Public Folder Migration Fail

The above title isn’t a surprise for anybody working in IT, but unusually for Public Folders, this one has a fairly simple fix!

The situation is thus; when attempting to complete a Public Folder migration to Office 365, you come across the following error:

Before finalizing the migration, it is necessary to lock down public folders on the legacy Exchange server (downtime required). Make sure public folder access is locked on the legacy Exchange server and then try to complete the batch again.

Public Folder migration error

The problem with this error is that you have already locked down Public Folders on the legacy Exchange Server by running:

Set-OrganizationConfig -PublicFoldersLockedForMigration:$true

So what’s an admin to do when they’ve already run the command they are being told needs to be run?! Some googling may lead you to the idea of rebooting the server, or restarting the Information Store. Both of these will work, but a much simpler solution is simply to dismount the Public Folder database/s, and then mount them. The PFs are already locked so are unavailable to the users so there is no negative impact of doing this.

TL;DR – turn it off, and turn it on again.

 

Advertisements

Shameless TechNet self promotion

I’ve just realised that I never shared this link. I wrote this technical piece for the TechNet UK Blog back in July 2015, and just thought I’d give it a bump. The subject matter is regarding the post-hybrid Office 365 landscape, and what you should be doing once you’ve migrated all your mailboxes (apart from get yourself an ‘I am a cloud god’ mug).

Office 365 – The Journey Continues

Exchange 2013 Hybrid – Content was blocked because it was not signed by a valid security certificate

Hello again. The last few days have given me lots of new things to do, so apologies if you are being inundated with blog posts!

So today I went to enable a new Exchange 2013 Hybrid configuration. I used the Start Menu launcher for ‘Exchange Administrative Centre’, which to be honest I don’t usually do. This took me to https://localhost/ecp/?ExchClientVer=15. I then went to Hybrid and enabled the Hybrid Configuration. I logged into Office 365 and was greeted by this friendly message of doom:

Content was blocked because it was not signed by a valid security certificate

This error is quite easily solved; do not use localhost as the server name when you access the ECP. Use your client access namespace instead. For example, if my CAS name was mail.misstech.co.uk, I would browse to https://mail.misstech.co.uk/ecp/?ExchClientVer=15.

Just be sure to put outlook.office365.com and your CAS name into your Intranet Zone too or you’ll then get an error about Cookies!

412 - Cookies are disabled

Thanks for reading!

Hybrid Configuration Wizard and Multiple Domains – Get-FederationInformation cmdlet had thrown an exception

When running the Exchange Hybrid Wizard for multiple domains, you may find it fails and shows you the error below:

Execution of the Get-FederationInformation cmdlet had thrown an exception. This may indicate invalid parameters in your Hybrid Configuration settings.

Federation information could not be received from the external organization.

In addition to this, if you check the Update-HybridConfiguration log file in the Exchange Logging directory, you will find that the failure occurs just after the command Get-FederationInformation is run on one of your domains.

The first test you can run is to login to Microsoft Online PowerShell and try running:

Get-FederationInformation -DomainName domain.com

If this comes back with an error, then you likely have an issue with Autodiscover. It may be that autodiscover is not configured for all your domains, which is quite a common occurrence. There are 2 traditional ways to get around this:

  1. Configure multiple SRV DNS records to point Autodiscover at your primary Autodiscover service
  2. Add all your autodiscover domains to your SAN certificate and configure A records to point autodiscover to the public facing IP of your Exchange server/s

As of Exchange 2010 SP3 UR6 and Exchange 2012 SP1 however, there is a much cleaner way of doing this.

  1. Make sure Autodiscover is configured and working on your Primary SMTP domain (use https://testconnectivity.microsoft.com/ to verify functionality)
  2. Run the HCW (Hybrid Configuration Wizard) for just your Primary domain. This should complete without issues
  3. Go into the Exchange Management Shell on your On Premise Exchange environment and run:

Set-HybridConfiguration -Domains domainb.com,domainc.com,domain.com,autod:domaina.com

Where domaina.com is your Primary SMTP domain. This sets your autodiscover domain for all domains to domaina.com.

  1. Re-run the HCW. You should now see all domains populated and the HCW should complete successfully.

Office 365 Hybrid Mailbox Move stuck in ‘Removing’ state

This is an issue I’ve come across more than once now. An attempted mailbox move from Exchange 2010/2013 to Office 365 has failed and you want to remove the migration batch and try again. You try to remove the batch, but it just gets stuck in the ‘Removing’ state for an extended period of time. We need to give this request the finger and start from scratch, but how?

First things first, lets check the status of the move using Powershell, as Powershell will never lie! Login to Exchange Online Powershell, and run:

get-migrationbatch -identity <nameofbatch> | fl

If the status does read as ‘Removing’ and it’s been a long time since you started the removal, then you likely have a corrupted batch. Let’s forcefully remove it. To remove the batch, run:

Remove-migrationbatch -identity <nameofbatch> -force

If you now run the get-migrationbatch command above, you should get an error which states that the batch does not exist. Good news! We now just need to clear out the migration user requests which will still be lingering. To see which user requests exist, run:

Get-MigrationUser

If the only users in here are the users which were associated with your migration batch, then you can run:

Get-MigrationUser | Remove-MigrationUser -Force

to remove all of the migration user requests. However if there are other user requests in here which you do not want to remove, then remove the users individually by running:

Remove-MigrationUser <Identity> -Force

Now if you run the Get-MigrationUser command, you should see that the users who were in the corrupted batch are no longer listed. You can start a new batch once you’ve resolved whatever issue caused the mailbox move to fail and all should be tickety-boo 🙂

In our case we were running mailbox export commands at the same time as mailbox migrations, and we had some timeout issues with the Mailbox Replication Service. The error we received in the migration report was “Relinquishing job because of large delays due to unfavorable server health or budget limitations”. Simple fix, just remove the migration batch once the exports were complete, and start again. What we didn’t bank on would be that the migration batch would become corrupted. To resolve this, we allowed our mailbox exports to complete, and then restarted the Microsoft Exchange Replication Service. We then cleared the corrupted batch using the commands shown above, and started in again. It completed successfully this time.

Exchange 2013 CU6 – Hybrid Configurations and Hardware Load Balancing…

Exchange 2013 CU6 was released at the end of August, and it’s fair to say it wasn’t Microsoft’s most elegant CU release ever. If you are already using a Hybrid Configuration, the following problems are faced after installation:

– You cannot use the On Premise Exchange Admin Center to create new Office 365 mailboxes, move mailboxes to Exchange Online, or create In-Place Archive mailboxes.

– You also cannot perform administration of Office 365 through the EAC, because when you click on the Office 365 management tab, it takes you to a marketing page for Office 365 rather than the 365 login page.

There has been a script released by Microsoft to fix this behaviour, which is available here: http://support.microsoft.com/kb/2997355/en-us

It’s lucky that this script is available, because Microsoft made some changes to Exchange Online in the last few weeks. These changes mean that if you now attempt to create or manage a Hybrid Configuration in Exchange 2013 CU5 or older, you will see the following error:

Subtask CheckPrereqs execution failed: Check Tenant Prerequisites

Deserialization fails due to one SerializationException: 

Microsoft.Exchange.Compliance.Serialization.Formatters.BlockedTypeException: The type to be (de)serialized is not allowed: Microsoft.Exchange.Data.Directory.DirectoryBackendType

This can be resolved by, you guessed it, upgrading to Exchange 2013 CU6. Just remember to run the script which I linked to above after installation!

Another problem which a colleague of mine witnessed a few days back was related to CU6 and CAS Load Balancing. If you use a hardware load balancer such as a Kemp or NetScaler, and you install CU6, you will need to make some configuration changes to your availability monitors. Application aware load balancers will monitor Exchange Server 2013 using the Default Web Site in IIS, and a design change has been made in CU6 which will cause the load balancer to mark the Exchange 2013 server as down.

If you attempt to access the Default Web Site of an Exchange 2013 CU6 CAS server, it will return a status 302 and redirect you to the OWA site. A load balancer will see this and mark the server as being down. To resolve this problem, configure your load balancer to monitor https://CASFQDN/protocol/healthcheck.htm. For example, to monitor OWA you would use https://CASFQDN/owa/healthcheck.htm. The KB for this issue is here: http://support.microsoft.com/kb/3002351

Exchange Server 2013 CU6 has been a bit of a box of tricks so far, but if you are about to modify or create a Hybrid Configuration, then you MUST upgrade in order to be successful. Hopefully this article will help you in your quest for Hybrid greatness!

TechEd Europe 2014

TechEd Europe 2014

Today I am packing my bags and preparing myself for a week away in sunny Barcelona for TechEd Europe 2014. This will be the first TechEd event I have ever been to, and to say I am excited is a bit of an understatement!

I’ve got my schedule all planned out using the Content Builder, and have at least 2 sessions scheduled for every single time slot. What with the breakout sessions, hands on labs and focus groups it’s going to be a very busy week!

My focus for the breakout sessions will be around Office 365/Exchange, Hybrid Identity and the Enterprise Mobility Suite. I’ve also got a couple of Windows 10 sessions in there for light relief, but we will see how things pan out.

I am hoping to be writing a daily blog to sum up each days events and I hope you’ll join me on my TechEd journey.