Outlook 2016 issues with many mailboxes and many folders

I had a huge problem at one of my clients. He has an Exchange 2016 CU8 with Windows 10 Clients and Outlook 2016 Build 8829 click-to-run. The customer has in total 20 mailboxes and all coworkers (5) in most cases have full access to each other. Some of the users have a big folder structure in the mailbox.

Outlook begins to stall while trying to access the mailboxes during startup of Outlook. If you look in the connection Details, you will see many connections to the different boxes and one or two lines where the VID/CID counts up really fast and changes the state between success and failure. Additionally, you see some garbage (random ASCII) in the mailbox name.

Big thanks to my collegue Wolle who is a geat Microsoft engineer. He found the issue which was causing the problem 🙂

The issue is caused because the user reaches the MAPI object and session limit of Exchange 2016. That is logged in „C:\Program Files\Microsoft\Exchange Server\V15\Logging\MapiHttp\Mailbox“ logs.

MoMTException:1246 (rop 1246) -> [TooManyObjectsOpenedException]
  Das Postfach /o=First Organization/ou=Exchange Administrative Group (XXXXXXXXXXXXXXXXXX)/cn=Recipients/cn=xxxxxxxxxxxxxxxxxxx-Customer
  kann nicht geöffnet werden. -> [MapiExceptionSessionLimit] Unable to open message store.

Additionally, the user runs into the MAPI limits due to the high access rate and the Exchange server begins to throttle down the connections.

These two things fixes the problems of my customer. Be aware that setting throttling to unlimited is typically not a good idea, but in this small environment it is okay.

In Exchange Powershell, create a new throttling policy and apply it to all affected mailboxes:

New-ThrottlingPolicy -Name "New Throttling" -RCAMAXConcurrency Unlimited
  
get-mailbox -name | set-mailbox -ThrottlingPolicy "New Throttling"

A new registry key to raise the MAPI objects limit and the maximum allowed sessions per user:

Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSExchangeIS\ParametersSystem\MaxObjsPerMapiSession]
"objtMessage"=dword:000005dc

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSExchangeIS\ParametersSystem]
"Maximum Allowed Sessions Per User"=dword:00000080

After changing the Limit, you must restart the Exchange Information Store service.

Additional information:

https://social.technet.microsoft.com/Forums/windows/en-US/f5752a11-0cea-4849-abc3-65f6c1c2f6b0/exchange-2016-mapiexceptionsessionlimit?forum=Exch2016GD

 

NGINX Reverse Proxy für Exchange 2016

Folgende Pakete müssen auf einem Ubuntu 16.04 LTS installiert werden:

apt install nginx nginx-extras

Die Konfiguration wird abgelegt unter /etc/nginx/conf.d/exchange.conf

Folgende Dinge müssen angepasst werden:

  • DNS Name unter dem OWA etc. erreichbar sein soll z.B. mail.example.org
  • Autodiscover DNS Name z.B. autodiscover.example.org
  • Interner Exchange Server z.B. exchange-server.example.internal
server {
    listen 80;
    server_name mail.example.org autodiscover.example.org;
    return 301 https://$host$request_uri;
}

server {
    tcp_nodelay on;
    listen 443;
    ssl                     on;
    ssl_certificate /etc/ssl/certs/star.example.org.pem;
    ssl_certificate_key /etc/ssl/private/star.example.org.key;

    ssl_session_timeout     5m;
    server_name mail.example.org;

    location / {
            return 301 https://mail.example.org/owa;
    }

    proxy_http_version      1.1;
    proxy_read_timeout      360;
    proxy_pass_header       Date;
    proxy_pass_header       Server;
    proxy_pass_header       Authorization;
    proxy_set_header        Host $host;
    proxy_set_header        X-Real-IP $remote_addr;
    proxy_set_header        X-Forwarded-For  $proxy_add_x_forwarded_for;
    proxy_pass_request_headers on;
    more_set_input_headers 'Authorization: $http_authorization';
    proxy_set_header Accept-Encoding "";
    more_set_headers -s 401 'WWW-Authenticate: Basic realm="exchange-server.example.internal"';
    # proxy_request_buffering off;
    proxy_buffering off;
    proxy_set_header Connection "Keep-Alive";

    location ~* ^/owa { proxy_pass https://exchange-server.example.internal; }
    location ~* ^/Microsoft-Server-ActiveSync { proxy_pass https://exchange-server.example.internal; }
    location ~* ^/ecp { proxy_pass https://exchange-server.example.internal; }
    location ~* ^/rpc { proxy_pass https://exchange-server.example.internal; }
    location ~* ^/autodiscover { proxy_pass https://exchange-server.example.internal; }
    location ~* ^/oab { proxy_pass https://exchange-server.example.internal; }

    error_log /var/log/nginx/exchange-rproxy-ssl-error.log;
    access_log /var/log/nginx/exchange-rproxy-ssl-access.log;
}

Ob alles einwandfrei Funktioniert lässt sich über einen Webservice von Microsoft testen:

https://testconnectivity.microsoft.com/

 

Quellen:

Viel Spaß 😉