Exchange Error: The handshake failed due to an unexpected packet format

A customer reported inoperative IMAP functionality for some user mailboxes. I checked all CAS servers and discovered the following issue with one of them:

[PS] C:\>Test-ImapConnectivity -ClientAccessServer ServerEx10a|fl

RunspaceId                  : ad18027f-3e0f-44c2-a192-ff24b54e0680
LocalSite                   : Contoso-office
SecureAccess                : False
VirtualDirectoryName        :
Url                         :
UrlType                     : Unknown
Port                        : 993
ConnectionType              : Ssl
ClientAccessServerShortName : ServerEx10a
LocalSiteShortName          : Contoso-office
ClientAccessServer          : ServerEx10a.contoso.net
Scenario                    : Test IMAP4 Connectivity
ScenarioDescription         : Connect to server using IMAP4 protocol, search for the test message, and delete it along
                              with any messages that are older than 24 hours.
PerformanceCounterName      : ImapConnectivity-Latency
Result                      : Failure
Error                       : Microsoft.Exchange.Monitoring.ProtocolException: Authentication failed. The connection is
                               being closed.
                              The handshake failed due to an unexpected packet format.Server response while making conn
                              ection:[]. ---> System.IO.IOException: The handshake failed due to an unexpected packet f
                              ormat.
UserName                    : extest_f865f9d53e494
StartTime                   : 2/13/2014 9:11:03 AM
Latency                     : 00:00:00.0144858
EventType                   : Error
LatencyInMillisecondsString :
Identity                    :
IsValid                     : True

Error “Microsoft.Exchange.Monitoring.ProtocolException: Authentication failed. The connection is being closed. The handshake failed due to an unexpected packet format. Server response while making connection:[]. —> System.IO.IOException: The handshake failed due to an unexpected packet format.” was due to the missing intermediate certification authority (CA) certificate. I unified the cert (export/import) among CAS servers to get it fixed.

4- 3- 2014 21-07-41Exchange 2010 – Understanding POP3 and IMAP4

Advertisements

Exchange Error: Exception has been thrown by the target of an invocation

Microsoft Exchange error “Exception has been thrown by the target of an invocation” indicates issues for background process to modify the settings of existing mailbox object.4- 3- 2014 20-31-20In my case, I could not enable an email address policy for a user mailbox. It was caused by wrong declaration of %rxy and replacing subsequent characters in the policy (missing r character).

Exchange 2013 – Email Address Policies

KB822447 – How to Modify an SMTP E-Mail Address by Using Recipient Policies

Migration of receive connectors from Exchange 2007/2010 to Exchange 2013

I have recently came to a need to migrate many receive connectors from Exchange 2010 to Exchange 2013. I helped myself by creating a function, which migrates all connectors from one server to another. Connectors with same settings (bindings, Remote IP ranges and port) are skipped. Function doesn’t automatically grant anonymous relay permission, because I think it is worth setting manually after check of migrated connectors, since almost all environments are messy :).

Don’t forget, that there is major architecture change in Exchange 2013! All external e-mails should flow via FrontEndTransport service! The detailed description with consequences is mentioned here:

http://blogs.technet.com/b/rischwen/archive/2013/03/13/exchange-2013-mail-flow-demystified-hopefully.aspx

Description:

  • Connectors are listed from selected server
  • Default connectors are skipped
  • If you use server name in FQDN for some reason, please check FQDN manually after transfer
  • Connectors are being created with WhatIf parameter to keep admin informed of the changes
  • Admin can confirm, that connectors should be created if output is OK, if not, admin can skip
  • All tasks are recorded in Transcript (default location)
function Transfer-ReceiveConnectors ($source, $destination, $bindings, $transportrole){
$OldServer = $source
$NewServer = $destination
Write-Host "Transrtipt will be started."  -foregroundcolor "yellow"
start-transcript

Write-Host "Getting receive connectors..."  -foregroundcolor "yellow"
[array]$ReceiveConnectors = Get-ReceiveConnector -Server $OldServer | Where {$_.Name -notlike "Default $($OldServer)" -and $_.Name -notlike "Client $($OldServer)"} 

