Exchange 2013 POP3 service drops connections fix

At my current client they are using POP3 and we are in the process of setting up Exchange 2013 servers to act as hybrid servers for their Office 365 migration.

So after setting up the servers I tested all protocols, then a day or so later I noticed that POP3 was showing down on the Kemp NLB. When I did TELNET test to port 110, from a remote machine, using the FQDN or IP the connection was dropped after a few moments, without returning any text.

I then tried from the Exchange server [2013 CU5, multi-role, 2 NICs (iSCSI and Pubic), POP bindings] itself and had the same results. I then tried and localhost with TELNET and those worked. So the service was working, but not as expected.

I tried rebooting and resetting several settings on the PopSettings and searching for this issue on-line, but came up empty. So finally went to the TechNet Exchange Server 2013 – Outlook, OWA, POP, and IMAP Clients forum and searched on “pop connection” and found this post: POP works via localhost but not from other networked machines, which included the “fix.”

The issue was that the “State” of the PopProxy component was set to Inactive:

[PS] D:\>Get-ServerComponentstate -Identity SRVDENEX01

Server Component State
—— ——— —– ServerWideOffline Active HubTransport Active FrontendTransport Active Monitoring Active RecoveryActionsEnabled Active AutoDiscoverProxy Active ActiveSyncProxy Active EcpProxy Active EwsProxy Active ImapProxy Active OabProxy Active OwaProxy Active PopProxy Inactive PushNotificationsProxy Active RpsProxy Active RwsProxy Active RpcProxy Active UMCallRouter Active XropProxy Active HttpProxyAvailabilityGroup Active ForwardSyncDaemon Active ProvisioningRps Active MapiProxy Active EdgeTransport Active HighAvailability Active SharedCache Active

A quick call to Set-ServerComponentState to mark this component Active fixed the issue:

Set-ServerComponentState -Identity SRVDENEX01 -Component PopProxy -Requester HealthAPI -State Active

After doing this POP started responding as expected, using any valid hostname or IP address.

Like the user who posted to TechNet, I would also like to know why the health check failed and marked the PopProxy as inactive. I will research this further and if I find anything I will update this post.

Posted in Exchange, Microsoft, Technical | Tagged | Leave a comment

Script: Set-UPN-O365.ps1 – Sets UPNs on-premises and in Office 365

I’m working with a client who is migrating to Office 365 and we ran into the issue where users’ UPNs do not match their primary SMTP address, nor was it included as an SMTP address on their mailboxes.  In older, and maybe some current versions, of Android & iPhone devices if the user’s UPN didn’t match their primary SMTP address Autodiscover would fail. The user would then be prompted to put in the server name and login info.

With Office 365 the users must login with their UPN (be default), so its extra important that their UPN is their e-mail address. For my current client this was the issue we had to solve before we migrated to O365, once we migrate the users would need to login with their UPN. But their UPN was <samaccountname> and their Email Address Policy (EAP) in Exchange did not include this. Therefore, it would be confusing to users to tell them to login with their current UPN. In addition, since DirSync was setup months ago their UPN was already set in Office 365. With DirSync setup and a Hybrid configuration UPN updates made on-premises are not replicated to Azure AD (Office 365 AD). So I created the script below to take the PrimarySMTPAddress of a mailbox and set it as the UPN on-premises and in the cloud. I also worked my client to start using a create user script, like the one I posted here:

  • This script was recently created, and with all of my scripts posted to my the blog code may not be updated, but they are updated on on my scripts website (
  • If you find bugs or have questions comment below

Usage: ./Set-UPN-O365.ps1 <filter> [<SearchBase>]

  • Where <Filter>, required, can be any filter supported by the Get-AdUser cmdlet, see this article for examples.
  • Where [<SearchBase>], optional, can be the path to an OU to limit the results of the search
  • Example: ./Set-UPN-O365.ps1 * -SearchBase “OU=US,DC=Company,DC=Com”
    • This would return all users under the US OU

 Required Changes

  1. Install MS Online Services Sign-In Assistant ->
  2. Install Windows Azure PowerShell  ->
  3. $LocalDomain = “COMPANY”
    • Used to display the domain being updated
    • I might eliminate this in a future version by getting this attribute from the AD
  4. $UPNSuffix = “”
    • Used to fill in the default login to O365
  5. $MakeChanges = $False
    • If set to the default of $False changes will only be logged to the screen and Set-UPN-O365.log file
  6. $UpdateO365 = $True
    • If set to $False changes will not be made to Office 365, just logged. $MakeChanges must also be set to $True for changes to be made to O365.

# For more details see
# This script will set the on-premises UPN and Office 365 UPN value for a user
# to their PrimarySMTPAddress. DirSync/Azsure AD Sync will not sync UPN changes
# from on-premises to Office 365. So this script connects to O365 to make the 
# change directly.
# Created 7/11/2014 | Last Updated 8/13/2014
# Source:
# Usage: ./Set-UPN-O365.ps1 <SamAccountName>
# Where: <SamAccountName> is the user you wish to update
	[Parameter(Mandatory = $true)]

$LocalDomain = "COMPANY"
$UPNSuffix = ""

# Requires MS Online Services Sign-In Assistant ->
# Requires above, Windows Azure PowerShell required to update Office 365 ->
# For Filter examples see:

$MakeChanges = $False
$UpdateO365 = $True
$LogFile = "Set-UPN-O365.log"

If (!$MakeChanges) {Write-Host "MakeChange is set to False, changes will not be saved" -ForegroundColor Yellow}
If (!$UpdateO365) {Write-Host "UpdateO365 is set to False, changes will not be saved to Office 365" -ForegroundColor Yellow}

Import-module ActiveDirectory
If ($UpdateO365) {
	Import-Module MSOnline
	If (!$Global:O365Credentials) {
		write-output "Enter credentials for an org admin account in Office 365."
		$Global:O365Credentials = $host.ui.PromptForCredential("Need Office 365 credentials", "Please enter your user name and password.", "$env:username@$UPNSuffix", "UPN")}
	connect-msolservice -credential $Global:O365Credentials

If (!$SearchBase) {$SearchBase = $(Get-ADDomain).DistinguishedName}

Write-Host "Getting users under [$SearchBase] with a Filter of [$Filter]`n" -ForegroundColor Green
$Users = Get-ADUser -SearchScope Subtree -SearchBase "$SearchBase" -Filter $Filter  -Properties mail

"Local account: $env:username | Office 365 Account: $($Global:O365Credentials.UserName) | Started: $(Get-Date -f "MM/dd/yyyy HH:mm:ss")" | Out-File -Append $LogFile

$Users | ForEach {
	$ADUser = $_
	If ($($ADUser.Mail)) {
		$PrimarySmtpAddress = $ADUser.Mail
		$SamAccountName = $ADUser.SamAccountName
		$CurrentUPN = $ADUser.UserPrincipalName
		Write-Host "Updating: $LocalDomain\$SamAccountName" -ForegroundColor Cyan
		"$SamAccountName, $PrimarySmtpAddress, $CurrentUPN" | Out-File $LogFile -Append
		If ($MakeChanges) {
			If ($ADUser.UserPrincipalName -ne $PrimarySmtpAddress) {
				Write-Host "`t Local UPN: $CurrentUPN | New UPN: $PrimarySmtpAddress"
				Set-ADUser $ADUser.DistinguishedName -UserPrincipalName $PrimarySmtpAddress
			Else {Write-Host "`tLocal UPN already matches"  -ForegroundColor Green}
			If ($UpdateO365) {
				$O365User = $Null
				Try {$O365User = Get-MsolUser -UserPrincipalName $CurrentUPN }
				Catch {
					If ($_.Exception.Message -notlike "*User Not Found*") {
						Write-Host "User with UPN of [$CurrentUPN] was not found and will not be updated." -ForegroundColor Red
				If ($O365User) {
					If ($O365User.UserPrincipalName -ne $PrimarySmtpAddress) {
						Write-Host "`tOffice 365 UPN: $CurrentUPN | New UPN: $PrimarySmtpAddress"
						Set-MsolUserPrincipalName -UserPrincipalName $CurrentUPN -NewUserPrincipalName $PrimarySmtpAddress
					Else {Write-Host "`tOffice 365 UPN already matches"  -ForegroundColor Green}
		} # IF $MakeChanges
	} # IF Mail
} #ForEach

Posted in Exchange, Microsoft, Script, Technical | Tagged , , | 1 Comment

Windows Update KB2881011 breaks Outlook 2013 access to archived mailboxes

8/21/14 Update: Microsoft released KB2889859 which fixed this issue for Outlook 2013. Click-to-run has also been updated to 15.0.4641.1003.

8/14/14 Update: KB2881011 has been pulled, but the Click-to-run (Office 365 version of Outlook) update has NOT been pulled and is still affected as of 8/14.


An issue has been discovered in the August 12, 2014, update for Microsoft Outlook 2013 that prevents some users from opening archive folders. We have removed this update from availability until we have a fix. In the interim, you can restore access to archived folders by uninstalling this update. We will add a download link to this article for the new update as soon as it is available.

Original post: (With updates being made as needed)
This update causes Outlook 2013 to fail to open archive mailboxes on Exchange, maybe only on Exchange 2013 CU5 but probably on SP1/CU4 too I would suspect.

When a user, with this update, tries to access their archive mailbox they will get the following error:

The set of folders cannot be opened. Microsoft Exchange is not available. Either there are network problems or the Exchange server is down for maintenance. 

This update KB2881011 was just released via Windows Update on 8/12/2014, it updates Outlook to 15.0.4641.1001. The issue also occurs in the latest Office 365 Click-to-run version 15.0.4641.1002. After removing this update access will work again.

This is another example of why you should test patches and deploy them to a pilot set of users, using something like WSUS, before deploying them to all users. Want another example, MS14-045 aka KB2984615 can cause BSOD per this article:

Confirmed Affected

  • Outlook x64 w/ KB28810011 (15.0.4641.1001) w/ mailboxes on Exchange 2013 SP1 CU5
  • Outlook x64 w/ KB28810011 (15.0.4641.1001) w/ mailboxes on Exchange Online (Office 365)
  • Outlook x64 Click-to-run version 15.0.4641.1002 w/ mailboxes on Exchange 2013 SP1 CU5
  • In both case Outlook was connected via Outlook Anywhere (RPC/MAPI over HTTPS), not via MAPI over HTTP.

Confirmed NOT affected

  • Outlook x64 Click-to-run version 15.0.4641.1002 w/ mailboxes on Exchange 2010 SP3 UR6
  • Outlook x86 (32-bit) w/ mailboxes on Exchange Online (Office 365)
    • This indicates it might just be an issue with the x64 version of the update

More details on Tony Redmond’s post here:

This issue 1st was posted on the Exchange 2013 Facebook group I manage here: and in the TechNet forums by Jim Collins.

  • Note: The Facebook group should NOT be used for support, it is an information sharing group. Normally all support questions are referred to TechNet then deleted from the group.
Posted in Exchange, Technical | Tagged , | 6 Comments

Exchange 2013 OWA -> 2010 : “something went wrong” issue

Ran into this issue after setting up and configuring two new Exchange 2013 CU5 servers when 2010 SP3 RU6 based mailbox users attempting to login into OWA via Exchange 20130 OWA.

This is probably one of the most useless messages in Exchange, yeah there were many bad ones in earlier versions I know, but really disappointed Microsoft couldn’t provide a bit more troubleshooting information than this partial sentence.  Nothing in event or IIS logs, which I found at least either.

Here’s the whole message you get in OWA 2013 when you run into the problem I did:

EX2013-OWA Error

Users, only test users at this phase of the deployment luckily, who are on Exchange 2010 would get this error when they went to the testing URL ( for Exchange 2013 OWA access.  After they logged into they would get this error, but the browser would continue to act like it was loading the page.

IIS logs on 2013 didn’t contain any errors:
2014-08-12 18:14:59 POST /owa/auth.owa &CorrelationID=<empty>;&cafeReqId=<cut>; 443 zEX20.Test@ Mozilla/5.0+(compatible;+MSIE+10.0;+Windows+NT+6.2;+WOW64;+Trident/6.0) 302 0 0 343

Nor did the HttpProxy logs:
2014-08-12T19:14:37.044Z,e4ab9b1b-9483-4f82-9d0b-e91f2e7b1ecf,15,0,913,7,,Owa,,/owa/auth.owa,,FBA,True,COMPANY\ex20test,,Sid~S-1-5-21-<cut>,Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; rv:11.0) like Gecko,,DCOCEXC220,302,,,POST,,,,,WindowsIdentity,,DCOCEXC020,388,164,,,,72,1003,,0,229;,229,90;48;9;,147,376,,0,1109.4356,4,,,,,,,,,28,1032,0,,1036,,1108,1108,,,BeginRequest=2014-08-12T19:14:35.935Z;CorrelationID=<empty>;ProxyState-Run=None;ServerLocatorCall=c03fc9f8-0322-4166-ba65-e51ddbaa4c24;DownLevelTargetHash=0/0/2;;ResolveCasLatency=31;ProxyState-Complete=CalculateBackEnd;EndRequest=2014-08-12T19:14:37.044Z;I32:ADS.C[DCOCADC007N]=1;F:ADS.AL[DCOCADC007N]=0.9467;I32:ATE.C[]=9;F:ATE.AL[]=1.666667;I32:ATE.C[]=1;F:ATE.AL[]=93;I32:ADS.C[DCOCADC006N]=7;F:ADS.AL[DCOCADC006N]=3.064757;I32:ADR.C[DCOCADC006N]=3;F:ADR.AL[DCOCADC006N]=1.140667,

After trying many things, links to a couple at the end, I got it working after enabling Windows Authentication in IIS on the OWA & ECP virtual directories on the Exchange 2010 CAS servers.  I should have checked that 1st! After making this change you will also need to recycle the MSExchangeOWAAppPool & MSExchangeECPAppPool Application Pools to make it take effect immediately.

This left Basic & Windows Authentication enabled on the OWA & ECP VDs on 2010 in IIS and just basic on Exchange 2013.

Output from Get-OWA\ECPVirtualDirectory after fixing the issue:

Get-OwaVirtualDirectory | fl name, server, *auth*

Name                          : owa (Default Web Site)
Server                        : DCOCEXC011 (2010 server)
ClientAuthCleanupLevel        : High
InternalAuthenticationMethods : {Basic, Fba}
BasicAuthentication           : True
WindowsAuthentication         : True
DigestAuthentication          : False
FormsAuthentication           : True
LiveIdAuthentication          : False
ExternalAuthenticationMethods : {Fba}

Name                          : owa (Default Web Site)
Server                        : DCOCEXC220 (2013 server)
ClientAuthCleanupLevel        : High
InternalAuthenticationMethods : {Basic, Fba}
BasicAuthentication           : True
WindowsAuthentication         : False
DigestAuthentication          : False
FormsAuthentication           : True
LiveIdAuthentication          : False
AdfsAuthentication            : False
OAuthAuthentication           : False
ExternalAuthenticationMethods : {Fba}

Get-EcpVirtualDirectory | fl name, server, *auth*

Name                          : ecp (Default Web Site)
Server                        : DCOCEXC011 (2010 server)
InternalAuthenticationMethods : {Basic, Fba}
BasicAuthentication           : True
WindowsAuthentication         : True
DigestAuthentication          : False
FormsAuthentication           : True
LiveIdAuthentication          : False
ExternalAuthenticationMethods : {Fba}

