Exchange 2010 .Disable external access for Autodiscovery and RPC

Similar Messages

• Monitoring Exchange 2010 from external network

  I would like to monitoring the following services pf Exchange 2010 from external network / internet
  1) SMTP (To confirm the mail has been accepted for delivery)
  2) ActiveSynch (Mobile device can login and synch different folders)
  3) WebApp (Users can log and access mail)
  I have created a script using test-Mailflow, test-activesynchconnectivity and Test-WebServicesConnectivity and running it on server from LAN. I want to monitor the above 3 areas from Internet(external network) to make sure these services are available
  from Internet.
  We have Barracuda as SMTP gateway, TMG for WebApp and MobileIron for ActiveSynch.
  Will i be able to monitor these services from external network(internet) using test commands. What are the alternate ways to monitor the above services from external network.
  Thanks

  We are trying to build exactly similar to ExRCA. ExRCA is good but it is manual. We would like to build something similar to ExRCA which can monitor exchange services periodically and send alerts.

• Exchange 2010 disconnect AD user from mailbox and reconnect the mailbox to a new copy of the same user with a different username

  How can i get the following done:
  Exchange 2010 disconnect AD user from mailbox and reconnect the mailbox to a new copy of the same user with a different username?
  i nmust do this for 16 users TODAY, SO PLEASE HELP ME OUT HERE.
  Thanks in advance!!
  kind regards,
  Rene Veldman
  System Administrator Teidem bv, The Netherlands.

  Rene,
  Why are you not changing the username of the existing account, instead of deleting the existing one and creating a new one?
  If you truly need to delete and create new, you can save the GUID for the mailbox (Get-MailboxStatistics <mailbox alias> | Fl MailboxGuid), mail disable the existing account (Disable-Mailbox <mailbox alias>
  will work), clean the mailbox database it was hosted on (Clean-MailboxDatabase
  <database name>), then create your new account and recover the existing mailbox to that new account (Connect-Mailbox -Identity <Guid from before> -Database <Database name> -User <SAM account name of new account> -Alias
  <what you wish to set the alias to>).  In PowerShell, for all steps, you would do the following:
  $MbxAlias = <mailbox alias>
  $NewMbxAcct = <SAM Account Name for new account>
  $NewMbxAlias = <new alias for mailbox>
  $DomCtrl = (dir env:\LOGONSERVER).Value.Substring(2)
  $MbxGuid = (Get-MailboxStatistics $MbxAlias -DomainController $DomCtrl).MailboxGuid
  $MbxDb = (Get-Mailbox $MbxAlias -DomainController $DomCtrl).Database
  Disable-Mailbox $MbxAlias
  Clean-MailboxDatabase $MbxDb
  Connect-Mailbox -Identity $MbxGuid -Database $MbxDb -User $NewMbxAcct -Alias $NewMbxAlias -DomainController $DomCtrl
  You will need to supply the information in bold in the above commands, and you will need to create the new account before you run the above commands.  I include direct use of a specific domain controller so you won't need to worry about replication. 
  If you are changing the account from one domain to another, this will not help, and you will need to wait for replication throughout the process, running the commands individually.

• I want to partition an external device for OSX and Windows.  Opened Disk utility but Partition is not an option

  I want to partition an external drive for OSX and PC.  Went to Disk Utility but Partition is not an available option.

  Why not? does the partition tab not exist?

• My Hard Disk setting has been changed into no access for everyone and i can't open my mac. please tell me how can i login as an admin to change the setting cause i have a lot of date in my hard drive.

  My Hard Disk setting has been changed into no access for everyone and i can't open my mac. please tell me how can i login as an admin to change the setting cause i have a lot of date in my hard drive.

  Read and follow Apple Support Communities contributor Niel's User Tip: kmosx: I accidentally set a disk's permissions to No Access

• How do you disable remote access for mac routers

  how do you disable remote access for mac routers

  Hi, I'd never buy an Apple router again, but see if reverse thinking works here....
  https://discussions.apple.com/thread/3926392?tstart=0

• How do I configure my application to provide access for mobile and web brow

  Hi everyone.
  I have one application and I need to provide access for mobiles and desktop browsers, and I don't know how do I configure my application to do this.
  Let me explain:
  In my jDeveloper I have One application and 3 projects:
  -Mobile (here is my mobile application)
  -Model (here is my model)
  -ViewController (here is my Web Browser application)
  In Mobile I have
  JavaEE Web Application name: mobile-Mobile-webapp
  JavaEE Web Context Root: mobile
  ViewController I have
  JavaEE Web Application name: mobile-ViewController-webapp
  JavaEE Web Context Root: myapplication
  When I run some page of ViewController I have this URL "http://localhost:7101/myapplication/index.jspx".
  When I run some page of ViewController I have this URL "http://localhost:7101/mobile/index.jspx".
  My problem is that, I want to have Just one landing URL like that "http://localhost:7101/myapplication/index.jspx" and when I get this URL by Desktop Browser my ViewController is showed, and when i get by Mobile the Mobile project is showed.
  Someone knows how do it?
  Thanks....

  Yes, I can, thanks for response.
  But, don't have some configuration in Oracle for this? I've been thinking do this with java or JavaScript, but I was looking something more beautiful for this.
  Java or JavaScript is the only way?

• [svn] 713: Merging recent sample eclipse project changes for framework and rpc flex library projects to the trunk

  Revision: 713
  Author: [email protected]
  Date: 2008-03-03 10:19:09 -0800 (Mon, 03 Mar 2008)
  Log Message:
  Merging recent sample eclipse project changes for framework and rpc flex library projects to the trunk
  QA: No
  Doc: No
  Bugs: N/A
  Modified Paths:
  flex/sdk/trunk/development/eclipse/flex/framework/.actionScriptProperties
  flex/sdk/trunk/development/eclipse/flex/framework/.flexLibProperties
  flex/sdk/trunk/development/eclipse/flex/rpc/.actionScriptProperties

  Thats good news.

• Use Same URL for Internal and External Access for CRM 2015 IFD

  I have setup a CRM2015 server for IFD access.
  ADFS and CRM are on separate servers.
  CRM server all roles
  ADFS 2.0 server.
  Using the internal URL I am able to access CRM without entering my details (as expected)
  Using the external URL I am authenticated by ADFS as expected and can sign in.
  We have an internal domain domain.local
  We have an external domain domain.com (the certificate is for *.domain.com)
  We have a DNS zone created internally for domain.com.
  CRM URLs
  internal : internalcrm.domain.com
  External : externalcrm.domain.com
  I would like all users to use the same link regardless of them being internal or external, but I would like so that any user who is on the domain is automatically logged in without entering their username and
  password. What is the best way to do this?
  I have tried creating a cname record on the internal domain.com zone pointing externalcrm.domain.com to internalcrm.domain.com but that didn't work, I still get the ADFS sign in page.
  Thanks

  So fair warning, what you're asking for isn't really a supported deployment method of CRM.
  That said, you should be able to do some DNS trickery internal to your network that points your "crm.domain.com" to "crm.domain.local" and then hopefully CRM will treat the connection as if it came from an internal network.
  Otherwise, you're likely going to have to accept that everyone gets the ADFS login page internal and external to your network.
  The postings on this site are solely my own and do not represent or constitute Hitachi Solutions' positions, views, strategies or opinions.

• How do i transfer itunesto a 2tb external hard drive and still have daily access for sync and apple tv?

  my I tunes i taking up ver half my space on my older macbook.  I have started using an external hard drive for photos and stuff but woudl love to free up more space.  I cant perform sertian updates as they are available.  Cant add more movies and tv shows so would love to know if and how this is possible to do, while still being able to access it for sync with 2 iphones, ipod and ipad and use with apple tv.
  Any assitance would be great.
  thanks

  Thanks I will try this and let ya know how it turns out.  Once it is moved via steps you listed do I need to delete it all off my Mac or does this move it completely?
  Thanks again

• SAN certificate for external access for edge server and reverse proxy

  Hello
  I have a question related to the certificate planning for LYNC 2013 EDGE SERVER .
  For external access and mobile user's , Iwant to enable all the feature for external user's .
  im planning to purchase san certificate ,
  my first question do I need only one SAN for both my edge server and the reverse proxy ?
  my second question about the name's that shoud be added to the certificate ?
  sip.mydomain.com
  av.mydomain.com
  webconf.mydomain.com
  what else I should add ? I want to add the names for all feature access.
  Kind Regards
  MK

