Friday, December 19, 2008
PowerShell Remove Email Addresses
$mailbox = Get-Mailbox mail.alias ; $mailbox.EmailAddresses -="email.alias@mydomain.com" ; $mailbox set-mailbox
Friday, September 19, 2008
Store.exe using excessive memory
There are many reasons why store.exe would use lots of memory. The strangest one i have found recently was failed backups.
After performing a backup of the mailbox databases the memory utilisation of store.exe dropped from 15.6Gb to 2.9Gb.

Thursday, July 24, 2008
Unified Messaging Language Packs

That's it, instant results.
Monday, June 9, 2008
Anonymous relay
1) Create the connector
In exchange management console. expand Server Configuration, click Hub Transport. On the right, select the hub transport server that will relay. In the Action pain, click "New Receive Connector". Give it a name, something intuitive preferable. "Anonymous Relay" is good one :) Click Next.
You can leave the next screen alone, unless you plan to use a different IP address for this relay.
Next you need to specify what IP addresses will be allowed to relay through this connector.
Select the default range listed and click Edit. If you are using a single IP address, enter the same address in the start address and end address.
 Click OK and then Next. Click New and then Finish to complete this process.
Click OK and then Next. Click New and then Finish to complete this process.2) The next step actually enables the anonymous relay.
Right-click the new receieve connector, and select properties. One the Authentication Tab remove all the existing ticks and place a tick in the "Externally Secured (for example IPsec)" box. On the Permission group Tab, select Anonymous and Exchange Servers only. Click OK.
Close the exchange management console and open the exchange management shell.
type in the following :
Get-ReceiveConnector "Receive Connector Name" | Add-ADPermission -User "NT AUTHORITY\ANONYMOUS LOGON" -ExtendedRights "Ms-Exch-SMTP-Accept-Any-Recipient"
That's it. The ip addresses you specified in the receive connector will be able to relay to any domain.
Saturday, May 17, 2008
Exchange 2003 and 2007 cannot exchange mail
To correct this, you will first of all need to enable the security tab in exchange 2003 system manager.
http://support.microsoft.com/default.aspx/kb/264733
1. Start Registry Editor (Regedt32.exe).
2. Locate the following key in the registry:
HKEY_CURRENT_USER\Software\Microsoft\Exchange\EXAdmin
3. On the Edit menu, click Add Value, and then add the following registry value:
Value Name: ShowSecurityPageData Type: REG_DWORDRadix: BinaryValue: 1
Once this is done, open Exchange System Manager, navigate to each server in turn and edit the properties. On the security tab, click advanced. Tick the "Allow inheritable permission from the parent ... " check box. Click OK twice.
Incidently, if you run the Best Practices Analyser that come with exchange 2007, and choose the 2007 readiness check, it will report this as a problem area if permission inheritance is not enabled.
Tuesday, April 29, 2008
Mail delivery limits and settings
The first settings we will look at, is the Size settings for inbound and outbound smtp traffic.
To see what your current configuration is, open Exchange Management Shell, and type
Get-TransportConfig or (get-tran tab tab tab
 These are the default settings. To configure Maximum outgoing message size, we use the -MaxSendSize switch. Microsoft has been kind enough to allow us to specify the units we are working with, ie: kb, mb, gb or tb. Kilobytes is assumed if no unit is specified. So we could change the outbound message size to a 10Mb limit by typing: Set-TransportConfig -MaxSendSize 10mb
These are the default settings. To configure Maximum outgoing message size, we use the -MaxSendSize switch. Microsoft has been kind enough to allow us to specify the units we are working with, ie: kb, mb, gb or tb. Kilobytes is assumed if no unit is specified. So we could change the outbound message size to a 10Mb limit by typing: Set-TransportConfig -MaxSendSize 10mbWe could then also specify maximum receiveable size at 10mb too.
Set-TransportConfig -MaxReceiveSize 10mb
now, if we Get-TransportConfig

