Exchange Size Limits

Exchange Size Limits KB ID 0001368

Problem

When attempting to send an email from Outlook via Exchange,  you see a message like the one below.

The following files weren’t attached because adding them would cause the message to exceed the maximum size limit of {Size} MB: {File-Name}

Or, when someone attempts to send a message to one of your mailbox users they get an NDR that looks like this.

Remote Server returned ‘550 5.2.3 RESOLVER.RST.RecipSizeLimit; message too large for this recipient’

Solution: Exchange Size Limits

There are a few places this can be set, (three main places and few obscure ones!), Let’s deal with the most common one first.

Transport ‘System Wide Settings’: Exchange Size Limits

TransportConfig: This has a maximum send and a maximum receive size, to view yours use the following command.

[box]

Get-TransportConfig | format-list MaxSendSize, MaxReceiveSize

[/box]

If one of them is tripping you up, you can change the sizes with the following command.

[box]

Set-TransportConfig -MaxSendSize 100MB -MaxReceiveSize 100MB

[/box]

Send & Receive Connectors: Exchange Size Limits (PowerShell)

Send Connector: This has a maximum message size, to view yours use the following command.

[box]

Get-SendConnector | format-list Name, name,maxmessagesize

[/box]

To change the limit on a specific send connector , use the following command.

[box]

Set-SendConnector "{connector-name}" -MaxMessageSize 100MB

[/box]

To change the limit on all send connectors , use the following command.

[box]

Get-SendConnector | Set-SendConnector -MaxMessageSize 100MB

[/box]

ReceiveConnector: This has a maximum message size, to view yours, use the following command.

[box]

Get-ReceiveConnector | format-table Name, MaxMessageSize

[/box]

You will have many, the one you probably want to change is called “Default Frontend {Server-name}” To change the limit, use the following command;

[box]

Set-ReceiveConnector "{connector-name}" -MaxMessageSize 100MB

[/box]

To change the limit on all receive connectors , use the following command.

[box]

Get-ReceiveConnector | Set-SendConnector -MaxMessageSize 100MB

[/box]

Send & Receive Connectors: Exchange Size Limits (Exchange Admin Center)

Send Connector: If you prefer to do things in the GUI, then Mail flow > Send Connectors > Select the send connector > Edit > Maximum Send Message (MB) > Set accordingly > Save.

Receive Connector: Mail Flow > Receive Connectors > Select the receive connector (usually the Default Frontend  {server-name} connector > Edit > Maximum Receive Message Size > Save.

User ‘Mailbox’: Exchange Size Limits (PowerShell)

You can set individual limits on a particular mailbox. BUT Remember MOST RESTRICTIVE LIMITS WILL APPLY, so if you set a mailbox to 50o0Mb send receive, then, if the connectors the mail travels through, have a more restrictive figure, or the global transport figure is more restrictive the message WILL BE BLOCKED. UNLESS: The message is between two mailboxes internally. So it’s sensible practice to only set a mailbox restriction to LOWER than the connectors or system wide settings.

[box]

Set-Mailbox -Identity "user-name" -MaxSendSize 100MB -MaxReceiveSize 100MB

[/box]

To ensure that worked or view max limits for a particular user use the following syntax.

[box]

Get-Mailbox -Identity "user-name" | format-table MaxSendSize,MaxReceiveSize

[/box]

User ‘Mailbox’: Exchange Size Limits (Exchange Admin Center)

Again this can also be done front the web management console > Recipients > Mailboxes > Select the user to be changed > Edit > Mailbox Features > Message Size Restrictions > View Details > Set accordingly > OK > Save.

I’ve Done All This And It Still Wont Work? 

Sometimes the settings above don’t take effect until all the AppPools in IIS (on the CAS servers) have been restarted, an IISRESET command should solve the problem, (or a reboot if you can handle the downtime.) However even then in some cases you will continue to see the same error message. There are three places that it can still be misconfigured.

