Who’s Hacking My Exchange OWA? Check with Log Parser 2.2

I am one of the few on the planet that still hosts my own servers in house. Sorry, but I don’t really see the benefit of moving everything to the cloud when keeping it in house allows me the control and flexibility I want. I especially like having an Exchange OWA server in house.

With that said, hosting your own systems can be troublesome as well. Maintaining the hardware, infrastructure and security are items that would get farmed out in a cloud environment. This post focuses on the security end, or rather attempting to track hack attempts.

In January, I sent up a trigger to alert me every time a user is locked out. -> Know instantly when a user is locked out <- Its a good read if you’re interested. This trigger reads the event logs, looks for the lockout event and sends the info to me via email. A great help in being proactive with my users. It also alerts me to hack attempts. Too many incorrect login attempts on OWA would trigger a lockout event. During a recent weekend, I was receiving lockout emails every 30 minutes. So who was doing this? What did they want?

How to check Exchange OWA IIS logs

Continue reading “Who’s Hacking My Exchange OWA? Check with Log Parser 2.2”

Exchange 2016 – ECP ERROR 500 – OWA Working Fine!

As an IT professional for over 20 years I have run into a lot of strange errors in my time. I also have an extensive home “production” lab so I can stay up to date on changes in tech and its fun! Recently I installed Exchange 2016 in a Hyper-V virtual machine. It was a simple migration from 2013. I was in the process of decommissioning an older Hyper-V host. Some of my guest vm’s were migrated while others were built from scratch.

I had  completed my migration and Exchange, OWA, & ECP were working just fine. About a month later I tried to access the ECP and was greeted with a 500 Error!

Tracking Down The Error

Continue reading “Exchange 2016 – ECP ERROR 500 – OWA Working Fine!”

Exchange 2016- EVENT ID 9646 – MoMT exceeded the maximum of 32 objects of type Session

Here is another issue I encountered during my Exchange 2016 migration. A hand full of users have been getting knocked out of public folders with an Event ID 9646 and they have exceed the max of 32 session objects. What the hell does that mean? Why only a few users?

Investigating Event 9646

The Monday after I migrated public folders to Microsoft’s new “Modern Public Folders” a hand full of users began calling me they were unable to access them. Their specific error was:

“Cannot expand the folder. Your server administrator has limited the number of items you can open simultaneously. Try closing messages you have opened or removing attachments and images from unsent messages you are composing.”

Continue reading “Exchange 2016- EVENT ID 9646 – MoMT exceeded the maximum of 32 objects of type Session”

My Experience Migrating to Exchange 2016

If you have ever taken the time to read my blog you would probably know by now that I am the IT director for a mid sized accounting firm in NJ. One project on my docket this year is to migrate from Exchange 2010 to Exchange 2016. This post is just going to be a basic log of what I encountered during my install. If you take the time to read this maybe you can find a useful tip to aid in your migration woes.

Having a small shop and wearing a lot of hats here in the office tends to create a slew of challenges. Most of the time I have a ton of projects brewing so focusing on one can be difficult at times. My migration to a new Exchange 2016 server will be gradual taking about 2 to 3 weeks to complete. During the initial setup I like to let certain steps “stew” overnight to make sure there are no disruptions. I also like to be sure I have a contingency plan to undo any unforeseen issues.

Is your directory active enough?

Continue reading “My Experience Migrating to Exchange 2016”