailbox database” -IndexEnabled:$False

Note: This should be re-enabled once the migration has completed
This error might not happen in Exchange 2016 environments since the indexing process has been completely changed from Exchange 2016.


This might happen if there are any issues in the disk performance ,causes the disk latency ,the response time from the source is getting high and the migration batches are getting timed out. This delays the movement of the mailboxes.Should start checking the target exchange 2016 disk performance IOPS etc. If we get this then there is some serious problems in the exchange 2016 performance .And this depends on the designed storage architecture, how the database copies are distributed with how many mailboxes in each copies.


We might get this because of large delays due to unfavorable server health or budget limitations.
In most practical cases we can notice this status when moving a large mailboxes batch of size more than 5GB.

These are the parameters controlling this:

The best solution for this is to move the large mailboxes on batches so that the system resources are sufficient to handle the migration.

Below are the major parameters that is controlling the migration on the Exchange 2016 servers:

“MSExchangeMailboxReplication.exe.config” file located at “C:\Program Files\Microsoft\Exchange Server\V15\Bin”

MaxRetries – 60, 0, 1000
MaxCleanupRetries – 480, 0, 600
RetryDelay – 00:00:30, 00:00:10, 00:30:00
MaxMoveHistoryLength – 5, 0, 100
MaxActiveMovesPerSourceMDB – 20, 0, 100
MaxActiveMovesPerTargetMDB – 20, 0, 100
MaxActiveMovesPerSourceServer – 100, 0, 1000
MaxActiveMovesPerTargetServer – 100, 0, 1000
MaxActiveJobsPerSourceMailbox – 5, 0, 100
MaxActiveJobsPerTargetMailbox – 2, 0, 100
MaxTotalRequestsPerMRS – 100, 0, 1024

Important tips to note down before migration:
1)Ensure there is no file level antivirus running on the migrating target servers.
2)Copy a 1GB file from the source server to the target server and verify the copy speed to ensure there is no network issues.
3)Make sure there is no backup jobs running during the migration batch period.
4)Better to initiate a small migration batch first of say 500 users and then open the perfmon during this period and monitor the memory,cpu,storage to make sure the resources are sufficient.

Note: Do not modify any values in the MSExchangeMailboxReplication.exe.config for any reasons. Better to open a call with Microsoft if any issues is identified in the maibox migration batches.

Thanks & Regards
Sathish Veerapandian
MVP- Office servers and Services

Active Manager operation failed attempt to copy the last logs from the sourceserver failed

During a fail over DR cases when the Main site is completely not available we need to carry over few steps to activate Exchange Services according to the type of DR setup we have.

Sequential steps needs to be carried over in terms of  restoring the DAG,activating the DB’s on the DR site pointing the exchange DNS records to the DR site ip’s.

Failover scenarios varies according to the namespaces, no of sites in Exchange :

UnBound Name Space- Single name space for all Exchange URL’s for both the main and DR sites which is best recommended.
Bound Name Space – Very complicated and not recommended since we need to use seperate URL’s for Main and DR site.

If we have a three site setup with FSW in third site or if the FSW is placed in the Azure directory in the 3rd site then no manual activation of the database copies on the DR site is required. Only exchange DNS job on the DR site is required.

For detailed information on DAG DR setup i have written a previous blog which can be referred:

From Exchange 2013 the Dynamic Quorum in the failover cluster adjusts automatically and recalculates the active nodes if its on a sequential shutdown for a two site setup.

During a DR activation in the DR site when the main site is completely not available after rebuilding the DAG cluster on the DR site we might come across the below error for some databases

In my test case it was the below:

Stop-DatabaseAvailablityGroup – for the Main site completed successfully with no errors
Restore-DatabaseAvailabilityGroup – completed successfully except some warnings for one mailbox node on the DR site.

