My Top 5 Exchange Experts to Follow and 2 I Wish I Could

In the spirit of making meaningless lists , I thought I would put together my own compilation. These are in no particular order or rank.

Five to Follow

  1. Paul Cunningham: Paul is my go-to, how-to guy. His blog posts are informative, easy to read and hit the mark. He is the only Australian I know. That counts for something.
  2. Tony Redmond: No explanation needed here. I have followed Tony since my 5.5 days, and believe me, it makes him nervous. I was there when he announced that he had passed the “Clap” to the Exchange Product Group. I think I should get a t-shirt for that.
  3. Andrew S Higginbotham: I love his blog posts. A lot of common-sense fixes for those annoying issues we all run into. He’s younger than me and that pisses me off.
  4. Jeff Guillet: Jeff has the uncanny ability to always have a blog post ready just when its needed. And don’t forget to read his ADFS stuff as well! You will typically find Jeff at Ignite sessions propped up against a wall near the front.
  5. Paul Robichaux: Probably the best dressed MVP. I love listening to Paul talk. He has a very reassuring  manner and tone. We all know how good he is, no explanation needed for his inclusion here either.

Two I Wish I Could Follow

  1. Ed Crowley: Ed has been doing this stuff a long time so I’m sure he has no desire to be followed by anyone. I would never physically follow him however, that will only lead to some bus that takes 5 hours to get to the conference just to save a few bucks.
  2. Rich Matheisen: The original Exchange NewsGroup King, Rich has retired from both work and MVP-dom. I learned more about the SMTP RFCs from him than I can ever thank him for. Enjoy your retirement, Richard.


I left a lot of people off this list of course, including myself. 😛

It’s safe to say that all the Exchange MVPs I know and love are worth following and listening to, well, except a few. That list is only viewable at Joey’s in Bellevue, WA.



Sanity Checking Lagged Copies – To SIR* With Love

I seem to recall a presenter posing a question about lagged copies at a recent MEC conference, or maybe it was last year at Ignite. Anyway, the speaker asked for a show of hands if one was using Exchange lagged copies in their org and the number was, well… you could count them on your hands. Hopefully that has increased since then. Personally I don’t see why you wouldn’t use lagged copies if you are going to go the HA route. I’ll concede that a nice wizard to activate the lagged copy would be optimal, but nonetheless with documentation and defined procedures, an experienced admin can get over any fear they may have going backup-less. (Is that a word?)

If you decide to use lagged copies, there are already a number of good tutorials out there. I like my friend Paul’s easy to read article:

Once you are setup, you will hopefully never need to look at them again, but if you aren’t so lucky and experience any sort of event that requires a lagged copy activation or log replay either through admin intervention or by Exchange itself ** – or you just want to periodically ensure things are level-set things, here some things to check post-outage/problem/log play-down/just because:


1. Get-MailboxDatabase * | ? {$_.CircularLoggingEnabled -eq $false}

Should return no results. I assume you are lagging for a reason right? Hopefully To get rid of backups. No backups, no log truncation. So you need to enable circular logging.


2. Get-MailboxDatabaseCopyStatus * | ? {$_.ActivationPreference -eq “4”} | select Name, Status, *queuelength*, LastInspectedLogTime, ContentIndexState, ReplayLagStatus,ActivationSuspended,ActionInitiator,ActiveCopy | OGV

Output this to a sortable grid view for a quick and easy check. Note: _.ActivationPreference -eq “4”. The assumption here is that you are running 4 copies. 3 HA, 1 lagged. If not, check based upon whatever activation level your lagged copies are set to.

You should see something like the image below. It nice and sortable and allows for quick verification.



What to look for:

Status: Healthy

CopyQueueLength: 0 or close to it

ReplayQueueLength: above 0. Remember, you are checking just the lagged copies here, so each should have a replay queue length.

ContentIndexState: Healthy

ReplayLagStatus: Enabled:True; PlayDownReason:None; Percentage:100; Configured:8.00:00:00 (Actual: Equal or above the Configured – in this example, lag relay is set to 8 days). If you see a copy with a PlayDown reason, it’s time to investigate.

ActivationSuspended: True (assuming you have blocked automatic activation on the lagged copies)

ActionInitiator: Administrator (assuming you have blocked automatic activation on the lagged copies)

ActiveCopy: False.

If any copies are not set correctly to your desired settings. Correct them!



Set lagged replay on 4th Preference DB to 7 days: Set-MailboxDatabaseCopy <DB>\<Server> -ActivationPreference 4 -ReplayLagTime  7.0:0:0

Disable Automatic activation for lagged database copy: Get-MailboxDatabaseCopyStatus <DB>\<Server> | Suspend-MailboxDatabaseCopy -ActivationOnly

Enable Circular Logging on the Database: Set-MailboxDatabase <DB> -CircularLoggingEnabled $true


* SIR= Single Item Retention. Recommended that you enable this for all mailboxes in a lagged environment running w/o backups. Belts and Suspenders.

** The Replay Lag Manager should be enabled in your environment. Be aware that under certain conditions, Exchange may automatically play down the lagged copies.




SSL 3.0 enabled after an Exchange update – Fixed in 2013 CU13

If you have been vigilant, you disabled SSL 3.0 a long time ago on your servers. You may be surprised to find it enabled again after you apply an Exchange Update.

NOTE: This appears to be fixed in CU13 for Exchange 2013. You should still verify after applying any CU however!

From the CU13 setup log:


New-Item -path $keyPathRoot”\SSL 3.0″ -ItemType key -Name “Server” -Force;
Set-ItemProperty -path $keyPath -name “Enabled” -value 0x0 -Type DWORD -Force;




Now, back to the original issue:

A little history: SSL 3.0 has some well-documented security issues and with a reg tweak and reboot, it’s no longer advertised. You can easily test this with my favorite “sanity-check” site:



Enter the server name and click “Check for common vulnerabilities”.

Hopefully it shows green:



Until you apply an Exchange update. So on goes 2013 CU12 for example, and like all good admins you check the certificate one more time against



Well, luckily it’s easy enough to fix of course. Reapply that registry setting and reboot.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server]


Whew. So, what’s going on here? Well, take a look at the ExchangeSetup.log file under the ExchangeSetupLogs directory at the root of the system drive:


04/26/2016 17:27:46.0177] [1] Executing:
$keyPathRoot = “HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols”;
$keyPath = $keyPathRoot + “\SSL 2.0\Server”;
if (!(Test-Path $keyPath))
New-Item -path $keyPathRoot”\SSL 2.0″ -ItemType key -Name “Server” -Force;
Set-ItemProperty -path $keyPath -name “Enabled” -value 0x0 -Type DWORD -Force;

$keyPath = $keyPathRoot + “\SSL 3.0\Server”;
if (!(Test-Path $keyPath))
New-Item -path $keyPathRoot”\SSL 3.0″ -ItemType key -Name “Server” -Force;
Set-ItemProperty -path $keyPath -name “Enabled” -value 0x1 -Type DWORD -Force;

As you can see, Exchange Setup happily sets that key and enables SSL 3.0.

Just something to put on your post upgrade checklist!


Error when accessing a resource mailbox: “The value ” is already present in the collection”

When accessing a resource mailbox in Exchange 2013 EAC, you may encounter an error that you prevents you from viewing or editing the room mailbox properties:



Powershell is no good either!


Get-CalendarProcessing <Room>
WARNING: An unexpected error has occurred and a Watson dump is being generated: The value ” is already present in the
The value ” is already present in the collection.
    + CategoryInfo          : NotSpecified: (:) [Get-CalendarProcessing], InvalidOperationException
    + FullyQualifiedErrorId : System.InvalidOperationException,Microsoft.Exchange.Management.StoreTasks.GetCalendarProcessing


Cause: Typically this is because there is a disabled mailbox listed in the RequestInPolicy or BookInPolicy attributes for the room.

Solution: Run the following in Exchange Powershell to clear the values. Example:  Set-CalendarProcessing <Room> -BookInPolicy $null  

Once done, you should be able to access the room via Powershell or EAC and re-add any required requesters to the room policy. Alternatively, if you have Exchange 2010 still around, you can simply remove the disabled mailbox via the 2010 EMC.


You are unable to choose the OU in EAC when creating a new Mailbox or Groups…

If you have more than 500 Organization Units in your AD forest, you…you will, run into this issue in the Exchange 2013 EAC when creating a new mailbox or group and want to create the object in a different OU other than the default “Users” container.

Upon accessing the OU Dialog box:



You will see this lovely message:


Unfortunately, this is a known issue. There is no fix yet.

I would recommend you simply create the mailboxes and groups in Powershell if you want to specify the OU.

The work-around for EAC:

  •  Edit the web.config file on the MAILBOX server under

     \\Program Files \ Microsoft \ Exchange Server \ V15 \ ClientAccess \ ecp \

    add the following under the appsettings section of the file.

    <add key=”GetListDefaultResultSize” value=”<number more than OUs in your forest” />

Recycle ECP app pool.

Note that you will need to do this after each Cumulative Update.


P.S. If you do not know how many OUs your forest has:

Get-OrganizationalUnit -ResultSize unlimited | Measure-Object

How to create an Outlook Profile for a Hidden Mailbox

Suppose you wanted to create an Outlook profile for a hidden mailbox and, for whatever reason, you do not want to unhide it from the Address Book just long enough to create it. All hope is not lost! ( Unless you are using Outlook 2016). You can do it using the LegacyExchangeDN.

1. Use adsiedit or your favorite LDP viewer/query tool and copy the LegacyExchangeDN of the hidden mailbox. ( I still prefer adfind to this day).

The LegacyExchangeDN value is a property of the user’s object in AD and will be in the form of:  /o=Contoso/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=UserA

2. Create the Outlook profile. It will fail and you will be at the dialog box that shows server name and the users’ mailbox.


3. Remove the “=SMTP:”  value of the  “Mailbox:” and paste the LegacyExchangeDN value you copied from Step1.


4. Hit Check Name and it should resolve and allow you to create the profile and access the mailbox.


This is with Exchange/Outlook 2013. This does not work with Outlook 2016 from what I have seen:




On-Premises Mailbox Missing Retention Policy Tags after enabling Archive in Office 365

Consider the following scenario:

You have an on-prem mailbox, but decide to move your online archives to Office 365 to take advantage of the “Unlimited” storage. No problem. That works great for existing mailboxes, but when creating new archives in the cloud, you discover that the policy retention tags are not surfaced to the end-user in Outlook and the ability to archive to a pst remains.


You have a few options:

Run: Start-ManagedFolderAssistant <user>

If that doesn’t work, move the online back on-premises and run Start-ManagedFolderAssistant.  Alternatively, if the archive is unused, disable it, re-enable on-prem  ( and run Start-ManagedFolderAssistant to speed things up). Once the policy tags appear, move it back to Office 365.

P.S. Ensure you have imported all the on-premises tags to Office 365 per the link below. Otherwise the automatic archiving will not work!






Outlook Error: Remote Server returned ‘554 5.6.0 STOREDRV.Submit.Exception ! – FIXED

UPDATE: It appears that this is fixed in Exchange 2013 CU13:


Full NDR:

Remote Server returned ‘554 5.6.0 STOREDRV.Submit.Exception:TextConvertersException; Failed to process message due to a permanent exception with message data truncated TextConvertersException: data truncated’

This is not a common problem, but crops up occasionally.

If you see this message bounce back when responding to a meeting invitation, try the following:

  1. Set your Outlook profile to cache mode/ Create a new Outlook profile.
  2. Disable any 3rd party add-ins and/or anti-virus.

From what I have seen, switching to cache mode always fixes this.

<Rant>Cache mode is actually the default and preferred mode. Online mode is only recommended in certain scenarios such as a kiosk or regulated environment that forbids a local cached copy of the mailbox. There is no real advantage to online mode. </End Rant>

As to why this happens? Hard to say, but while you are at it, make sure you are running the latest Outlook build. Or use OWA? 🙂


On-Premises mail-enabled Modern Public Folders are not visible in the GAL from Office 365 Mailboxes

Just a reminder. If you are in hybrid mode and using public folders on-premises, the mail-enabled PFs will *not* be visible via the Outlook Address Book for 365 mailboxes – even if they are not hidden from the GAL. All you will see is:


This also means the display name will not be resolvable when creating or receiving a message from the folder.

One work-around is described here under the section “Configure Directory Synchronization” that allows you to create mail-enabled contacts in 365 that represent the PFs.

In the meantime, you will have to wait for one of two solutions:

  1. True mail-enabled PF synchronization.
  2. Supported Modern Public Folder Migration to Office 365. ( Yea, that’s right  – The migration of 2013/2016 Public Folders to Office 365 is not supported right now.