Archive for the ‘Exchange’ Category
Maybe it’s a illusion but if every one use a mail SPF DNS record and everyone will bounce or filter domains without a SPF the internet is spam free 
Microsoft has a nice wizard to create a SPF for your own domain: http://www.microsoft.com/mscorp/safety/content/technologies/senderid/wizard/
Error:
Microsoft Exchange could not find a certificate that contains the domain name exchange.global-e.nl in the personal store on the local computer. Therefore, it is unable to support the STARTTLS SMTP verb for the connector Outbound Ex 2010 with a FQDN parameter of exchange.global-e.nl. If the connector’s FQDN is not specified, the computer’s FQDN is used. Verify the connector configuration and the installed certificates to make sure that there is a certificate with a domain name for that FQDN. If this certificate exists, run Enable-ExchangeCertificate -Services SMTP to make sure that the Microsoft Exchange Transport service has access to the certificate key.
Cause:
Problem is that you have configured a wrong (not matching) SSL certificate on your send/recieve connector.
Fix:
- Start the Exchange Powershell
- Get-ExchangeCertificate
- Copy the good thumbprint
- Enable-ExchangeCertificate -Services SMTP
- Paste the good thumbprint
More information:
http://blog.ronnypot.nl/?p=271
http://smtpport25.wordpress.com/2009/03/19/renewing-the-certificate-in-client-access-servers/
I had to renew an expired self signed SSL certificate that i have on Exchange 2007 box today, and found the SSL clone trick interesting and did the job for me. So here’s the howto:
Using the Exchange Management Shell run the following commands:
Get-ExchangeCertificate -DomainName server.yourdomain.com (copy the thumbprint of the expired SSL)
Get-ExchangeCertificate -Thumbprint <old thumbprint> | New-ExchangeCertificateNow you can go to IIS and select your new created SSL certificate (this SSL have the same name as the old SSL one)
You might need to reboot IIS or any other service you enabled this SSL for.
After you successfully installed a web or wildcard SSL certificate you must follow some extra steps.
- First download this zip with 2 SSL certificates
- Extract the zip e.g. C:\install\ssl
- Start > run > mmc > file> add/remove snap in > certificates > local computer >computer account > Intermediate Certification Authorities > right click certificates > import
Then disable the old certificate
- Expand Trusted Root Certification Authorities > certificates
- Locate this certificate:
Common Name – thawte Primary Root CA
Expiry Date – 17th July 2036
Thumbprint – 91 c6 d6 ee 3e 8a c8 63 84 e5 48 c2 99 29 5c 75 6c 81 7b 81
- disable it completely
When the SSL not exist, please follow this steps:
- Download this zip
- Install it here: Trusted Root Certification Authorities > certificates
- Disable the certificate
I used this website as source: http://www.ripley.za.net/howto/it_howto/ssl-web-server-or-wildcard-certificate-issued-after-june-26-2010-not-trusted-after-installation-on-microsoft-iis/
If you have some trouble with Out-of-Office / Autodiscover Exchange try the following to fix the problems:
Remove Autodiscover and EWS virtual directories from the default website with the following commands
Remove-WebServicesVirtualDirectory
Remove-AutodiscoverVirtualDirectory
If you can’t remove them because of some error use the metebase explorer (google) and follow these steps:
1. Install it on your Exchange Server
2. Run it as Administrator
3. Browse to Wssv –> 1 –> Root –> Autodiscover
4. Dont delete it first, rename it to whatever…
5. Check Metabase Explorer and IIS Management to make sure your new Autodiscover Application is listed.
6. Delete old renamed directory in Metabase explorer…
Create the EWS and Autodiscover again
New-WebServicesVirtualDirectory -WebsiteName “Default Web Site” -Internalurl “https://server.domain.local/EWS/Exchange.asmx” -ExternalUrl “https://server.domain.local/EWS/Exchange.asmx”
New-AutoDiscoverVirtualDirectory -websitename “Default Web Site” -WindowsAuthentication $true -DigestAuthentication $false -Internalurl “https://server.domain.local/EWS/Exchange.asmx” -ExternalUrl “https://server.domain.local/EWS/Exchange.asmx“
Give an IIS reset.
Check with these commands if the EWS and Autodiscover works:
1. Past the internal URL in your browser. A certificate error may occur, and there must be come a login windows. After you login with some authenticated user you must see a XML file.
2. Try the following CMDlets for more information. Esspecialy the output from Test-Outlookwebservices is very important .
Test-OutlookWebServices |fl
Get-webservicesvirtualdirectory |fl
3. Start Outlook as Exchange user, press down crtl, click with the right mouse button on the Outlook icon and click on test automatic email configuration.
If you get an error 500, error 1013 or some web application error check the IIS authentication rights:
Remove a public folder database
Remove-PublicFolderDatabase -Identity "\\ "
Change the Default Public Folder Database for a Mailbox Database
Set-MailboxDatabase -Identity "Mailbox Database" -PublicFolderDatabase "PublicFolderDB1"
Move all public folder replica’s
MoveAllReplicas.ps1 –Server Server1 –NewServer Server2
Set Postmaster Address
Set-TransportServer -ExternalPostmasterAddress
Upgrade Email Address Policy
Set-EmailAddressPolicy "Default Policy" -IncludedRecipients AllRecipients
View Public Folder Client Permissions
Get-PublicFolderClientPermission -Identity "\Marketing" | fl
Change Autodisover website settings
Set-AutodiscoverVirtualDirectory "servername\Autodiscover (Default Web Site)" -InternalUrl
http://server.domain.com -ExternalUrl https://autodiscover.mydomain.com
Create a new certificate
New-ExchangeCertificate -DomainName "external.maildomain.com"
Enable certificate
Enable-ExchangeCertificate "the number you get from the certificates once it
is generated" with out the quotes
Give a user access to a Top Public Folder and all sub folders
AddUsersToPFRecursive.ps1 -TopPublicFolder "\Sales" -User "David" -Permission Reviewer
Give a user access to a Public Folder
Add-PublicFolderClientPermission -Identity "\Marketing\West Coast" -AccessRights PublishingEditor -User Kim
Replace the permissions of a user with new permissions
ReplaceUserPermissionOnPFRecursive.ps1 -Server "SERVER01" -TopPublicFolder "\Marketing" -User "Kim" -Permissions PublishingEditor
Replace the permissions of a user with new a new user on all sub folders
ReplaceUserWithUserOnPFRecursive.ps1 -TopPublicFolder "\Sales" -UserOld "David" -UserNew "Kim"
Remove the permissions of a user on a folder and all sub folders
RemoveUserFromPFRecursive.ps1 -Server "SERVER01" -TopPublicFolder -"\Sales\Oregon" -User "David"
Remove the permissions of a user from a Public Folder
Remove-PublicFolderClientPermission -Identity "Sales\West Coast\Oregon" -User David -AccessRights CreateItems
Mail enable Public Folder
Enable-MailPublicFolder -Identity "\My Public Folder"
Force Edge server synchronisation
Run the following command on the Transport server
Start-EdgeSynchronization
Remove forwarding address with PowerShell – All users
Get-Mailbox | Where {$_.ForwardingAddress -ne $null} | Set-Mailbox -ForwardingAddress $null -DeliverToMailboxAndForward $false
Set Mailforwarder on a mailbox
Set-Mailbox -Identity John -DeliverToMailboxAndForward $true -ForwardingAddress jose@contoso.com This e-mail address is being protected from spambots. You need JavaScript enabled to view it
Copy CodeError Message: “Mapi session “/o=Organization/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=JohnSmith” exceeded the maximum of 32 objects of type “session””.
Source: MSExchangeIS
Event ID: 9646
On the client side, the user is unable to connect to Microsoft Exchange or getting this error:
Unable to open your default e-mail folders. The Microsoft Exchange Server computer is not available. Either there are network problems or the Microsoft Exchange Server is down for maintenance.
This usually happens when the user loses network connectivity while Outlook is still open. The Exchange server wasn’t able to close the sessions properly so they just stayed there even when they are not in use.
By default, Exchange only allows up to 32 MAPI (Outlook) sessions per user. To fix this problem, you must close some of the sessions.
What to do:
- Download and extract Sysinternals’ TCPView (free) on the Exchange server
- Open the Exchange Management Shell and type in the following command to get a list of all the opened sessions. Make a note of the IP Addresses:
Get-LogonStatistics jsmith | Sort-Object clientipaddress | Format-Table username,clientipaddress,logontime
- Open Tcpview.exe on the server. Sort it by Remote Address, then sort it by Process.
- Look for the IP Addresses from Step 2 in the Remote Address column (if you only see hostnames, go to Options -> uncheck Resolve Addresses) and close their connections for the store.exe process (right-click and choose Close Connection, you can select multiple connections by holding the Shift or Ctrl key)
- Run the command from Step 2 again and you will see that the sessions disappeared. The user should now be able to connect to the Exchange server again.
For Autodiscover, you actually have two options.
1. Repeat the above process, with a new dedicated web site for autodiscover.
The command for a new Autodiscover virtual directory is
New-AutodiscoverVirtualDirectory -Websitename Autodiscover -BasicAuthentication:$true -WindowsAuthentication:$true
That web site can then get its own SSL certificate.
This could be useful if you use two different domains, one for email and one for external facing web services. Autodiscover uses the same domain as your email.
However if you have multiple domains for email, you will need to use the redirect method.
2. Add to the external web site and configure a redirect.
To add the Autodiscover virtual directory to the External web site created in above:
New-AutodiscoverVirtualDirectory -Websitename External -BasicAuthentication:$true -WindowsAuthentication:$true
The redirection configuration is very important to ensure that it works correctly. The redirection method requires port 80 (http) traffic to come in. For internal traffic that is fine, but for external traffic you may want to look at a way of configuring the redirection using a public web site.
At the time of writing, this is Microsoft’s article on redirection. It is covered under the section Hosted Environments and the Autodiscover Service, but would also be useful if you have more than one domain, or you use a different domain for email than you do for external facing web services.
With a good backup in hand and Exchange databases and logfiles on different hard drives, it is no problem to recover from an Exchange disaster.Just restore the data from backup and initiate a roll forward of the transaction logs. Well done, the Exchange information store goes online.
But what should you do when your backup isn’t readable or you don’t have a backup? Here’s how these tools come to play.
Before you start:
- Make sure that the databases are really not startable
- Check the Application log for Exchange events that can tell you the cause of the failure
- Make a backup of the database
- Restart the server so that a soft recovery can be done
ESEUTIL /P parameters
ESEUTIL /p repairs a corrupted or damaged database. Ensure that you have a minimum of 20% free disc capacity in association to the Exchange database size.
Figure 9: ESEUTIL repair modus
Example:
ESEUTIL /P „c:\program files\exchsrvr\mdbdata\priv1.edb“ /Se:\exchsrvr\mdbdata\priv1.stm /Te:\tempdb.edb
This command will repair the database PRIV1.EDB. If you have no .STM file, you can create one with ESEUTIL /CREATESTM. Read more about this here.
After running ESEUTIL, you can open a detailled logfile called >database<.integ.raw to see the results.
As a last Step run ISINTEG –fix -test alltests. You can read more about ISINTEG later in this article.
Note: Sometimes you must run the fix over and over again till it fix all problems. Its like a defrag of a harddrive
Source: http://www.msexchange.org/tutorials/Exchange-ISINTEG-ESEUTIL.html
