Exchange 2010 health-checks with encryption and ntlm auth
Hi everybody,
I will be forced to implement extended health-ckecks for Exchange 2010 CAS Servers. So the cisco design guide does not help
Exchange2010 CAS Service needs ntlm auth for many services by default. http://technet.microsoft.com/en-us/library/bb331973.aspx
Now with SP1 also for pop3 and imap4. I have not found any option to use ntlm by default.
The next problem is encryption.
Health-checks with encryption are not integrated in cisco ace 4710 by default.
As an alternative to try a scripted health-check with tcl script is an option but needs more investigation and is timeconsuming.
I watched for other vendors solution, they use e.g. external imported shell scripts with curl (curl -s --ntlm -k -X POST ...) to do a health-check with ntlm. That would be fine at the moment to beat the requirement of extendet health-checks.
But maybe it is only ntlm verion 1, I do not know what happens if it comes to ntlm version 2.
Kerberos authentication is a much bigger problem, but at the moment not a requirement.
Does anybody has some hints or also a tcl script for exchange health-checks ?
Best Regards
Alois
Hi everybody,
I will be forced to implement extended health-ckecks for Exchange 2010 CAS Servers. So the cisco design guide does not help
Exchange2010 CAS Service needs ntlm auth for many services by default. http://technet.microsoft.com/en-us/library/bb331973.aspx
Now with SP1 also for pop3 and imap4. I have not found any option to use ntlm by default.
The next problem is encryption.
Health-checks with encryption are not integrated in cisco ace 4710 by default.
As an alternative to try a scripted health-check with tcl script is an option but needs more investigation and is timeconsuming.
I watched for other vendors solution, they use e.g. external imported shell scripts with curl (curl -s --ntlm -k -X POST ...) to do a health-check with ntlm. That would be fine at the moment to beat the requirement of extendet health-checks.
But maybe it is only ntlm verion 1, I do not know what happens if it comes to ntlm version 2.
Kerberos authentication is a much bigger problem, but at the moment not a requirement.
Does anybody has some hints or also a tcl script for exchange health-checks ?
Best Regards
Alois
Similar Messages
-
Dear all,
if the exchanger 2010 run DAG (two servers). How to mak the health check very day and health check report will be sent by email .
thank you
johnHi
Maybe you can run exbpa everyday and export it share folder.
You can read this blog.
How to Schedule an Exchange BPA Scan in Exchange Server 2010
If you want to send email, you have to write script for it.
Terence Yu
TechNet Community Support -
ISA 2006 publish Exchange 2010 Outlook Anywhere with KCD/NTLM and IPSEC - Problem
Hi
I have setup ISA 2006 to publish Exchange 2010 Outlook Anywhere with Kerberos Constrained Delegation and IPSEC.
The clients have an IPSEC policy pushed to them via GPO. The clients are windows 7 laptops and the ISA server is server 2003, so the IPSEC connection is IKE not AuthIP.
However, it seems that the connection will work for a while, then all of a sudden stop working with zero trace of why. I cant get the Oakley log to work and I cant see any traffic on the ISA.
I am wondering if I need to publish the CRL's externally? Currently we don't, and the Outlook Anywhere uses private certificates (as the whole point of IPSEC is to validate the internal certificate, there is no point in using
public certificates).
I have tried using the StrongCRLCheck=0 registry key in the IPsec Policy Agent on the windows 7 machine but it doesn't seem to make a difference.
Any advice would be appreciated.
StevenHi,
Firstly, have you received any related error messages in ISA server or on the clients' side? Besides, as you mentioned IPsec, did you have a VPN connection?
In addition,
While ISA 2006 only includes a Client Access Web Publishing Wizard for both Exchange 2003 and Exchange 2007. Which Exchange version you have chosen when publishing Exchange 2010?
Please also make sure that you have selected the
External interface for the web listener to listen on.
Besides, the link below would be helpful to you:
OWA publishing using Kerberos Constrained Delegation
method for authentication delegation
Best regards,
Susie -
Powershell script for Exchange Server 2010 health check
People,
Can anyone here please share the Powershell to check the Exchange Server health and functionality after patching and Service Pack update?
I need to test multiple servers in my AD environment.
Thanks
/* Server Support Specialist */Hi,
In Exchange 2010, you can use the Test-ServiceHealth cmdlet to test whether all the Microsoft Windows services that Exchange requires on a server have started.
