Microsoft Exchange and Remote Desktop Services Specialists


Microsoft Exchange Server and
Blackberry Enterprise Server news, views and fixes.

Exchange 2016 DAG - Move Active Database Failed

Spent most of the week dealing with a flapping DAG database - flipping between two servers, which turned out to be a bad network cable.


Anyway, while trying to get the databases to activate correctly during troubleshooting I hit this lovely error (real server name/database changed).


Error: Mailbox Database 1

An Active Manager operation failed. Error: The database action failed. Error: Move for database 'Mailbox Database 1’ was suppressed because too many moves have happened recently. 3 moves have happened within 01:00:00. [Database: 'Mailbox Database 1', Server:]


Basically tried to activate a database three times in a hour and Exchange stops it from happening again.


Off to PowerShell and skip the checks:


Move-ActiveMailboxDatabase -Identity "Mailbox Database 1" -SkipMoveSuppressionChecks -ActivateOnServer


Greylisting and Honeypot IP Whitelists - Vamsoft ORF

Many years ago I wrote about how I was getting good results with the anti-spam technique greylisting. It is still a technique I use with many clients. 

However with the increasing use of cloud based services, I have found that greylisting can delay legitimate traffic, because the email can be delivered from different IP addresses on each attempt. 
While Vamsoft does have an option to Accept delivery retries from the same 24 subnet, this is not always effective because the large providers have bigger IP address pools. 

Therefore I have started whitelisting the major providers within the Vamsoft product. 

Another feature I use with Vamsoft is their Honeypot function - the same lists for greylisting I am using with this feature as well - as a single bad address will cause a lot of senders to get blocked. 

Getting the Lists of IP Addresses

The first thing to do is get the IP addresses. I am putting in Office365, Google Apps, Mimecast and Amazon SES. If you have senders on other cloud providers then you should add those addresses as well. 

For Office365 and Mimecast, the list of IP addresses is on their web site. 

Google Apps

For Google apps, you need to do an NSLOOKUP to get the current list. 
First query their SPF record:
nslookup -q=TXT

Then query each result, which at the time of writing was this:

nslookup -q=TXT
nslookup -q=TXT
nslookup -q=TXT

Although at the time of writing, Netbblocks 2 is ipV6, which you may not need. 

Amazon SES: 
Similar to Google, query their DNS records:
nslookup -type=TXT | find "v=spf1"

Entering the Lists in to Vamsoft

Once you have the lists, you are ready to put them in to Vamsoft. The GUI I find is a little cumbersome for this task, and if you have lots of servers will take a long time. Therefore modify the configuration file instead. 

First, check whether you have any IP addresses in the white list - Blacklists --> Greylisting --> IP Exceptions. If you don't, add one, as this will create the relevant part of the configuration file and the format. 

Next, option an elevated command prompt and enter this:

notepad "c:\Program Files (x86)\ORF Fusion\orfent.ini"

Then look for the section 


The following the format, add the IP addresses like this:


The number at the start has to be unique. I usually start at 101 as it will ensure it doesn't conflict with any existing entries - usually creating it in a separate Notepad file and then copying the result in to the configuration file. 

Save the configuration file and close it. Finally start the Vamsoft Administration tool and check the list has your addresses in it. If it does, save the file, which will sort out the numbering for you correctly. For the Honeypot feature, repeat above, but instead put the same list of IP addresses in to the section headed

Check the lists regularly - as the providers will add additional IP addresses and you need to update them.