Login

r/exchangeserver

▲ 1 r/exchangeserver

Download Address Book (cached mode) error 0x8004010F Exchange Server

Hi, I seem to have a few customers with the same issue. They noticed downloading the address book in Outlook doesn't work when using Cached Mode. Error 0x8004010F

I tried to find out why this happens and I noticed that this mostly occurs with customers that previously had a co-existence setup for Exchange. I decided to test 7 different servers and the results are consistent. Note that certificates are all good and autodiscover works fine.

Downloading address book works great for most servers that were never in co-existence in the past. All Exchange servers that previously had a co-existence setup now have this issue. But it seems to be related to a missing entry, maybe.

The only thing I can find with this PowerShell command is that with all these affected servers with the 0x8004010F error, there is no entry for VirtualDirectories The servers that only have an entry pointing to Exchange Back End, also don't work. So to me it looks like you need an entry pointing to \OAB (Default Web Site)? Can anyone check if this could be the issue? The Exchange databases do have an address book connected in ECP. Everything else in these servers looks perfectly fine.

Get-OfflineAddressBook | fl Name,IsDefault,GeneratingMailbox,VirtualDirectories,diffretentionPeriod,Schedule

COMPANY 1 EXCHANGE 2019 clean install download address book OK

Name : Default Offline Address Book IsDefault : True GeneratingMailbox : COMPANY1.LOCAL/Users/SystemMailbox{bb558c35-97f1-4cb9-8ff7-d53741dc928c} VirtualDirectories : {COMPANY1-EX01\OAB (Default Web Site), COMPANY1-EX01\OAB (Exchange Back End)} DiffRetentionPeriod : 30 Schedule : text removed -- too long

COMPANY 2 EXCHANGE 2019 clean install download address book fails

Name : Default Offline Address Book IsDefault : True GeneratingMailbox : company2.local/Users/SystemMailbox{bb558c35-97f1-4cb9-8ff7-d53741dc928c} VirtualDirectories : {COMPANY2-EX-01\OAB (Exchange Back End)} DiffRetentionPeriod : 30 Schedule : text removed -- too long

COMPANY3 EXCHANGE SE clean install download address book OK

Name : Default Offline Address Book IsDefault : True GeneratingMailbox : company3.local/Users/SystemMailbox{bb558c35-97f1-4cb9-8ff7-d53741dc928c} VirtualDirectories : {COMPANY3-EX01\OAB (Default Web Site), COMPANY3-EX01\OAB (Exchange Back End)} DiffRetentionPeriod : 30 Schedule : text removed -- too long

COMPANY 4 EXCHANGE SE (inplace upgrade from clean Exchange 2019) download address book fails

Name : Default Offline Address Book IsDefault : True GeneratingMailbox : COMPANY4.LOCAL/Users/SystemMailbox{bb558c35-97f1-4cb9-8ff7-d53741dc928c} VirtualDirectories : {COMPANY4-EX01\OAB (Exchange Back End)} DiffRetentionPeriod : 30 Schedule : text removed -- too long

COMPANY 5 EXCHANGE SE (inplace upgrade from Exchange 2019 after coexistence with Exchange 2016 and Exchange 2013) download address book fails

Name : Default Offline Address Book IsDefault : True GeneratingMailbox : company5.local/Users/SystemMailbox{bb558c35-97f1-4cb9-8ff7-d53741dc928c} VirtualDirectories : {} DiffRetentionPeriod : 30 Schedule : text removed -- too long

COMPANY 6 EXCHANGE 2016 (after coexistence with Exchange 2013) download address book fails

Name : Default Offline Address Book IsDefault : True GeneratingMailbox : company6.local/MyBusiness/Users/SBSUsers/SystemMailbox{bb558c35-97f1-4cb9-8ff7-d53741dc928c} VirtualDirectories : {} DiffRetentionPeriod : 30 Schedule : text removed -- too long

