Wednesday, July 18, 2018

Kernel for Exchange Server Recovery - Product Review

In this product review, we will have a look at version 18.2 of Kernel for Exchange Server from Lepide Software’s sister company, Kernel Data Recovery.

Lepide Software is known company in the IT arena. Its Kernel range of products include popular solutions for data recovery, database recovery, file repair, email migrations, email recovery, and more. Kernel for Exchange Server is primarily an Exchange mailbox database recovery tool. It helps admins easily recover mailbox content (emails, attachments, contacts, calendars, and tasks) after any event of Exchange disruption or corruption. Besides being able to convert an EDB file to PST, it can migrate mailboxes from offline EDB files to a live Exchange environment or even to Office 365 mailboxes (including archive mailboxes and public folders). Some of its features include:
  • Extraction of mailbox data from inaccessible EDB files to PST;
  • Extraction of data to MSG, EML, TXT, RTF, or HTML formats;
  • Migration of mailboxes from offline or online databases to Exchange and Office 365;
  • Migration from IMAP servers (like Gmail, Yahoo, Hotmail, and GroupWise) to PST, live Exchange Server, or Office 365 mailbox;
  • Export Office 365 mailboxes to Office 365 mailboxes or PST;
  • Fully compatible with Microsoft Outlook 2016 & Exchange Server 2016, as well as all prior versions;
  • In-built backup extractor to recovery EDB files from NT Backup and VERITAS backups.

So let’s start by looking at how we install this tool.

Installing Kernel for Exchange Server
Before downloading and installing Kernel for Exchange Server, make sure your system fulfils the following prerequisites:
  • Processor: minimum dual-core processor (quad-core recommended);
  • RAM: minimum 4 GB (8 GB recommended);
  • Disk: minimum 200 MB free disk space;
  • Windows Operating System: either 32 or 64-bit of Windows 7 or above, or Windows Server 2003 or above;
  • Outlook: Outlook 2000 or above;
  • Exchange: Exchange Server 2000 or above;
  • Supported Virtual Environments: VMware Server 1.0x (or above), VMware Workstation v6.0x (or above), VMware ESX 4.0 (or above), Hyper-V, and Microsoft Virtual PC 2007.

Start by downloading Kernel for Exchange Server software from this webpage and save it locally. Once you have the installer file, follow these steps:
1.       Double-click the Kernel for Exchange Server’s installer file. It will initiate the installation process with the following setup wizard:

2.       Click Next to proceed. Read the license agreement carefully and then select I accept the agreement:

3.       Click Next to continue to the next dialog box. This will display the wizard to change the destination location:

4.       The default installation location is %ProgramFiles%\Kernel for Exchange Server for 32-bit and %ProgramFiles(x86)%\Kernel for Exchange Server for 64-bit Windows OS. You can click Browse to change the location if desired. Once you’re done, click Next;
5.       If required, change the location of the shortcuts folder in the Start Menu:

6.       Click Next to proceed to the next steps, where you have the option of creating icons in the desktop and Quick Launch bar for easy access:

7.       Click Next to proceed;
8.       Setup is now ready to start the installation process. Click Install:

9.       Once the installation is complete, click Finish to complete the installation process:

10.    If you have checked the Launch Kernel for Exchange Server option, then the software’s main screen will appear:

Here we can see that this product has a very clean, modern and easy to use user interface.

Using Kernel for Exchange Server
The first step to use the software, is to select a source from which we want to retrieve/recover data from. This can be any of the following:
·       An offline Exchange EDB file;
·       A live Exchange environment, from which we can select:
o   A single mailbox;
o   Public Folders;
o   Archive mailbox;
o   Multiple mailboxes;
o   An Outlook profile to add a single mailbox as a source.
·       Gmail, Yahoo, Novell GroupWise, or other email accounts using an existing Outlook Profile;
·       Office 365:
o   A single mailbox;
o   Public Folders;
o   Archive mailbox;
o   Multiple mailboxes,
o   An Outlook profile to add a single mailbox of Office 365 as a source.

Let’s start with a corrupted EDB file and then have a look at Office 365.

EDB Files as a Source
An unmounted and offline EDB file can be added as a source. Kernel for Exchange Server scans the EDB file for possible errors, fixes them, retrieves its data, and then allows us to export it to a PST file or transfer it to another Exchange mailbox for example.

For this test, I have an EDB file in a Dirty Shutdown state:

So, let’s see how Kernel for Exchange Server deals with it. To add it as a source:
1.       We start by clicking on Add Source... or on Offline EDB;
2.       We select the Offline EDB File option and click Next:

3.       There are two ways of adding one or more EDB files: we can select the EDB file manually by clicking on ... and select the location where the EDB file is stored, or we can search for EDB files using the Search button. While scanning EDB files, the temporary scanning data and logs are stored in the Temp Path directory.

4.       Next, we must choose between the two types of EDB scanning:
a.       Standard Scan should be used when the EDB file is not severely corrupted or if we just want to migrate the data from a working offline EDB file to any destination. If the EDB cannot be recovered using this method, then the software will switch to Deep Scan;
b.      Deep Scan is for severely corrupted EDB files, or those very large sized. This scan will take longer but should retrieve most data from the EDB file.
5.       In some cases, where the EDB file is severely corrupted, the From field of emails either shows an ambiguous value or are blank. Therefore, it is advised to check the box titled Use message table to get "From" field:

6.       Click Next to start the scanning. Once complete, the following dialog box is displayed:

7.       Click Finish button to complete the process;
8.       After completing the process, the selected offline EDB file(s) is displayed under Source List, together with all the mailboxes it holds:

From here, we can explore the mailboxes in the EDB file and, if Outlook is installed, preview their content, such as calendar entries, contacts, emails, and so on:

Extracting one or more items is straightforward. We simply select the one(s) we want to extract, right-click on them and select one of the desired options:

If we are exporting emails, we can select the location where to export them to, in which format we want those emails saved as, and if we want to keep their folder hierarchy:

Once the process is complete, we are notified:

Exporting to PST
Now that we have access to the data inside the EDB file, we can extract to PST file(s) using two different methods. One way is to click on PST File in order to create a blank PST file as a destination, which we can use to drag-and-drop items into. We select Create New PST File:

Chose a location and a name for it:

And click Next to create it and add it as a Destination:

We now have the EDB file as a Source and our newly created PST as a Destination. As the tip in the main screen suggests, we can now simply drag-and-drop items (be that emails, calendar items, contacts, and so on) from our EDB to our PST file:

The second method allows us to easily export one or more mailboxes to PST. To use this method, we right-click on our source and select Export Mailboxes to PST...:

From here, we can select which mailboxes we want to export, and all of them will have their own PST file:

We can also manually select which folders we want to export for each mailbox. A downside is that, by default, it also extracts all the system folders that are typically hidden from users, and those are generally not needed... We can use the Custom Selected option, which allows us to filter out all the system folders we don’t want to extract and apply that filter to all mailboxes:

Using the Set Filter option, we can easily decide which item types we want to extract, and which ones we want to ignore. We can also filter items based on their creation time. A really good feature indeed.

Once we are happy with our selection(s) and filters, we click Export and the process begins:

Once complete, we get a report stating how many items were exported per folder, if any duplicates were found, and some more details:

Office 365
Office 365 can be used both as a source or as a target. As a requirement, we need an account with the following rights in Office 365/Exchange Online:
·       A Global Administrator;
·       Full Access permission over all the Office 365 mailboxes we want to work on.

After establishing the connection, we can use Single Mailbox, Multiple Mailboxes, Public Folders, and Archive Folders as sources or targets. We can then export/import data from/to mailboxes in Exchange Online. For example, we can connect to a mailbox on-premises using the Live Exchange option (source), connect to a mailbox in Exchange Online using the Office 365 option, and then migrate the mailbox’s content from on-premises to the cloud. It is also possible to export Office 365 mailbox items to EML, DBX, and PST files.

After selecting Office 365 (Exchange Online) option, click Next:

Select an option to specify what you want to connect to. Either:
1.       Connect Single Mailbox;
2.       Connect Public Folder;
3.       Connect Archive Mailbox;
4.       Connect Multiple Mailboxes.

Enter the user name and password of a user account that has full rights over the selected mailbox(s) or public folder(s). The strange thing here, is that we need an Outlook profile (at least when using Outlook 2016) created with the user that has full access to the mailboxe(s) we want to import data into. This means the Use existing outlook profiles option must be selected as Kernel for Exchange Server will use Outlook and a MAPI connection to import data. Since Outlook is used, why do we need to specify credentials and a server name? After all, Outlook will take care of all of that with the profile we must create...