Name                          : ecp (Default Web Site)
Server                        : DCOCEXC220 (2013 server)
InternalAuthenticationMethods : {Basic, Fba}
BasicAuthentication           : True
WindowsAuthentication         : False
DigestAuthentication          : False
FormsAuthentication           : True
LiveIdAuthentication          : False
AdfsAuthentication            : False
OAuthAuthentication           : False
ExternalAuthenticationMethods : {Fba}

Related issues, but not the solution for my issue:

Posted in Exchange, Technical | Tagged | 3 Comments

How to edit your contact info in OWA

I’ve had a couple of users, in the environment I host for friends & family, ask me how to change their contact info in the GAL. After doing some searching I was unable to find a good article on this topic, which surprised me. I’m sure after posting this I will get comments to ones I didn’t find, but in searching on “edit contact info in owa exchange” and several other variants of this I didn’t find a blog post or article on this, at least on the first two pages of hits.

By default in Exchange 2010 and higher users have the ability to edit their contact. This can be disabled, I did find a good article by Michel de Rooij on this topic:

The easiest solution is to tell users to goto and once they login to OWA they will be taken to the edit contact info page in Exchange 2010 or 2013.

To get to this page from OWA and its menus is pretty easy, if you don’t know where to look. Of course if you know the URL, which I didn’t since I rarely use OWA, or don’t do end user support, you could setup a URL to redirect to the correct URL.

For Exchange 2010

1)      Login into OWA
2)      In the upper right, under your name, choose Options\See All Options…EX12-See-All

3)      Then click Edit to the lower right of the “Account Information…” area, which will show your name, e-mail, contact numbers
4)      Click Contact Location to change your address
5)      Then click Save

For Exchange 2013

1)      In OWA, in the upper right hand corner click the little gear and choose Options
2)      On the options\account page in the middle at the bottom click Edit information

Posted in Exchange, Technical | Tagged | Leave a comment

Exchange 2010 SP3 UR6 and 2013 CU5 released

Here’s a quick summary of fixed and known issues.

Last updated 8/14/2014

Exchange 2010 SP3 UR6 – Download | KB2936871 Info
Exchange 2013 CU5 – EHLO Blog Post | Download | KB2936880 (CU5 includes SP1 updates)

Blog post about 2013 CU5 I recommend reading:

Exchange 2013 SP1 CU5 Known\Found issues

  • 8/15/14: Possible issue with ECP not working when Exchange is not installed in the default path
    • This is from one of my MVP peers: If you don’t install the updates, like IUs, that come as a .MSP files some files will not be updated correctly. This can lead to issues things like ECP
      • Example: The web.config file used by ECP is not updated correctly.
    • Workaround: Install the updates from a admin command prompt

Exchange 2010 SP3 UR6 fixes (from

  • 2960652 Organizer name and meeting status field can be changed by EAS clients in an Exchange Server 2010 environment
  • 2957762 “A folder with same name already exists” error when you rename an Outlook folder in an Exchange Server 2010 environment
  • 2952799 Event ID 2084 occurs and Exchange server loses connection to the domain controllers in an Exchange Server 2010 environment
  • 2934091 Event ID 1000 and 7031 when users cannot connect to mailboxes in an Exchange Server 2010 environment
  • 2932402 Cannot move a mailbox after you install Exchange Server 2010 SP3 RU3 (KB2891587)
  • 2931842 EWS cannot identify the attachment in an Exchange Server 2010 environment
  • 2928703 Retention policy is applied unexpectedly to a folder when Outlook rule moves a copy in Exchange Server 2010
  • 2927265 Get-Message cmdlet does not respect the defined write scope in Exchange Server 2010
  • 2925273 Folder views are not updated when you arrange by categories in Outlook after you apply Exchange Server 2010 Service Pack 3 Update Rollup 3 or Update Rollup 4
  • 2924592 Exchange RPC Client Access service freezes when you open an attached file in Outlook Online mode in Exchange Server 2010
  • 2923865 Cannot connect to Exchange Server 2010 when the RPC Client Access service crashes

Exchange 2013 CU5 fixes (from

  • 2963590 Message routing latency if IPv6 is enabled in Exchange Server 2013
  • 2963566 Outlook Web App accessibility improvement for UI appearance in Exchange Server 2013
  • 2962439 You cannot sync contacts or tasks in Microsoft CRM client for Outlook in an Exchange Server 2013 environment
  • 2962435 CRM synchronization fails if the time zone name of a meeting is not set in an Exchange Server 2013 environment
  • 2962434 Slow performance in Outlook Web App when Lync is integrated with Exchange Server 2013
  • 2958430 “Some or all Identity references could not be translated” error when you manage DAG in Exchange Server 2013 SP1 in a disjoint namespace domain
  • 2957592 MIME is disabled in Outlook Web App when you press Tab to move the focus in an email message in Exchange Server 2013
  • 2942609 Exchange ActiveSync proxy does not work from Exchange Server 2013 to Exchange Server 2007
  • 2941221 EWS integration for Lync works incorrectly in an Exchange Server 2013 and 2007 coexistence environment
  • 2926742 Plain-text message body is cleared when writing in Outlook Web App by using Internet Explorer 8 in Exchange Server 2013
  • 2926308 Sender’s email address is broken after importing a PST file into an Exchange Server 2013 mailbox
  • 2925559 Users always get the FBA page when they access OWA or ECP in Exchange Server 2013
  • 2924519 “SyncHealth\Hub” folder is created unexpectedly after installing Cumulative Update 2 for Exchange Server 2013
  • 2916113 Cannot open .tif files from email messages by using Windows-based applications in an Exchange Server 2013 environment
  • 2592398 Email messages in the Sent Items folder have the same PR_INTERNET_MESSAGE_ID property in an Exchange Server 2010 environment
Posted in Exchange, Microsoft, Technical | Tagged , | 1 Comment

DMARC! broke your mailing lists!

4/25/14 Update: Renamed post to “DMARC” instead of Yahoo now that Aol has their DMARC policy set to reject:

After spending sometime the last couple of days checking and rechecking my SPF settings I figured out today it was a change Yahoo made that broke message delivery to external recipients. Yahoo made this change “over the weekend” per some news articles, I first noticed NDRs dues to this on Monday 4/7/2014

The issue is that Yahoo changed their DMARC, which is made up for SPF and/or DKIM settings/policies, to “p=reject” which tells receiving email servers to reject emails from addresses that don’t originate from its servers. So if a Yahoo users sends an e-mail to and it contains recipients at @yahoo, @gmail, @msn, @hotmail,, @comcast, and many other email providers that check the original sending servers (Yahoo in the case) policy they will reject the mail. This is because the sending server of the e-mail is and not

Yahoo did this to help reduce spam that is being sent from accounts on their servers to mailing list that contains external recipients. But they basically “broke every mailing list in the world” to quote some of the many news articles I found today about this issue.

At this time there is no work around for Exchange that I know of. The suggestion is to tell users to stop using yahoo to send e-mail to mailing list. So this won’t work since as email admins we have no control over what users do externally.

I’m hoping Yahoo fixes this policy setting ASAP! I will update this post as I learn more!

Errors users\DL owners will see: gave this error:
Message not accepted for policy reasons. See # #SMTP# gave this error:
oFxW1n00k0D7utr0DFxXU1 Message rejected due to DMARC. Please see gave this error:
(BAY0-MC3-F11) Unfortunately, messages from ( on behalf of ( could not be delivered due to domain owner policy restrictions.

The only workarounds that I’m aware of at this time is to use an EDGE address rewrite rule to have any messages sent to a DL to have their From address to be the DLs, instead of the sending users. The other is to enable moderation on your DLs that have external recipients and for any coming from or (currently, but more will be added in the future I’m sure) resent them manually from the DL or a mailbox.

I’m hoping to hear back from some of my peers soon on better workarounds.

Good blog post on DMARC and why the rejection is happening and why this is a good thing, in general:

News articles about this issue:

Posted in Exchange, Microsoft, Technical, Uncategorized | 4 Comments