Backtrack:  
 
showing posts tagged with 'exchange'
 
edited by on March 17th 2020, at 09:26
If you wish to use TLS, or are using TLS authentication in a Office 365 Hybrid environment, and have manually changed or renewed the SSL certificate, you may still get errors about unable to initiate the TLS session (STARTTLS), even though the SSL certificate has been correctly renewed. Just setting the SSL certificate to be used with SMTP is not enough to make TLS work correctly. You also need to (re-)configure the TLS certificate name on your send and receive connectors.

As stated by the manual:

TlsCertificateName
The TlsCertificateName parameter specifies the X.509 certificate to use with TLS sessions and secure mail. Valid input for this parameter is [I]Issuer[S]Subject. The Issuer val  ...
edited by on July 10th 2018, at 14:46
A few steps to enable management of your Office 365 subscription using Powershell. One uses Powershell because not all configuration is available through the Office 365 Portal, and it's also useful for automation.

Note that the old method of installing the Azure Active Directory Module is deprecated. The only supported way is to install the cmdlets directly through Powershell, as described below.

UPDATE (2018-07-09): removed all deprecated information.

UPDATE (2016-04-20): updated links and information.

Download and install the Microsoft Online Services Sign-In Assistant.

Download and install Windows Management Framework 5.1.

Open an elevated Powershell, and run the following comma  ...
edited by on July 9th 2018, at 14:30
You can manage Exchange Online through Powershell in a similar fashion as you would an on-premise Exchange. There are some differences between available cmdlets and what they do between on-premise Exchange and Exchange Online, but the majority are the same.

Using multi-factor authentication
The method mentioned below is deprecated and only works for non-MFA usage. If you are using multi-factor authentication, you will have to use the Exchange Online Remote PowerShell Module to connect to Exchange Online. Instructions can be found in this article.

Using PS remoting, the cmdlets for Exchange Online are imported through the internet, so first, you need to change the Powershell execution polic  ...
edited by on February 23rd 2018, at 11:19
When opening the EMC or EMS on an Exchange 2010 server, you may encounter this error:

Error
The attempt to connect to http://server.domain.local/Powershell user 'Kerberos' authentication failed: Connecting to remote server failed with the following error message: The WS-Management service cannot process the request. The system load quota of 1000 requests per 2 seconds has been exceeded. Send future requests at a slower rate or raise the quota for this user. The next request from this user will not be approved for at least X milliseconds.

To workaround the issue, perform a restart of IIS: open an elevated command prompt and run:

iisreset /restart

After the restart, you will be able to log  ...
edited by on January 15th 2018, at 14:12
In environments which have migrated from Exchange 2010 to 2013 (or later), and where public folders have been decommissioned, you may encounter the following events in the Application event log:

MSExchange ADAccess, Event ID: 2937
Process MSExchangeTransport.exe (PID=9356). Object [CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=contoso,DC=com]. Property [RemotePublicFolderMailboxes] is set to value [contoso.com/Deleted Objects/PublicFolderMailboxDEL:d980f9a4-2014-4165-aad0-7ab91b35ef01], it is pointing to the Deleted Objects container in Active Directory. This property should be fixed as soon as possible.

With the removal of the public folders database, not all objects re  ...
edited by on September 15th 2017, at 14:25
On October 31 2017, RPC over HTTP will be deprecated in Office 365, as stated here. This means that older Outlook versions (those that use RPC over HTTP) will no longer be able to connect to Office 365. The reason for this is that RPC over HTTP will be replaced in favor of the much newer MAPI over HTTP.

This switchover has an impact on all (older) Outlook versions that do not have the required update (incorporating MAPI over HTTP) functionality installed. Only Outlook versions that get this update will be able to connect to Office 365, resulting in the following changes:

Outlook 2007: no longer supported (there is no update).

Outlook 2010: only supported with SP2 and KB 2878264 installed   ...
edited by on September 12th 2017, at 10:31

One of the most common Exchange admin tasks is setting mailbox delegations. Personally, I usually do this through EAC but once you're familiar with the Powershell counterparts, it can be quicker to use that instead. I've created this post as a reference to do just that.

In the reference below, the user "Ellen Somebody" requires access to the mailbox of "John Doe".

Send on Behalf

Set-Mailbox john.doe -GrantSendOnBehalfTo ellen.somebody

Send As

Add-ADPermission john.doe -ExtendedRights Send-As -user ellen.somebody

Full Access

Add-MailboxPermission -Identity john.doe -User ellen.somebody -AccessRights FullAccess -InheritanceType All
edited by on June 14th 2017, at 14:25
By default, when the Private computer checkbox is visible, it is checked by default, meaning that OWA will store some things in your browser by default. Sometimes, this may not be desirable, and you may prefer the checkbox is unchecked by default so as to prevent this. There is no setting to change this default, but there's a workaround, allowing you to obtain the same result. The only downside of this workaround is that it needs to be done anew after each update of Exchange.

To show the Private Computer checkbox in the first place, read this article about enabling the option.

To apply the workaround, you need to manually edit the logon.aspx page so it does not check the checkbox by defaul  ...
edited by on June 14th 2017, at 14:22
Exchange OWA stores data offline in your browser for a better user experience and performance. In older releases of Exchange, this behaviour could be turned off at the logon page by unchecking a checkbox, but since Exchange 2013, this checkbox is no longer visible on the logon page. But, this option can be turned on again by changing a configuration option of OWA in Exchange.



The option can be enabled through EMS on the CAS server. If you have more than one CAS server, this needs to be done on all of them.

Get-OwaVirtualDirectory | Set-OwaVirtualDirectory -LogonPagePublicPrivateSelectionEnabled $true

After the change, don't forget to reload IIS:

iisreset /noforce

Optionally, you can a  ...
edited by on January 23rd 2017, at 11:03
In a hybrid Exchange environment, you may get an error when attempting to log in to Office 365 when performing a management task involving Office 365. When clicking the "Sign in to Office 365" link, the following error is displayed:

critical error
The web page isn't loading correctly. Please reload the page by refreshing your browser.

Technical information: Unable to set the property "mkt" of a null reference or undefined

Not really a solution, but you can work around the issue by performing these steps:

In EAC, navigate to Hybrid.

Click Modify.

Click Sign in to Office 365, type in your Office 365 username and password.

Once logged in, click on the Enterprise tab and try per  ...
edited by on January 23rd 2017, at 10:17

If you have the Exchange Management Tools installed, you can easily import the Exchange module into a standard Powershell by running the Add-PSSnapin cmdlet.

Depending on the Exchange version, the module to add is slightly different:

Exchange 2007Microsoft.Exchange.Management.PowerShell.Admin
Exchange 2010Microsoft.Exchange.Management.PowerShell.E2010
Exchange 2013Microsoft.Exchange.Management.PowerShell.SnapIn

If you're not sure about the version, you can also use wildcard characters:

Add-PSSnapin *Exchange*

If you don't want to install the management tools, you can also use PS remoting to remotely access the management shell from a standard Powershell.

edited by on November 18th 2016, at 14:44

When running Get-ReceiveConnector, the contents of the RemoteIPRanges field may be truncated if there are a lot of entries. You can "expand" the list:

Get-ReceiveConnector MyConnector | Select -expand RemoteIPRanges | FT

This will expand each of the IP range objects and FT makes sure it's nicely formatted in a table. For single addresses, you only need the LowerBound column, but if ranges have been specified, you probably want both columns.

edited by on August 10th 2016, at 15:31
It may not seem evident to find out which mailboxes are accessible by a particular user or group. Through EAC, there is no apparent way to do this, as giving access for a user to a (shared) mailbox can only be done through the shared mailbox and then providing the user/group access. There is no way to query a particular user/group and show a list of mailboxes that user/group has access to. Fortunately, it seems that Powershell (EMS) does provide an easier answer.

These cmdlets work in both Office365 and on-premise Exchange 2007 or newer.

List mailboxes to which a user/group has access to:

Get-Mailbox | Get-MailboxPermission -User user1

Although the cmdlet states a user name, replacing th  ...
edited by on June 30th 2016, at 13:11
When you migrated your mail from an on-premise Exchange to Office 365, and you did not (yet) uninstall Exchange and/or clean up AD, Outlook will still try to configure itself to connect to the on-premise Exchange when adding a new account, even though Autodiscover has been configured correctly (autodiscover.domain.tld pointing to autodiscover.outlook.com).

The reason for this is in the way how Outlook performs its autodiscovery attempts. The first step in the discovery process is trying to configure the account using Service Connection Point (SCP), which is defined in AD (or in rare cases, in the registry of the computer). As the SCP is still configured in AD/registry, Outlook will use thos  ...
edited by on June 21st 2016, at 15:31
Even when using Exchange SSL certificates that are signed by an internal CA, you will still occasionally have to renew them. Using EAC (https://your-exchange-server/ecp), this should be pretty straightforward, or is it?

After logging on to EAC, and navigating to "Servers" → "Certificates", select the expired certificate, then on the right pane, you can click "Renew" to generate a certificate signing request with all the proper SANs. This CSR can then be used with your internal CA to sign the request and generate a new certificate.

Unfortunately, you will most likely hit a snare: the CSR generated by the Exchange server does not contain any certificate tem  ...
edited by on May 25th 2016, at 15:59

You can quickly check which mailbox has e-mail forwarding settings enabled through the EMS:

Get-Mailbox -Filter {ForwardingAddress -ne $null} | FT Name,ForwardingAddress,DeliverToMailboxAndForward -Autosize

You can use the cmdlet above and process its output or export it to a CSV (using Export-CSV).

edited by on October 29th 2015, at 13:07

You can easily get the Exchange version for all Exchange servers in your domain with this one-liner. Run it from an Exchange Management Shell.

Get-ExchangeServer | Select Name,AdminDisplayVersion,Edition,ServerRole

The following information is displayed:

Name : the server name
AdminDisplayVersion :
the version and build of the server
You can cross-reference this with the Exchange version matrix to find out which updates are installed.
Edition : can be Standard or Enterprise
ServerRole : the roles on the server specified by Name
edited by on October 29th 2015, at 13:05

These version matrix pages (from Microsoft) contain the build numbers (how to check?) of Exchange, matched against their update "names" (RU, CU numbers), their release dates, and a link to the KB containing the update download:

edited by on October 13th 2015, at 14:46

DigiCert has a very handy tool to automatically change the internal and external URLs of an Exchange CAS server:

https://www.digicert.com/internal-domain-name-tool.htm

edited by on September 17th 2015, at 16:40
Sometimes, it may be handy to know how many CALs in Exchange are now actually in use. In Exchange 2010 and 2013, this can be done very easily.

There are two types of Exchange CALs: Standard and Enterprise. For the majority, the CALs provide the same feature, accept for Enterprise, which has the following additional features:

Mailbox archiving

Per-mailbox journaling

Unified Messaging

If a mailbox uses any of these "enterprise" features, then it is treated as an Enterprise CAL. If not, it is a Standard CAL.

License compliancy
This process "calculates" the current required CALs, not the CALs you have purchased. It's up to you to determine whether you are compliant.

In  ...
 
showing posts tagged with 'exchange'