On the server with warning noticed that all the DB’s were in failed state.Tried to mount them and got the below error

An Active Manager operation failed. Error The database action failed. Error: The database was not mounted because its experienced data loss as a result of a switchover or failover, and the attempt to copy the last logs from the sourcserver failed. Please check the event log for more detailed information. Specific error message: Attempt to copy remaing log files failed for database DBNAME. Error: Microsoft.Exchange.Cluster.Replay.AcllUnboundedDatalossDetectedEeption:

By looking into the above message its very interesting to see that the DR site DB’s are trying to reach the Main site copies to the get the information though the DAG cluster is activated on the DR site and the PAM is on the DR.

The below command can be used just in case if the DR copies are not mounted after activating the DR site DAG.

Move-ActiveMailboxDatabase “DBNAME” -ActivateOnServer DRMailboxServer -SkipHealthChecks -SkipActiveCopyChecks -SkipClientExperienceChecks -SkipLagChecks -MountDialOverride:besteffort

So we need to be very clear that this error will not occur normally until and unless there is some data loss for any DB’s during the DAG DR activation.

Usually when we do a Restore-DatabaseAvailabilitygroup on the DR site all the DB’s should be mounted on the DR site.

The above command can be run only if the database copies are in a failed state after DR site activation and if they are not getting  mounted.

Thanks & Regards
Sathish Veerapandian
MVP – Office Servers & Services

Troubleshooting endpoint URL’s for Exchange & Skype for Business

This article outlines the client troubleshooting end points that can be used for Exchange and Skype for Business services.

For Exchange

To verify Exchange autodiscover Service endpoints:

Usage:Main purpose of autodiscover is to establish,discover and make initial connections to their mailboxes.
Also it keeps updated on the outlook on frequent changes of mailboxes and updates the offline address book.

To verify Exchange Exchange Web Service endpoints:

Usage: EWS applications to communicate with the Exchange server mainly for developers to connect their clients and get the email connectivity for their applications via SOAP.

To verify Offinle Address Book Service endpoints:

Usage: An offline address book provides local copy of address list to Microsoft Outlook which can be accessed when the outlook is in disconnected state.

To verify ActiveSync Service endpoints:

Usage:By using Activesync protocol users can configure and sync their emails on their mobile devices.

To verify Webmail Service endpoints:

Usage:Outlook Web App is a browser based email client used for accessing emails via browser.

To verify exchange control panel Service endpoints:

Usage:The Exchange Control Panel is a Web application that runs on a Client Access service providing services for the Exchange organization

To verify MAPI service end points:

Usage:New protocol outlook connections introduced from Exchange 2013 SP1 which enhances faster connections only through TCP and eliminating the legacy RPC

To verify the RPC service end points:

Usage:Not used on new versions of exchange and almost retiring type for client connections.

All the above URL’s will be listening on Exchange 2016 Mailbox Server Virtual Directories.


For Skype for Business:

Mostly for the chat services provided through Skype for business the main URL end points are Chat,Meet,Conference,Audio/Video and lyncdiscover.
We usually check these URL’s during any troubleshooting scenarios.

Below are the additional end points which can be seen and kept for additional references.

To test conferencing URL:

Usage: Meet is the base URL for all conferences in the organization.

To Verify  Dial in URL :
Usage:Dial-in enables access to the Dial-in Conferencing Settings webpage

To Verify Lync control panel:

Usage:Must be only added and accessed from intranet site and no need to publish on the internet.

To verify the autodiscover web site and retrieve the redirection information for Client:


Usage: They are the service entry points for the Autodiscover service and they are required.They are the Lync Server Web Service Autodiscover Response which was sent from the clients.They are the URL for the Authentication Broker (Reach) web service

To Verify Mobile Client Connectivity:

Usage:Specifies the default authentication method used for mobile client connectivity.
This is a SOAP web service that authenticates a user via NTLM or Kerberos (if configured) and returns a SAML Assertion (Ticket) as part of the SOAP Message response.

