StalledDueToTarget_Processor ?

StalledDueToTarget_Processor KB ID 0001810

Problem

If you have a mailbox move that’s showing as StalledDueToTarget_Processor, that’s quite common (I see that a lot).

Solution: StalledDueToTarget_Processor

Firstly how long have you waited? I see this when I’m moving a LOT of mailboxes, and most of the time this problem resolves itself – if you are patient enough, (and your users will be unaffected while this is going on).

If you have waited and there’s still no movement, you can try the following, locate the MSExchangeMailboxReplicaiton.exe.config file (it will be in your exchange/bin folder).

Edit the file, locate ‘MaxMRSConnections’ value and change it to 20, then save the file.

Note: I change these values on the source and destination Exchange servers, But documentation says you only need to do it on the sourse server.

Then restart the Microsodt Exchange Replication service on BOTH Exchange servers

[box]

Get-Service -Computername OTHER-EXCHANGE-SERVER -Name MSExchangeRepl | Restart-Service
Restart-Service MSExchangeRepl

[/box]

Update Feb 2023: I was moving about 1000 mialboxes, and roughly a third were stuck in StalledDueToTarget_Processor. So ‘after working hours‘ I rebooted both Exchange servers, and the status changed to failed. I cancelled the move requests, and restarted the migration, this time thay all completed sucessfully.(PL)

Related Articles, References, Credits, or External Links

Mailbox Move ‘StalledDueToMailboxLock’

Free Exchange Certificate

KB ID 0001739

Problem

A couple of weeks ago I wrote an article about getting free certificates for IIS with ‘Let’s Encrypt’. Last week the renewal for my ‘test’ Exchange server’s certificate came though. So I thought “Why don’t I try and get a ‘Free Exchange Certificate’?”

Free Exchange Certificate

Before we start let’s take a moment to take a look at our existing Exchange Certificate, as you can see it’s a publicly signed and trusted certificate, the only thing wrong with it, is it’s going to expire in a couple of weeks, yours may have already expired, or you may be running a self signed SSL certificate, (horror!)

To do all the heavy lifting you need a peice of software, the easiest (I’ve seen) is win-acme (at time of writing the latest version is 2.1.14.996) you simply download it as a zip file.

Extract the contents of that zip file to a folder on your hard drive.

Apply For & Install the Free Exchange Certificate

Open an administrative command prompt > Navigate to the folder you just created > run wacs.exe

WARNING: Some other run throughs I’ve read, have different option numbers, (wacs.exe has obviously been updated). So instead of just posting the Number to select I’ll post the Option, then put the number, (or letter) of that option in brackets, (in case they change the option numbers again!)

Create a new certificate (full options) {m} > Manual Input {2}.

Manual Input {2} > Enter the public filly qualified domain name(s) of your exchange server (spectated by commas) > Press Enter to accept the default friendly name (unless you want to specify your own).

[http-01] Serve certification files from memory {2} > RSA Key {2}. 

Note: You will need TCP Port 80 open to the Exchange server for this to work, (in most cases you will only have HTTPS or TCP Port 443 open!)

Windows certificate store {4} > No (additional) store steps {5}.

Create or update https binding in IIS {1} > Default Web Site {1} > Start external script or program {3} > Paste in the following;

[box]

./Scripts/ImportExchange.ps1

[/box]

At the prompt paste in the following;

[box]

'{CertThumbprint}' 'IIS,SMTP,IMAP' 1 '{CacheFile}' '{CachePassword}' '{CertFriendlyName}'

[/box]

No (additional) installation steps {4}.

No, (or it will open the terms and conditions in another window) > Yes (your soul now belongs to Let’s Encrypt!) > Type in an email address  > Quit {q}

Now reconnect to either OWA or the Exchange Admin Center > And you should see you have a new certificate.

It only lasts three months! That’s correct but;

Let’s Encrypt Free Exchange Certificate Auto Renewal

As well as getting your certificate, win-acme also created a scheduled task to check your certificate validity and renew it before it expires. Cool eh?

Where Does Win-ACME Store its information

Good question, it took me a little while to find that out, essentially once ran it creates a new folder in %programdata% (That’s a hidden folder on the C drive usually) called win-acme all your settings are in there, so if you make a mistake like enter the wrong email address, you can delete this folder and start again.