A related article about this command.
https://technet.microsoft.com/en-us/library/aa998852(v=exchg.150).aspx
You can also use the EXBPA tool to do Exchange server health check. You can look at the blog below.
http://blogs.msdn.com/b/douggowans/archive/2007/06/06/run-your-own-exchange-server-health-check-the-tools.aspx
Hope this is helpful to you.
Best regards,
If you have feedback for TechNet Subscriber Support, contact
[email protected]
Belinda Ma
TechNet Community Support -
ISA 2006 publish Exchange 2010 Outlook Anywhere with Kerberos Constrained Delegation
Hi,
I have two Exchange 2010 Sp1 CAS with Windows Network Loadbalancing. I set up an alternate Serviceaccount and mapped the http,ExchangeMDB,PRF and ExchangeAB SPNs.
Then i published the Exchange Services via ISA 2006. OWA is working using Internet -> via NTLM -> ISA(webmail.domain.com) -> via KCD -> CAS-Array(ex2010.domain.com)
I tried the same with Outlook Anywhere (RPC over HTTP) without success.
Authentication to the ISA via NTLM works fine, but i think the isa server cannot delegate the Credentials successfully to the CAS-Server.
The ISA Log looks like:
Allowed Connection ISA 24.11.2011 15:50:40
Log type: Web Proxy (Reverse)
Status: 403 Forbidden
Rule: Exchange 2010 RPC
Source: Internal (172.16.251.33)
Destination: (172.18.10.182:443)
Request: RPC_OUT_DATA
http://webmail.domain.com/rpc/rpcproxy.dll?ex2010.domain.com:6001
Filter information: Req ID: 108b89d8; Compression: client=No, server=No, compress rate=0% decompress rate=0%
Protocol: https
So i always get a 403 Forbidden from the CAS.
I the IIS logfile from the cas server i see this entry:
2011-11-24 15:51:37 172.18.10.182 RPC_OUT_DATA /rpc/rpcproxy.dll ex2010.domain.com:6001 443 - <ISA IP> MSRPC 401 1 2148074254 203
I use the same Listener for OWA and Outlook Anywhere. Authentication Methods are Basic and Integrated. I forward the request to a webfarm which exists of the two physical CAS. Internal Site Name is set to the NLB name ex2010.domain.com, SPN is set to http/ex2010.domain.com
Thanks for your supportHi, i ran into the same Problem.
the steps above solved mine too (Creating a custom AppPool which runs under LocalSystem).
I wonder why they included only the Script: convertoabtovdir.ps1
http://social.technet.microsoft.com/Forums/en-US/Forefrontedgegeneral/thread/dc24ccd3-378a-47cc-bbbf-48236f8fe5b0
Ist this a supported configuration (changing AppPool of RPC)? -
We have an MPS 200 with J 4.6. We are having issues with encryption and the tech assigned to our TAC case informed us that version J 4.7.2 would resolve the issue per release notes (confirmed). Unfortunately we have been unable to install latest, J 4.7.2. Every time we select the 4000j472.tar.gz file, the MPS displays software upgrade failed. We have used IE 8, 9 and 11 and have opened them up as much as possible, still no joy. We have unzipped the file, but do not know which file to select for the install.
Would appreciate any assist.As the others have suggested - download the file again - and check that the MD5 Checksum (with something like WinMD5) of what you have downloaded matches what it should be (for J4.7.2 is b328946e6ca24f181c937d90d8e5cc12). Then upload the .tar.gz file as downloaded (wihtout extracting it).
Wayne
Please remember to rate responses and to mark your question as answered if appropriate. -
User profile sync Sharepoint 2010 photos thumbnail with AD and Lync 2010 - error on Full Synchronization- get events 8311, 6110, 6803 FIMSynchronization Service
We're trying to set up sync between Sharepoint and AD so photos are displayed in Lync.
The certificate referenced in 8311 is not the sharepoint root cert, its the UCC cert with our FQDN of the site. sharepoint.domain.com
Is this causing the problem with the sync and holding up the photos?
