Off topic, TLS connections new certificates.
Kind of off topic and bear with me I'm not real familiar with certs. Exchange 2007 sp2/Ironport perimeter. We recently added new certificates to our systems. Some of our affiliates have established TLS connectors to our site for mandatory encryption between our sites. The remote site in question is running Exchange 2010 but when they try and send mail to our uc.edu domain name, all the messages get spooled. If they send to ucmail.uc.edu the mail goes through fine. The error they getting for the uc.edu domain is a 451 4.4.0 Primary target IP address responded with 44.4.7.5 Certificate validation failure.Uc.edu is our university wide domain name so I'm a little confused on how that comes into play with the TLS connectivity and mx/a records. Here is another error reported. A secure connection to domain-secured domain 'uc.edu' on connector 'UC TLS Connector' could not be established because the validation of the Transport Layer Security (TLS) certificate for uc.edu failed with status 'UntrustedRoot. Contact the administrator of uc.edu to resolve the problem, or remove the domain from the domain-secured list. Pete Pfefferkorn University of Cincinnati Information Technology Services Systems Analyst/Messaging Administrator Phone: (513) 556-9076 Fax: (513) 556-2042 Email: pete.pfefferk...@uc.edu --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist
RE: Off topic, TLS connections new certificates.
The message looks like their mail servers are unable to recognise your certs as valid. I'm assuming they are connecting to the Ironport? Again I'm assuming these were the certificates you updated recently? Did you just regenerate the certificate request from the old one or create a new one and are you using the same certificate authority as previously? I'd suspect that you are either missing the intermediate certificates, or you are using the Ironport self signed, but either way it does point to then not recognising your certs as valid. It could also be that if you have some kind of mutual auth set up you aren't trusting them, but it's more likely your certs unless they happen to have made a change too. Difficult to tell without seeing the certificate config on the Ironport. If I were you I'd do a quick check in the message tracking to see if you can see any connection made on the Ironport and hopefully this will give you more information. There are a couple of good guides for the TLS setup of Ironport on the web. Nick -Original Message- From: Pfefferkorn, Pete (pfeffepe) [mailto:pfeff...@ucmail.uc.edu] Sent: 05 March 2012 13:24 To: MS-Exchange Admin Issues Subject: Off topic, TLS connections new certificates. Kind of off topic and bear with me I'm not real familiar with certs. Exchange 2007 sp2/Ironport perimeter. We recently added new certificates to our systems. Some of our affiliates have established TLS connectors to our site for mandatory encryption between our sites. The remote site in question is running Exchange 2010 but when they try and send mail to our uc.edu domain name, all the messages get spooled. If they send to ucmail.uc.edu the mail goes through fine. The error they getting for the uc.edu domain is a 451 4.4.0 Primary target IP address responded with 44.4.7.5 Certificate validation failure.Uc.edu is our university wide domain name so I'm a little confused on how that comes into play with the TLS connectivity and mx/a records. Here is another error reported. A secure connection to domain-secured domain 'uc.edu' on connector 'UC TLS Connector' could not be established because the validation of the Transport Layer Security (TLS) certificate for uc.edu failed with status 'UntrustedRoot. Contact the administrator of uc.edu to resolve the problem, or remove the domain from the domain-secured list. Pete Pfefferkorn University of Cincinnati Information Technology Services Systems Analyst/Messaging Administrator Phone: (513) 556-9076 Fax: (513) 556-2042 Email: pete.pfefferk...@uc.edu --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist This electronic message contains information from CACI International Inc or subsidiary companies, which may be confidential, proprietary, privileged or otherwise protected from disclosure. The information is intended to be used solely by the recipient(s) named above. If you are not an intended recipient, be aware that any review, disclosure, copying, distribution or use of this transmission or its contents is prohibited. If you have received this transmission in error, please notify us immediately at postmas...@caci.co.uk Viruses: Although we have taken steps to ensure that this e-mail and attachments are free from any virus, we advise that in keeping with good computing practice the recipient should ensure they are actually virus free. CACI Limited. Registered in England Wales. Registration No. 1649776. CACI House, Avonmore Road, London, W14 8TS. --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist
RE: Change Control methods?
