Category Archives: Office 365

HCW fails on intra-organization configuration

Posted on by
10

o365logoFor my lab, I often have to recreate the Exchange Hybrid configuration for a fresh setup of Exchange On-Premises using formerly used namespaces. Normally you would just run the Exchange Hybrid Configuration Wizard (HCW) after configuring certificates and endpoint URLs. If you don’t clean up the previous configuration information from your tenant upfront, you may then run in the following error message when running the HCW:

Updating hybrid configuration failed with error ‎’Subtask Configure execution failed: Configure IntraOrganization Connector Execution of the Get-IntraOrganizationConfiguration cmdlet has thrown an exception. This may indicate invalid parameters in your hybrid configuration settings. Multiple OnPremises configuration objects were found. Please use the OrganizationGuid parameter to select a specific OnPremises configuration object.

Multiple OnPremises configuration objects indicates there are multiple intra-organization objects defined in your tenant. You can clean up previous intra-organization configuration objects from your tenant as follows:

  1. First, in your Exchange On-Premises environment, run the Get-OrganizationConfig cmdlet from the Exchange Management Shell:
    image
  2. Copy the Guid value, in the example 1a95d446-ff56-4399-a95e-8ab46c30912b.
  3. Connect to Exchange Online (instruction here).
  4. Check the existing On-Premises definitions in your tenant by running Get-OnPremisesOrganization. There should be more than 1 entry.
  5. To remove the orphaned objects, remove all the objects that don’t match the Organization Guid you retrieved from your On-Premises environment earlier, e.g.:Get-OnPremisesOrganization | Where { $_.OrganizationGuid –ne ‘1a95d446-ff56-4399-a95e-8ab46c30912b’ } | Remove-OnPremisesOrganization
    image
  6. Now you could try re-running the HCW immediately, but chances are you will run in another error caused by orphaned intra-organization connectors (IOC). In those cases, when the HCW tries to run New-IntraOrganizationConnector, it will fail as the namespace defined by TargetAddressDomains is already in use by an existing connector, and ‘The domain <domain> already exists in another intra-organization connector’ is reported. Those connectors, named ‘HybridIOC – ’, where GUID is the Guid of previously used organizations, exist in your tenant. In your Exchange Online session, run the following cmdlet to remove orphaned connector definitions:Get-IntraOrganizationConnector | Where { $_.Identity –ne ‘HybridIOC – 1a95d446-ff56-4399-a95e-8ab46c30912b’ } | Remove-IntraOrganizationConnector
    image
  7. While you’re at it, you also might want to remove previously created connectors. Again, in your Exchange Online session, run the following cmdlets to remove orphaned inbound and outbound connectors (again, using the previously noted Organization GUID):
    Get-OutboundConnector | Where { $_.Identity –ne ‘Outbound to 1a95d446-ff56-4399-a95e-8ab46c30912b’ } | Remove-OutboundConnector
    Get-InboundConnector | Where { $_.Identity –ne ‘Inbound from 1a95d446-ff56-4399-a95e-8ab46c30912b’ } | Remove-InboundConnector

After removing these orphaned objects, you should be able to run the HCW succesfully.

The UC Architects Podcast Ep51

Posted on by
2

iTunes-Podcast-logo[1]Episode 51 of The UC Architects podcast is now available. This episode is hosted by Steve Goodman who is joined by Dave Stork and John Cook.. Editing was done by Andrew Price.

Some of the topics discussed in this episode are:

  • Exchange 2013 CU8
  • Exchange 2010 SP3 CU9
  • Exchange ActiveSync onboarding to Office 365
  • Exchange 2013 Hybrid Config Wizard
  • Office 2013 modern auth public preview
  • Staying informed of Office 365 changes
  • Office 2016 preview
  • Updates for Outlook for iOS
  • Azure AD Sync
  • Office 365 MDM
  • Questions from listeners
  • Lync Kerberos Account
  • Lync/Skype for Business Network Planning for Silk Code
  • Controlling Lync/Skype for Business with your arms
  • Get ready for Skype for Business
  • Updates and Skype for Business
  • Microsoft Ignite
  • UCBUG
  • UCDAY
  • UCExpo

You can download the podcast here or you can subscribe to the podcasts using iTunes, Zune or use the RSS feed.

About
The UC Architects is a bi-weekly community podcast by people with a passion for Unified Communications; our main focus is on Exchange, Lync or related subjects.

