Category Archives: Exchange 2016

Configure Enterprise vault Archive for Exchange 2016 Server

In this article we will have a look at creating the EV Mailbox Archive task for Exchange 2016 server.

To know how to configure the storage can refer my previous post

Configure New Store, storage , provisioning groups in Enterprise Vault in Exchange Environment

To know the overview of the services can refer my previous post

All about enterprise vault services and its tasks

There are new additional configurations for the newly introduced Exchange 2016 in any environment for the Enterprise Vault archive to happen on them.We need to provision and target those servers for the archive to happen on their mailboxes.

As a first procedure we need to create system mailboxes for each new Exchange 2016 servers for the archive to happen on their mailboxes.System mailbox is nothing a dedicated mailbox which we need to create for the EV archive to happen on that server.
This mailbox should not be used for any other jobs and should not be hidden from the Address List.

Once we create this dedicated system mailboxes on new Exchange 2016 servers we need to grant permission to the Vault service account that is responsible to start the EV task on Exchange servers.Grant send as permission to the Vault service account on the newly created  Enterprise vault system mailboxes for Exchange 2016 archive to happen.

Its better we can move the Vault Service account to the Exchange 2016 server from the legacy server. This will not impact the previous exchange servers EV Archive process until the migration is complete.

Once this is done we need to run two powershell scripts  on the new Exchange servers to set the throttling policy and permission for the Enterprise Vault Service account.

These scripts are present by default on the Enterprise Vault Server in the below directory.


All we need to do is just need to copy these scripts on the Exchange server 2016 and run them as below

To set the EVthrottling policy run the below command 
.\SetEVThrottlingPOlicy.ps1  -User domain\username -server mbxserver -Version 2013 -DomainController DCname

Domain is the AD that the vault service account belongs to.
User name is the vault service account.
Server name is the Exchange 2016 server name.

Version is 2013 currently for 2016 server as well

To Assign Exchange Server permissions to the vault service account run the below command:
.\SetEVExchangePermissions.ps1 -user domain\user-name
domain is the AD that the vault service account belongs to
user name is the vault service account
server name is the Exchange 2016 server name

Once the above procedure is completed we need to create the target from the Enterprise Vault Server to the new Exchange 2016 servers

Inorder to do that

Login to Enterprise Vault Server with Enterprise Vault Service account

Open vault Admin Console

Navigate to Targets – Domain – Exchange server – New – Exchange Server


Proceed with the next option


Select the Exchange Mailbox Task


Select the system mailbox to use.Here we need to choose the designated EV system mailboxes that we created.


Once this is done the targets for the new server is successfully created.

Now we need to create a task for the each new Exchange 2016 servers for the archive to happen

In-order to do that open Vault admin console – Navigate to task – new exchange mailbox task.


Proceed with the next option


Choose the new provisioned Exchange 2016 Server


Once the new task for Exchange 2016 has been created we can schedule the archive period and the DB’s of those servers will be visible on the targets.


Do not make any change on the concurrent connections and the logon accounts on the task service its better to have them default.

After this is done we can move the mailboxes to Exchange 2016 from the previous version of exchange server.The provisioning group , targets and the retention policies will remain the same for the mailboxes moved to the exchange 2016 server.

Note: These steps are applicable only on a environment where there is an already existing Enterprise Vault configured on the legacy Exchange servers. These steps will be useful when we need to enable archive on newly introduced exchange servers. For a new configuration on the environment the Symantec configuration guide needs to be followed.

Thanks & Regards
Sathish Veerapandian
MVP – Office Servers & Services

Exchange 2016 policy tips explained

Policy tips are used to notify senders who are violating the company security policies.
For example if you have a DLP configured on your exchange to prevent users sending credit card numbers, this policy tip can notify end users about the risk of sending this email since you are violating the company’s compliance policy.

Also there is an option to provide a business justification for the message that you are sending  via policy tip.These policy tips are managed by the exchange administrator

What is the difference between Mail tips & Policy Tips ?

