RE: exchange hidden addresses
I've got a fair few higher-ed clients, and used to manage a systems team at a University. In general, I don't come across customers who need/ask for this. In general it is found to be useful if students can find each other to communicate. The main issue is when you have 10 people with the same name, or when a student works part-time for the University and ends up with a staff account in the Gal also. The only time I've had something similar on the ground was when one student was getting harassed/stalked by another student and wanted their email address changed, and wanted to be hidden from the GAL. From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: 19 July 2012 01:40 To: MS-Exchange Admin Issues Subject: RE: exchange hidden addresses I've got a couple of higher-ed clients in Virginia. We restrict expansion of distribution lists, and we've reduced the information we display from the GAL (via display templates), but we don't otherwise restrict the GAL. I'm not sure what privacy concerns you are attempting to address. GAL segmentation doesn't stop the scenario you described. From: Kevin Sharp [mailto:kevinsh...@sasktel.net] Sent: Wednesday, July 18, 2012 7:04 PM To: MS-Exchange Admin Issues Subject: exchange hidden addresses Hi: Just wondering if anyone supporting education can pipe in on this question. If you have hidden students email accounts to protect privacy concerns on premise, you have probably run into issues where user A(Hidden) emails User B (unhidden). User B forwards the email from the hidden user to User C to deal with. Now User C decides to send a reply email to User A (hidden), and can't see them in the GAL or their return email address in the email. User C could possibly find out about their email via email headers or create a contact (uses legacyexchangedn for address). Besides having a possible regret about hiding student email accounts, what have others done with hidden accounts? 1.Do you hide accounts in the GAL (if so how do you deal with above situation or is there a work around??) 2. Do you hide accounts to protect privacy? 3. Has anyone used GAL segmentation to possibly help with this.? 4. If you managed to solve this with GAL segmentation...what options do you have for office 365? (I believe GAL segmentation isn't there yet) Thanks Kevin --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist
RE: Increasing Attachment size for OWA and EWS?
I thought it translated to File Server.
-Original Message-
From: Fred Sawyer [mailto:fsaw...@victuscapitalconsulting.com]
Sent: Wednesday, July 18, 2012 1:45 PM
To: MS-Exchange Admin Issues
Subject: RE: Increasing Attachment size for OWA and EWS?
Don - I so agree.. Sadly I must hang my head in shame and suck up the
executive order. Most of these large attachments are internal only emails.
Didn't you know email is Latin for FTP?
-Original Message-
From: Don Andrews [mailto:don.andr...@safeway.com]
Sent: Wednesday, July 18, 2012 12:38 PM
To: MS-Exchange Admin Issues
Subject: RE: Increasing Attachment size for OWA and EWS?
HOLY FTP Batman! Just curious what percentage of your
clients/customers/vendors etc. allow that large a message size much less
attachment size?
-Original Message-
From: Fred Sawyer [mailto:fsaw...@victuscapitalconsulting.com]
Sent: Wednesday, July 18, 2012 10:36 AM
To: MS-Exchange Admin Issues
Subject: Increasing Attachment size for OWA and EWS?
We are currently running on Exchange 2010 SP2 RU1 and I have been working on
setting the accepted attachment size to 175MB. The proper values have been set
on TransportConfig, ReceiveConnector's, SendConnector's, and user Message Size
Restrictions. Outlook clients connecting with MAPI are able to send larger size
attachements. My problem is Mac Mail clients that connect via EWS and OWA. I
followed the following instructions for increasing attachment size in EWS and
OWA.
(I did changed the various values to be 175MB in the specified unit for the
setting) 1. Increase the Global Transport configs for both MaxReceiveSize and
MaxSendSize. This can be done through either the EMC GUI, or powershell
(set-transportconfig) 2. Modify the /EWS web.config , system.web httpruntime
maxRequestLength=5 *this value is represented in kb* 3. Add new value to
the the IIS7 applicationhost.config , underneath
system.webserversecurityrequestfiltering, add a new line named as follows
: RequestLimits maxAllowedContentLength= 5000 / *this value is
represented in bytes* 4. Modify the /EWS web.config, httpsTransport
maxReceivedMessageSize=5000 *this value is represented in
bytes*authenticationScheme=Anonymous.
5. Restart IIS.
And detailed description on how to increase the size to 50 MB:
1. Edit C:\Program Files\Microsoft\Exchange
Server\V14\ClientAccess\Owa\web.config and update the maxRequestLength value to
51200 2. Open a command prompt and execute the following commands:
cd %windir%\system32\inetsrv
appcmd set config Default Web Site/ews -section:requestFiltering
-requestLimits.maxAllowedContentLength:5120
appcmd set config Default Web Site/owa -section:requestFiltering
-requestLimits.maxAllowedContentLength:5120
3. Edit C:\Program Files\Microsoft\Exchange
Server\V14\ClientAccess\ews\web.config and change the maxReceivedMessageSize
value to 5120 underneath the EWSMessageEncoderSoap11Element / 4. IISreset
to apply the change
After making these changes OWA access now allows for the larger attachments.
But Mac Mail clients are still receiving Your message exceeds the maximum size
allowed by the Exchange Server error message when trying to send any
attachment over 90MB. Does anyone know where I should look next for increasing
attachment size in EWS?
Also looking for tips on how to track down error messages in Exchange regarding
email submission being rejected. I have found that either of these commands
only show messages that are being submitted to SMTP but does not appear to show
failed messages that are submitted to EWS Get-MessageTrackingLog -EventID FAIL
| where {$_.RecipientStatus -like *SendSizeLimit*} Get-MessageTrackingLog
-EventID FAIL | where {$_.RecipientStatus -like *RecipSizeLimit*}
Any help would be greatly appricated!
Thanks,
Fred Sawyer
---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe exchangelist
---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe exchangelist
---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe exchangelist
---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe exchangelist
Re: RFC 5233 Support?
On Thu, Jul 12, 2012 at 3:19 PM, Jason Gurtz jasongu...@npumail.com wrote: I have a friend (non-I.T.) who's trying to integrate Moodle (some edu webapp, php, but supported on Windows) with their exchange environment. It must rely on this feature... If the part-after-the-plus-sign follows a standard form for everyone (e.g., user+moo...@example.com), you could prolly special-case it with an address generation policy rule. -- Ben --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist
RE: Company Acquisition and Free Busy
http://technet.microsoft.com/library/bb125182.aspx From: Adm [mailto:sms...@gmail.com] Sent: Thursday, July 19, 2012 10:42 AM To: MS-Exchange Admin Issues Subject: Company Acquisition and Free Busy We have acquired a company that runs Exchange 2010, as do we. We will not have the networks integrated till early 2013. In the meantime, there is a request to see each other's free/busy. Has anyone run into this and how did you handle it? Thx in advance --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist
Re: Company Acquisition and Free Busy
I see this requires an MIIS server. Is this licensed? Has anyone used this? Thx in advance On Thu, Jul 19, 2012 at 10:46 AM, Michael B. Smith mich...@smithcons.comwrote: http://technet.microsoft.com/library/bb125182.aspx ** ** *From:* Adm [mailto:sms...@gmail.com] *Sent:* Thursday, July 19, 2012 10:42 AM *To:* MS-Exchange Admin Issues *Subject:* Company Acquisition and Free Busy ** ** We have acquired a company that runs Exchange 2010, as do we. We will not have the networks integrated till early 2013. In the meantime, there is a request to see each other's free/busy. Has anyone run into this and how did you handle it? Thx in advance --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist -- smsadm --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist
Re: Company Acquisition and Free Busy
Security will not allow a two way trust. On Thu, Jul 19, 2012 at 12:54 PM, Durkin, Rob durk...@pdc.us wrote: Do you have a trust relationship with their domain, and a WAN/LAN connection? If so, you may not need Forefront identity server. ** ** One option is the Microsoft Federation Gateway, a free cloud-based service from MS that works with orgs using Exchange 2010 to share Free busy. http://technet.microsoft.com/en-us/library/dd335047 http://www.testlabs.se/blog/2012/05/24/configure-microsoft-exchange-server-2010-sp2-with-microsoft-federation-gateway/ ** ** ** ** ** ** *From:* Adm [mailto:sms...@gmail.com] *Sent:* Thursday, July 19, 2012 8:26 AM *To:* MS-Exchange Admin Issues *Subject:* Re: Company Acquisition and Free Busy ** ** I guess this is now called Forefront Identity Server now, upgraded from MIIS. Thx On Thu, Jul 19, 2012 at 11:22 AM, Adm sms...