I have tried several proposed fixes, it hasn't helped.
tried this as well:
http://blogs.technet.com/b/praveenh/archive/2011/05/11/event-id-8311-certificate-validation-errors-in-mss-2010.aspx
JoshTry this fix and see if its sync the photos:
http://blogs.technet.com/b/steve_chen/archive/2010/09/20/user-profile-sync-sharepoint-2010.aspx#Profile Picture Property
http://blogs.technet.com/b/steve_chen/archive/2010/09/20/user-profile-sync-sharepoint-2010.aspx#SyncPicAD2SPS
Update-SPProfilePhotoStore -CreateThumbnailsForImportedPhotos 1 -MySiteHostLocation <mySiteHostURL>
Please remember to mark your question as answered &Vote helpful,if this solves/helps your problem. ****************************************************************************************** Thanks -WS MCITP(SharePoint 2010, 2013) Blog: http://wscheema.com/blog -
Problem in using socket streams with encryption and decryption
Hi,
I am developing a client/server program with encryption and decryption at both end. While sending a message from client it should be encrypted and at the receiving end(server) it should be decrypted and vice versa.
But while doing so i got a problem if i use both encryption and decryption at both ends. But If i use only encryption at one (only outputstream) and decryption at other end(only inputstream) there is no problem.
Here is client/server pair of programs in which i am encrypting the outputstream of the socket in client side and decrypting the inputstream of the socket in server side.
serverSocketDemo.java
import java.io.*;
import java.net.*;
import java.security.*;
import java.security.spec.*;
import javax.crypto.*;
import javax.crypto.spec.*;
import java.util.*;
import java.util.zip.*;
class serverSocketDemo
public static void main(String args[])
try
{ //server listening on port 2000
ServerSocket server=new ServerSocket(2000);
while (true)
Socket theConnection=server.accept();
System.out.println("Connecting from local address : "+theConnection.getLocalAddress());
System.out.println("Connection request from : "+theConnection.getInetAddress());
//Input starts from here
Reader in=new InputStreamReader(getNetInStream(theConnection.getInputStream()),"ASCII");
StringBuffer strbuf=new StringBuffer();
int c;
while (true)
c=in.read();
if(c=='\n' || c==-1)
break;
strbuf.append((char)c);
String str=strbuf.toString();
System.out.println("Message from Client : "+str);
in.close();
theConnection.close();
catch(BindException e)
System.out.println("The Port is in use or u have no privilage on this port");
catch(ConnectException e)
System.out.println("Connection is refused at remote host because the host is busy or no process is listening on that port");
catch(IOException e)
System.out.println("Connection disconnected");
catch(Exception e)
public static BufferedInputStream getNetInStream(InputStream in) throws Exception
// register the provider that implements the algorithm
Provider sunJce = new com.sun.crypto.provider.SunJCE( );
Security.addProvider(sunJce);
// create a key
byte[] desKeyDataDec = "This encryption can not be decrypted".getBytes();
DESKeySpec desKeySpecDec = new DESKeySpec(desKeyDataDec);
SecretKeyFactory keyFactoryDec = SecretKeyFactory.getInstance("DES");
SecretKey desKeyDec = keyFactoryDec.generateSecret(desKeySpecDec);
// use Data Encryption Standard
Cipher desDec = Cipher.getInstance("DES");
desDec.init(Cipher.DECRYPT_MODE, desKeyDec);
CipherInputStream cin = new CipherInputStream(in, desDec);
BufferedInputStream bin=new BufferedInputStream(new GZIPInputStream(cin));
return bin;
clientSocketDemo.java
import java.io.*;
import java.net.*;
import java.security.*;
import java.security.spec.*;
import javax.crypto.*;
import javax.crypto.spec.*;
import java.util.*;
import java.util.zip.*;
class clientSocketDemo
public static void main(String args[])
try
Socket theConnection=new Socket("localhost",2000);
System.out.println("Connecting from local address : "+theConnection.getLocalAddress());
System.out.println("Connecting to : "+theConnection.getInetAddress());
//Output starts from here
OutputStream out=getNetOutStream(theConnection.getOutputStream());
out.write("Please Welcome me\n".getBytes());
out.flush();
out.close();
theConnection.close();
catch(BindException e)
System.out.println("The Port is in use or u have no privilage on this port");
catch(ConnectException e)
System.out.println("Connection is refused at remote host because the host is busy or no process is listening on that port");
catch(IOException e)
System.out.println("Connection disconnected");
catch(Exception e)
public static OutputStream getNetOutStream(OutputStream out) throws Exception
// register the provider that implements the algorithm
Provider sunJce = new com.sun.crypto.provider.SunJCE( );
Security.addProvider(sunJce);
// create a key
byte[] desKeyDataEnc = "This encryption can not be decrypted".getBytes();
DESKeySpec desKeySpecEnc = new DESKeySpec(desKeyDataEnc);
SecretKeyFactory keyFactoryEnc = SecretKeyFactory.getInstance("DES");
SecretKey desKeyEnc = keyFactoryEnc.generateSecret(desKeySpecEnc);
// use Data Encryption Standard
Cipher desEnc = Cipher.getInstance("DES");
desEnc.init(Cipher.ENCRYPT_MODE, desKeyEnc);
CipherOutputStream cout = new CipherOutputStream(out, desEnc);
OutputStream outstream=new BufferedOutputStream(new GZIPOutputStream(cout));
return outstream;
Here is client/server pair in which i use both encrypting outpustream and decrypting inputstream at both ends.