The policy tip configuration are applicable only to the DLP rules configured in your environment.

Mail tips settings are specific to each exchange account that you have configured outlook to connect  . There is an option to set mail tips preferences for each account by selecting that account in the apply to this account.

An example below for mail tip


Mail Tips is an organizational config which can be viewed by running the below command

Get-OrganizationalConfig | fl mail*


How does policy tip and mail tips work?

EWS is the main component for both policy tips and mail tips.
The service configuration operation in ews is responsible to get the configuration information for policy tips and mailtips.Service configuration uses WSDL (web service definition language) operation.

GetServiceConfiguration operation for policy tip returns  below things:

Policy nudges- Policy nudges for display in your client.
PolicyNudgeRulesServiceConfiguration – Contains the policy tip configuration data
PolicyNudgeRulesConfigurationType – Specifies the set of DLP rules and classification definitions that are sent to a client.
PolicyNudgeRulesType – Specifies a collection of DLP rules.
PolicyNudgeRuleType – Specifies a single DLP rule.

How Policy Tips functions in the background:

a) Sender Composes a new message and addresses the message to a recipient.
b) During message composition the client submits a GetServiceConfiguration (Policy Nudges) request  through the  Exchange web services.The request is submitted as a SOAP message over HTTPS.
c) Exchange Web Service receives this SOAP request and uses the information to authenticate the SOAP request and then queries:
Active Directory – for the recipient. The active directory request is executed as an LDAP query.
Mailbox Servers – To retrieve DLP configuration and check the policy tips message notification configured for this DLP.
The Active Directory and mailbox servers then return the results to exchange web services.
Exchange web services – returns the result to the client.
Client-  will be able to see the Policy Tip information for that user account who is trying to compose an email which does not meet the company compliance policy according to the configured DLP.

In-order for the policy tip to work on Outlook the below option  policy tip notification must be enabled on the client side.

p1 (1).png

To enable the policy tip for the DLP we need to select either enforce or Test with policy tips option on the DLP we created like an example below


We can further customize the policy tip from the below options

Notify Only – This shows an informative Policy Tip notification message about a policy violation.But the sender can send this message.
Allow the sender to override – Block the message unless it’s a false positive, Block the message, but allow the sender to override and send.
Block the message – Your text only appears when a Block the message action is initiated.
Link to compliance URL – This link is displayed in the Policy Tip when a user clicks the More details link.



Further the policy tip configuration can be viewed by running the below command

Get-PolicyTipConfig | fl 


1.Policy Tips are available to people sending mail from Outlook 2013, Outlook Web App, or OWA for Devices.

2. Policy tips aren’t supported in Office 2010 or earlier versions of Office.

Thanks & Regards

Sathish Veerapandian
MVP – Office Server and Services

Monitor Exchange 2016 services

In this blog we will look on ways to monitor the exchange 2016 services.

Configure health probes on Load Balancers:

Till Exchange 2010 the monitoring exchange we were dependent on SCOM . The SCOM management pack contained SCOM’s health manifests and correlation engines which used to collect analyze and report through SCOM.

The Exchange CAS servers were load balanced on a VIP and the LB’s used to check the CAS nodes just by pinging or telneting them frequently on port 443 , 80 to check the availability.
Behind the scene there can be the application services which might not be available like Exchange services not running but still the LB’s can ping them on required port.

In this case still the connections will be going to the CAS server on which the exchange services are stopped and unavailable .This does not give a 100 percent high availability and monitoring.

To address this From Exchange 2013 Microsoft has released a new component called Managed Availability.This is a self healing internal component that runs on every exchange server to monitor and fix any issues with the services on their own.It polls and analyzes hundreds of health metrics every second.

So there is a component called health probes which should be configured  to monitor the Exchange services on the load balancers where the exchange services are published.

So we need to monitor the below probes from the loadbalancer:


So basically servers are monitored from the load balancers on each protocol level.

