I was recently annoyed to learn that there is no tenant wide way to disable POP3 or IMAP in Exchange Online. Luckily PowerShell makes this task quite simple. This article discusses the various commands that are available, but essentially you'll need to connect to Exchange Online via PowerShell and then run:
Get-User
-ResultSize Unlimited | Set-CasMailbox -PopEnabled $false -ImapEnabled $false
Unfortunately you'll have to remember to disable these protocols for every new mailbox that is provisioned. This can also be performed from the ECP in the Mailbox Features.
Showing posts with label exchange. Show all posts
Showing posts with label exchange. Show all posts
Friday, July 7, 2017
Tuesday, May 30, 2017
Hybrid Exchange Writeback Permissions
I recently ran into an issue after configuring Azure Active Directory Connect with hybrid Exchange that certain attributes couldn't be written back to the on-prem directory. This manifests as errors in the sync tool, specifically a "Connected data source error code 8344" and "Insufficient access rights to perform the operation" on the export task. There's plenty of documentation that shows which permissions are required to support writeback of exactly 8 attributes. For some reason it seems that the AAD Connect setup tool does not correctly add these permissions when selecting Hybrid Exchange mode. There's a number of scripts out there, but two that I'll point out are this one from the Technet Gallery which appears to support a number of different configuration scenarios, as well as this one from c7solutions which is quite simple but effective. The c7 post also has a great explanation of why these types of scripts are necessary. The script is so useful that I've also generated an archive of the page here, in case it is ever moved/removed.
After running the script for a couple of minutes most export errors were resolved. The specific issue can also be caused by an AD object with blocked inheritance. This script from the technet gallery can be used to discover which users have inheritance blocked. Once found they can either be fixed, or could be manually targeted for permissions with the aforementioned scripts.
After running the script for a couple of minutes most export errors were resolved. The specific issue can also be caused by an AD object with blocked inheritance. This script from the technet gallery can be used to discover which users have inheritance blocked. Once found they can either be fixed, or could be manually targeted for permissions with the aforementioned scripts.
Friday, May 19, 2017
O365 Migration Endpoint Creation Error
When creating a migration endpoint you may receive the error that "No MRSProxy was found running at 'name.domain.com'" with the name of your email server from autodiscover. If you check the EWS virtual directory you will see that in fact the MRSProxy is enabled. Further, if you check the application event log on the Exchange server you will see Event ID 1309 from Source ASP.NET. This was a very frustrating error as it prevented the creation of migration endpoints on either the Exchange on-prem or online side of the equation. Luckily I came across this thread which explained that it's necessary to recycle the MSExchangeServicesAppPool on the on-prem Exchange server. This was a quick fix with no observable impact to users. After performing this step migration endpoint creation was quick and painless.
Tuesday, November 4, 2014
Sudden mysterious spam increase with Exchange Online Protection
We've been using Exchange Online Protection and it's predecessor Forefront Online Protection for Exchange for about 5 years now. Somehow, suddenly, in the last couple of months we got a drastic increase in the amount of spam being delivered to users' mailboxes. I found, read, and even commented in this thread where other users were seemingly encountering the same issue.
Eventually I, with no support from MS, found the source of my issue though I'm not exactly sure how it came about.
We had always had our default content filter set to move spam and high confidence spam directly to the online quarantine. At some point this changed to what is now (and maybe always was) the default behavior of delivering the spam to the users' junk mail folder as described in this technet article. We did not have the necessary transport rules in place to actually cause the mail to go to junk email so it was just being delivered to the inbox.
I'm not clear if the default behavior changed, or if our rule had been modified and then subsequently reverted to default.
I can say that we signed up to demo Exchange Online so it's possible that reverted during the setup of our temporary "hybrid" demo situation. The timing seems about right but I can't say for certain this is the root cause of the issue.
Eventually I, with no support from MS, found the source of my issue though I'm not exactly sure how it came about.
We had always had our default content filter set to move spam and high confidence spam directly to the online quarantine. At some point this changed to what is now (and maybe always was) the default behavior of delivering the spam to the users' junk mail folder as described in this technet article. We did not have the necessary transport rules in place to actually cause the mail to go to junk email so it was just being delivered to the inbox.
I'm not clear if the default behavior changed, or if our rule had been modified and then subsequently reverted to default.
I can say that we signed up to demo Exchange Online so it's possible that reverted during the setup of our temporary "hybrid" demo situation. The timing seems about right but I can't say for certain this is the root cause of the issue.
Thursday, May 15, 2014
"The operation failed. Cannot directly book a resource for this meeting." Outlook 2007, Exchange 2007
We recently started having some frustrating issues with resource mailboxes on our Exchange server. The issue didn't seem to affect every user, and the exact error message depended on a number of different factors. The most common is the one listed in the title: "The operation failed. Cannot directly book a resource for this meeting.", but we also saw:
'You marked " resource name " as a resource. You cannot schedule a meeting with " resource name " because you do not have the appropriate permissions for that account. Either enter the name as a required or optional attendee or talk to your administrator about giving you permission to schedule " resource name " . '
We tried SO MANY suggestions on this issue before hitting on the magic method in this thread The following steps cleared up this error for all users in all configurations:
It seems paradoxical that un-checking these options would work. Stranger still is that the calendars continue to automatically process requests, etc. after un-checking these options. Oh well, another mystery solved!
'You marked " resource name " as a resource. You cannot schedule a meeting with " resource name " because you do not have the appropriate permissions for that account. Either enter the name as a required or optional attendee or talk to your administrator about giving you permission to schedule " resource name " . '
We tried SO MANY suggestions on this issue before hitting on the magic method in this thread The following steps cleared up this error for all users in all configurations:
- Make sure you have full access permissions on the calendar (done in EMC)
- Create an Outlook profile from the Mail control panel for the resource account
- Open Outlook with the resource profile
- Go to Tools > Options > Calendar Options > Resource Scheduling
- Uncheck all options!
It seems paradoxical that un-checking these options would work. Stranger still is that the calendars continue to automatically process requests, etc. after un-checking these options. Oh well, another mystery solved!
Wednesday, April 4, 2012
Check mailbox size and usage in OWA
We run the Outlook Web Access component of exchange to allow our users webmail access. In OWA it's not immediately apparent how to check the size and usage of the mailbox. My initial google search turned up an forum post from 2004 which states that this isn't possible without a third party product. After browsing several other articles however I discovered that all it takes is to mouseover the mailbox name and a popup will present mailbox size and current usage. This feature is only available in the non-light version i.e. IE only. This page was where I initially found instructions.
Hope that helps!
Subscribe to:
Posts (Atom)