@gmail.com wrote: I see this requires an MIIS server. Is this licensed? Has anyone used this? Thx in advance ** ** On Thu, Jul 19, 2012 at 10:46 AM, Michael B. Smith mich...@smithcons.com wrote: http://technet.microsoft.com/library/bb125182.aspx *From:* Adm [mailto:sms...@gmail.com] *Sent:* Thursday, July 19, 2012 10:42 AM *To:* MS-Exchange Admin Issues *Subject:* Company Acquisition and Free Busy We have acquired a company that runs Exchange 2010, as do we. We will not have the networks integrated till early 2013. In the meantime, there is a request to see each other's free/busy. Has anyone run into this and how did you handle it? Thx in advance --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist -- smsadm -- smsadm --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist -- smsadm --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist
RE: Company Acquisition and Free Busy
Under File - Options - Calendar - Free/busy options - Other Free/Busy There is a box there to add a URL for searching published free/busy info. http://support.microsoft.com/kb/291621 Sounds like this would help with the situation... Joe Heaton ITB - Enterprise Server Support From: Adm [mailto:sms...@gmail.com] Sent: Thursday, July 19, 2012 11:16 AM To: Heaton, Joseph@DFG; MS-Exchange Admin Issues Subject: Re: Company Acquisition and Free Busy What do you mean by add that as a source in the Outlook client? Thx On Thu, Jul 19, 2012 at 1:47 PM, Heaton, Joseph@DFG jhea...@dfg.ca.govmailto:jhea...@dfg.ca.gov wrote: Publish the free/busy information, and add that as a source in the Outlook client? Joe Heaton ITB - Enterprise Server Support From: Adm [mailto:sms...@gmail.commailto:sms...@gmail.com] Sent: Thursday, July 19, 2012 7:42 AM To: Heaton, Joseph@DFG; MS-Exchange Admin Issues Subject: Company Acquisition and Free Busy We have acquired a company that runs Exchange 2010, as do we. We will not have the networks integrated till early 2013. In the meantime, there is a request to see each other's free/busy. Has anyone run into this and how did you handle it? Thx in advance --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist -- smsadm --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist
RE: Ex2010 - SP1RU5 - SP2RU3
Well, using Michael's blog (see below) and reading MS technotes,etc. I have successfully upgraded my exchange 2010 environment to SP2RU3. It took a while last night, it got through it. The biggest time problem was not the SP2 but the RU3. There is a note about disabling the check for publisher's certificate revocation before applying RU3. Folks, do it. It saves a lot of time, but, it still is a time consuming process. Michael, thanks again for your help. Steven Stringham From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: Wednesday, July 18, 2012 6:31 PM To: MS-Exchange Admin Issues Subject: RE: Ex2010 - SP1RU5 - SP2RU3 No coexistence issues of which I am aware. But you should follow the documentation on applying service packs properly: http://technet.microsoft.com/en-us/library/bb629560 The blog is still accurate for applying URs as well as SPs. From: Stringham, Steven [mailto:sstri...@lrlaw.com] Sent: Tuesday, July 17, 2012 6:02 PM To: MS-Exchange Admin Issues Subject: RE: Ex2010 - SP1RU5 - SP2RU3 Also - are there coexistence issues within a DAG on SP2RU3 and SP1RU5 combination? From: Stringham, Steven [mailto:sstri...@lrlaw.com]mailto:[mailto:sstri...@lrlaw.com] Sent: Tuesday, July 17, 2012 2:56 PM To: MS-Exchange Admin Issues Subject: Ex2010 - SP1RU5 - SP2RU3 Michael - have you updated the blog on upgrading to SP2? (http://theessentialexchange.com/blogs/michael/archive/2011/12/07/installing-exchange-2010-service-pack-2.aspx) Is it still accurate to get to RU3? Do I just go through the SP2 process - reboot and then apply RU3? Are there any issues with having SP1RU5 active still while a SP2RU3 server is in place? Thanks again for all you do. Steven Stringham For more information about Lewis and Roca LLP, please go to www.lewisandroca.comhttp://www.lewisandroca.com/. Phoenix (602)262-5311 Reno (775)823-2900 Tucson (520)622-2090 Albuquerque (505)764-5400 Las Vegas (702)949-8200 Silicon Valley (650)391-1380 This message is intended only for the use of the individual or entity to which it is addressed. If the reader of this message is not the intended recipient, or the employee or agent responsible for delivering the message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this message is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the sender of this E-Mail by return E-Mail or by telephone. In accordance with Internal Revenue Service Circular 230, we advise you that if this email contains any tax advice, such tax advice was not intended or written to be used, and it cannot be used, by any taxpayer for the purpose of avoiding penalties that may be imposed on the taxpayer. --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist
Certificate Errors
Running a mix of Exchange 2003 and Exchange 2010. The Windows Sys Admin published a web-page to the ISA server and now iPhone users that are on the Exchange 2010 and users on the Exchange 2003 at another site aren't getting email. The event log on one of the Exchange 2010 CAA servers has the following: Microsoft Exchange could not load the certificate with thumbprint of ** from the personal store on the local computer. This certificate was configured for authentication with other Exchange servers. Mail flow to other Exchange servers could be affected by this error. If the certificate with this thumbprint still exists in the personal store, run Enable-ExchangeCertificate ***same number as above** -Services SMTP to resolve the issue. If the certificate does not exist in the personal store, restore it from backup by using the Import-ExchangeCertificate cmdlet, or create a new certificate for the FQDN or the server enabled for SMTP by running the following command: New-ExchangeCertificate -DomainName serverfqdn -Services SMTP. Meanwhile, the certificate with thumbprint *different number** is being used. I checked through all the certificates on both CAA servers and can't find a certificate with a matching thumbprint to either number. When checking the personal certificate folder of both CAA servers, there is nothing in either. I'm admittedly weak on certificates. Can someone provide some insight? Paul --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist
RE: Certificate Errors
Get-ExchangeCertificate from EMS. Does that thumbprint match? If not, jump on the Windows Sys Admin with hob-nailed boots. -Original Message- From: Maglinger, Paul [mailto:pmaglin...@scvl.com] Sent: Thursday, July 19, 2012 7:00 PM To: MS-Exchange Admin Issues Subject: Certificate Errors Running a mix of Exchange 2003 and Exchange 2010. The Windows Sys Admin published a web-page to the ISA server and now iPhone users that are on the Exchange 2010 and users on the Exchange 2003 at another site aren't getting email. The event log on one of the Exchange 2010 CAA servers has the following: Microsoft Exchange could not load the certificate with thumbprint of ** from the personal store on the local computer. This certificate was configured for authentication with other Exchange servers. Mail flow to other Exchange servers could be affected by this error. If the certificate with this thumbprint still exists in the personal store, run Enable-ExchangeCertificate ***same number as above** -Services SMTP to resolve the issue. If the certificate does not exist in the personal store, restore it from backup by using the Import-ExchangeCertificate cmdlet, or create a new certificate for the FQDN or the server enabled for SMTP by running the following command: New-ExchangeCertificate -DomainName serverfqdn -Services SMTP. Meanwhile, the certificate with thumbprint *different number** is being used. I checked through all the certificates on both CAA servers and can't find a certificate with a matching thumbprint to either number. When checking the personal certificate folder of both CAA servers, there is nothing in either. I'm admittedly weak on certificates. Can someone provide some insight? Paul --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist
RE: Certificate Errors
Thanks Michael! Yes, it shows up there. So I can run Enable-ExchangeCertificate with the old number and it might just fix it? -Original Message- From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: Thursday, July 19, 2012 6:26 PM To: MS-Exchange Admin Issues Subject: RE: Certificate Errors Get-ExchangeCertificate from EMS. Does that thumbprint match? If not, jump on the Windows Sys Admin with hob-nailed boots. -Original Message- From: Maglinger, Paul [mailto:pmaglin...