To check that the mobility service is working use the following url.
This is the URL required for the Skype Mobility Services


Usage:Listening port for the Support Conferencing Console. The default value is 6007
Port used by the Office 365 Support Conference Console. This console is used by support personnel to troubleshoot problems with conferences and online meetings.
To verify the persistent chat:


Usage:There are actually a Virtual directory for Persistent Chat, both on External and Internal web site So for external testing access the url from the published persistent chat FQDN

Verify hybridconfig service:

Usage:Not sure this might be used for hybrid connectivity beween Skype for Business Server and Skype for Business Online

To check the address book issues:

Usage:GAL files are downloded from the FE server IIS

Check the below URL for distribution group expansion:

Usage:They are configured for via windows authentication by default.


Usage:This parameter can be used instead of the WebServer parameter in order to specify the full URL of the Certificate Provisioning Web service. This can be useful when the calculation used in WebServer will not yield the correct URL.This parameter is optional, and is used only when SipServer is provided.

This is needed when the Lync Server web server is not collocated with either the main Director or within the Front End pool in a site.
This might be due to a load balancer configuration where web traffic is load balanced differently to SIP traffic resulting in different FQDNs for the SIP and web servers.

All the above SFB URL’s will be listening on front end server


On accessing these URL’s if we are not prompted with username and password then troubleshooting steps needs to be performed accordingly to the message we received  to identify the issue. In most cases the URL’s might not be published correctly to be accessed from the remote end points or there might be the issue with the authentication or the virtual directory/server/services itself.

Thanks & Regards
Sathish Veerapandian
MVP – Office Servers & Services 

Event Viewer Warning 1040- Active Sync Direct Push technology

We Might notice this error on the Event Viewer on Exchange Servers for the source MsExchangeActiveSync


Event Type: Warning
Event Source: MSExchange ActiveSync
Event Category: Requests
Event ID: 1040
Date: 3/10/2016
Time: 12:54:22 PM
The average of the most recent [513] heartbeat intervals used by clients is less than or equal to [540].
Make sure that your firewall configuration is set to work correctly with Exchange ActiveSync and Direct Push technology. Specifically, make sure that your firewall is configured so that requests to Exchange ActiveSync do not expire before they have the opportunity to be processed.

This warning is not an issue on the Exchange Servers.This is something mismatch value configured on the Network Load Balancer which serves the Client is not configured correctly.

Active Sync Uses Direct push Technology to retrieve the emails from the server. Inorder to initiate a direct push communication between the ActiveSync Client and the Exchange Server it uses the heart beat interval values.

In order for the Direct Push Technology to Work it involves 2 process one request from the ActiveSync Mobile(Client) and the response from the Exchange Server.When the Client notifies any changes on the users mailbox the changes are transmitted over persistent http or https connection through direct push.

Below is the process of ActiveSync Request to the server:

1)The Client issues a http request to Exchange Server asking for any changes occurred in the user mailbox in the specified time.Basically it queries inbox,contacts,calendar etc…

2) After Exchange Receives this request it looks for the specific mailbox and sees the changes in the folders until the specified time limit expires.After the time out period exceeds it issues an http 200 OK response to the clients. It then gives a response request to the client with all the update about the folders.

3)The Client then receives the response from Exchange and can be any of the below :

HTTP 200 OK – No Change on Folders . If this is the case the client will reissue the ping request on next heartbeatinterval value.
HTTP 200 OK – Change in folders – And will get the updates on each folders that was changed. After the sync is done it will reissue the request in next interval.
NO Response – It lowers the time interval in the ping request and then re-issues the request again in the minimum heartbeatinterval value to get the update.

So basically these HearBeatInterval values should match between the values set on Network Load Balancers and the Exchange .Servers.

Lets have a look at the values of HearBeatInterval on Exchange Servers.

Where are these Values Stored in Exchange 2016 ?

These Values can be seen in the web.config file in the below location in the installation directory

C:\Program Files\Microsoft\Exchange Server\V15\ClientAccess\Sync

There are 4 values as below

MinHeartBeatInterval – The minimum number of seconds that the client waits between issuing heartbeat commands to the server.The default value in Exchange 2016 is 60 seconds. If this value is too small the client will send the http request very often and will consume the power of the device.

MaxHeartBeatInterval –The maximum number of seconds that a client waits between issuing heartbeat commands.The Default value is 59 Minutes on Exchange 2016 Server.

