EzCloudInfo

Good for Enterprise Overview and Introduction

Good For Enterprise, Mobility April 4, 2014 Leave a comment

Good for Enterprise™, is a Good Technology product offered from AT&T.

Provides wireless synchronization of corporate emails outside the network.

Compatible with Android, IOS , Windows phone and palm mobiles.

Users can access and send their emails on the go through encrypted security without any data leakage.

Good works with integration of Exchange server through an service account authenticated.

Good for Enterprise further integrates with Good-secured apps such as Good Share™ and Good Connect™ to extend desk-based collaboration to mobile devices, increasing user efficiency and productivity outside of the office through ssl.

Good for Enterprise is built on Good’s next-gen containerization, which enables secure data sharing between Good-secured apps as well as app-level encryption independent of the device used In the event a device is lost or stolen, business data can be wiped or locked without impacting personal data

For example, IT can prevent employees from opening files in unsecured apps, backing up business data to personal cloud-based services, or copying and pasting business content into consumer apps or personal email.

Data transmitted over the air, and at rest on devices is secured with industry-leading FIPS-validated AES encryption. There is no need to change firewall settings or set up new inbound connections—all Good servers are deployed behind the firewall with a secure outbound connection using standard port 443. More importantly, Good’s Network Operations Center verifies device compliance before devices are allowed to connect to Good’s inside-the-firewall server.

Below table explains the complete feature of the Good compatible with the various versions of Devices.

Good Enterprise Administration

Good for Enterprise helps accelerate mobility adoption by including integrated device and application management capabilities, giving you complete control over your mobile deployment.

From a central, web-based console, you have full visibility of your entire device fleet. You can provision new devices; enforce security policies, and remote wipe enterprise data or the entire device from a single location.

Good Architecture

Good for Enterprise provides automatic synchronization of email, calendar, and contacts, notes the user’s Microsoft Exchange Server account and iOS, Android, Windows Mobile, Palm, or Nokia handheld.

Good Mobile Messaging Server software monitors the user’s Exchange account and forwards all account activity to the user’s handheld via the Network Operations Center and your wireless network.

Similarly, changes made at the handheld travel over the wireless network, and are returned from the Network Operations Center to Exchange via Good Mobile Messaging Server. The email arrives at both the user’s desktop and handheld, available to be read, forwarded, and replied to from either location.

A user can have his/her Outlook account synchronized to multiple handhelds

In a simple way lets have a look at the below example

There are 2 users User A and User B

User A has mobile account configured with Good

When user A sends email to User B mailbox below is the transaction result

Scenario 1:

User A sends email from mobile -> mail goes through wireless N\w -> Mail reaches Good operations Center -> Reaches our corporate firewall -> updates Good Messaging server -> Reaches MIcrosoft Exchange -> Finally reaches users outlook

Scenario 2:

When User B sends email from his outlook to User A

User B sends email from OUtlook -> Mail goes to Microsoft Exchange -> Reaches Onpremise Good Messaging Server -> Goes through internet -> Updates the Good Operations centre

More Similar it uses the same concept of RIM in BlackBerry Enterprise Servers.

Multiple Exchange and Good Mobile Messaging Servers

Good Mobile Messaging Server can maintain user accounts on multiple Exchange servers.

Good Mobile Control Server uses the Exchange Global Address List (GAL) to list, monitor, and manage handheld users across sites. The console is used to assign handhelds to users and to monitor and manage Good Mobile Messaging Servers.

If you have thousands of handheld users, you may need to install additional Good Mobile Messaging Servers to handle the synchronization tasks. Each new Good Mobile Messaging Server will need to be installed on a separate machine

When configuring Good Mobile Messaging Server to connect with an Exchange Server, the speed of the network connection must be a sustained minimum rate of at least 100Mb/s

In the next coming mobility blog i will further discuss about the installation of the GOOD Enterprise Servers in the Exchange 2010/2013 Environment.

Mobile Iron Overview

Mobile Iron, Mobility March 31, 2014 1 Comment

About Mobile Iron

The company Mobile Iron Inc., is headquartered in California

The company was founded by Ajay Mishra, Suresh Batchu and Bob Tinker, 2007. Tinker is current president and CEO of the company, Batchu is CTO.

What do they do?

They are the Manufacturer of solutions for Mobile Device Management (MDM) and Enterprise Mobility Management (EMM) for the management of mobile devices such as smartphones and tablet computers as well as the content and software distribution for these devices across the Messaging enterprise of an organization.