@scvl.com] Sent: Thursday, July 19, 2012 7:00 PM To: MS-Exchange Admin Issues Subject: Certificate Errors Running a mix of Exchange 2003 and Exchange 2010. The Windows Sys Admin published a web-page to the ISA server and now iPhone users that are on the Exchange 2010 and users on the Exchange 2003 at another site aren't getting email. The event log on one of the Exchange 2010 CAA servers has the following: Microsoft Exchange could not load the certificate with thumbprint of ** from the personal store on the local computer. This certificate was configured for authentication with other Exchange servers. Mail flow to other Exchange servers could be affected by this error. If the certificate with this thumbprint still exists in the personal store, run Enable-ExchangeCertificate ***same number as above** -Services SMTP to resolve the issue. If the certificate does not exist in the personal store, restore it from backup by using the Import-ExchangeCertificate cmdlet, or create a new certificate for the FQDN or the server enabled for SMTP by running the following command: New-ExchangeCertificate -DomainName serverfqdn -Services SMTP. Meanwhile, the certificate with thumbprint *different number** is being used. I checked through all the certificates on both CAA servers and can't find a certificate with a matching thumbprint to either number. When checking the personal certificate folder of both CAA servers, there is nothing in either. I'm admittedly weak on certificates. Can someone provide some insight? Paul --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist
RE: Certificate Errors
IF AND ONLY IF the other person didn't remove the association on your ISA server. -Original Message- From: Maglinger, Paul [mailto:pmaglin...@scvl.com] Sent: Thursday, July 19, 2012 7:39 PM To: MS-Exchange Admin Issues Subject: RE: Certificate Errors Thanks Michael! Yes, it shows up there. So I can run Enable-ExchangeCertificate with the old number and it might just fix it? -Original Message- From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: Thursday, July 19, 2012 6:26 PM To: MS-Exchange Admin Issues Subject: RE: Certificate Errors Get-ExchangeCertificate from EMS. Does that thumbprint match? If not, jump on the Windows Sys Admin with hob-nailed boots. -Original Message- From: Maglinger, Paul [mailto:pmaglin...@scvl.com] Sent: Thursday, July 19, 2012 7:00 PM To: MS-Exchange Admin Issues Subject: Certificate Errors Running a mix of Exchange 2003 and Exchange 2010. The Windows Sys Admin published a web-page to the ISA server and now iPhone users that are on the Exchange 2010 and users on the Exchange 2003 at another site aren't getting email. The event log on one of the Exchange 2010 CAA servers has the following: Microsoft Exchange could not load the certificate with thumbprint of ** from the personal store on the local computer. This certificate was configured for authentication with other Exchange servers. Mail flow to other Exchange servers could be affected by this error. If the certificate with this thumbprint still exists in the personal store, run Enable-ExchangeCertificate ***same number as above** -Services SMTP to resolve the issue. If the certificate does not exist in the personal store, restore it from backup by using the Import-ExchangeCertificate cmdlet, or create a new certificate for the FQDN or the server enabled for SMTP by running the following command: New-ExchangeCertificate -DomainName serverfqdn -Services SMTP. Meanwhile, the certificate with thumbprint *different number** is being used. I checked through all the certificates on both CAA servers and can't find a certificate with a matching thumbprint to either number. When checking the personal certificate folder of both CAA servers, there is nothing in either. I'm admittedly weak on certificates. Can someone provide some insight? Paul --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist
RE: Certificate Errors
I hate to ask but can someone point me in the direction to check that? It's running ISA 2006 Standard. -Original Message- From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: Thursday, July 19, 2012 7:21 PM To: MS-Exchange Admin Issues Subject: RE: Certificate Errors IF AND ONLY IF the other person didn't remove the association on your ISA server. -Original Message- From: Maglinger, Paul [mailto:pmaglin...@scvl.com] Sent: Thursday, July 19, 2012 7:39 PM To: MS-Exchange Admin Issues Subject: RE: Certificate Errors Thanks Michael! Yes, it shows up there. So I can run Enable-ExchangeCertificate with the old number and it might just fix it? -Original Message- From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: Thursday, July 19, 2012 6:26 PM To: MS-Exchange Admin Issues Subject: RE: Certificate Errors Get-ExchangeCertificate from EMS. Does that thumbprint match? If not, jump on the Windows Sys Admin with hob-nailed boots. -Original Message- From: Maglinger, Paul [mailto:pmaglin...