Category Archives: Microsoft

Fix: 550 5.1.8 Access denied, bad outbound sender

I have been having problems with one particular user in Office 365 who could not send or receive emails and he was always getting the error that the email was not delivered due to the below error.

Your message couldn't be delivered because you weren't recognized as a valid sender. The most common reason for this is that your email address is suspected of sending spam and it's no longer allowed to send messages outside of your organization. Contact your email admin for assistance.

Diagnostic information for administrators:
Generating server: --------------.eurprd02.prod.outlook.com
Remote Server returned '550 5.1.8 Access denied, bad outbound sender'

The problem is that the email was being blocked by Microsoft due that 5000 emails have been sent by the mailbox. The problem is not that your mailbox was hacked, but that the email header was spoofed by someone. To check that the mailbox is being blocked, open the Exchange Admin Center in your Office 365 portal, click on Protection and on Action Center.

You will see the user listed there with an unblock. Do not unblock the user for now.

In the Protection screen, click on dkim and highlight your external domain. Click on Enable. You will get an error message that CNAME records required are not found.

 

Open your domain DNS management portal on your hosting company and add the following CNAME entries

Host name: selector1._domainkey.<domain>
Points to : selector1-<domainGUID>._domainkey.<initialDomain>
TTL: 3600

Host name: selector2._domainkey.<domain>
Points to : selector2-<domainGUID>._domainkey.<initialDomain>
TTL: 3600

Once your DNS records have propagated, click on the Enable button on the dkim section.

Once enabled you can go under the Action Center and unblock the user. The process may take up to 2 hours to be cleared.

This will protect you from email message header spoofing. On another note to know immediately if a user has been blocked, you need to setup a notification as below.

Under the Exchange Admin Center open the Protection/ Outbound Spam section. Double click on default. Click on Outbound Spam preferences and tick send a notification when a sender is blocked as below and enter the admin email address. Click Save.

 

(94)

Fix: No Suitable Directory Servers Found when accessing OWA and ECP

When accessing ECP or OWA on your Exchange server you will be the below Server Error saying that No Suitable Directory Servers Found in Site and connected Sites. On the Event Viewer you will get the error 0x80040a02 (DSC_E_NO_SUITABLE_CDC).

The below solution if for Exchange 2003, 2007, 2010 and 2013. Open the Domain’s Group Policy Management and edit the Default Domain Controllers Policy or your server policy as below.

Computer Configuration
Policies
Windows Settings
Security Settings
Local Policies
User Rights Assignment
Mange auditing and security log
Add ‘Exchange Servers‘ or ‘Exchange Enterprise Servers‘ to that policy.

Restart the Exchange server to apply the computer configuration.

(7)

Fix: Cannot demote server Access is denied

When demoting a server from an existent Active Directory you will be prompted for the credentials with an error saying

The Operation failed because: The attempt at remote directory server to remove directory server was unsuccessful. “Access Denied”.

This issue is due to the fact that the object is set with Protect object against Accidental Deletion

To fix this open Active Directory Sites and Services. Find the server which you are trying to demote and expand it. Right click on NTDS Settings and click on Properties. Click on the Object tab and un-tick the Protect object from Accidental Deletion.

Retry the demotion and it will work. If it doesn’t then check the Active Directory Users and Computers and check if the computer account has the Protect object from Accidental Deletion enabled. Make sure to click on Advanced Features.

(13)

Fix: AzureAD Sync not working Scheduler is already suspended

You will notice that the AzureAD Sync tool stopped synchronizing and in the Office 365 portal under Health Directory Sync Status you will notice the error message Warning: no recent synchronization  under Password Sync.

In Powershell when you run the Start-ADSyncSyncCycle you will get the below error

Warning: no recent synchronization 

Start-ADSyncSyncCycle : System.InvalidOperationException: Scheduler is already
suspended via global parameters.

To fix this, simply open Powershell and run the below command.

Set-ADSyncScheduler -SchedulerSuspended $false

After it completes, re-run Start-ADSyncSyncCycle and it will work.

(133)

Fix: Outlook blocked access to the following potentially unsafe attachments

When you open a specific attachment in Outlook you might get the error saying Outlook blocked access to the following potentially unsafe attachments. Here’s a some solutions to help you unblock attachments in Outlook

Make sure that Outlook is closed. Open Registry and go to the below area depending on your office application version

Microsoft Office Outlook 2010
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Security
Microsoft Office Outlook 2007
HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Outlook\Security
Microsoft Office Outlook 2003
HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Outlook\Security
Microsoft Outlook 2002
HKEY_CURRENT_USER\Software\Microsoft\Office\10.0\Outlook\Security
Microsoft Outlook 2000
HKEY_CURRENT_USER\Software\Microsoft\Office\9.0\Outlook\Security

Create a new String Value and enter Level1Remove
As the value enter the extension of the file example .pptx, if you want to add multiple extensions, seperate them with a semicolon like this, .pptx;.docx

Close regedit and open Outlook

If this doesn’t work then you might have an update that blocks as Microsoft have released a patch which blocks safe files.

If you do have the below updates according to the Office version, remove them.

Outlook 2007: KB3191898
Outlook 2010: KB3203467
Outlook 2013: KB3191938
Outlook 2016: KB3191932

(249)

How to: Crop filenames with Powershell

Sometimes you would create some scripts to work with files and for example SQL creates backup files and it adds _backup_timestamp so it’s not easy to work with them in a script.

The below script will crop how much characters you want from the back. Simply change the $location (location of files) $extnsion (file extension) and $characterstoremove (number of characters to remove). This will crop the files to the length you need using Powershell.

$location = "C:\test"
$extension = ".bak"
$characterstoremove = -37
$filelist = (get-childitem $location | Where-Object {$_.mode -match "a"} | foreach-object {$_.name})
foreach ($file in $filelist)
{
$len = $file.length
$len = $len+" "+$characterstoremove
$newname = $file.substring(0,$len)
$newname = $newname + $extension
$newfilename = $location+"\"+$file
Rename-Item $newfilename $newname
clear-variable newname, len
}

(28)

How to: Remove Exchange mailbox export requests

After a number of exports or imports, you might need to clean up the failed, completed or other status when running the get-mailboxexportrequest report in PowerShell. To clean these open the Exchange PowerShell and run the below.

Clean Export requests
Get-MailboxExportRequest -Status Completed | Remove-MailboxExportRequest
Get-MailboxExportRequest -Status Failed | Remove-MailboxExportRequest

Clean Import requests
Get-MailboxImportRequest -Status Completed | Remove-MailboxExportRequest
Get-MailboxImportRequest -Status Failed | Remove-MailboxExportRequest

(148)

How To: Disable AD Autodiscover for Office 365 migration

When having a local setup of Exchange and you want to migrate to Office 365 while leaving the local Exchange in place, you will have problems with autodiscover still pointing users to the local Exchange setup. If you don’t do the below, Outlook will still try to connect to the old Exchange server.

To stop the Autodiscover, open ADSIEDIT.MSC from the Active Directory server and delete the below entry so that the local SCP entry is skipped.

Select the “Configuration” naming context
CN=Services\
CN=Microsoft Exchange\
CN=\
CN=Administrative Groups\
CN=Exchange Administrative Groups\
CN=Servers\
CN=\
CN=Protcols\
CN=Autodiscover\
And delete the CN= of class serviceConnectionPoint

Since Outlook uses SCP as well, you might want to run this registry update on the local machines.

(The version number varies depending on your Office application version)
– Navigate to HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\AutoDiscover
– Create new DWord ExcludeScpLookup
– Set the DWord as 1

After this, try to ping autodiscover.mydomain.com to ensure that it’s pointing to the Office 365

Update:

You can also do the following maybe it will help more. These should be created under the AutoDiscover Key

“ExcludeScpLookup”=dword:00000001
“ExcludeHttpsAutodiscoverDomain”=dword:00000001
“ExcludeHttpsRootDomain”=dword:00000001
“ExcludeSrvLookup”=dword:00000001
“ExcludeHttpRedirect”=dword:00000000
“ExcludeSrvRecord”=dword:00000001

(87)

Fix: PowerShell does not wait before starting the next command

When creating a Powershell script and executing something in the middle of the script it does not wait until that process finishes and continues executing the script.

This can be a pain since you might have something executing after the script which depends on the executable you run.

So, when you are executing the file and you want Powershell to wait before continuing you must add the following for it to wait until it finishes.

&Myfile.exe | Out-Null

By adding the Out-Null after your script, it will wait until the MyFile.exe finishes before continuing executing.

This method can be used for the Start-Process as below

Start-Process MyFile.exe -NoNewWindow -Wait

Or you can use this to the Wait For Exit parameter

$proc = Start-Process -NoWindow
$proc.WaitForExit()

(36)

How to export mailboxes to PST in Exchange 2010

A new set of PST export cmdlets, introduced in Exchange 2010 SP1, make it easier for Exchange administrators to export primary and archive user mailboxes to Outlook Data Files (PST). Though not recommended for storing large amounts of enterprise data, Exchange administrators use the Outlook Data Files to back up individual user mailboxes in certain scenarios – such as an employee leaving the business. This can help meet regulatory compliance mandates without having to back up the entire database. Additionally, a PST file can serve as an easy destination for exporting user mailboxes from corrupt databases in order to later import them to a healthy one.

Which users are permitted to export mailboxes to PST?

All users, including administrators, need to be assigned Mailbox Import Export role in order to export mailboxes to PST. This can be done via the Exchange Management Shell. To assign Mailbox Import Export role to a user, run the following cmdlets in the Exchange Management Shell:

New-ManagementRoleAssignment –Role "Mailbox Import Export" –User <user name>

For example:

New-ManagementRoleAssignment –Role "Mailbox Import Export" –User Administrator

lepide_1Figure 1.Assign Mailbox Import Export role to a user

To assign Mailbox Import Export Role to a security group, run the cmdlets:

New-ManagementRoleAssignment -Role "Mailbox Import Export" -SecurityGroup <Security group name>

For example:

New-ManagementRoleAssignment -Role "Mailbox Import Export" -SecurityGroup MailboxExportImportGroup

lepide_3
Figure 2. Assign Mailbox Import Export role to a security group

To check which users have the rights to export mailboxes, run:

Get-ManagementRoleAssignment -Role “Mailbox Import Export” | Format-List RoleAssigneeName

lepide_3Figure 3. Check for users who have the rights to export mailboxes

The location of destination PST

The destination PST file for the mailbox export needs to be in a shared folder that is accessible from Exchange. Share the destination PST folder and provide Read/Write permissions for the Exchange Trusted Subsystem over it.

How to export mailboxes to PST

Mailboxes are exported to PST by creating mailbox export requests. To create an export request for a user mailbox, run:

New-MailboxExportRequest -Mailbox <mailbox name> -FilePath <network share path to the target PST file>

lepide_4Figure 4. Export mailboxes to PST

Note: You can create as many requests as required; but a unique name need to be given for every request after the tenth one (after which Exchange will not generate unique names for requests). To name a request, use the parameter ‘–Name’.

To export an archive mailbox, use:

New-MailboxExportRequest -Mailbox -FilePath –IsArchive

Note: To include or exclude specified folders in the export, use –IncludeFolders or –ExcludeFolders parameter.

Getting the details

To get details about the mailbox request, run:

Get-MailboxExportRequest

lepide_5Figure 5. Get the details about mailbox export

A better way to export mailboxes to PST

Exporting mailboxes to PST using the Exchange Management Shell is not a quick process, and many IT teams find that it is not a viable method when faced with strict deadlines. Specialised Exchange recovery management solutions, like Lepide Exchange Recovery Manager, provide powerful PST export facilities and simplify the whole process of data recovery. Lepide Exchange Recovery Manager also works with all versions of Exchange to ensure maximum compatibility with your Exchange environment.

lepide_6
Figure 6. PST export options in Lepide Exchange Recovery Manager

The solution’s Export Mailboxes dialogue displays some of the important features included:

  • Select mailboxes to export in PST allows easy selection of one or more mailboxes for export
  • Filters provide granular filtering options that can be done according to a date range or item types
  • This solution allows users to browse for the destination, split the Outlook PST file and create Unicode PST

Getting user-friendly details about items, folders and mailboxes exported to PST

With Lepide Exchange Recovery Manager, getting item, folder, and mailbox details exported to PST is easy and the reports provided are simple to understand. The solution shows you information on the export operation, mailbox (es) exported, folders in the exported mailboxes and the messages in the exported mailboxes folders. The screenshot below shows a sample of the operation logs created when multiple mailboxes are exported to PST:

lepide_7Figure 7. Details about the mailboxes exported to PST

Conclusion

Microsoft Exchange (from 2010 SP1 onwards), uses a new set of cmdlets to facilitate exporting mailboxes to PST. The user that performs this operation must be assigned Mailbox Import Export role and the destination PST folder must be accessible from Exchange. If you’re looking for an easier and quicker way to export mailboxes to PST, Lepide Exchange Recovery Manger is a powerful, cost-effective and user-friendly option.

(255)