COMPANY 7 EXCHANGE SE (inplace upgrade from Exchange 2019 after coexistence with Exchange 2016) download address book fails

Name : Default Offline Address Book IsDefault : True GeneratingMailbox : company7.local/Users/SystemMailbox{bb558c35-97f1-4cb9-8ff7-d53741dc928c} VirtualDirectories : {} DiffRetentionPeriod : 30 Schedule : text removed -- too long

reddit.com
u/HaveYouTriedPowerOff — 13 hours ago
▲ 1 r/exchangeserver

[2019] Cannot get Mitigation to connect

I have 4 Exchange servers in 4 geographical locations, each behind its own firewall, half Sophos SG and half Fortigate (ongoing migration from Sophos to Forti). On all 4 of them, I cannot connect to the Mitigation service.

[PS] C:\Program Files\Microsoft\Exchange Server\V15\scripts>.\Test-MitigationServiceConnectivity.ps1
WARNING: Exception calling "FetchMitigations" with "0" argument(s): "One or more errors occurred."
WARNING: One or more errors occurred.
WARNING: Object reference not set to an instance of an object.
Result: Failed.
Message: Unable to connect to the Mitigation Service endpoint from this computer.
To learn about connectivity requirements, see https://aka.ms/HelpConnectivityEEMS

Firewall teams says they don't block anything from the Exchanges to the WWW, nor do SSL inspection. nslookup, ping, invoke-webexpression, ... it all answers the way it should.

Confusingly, the mitigation log shows this:

2026-05-20T15:01:17.777Z,MAILSERVER01,FetchMitigation,S:LogLevel=Information;S:Message=Fetching mitigations from https://officeclient.microsoft.com/getexchangemitigations
2026-05-20T15:01:17.777Z,MAILSERVER01,FetchMitigation,S:LogLevel=Information;S:Message=No diagnostic data sent. DataCollectionEnabled is false
2026-05-20T15:01:17.909Z,MAILSERVER01,FetchMitigation,S:LogLevel=Information;S:Message=Fetching mitigations successful
2026-05-20T15:01:17.909Z,MAILSERVER01,ParseMitigation,S:LogLevel=Information;S:Message=The applicability check for mitigations M1.* failed. Skipping mitigations
2026-05-20T15:01:17.909Z,MAILSERVER01,ApplyMitigation,S:LogLevel=Information;S:Message=Mitigation PING1 is currently applied
2026-05-20T15:01:17.930Z,MAILSERVER01,ApplyMitigation,S:LogLevel=Information;S:Message=Mitigation M2.1.0 is currently applied

I'd have expected some kind of error here.

From the firewall logs, manually connecting to https://officeclient.microsoft.com/getexchangemitigations works, but it shows no traffic when executing Get-Mitigations or Test-MitigationServiceConnectivity. So it seems the problem is local.

Finally I looked at Microsoft's script and went through it line by line

[PS] C:\>$mcs = $mcsfType.GetMethod('CreateService').Invoke($null,  Microsoft.Exchange.Mitigation.Service.Common.ServiceType]::CloudServiceV2)
[PS] C:\>$mitigations = $mcs.FetchMitigations()

Exception calling "FetchMitigations" with "0" argument(s): "One or more errors occurred."
At line:1 char:1
+ $mitigations = $mcs.FetchMitigations()
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [], MethodInvocationException
    + FullyQualifiedErrorId : AggregateException

Diving deeper:

[PS] C:\>$error[0].exception.tostring()
System.Management.Automation.MethodInvocationException: Exception calling "FetchMitigations" with "0" argument(s): "One or more errors occurred." ---> System.AggregateException: One or more errors occurred. ---> System.NullReferenceException: Object reference not set to an instance of an object.
   at Microsoft.Exchange.Mitigation.Service.Common.Utils.PrepareRequest(X509Certificate clientAuthCert)
   at Microsoft.Exchange.Mitigation.Service.Common.Utils.<GetHttpUrlResponseAsync>d__4.MoveNext()
   --- End of inner exception stack trace ---
   at System.Threading.Tasks.Task.ThrowIfExceptional(Boolean includeTaskCanceledExceptions)
   at System.Threading.Tasks.Task.Wait(Int32 millisecondsTimeout, CancellationToken cancellationToken)
   at Microsoft.Exchange.Mitigation.Service.Common.Utils.FetchMitigationsFromUrl[T](String url, X509Certificate clientAuthCert, Boolean isResponseJson)
   at Microsoft.Exchange.Mitigation.Service.MitigationCloudServiceV2.FetchMitigations()
   at CallSite.Target(Closure , CallSite , Object )
   --- End of inner exception stack trace ---
   at System.Management.Automation.ExceptionHandlingOps.ConvertToMethodInvocationException(Exception exception, Type typeToThrow, String methodName, Int32 numArgs, MemberInfo memberInfo)
   at CallSite.Target(Closure , CallSite , Object )
   at System.Dynamic.UpdateDelegates.UpdateAndExecute1[T0,TRet](CallSite site, T0 arg0)
   at System.Management.Automation.Interpreter.DynamicInstruction`2.Run(InterpretedFrame frame)
   at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(InterpretedFrame frame)

EDIT for future reference (relevant XKCD): apparently it is not enough to be able to reach the address, it also needs to be pingable. As soon as we allowed ping to WAN, and restarted the console, it worked.

reddit.com
u/YellowOnline — 1 day ago
▲ 2 r/exchangeserver

Exchange Server Standard SE, is this the correct SKU from Ingram?

https://preview.redd.it/up4qbmwao72h1.png?width=1923&format=png&auto=webp&s=cc709e9fa16fc9534055596c097beeb3962b0217

I asked Ingram for a quote on Exchange Server SE w/3 Years Software Assurance, full pay up front, with 200 CALs, for non-profit/charity. They sent me this.

I've been screwed by Ingram licensing before, and of course the items have no descriptions. Are line items 3 and 4 full pay, or are they year 1 payments for a 3 year SA license? The AQY1 is making me suspicious.

reddit.com
u/BJJDad73 — 2 days ago
▲ 1 r/exchangeserver

Question on renewing self-signed cert

Good morning Reddit!

First things first - I'm mostly clueless when it comes to exchange. Boss kind of threw it in my lap and said take care of it, so I'm trying to pick things up while keeping everything else in our network from catching on fire. Anyway, my question...

I'm in the process of updating an on-prem/isolated installation of Exchange 2019 CU15 to SE (2 servers at same site in a DAG). Last week I updated from CU11 to CU15, and am giving it a couple days to make sure nothing breaks before going to SE. Well over the weekend the built-in self-signed Microsoft Exchange Server Auth Certificate expired. For now I'm not seeing any issues. SMTP is assigned to this cert, but is also assigned to another cert that is still valid. I was going through some documentation that says that in CU15 and newer I can just click the renew button from within EAC rather than renewing from the shell console. However, it does state that renewing a cert could remove it from the default website/exchange back end bindings. Took a look at my bindings, and neither are using this built-in cert. That being the case, should I be able to just click renew and go about my day without worrying about anything else? Is there something else I should check before renewing? Thanks in advance!

Edit: added some more details

u/workacct123456 — 2 days ago
▲ 19 r/exchangeserver

Migration disaster

I have a client who is still running Exchange 2010.

Wanting to get them out of the stone ages, last week I started testing the migration from 2010 to 2016. I copied 2 of the domain controllers, the exchange server, and a workstation, and added them to a private Hyper-V network and ran some scenarios building a new server, prepping for and installing 2016, and moving mailboxes etc.

I'm not really sure what happened, but somehow I really screwed up. While I still don't understand how it could have worked so successfully from my testing private network, somehow on my test run my new Exchange server must have been on the production network instead of the private. I built it, moved most of the mailboxes to it, was super happy with it all and then I reset it to a checkpoint to run one more scenario before I was ready to do it for real.

This was mother's day, so I kicked off the install on the server and left the house. Got several calls while I was gone. Came back to find that the real world had been modified on the last run instead of the private network, and the server that I had transferred everything to was gone (back to the baseline checkpoint). Also, the Active Directory was prepped, which is I assume where the system mailboxes are created.

I spent that night getting the 2010 exchange server back from backups, however I am currently in a state where the Active Directory has already been prepped for 2016 and still thinks there is a 2016 Exchange Server on the network.

I still need to get this pig upgraded, but things are such a mess right now. I have been running various scenarios in my private test environment trying to manually clean up active directory using ADSIEdit, which I assume works, but I think that the cleanest method is to do the server recovery install for the missing server and then uninstall it.

I've done this off-line twice, and it is pretty clean, but before I can uninstall, I have to delete the database (which is essentially empty), but it still has all of the system mailboxes assigned to it, so it won't let me delete it.

Should I:

1.) Remove all of the 2016 system mailboxes and remove them from Active Directory (arbitration, auditlog, monitoring, federated etc) and run preparead again before I reinstall? Will this essentially be like starting from scratch and the installation will re-enable them etc...?

2.) Disable or remove them to the point where I can delete the database, but leave them all in AD, then either run preparead or not and hope they all wind up in the new database where they're supposed to be? Would I have to do the manual enabling of them in either of these first two scenarios?

3.) Move them to the Outlook 2010 server? I have never tried to move a newer exchange systemmailbox to an older exchange server, I don't even know if that's supported...

This is giving me an ulcer, so any help or advice would be appreciated.

Also, while the server recovery / uninstall method seems to work pretty well, both times I have tried doing this and reinstalling has resulted in an environment where the EAC works, but the EMS starts and doesn't have any exchange cmdlets loaded automatically. Not sure what that is about, but hoping it works when I do it for real in the production environment. I'm going to try and rename my new exchange server on my next text run to see if this mitigates that and whether I can find any trace of the old name in ad anywhere which might be causing an issue.

reddit.com
u/RichSNJ — 3 days ago
▲ 4 r/exchangeserver

Exchange SE Hybrid certificate renewed - mail stuck in queue

Exchange SE on Server 2025. Certificate expired and renewed it through GoDaddy. Ran through Hybrid Configuration Wizard again and updated to the new certificate. ECP is showing the certificate as valid, but emails that are relayed through that server are stuck. I am seeing a 421 4.2.1 Unable to connect -> SocketError with domain.mail.onmicrosoft.com

Direct Send is turned off, but we do have a connector at Exchange Online for our IP address. This has been working until the certificate was renewed.

I'm guessing I'm missing a step somewhere. Any points in the right direction would be most appreciated.

reddit.com
u/Mvalpreda — 3 days ago
▲ 2 r/exchangeserver+1 crossposts

Licensing Woes - MS365 vs Exchange Online

We previously registered our domain for Microsoft 365 and have a number of licenses for our office subscriptions under that domain/username. I have just now subscribed to Exchange Online Plan 2, which would not allow me to reuse the MS365 account. Now when I go to validate the domain (with Exchange Online) it says it is already in use by the MS365 licenses and to delete the domain there. But if I delete it there, do I lose access to the MS365 licenses? The client is the same, the domain is correct and there is no wish to create another

reddit.com
u/mujikcom — 4 days ago
▲ 3 r/exchangeserver

Healthchecker doesn't show mitigation for CVE-2026-42897 but when I try to install it it says it's already mitigated.

Howdy, I'm just checking in to see if anyone else is seeing the same behavior that I am seeing for CVE-2026-42897

[PS] D:\Exchange\scripts>./Get-Mitigations.ps1

Server : labexchange

Version : Version 15.2 (Build 1544.4)

ID : PING1

Type : Ping

Description : EEMS Heartbeat probe. Does not modify any exchange settings.