serverSocketDemo.java
import java.io.*;
import java.net.*;
import java.security.*;
import java.security.spec.*;
import javax.crypto.*;
import javax.crypto.spec.*;
import java.util.*;
import java.util.zip.*;
class serverSocketDemo
private Cipher desEnc,desDec;
serverSocketDemo()
try
// register the provider that implements the algorithm
Provider sunJce = new com.sun.crypto.provider.SunJCE( );
Security.addProvider(sunJce);
// create a key
byte[] desKeyData = "This encryption can not be decrypted".getBytes();
DESKeySpec desKeySpec = new DESKeySpec(desKeyData);
SecretKeyFactory keyFactory = SecretKeyFactory.getInstance("DES");
SecretKey desKey = keyFactory.generateSecret(desKeySpec);
desEnc = Cipher.getInstance("DES");
desEnc.init(Cipher.ENCRYPT_MODE, desKey);
desDec = Cipher.getInstance("DES");
desDec.init(Cipher.DECRYPT_MODE, desKey);
catch (javax.crypto.NoSuchPaddingException e)
System.out.println(e);
catch (java.security.NoSuchAlgorithmException e)
System.out.println(e);
catch (java.security.InvalidKeyException e)
System.out.println(e);
catch(Exception e)
System.out.println(e);
startProcess();
public void startProcess()
try
ServerSocket server=new ServerSocket(2000);
while (true)
final Socket theConnection=server.accept();
System.out.println("Connecting from local address : "+theConnection.getLocalAddress());
System.out.println("Connection request from : "+theConnection.getInetAddress());
Thread input=new Thread()
public void run()
try
//Input starts from here
Reader in=new InputStreamReader(new BufferedInputStream(new CipherInputStream(theConnection.getInputStream(), desDec)),"ASCII");
StringBuffer strbuf=new StringBuffer();
int c;
while (true)
c=in.read();
if(c=='\n'|| c==-1)
break;
strbuf.append((char)c);
String str=strbuf.toString();
System.out.println("Message from Client : "+str);
catch(Exception e)
System.out.println("Error caught inside input Thread : "+e);
input.start();
Thread output=new Thread()
public void run()
try
//Output starts from here
OutputStream out=new BufferedOutputStream(new CipherOutputStream(theConnection.getOutputStream(), desEnc));
System.out.println("it will not be printed");
out.write("You are Welcome\n".getBytes());
out.flush();
catch(Exception e)
System.out.println("Error caught inside output Thread : "+e);
output.start();
try
output.join();
input.join();
catch(Exception e)
theConnection.close();
catch(BindException e)
System.out.println("The Port is in use or u have no privilage on this port");
catch(ConnectException e)
System.out.println("Connection is refused at remote host because the host is busy or no process is listening on that port");
catch(IOException e)
System.out.println("Connection disconnected");
catch(Exception e)
public static void main(String args[])
serverSocketDemo server=new serverSocketDemo();
clientSocketDemo.java
import java.io.*;
import java.net.*;
import java.security.*;
import java.security.spec.*;
import javax.crypto.*;
import javax.crypto.spec.*;
import java.util.*;
import java.util.zip.*;
class clientSocketDemo
private Cipher desEnc,desDec;
clientSocketDemo()
try
// register the provider that implements the algorithm
Provider sunJce = new com.sun.crypto.provider.SunJCE( );
Security.addProvider(sunJce);
// create a key
byte[] desKeyData = "This encryption can not be decrypted".getBytes();
DESKeySpec desKeySpec = new DESKeySpec(desKeyData);
SecretKeyFactory keyFactory = SecretKeyFactory.getInstance("DES");
SecretKey desKey = keyFactory.generateSecret(desKeySpec);
desEnc = Cipher.getInstance("DES");
desDec = Cipher.getInstance("DES");
desEnc.init(Cipher.ENCRYPT_MODE, desKey);
desDec.init(Cipher.DECRYPT_MODE, desKey);
catch (javax.crypto.NoSuchPaddingException e)
System.out.println(e);
catch (java.security.NoSuchAlgorithmException e)