@scvl.com] Sent: Thursday, July 19, 2012 7:00 PM To: MS-Exchange Admin Issues Subject: Certificate Errors Running a mix of Exchange 2003 and Exchange 2010. The Windows Sys Admin published a web-page to the ISA server and now iPhone users that are on the Exchange 2010 and users on the Exchange 2003 at another site aren't getting email. The event log on one of the Exchange 2010 CAA servers has the following: Microsoft Exchange could not load the certificate with thumbprint of ** from the personal store on the local computer. This certificate was configured for authentication with other Exchange servers. Mail flow to other Exchange servers could be affected by this error. If the certificate with this thumbprint still exists in the personal store, run Enable-ExchangeCertificate ***same number as above** -Services SMTP to resolve the issue. If the certificate does not exist in the personal store, restore it from backup by using the Import-ExchangeCertificate cmdlet, or create a new certificate for the FQDN or the server enabled for SMTP by running the following command: New-ExchangeCertificate -DomainName serverfqdn -Services SMTP. Meanwhile, the certificate with thumbprint *different number** is being used. I checked through all the certificates on both CAA servers and can't find a certificate with a matching thumbprint to either number. When checking the personal certificate folder of both CAA servers, there is nothing in either. I'm admittedly weak on certificates. Can someone provide some insight? Paul --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist
RE: Certificate Errors
I'm in the ISA server, looking at the Firewall Policy. I've opened the properties of each, gone to the Authentication Delegation tab, and clicked Test Rule. Each policy passes completely except one, which is for our Autodiscover. All the rules pass for that except for rpc and unified messaging on port 443. We aren't running Microsoft UM, so the last part doesn't surprise me, but is the rpc part of the UM as well and probably why it's failing? -Original Message- From: Maglinger, Paul [mailto:pmaglin...@scvl.com] Sent: Thursday, July 19, 2012 7:31 PM To: MS-Exchange Admin Issues Subject: RE: Certificate Errors I hate to ask but can someone point me in the direction to check that? It's running ISA 2006 Standard. -Original Message- From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: Thursday, July 19, 2012 7:21 PM To: MS-Exchange Admin Issues Subject: RE: Certificate Errors IF AND ONLY IF the other person didn't remove the association on your ISA server. -Original Message- From: Maglinger, Paul [mailto:pmaglin...@scvl.com] Sent: Thursday, July 19, 2012 7:39 PM To: MS-Exchange Admin Issues Subject: RE: Certificate Errors Thanks Michael! Yes, it shows up there. So I can run Enable-ExchangeCertificate with the old number and it might just fix it? -Original Message- From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: Thursday, July 19, 2012 6:26 PM To: MS-Exchange Admin Issues Subject: RE: Certificate Errors Get-ExchangeCertificate from EMS. Does that thumbprint match? If not, jump on the Windows Sys Admin with hob-nailed boots. -Original Message- From: Maglinger, Paul [mailto:pmaglin...@scvl.com] Sent: Thursday, July 19, 2012 7:00 PM To: MS-Exchange Admin Issues Subject: Certificate Errors Running a mix of Exchange 2003 and Exchange 2010. The Windows Sys Admin published a web-page to the ISA server and now iPhone users that are on the Exchange 2010 and users on the Exchange 2003 at another site aren't getting email. The event log on one of the Exchange 2010 CAA servers has the following: Microsoft Exchange could not load the certificate with thumbprint of ** from the personal store on the local computer. This certificate was configured for authentication with other Exchange servers. Mail flow to other Exchange servers could be affected by this error. If the certificate with this thumbprint still exists in the personal store, run Enable-ExchangeCertificate ***same number as above** -Services SMTP to resolve the issue. If the certificate does not exist in the personal store, restore it from backup by using the Import-ExchangeCertificate cmdlet, or create a new certificate for the FQDN or the server enabled for SMTP by running the following command: New-ExchangeCertificate -DomainName serverfqdn -Services SMTP. Meanwhile, the certificate with thumbprint *different number** is being used. I checked through all the certificates on both CAA servers and can't find a certificate with a matching thumbprint to either number. When checking the personal certificate folder of both CAA servers, there is nothing in either. I'm admittedly weak on certificates. Can someone provide some insight? Paul --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist
