ECP and E-Discovery when having coexistence : Exchange 2013-2010-2007
ECP and E-Discovery when having coexistence : Exchange 2013-2010-2007
EAC - ECP:
If you’re in a coexistence scenario, where you’re running Exchange 2010 and Exchange 2013 in the same organization, and your mailbox is still on the Exchange 2010 Mailbox server, the browser will default to the Exchange 2010 ECP.
You can access the EAC by adding the Exchange version to the URL. For example, to access the EAC whose virtual directory is hosted on the Client Access server CAS15-NA, use the following URL: https://CAS15-NA/ecp?ExchClientVer=15
Conversely, if you want to access the Exchange 2010 ECP and your mailbox resides on an Exchange 2013 Mailbox server, use the following URL: https://CAS14-NA/ecp?ExchClientVer=14
From 2013 If we try to login using a mailbox: https://localhost/ecp
Which defaults to https://localhost/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2flocalhost%2fecp
The user will not be able to login and get the red line message. (If user does not have the permissions to access i.e. user is not member of ‘Exchange Organization Administrators’ group)
‘The user name or password you entered isn’t correct. Try entering it again'
The user will get 403 Page not found :( if the users mailbox is not on Exchange 2013 (i.e. the mailbox is on Exchange 2010 or Exchange 2007)
To login to the EAC when there is no mailbox on Exchange 2013:
If you are trying to access EAC for the first time and your mailbox is on Exchange 2010, you need to use the URL in the format: https://Exchange2013ServerName/ecp?ExchClientVer=15
This is because in a co-existence scenario, your mailbox is still on the Exchange 2010 mailbox server, the browser will default to the Exchange Server 2010 ECP
Note: if you want to access the Exchange 2010 ECP and your mailbox resides on an Exchange 2013 mailbox server, use the following URL: https://Exchange2010ServerName/ecp?ExchClientVer=14.
If you want to access it using user Mailbox (which is on 2007 or 2010 or 2013), you will have to add the account to the ‘Exchange Organization Administrators’ group so that it gets the necessary permissions.
We can create mailbox on 2013 using shell:-
Below snapshot shows the administrator mailbox in a coexistence scenario which is present on Exchange 2007.
To create new mailbox on Exchange 2013 using shell, note the Mailbox database name where you want to create the mailbox.
After you have Mailbox on 2013, we can directly login in 2013 EAC connecting to 2013 Server.
Now it works since the mailbox is on 2013.
EDiscovery:
If your organization adheres to legal discovery requirements (related to organizational policy, compliance, or lawsuits), In-Place eDiscovery in Microsoft Exchange Server 2013 and Exchange Online can help you perform discovery searches for relevant content within mailboxes.
In-Place eDiscovery uses the content indexes created by Exchange Search. Role Based Access Control (RBAC) provides the Discovery Management role group to delegate discovery tasks to non-technical personnel, without the need to provide elevated privileges that may allow a user to make any operational changes to Exchange configuration.
In Exchange 2010, the Microsoft Exchange system mailbox is an arbitration mailbox used to store organization-wide data such as administrator audit logs, metadata for eDiscovery searches (not search results), and Unified Messaging data, such as menus, dial plans, and custom greetings. The Microsoft Exchange system mailbox is named SystemMailbox{e0dc1c29-89c3-4034-b678-e6c29d823ed9} ; the display name is Microsoft Exchange.
Other accounts:
SystemMailbox{1f05a927-xxxx-xxxx-xxxx-xxxxxxxxxxxx} : where x is a random number/alphabet is the account is used for moderated transport.
FederatedEmail.4c1f4d8b-8179-4148-93bf-00a95fa1e042:is the account used for federated email.
When you upgrade your existing Exchange 2010 organization to Exchange 2013, you have to move the Microsoft Exchange system mailbox to a mailbox database on an Exchange 2013 Mailbox server. You should move this mailbox after you’ve installed and verified Exchange 2013.
Run the commands to check the mailbox information:
Get-Mailbox –Arbitration
Get-user -Arbiration
SystemMailbox{e0dc1c29-89c3-4034-b678-e6c29d823ed9} - This is Discovery system mailbox. In-Place eDiscovery uses this to store In-Place eDiscovery search metadata.
If the Discovery system mailbox is deleted accidentally, discovery managers will be unable to perform In-Place eDiscovery searches or manage existing searches. In this case, to enable eDiscovery functionality, you must re-create the Discovery system mailbox. Because system mailboxes aren't visible in the Exchange Administration Center (EAC) or in Exchange address lists, they are rarely deleted inadvertently.
If you create a search as below.
You will see that the task goes in queue and remains there.
Run Get-MailboxSearch to view the status.
For eDiscovery to work during the period when Exchange 2010 and 2013 coexist and later. You need to move this system mailbox "SystemMailbox{e0dc1c29-89c3-4034-b678-e6c29d823ed9}" to an Exchange 2013 server.
https://technet.microsoft.com/en-us/library/dn249849(v=exchg.150).aspx
You can do this using the EAC or through PowerShell:
Get-Mailbox -Arbitration "SystemMailbox{e0dc1c29-89c3-4034-b678-e6c29d823ed9}" | New-MoveRequest -TargetDatabase “Exchange 2013 Database Name”
Will complete in some time
Run the following command and ensure the Server and Database values refer to Exchange 2013:
Get-Mailbox -Arbitration “SystemMailbox{e0dc1c29-89c3-4034-b678-e6c29d823ed9}” | FL ServerName, Database
If you do not move this system mailbox to Exchange 2013, the following issues will occur when Exchange 2010 and Exchange 2013 coexist in your Exchange organization:
- Exchange 2013 tasks aren’t saved to the administrator audit log. When you run the Search-AdminAuditLog cmdlet or try to export the administrator audit log in the EAC, you’ll receive an error that says you can’t create an administrator audit log search because the system
mailbox, SystemMailbox{e0dc1c29-89c3-4034-b678-e6c29d823ed9}, is located on a server that isn’t running Exchange 2013. A Microsoft Exchange error with an Event ID of 5000 is also logged in the Windows Application log each time a command is run. - You can’t run eDiscovery searches using the EAC or the Shell in Exchange 2013. Mailbox searches can be created and queued, but they can’t be started. An error with an Event ID of 6 is logged in the MsExchange Management log, stating that the Start-MailboxSearch cmdlet failed. However, you can search mailboxes using the Shell and the Exchange Control Panel (ECP) in Exchange 2010.
When looking at the status of the e-discovery now you will see that it proceeds and finally gets the status completed.
The existing search request may fail:
If you start a new one it will be successful.
We are now able to see the preview search results option.
Other errors:
A) Error in ECP – 500 internal server error.
This could be because of services on backend. Check and start the information store service on backend and then do open ecp in new browser window.
B) Unable to execute the task. Reason: The discovery mailbox, a hidden default mailbox that is required to search mailboxes, can’t be found. It may have been inadvertently deleted. This mailbox must be re-created before you can search mailboxes.
Confirm both the System Mailbox and Discovery Search Mailbox exist.
Get-Mailbox –Arbitration
Re-Create the Discovery System Mailbox:
https://technet.microsoft.com/en-us/library/gg588318(v=exchg.150).aspx