Category Archives: Exchange Server 2013

Hybrid Configuration Wizard fails with “Unable to connect to the remote server”

Issue – Running Exchange 2013 Hybrid Configuration Wizard (HCW) fails at the very beginning with following error:

Unable to access the Federation Metadata document from the federation partner. Detailed information: “Unable to connect to the remote server”


Solution – This is mostly related to a missing Proxy-Server configuration which is in between your Exchange on premises server and Exchange Online.

Firstly, you should check that the Internet Explorer has the right entries:2015-01-18 15_44_08-254 448 608 - TeamViewer

Secondly, check your winhttp settings with:

If there a “Direct” connection is configured you should import your IE settings with:

2015-01-18 15_44_46-254 448 608 - TeamViewer

Thirdly, also check your Exchange 2013 Server for a correct setting:

If that is empty, set the correct values:

Note: If your company security division forces a Proxy Authentication for that, this stuff is broken for ever ;-) – So get rid of that proxy authentication, at least for that piece of Exchange Server. There are ways to handle proxy auth but to be honest –> KIS – Keep it simple!

Finally, your HCW should allow to get finished now :-)

cheers, Alex

451 4.7.0 Temporary server error. Please try again later. PRX4

Issue: Mail Delivery to your Exchange 2013 Server is broken

“51 4.7.0 Temporary server error. Please try again later. PRX4” You will find this error on following situations:

  1. Trying a simple “Telnet fqdn 25” after input of data.
  2. On your Frontend Transport Server SmtpReceive Logs.
  3. On an extended Office 365 / Exchange Online Message Trace Log (Mails delivery stays in “pending” to your Hybrid Exchange 2013 SP1 Server (equal to PowerShell: Get-Messagtrace -Status Pending)
  4. Mail in OWA get stuck in your Drafts folder (OK, that can have many other reasons)

Solution: either…

a) Tony wrote already a very good blog about one clue:

b) …and that is a tricky one on the right hand and so simple on the other hand -> Check:

If your HubTransport is on “Draining” – perform this:

Mail delivery is back :-)

have fun, Alex



Mobile phone battery drain with Kemp Loadbalancer

Recently I implemented two KEMP LM2600 at customer site (Exchange 2013 CU3 multi role servers). At the next day customers help desk got a lot of user complaints because battery life time of their mobile phones was reduced dramatically (iPhones using EAS – Exchange Active Sync)

Solution: In Network Options uncheck “Enable TCP Keepalives”

Kemp Keepalives

Kemp documentation is recommending this as well

Enable TCP Keepalives
By default the TCP keepalives are enabled which improves the reliability of TCP connections that are long lived (SSH sessions). Keepalives are not usually required for normal HTTP/HTTP Services. The keepalive messages are sent from the LoadMaster to the Real Server and to the client. Therefore, if the client is on a mobile network, there may be an issue with additional data traffic.

My comment: At the end of the day I am asking why this setting is active per default? And why this can not be set for each VS – Virtual Service? Be aware that this is a global configuration and it my affect other Services / Real Servers. To be honest, this was the first time of seeing such a behavior.

Migration to Exchange 2013: Calendar Permissions get lost using Outlook 2007

1. What was before

User or administrators in the Exchange 2007/2010 world are providing access rights to their calendar, resources, etc. – i.e. ‘reviewer’ on a Room-Resource for user or AD groups.

2. Now you migrate all mailboxes to Exchange 2013

3. What happens?

Outlook 2007 clients will receive a permission error while opening shared calenders, resources, etc.

“An error occurred when setting schedule permissions”

4. Solution

You can follow this long-winded MS Solution:

5. Or

Remove and Add all permissions again per Powershell:




Take care with your migration if your enterprise office standard is related  to Outlook 2007





Migration of Distribution Groups from Exchange 2007 / 2010 to 2013

What are you doing?

After migrating all of your groups to Exchange 2013 with

you try to change the membership either in PS oder EAC.

What happens?


You don’t have sufficient permissions. This operation can only be performed by a manager of the group.

The Reason / The Solution

2007 and 2010 did not required the AD Attribute managedby (owner). Today, for Exchange 2013 this is a requirement. Just set the managedBy Attribute with set-distributiongroup to an Admin Group like “Organization Management”


have fun, Alex

Exchange 2013: Dude where is my Exchange-Server?

As you now, Exchange 2013 does not use the CAS Array Name itself for connecting to Exchange, instead it uses the MailboxGUID (which is equal to the ExchangeGUID Attribute)

Connection Status of Outlook:


With the following command we can figure out to which server the Mailbox belongs to:

Or just have a look to the “Proxy Server” in your Connection Status ;-) = right mouse + CTRL key on the Outlook Symbol in your taskbar.

have fun, Jimmy

Exchange 2013 EAC opens Exchange 2010 ECP – How to prevent it

In Coexistence to Ex2010, Ex2013 will proxy your Exchange Admin Center (EAC) Logon to the legacy Exchange Control Panel (ECP) of Exchange 2010 if your adminstrator account is still on Exchange 2010. You can move administrators mailbox to Ex2013 or you can add the extension ‘/?ExchClientVer=15’ to your ECP-URL. I always prefer adding this extension :-)


have fun, Alex

Ex2013: Where is my OWA SSO to legacy Exchange 2007

Yes you red right and that is something I learned at customers field.

After setting your legacy URL:

and pointing your DNS Namespace to Exchange 2013, the new 2013 FBA will authenticate you. So far so good. Exchange now checks your location of mailbox and if you are still on Ex2007 it will “redirect”. As we learned, a hidden-formular with my credentials should be transfered to the legacy server where FBA (Forms Based Auth) is also active.

So what is the Clue? In Ex2007 you will have to authenticate a second time – Oh my God, who will tell this the customers?

have fun, Jimmy