Meaning as per below example if the MBX1 has issues with OWA service and managed availability marks this service down the load balancer with the above configuration will be able to identify that MBX1 has only issues with OWA through offline responder and will take only the owa service out and keep the remaining service available and functional which is very good.


We can run the below command to check  the component state

Get-ServerComponentState -Identity servername


We can take the required components inactive during our maintenance interval as well.

We will speak  only little bit about the components that are involved in managed availability since there are very good blogs about managed availablity written by  other experts and MVP’s and do not want to explain them  again here.

Managed Availability has two  groups:
Health Sets – This is an  internal view managed by managed availability using probes, monitors, and responders.It has the inbuilt capability to recover the services on its own if any issue occurs.

Below are the main components involved in Managed Availability

Probe – Check the services and its status very frequently.

Monitor – Monitors the probe result

Responder- Component responsible to take necessary action.

Responder has again below components :

Restart Responder – Terminates and restarts a service
Reset AppPool Responder – Stops and restarts an application pool in Internet Information Services (IIS)
Failover Responder – Initiates a database or server failover
Bugcheck Responder – Initiates a bugcheck of the server, thereby causing a server reboot
Offline Responder – Takes a protocol on a server out of service (rejects client requests)
Online Responder – Places a protocol on a server back into production (accepts client requests)
Escalate Responder – Escalates the issue to an administrator via event logging.

So the above tasks  for health sets is an automated action and we do not need to perform any steps from our side.

Health Groups – Health groups are exposed to System Center Operations Manager 2007 R2 and System Center Operations Manager 2012 and reported  via dashboard.This health group is required for the SCOM to give a detailed dashboard report of the exchange status.
Any issues that can’t be recovered automatically are escalated to the Exchange 2016 Management Pack as an alert
Responder that’s relevant for the Exchange 2016 Management Pack is the Escalate Responder.
When the Escalate Responder is triggered, it generates an event that the Exchange 2016 Management Pack recognizes and feeds the appropriate information into that alert that provides administrators with the information necessary to address the problem.

Below are the new additional health indicators added in the Exchange 2013 management pack


Customer Touch Points: This shows the end user experiencing status. If this indicator is healthy, it means that the end users do not have any issues with connecting to exchange and using its components.

Service Components: This shows the state of the particular service associated with the component.
For example, when navigated to the service component indicator for mapi this will indicate whether the overall mapi service is healthy.

Server Resources: This shows the state of physical resources that impact the functionality of a server.
Key Dependencies: This shows the state of the external resources that exchange requires to function. Examples like network connectivity, DNS ,Active Directory, storage.

Very IMP Note: There is not separate management pack available for Exchange 2016. Exchange 2013 & 2016 uses the same management pack as of now and Microsoft recommends to use only Exchange 2013 management pack for exchange 2016.

How to respond when Managed Availability cannot resolve a problem on its own:

Exchange team has centralized Exchanged monitoring inside of Exchange.
We can no longer configure monitoring thresholds in SCOM (other than turning on or off the SCOM monitor)
So how we admins can troubleshoot when the issue occurs :

Example if the owa says its unhealthy it is reported on the SCOM via an event logged on mailbox server

Check owa component state by running the below command on the affected mailbox server
Get-ServerHealth | ?{$_.HealthSetName -eq “OWA.Proxy”}

Also check the owa healthcheck htm availability  and see if you are getting 200 ok response by accessing the below url


Then we can start troubleshooting  on the affected component and try to bring them up.

Also noticed one thing that the managed availability will generate some logs on the below location.


We can disable this and its not required and perform the below steps

Goto your exchange servers

Open <ExchangeInstallPath>:\bin\MSExchangeHMWorker.exe.config in a administrative notepad

Find the Line <add key=”IsTraceLoggingEnabled” value=”true” /> and change to false and save. Reboot server and you can now clear the logs in the monitoring path and they will not regenerate

Reason not required:If you take you time to look at the bottom of this config file it will say “Used for Exchange Online only” Microsoft have confirmed this has been set to true in error.