Click OK after you have created the required profile and entered all the mandatory details:

If the tenant has multiple mailboxes, then the wizard shows the list of all mailboxes:

Check the mailbox(s) you want to add as a source or target, and click Next;
All the selected mailboxes are then added (in this case to the target/destination pane):

From here, it’s easy to import data into the mailbox by dragging items from a source like an offline EDB file, a live Exchange mailbox, or even from another Office 365 mailbox.

Although it’s possible to use Kernel for Exchange Server to perform mailbox migrations from an on-premises live Exchange environment to Office 365, for example, it is important to keep in mind that this tool has been primarily designed as an Exchange mailbox database recovery tool. With that in mind, it performs great in that field. It can easily recover data from inaccessible EDB files, and export that data to PSTs or to a myriad of other formats or targets. As a bonus, it is also capable of performing basic migrations, which can come in handy in some situations.

Tuesday, April 10, 2018

Exchange Online Mailbox Audit Improvements: UpdateFolderPermissions

A few weeks ago, Microsoft added a new action to the Exchange mailbox auditing: UpdateFolderPermissions. As the name suggests, when this action is being logged, it records changes to folder permissions, be that Owner, Delegates, or Admin.

Microsoft has updated the default mailbox audit configuration to include the UpdateFolderPermissions action. In the following screenshot, we can see that auditing has not been enabled for the ServiceDesk shared mailbox, but UpdateFolderPermissions is part of the default auditing configuration for all 3 access types:

Existing mailboxes that have not deviated from the default configuration will be automatically updated to include the UpdateFolderPermissions action. My own mailbox has had the default auditing settings enabled for a long time, and now UpdateFolderPermissions was automatically added as well:

With mailbox audit configured with this action, we will find records in the audit logs when permissions of folders are added, deleted or modified. These records can be found both in the unified audit log:

Or in the mailbox audit log through the Search-MailboxAuditlog cmdlet.

In the following screenshot, we are searching the mailbox audit logs for the AddFolderPermissions action. Using these logs, we can see that I (LogonType: Owner) used OWA to give ServiceDesk Owner rights to my Clutter folder, and that I used Outlook to give them Reviewer rights to my Archive folder:

Besides AddFolderPermissions, we can also track ModifyFolderPermissions and RemoveFolderPermissions actions:

Friday, March 16, 2018

The Microsoft Exchange Mailbox Replication service was unable to process jobs in a mailbox database - EventID 1006

After deleting a mailbox database from Exchange 2013 in one of my test environment, I was getting the following warning in the Application log of the server hosting that database:
Log Name:      Application
Source:        MSExchange Mailbox Replication
Date:          3/13/2018 7:16:44 AM
Event ID:      1006
Task Category: Service
Level:         Warning
Keywords:      Classic
User:          N/A
Description:   The Microsoft Exchange Mailbox Replication service was unable to process jobs in a mailbox database.
Database: Missing database (a435e9be-b010-400d-9d56-659065d6c9df)
Error: Database 'a435e9be-b010-400d-9d56-659065d6c9df' doesn't exist.

After running the cmdlet below, I confirmed that the database mentioned in the warning didn’t exist (so it was safe to assume it was the one I deleted):
Get-MailboxDatabase | FT Name, GUID -Auto

Most of the times, you can resolve this by simply restarting the Microsoft Exchange Mailbox Replication service or the Information Store service. Alternatively, rebooting the server will stop the warning since all the required services will be restarted.

Friday, March 9, 2018

Understanding Office 365 Exchange Online migration endpoints

For a few years now, Microsoft has provided pretty much the same types of migration for organizations to use to migrate email data to Exchange Online in Office 365 from on-premises messaging systems, be that Exchange or not. Additionally, end users themselves can also import their own email, contacts, and other mailbox information to an Office 365 mailbox created for them, but that’s typically only used in very small migrations.

Part of the migration process, excluding some third-party migrations, is the configuration and use of one or more Exchange Online migration endpoints. These are simply a connector from Office 365 to the on-premises email system, and that’s what this article focuses on.

To read the full article, please head over to TechGenix or click on this link: Understanding Office 365 Exchange Online migration endpoints.

Friday, December 15, 2017

Search-MessageTrackingReport Error: You aren't authorized to perform the search

We can use the Search-MessageTrackingReport cmdlet to retrieve the message tracking report for a particular email. With this report ID, we can then pass it on to the Get-MessageTrackingReport cmdlet to get the full tracking information for that email.
However, if you are not used to these cmdlets, you might come across the following error when running your search:
Search-MessageTrackingReport -Recipients

You aren't authorized to perform the search. You need to have permissions to search for the sender of the message or for every recipient specified.

This is because, by default, users can only track messages that they send or receive from their own mailbox. To overcome this error, simply use the BypassDelegateChecking switch which allows us to track messages for any user.

Sunday, October 15, 2017

Exchange Mailbox Move History

A common task amongst many Exchange administrators around the world is moving users’ mailboxes between databases. This could be to move the user to a database with a higher quota limit, because the user moved to a different location so we want to move his mailbox to an Exchange server closer to his new location, simply because of an Exchange transition/migration, or for many other reasons.

Whatever the case might be, Exchange keeps track of these mailbox moves in case we need to find out, for example, where a mailbox was located before. To access this information, we need to run the Get-MailboxStatistics cmdlet against the mailbox we want to check and use the IncludeMoveHistory switch, such as follows (some output has been removed for brevity):
Get-MailboxStatistics nuno –IncludeMoveHistory | FL
(Get-MailboxStatistics nuno –IncludeMoveHistory).MoveHistory

Status                           : Completed
Flags                            : IntraOrg, Pull
SourceDatabase                   : MDB2
SourceVersion                    : Version 14.3 (Build 224.0)
SourceServer                     :
SourceArchiveDatabase            :
SourceArchiveVersion             : Version 0.0 (Build 0.0)
SourceArchiveServer              :
TargetDatabase                   : MDB01
TargetVersion                    : Version 15.0 (Build 1076.0)
TargetServer                     :
TargetArchiveDatabase            :
TargetArchiveVersion             : Version 0.0 (Build 0.0)
TargetArchiveServer              :
BadItemLimit                     : 0
BadItemsEncountered              : 0
LargeItemLimit                   : 0
LargeItemsEncountered            : 0
QueuedTimestamp                  : 6/18/2017 12:51:20 PM
StartTimestamp                   : 6/18/2017 12:51:26 PM
FinalSyncTimestamp               : 6/18/2017 12:52:17 PM
CompletionTimestamp              : 6/18/2017 12:55:16 PM
OverallDuration                  : 00:03:55.2744307
TotalFinalizationDuration        : 00:02:57.7932767
TotalSuspendedDuration           : 00:00:00
TotalFailedDuration              : 00:00:00
TotalQueuedDuration              : 00:00:00.7499765
TotalInProgressDuration          : 00:03:54.5244542
TotalStalledDueToHADuration      : 00:00:00
TotalTransientFailureDuration    : 00:00:00
MRSServerName                    :
TotalMailboxSize                 : 51.25 MB (53,742,458 bytes)
TotalMailboxItemCount            : 669
Message                          :
FailureTimestamp                 :
Report                           :

“The IncludeMoveHistory switch specifies whether to return additional information about the mailbox that includes the history of a completed move request, such as status, flags, target database, bad items, start times, end times, duration that the move request was in various stages, and failure codes.”

The number of moves that are kept in Exchange will depend what version of Exchange you are running. For Exchange 2010 the default value is 2 while for 2013 it is 5. However, this number can be customized by editing the Mailbox Replication Service (MRS) configuration. To do this, open the MsExchangeMailboxReplication.exe.config file, which by default is located at C:\Program Files\Microsoft\Exchange Server\V15\Bin, using Notepad with Admin rights. Then, go to the MRSConfiguration section and update the MaxMoveHistoryLength setting with a value between 0 and 100.

To get a higher level of detail, we can instead use the IncludeMoveReport switch. This switch specifies whether to return a verbose detailed move report for a completed move request, such as server connections and move stages.

Sunday, September 17, 2017

Outlook Calendar Sharing Error Message

When you use Outlook to share a calendar with another user, you might get one of the following errors:
  • Calendar sharing is not available with the following entries because of permission settings on your network;
  • You cannot request to share calendars with the following people because of permission settings on your network.

This typically happens when users type the recipients’ email address or use the address from their cached addresses. When this happens, clear the cached entry for the user, click the TO button and select the intended recipient(s) from the address book.

Emails disappear from Outlook Inbox after being read

It is not the first time that users or clients come to me complaining that as soon as they read an email in their Inbox folder in Outlook, the email disappears when they select another email or folder.

Every time this is caused by the user (somehow!) creating a view filter to only display unread emails:

Once the filter is removed, everything is back to normal!