System.out.println(e);
catch (java.security.InvalidKeyException e)
System.out.println(e);
catch(Exception e)
System.out.println(e);
startProcess();
public void startProcess()
try
final Socket theConnection=new Socket("localhost",2000);
System.out.println("Connecting from local address : "+theConnection.getLocalAddress());
System.out.println("Connecting to : "+theConnection.getInetAddress());
Thread output=new Thread()
public void run()
try
//Output starts from here
OutputStream out=new BufferedOutputStream(new CipherOutputStream(theConnection.getOutputStream(), desEnc));
out.write("Please Welcome me\n".getBytes());
out.flush();
catch(Exception e)
System.out.println("Error caught inside output thread : "+e);
output.start();
Thread input=new Thread()
public void run()
try
//Input starts from here
Reader in=new InputStreamReader(new BufferedInputStream(new CipherInputStream(theConnection.getInputStream(), desDec)),"ASCII");
System.out.println("it will not be printed");
StringBuffer strbuf=new StringBuffer();
int c;
while (true)
c=in.read();
if(c=='\n' || c==-1)
break;
strbuf.append((char)c);
String str=strbuf.toString();
System.out.println("Message from Server : "+str);
catch(Exception e)
System.out.println("Error caught inside input Thread : "+e);
input.start();
try
output.join();
input.join();
catch(Exception e)
theConnection.close();
catch(BindException e)
System.out.println("The Port is in use or u have no privilage on this port");
catch(ConnectException e)
System.out.println("Connection is refused at remote host because the host is busy or no process is listening on that port");
catch(IOException e)
System.out.println("Connection disconnected");
catch(Exception e)
public static void main(String args[])
clientSocketDemo client=new clientSocketDemo();
**** I know that the CInput tries to read some header stuff thats why i used two threads for input and output.
Waiting for the reply.
Thank you.Do not ever post your code unless requested to. It is very annoying.
Try testing what key is being used. Just to test this out, build a copy of your program and loop the input and outputs together. Have them print the data stream onto the screen or a text file. Compare the 1st Output and the 2nd Output and the 1st Input with the 2nd Input and then do a static test of the chipher with sample data (same data which was outputted), then do another cipher test with the ciphertext created by the first test.
Everything should match - if it does not then follow the steps below.
Case 1: IO Loops do not match
Case 2: IO Loops match, but ciphertext 1st run does not match loop
Case 3: IO Loops match, 1st ciphertext 1st run matches, but 2nd run does not
Case 4: IO Loops match, both chiphertext runs do not match anything
Case 5: Ciphertext runs do not match eachother when decrypted correctly (outside of the test program)
Problems associated with the cases above:
Case 1: Private Key is changing on either side (likely the sender - output channel)
Case 2: Public Key is changing on either side (likely the sender - output channel)
Case 3: Private Key changed on receiver - input channel
Case 4: PKI failure, causing private key and public key mismatch only after a good combination was used
Case 5: Same as Case 4 -
Active Directory domain migration with Exchange 2010, System Center 2012 R2 and File Servers
Greeting dear colleagues!
I got a task to migrate existing Active Directory domain to a new froest and a brand new domain.
I have a single domain with Forest/Domain level 2003 and two DC (2008 R2 and 2012 R2). My domain contains Exchange 2010 Organization, some System Center components (SCCM, SCOM, SCSM) and File Servers with mapped "My Documents" user folders. Domain
has about 1500 users/computers.
