Skip to main content



With Microsoft Exchange Server 2016 CU4, OWA in Exchange 2016 could not be opened with Mozilla Firefox or Google Chrome browser, but it will work with IE and Microsoft Edge. Using Firefox or Chrome browser the error *NS_ERROR_NET_INADEQUATE_SECURITY’ will be displayed in the browser. The reason for this for this error is the integration of the HTTP/2-Standard in the Windows Server IIS components by Microsoft.

To fix the problem download the tool ‘IISCrypto” on your Exchange Server 2016 CU4. Both Exchange installations, on Windows Server 2012 R2 and Windows Server 2016, could be fixed with that tool by NARTAC SOFTWARE.
Download IISCrypto

Afterwards run the downloaded ‘IISCrypto.exe*’ file on your Exchage Server 2016. Maximize the appliacation window and choose thr button “Best Practices”. To start the changes press “Apply”.


The programm will give you the hint to reboot the Exchage Server.


After the reboot of the related Exchange Server, Outlook on the web (OWA) will be reachable by any supported browser vendor.

Le mail rimangono bloccate nella cartella bozze in Exchange 2010/2013


Potrebbe capitare nell’uso di Exchange 2010/2013 che i messaggi di posta elettronica rimangano bloccati nella cartella bozze della cassetta postale mentre in osta inviata non ve n’è traccia.

Quando l’utente manda il comando di invio della mail lo “store driver” la processa e la gira al servizio di trasporto ma se questo processo non avviene (il servizio non è disponibile oppure non è in grado di processare la posta in uscita) la mail rimane nelle bozze.


L’inconveniente potrebbe essere dato da una non corretta configurazione nei DNS quindi basta collegarsi alla Exchange Admin Center, selezionare “server” sulla sinistra e modificare il server in oggetto. Nella voce “Ricerche DNS” selezionare “impostazioni personalizzate” e compilate sia la sezione “ricerche nel dns esterno” sia “ricerche nel dns interno”. Riavviate il servizio di trasporto di exchange e vedrete la posta inviata senza problemi.

How to manually purge Exchange server logs – clean and easy

This example will show you how to purge the logs for a database that is located on Drive D. we will “fake backup” drive D and this will trigger the logs to be purged.

  1. Open Command prompt
  2. Launch Diskshadow
    1. Add volume d:
    2. Begin Backup
    3. Create
    4. End Backup
  3. At this step you should notice the following events in the application log indicating that the backup was indeed successful and logs will now be deleted.

Here’s some screenshots from the process:

Diskshadow commands for the example

Upgrade Exchange 2010 SP1 or SP2 to SP3 for SBS 2011 Standard


Install Exchange 2010 SP3 on SBS 2011


1) Ensure that there is a good, full backup of VM or server

2) Make sure that you DO NOT have Windows Management Framework (WMF) 3.0      installed on the server

  • From a command prompt run –  wmic qfe list | findstr “2506143”
  • or look for KB2506143. You will need to uninstall this patch and then reboot the server before you install the SP3 upgrade

3) Ensure the account running the update is a member of Schema Admins and Enterprise Admins as SP3 involves an AD schema update

4) Reboot server before upgrading if not already rebooted from above step – Definitely recommended

  • Not required but allows for a clean start up, frees up resources and releases connections
  • Also ensures that in the event any “Previous installations” were attempted and NOT completed the server is rebooted to a ready state

5) Export current Certificate for mail services with private key

  • If the mail server certificate isn’t already fully exported and nicely tucked away somewhere safe and accessible then do so before performing the upgrade….JUST IN CASE

6) Stop Backup Exec services if in use

7) Turn off SBS manager in services

8) Stop BES services (if applicable) in correct order

To stop the services:

BlackBerry Controller

BlackBerry Dispatcher

BlackBerry Router

All remaining BlackBerry Enterprise Server services

9) Disable Anti Virus services

  • Disable don’t just Stop “real time scanning”. This will cause the Languages install phase to stall and I have seen users report times of up to 1.5 hours to complete…JUST THIS PHASE

10) Install  Exchange SP3

11) Upon SP3 completion launch Exchange Management Shell and execute:

get-exchangeserver | fl name,edition,admindisplayversion


12) In Internet Explorer deselect “Check for Publisher’s certificate” and “Check for server certificate revocation”


When you install an update rollup package, Exchange tries to connect to the certificate revocation list (CRL) Web site. Exchange examines the CRL list to verify the code signing certificate. If Exchange can’t connect to the CRL Web site, the following symptoms may occur:

  • The installation takes a long time to complete.
  • You receive the following message during the installation: Creating native images for .Net assemblies


  • Start Internet Explorer
  • On the Tools menu, click Internet Options
  • Click the Advanced tab, and then locate the Security section
  • Clear the Check for publisher’s certificate revocation check box, and then click OK


13) Update to latest rollup

14) Enable Anti Virus “real time scanning” to automatic (or previous startup state)

15) In Internet Explorer select “Check for Publisher’s certificate” and “Check for server certificate revocation”

16) Reboot server

17) Ensure all required services are running

Small Business Server 2011 Slow to Boot and Several Services Fail to Start


  1. Uncheck Internet Protocol Version 6 (TCP/IPv6) on your Network Card.
  2. In Registry Editor, locate and then click the following registry subkey:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\
  3. Double-click DisabledComponents to modify the DisabledComponents entry.
    Note If the DisabledComponents entry is unavailable, you must create it. To do this, follow these steps.

    1. In the Edit menu, point to New, and then click DWORD (32-bit) Value.
    2. Type DisabledComponents, and then press ENTER.
    3. Double-click DisabledComponents.
  4. Enter “ffffffff” (eight f’s), and then click OK:clip_image002
  5. Reboot the SBS 2011 server.

RRAS (VPN) Note: If you plan to enable VPN on your SBS 2011 server, you MUST also Export and then Delete the following registry key:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\RouterManagers\Ipv6

If you do not delete this key you will get an 20103 Event when trying to start RRAS with IPv6 disabled.  You must reboot after removing this key.


disable IPv6

Exchange 2013 Step by Step Configuration


Written by Allen White on. Posted in Exchange 2013

exchang 2013 install guide
This guide is a combination of all the Exchange 2013 guides already on the site but in the order I wouldconfigure Exchange 2013 in. From out of the box installation through to spam configuration and setting up an SSL cert in Exchange 2013.Treat this article as your main Exchange 2013 configuration guide. All the pages will open in a new window.

Deployment Scenario

This solution is based on a new Exchange 2013 environment, no previous Exchange servers have been installed on this domain previously. If you are migrating from Exchange 2010 then the version of Exchange 2013 you will need is Exchange 2013 Cu2 at minimum find that here and your exchange 2010 will need to be at service pack 3 before you install Exchange 2013 into your organization , find that here . This deployment is greenfield and will work on Server 2008 R2 or as Ive wrote it for Server 2012.

First we need to actually install Exchange 2013, this is on Server 2012. This article is located here

How Do I Configure Exchange 2013?

Once Exchange 2013 is installed we then need to enter the product key for Exchange 2013 to enable certain features and be licensed correctly.

Now that the Exchange 2013 product key is entered we are ready to configure Exchange 2013, we will firstsetup the Send Connector so we cant send mail out.

If you decided you want to put a limit on the size of email you send out on the send connector then use this guide.

Once that is done we need to configure and check that Exchange 2013 is ready to accept mail for your domain the receive connector is set to receive mail by default from external domains, we now need to tell Exchange 2013 what domains to accept mail for.

As we are sending and receiving mail now we should really think about anti-spam measures, lets now setup Exchange 2013 anti spam to stop users getting lots of junk mail.

Now that our email is secure and safe we can add users to Exchange 2013 so they can start to send a receive mail. First so Outlook or your email client can connect to Exchange and configure automatically create an A record called Autodiscover in DNS and point it to the IP address of the Exchange server with the CAS role. Then use the guide below to create your users.

