MsExchange Blog Spot Telnet25

August 31, 2009

Cannot remove the domain ‘yourDomain.local’ because it is referenced by the proxy address template ‘SMTP:@yourDomain.local’.

Filed under: 1 — telnet25 @ 12:55 am

You just installed Exchange into your domain environment and your domain DNS name space is  yourDomain.local. When you full users properties you have noticed the e-mail addresses for the users fallows as

image

Now your company SMTP name space is  Telnet25.org and you would like to stamp all users with this Proxy Address instead of .local

Task:

go to organization configuration, and click Hub Transport Server on the right pane under accepted domain you will see the current SMTP name space for accepted domain, and this is the ProxyName Exchange will stamp users with as soon as you crated mail enabled users.

in the same place make a right click and select “new accepted domain”

image

I will type my own domain which is “Telnet25.org” change this as you wish, click new and finish

image

Now under accepted domain we have Telnet25.org , and if we do want to get rid of first one by making right click and remove you will see you have no remove option because it is set to be default, so we will make the second one default by clicking on it and selecting it to be the default

image

Now lets make right click and remove it , the one we wish to get rid of

image

here is what we got

image

Now click on E-mail address policies, click on default policy

right click edit, two times next , under e-mail addresses, click edit

image

You can double click on the @smtp25.local part and simply change this to PoxyAddress policy you wish to use

image

image

fallow the wizard and finish.

image

Go back to accepted domains and remove it

image

If you pull your users you will see the new ProxyAddress is the default

image

oz Casey Dedeal,

MVP (Exchange)
MCITP (EMA), MCITP (SA)
MCSE 2003, M+, S+, MCDST
Security+, Project +, Server +

Http://smtp25.blogspot.com (Blog)

Http://telnet25.spaces.live.com (Blog)

Http://telnet25.worldpress.com (Blog)

August 25, 2009

Exchange Server 2007 Service Pack 2

Filed under: 1 — telnet25 @ 2:05 pm

Here is Exchange 2007 SP2 and the link to download, click hereimage

.image

Here is the link for release notesimage

Please remember the upgrade path is going to be as fallows

  • Client Access servers
  • Unified Messaging servers
  • Hub Transport servers
  • Edge Transport servers
  • Mailbox servers

     

    for most of you will be  CHM (-: . also in the release notes

    • We recommend that you upgrade Client Access servers that reside in Internet-facing sites before you upgrade Client Access servers that reside in sites without Internet connectivity.
    • Upgrade from command line
    • Setup.com /mode:upgrade (Accept all default options when you perform the steps from the command line)

    oz Casey Dedeal,

    MVP (Exchange)
    MCITP (EMA), MCITP (SA)
    MCSE 2003, M+, S+, MCDST
    Security+, Project +, Server +

    Http://smtp25.blogspot.com (Blog)

    Http://telnet25.spaces.live.com (Blog)

    Http://telnet25.worldpress.com (Blog)

  • August 24, 2009

    Error Code: 500 Internal Server Error. The received,certificate has expired.

    Filed under: 1 — telnet25 @ 12:34 am

    Okay you just figured out the SSL Certificate installed on CAS server is expired and now OWA is no longer accessible for your users. If you have no clue about how certificates work in general keep reading this is going to be good guideline for you.

    Issue: SLL Certificate is expired and it was not renewed within allowed time

    Impact: OWA is not accessible, RPC,HTTPS and other services relay on SSL Cert are also not working.

    Task:

    1.Create CRS IIS7 ( ……….click on the arrow……….)

    image

    2. Request Certificate from CA ( in this example VeriSign), you normally get an e-mail from them asking you to download your certificate…. fallow the steps

    3. Create Intermediate CR

    4. Create CA with extension    WebmailTelnet25.P7b

    5. Install Intermediate.cer  to , ordinal machine ( CAS server) you have created CRS (…IMPORTANT….)

    6. Import process involves, Click start open run,MMC add certificated snap in, select Local Machine

    SSL Certificate Installation in Microsoft IIS 7

    image

    7. Use Complete Certificate Request in IIS 7 to import the certificate back into  CAS server

    8. Export the imported Cert (-: , you need this to import back to your second CAS if you have it or to your ISA server or servers format is .PFX

    9. Import certificate into Exchange EMS

    Import-ExchangeCertificate -Path C:\newcert.p7b | Enable-ExchangeCertificate -Services "SMTP, IMAP, POP, IIS"

    10. verify the Cer

    Get-ExchangeCertificate

    11. Import Certificate into ISA same, MMC

    Local computer

    Personal——-> certificates —-> here

    Intermediate certification Authorities—>Certificated—here

    12. make sure the ISA CAS web publishing rules happy with new cert

    13. Reboot ISA Servers

    • If using ISA 2004 or ISA 2006, you need to reboot your servers. It has been reported that ISA services won’t send the intermediate certificate until after a reboot.

    oz Casey Dedeal,

    MVP (Exchange)
    MCITP (EMA), MCITP (SA)
    MCSE 2003, M+, S+, MCDST
    Security+, Project +, Server +

    Http://smtp25.blogspot.com (Blog)

    Http://telnet25.spaces.live.com (Blog)

    Http://telnet25.worldpress.com (Blog)

    August 23, 2009

    ASNI BAD TAG VALUE CERTENROLL CX509

    Filed under: 1 — telnet25 @ 8:40 pm

    Problem:

    After creating CSR you get errors when you try to import the certificate to your CAS servers.

    Possible Cause

    When CSR is created one of the information is use is not correct maybe CN is nor correctly used

    webmail.telnet25.org etc (transfer.telnet25.org)

    Create CSR 

    CN = transfer.telnet25.org

    O = Telnet25 Corporation
    OU = CIO
    L = Washington
    S = District of Columbia
    C = US

     

     

    image

     

    Prepare new CSR with correct information and request another certificate from certificate authority and import that back to CAS servers, use below links as guidelines….

    SSL Certificates CSR Creation

    IIS 7 SSL Certificate Installation

    How to Import and Export your SSL Certificate in IIS 7

    oz Casey Dedeal,

    MVP (Exchange)
    MCITP (EMA), MCITP (SA)
    MCSE 2003, M+, S+, MCDST
    Security+, Project +, Server +

    Http://smtp25.blogspot.com (Blog)

    Http://telnet25.spaces.live.com (Blog)

    Http://telnet25.worldpress.com (Blog)

    Error Code: 500 Internal Server Error. The received certificate has expired. (-2146893016)

    Filed under: 1 — telnet25 @ 1:53 pm

    The SSL Certificate is expired on the ISA servers for OWA, and web publishing rule on ISA contains a certificate which is expired

    image

    Steps to remedy the situation. You will need below information here is my information I used for my CSR

    • CN = transfer.telnet25.org
    • O = Telnet25 Corporation
    • OU = CIO
    • L = Washington
    • S = District of Columbia
    • C = US

     in general here is the info

    • Common Name – The name through which the certificate will be accessed (usually the fully-qualified domain name, e.g., http://www.domain.com or mail.domain.com, webmail.domain.com).
    • Organization – The legally registered name of your organization/company.
    • Organizational unit – The name of your department within the organization (frequently this entry will be listed as "IT," "Web Security," or is simply left blank).
    • City/locality – The city in which your organization is located.
    • State/province – The state in which your organization is located.
    • Country/region

    CAS Servers with IIS 7

    • Click start go to run type Inetmgr
    • Click Start, then Administrative Tools, then Internet Information Services (IIS) Manager.

    • Click on the server name.

    • From the center menu, double-click the "Server Certificates” image

     

     

     

     

     

     

     

     

    • Next, from the "Actions" menu (on the right), click on "Create Certificate Request." This will open the Request Certificate wizard

    image

    • Fill out the required fields with your company information & Requirements

    image

    • Click Next

    In the "Cryptographic Service Provider Properties" window, leave both settings at their defaults (Microsoft RSA SChannel and 2048) and then click next

    • Enter a filename for your CSR file.

    image

    Close all windows go to directory you have saved the CSR, you will need this to create the certificate and you will need to fallow further instructions from whomever you getting the certificate from

    image

    IF you are not the person who is taking care of this simply e-mail this file to that person

    oz Casey Dedeal,

    MVP (Exchange)
    MCITP (EMA), MCITP (SA)
    MCSE 2003, M+, S+, MCDST
    Security+, Project +, Server +

    Http://smtp25.blogspot.com (Blog)

    Http://telnet25.spaces.live.com (Blog)

    Http://telnet25.worldpress.com (Blog)

    August 20, 2009

    Exchange 2007 installed on Domain Controller

    Filed under: 1 — telnet25 @ 2:55 am

    This is the first time I saw Exchange 2007 installed on Domain controller ( Not SBS) standard windows 2008 Server DC/GC/DNS , Exchange 2007 Server , Antivirus and SQL servers.

    When body of mine needed help and asked me to take a look at the exchange server for companyX in DC, I was willingly to help and took me over 2 days to fix it (-:

    This recent experience made me think, and decided to share the experience with you guys. As always I get pretty upset when I see Exchange is installed on a Domain controller, lets think for a sec and forget about SBS (-:

    Domain controllers are already busy they authenticate users and deal with other services and also they deal with their distributed database called .DIT database.

    Now when its comes to deploy domain controller , we always recommend fallowing best practices fro the RAID Level simply for redundancy and performance related concerns the most, and hence we say go with RAID 1+0 for OS and RAID 1+0 for Database and keep it mind the best practice is to keep .DIT and SysVOL together and place logs and .DIT on other spindals when it is all possible.

    Now as you see DC is pretty busy already and do not install anything else except , other Domain controller functions & Roles if it is required or desired, such as DHCP, DNS, etc.

    Remember best practice is to use AD Integrated DNS since DNS is part of .DIT database, and do not allow none secure updates. In  AD Multi Master Replication Model the DNS information will be replicating via replication with help & function of KCC.

    Installing another application such as Exchange on the existing DC is always big NO, and I will tell you why in a second.

    Now the network I helped to fired made me horrified, the Exchange was installed on the domain controller +, GC,DNS,DHCP, and on top of all these all FSMO roles were loaded on this server.

    Seeing Exchange binaries on C drive ( 12 GIG) while other drive has 100 GIG is big NO (-:

    Beside it is bad practice simply it is stupid to do to be honest. Now running DCpromo out and making it failed is another mistake in production this isn’t a LAB network.

    As far as I recall anyone who has some decent experience with AD and Exchange will tell you , build another server move mailboxes , decommission exchange meaning uninstall it and deal with the DC afterwards and DO NOT try to run DCPROMO (-:

    You want more here it comes,

    What happens when you have 4 DC ( windows 2003) and one of the DC wont talk to others over 60 days? Talking meaning KCC for what ever reason is not working and DC4 is not talking to other DC’s over 60 Days.

     

    image

    image

     

    Well if you are the network guy and you have not woken up since 2007 (-:, I would say

    you are not doing your job properly or don’t know what you are doing.

    Okay I think there are enough reasons why Exchange would not work properly, so how we deal with this situation? How do we make DC4 talk back to rest of the domain controllers?

    The answer is going to be Metadata Clean up and it it is necessary promote the Death DC back as healthy domain controllers.

    Part two I will explain why you need DCPROMO /ForceRemoval and NTDSUTIL & Metadata Cleanup

    oz Casey Dedeal,

    MVP (Exchange)
    MCITP (EMA), MCITP (SA)
    MCSE 2003, M+, S+, MCDST
    Security+, Project +, Server +

    Http://smtp25.blogspot.com (Blog)

    Https://telnet25.spaces.live.com (Blog)

    Https://telnet25.worldpress.com (Blog)

    August 17, 2009

    Remove OWA Directories in Exchange 07 for re-creating them

    Filed under: General (1) — telnet25 @ 2:33 pm

    Whatever reason you have, you needed up wanting to reset the OWA directories and re-create them back here is the KB and PS commands to achieve this goal.

    image

    To see the directories

    KB 941201

    Get-OwaVirtualDirectory

     

    Remove-owavirtualdirectory "exchange (default web site)"

    Remove-owavirtualdirectory "public (default web site)"

    Remove-owavirtualdirectory "exchweb (default web site)"

    Remove-owavirtualdirectory "owa (default web site)"

     

    Re-Create them fallow below

    New-owavirtualdirectory "exchange" -owaversion exchange2003or2000 -virtualdirectorytype mailboxes -websitename "default web site"

    New-owavirtualdirectory "public" -owaversion exchange2003or2000 -virtualdirectorytype publicfolders -websitename "default web site"

    New-owavirtualdirectory "exchweb" -owaversion exchange2003or2000 -virtualdirectorytype exchweb -websitename "default web site"

    New-owavirtualdirectory -name "owa" -owaversion exchange2007 -websitename "default web site"

    After deleting directories , reinstalling CAS Role will result all the directories to be created.

