MsExchange Blog Spot Telnet25

January 23, 2012

Export the IP Relay List on SMTP Virtual server Exchange 2010

Filed under: General — telnet25 @ 8:15 pm

Everything seems to be much easy and less afford in PowerShell compared to all days. most of the information is needed can be gathered with simple PS instead of using complicated scripts here is how we would accomplish getting IP Addresses list on our relay list Exchange 2010.

We will use  Get-ReceiveConnector cmdlet.

Get-ReceiveConnector | Select-Object -Property ‘Identity’,’RemoteIPRanges’ |FL

You can plug this into PowerGUI or run it from EMS as shown below




Working with PowerGUI will teach you real fast how to use PowerShell , here is the video to get you started.

Oz Casey, Dedeal ( MVP north America)
MCSE 2003, M+, S+, MCDST
Security+, Project +, Server + (Blog) (Blog)


January 12, 2012

Customizing EMS for Exchange 2010

Filed under: General — telnet25 @ 5:49 pm

If you have not customize the EMS in your environment for your profile you may want to make quick adjustments as below to make the EMS work more efficient for yourself. if you have the PS profile the notepad will open it for you as shown below.


if you do not have it, you can do quick test

Test-Path $profile


If you do not have it you get it “false”


and to create one

New-Item -path $profile -type file –force

This will force to create folder called “PowerShell” under my documents directory


Now short and sweat modifying profile PS1 is typing below PS

notepad.exe $PROFILE


Okay you can copy and paste the information below…

And below I have created folder called on my C drive Admin and subfolder Script and told my profile to connect there anytime it starts. The rest you can play with and adjust based on your preferences.

$Shell = $Host.UI.RawUI
$Shell.WindowTitle=”E15 PowerWay”
$size = $Shell.WindowSize
$Shell.WindowSize = $size
Set-Location C:\admin\Scripts

Now have configured your PS profile based on your needs and ready to play with some of simple scripts which will help you administration of your environment..



Oz Casey, Dedeal ( MVP north America)
MCSE 2003, M+, S+, MCDST
Security+, Project +, Server + (Blog) (Blog)

January 5, 2012


Filed under: General — telnet25 @ 9:35 pm


How does round robin work with Exchange 2010 CAS Array deployment was a question I come a cross and wanted to clarify few things.


Now Lets say you have 4 CAS servers names

Lets say you set your CAS Array and modified RPCClientAccessServer attribute to be and all your databases tagged with same attribute.

Now each time your MAPI client want to connect to their respected mailboxes, they will want to locate this name , which is, then your workstation will do DNS query to configured DNS servers on its TCP/IP properties and will ask , hey get me the IP address for, I want to connect to my mailbox, the DNS server will go to its database and see there are 4 host records for and will provide you the first one first now you get the IP address for which is CAS01 and CAS01 will let you connect to you your respected database and you start seeing your mails within outlook.

Now imagine 3 other users will do same and each time they go to DNS DNS will perform round robin and hand out IP address for in fair order. So at the end of the day if you have 100 MAPI users your CAS load will be something like this


Now all you have done is, to leverage the CAS load , if any of your servers goes down let’s see what happens ?

If CAS01 goes down , now 75 Users will get ***(Disconnected)*** , You opened DNS console in your DC and delete the A record Server IP, until the Client DNS catch expires, the client will keep trying to establish connection to its cached DNS information thus outlook continue to go bananas.

Even if you lower the DNS TTL record for


You can do the math if this is a good configuration or not, or you could purchase HLB and point to HLB ( Hardware load balancer) IP and let HLB to handle the MAPI load and deal with situations like above without making your clients get disconnected. You can look it up on the net to see what HLB solutions available, some of them are very reasonable to be honest.


Oz Casey, Dedeal ( MVP north America)
MCSE 2003, M+, S+, MCDST
Security+, Project +, Server + (Blog) (Blog)

January 2, 2012

The Autodiscover service, How it is being configured & The name of the security certificate is invalid or does not match the name of the site…

Filed under: General — telnet25 @ 3:33 am

I recently run into issue where AutodiscoverVirtualDirectory internalUrl was set to specific URL in a good fate by trying to configure & troubleshoot Autodiscover service.

Everything you need to know is here in this white paper……..

Now not to be confused the , if you run below cmdlet you will see the default is empty and there is no need to mess with these URL’s as they do not apply , configuring Autodiscover Service.

Get-AutodiscoverVirtualDirectory | fl *url*


For whatever reason you have if you want to fill these in this is what you would do

  • Set-AutodiscoverVirtualDirectory  -InternalUrl
  • Note just change the –InternalURL to –ExternalUrl to set the external one.
Set-AutodiscoverVirtualDirectory -Identity ‘autodiscover (default Web site)’ -internalUrl ‘’

Okay what ever reason you did have and set these and did understand these are not the correct URL , here how you can set them back to normal $Null

Set-AutodiscoverVirtualDirectory -Identity ‘autodiscover (default Web site)’ -internalUrl ($null)

*Note change the –IntenalUrl to –ExternalUrl


What you want to configure is this one

Get-ClientAccessServer |fl identity,autodiscoverserviceinternaluri

* Note as you can see the second server mail2 is showing up on the availability services URL which will cause problems if the certificate installed on the CAS server wont have this common name. Some people does not want to expose internal names to outside by publishing within the Certificate some people wont care. IMO this does not create any security risk at all but many places I worked with use common name in the certificate. This is why ( Split DNS scenarios) you  would set two A record in DNS and point to each CAS server ( assuming you have two) so that you would not see certificate name mismatch error.


Okay now hot to set the Autodiscover Service, I recommend reading the white paper first and getting good understanding how it works.

In a very common scenario this would be sample configuration……

  • You are running in split DNS model ( split DNS means , your internal name space matches your external name space) in my Lab I do have split DNS and my internal name space is my external DNS name space is also
  • You do have valid certificate , in this certificate you do have your common name, in my example I used, and this is included into your certificate.
  • You have installed the certificate correctly on your CAS server or servers
  • You Set CAS array and did configure DNS to perform round robin , you most likely configured something like this
  • You read and understood how SCP works


Okay here are the samples showing how to configure the basic

Modify the Autodiscover URL in the Service Connection Point

Set-ClientAccessServer -Identity CAS01 -AutodiscoverServiceInternalUri

*Note make sure fallowing is configured based on your scenario


Modify the InternalUrl attribute of the EWS
Set-WebServicesVirtualDirectory -Identity "CAS01\EWS (Default Web Site)" –InternalUrl


Modify the InternalUrl attribute for Web-based Offline Address Book distribution
Set-OABVirtualDirectory -Identity "CAS01\oab (Default Web Site)" -InternalUrl

Oz Casey, Dedeal
( MVP north America)
MCSE 2003, M+, S+, MCDST
Security+, Project +, Server + (Blog ) (Blog) (Blog)

Blog at