Your cheapest option would be to use things like Mercurial, Subversion, or Git for this. On Windows it may be easiest to use a gui client like TortoiseHg, TortoiseSvn or TortoiseGit as an interface to these systems. At the highest level, the general idea is to wrap library functionality around files/folders: check something out, use it, check it back in. At a more detailed level, using it, is making changes. The checking back in step keeps track of changes and allows for metadata from the person who made the change (short description of what was changed). In this way it is transactional and each historical change may be reviewed. These systems work better with plain-text data as there is no need for a format parser. It does work on binary files too, but you lose the nice diffs and it can be inefficient. You could easily keep a text log or folder of logs and configuration data. I recommend checking out (har har) http://hginit.com/ for an nice overview of the process. Note that this is specific to the Mercurial system and uses command-line tools; their commercial Kiln software adds features to Mercurial that may be worthwhile. Git is very similar in architecture and the gui clients are doing these commands under the covers so it is good for understanding. Subversion is an older system that doesn't handle merging quite as well as the distributed systems; merging happens when two people make changes to the same file at the same time. Of course, there are dozens of proprietary document management solutions out there ranging from somewhat expensive to very expensive. Many are nothing more than slick wrappers over the open-source tools. The advantage in my opinion is the greater integration they bring with certain software you might already use. None of them do it all; try before you buy, caveat emptor, etc... ~JasonG -Original Message- From: David Thor Johnson [mailto:idama...@comcast.net] Sent: Wednesday, February 29, 2012 21:08 To: MS-Exchange Admin Issues Subject: Change Control methods? Hi all, What are you all doing in regards to change control in your networks and servers. We used to keep a paper log in the server room for whenever a server was patched or rebooted. Is there a software method that you wopuld recommend? Thanks in advance for all input is appreciated. Cheers, David Thor Johnson --- To manage subscriptions click here: http://lyris.sunbelt- software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist
RE: Change Control methods?
For an Organization it is no longer useful to manage these things in isolation any more. ITIL and ISO27000 really require a holistic approach so that the impact of changes on Availability and Continuity, Capacity and Costs are considered which means you need a Holistic Approach to change. That covers all these things... There again for small sites a sheet of paper may be OK Dave Wade 0161 474 5456 From: David Thor Johnson [mailto:idama...@comcast.net] Sent: 01 March 2012 02:08 To: MS-Exchange Admin Issues Subject: Change Control methods? Hi all, What are you all doing in regards to change control in your networks and servers. We used to keep a paper log in the server room for whenever a server was patched or rebooted. Is there a software method that you wopuld recommend? Thanks in advance for all input is appreciated. Cheers, David Thor Johnson --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist ** The Council has launched its Streets Ahead initiative to show how we can keep Stockport moving during the winter months. For all the latest news visit the new web pages at www.stockport.gov.uk/streetsahead This email, and any files transmitted with it, is confidential and intended solely for the use of the individual or entity to whom they are addressed. As a public body, the Council may be required to disclose this email, or any response to it, under the Freedom of Information Act 2000, unless the information in it is covered by one of the exemptions in the Act. If you receive this email in error please notify Stockport ICT, Corporate Support Services via email.qu...@stockport.gov.uk and then permanently remove it from your system. Thank you. http://www.stockport.gov.uk ** --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist
RE: Change Control methods?
One of the most important things to remember is that changes in the outside world can have an impact on you, and the authors of those pesky viruses, worms, and assorted exploits don't have to fill in any change request forms. Cheers, Phil -- Phil Randal Infrastructure Engineer Hoople Ltd | Thorn Office Centre | Hereford HR2 6JT Tel: 01432 260415 | Email: phil.ran...@hoopleltd.co.uk From: Dave Wade [mailto:dave.w...@stockport.gov.uk] Sent: 05 March 2012 16:44 To: MS-Exchange Admin Issues Subject: RE: Change Control methods? For an Organization it is no longer useful to manage these things in isolation any more. ITIL and ISO27000 really require a holistic approach so that the impact of changes on Availability and Continuity, Capacity and Costs are considered which means you need a Holistic Approach to change. That covers all these things... There again for small sites a sheet of paper may be OK Dave Wade 0161 474 5456 From: David Thor Johnson [mailto:idama...@comcast.net]mailto:[mailto:idama...@comcast.net] Sent: 01 March 2012 02:08 To: MS-Exchange Admin Issues Subject: Change Control methods? Hi all, What are you all doing in regards to change control in your networks and servers. We used to keep a paper log in the server room for whenever a server was patched or rebooted. Is there a software method that you wopuld recommend? Thanks in advance for all input is appreciated. Cheers, David Thor Johnson --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist ** The Council has launched its Streets Ahead initiative to show how we can keep Stockport moving during the winter months. For all the latest news visit the new web pages at www.stockport.gov.uk/streetsaheadhttp://www.stockport.gov.uk/streetsahead This email, and any files transmitted with it, is confidential and intended solely for the use of the individual or entity to whom they are addressed. As a public body, the Council may be required to disclose this email, or any response to it, under the Freedom of Information Act 2000, unless the information in it is covered by one of the exemptions in the Act. If you receive this email in error please notify Stockport ICT, Corporate Support Services via email.qu...@stockport.gov.ukmailto:email.qu...@stockport.gov.uk and then permanently remove it from your system. Thank you. http://www.stockport.gov.uk ** --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist Any opinion expressed in this e-mail or any attached files are those of the individual and not necessarily those of Hoople Ltd. You should be aware that Hoople Ltd. monitors its email service. This e-mail and any attached files are confidential and intended solely for the use of the addressee. This communication may contain material protected by law from being passed on. If you are not the intended recipient and have received this e-mail in error, you are advised that any use, dissemination, forwarding, printing or copying of this e-mail is strictly prohibited. If you have received this e-mail in error please contact the sender immediately and destroy all copies of it. --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist
Re: Change Control methods?
I've been in three different organizations in the past year and a half. One was huge, the 2nd was medium, and the current one is a smaller group. The huge one had an Enterprise class change management system and spent hundreds of thousands installing, customizing, migrating, and training users on. It's from BMC. They went with it because they were using Remedy for Help desk, and BMC for monitoring and scheduling. That required several days of work and meetings plus multiple levels of approval to get some very basic changes done, not to mention anything complex. They wasted (IMHO) a lot of money pushing paper around. They had a weekly meeting, plus calls for special approvals, etc. 2nd company used Sharepoint to do it - one homemade form, free built in reporting. They also had a weekly meeting, you read your stuff, answered any questions, and were approved. Then you put in status, results, success or failure. Very efficient. 3rd company is a business unit of larger company, only does change control if you think it can impact the parent. Otherwise, the manager sends an email to the team and receives questions or comments. Uses their email for the log, and if anything security or otherwise audit related, a case is opened in the helpdesk system. So, if you want something easy and that can support small, I would suggest you check out Sharepoint (if you already have it running), then the cost is the effort to build a form, test, and solicit input from the users. Don K From:Dave Wade [mailto:dave.w...@stockport.gov.uk] Sent:05 March 2012 16:44 To:MS-Exchange Admin Issues Subject:RE: Change Control methods? For an Organization it is no longer useful to manage these things in isolation any more. ITIL and ISO27000 really require a holistic approach so that the impact of changes on Availability and Continuity, Capacity and Costs are considered which means you need a Holistic Approach to change. That covers all these things… There again for small sites a sheet of paper may be OK…. Dave Wade 0161 474 5456 From:David Thor Johnson [mailto:idama...