HeartBeatSampleSize- This is a bucket where the server collects all the recent heart beat intervals that the server received from the Active Sync Clients.It keeps this value to see how the clients are sending the activesync http request to the server and ensures they are matching with the specified values. The default value is it waits for 200 heart beat intervals.

HeartBeatAlertThreshold- If the collected HBsamplesize  value is more than or not meeting the configured value heartbeat maximum or minimum value in this specified time interval then it logs an event in the application log. The default value configured is 9 minutes.

Lets say if the HTTP(S) connections time out value is not configured as longer than 59 minutes on the firewall and if its value is lesser than the value on Exchange Servers, Once a ActiveSync http request is timeout on the F/W, ActiveSync Mobile client will sent another Http request which may cause connection overload.
In-order to avoid this the Exchange server will trigger an alert and mark an event in the event log.

A short living time-out value will initiate new http requests from the mobile device more frequently.This will also drain the battery of the device very quickly considering more http requests are initiated from the device.

The best practice is to increase the firewall Time Out Values for http requests to Exchange Servers Active Sync Virtual Directory to give a better experience to the users. The time out value on the firewall can be equal to or greater than the values specified on the Exchange 2016 servers.

Thanks & Regards
Sathish Veerapandian
MVP – Office Servers & Services.

Configure Throttling Policy In Exchange Server 2016/13/10

The concept of throttling policy is first introduced in Exchange 2007, by which admin can impose some policies that prevents user application from sending number of Remote Procedure Call per second.
Throttling policies are meant for enhancing the Exchange performance in the organization. It keeps a track of consumption of resources by the end-user and also imposes the bandwidth limits. Continue reading

Disable external access to EAC in Exchange 2016

Right from Exchange 2013 Exchange Administrative Center is integrated with Exchange Control Panel (ECP) and is available practically from every location in network (LAN, Internet) Unless and until we disable them.

Right after the new Exchange deployment in any environment it is very important to disable the  external ECP access on the servers .

Below are the options available to disable the EAC :

1)  We can  install one more server for internal ECP access only and do not add them in the LB, Which will consume another server just for this functionality alone.

2) Install a second website with ECP and OWA virtual directories on the internet-faced CAS. We need to assign a second IP address to our server on the second network adapter installed in a CAS server.This is painful to maintain after the every CU updates.

3) Use IIS IP and domain restrictions in Windows server 2012 to limit access only to /ecp on internal IP’s.By doing this we can allow Only hosts in the required subnet range to access the ecp.

But in Exchange 2013 restricting ECP will stop the users to access the ecp features in owa ( OWA options) like they have manage out of office, delivery reports, manage mobile devices etc.., . All these end users OWA ecp features will be blocked.

If access is turned off in Exchange 2013,we will receive this below message

404 – website not found error

But from Exchange 2016 Disabling the EAC on the Exchange server 2016 will not disable the ECP end user level functionality completely. All the end user mailbox level OWA ECP functionality still remains available.
so which means the end user ECP design functionality has been changed from Exchange 2016 which is good for us :).

Having all the options above to restrict EAC from external network my  colleague came up with one good option which was nice and thought of sharing it in this post.

Lets take an example scenario where i have 3 Mailbox Exchange 2016 servers load balanced to accept all the external client connections.

Below is the diagram on which we can configure the probes for ECP access only on 2 servers to accept the ecp connections and the remaining one we keep them disabled.



Benefits of doing this :

1) External end user owa ecp requests will reach mailbox 2 and mailbox3 and will serve the owa ecp options along with all other client requests for the users.

We need to run this command on Mailbox 2 and Mailbox 3 so that the Admin EAC is disabled on them.
Set-ECPVirtualDirectory -Identity “mailbox2\ecp (default web site)” -AdminEnabled $false
Set-ECPVirtualDirectory -Identity “mailbox3\ecp (default web site)” -AdminEnabled $false

After running this command the load balancer will send only the owa ecp ( OWA options) requests to the mailbox2 and mailbox3. Mailbox1 will not participate in serving the owa ecp ( OWA options)  requests for the clients while it will serve all other requests like activesync,mapi, autodiscover,oab etc..,

2)  We are actually utilizing all the resources of the Exchange 2016 Mailbox 1 servers to accept all client connections except for ecp requests.

