If you just updated your SSL Cert (and it looks as though it is correctly installed) but both OWA and ECP have broken, you're going to need to associate the roles with the SSL Cert. Don't both to do this through IIS, just do this instead: Get the Thumbprint of your newest SSL Cert by doing the following: Start > Run mmc.exe or mmc.mcs. File > Add\Remove Snap-In Computer User Certificates > Add Ok Certificates > Personal > Certificates > Double Click on … [Read more...] about OWA and ECP Web Errors after SSL Cert Update – Error 2001
Public facing isn't the right term here. It simply means that the authentication requirement to send mail to the distro has been disabled to give anyone anywhere the ability to send an email to it. That makes it publicly accessible. If you want a list of all of the distribution groups that have the authentication requirement disabled you can use this little one-liner. Open Exchange Management Shell as an Administrator and type the following: Get-DistributionGroup | ? … [Read more...] about Exchange: Export a list of all public facing distribution groups
Here's a great tool for testing DNS, Mail, SMTP, and similar environments to see if they are listening on certain ports across the internet. https://www.dnswonder.com/Tools/ With it, you can test: GET DNS RECORDS GET MX RECORDS GET PTR RECORDS GET SPF RECORDS GET BLACKHOLE LIST (RBL) GET SMTP SERVER TYPE TEST SMTP CONNECTIVITY TEST EMAIL DELIVERY TEST EXCHANGE SERVER TEST IMAP SERVER TEST ZIMBRA SERVER TEST REGULAR EXPRESSION ENCRYPT DATA Enjoy. … [Read more...] about Tools for Testing SMTP, DNS, other mail server types, and more
If your'e getting mail from outside sources pretending to be on your domain, you can create a Mail Flow Rule to manage messages that say they are from your domain but really aren't. Log into the ECP and go to Mail Flow > Rules and New (+) Click "more options..." You want to add two applications. Apply this rule if: The sender domain is 'yourdomain.com' The sender location is from outside of the company You can treat mail that triggers those two applications any way … [Read more...] about Anti Spoofing for Domains in Exchange 2016
Notes This is an issue found in my working version of Exchange, which is Exchange 2013 CU 11. It may exist elsewhere, but this is all I've got to test with. Problem Using the Exchange Admin Center, you either tried to import a certificate or complete a certificate request. It may have done nothing on the first attempt, but it gave you this error on the second attempt. Description What you're seeing is that you have a cert that was successfully installed on the server the first time … [Read more...] about A special Rpc error occurred. Cannot import certificate. A certificate with the thumbprint already exists.
IMAP testing can be a little tough, especially when you are on a production server. Here's the first things I'd do to make sure IMAP connectivity is working OK: Run a Telnet from a Telnet Client to ports 143 and 993. 143 is your TLS port and 993 is for SSL IMAP connections: telnet 127.0.0.1 993 You can use your public IP. You're looking for a black box or a banner that you've set up with a virtual service listening on the port. If you get a denied connection there might be something wrong … [Read more...] about Exchange 2013: Test IMAP Connectivity
It's nice to see how your Exchange environment is doing without having to dig too deep. The HealthCheck feature is perfect for this, but some commands just can't be committed to memory. Below are some common Exchange Health Check commands as well as a little explanation to help you use Exchange Shell. Get-ServerHealth <server name> Pretty straight forward. You'll get your current server's health results. Hopefully everything says Healthy and if you haven't customized anything, the state … [Read more...] about Some Helpful Exchange Shell Commands to Help with Health Checks
While doing some end of the year vulnerability scans, we were getting some web servers coming back with some potential security threats, all too common in the IT world. Looking for a faster method to patch up these holes, I came across a very neat little tool Call IIS Crypto made by the good people at Nartac Software. Their explanation of the tool: IIS Crypto is a free tool that gives administrators the ability to enable or disable protocols, ciphers, hashes and key exchange algorithms on … [Read more...] about Disable Vulnerable Ciphers, Hashes, Keys, using IIS Crypto
Oh man, this was a tough one. A real doozy. First, here are my environment details where this was happening. MS Exchange 2013 CU6 (Issue was happening as far back as CU4) One Exchange Server managing all Exchange services and responsibilities Less than 50 mailboxes Overview Basically, every few days we'd get a call in the middle of the day from customers telling us that mail was being stuck in the Outbox in Outlook and mail would be put into the drafts folder in OWA. At first, we … [Read more...] about Exchange 2013 Mail Stuck in Outbox or Drafts – Have to restart Transport Service to resume mail flow
Have you ever seen one of these before in your logs? They pop up from time to time: The following fatal alert was generated: 10. The internal error state is 1203. They aren't anything to worry about. It just means a client somewhere is trying to access something using the wrong protocol. For example, someone is trying to log into OWA using http instead of https. That's all. These can essentially be ignored unless there are outrageous amounts or something is breaking during the … [Read more...] about Exchange Event Error: The following fatal alert was generated: 10. The internal error state is 1203.