The UC Architects Podcast Ep50

Posted on by
Reply

iTunes-Podcast-logo[1]Episode 50 of The UC Architects podcast is now available. This episode is hosted by Pat Richard, who is joined by John A Cook and Ståle Hansen. Editing was done by Andrew Price.

Some of the topics discussed in this episode are:

  • Network ports for clients and mail flow in Exchange 2013
  • iOS 8.2 has been released
  • Using the Hybrid Configuration Wizard in Exchange Server 2013 (Part 2)
  • How and when to decommission Exchange Hybrid
  • The Office 2016 Mac Preview is here!
  • The Exchange Server 2013 Management Pack for System Center Operations Manager has been updated
  • A Guide to PowerShell for Lync and Exchange Online
  • Be the first to learn what’s next for Exchange and Office 365 at Microsoft Ignite
  • Free Load Balancer – KEMP Virtual LoadMaster
  • Use Windows PowerShell cmdlets to enable OneDrive sync for domains that are on the safe recipients list
  • Office 365 for Exchange Professionals
  • Office 365 Partner Admin app
  • Making Clutter in Office 365 even better
  • Azure AD Premium (and EMS) available for partner use
  • Getting rate limiting warnings for auto-discovered partners on your #Lync edge (event id 14603)
  • March 2015 update for #Lync for Mac 2011 14.0.11 (KB3037358)
  • How do I control the Lync and Skype UI with the Skype for Business client
  • Managing the Skype Client UI in Skype for Business
  • Set up Two-Armed Kemp VLM as Reverse Proxy/HLB for Lync 2013
  • Latest Visual C++ 2012 update (11.0.61030) won’t let #Lync Resource Kit or Debugging Tools install
  • March 10, 2015 update for #Lync 2013 (KB2956174)
  • Lync Monitoring Reports Decoder
  • Updates Lync Server 2013 Management Pack
  • LS Storage Service event 32054 after you enable Lync 2013 Mobility in an Exchange 2010 environment
  • Measure your conferencing adoption today with SQL
  • QoS Calculator v1.2
  • Update to Lync 2013 mobile app (v5.8, secure app settings, bug fixes)
  • Lync 2012 Database Mirror Manager update
  • Being a UC Superhero with Lync QoE Superpowers
  • LyncPro: Call Monitor Pro for Skype for Business & Lync: Enhancements and Extensibility
  • Book – Lync Server Cookbook
  • Ignite
  • EventZero/The UC Architects party at Ignite
  • LyncDay becomes SkypeDays
  • UCBUG meeting 05/13/2015
  • UCDAY UK meeting 09/28/2015

More information on the podcast including references and a link to download the podcast here or you can subscribe to the podcasts using iTunes, Zune or use the RSS feed.

About
The UC Architects is a bi-weekly community podcast by people with a passion for Unified Communications; our main focus is on Exchange, Lync or related subjects.

The UC Architects Podcast Ep49

Posted on by
Reply

iTunes-Podcast-logo[1]Episode 49 of The UC Architects podcast is now available. This episode is hosted by Steve Goodman, who is joined by Dave Stork, Pat Richard, John A Cook and myself. Editing was done by Andrew Price.

Some of the topics discussed in this episode are:

  • PIN lock and other updates to Outlook for iOS and Android
  • Exchange 2013 and Exchange 2010 Coexistence with Kerberos Authentication
  • Training Course: High Availability for Exchange Server 2013
  • Broken IMAP on Exchange 2013 and how to fix it
  • Windows Mobile does not support your new SSL certificate
  • Introducing New-ExchangeWebsite for Exchange 2013
  • A quick look at the Sunrise Calendar app
  • RBAC Manager R2 for Exchange
  • BitTitan offers Nuix-as-a-service
  • PowerShell for MigrationWiz updated
  • Sign in page branding and cloud user self-service password reset for Office 365
  • A better way to recover a mailbox
  • Automated Hybrid Troubleshooting Experience
  • Shared Mailbox Sent Items Changes Coming to Office 365
  • How Groups could be so much better
  • Using the Hybrid Configuration Wizard in Exchange Server 2013
  • Office 365: Deployment Content Moving
  • Azure AD Sync Service Updated
  • Pausing Music When On A #Lync Call – Using the Client SDK
  • Lync Client 2013 – Disable Customer Experience Improvement Program
  • New update for Lync Environment Report now supports custom Word document templates
  • Lync Server 2013 Control Panel crashes when you access the Route tab under the Voice Routing tab
  • Lync client may connect to a non federated partner, even if you though it should not
  • Persistent Chat – December 2014 CU – 500 Internal Server Error
  • Lync / Skype for Business Photo Editor Version 1.0 available now!
  • Do you need a Lync Server license for every Lync Server role–or is this just a Lync licensing myth?
  • Enabling Group Paging on Polycom VVX Phones for Lync or Skype
  • Issues with Unified Contact Store in combination with Lync on-premises & Exchange Online
  • Deep Dive into Set-CsPinSendCAWelcomeMail
  • Skype for Business and Lync troubleshooting 101
  • Update to Skype for Business / Lync Validator KHI reader. Longer list of counters + graphs
  • Book – Deploying and Managing Exchange 2013 HA
  • Book – Exam Ref 70-342 Advanced Solutions of Microsoft Exchange Server 2013
  • Book – Lync Server Cookbook
  • Ignite
  • Stale Hansen – Speaking at Ignite
  • UCBUG Meeting May 13th
  • UCDAY UK – 28th Sept by by Andrew P, Steve, Jason Wynn, Iain Smith, Adam Gent and Tom A

More information on the podcast including references and a link to download the podcast here or you can subscribe to the podcasts using iTunes, Zune or use the RSS feed.

About
The UC Architects is a bi-weekly community podcast by people with a passion for Unified Communications; our main focus is on Exchange, Lync or related subjects.

Blocking Outlook App for iOS & Android

Posted on by
12

imageYesterday, Microsoft announced the immediate availability the Outlook for iOS and Outlook for Android preview. These apps are the former app named Acompli, which was acquired by Microsoft in December, last year. It is unlikely that Microsoft will develop and support two similar apps, so one can assume the new Outlook app will replace the current OWA for iOS and OWA for Android (or just OWA for Devices) apps.

The app isn’t without a little controversy:

  • The app stores credentials in a cloud environment from Amazon Web Services for e-mail accounts that don’t support OAuth authorization.
  • The app makes use of a service sitting between the app and your mailbox. This service acts as a sort of proxy (hence it requires those credentials), fetching, (pre)processing and sending e-mail. In some way this is smart, as it makes the app less dependent on back-end peculiarities, using a uniform protocol to communicate with the proxy service.
  • The app does not distinguish between devices (device identities are assigned to your account, which makes sense since the app uses a service to retrieve and process your e-mail).
  • The app does not honor ActiveSync policies, like PIN requirements. While true, this app is not an ordinary Exchange ActiveSync client.

You can read more about this here and here.

In all fairness, when the app was still named Accompli, nobody cried foul. But the app is now rebranded Outlook and property of Microsoft, so it seems this made the app fair game. I hope Microsoft is working behind the scenes to make the new Outlook app enterprise-ready, and I’m sure it won’t be long before we see the app’s services move from AWS to Azure. The whole outrage in the media also seems a bit misplaced, as Connected Accounts in Exchange Online, which will retrieve e-mail from a POP or IMAP mailbox, will also store credentials ‘in the cloud’.

It is recommended to treat the app as a consumer app for now, and you may want to block the app in your organization. I have written on how to accomplish blocking or quarantining faulty iOS updates before. However, in those articles I used the reported OS version to block or quarantine devices. The Outlook app proxy service reports itself as “Outlook for iOS and Android” as device model when querying your mailbox, allowing us to use the DeviceModel parameter for matching.

The cmdlet to block or quarantine the new Outlook app in Exchange 2010, Exchange 2013 or Office 365,  is:

New-ActiveSyncDeviceAccessRule –QueryString 'Outlook for iOS and Android' –Characteristic DeviceModel –AccessLevel Block

or, to quarantine:

New-ActiveSyncDeviceAccessRule –QueryString 'Outlook for iOS and Android' –Characteristic DeviceModel –AccessLevel Quarantine

For examples of alternative blocking methods using TMG or F5, check this article. If you need to specify the user agent string, use “Outlook-iOS-Android/1.0” (or partial matching on “Outlook-iOS-Android” to block future updates of the app as well).

As goes for all mobile devices in enterprise environments, as an organization it may be better to test and aprove devices and OS versions rather than to be confronted with mobile apps with possible faulty behavior after an update or which may violate corporate security policies.