As users are sending email now to and from the domain we realy should add a disclaimer to Exchange 2013.

So email is now flowing, we are protected from spam and we also issue a disclaimer when sending email out. Lets think about when users attach through owa, we need to secure exchange 2013 with an SSL certificate.

Now you have followed all the Exchange 2013 guides you will have a fully functioning Exchange 2013 enviroment. If you want to optimize Exchange 2013 even more then check out the Exchange 2013 category for more articles such as catch all mailboxes and many more. Hope this helps.

FINALLY!..for much more information on what you can and cannot do in Exchange 2013 check out the whats new section for Exchange 2013 from Microsoft.
Whats new in Exchange 2013.

Send on Behalf and Send As


Send on Behalf and Send As

Send on Behalf and Send As are similar in fashion. Send on Behalf will allow a user to send as another user while showing the recipient that it was sent from a specific user on behalf of another user. What this means, is that the recipient is cognitive of who actually initiated the sending message, regardless of who it was sent on behalf of. This may not be what you are looking to accomplish. In many cases, you may want to send as another person and you do not want the recipient to be cognitive about who initiated the message. Of course, a possible downside to this, is that if the recipient replies, it may go to a user who did not initiate the sent message and might be confused depending on the circumstances. Send As can be useful in a scenario where you are sending as a mail-enabled distribution group. If someone replies, it will go to that distribution group which ultimately gets sent to every user who is a part of that distribution group. This article will explains how to use both methods.

Send on Behalf

There are three ways to configure Send on Behalf. The first method is by using Outlook Delegates which allows a user to grant another user to Send on Behalf of their mailbox. The second method is having an Exchange Administrator go into the Exchange Management Shell (EMS) and grant a specific user to Send on Behalf of another user. The third and final method is using the Exchange Management Console (EMC).

Outlook Delegates

There are major steps in order to use Outlook Delegates. The first is to select the user and add him as a delegate. You then must share your mailbox to that user.

  1. Go to Tools and choose Options
  2. Go to the Delegates Tab and click Add
  3. Select the user who wish to grant access to and click Add and then Ok

Note: There are more options you can choose from once you select OK after adding that user. Nothing in the next window is necessary to grant send on behalf.

  1. When back at the main Outlook window, in the Folder List, choose your mailbox at the root level. This will appear as Mailbox – Full Name
  2. Right-click and choose Change Sharing Permissions
  3. Click the Add button
  4. Select the user who wish to grant access to and click Add and then Ok
  5. In the permissions section, you must grant the user at minimum, Non-editing Author.

Exchange Management Shell (EMS)

This is a fairly simple process to complete. It consists of running only the following command and you are finished. The command is as follows:

Set-Mailbox UserMailbox -GrantSendOnBehalfTo UserWhoSends

Exchange Management Console (EMC)

  1. Go to Recipient Management and choose Mailbox
  2. Choose the mailbox and choose Properties in Action Pane
  3. Go to the Mail Flow Settings Tab and choose Delivery Options
  4. Click the Add button
  5. Select the user who wish to grant access to and click Add and then Ok

Send As

As of Exchange 2007 SP1, there are two ways to configure SendAs. The first method is having an Exchange Administrator go into the Exchange Management Shell (EMS) and grant a specific user to SendAs of another user. The second and final method (added in SP1) is using the Exchange Management Console (EMC).

Exchange Management Shell (EMS)

The first method is to grant a specific user the ability to SendAs as another user. It consists of running only the following command and you are finished. The command is as follows:

Add-ADPermission UserMailbox -ExtendedRights Send-As -user UserWhoSends

Exchange Management Console (EMC)

  1. Go to Recipient Management and choose Mailbox
  2. Choose the mailbox and choose Manage Send As Permissions in Action Pane
  3. Select the user who wish to grant access to and click Add and then Ok

Miscellaneous Information

No “From:” Button

In order for a user to Send on Behalf or Send As another user, their Outlook profile must be configured to show a From: button. By default, Outlook does not show the From: button. In order to configure a user’s Outlook profile to show the From: button:


If you are sending as another user, the recipient user might reply. By default, Outlook is configured to set the reply address to whoever is configured as the sending address. So if I am user A sending on behalf of user B, the reply address will be set to user B. If you are the user initiating the sending message, you can configure your Outlook profile to manually configure the reply address.

Conflicting Methods

If you are configuring Send on Behalf permissions on the Exchange Server, ensure that the user is not trying to use the Outlook delegates at the same time. Recently, at a client, I was given the task to configure Send As as well as Send on Behalf. As I was configuring Send As on the server, I found out that the client was attempting to use Outlook Delegates at the same time. Send As would not work. Once the user removed the user from Outlook Delegates and removed permissions for that user at the root level of your mailbox that appears as Mailbox – Full Name, Send As began to work. So keep in mind, if you are configuring Send As or Send on Behalf, use only one method for a specific user.

SendAs Disappearing

If you are in a Protected Group, something in Active Directory called SDProp will come by every hour and remove SendAs permissions on users in these protected groups.  What security rights are configured on these security accounts are determined based on what security rights are assigned on the adminSDHolder object which exists in each domain.  The important part for you to remember is that every hour, inheritance on these protected groups will be removed and SendAs will be wiped away.

A good blog article explaining what adminSDHolder and SDprop are and what Protected Groups  is located here.

How to Send E-mails with Exchange Using a Different “From” Address


[Today’s post comes to us courtesy of Damian Leibaschoff]

DISCLAIMER: There are many different ways to implement this solution, this is just one of them.

A very common request we get is people wanting to be able to send outbound Internet e-mails from Outlook using different addresses as the originating address. This is different than just using a delegation or Sending on Behalf, this is truly sending the e-mail with a different “From:” address. The solution presented here will focus in using Outlook and Exchange without the need to create new accounts in Outlook. It will not only allow a user to send using a different e-mail address, it will also allow a user or a group of users to send using the e-mail address of a mail enabled security group.

An example would be: You have a mail enabled security group or a distribution group with an address and you want to send your replies as coming from that address instead of your personal one. The same concept can be used for a single user that wants to be able to send using other addresses.

1. Removing the additional E-mail addresses from your existing user

This first step is optional and it really depends on where you are in the implementation of this process. If you already have a mail enabled security group or distribution group with the desired e-mail address, then you can skip it. On the other hand if your user already has the address you want to use to send as (as a secondary e-mail address in Active Directory), we will need to remove it from the user itself, we cannot have two objects in active directory with the same e-mail address. We will need to add this e-mail address to another object that we will create shortly, so for now, we need to remove it. Remember, Exchange will always use your default e-mail address as the reply-to/from address, so we need to work around this limitation.

  • Open AD Users and Computers
  • Find the user that might have the needed e-mail added as a secondary e-mail address and open its properties. If you are not sure you can use the FIND feature:
    • Right click on the domain container and select Find
    • Go to the Advanced tab
    • Click on Field, select User and pick Proxy Addresses, change the condition to Is (exactly), and on the Value type in the e-mail address you are searching for (prefix it always with SMTP:, for example,, click Add.
    • Click Find Now
  • Once you find the user, open its properties and go to the E-mail addresses tab
  • Remove the secondary E-mail address that you want to use as an alternate primary address. It is recommended that you temporally stop mail flow by stopping the SMTP Virtual Server from Exchange System Manager (under protocols\SMTP) as to avoid receiving e-mails to this address for the few minutes that this procedure will take until the e-mail is moved to another object.
  • Click OK to accept the changes.



2. Creating the new Mail Enabled Security Group.

  • Open AD Users and Computers from Administrative Tools.
  • Expand your domain, MyBusiness, and select Security Groups
  • Do right click, New, Group
  • Selected Global and Security, give it a distinctive name (it will show up when sending e-mails) and click Next.
  • Put a check next to “Create an Exchange e-mail address”, don’t worry about the alias, we can modify it to match the address we need once the object is created.
  • Click next and finish.