Write-Host "Testing creation of receive connectors..."  -foregroundcolor "yellow"
$ReceiveConnectors | foreach {
Write-Host "Testing: $($_.name)"  -ForegroundColor "blue" -BackgroundColor "White"
                New-ReceiveConnector -MaxAcknowledgementDelay $_.MaxAcknowledgementDelay -FQDN $_.fqdn -TransportRole $transportrole -Bindings $bindings -Name $_.Name -AuthMechanism $_.AuthMechanism -RemoteIPRanges $_.RemoteIPRanges -Banner $_.Banner -ChunkingEnabled $_.ChunkingEnabled -DefaultDomain $_.DefaultDomain -DeliveryStatusNotificationEnabled $_.DeliveryStatusNotificationEnabled -EightBitMimeEnabled $_.EightBitMimeEnabled -DomainSecureEnabled $_.DomainSecureEnabled -LongAddressesEnabled $_.LongAddressesEnabled -OrarEnabled $_.OrarEnabled -Comment $_.Comment -Enabled $_.Enabled -ConnectionTimeout $_.ConnectionTimeout -ConnectionInactivityTimeout $_.ConnectionInactivityTimeout -MessageRateLimit $_.MessageRateLimit -MaxInboundConnection $_.MaxInboundConnection -MaxInboundConnectionPerSource $_.MaxInboundConnectionPerSource -MaxInboundConnectionPercentagePerSource $_.MaxInboundConnectionPercentagePerSource -MaxHeaderSize $_.MaxHeaderSize -MaxHopCount $_.MaxHopCount -MaxLocalHopCount $_.MaxLocalHopCount -MaxLogonFailures $_.MaxLogonFailures -MaxMessageSize $_.MaxMessageSize -MaxProtocolErrors $_.MaxProtocolErrors -MaxRecipientsPerMessage $_.MaxRecipientsPerMessage -PermissionGroups $_.PermissionGroups -PipeliningEnabled $_.PipeLiningEnabled -ProtocolLoggingLevel $_.ProtocolLoggingLevel -RequireEHLODomain $_.RequireEHLODomain -RequireTLS $_.RequireTLS -EnableAuthGSSAPI $_.EnableAuthGSSAPI -ExtendedProtectionPolicy $_.ExtendedProtectionPolicy -SizeEnabled $_.SizeEnabled -TarpitInterval $_.TarpitInterval -Server $NewServer -WhatIf
        } 
Write-Host "If output is expected and you want to create connectors, please type Y."  -foregroundcolor "yellow"
$Continue = read-host "Please confirm: "
if ($continue -eq "Y"){
        $ReceiveConnectors | foreach {
                New-ReceiveConnector -MaxAcknowledgementDelay $_.MaxAcknowledgementDelay -FQDN $_.fqdn -TransportRole $transportrole -Bindings $bindings -Name $_.Name -AuthMechanism $_.AuthMechanism  -RemoteIPRanges $_.RemoteIPRanges -Banner $_.Banner -ChunkingEnabled $_.ChunkingEnabled -DefaultDomain $_.DefaultDomain -DeliveryStatusNotificationEnabled $_.DeliveryStatusNotificationEnabled -EightBitMimeEnabled $_.EightBitMimeEnabled -DomainSecureEnabled $_.DomainSecureEnabled -LongAddressesEnabled $_.LongAddressesEnabled -OrarEnabled $_.OrarEnabled -Comment $_.Comment -Enabled $_.Enabled -ConnectionTimeout $_.ConnectionTimeout -ConnectionInactivityTimeout $_.ConnectionInactivityTimeout -MessageRateLimit $_.MessageRateLimit -MaxInboundConnection $_.MaxInboundConnection -MaxInboundConnectionPerSource $_.MaxInboundConnectionPerSource -MaxInboundConnectionPercentagePerSource $_.MaxInboundConnectionPercentagePerSource -MaxHeaderSize $_.MaxHeaderSize -MaxHopCount $_.MaxHopCount -MaxLocalHopCount $_.MaxLocalHopCount -MaxLogonFailures $_.MaxLogonFailures -MaxMessageSize $_.MaxMessageSize -MaxProtocolErrors $_.MaxProtocolErrors -MaxRecipientsPerMessage $_.MaxRecipientsPerMessage -PermissionGroups $_.PermissionGroups -PipeliningEnabled $_.PipeLiningEnabled -ProtocolLoggingLevel $_.ProtocolLoggingLevel -RequireEHLODomain $_.RequireEHLODomain -RequireTLS $_.RequireTLS -EnableAuthGSSAPI $_.EnableAuthGSSAPI -ExtendedProtectionPolicy $_.ExtendedProtectionPolicy -SizeEnabled $_.SizeEnabled -TarpitInterval $_.TarpitInterval -Server $NewServer -verbose
                }
       Write-Host "Completed!"  -foregroundcolor "green"
}else {Write-Host "Aborted!"  -foregroundcolor "red"}
Stop-TranScript
}

Function can be called by the following cmdlet:

Transfer-ReceiveConnectors <SOURCE_SERVER> <TARGET_SERVER> <BINDINGS> <ExchangeTransportRole>

Examples:

Transfer-ReceiveConnectors EX2010 EX2013 0.0.0.0:25,[::]:25 FrontEndTransport
Transfer-ReceiveConnectors EX2010 EX2013 192.168.1.25:25 HubTransport

Exchange Tip: Double quotation marks

MS support requested to modify the time limit of a cross-forest AutoDiscover operation via the RecipientResolutionTimeoutInSeconds property (KB928812). Just adding the following line into Web.config was needed:

1- 3- 2014 12-27-28The line added and the availability service destroyed (affected OoO, free/busy, Autodiscover).

It was caused by an invalid form of double quotation marks (despite copy/paste through notepad).

Bear in mind to update config files carefully and double check related syntax. Use only supported double quotation marks " and omit  ” ‟ “ ″ .