Error “Passive copy of Mailbox Database is not in a good state. Status: FailedAndSuspended”

Recently it was noticed that an active mailbox database copy got failed over and was in a “Failed and Suspended” status.


Upon analyzing the event viewer, the following alerts were noticed:




The first thing you can do is to right click on the problematic database and select Resume Mailbox Database Copy


The database will start re-synchronizing and will become healthy. If still issue persists, you can right click the database and select Update Mailbox Database Copy option.


You can also use Exchange shell to troubleshoot these issues.

When further analysis was performed, we noticed that the issue occurred due to the storage drive issues which was later resolved.


Reference :


Configure RpcClientAccessServer Attribute on Mailbox Database

Recently, my team was notified on an issue happening to outlook clients. Outlook was not able to launch for all users in a particular site. The outlook connection status indicated that it is trying to connect to the F5 load balancer/CAS array, but immediately drops the connection.


We suspected an issue at the load balancer end and hence planned to bypass the load balancer and directly connect to the CAS server instead.

We tried to manually configure outlook for a test mailbox with the fqdn of the CAS server, but the profile configuration was not successful. DAG was configured and the mailbox database in which the mailbox resided had a copy on another Mailbox server. I tried to activate the passive copy and the observed the status, but the issue persisted.

It was then noticed that the RpcClientAccessServer attribute for the mailbox database was configured to point to the fqdn of the cas array, which was expected. In order for outlook to bypass the cas array and directly connect to the CAS server this attribute value should be changed and made to point to the CAS server.

Following cmdlets were used for this :

First to view the current configuration, the below command was executed in Exchange shell :-

Get-MailboxDatabase -identity MailboxDatabase | select rpcclientaccessserver

Now to modify th attribute to point to CAS server,

Set-MailboxDatabase -identity MailboxDatabase -RpcClientAccessServer ‘CASServerFQDN’

Once this change was performed, outlook connected directly to CAS and the connection was established. Later it was identified that there were some network/port issues which prevented the connection. The above change was then reverted and the RpcClientAccessServer attribute was pointed to CAS array.

Updating a Dynamic Distribution List

A Dynamic Distribution Group is little bit different from a normal distribution group. The membership of a dynamic distribution group depends on the filters or conditions supplied to it whereas, a normal distribution group membership is calculated by the users added to the particular group. Also, you will not be able to expand a DDL like you can do on a normal distribution group.

This post discusses the steps to modify the filter for a particular DDL to include a new department or role. Once the new filter is applied, all the members matching the filter gets added to the DDL. This has to be done from Exchange Management Shell.

The below fig shows a DDL with the filter details :


You can use the below command to view the currently configured recipient filter :

Get-DynamicDistributionGroup “test” | fl recipientfilter


Now in order to modify the recipient filter, use the following cmdlet:

Get-DynamicDistributionGroup “test” | Set-DynamicDistributionGroup -recipientfilter {}

The modified recipient filter should be mentioned in between the brackets {} as shown above. The change will be applied shortly and if you click the Preview button in the filter tab, you can find the newly added members based on the new filter.

Reference :

User unable to reset password from Exchange 2010 OWA

Users may face error when trying to reset their mailbox password from OWA. The error reported will be “The password you entered doesn’t meet the minimum security requirements“, even-though you have used a complex password.


This can be resolved by making a small modification in your Domain Controller’s Default Domain Policy. By default, the ‘Minimum Password Age‘ policy will be set for 1 days. This should be changed to 0 days instead. Minimum password age actually determines the period of time (in days) that a password must be used before the user can change it.

Steps are:-

  1. Launch Group Policy Management [gpmc.msc]
  2. Select the Default Domain Policy and edit the same to obtain the Group Policy Management Editor
  3. Navigate to Computer Configuration -> Policies -> Windows Settings ->  Security Settings -> Account Policy -> Password Policy -> Minimum password age


  1. Change the number of days to 0 and save the settings
  2. Update the group policy

Now check and confirm from OWA that the password reset is successful.