OWA Config File

Open the File located at;

%ExchangeInstallPath%ClientAccess\owa\web.config

Locate and set the maxRequestLength (NOTE: the value is in Kilobits)

EWS Config File

Open the File located at;

%ExchangeInstallPath%ClientAccess\exchweb\ews\web.config

Locate and set the maxRequestLength (NOTE: the value is in Kilobits)

ActiveSync (Sync)  Config File

Open the File located at;

%ExchangeInstallPath%ClientAccess\Sync\web.config

Locate and set the maxRequestLength (NOTE: the value is in Kilobits)

Having changed these values, perform an IISRESET;

Repeat for any additional servers.

Related Articles, References, Credits, or External Links

Message Size Limits on Exchange 2003

Exchange – Message Not Sent ‘Because there are too many recipients’

StalledDueToTarget_Processor ?

StalledDueToTarget_Processor KB ID 0001810

Problem

If you have a mailbox move that’s showing as StalledDueToTarget_Processor, that’s quite common (I see that a lot).

Solution: StalledDueToTarget_Processor

Firstly how long have you waited? I see this when I’m moving a LOT of mailboxes, and most of the time this problem resolves itself – if you are patient enough, (and your users will be unaffected while this is going on).

If you have waited and there’s still no movement, you can try the following, locate the MSExchangeMailboxReplicaiton.exe.config file (it will be in your exchange/bin folder).

Edit the file, locate ‘MaxMRSConnections’ value and change it to 20, then save the file.

Note: I change these values on the source and destination Exchange servers, But documentation says you only need to do it on the sourse server.

Then restart the Microsodt Exchange Replication service on BOTH Exchange servers

[box]

Get-Service -Computername OTHER-EXCHANGE-SERVER -Name MSExchangeRepl | Restart-Service
Restart-Service MSExchangeRepl

[/box]

Update Feb 2023: I was moving about 1000 mialboxes, and roughly a third were stuck in StalledDueToTarget_Processor. So ‘after working hours‘ I rebooted both Exchange servers, and the status changed to failed. I cancelled the move requests, and restarted the migration, this time thay all completed sucessfully.(PL)

Related Articles, References, Credits, or External Links

Mailbox Move ‘StalledDueToMailboxLock’

Exchange Y2KK Bug

KB ID 0001769

Y2KK Problem

Over the last couple of days the Exchange forums have been alight with the Y2KK bug, typically it affects Exchange 2016 and 2019 (though the chatter is, it actually effects any Exchange versions whose update version begins with 22…

This is fine below, (it begins with 21..)

[box]

Add-PSSnapin Microsoft.Forefront.Filtering.Management.Powershell
Get-EngineUpdateInformation

[/box]

Y2KK Symptoms 

Emails No Longer Being Delivered!

Event ID 5300

[box]

Log Name: Application 
Source: FIPFS 
Logged: 1/1/2022 1:03:42 AM 
Event ID: 5300 
Level: Error 
Computer: exch.petenetlive.com
Description: The FIP-FS "Microsoft" Scan Engine failed to load. PID: 23092, Error Code: 0x80004005. Error Description: Can't convert "2201010001" to long.

[/box]

Event ID 1106

[box]

Log Name: Application 
Source: FIPFS 
Logged: 1/1/2022 11:47:16 AM 
Event ID: 1106 
Level: Error 
Computer: exch.petenetlive.com 
Description: The FIP-FS Scan Process failed initialization. Error: 0x80004005. Error Details: Unspecified error.

[/box]

Error “Message Deferred By Categorizer Agent”

Messages seen stuck on message queues, with this error.

Y2KK Solution

Note: To avoid an error, ensure your PS Execution policy is set to Remote-Signed before attempting to run the following script or it will simply throw you an error.

[box]

Set-ExecutionPolicy -ExecutionPolicy RemoteSigned

[/box]

See this article for more information.

The simplest fix to this problem is to run the script that Microsoft have provided Reset-ScanEngineVersion.ps1

Note: This needs to be RAN on EACH Exchange server, (with the Exception of Edge Transport Servers).

You can apply the ‘fix‘ manually, instructions for doing so are on the link at the bottom of the page.

