Exchange 2010 Hybrids in 2018!

So it seems that Exchange 2010 hybrids are still alive and in demand even though the product is out of support and most certainly should have been replaced by now. However when customers are still running Exchange 2003 what can you do!

So as you can see by the title Exchange 2010 hybrids are still doing well out in the wild and customers who want to go through this transition have some challenges to say the least!

You might say why don’t I use 3rd party migration tools? Why are you doing a hybrid which is a valid point but lets not go there for now!

Well I wanted to highlight some of the technical challenges that Microsoft haven’t fully published out there for this product.

First of all as you are all aware the Hybrid Configuration Wizard is downloaded online so you can get the latest build/updates/etc (the same still applies to 2010). Generally most people would run this from their Exchange platform and this is where the HCW has some challenges although the HCW doesn’t have many hard pre reqs it won’t download unless .net 4.5.1 is installed on the server and furthermore won’t even start installing unless you have .net 4.6.2 of which neither are supported on Exchange 2010.

Now I am sure you are all aware but if not you can run the HCW from any server/workstation within your LAN as long as you have the .net requirements and you have defined the Powershell URL in your Exchange 2010 setup. If not you should publish this internally to allow the remote workstation to connect to Exchange and run the HCW! Ensure the firewall ports are open.

Then hopefully a few clicks later everything is in place and you are ready to go with your Exchange 2010 Hybrid to o365!

Relinquishing job because the mailbox is locked

Relinquishing job because the mailbox is locked


I was getting this error constantly when trying to move a mailbox from Exchange 2013 back to Exchange 2010. For the life of me I could not get to the bottom of it then I looked through the event logs and noticed this happening every time the mailbox tried to move as shown below.

(highlighted sections in red) – Which to me looked like there was search issues upon conferring with a colleague it was suggested that the outlook profile has a corrupt index and would need resetting. Easy enough:

fire up a cmd prompt and run outlook.exe /cleanfinders  /cleanviews

Give it 5 minutes then try the move again and it went through successfully!


Event id 1012

MSexchange mailbox replication

The Microsoft Exchange Mailbox Replication service hit an unexpected failure.

Failure type:


Unable to cast object of type ‘System.String’ to type ‘System.String[]’.

Stack trace:

at Microsoft.Mapi.PropValue.GetBytesToMarshal()

at Microsoft.Mapi.Restriction.ContentRestriction.GetBytesToMarshal()

at Microsoft.Mapi.Restriction.AndOrNotRestriction.GetBytesToMarshal()

at Microsoft.Mapi.Restriction.AndOrNotRestriction.GetBytesToMarshal()

at Microsoft.Mapi.Unmanaged.SafeExMapiContainerHandle.InternalSetSearchCriteria(Restriction lpRestriction, Byte[][] lpContainerList, Int32 ulSearchFlags)

at Microsoft.Mapi.MapiContainer.SetSearchCriteria(Restriction restriction, Byte[][] entryIds, SearchCriteriaFlags flags)

at Microsoft.Exchange.MailboxReplicationService.MapiDestinationFolder.Microsoft.Exchange.MailboxReplicationService.IDestinationFolder.SetSearchCriteria(RestrictionData restriction, Byte[][] entryIds, SearchCriteriaFlags flags)

at Microsoft.Exchange.MailboxReplicationService.DestinationFolderWrapper.<>c__DisplayClass28.<Microsoft.Exchange.MailboxReplicationService.IDestinationFolder.SetSearchCriteria>b__27()

at Microsoft.Exchange.MailboxReplicationService.ExecutionContext.Execute(Action operation)

at Microsoft.Exchange.MailboxReplicationService.DestinationFolderWrapper.Microsoft.Exchange.MailboxReplicationService.IDestinationFolder.SetSearchCriteria(RestrictionData restriction, Byte[][] entryIds, SearchCriteriaFlags flags)

at Microsoft.Exchange.MailboxReplicationService.CommonUtils.ProcessKnownExceptions(Action actionDelegate, FailureDelegate failureDelegate)

at Microsoft.Exchange.MailboxReplicationService.MailboxCopierBase.CopyFolderProperties(FolderRecWrapper folderRec, ISourceFolder sourceFolder, IDestinationFolder destFolder, FolderRecDataFlags dataToCopy, Boolean& isContentAvailable)

at Microsoft.Exchange.MailboxReplicationService.MoveBaseJob.<>c__DisplayClass2d.<>c__DisplayClass31.<CreateFolderHierarchy>b__2a()

at Microsoft.Exchange.MailboxReplicationService.ExecutionContext.Execute(Action operation)

at Microsoft.Exchange.MailboxReplicationService.MoveBaseJob.<>c__DisplayClass2d.<CreateFolderHierarchy>b__29(FolderRecWrapper folderRec, EnumFolderContext context)

