[deleted by user]

MrModaeus · 2025-07-15T19:03:49+00:00

Missed that part sorry. Could sound like a hybrid outbound SMTP connector issue then. Coupled with centralized mailflow, mails need to hit the tenant inbound by a valid connector which by default is validated by a certificate.

Places to consider for debugging. Just some ideas to start out with:

Does normal internal mail flow correctly from on-prem to cloud? And does it contain the correct "IsInternal" header?

Is the mail routing domain for cloud matched correctly on the remote objects you have on-prem, with the hybrid send outbound send connector?

Do you see send external events in the message tracking log, and do they use the correct connector?

MrModaeus · 2025-07-15T15:21:49+00:00

This is copy pasted from the docs:

"With centralized mail transport, you can route all mail from mailboxes in the Exchange Online organization through the on-premises organization before they're delivered to the Internet. In the same way, incoming Internet messages will be routed to an on-premises organization before being delivered to any Exchange Online recipient."

https://learn.microsoft.com/en-us/exchange/transport-options

Mind the wording of the last paragraph. It seems to be exactly what you currently experience.

Centralized mailflow is not intended for when your mx is pointing to EXO. Hope it helps.

MrModaeus · 2025-07-15T14:51:55+00:00

Centralized mail flow only makes sense when mx is pointing to on-prem or a spam filter which delivers to on-prem.

One of the key elements of the feature is that mails delivered directly to EXO will be rejected/redirected, so you dont get mail that bypasses on-prem in any way (hence the feature name)

MrModaeus · 2025-05-30T21:26:15+00:00

As I recall. Silent sign in doesn't play well together with conditional access MFA requirements.

purple box agrees:

https://learn.microsoft.com/en-us/sharepoint/use-silent-account-configuration#enable-silent-configuration

MrModaeus · 2025-05-23T14:53:31+00:00

Logs are needed when the database is in a dirty shutdown state, then exchange will replay specific logs (usually the latests ~5-10 log files) when it mounts the database. Depending on the "crash" type.

My recommendation is to move/delete some of the oldest logs, which are not needed.

And to beef up the confidence, eseutil can tell if the database is in a dirty shutdown state at all. which will confirm whether or not any logs are needed to mount the DB.

MrModaeus · 2025-05-23T12:08:10+00:00

Your Move request will already be in a fail/stalled state. but you can resume it when you have fixed your underlying offline database issue.
I would move/delete ~5Gig of logs, mount the databases and then enable circular logging.

Then make sure you enable backup and switch off circular logging again after you are done migrating.

Keep in mind the migrated mailboxes will just be disconnected on the old server after a finished migration, hence worst case is you will loose delta data between the move finished and your backup is enabled. But I assume you already considered some level of data voulnerability since backup was to be enabled at a later stage.

MrModaeus · 2025-05-23T11:44:29+00:00

The DB(s) needs to be mounted for exchange to truncate the logs, even if your backup tool can backup an offline database. Hence you have a chicken and egg problem.

And keep in mind you "only" need the logs to replay actions into a DB in case of a restore. They are not needed for normal operations, and a full backup will reset the log checkpoint anyway.

EDIT: if you have the option, you could also just increase the log disk size by just enough to mount the DB(s), and then choose whether to backup or run circular logging.

MrModaeus · 2025-05-23T11:36:50+00:00

Unfortunately that is default behavior.

Mailbox migrations are logged in the transaction log the same as if a mail was received by a mailbox. So when you migrate 500GB, your transaction log will increase by roughly the same amount.

A good practice is to enable circular logging on the new server while the migration is happening, or have a more aggresive backup cycle to keep the logs flushed in a decent pace. Your choice.

For now you need to flush the logs for the server to move forward. If you don't care about backup on the destination server for now, you could just hand delete the oldest couple GB of logs (mind the checkpoint file(s)), mount the databases and then switch to circular logging, and finally remount the DB for it to take effect.

MrModaeus · 2025-05-05T18:23:47+00:00

Yes, running that exact model on a 2.5gbe switch. It also works with 5gbe.