How do u think, is it realy possible to migrate such a domain to a new one with minimum downtime and user interruption? Maybe someone has already done something like that before? Please, write that here, i promise that i won't ask for instruction from you,
maybe only some small questions :)
Now I'm studying ADMT manual for sure.
Thanks in advance,
Dmitriy Titov
С уважением, Дмитрий ТитовHi Dmitriy,
I got a task to migrate existing Active Directory domain to a new froest and a brand new domain.
How do u think, is it realy possible to migrate such a domain to a new one with minimum downtime and user interruption?
As far as I know, during inter-forest migration, user and group objects are cloned rather than migrated, which means they can still access resources in the source forest, they can even access resources after the migration is completed. You can ask users
to switch domain as soon as the new domain is ready.
Therefore, there shouldn’t be a huge downtime/interruption.
More information for you:
ADMT Guide: Migrating and Restructuring Active Directory Domains
https://technet.microsoft.com/en-us/library/cc974332(v=ws.10).aspx
Best Regards,
Amy
Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
[email protected] -
DPM 2007/2010 Health Check Tools
Hi there,
I've had a look through the existing forum threads, but am unable to find an answer to my query.
I am looking to find a range of DPM health check tools, or Powershell Scripts, that would help me perform a Health Check on a 2007 environment, with a view to an eventual upgrade path to 2010/2012
I am hoping to avoid analysing each event ID and every backup operation in order to make a report to management.
Many thanks in advance
RoryHi,
This is the only DPM Health Check script available. Here is the link:
https://gallery.technet.microsoft.com/DPM-Health-Check-9628e68f
My Blog | www.buchatech.com | www.systemcenterportal.com
If you found this post helpful, please give it a "Helpful" vote. If it answered your question, remember to mark it as an "Answer". This posting is provided "AS IS" with no warranties and confers no rights! Always test ANY suggestion
in a test environment before implementing! -
Exchange 2010 Required Communication (Firewall Ports and Protocols)
Forgive me if this question has been asked before, but a search did not give me much on my scenario.
We currently have one Forest with multiple Domains and Child Domains. We have two departments that have Exchange 2010 running and control their own individual users and mailboxes inside their Domains. These two Exchange servers communicate with each other
just fine.
We now have a department (another domain) that needs control of their own Exchange 2010 server, but here is the catch. They are behind a Firewall. My question is, what Ports and Protocols do I need opened for the Exchange server behind the Firewall to properly
communicate to the two other Exchange servers knowing that the Exchange Environment is a Forest wide activity.
At this point in time, we cannot get Exchange installed as the prereq check fails with an error that we need to prep the AD schema for Exchange, but we know this has been done since we have to other servers in the Forest.
Perhaps we need ports not only opened to the two other exchange servers, but also the Forest Root controller?
Any help is appreciated.Exchange needs to be able to fully access all other Exchange servers, Active Directory Domain Controllers, and Active Directory Global Catalogs. Additionally, if I remember correctly, there was a blog from the Exchange team a couple of years ago that said
Exchange wasn't supported with firewalls between the various Exchange servers in the environment.
I will ask one question - why aren't you centralizing your Exchange management and servers, and granting rights to these groups for their mailbox management (based on an Organizational Unit that their accounts are in, and granted at the Active Directory
level)? You would no longer have this issue each time another group decides they want to host their own Exchange system. -
Outlook 2013/ Exchange 2010 User Mailbox reached Limit and OWA is not reachable
Hello Folks,I have a strange Outlook/ Exchange problem with one of our Users, interestingly it’s the Boss of our company….The Background:- We have 2 Domains @company-1 or @company-2- We have 1 Exchange 2010 Server Version 14.03.0224.002- Till March of this year our Emails where hosted externally, we used to download the Emails every 2 minutes from POP3 Mailboxes into Exchange- We have 18 Users- So every User had a User account on our Exchange and a Mailbox externally- Now we host our Emails our self via MX and DNS Records(mail.company.cc)- The User kept their Exchange accounts, OWA is now working too So far all works well on my little Server farm.The Catch:Usually our users have only one Email address either @company-1 or @company-2 Except our Boss and one other User, they have an Email address in both Domains They have addresses one...
This topic first appeared in the Spiceworks CommunityHi,
I suggest to repair .ost file to check this issue by the following steps:
Exit Outlook.