Note: Managed availability will never record any logs for the health probes and its value is stored in temporary memory only so we don’t need to worry about the health probes.

Hope this gives some idea in configuring the monitoring for Exchange 2016.

Sathish Veerapandian

MVP- Office Servers and services

Exchange 2016 install error – Tried to create new default OAB but the object already exists

We might get this below error on installing the first Exchange 2016 on a coexistence setup with Exchange 2013 or Exchange 2010.

When looking through the setup logs we can find the below reason to stop the installation.
                Write-ExchangeSetupLog -Warning (“Tried to create new default OAB but the object already exists; it may have been created by another instance of setup.”)

Resolution :
Open ADSI Edit, go to CN=Configuration,DC=domainname,DC=local\CN=Services\CN=Microsoft Exchange\CN=Container\CN=Address Lists Container\CN=Offline Address Lists
Right click on the Exchange 2010/2013 OAB (according to the legacy exchange version you have )and click Properties.

Look for the value ‘msExchOABDefault‘ and Make this value to Not Set or False and then click apply ok.




What is this  msExchOABDefault ?
This is a Boolean attribute in the offline address book  properties.

The already existing Exchange setup might be having this value set to True.
This value can be either True ,false or Not Set .

If its set to true then this will be the offline address book for any mailbox store, databases in the organization.
Why it fails with this value True is because the Exchange 2016 setup successfully creates the new OAB container in the ADSI EDIT during the installation.When it attempts to set this value to True it fails because the old one has already value set to True.
There can be only one Offline Address Book in a Organization which value can be set to True which is the default OAB.

Now rerun the setup and it should be completed without any issues

After successful installation we can see the default value set to True on the higher version of Exchange as below


IMP Note:

Be careful while performing the steps on the ADSI EDIT container since deleting any objects accidentally will lead to a big issue. Better to take a backup before performing any actions on the ADSI Edit.

Sathish Veerapandian

MVP – Office Servers & Services

Content Index and search in Exchange 2016

In this article we will have a look at content index in Exchange 2016 and its improvements

A Small background functionality of how Indexing works in the background:

Index will contain all the search data for database and its copies. This will create a search data for all the mailboxes in that database.This data will be stored in a GUID on corresponding databases on the same location in a folder  and has sub-folders in it.This will help all end users search query from their mailbox.

So basically this will be like an index for a book where we usually look for the subject page location and navigate to the right page. This index functionality is also similar where it looks for the specific email based on the executed search query from the users and returns the appropriate results.

Exchange 2016 uses the same Fast Search index which was introduced from Exchange 2013.

We can see that corresponding file FastSearchIndex as well in the below location on indexing folder in Exchange 2016 as well..

So how does the indexing functionality work with Fast Search Index ?

This fast search index has two core components :

CTS – Content Transformation Service:

This service is responsible for performing the actual background work . When the search query reaches here it actually filters the request and performs the search content analysis with  dictionary matches, keyword matches and parsing data with regular expressions. These all  of them are preloaded registered filters on Exchange 2016 Mailbox Server. From Exchange 2016 this parsing retry logic and search result cap have increased from 30 to 250 search refiners which will give a better  search results.

As soon as the search process with this CTS reaches the corresponding database store where the mailbox resides that’s when the below event ID gets created.


IMS – Interaction Management Service:

This component receives the prepared search results from CMS service processes and then sends the search results back to the user.

The corresponding service which is responsible for these components is Microsoft Exchange Search.


Rest of the content index operators statistics remains the same as Exchange 2013


What happens when you rebuild an index ?

Usually we don’t require to rebuild the index until the database and copies goes in inconsistent state which is very very rare case in a well planned deployment. But when index is rebuilt Exchange will create a clone copy of the existing database and will use this copy to rebuild the index from the scratch.This will take lot of time to rebuild the index and will consume cpu ,memory and disk .

Search Enhancements and improvements from Exchange 2016:

In earlier versions of Exchange these passive database  copies index will be updated from the active copies.This will  consume more resources CPU time , memory and also disk space 10 to 20 percent.