So on Mailbox 1 What we are doing is having the EAC admin access always enabled. But we are not including the ECP component participation in the load balancer  in serving the clients.

So we are disabling the  ecp healthcheck alone on the mailbox1 server in my example


This component we are disabling because the load balancer should send all the other requests to this server to serve the clients while it will not send any ecp requests to this server.

Thanks & Regards
Sathish Veerapandian
MVP – Office Servers & Services

Configure SCOM 2012 to receive Exchange 2016 Alerts in Email and SMS

Its better if we receive alerts regarding Exchange service level unavailability during any outage.

Though the managed availability  self healing component is very much capable of self monitoring the Exchange services still few companies would request a display dashboard about the current Exchange services and to be notified via sms and email when there is any outage.

Below are the main prerequisites:

1) System Center Operations Manager 2012 R2 is in environment.
2) Exchange Server 2013 Management Pack is installed. Currently only Exchange 2013 management pack is present and it supports 2016.

Below are the high level steps that we need to perform in the SCOM 2012:

1) Create Channels – Basically a path through which the alert will be delivered to the destination (admins).
2) Create Subscribers – Persons who are supposed to be notified when an alert is identified in SCOM for Exchange.
3) Create Subscriptions – Selecting the components to be alerted when any Exchange services are unavailable.

This should be the case for any applications to be notified when there is an issue with their system.
To receive SCOM alerts in mobile as SMS we need to have an SMS routing agent configured.

Below work flow is the normal way of configuring to receive alerts in SMS :

SCOM – Mailbox Server Relay – Reaches Mail Contact local SMTP address – Finds the SMTP target address – Finds the appropriate send connector – Routes to the SMS routing Agent – Exchange Admin receives the SMS

To receive SCOM alerts in a Email:

Below work flow is the normal way of configuring to receive alerts in Email:

SCOM subscribers – Mailbox server relay – Finds Mail Group – Alerts Delivered to the Admin’s mailbox.

So we need to give relay permission to the SCOM 2012 server on the Exchange to send the alerts when any issue occurs.

First we need to create Channel :

To create a channel perform the below :

Navigate to Operations manager console – Click on Administration – Click on notifications- Select Channels


Right click on Channels – New Channel – Select the appropriate channel that we wish to route .

The best way always is to create only SMTP channels route them to exchange and from there deliver it to the appropriate destinations.
This will keep less complication.

Also we can create a DNS A record and point them to all mailbox servers to that record as well.

To create a Subscribers perform the below:

Navigate to Operations manager console – Click on Administration – Click on notifications- Select Channels

Right Click on Subscriptions – new Subscriber


Create a new Subscriber


Select always send notifications


Add the delivery address – admin email address if it needs to be delivered to email or email contact if it needs to be routed to his mobile device


Select the channel type as Email(SMTP) – Its better if we route all the messages via Exchange and from there we can route to the appropriate destinations. I feel this will make less complication in creating the channels.


Now we need to create the Subscriptions

To create a Subscriptions perform the below:

Navigate to Operations manager console – Click on Administration – Click on notifications- Select Channels
Right Click on Subscriptions – new Subscriptions



Now this part is very important. We further need to fine tune this based on the setup, issues. Here we are actually specifying and subscribing  the alerts which we will be notified on a application unavailability .

So you need to choose the alerts based on your request. For Exchange i can say if there is any issues with  Database copies unhealthy , Database dismounted we can specify them with specific name , description in this criteria section and get notified via SMS.

For the  exchange services EWS, Active Sync, MAPI we don’t need to configure here since we have the health probes configured on the load balancers and will be notified from them.



And in this part we specify the subscribers:

Usually the subscribers are the group of distribution that we created.


Now select the Channels  that was configured to route the alerts to Exchange servers.


After this is done we would be able to receive the Exchange 2016 alerts through email and SMS.

Thanks & Regards
Sathish Veerapandian
MVP – Office Server and Services

Offline Address Book Configuration in Exchange 2010 & 2016 Coexistence

In this article we will have a look at the OAB configuration in Exchange 2016 in coexistence.

Outlook will trigger an OAB download every 24 hours right from the time it received the last fully updated OAB files.

A small background functionality of OAB from Exchange 2016:
1)Outlook Queries OAB through Autodiscover URL.
2)Reaches the Exchange 2016 mailbox OAB Virtual Directory.
3)Exchange 2016 Mailbox  Client access service  queries Active Manager and finds out database hosting  organization  Arbitration mailbox.
4)Then OABGen Assistant from the Arbitration mailbox will provide the required information.
5)Like with Exchange Web Services, Autodiscover will provide the Offline Address Book URL.This request will then be proxies to OABGEN mailbox which had the OAB information and this information is served back to the client.
The OAB files are stored in the same place as we have in Exchange 2013 CAS server but now it will be on Exchange 2016 Mailbox server itself since we do not have the CAS role.

In Exchange 2016, the OAB files are generated and stored in the Organization arbitration Mailbox with persisted capability first and later copied to the location %ExchangeInstallPath%\ClientAccess\OAB\ folder in the Mailbox Server.

Below are the important things to perform:

1) When we introduce Exchange 2016 we need to create a new Offline Address Book
New-OfflineAddressBook –name “OAB NEW” –Addresslists “\Default Global Address List” -VirtualDirectories $null
2)Make sure 2016 OAB Virtual Directories URL’s are pointing to the Exchange 2016 Servers.
Run the below command to check the settings
Get-OabVirtualDirectory | ft identity,internalurl,externalurl -AutoSize

3)Change the default OAB on Exchange 2016 databases, to do so open Exchange 2016 Management Shell and run the following command:

Get-MailboxDatabase | Set-MailboxDatabase -OfflineAddressBook “\Default Offline Address Book (Ex2016)

Enable GlobalWebDistribution
The recommendation is to enable global web distribution for all OABs hosted on Exchange 2016.

What is the benefit of doing this?
The main benefit is all Exchange 2016 Mailbox servers can take part only in web distribution.
The OAB generation still remains with the mailbox server which hosts the active copy of the DB which has the Arbitration Mailbox with Persisted capability.

How to check if GlobalWebDistributionEnabled is set to true
Run the below command.
Get-OfflineAddressBook Select | Identity,Name,GLobal* |Fl

If it is set to false set it to True by running the below command.
Set-OfflineAddressBook <E16OAB> -GlobalWebDistributionEnabled $true

What is this GlobalWebDistributionEnabled parameter?
This parameter is used by Autodiscover to determine which mailbox OAB virtual directories are eligible candidates for distributing the OAB to the clients.
By doing the above action we are making all Mailbox Servers to distribute the address book automatically.

Enable Shadow Distribution:

By enabling this we can have a shadow copy of an OAB instance generated by an Arbitration Mailbox to another Arbitration Mailbox.
Prior to enabling shadow distribution, we should deploy an OAB generation mailbox in each AD site where Exchange 2016 infrastructure is deployed.

Benefits of Shadow Distribution:
1)Prevents the OAB download across WAN if the user is connecting from different site.
2)If we don’t have this Shadow distribution enabled then it will trigger a full instance of OAB download if the user logs in from another site .

We can enable Shadow distribution by running the below command.
Set-OfflineAddressBook “Redmond OAB” -ShadowMailboxDistributionEnabled $True

Again we can enable this option if the end users are travelling and connecting in multiple sites randomly.
Point new Exchange 2016 On-Premises DBs to the new default Offline Address Book that was created.
And make sure current Ex 2010 DBs are pointing to Ex 2010 OAB until the migration is completed.
After installing the 1st Ex 2016 new Ex 2016 DBs should point to new default OAB.

