HTTP Proxy TargetBackEnd limits

powershellLast Update: February 4th, 2016

When deploying Exchange 2013 or Exchange 2016 in co-existence with a legacy version of Exchange, there comes a point where all traffic is routed through Exchange 2013/2016. Traffic for mailboxes hosted on legacy Exchange versions will be proxied by Exchange 2013/2016 to the back end.

This proxy process has some built-in limits for certain protocols, which you could encounter. Symptoms of these limits are Event 2022’s being logged in the Application log by the MSExchange Front End HTTP Proxy service:


Per Exchange 2013 CU7, this message should be considered a notice, despite the confusing event description. No connections are being blocked. However, the events create noise in your logs, which can be prevented by raising these limits. To accomplish this, you need to dive in to the web.config of the applicable HTTP Proxy protocols:

  • $ExInstall\FrontEnd\HttpProxy\sync\web.config (for ActiveSync, EAS)
  • $ExInstall\FrontEnd\HttpProxy\rpc\web.config (for OA, RPC/http)

In those files, create or adjust the entry in the <appsettings> configuration node, where <value> is the limit you want to configure (default is 150):

<add key=”HttpProxy.ConcurrencyGuards.TargetBackendLimit” value=”<value>” />

After adjusting these values, recycle the relevant application pools, e.g. MSExchangeSyncAppPool and MSExchangeRPCProxyAppPool.

The above steps need to be performed on all Exchange 2013/2016 Client Access Servers.

To automate this process of tedious editing in web.config files, I have created a small script which lets you alter these values for EAS and RPC against the local server or remotely. The script, Configure-HTTPProxyTargetBackEnd.ps1, has the following parameters:

  • Server to specify server to configure. When omitted, will configure local server.
  • AllServers to process all discoverable Exchange Client Access servers
  • TargetBackEnd specifies Target Backend limit (default 150).
  • NoRecycle to prevent recycling the MSExchangeSyncAppPool and MSExchangeRPCProxyAppPool

For example, to configure the local server with a limit of 2000 for Exchange Active-Sync and RPC access, use:

.\Configure-HTTPProxyTargetBackEnd.ps1 -TargetBackEnd 2000


Note that the script will create a backup copy of the web.config files before editing, using the current timestamp.

You can download the script from the TechNet Gallery here.

Feedback is welcomed through the comments. If you got scripting suggestions or questions, do not hesitate using the contact form.

See TechNet Gallery page.

Exchange 2013 Cumulative Update 11

Ex2013 LogoThe Exchange Team released Cumulative Update 11 for Exchange Server 2013 (KB3099522). This update raises Exchange 2013 version number to 15.0.1156.6.

  • KB 3120594 Appointment on the Outlook calendar isn’t updated to a meeting when attendees are added
  • KB 3108345 “The app couldn’t be downloaded” error occurs when you try to install an application from the Intranet in Exchange Server 2013
  • KB 3108011 Error message occurs in Outlook after you change a single instance of a recurring meeting by using an iOS device
  • KB 3107781 Exchange ActiveSync device doesn’t keep messages for 30 days as configured
  • KB 3107379 Noderunner.exe consumes excessive CPU resources by parsing an attached document in Exchange Server 2013
  • KB 3107337 Mailbox migration from Exchange Server 2007 to Exchange Server 2013 is very slow
  • KB 3107291 Exception occurs when you run the Invoke-MonitoringProbe cmdlets to set probes for IMAP and POP3 in Exchange Server 2013
  • KB 3107205 “Custom error module does not recognize this error” error when OWA web parts fail to load
  • KB 3107174 Pages that use the People pop-up URL don’t load in Chrome when you access OWA or the Exchange Server Administration Center
  • KB 3106613 Outlook Web App shows partial contacts in an Exchange Server 2013 environment
  • KB 3106475 POP3 and IMAP4 are not supported to use TLS protocol 1.1 or 1.2 in Exchange Server 2013
  • KB 3106421 Very long URLs in an email message do not open in OWA in Internet Explorer
  • KB 3105760 Exchange Server 2016 mailbox server can be added to an Exchange Server 2013 DAG
  • KB 3105690 Outlook clients that use MAPI over HTTP to connect to Microsoft Exchange Server 2013 mailboxes are intermittently disconnected
  • KB 3105685 The lsass.exe process leaks an amount of handles in Exchange Server 2013
  • KB 3105654 Cannot edit Inbox rules in Outlook Web App by using Chrome
  • KB 3105625 ActiveSync device downloads emails while it’s in quarantine in an Exchange Server 2013 environment
  • KB 3105389 WSMan-InvalidShellID error when you create remote PowerShell sessions in an Exchange Server 2013 environment
  • KB 3100519 No responses are sent from a room mailbox when a booked meeting extends beyond the date you set in Exchange Server 2013
  • KB 3093866 The number of search results can’t be more than 250 when you search email messages in Exchange Server 2013
  • KB 3088911 Inline attachments are sent as traditional when you smart forward an HTML email in an iOS device in Exchange Server 2013
  • KB 3088487 IOPS Write increase causes email delivery delays in an Exchange Server 2013 environment
  • KB 3076376 IMAP clients that use Kerberos authentication protocol are continually prompted for credentials in Exchange Server 2013
  • KB 3068470 “Something went wrong” error in Outlook Web App and ECP in Exchange Server 2013
  • KB 3048372 Exchange Calendar items are shifted incorrectly when some Windows DST updates are applied
  • KB 2968265 OWA cannot be accessed after you upgrade Exchange Server 2013



  • This CU introduces an important change in the mechanism how Exchange Management Shell sessions will be initiated as of Exchange 2013 CU11 (and to be introduced in Exchange 2016, as well), called Mailbox Anchoring. More on this later in this article.
  • When using Exchange hybrid deployments or Exchange Online Archiving (EOA), you are required to stay current (version N) or be one version behind (N-1).
  • Cumulative Update may include schema or Active Directory changes (e.g. Role-Based Access Control). Make sure you run PrepareSchema /PrepareAD.  If you want to speed up the Cumulative Update installation process, you can temporarily disable certificate revocation checking as described here.

Note that Cumulative Updates can be installed directly, i.e. no need to install RTM prior to installing Cumulative Updates. Note that once installed, you can’t uninstall a Cumulative Update nor any of the installed Exchange server roles. The order of upgrading servers is irrelevant, unlike with previous generations of Exchange.

Finally, and I can’t emphasize this enough: For any Hotfix, Rollup, Service Pack or Cumulative Update, I’d recommend to thoroughly test this in a test and acceptance environment first, prior to implementing it in production. When you lack such facilities, hold out a week or two and monitor the comments on the release article or TechNet forum for any issues.

You can download Exchange 2013 Cumulative Update 11 here; UM Language Packs can be found here.

This CU introduces an important change in the administrative model. In short, you need to home your administrative mailbox on the Exchange platform level you want to administer Exchange from (mailbox anchoring), as you will connect (or be proxied) to an Exchange Management Shell (EMS) session on that host. In other words, use an administrative account with a mailbox on Exchange 2013 to administer Exchange 2013, use an admin mailbox on Exchange 2016 for Exchange 2016. The logic behind this is to work around mixed-version environment issues, as newer Exchange versions may introduce changes, like new or enhanced cmdlets but also deprecated functionality. New general recommendation is to keep arbitration mailboxes as well as administrative mailboxes on the most current version.

If the admin has no mailbox, or if it’s unavailable, arbitration mailboxes – primarily SystemMailbox{bb558c35-97f1-4cb9-8ff7-d53741dc928c} – are considered for hosting your EMS session. Also, that ‘Connected to <Server>’ message when you open up an EMS session will no longer always mean your EMS session is hosted on that server; it could mean your EMS session is being proxied through there, which can create challenges when you’re running multiple sites with low bandwidth links – you may need to move your admin mailbox around or create one for local administration to enjoy better response times. You can only discover which host your session runs on by inspecting the local environment, using elements like the env:COMPUTERNAME variable or [System.Net.Dns]::GetHostName().

Also, it might be wise to spread administrative mailboxes over different servers or databases, in case your arbitration mailboxes become unavailable together with that one administrative mailbox, as you need to recover one of those just so you can set up an EMS session. The last resort for running an EMS cmdlets – against all best practices and recommendations, as it bypasses Role-Based Access Control for example – is  to load the Exchange module using Add-PSSnapIn. But be advised, you may not have all required permissions, for example your admin account may not have direct Active Directory permissions (and which is one of the reasons you shouldn’t just load the snap-in under normal circumstances).

The Exchange Team put up a separate blog to explain this change in behavior here.

Exchange Server Role Requirements Calculator 7.8

Exchange 2010 Mailbox Role Sizing Calculator 16.4The Exchange team today published an update for the Exchange 2013 Server Role Requirements Calculator as well. The new version number is 7.8. This version incorporates sizing for Exchange 2016 as well and includes support for ReFS (default for Exchange 2016). The version number is also dropped from the calculator.

More or less complementary to the calculator is the updated sizing guidance for Exchange 2016, which was also published today here. No big changes here, apart from multi-role only option and a slight increase in CPU requirements to cover for unforeseen circumstances as the team is still learning from real-world behavior. This makes sense, looking at the speed in which the calculator was released compared to the one for Exchange 2013. Kudos to the Exchange team!

New and enhanced functionality since version 7.6:

  • Added support for Exchange 2016
  • Included CPU utilization guidance changes for Exchange 2016
  • Diskpart.ps1 and CreateDAG.ps1 now support ReFS
  • Moved DataMoveReplicationConstraint setting from CreateMBDatabases.ps1 to CreateMBDatabaseCopies.ps1
  • Revised all of the Distribution dialog controls to load their defaults from variables rather than use hard-coded values
  • The DAG name from the Input tab now flows through as the default on the Export DAG dialog
  • Updated Distribution tab dialog controls to persist the global catalog value during a session
  • Added conditional formatting for ReplayLagTime and SafetyNetThreshold
  • Removed 2013 from the name of the calculator

Fixes since version 7.6:

  • Fixed inaccuracies with “Number of Exchange Data Volumes per Server” input
  • Fixed calcActDBPDCWorst formula to take into account non-HA deployments
  • Fixed multiple dbs / volume calculation to take into account ReplayLagManager
  • Fixed calcNumDBCopyInSDC formula to take into account proper number of lagged copies
  • Fixed MaxPreferredActive not being displayed for A/A (Single DAG) site resilient solutions
  • Fixed an issue with Fail* buttons on Distribution tab when using some regional settings
  • Fixed an issue with volume path persistence on the Distribution tab Mount Points dialog

You can download the calculator here. For more information, please consult the list of changes here or Read Me here.

Blocking Mixed Exchange 2013/2016 DAG

Ex2013 LogoIn the RTM version of Exchange 2016, there’s an issue in that it is allows you to add Exchange 2016 Mailbox servers to Exchange 2013 Database Availability Groups, and vice-versa. As stated in the Release Notes (you do read those?), creating such a mixed version DAG is not supported. In theory, you could even jeopardize your Exchange data, as database structures from both versions are different. This action is also not prevented from the Exchange Admin Center, requiring organizations to have very strict procedures and knowledgeable Exchange administrators.

If you are worried about this situation and you want to prevent accidently adding Mailbox servers to an existing DAG consisting of members of a different Exchange version, there is a way (until this is blocked by the product itself, of course). Cmdlet Extension Agents to the rescue!

The Scripting Agent not only allows you to add additional instructions to existing Exchange cmdlets, but also to provide additional validation before cmdlets are executed. I did two short articles on Cmdlet Extension Agents’ Scripting Agent here and here, so I will skip introductions.

First you need to download a file named ScriptingAgentConfig.xml from the location below. If you already have Scripting Agents, you need to integrate the code in your existing ScriptingAgentConfig.xml files. The code checks if the server you want to add using the Add-DatabaseAvailabilityGroup cmdlet is of a different major version than one of the current DAG members.

Next, you need to copy this ScriptingAgentConfig.xml file to $ENV:ExInstallPath on every Exchange 2013 and Exchange 2016 server in your organization, e.g. C:\Program Files\Microsoft\Exchange Server\V15\Bin\CmdletExtensionAgents\ScriptingAgentConfig.xml.  To help your with this process, Exchange fellow Paul Cunningham made a small script to push this XML from the current folder to every Exchange server in your organization, PushScriptingAgentConfig.ps1.

Last step is to enable the Scripting Agent using:

Enable-CmdletExtensionAgent ‘Scripting Agent’

After distributing the scripting agent file and enabling the scripting agent, when you try to add an Exchange 2016 (version 15.1) server to an Database Availability Group consisting of Exchange 2013 Mailbox servers, using Add-DatabaseAvailabilityGroupServer, you will receive an error message:


This also works vice-versa, thus when you inadvertently try to add Exchange 2013 servers to an Exchange 2016 Database Availability Group, provided you distributed the XML on the Exchange 2013 servers as well. The error is also thrown when you try to perform this action using the Exchange Admin Console.

You can download the ScriptingAgentConfig.XML for blocking Mixed Exchange 2013/2016 DAGs from the TechNet here.

Exchange 2010-2013 Migration and OAB

Ex2013 LogoLast year, Exchange fellows Andrew Higginbotham, Paul Cunningham as well as the Exchange Team reported on checking, and when necessary configuring, your Offline Address Book (OAB) in your current Exchange Server 2010 environment, prior to installing Exchange Server 2013. Not doing so could result in a complete download of the Offline Address Book created by Exchange Server 2013, titled ‘Default Offline Address List (Ex2013)’.

Today I received a report that there is a different symptom of configuration absence. In this case, the customer reported on the inability to download the offline address book, and upon further inspection the Autodiscover server did not report back on the offline address book URL to use. In other words, OAB information was absent from the Autodiscover response, and Outlook gets confused. Note that this issue was reported in Outlook 2010 after installing Exchange Server 2013 Cumulative Update 10. I’m not sure if this change in behavior was introduced in these later builds of Exchange 2013 or Outlook, but it’s still a good thing to know.

The remedy here of course is to configure any (Exchange 2010) mailbox database with unconfigured Offline Address Book setting, and point them to the default offline address book using:

Get-MailboxDatabase | Where-Object {$_.OfflineAddressBook -eq $Null} | Set-MailboxDatabase -OfflineAddressBook (Get-OfflineAddressBook | Where-Object {$_.IsDefault -eq $True})

Exchange 2013 and .NET Framework 4.6

Ex2013 LogoA quick heads-up that when you are running Exchange Server 2013, you should not install or update to .NET Framework 4.6. This version of the .NET framework is not only not supported, it may also cause your Exchange 2013 server to stop functioning correctly.

When you have updated from a previous version, a suggested workaround is to uninstall .NET Framework 4.6. However, with all the dependencies on the .NET Framework by Exchange Server, it maybe preferred, when you did install version .NET Framework 4.6, to migrate contents, i.e. mailboxes etc., to a new Exchange 2013 server, and decommission the one you installed .NET 4.6.

More information can be found in KB3095369.

Exchange 2013 CU10 & Exchange 2010 SP3 RU11

Ex2013 LogoThe Exchange Team released Cumulative Update 10 for Exchange Server 2013 (KB3078678) as well as Rollup 11 for Exchange Server 2010 Service Pack 3 (KB3078674). These version levels will be required for co-existence with Exchange Server 2016, which is to be released at a later date. The updates raise the version numbers to 15.0.1130.7 and, respectively.