Update 04/01/21: You may need to disable all the transport rules before the queues will clear. (untested)

Related Articles, References, Credits, or External Links

Email Stuck in Exchange On-premises Transport Queues

Free Exchange Certificate

KB ID 0001739

Problem

A couple of weeks ago I wrote an article about getting free certificates for IIS with ‘Let’s Encrypt’. Last week the renewal for my ‘test’ Exchange server’s certificate came though. So I thought “Why don’t I try and get a ‘Free Exchange Certificate’?”

Free Exchange Certificate

Before we start let’s take a moment to take a look at our existing Exchange Certificate, as you can see it’s a publicly signed and trusted certificate, the only thing wrong with it, is it’s going to expire in a couple of weeks, yours may have already expired, or you may be running a self signed SSL certificate, (horror!)

To do all the heavy lifting you need a peice of software, the easiest (I’ve seen) is win-acme (at time of writing the latest version is 2.1.14.996) you simply download it as a zip file.

Extract the contents of that zip file to a folder on your hard drive.

Apply For & Install the Free Exchange Certificate

Open an administrative command prompt > Navigate to the folder you just created > run wacs.exe

WARNING: Some other run throughs I’ve read, have different option numbers, (wacs.exe has obviously been updated). So instead of just posting the Number to select I’ll post the Option, then put the number, (or letter) of that option in brackets, (in case they change the option numbers again!)

Create a new certificate (full options) {m} > Manual Input {2}.

Manual Input {2} > Enter the public filly qualified domain name(s) of your exchange server (spectated by commas) > Press Enter to accept the default friendly name (unless you want to specify your own).

[http-01] Serve certification files from memory {2} > RSA Key {2}. 

Note: You will need TCP Port 80 open to the Exchange server for this to work, (in most cases you will only have HTTPS or TCP Port 443 open!)

Windows certificate store {4} > No (additional) store steps {5}.

Create or update https binding in IIS {1} > Default Web Site {1} > Start external script or program {3} > Paste in the following;

[box]

./Scripts/ImportExchange.ps1

[/box]

At the prompt paste in the following;

[box]

'{CertThumbprint}' 'IIS,SMTP,IMAP' 1 '{CacheFile}' '{CachePassword}' '{CertFriendlyName}'

[/box]

No (additional) installation steps {4}.

No, (or it will open the terms and conditions in another window) > Yes (your soul now belongs to Let’s Encrypt!) > Type in an email address  > Quit {q}

Now reconnect to either OWA or the Exchange Admin Center > And you should see you have a new certificate.

It only lasts three months! That’s correct but;

Let’s Encrypt Free Exchange Certificate Auto Renewal

As well as getting your certificate, win-acme also created a scheduled task to check your certificate validity and renew it before it expires. Cool eh?

Where Does Win-ACME Store its information

Good question, it took me a little while to find that out, essentially once ran it creates a new folder in %programdata% (That’s a hidden folder on the C drive usually) called win-acme all your settings are in there, so if you make a mistake like enter the wrong email address, you can delete this folder and start again.

How To Remove Let’s Encrypt Exchange Free Certificate & Settings

  1. Remove the certificate from Exchange Admin Center.
  2. Remove the win-acme folder from %Programdata%.
  3. Delete the scheduled update task from ‘Task Sheduler‘.

Related Articles, References, Credits, or External Links

NA

Exchange – Display Mailbox’s by size

KB ID 0000469

Problem

Yesterday a client asked me how he could find out, which of his users were the “worst offenders” for mailbox size. Normally a simple Get-MailboxStatistics command would be fine, and we would sort the results in descending order.

Solution

On one of the Exchange servers, launch the Exchange Management Shell.

Issue the following command:

Note: That’s all one command, replace the name PNL-MAIL-2019 with your Exchange server name.

[box]

Get-MailboxStatistics -Server PNL-MAIL-2019  | Select DisplayName, ItemCount, TotalItemSize | Sort-Object TotalItemSize -Descending

[/box]

And here’s your nicely formatted list (Note: this is my test environment so there’s not much mail in it).

