Wednesday, July 29, 2015

Upgrade to Windows 10: Hyper-V no longer installed

Update: It seems the upgrade process has overwritten the default locations where my virtual machines were stored. If you did not yet upgrade and care for your Hyper-V VMs, be very careful. Make sure you move the virtual machines to a safe location first.

After upgrading my Surface 3 Pro to Windows 10 I noticed that Hyper-V was no longer installed. I spend some time in the new Settings app but could not find a way to enable Hyper-V again.

Fortunately this issue is very easy to fix. Open Control Panel and navigate to Programs, Turn Windows features on or off. Select Hyper-V and click OK to continue.


But before you do this, please check the full list and select or deselect any other features you want to install or remove.

Thursday, July 23, 2015

How to access the Exchange 2016 ECP/EAC with a mailbox on 2013 or 2010?

So you added the first Exchange 2016 Preview server to your lab and now you want to access the Exchange admin center to configure your server. When you try to access https://<Exchange2016MailboxServer>/ecp and you enter your credentials you may see a ‘500 Unexpected Error’ or end up with the 2010 or 2013 version of the ECP. This is because Exchange 2016 by default tries to present the version of ECP that corresponds with the version of Exchange where your mailbox is hosted on.

To access the Exchange 2016 admin center while your mailbox is on an older version, append the string ?ExchClientVer=15.1 to your url. For instance https://<Exchange2016MailboxServer>/ecp?ExchClientVer=15.1.

Sounds familiar? That’s because the same procedure applied to Exchange 2013. Please note that the major version number of Exchange 2016 is 15.1, not 16 as you may have guessed.


Wednesday, July 22, 2015

Exchange 2016 Preview released!

Earlier today I wrote about some Exchange 2016 content that appeared on TechNet and now it’s obvious why: Microsoft released the Preview version of Exchange 2016. For those of you who attended Ignite this year the announcement will bring not much new. The architecture has been simplified (CAS and Mailbox roles integrated), OWA supports in-line editing and viewing of Office attachments, search has improved (again) and the Hybrid Configuration Wizard now runs from Office 365.


A feature that was not shared earlier is the auto-expanding archive mailbox, after the first 100 GB Exchange will automatically add archive mailboxes in 50 GB increments. I guess this will be interesting for some on-premises users but this is obviously a feature targeted at Exchange Online.

A download link and more information can be found in the article at the Exchange Team Blog.

PowerShell one-liner: How to query certificates in the certificate store?

PowerShell uses providers and drives to provide a consistent way to work with items in the file system, Active Directory, the registry, in applications and even the certificate store.


Recently I started using PowerShell to find the thumbprint of an installed certificate, for instance when I need that value to enable a certificate for Exchange services. To do this we can use the Cert: drive, navigate to the Local Computer store and then query the items in My, this is the Personal container you’re probably familiar with from working with the Certificates MMC snap-in.

dir cert:\localmachine\my

Where dir is of course an alias for Get-ChildItem.

Microsoft publishes Exchange 2016 documentation in Technical Library

With the Exchange 2016 Preview scheduled for the summer of 2015 (now!) the first documentation has been published to the Exchange Technical Library on TechNet. Of course the available content is still limited and new content will be added towards RTM.


Check it out here: Exchange Server 2016

Friday, July 17, 2015

Exchange 2013 CU install fails because the certificate is expired

This issue was recently brought up in a community and today I ran into the same issue myself. An Exchange 2013 CU installation is in progress and after Setup removed the existing installation files, it fails while installing the Transport service of the Mailbox role:


The following error was generated when "$error.Clear();
          Install-ExchangeCertificate -services IIS -DomainController $RoleDomainController
          if ($RoleIsDatacenter -ne $true -And $RoleIsPartnerHosted -ne $true)
            Install-AuthCertificate -DomainController $RoleDomainController
        " was run: "System.Security.Cryptography.CryptographicException: The certificate is expired…

Want happens here is quite easy to understand. As part of the CU installation Setup tries to enable the SSL certificate to the IIS service. This fails because the Valid To date on the certificate has passed, the certificate is no longer valid.


Easy, we simply replace the cert right? Well, remember that Exchange already removed the existing install? We have no access to the EMS at this point so we need Setup to finish the install before we can replace the certificate the proper way.

A silly but effective workaround to achieve this goal is to change the system time of the server to a date that falls in the range where the certificate was still valid.

Note: Make sure you (temporarily) disable the time synchronization feature of your hypervisor and the Windows Time service, or else it will change the time back in no time. :)

Now you can restart the CU installation, it will automatically detect the failed attempt and offers to continue the process.


When the CU installation has finished, enable the Windows Time service and/or the time sync feature of your hypervisor and observe the clock moving back to the correct time. Now would be a great time to fire up EMS and replace the SSL certificate with a new one. Reboot the box as best practice after installing a CU anyway and check the health of the server to verify if everything is working as it should.

So if your reading this you probably started your lab servers after a long time, just like I did. If you ran into this issue in a production environment, it's important to investigate why you ran with an expired certificate anyways. And if your certificate has expired, this article shows why you should replace it before you perform any maintenance on the server.

Thursday, July 16, 2015

Microsoft updates the Office 365 portal

Microsoft has done a lot of work in their Office 365 Portal over the past few years, anyone who remembers the BPOS experience will agree. The experience we see today is very consistent and you need to keep an eye on the address bar of your browser to notice that you actually switched to a different website. It’s all modern, clean and very white-blue.

An area for improvement is the end-user self-service portal, the section that can be accessed by clicking on the gear icon in the top right corner of the screen. Recently Microsoft started updating this section too. First thing the user will notice is the gradient bar on top of the page and the centered items, in the previous version of the portal the items were aligned to the left of the page.


When a user clicks on a section head the area expands and allows the user to make changes without leaving the page. For instance when the user clicks on Language, the option to select the language appears:


There are two exemptions to this principle, that's the Password and Software sections. I expect those sections to be revised too somewhere in the near future. Many admins are waiting for the option to remove the Password section from this portal, let's hope we see this added soon.

Friday, July 10, 2015

Is your 'free' Exchange hybrid key really free?

And I'm not talking about Willy or Nelson Mandela, I mean free as in at 'at no additional cost'. There are numerous sources on the internet stating customers can obtain a free key for their hybrid server. What most articles forget to mention is that the license restrictions make this license free for just a very small subset of all customers.
And it's not just blog posts of independent writers, I heard Microsoft employees state the same while visiting customers and in presentations on tech conferences as MEC and TechEd. And even their new Exchange Hybrid Product Key Distribution wizard ( does not mention all requirements.
In fact there are three major requirements to obtain the license key for free:
  • You have an existing, non-trial, Office 365 Enterprise subscription
  • You will not host any on-premises mailboxes on the Exchange 2013 or Exchange 2010 SP3 server on which you apply the Hybrid Edition product key.
And the one I want to emphasize:
  • You currently do not have a licensed Exchange 2013 or Exchange 2010 SP3 server in your on-premises organization
So if you're running licensed servers with Exchange 2010 in your environment, that Exchange 2013 server you want to deploy for hybrid is not free! In other words, the hybrid server license key is free if you're running Exchange 2007 or Exchange 2003 and have licenses for just those versions of Exchange.
In all other situations you will need to license your hybrid servers properly.
These license limitations can be found in the following KB article: How to obtain an Exchange Hybrid Edition product key for your on-premises Exchange 2007 or Exchange 2003 organization.

Thursday, July 9, 2015

Update: Office 365 migrations and the 'Delete‎()‎ is not supported on a read-only session' error

If you're performing a Staged or Cutover migration to Exchange Online you may run into the following error:


Error: MigrationPermanentException: An error occurred while running Get-MergeRequest -Identity : Delete‎()‎ is not supported on a read-only session. --> Delete‎()‎ is not supported on a read-only session.

Many customers reported this issue in the last couple of days. Moderators in the Office 365 Support Forums confirmed that Microsoft is aware of the issue in their backend and is still investigating. Unfortunately the Service Health dashboard does not make mention of this issue.


If you run into this issue you could try to stop and delete the migration batch, delete the created Office 365 users and restart the process. Some people reported their migration to succeed now. Others are still seeing the same issue in their migration batch.

To make sure that Microsoft has a good understanding of the scale of the issue, please open a Service Request if you're impacted too. And keep an eye on the discussion thread in the support forums to see if there's any progress made in resolving this issue.

Update July 14th 2015

Microsoft confirmed they implemented a fix in their environment, but it may take some time before it applies to all tenants. To find your tenant version, connect to Exchange Online with PowerShell first. Then query the version number:

Get-OrganizationConfig | ft AdminDisplayVersion

The fix has been implemented in version 15.1.234, so if your tenant is on that version or newer you can restart the migration batch and expect it to no longer fail. If your tenant is still on an older version I'm afraid you just have to wait a little more.