Do we need to move the Exchange 2010 OAB’s ?
No we don’t have to move, all OAB’s . They have already been created and stored in OABGEN mailbox and are Updating 12 times a day.
From Exchange 2013 all OABs have gone into <Default Offline Address Book>.

After the configuration try to browse the OAB end points and see if you are able to login

Below example of how it looks after successful authentication

OAB URL can be taken from Test Email AutoConfiguration Outlook results.
Download the OAB and see the results.

By default, a new OAB is generated every 8 hours in Exchange Server 2016, but we can change the interval by using the Exchange Management Shell by using a new-setting override.

New-SettingOverride -Name “OAB Generation Override” -Component MailboxAssistants -Section OABGeneratorAssistant -Parameters @(“WorkCycle=02:00:00”) -Reason “Generate OAB every 2 hours”

Note: It is better to leave the default work-cycle schedule and not modify them.

Thanks & Regards
Sathish Veerapandian
MVP – Office Servers & Services

Configure Enterprise Vault Office Mail App in Exchange 2016 Environment

The Enterprise Vault Office Mail App provides Enterprise Vault features in end users outlook and owa. This works in Integration with the Microsoft  Office Mail apps feature.
It is desired that users will try to  access  archived items via OWA as well when their older items are being archived by a  archive system.
The Enterprise Vault Office Mail App does not appear in Outlook or OWA by default.
It requires deployment to users  or organizational level and only then they will appear.

In this article i will explain quick steps to perform this action on a environment where we have the Archive enabled for Exchange 2016 users through Enterprise Vault

There are 3 possible methods to perform this action:

1)  We can deploy them to individual users.
2) We can deploy them to group of users.
3) We can deploy them to whole organization on the Mailbox Server Organization level.

The main methods are as below:

1)  We need to deploy the Office Mail App on the Newly introduced Exchange 2016 Server on the org level to EV server.
2) Setting up the Enterprise Vault Office Mail App
3) One important note that we need to make is that if we enable this feature on organizational level then this option will appear on all mailboxes including the one’s which has not EV enabled.
4) The same Enterprise Vault server is used for Office Mail App requests from
all users.

The high level steps are as follows :
1)We need to run the PowerShell command New-App in the Exchange Management
Shell on Exchange 2016 Server .
The command requires the following:
2)An Exchange 2016 Server  that is enabled for archiving and that you want to enable
for the Office Mail App.
3)The URL of the OfficeMailAppManifest.aspx page from the EV server.
The server that is specified in the URL can be any Enterprise Vault server
in your site can be http or https according to the IIS config on your EV server.
Office Mail Apps must only be served using Secure Sockets Layer (SSL). We need to  obtain a certificate from a certification authority.
4)The Exchange server sends a request to Enterprise Vault server EV1 to
configure a manifest file.


We need to run the below command to enable this feature on organizational level :

Add-Type -AssemblyName System.Web
$Mbx = get-mailbox “mailbox”
New-App -OrganizationApp -DefaultStateForUser:enabled -Url `
(“https://EV_server/EnterpriseVault/OfficeMailAppManifest.aspx?LegacyMbxDn=&#8221; +

■ mailbox is the name of a mailbox that is enabled for archiving.
■ EV_server is the name of Enterprise Vault server which has this manifest file in your organization.


When a user access the EV office mail app from the owa or Outlook following things happens:

a) Basically this officeMailAppManifest.aspx page from EV server generates a manifest file
for Exchange and sends it to the Exchange 2016 server.
b) The manifest file contains the Office Mail App settings for Exchange.
c) The settings include the URL from which the Office Mail App will be loaded.
d) Later end user will be able to perform his archive action  from the Office Mail App.

Below are the steps to enable EV web app for individual users :

$mbx = Get-mailbox | select LegacyExchangeDN
$url = “”+ $mbx.LegacyExchangeDN
New-App -Mailbox $mbx.LegacyExchangeDN -Url $url

Later we can verify the end user web app readiness by accessing the Manifest URL from his PC Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=mailbox

On accessing the end user should be able to see the XML file an example below.


On a failure to see the XML file will not result in accessing this feature from end user level.