Fo Exchange 2010 use the following syntax;

[box]

Get-MailboxStatistics -Server DC2A | where {$_.ObjectClass –eq “Mailbox”} | Sort-Object TotalItemSize –Descending | ft @{label=”User”;expression={$_.DisplayName}},@{label=”Total Size (MB)”;expression={$_.TotalItemSize.Value.ToMB()}},@{label=”Items”;expression={$_.ItemCount}},@{label=”Storage Limit”;expression={$_.StorageLimitStatus}} -auto

[/box]

Note: To see the sizes of the individual Folders in users mailboxes see the following article;

Exchange – Display/Export Users Mailbox Folder Sizes

Related Articles, References, Credits, or External Links

NA

Exchange Exporting Mailboxes to PST Files

KB ID 0001360

Problem

Applicable To: This procedure works on all versions of Exchange Newer than Exchange 2010 SP1 (update rollup 8). If your Exchange server is OLDER than that you will need to use the following link;

Exchange 2007 / 2010 (Pre SP1)- Export Mailbox’s to PST files

The following procedure exports a user mailbox to a PST file on a network share.

Solution

Note: Not Even ‘Exchange Organisation Administrators” have the right to import / export mailboxes, you need to grant those rights to your user object, (or a better approach would be to create an admin account just for this purpose, then delete it when you are finished).

[box]

New-ManagementRoleAssignment –Role "Mailbox Import Export" –User {username}

[/box]

Note: This grants import, and export rights.

Create a file share on a drive with plenty of space, ensure the Exchange Trusted Subsystem has read / write access. And ensure the SYSTEM account has full control.

To create the ‘Export Request’

[box]

New-MailboxExportRequest -Mailbox “mailbox-alias” -FilePath \\server-name\share\file-name.pst

[/box]

Note: Add “-IsArchive” to the end of the command for Archive Mailboxes.
Note2: If the export repeatedly fails, add -BadItemLimit 200 to the end and try again, you can also use the -AcceptLargeDataLoss in exceptional circumstances

To view progress;

[box]

Get-MailboxExportRequest
OR
Get-MailboxExportRequest | Get-MailboxExportRequestStatistics

 

[/box]

When complete, you need to remove the move request(s);

[box]Get-MailboxExportRequest | Remove-MailboxExportRequest
OR (If you still have movement requests running)
Get-MailboxExportRequest -Status Completed | Remove-MailboxExportRequest[/box]

Using Content Filters

You can specify a content filter to only export emails after a certain date all mail received after 01/01/17 e.g.

[box]New-MailboxExportRequest -Mailbox {mailbox-alias} -ContentFilter {(Received -lt ’01/01/2017’)} -FilePath \\{server-name}\{folder}\{file-name}.pst[/box]

Or to export emails between two dates;[box]New-MailboxExportRequest -ContentFilter {(Received -lt ’31/12/2018‘) -and (Received -gt ’31/12/2017′)} -Mailbox {mailbox-alias} -FilePath {server-name}\{folder}\{file-name}.pst[/box]

Using IncludeFolders (and Exclude Folders)

You can specify IncludeFolders (or ExcludeFolders) to only export emails from certain folders, e.g.

Only export Inbox (and sub-folders) and Sent Items;

New-MailboxExportRequest -IncludeFolders “#Inbox#/*”,”#SentItems#” -Mailbox {mailbox-alias} -FilePath \\{server-name}\{folder}\{file-name}.pst

Don’t Export Sent Items and Deleted Items;

New-MailboxExportRequest -ExcludeFolders “#SentItems#”,”#DeletedItems#” -Mailbox {mailbox-alias} -FilePath \\{server-name}\{folder}\{file-name}.pst

Export ALL Mailboxes to  PST

[box]foreach ($Mailbox in (Get-Mailbox)) { New-MailboxExportRequest -Mailbox $Mailbox -FilePath “\\{server-name}\{folder-name}\$($Mailbox.Alias).pst” }[/box]

Related Articles, References, Credits, or External Links

Exchange 2000 / 2003 – Exporting Mail to .pst files with ExMerge

Exchange (2010 Post SP1 and Newer) Bulk Importing Mail From PST Files

Mailbox Move ‘StalledDueToMailboxLock’

KB ID 0001581

Problem

I was doing a migration from Exchange 2007 (on prem) to Exchange 2013 (on prem), this week. I had a number of mailboxes that were ‘StalledDueToMailboxLock‘.