Status : Applied

Server : labexchange

Version : Version 15.2 (Build 1544.4)

ID : M2.1.0

Type :

Description : Mitigation invalid for this exchange version.

Status : Applied

So it appears it isn't mitigated here so I tried using EOMT to mitigate it:

.\EOMT.ps1 -CVE "CVE-2026-42897"

Starting EOMT.ps1 version 26.05.14.1633 on labexchange

Resolved mitigation target: CVE-2026-42897 - OWA XSS - Outbound URL Rewrite adding Content-Security-Policy script-src-attr 'none' to OWA HTML responses

Applying CVE-2026-42897 mitigation

This tool applies an IIS URL Rewrite mitigation for CVE-2026-42897.

Mitigations are a temporary measure. Installation of the applicable Security Update

is the ***only way to fully protect your servers***.

Get the latest Exchange Server update here: https://aka.ms/LatestExchangeServerUpdate

Do you want to proceed?

[Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help (default is "Y"): y

[1/1] Checking prerequisites on labexchange

labexchange : Mitigation already applied for CVE-2026-42897 — skipping

Servers not vulnerable (skipped): labexchange

No vulnerable servers to apply mitigation to.

Is anyone seeing something similar or have any explanation for why healthchecker would say it isn't mitigated but EOMT would say it is mitigated?

reddit.com
u/HJForsythe — 3 days ago
▲ 5 r/exchangeserver

Job Title Not Syncing to Exchange Online for Hybrid User

User attribute "Title" is updated correctly in on-prem AD and synced to Entra ID.

However, Exchange Online still shows the old value.

Archive GUID mismatch was identified and corrected.
AAD Connect sync (Initial) was executed multiple times.
Temporary attribute modifications were applied to force re-sync.

Issue persists only in Exchange Online (Get-User shows old Title).

Suspected stuck Exchange Online recipient object / backend sync issue.

reddit.com
u/Mediocre_Prior_1868 — 4 days ago
▲ 3 r/exchangeserver

Tired of CU/SU regressions sneaking past until users start screaming, built a scraper and would love feedback

First post here! Every Exchange CU and SU release I'd find out something broke one of three ways: a user ticket, someone posting about it 48 hours later, or the Exchange team blog quietly editing a Known Issues section three weeks in.

So I built a thing that watches for it:

What it does:

- Scrapes r/exchangeserver, r/sysadmin, r/msp, r/Intune, r/ActiveDirectory, r/AZURE

- Pulls RSS from Bleeping Computer, AskWoody, BornCity, MS Security Blog, and the Exchange Team / Windows IT Pro / Intune TechCommunity boards

- Classifies each post by KB number, component, severity (LLM, every claim links back to its source thread)

- Optional Thursday digest email if you want it pushed before next CU window

Feedback wanted, especially Exchange-specific regressions from this month it missed, hybrid mailflow, OWA, AMSI, transport rules, that kind of thing.

 Free. Looking for feedback, especially regressions from this month it missed, or false positives.

https://win-update-tracker.vercel.app/

reddit.com
u/dantofisial — 5 days ago
▲ 1 r/exchangeserver

God Damn Exchange Hybrid Server….. advice?

Hi. I was an Exchange 2003 MCSE back in the day when I was sys admin so was a dab hand at everything Exchange back in the day!

About a decade ago our business moved to MS365. Sys admin at time was involved in the project and no longer with us. We had to keep a hybrid Exchange server on our local LAN with no mailboxes so that attributes could flow between on-premise AD and MS365.

Auditing our estate in advance of Cyber Essentials Plus Audit next week. Find hybrid server - Exchange Server 2019 - version 15.2.1544.036 - CU14 October 25. This is now EoL and looks like I need to upgrade to Exchange Server SE.

Found this step by step guide:

https://www.experts-exchange.com/articles/40461/Exchange-2019-to-SE-Step-by-Step-In-Place-Upgrade.html

Seems pretty straightforward…?

Any gotcha’s I should be aware of? Obviously would snapshot before starting - local Exchange server is a VM.

No mailboxes, no queues, no transport. It’s just used to create mailboxes which sync up to MS365.

Licensing not required as it’s not holding mailboxes like 2019?

Plan to upgrade this initially then work out if we can get shot of it. Tried last year, and it’s still here.

Thanks in advance.

reddit.com
u/retrodotkid — 9 days ago
▲ 1 r/exchangeserver

Help, users stuck in OWA light mode, cannot get them out of it

So as of today, users who used OWA light mode, cannot click on anything in the web.

i tried also, switched to owa light mode, and im stucked, the only thing i can clickis Options tab at the top, and nothing else. I tried changing the URL, but nothing..
How do i get these users unstucked from this light mode, and put them on premium? Since its unusable, its impossible to click on anything, i tried multiple browsers and different PCs.
Exchange on prem 2019, latest cu

reddit.com
u/Strong-Special2573 — 6 days ago
▲ 3 r/exchangeserver

Returning employee scenario - Exchange GUID mismatch between on-prem mailbox and EXO soft-deleted

Hi everyone,

I'm dealing with a tricky hybrid Exchange scenario and would appreciate some input.

Background:

  • User was disabled in AD
  • ~30 days later, their EXO mailbox was soft-deleted (no hold applied)
  • Now the user is back, AD account re-enabled, license re-assigned
  • Admin center shows: "Exchange: An unknown error has occurred. Refer to correlation ID..."

Current state:

On-prem AD:

  • msExchRecipientTypeDetails: 1 (UserMailbox)
  • msExchRemoteRecipientType: 8 (DeprovisionMailbox)
  • msExchMailboxGuid: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx (GUID-A)

On-prem Exchange:

  • Get-Mailbox shows the user as a real UserMailbox in an on-prem database
  • Get-MailboxStatistics shows ~5GB of content
  • ExchangeGuid: GUID-A (same as above)

Exchange Online:

  • No active mailbox
  • Soft-deleted mailbox EXISTS with a DIFFERENT ExchangeGuid: yyyyyyyy-yyyy-yyyy-yyyy-yyyyyyyyyyyy (GUID-B)
  • WhenSoftDeleted: ~11 days ago (still within 30-day window)
  • IsInactiveMailbox: False
  • LitigationHoldEnabled: False
  • InPlaceHolds: empty

My questions:

  1. The on-prem mailbox shows 5GB of content but RemoteRecipientType says "DeprovisionMailbox". Is this real content or just stale attributes from a previous state?

  2. The two ExchangeGuids (GUID-A on-prem vs GUID-B in cloud soft-deleted) don't match. Which is the "real" mailbox to keep?

  3. What's the cleanest path forward:

    • Disable-Mailbox on-prem + Enable-RemoteMailbox + Set-RemoteMailbox -ExchangeGuid <cloud GUID> to recover soft-deleted?
    • Or treat on-prem as primary and use New-MailboxRestoreRequest to migrate to cloud?
    • Or use Set-User -PermanentlyClearPreviousMailboxInfo and start fresh?

I've read the Microsoft KB on "Mailbox exists in both EXO and on-premises" but the 5GB on-prem content is making me hesitant to disable it.

Environment: Exchange 2019 CU on-prem, hybrid with EXO, AD Connect for sync.

Any advice from anyone who has dealt with this before? Thanks!

reddit.com
u/maxcoder88 — 8 days ago
▲ 3 r/exchangeserver+1 crossposts

Converting public folders already in exchange online to m365 groups

Hi, I know there is a direct migration from on-prem public folders to exchange online 365 groups. But in my case, the public folders were migrated as public folders to exchange online.

Is there a way to convert them to 365 groups in the same tenant?

reddit.com
u/Forsaken-Olive6341 — 8 days ago
▲ 1 r/exchangeserver

EXO Archive Issue

I do a lot of Exchange Hybrid stuff and normally on a hybrid Identity with a remotemailbox in EXO, I would simply go to EXO an enable an Archive there, without any issues.

In this situation: I have multiple MSP each managing a portion of the setup and I dont have full insights into the config. But in general its also just a hybrid Identity with a remotemailbox.

When I enable archive in EXO, I receive the following error in the M365 Admin Center:

Exchange: Failed to disable the archive of mailbox GUID due to a conflict in directory settings. To disable this archive, first run Enable-RemoteMailbox -Archive on-premises. After the next Dirsync sync cycle, run Disable-RemoteMailbox -Archive on-premises to disable this archive in the datacenter..;

I done the fix in this message yesterday and the error disappeared. Then I enabled the Archive in EXO again. Today the Error is back... I checked the AD-Attributes:

  • msExchArchiveGUID
  • msExchArchiveStatus
  • msExchArchiveName

and they are all empty.

any one know why this error exists?

reddit.com
u/uLmi84 — 9 days ago
▲ 3 r/exchangeserver

EventID 2153 (MSExchangeRepl) on Exchange SE across two sites — log copier "connection aborted by software in your host" on DR-side passives

Hey Guys!

Following up on this recent post and the older 2021 Microsoft Q&A on the same Event ID. Both threads stalled — the 2021 one ended on Suspend/Resume-MailboxDatabaseCopy as a temporary workaround that was never confirmed as a real fix, and the recent Reddit thread never got an answer. We're hitting the exact same symptom on a fresh Exchange SE deployment and looking for someone who's actually root-caused it.

Environment

  • 16 Exchange Server SE mailbox servers in a single DAG, split across 2 sites (primary datacenter + DR site, separate subnets/VLANs)
  • All virtualized on VMware ESXi
  • Windows Server 2025
  • 3 copies per database (1 active + 2 passive), DBs are newly created on SE — not migrated from a previous version
  • DAG witness, AD, DNS — all healthy
  • Active copies currently live on PR-site nodes

Symptom

Application log on the DR-site SE nodes is filling with EventID 2153 from MSExchangeRepl:

> The log copier was unable to communicate with server 'Exchange1.Domain.com'. The copy of database 'MailDBxx\Exchange1' is in a disconnected state. The communication error was: An error occurred while communicating with server 'Exchange1'. Error: Unable to write data to the transport connection: An established connection was aborted by the software in your host machine. The copier will automatically retry after a short delay.

Same error across all databases on the DR-side passive copies. PR-site nodes log nothing.

Get-MailboxDatabaseCopyStatus -ConnectionStatus | FT Identity,IncomingLogCopyingNetwork on the DR nodes shows the disconnected/aborted state on the MapiDagNetwork. CopyQueueLength / ReplayQueueLength are 0 most of the time, occasional 1.

What we've tried / ruled out

  • Test-ReplicationHealth on all nodes → all green
  • Suspend-MailboxDatabaseCopy + Resume-MailboxDatabaseCopy (the "fix" from the 2021 thread) → does not resolve it, error returns
  • Disk I/O angle from the 2021 thread — Avg Disk sec/Read and Avg Disk sec/Write are well within Exchange thresholds on both sides. Not an I/O issue.
  • L3 between PR and DR — all servers ping each other, no drops, MTU consistent
  • No relevant errors on the active node side
  • DBs are brand new (created on SE), so this isn't legacy / migrated-from-2019 baggage

Question

Is this a known issue with Exchange SE DAG members across two networks/subnets specifically? Anything around:

  • VMXNET3 offloads / RSS / RSC settings on Windows Server 2025 VMs
  • TCP behaviour or RPC over HTTP/MapiHttp changes specific to SE
  • A DAG network configuration nuance that's different on SE vs. 2019

We can share Get-DatabaseAvailabilityGroup, Get-DatabaseAvailabilityGroupNetwork, NIC binding/offload settings, ESXi host config — whatever helps narrow it down.

Disclaimer, we did use AI to help refine this post haha. Thanks in advance!

u/noamiko2004 — 9 days ago
▲ 6 r/exchangeserver+1 crossposts

Primary SMTP change not applying in Exchange Online

Hi all, could really use some advice on a hybrid Exchange issue.
 
I’ve got a leaver mailbox for a user (let’s call her Alice Yamada). The current primary SMTP is:
 
alice.yamada-1@contoso.co.uk
 
It was originally alice.yamada@contoso.co.uk but the company adds a  “-1” when a user leaves.
 
I’m now trying to change it back to:
 
alice.yamada@contoso.co.uk
 
The user’s AD account has been disabled and the mailbox converted to a shared mailbox, which the manager now has access to.
 
Users are still emailing the original address and getting NDRs, and the manager has requested the original email be restored so messages continue to come through.
 
---
 
What I’ve done so far:
 
Checked that alice.yamada@contoso.co.uk  isn’t in use anywhere (including soft-deleted objects) – all clear
Updated proxyAddresses Atrribute in on-prem AD:
 
SMTP:alice.yamada@contoso.co.uk (intended primary)
smtp:alice[.yamada-1@contoso.co.uk (kept as alias)
Waited over 48 hours for AAD Connect sync
Tried forcing a change by switching to a temp primary and back again
Confirmed AD is definitely correct
 
---
 
What I’m seeing:
 
Exchange Online still shows alice.yamada-1@contoso.co.uk as primary
alice.yamada@contoso.co.uk is not present at all in EmailAddresses
PowerShell confirms the same
 
Also:
Can’t change anything in EXO (dirsync object)
Can’t add alias in EXO (blocked)
Don’t have permissions to create mail flow rules as a workaround
 
---
So basically:
 
AD = correct
Exchange Online = outdated
Sync = not happening
 
---
Question:
 
Has anyone seen AAD Connect refuse to sync proxyAddresses like this with no obvious error?
 
I don’t have direct access to the AAD Connect server, so I’m trying to rule out anything I might be missing on my side before escalating.
 
Any ideas or things worth checking would be appreciated.

reddit.com
u/dark_mercurial3366 — 13 days ago
▲ 3 r/exchangeserver

Hybrid: EXO message trace returns nothing for primary SMTP, but finds the message under tenant.mail.onmicrosoft.com — expected?

Title: Hybrid: EXO message trace returns nothing for primary SMTP, but finds the message under tenant.mail.onmicrosoft.com — expected?

Body:

Quick sanity check from the hybrid Exchange folks here.

Internal app → on-prem Exchange → Outbound connector → EXO. On-prem trace looks perfect, message leaves the send connector to O365.

In EXO message trace:

  • Search by user@customdomain.com → no results
  • Search by user@tenant.mail.onmicrosoft.com → message found

I'm assuming on-prem is rewriting the envelope recipient to the routing address (the user's mail user / remote mailbox has tenant.mail.onmicrosoft.com as a proxy / targetAddress) and EXO trace just indexes by envelope, not by resolved primary SMTP.

Is that the consensus / documented behavior? Or is there something off in my HCW config / remote domain setup that's causing the rewrite to be more aggressive than it needs to be?

Mail delivers fine end-to-end — just a message-trace UX annoyance. Curious how others deal with it.

Thanks.

reddit.com
u/maxcoder88 — 10 days ago
▲ 17 r/exchangeserver

Microsoft released the May 2026 HU, which contains functionality that allows you to start switching your Exchange Server hybrid rich coexistence from using EWS to REST-based Graph API calls.

To move your Exchange Hybrid rich coexistence from EWS to Graph:

  1. Install the May 2026 HU.
  2. Follow the documentation to enable the Graph API hybrid workflow.
u/ScottSchnoll — 14 days ago