Tag Archives: exchange server

Configure Exchange 2016 with exchange 2010 coexistence

Exchange 2016 July 30, 2015 Comments: 2

In this article we are going to look into few things that we need to consider for coexistence of Exchange server 2016 with Exchange 2010.

Below are the things that we need to think for Outlook Anywhere, OWA, Active Sync , EWS , ECP

For Outlook Anywhere Coexistence

In Exchange 2010 – 

Enable Outlook Any-where on exchange 2010 servers

Set the IIS authentication to BASIC + NTLM in Exchange 2010

In Exchange 2016 –

If you are doing SSL offload then perform the below

Direct the connections to the exchange 2016 from your firewall.

Note: If you are having exchange 2013 then don’t need to make any changes since exchange 2016 supports up-version of proxy with exchange 2013 . i.e exchange 2016 can accept the connections from exchange 2013 CAS server. Unfortunately we don’t have this functionality  with exchange 2010 coexistence.

Perform the below settings in exchange 2016

Open EAC – select outlook anywhere

 

432

 

 

Select Basic Authentication

876

If you don’t select basic then you will get  the below  warning message with NTLM . You don’t need to worry if you are doing this in exchange 2013 coexistence,but for exchange 2010 it should be only basic.

36

 

Uncheck require SSL in all of the virtual directories if  you are doing SSL offload for all of the services

369

 

789

Exchange 2016  Active Sync  virtual directories  can proxy to 2010 end point without any issues.

 

Its similar for OAB , OWA and other virutal directories.

 

All the above settings is for one site with exchange 2010 coexistence.

If its the same site it does proxy the 2010 users requests straight to 2010 CAS server.

If you have a different site then 2 scenarios comes into picture according to your setup

If its is a non internet facing site with the same URL’s then it does a proxy to CAS server for all the requests of that site.

If it is a internet facing external site with external url then it does a redirect to that URL.

I have the same setup in my lab setup with single AD site  and so far all setting seems to be working fine.

More to explore on the configuration , features and coexistence. Will keep you posted !!

Thanks

Sathish Veerapandian

MVP – Exchange Server

Steps to create/identify the list of public Ip’s used by exchange services

Exchange2010, Exchange2013 February 22, 2015 Leave a comment

In this article we will look at the steps to create and identify the list of public Ip’s used by exchange

In this article we will have a look at the steps to set all Outgoing SMTP from 1 IP address and to see all the ip address from the Exchange server.

First you have to run Get-SendConnector SourceIPAddress x.x.x.x from the EMS in order to see the source IP address of the exchange server

Note:

By default this value will be set only to 0.0.0.0 and exchange hub will take its default assigned ip to send emails to the smart host (firewall/spam filter/Spam cloud). However you can check this if there is any value set to be on the safer side.

Now how the mail flow will go from your Exchange server

From your Exchange – to your firewall – then its gets NAT’ed from local ip to public ip and to internet

We need to NAT our local IP to one public IP.

Inorder to do that Follow the below steps:

Now you need to accomplish this with a router/firewall with a feature called Policy Based Routing.

1)      Create a firewall/NAT rule to NAT outbound traffic from exchange ip address to your preferred public ip address.

2)      With this you could make a rule like: When traffic is coming from my mail server AND the destination port is 25, send the traffic through your ISP from one of your public IP.

To be more precise you will have to do many to one NAT in your firewall as below:

For Example below is your server

Server name      Private IP (Server)     (Public IP on firewall)               Port

Server1:               192.168.0.1          –> 65.55.33.118                           Port 25

Server2:               192.168.0.2          –> 65.55.33.118                           Port 25

If your servers configured as above your source public will be 65.55.33.118 from both the servers.

Also you should have PTR created for your external IP. If not please inform your ISP to create PTR for your external IP’s.

How to identify which Public IP your exchange services are using

There are multiple ways to identify the public ip address used by exchange server

The easiest way to identify them is through MX lookup

You can query all the Exchange url’s through nslookup to see the results

Things you need to query through nslookup:

1)      Query external autodiscover url

2)      Query webmail external url

3)      Query outlook anywhere external  url

Below is an example of mxlookup for Microsoft  records

This steps can be useful during the migration scenarios of exchange servers as well as firewall.

Thanks
Sathish Veerapandian

Microsoft Exchange Search Host Controller service terminated unexpectedly

Content Index, Exchange2013 January 22, 2015 Comments: 2

We might notice that Microsoft Exchange Search Host Controller service is crashing intermittently after a database failover and trying to start by its own but never succeeds.

When we look in to the application log we will get the following event logs

The Microsoft Exchange Search Host Controller service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service

  1. Faulting application name: hostcontrollerservice.exe, version: 15.0.4454.1006, time stamp: 0x50d08ef5
    Faulting module name: KERNELBASE.dll, version: 6.2.9200.16384, time stamp: 0x5010ab2d
    Exception code: 0xe0434352
    Fault offset: 0x00000000000189cc
    Faulting process id: 0x73f0
    Faulting application start time: 0x01d0348c64230ae1
    Faulting application path: C:\Program Files\Microsoft\Exchange Server\V15\Bin\Search\Ceres\HostController\hostcontrollerservice.exe
    Faulting module path: C:\Windows\system32\KERNELBASE.dll
    Report Id: a5eb039b-a07f-11e4-9438-00155d0aca05
    Faulting package full name:
    Faulting package-relative application ID:

 

What is the main functionality of this Microsoft Exchange Search Host Controller service?

It connects with exchange mailbox databases and creates content indexes for each databases.

This content indexes helps in the eDiscovery search.This eDiscovery search uses the content indexes for search query that are done in the entire organization.

 

What things will be affected if the Microsoft Exchange Search Host Controller service is stopped?

1) We will not be able to perform  eDiscovery search in the entire organization.

 

2) And also mailbox database in a DAG will not automatically failover if the content index is not healthy and it shows as failed and suspended.

However we would be able to perform a manual failover through EMS with the switch -SkipClientExperienceChecks with a bad content index state as a work around.

Things to check:

I would recommend to have to have latest updates installed on all Exchange servers.

Disable all the AV and third party agents running on the affected server, try starting the host controller service and see the results.

Run the below command to check the content index status of the database

content

If you get the above error rebuilding the content index will help to start the host controller service

However  if you identify the content index state to be failed and suspended for only one database then you can use the below command to reseed the content index catalog only for that database .

 

Update-MailboxDatabaseCopy -Identity DBname\MBXservername  -CatalogOnly

To rebuild the whole content index of affected mailbox server perform the below task

Log on to the affected server and navigate to the below location where you have host controller files

 

<C:\Program Files\Microsoft\Exchange Server\V15\Bin\Search\Ceres\HostController

hostcontroller.old

Set the host controller service and Microsoft exchange search to disabled and stopped state

Rename the folder hostcontroller to hostcontroller.old    and start the host controller service this time it should most probably start the service without any issues

Once the service starts it will build new content indexes for the mailbox databases on the affected server.

Also Refer : http://social.technet.microsoft.com/wiki/contents/articles/29640.microsoft-exchange-search-host-controller-service-terminated-unexpectedly.aspx

Thanks

Sathish Veerapandian

MVP – Exchange Server

Error – “Something went wrong” in both OWA and ECP

Exchange2013, owa January 13, 2015 Comments: 4

After applying updates on Exchange 2013 environment we might come across the below symptom  from end users while accessing OWA

User can use outlook to send/receive emails normally, but when the user try to login OWA, a “something went wrong” screen with the following information appears:

 

owa

An unexpected error occurred and your request couldn’t be handled.

X-OWA-Error: System.NullReferenceException

X-OWA-Version: 15.0.775.32

X-FEServer: {2013 CAS server}

X-BEServer: {2013 Mailbox server}

Date: **

1) Rebuilding OWA/ECP virtual directories will not help

2) Playing with owa authentication settings will not help

3) Re-installing exchange server also will not help at times

 

While looking into the event logs you can find the below log with the description

 

ev

Description        :
Event code: 3005
Event message: An unhandled exception has occurred.
Event time: 8/30/2013 11:02:13 AM
Event time (UTC): 8/30/2013 4:02:13 PM
Event ID: f959d55d927a45f8b3b69051bbd62038
Event sequence: 2
Event occurrence: 1
Event detail code: 0

Application information:
Application domain: /LM/W3SVC/2/ROOT/owa-1-130223042171473642
Trust level: Full
Application Virtual Path: /owa
Application Path: C:\Program Files\Microsoft\Exchange Server\V15\ClientAccess\owa\
Machine name: EXC2013CAS