Cumulative Update 10 contains the following fixes for Exchange Server 2013:

  • KB 3087126 MS15-103: Description of the security update for Exchange Server: September 8, 2015
  • KB 3094068 Permissions for a linked mailbox are added to an account in the wrong forest in an Exchange Server 2013 environment
  • KB 3093884 The link in a quarantined email shows an empty list for ActiveSync-enabled devices in Exchange Server 2013
  • KB 3093866 The number of search results can’t be more than 250 when you search email messages in Exchange Server 2013
  • KB 3088911 Inline attachments are sent as traditional when you smart forward an HTML email in an iOS device in Exchange Server 2013
  • KB 3087571 Can’t edit or resend a delayed delivery message when you open the message from the Outbox folder in Exchange Server 2013
  • KB 3087293 “550 5.6.0” NDR and duplicated attachments when an encrypted email is sent in Outlook in Exchange Server 2013
  • KB 3080511 HTML forms aren’t available when the DisableFilter parameter is enabled in Outlook Web App in Exchange Server 2013
  • KB 3080221 LegacyExchangeDN attribute is displayed when you use Outlook Web App to view an appointment in Exchange Server 2013
  • KB 3079217 Outlook Web App replies to the wrong email address when an email has more than 12 recipients in Exchange Server 2013
  • KB 3078966 Outlook 2011 for Mac client displays emails as they come from the same senders in Exchange Server 2013
  • KB 3078443 Incorrect results are displayed when you search for an email that has a certain attachment name in Exchange Server 2013
  • KB 3078438 Performance issues occur in an Exchange Server 2013 environment that’s running BlackBerry Enterprise Server 5
  • KB 3078404 Can’t access a shared mailbox after you migrate from Exchange Server 2010 to Exchange Server 2013
  • KB 3076257 EWS returns a Success response code even if a batch deletion request isn’t completed in Exchange Server 2013
  • KB 3074823 No Send As audit events are logged when you use Send As permission in Exchange Server 2013
  • KB 3071776 “A problem occurred” error when you access shared folders in Exchang Server 2013 mailbox by using Outlook Web App
  • KB 3069516 Mailbox size and quota information are reported incorrectly in Outlook and Outlook Web App in Exchange Server 2013
  • KB 3061487 “FailedToGetRootFolders” error when you run an eDiscovery estimate search for archive mailboxes in Exchange Server 2013
  • KB 3058609 Wrong recipient is specified in an inbox rule that has the ForwardTo or RedirectTo option in Exchange Server 2013
  • KB 3009631 Advanced Find against the Sent Items folder in Outlook returns no result in Exchange Server 2013
  • KB 2999011 Documents are partially indexed by Exchange search when they embed other documents in Exchange Server 2013
  • KB 2983161 Organization unite picker is missing when you create a Remote Mailbox in Exchange Admin Console in Exchange Server 2013
  • KB 3091308 Can’t install cumulative updates or service packs when MachinePolicy or UserPolicy is defined in Exchange Server 2013

For Exchange Server 2010 SP3, Rollup 11 contains the following fix:

  • KB 3092576 Exchange 2010 Information Store crashes randomly


    • When using Exchange hybrid deployments or Exchange Online Archiving (EOA), you are required to stay current.
    • If you want to speed up the update process for systems without internet access, you can follow the procedure described here to disable publisher’s certificate revocation checking.
    • This Cumulative Update does include Active Directory changes when compared to the previous Cumulative Update. If you have deployed a version earlier than CU10, make sure you run setup /PrepareAD.
    • If you got an Exchange 2010 DAG, and want to properly update the DAG members, check the instructions here.

Note that Cumulative Updates can be installed directly, i.e. no need to install RTM prior to installing Cumulative Updates. Note that once installed, you can’t uninstall a Cumulative Update nor any of the installed Exchange server roles. The order of upgrading Exchange 2013 servers is irrelevant, unlike with previous generations of Exchange. Exchange 2010 Rollups are cumulative per service pack level, i.e. they contain fixes released in earlier updates.

You can download Exchange 2013 Cumulative Update 10 here and Exchange 2010 SP3 Rollup 11 here. The Exchange 2013 CU10 Language Packs are available here.

Connecting to Office 365/Exchange

powershellAlmost 3 years ago, I wrote an article on how to enhance the PowerShell Integrated Scripting Environment, or ISE. That seemed adequate for the Exchange admin back then, who mostly connected their PowerShell session to their his on-premises environment, and perhaps occasionally a bit of Exchange Online.

Fast forward to 2015, most modern Exchange administrators not only require a connection – if any – to their Exchange on-premises environment, but likely to one or more of the Office 365 services as well. This includes Exchange On-Premises, Azure Active Directory, Exchange Online Protection and perhaps even Skype for Business Online, SharePoint Online, Azure Rights Management Services or Compliance Center.

All these services use a different PowerShell session, use a different endpoint FQDN, and in some cases require a locally installed PowerShell module. Likely common denominator is the credential used to access each of these services. So, tired of re-entering my credentials every time when switching from Exchange Online to Exchange Online Protection, I created a script with a set of functions to allow me connect to each individual Office 365 service or Exchange Online:

  • Connect-AzureAD: Connects to Azure Active Directory
  • Connect-AzureRMS: Connects to Azure Rights Management
  • Connect-ExchangeOnline: Connects to Exchange Online
  • Connect-SkypeOnline: Connects to Skype for Business Online
  • Connect-EOP: Connects to Exchange Online Protection
  • Connect-ComplianceCenter: Connects to Compliance Center
  • Connect-SharePointOnline: Connects to SharePoint Online
  • Get-Office365Credentials: Gets Office 365 credentials
  • Connect-ExchangeOnPremises: Connects to Exchange On-Premises
  • Get-OnPremisesCredentials: Gets On-Premises credentials
  • Get-ExchangeOnPremisesFQDN: Gets FQDN for Exchange On-Premises
  • Get-Office365Tenant: Gets Office 365 tenant name (SharePoint)

Note that functions and credentials used in the script are global, and in principle only need to be entered once per shell or ISE session. If you need different credentials, call Get-Office365Credentials again. User interaction is a very basic Read-Host, but it does the job.

During initialization, the script will detect the modules which are required for certain Office 365 services. When not installed, it will notify you, and provide a link where to obtain the PowerShell module. The related Connect function will not be made available. The Azure Active Directory module also requires the Microsoft Online Sign-In Assistant to be installed. Needless to say, PowerShell is required to run this script, which is tested against version 4 (but should work with 3)

The functions are contained in a script called Connect-Office365Services.ps1. You can call this script manually from your PowerShell session to make the functions available. However, more convenient may be to have them always available in every PowerShell or ISE session. To achieve this, you need to edit your $profile, which is a script which always starts when you start a PowerShell or ISE session. By default this file does not exist and you need to create it, including the path. Also note that the files for PowerShell and ISE are different, Microsoft.PowerShell_profile.ps1
and Microsoft.PowerShellISE_profile.ps1 respectively.

Now, of course you can copy and paste the functions from the script file to your own $profile. Better is to call the script from your $profile, as this allows you to overwrite the Connect-Office365Services.ps1 with updates. To achieve this, assume you copied the Connect-Office365Services.ps1 in the same location as your $profile, for example C:\Users\Michel\Documents\WindowsPowerShell. You can then make PowerShell and ISE call this script by adding the following line to the $profile scripts:

& “$PSScriptRoot\Connect-Office365Services.ps1”

Now when you start a PowerShell session, you might see the following:


This shows the Microsoft Online Sign-In Assistant and Azure Active Directory PowerShell module is available, and related connect functions should be available.

When you load the script from ISE, it will show something similar. However, it will also show ISE is detected and make all functions available through the Add-On menu:


Customize this script to your liking. For example, if you always want to connect to Azure Active Directory when connecting to Exchange Online, add Connect-AzureAD in the Connect-ExchangeOnline function, or when you always want to connect to a fixed FQDN for Exchange On-Premises, insert it in the script or – better – configure your $profile to predefine the FQDN, e.g. $global:ExchangeOnPremisesFQDN=’’.

Also, you may with to leverage prefixing the imported cmdlets so you can easily switch between Exchange On-Premises and Exchange Online. For example, you can then having something like Get-EXOMailbox and Get-EOPMailbox corresponding to Get-Mailbox in your Exchange Online or Exchange On-Premises within the same shell session. However, as with aliases, think of the ‘the next guy’ who may not have these prefixed cmdlets, and instructions or scripts may require adoption to work, etc. But if you insist, for more information on prefixing cmdlets when importing a PowerShell session, see here.

Windows 10
Be advised that when used with Windows 10 build 10525 or 10532, your PowerShell session might crash when connecting to certain services, e.g. Exchange Online Protection. Fellow Exchange MVP Tony Redmond wrote about this here, including a possible workaround. Windows 10 RTM does not have this issue.

Download / Revisions
You can download the script from the TechNet Gallery here. The TechNet Gallery page as well as the script contains revision information.

Feedback is welcomed through the comments. If you got scripting suggestions or questions, do not hesitate using the contact form.

Client Message Size Limits

powershellLast Update: Version 1.11, November 4th, 2015

Exchange 2013 enforces certain message size limits when it comes to client messages. These limits are in-place so clients can’t generate excessive load on your Exchange environment. These limits are determined for various access methods in multiple web.config files on Exchange Client Access Servers as well as Mailbox Servers.

Sometimes you may have good reasons to increase those limits. For example, when migrating to Office 365 using a product like MigrationWiz, you may want to increase the limit for Exchange Web Service (EWS) requests to allow for migration of larger items. Another example is when you want to allow for bigger attachments in Outlook WebApp (OWA). On TechNet, there’s an article on how to reconfigure these limits. However, the process consists of editing multiple web.config files, replacing multiple values in the same file, and following this process on each Exchange 2013 server in your environment. This is not only labor intensive and prone to error, but becomes tedious when you consider that each Cumulative Update will overwrite your web.config files.

But do not despair. To execute these changes for OWA and EWS, I have created a PowerShell script which will perform these tasks for you.

Using the script requires Exchange 2013. You need to provide the server name (default is local server) or AllServers to apply to all Exchange 2013 servers in your environment. The script will modify the web.config remotely using the system share (e.g. C$), using the location of the Exchange installation, and uses IISRESET tool to restart IIS. It will create a backup of the web.config before modifying it.


  1. The script checks for running in elevated mode when running against the local machine.
  2. Current version of the script requires Exchange Management Shell, to run Exchange cmdlets for checking installed roles a.o., as the web.config files which require editing depend on the installed roles.
  3. For OWA, add ~33% to the value you want to specify to compensate for encoding overhead.
  4. When connected to an Exchange server, the script processes the server hosting the EMS session last to prevent abortion caused by IIS reset.
  5. Script currently runs against Exchange 2013.

The script Configure-ClientSizeLimits.ps1 uses the following syntax:

.\Configure-ClientSizeLimits.ps1 [-Server |-AllServers] [-OWA ] [-EWS ] [-Reset] 

A quick walk-through on the parameters and switches:

  • Server specifies the server to configure. When omitted, it will configure the local server. This parameter is mutually exclusive with AllServers.
  • AllServers switch specifies to configure all Exchange 2013 servers. This switch is mutually exclusive with Server.
  • OWA configures the message size limit for OWA. Value is in 1KB units.
  • EWS configures the message size limit for EWS. Value is in 1KB units.
  • Reset switch specifies to perform an IISRESET against servers after reconfiguration of client-specific message size limits.