Incidently, you can override these settings on a per-mailbox basis.
Get-Mailbox
Set-Mailbox
Many companies use external mail filtering solutions. This means that all inbound and outbound mail is passed through a smart host for processing and delivery. Exchange 2007 does not assume this to be the case straight off. In Exchange Management Console, We need to make a change to the maximum outbound connections per domain. To make this change, expand Server Configuration on the left, select the Hub Transport Server that is reponsible for delivering to the smart host. Click Properties in the Action Pain on the Right. Navigate to the limits tab.
At the bottom, there is the setting. Change the maximum outbound connections per domain to 1000. This will ensure Exchange is able to open as many threads to the smart host as possible.

Limits all set, your mail should be flying in and out.
Friday, April 25, 2008
RPC over https Part 2
The next step is to configure exchange virtual directories. This assumes that you are running all the roles on one server. So you've installed Client Access, Hub Transport and Mailbox Role to a single server.
Start by opening Exchange management shell.

Now we get started with some almost difficult command-line stuff. If you started out with ms-dos you should feel quite at home. First we need to set the web services virtual directory internal and external url's. Type Get-WebServicesVirtualDirectory and press enter.
(tip: if you type get-web and press Tab, it will auto-complete for you.)
Click the top-left corner of the shell box, hover your mouse over edit and click mark. Create a block by selecting all the text and then press enter. Open notepad and paste the text.
Create a block by selecting all the text and then press enter. Open notepad and paste the text.
Edit the Internalurl to reflect the common name you registered in the certificate. Select this url and click edit and then copy.
Go back to the shell. type: 
Set-ClientAccessServer -AutoDiscoverInternalUri 'https://thenameonyourcert/autodiscover/autodiscover.xml'
Set-WebServicesVirtualDirectory -InternalUrl 'https://thenameonyourcert/EWS/Exchange.asmx' -Identity 'servername\EWS (Default Web Site)'
Next we set the Outlook Address Book internal url:
Set-OabVirtualDirectory -InternalUrl 'http://thenameonyourcert/OAB'
Next we set the Outlook Web Access internal url:
Set-OabVirtualDirectory -InternalUrl 'http://thenameonyourcert/OAB'
and finally we set the autodiscover url:
Set-AutodiscoverVirtualDirectory -InternalUrl https://thenameonyourcert/Autodiscover/Autodiscover.xml -Identity 'servername\Autodiscover (Default Web Site)'
Ok, certificates all done. Now open Exchange Management Console. and enable Outlook anywhere. You will be prompted for the external address. You need to specify the name on your certificate.
You will be prompted for the external address. You need to specify the name on your certificate.
Once successfully installed. Your Outlook Anywhere or RPC over HTTPS is configured and ready to use.
Thursday, April 24, 2008
RPC over https Part 1
First install a Stand-Alone root certificate authority, that is, if you don't already have one in your organisation.
Go to Add/Remove Programs in Control Panel. Select "Add/Remove Windows Components".
Select Certificate Services, and click Details. Click in the Select box for Certificate Services CA, you will be shown a dialog box warning that you will not be able to change the name of the server once you install the certificate services. Click Yes and then OK. Click Next. Choose Stand-Alone Root CA and click next. Enter the name of your CA. You can call it whatever you like really. Click Next. Verify the path of the certificate database and log and click next.
You will get a dialog box warning that IIS will be stopped temporarily. Click Yes. Windows will then copy some files, so make sure you have you Windows Server 2003 Disk 1. You may be warned that ASP needs to be enabled on IIS, choose Yes. Click Finish when it's all done.
Next we can get CA Services to automatically issue the certificates on request. In administrative tools, Select Certificate Authority. Right-click "Certificate authority (local)" and click properties. On the Policy Module tab select Properties and choose "follow the settings in the certificate template, if applicable. Otherwise, automatically issue the certificate." and click ok. The certificate services will restart. Close the Certificate Authority.

