Graph and PowerShell Blog

While I have yet to remove all the relayed emails via my on-prem Exchange 2016 servers, I decided it was to start planning for the scenario 2 decommissioning of Exchange.

Originally I was going to install Exchange 2019, but there were a few reasons not to:

With Exchange 2019 you need a minimum of 64GB RAM for even just the transport role. Azure hosting is very expensive past 16GB.

While it was originally planned just to turn off the server, the customer had a requirement to restore backups from tape up until Exchange 2016/19 goes end-of-life in October 2025. The restore server Exchange version must match the version of the backup.

So this only left Exchange 2016 as an option, this also means Windows Server 2016 is also the only option for OS. For now, until October 2025, I will keep the server off except for monthly updates and any restore requests that come in.

With the requirements decided it was time to install and configure Exchange, but when I went to install I came across a few problems:

Issue 1: my manager is trying to restrict access from the Landing Zone to LAN as much as possible but with Exchange you need to have unrestricted access to other Exchange servers and Domain Controllers no matter what AD site they reside in. It took a bit of convincing just to get the rule to allow unrestricted access to other Exchange servers.

When I went to install Exchange I got an error at the Mailbox Transport section. Once this happened I got the firewall admin to change the rule to include Domain Controllers, but still, I got the same error when resuming the install, even a reboot wouldn't help.

Topology Provider coundn't find the Microsoft Exchange Active Directory Topology service on end point 'TopologyClientTcpEndpoint (localhost)'.

After researching I found the best option was to uninstall what was there via the command prompt, then install again via command prompt. This worked for the most part until I ran into issue 2.

[Elevated Command Prompt]
=========================
# Uninstall
Setup.exe /mode:Uninstall /IAcceptExchangeServerLicenseTerms_DiagnosticDataOFF

(reboot server)

# Install
Setup.exe /mode:Install /Roles:Mailbox /IAcceptExchangeServerLicenseTerms_DiagnosticDataOFF

Issue 2: the server requirements for an Exchange 2016 with Mailbox role calls for a minimum 8GB of RAM. To cut down on running costs we went for an image with 8GB, but I found out on the install that the server had reached a critical lack of memory just as Exchange was on the finishing up part. After a reboot there were still issues with memory so I asked the Azure admin to change the image to a 16GB version.

↑ Exchange 2016 doesn't really work with 8GB of memory.

Issue 3: Other Firewall Rules
As explained in Issue 1, we need the Exchange server to be able to talk to all other Exchange servers and Domain Controllers, no matter what AD Site they are in. But what about the Exchange Management Tools, what ports do they need?

Management Server to Exchange:
Port 80 - PowerShell
Port 445 - SMB so I can check on the server health

Management Server to Domain Controller:
Domain Controller Port 9389 - you will want to make Exchange changes to the local DC

Ref - https://www.alitajran.com/an-incomplete-installation-was-detected-when-uninstalling-exchange/

Graph and PowerShell Blog	Articles 2024 Advanced Postfix configuration Installing Exchange 2016 in Azure Landing Zone Upgrading PHP on Windows Adding a Postfix server for relay to O365 O365 Integrated Apps troubleshooting Domino and O365 Co-existence Delegate Control in AD App mail relay via HVE Setting up Mail Relay with HVE Getting BIMI certified Orbea Occam SL H30 Installing FreeSat and Saorview Changing broadband provider Replacing a DIN timer on fuseboard Outlook Desktop Notifications stop working Outlook folders keep moving sort order Teams report uploading to SharePoint with Runbooks Teams PowerShell module can't run CS cmd as App 2023 Cannot map new Shared Mailboxes in O365 Renewing an Exchange 2016 certificate Connect to Compliance PowerShell behind a Proxy Sensitivity Label not shown in Outlook Client Room Finder Error in Outlook Teams not showing Rooms Teams unable to open file Unable to review quarantined mails for shared mailbox Set Locale for various Apps Delegate Sent Items placed into external Tenant Overview of Microsoft Support cases When centralized mail sends via O365 Cleaning up your Windows DNS server Set OneDrive for Business Locale O365 Migration Tips Reporting on successful Azure logons IIS Mapi Queue full with NetScaler Secure Office365 reports with a certificate Using Graph to send emails with inline images Visualizing Graph data with Google Charts Keeping a log of NetScaler AlwaysON connections \| About \| Links

Installing Exchange 2016 in Azure Landing Zone 15-Jun-24 While I have yet to remove all the relayed emails via my on-prem Exchange 2016 servers, I decided it was to start planning for the scenario 2 decommissioning of Exchange. Originally I was going to install Exchange 2019, but there were a few reasons not to: With Exchange 2019 you need a minimum of 64GB RAM for even just the transport role. Azure hosting is very expensive past 16GB. While it was originally planned just to turn off the server, the customer had a requirement to restore backups from tape up until Exchange 2016/19 goes end-of-life in October 2025. The restore server Exchange version must match the version of the backup. So this only left Exchange 2016 as an option, this also means Windows Server 2016 is also the only option for OS. For now, until October 2025, I will keep the server off except for monthly updates and any restore requests that come in. With the requirements decided it was time to install and configure Exchange, but when I went to install I came across a few problems: Issue 1: my manager is trying to restrict access from the Landing Zone to LAN as much as possible but with Exchange you need to have unrestricted access to other Exchange servers and Domain Controllers no matter what AD site they reside in. It took a bit of convincing just to get the rule to allow unrestricted access to other Exchange servers. When I went to install Exchange I got an error at the Mailbox Transport section. Once this happened I got the firewall admin to change the rule to include Domain Controllers, but still, I got the same error when resuming the install, even a reboot wouldn't help. Topology Provider coundn't find the Microsoft Exchange Active Directory Topology service on end point 'TopologyClientTcpEndpoint (localhost)'. After researching I found the best option was to uninstall what was there via the command prompt, then install again via command prompt. This worked for the most part until I ran into issue 2. [Elevated Command Prompt] ========================= # Uninstall Setup.exe /mode:Uninstall /IAcceptExchangeServerLicenseTerms_DiagnosticDataOFF (reboot server) # Install Setup.exe /mode:Install /Roles:Mailbox /IAcceptExchangeServerLicenseTerms_DiagnosticDataOFF Issue 2: the server requirements for an Exchange 2016 with Mailbox role calls for a minimum 8GB of RAM. To cut down on running costs we went for an image with 8GB, but I found out on the install that the server had reached a critical lack of memory just as Exchange was on the finishing up part. After a reboot there were still issues with memory so I asked the Azure admin to change the image to a 16GB version. ↑ Exchange 2016 doesn't really work with 8GB of memory. Issue 3: Other Firewall Rules As explained in Issue 1, we need the Exchange server to be able to talk to all other Exchange servers and Domain Controllers, no matter what AD Site they are in. But what about the Exchange Management Tools, what ports do they need? Management Server to Exchange: Port 80 - PowerShell Port 445 - SMB so I can check on the server health Management Server to Domain Controller: Domain Controller Port 9389 - you will want to make Exchange changes to the local DC Ref - https://www.alitajran.com/an-incomplete-installation-was-detected-when-uninstalling-exchange/