  Your Front End Pool should only contain front end servers, does it also contain your edge and back end? If so, this is a misconfiguration.
  If you're planning to implement high availability, you'll want a different internal web services FQDN name than your pool name (unless you load balance the entire pool with a hardware load balancer).
  You'll want your external web services FQDN to be different from your pool name if you want to use the mobile client on the internal network.  Once you've come up with a new and otherwise unused FQDN for this purpose, you'll want that as additional
  SAN on your cert.
  Since you're not using this for the internal certificate, you can also pull admin.mydomain.com and LYNC2013-FE.mydomain.com off of the cert as those are needed internally only. 
  Lyncdiscoverinternal you can leave on if you need your internal mobile clients to not throw certificate errors because they don't trust your internal certificate authority, but this name would then need to be pointed to a reverse proxy or something that
  can present the third party certificate.
  Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question please click "Mark As Answer".
  SWC Unified Communications
  This forum post is based upon my personal experience and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

• Exchange 2010 Migration - Decommissioning Multi Role Server and Splitting Roles to 2 new servers - Certificate Query

  Hi,
  I have been tasked with decommissioning our single Multi Role Server (CAS/HT/MB) and assigning the roles to 2 new servers. 1 server will be dedicated to CAS and the other new server will be dedicated to HT & MB roles.
  I think I'm OK with the moving of HT and MB roles from our current server to the new HT/MB server by following "Ed Crowley's Method for Moving Exchange Servers", my focus is on the migration of the CAS role from the current to the new server as
  this one has the potential to kill our mail flow if I don't move the role correctly.
  The actual introduction of the new CAS server is fairly straight forward but the moving of the certificate is where I need some clarification.
  Our current multi role server has a 3rd Party Certificate with the following information:
  Subject: OWA.DOMAIN.COM.AU
  SANs: internalservername.domain.local
            autodiscover.domain.com.au
  The issue here is the SAN entry "internalservername.domain.local" which will need to be removed in order for the certificate to be used on the new CAS server, firstly because the CAS server has a different name and secondly the internal FQDN will
  no longer be allowed to be used from 2015 onwards. So I will need to revoke this certificate and issue a new certificate with our vendor who is Thawte.
  This presents me with an opportunity to simplify our certificate and make changes to the URLs using a new certificate name, so I have proposed the following:
  New Certificate:
  Subject: mail.domain.com.au
  SANs: autodiscover.domain.com.au
            OWA.DOMAIN.COM.AU
  I would then configure the URLs using PowerShell:
  Set-ClientAccessServer -Identity NEWCASNAME-AutodiscoverServiceInternalUrl https://mail.domain.com.au/autodiscover/autodiscover.xml
  Set-WebServicesVirtualDirectory -Identity " NEWCASNAME\EWS (Default Web Site)" -InternalUrl https://mail.domain.com.au/ews/exchange.asmx
  Set-OABVirtualDirectory -Identity " NEWCASNAME\oab (Default Web Site)" -InternalUrl https://mail.domain.com.au/oab
  Set-OWAVirtualDirectory -Identity " NEWCASNAME\owa (Default Web Site)" -InternalUrl https://mail.domain.com.au/owa
  I would also then set up split DNS on our internal DNS server creating a new zone called "mail.domain.com.au" and add an host A record with the internal IP address of the new CAS server.
  Now I know I haven't asked a question yet and the only real question I have is to ask if this line of thinking and my theory is correct.
  Have I missed anything or is there anything I should be wary of that has the potential to blow up in my face?
  Thanks guys, I really appreciate any insights and input you have on this.