What is Mobile Device management (MDM)?

Mobile Device Management is a term used in information technology and stands for the centralized management of mobile devices such as smartphones, sub-notebooks , PDAs or tablet computer by one or more administrators with the aid of software. The management refers to the inventory of hardware in organizations that software and data distribution, and the protection of data on these devices. Because these devices via cellular / WLAN contact with the company network, and problems of wireless management must are dissolved.

What is Enterprise Mobility Management (EMM)?

Enterprise mobility management (EMM) is the set of people, processes and technology focused on managing the increasing array of mobile devices, wireless networks, and related services to enable broad use of mobile computing in a business context. This is an emerging discipline within the enterprise that has become increasingly important over the past few years as more workers have bought smartphone and tablet computing devices and have sought support for using these devices in the workplace.

The main challenges of determining the right enterprise mobility strategy for an organization is to relate the available mobile IT to the overall purpose of the work conducted, to determine how closely the business process should be aligned to the mobile IT, and how to support mobile workers when they are using these devices in the workplace.

Confused about MDM and EMM?

Let’s compare the difference between MDM and EMM.

MDM – Is used for managing the software installed on the mobile devices and if any new mobile devices trying to activate it checks whether it meets the MDM policy configured. It has the list of permissible and non-permissible software’s/applications that can be used in the corporate mobile devices.

EMM – Is used to add/ remove users in Mobile Iron.

This MDM feature in Mobile iron can be administered and monitored in 3 ways.

VSP (Virtual Smart Phones)

Sentry Servers

Atlas servers

What is VSP?

The Mobile Iron Virtual Smartphone Platform (“VSP”) is the central hub of the Mobile Iron solution. It may be deployed as a physical hardware appliance or as a virtual appliance using VMware ESX or Hyper-V. The VSP interfaces with the Mobile Iron application and enterprise resources such as LDAP, Exchange ActiveSync, certificate authorities.

So in a simple term it is just acts as an interface between mobile iron server and Microsoft Exchange. Nothing more involved in VSP apart from interface.

What is Mobile Iron Sentry?

Mobile Iron Centry provides access control for email. Sentry connects to Microsoft ActiveSync-enabled email systems such as Microsoft Exchange, IBM Lotus Notes, Google Gmail, and Microsoft Office 365. Like the VSP, it may be deployed as a physical hardware appliance or a virtual appliance using VMware ESX. Mobile Iron Sentry is included in the Mobile Iron Advanced Management package, though the hardware appliance is sold separately.

In a Simple term Mobile Iron Centry acts as a security control and gives access control, authentication to connect to any messaging servers and access the data from them. So centry authenticates and connects to the messaging platforms whereas VSP is just an interface.

How to access VSP – https://serverfqdn/admin

What is Atlas?

Mobile Iron Atlas is an advanced management and reporting console that provides highly scalable administration, reporting, monitoring, and troubleshooting across the Mobile IT lifecycle. Atlas collects information on device and application metrics and status, identifies potential issues, and provides actionable insights that enable an administrator to assess critical information and apply corrective steps. Atlas is a part of the Mobile Iron Advanced Mobile Management product.

Below screenshots are examples of Atlas consoles

Administration part in Mobile Iron:

Issues related to the Mobile Iron VSP can be separated into two categories:

Admin Portal

System Manager

Admin Portal

Helps in user reporting user deleting mobile iron profile, user deleting mobile iron app, unable to download mobile iron app. 99 percent In Most cases device needs to be retired and reregistered from Mobile Iron.

System Manager

After installation, most configuration tasks are performed in the System Manager portion of the Mobile Iron Admin Portal. The System Manager enables you to: Complete the configuration steps necessary to implement the Mobile Iron VSP, manage basic network settings established during installation, manage how Mobile Iron fits into your infrastructure, upgrade the VSP, troubleshoot VSP issues and perform basic maintenance tasks.

So we do not need to have access system manager always especially for Help-desk team as it has all the configuration change that needs to be done which will not be required for user management tasks.

Comparing the differences between Antispam agents from Exchange 2010 to Exchange 2013

Antispam, Exchange2013 March 21, 2014 Leave a comment

Microsoft has built in Anti spam feature which can be enabled from Exchange 2003 versions. We can enable this feature as a part of additional security along with additional spam configurations and settings that have been configured before it reaches our network.