Solution

Nice easy fix, on the Source and Destination Exchange severs, restart the ‘Microsoft Exchange Mailbox Replication Service‘.

Wont this break my Mailboxes! No, it will interrupt the migration process, (which is already stalled). But the actual ‘Live‘ mailbox, remains on the ‘Source Server‘, until the process is successfully completed anyway.

It can take a few minutes, (time for a coffee) but check and the process should now have resumed ‘CopyingMessages‘.

Related Articles, References, Credits, or External Links

NA

Exchange 2019: Presenting Outlook Anywhere With WAP

KB ID 0001548

Problem

Note: Applies to Exchange 2019, 2016, and 2013.

This is pretty much PART TWO, of presenting ‘Exchange Web Services’ using Web Application Proxy. Back in PART ONE we looked at publishing OWA and ECP, and that required having an ADFS server. To present the other web services, e.g Outlook Anywhere, Exchange Active Sync, Offline address book etc. You don’t need ADFS, you simply use ‘pass through‘ authentication with your WAP Server, directly to Exchange.

Solution

Before you start, you need to make sure in addition to the DNS records we used for OWA and ECP, you also need to be able to publicly resolve your Autodiscover record. I prefer doing this with public SRV records, see the following article for clarification;

Creating an AutoDiscover SRV Record

You now need, to make sure that the URLs that Exchange uses for it’s web services are set correctly, to do that use the following PowerShell commands;

[box]

Get-OutlookAnywhere |select InternalHostname,ExternalHostname
Get-OABVirtualDirectory |select InternalUrl,ExternalUrl
Get-ActiveSyncVirtualDirectory |select InternalUrl,ExternalUrl
Get-WebServicesVirtualDirectory |select InternalUrl,ExternalUrl
Get-MapiVirtualDirectory |select InternalUrl,ExternalUrl
Get-ClientAccessService |select AutoDiscoverServiceInternalUri

[/box]

 


Make sure your internal URLS are resolvable inside and your external/public URL’s are resolvable outside, (To the public IP address of your WAP Server).

Exchange URLS To Publish with WAP

As with the URLs we published previously remember to publish them with a trailing ‘slash’. You need to publish and ‘Reverse Proxy‘ the following URLs;

Outlook Anywhere: https://mail.ubique.com/rpc/  
Offline Address Book: https://mail.ubique.com/oab/
Active-Sync: https://mail.ubique.com/Microsoft-Server-ActiveSync/
Exchange Web Services: https://mail.ubique.com/EWS/  
MAPI: https://mail.ubique.com/MAPI/
Autodiscover: https://mail.ubique.com/Autodiscover/

Note: Obviously your domain will have a different name!

Publish Outlook Anywhere with WAP

From the ‘Remote Access Management Console’ > Publish > Next.

Select ‘Pass-Through’ > Next.

Give the Published rule a sensible name like “Outlook Anywhere” > Enter the URL’s, and select your public certificate > Next.

Publish.

Close

Publish Active Sync with WAP

Active Sync is required for phones and mobile devices that cannot use Outlook Anywhere. To publish this rule repeat the procedure above, but at the Publishing Setting page use the following settings.

Publish Offline Address Book with WAP

Offline Address Book is required by devices to download a cached copy of the global address list. To publish this rule repeat the procedure above, but at the Publishing Setting page use the following settings.

Publish Exchange Web Services with WAP

Exchange Web Services allow clients to access calendars, contacts and scheduling information remotely. To publish this rule repeat the procedure above, but at the Publishing Setting page use the following settings.

Publish Exchange MAPI with WAP

Mail Application Programming Interface (over HTTPS) if the default connection protocol in modern Exchange deployments. To publish this rule repeat the procedure above, but at the Publishing Setting page use the following settings.

Publish Exchange Web Services with WAP

If you’ve used Exchange since version 2007, you will know how important Autodiscover is, (probably because of the headaches caused when it’s not setup correctly!) To publish this rule repeat the procedure above, but at the Publishing Setting page use the following settings.

Final Sanity Check

When complete, your WAP settings should look like this, (this is for all the pass-through, AND ADFS published settings).