In Control Panel, click or double-click Mail.
In the Mail Setup dialog box, click E-mail Accounts.
Click the Data Files tab, select the Exchange account, and then click
Open File Location. A file explorer window opens to the location of the data file for the Exchange account. The
Account Settings and Mail Setup dialog boxes will remain open, behind the file explorer window.
Close the Account Settings and the Mail Setup dialog boxes, then return to the file explorer window.
Important: be sure to close these two dialog boxes before you delete the file. If they aren't closed, Windows may display an error message about a conflict.
In the file explorer window, right-click the Exchange data file and then click
Delete. The next time you start Outlook, a new .ost file is created for the account.
Best Regards.
Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected]
Lynn-Li
TechNet Community Support -
Exchange 2010 SP3 OWA with certificate based authentication
Hi,
I have a bizarre problem in my customer’s environment. Maybe someone has an idea.
Exchange 2010 with SP3, latest cumulative Update installed.
The problem I’m having is that when I enable Certificate based authentication (require client certificate option in IIS) on OWA and ECP virtual directories in conjunction with forms based authentication (this is the requirement – the user
must have a client certificate and type in username and password to log in to OWA), the result is that after the user selects the certificate he wants to use, he is logged into OWA automatically, but cannot use the website, because it’s being constantly automatically
refreshed (or redirected to itself or something like that). The behavior occurs with all users, with any browser. If client certificate is on required, forms based authentication works just fine. If I switch to “Basic Authentication” and enable client certificate
requirement, then OWA act’s as it should be – so no problems. The problem only occurs when authentication type is forms based and client certificates are required.
I have tried the exact same settings (as far as I can tell) on one other production server and one test server, and encountered no such problems.
Anyone – any ideas?Hi McWax,
According to your description and test, I understand that all accounts cannot login OWA when select require client certificate.
Is there any error message when open OWA or login? For example, return error ”HTTP error: 403 - Forbidden”. Please post relative error for further troubleshooting.
I want to confirm which authentication methods are used for OWA, Integrated Windows authentication or Digest authentication? More details about it, for your reference:
http://technet.microsoft.com/en-us/library/bb430796(v=exchg.141).aspx
If you select another authentication method, please check whether Client Certificate Mapping Authentication services is installed, and also enabled in IIS, please refer to:
http://www.iis.net/configreference/system.webserver/security/authentication/clientcertificatemappingauthentication
To prevent firewall factor, please try to sign in OWA at CAS server. Besides, I find a FAQ about certificate:
http://technet.microsoft.com/en-us/library/aa998424(v=exchg.80).aspx
Best Regards,
Allen Wang -
Prepare Exchange 2010 Test Environment with Hyper V
Hi
We are preparing a test environment to check the migration from Exchange 2010 to 2013 and to get familiarized with 2013. Created the VMs of existing Domain Controllers using D2V tool, looking for suggestion on how to prepare the Exchange 2010 servers
( 2 X MB servers in 1 DAG and 2 X Hub/CAS servers in WNLB) in VM environment - either by creating VMs of existing physical servers using D2V without DB storage LUNs (Dial tone DBs) or prepare the Exchange 2010 servers from DCs created in test lab.
Thanks in advanceThere's got to be a question in here somewhere. How about a guide to setting up Exchange 2010 that you can then use for a test environment:
http://technet.microsoft.com/en-us/library/ff709381(v=EXCHG.141).aspx
Now, if you are asking how to configure your test environment to mimic production, you should probably get directory exports of your users, groups, and contacts (rather than trying to remove a production domain controller to use as the initial domain controller
in your test environment), since it allows you to connect between the two environments without jumping through huge numbers of hoops - it also allows you to send email between them, which can be useful when testing external connectors. -
Internal outlook client connectivity in exchange 2010 when coexist with exchange 2013
Hi all ,
on my side i would like to clarify few queries.
Say for instance i am coexisting exchange 2010 with exchange 2013 .Unfortunately if all of my exchange 2013 servers goes down .
Q1 .On that time will the internal outlook users having their mailboxes on exchange 2010 can be able to connect mailboxes without any issues ? In case if they face any issues what kind of issues will they be? Because why i am asking is we should have pointed
the autodiscover service to exchange 2013 during coexistence.
When an user closes and reopens the outlook after whole exchange 2013 environment failure ,outlook will first query the autodiscover service for the profile changes to get it updated on users outlook profile.In such case autodiscover service will not be
reachable and i wanted to know will that affects the internal client connectivity for outlook users having their mailboxes on exchange 2010.
Q2. Apart from outlook internal users connectivity ,what kind of exchange services(i.e owa,active sync,pop,external OA and imap) will get affected when whole exchange 2013 environment goes down during coexistence ?
I have read the below mentioned statement on this awesome blog but still i wanted to clarify with you all on my scenario.
http://blogs.technet.com/b/exchange/archive/2014/03/12/client-connectivity-in-an-exchange-2013-coexistence-environment.aspx<o:p></o:p>
Internal Outlook Connectivity
For internal Outlook clients using RPC/TCP connectivity whose mailboxes exist on Exchange 2010, they will still connect to the Exchange 2010 RPC Client Access array endpoint.
For internal Outlook clients using RPC/TCP connectivity whose mailboxes exist on Exchange 2007, they will still connect directly to the Exchange 2007 Mailbox server instance hosting the mailbox.
Please share me your suggestions and that would help me a lot .
Regards
S.NithyanandhamHi Winnie Liang ,
Thanks a lot for your reply.
Scenario 1 : for internal outlook connectivity
We have below settings for exchange 2010 autodiscover.
mail.domain.com - will be the namespace for internal autodiscover URI for all the exchange 2010 cas serves
We are going to have below settings for exchange 2013 autodiscover.
mail.domain.com - will be the namespace for internal autodiscover URI for all the exchange 2013 cas serves
During coexistence mail.domain.com will be pointed to exchange 2013 cas servers . I mean to say if we try to resolve the mail.domain.com it will get resolved in to the exchange 2013 cas servers.
So on such case if anything happened wrong to the new environment or else if entire environment goes down .Do we face any issues while outlook users connect to existing mailboxes in exchange 2010 ?
Because why i am asking is ,on the below mentioned article i have read all the autodiscover request will go via exchange 2013 cas servers during coexistence.That means all the existing mailboxes in exchange 2010 will also have to query exchange 2013 cas
servers for autodiscover request.During the whole exchange 2013 environemnt failure whenever the user tries to close and open outlook .Outlook will first queries the autodiscover service for any changes happened on that particular mailbox and it will try to
get it updated on user profile.
http://blogs.technet.com/b/exchange/archive/2014/03/12/client-connectivity-in-an-exchange-2013-coexistence-environment.aspx
Would it be possible to make the exchange 2010 mailbox users to query only the scp points which belongs to the exchange 2010 cas servers for autodiscover request ?
Scenario 2: For exchange services
mail.domain.com - will be the namespace for all the exchange 2010 services (i.e owa,activesync,external outlook anywhere,pop,imap)
mail.domain.com - will be the namespace for all the exchange 2013 services (i.e owa,activesync,external outlook anywhere,pop,imap)
What about the above services will it get affected during whole exchange 2013 environment failure ?
Note : We are not facing this issue , i hope everything goes well in my environment while doing coexistence i am just asking this question on my own interest?
Regards
S.Nithyanandham
Thanks S.Nithyanandham
Maybe you are looking for
-
Using songs with Windows Movie Maker
How do you use purchased songs in Windows Movie Maker? Please help.
-
I'm trying to update my Iphone....
But right when it gets almost of the finnishing point, it times out and says it is unable to update the iphone 4...can someone please help me with this...
-
Java.lang.SecurityException: Authentication for user null denied in realm
Hello, We have the following exceptionj on WLS 6.1 SP3 on Win2K: javax.naming.AuthenticationException. Root exception is java.lang.SecurityException: Authentication for user null denied in realm weblogic at weblogic.security.acl.Realm.authenticate(Re
-
Photoshop CS6 Extended Trial - Can't see layers...?
My comp (Background, Layers... anything on the image) appears only when dragging its Window, then disappears again when dropped. Rescaling the Window leaves afterimages of the window's boarder, too. I've installed twice. Please advise.
-
every time i have an update this will promt out, but the update still cary one sucesslly. do i need to do some thing with it our still ignore it? or do what it says? How to? The system extension "/System/Library/Extensions/WkClassicNotSeizeDriver.kex