Thursday, November 28, 2013

Windows Live Mail Not Forwarding Embedded Pictures

I recently ran into a computer using Windows Live Mail in conjunction with AOL. This resulted in some emails with embedded pictures not forwarding. It generated a warning about this when you went to send.

What seemed to fix it was disabling the option in Windows Live Mail to convert emails with pictures to picture emails. However, this conversion happened when the messages were received. For existing emails that have already been converted, right-click and forward as attachment seemed to do the trick.

To disable picture emails:
  • File > Options > Mail > Compose > Convert messages to photo e-mail when adding photos

Wednesday, November 27, 2013

Converting a Mail User to a Remote User Mailbox

I have an client with an existing Office 365 implementation and a separate on-premises Exchange organization. As part of linking these two together into hybrid mode, the local AD account became a Mail User.

A Mail User is a local AD account with an external SMTP address configured. This allows the user to have an email address in the GAL, but is not a local Exchange mailbox.

To move mailboxes, this Mail User needs to be configured as a Remote User Mailbox. A Remote User Mailbox also has a proper remote routing address property configured.

I couldn't find any documentation on performing this process. However, I did find a script that indicates it fixes up user accounts when a mailbox move to Office 365 does not complete properly. I used this script to identify the changes that needed to be made.

The script is here:
The changes that need to be made are:
  1. Configure the user attribute targetaddress to contain the remote routing address for the mailbox. This should be in the format of In my case it would have been
  2. Set the msExchRemoteRecipientType attribute for the user account to equal 4.
  3. Set the msExchRecipientDisplayType attribute for the user account to equal -2147483642. (yes, this is a negative value)
  4. Set the msExchRecipientTypeDetails attribute for the user account to equal 2147483648.
Those steps changed the Mail User to a Remote User Mailbox. However, I was still unable to move the mailbox from Office 365 to the on-premises Exchange. This was due to the ExchangeGUID attribute not being set properly on the local user account. To fix this, I performed the following:
  1. In Office 365: get-mailbox testmailbox | fl ExchangeGUID
  2. In on-premises Exchange: set-remotemailbox testmailbox -ExchangeGUID 12345678-1234-1234-1234-123456789abc (note GUID is from step 1)
After setting the ExchangeGUID moves to the on-premises Exchange worked properly.

UPDATE: See a similar procedure for room mailboxes at: 

UPDATE: While the above seemed like a good procedure at the time. I've since become aware that you can use Enable-RemoteMailbox in this same scenario to fix up the local mail users to remote user mailboxes. For a script to do it on a whole OU, see here:

Wednesday, November 20, 2013

AD FS Service Hangs on Starting

In previous versions of Windows Server and AD FS, it was not recommended to install AD FS on a domain controller due to security issue cause by running IIS on a domain controller. In Windows Server 2012 R2, AD FS does not use IIS. So, it is now possible to run AD FS on a domain controller.

I"m not sure whether is was possible in previous versions of AD FS, but AD FS in Windows Server 2012 allows you to run the service by using a group Managed Service Account (gMSA). The main benefit of using a gMSA is automatic password changes. The account password is changed automatically in the background to enhance service security.

It turns out that if you run AD FS on a Windows Server 2012 R2 domain controller and use a gMSA for the service, it prevents the service from starting. When you do the initial installation, it will look fine, but after you do a reboot, the service will have a status of Starting and hang. There are no events in the event log to indicate what the issue is.

I first noticed the hanging issue in prerelease versions of Windows Server 2012 R2, but didn't understand exactly what was causing the issue. This behavior still exists in the RTM release of Windows Server 2012 R2.

To avoid this issue, do one of the following:
  • Use a standard domain user account instead of a gMSA
  • Install AD FS on a Windows Srever 2012 R2 member server
You can see that this behavior has been confirmed by others here:

Wednesday, November 13, 2013

Free ebook on Windows Server 2012 R2

Just got the following from Microsoft:

Introducing Windows Server 2012 R2
Mobi (Kindle)
If you prefer a hard copy of the book, you can order it here from our official distributor, O’Reilly Media, for $9.99
This book is intended to provide you with an overview of the new features and enhancements introduced in Windows Server 2012 R2. The intended audience for this book is IT pros who deploy, manage, and maintain Windows Server workloads in data center, private cloud, and hosting provider environments.

We assume that you are at least somewhat familiar with the features and capabilities of the previous platform Windows Server 2012. If you are not familiar with all the new features and enhancements Microsoft introduced previously in Windows Server 2012, we recommend that you first read Introducing Windows Server 2012 RTM Edition (Microsoft Press, 2012).

A key feature of this book is the technical sidebars that have been contributed by Microsoft insiders. These sidebars were written by experts who have been closely involved in the Windows Server 2012 R2 development process and include Program Managers, Support Escalation Engineers, Technical Consultants, Data Center Specialists, and others who work at Microsoft in various capacities.

OWA 2010 Error: "The server operation timed out"

I was performing a small migration for Exchange 2007 to Exchange 2010. Because this migration was small, we didn't configure simultaneous access to owa on both platforms. Simultaneous access to owa on both platforms requires a second external IP and would have been too time consuming to bother with.

After migrating mailboxes to the new server, we could log on to owa, but when I accessed messages, we got the following error:
The server operation timed out. Please try again later.
A quick review of the owa configuration revealed that the owa on both Exchange 2007 and Exchange 2010 were using the same external URL. This was confusing the access to the messages.

After I removed the external URL from owa in Exchange 2007 the error was resolved and all was good.