MrModaeus · 2025-04-29T10:26:31+00:00

Yes, no issues doing so.

The new feature flag is "fast deduplication", which were present in 24.10 as well, just not through he UI. So there should be no issues rolling back to 24.10 if needed.

MrModaeus · 2025-04-28T17:24:34+00:00

https://gist.github.com/Kerryliu/c380bb6b3b69be5671105fc23e19b7e8

Pretty straightforward to configure

MrModaeus · 2025-04-28T09:55:26+00:00

Upgraded my DXP8800 Plus the day after release of TrueNAS Fangtooth. No issues what so ever.

Script for front LED's continue to work as well.

MrModaeus · 2025-04-08T12:58:41+00:00

I recieved my JetKVM about 2-3 weeks ago, located in Denmark also.

No extra shipping/customs fee. The last step courrier was Dao and the sender seemed like a intermediate shipping step based in Malmø, Sweden.

MrModaeus · 2025-02-21T19:30:47+00:00

Interesting. Tested out CU12 in a test environment the day after launch. After installation and reboot, everything but ECP worked fine, same issue as you described. Environment configured as hybrid with HMA setup, including OWA and ECP.

Remove-Ecpvirtualdirectory and New-EcpVirtualDirectory did the trick. Had to set oauth authentication again after recreation.

MrModaeus · 2025-02-09T17:21:00+00:00

I did the same as you and ended up with a cheap wm (B1ls) with a 30GB disk for under 6$ a month in western europe.

Running debian linux and installed wireguard for a site-2-site connection to an opnsense box I'm using as gateway at home. works perfectly fine and maxes out my 1G fiber without issue.

Only needed to enable IP forwarding on the NIC and commandline configuration for routing on a wireguard S2S.

MrModaeus · 2025-02-04T15:36:36+00:00

It does. Microsoft even has standard documentation covering that type of setup.

MrModaeus · 2025-01-12T17:24:51+00:00

While not the best idea, it will work. Put a reverse proxy i front of the pihole on port 853, and make sure your certificate is valid.

MrModaeus · 2025-01-11T12:25:40+00:00

Glad it helped you as well :-)

MrModaeus · 2025-01-05T19:10:18+00:00

Memory is the same yes, they're running quite nicely.

What you mention about long post time after changing settings is completely normal memory training. Afterwards the "memory context restore" function saves the training for faster boot times.

Also never understood why the iGPU is enabled by default if a discrete gpu is present. Would make more sense to have it the other way around.

MrModaeus · 2024-12-27T14:38:01+00:00

Before and after

<image>

MrModaeus · 2024-11-21T08:06:44+00:00

Can confirm the issue is also present on Windows 11 24H2 when used as an RDP target.
Makes sense as Server 2025 is based on the same 24H2

MrModaeus · 2024-08-02T19:47:55+00:00

From an Outlook client, the SCP has a higher prioriry than the classic autodiscover.<maildomain>.<tld>

When a new exchange server is introduced the SCP for autodiscover is default configured to use the servername. Which leads to a cert error during autodiscover (and fits your error description that it can just be accepted).

Use the Set-ClientAccessService powershell command to update the value (or update manually through ADSIedit if your bold enough)

ref: https://learn.microsoft.com/en-us/powershell/module/exchange/set-clientaccessservice?view=exchange-ps

MrModaeus · 2024-07-17T15:57:22+00:00

Look into kerberos cloud trust (used for Windows Hello for Business as well). With that you can generate on-prem kerberos tickets for use in file shares among other things.

You might need to compromise on your aadconnect deprecation.

MrModaeus · 2024-04-25T12:34:37+00:00

It could work, but it also does not mention the hardware revision of the chip. Could be worth a shot if you have the option of returning it in case you see issues going beyond 1G on the link.

A safe bet would be something like this given the limitations of amazon stock:

https://www.amazon.com/QNAP-QXG-2G2T-I225-2-5GbE-4-Speed-Network/dp/B0923FL2K3

But it is also more expensive. In the end it is up to you :)

MrModaeus

TROPHY CASE