1007 AccessDenied: Access Denied when trying to renew Federation Certificate

The 1007 AccessDenied event is usually tied to a time skew issue and that should always be confirmed before proceeding, however, that is also the error you will get when you try to renew a federation certificate in Exchange, when the old certificate has already exceeded the expiration date. Scenario I am trying to replace…


Shared Free/busy between two untrusted forests failing in one or both directions

In a recent case, I found a pretty common mistake many customers make when setting up their free/busy sharing between two untrusted orgs or more appropriately, when they set up their trusted and intermediate certs for their target domains. Scenario: Contoso and WingTipToys are two partner companies with no forest trust between them that want to…


Unable to expand legacy onPrem Public Folders with O365 account

I have been seeing a few scenarios lately where users who log into Exchange using an account other than the OnPrem User Principal Name (UPN) are running into various difficulties. Today we will focus on one of those scenarios. We will discuss how we figured it out and what needs to be done to get the desired functionality….


Microsoft Filtering Management Service won’t start on Exchange 2013

Issue In a recent case, the transport service on an exchange 2013 server was failing to start due to a dependency failure (Error 1068: The dependency service or group failed to start). As it turned out, it was dependent on the Microsoft Filtering Management Service (FMS.exe), and that was the service that was having trouble…


Mitigating Mail Loops when using Auto Reply in Exchange 2010

Symptoms When you enable Auto Reply for the Default(*) Remote Domain in Exchange 2010, you are increasing the risk of causing a mail loop. Cause When you send an auto reply to a message, and the recipient has either an auto-reply or Out Of Office set, their reply can cause your auto-reply to send another…


Moving Queue Database to a Different Exchange Server

Recently, a customer asked me if there was a way to bulk move all of a pending queue from one server to another. The only documentation I could find on this had you exporting the queue to .eml files and replaying them by dropping them in the pickup folder. That is fine and dandy, but…