at Microsoft.Exchange.MailboxReplicationService.FolderMap.EnumSingleFolder(FolderRecWrapper folderRec, EnumFolderContext ctx, EnumFolderCallback callback, EnumHierarchyFlags flags)

at Microsoft.Exchange.MailboxReplicationService.FolderMap.EnumSingleFolder(FolderRecWrapper folderRec, EnumFolderContext ctx, EnumFolderCallback callback, EnumHierarchyFlags flags)

at Microsoft.Exchange.MailboxReplicationService.FolderMap.EnumSingleFolder(FolderRecWrapper folderRec, EnumFolderContext ctx, EnumFolderCallback callback, EnumHierarchyFlags flags)

at Microsoft.Exchange.MailboxReplicationService.FolderMap.EnumerateSubtree(EnumHierarchyFlags flags, FolderRecWrapper root, EnumFolderCallback callback)

at Microsoft.Exchange.MailboxReplicationService.MoveBaseJob.CreateFolderHierarchy(Object[] wiParams)

at Microsoft.Exchange.MailboxReplicationService.CommonUtils.ProcessKnownExceptions(Action actionDelegate, FailureDelegate failureDelegate)

at Microsoft.Exchange.MailboxReplicationService.WorkItem.Run()Failure context:


Operation: IDestinationFolder.SetSearchCriteria

OperationSide: Target

Primary (xxxxxxx)

Restriction: Restriction: AND[count:2, PROPERTY[ptag:0x360003(Sensitivity), NotEqual, val:[Tag:0x360003(Sensitivity), Value:2(int)]]; OR[count:16, CONTENT[ptag:0x8002001f(NamedProp), SubString, IgnoreCase, val:[Tag:0x8137001f(NamedProp), Value:”naick”(string)]]; CONTENT[ptag:0x8013001f(NamedProp), SubString, IgnoreCase, val:[Tag:0x8138001f(NamedProp), Value:”naick”(string)]]; CONTENT[ptag:0xe02001f(DisplayBcc), SubString, IgnoreCase, val:[Tag:0xe02001f(DisplayBcc), Value:”naick”(string)]]; CONTENT[ptag:0xe03001f(DisplayCc), SubString, IgnoreCase, val:[Tag:0xe03001f(DisplayCc), Value:”naick”(string)]]; CONTENT[ptag:0xe04001f(DisplayTo), SubString, IgnoreCase, val:[Tag:0xe04001f(DisplayTo), Value:”naick”(string)]]; CONTENT[ptag:0xc1f001f(SenderEmailAddress), SubString, IgnoreCase, val:[Tag:0xc1f001f(SenderEmailAddress), Value:”naick”(string)]]; CONTENT[ptag:0xc1a001f(SenderName), SubString, IgnoreCase, val:[Tag:0xc1a001f(SenderName), Value:”naick”(string)]]; CONTENT[ptag:0x65001f(SentRepresentingEmailAddress), SubString, IgnoreCase, val:[Tag:0x65001f(SentRepresentingEmailAddress), Value:”naick”(string)]]; CONTENT[ptag:0x42001f(SentRepresentingName), SubString, IgnoreCase, val:[Tag:0x42001f(SentRepresentingName), Value:”naick”(string)]]; CONTENT[ptag:0x8004001f(NamedProp), SubString, IgnoreCase, val:[Tag:0x807d001f(NamedProp), Value:”naick”(string)]]; CONTENT[ptag:0x3703001f(AttachExtension), SubString, IgnoreCase, val:[Tag:0x3703001f(AttachExtension), Value:”naick”(string)]]; CONTENT[ptag:0x3707001f(AttachLongFileName), SubString, IgnoreCase, val:[Tag:0x3707001f(AttachLongFileName), Value:”naick”(string)]]; CONTENT[ptag:0xea5001f, SubString, IgnoreCase, val:[Tag:0xea5001f, Value:”naick”(string)]]; CONTENT[ptag:0x8003101f(NamedProp), SubString, IgnoreCase (mv), val:[Tag:0x8002101f(NamedProp), Value:”naick”(string)]]; CONTENT[ptag:0x1000001f(Body), SubString, IgnoreCase, val:[Tag:0x1000001f(Body), Value:”naick”(string)]]; CONTENT[ptag:0x37001f(Subject), SubString, IgnoreCase, val:[Tag:0x37001f(Subject), Value:”naick”(string)]]]]

EntryIDs: [count:1, [len=46, data=00000000BDDED84A13037743AF12A0FBB395C0D9010093A0DC80C8953B4B88DB2726AE921E26004DDB4EC4E80000]]

Flags: Restart, NonContentIndexed, FailOnForeignEID

Converting a User to a Shared Mailbox or Vice Versa in Office 365

I was working with a customer recently who wanted to convert a shared mailbox back to a user and found that I was given the following error message:

Error on proxy command ‘Set-Mailbox -Type:’Regular’ -Identity:’BLAH’ -Confirm:$False -Force:$True’ to server Server version 1941996335, Proxy method PSWS:
Request return error with following error message:
The remote server returned an error: (500) Internal Server Error…

After some digging and a quite conversation with my contacts within Microsoft, it was discussed that this is a known issue which to affects all EMEA customers. However being the bearer of good news there is a workaround:

Instead of connecting to ExO Ps the normal way you have to use the following:
New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri $Cred -Authentication Basic -AllowRedirection

Ensuring a targetserver is set and the target server should be the server in the error message as also shown above.

MS are aware of this bug and have advised that this will be resolved in the next build release which should be within the next quarter.

Office 365 Hosted IRM Configuration for Exchange Online

I recently had the opportunity to actually deployed hosted IRM for a customer with Exchange Online. Now there are some restrictions to this which is you only get what the templates are you don’t have the ability to customize the templates. If you want this then AADRM should be deployed on premise and then connected to Exchange Online.

Before we start the following needs to be installed locally:

Sign in Assistant:

Then download the Azure AD Module for PowerShell – – Note this is the 64 bit version if you are running 32 bit go here

Then download the Azure AD RM Tools – – Note this states 2010 but is the current version as of writing.


Then open PowerShell on your machine and run the following commands

Import-module AADRM

Connect-aadrmservice – you will be then prompted for credentials enter your admin account on the tenant.

Then run get-aadrmconfiguration – and look for functionalstate is enabled this proves it has been enabled successfully for your tenant.

Then run the following command to connect to Exchange Online

Import-module msonline


$Sess = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri -Credential $Cred -Authentication Basic -AllowRedirection Import-PSSession $Sess

Once connected run


Set-IRMConfiguration –RMSOnlineKeySharingLocation “

Note this is for the EMEA region if you want the other regions they are listed below: for North America for Asia Pacific

Import-RMSTrustedPublishingDomain -RMSOnline -name “RMS Online”

Get-IRMConfiguration – you should get back the same as below you will notice internallicensingenabled is set to false which blocks OWA the next step is to turn this on




Set-IRMConfiguration -InternalLicensingEnabled $true

Test-IRMConfiguration –sender – note this is an dummy account replace the name and the domain for the tenant you are trying it out on.

You should get back the following:



After this time I have noticed that it can take up to 24 hours for it to work in OWA but in Outlook it should be instant. Viola you are free to play and test with.

Now from this you have the ability to create rules that will also apply these templates otherwise by default a user will have to select them for each email.

Exchange 2010 Mailbox Migration Fails with The socket connection aborted

If you are trying to migrate a Mailbox from on premise to Office 365 and see the following error:

The DataImportTimeout property may be set too low as by default it is set to 60 seconds and can be set up to 30 minutes. You may find that the migration may have started as depending on where the commuication failed the move request may have been processed.

To resolve this:

To isolate the issue, you may check how it works if you increase the timeout with the following steps:

  • On the Client Access server, open the following file with a text editor such as Notepad:


  • Locate the following section in the web.config file:

<!– Mailbox Replication Proxy Server configuration –>




DataImportTimeout=”00:01:00″ />

  1. Make sure value of the IsEnabled property is set to true.
  2. Check the value of the DataImportTimeout property. The minimum value is one minute (00:01:00), and the maximum value is 30 minutes (00:30:00).
  3. Set a higher value, but make sure the value is less than 30 minutes.
  4. The recommended value for this field should be 00:20:00 (20 minutes).
  5. After the values are configured correctly, save and close the web.config file.
  6. Restart IIS

Wildcard Autodiscover Outlook Client Warnings

If in your setup your external email domain is but your internal domain is for example unless the wildcard certificate contains the internal * as well the clients will warn that the server cannot be trusted this is due to the fact that the certificate does not have the relevant information. But before you go away and purchase the additonal SAN’s on the wildcard certificate there is a work around for this using Exchange PowerShell:

Set-ClientAccessServer -Identity CASServer -AutoDiscoverServiceInternalUri

Set-WebServicesVirtualDirectory -Identity “CASServer\EWS (Default Web Site)” -InternalURL -BasicAuthentication:$true

Set-OABVirtualDirectory -Identity “CASServer\OAB (Default Web Site)” -InternalURL

Note: You must ensure that you enable SSL on the OAB directory in IIS which is not on by default. The above command will only enable SSL, but will not ensure 128-bit SSL is required.

Enable-OutlookAnywhere -Server CASServer -ExternalHostname “” -ClientAuthenticationMethod “Basic”-SSLOffloading:$False

As by default the URL’s will be the server names with the .net or .local whichever you have internally.

This will resolve those issues for you!