But we need to always ensure that we are aware of all the settings configured in the spam filtering in our organization in all the levels as it can interrupt the end users in sending and receiving emails if this configuration is not correct.

In this article we will be looking at how about Anti spam features in Exchange 2013 and its features

Now we will look at how to enable the Anti spam feature in Exchange 2013

By default the Anti spam agents are installed in Exchange 2013 if enable Anti spam option during the time of installation. Else we need to install them after the installation.

In Exchange 2010 the Anti-spam will be enabled on the HUB & Edge servers.

In Exchange 2013 we need to enable Anti-spam agents in the Mailbox servers since the transport categorization takes place on mailbox server.

From Exchange 2013 SP1 we have edge servers in which we can enable the Anti-spam agents as well.

The installation of the Exchange Anti-spam agents is the same step as we do it for Exchange 2010.

We just need to navigate to the exchange installation path directory and navigate to below location and install the Exchange Anti-spam.

Once the Anti-spam is installed we need to restart the Microsoft Exchange Transport Service for the changes to take effect.

After we restart the transport service we can run Get-Transport agent and see if Exchange Anti-spam agents are installed.

We can further have a look at this by pipe-lining the output

Now comparing the differences between anti-spam agents in Exchange 2010 and 2013.

This is the output of the Exchange Anti-spam installed on Exchange 2010.

This is the output of the Exchange Anti-spam installed on Exchange 2013.

When we compare the Exchange Anti-spam agents between Exchange 2010 and 2013 we can see in Exchange 2013 there is a new transport agent component called Malware agent which is been introduced. This is a built in Antimalware protection for on premise which can be enabled for additional security.

Also we can notice that the connection filtering agent is not present in Exchange 2013 mailbox servers and they are present in the Edge transport servers since the connection can be decided and filtered at the perimeter level itself.

Once after we enable this Anti-spam agents there will be a default Anti-spam created as we can modify them through EAC as well as shown below.

In addition to the default malware policy we can always create custom policies as per our requirement and assign to our organization. There are more parameters which can be altered. Below is an example.

This Exchange Anti-spam feature is a global level feature which cannot be altered server level and group level.

It’s always better to download antimalware engine and definition updates from Microsoft Download Engine and Definition Updates to keep the Anti-Spam Features up to date.

Steps to enable intraorgprotocollogginglevel in Exchange 2013

Connectors, Exchange2013 March 13, 2014 Comments: 2

Intraorgconnectors are the connectors used for the communication for the internal Hub servers from Legacy servers as well as from the same version of hub servers for communications between different Sites,shadow redundancy and safety net.

We can enable this protocol logs at the time of troubleshooting in scenarios where there is mail flow issues happening between Exchange 2010 and Exchange 2013 and mailflow between sites .

In Exchange 2013 since the hub role is removed and split into 3 transport services it can be enabled only on the transport service running on mailbox server.

Now we will see how to enable this option

Run below command to see if the intraorgprotocollogginglevel is enabled or disabled

Get-Transportservice “mbx2013servername” |fl*intra*.

Run the below command to enable verbose logging in intraorg connector

Set-Transportservice CAS2013servername –intraorgprotocollogginglevel verbose

Below path is the location where we can see the logs recorded.

<installationdrive\Program Files\Microsoft\Exchange Server\V15\TransportRoles\Logs\Mailbox\Connectivity

Now let’s send an email from Exchange 2010 server and see the output of the results

Test email sent from Exchange 2010 user to Exchange 2013 user

As soon as the email is sent from Exchange 2010 to 2013 you can see a separate queue created with Hub version 15 as shown below.

This is again a good place for us to note in case of scenarios where mailflow not happening between Exchange 2007/2010 and 2013 and mailflow issues between hub transport servers and sites. It can give us few more information in the last error state.

Below is the email received by Exchange 2013 user .

Now when you open the logs and below is the result of a successful transaction

This will be helpful in troubleshooting mailflow between Exchange 2007/2010 and 2013 servers.

Pipeline Tracing in Exchange 2013

Exchange2013, Pipeline Tracing March 10, 2014 Leave a comment

Pipeline tracing is one of the best feature which is available from Exchange 2007.

Like in Earlier versions of Exchange prior Exchange 2007 we used Microsoft Tool archive sink which we need to download and install them manually on the Exchange 2003/2000 servers. Also the main disadvantage of using this tool is unlike Exchange 2007/2010 & 2013 we do not have an option to enable it only for a particular affected user. Rather than it enables for the whole Exchange users and finally it fills up the drive space.

In this article we will be looking in working with Pipeline Tracing in Exchange 2013

In Exchange 2007/2010 we used to enable pipeline tracing on Exchange Hub Transport Servers and the Message snapshots are stored in the Hub Servers.

Now in Exchange 2013 where do we enable them? Is it Mailbox or CAS servers?

Answer is we enable them in Mailbox servers. The reason being why is because Microsoft Exchange Transport Service which is running in Mailbox server is the core component of Categorization and it takes care of the Message categorization where it processes the message in different phases and this is the right place for us to take the Message Snap Shots.

Now we will look into how to enable Pipeline Tracing in Exchange 2013

Pipeline Tracing can be enabled only Via Shell and there is no GUI option available right from Exchange 2007 and it’s continued same in Exchange 2013

1) Open Exchange Management Shell in Exchange 2013

Type in the below command to enable Pipeline Tracing First,

Set-TransportService Exchange2013 -PipelineTracingEnabled $true

Once we enable the pipeline tracing you will be getting the below warning message. You can safely ignore this alert and proceed with the next step.

Now we need to enable pipeline tracing for the affected user (sender) with below command.

Set-TransportService Exchange2013 -PipelineTracingSenderAddress Sathish@exchangequery.com

Now we need to enable the pipeline tracing path i.e., the location where to store these message snap shots by running the below command. This step is optional since for the Transport service on a Mailbox server, the default location is %ExchangeInstallPath%TransportRoles\Logs\Hub\PipelineTracing. For the Mailbox Transport service on a Mailbox server, the default location is %ExchangeInstallPath%TransportRoles\Logs\Mailbox\PipelineTracing. If you specify a custom path, the path must be on the local Exchange server.

Run the below command to enable pipeline tracing in a custom path

Set-TransportService Mailbox01 -PipelineTracingPath "D:\Hub\Pipeline Tracing"

After we enable them you get a warning message as above. You can safely ignore them.

Now we have enabled the pipeline tracing. It’s better to restart the Microsoft Exchange Transport service after you perform above steps.

Now we need to ask the affected user to send an email for the Message snapshots to be recorded.

In our case since Sathish is the affected sender (just an example) I’m sending email from Sathish account for recording Message snapshots.

Once after the email is sent you will see the below folder created with the name Message snapshots and in turn there will be a folder created with some alpha numeric.

When you open this alpha numeric folder you can see the Message transactions as below. Also it has the original eml file for comparing with the message transactions.

Now we can copy these eml files in your local machine where you have Outlook installed. We need to open each eml files with outlook and can see in which categorization part the message gets stripped out.

Steps to create Accepted Domain in Exchange 2013

Accepted Domain, Exchange2013 March 4, 2014 Leave a comment

In this article we will be looking at how to create accepted domain in Exchange 2013

Open Exchange admin center .Click on mail flow and click on accepted domains.

Just click add and it takes you to the next window

Just type the domain name which you wish to make it auth, internal relay or external relay.

Also you have an option to make this domain as a default domain which make this to default domain .

Make the required settings and click save.

Delivery Reports in Exchange 2013

Connectors, Exchange2013 March 4, 2014 Leave a comment

In this article we will be looking into how to perform Message tracking in Exchange 2013.

Unlike the previous version the message tracking has been replaced with the name Delivery reports. But both have the same functionality.

Open Exchange admin center – navigate to – mail flow and click on Delivery reports.

Now click on browse and enter the mailbox which we need to search.

We have an option to search messages received from as well. Also we can search messages with the subject line same options like we had in Exchange 2010

But this time the search results shows in a better GUI

It displays only the subject and no contents same like previous versions and message tracking results will be unsuccessful for the users sending emails through POP and IMAP clients.

Troubleshooting OAB in Exchange 2013

Exchange2013, Offline Address Book February 28, 2014 Comments: 2

In this article we will be looking into issues arising in OAB after users have been migrated from exchange 2007/2010 to Exchange 2013.
Unlike the previous versions of Exchange the OAB generation process in Exchange 2013 has been completely changed. So the troubleshooting OAB part in Exchange 2013 is little bit different while compared to older versions.

If you are running older version of Exchange 2007/2010 first run the below command to change the default OAB to Exchange 2013
1. Run the command in Exchange 2013 EMS to change the default OAB on Exchange 2013 databases:

Get-MailboxDatabase | Set-MailboxDatabase -OfflineAddressBook “\Default Offline Address Book (Ex2013)”

We can accomplish this task via EAC as well as shown below but this has to be done for each and every db’s one by one.
Click Servers – databases – client settings and select the default OAB to be selected for the databases.

Also check if the OAB virtual directories are set properly in Exchange 2013. You can check by running the below command

Set-OabVirtualDirectory -Identity “exchange2013\OAB (Default Web Site)” -InternalUrl https://mail.exchangequery.com/oab -ExternalUrl https://mail.exchangequery.com/oab

In our case since I have not set the virtual directories on Exchange 2013 I’m running the below command to set the virtual directories first in exchange 2013 and I’m showing the output

After running the above command we can see the virtual directories showing up in external and internal url

Now let’s look into troubleshooting the OAB issues in Exchange 2013

First run Get-offlineaddressbook |fl and see if the default offline address book assigned has virtual directories linked with them and is set to true as shown below.

If there are no virtual directories specified the OAB will not work.

Now we need to look if there is anything wrong in the arbitration mailbox which holds the OAB by running the below command and see if there is associated arbitration mailbox for OAB

Get-Mailbox –Arbitration | where-Object {$_.PersistedCapabilities –Like “*OabGen*”} | FL Name,Persisted*

There should be a associated arbitration mailbox for OAB. If there is not then create a new arbitration mailbox and assign it to OAB by running the below command

Set-Mailbox -Arbitration “arbitrationmbxname” -OABGen $true

If everything seems to be fine then please run the below command to see where the arbitration mailbox resides

Now run the below command to check if the arbitration mailbox database is healthy

If the database if healthy and mounted then run the below command to check the OAB generation cycle work point

What is OAB generation cycle check point?

The default setting of the OAB update is generated once in every day and that’s why we have it as 1 specified. So we need to have this setting. If there are no values specified and if it is then null OAB will not be functioning.

We can run the below commands to change the above parameters value and if there is no value set on them.

Set-MailboxServer <SERVERNAME> -OABGeneratorWorkcycle 00.05:00:00

Set-MailboxServer <SERVERNAME> -OABGeneratorWorkCycleCheckpoint 01:00:00

Also we can force the OAB download to happen by running the below command like we do it for Exchange 2007 & 2010 and see if users are able to download OAB.

Update-OfflineAddressBook -Identity “Default Offline Address List (Ex2013)”

Also we can run below command to see if the certificate is issued to name mail.exchangequery.com in our example

Get-OutlookProvider | FL Identity,CertPrincipalName
Run the below command if there is no cert principal name issued 
Set-OutlookProvider EXPR -CertPrincipalName:"msstd:<FQDN the certificate is issued to>"
This can be a guide for troubleshooting OAB since there could be few more factors considering OAB download not happening. Cheers :)

Thanks 
Sathish Veerapandian
MVP - Exchange Server

Analyzing the protocol logs and Message tracking logs in Exchange 2013

Connectors, Exchange2013 February 21, 2014 Comments: 4

During the time of troubleshooting in mail delay and issues when users reporting emails being not received its little bit tougher part to isolate and identify the problem.

Message tracking and protocol logs analysis is one of the best way to identify whether the problem exists in exchange end or else to prove that exchange has successfully done its mail transaction on its end.

In this article we will be looking at how to enable protocol logging and Message tracking in Exchange 2013 and analyzing the protocol and message tracking logs as well in a little bit different way through Excel.Earlier in Exchange 2007 & 2010 we used to turn on Message tracking in Hub transport servers.

Since in Exchange 2013 the hub transport servers have been removed the Message tracking logs are stored in the mailbox servers.

Steps to turn on Message tracking in Exchange 2013

Use EAC to configure Message tracking

1. In the EAC, navigate to Servers > Servers.

2. Select the Mailbox server you want to configure, and then click Edit .

3. On the server properties page, click Transport Logs.

4. In the Message tracking log section, select the following:

◦Enable message tracking

5. Click Save.

Steps to turn on Protocol Logs in Exchange 2013

Open EAC

Click on mail flow

Double click on receive connector tab and select the protocol logging level to verbose

Now we are going to send few test emails so that the logs get generated which would be ideal for us to analyze the logs

So we are sending test email with subject “Test Email for Message Tracking”

For analyzing the verbose logs it’s always better we can use the log parser tool.

If still we need to analyze the data without log parser for single transaction it’s possible with sender and recipient to check if the mail transaction has been successful.

Below is an example

For analyzing the logs in message tracking you can follow the below steps

Copy the message tracking logs from the below location from the mailbox server

Note: There will be 4 types of message tracking logs in Exchange 2013 unlike in Exchange 2010 we have only 2.

•MSGTRK These logs are associated with the Transport service.

•MSGTRKMA These logs are associated with the approvals and rejections used by moderated transport. For more information, see Moderated Transport.

•MSGTRKMD These logs are associated with messages delivered to mailboxes by the Mailbox Transport Delivery service.

•MSGTRKMS These logs are associated with messages sent from mailboxes by the Mailbox Transport Submission service

MSGTRKMS is sufficient for us to calculate the message tracking in most of the situations.

We can use other logs in deep dive analysis of cases where we suspect the mails being not delivered to mailbox server and in few cases where we are unable to find any transaction in MSGTRKMS logs to see if the mail is been delivered to the mailbox server from the CAS server.

But MSGTRKMS will give us the information 99 percent of the time.After copying the MSGTRKMS logs in the excel just filter the category column as shown below.

Now we have number of options to filter message transactions. In below example we are going to filter a particular transaction with Message subject and below is the output for successful transaction.

Just select the Message subject column drop down and uncheck select all as shown below.

Just select Test Email for Message Tracking as shown below

Below output is the successful transaction of the message transaction after the filter is applied for our example scenario.

The below screenshot is the important parameter which should be checked and for a successful transaction i.e column (source and event-id) as shown below

For a failure transaction we will not be having the receive status as shown above

We have multiple options like date time, Client ip, server ip , recipients through which we will be able to isolate a particular transaction very easily . Getting used to this will take some time but once after if you start analyzing the message tracking through this then you will feel comfortable with this type of message tracking Cook for situations like where you need to filter out multiple parameters.

Now we will look into how to analyze the receive connector protocol logs with help of Excel as we did for Message tracking.

First Copy the Logs from the below location

Note:

It is very clear we will be getting confused to see where to find the receive connector protocol logs since the transport level architecture have been bifurcated in exchange 2013 and we have multiple folders like front end, hub , protocol log unlike Exchange 2010 we have only this location

“D:\Program Files\Microsoft\Exchange Server\V14\TransportRoles\Logs\ProtocolLog\SmtpReceive”

We just need to navigate to the below location alone in Exchange 2013 and copy the receive connector logs which will be identical to analyze the protocol logs via excel.

“C:\program files\Microsoft\Exchange Server\V15\TransportRoles\Logs\Hub\ProtocolLog\SmtpReceive”

Open them in Excel

Unlike in Message tracking we do not have many items for us to filter here as shown below. But we can always filter them via sender or recipient address who reported to be a problem with mail flow.

Now we are going to identify a successful transaction for user id Sathish@exchangequery.com through receive connector protocol logs .For that we just need to open the receive connector logs in Excel and search for the above email id in the excel sheet.

Below is the successful transaction for the above search result

In the above screen it clearly mentions the mail from and the rcpt to . The final transaction result we can see is Transferred 3 resolved and 0 unresolved and 250 chunk received OK . This should be the output for a successful transaction.

Note: All we need to look is only at the data and context part in receive and send connector protocol logs which gives us info about the successful \failure transaction.

You can also use log parser to analyze the protocol logs. The above steps is just an additional part of troubleshooting steps through deep dive into message tracking and protocol logs to narrow down mail flow issues to identify the root cause.

Steps to move arbitration mailbox in Exchange 2013

Exchange Installation, Exchange2013 February 18, 2014 Comments: 2

In this article we will be looking at how to move arbitration mailbox from exchange 2010 to Exchange 2013

The arbitration mailbox is used to store the original message that’s awaiting approval. By default, one arbitration mailbox is created for moderated transport during setup. It’s used for all moderated recipients. You can add additional arbitration mailboxes for load balancing purposes. If you’re using multiple arbitration mailboxes, you need to specify which mailbox to use for each moderated recipient

The main reason being why we are moving the arbitration mailbox is because after post migration it will not allow us to decommission the legacy exchange 2010/2007 server unless we move these system mailboxes to Exchange 2013.

Run the below command to check the arbitration mailbox name.