From Exchange 2016 the indexing of passive copies is done on the passive itself rather than getting it from active copies. This will definitely reduce the utilization of the system resources and network which is very good.

Calendar search which is available only from Outlook Web App at the moment.



Enhanced server power search and hand off to the end user is available for all Outlook 2016 clients.

Which means from Exchange 2016 with Outlook 2016 client end users will not get this below screen with option “find more on the server”  anymore


By having this as a default search index from  Outlook 2016 client this will seamlessly search on the local cache(ost) ,Exchange 2016 computer and provide better results in the first search itself. Important point to note is that the client computer needs  an internet connection to have the server side search .

The good thing is that after configuring  outlook profile  for a user having huge mailbox size  on a new laptop the help desk team no longer needs to wait for the local OST file to be cached and indexed since the server side search is attempted on the first try itself.

When  offline, still the search will be performed against the Windows Search Index on the computer.

Based on my experience with the enhanced search from Exchange 2016 is really faster and returns appropriate results with outlook 2016 client.

Thanks  & Regards 

Sathish Veerapandian 

MVP – Office Servers & Services 

Exchange 2016 Migration planning on phases

When it comes to migration we always need to plan properly before we start the actual project.Study on the the existing messaging environment as a whole and deriving  a detailed analysis is much required.
Study in terms of existing storage, current number of active users,mailbox traffic utilization , load on the exchange servers, email relay on the servers ,email security setup and messaging related components.

This will really help in understanding the current requirement for email platform and therefore we can scale-up the new environment in a healthy way.
Also by doing this study and implementing the new setup can run for another 5 years without any hassles.

In this article we will have a look at some steps which will help in doing an exchange migration in phases for a smooth and successful migration.

Phase 1: Analyzing existing environment :

I have segregated few core components in this phase that can help for better migration.

a) Email Traffic

Analyze the current email traffic flow of the whole environment in terms of monthly, weekly and daily email traffic.
Better to collect 3 sets of data on the above and get the average value on them.
By doing this we can actually plan very well for the new migration in terms of storage and network bandwidth.

b) Active Users

Determine the current number of active users in the environment . If there are mailbox statistics which have been collected on monthly basis in exchange reports it will be better.

By seeing this we can actually analyse the mailbox growth on a monthly basis. This will help us to calculate to some better value in terms of mailbox growth for the organization in the future.

c) Mailbox Growth & Quota

Again analyzing the Mailbox statistics report will give a better result to calculate the mailbox growth of individual users for the next 3 years. We need to calculate them based on the current growth from the time current exchange version is running and depending upon the nature of email traffic. Better to have an overhead value of 50 percent more which will run for a long time without any bottleneck.

Phase 2: Preferred Architecture


Microsoft recommends to have the Exchange servers to be running on physical VM. Since their new architecture is a very good approach which does not require a  very high configuration server ,because they say for future requirement perform a scale out and not scale up( which means bring up an additional mailbox server in future when required and do not scale up the hardware in the initial configuration) which perfectly makes sense.

In any case the Exchange 2016 Calculator needs to be used first to derive the values of your requirement.

Exchange 2016 Calculator

So if you are planning for a physical servers all we need is  a decent server with below configurations minimum.

You can use Commodity server platforms as the PA with the below minimum configuration.

1) 2U, dual socket servers (20-24 cores) according to your requirement choose the cores.
2) Maximum 96GB of memory according to your requirement choose the memory.
3) battery-backed write cache controller
4) 12 or more large form factor drive bays within the server chassis
5) Probably the server with DAS storage.

Virtual (Vmware or Hyper-V):

Though Microsoft recommends the PA to be on the physical server but still the environments running on VMware , Hyper-V have no options if they continue the new provisioning on the VM.

But still if VM is the plan below are the recommendations for  VMWARE:

1) Each new provisioned Mailbox/Edge Server  should have a reserved memory.Exchange Server 2016 calculator results are driven by the expected amount of loads that will be generated based on the actual inputs.

2) Microsoft supports up to 2:1 virtual-to-physical CPU allocation for Exchange Server 2016 in a virtual environment. VMware recommends to leave the cores per socket count at one at all times

3) Storage can be Fiber Channel, iSCSI, and network-attached storage (NAS) shared-storage protocols.

An Example below of how storage can be provisioned for Exchange 2016 VM.

We can use any one of the option Data Stores virtual disks  or RDM Raw Device mappings.


VMware recommends that you set up a minimum of four paths from an ESXi host to a storage array. To accomplish this, the host requires at least two host bus adapter (HBA) ports.

VMFS supports RDM . This  allows a virtual machine to directly access a volume on the physical storage subsystem through Fiber Channel or iSCSI.

The decision to use VMFS or RDM is not dependent on Exchange .So its better to check the backup to ensure it supports the above configuration.

New Improvements in Exchange 2016 have made Exchange 2016 Lower Storage I/O than earlier versions.
But still with a careless planning on storage especially for Exchange will result in a Poor Exchange infrastructure. Concentration on this part is very much required and we need to spend more time on this before building the setup.

4) Network Considerations

Vmware Recommends to use the VMXNET3 network adapter – This  provides better data transmission  with reduced CPU utilization. Better to have single network per site.

From Exchange 2016 since the data is replicated on one network all we need is one NIC card with the above configuration.

Also have Layer 7 load balancing with no session affinity. Also decide your network link and network link latency based on your previous calculated value from the phase 1.

Phase 3: Verify the Exchange Dependent Components Compatibility

After completing the two phases now we need to check the support compatibility of Exchange dependent components.

Below are most of the dependent components

1)   Check your current backup with Exchange and see if it supports Exchange 2016.

2) Check for any Transport categorizer  level Third party software’s compatibility. It can be any Antispam , Antivirus , Signature solutions etc …,

3) Check with existing journaling solution and its compatibility.

4) Check with  existing Archive solution if there is any and see their compatibility.

5) Check with MDM solutions  and its compatibility. There is no more MAPI/CDO support from Exchange 2016 . So you need to make sure that all MAPI/CDO components are retired.

6) Check the current Monitoring solution for Exchange and see if it supports Monitoring Exchange 2016 integration.

Phase 4: Data Center Design 

a) Active Active site : We can go with this option if we have a well connected round trip network latency. By using this option we are utilizing both the sites efficiently. If the data-centers are connected and having a good redundant paths we can choose this option.

b) Active Passive site : Active Passive option is also good but the only part is the DR resources will not be utilized most of the time unless and until there is some issues with the main site unavailability.

For any of the above configuration the preferred architecture is each of the data center should have its own Active Directory Sites.

This is because Safety Net and Shadow Redundancy will work  only when the DAG members are spanned across more than one Active Directory sites.

Phase 5: Deploy & Test the performance

Once above all factors are considered we can go ahead and deploy the Exchange 2016 as per the plan .

In this phase better not to join the servers to the existing infrastructure. We actually need to see if the provisioned servers, storage , networks are strong enough to handle the real load on them.

For that its better to create a dummy domain , not join them on existing domain and test the performance of the provisioned servers by using Exchange Load Generator and Exchange Jet Stress Analyzer.


To check the performance of the disk we can use JetStress Analyzer

Exchange Jet Stress Analyzer

To simulate the end users load we can use Exchange Load Gen Analyzer

Exchange Load Gen Analyzer

Once the loads and performance are tested on the newly provisioned servers we can go ahead and start the coexistence migration.

In the next blog we will discuss on coexistence migration phase.

Hope this helps

Thanks & Regards

Sathish Veerapandian

MVP – Office Servers & Services

Mailbox move from Exchange 2010 to 2016 might stall with the message move status RelinquishedWlmStall

Recently on one of our migration from Exchange 2010 to 2016 we were unable to move the mailboxes from Exchange 2010 and 2016.

It was giving us the below error and the move request was not progressing


Not sure what was the reason behind this but Below are the possible work around :

1) First preferred option is we can submit the new move requests by modifying the Priority to emergency or highest by running the below command.
New-MoveRequest -Identity Mailbox -TargetDatabase “DB Name” -BatchName Test -Priority Highest

There is an option of modifying the workload type of MRS as a whole from Exchange 2016.
But this parameter is reserved only for Microsoft at the moment.
This is because not to change the workload parameter for the move requests since the other operations might be affected and might run out of resources.
Its better to use the above command only which will bypass the WLM throttling and will not disturb the other system operations.
Anyways we do not have an to option to specify this parameter at this moment and as per my view this is good based on the previous line.

2) As a workaround for the ReLinguishedWlmStall Status we can also temporarily change the following registry key:

Change “MRS” value in the Exchange 2016 server

Navigate to  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\MSExchange ResourceHealth] and set the value to 0 on the 2016 server.
Then restart the Mailbox Replication service.
Now try the move requests

3) Also you can create a new management override temporarily until the migration completes by running the below command. But keep this as a last option.

Get-ExchangeServer | ?{$_.AdminDisplayVersion -like “*15*”} | ForEach {New-SettingOverride -Component “WorkloadManagement” -Name “$_ MRS Override” -Server $_.Name -Section MailboxReplicationService -Reason “move request temp” –
Parameters Classification=Urgent -MinVersion 15.0}

Usually they say that this issue might occur if there are any performance issues experienced on the server.
But in my case there was no performance issue experienced by exchange 2016 server.
IMP Note:

These all changes must be done carefully on production environment after careful analysis and investigation.
There are few chances that the other operations might be affected on changing the Work Load Management option.
Keep an eye of the system resources during this process and Make sure that you revert back all the settings once the migration is completed.

If you want to know more on Work load Management there is an excellent write up by MVP Ratish –

Thanks & Regards

Sathish Veerapandian 

MVP – Office Servers & Services

Quick Tip – legacy log off mode for Exchange 2016 OWA logoff request

As we know the importance of securing the web applications which are published on the internet have been increased.
So usually these external url’s are published in a secure way via reverse proxy which will handle this job.

When a end user logs into the OWA URL the session proxies via the published reverse proxy.
From Exchange 2013 we can notice that clicking on logoff will not trigger GET/OWA/Logff.owa like it was till Exchange 2010 where it generates a logoff page owa/auth/logoff.aspx?Cmd=logoff&src=exch
This log off page in 2010 was used by few Reverse Proxy to terminate the connection. This value can be modified in Exchange 2013 web.config file to bring this same page like 2010.

On Exchange 2016 we need to perform the below operation :

Navigate only to the below location


Remove the following line and do iisreset(make sure you make a backup of web.config before you do this):
<!– Disable logout page temporarily until UX is updated –>
<add key=”LogonSettings.SignOutKind” value=”LegacyLogOff” />


After performing this action the cookie session can be terminated.


Sathish Veerapandian

MVP – Exchange Server

Configure Mapi/Http in Exchange 2016/2010 Coexistence

In this article we will have a look at the steps to configure MAPI/HTTP for all users in Exchange 2016 server.

We need to understand this point very clearly.

Since the MAPI/HTTP protocol is supported only from the Exchange 2013 with exchange 2016 & Exchange 2010 coexistence the behavior will be :

  1. Exchange 2010 users will be getting the RPC/HTTP connections on their outlook.
  2. Exchange 2016 users will be getting only MAPI/HTTP connections on their outlook.

Reason :

From Exchange 2013 we had an option to choose either RPC/HTTP or MAPI/HTTP .But from Exchange 2016 Microsoft has totally retired the legacy RPC protocol and wrapped them via MAPI/HTTP through which all the connections will be only via mapi/http.

In-order to accomplish this task you need to make few changes in exchange, firewall as well as DNS side.

So basically the connections will go like the below


For Exchange 2010 Users: 

From internet (RPC/HTTP) – Firewall receives/RPC requests – The request is forwarded to Exchange 2016 CAS services – Connections are proxied back to Exchange 2010 CAS server

For Exchange 2016 Users:

From Internet (MAPI/HTTP) – Firewall received /MAPI requests – The request is forwarded to Exchange 2016 CAS services – Connections are directed to Exchange 2016 Mailbox server.


Now lets see the steps that we need to do to accomplish this task:

On Exchange

  1. Run the Command Set-MapiVirtualDirectory and set the external URL of MAPI virtual directory


Set-MapiVirtualDirectory -Identity “mapi (Default Web Site)” -InternalUrl -IISAuthenticationMethods Negotiate,NTLM,OAuth

Better to keep the authentication negotiate for the legacy clients till the migration gets completed from Exchange 2010

If we could recollect for Exchange 2013 users we need to run this command to enable MAPIHTTP for end users

Set-OrganizationConfig -MapiHttpEnabled $true

Since from exchange 2016 the default connections are mapi/http this command has been depreciated and hence can skip this step.

So all the outlook clients who are connecting via MAPI post autodiscover request exchange 2016 server accepts them and understands that its is coming from MAPI/HTTP
later it gives the required way to connect for the MAPI clients

2. Point your autodiscover DNS records to the Exchange 2016 server. So for the Exchange 2010 users the connections will be proxied to the Exchange 2010 CAS by the Exchange 2016 CAS service.

3. On your firewall allow connections for both /RPC and /MAPI for Exchange 2010 and 2016 connections. Once the Migration is completed you can remove the /RPC rules from the firewall since all the connections are going to be through MAPI/HTTP .


Few more important Tips:

Outlook 2013 and later all the connections will be established MAPI/HTTP by default and so the connections will be fast.

If the end users are using Outlook 2010 and would need to connect to Exchange 2016 mailboxes they need to have the latest Outlook service Packs installed on their PC.

If you have Outlook 2013 user and wants to connect to the legacy mailbox which resides on the exchange 2010 you can use the below registry key to disable the mapi/http attempt on their PC

HKEYCURRENTUSER- Software – MicrosoftExchange – create a new DWORD  “MapiHttpDisabled” with value 1.


Hope this helps


Sathish Veerapandian

MVP – Exchange

Quick Tip for Bringing up an Exchange 2016 in an Exchange 2013 Environment

There is something called Up-version proxy by which your Exchange 2013 CAS can handle all the connections for Exchange 2016 mailbox servers.

By having this you have a flexibility to introduce Exchange 2016 servers configure DAG on them , Move the mailboxes and do not worry about the CAS URL’s , since exchange 2013 have the capability to route the connections to exchange 2016 mailboxes.

Later you can introduce the CAS services into your LB’s , point your CAS URL’s to Exchange 2016 services.Exchange 2013 can proxy requests to Exchange 2016 and Exchange 2013 and one more good thing is that  Exchange 2016 can exist in the same load balanced CAS array.


So the best approach would be:

1.Prepare your AD
2.Make sure that you install CU10 on your Exchange 2013 servers
3.Bring Exchange 2016 servers
4.Configure the URL’s
5.Configure the certificates
6.Move few pilot users and test the coexistence
7.Configure DAG
8.Start staged migration by moving sets of mailboxes
9.Point all your CAS URL’s to point to your exchange 2016 services
10.Install certificates on the Exchange 2016 CAS servers
This might help you for the certificates

Also there is Exchange 2016 sizing calculator is out. Please use them to configure according to your environment.

Note : Exchange 2007 and earlier won’t be supported for coexistence, So make sure you do not have any legacy versions running on your environment.

It will be much easier for you if you have Exchange 2013 in your environment since the CAS services can still remain in exchange 2013 until your migration is completed.

But if you have only  Exchange 2010 in your setup then you will need to move all of your external URL’s to exchange 2016 and place your SSL certificates into the Exchange 2016 servers and then start the migration.


Sathish Veerapandian

MVP – Exchange Server

%d bloggers like this: