How to cleanup the Recoverable Items in the cloud and On-Premises

We have recently published two articles to help cleanup recoverable items when a mailbox is placed on In-Place Hold or Litigation Hold or has single item recovery enabled, you’ll want to preserve the mailbox data until the hold is removed or single item recovery is disabled. In this case, you need to perform more detailed steps to clean up the Recoverable Items folder.

The detailed steps are located here:

Office 365: Delete items in the Recoverable Items folder of cloud-based mailboxes on hold – Admin Help

On-Premises: Clean up or delete items from the Recoverable Items folder

Exchange Litigation Hold MRM Office 365

Exchange Management Shell and Mailbox Anchoring

Coming to the next CUs for Exchange 2013 and Exchange 2016 there are some changes to how the Exchange Management Shell (EMS) connects to Exchange. In previous versions, we have seen that customers who were reliant on a load balanced solutions for third party apps and scripts may get routed to a non-Exchange 2016 server. This would lead customers to some broken administrative experiences based on the reliance of Exchange 2016 cmdlets and features. Today we will dive deeper into these changes to help the Exchange Administrator understand how these changes will affect their Exchange Organization.

Check out the full article at The Exchange Team Blog

EMS Exchange PowerShell

OWA – “The window couldn’t be opened because your computer is low on memory.”

I was on my server and everything seemed fine. Performance was great however I kept getting the error following error every time I went to modify a database or show command logging:

“The window couldn’t be opened because your computer is low on memory. Please close some windows and try again.”

I was able to go to another machine and all was well so I started searching on this and apparently ieproxy.dll was not registered. I ran the below and it resolved my issue.

1. Open a CMD window
2. Navigate to C:\Program Files\Internet Explorer
3. Run the following command line:
regsvr32 ieproxy.dll

Exchange OWA

Certificate Error installing Exchange 2013 CAS Role

Symptom
=====================================================================
When installing Exchange 2013 from PowerShell in my lab I ran into an issue and the server failed installing the Client Access Role.


Welcome to Microsoft Exchange Server 2013 Service Pack 1 Unattended Setup
Copying Files…
File copy complete. Setup will now collect additional information needed for installation.
Languages
Management tools
Mailbox role: Transport service
Mailbox role: Client Access service
Mailbox role: Unified Messaging service
Mailbox role: Mailbox service
Client Access role: Front End Transport service
Client Access role: Client Access Front End service
Performing Microsoft Exchange Server Prerequisite Check
Configuring Prerequisites     COMPLETED
Prerequisite Analysis     COMPLETED
Configuring Microsoft Exchange Server
Preparing Setup     COMPLETED
Stopping Services     COMPLETED
Copying Exchange Files     COMPLETED
Language Files     COMPLETED
Restoring Services     COMPLETED
Language Configuration     COMPLETED
Exchange Management Tools     COMPLETED
Mailbox role: Transport service     COMPLETED
Mailbox role: Client Access service     FAILED
The following error was generated when “$error.Clear();
Install-ExchangeCertificate -WebSiteName “Exchange Back End” -services “IIS, POP, IMAP” -DomainController $RoleDomainController -InstallInTrustedRootCAIfSelfSigned $true
if ($RoleIsDatacenter -ne $true -And $RoleIsPartnerHosted -ne $true)
{
Install-AuthCertificate -DomainController $RoleDomainController
}
” was run: “Could not grant Network Service access to the certificate with thumbprint 1C5101B4BE0AF6CBD6A39FD413436E2649B0124 because a cryptographic exception was thrown.”.

The Exchange Server setup operation didn’t complete. More details can be found in ExchangeSetup.log located in the <SystemDrive>:\ExchangeSetupLogs folder.

Since I was already in PowerShell I went ahead and added the Exchange SnapIn since the Exchange Management Tools were installed and checked for the thumbprint listed above

PS C:\Exchange\Setup> Add-PSSnapin Microsoft.Exchange.Management.PowerShell.E2010
PS C:\Exchange\Setup> Get-ExchangeCertificate
Thumbprint Services Subject
———- ——– ——-
4DEAE2C0FD7657546E5BE9C326DFD463F6F3AB3D ….S.. CN=ex02
59A4489083B12076D397B30B27B53397194A2B2C ….S.. CN=Microsoft Exchange Server Auth Certificate
046880AF472664A815FFBC2252860A2E2111231B ……. CN=WMSvc-EX02

As we can see it’s not listed so I decided to look at all the certificates loaded on the server.

I then opened up MMC and added certificates for the local computer and see 4 certificates, however Exchange is only seeing 3. I am not sure where the certificate for the FQDN came from since the labs was just built today (8-10-14). The other three were supposed to be there after an Exchange Server install.


Workaround
=====================================================================

I backed up the certificate and removed it and then re-ran the installation and it resolved the issue.

Cause
=====================================================================

Unknown at this time. I have been able to reproduce the issue but I do not know why the certificate is there (possible lab image issue). Time to try to debug the issue. J

Certificates Exchange IIS PowerShell Setup

Disable Remote PowerShell in Office 365

Sometimes there arises a scenario where you may want to disable remote PowerShell access for your users in Office 365. The main reason for doing so would be to prevent rogue admins, users, or even compromised user accounts from being able to do anything malicious with your tenant.

