On Exchange Admin you have an option to archive user emails for example 2 years, 3 years etc. Does increasing the number of years of your emails you wish to Archive mean you free up more space or would it be best for number of years of Archiving emails to be low as possible. For example does a 6 year archive save more space than 2 year archive.

Hello everyone,

Happy New Year!!

On the 30th and 31st we had significant issues with our Comcast business internet. Comcast had a couple outages, but our modem flipped out. We had it relaced on the 31st and most things seemed fine. We have 5 static addresses and those seem to have been moved properly to the new config. The problems started with OWA and access from phones. Internally everything seemed fine, from desktops running outlook all was good, sending and receiving internal and external worked fine. At least it seems so. I'm getting some reports of Outlook sending issues now.

When I realized that phone and OWA was not working, I checked DNS for the OWA link, it failed. It was using 1.1.1.133 (of course not the real IP, :-)). I updated DNS to use 1.1.1.29 which is the first IP in our range. Things seemed fine with phones for about a day. Now nothing is sending from phones again. But I do see emails SENT to me on my phone.

I suspect that something needs to be changed in the Comcast modem, but I was not the one who setup the last one. Is bridge mode the way to go here or setup forwarding all packets in the modem?

Any help would be greatly appreciated. I will be onsite later this evening as I cannot access the comcast modem without a hard connection to the modem.

Thank you all.

We have a 2-member DAG, and both servers have gone down. I tried recovering one of them like a normal "recover an exchange server" but since it's a member of a DAG I can't use the /mode:recoverserver switch. I also can't recover using the "recover member of a DAG" because that assumes you have a functioning exchange server to remove the lost server from the DAG. I have a backup of one of the servers in Veeam with application-aware processing, but keep hearing that might hose our AD if I restore it, so I tried the recover an exchange server option. Any thoughts on this scenario?

At the final step of the Hybrid Wizard (Validating Hybrid Agent for Exchange usage), I am getting this error message. I've searched for this error and cannot find the correct fix. Thanks.

https://preview.redd.it/crsqp217clae1.jpg?width=538&format=pjpg&auto=webp&s=5332db1e988fb00d08b9b31986ffd2dc504e7285

The log files show his error:
*ERROR* 10349 [Client=UX, Page=HybridConnectorInstall, Thread=15] 
The connection to the server 'fdde59f1-85fd-48b6-bbe4-0bf434e02b29.resource.mailboxmigration.his.msappproxy.net' could not be completed., The call to 'https://fdde59f1-85fd-48b6-bbe4-0bf434e02b29.resource.mailboxmigration.his.msappproxy.net/EWS/mrsproxy.svc' timed out. Error details: The request channel timed out attempting to send after 00:00:00.0077217. Increase the timeout value passed to the call to Request or increase the SendTimeout value on the Binding. The time allotted to this operation may have been a portion of a longer timeout. --> The HTTP request to 'https://fdde59f1-85fd-48b6-bbe4-0bf434e02b29.resource.mailboxmigration.his.msappproxy.net/EWS/mrsproxy.svc' has exceeded the allotted timeout of 00:00:00.0077217. The time allotted to this operation may have been a portion of a longer timeout., The request channel timed out attempting to send after 00:00:00.0077217. Increase the timeout value passed to the call
to Request or increase the SendTimeout value on the Binding. The time allotted to this operation may have been a portion of a longer timeout., The HTTP request to 'https://fdde59f1-85fd-48b6-bbe4-0bf434e02b29.resource.mailboxmigration.his.msappproxy.net/EWS/mrsproxy.svc' has exceeded the allotted timeout of 00:00:00.0077217. The time allotted to this operation may have been a portion of a longer timeout.

Dear all,

I am currently preparing the onboarding for new employees starting next week and found that mailbox migrations from Exchange 2016 to Exchange Online fail with the following error:

new.user@domain.com,Failed,0,0,Password for the user 'serviceuser' could not be decrypted. --> Not able to access the key object. --> An operations error occurred.

When editing the password of the migration endpoint it fails with the following error:

Failed to update migration endpoint. Error:Password for the user 'serviceuser' could not be encrypted.

Deleting and re-creating the migration endpoint works, however, migrations still fail with the first error and changing the password is not possible either after re-creation.

Test-MigrationServerAvailability ran from Exchange Online Shell shows no errors with the migration endpoint:

Test-MigrationServerAvailability-ExchangeRemoteMove -RemoteServer mail.host.com -Credentials(get-credential domain\serviceuser)

Result : Success
Message :
SupportsCutover : False
ErrorDetail :
TestedEndpoint : mail.host.com
IsValid : True
Identity :
ObjectState : New

Also tried to user a different service account and different endpoint for migration, no luck! Actually looks like an Exchange Online error to me that has to be fixed by Microsoft.

Do mailbox migrations work in your end fine in 2025?

Solution: I did nothing - a day later it started working again. Seems to have been an Microsoft issue.

Thanks!
Michael

We have fire department client who needs to be able to find emails quickly for public records. They want users to be able to search every mailbox for every user in the entire organization and I know of no way to do this. Is it possible?

We have an unusual request to configure M365 mailboxes for certain users so that emails older than year and emails with attachments older than 90 days, are archived. Also, we need to prevent the Online Archive from appearing in their Outlook.

Is there a way to accomplish this in M365, or does anyone know of a solution that could make this possible?

We're trying to limit the exposure to Online Archive mailbox for the Salesforce Outlook plugin. We just want the Salesforce plugin to only have access to the user's mailbox only and no other mailbox in user's Outlook.

I missed the certificate expiration on all of our servers and have been having a fun time putting out fires. We use a wildcard cert from GoDaddy, which has made the renewal process fairly painless through IIS on most servers. The one exception is our hybrid exchange server - all user mailboxes are in 365 but we have various local applications that need to email out. All applications seem to point to our primary Exchange server but there is one additional exchange server sitting somewhere that I was told is not being used.

I followed the recommendations from another post "exchange certificate question - and I hate myself" with EMS commands to request and import a cert but these always failed, so I imported with IIS and assigned IIS and SMTP roles to the new cert through EMS.

All internal emails from the applications now work just fine. External emails fail with a "SendMessage failed with the error: SMTP; Unable to relay recipient in non-accepted domain" error. I have tried updating the certs that the send and receive connectors use and confirmed in the logs that they are using the correct cert. I have verified that the local relay connector is set to use Anonymous users, has the correct port in the adapter binding, and has the affected server IPs in the Remote network settings. All servers have the appropriate certificate. The only setting that changed before this issue was the certificate renewal.

Any help or recommendations would be great, this is my first time working with certificates and the only other experience I have with Exchange is installed a CU. Do I need to apply the certificate like the other relays or is there something else that I missed?

Hey, y'all,

Our security team apparently never knew you could add external mailboxes to outlook, so we're working on changing that policy.

I seldom get a chance to piss off this many people without consequence, so should be glorious.

Anyway, we;re looking into GPO to block it, but we already have a good amount of people doing this.

Has anyone run into or built a script that maybe scans ost files and looks for the external ost files?

Or have a better way of finding and nuking the ones that are already in the environment?

For some reason, I was convinced the 31st was Thursday. Clearly, it’s been one of those weeks (and its only Monday).

Anyway, my Exchange 2019 hybrid SSL cert expires on 12/31. Just to confirm—it’ll work all day tomorrow, right? I mean, I’ve got tomorrow to fix this, yes?

Once I realized what day it actually was, I figured I could knock this out quickly. But, of course, that’s when I discovered you can’t do it through ECP anymore. Now I’m knee-deep in a struggle, and my eyes are starting to cross.

So, do I have the luxury of tomorrow to tackle this, or should I just keep at it until my eyes completely glaze over?

Hi All,

We are currently having issues with routing emails from on prem to cloud (Hybrid setup). When trying to run a test flow, this is what we get.

https://preview.redd.it/aw5reih3v0ae1.png?width=481&format=png&auto=webp&s=846a94ffb54c801cea2fb7da91257ffec94d56fe

This was setup before I joined the company and they didn't leave much documentation about it.. Outbound emails are working fine as well as internal emails.

Message Tracking log

Anyone has any tips on how to troubleshoot this issue or how I can get more information that points me in the right direction? I'm a bit lost :/

https://preview.redd.it/ge0l1atna1ae1.png?width=1010&format=png&auto=webp&s=14ce30f452a492dc4574f46cbde8b91f335e942b

Thanks,

Hi,

Customer is on Exchange 2016 with a couple of hundred mailboxes. At some point in 2025 they will move to Exchange Online (before Oct deadline).

They want a cloud based archive system that:

Is not Exchange Online. Is cloud based. Can handle mailboxes over 300GB+ (yeah, don't ask). Can search for emails in the archive.

Anyone using anything they recommend that ticks those boxes? If so what please?

At the moment Enterprise Vault Cloud offering is looking promising, and I've used the on prem version many years ago and found it pretty solid. But I'd like to weigh up a couple more options if possible.

(And please don't bother telling me about mailbox sizes, i know. Been banging that drum for ages... I know it's a problem and not what email was designed for, but they don't seem to want to hear it).

Thanks in advance

I've recently taken over email support/admin for a non-profit. They have the free Microsoft 365 service for non-profits, less than 10 licenses.
The main complaint is how the board emails each other and not all emails being consistently received. The board members use personal email accounts. Instead of having to add each individual email address to a message, an organization email address was created for board@. It is configured as a shared mailbox with the option enabled to forward messages received to a DL that contains the external contacts of the board members.

The problem is with Gmail accounts. When a board member with a Gmail account sends an email to board@, the message is received, expanded, and forwarded to other board members, some of whom have a Gmail account. Half of the time the messages don't make it to the Gmail recipients. Looking at message trace, messages sent to Gmail addresses sit as pending for a while and then are ultimately rejected. But not always, sometimes it works as expected.

I think the board@ being configured as shared mailbox with forwarding was done for troubleshooting, able to see that the messages made it to that mailbox but then not the Gmail users.

DKIM, SFP, DMARC are configured properly. I'm out of my area of expertise. Is this a supportable configuration with external senders, and external recipients for a DL? Should this be strictly a DL and not a shared mailbox with the forward enabled? I appreciate any advice. Thank you

We have 2 domains domain1 and domain2 i have no access to domain1 whatsoever full access to domain2.

Domain2 has no mailboxes we don't want costs associated we have 1000 users

I setup mail rules in Exchange Admin Center but hit limit of 300 the rule is to FW anything that goes to domain2 and Fw it to domain1

How can I add more rules to Exchange? Or a simple method of FW emails that hit domain2 to domain1 without extra costs?

As mentioned its not working between my company exo and my own exo tenant. Individual sharing policy created, user added to it, calendar shared via owa even. Email with calendar invitation received accepted, calendar added. However no items visible despite maximum detail level granted. MS support cant help since 6 days now... :( Worth to mention it's the same when I share company calendar to other tenant than mentioned above too.

Hi. What could you suggest for arranging external certificate. I would like to use it as mentioned in the title. Wish to setup mail flow between onprem - exo (eop) - external. Wondering about cheap and satisfactory certificate

Hello everyone,

I'm having trouble figuring out how to download and apply the security updates for Microsoft Exchange. Here's my situation:

1. I frequently visit the MSRC Update Guide to find updates, and while I see them listed there, I can't seem to find a way to download them directly from that site.
2. I tried using the Microsoft Update Catalog, but the files I get there are in .cab format instead of .exe. I don’t know how to use these .cab files effectively for patching my Exchange servers.

Could someone explain where and how I can properly download these updates and what steps I need to take to apply them correctly? Is there a specific resource or method that I might be missing?

I would really appreciate a clear explanation or guidance on this, as maintaining Exchange security is crucial.

Thanks in advance for your help! 😊

I am migrating mailboxes between on-premises Exchange forests using ADMT automated calls in SC Orchestrator 2019.

1. Prepare-MoveRequest
2. Migrate-ADMTUser
3. MoveMailbox
4. Set-Resources

Has anyone already done the automatic redirection of Exchange ActiveSync in the following scenario:

Moving mailboxes between on-premises Exchange organizations.

I know the link below says it is not possible, but I would like to know if anyone has overcome this limitation?

https://learn.microsoft.com/pt-br/exchange/activesync-settings

3 days ago I enabled online archive on a mailbox. I see the archive mailbox and some emails in it but not a lot. I have a MRM policy set to move anything older then 1 year to the online archive. It just seems like I need to “kick off” the move of those old messages. Is there way to do this in outlook or powershell? Or does it just take time?

Hey everyone,

we are currently evaluating Exchange online migration, so I migrated myself towards O365 to test functionalities and every-day-usage within the next weeks as well as usage of Outlook New.

So far everything works kinda fine, only thing I cannot get my head around is Calendar sharing from on-prem Mailboxes.

We have a couple of shared mailboxes, all of them with a primary and 2-3 secondary Calendars. When I am on-prem with "old" Outlook, I can see every calendar of a shared mailbox just fine. As soon as I migrate to O365 and use the New Outlook, only the primary calendar gets mapped automatically and I cannot find a way to add secondary calendars from a shared mailbox. I have researched a bit and tried different stuff (for example Configure Exchange to support delegated mailbox permissions in a hybrid deployment | Microsoft Learn) - we use EX2016 on prem, latest CU.

So what I found now, that it is a limitation "by design":

“This seems to be a know "By Design!" issue and disabling "Turn on shared calendar improvements" seems to fix this..

"Unable to add a shared calendar more than once to the Calendar module

After enabling Shared Calendar Improvements, you are not able to add a shared calendar more than once to the Calendar module. With the MAPI protocol it was possible to add the calendar more than once by adding it to a different calendar group.  

At the time we tested this functionality in Current Channel, attempting to add the same shared calendar twice to a different calendar module, (Add Calendar, From Address Book) or (Add Calendar, Open Shared Calendar), opens the calendar checked in the calendar pane.  This was the behavior if only the primary calendar was open in the Calendar module.

By Design

At the time this item was added it was a design limit and is not currently scheduled to be changed."“

In Outlook New I cannot turn of the shared calendar improvements as there is just no option for it.

Is this actually true or do I miss something?

Thanks a lot in advance :)

We have a customer whose exchange server is sending bounce messages using their internal domain, ie MicrosoftExchange329e71e.....@corp.domain.com instead of @domain.com, and this is causing SPF failures.

The default domain is set as domain.com, how does exchange choose the domain for sending bounces and can it be changed?

Moving into a new domain forest and doing a cross-forest move from Exchange Server 2019 to 2019. I am looking into the Exchange Migration product by CodeTwo. The idea is to get all the data copied over to the new domain for each mailbox then syncing them over until the actual cut-over.

For this purpose, has anyone used the product before? What was your experience or did you use another product?

8am day after Christmas. Not sure if they were still "hopped up on the 'nog", but we had a user accidentally Shift+Delete the entire contents of their Outlook inbox, containing about a year's worth of emails. 😢

We have standard Microsoft 365 for Business, no special backups or anything like that. I have already attempted to recover through the Exchange Online UI (which only shows past 50 emails deleted), and have suggested they look in the "Recover Deleted Items" options in their Outlook.

I've also checked that if I use Defender 365 "Email Explorer" I can selectively download any single emails from the past 30 days as a .eml file. This might help them with the most urgent items.

While I wait for them to reply about the "Recover deleted items" option, any suggestions what you would do in this case?

Hello everyone, I have exchange 2016 server, I wonder if anyone was able to configure otp/2fa/mfa For owa (on-perm server)

I tried privacyidea/keycloak, they dont seems to work without adfs/proxy server

Does anyone was able to enable any IDP solution? An opensource one?

Thanks ahead.

I created a user mailbox in on premises 2016 server and want to migrate to office 365 such that they both are synced.

I created a migration batch from O365 admin center but it keeps getting failed for user mailbox which is not the case for shared mailbox.

Let me know if there is any powershell script to migrate and sync properly. User will join on 1 Jan so I have to do it before that.

My employer recently switched from an on prem Exchange server to Exchange Online. As someone who works almost constantly on the road, the ability to use Outlook 365 without connecting to my corporate VPN is a major efficiency gain. Since switching to EXO, Outlook 365 usually works fine without being on the VPN. But occasionally the UI locks and is nonresponsive until I join the VPN. After a few seconds, I can disconnect and everything is fine again.

So it seems like Outlook is trying to access a VPN resource and won't respond until it can.

Any suggestions for how to track down what causes this behavior? The only two accounts Outlook is synced with are the corporate EXO account as well as my personal Microsoft account. Neither of those should involve any resource on our VPN or on prem. I am only subscribed to one Internet calendar (TripIt) which again has nothing to do with the employer. Where would I look to see what it's trying to access that locks up the interface?

Hello. I've been away from Exchange/MS products for almost 15 years and have forgotten a lot of what works.

My questions are about a friend's organization moving to Exchange Server (either MS hosted or 3rd-party) and how they'd like their email to function.

This organization has 8 employees. There is the main org plus four subsidiaries. All the employees have email accounts (IMAP) for each org meaning they have to manage 40 email accounts between them.

I'm suggesting they move to MS Exchange, start using Outlook and have one primary email account in there Outlook client. Then, use identities to deal with the other email addresses. This way they would only need to have (and pay for!) 8 licenses for their primary email while using aliases and rules to move incoming emails addressed to each subsidiary organization email domain into corresponding inbox folders on their primary account.

This is do-able, correct? Can someone point me to a KB article explaining how best to accomplish this? Thanks!

Looking for a bit of advice in relation to Free/Busy status on Room calendars when running Exchange 2019 in Hybrid. We are using Classic Hybrid which should support Free/Busy status.

Having done some testing, we have the following scenario:

- EXO users can see the Free/Busy status of rooms that reside either on-prem or EXO

- On-Prem users can only see the Free/Busy status of room that reside on-prem. They are unable to view any appointments on EXO meeting rooms.

Is this expected? I've run through a couple of guides to provide the default and anonymous users Free/Busy rights to the EXO mailbox, but they still can't see the status. Guide for reference

Any advice on getting this resolved would be much appreciated.

I want to implement a custom Adreas Book Policy for our users. I created a policy: GAL and OAB are the default, for the room list and adress list I created custom list with specific portion of our accounts.

Now when I apply the policy to a user, they cannot find external users in Teams anymore. We crosschecked: as soon as I remove the policy, the search is working again after a waiting period.

I already tried to create an additional address list containing the external guest accounts. But it looks like this list is not working, maybe because they have no mailbox and have nothing to do with Exchange.

Anyone knows how to solve this? I would really like to be able to create custom policies...

Hello everyone,

My organization is considering the upcoming deprecation of Exchange Server 2019 and is trying to decide on our next steps. We are currently evaluating two options: Exchange Server Subscription Edition (SU) or Microsoft 365. Since we are on the latest version of Exchange 2019 and plan to upgrade to CU15 when it is released, we would be prepared for an in-place upgrade to Exchange SU once it becomes available.

I have limited experience with Office 365. In a previous company, I used 365, but it was a small operation, and we didn't utilize 365 to its full potential. Currently, my organization has around 2,000 mailboxes along with a few shared mailboxes, distribution groups, and mail-enabled security groups. I believe that 365 would be able to handle our needs without any issues. A little over a year ago, we upgraded from Exchange 2016 to 2019 and removed all instances of Public Folders. Our only current cloud service is Microsoft Entral, which we use for identity services. We initially set up to access various cloud applications that we no longer use. Now, we primarily use our Entra tenant for volume licensing.

One significant advantage of our on-premises Exchange setup is that we can control when the email server goes down for upgrades and maintenance. However, I’ve seen several recent news reports about issues with 365 services, and I hear from our partners that they struggle to retrieve emails because Microsoft is experiencing a service disruption. Another benefit I've seen is when our ISP goes down for some reason, we can still send and receive emails internally as our email servers are all on-prem. On the flip side, this also means I sometimes have to come in at odd hours to perform maintenance on our Exchange servers. I see a potential major issue with our email archiving solution, which is currently hosted on-premises. At this time, this archiving solution does not support Microsoft 365 and requires an on-premises Exchange server. I am not sure if there are plans to add support for Exchange SU or 365 in the future.

Being part of a government organization, we tend to prefer solutions that are either free or as cost-effective as possible. Based on my limited experience with 365, I've noticed we could choose between Exchange Online Plan 1 and Plan 2. The primary differences are the size of the mailbox and whether we have DLP capabilities. I would assume we would opt for Plan 2 if we decided on 365. I understand that the prices advertised on the Microsoft website for Exchange Online may differ slightly due to the specific cloud tenant we are using. I am uncertain about the licensing costs for Exchange Server SU; it seems similar to the licensing for SharePoint Server, but I’m not completely sure and have no experience with SharePoint Server licensing.

That's my overview! I would appreciate any insights from others in this community who may be in a similar situation and could share their thoughts on which option might be better and why. Thank you!