How To Remove Let’s Encrypt Exchange Free Certificate & Settings

  1. Remove the certificate from Exchange Admin Center.
  2. Remove the win-acme folder from %Programdata%.
  3. Delete the scheduled update task from ‘Task Sheduler‘.

Related Articles, References, Credits, or External Links

NA

Exchange – Move ‘ALL’ Mailboxes From One Database to Another

KB ID 0000864 

Problem

While replacing an Exchange Server on my test network last week, I needed to get all the mailboxes moved across to the new one. Exchange gets upset if you try and delete a mailbox database that has data in it.

Solution

1. Launch the Exchange Management Shell > Firstly lets get the names of my Databases, then I can simply copy and paste them into the move mailbox command.

[box]

Get-MailboxDatabase

Get-Mailbox -Database Source Database Name -ResultSize Unlimited | New-MoveRequest -TargetDatabase Target Database Name

[/box]

2. The Mailbox moves should then be queued, depending on how many there are, this can take some time to complete.

3. To check on progress issue the following command;

[box]

Get-MoveRequestStatistics -MoveRequestQueue Target Database Name

[/box]

 

4. When complete you should remove the movement requests like so;

[box]

Get-MoveRequest | where {$_.status -eq “Completed”} | Remove-MoveRequest

[/box]

5. That’s all the ‘user’ mailboxes, but your source database server may have system mailboxes in it. These will be either Arbitration mailboxes, or Archive Mailboxes (or both). I don’t have any archive mailboxes, but I do have Arbitration mailboxes. To find out for your databases, use the following commands;

[box]

Get-Mailbox -Database Source Database Name -Arbitration

[/box]

6. To move Arbitration and Archive mailboxes, use the following commands;

[box]

Get-Mailbox -Database Source Database Name -Arbitration | New-MoveRequest -TargetDatabase Target Database Name

Get-Mailbox -Database Source Database Name -Archive | New-MoveRequest -TargetDatabase Target Database Name

[/box]

7. You can monitor progress with the same command you used in step 3, and remove the move requests with the same command you used in step 4.

8. In addition you may also have some Auditlog mailboxes like so;

[box]

Get-Mailbox -Database Source Database Name -Auditlog | New-MoveRequest -TargetDatabase Target Database Name

[/box]

9. Also you may have Monitoring Mailboxes, (In the screenshot below you can see I don’t have any archive mailboxes, as the command returns no results)

[box]

Get-Mailbox -Database Source Database Name -Monitoring | New-MoveRequest -TargetDatabase Target Database Name

[/box]

10. When complete remove the move requests;

[box]

Get-MoveRequest -MoveStatus Completed | Remove-MoveRequest

[/box]

11. Finally on Exchange 2013 (and newer) you may also have Public Folder Mailbox(s).

[box]

Get-Mailbox -Database Source Database Name -PublicFolder | New-MoveRequest -TargetDatabase Target Database Name

[/box]

Don’t forget to remove any outstanding move requests.

Related Articles, References, Credits, or External Links

NA

Exchange – Display Mailbox’s by size

KB ID 0000469

Problem

Yesterday a client asked me how he could find out, which of his users were the “worst offenders” for mailbox size. Normally a simple Get-MailboxStatistics command would be fine, and we would sort the results in descending order.

Solution

On one of the Exchange servers, launch the Exchange Management Shell.

Issue the following command:

Note: That’s all one command, replace the name PNL-MAIL-2019 with your Exchange server name.

[box]

Get-MailboxStatistics -Server PNL-MAIL-2019  | Select DisplayName, ItemCount, TotalItemSize | Sort-Object TotalItemSize -Descending

[/box]

And here’s your nicely formatted list (Note: this is my test environment so there’s not much mail in it).

Fo Exchange 2010 use the following syntax;

[box]

Get-MailboxStatistics -Server DC2A | where {$_.ObjectClass –eq “Mailbox”} | Sort-Object TotalItemSize –Descending | ft @{label=”User”;expression={$_.DisplayName}},@{label=”Total Size (MB)”;expression={$_.TotalItemSize.Value.ToMB()}},@{label=”Items”;expression={$_.ItemCount}},@{label=”Storage Limit”;expression={$_.StorageLimitStatus}} -auto

[/box]

Note: To see the sizes of the individual Folders in users mailboxes see the following article;

Exchange – Display/Export Users Mailbox Folder Sizes

Related Articles, References, Credits, or External Links

NA

Exchange 2013 – Working with and Managing the OAB

KB ID 0000745 

Problem

Exchange 2013, has changed the way Offline Address Books are handled, with previous versions only one server (the first server holding the mailbox role) was responsible for generating the OAB. With 2013 however multiple servers generate the OAB, In fact every server that has a special arbitration mailbox called an organization mailbox will create a copy. This is better for fault tolerance and resilience, and you will find the OAB files located at %ExchangeInstallPath%ClientAccessOAB. Another change is the way the OAB is distributed, now it can only be distributed via the web (no public folder distribution any more).

With the new Exchange Admin Center (https://localhost/ecp) there are no options to mange the OAB, so you will need to do that via PowerShell.

Solution

Pre-Requisites

If your AD environment contains more than one forest, you need to change the parameters that the management shell is going to use first, (or you will get no results). To do that execute the following command;

[box] Set-ADServerSettings -ViewEntireForest $true [/box]

Locate the OAB Generation Server(s)

[box]

Get-Mailbox -Arbitration | where {$_.PersistedCapabilities -like “*oab*”} | ft name,servername

OR If your serveris a member of a DAG group, first get the database name,

Get-Mailbox -Arbitration | where {$_.PersistedCapabilities -like “*oab*”} | ft name,database

Then use that like so,

Get-MailboxDatabaseCopyStatus database-name

[/box]

Create a new OAB for Exchange 2013

[box] New-OfflineAddressBook -Name “PNL OAB” -AddressLists “Default Global Address List” -VirtualDirectories “EX1OAB (Default Web Site)”[/box]

Force Exchange 2013 to Update the OAB

Simply restarting the Microsoft Exchange Mailbox Assistant service should do this, however you can force the issue with the following command.

[box] Update-OfflineAddressBook “default offline address book” [/box]

Related Articles, References, Credits, or External Links

NA

 

Exchange Exporting Mailboxes to PST Files

KB ID 0001360

Problem

Applicable To: This procedure works on all versions of Exchange Newer than Exchange 2010 SP1 (update rollup 8). If your Exchange server is OLDER than that you will need to use the following link;

Exchange 2007 / 2010 (Pre SP1)- Export Mailbox’s to PST files

The following procedure exports a user mailbox to a PST file on a network share.

Solution

Note: Not Even ‘Exchange Organisation Administrators” have the right to import / export mailboxes, you need to grant those rights to your user object, (or a better approach would be to create an admin account just for this purpose, then delete it when you are finished).

[box]

New-ManagementRoleAssignment –Role "Mailbox Import Export" –User {username}

[/box]

Note: This grants import, and export rights.

Create a file share on a drive with plenty of space, ensure the Exchange Trusted Subsystem has read / write access. And ensure the SYSTEM account has full control.

To create the ‘Export Request’

[box]

New-MailboxExportRequest -Mailbox “mailbox-alias” -FilePath \\server-name\share\file-name.pst

[/box]

Note: Add “-IsArchive” to the end of the command for Archive Mailboxes.
Note2: If the export repeatedly fails, add -BadItemLimit 200 to the end and try again, you can also use the -AcceptLargeDataLoss in exceptional circumstances

To view progress;

[box]

Get-MailboxExportRequest
OR
Get-MailboxExportRequest | Get-MailboxExportRequestStatistics

 

[/box]

When complete, you need to remove the move request(s);

[box]Get-MailboxExportRequest | Remove-MailboxExportRequest
OR (If you still have movement requests running)
Get-MailboxExportRequest -Status Completed | Remove-MailboxExportRequest[/box]

Using Content Filters

You can specify a content filter to only export emails after a certain date all mail received after 01/01/17 e.g.

[box]New-MailboxExportRequest -Mailbox {mailbox-alias} -ContentFilter {(Received -lt ’01/01/2017’)} -FilePath \\{server-name}\{folder}\{file-name}.pst[/box]

Or to export emails between two dates;[box]New-MailboxExportRequest -ContentFilter {(Received -lt ’31/12/2018‘) -and (Received -gt ’31/12/2017′)} -Mailbox {mailbox-alias} -FilePath {server-name}\{folder}\{file-name}.pst[/box]

Using IncludeFolders (and Exclude Folders)

You can specify IncludeFolders (or ExcludeFolders) to only export emails from certain folders, e.g.

Only export Inbox (and sub-folders) and Sent Items;

New-MailboxExportRequest -IncludeFolders “#Inbox#/*”,”#SentItems#” -Mailbox {mailbox-alias} -FilePath \\{server-name}\{folder}\{file-name}.pst

Don’t Export Sent Items and Deleted Items;

New-MailboxExportRequest -ExcludeFolders “#SentItems#”,”#DeletedItems#” -Mailbox {mailbox-alias} -FilePath \\{server-name}\{folder}\{file-name}.pst

Export ALL Mailboxes to  PST

[box]foreach ($Mailbox in (Get-Mailbox)) { New-MailboxExportRequest -Mailbox $Mailbox -FilePath “\\{server-name}\{folder-name}\$($Mailbox.Alias).pst” }[/box]

Related Articles, References, Credits, or External Links

Exchange 2000 / 2003 – Exporting Mail to .pst files with ExMerge

Exchange (2010 Post SP1 and Newer) Bulk Importing Mail From PST Files

Mailbox Move ‘StalledDueToMailboxLock’

KB ID 0001581

Problem

I was doing a migration from Exchange 2007 (on prem) to Exchange 2013 (on prem), this week. I had a number of mailboxes that were ‘StalledDueToMailboxLock‘.

Solution

Nice easy fix, on the Source and Destination Exchange severs, restart the ‘Microsoft Exchange Mailbox Replication Service‘.

Wont this break my Mailboxes! No, it will interrupt the migration process, (which is already stalled). But the actual ‘Live‘ mailbox, remains on the ‘Source Server‘, until the process is successfully completed anyway.

It can take a few minutes, (time for a coffee) but check and the process should now have resumed ‘CopyingMessages‘.

Related Articles, References, Credits, or External Links

NA

Exchange 2019: Presenting Outlook Anywhere With WAP

KB ID 0001548

Problem

Note: Applies to Exchange 2019, 2016, and 2013.

This is pretty much PART TWO, of presenting ‘Exchange Web Services’ using Web Application Proxy. Back in PART ONE we looked at publishing OWA and ECP, and that required having an ADFS server. To present the other web services, e.g Outlook Anywhere, Exchange Active Sync, Offline address book etc. You don’t need ADFS, you simply use ‘pass through‘ authentication with your WAP Server, directly to Exchange.

Solution

Before you start, you need to make sure in addition to the DNS records we used for OWA and ECP, you also need to be able to publicly resolve your Autodiscover record. I prefer doing this with public SRV records, see the following article for clarification;

Creating an AutoDiscover SRV Record

You now need, to make sure that the URLs that Exchange uses for it’s web services are set correctly, to do that use the following PowerShell commands;

[box]

Get-OutlookAnywhere |select InternalHostname,ExternalHostname
Get-OABVirtualDirectory |select InternalUrl,ExternalUrl
Get-ActiveSyncVirtualDirectory |select InternalUrl,ExternalUrl
Get-WebServicesVirtualDirectory |select InternalUrl,ExternalUrl
Get-MapiVirtualDirectory |select InternalUrl,ExternalUrl
Get-ClientAccessService |select AutoDiscoverServiceInternalUri

[/box]

 


Make sure your internal URLS are resolvable inside and your external/public URL’s are resolvable outside, (To the public IP address of your WAP Server).

Exchange URLS To Publish with WAP

As with the URLs we published previously remember to publish them with a trailing ‘slash’. You need to publish and ‘Reverse Proxy‘ the following URLs;

Outlook Anywhere: https://mail.ubique.com/rpc/  
Offline Address Book: https://mail.ubique.com/oab/
Active-Sync: https://mail.ubique.com/Microsoft-Server-ActiveSync/
Exchange Web Services: https://mail.ubique.com/EWS/  
MAPI: https://mail.ubique.com/MAPI/
Autodiscover: https://mail.ubique.com/Autodiscover/

Note: Obviously your domain will have a different name!

Publish Outlook Anywhere with WAP

From the ‘Remote Access Management Console’ > Publish > Next.

Select ‘Pass-Through’ > Next.

Give the Published rule a sensible name like “Outlook Anywhere” > Enter the URL’s, and select your public certificate > Next.

Publish.

Close

Publish Active Sync with WAP

Active Sync is required for phones and mobile devices that cannot use Outlook Anywhere. To publish this rule repeat the procedure above, but at the Publishing Setting page use the following settings.

Publish Offline Address Book with WAP

Offline Address Book is required by devices to download a cached copy of the global address list. To publish this rule repeat the procedure above, but at the Publishing Setting page use the following settings.

Publish Exchange Web Services with WAP

Exchange Web Services allow clients to access calendars, contacts and scheduling information remotely. To publish this rule repeat the procedure above, but at the Publishing Setting page use the following settings.

Publish Exchange MAPI with WAP

Mail Application Programming Interface (over HTTPS) if the default connection protocol in modern Exchange deployments. To publish this rule repeat the procedure above, but at the Publishing Setting page use the following settings.

Publish Exchange Web Services with WAP

If you’ve used Exchange since version 2007, you will know how important Autodiscover is, (probably because of the headaches caused when it’s not setup correctly!) To publish this rule repeat the procedure above, but at the Publishing Setting page use the following settings.

Final Sanity Check

When complete, your WAP settings should look like this, (this is for all the pass-through, AND ADFS published settings).

Once setup correctly, Outlook should work fine externally, like so;

Related Articles, References, Credits, or External Links

NA

Exchange – OWA and ECP Blank Page After Logon

ECP Blank Page KB ID 0001185

Problem

Note: This article is for Exchange 2013,2016 and 2019, if you are running Exchange 2010 or 2007 see the following article;

Exchange 2010 – Blank OWA Page?

Sometimes this happens after applying updates to Exchange! Firstly make sure all your services a running! From an administrative Powershell window run the following command;

[box]

Get-Service *Exchange* | Start-Service

[/box]

After making some certificate changes in Exchange 2016 this week, I found that the Outlook Web Access and Exchange Management websites would not work? I was presented with the normal login dialog, but after a successful authentication this happened.

ECP Blank Page: Solution

This happens because the website that runs the ‘Exchange Backend’ has lost the certificate for its https binding.

Open the Internet Information Services Management snap-in > Server-name > Sites  > Exchange Back End > Edit Bindings > https (444) > Edit > Select the correct certificate for Exchange.

Then restart the site, or run ‘iisreset’, or simply reboot the server.

Related Articles, References, Credits, or External Links

NA

Exchange 2019 / 2016 Manage Remotely via PowerShell

KB ID 0001465

Problem

Since Exchange 2013 we have been able to manage Exchange remotely through the Exchange Admin Center, but what if you want to use the Exchange Management Shell remotely?

Install Exchange Management Tools

This is not just the Management Shell, this will also install the Toolbox and additional help.

There are few prerequisites, but to install from a normal PowerShell prompt;

[box]

Enable-WindowsOptionalFeature -Online -FeatureName IIS-ManagementScriptingTools,IIS-ManagementScriptingTools,IIS-IIS6ManagementCompatibility,IIS-LegacySnapIn,IIS-ManagementConsole,IIS-Metabase,IIS-WebServerManagementTools,IIS-WebServerRole

./Setup.exe /Role:ManagementTools /IAcceptExchangeServerLicenseTerms

[/box]

Once Installed, You can launch the Shell itself, or you can add the Exchange PowerShell commandlets to a normal Powershell session, with the following command;

[box]

Add-PSSnapin Microsoft.Exchange.Management.PowerShell.SnapIn;

[/box]

For older versions of Exchange, the commands are slightly different;

  • Exchange 2010: Add-PSSnapin Microsoft.Exchange.Management.PowerShell.E2010;
  • Exchange 2007 :Add-PSSnapin Microsoft.Exchange.Management.PowerShell.Admin;

Connect to Exchange Remotely (via PowerShell)

It’s a Windows server after all, so you can bring up a remote session, first give it an account with some Exchange administrative privileges;

[box]

$UserCredential = Get-Credential

[/box]

Then connect the the Exchange Server;

[box]

$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http://Server-Name/PowerShell/ -Authentication Kerberos -Credential $UserCredential

Import-PSSession $Session -DisableNameChecking

[/box]

Note: As above, don’t forget to disconnect the session the you have finished.

[box]

Remove-PSSession $Session

[/box]

Related Articles, References, Credits, or External Links

NA