By default, all users will have remote PowerShell access to your Office 365 Organization. Now RBAC Policies prevent them from doing a whole lot (if they are non-administrative users). However if an account gets compromised there could be issues.

The cmdlet below turns off remote PowerShell for a particular user. You can use this to disable PowerShell for all user’s but remember to do not include the Administrators account or you will not be able to run the Hybrid Configuration Wizard or do any management to the Office 365 Tenant that would require you to use PowerShell and make for a very bad day.

 Set-User -Identity <ALIAS> -RemotePowerShellEnabled:$False

Office 365 PowerShell

Office 365 for business public roadmap

The Office 365 for business roadmap lists updates that are currently planned for applicable subscribers. Updates are at various stages from being in development to rolling-out to customers to being generally available for applicable customers world-wide. Expand an update to learn more about it and click the learn more link to read more details.

To view the Office 365 roadmap click here.

Learn more about Office 365 for business service updates here.

Exchange Office 365

Update-DatabaseSchema cmdlet

The Update-DatabaseSchema cmdlet is designed to safely upgrade database schema in a DAG deployment. Unlike previous releases, a database schema upgrade in Exchange 2013 can only occur after all DAG members are upgraded to a version of software that supports the schema version and there is control over when the schema upgrade occurs. This design prevents issues like those encountered during upgrades of Exchange 2010 DAG members that automatically upgraded the database schema version when mounting database on an upgraded server and prevented you from being able to mount the database on a server that has not yet been upgraded.

More Reading: Microsoft Exchange Team Blog
Cmdlet Information: Update-DatabaseSchema
cmdlets DAG Mailbox

How to restore In-Place Hold and Litigation Hold settings in an Exchange 2013 hybrid deployment

In an Exchange Server 2013 hybrid deployment with or without on-premises Lync Server 2013
Restore In-Place Hold settings

To restore In-Place Hold settings, follow these steps:

  1. On the Exchange 2013 server, open the Exchange Admin Center by using on-premises admin credentials. 
  2. If your organization is enabled for a hybrid deployment with Exchange Online in Office 365, click the Enterprise tab in the navigation bar.

    Collapse this imageExpand this image

    Screen shot of the navigation bar in the Exchange Admin Center

     

  3. Click compliance management, and then click in-place eDiscovery & hold.

    Collapse this imageExpand this image

    Screen shot of the in-place eDiscovery & hold page in the Exchange Admin Center

     

  4. Select the In-Place Hold entry for which you want to restore In-Place Hold settings. Double-click it, or click Edit (

    Collapse this imageExpand this image

    2934402

    ), to open the properties page.

    Collapse this imageExpand this image

    Screen shot of the properties page for an In-Place Hold entry

     

  5. On the properties page, click In-Place Hold. The In-Place Hold settings for the user are displayed.

    Collapse this imageExpand this image

    Screen shot of the In-Place Hold settings for a user

     

  6. Click to clear the Place content matching the search query in selected mailboxes on hold check box, and then click save.
  7. Reopen the same properties page, and then click In-Place Hold. Notice that the Place content matching the search query in selected mailboxes on hold check box is cleared.

    Collapse this imageExpand this image

    Screen shot of the In-Place hold settings for a user, showing that the "Place content matching the search query in selected mailboxes on hold" check box is cleared

     

  8. Click to select the Place content matching the search query in selected mailboxes on hold check box.
    Additionally, if you were using a time-based In-Place Hold, select Specify number of days to hold items relative to their received date, enter the duration, and then click save. Doing this restores any In-Place Hold settings that existed before the issue occurred.
  9. Repeat step 4 to step 8 for any other In-Place Hold entries that you have.
Restore Litigation Hold settings

To restore Litigation Hold settings, follow these steps:

  1. Open Exchange Management Shell, and connect to your on-premises Exchange Server 2013 deployment.
  2. To restore a user’s Litigation Hold duration setting, run the following command:
    Set-Mailbox <user> -LitigationHoldDuration <valueInDays>

    For example, to set NinaT’s Litigation Hold duration to 90 days, run the following command:

    Set-Mailbox NinaT -LitigationHoldDuration 90

     

  3. Repeat step 2 for each user whose Litigation Hold duration setting you want to restore.
In an Exchange Online deployment with on-premises Lync Server 2013, and is running the Windows Azure Active Directory Sync tool with hybrid enabled

To restore the Litigation Hold duration setting, follow these steps:

  1. Connect to Exchange Online by using remote PowerShell. For more info, go to Connect to Exchange Online Using Remote PowerShell

    (http://technet.microsoft.com/en-us/library/jj984289(v=exchg.150).aspx)

    .

  2. To restore a user’s Litigation Hold duration setting, run the following command:
    Set-Mailbox <user> -LitigationHoldDuration <valueInDays>

    For example, to set NinaT’s Litigation Hold duration to 90 days, run the following command:

    Set-Mailbox NinaT -LitigationHoldDuration 90

     

  3. Repeat step 2 for each user whose Litigation Hold duration setting you want to restore.

After the next time that directory synchronization runs, the Lync 2013 server will pick up the restored Litigation Hold duration settings.

Source: Microsoft TechNet
Hybrid Litigation Hold