Wait a few minutes for the object to be stamped by the Exchange Recipient Update Service.

  • Now open the Properties of the Security Group you just created.
  • Go to the E-mail Addresses tab, if this is blank, stop, the object has not been stamped yet. Once you have address in the E-mail addresses tab, you can proceed.
  • If you see the e-mail address you need as the primary, then you can skip the next few steps, if you don’t, then add it:
    • Click New, SMTP Address, and add the e-mail address we removed from step 1 (for
    • Click ok to accept.
    • Select the newly added SMTP E-mail address and click Set As Primary.
    • Also uncheck the “Automatically update e-mail addresses based on recipient policy”.
  • Click Ok to close the properties. Note: It is important not to make this security group a member of any other groups, this will help prevent issues with the AdminSDHolder resetting the security permissions we are going to be changing in the next section.






3. Adding the group membership and setting the proper security to allow the Send As.

We will be working on the properties of the Security Group we just created, but before we continue, we need enabled the Advanced Features in AD Users and Computers.

  • Select View on the top menu and then select Advanced Features.

Now we can open the properties of the Security Group we just created.

  • Expand your domain, MyBusiness, and select Security Groups
  • Right Click the desired Security Group we just created and select properties.
  • Go to the Members tab
  • Click Add
  • Type the name of the User who is going to be receiving the e-mails sent to the E-mail address what we have configured for this Group. Remember, e-mails sent to the e-mail address that we added on step 2 will be delivered to members of this group only, if this is just one user that needs to send and receive using the second e-mail address, then you would have only 1 member, if this is a shared address, then you can have multiple members, they will all get a copy of e-mail sent to the address in question.
  • Repeat the Add process as needed.
  • Once you have added the members, click Apply, inbound e-mail sent to the address in question will start flowing again. Start the SMTP Virtual Server if you had that stopped. Do not close the properties yet.


Now we need to set up the proper security. We will need to add the user or group accounts we will want to allow to send as using this Security Groups primary e-mail address. This is the key step that will allow us to use the e-mail address as our new From. Keep in mind that Domain Administrators and Account Operators will already be able to Send As this group and no changes are needed.

  • Go to the Security tab
  • Click Add
  • Type the name of the User who is going to be sending the e-mails using the e-mail address configured for this mail enabled Security Group. If you want to allow all members of this group to be able to send using the e-mail address here, then add the security group name (Sales Group in our example).
  • Once you have added the user/users/groups, find them on the security list, select the object, and scroll down on the Permissions half of the window until you find the “Send As” right. Put a check on the Allow column. You are basically giving the user Send As rights on the Security Group.
  • Click ok
  • Open the Services MMC
  • Re-start the Microsoft Exchange System Attendant service (and its dependants)

Picture showing the allow just on a per user basis scenario:


Picture showing the allow all group members to Send As:


4. Testing from Outlook

At this point all the pieces should be in place. Mail should be flowing to the e-mail address in question and the only thing left is for the user to learn how to pick which account to use when sending outbound e-mail. Please note that this will not happen automatically, the user will have to take action for every e-mail they want to use a different address for.

  • In Outlook while logged in to the user’s mailbox that has Send As permissions to the newly created group (so basically, open Outlook as normal, nothing should change from the client perspective), click to open a new email
    • Outlook 2003: Click View, and select “From Field”
    • Outlook 2007: Click Options and select “Show From”
  • Click on the From: and pick the Group that has the address we want to use or type the Group name or just type the e-mail address (on our case Due to potential timing issues while updating the offline address book while in cached mode, the new group may not show up to be selected. It should eventually show up, if it doesn’t then something is not working as expected with the OAB generation.
  • Fill in the To, Subject, write up your email and click Send email
  • The receiver should only see the alternate email address as the From.



5. Troubleshooting

  • You get the following NDR:

Your message did not reach some or all of the intended recipients.

Subject: Test

Sent: 10/31/2007 2:27 PM

The following recipient(s) could not be reached:

usera@msft.local on 10/31/2007 2:27 PM

You do not have permission to send to this recipient. For assistance, contact your system administrator.


  • Or the following error (if you are not in cached mode):

    • This is a sign that the security was not setup properly or has not taken effect. Re-check step 3. Do not forget to re-start the Microsoft Exchange System Attendant Service on the server and Outlook on the client. If permissions have been changed on the security group, check the group membership of that group, make sure it is not a member of a protected AdminSDHolder group (direct or transitive). See the following KB for additional information;EN-US;907434 .


This message is too large to send. To be able to send it, make the message smaller, for example, by removing attachments.


Posted by viralr on May 29, 2014

Unable to send large attachments and get this bounce back:

From: postmaster@MYDOMAIN.LOCAL [mailto:postmaster@MYDOMAIN.LOCAL]
Sent: Wednesday, May 28, 2014 4:14 PM
To: Mathews, John
Subject: Undeliverable: FW: Re: Remaining
Delivery has failed to these recipients or groups:
This message is too large to send. To be able to send it, make the message smaller, for example, by removing attachments.

Diagnostic information for administrators:
#< #5.2.3 smtp;550 5.2.3 RESOLVER.RST.SendSizeLimit.Org; message too large for this organization> #SMTP#

To troubleshoot this issue use the following steps:-

The email size restriction for user mailbox will be applied in the following order

  1. Global Transport configuration settings
  2. Send connector size restriction
  3. Receive connector size restriction
  4. In the user mailbox properties of send and receive size limit

Please use the below command to check the limts,

To verify global transport settings all Hub Transport servers in the Exchange Organization :-

Get-TransportConfig | ft MaxSendSize, MaxReceiveSize

To modify the sending and receiving email message size to 100 MB in the global Tranport configuration

Set-TransportConfig –MaxSendSize 20MB –MaxReceiveSize 100MB

To verify and modify the send connector size,Send connector are used to send emails out of the exchange organization and the default size is 10 MB.

Get-SendConnector | ft name, MaxMessageSize

Set-SendConnector <Connector Name> –MaxMessageSize 50MB

To verify and modify the receive connector size,Receive connector are used to receive emails from the internet or application and the default size is 10 MB.

Get-ReceiveConnector | ft name, MaxMessageSize

Set-ReceiveConnector <Connector Name> –MaxMessageSize 50MB

The send and receive email message size can be granular controlled in the user mailbox properties. To verify the and modify the size

Get-mailbox | ft Name, MaxSendSize, MaxReceiveSize

Set-Mailbox “test” –MaxSendSize 20MB –MaxReceiveSize 20MB



There are various error message which is listed below will occur if the value is not configured as per the above rule.

Error 1:

The following recipient(s) could not be reached: on 01/15/2014 3:54 PM

This message is larger than the current system limit or the recipient’s mailbox is full. Create a shorter message body or remove attachments and try sending it again.

< #5.2.3 smtp;450 5.2.3 Msg Size greater than allowed by Remote Host>

Error 2:

The following recipient(s) could not be reached  on 01/15/2014 3:54 PM

This message is larger than the current system limit or the recipient’s mailbox is full. Create a shorter message body or remove attachments and try sending it again.

< #5.2.3 smtp;550 5.2.3 RESOLVER.RST.SendSizeLimit; message too large for this sender>

Error 3:

Delivery has failed to these recipients or distribution lists:
This message exceeds the maximum message size allowed. Microsoft Exchange will not try to redeliver this message for you. Please make the message smaller — by removing attachments, for example — and try sending it again, or provide the following diagnostic text to your system administrator.

Diagnostic information for administrators:
Generating server:
#550 5.2.3 RESOLVER.RST.SendSizeLimit; message too large for this sender ##

Error 4

OWA Error – The request filter module is configured to deny a request that exceeds the request content length”

Error 5

EWS Error –   Email is goes in drafts or never leaves the outbox and the client receives an “exceeded the size limit”