After a migration to Exchange Online Exchange Autodiscover SCP got in the way

There was once a customer who was on Exchange 2013 on-prem for their email needs, at some point they decided (thanks to Microsoft enticing pricing) to go with Office 365 and migrate all of their mailboxes and email needs to the cloud.

After the Exchange servers were put out of the equation, users and new outlook set up started seeing some uninteresting error/warning messages:

Troubleshooting Certificate Mismatch Warnings in Outlook ...

And so, while moving to Office 365, all of the DNS entries (internal and external) for autodiscover had been changed to autodiscover.outlook.com but the old one: autodiscover.contoso.com – in theory, the on-prem exchange server CAS – would still be around and generate the message. So where would this on-prem reference come from?

While on-prem, Exchange would have been configured to add entries to Active Directory and here in the name of a Service Connection Point (SCP) object and as the domain joined machine want to auto-configure Outlook, they would end up finding of that older reference.

Autodiscover functional process

The solution is to remove this from AD! There are multiple ways to prevent Outlook from contacting the local Exchange server first…

Using Exchange Management Shell (EMS)
The preferred way is to use the Exchange Management Shell to clear the entry for the Client Access server from the SCP.

[PS] C:\Windows\system32>Get-ClientAccessServer | fl *uri*
AutoDiscoverServiceInternalUri : https://webmail.contoso.com/autodiscover/autodiscover.xml
AutoDiscoverServiceInternalUri : https://webmail.contoso.com/autodiscover/autodiscover.xml
[PS] C:\Windows\system32>Set-ClientAccessServer -Identity cas-ex1 -AutoDiscoverServiceInternalUri $null
[PS] C:\Windows\system32>Set-ClientAccessServer -Identity cas-ex2 -AutoDiscoverServiceInternalUri $null

ADSIEdit
If the above method can no longer be used a low-level AD editor as EDSIEdit can be used to remove the SCP manually. The full path of the SCP is:

CN=ServerName,CN=Autodiscover,CN=Protocols,CN=ServerName,CN=Servers,CN=Exchange Administrative Group (FGH124FG788IYF),CN=Administrative Groups,CN=OrganizationName,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=DomainName,DC=Suffix

image

This object to remove has the Class type serviceConnectionPoint.

Some useful tools to help out finding out any autodiscover issues:
SARA (microsoft Support And Recovery Assistant): https://diagnostics.office.com
Some reference from technet (yes I still call it technet): https://technet.microsoft.com/en-us/library/bb124251.aspx
More about SCPs:https://msdn.microsoft.com/en-us/library/office/dn467397(v=exchg.150).aspx

Advertisements

#exchange, #office-365, #outlook

Exchange Message Tracking Statistics for Zabbix

I surely missing something but somehow I could not find a way to easily retrieve statistics of Sent and Received messages from Exchange 2013 (SP1 with DAG). I first looked into the performance counters but I could not make sense of all of the MSExchangeTransport – or too lazy to research them up.

typeperf -qx | findstr /ic:MSExchangeTransport

And usually if I am tracking some email flooding or prior to investigating the queues, I go use the get-messagetrackinglog. And so I create a short script to gather the list of the last X minutes of messages, count them, make them available and them to zabbix using zabbix_sender.

So it goes like this:


#import snapin
Add-PSSnapin Microsoft.Exchange.Management.PowerShell.E2010

#list of transport servers
$hts = "EchangeTransport1","EchangeTransport2"
#start one Hour ago from now
$start = (get-date).AddMinutes(-30)
$end = (get-date)
#get all logs
$logs = $hts |% {get-messagetrackinglog -start $start -end $end -server $_ -resultsize unlimited}
#clear stats
$stats = ""| select sent,received
#count Deliver and Send
$logs |% {
if ($_.eventid -eq "Deliver"){[int]$stats.received += 1}
if ($_.eventid -eq "Send"){[int]$stats.sent+= 1}
}
#Display results for debug and info, comment or remove if not needed
$stats | ft -auto > LastCount.log
get-date >> LastCount.log

#cannot run the above using zabbix/system account on exchange
#use zabbix_sender
C:\zabbix\bin\win64\zabbix_sender.exe -z zabbixIP  -s $hts -k Stats.RxMessageCount -o $stats.received
C:\zabbix\bin\win64\zabbix_sender.exe -z zabbixIP -s $hts -k Stats.TxMessageCount -o $stats.sent

It is short and easy but that there some things to do in Zabbix and it can store the sent values, as per above Stats.RxMessageCount and Stats.TxMessageCount.

I went into Zabbix>Configuration>Templates to edit the template I had created to keep all of the Exchange things I monitor. Select the item screen and clicked that “Create Item” button.

msg1

Then the most important is the Type which must be Zabbix Trapper, the rest is up to you.I also chosen a “Unit” and created a new application “Exchange 2013 Statistics”.

msg2

Once the item is create, do the same for the other value. Altogether you’ll end up with 2 new items under the template.

Provided this template is assigned to your exchange host you are running the above script from, the values will be fed to Zabbix accordingly.

I actually set up a scheduled task that matches the timing and now I have some trending of the Sent and Received messages as per the Message Tracking Logs – Yeah it includes the HealthMonitor traffic, I know.

Additionally and once you have a baseline, you can also create a trigger based on the value received.

#exchange, #message, #messagetracking, #monitoring, #powershell, #send, #zabbix

Viewing queues in Exchange 2013 with powershell

Now that Microsoft have changed all the GUI management I struggled to locate the queue viewer. As it turns out it is NOT part of the Exchange admin center (https://localhost/ecp). This tool is part of the Exchange Toolbox, you will find with your management package for Exchange and the queue viewer works like before.

But obviously one would prefer powershell to do so, right!

Get-Queue and Get-QueueDigest will be you friends. You would need to know your DAG prior to that…

>Get-DatabaseAvailabilityGroup

Name             Member Servers                                      Operational Servers
----             --------------                                      -------------------
MY-DAG1         {MY-TOR-EX2, MY-TOR-EX1}

>Get-QueueDigest -Dag MY-dag1

GroupByValue                      MessageCount DeferredMess LockedMessag StaleMessage Details
ageCount     eCount       Count
------------                      ------------ ------------ ------------ ------------ -------
[10.77.77.12]                     227          0            0            0            {MY-TOR-EX2\66427, MY-TOR-EX...
Submission                        1            1            0            0            {MY-TOR-EX2\Submission}

#dag, #exchange, #queue

Import PST to mailboxes – Exchange 2013

For this recipe you will need:

  • a pst archive file stored on a UNC accessible location
    New-ManagementRoleAssignment –Role "Mailbox Import Export" –User Administrator
  • be granted the “mailbox import export” management role

when all this is gather, the import is pretty simple.

To import the pst file into a specific mailbox do:

[PS] C:\>New-MailboxImportRequest -FilePath \\SERVER\share$someone.pst -Mailbox someone

you can also import a pst to someone else mailbox into a specific folder:

[PS] C:\>New-MailboxImportRequest -FilePath \\SERVER\share$someone.pst -Mailbox someoneelse -TargetRootFolder "ImportedMailbox from someones PST" 

Once submitted you can follow the request status with this command:

[PS] C:\>Get-MailboxImportRequest -Mailbox someone| Get-MailboxImportRequestStatistics

Name                                   StatusDetail              TargetAlias                           PercentComplete
----                                   ------------              -----------                           ---------------
MailboxImport                          CopyingMessages           someone            92

Removing any switch to the get-mailboximportrequest will show status for all requests.

Shall it fail and you need further information, you shall use the following to examin the reason and pipe it to a file for something more legible:

[PS] C:\>Get-MailboxImportRequest -Mailbox someone | Get-MailboxImportRequestStatistics -IncludeReport | select message

Message

-------

Error: This mailbox exceeded the maximum number of corrupt or missing items that were specified for this request.

Lastly, you can clean up the requests using this one. Feel free to filter by status as needed:

[PS] C:\>Get-MailboxImportRequest | where {$_.status -eq "Completed"} | Remove-MailboxImportRequest

#2013, #exchange, #import, #powershell, #pst