Ok, CA installed. NExt step is to request a certificate.
Open Internet Information Services Manager from Administrative Tools. Expand your server name and websites. Right-click "Default Web Site" and click properties. On the Directory Security tab, click Server Certificate.

Click Next, select Remove the Current certificate and click next twice and then finish. Click Server Certificate again. Click next. Choose Create a new certificate and click next. Choose Prepare the request now, but send later. Click Next. Accept the Default name and bit length and click next. Enter you organisation information and click next. Now the next step is very very important. Here you enter the common name. This is the name you will enter into your browser to connect to you outlook web access. This name should be a public name. I'm using webmail.rndorg.net - If you get this wrong, your certificate will be useless and you will have to start again. So enter the name and click next. Choose your country, state/province and city/locality and click next. Accept the default name and path and click next twice and then finish.
Now we need to submit the request to the Root CA. To do this we go into internet explorer. and navigate to http://caservername/certsrv
Click Request a certificate. and then advanced certificate request. Choose the second option, "Submit a certificate request by using .... PKCS #7 file." You can either browse for the file to insert or open c:\certreq.txt in notepad, select the text, copy and paste it into the block provided. and then submit.
Go back into Certificate Authority from the Adminstrative tools menu. Expand root CA and then pending requests. Select the right-click the certificate on the right and click all tasks - and then issue. Close the CA. Go back into internet explorer and back to http://caservername/certsrv/
Click View the status of a pending certificate request. and then saved request (and the date).
Click download the certificate. select the same location as your certificate request.
Go back into IIS management. Right-click default web site and click properties. Select the Directory Security tab and then click server certificate. Click next. and then ensure process the pending request and install the certificate is selected and click next. click browse and locate the certnew.cer file you saved earlier. Click next and accept port 443, click next twice and then finish. Close IIS Management. Well done, you now have a web server certificate all installed and ready to go.
 
Tuesday, April 22, 2008
Domain Functional Level Error
 To fix this, open Active Directory Domains and Trusts, which is located in Administrative Tools.
To fix this, open Active Directory Domains and Trusts, which is located in Administrative Tools.Right-Click on the domain name and select "Raise Domain Functional Level" Select Windows Server 2003 from the drop down and then click "Raise".


Once this is done, (it takes only a few seconds). Switch back to your installation and select "Retry".
Provided you have not got any more missing pre-requisites, the installation should go ahead.
Thursday, April 3, 2008
Outlook 2007 password prompt
If you have a proxy enabled in internet explorer, Outlook uses this connection setting for all http and https traffic. To fix the problem, go to internet explorer, select 'tools' and then 'internet options', navigate to the 'connections' tab. Click the 'Lan Settings' button. Select advanced.
 Under 'Exceptions' enter the IP address of the Exchange CAS Server.
 Under 'Exceptions' enter the IP address of the Exchange CAS Server.
440 Login Timeout
This is an IIS authentication issue. To repair it, do the following from the exchange management shell:
Remove-OwaVirtualDirectory "exchange (default web site)"
Remove-OwaVirtualDirectory "public (default web site)"
Remove-OwaVirtualDirectory "exchweb (default web site)"
Remove-OwaVirtualDirectory "owa (default web site)"
To re-create the Outlook Web virtual directories, type the following commands
New-OwaVirtualDirectory "exchange" -OwaVersion Exchange2003or2000 -VirtualDirectoryType Mailboxes -WebSiteName "Default Web Site"
New-OwaVirtualDirectory "public" -OwaVersion Exchange2003or2000 -VirtualDirectoryType PublicFolders -WebSiteName "Default Web Site"
New-OwaVirtualDirectory "exchweb" -OwaVersion Exchange2003or2000 -VirtualDirectoryType Exchweb -WebSiteName "Default Web Site"
New-OwaVirtualDirectory -name "owa" -OwaVersion Exchange2007 -WebSiteName "Default Web Site"
Test OWA.
It is also possible to remove and re-install the CAS role from the control panel.
 

 
 Posts
Posts
 