  Hi Ed,
  Thanks for your reply, it all makes perfect sense I guess I was being optimistic by shutting down the old server and then resubscribing the edge and testing with mailboxes on the new mailbox server.
  I will make sure to move all of the mailboxes over before removing the old server via "Add/Remove Programs". Will I have to move the arbitration mailboxes on the old server across to the new mailbox server? Will having the arbitration mailboxes
  on the old server stop me from completely removing exchange?
  Also, the InternalURL & ExternalURL properties are as follows:
  Autodiscover:
  New CAS - InternalURL: https://svwwmxcas01.pharmacare.local/Autodiscover/Autodiscover.xml
  Old CAS - InternalURL: https://svwwmx001.pharmacare.local/autodiscover/autodiscover.xml
  WebServices:
  New CAS - InternalURL: https://svwwmxcas01.pharmacare.local/EWS/Exchange.asmx
  New CAS - ExternalURL: https://owa.pharmacare.com.au/EWS/Exchange.asmx
  Old CAS - InternalURL: https://svwwmx001.pharmacare.local/ews/exchange.asmx
  Old CAS - ExternalURL: https://owa.pharmacare.com.au/EWS/Exchange.asmx
  OAB:
  New CAS - InternalURL: http://svwwmxcas01.pharmacare.local/OAB
  New CAS - ExternalURL: https://owa.pharmacare.com.au/OAB
  Old CAS - InternalURL: https://svwwmx001.pharmacare.local/oab
  Old CAS - ExternalURL: https://owa.pharmacare.com.au/OAB
  OWA:
  New CAS - InternalURL: https://svwwmxcas01.pharmacare.local/owa
  New CAS - ExternalURL: https://owa.pharmacare.com.au/
  Old CAS - InternalURL: https://svwwmx001.pharmacare.local/owa
  Old CAS - ExternalURL: https://owa.pharmacare.com.au/
  ECP:
  New CAS - InternalURL: https://svwwmxcas01.pharmacare.local/ecp
  New CAS - ExternalURL: https://owa.pharmacare.com.au/ecp
  Old CAS - InternalURL: https://svwwmx001.pharmacare.local/ecp
  Old CAS - ExternalURL: https://owa.pharmacare.com.au/ecp
  Our Public Certificate has the following details:
  Name: OWA.PHARMACARE.COM.AU
  SAN/s: autodiscover.pharmacare.com.au, svwwmx001.pharmacare.local
  From your previous communications you mentioned that this certificate would not need to change, it could be exported from the old server and imported to the new which I have done. With the InternalURL & ExternalURL information that you see here can you
  please confirm that your original recommendation of keeping our public certificate and importing it into the new CAS is correct? Will we forever get the certificate warning on all of our Outlook clients when we cut over from the old to the new until we get
  a new certificate with the SAN of "svwwmx001.pharmacare.local" removed?
  Also, I am toying with the idea of implementing a CAS Array as I thought that implementing the CAS Array would resolve some of the issues I was having on Saturday. I have followed the steps from this website, http://exchangeserverpro.com/how-to-install-an-exchange-server-2010-client-access-server-array/,
  and I have got all the way to the step of creating the CAS array in the Exchange Powershell but I have not completed this step for fear of breaking connectivity to all of my Outlook Clients. By following all of the preceeding steps I have created a Windows
  NLB with dedicated NICs on both the old CAS and the new CAS servers (with separate IP addresses on each NIC and a new internal IP address for the dedicated CAS array) and given it the name of "casarray.pharmacare.local" as per the instructions on
  the website, the questions I have on adding the CAS array are:
  1. Do you recommend adding the CAS array using this configuration?
  2. Will this break Outlook connectivity alltogether?
  3. Will I have to generate a new Public Certificate with an external FQDN of "casarray.pharmacare.com.au" pointing back to a public IP or is it not required?
  4. If this configuration is correct, and I add the CAS Array as configured, when the time comes to remove the old server is it just as simple as removing the NLB member in the array and everything works smoothly?
  So, with all of the information at hand my steps for complete and successful migration would be as follows:
  1. Move all mailboxes from old server to new server;
  2. Move arbitration mailboxes if required;
  3. Implement CAS Array and ensure that all Outlook clients connect successfully;
  4. Remove old server;
  5. Shut down old server;
  6. Re-subscribe Edge from new Hub Transport server;
  7. Test internal & external comms;
  We also have internal DNS entries that would need changing:
  1. We have split DNS with a FLZ of "owa.pharmacare.com.au" that has a Host A record going to the old server, this would need changing from "svwwmx001.pharmacare.local" to "svwwmxcas01.pharmacare.local";
  2. The _autodiscover entry that sits under _TCP currently has the IP address of the old server, this would need to be changed to the IP address of the new CAS;
  3. The CNAME that sits in our FLZ for "pharmacare.local" would need to be changed from "svwwmx001.pharmacare.local" to "svwwmxcas01.pharmacare.local".
  4. Or rather than using the FQDN of the server where applicable in the DNS changes would I be using the FQDN of the CAS Array instead? Please confirm.
  Would you agree that the migration path and DNS change plan is correct?
  Sorry for the long post, I just need to make sure that everything goes right and I don't have egg on my face. I appreciate your help and input.
  Thanks again.
  Regards,
  Jamie

• ISA 2006 publish Exchange 2010 Outlook Anywhere with KCD/NTLM and IPSEC - Problem

  Hi
  I have setup ISA 2006 to publish Exchange 2010 Outlook Anywhere with Kerberos Constrained Delegation and IPSEC.
  The clients have an IPSEC policy pushed to them via GPO.  The clients are windows 7 laptops and the ISA server is server 2003, so the IPSEC connection is IKE not AuthIP.
  However, it seems that the connection will work for a while, then all of a sudden stop working with zero trace of why.  I cant get the Oakley log to work and I cant see any traffic on the ISA.
  I am wondering if I need to publish the CRL's externally?  Currently we don't, and the Outlook Anywhere uses private certificates (as the whole point of IPSEC is to validate the internal certificate, there is no point in using
  public certificates).
  I have tried using the StrongCRLCheck=0 registry key in the IPsec Policy Agent on the windows 7 machine but it doesn't seem to make a difference.
  Any advice would be appreciated.
  Steven

  Hi,
  Firstly, have you received any related error messages in ISA server or on the clients' side? Besides, as you mentioned IPsec, did you have a VPN connection?
  In addition,
  While ISA 2006 only includes a Client Access Web Publishing Wizard for both Exchange 2003 and Exchange 2007. Which Exchange version you have chosen when publishing Exchange 2010?
  Please also make sure that you have selected the
  External interface for the web listener to listen on.
  Besides, the link below would be helpful to you:
  OWA publishing using Kerberos Constrained Delegation
  method for authentication delegation
  Best regards,
  Susie

• Exchange 2010 Initialization failed Access is denied

  Hi
  I try to run EMC but cannot run due for this error message appear
  Initialization fail
  The following error occurred while searching for the on-premises Exchange server:
  [server.pc.local] Connecting to remote server failed with the following error message : Access is denied. For more information, see the about_Remote_Troubleshooting  Help Topic. It was running the command 'Discover-ExchangeServer -UseWIA $true -SuppressError
  $true -CurrentVersion 'Version 14.1 (Build 218.15)".
  Can anyone help me out on this Im new to Exchange 2010 and this is my first installation and come up with this error.

  Hi
  Access denied error. is your account a full admin in exchange? Can you right click the EMC and run as administrator?
  did you do a reboot after your installation?
  Hope this helps. Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

• How to use an external drive for windows and mac

  I recently got an external hard drive (2 TB seagate expansion) and I need to be able to use it with both my mac and my windows computer. I have read numerous forums and tried downloading various third party programs but nothing seems to work! One of the things i have read was to create a partition on the drive, this is easy enough and i did try it so i do have one side i can add stuff from from windows and one side i can add stuff to from my mac but then i cant access the other side. So say i need to get a file from my mac to my windows. I add a file to the mac side of the partition from my mac but then when i plug it into windows i cant retrieve that because its on the mac side of the partition (and vis versa). Is there some sort of easy way around this? or some way in which i can format the drive where i can move files back and forth from windows to mac without any expensive third party programs?
  Thanks!
  Bryan
  PS. I did notice when i originally got the hard drive i had a bunch of files on it that were added from windows. When i plugged it into my mac i could see and copy these files but i could not add new files. Is there anyway to get around this "read only" type formate if i were to reset my drive back to its factory settings?

  Three ways to go;
  Repartiton the drive (1 partition) as MBR and with FAT32 file system. This is readable and writable by both Mac and Windows, but has a file size limit (which I think is 4GB).
  The alternative is to leave the drive formatted as NTFS for Windows (this is not normally writeable from Mac) and employ a third-party software application which can write to NTFS. NTFS-3G, Paragons NTFS for Mac and Tuxera NTFS have all been recommended elsewhere.
  Or you can repartition as GUID with HFS+ (Mac OS Extended Journalled) file system. This would not normally be accesible to the Windows machine, but once again there is 3rd-party softwsre available to enable Windows to read and write to it. MacDrive is the only one I'm aware of, but there are probably others.