Windows Server 2016 Unable to Update Server

I’m planning to install Exchange 2016 on Windows Server 2016 , for sure I have to make sure the OS is fully patched . However , I couldn’t . The Windows update stuck on 0% for download progress.

I reviewed event viewer , Application log and found the following error :

Log Name: Application
Source: Application
Event ID: 1000
Task Category: (100)
Level: Error
Keywords: Classic
User: N/A
Faulting application name: svchost.exe_wuauserv, version: 10.0.14393.0, time stamp: 0x57899b1c
Faulting module name: ntdll.dll, version: 10.0.14393.0, time stamp: 0x578997b2
Exception code: 0xc0000374
Fault offset: 0x00000000000f73e3
Faulting process id: 0x1474
Faulting application start time: 0x01d243d64c4ee678
Faulting application path: C:\Windows\system32\svchost.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: 149dae64-133e-42f1-b550-759300a8139c
Faulting package full name: 
Faulting package-relative application ID: 
Event Xml:
<Event xmlns="">
 <Provider Name="Application Error" />
 <EventID Qualifiers="0">1000</EventID>
 <TimeCreated SystemTime="2016-11-21T09:09:19.709374800Z" />
<Security />

After Research I found this is a software bug in windows Server 2016 and microsoft has released a fix for it :

The Fix Link is :

Here is the KB article :


Retaining Mailbox for Disabled User Accounts

Some Organizations requires retaining emails for employees who left on the production Exchange mailbox database .to get the benefits of exchange HA and Exchange Audit.

So they can disable user account and keep mailbox in the mailbox database.

However, even if you disable user account associated with that mailbox, you need to address the following:

1- Email address will be still viewable in GAL and address book and

2- Mailbox will continue receiving emails.

I have written this script will do the following:

  • First, This script assuming user accounts are already disabled .by any AD tool.
  • Then, It will verify all exchange attributes for the user account will are updated.(Set-Mailbox -ApplyMandatoryProperties)
  • It will exclude all discovery mailboxes and Shared mailboxes
  • for each mailbox , it will:
    • hide email from GAL , Address book.
    • restrict mailbox receiving emails accept only from dummy user
 Read the rest of this entry »

Unable to Open Exchange Shell (EMS)

Today when I tried to Open EMS I got the follwoing Error:

New-PSSession : [XXXXXXXX] Connecting to remote server XXXXXXXXXX failed with the following error
message : WinRM cannot complete the operation. Verify that the specified computer name is valid, that the computer is
accessible over the network, and that a firewall exception for the WinRM service is enabled and allows access from
this computer. By default, the WinRM firewall exception for public profiles limits access to remote computers within
the same local subnet. For more information, see the about_Remote_Troubleshooting Help topic.
At line:1 char:1
+ New-PSSession -ConnectionURI “$connectionUri” -ConfigurationName Microsoft.Excha …
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : OpenError: (System.Manageme….RemoteRunspace:RemoteRunspace) [New-PSSession], PSRemotin
+ FullyQualifiedErrorId : WinRMOperationTimeout,PSSessionOpenFailed


In such error I suggest to do the follwoing :

  1. Check the hostanme ,DNS reocrd is registerd for the server .
  2. Check if there is a 3rd party firewall software is installed ,if exist : you need to set exception .I prefer to use windows firewall instead becuase these exceptions are set during exchange installations.
  3. check IP address ,subnet and AD Site for the server.
  4. reconfigure WinRM :WinRM quickconfig
  5. check proxy setting ,make sure that the server URL should bypass proxy .you can use NETSH winhttp show proxy to view effective setting.or even you reset proxy setting NETSH winhttp reset proxy.

for my case today , No. 5 fix the problem 🙂



Generating Fancy Exchange Environment Reports using PowerShell

Hello ;

Today I found a nice shell script that generate a a good looking report about the entire Exchange Environment. i couldn’t believe that you can create such colourful HTML report with Power Shell script .

here is the link :


Report screen shoot :

How to run it:

in Exchange shell run this:

.\Get-ExchangeEnvironmentReport  -HTMLReport c:\report.html

enjoy it..



Exchange Server 2010 Poster

Hello ppl ,

this morning I found a great poster , I think any messaging administrator must put it in his bed room , and has to have a look at it every night before sleep

Exchange Server 2010 Poster

Enjoy it 😛


Shut Down Exchange 2010 DAG member

by Gil Kreslavsky ..

While performing maintenance to Exchange 2010 DAG server you should first remove the DAG member from DAG group.Other wise you may have unwanted DB failovers and many other unexpected issue that may affect company mail services availability

Shutting Down DAG Members

The Exchange 2010 high availability solution is integrated with the Windows shutdown process. If an administrator or application initiates a shutdown of a Windows server in a DAG that has a mounted database that’s replicated to one or more DAG members, the system attempts to activate another copy of the mounted database prior to allowing the shutdown process to complete.

However, this new behavior doesn’t guarantee that all of the databases on the server being shut down will experience a lossless activation. As a result, it’s a best practice to perform a server switchover prior to shutting down a server that’s a member of a DAG.

The correct way to perform any maintenance is to run first  StartDagServerMaintenance.ps1 script that is located under “C:\Program Files\Microsoft\Exchange Server\V14\scripts”
This script moves all the active databases to next preferred DAG server and prevents active databases from moving to that server during the maintenance.
In addition the script ensures that all critical DAG support functionality that may be on this server has been moved to next proffered server

To run the script open EMC
cd $exscripts
StartDagServerMaintenance.ps1 -server YourServername

The script performs the following tasks on the background:

  • Runs the Suspend-MailboxDatabaseCopy cmdlet for each database copy hosted on the DAG member  with activationonly parameter .
  • Pauses the node in the cluster, which prevents the node from being and becoming the PAM.
  • Sets the value of the DatabaseCopyAutoActivationPolicy parameter on the DAG member to blocked
  • Moves all active databases currently hosted on the DAG member to other DAG members.
  • If the DAG member currently owns the default cluster group, the script moves the default cluster group (and therefore the PAM role) to another DAG member.

If any of the preceding tasks fails, all operations, except for successful database moves, are undone.

After the maintenance is complete and the DAG member is ready to return to serve clients you need to run the following script:

cd $exscripts
StopDagServerMaintenance.ps1 -server YourServername

The script performs the following tasks on the background:

  • Runs the Resume-MailboxDatabaseCopy cmdlet for each database copy hosted on the DAG member.
  • Resumes the node in the cluster, which enables full cluster functionality for the DAG member.
  • Sets the value of the DatabaseCopyAutoActivationPolicy parameter on the DAG member to Unrestricted

I highly recommend using  Start/StopDagServerMaintenanceInstalling maintainance scripts before any action that requiers server Reboot/ShutDown or Update Rollups instalation.

Most of the material has been taken from Managing Database Availability Groups MS article



High availability and Edge server role.

Many exchange experts prefer multiple Edge servers with external IP then creating multiple MX records. With same or different priority.

But what if you don’t have enough real IPs and you want High availability for Edge Server Role?

I have tried the following approach and its working nice:

I have used windows Network load balancing between edge servers then make the external firewall nating the inbound traffic to external IP to the virtual IP of the NLB, and make outgoing traffic from each edge server to go through the external real IP


Tags: ,