Posts filed under ‘Exchange and O365’
A server-side database availability group administrative operation failed. Error The operation failed. CreateCluster errors may result from incorrectly configured static addresses
Recently , we were working with one of our customer to build the Exchange 2019 DAG. When we add the 2 Exchange Nodes to the DAG , the process got failed with the error “A server-side database availability group administrative operation failed. Error The operation failed. CreateCluster errors may result from incorrectly configured static addresses – Error: Windows Failover Clustering isn’t installed on ‘xxxxxx’.. [Server: xxxxxxxxx] – Restart the server to complete the failover cluster installation also check for the duplicate mac , incorrect IP address, if it is a VM make sure you have done sysprep.”
However , we were pretty sure that the servers were created using a fresh installation instead of syprepped images. Also , we noticed that the Server Manager on both the servers were displaying a message ” Restart is Pending”.
Therefore , we simply restarted the server , and thereafter we were able to add the 2 exchange servers to the DAG.
How to migrate the AAD Connect to a new Server
For those who running AAD Connect to Synchronize their On-Premise AD , may come across a requirement to upgrade the OS on the AAD connect server. In this situation , the safest approach would be to install a new server with latest OS version and then migrate the AAD connect with the below mentioned steps safely without facing lengthy outages.
- Prepare a new server with the Operating System.
- Install the AAD Connect (Preferably the same version as the existing or the latest version available).
- Now , Prior to proceed with the migration you need to ensure two things.
– Take a backup of existing configuration using the AAD Connect –> View or Export configuration
–>Click on Export Settings. This will create a json file in X:\Program Data\AADConnect. (Copy it to the new server)
– Secondly use the Azure AD Sync Configuration Documenter to collect the existing configuration in HTML format.(https://github.com/Microsoft/AADConnectConfigDocumenter/releases) . The Installation instruction can be found in https://github.com/Microsoft/AADConnectConfigDocumenter/wiki.
Thereafter , proceed with the installation of AADC on the new server , select the Customize option (instead of Express) –> Import Synchronization settings ,and import the configuration using the json filed copied in the above step and press Next.
In the last screen of the AADC Installation wizard , select the below options.
– Start the synchronization process when the configuration completes.
– Enable staging mode.
Now , you using the AADC configuration documenter capture the settings on the new AADC server. Then run the below command to compare both the configuration.(Refer the wiki for instructions) after copying both the files in the same location.
AzureADConnectSyncDocumenterCmd.exe “AADC-SERVER-OLD” “AADC-SERVER-NEW”
After reviewing the output and confirming the configuration are identical proceed with the final steps in the migration.
– Enable the staging mode on the Old AADC server.(by running the AADC – Tasks- Configure Staging mode).
– Disable the staging mode on the New AADC server.
– Perform a test and confirm the synchronization is working as expected.
– Uninstall the AADC from the old server and proceed with the decommission.
How to Remove office 365 mailbox without deleting user account
We were planning to deploy an Exchange Hybrid Configuration with On-Premise Exchange 2019 servers. Thereafter , we will be moving some of the mailboxes to On-Premise Exchange
Servers and disable only the Exchange Online mailbox to keep the user account intact with the license so he could use other Applications (like SharePoint Online , OneDrive and Desktop Apps ,etc).
The environment is already synced via Azure AD Connect.
Since the Exchange Online license is assigned to the user , the user could have one mailbox in Office 365 and one in an on-premises Exchange ,causing mail delivery issues . Thus , to solve the issue
we need to
1) Remove the Exchange Online License for the user.
2) Clear the mailbox info:
Set-User user@tga.gov.sa -PermanentlyClearPreviousMailboxInfo
3) Resync and Ensure the MSExchangeGuid is Synced to point that now the Mailbox is in On-Premise Server.
4) Re-assign the Exchange Online License in O365.
5) Now the user will not be having a mailbox , But, he will be able to access the SharepointOnline , OneDrive , the DesktopApps , etc.
OR , we could use the below steps as well (Recommended by the MS Support)
– Migrate the O365 mailbox to On-Premise Exchange Server.
– Go to the License & Apps under the User property in O365 portal.
– Unselect the Exchange Online (Plan 2) from the Apps list.
– This will ensure that the user mailbox is only in On-Premise Exchange Server and still he will be able to access the SharepointOnline, OneDrive and DesktopApp ,etc)
How to verify SPF/DKIM/DMARC/DomainKey/RBL tests parsed on the email.
Hi All
In some situations , when an email is blocked by the antispam device , you need to analyze the headers to findout the actual root cause. However , sometimes the blocked reasons shown by the antispam device are not descriptive especially when you are troubleshooting DKIM related failures.
This is crucial as we need notify the sender’s domain owner to rectify the issues. In these cases you could use the below tool to analyze the tests performed in the email and findout the actual reason for the email blockage in a much descriptive manner.
https://www.appmaildev.com/en/dkimfile
I found it very useful , and thought of sharing it with the community.
Good luck guys.
The Microsoft Exchange Replication service couldn’t find a valid configuration for database ‘mydb’ on server ‘server1’. Error: An Active Manager operation failed. Error: The active copy for database could not be determined:
Recently one of our customer had an Exchange Server outage. Whereas one of the node from 2 node DAG was not able to communicate with other server. We tried to rebooting the server but no luck . The symptoms were
– Cluster service was not starting.
– On the other node FCM was not able to connect to the DAG cluster.
– Unable to open the ECP/OWA.
– Outlook / Mobile Users cannot access their mailboxes.
The environment consist of 2 Exchange Server 2016 & DAG.
So we started with removing the failed node by typing the below commands in the healthy exchange server:
# Open Exchange PowerShell
#Get-ClusterNode -Name node1 | Remove-Clusternode
# net stop clussvc
# net start clussvc
# Remove-DatabaseAvailabilityGroupServer -Identity “DAG Name” -MailboxServer “Failed Exchange Server Name” -ConfigurationOnly
# Get-ClusterNode “Failed Exchange Server Name” | Remove-ClusterNode
However , still no luck. Then we tried to remove the mailbox database copies form the failed node(I believe the copies were active on the second server) we got a new error stating that “Mailbox databse copies cannot be disabled on the Databases with circular logging enabled. So we had to remove the circular logging and then delete the database copies.
#Get-MailboxDatabse | Set-MailboxDatabase -CircularLoggingEnabled $False
# Get-MailboxDatabaseCopy -Identity “DatabaseName” |Remove-MailboxDatabaseCopy -Identity “DatabaseName\ServerName”
Now it is the time for mounting the databses: When we ran the below command
#Get-MailboxDatabase | Mount-Database
We received the below error”
Failed to mount database “———-“. Error: An Active Manager operation failed. Error: An Active Manager operation
encountered an error. To perform this operation, the server must be a member of a database availability group, and the
database availability group must have quorum. Error: Automount consensus not reached (Reason: FSW boot time did not
match (FSW-Remote: 2020-10-01T11:37:09.4930830Z FSW-Reg: 0001-01-01T00:00:00.0000000)). [Server:———-]
+ CategoryInfo : InvalidOperation: (—-:ADObjectId) [Mount-Database], InvalidOperationException
+ FullyQualifiedErrorId : [Server=————,RequestId=5022acdd-0c48-4584-b2eb-1d0a2c692f0d,TimeStamp=10/7/2020
11:09:14 AM] [FailureCategory=Cmdlet-InvalidOperationException] BCF4F25E,Microsoft.Exchange.Management.SystemConfi
gurationTasks.MountDatabase
Here , we wanted to check the DAG status
#Get-DatabaseAvailabilityGroup -status
Output :
WARNING: Unable to get Primary Active Manager information due to an Active Manager call failure. Error: An Active
Manager operation failed. Error: An Active Manager operation encountered an error. To perform this operation, the
server must be a member of a database availability group, and the database availability group must have quorum. Error:
Automount consensus not reached (Reason: FSW boot time did not match (FSW-Remote: 2020-10-01T11:37:09.4930830Z FSW-Reg:
0001-01-01T00:00:00.0000000)). [Server: ———-]
Name : DAGName
Memberservers: {Server1}
Operational Servers {}
The output confirmed that there a no operatinal servers. So we had to restart the DAG with the surviving node.
#Start-DatabaseAvailabilityGroup -Identity “DAGNAME” -MailboxServer ServerName”
Now the Get-DatabaseAvailabilityGroup -status cmd will gave the below output:
Name : DAGName
Memberservers: {Server1}
Operational Servers {Server1}
Now it is the time for mounting all the databases:
Get-MailboxDatabase | Mount-Database
Voila , The MailboxDatabases were started mounting and the ECP access is restored.
“ Error 432 4.3.2 STOREDRV.Deliver; recipient thread limit exceeded in Exchange 2016
One of our customer complained that the Internal E-mails are not being delivered. When we checked the Queue Viewer we observed the emails are stuck at the queue with the error “Error- 432 4.3.2 STOREDRV.Deliver; recipient thread limit exceeded”
This could be due to large number of emails being sent internally(either to one mailbox / several mailboxes).In our case , the customer’s processing server was down for some days, and when it was restored it started sending all the backlog emails.
To overcome this issue we had to temporarily disable the throttling , by adding the below text in the EdgeTransport.exe.config file(located in the Exchange Bin Folder)
add key=”MailboxDeliveryThrottlingEnabled” value=”False”
(Some articled recommends to add the value in the MSExchangedelivery.exe.config file instead).
Thereafter , you need to restart the MS Exchange Transport & Exchange Mailbox Transport Delivery services.
In case if you don’t completely disable the throttling you could add the below keys.
add key=”RecipientThreadLimit” value=”2″
add key=”MaxMailboxDeliveryPerMdbConnections” value=”3″
Good Luck.
Cannot open mailbox features in ECP
Sometimes you may receive the below error , when you try to access the Mailbox features for a Mailbox via ECP.
In this situation the Exchange server version is 2016 and it happened only on a single mailbox.
