Blog: Exchange 2016

I recently built a new VM with Windows Server 2016 and installed Exchange Server 2016. As part of hardening the server, I implemented our normal security header and cipher suite hardening steps. The Exchange Control Panel (ECP) appeared to function properly after these changes were implemented, but about a week later I found an issue where one of the less commonly used pages would not open. The page would not load the style sheets and you could not navigate to the page when using the FQDN from the local server. The page mostly worked when accessing it via https://localhost/ecp or from the FQDN outside the network.

During troubleshooting, I decided to remove the security headers to see if that would resolve the issue and it did. I determined that adding the X-Content-Type-Options security header broke some pages in ECP. The only option for X-Content-Type-Options is "nosniff", so there is no alternate value to set. Basically, the Exchange style sheets aren't specifying the content in the style sheets and "nosniffs" tells the browser not to guess the MIME types. I implemented all of the other common security headers, but did not implement X-Content-Type-Options.


I recently built new Exchange 2016 servers for a customer and needed to move all of the users' mailboxes to the new servers. When I initially issued the moved requests, the migrations were running about 10Mbps and only moving about 5 mailboxes at a time. There were about 700 users and 1.5TB of email, so obviously this was going to take a very long time I began researching how to increase the speed of mailbox migrations and found several settings that could be changed. Disabling content indexing allowed the migration to occur between 150Mbps and 200Mbps.

  • Disable content indexing on the target database
    • Set-MailboxDatabase "DatabaseName" -IndexEnabled:$False
      • Wait a few minutes for the content index to be disabled.
      • Verify content indexing is disabled by running Get-MailboxDatabaseCopyStatus
    • After mailboxes are migrated, the content index will need to be rebuilt
      • Set-MailboxDatabase "DatabaseName" -IndexEnabled:$True
      • Invoke-Command -ComputerName GES-EXCH1 {Stop-Service MSExchangeFastSearch; Stop-Service HostControllerService}
      • Delete old content index file from mailbox database folder
      • Invoke-Command -ComputerName GES-EXCH1 {Start-Service MSExchangeFastSearch; Start-Service HostControllerService}
      • Verify content indexing is enabled by running Get-MailboxDatabaseCopyStatus
        • Mail will need to be reindexed, so the status will be Crawling
  • Change the number of mailboxes that can be migrated at one time
    • Edit C:\Program Files\Microsoft\Exchange Server\V15\Bin\MsExchangeMailboxReplication.exe.config
    • Set the MaxActiveMovesPerSource and Target, and MaxActiveJobsPerSource and Target to desired values
    • Restart the Microsoft Exchange Mailbox Migration service
  • Create a new throttling policy

Resource: BitTitan Article - How do I disable the throttling policy on Exchange?