So, suppose you want to configure an OWA message size limit for you can use:

.\Configure-ClientSizeLimits.ps1 -Server EX01 -OWA 100 -EWS 10240 -Reset

Configure Client Size Limits If you want to configure EWS limits for all servers without resetting IIS, you could use:

.\Configure-ClientSizeLimits.ps1 -AllServers -EWS 10240

You can download the script from the TechNet Gallery here.

Feedback is welcomed through the comments. If you got scripting suggestions or questions, do not hesitate using the contact form.

See TechNet Gallery page.

To Do
Compatibility with Exchange 2010 and removal of dependency on Exchange Management Shell.

Exchange 2013 Server Role Requirements Calculator 7.6

Exchange 2010 Mailbox Role Sizing Calculator 16.4The Exchange team published an update for the Exchange 2013 Server Role Requirements Calculator as well. The new version number is 7.6.

Changes since version 6.6:

  • Added support for ReplayLagManager
  • Added support for PreferredMaximumActiveDatabases
  • Added new table that exposes theoretical CPU utilization for each mode (normal runtime, first server failure, second server failure, site failure, site failure + 1 failure)
  • Added Restore-DatabaseAvailabilityGroup scenario support in Distribution algorithm
  • Added warning about designs that include more than24 processor cores / server and 96GB of memory
  • Added support for DAGs without Administrative Access Point (default behavior is no administrative access point) in the CreateDAG script
  • Changed default for Deleted Item Retention in export file to be the highest profile value for Deleted Item Retention
  • Changed default for Circular Logging in export file to be true when using Exchange Native Protection
  • Added ability to save scripts and CSV files to OneDrive for Business
  • Fixed CreateDAG.ps1 script error for DAG creation without administrative IP address
  • Modified CreateMBDatabases.ps1 to ignore CircularLogging choice and modified CreateMBDatabaseCopies.ps1 to enforce CircularLogging choice
  • Fixed Export DAG list function to use the correct value for MaximumActiveDatabases
  • Added support for MaximumPreferredActiveDatabases and AutoDatabaseMountDial in Export DAG List function and createdag.ps1
  • Modified CreateMBDatabaseCopies.ps1 to remove sleep timer, improving copy creation significantly
  • Fixed createdag.ps1 to not generate an error when there is no alternate witness server provided

Fixes since version 6.6:

  • Fixed an issue that prevented the calculator from displaying results when site resilience was disabled while Active/Active (Single DAG) was selected
  • Changed Processor Cores/Server to not use a list drop down, thereby enabling customers to enter in configurations they are deploying.
  • Fixed bugs in Diskpart script with PrepareAutoReseedVolume switch and WhatIf processing
  • Fixed bug in Diskpart with escaping quotes in some languages
    Fixed bug with display of lag copies in single site design
  • Fixed multiple databases / volume calculation to take into account symmetric designs that utilize an odd number of servers in a single site
  • Fixed scenario to count number of servers in A/P scenario where the only copy deployed in DR is a lagged copy
  • Fixed #NAME error in Database Copy Configuration table for standalone configurations
  • Updated DC1 memory sizing to take into account site failure mode for A/A (Single DAG) designs involving a 2 copy architectures
  • Updated Distribution Tab error reporting and Lastrow calculation
  • Fixed copy count validation formula for site resilient scenarios to not allow more copies in the primary datacenter than the number of servers
  • Added support for 10TB and 12TB capacity disks
  • Fixed run-time error on distribution tab when disabling site resilience
  • Fixed distribution error when disabling cross-site failover
  • Fixed bug in Distribution tab ActiveServer formula when modeling Cross Site Failover behavior
  • Fixed an issue with the distribution tab throwing an error when two files were opened at the same time
  • Fixed distribution algorithm where lagged copies were not always represented correctly
  • Blocked unsupported A/A (Single DAG) scenario where copy count is not the same in both datacenters

You can download the calculator here. For more information, please consult the list of changes here or Read Me here.