@comcast.net] Sent: 01 March 2012 02:08 To: MS-Exchange Admin Issues Subject: Change Control methods? Hi all, What are you all doing in regards to change control in your networks and servers. We used to keep a paper log in the server room for whenever a server was patched or rebooted. Is there a software method that you wopuld recommend? Thanks in advance for all input is appreciated. Cheers, David Thor Johnson --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist ** The Council has launched its Streets Ahead initiative to show how we can keep Stockport moving during the winter months. For all the latest news visit the new web pages at www.stockport.gov.uk/streetsahead This email, and any files transmitted with it, is confidential and intended solely for the use of the individual or entity to whom they are addressed. As a public body, the Council may be required to disclose this email, or any response to it, under the Freedom of Information Act 2000, unless the information in it is covered by one of the exemptions in the Act. If you receive this email in error please notify Stockport ICT, Corporate Support Services via email.qu...@stockport.gov.uk and then permanently remove it from your system. Thank you. http://www.stockport.gov.uk ** --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist“Any opinion expressed in this e-mail or any attached files are those of the individual and not necessarily those of Hoople Ltd. You should be aware that Hoople Ltd. monitors its email service. This e-mail and any attached files are confidential and intended solely for the use of the addressee. This communication may contain material protected by law from being passed on. If you are not the intended recipient and have received this e-mail in error, you are advised that any use, dissemination, forwarding, printing or copying of this e-mail is strictly prohibited. If you have received this e-mail in error please contact the sender immediately and destroy all copies of it. --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist
RE: OAB and Forms - Exchange 2010 Outlook 2003
When you first set up a mail profile, the closest PF replica is chosen and that replicas is used until it isn't available any more. After that, the replica choice is somewhat random - based on the installation order of the PF replicas. At least, this is how it was in Exchange 5.5, and I don't think it's changed since. Normally, OABs get copied to every CAS daily by the File Distribution Service. There is a way to exclude a CAS from that, but I don't remember what it takes off the top of my head. But an OAB only has a single generation/distribution server and that has to be visible to all other CAS for the copy to happen. -Original Message- From: Robb Pickinpaugh [mailto:robb.pickinpa...@anesthesiallc.com] Sent: Wednesday, February 29, 2012 2:48 PM To: MS-Exchange Admin Issues Subject: OAB and Forms - Exchange 2010 Outlook 2003 I've been puzzling over a problem for a while and I think I finally had an insight into the problem and I want to sanity check myself. We have a multi-site configuration. Site A - Primary site - Internet Facing Exch 2010 server Site B - Largest 2ndry site - local Exch 2010 server Site C - Small 2ndry site, child domain, no exch server just users I've been having trouble with Outlook 2003 especially showing Sync errors and 0X8004010F errors with the OAB from Site C. I've also been seeing problem with published Forms in Site C. I noticed today that Site C is trying to pull info from the server in Site B which due to routing, and firewalls, the clients cannot reach. Upon doing a little more digging I found that we had all the sites in the same default site link with the same cost between them. I have now segemented the links to include just two sites in each link with adjustments to the costs to make the connection between Site B and Site C much more expensive than the connection between site A and Site C. While I know this would affect how the mail routes between Exch servers, what I don't know is whether this would affect which OAB and PF replica a client tries to use. Am I looking in the right place, or completely off in the wrong direction and missing something in the Exchange config? Thanks, Robb --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist
Alternative to Personal Address Books for Outlook 2010
I did searches on the list for this subject because I was pretty sure it has come up before, but it isn't coming up as a result. We are still using Outlook 2003 at our remote locations and they are not pulling mail directly from our Exchange servers but rather from a Unix server at each location acting as intermediary. Because of this we have been creating a personal address book which is uploaded to each location thus ensuring that addresses are consistent and up-to-date. Because Outlook 2010 has done away with PABs and looks to the Contacts, is there a way to upload a new contact file when necessary? Not looking for something where the user would have to import it themselves. We'd like to see it update in the background with as little user interaction as possible. -Paul --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist