Certificate Missing on the Server – BUG?

I recently was trying to update the certificate to add a new domain to it. I generated a new CSR file and i got a new certificate from the “Third Party CA”.

All the pre-requisite for installing the certificate was perfect (I thought so). I thought i can get the information of the old certificate that already exist on the server before i install the new one and i ran “Get-ExchangeCertificate”. To my surprise there is no certificate. I was like “WTF”

So, then through MMC i started looking out for a certificate which on this local computer. Damn!! i can see the certificate that i’m looking for in the certifcate store.

Then why the hell powershell didnt show me the certificiate when i ran the command. Bigggg Question. Later i asked the guy who installed this old certificate to check it, he was able to see the certificate through powershell. He said the he followed the right thing to install the certificate.

For testing, i tried importing the new certificate that i got through shell and enabled the services. I was able to replace the old certificate. Now again, i asked the other guy to check it. He cant find the cert that i installed.

The original problem is solved – but why am i not able to see the certificate was installed by someone and vice versa.

Point to note : –
1. When you type Get-ExchangeCertificate and if you cannot find it – Don’t Panic
2. Always use MMC console to check the required or existing certificate is available or not.
3. Dont use different others profile and install the certificate, later you may feel “OMG, My Cert is missing”

Thanks,
VJ

Language preference changes after installing “Microsoft Exchange Server 2007 Service Pack 3 Unified Messaging Language Packs” – Unified messaging

Installation of “Microsoft Exchange Server 2007 Service Pack 3 Unified Messaging Language Packs” caused us an issue which i would like to share

Problem :
After installing this patch, user language prefrence will changed to english. Who ever calls the extension is hearing in English.

Soln:
After going throught the basic stuff like, disabling and enabling UM in french for the user and resetting the pin, nothing worked

Atlast, one of my collegue helped to get this sorted out, asking me to follow the action plan

Action plan:

1. log in to OWA
2. log into their mailbox.
3. Click the Options button in the top right corner.
4. Click the Regional Settings option on the Right pane.
5. In the Language field have them make sure its set to preferred language
6. Make sure they hit the Save button after they have changed it.
7. Log out.

Your Mailbox Has Exceeded? – Spam

You will receive the following email,
—————————————————————————————————–
From: xxxxxxxxx@xxx.com
Sent: Tuesday, December xx, 2010 x:xx AM
To: xxxx@xxx.com
Subject: Your Mailbox Has Exceeded?

Your Mailbox Has Exceeded It Storage Limit As Set By Your Administrator, And You Will Not Be Able To Receive New Mails Until You Re-Validate It. To Re-Validate – > Click Here: System Administrator
—————————————————————————————————-
This is a spam. When you click on the link, then you will be directed to a website that will ask the users to enter their username and password.

As an exchange admin, make sure that your users aware of this security threat to avoid disaster

Great oppurtunity to work with an MNC as Exchange amin

Hello All,

Good opportunity to work with Exchange Server Technologies like 2003/2007/2010. Kindly contact me if you are looking for Exchange Server Admin Job in Chennai or Pune.

Desired Candidate Profile:
Candidate must have hands on experience with minimum of 3 years experience in Exchange administration 2003/2007

 Excellent knowledge on Microsoft Exchange (2003/2007) and Active Directory

 Troubleshooting and Configuration of Exchange and Active Directory

 Good knowledge on mobility solution like Blackberry, ActiveSync.

 Good Knowledge on Exchange Clustering

 Knowledge on Managing users / Groups

 Sound knowledge on Backup and Restore

 Hands-on experience in troubleshooting and configuration of Exchange server related issues, Outlook issue, Backup issues, Anti-spam, Antivirus software

Send your CVs to Vijayaragavan16@yahoo.com, will get back to soon if your profile meets our requirement

How to find a UMUser with a particular extension

To find a UMUser who has a extensioni “xxxx” using powershell

get-ummailbox | where { $_.Extensions -eq “xxxx” }

and

get-ummailbox | ForEach { If($_.Extensions -eq xxxx){$.DisplayName}}

To find a UMUser who has a extensioni “xxxx” using powershell

EMC and use a filter for email addresses using either contain or starts with method. Then in the filter use EUM:xxxx

Script doesn’t work – E14 bug

When you follow the article

Exchange Test CAS Connectivity user gets locked out when using Exchange 2010 MP

http://support.microsoft.com/kb/2022687

I followed this article. After running the script New-TestCasConnectivityUser.PS1, it locks the CAS user account created by running the script gets locked out.

After you make changes as recommended in the article, will break the outlook anywhere in E14. I faced this problem in two different organization.

It appears to be a bug!!! Any body has a solution?

I’m Back

I was busy with my work due to hetic work schedule. From now you can expect constant posting from me until i get stuck with my work. 🙂

Mails to certain domains does not work – Additional information

Its a known issue that mail flow certain domains does not work if your exchange server 2007 satisfies the following condition

Condition
* Os : windows 2008
* Exchange : Exchnage 2007

Findings:
I tried the following steps and end up finding few things

1. Mail flow will work to all the domains except few
2. When you smart host to that particular domain, the mail will go through
3. When you do a telnet and drop a mail to the remote domain, mail will go through

This can be resolved by running the hot fix
Mail flow to certain domains does not work when you run Exchange Server 2007 on a Windows Server 2008-based computer

Reason:
When a mail is generated to a remote domain (problamatic domain), the server will query for the AAAA record.

Which is odd.

You can test this by running a netmon trace.

So it is obvious that mail will not go through because the remote server will not responsd to the AAAA record query

Soln:
At times running the hot fix won’t fix the problem. So, Just create a new send connector and add the remote server ip as a smart host for time being

Additional information:
This also happened to me for Exchange server 2010 as well.

Unable to send TLS mails to external domains – E2k7

Topology: Exchange 2007 > Watch Guard firewall > Microsoft ForeFront > Internet

Send connector is smart-hosted to Microsoft ForeFront

Exchange 2007 exhibits a feature known as ‘Opportunistic TLS’ > if the remote domain accepts TLS mails Exchange would send in TLS, else Exchange will send in non-TLS format

Inspite of this, his Exchange server is sending non-TLS mails to remote domains which accept TLS

Troubleshooting:

– From the Exchange server, ran a telnet to ForeFront (mail.messaging.microsoft.com) on port 25, and there was no STARTTLS verb/blob advertised

– So ideally, Exchange would send mail only in non-TLS format

– However, when we do a telnet to ForeFront (elnet mail.messaging.microsoft.com 25), we see STARTTLS verb

– Thus, though ForeFront advertises STARTTLS verb, it’s not seen when running a telnet from the Exchange server

Suspected Watch Guard to be running ESMTP Proxy, which is stripping off the verbs from being displayed

Though Cx confirmed that the firewall did not proxy any SMTP, logged in to the console and found ESMTP outbound settings

ESMTP was enabled, and there was a check mark for 8-BITMIME (this was the only verb displayed when Cx ran a telnet to ForeFront)

We checked BINARYMIME (from that list), saved the firewall config, and then ran a telnet to ForeFront > now we could see BINARYMIME verb also displayed (along with 8-BITMIME)

Thus it was confirmed that it was indeed the firewall which was stripping off the verbs, the following link which discusses about issues with TLS and Encryption caused by Watchguard Firebox Firewall:

http://www.google.com/support/appsecurity/bin/answer.py?hl=en&answer=138468

Resolution: The Watchguard firewall has two options for SMTP mail: SMTP Proxy and SMTP Packet Filter. The default choice, when a user first sets up mail, is the SMTP Proxy. Change to SMTP Packet Filter, and that should resolve the issue.

Mail flow between server is not working – E2K7

Problem

Recently i’ve encountered a problem that i was not able to send and receive emails between two sites where E2K7 is installed

Symptom

You would get the following error

Event Type: Error

Event Source: MSExchangeTransport

Event Category: SmtpReceive

Event ID: 1035

Description:

Inbound authentication failed with error LogonDenied for Receive connector Default XXXXXXXXX. The authentication mechanism is Gssapi. The source IP address of the client who tried to authenticate to Microsoft Exchange is

Enable the verbose logging for the receive connector on the receiving site and send a test email from the other site.

If the SMTP-Receive log shows “235 Authenication failed”

Reason

The Time difference between the DC and Exchange server
Authenticated users is not listed in the local security group on the Exchange server

Solution

Synchronize the time between the DC and the exchange server
Add the authenticated users to the “Access this computer from the network” under local security policy

M	T	W	T	F	S	S
1	2	3	4	5	6	7
8	9	10	11	12	13	14
15	16	17	18	19	20	21
22	23	24	25	26	27	28
29	30	31