After several hours of troubleshooting we came to know that , this could happen if the mailbox is in quarantined state. During this problem user will not be able to access his mailbox neither by Outlook nor any clients)
(You could refer https://www.nucleustechnologies.com/blog/how-to-fix-exchange-mailbox-quarantine-issue/ to have an idea about possible causes for a mailbox to go in to quarantined mode).
To confirm this we ran the below command via the Exchange Powershell
Get-Mailboxstatistics -identity “Test User” | fl Isquarantined
The output was True , now we could confirm his mailbox is in quarantined state.
To disable the quarantine state we ran the below command:
Disable-MailboxQuarantine “Test User”
But , for us unfortunately , the user mailbox goes again to quarantine mode after few minutes. Thus we tried to repair the mailbox using the below command.:
New-MailboxRepairRequest -Mailbox test@test.local -CorruptionType ProvisionedFolder,SearchFolder,AggregateCounts,Folderview
In our situation even the repair was not solving the issue and we had to recreate the mailbox. The reason , I shared the above steps as it could help somebody , without the need for recreating the mailbox.
Good Luck.
How to create an O365 Mailbox when there is no On-Prem Exchange Servers.
In some cases the IT department decomission the On-Prem Exchange Server after migrating the mailboxes to O365. (For detailed steps for uninstallation of Exchange Please refer my previous article : https://vands.pro/2018/11/06/how-to-decomission-on-prem-exchange-server-after-migrating-the-mailboxes-to-o365/.
OK, Coming back to mailbox creation ; All these steps need to be done in the ADUC
+ Create an AD User.
+ Type the email address in the email field.
+ Go to the Account Tab and select the correct domain name.
+ In the Attributes Editor modify the two parameter’s as below
proxyAddresses: SMTP: myemail@email.com
targetAddress: SMTP: myemail@companyname.onmicrosoft.com
+ Either perform a manual sync or wait for the next schedule.
+ After the Sync is completed you will be able to see the user in O365 Portal and need to assign the Exchange License to complete
the mailbox creation.
Credits: https://c7solutions.com/2014/07/creating-mailboxes-in-office-365-when-using-dirsync
How to Decomission On-Prem Exchange Server after migrating the Mailboxes to O365
Few weeks ago, we had project to migrate the Exchange 2010 Mailboxes to O365. After the migration completed we had to remove the On-Prem Exchange Servers(Even though it is not a supported scenario from Microsoft , still you could do this.) This will lead you to to adopt non standard methods when creating new mailboxes(Refer my post https://vands.pro/2018/11/06/how-to-create-an-o365-mailbox-when-there-is-no-on-prem-exchange-servers/ for detailed steps). Also if you still needed an Exchange Server in your premises to avoid complication you could contact MS O365 Support to obtain a free Exchange Hybrid License and install an Exchange Server.
Coming back to the original goal of this article you need to follow the below steps if you have decided to remove the Exchange Servers; Also note that uninstallation of Exchange will not impact the O365 mailboxes in any manner.
+ By this time you should have changed the MX and related DNS records on
the on-prem DNS and Public DNS Servers.
+ Set the AD Internal URL to null
Get-ClientAccessServer | Set-ClientAccessServer
-AutoDiscoverServiceInternalUri $Null
+ Then disable the AD Sync(Temporarily)
Set-MsolDirSyncEnabled -EnableDirSync $false
(Get-MsolCompanyInformation).DirectorySynchronizationEnabled – To
view the current status.
+ Open Exchange Shell in one of the Exchange Server(uninstallation should
be started in the order of MBOX,CAS,HUB & Edge)
+ Remove default Public folders
Get-PublicFolder “\” -Recurse -ResultSize:Unlimited |
Remove-PublicFolder -Recurse -ErrorAction:SilentlyContinue
+ Remove system Public folders
Get-PublicFolder “\Non_Ipm_Subtree” -Recurse -ResultSize:Unlimited |
Remove-PublicFolder -Recurse -ErrorAction:SilentlyContinue
+ Remove Offline Address Book
Get-OfflineAddressBook | Remove-OfflineAddressBook
+ Remove send connectors
Get-SendConnector | Remove-SendConnector
+ Remove Public Folder Database
Get-PublicFolderDatabase | Remove-PublicFolderDatabase
+ + Remove Arbitration Mailbox
Get-Mailbox -Arbitration | Disable-Mailbox -Arbitration -DisableLastArbitrationMailboxAllowed
+ Disable / Delete All non migrated Mailboxes
Get-Mailbox | Disable-Mailbox
+ Open CMD as Administrator and Go to the bin folder in the Exchange Installation Folder in your C: drive(Depend on your environment)
setup.com /m:unistall.
+ Once all the Exchange Roles are uninstalled disjoin the servers from the AD.
+ Re-run the AD Sync Tool and remove the Tick on Exchange Hybrid Configuration.
+ Re-enable the AD Sync
Set-MsolDirSyncEnabled -EnableDirSync $false
Credits: https://www.itpromentor.com/remove-hybrid-keep-sync/
Good Luck Guys.
Hope you like it.. 