ECP do not show all Organization Units in Active Directory

You may have seen this when you use Exchange 2013 ECP to create a mailbox and want to select a specific OU. Then for what it looks the OU picker don’t show all OUs, only some of them are shown.
Reason is that the ECP webapplication has a limit of not showing more than 500 OUs, rest of them wont simply be shown.
Don’t cry, there is a solution if you have some CPU cycles to spare. Edit the “web.config” in the ECP directory. Default path is “C:\Program Files\Microsoft\Exchange Server\V15\ClientAccess\ecp\”.
In the appsettings section, add the XML element
<add key="GetListDefaultResultSize" value="5000" /> where the 5000 is number of OUs you want to be shown.
When done recycle the MSExchangeECPAppPool to make ecp webapplication read the configuration and have it live and kicking.

The famous 9646 error on Exchange servers

Most Exchange administrators have at least one time seen an error with Event ID 9646 and some seen this many times.

An example might look like this.
Mapi session /o=Exchange_orgname/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=user with client type MOMT exceeded the maximum of 500 objects of type Folder.

another example might end with this:
.. exceeded the maximum of 250 object of type Folder View.

Why does this happen?
Exchange has some built-in thresholds for various things that try to stop bad user behavior or a client behaving badly to not use all resources on the server to make other users suffer.
You can try to change client configuration for users experiencing this problems by changing cached mode on/off and also for extra mailboxes opened, outlook add-ons might also cause this. upgrading clients to newer version might also help, but sometime you cant change what users do and you must change limits instead.

How to change limits
You change limits by registry values and Microsoft has a TechNet article that describe these values Exchange Store Limits. The key here is to read the error text and find what threshold exceeded its limit, then read the TechNet article and implement a new threshold by editing registry values.
One problem here is to decide what limits you should set, unfortunately you have to set a value and then see if its working or not.
To have it all working you must restart Exchange services so don’t count on this working until a restart is done.

Article don’t cover Exchange server 2013 but the same limits apply and also the same solution to add/edit registry values on your mailbox servers.

Exchange cannot send mail to some domains

Have you encountered that Exchange cannot deliver mail to some destinations on Internet? This is becoming more and more common. You may ask why this happen in the first place and why it’s becoming more common.

The answer lies in how Exchange do DNS queries. Exchange was designed to run on a corporate network where you have full control on how DNS is setup and configured. Basically Exchange believe that DNS will always respond with a correct answer. But when Exchange send mail to Internet, DNS queries and answers might not always be what you expect, this is especially true when more and more organizations start using IPv6.

Using Network Monitor or any other network sniffer when Exchange tries to deliver a mail over Internet you will see that there is query for MX. One problem here is if the destination domain have IPv6 information in their Internet DNS but do not have AAAA records for hosts specified in their MX records, Exchange will simply do not another query for A records for the MX hosts and mail will queue on Exchange.
There are variations on what information is in the destination DNS zone and how your DNS is configured, if you have IPv6 yourself etc, but the behavior is the same, DNS will sometimes fail.

Solution is very simple. configure the sendconnector used for sending mail to Internet to use an external DNS, that is not to reconfigure your windows box to query another name server but simply use the Exchange configuration
Set-SendConnector <SendConnectorNameToInternet> -UseExternalDNSServersEnabled $True

You don’t even have to specify a specific name server on your HUB/Edge server, but you can if you like.

This will change the behavior of Exchange DNS queries to not to stop when there is no AAAA records if other IPv6 information is found, but to continue to do IPv4 DNS queries. remember that Windows prefer IPv6 over IPv4. This can be verified by using a network sniffer.

Have done testing both with HUB and Edge servers and with Exchange 2010 and 2013, and the behavior is the same.

The only reference on Technet on this matter is this article http://technet.microsoft.com/en-us/library/bb676467(v=exchg.150).aspx that talks about normal and lenient mode, but it doesn’t explain the changed behavior if using external DNS or not.

So in short, configure your sendconnectors sending to Internet to use an external DNS to make your live easier.

Looking for Exchange 2013 CU3 ?

look no further other than KB2892464. As usual it contains several bugfixes, support for IE11 in OWA, less memory consumption for the search infrastructure, bug around backup and restore which you can read more about in KB2888315.
To install CU3, you must deploy schema updates so talk with your Active Directory team to have them deployed before you run the CU3 setup.
Download is found here

Microsoft also released Exchange 2010 SP3 UR3 which can be found in KB2891587 and download from here

As always, read the KB and notes carefully before deploy.

happy patching.

Microsoft Masters program canceled

I June I did my rotation of the Exchange Masters training and also passed the test to become Exchange Master, MCSM (Microsoft Certified Solution Master). Training and test are intense and I am both glad and proud to have gained a lot of knowledge and new friends together with the MCSM title. so life is good with med and the Masters community until an email from Microsoft Learning sits in my inbox on Friday saying that the Masters and Architect programs are to be canceled. Read Neil Johnson (who is one of the teachers at the training) blog for the full email.

It has been a very intense day of people expressing their feelings and thoughts about this and the overall saying is that this is cannot be true it must be a very bad joke. Personally I couldn’t agree more. Cancel the highest certification you can achieve on Microsoft technology is something you simple don’t do, no matter what. Think about what signals this send out to people out there.

See what others are writing on the subject on Internet:
http://www.stevieg.org/2013/08/are-microsoft-losing-friends-and-alienating-it-pros/

http://paulrobichaux.wordpress.com/2013/08/31/microsoft-certified-systems-master-certification-now-dead/

http://up2v.nl/2013/08/31/microsoft-retires-its-top-level-certifications-mcm-mca-and-mcsm/

http://www.devinonearth.com/2013/08/defending-a-bad-decision/

http://michaelvh.wordpress.com/2013/08/31/microsoft-is-retiring-the-mcsmmca-program/

A SQL master guy even posted suggestion to vote on Connect site, sadly the connect site has been up and down the past 24 hours.