    IF IIS Needs to be removed entirely here is the KB for it kb/320202

    Remove IIS

    • In Control Panel, double-click Add or Remove Programs.
    • Click Add/Remove Windows Components.
    • Click Application Server, and then click Details.
    • Click Internet Information Services (IIS), and then click Details.
    • Click to clear the check boxes for all subcomponents except Common Files, click OK two times, and then click Next.
    • Follow the instructions to complete the process.

     

    Remove the Client Access Server role
    • In Control Panel, double-click Add or Remove Programs.
    • Click Microsoft Exchange Server 2007, and then click Remove.
    • Follow the instructions in the Exchange Server 2007 Setup Wizard. On the Server Role Selection page, click to clear the Client Access Role check box, and then clickNext.
      Note Do not click to clear the Management Tools check box on this page.
    • Follow the remaining steps in the Exchange Server 2007 Setup Wizard to remove the Client Access Server role

    Here is command line to uninstall it

    • Click Start, click Run, type cmd, and then click OK.
    • Use the cd command to change to the following directory:

      drive:\Program Files\Microsoft\Exchange Server\bin

    • Type the following command, and then press ENTER:

      exsetup.exe /mode:uninstall /roles:ca

    Here is command line to install it

    • Click Start, click Run, type cmd, and then click OK.
    • Use the cd command to change to the following directory:

      drive:\Program Files\Microsoft\Exchange Server\bin

    • Type the following command, and then press ENTER:

      exsetup.exe /mode:install /roles:ca

    oz Casey Dedeal,

    MVP (Exchange)
    MCITP (EMA), MCITP (SA)
    MCSE 2003, M+, S+, MCDST
    Security+, Project +, Server +

    Http://smtp25.blogspot.com (Blog)

    Https://telnet25.spaces.live.com (Blog)

    Https://telnet25.worldpress.com (Blog)

    The DSProxy dll is required but cannot be loaded, error ‘c00700c

    Filed under: General (1) — telnet25 @ 3:40 am

    This issue made me spend over 14 hours and I don’t even want to begin to tell everyone how much I hate to see, exchange is installed on the domain controller (-:

    The SA and the Information store insist not to comeup )-: Hirrrrrr everything else all other services were up and running, make sure the DSProxy.dll is there and register is pointing to right path as explain below KB.

    When Path is correct re-start the SA and information store

    KB218464

    HKLM\SOFTWARE\Microsoft\Exchange\Setup registry,key has the correct path of the DSProxy.dll file

    • Start Registry Editor.
    • Locate the following registry key: HKLM\SOFTWARE\Microsoft\Exchange\Setup and double-click the Services registry entry in the results pane.
    • Make sure that the Value data contains the following value: C:\Program Files\Microsoft\Exchange Server.
      Note   If you installed this Exchange server in a different location, make sure that the Value data contains that location.

     

    Event Type:     Error
    Event Source:   MSExchangeSA
    Event Category: General
    Event ID:       2059
    Date:           8/16/2009
    Time:           10:55:10 PM
    User:           N/A
    Computer:       EXCHANGE
    Description:
    The DSProxy dll is required but cannot be loaded, error ‘c00700cb’.
    For more information, see Help and Support Center at
    http://go.microsoft.com/fwlink/events.asp.

     

    image

    image

    oz Casey Dedeal,

    MVP (Exchange)
    MCITP (EMA), MCITP (SA)
    MCSE 2003, M+, S+, MCDST
    Security+, Project +, Server +

    Http://smtp25.blogspot.com (Blog)

    Https://telnet25.spaces.live.com (Blog)

    Https://telnet25.worldpress.com (Blog)

    The Rubric Theme. Blog at WordPress.com.

    Follow

    Get every new post delivered to your Inbox.

    Join 34 other followers