Process information:
Process ID: 13764
Process name: w3wp.exe
Account name: NT AUTHORITY\SYSTEM

Exception information:
Exception type: NullReferenceException
Exception message: Object reference not set to an instance of an object.
at Microsoft.Exchange.Clients.Common.Canary15.Init(Byte[] userContextIdBinary, Byte[] timeStampBinary, String logonUniqueKey, Byte[] hashBinary, String logData)
at Microsoft.Exchange.Clients.Common.Canary15..ctor(String logonUniqueKey)
at Microsoft.Exchange.Clients.Common.Canary15Cookie.TryCreateFromHttpCookie(HttpCookie cookie, String logonUniqueKey, Canary15Profile profile)
at Microsoft.Exchange.Clients.Common.Canary15Cookie.TryCreateFromHttpContext(HttpContext httpContext, String logOnUniqueKey, Canary15Profile profile)
at Microsoft.Exchange.Clients.Owa2.Server.Core.OwaRequestHandler.InternalOnPostAuthorizeRequest(Object sender)
at Microsoft.Exchange.Clients.Owa2.Server.Core.OwaRequestHandler.OnPostAuthorizeRequest(Object sender, EventArgs e)
at System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)

Request information:
Request URL: https://localhost:444/owa/logoff.owa
Request path: /owa/logoff.owa
User host address: 127.0.0.1
User: CORJESU\SM_cab26786a5604c759
Is authenticated: True
Authentication Type: Kerberos
Thread account name: NT AUTHORITY\SYSTEM

Thread information:
Thread ID: 12
Thread account name: NT AUTHORITY\SYSTEM
Is impersonating: False
Stack trace:    at Microsoft.Exchange.Clients.Common.Canary15.Init(Byte[] userContextIdBinary, Byte[] timeStampBinary, String logonUniqueKey, Byte[] hashBinary, String logData)
at Microsoft.Exchange.Clients.Common.Canary15..ctor(String logonUniqueKey)
at Microsoft.Exchange.Clients.Common.Canary15Cookie.TryCreateFromHttpCookie(HttpCookie cookie, String logonUniqueKey, Canary15Profile profile)
at Microsoft.Exchange.Clients.Common.Canary15Cookie.TryCreateFromHttpContext(HttpContext httpContext, String logOnUniqueKey, Canary15Profile profile)
at Microsoft.Exchange.Clients.Owa2.Server.Core.OwaRequestHandler.InternalOnPostAuthorizeRequest(Object sender)
at Microsoft.Exchange.Clients.Owa2.Server.Core.OwaRequestHandler.OnPostAuthorizeRequest(Object sender, EventArgs e)
at System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)

 

By looking into the event viewer we can see this is related to Active Directory Cache error related with CAS server for a value called Canary Data

What is this Canary Data ?
Basically Canary Data is an attribute that is created during the first exchange 2013 schema preparation.

It creates 4 attributes while schema preparation or it may be even just one attriubute

msExchCanaryData0
msExchCanaryData1
msExchCanaryData2
msExchCanaryData3

Why do we need this Canary Data ?

It is a secret token that exchanges between the clients and the server for services OWA,ECP and other exchange web services.

So these values gets stored in the cookie collection of the clients browser.

So for any owa,ECP,EWS requests from clients the browser sends the GUID value that is stored in the cache and compares it with the GUID that is in the URL (server).
If they dont match then the request from the client is considered as malicious and blocked
Also an event regarding the same is logged with the originating IP address.

Below is the solution to fix this type of issue :

 

1) Open ADSI Edit

ADS

2) Right click 【CN=Client Access】and click properties, scroll down to look for values

【msExchCanaryData0】

【msExchCanaryData1】

【msExchCanaryData2】

【msExchCanaryData3】

parameter, as below:

ADS2

 

3) Take a backup to be safe and clear all these values to not set as shown below

ADS3

4.Open IIS Manager on your CAS server, go to 【Application Pools】, right click 【MSExchangeOWAAppPool】 and click Recycling

 

ADS4

 

After doing the above its better to restart Mailbox and CAS server and this issue will be resolved.

Also Refer –

http://social.technet.microsoft.com/wiki/contents/articles/29433.error-something-went-wrong-in-both-owa-and-ecp.aspx

Thanks

Sathish Veerapandian

MVP – Exchange Server

%d bloggers like this: