Exchange 2010 Mail Security TLS with HSBC

Dear all,
  I have setup an all-in-one exchange server without edge server role. However, it is needed to have TLS mail communication setup with HSBC. May I know what exactly configuration do I need? Do I need to implement an edge server with public cert?
  Can I enable TLS without edge server and with self-signed cert?
Thanks a lot
Best Regards,
Elroy

Hi,
it's not possibile to connect on TLS with HSBC without a public CA certificate. Not selfsigned is permitted.
No edge server it's mandatory.
Import certificate on Exchange computer store and set it to use with SMTP service:
Enable-ExchangeCertificate
-Thumbprint CERTTHUMBPRINT -Services SMTP
You need to create a custom send connector, complete domain scope with all HSBC domain and set bridgehead Exchange server. After the send connector creation set the Enforce TLS:
Set-SendConnector CONNECTORNAME -RequireTLS $true
Be careful to default internet receive connector that accept TLS connection.
This is a good site for testing: https://www.checktls.com/
Bye bye.
Raffa!

Similar Messages

  • My macbook air cannot sync with my office microsoft exchange 2010 mail server

    My macbook air cannot sync with my office microsoft exchange 2010 mail server.
    It used to work perfectly, and then I lost connection and was never able to establish one. I re-istalled my e-mail account several times, no success.

    I am sure all of you got your email issues sorted out by now but i was having trouble settings up exchange email on my Iphone 5S, and the problem i found was to go to settings, icloud, then log into icloud with your apple id first (before setting up the exchange email).  Once i logged into my icloud account on my Phone 5S, the exchange server email starting working and synching right away.
    to confirm this worked, i even deleted my email account and deleted my Icloud accounts both from my iphone was able to simulated the same exact problem (exchange server would not sync with my Iphone 5S) until i logged back into my Icloud account on my 5S.
    Again once i logged into Icloud, the exchange server issues went completely away.
    Just wanted to post this so anyone else having the issue could see.

  • SPAM and Exchange 2010 Mail-enabled Public Folders

    Is there a way to determine if mail sent to our Exchange 2010 mail-enabled Public Folders by our customers is ever rejected because it was tagged as spam? The concern is that we might not be receiving some email. We rely on the mail-enabled PF's
    heavily, but since they aren't a mailbox there is no Junk E-mail folder to check. We do not have the resources to check EOP on a regular basis throughout the day, and the customer would not get an NDR or anything like that.
    HDL

    Hi,
    You can consider to use Message Tracking tool under EMC -> Toolbox to track these messages.
    Understanding Message Tracking
    https://technet.microsoft.com/en-us/library/bb124375%28v=exchg.141%29.aspx?f=255&MSPPError=-2147217396
    Search Message Tracking Logs
    https://technet.microsoft.com/en-us/library/bb124926(v=exchg.141).aspx
    Best Regards.
    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected]
    Lynn-Li
    TechNet Community Support

  • Securing publishing exchange 2010 OWA and ActiveSync with WAP 2012

    Hello,
    my client have the following environment:
    Exchange 2010 sp3
    AD 2003
    we want to secure activesync and owa by using reverse proxy. TMG/UAG life ends 2015, then we study WAP 2012 and ADFS 3.0. the difficulties is there is not enough experience feedback, specially for this environnement.
    Is there any incompatibility ?
    do you know good articles and blogs which address this issue ?
    Thanks in advance

    Are any other options available since posting in June 2014?  Specifically for securing ActiveSync connections from smartphones on the Internet.  We are running Exchange 2010 in AD 2008  
    TMG has already transitioned from mainstream to extended support.  Not only is there less support now, to my understanding there is still a licensing cost for this product.  Paying for a product at EOL seems inadvisable.
    Web Access Protocol (WAP) looked like the right choice, but to secure communications from domain users on unknown devices over the Internet requires Exchange 2013 which is "claims aware".  Exchange 2010 is not and what we are left with is
    configuring WAP in pass-thru mode, allowing unauthenticated Internet traffic into our internal network where the Exchange CAS server is. 
    Is there any Microsoft solution to authenticate the user before allowing the user's device to connect to our CAS server on our internal network.

  • Opportunistic TLS between our Exchange 2010 SP3 on Premise (WIth Edge) and Exchange Online Protection.

    Hi,
    We would like to configure Opportunistic TLS between our Exchange 2010 SP3 On Premise Systems (with Edge) and EOP.
    I can see that Opportunist TLS is enabled on both the send and receive connectors in EOP. SO I think no change required here.
    The On premise Send Connector (Configured by EdgeSync) does not have the option for Opportunistic TLS. Under "Configure Smart Host Authentication Settings" it is currently set to "None". I have the option for "Basic Authentication
    over TLS" but this requires a Username and Password. No option for Opportunistic TLS. When I look at the properties of the send connector (get-sendconnector "sendconnector_name" | fl) I
    can see that the IgnoreSTARTTLS parameter is set to FALSE - so I think that means it is enabled. So I think no changes required here- right?
    The receive connector on the Edge Server has the TLS option on the Authentication tab - so I guess I just check that option right?
    The Edge servers also run TMG and the two are integrated. I don't think this changes anything but thought I would include it in case it does.
    Anything I have missed?
    Thanks very much.
    Geoff
    ilmuro69

    Hi,
    We would like to configure Opportunistic TLS between our Exchange 2010 SP3 On Premise Systems (with Edge) and EOP.
    I can see that Opportunist TLS is enabled on both the send and receive connectors in EOP. SO I think no change required here.
    The On premise Send Connector (Configured by EdgeSync) does not have the option for Opportunistic TLS. Under "Configure Smart Host Authentication Settings" it is currently set to "None". I have the option for "Basic Authentication
    over TLS" but this requires a Username and Password. No option for Opportunistic TLS. When I look at the properties of the send connector (get-sendconnector "sendconnector_name" | fl) I
    can see that the IgnoreSTARTTLS parameter is set to FALSE - so I think that means it is enabled. So I think no changes required here- right?
    The receive connector on the Edge Server has the TLS option on the Authentication tab - so I guess I just check that option right?
    The Edge servers also run TMG and the two are integrated. I don't think this changes anything but thought I would include it in case it does.
    Anything I have missed?
    Thanks very much.
    Geoff
    ilmuro69

  • Disable SafeHTML in OWA on Exchange 2010? XML attachment with non-XML extension content gets stripped

    Is it possible to disable SafeHTML in Outlook Web App on Exchange 2010?
    We have users that receive messages with attachments that are generated by a 3rd party.
    They are XML files saved with a XLS extension.
    When opening via Outlook, Excel prompts that the content does not match the content type and asks the user if they want to open the file anyway, when opened the file does contain the data.
    When opening the file via OWA, the contents are stripped out and replaced with the text: This attachment was removed because it contains data that could pose a security risk.
    The problem is that some users exclusively use OWA and they need to be able to open these attachments.
    Thank You.

    Hi,
    You can disable the OWA SafeHTML filtering by changing changing the
    BypassOwaHTMLAttachmentFiltering option to true, for more details, please refer to the following article.
    All HTML content in attachment files of messages is run through an HTML filter when you open or save the attachment by using Outlook Web Access (OWA)
    http://support.microsoft.com/kb/958881
    Best regards,
    Belinda Ma
    TechNet Community Support

  • Exchange 2010 Free/Busy Federation with vendor's Office 365 tenant

    Here the situation,
    ORG A
    ====
    Exchange 2010 SP3 On-premise. No externally accessible CAS available/published (we are very secure and require VPN for Outlook/OWA from home/outside network)
    ORG B
    ====
    Office 365
    ASK
    ===
    ORG B is a vendor for ORG A and we would like to have federated free/busy sharing between the two organizations. I have read the steps about setting up a federation trust, configuring org relationships both ways, configuring autodiscover on our end.
    My specific questions are,
    1. Currently we don't have any externally published CAS servers. My assumption is we need atleast one (and probably more for fault tolerance) for federated free/busy sharing correct? We obviously don't want to place this in the DMZ/externally...so what are
    the recommended configuration? Publish the CAS externally? Any other more secure recommendations? We don't have TMG or any other Microsoft solution for that purpose...are there any other options? We use Cisco IronPorts for inbound/outbound email.
    2. Does this coexistence server have to be Exchange 2013 or will Exchange 2010 sp3 suffice?
    3. Are there any other methods of accomplishing this ask? We don't want users to have to individually share calendars...so internet calendar sharing is out of the question.

    Hi,
    If the organization receives or sends Internet e-mail for the domain, we need to
    configure an
    internet facing CAS server.
    For your reference, here are some articles that may be helpful to you:
    Exchange 2010 SP1 and Exchange Online (Office 365) Calendaring:
    http://blogs.technet.com/b/exchange/archive/2011/02/16/3412010.aspx
    Federation in Office 365 and Exchange
    http://community.office365.com/en-us/wikis/exchange/federation-in-office-365-and-exchange.aspx
    Create a Federation Trust
    http://technet.microsoft.com/en-us/library/dd335198.aspx
    Thanks,
    Winnie Liang
    TechNet Community Support

  • Exchange 2010 mail routing

    How did you migrate to Exchange 2010?  Did you not migrate the groups or did you set everything up from scratch?

    Hi,
    We have a new exchange server installed in our domain and we are moving all our mail transmitted through epicor to this server, and I am experiencing this error
    There is problem sending customer order confirmations by email. The
    message says the mailbox is unavailable. The server response was 5.7.1. Unable
    to relay
    Now I know there is nothing wrong within Epicor, What is wrong with the Exchange server? 
    Is it something to do with the receive connectors in the HUB transport I have got set up?
    All other mail flow is working correctly
    Regards,
    Ian
    This topic first appeared in the Spiceworks Community

  • Exchange 2010 mail storing Architecture

    hi I just need to know what is the method that exchange server 2010 use to store the mail,
    if I elaborate more when one user sends a mail to few people in the same organization does that mail copies to every users mail box or exchange just uses the referencing method to one single mail.
    please help one of my clients using DAG in exchange 2010 and their mail box sizes increasing rapidly. I need to provide a solution to them. please let me know if you want more details
    please help me with some links that reveals about these in detail.
    thanks In Advance.

    Every mailbox will get a copy of the message. Single Instance Storage (SIS) is history.
    Dude, Where's My Single Instance?
    http://blogs.technet.com/b/exchange/archive/2010/02/22/3409361.aspx
    Martina Miskovic

  • Exchange 2010 SP3 - Delayed emails with XLSM attachments...

    Running Exchange 2010 SP3 Rollup 5.  Clients running Windows 7 and Office 2010 Pro Plus SP2.  Have one specific user / client that when sending emails with an XLSM attachment around 5:30AM, the email is delayed getting to the Exchange server and
    is delayed up to 16 hours.  Unfortunately, this is a random occurrence, and not necessarily easy to duplicate.
    The Sent Items on the Outlook client reflect the correct sent time, but the Message Tracking Log on the Exchange server shows the server did not receive the email until approximately 12 to 16 hours later.
    The desktop is a shared system and this issue appears to be isolated to the user's profile, AD account, or Exchange.  I've literally blown away the users local profile and reconfigured it with no resolution.
    Any suggestions are greatly appreciated.
    Fuel

    Hi,
    Please verify whether there is any error/warning/information message left in App log. If yes, please paste the details without sensitive information.
    I suggest re-send a .xlsm attachment for testing to verify whether it delays.
    Thanks
    Mavis
    Mavis Huang
    TechNet Community Support

  • Exchange 2007 mail account sync with Mail 4.0 does not happen

    I am setting up my work exchange 2007 mail account in Mail 4.4. The total size of mail box is ~ 200MB. Folders smaller than 10MB have synced properly and I can see the mails in these folders inside Mail.
    However, none of the mails inside folders >10MB are visible in Mail. Activity window in Mail does not indicate that a sync is going on. But I can see that Mail has correctly calculated the folder sizes on server and no. of messages on server (for every folder) in Account Info.
    I have waited close to 5hrs hoping that it is probably a slow first time sync, but I am not closer to seeing the mails in Mail.
    Any leads to solving this would help.
    Thanks

    I was having this problem as well with a different host's email account. I was able to get IMAP as an option by holding down the Option key. But then was unable to connect to the server to send/receive mail. Turning off SSL in two places worked:
    - Uncheck SSL from the SMTP server settings (click on the SMTP server name & select "Edit SMTP Server List to get to this setting); and
    - From the Advanced Options Tab. Also, in Advanced Options, you may need to change the port to 143 (it may be defaulted to 993 since SSL is the default.)

  • Exchange 2010 SP1 install fails with -1603 error

    I am getting a -1603 error when installing Exchange 2010 SP1.  Installation fails when copying files/removing old version with the following error:
    [10/01/2010 23:17:06.0823] [2] Beginning processing uninstall-MsiPackage -ProductCode:'6574fdc2-40fc-405a-9554-22d1ce15686b' -LogFile:'C:\ExchangeSetupLogs\InstallSearch.msilog'
    [10/01/2010 23:17:06.0847] [2] Removing MSI package with code '6574fdc2-40fc-405a-9554-22d1ce15686b'.
    [10/01/2010 23:17:09.0400] [2] [ERROR] Unexpected Error
    [10/01/2010 23:17:09.0401] [2] [ERROR] Couldn't remove product with code 6574fdc2-40fc-405a-9554-22d1ce15686b. Fatal error during installation. Error code is 1603.
    [10/01/2010 23:17:09.0401] [2] [ERROR] Fatal error during installation
    [10/01/2010 23:17:09.0409] [2] Ending processing uninstall-MsiPackage
    [10/01/2010 23:17:09.0411] [1] The following 1 error(s) occurred during task execution:
    [10/01/2010 23:17:09.0412] [1] 0.  ErrorRecord: Couldn't remove product with code 6574fdc2-40fc-405a-9554-22d1ce15686b. Fatal error during installation. Error code is 1603.
    Does anyone know how to resolve this?
    Thanks,
    greg

    Hi Frank,
    I've the same problem when I try to install the SP2.
    When I try to install RU 4v2, 5 or 6, then comes error 2771. So I waiting for SP2 in the hope, a full install of the SP will fix this.
    But the setup broke with the following entries:
    [12.07.2011 19:51:59.0379] [0] Setup will run the task 'uninstall-msipackage'
    [12.07.2011 19:51:59.0379] [1] Setup launched task 'uninstall-msipackage -logfile 'C:\ExchangeSetupLogs\ExchangeSetup.msilog' -ProductCode '4934d1ea-be46-48b1-8847-f1af20e892c1' -PropertyValues 'BYPASS_CONFIGURED_CHECK=1 DEFAULTLANGUAGENAME=DEU''
    [12.07.2011 19:51:59.0379] [1] Die Active Directory-Sitzungseinstellungen für 'Uninstall-MsiPackage' lauten: Vollständige Gesamtstruktur anzeigen: 'True', Konfigurationsdomänencontroller: 'LicPDC.kh-lichtenstein.local', Bevorzugter globaler Katalog:
    'LicPDC.kh-lichtenstein.local', Bevorzugte Domänencontroller: '{ LicPDC.kh-lichtenstein.local }'
    [12.07.2011 19:51:59.0379] [1] Beginning processing uninstall-msipackage -LogFile:'C:\ExchangeSetupLogs\ExchangeSetup.msilog' -ProductCode:'4934d1ea-be46-48b1-8847-f1af20e892c1' -PropertyValues:'BYPASS_CONFIGURED_CHECK=1 DEFAULTLANGUAGENAME=DEU'
    [12.07.2011 19:51:59.0410] [1] Removing MSI package with code '4934d1ea-be46-48b1-8847-f1af20e892c1'.
    [12.07.2011 19:52:04.0551] [1] [ERROR] Unexpected Error
    [12.07.2011 19:52:04.0551] [1] [ERROR] Couldn't remove product with code 4934d1ea-be46-48b1-8847-f1af20e892c1. Schwerwiegender Fehler bei der Installation. Error code is 1603.
    [12.07.2011 19:52:04.0551] [1] [ERROR] Schwerwiegender Fehler bei der Installation
    [12.07.2011 19:52:04.0613] [1] Ending processing uninstall-msipackage
    The MSI package with code '4934d1ea-be46-48b1-8847-f1af20e892c1' ist the SP1.
    Actual System: Server2008R2SP1 / Exchange2010SP1 RU3v3
    It is possible to solve this problem?
    Rene Hubert - Systemadministrator - DRK KH Lichtenstein gGmbH
    I too have this
    problem.

  • Use Exchange 2010 OWA Login Page with Exchange 2013

    We are planning on upgrading our exchange server from 2010 to 2013. We want to keep 2010 OWA login page with this upgrade. Partly due to educating users to new OWA interface and no plan to upgrade to office 2013 anytime soon.
    Questions:
    1. Do you or do you not recommend?
    2. Is it possible?
    3. How to keep 2010 OWA login page during and after migration to 2013 (instructions)?
    Thank you!

    Hi, EthenLEC
    I agree with Andy David.
    For additional information, we can change OWA 2013 back to OWA 2010 interface to use light version by the following steps.
    Log in to OWA 2013.
    Once logged in, click on the settings gear in the upper right corner, choose
    Display Settings.
    From the Display settings menu, choose Outlook Web App version, then check the box to use the light version.
    Sign out of OWA and sign back in. Now it has the OWA 2013 light version.
    Best Regards.

  • Exchange 2010 SP2: Different problems with E_ACCESSDENIED on exchange servers

    Hello All,
    I'm observing a strange problem in an AD 2008 R2 / Exchange 2010 SP2 environment:
    When creating a DAG and adding 1 or more servers to the DAG, the following error occurs:
    Summary: 2 item(s). 0 succeeded, 2 failed.
    Elapsed time: 00:00:05
    <MAILBOX SERVER 1> Failed
    Error:
    Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))
    Exchange Management Shell command attempted:
    Add-DatabaseAvailabilityGroupServer -MailboxServer '<MAILBOX SERVER 1>' -Identity '<NAME DAG>'
    Elapsed Time: 00:00:02
    <MAILBOX SERVER 2> Failed
    Error:
    Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))
    Exchange Management Shell command attempted:
    Add-DatabaseAvailabilityGroupServer -MailboxServer '<MAILBOX SERVER 2>' -Identity '<NAME DAG>'
    Elapsed Time: 00:00:02
    There are no logs created on the Mailservers, so I have no more detailed information. Where to start with troubleshooting this issue?
    Edit: BTW I already checked the local admin membership of the "Exchange Trusted Subsystem" domain group.
    Also commands like get-owavirtualdirectory give the Access Denied error (except on the CAS servers themselves).
    You know you're an engineer when you have no life and can prove it mathematically

    Hi Frank,
    The DAG is not yet populated. When inserting the first server(s) in the freshly created DAG, the error appeared.
    [PS] C:\Program Files\Microsoft\Exchange Server\V14\Scripts>Get-DatabaseAvailabilityGroup
    Name             Member Servers                                     
    Operational Servers
    IICT-DAG-002     {}
    [PS] C:\Program Files\Microsoft\Exchange Server\V14\Scripts>Get-DatabaseAvailabilityGroup IICT-DAG-002 -Status | fl
    RunspaceId                             : cc985264-fa89-48f8-8aba-c1b0c89eb097
    Name                                   : IICT-DAG-002
    Servers                                : {}
    WitnessServer                          : iict-srvp00-011.insourceict.local
    WitnessDirectory                       : C:\IICT-DAG-002
    AlternateWitnessServer                 :
    AlternateWitnessDirectory              :
    NetworkCompression                     : InterSubnetOnly
    NetworkEncryption                      : InterSubnetOnly
    DatacenterActivationMode               : Off
    StoppedMailboxServers                  : {}
    StartedMailboxServers                  : {}
    DatabaseAvailabilityGroupIpv4Addresses : {10.100.0.54}
    DatabaseAvailabilityGroupIpAddresses   : {10.100.0.54}
    AllowCrossSiteRpcClientAccess          : False
    OperationalServers                     :
    PrimaryActiveManager                   :
    ServersInMaintenance                   :
    ThirdPartyReplication                  : Disabled
    ReplicationPort                        : 0
    NetworkNames                           : {}
    WitnessShareInUse                      :
    AdminDisplayName                       :
    ExchangeVersion                        : 0.10 (14.0.100.0)
    DistinguishedName                      : CN=IICT-DAG-002,CN=Database Availability Groups,CN=Exchange Administrative Gro
                                             up (FYDIBOHF23SPDLT),CN=Administrative
    Groups,CN=InsourceICT,CN=Microsoft Exch
                                             ange,CN=Services,CN=Configuration,DC=insourceict,DC=local
    Identity                               : IICT-DAG-002
    Guid                                   : 71d5d869-03ac-4f8a-8de7-fc15bc6a0ae1
    ObjectCategory                         : insourceict.local/Configuration/Schema/ms-Exch-MDB-Availability-Group
    ObjectClass                            : {top, msExchMDBAvailabilityGroup}
    WhenChanged                            : 8-6-2012 14:35:59
    WhenCreated                            : 8-6-2012 13:35:21
    WhenChangedUTC                         : 8-6-2012 12:35:59
    WhenCreatedUTC                         : 8-6-2012 11:35:21
    OrganizationId                         :
    OriginatingServer                      : IICT-SRV003.insourceict.local
    IsValid                                : True
    You know you're an engineer when you have no life and can prove it mathematically

  • Exchange 2010 and 2013 Monitoring with SCOM 2012

    HI all,
    I have exchange 2013 and 2010 in my environment , Iwant monitor both in SCOM 2012,
    Can you all please tell can i implement 2013 monitorinng first later can i go to 2010 Monitoring, Please advise in that supported or do i need to go with exchange 2010 monitoring first

    There are no dependencies on the 2010 MP so you should be good to go, see the following:

Maybe you are looking for

  • I updated my itunes and it erased all my contacts off my iphone how do i get it back?

    I updated my itunes and when i connected it to my iphone it erased everything, all my contacts, photos, notes.. How can I get it back?

  • Length of numeric string

    When generating an accountId - I append a numeric onto the end of a derived string. I need to determine the overall length of the accountId because I have a size limit. However, when I try to get the length of a numeric string (like "17") I get 0 - s

  • Picture in Outgoing Mail.

    Hi, When ever i send out a Mail it goes with my user account picture and i don't want that. I am not able to delete the picture from address book on the card that is mine. Any Suggestions.? (I am using Live and everything else works fine.) Thanx John

  • SCRIPT and program problem

    Hello experts, I was facing one  problem. Iam getting the text properly but in case of text in two lines ima getting only first line text.i tries all ways but i was getting only single line.here is my code: loop at it_ekpo. concatenate it_ekpo-ebeln

  • Regarding company code in sales order

    Hi guys, From where we will be getting the <b>company code</b> into the sales order? And in sales order where can we find the company code for respective sales order? Regards Venkat