Once setup correctly, Outlook should work fine externally, like so;

Related Articles, References, Credits, or External Links

NA

Exchange: Create a PFX Certificate and Import a Private Key

KB ID 0001528

Problem

On my test network I have an Exchange server (Exchange 2016). As it’s publicly available and connected to Office 365 it needs a digital certificate. Because its my test network, I don’t want to spend a fortune on a certificates, so I buy the cheapest one I can find. I replaced it last week with a 2 year certificate for about $5.00.

When the certificate came I had certificate-name.crt, and a CA bundle, but I could NOT import it into Exchange, (because the private key was missing). I had the private key, I downloaded it when I made the certificate request.

So I had the certificate and the private key, I needed to import the private key into my Exchange server, or create a PFX file that had the certificate and the private key in it, that I could import into Exchange.

Create a PFX File with OpenSSL

The simplest way to create a PFX, (if you are feeling lazy,) is to go here and let them do it for you. But I know I could do this with OpenSSL, being a mac user I already have OpenSSL, if you are a Windows user you can install OpenSSL for Windows and do the same thing.

Firstly place your private key file and certificate in a folder you can get at like so;

Then execute the following command;

[box]

openssl pkcs12 -export -out output-cert-name.pfx -inkey key-file-name.key -in input-cert-name.crt

[/box]

When prompted to do so, enter a password, (you will need to enter this on your Exchange server, so make a note of it!) You will then have your .PFX file.

Import PFX File into Exchange

I prefer to use PowerShell, (if you want to use the Exchange Admin Centre scroll down.) 

[box]

Import-ExchangeCertificate -Server Server-Name -FileName "\\Server-Name\Share-Name\Certificate-Name.pfx" -Password (ConvertTo-SecureString -String 'Your-Password' -AsPlainText -Force)

[/box]

Copy the certificate thumbprint (as shown) to the clipboard.

Then you need to associate the Exchange ‘Services’ with this new certificate;

[box]

Get-ExchangeCertificate -Thumbprint YOUR-CERT-THUMBPRINT | Enable-ExchangeCertificate -Services IIS,SMTP,IMAP,POP

[/box]

When prompted to do so enter ‘A’, (for replace all.)

You should see the correct certificate used now, like so;

Note: If you only see a blank page for OWA and Exchange Admin Center (ECP) after changing certificates, then see the following post;

Exchange – OWA and ECP Websites Blank After Logon

Import a PFX From Exchange Admin Center

Servers > Certificates > Select the appropriate Server > Ellipses > Import Exchange Certificate > Add the path to the PFX file, and its password > Next.

Add the server > Finish.

Now to enable the certificate for the appropriate Exchanges Services, select the cert > Edit > Services > Tick SMTP, IMAP, POP, and IIS > Save > OK.

 

Related Articles, References, Credits, or External Links

Exchange Certificate Import Error (reason: PrivateKeyMissing).

Exchange – Certificate Invalid ‘Revocation Check Failed’

Exchange: Blank Certificate Name

Exchange – OWA and ECP Websites Blank After Logon

Exchange – OWA and ECP Blank Page After Logon

ECP Blank Page KB ID 0001185

Problem

Note: This article is for Exchange 2013,2016 and 2019, if you are running Exchange 2010 or 2007 see the following article;

Exchange 2010 – Blank OWA Page?

Sometimes this happens after applying updates to Exchange! Firstly make sure all your services a running! From an administrative Powershell window run the following command;

[box]

Get-Service *Exchange* | Start-Service

[/box]

After making some certificate changes in Exchange 2016 this week, I found that the Outlook Web Access and Exchange Management websites would not work? I was presented with the normal login dialog, but after a successful authentication this happened.

ECP Blank Page: Solution

This happens because the website that runs the ‘Exchange Backend’ has lost the certificate for its https binding.

Open the Internet Information Services Management snap-in > Server-name > Sites  > Exchange Back End > Edit Bindings > https (444) > Edit > Select the correct certificate for Exchange.

Then restart the site, or run ‘iisreset’, or simply reboot the server.

Related Articles, References, Credits, or External Links

NA