After its enabled this will how it will be displaying for end users on their OWA and Outlook when they open any emails.



1)  This office mail app  is not an mandatory feature to be enabled for all users . All users can see their archived items from the archive URL and the EV thick client on their desktops. This mail app gives more comfort for the end users to access, make operations on their archive from the owa and viewing their email on outlook itself.
2) Support for the Enterprise Vault Office Mail App is pending from Exchange 2016 CU1 and not in Symantec compatibility lists.At this moment the Office mail app is working only on owa in Exchange 2016 CU2. Symantec has confirmed that they will be soon releasing a patch which will support this feature on Outlook as well.
3) With Exchange 2016 CU2 Archive is working fine on the Outlook EV Client and the EV Web URL.
4) Enterprise vault to be compatible with Exchange 2016 Cu2 server version requires  Enterprise Vault 11.0.1 Cumulative Hotfix 4 or later.

Below are the following commands are available for managing Office
Mail Apps in Exchange 2016:

Get-App                  – Returns information about the installed Office Mail Apps.
New-App                  – Deploys an Office Mail App.
Remove-App               – Removes the specified Office Mail App.
Disable-App              – Disables a specific Office Mail App for a specific user.
Enable-App               – Enables an Office Mail App for a specific user.
Set-App                  – Sets configuration properties on an Office Mail App.

Thanks & Regards
Sathish Veerapandian
MVP – Office Servers and Services

Setup Active Directory  thumbnail photo for Outlook ,Skype for Business client 

In order to maintain identity information users of web-based applications or desktop-based applications want to set image in their account profile.

In a similar condition surfaced while working with an email server giant, MS Exchange, a query arises ‘how to setup user account image in Exchange 2016?’ As an answer to the same, the following segment will be discussing a few workarounds to let users know of the same procedure.

Prerequisites for Image to be Setup

Some parameters are applicable on the images to be uploaded on the User accounts are mentioned below:

  • The size of the image should not be more than 10KB
  • The file format of the image should be JPG (JPEG)

Ways to Set Up Account Image on Exchange Server

 Step1: Configuration of Global Catalog

The step comprises of following procedure to be followed, to configure the copy of image attributes to Global Catalog:

  • Open your machine and login to your session
  • From your keyboard, press Windows key + R to open the Run window on the screen. On that window, type regsrv32 schmmgmt.dll and press Enter


  • A ‘DIIRegisterServer in schmmgmt.dll succeded’ message box will appear as below in front of you, click on OK



  • Again, press Windows key+R, type mmc and press Enter
  • Go to the menu bar of window and click on File >> Add/Remove Snap-ins >> Active Directory Schema >> Add >> OK


  • Now expand the Active Directory Schema [<Your Server Name>] and then click on Attributes
  • In attributes list, search for thumbnailPhoto attribute and double-click on it


  • From the options displaying in front of you, check on Replicate this attribute to the Global Catalog >> OK


Step 2: Import Pictures to Active Directory Users

For importing the picture that you want to set on your Exchange profile, you require a cmdlet: Import-RecipientDataProperty. The cmdlet is being used to import image in Exchange 2016.


You have to open command prompt window and type the following cmdlet:

Import-RecipientDataProperty-Identity <Mailbox> -Picture -FileData ([Byte[][]$(Get-Content-path<Image Path> -Encoding Byte -ReadCount 0))


Step 3: Validating the Procedure

To validate or check whether the image has been setup on your account or not, go to initial page of the Outlook and check whether the image has been uploaded or not. If not, then you must have performed the procedure incorrectly. In this case, repeat Step 1 and 2 until the image is not uploaded.


After going through the above information, we concluded with the fact that configuration of domain controller, i.e. Global Catalog is quite an important fact. If the configuration were improper, then the resultant would be that the Active Directory schema would not be activated. As a result, it was impossible to set the image on Exchange 2016. Moreover, if all goes correct, then user will successfully be able to setup account image in Exchange 2016.

Thanks & Regards
Tej Pratap

%d bloggers like this: