Exchange 2013 OWA - Restrict External access to OWA, while keeping internal access open
I'm looking for the best way to restrict users who can access OWA externally, while keeping internal access to OWA open to everyone. We would preferably like to control who has external access to OWA with an AD group. Users who have external access,
would need both external and internal access to OWA. Internal users would only have internal access to OWA.
TMG is off the table since it is EOL. Reverse proxy might be a possibility, but I'm running into issues with the security setup and passing credentials.
Does anyone know the best way of restricting external access without disabling internal access?
Thanks
Not sure if this still applies to 2013 or not, haven't tried yet...
http://blog.leederbyshire.com/2013/03/13/block-or-allow-selected-users-depending-on-location-and-ad-group-membership-in-microsoft-exchange-2010-outlook-web-app/
Blog |
Get Your Exchange Powershell Tip of the Day from here
Similar Messages
-
How do you authorize access to itunes while blocking the access of the rest of the computer?
How do you authorize access to itunes while blocking the access of the rest of the computer? I want to do a party and let people have access to the music but I don't want them to look in my files. I have windows 7.
I cannot log off and let the music play. Ideally I would want to have a password for access to the rest of the computer.
Thank you!The following may help with the file sharing issues: OS X Mavericks: Share your files
-
Exchange 2013 outlook server name is my owa URL not hash
i was migrating from exchange 2003 to 2010 to 2013.
after the migration and i install the exchange 2013 with exchange 2010 and configured it. the outlook not working with users that migrated to exchange 2013, and working well with the users already existing on exchange 2010.
when i try to fix this issue i set my outlook provider using this commend Set-OutlookProvider EXPR -CertPrincipalName
"msstd:mail.mydomain.com"
but unfortunately it's impacted the server name in client outlook.
then i removed the outlook provider and create it again. but with no change. then i uninstall the CAS server and install it again but with now change too.
now the outlook server name is my URL "mail.mydomain.com" and i need to recover it to be hash like "[email protected]"
the outlook client version outlook 2010 sp2 & and outlook 2013Hi,
Is there any error when you connect your Exchange 2013 mailbox in Outlook? Also confirm if the problematic users can access Exchange 2013 mailbox from OWA.
Generally, Outlook uses Autodiscover service to auto setup Exchange account in Outlook. We can check the Autodiscover service in Exchange 2013 (mail.mydomain.com is pointed to Exchange 2013):
Get-ClientAccessServer | FL Identity,fqdn,*autodiscover*
Set-OutlookAnywhere -Identity "Exch13\Rpc (Default Web Site)" -InternalHostname mail.mydomain.com -ExternalHostname mail.mydomain.com -InternalClientAuthenticationMethod Ntlm -ExternalClientAuthenticationMethod Basic -ExternalClientsRequireSsl
$True -InternalClientsRequireSsl $true
Also make sure the name which is used in the AutoDiscoverServiceInternalUri has been included in your Exchange certificate with
IIS service. We can restart IIS service by running IISReset /noforce from a Command Prompt window.
Regards,
Winnie Liang
TechNet Community Support -
Exchange 2013 Public Folders external issues
Hello,
I am having some issues with gaining access to my public folders externally.
OS: Windows Server 2012 Datacenter
Exchange: 2013 with SP1
Domain: i.client.local
External & internal hostname: ex01.client.dk
I have tried from Windows 7 with Outlook 2010, and Windows 8 with Outlook 2013. (I have also tried to apply patch from: http://support.microsoft.com/kb/2839517)
If I try to access public folders, I get this error:
Cannot expand the folder. The set of folders cannot be opened. The attempt to log on to Microsoft Exchange.
If I try to access public folders with cache enabled, I get this error: http://support.microsoft.com/kb/2788136
I have tried deleting all public folders, public folder databases, and the related mailbox database. And creating all again, however
with same result.
[PS] C:\Windows\system32>Get-PublicFolder | fl
RunspaceId : a90240df-5376-4397-8c2a-4291a924e911
Identity : \
Name : IPM_SUBTREE
MailEnabled : False
MailRecipientGuid :
ParentPath :
ContentMailboxName : Public
ContentMailboxGuid : d97cbc5c-4c39-47c7-8b56-764396dc32ca
EformsLocaleId :
PerUserReadStateEnabled : True
EntryId : 00000000134872D0905F3849B78B9128A8B0CBE30100DF9CA23E198A714AB68A74F2C09F11020000000000020000
DumpsterEntryId : 00000000134872D0905F3849B78B9128A8B0CBE30100DF9CA23E198A714AB68A74F2C09F110200000000000A0000
ParentFolder : 00000000134872D0905F3849B78B9128A8B0CBE30100DF9CA23E198A714AB68A74F2C09F11020000000000010000
OrganizationId :
AgeLimit :
RetainDeletedItemsFor :
ProhibitPostQuota : Unlimited
IssueWarningQuota : Unlimited
MaxItemSize : Unlimited
LastMovedTime :
FolderSize : 0
HasSubfolders : True
FolderClass :
FolderPath : {}
DefaultFolderType : None
ExtendedFolderFlags : SharedViaExchange
MailboxOwnerId : i.client.local/Public
IsValid : True
ObjectState : Unchanged
[PS] C:\Windows\system32>Get-PublicFolder \ -GetChildren
Name Parent Path
Mira \
[PS] C:\Windows\system32>Get-OrganizationConfig | FL RootPublicFolderMailbox
RootPublicFolderMailbox : d97cbc5c-4c39-47c7-8b56-764396dc32ca
[PS] C:\Windows\system32>Get-Mailbox -PublicFolder | FL Name,ExchangeGuid
Name : Public
ExchangeGuid : d97cbc5c-4c39-47c7-8b56-764396dc32ca
I can easily access the Exchange-server internally and externally.
XML from Outlook "Test autoconfiguration" tool.
<?xml version="1.0" encoding="utf-8"?>
<Autodiscover xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">
<Response xmlns="http://schemas.microsoft.com/exchange/autodiscover/outlook/responseschema/2006a">
<User>
<DisplayName>Alex Mathiasen</DisplayName>
<LegacyDN>/o=client/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=8cfd63e296ee4d6d99fa842a78584d43-Alex Mathiasen34410</LegacyDN>
<AutoDiscoverSMTPAddress>[email protected]</AutoDiscoverSMTPAddress>
<DeploymentId>823f5581-e9a1-4b8c-a79e-afcbe9900267</DeploymentId>
</User>
<Account>
<AccountType>email</AccountType>
<Action>settings</Action>
<MicrosoftOnline>False</MicrosoftOnline>
<Protocol>
<Type>EXCH</Type>
<Server>[email protected]</Server>
<ServerDN>/o=client/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/[email protected]</ServerDN>
<ServerVersion>73C0834F</ServerVersion>
<MdbDN>/o=client/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/[email protected]/cn=Microsoft Private MDB</MdbDN>
<PublicFolderServer>ex01.client.dk</PublicFolderServer>
<AD>ex01.i.client.local</AD>
<ASUrl>https://ex01.client.dk/ews/exchange.asmx</ASUrl>
<EwsUrl>https://ex01.client.dk/ews/exchange.asmx</EwsUrl>
<EmwsUrl>https://ex01.client.dk/ews/exchange.asmx</EmwsUrl>
<EcpUrl>https://ex01.client.dk/ecp/</EcpUrl>
<EcpUrl-um>?rfr=olk&p=customize/voicemail.aspx&exsvurl=1&realm=i.client.local</EcpUrl-um>
<EcpUrl-aggr>?rfr=olk&p=personalsettings/EmailSubscriptions.slab&exsvurl=1&realm=i.client.local</EcpUrl-aggr>
<EcpUrl-mt>PersonalSettings/DeliveryReport.aspx?rfr=olk&exsvurl=1&IsOWA=<IsOWA>&MsgID=<MsgID>&Mbx=<Mbx>&realm=i.client.local</EcpUrl-mt>
<EcpUrl-ret>?rfr=olk&p=organize/retentionpolicytags.slab&exsvurl=1&realm=i.client.local</EcpUrl-ret>
<EcpUrl-sms>?rfr=olk&p=sms/textmessaging.slab&exsvurl=1&realm=i.client.local</EcpUrl-sms>
<EcpUrl-publish>customize/calendarpublishing.slab?rfr=olk&exsvurl=1&FldID=<FldID>&realm=i.client.local</EcpUrl-publish>
<EcpUrl-photo>PersonalSettings/EditAccount.aspx?rfr=olk&chgPhoto=1&exsvurl=1&realm=i.client.local</EcpUrl-photo>
<EcpUrl-extinstall>Extension/InstalledExtensions.slab?rfr=olk&exsvurl=1&realm=i.client.local</EcpUrl-extinstall>
<OOFUrl>https://ex01.client.dk/ews/exchange.asmx</OOFUrl>
<UMUrl>https://ex01.client.dk/ews/UM2007Legacy.asmx</UMUrl>
<OABUrl>https://ex01.client.dk/OAB/fa8a9ffb-9d6c-4d66-acec-e23c2cbc63d1/</OABUrl>
<ServerExclusiveConnect>off</ServerExclusiveConnect>
</Protocol>
<Protocol>
<Type>EXPR</Type>
<Server>ex01.client.dk</Server>
<SSL>On</SSL>
<AuthPackage>Ntlm</AuthPackage>
<ASUrl>https://ex01.client.dk/ews/exchange.asmx</ASUrl>
<EwsUrl>https://ex01.client.dk/ews/exchange.asmx</EwsUrl>
<EmwsUrl>https://ex01.client.dk/ews/exchange.asmx</EmwsUrl>
<EcpUrl>https://ex01.client.dk/ecp/</EcpUrl>
<EcpUrl-um>?rfr=olk&p=customize/voicemail.aspx&exsvurl=1&realm=i.client.local</EcpUrl-um>
<EcpUrl-aggr>?rfr=olk&p=personalsettings/EmailSubscriptions.slab&exsvurl=1&realm=i.client.local</EcpUrl-aggr>
<EcpUrl-mt>PersonalSettings/DeliveryReport.aspx?rfr=olk&exsvurl=1&IsOWA=<IsOWA>&MsgID=<MsgID>&Mbx=<Mbx>&realm=i.client.local</EcpUrl-mt>
<EcpUrl-ret>?rfr=olk&p=organize/retentionpolicytags.slab&exsvurl=1&realm=i.client.local</EcpUrl-ret>
<EcpUrl-sms>?rfr=olk&p=sms/textmessaging.slab&exsvurl=1&realm=i.client.local</EcpUrl-sms>
<EcpUrl-publish>customize/calendarpublishing.slab?rfr=olk&exsvurl=1&FldID=<FldID>&realm=i.client.local</EcpUrl-publish>
<EcpUrl-photo>PersonalSettings/EditAccount.aspx?rfr=olk&chgPhoto=1&exsvurl=1&realm=i.client.local</EcpUrl-photo>
<EcpUrl-extinstall>Extension/InstalledExtensions.slab?rfr=olk&exsvurl=1&realm=i.client.local</EcpUrl-extinstall>
<OOFUrl>https://ex01.client.dk/ews/exchange.asmx</OOFUrl>
<UMUrl>https://ex01.client.dk/ews/UM2007Legacy.asmx</UMUrl>
<OABUrl>https://ex01.client.dk/OAB/fa8a9ffb-9d6c-4d66-acec-e23c2cbc63d1/</OABUrl>
<ServerExclusiveConnect>on</ServerExclusiveConnect>
<EwsPartnerUrl>https://ex01.client.dk/ews/exchange.asmx</EwsPartnerUrl>
<GroupingInformation>Default-First-Site-Name</GroupingInformation>
</Protocol>
<Protocol>
<Type>WEB</Type>
<Internal>
<OWAUrl AuthenticationMethod="Basic, Fba">https://ex01.client.dk/owa/</OWAUrl>
<Protocol>
<Type>EXCH</Type>
<ASUrl>https://ex01.client.dk/ews/exchange.asmx</ASUrl>
</Protocol>
</Internal>
<External>
<OWAUrl AuthenticationMethod="Fba">https://ex01.client.dk/owa/</OWAUrl>
<Protocol>
<Type>EXPR</Type>
<ASUrl>https://ex01.client.dk/ews/exchange.asmx</ASUrl>
</Protocol>
</External>
</Protocol>
<Protocol>
<Type>EXHTTP</Type>
<Server>ex01.client.dk</Server>
<SSL>On</SSL>
<AuthPackage>Ntlm</AuthPackage>
<ASUrl>https://ex01.client.dk/ews/exchange.asmx</ASUrl>
<EwsUrl>https://ex01.client.dk/ews/exchange.asmx</EwsUrl>
<EmwsUrl>https://ex01.client.dk/ews/exchange.asmx</EmwsUrl>
<EcpUrl>https://ex01.client.dk/ecp/</EcpUrl>
<EcpUrl-um>?rfr=olk&p=customize/voicemail.aspx&exsvurl=1&realm=i.client.local</EcpUrl-um>
<EcpUrl-aggr>?rfr=olk&p=personalsettings/EmailSubscriptions.slab&exsvurl=1&realm=i.client.local</EcpUrl-aggr>
<EcpUrl-mt>PersonalSettings/DeliveryReport.aspx?rfr=olk&exsvurl=1&IsOWA=<IsOWA>&MsgID=<MsgID>&Mbx=<Mbx>&realm=i.client.local</EcpUrl-mt>
<EcpUrl-ret>?rfr=olk&p=organize/retentionpolicytags.slab&exsvurl=1&realm=i.client.local</EcpUrl-ret>
<EcpUrl-sms>?rfr=olk&p=sms/textmessaging.slab&exsvurl=1&realm=i.client.local</EcpUrl-sms>
<EcpUrl-publish>customize/calendarpublishing.slab?rfr=olk&exsvurl=1&FldID=<FldID>&realm=i.client.local</EcpUrl-publish>
<EcpUrl-photo>PersonalSettings/EditAccount.aspx?rfr=olk&chgPhoto=1&exsvurl=1&realm=i.client.local</EcpUrl-photo>
<EcpUrl-extinstall>Extension/InstalledExtensions.slab?rfr=olk&exsvurl=1&realm=i.client.local</EcpUrl-extinstall>
<OOFUrl>https://ex01.client.dk/ews/exchange.asmx</OOFUrl>
<UMUrl>https://ex01.client.dk/ews/UM2007Legacy.asmx</UMUrl>
<OABUrl>https://ex01.client.dk/OAB/fa8a9ffb-9d6c-4d66-acec-e23c2cbc63d1/</OABUrl>
<ServerExclusiveConnect>On</ServerExclusiveConnect>
</Protocol>
<Protocol>
<Type>EXHTTP</Type>
<Server>ex01.client.dk</Server>
<SSL>On</SSL>
<AuthPackage>Ntlm</AuthPackage>
<ASUrl>https://ex01.client.dk/ews/exchange.asmx</ASUrl>
<EwsUrl>https://ex01.client.dk/ews/exchange.asmx</EwsUrl>
<EmwsUrl>https://ex01.client.dk/ews/exchange.asmx</EmwsUrl>
<EcpUrl>https://ex01.client.dk/ecp/</EcpUrl>
<EcpUrl-um>?rfr=olk&p=customize/voicemail.aspx&exsvurl=1&realm=i.client.local</EcpUrl-um>
<EcpUrl-aggr>?rfr=olk&p=personalsettings/EmailSubscriptions.slab&exsvurl=1&realm=i.client.local</EcpUrl-aggr>
<EcpUrl-mt>PersonalSettings/DeliveryReport.aspx?rfr=olk&exsvurl=1&IsOWA=<IsOWA>&MsgID=<MsgID>&Mbx=<Mbx>&realm=i.client.local</EcpUrl-mt>
<EcpUrl-ret>?rfr=olk&p=organize/retentionpolicytags.slab&exsvurl=1&realm=i.client.local</EcpUrl-ret>
<EcpUrl-sms>?rfr=olk&p=sms/textmessaging.slab&exsvurl=1&realm=i.client.local</EcpUrl-sms>
<EcpUrl-publish>customize/calendarpublishing.slab?rfr=olk&exsvurl=1&FldID=<FldID>&realm=i.client.local</EcpUrl-publish>
<EcpUrl-photo>PersonalSettings/EditAccount.aspx?rfr=olk&chgPhoto=1&exsvurl=1&realm=i.client.local</EcpUrl-photo>
<EcpUrl-extinstall>Extension/InstalledExtensions.slab?rfr=olk&exsvurl=1&realm=i.client.local</EcpUrl-extinstall>
<OOFUrl>https://ex01.client.dk/ews/exchange.asmx</OOFUrl>
<UMUrl>https://ex01.client.dk/ews/UM2007Legacy.asmx</UMUrl>
<OABUrl>https://ex01.client.dk/OAB/fa8a9ffb-9d6c-4d66-acec-e23c2cbc63d1/</OABUrl>
<ServerExclusiveConnect>On</ServerExclusiveConnect>
</Protocol>
<PublicFolderInformation>
<SmtpAddress>[email protected]</SmtpAddress>
</PublicFolderInformation>
</Account>
</Response>
</Autodiscover>I can't access the public folders at all. Trying to access the public folders, result in the error from the following page: http://support.microsoft.com/kb/2788136,
or "Cannot expand the folder..."
It is affecting all users using this Exchange-server. I am actually having this error on two different Exchange-serverens at two different companies at the moment.
And it is a fresh Exchange 2013 environment in both cases.
PS: I discovered that the public folders works inside the same domain as the Exchange-server, however users can't access the public folders externally.
I also tried to use the Exchange-server as DNS, in order to be able to resolve i.client.local:
<PublicFolderInformation>
<SmtpAddress>[email protected]</SmtpAddress>
</PublicFolderInformation>
however I am still unable to open the public folders, even after being able to resolve the DNS name i.client.local. -
Exchange 2013 autodiscover finds external & internal SSL certificate causing autodiscover to fail
<p>Hi:</p><p>I'm currently working on a windows 2012 server, with exchange 2013, lets say our internal domain is "cars.com" and ALSO the case for our external domain. We have purchased an SSL wildcard positive certificate
*.cars.com so that we could configure Outlook Anywhere, we have created the needed DNS records at godaddy and our internal server, OWA, ECP it all works if you go to <a href="https://bird.cars.com/owa">https://bird.cars.com/owa</a>
because we have a DNS record for bird in godaddy and out local server, so all of that is working like a pro ! here comes the tricky part, our website is registered in godaddy but hosted by someone else a company called poetic systems; when we test the connection
with the remote connectivity analyzer website we get a very peculiar error that says SSL certificate not valid, now it provides the name of the certificate it found and is not ours, we found that the hosting company is listening in port 443, therefore, it
is pulling their self signed certificate also, does anyone have a fix for this, I have done this same setup before for other companies and this is the first time a situation like this happens. I REALLY NEED HELP !!!!!</p>Hi,
According to your description, there is a certificate error when you test Outlook Anywhere connection by ExRCA.
If I misunderstand your meaning, please feel free to let me know.
And to understand more about the issue, I’d like to confirm the following information:
What’s detail error page?
Check the Outlook Anywhere configuration: get-outlookanywhere |fl
Check the certificate : get-exchangecertificate |fl
If you have any question, please feel free to let me know.
Thanks,
Angela Shi
TechNet Community Support -
Exchange 2013 stops receiving external email after about 8 hours
Hello,
Just installed 2013 excahnge server 3 days ago. We noticed after the first night that we did not receive any external emails throughout the night. I could not find anything wrong with receive connectors. Telnet works internally when this
happens but NO access from public side testing with telnet. After I reboot the exchange server everything functions just fine and normal for about 8 hours until it happens again.
I dont know what to check or look for at this point. Very new to exchange 2013. Any kind of advice would be helpful at this time.
It is not a firewall issue. Same firewall and set of rules that we use for other/old mail servers. We only have 1 exchange server that has all roles.
Lead PusherOK... Did alot of testing and spent some time with Microsoft's support on the phone.
I believe there is actually two problems going on in this thread.
1. Exchange 2013 Admins that have changed the default receive connectors are experiencing a conflict on the scope settings. Make sure that none of the receive connectors are using the same ports, and that you have not modified the security settings in anyway
unless you really know what you are doing.
If you are unsure of what the settings should be after you have change them, the only suggestion I have right now, (as I have not taken the time to do screen shots or write down all the default settings) is to install Exchange 2013 on a virtual machine and
look at them, then change back the settings that do not match.
2. The Malware Agent has a flaw that is causing the the Microsoft Exchange Transport service to endlessly wait on the Malware Agent to process a message that it just can't handle. (Two reboots of the entire server may be needed to clear this, or sometimes
you can get away with restarting the Microsoft Exchange EdgeSync service.)
The Microsoft technician had me perform a sequence of steps that highlighted this. To see if this is infact your problem you can perform the following steps.
A) Once the Exchange server stops processing messages, figure out the rough time it stopped processing messages.
B) Open the event viewer.
C) Under "Windows Logs", right click "Application", select "Filter Current Log...", check "Warning" and "Error", then click "OK".
D) Scroll down the log to the rough time that your Exchange Server stopped processing messages. You are looking for a slew of errors about the same time from "MSExchange Extensibility" (1051), "MSExchange Transport" (9201), "MSExchange
Transport" (9201), "MSExchange Extensibility" (1056), "MSExchangeTransport" (10003), and "MSExchange Common" (4999).
It is the "MSExchangeTransport" (10003) that I believe is the real problem. The Microsoft technician agreed. He did not want to spectulate as to exactly what was going on, but it seems to me that since he had me disable the "Malware Agent"
for now, that it is indeed the problem.
E) So.... Open the Exchange Management Console and type "Disable-TransportAgent", followed by enter. It will prompt "Supply values for the following parameters:". Enter "Malware Agent", press enter again. Type "A",
for yes to all.
or
http://technet.microsoft.com/en-us/library/jj150526.aspx"
F) Go to run, enter "services.msc". On the window that opens, find "Micorosoft Exchange Transport" and restart it.
I know this is NOT a fix, but a work around that is less than desired as the Malware Agent is a filter to keep unwanted emails out. I highly recommend running some sort of 3rd party spam/Malware filter that has been fully tested to run with Exchange
2013 if you do this.
Microsoft is to contact me back once they can figure out why this is happening, and I believe in the end a patch for Exchange 2013 will be produce to correct the problem.
In the mean time.... don't waste your money on paying Micorosoft for support, as I have already done this.
For the individuals who say they are not experiencing trouble, I am going to go out on a limb here and say that either you have a 3rd party software program that is filtering the mail before it reaches the Malware Agent, you have disabled the Malware Agent,
or you are using another mail server to forward email to your Exchange 2013 server. With either of these cases you are much less likely to see this problem.
One last issue that a few people may be experiencing, is Exchange 2013, running on Server 2012 that is a VM. Several VM setups have a bug with the VM NIC management interface and Windows Server if you are using the same NIC for both. For example Xen
Server 5.6 and XEN XCP both have this bug. There is an patch for XEN Server 5.6, but so far nothing for Xen XCP.
I have spent many hours trying to figure my problems with Exchange 2013 and I will not swear that my entire post is correct, but I have gotten very much closer to a stable mail server after much work. If you feel that anything is incorrect, please reply
back and let me know why, so that we may all benifit.
P.S. Sorry for the mis-spellings and what not, I am very tired at the moment, and was forced to use explorer, because this site is not liking Chrome at the moment. (Will not let me login) -
Exchange 2013 EAC- block external access only
This question I'm sure has been asked many times- but it must be possible to block EAC externally and still allow ECP and OWA externally. I need EAC to work internally only.I'm aware of the official response on this (not possible) but has anyone come
up with a way that does not use dedicated IP's. We have F5's at the gateway so maybe filter out the URL? Any suggestions?The best approach that I've seen, so far, is something close to what Sathish suggested:
1. You need to disable EAC on the default web site - both for internal and external users.
2. Create a new ECP virtual directory, using a different internal IP. That IP will not be translated and accessible from the Internet. Everybody on the local LAN will have access to it.
Step by Step Screencasts and Video Tutorials -
Exchange 2013 - Archive RESTRICTION
Hello All my Exchange MS Expert,
I have a customer requirement --> My customer want to restrict all user in their organization not to delete archive item from their archived mailbox? can we achieve this through security
option / from ADSI edit??? I have suggested them to go with inplace-hold but not wanted in-pace feature instead they need if a user want to delete any archived item they should get message saying "you don't have appropriate" permission
/ unable to delete.
I have open a Microsoft advisory Case: they told me to give some time to work on this requirement for test and will comeback to me.
Friends if you have any suggestion pls pass me. Much appreciate your valuable input.Hello All my Exchange MS Expert,
I have a customer requirement --> My customer want to restrict all user in their organization not to delete archive item from their archived mailbox? can we achieve this through security
option / from ADSI edit??? I have suggested them to go with inplace-hold but not wanted in-pace feature instead they need if a user want to delete any archived item they should get message saying "you don't have appropriate" permission
/ unable to delete.
I have open a Microsoft advisory Case: they told me to give some time to work on this requirement for test and will comeback to me.
Friends if you have any suggestion pls pass me. Much appreciate your valuable input.
Exchange doesn't work that way. Using litigation hold/ Single Item Recovery is the only supported method.
Twitter!: Please Note: My Posts are provided “AS IS” without warranty of any kind, either expressed or implied. -
We are using CUCM 8.6.2:
User-A, with extension ‘xxxxx’ calling internal switchboard operator ‘yyyyy’ (switchboard operator using ARC operator console system) with the request to connect to doctor’s mobile number ‘zzzzzzzzzz’;
Once the switchboard operator transferred (blind or consulted all the same) the call to doctor’s mobile ‘zzzzzzzzzz’, User-A can see the doctor's mobile 'zzzzzzzz' on his/her phone ‘xxxxx’.
How can I restrict User-A’s phone with extension ‘xxxxx’ seeing doctor’s mobile ‘zzzzzzzzzz’ after being transferred by switchboard operator ‘yyyyy’.
I would be very greatful to get some hlep on this matter.
Early thanks to all of you who has time, clue or solution for this.
Regards,
MohibI ended up logging a call with Cisco and got the solution, so thought I'll share with you all.
Although there is possible configuration per DN but that can be a bit of complex configuration and also will vary depend upon individual route pattern and circumstances.
I used the global configuration suggested by Cisco engineer for our organisation as mentioned bellow:
Choose Service > Service Parameters in the Cisco Unified CallManager Administration page.
Choose the PUB IP and then choose the Cisco CallManager service.
In Clusterwide Parameters (Device - General) change the parameter value of Always Display Original Dialed Numberto true. The default setting is false. -
Is there a way to use an external display while keeping the Macbook open?
I'm trying to use my external display as my primary (and only display). I would be operating in clamshell mode, but this can lead to overheating issues. Is there an easy way to leave the Macbook open but turn its screen off manually when another display is connected?
I've found that by closing the macbook, plugging in a mouse, waiting for the macbook to start in clamshell mode, and then opening the display, I can do this. Is there an easier way (i.e., an option to tell the macbook display to turn off)could you not just connect it with the vga adapter and then turn the brightness of your screen all the way down so there is no light? i had to do that for my ibook g4 when i cracked the lcd, but thankfully i have my macbook now.
-
New User cannot access OWA after migrate from Exchange 2007 to Exchange 2013
Dear all,
I recently migrate the Exchange server from Exchange 2007 on Windows Server 2003 to Exchange 2013 on Windows 2012 R2. I can open the mailbox moved from Exchange 2007 without any problem. However when I created a new user in Exchange 2013, the user cannot
login the OWA, the browser will throw out following screen. Can anyone help me in this case. Thanks a lot!Hi Winnie,
Thank for your reply. Below is the result, please note there has four exchange servers, HKAD and HKEX are the existing Exchange 2007 server. HKCAS1 and HKCAS2 are the new Exchange Server 2013 - both of xchange server 2013 are using owa.ksi.com.hk
as the external URL.
Identity : HKAD\owa (Default Web Site)
InternalAuthenticationMethods : {Basic, Fba}
BasicAuthentication : True
WindowsAuthentication : False
DigestAuthentication : False
FormsAuthentication : True
LiveIdAuthentication : False
AdfsAuthentication : False
OAuthAuthentication : False
ExternalAuthenticationMethods : {Fba}
Url : {}
SetPhotoURL :
Exchange2003Url :
FailbackUrl :
InternalUrl :
https://hkad.ksi.com.hk/owa
ExternalUrl :
Identity : HKAD\Exchange (Default Web Site)
InternalAuthenticationMethods : {Basic, Ntlm, WindowsIntegrated}
BasicAuthentication : True
WindowsAuthentication : False
DigestAuthentication : False
FormsAuthentication : False
LiveIdAuthentication : False
AdfsAuthentication : False
OAuthAuthentication : False
ExternalAuthenticationMethods : {Fba}
Url :
SetPhotoURL :
Exchange2003Url :
FailbackUrl :
InternalUrl :
ExternalUrl :
Identity : HKAD\Public (Default Web Site)
InternalAuthenticationMethods : {Basic, Ntlm, WindowsIntegrated}
BasicAuthentication : True
WindowsAuthentication : False
DigestAuthentication : False
FormsAuthentication : False
LiveIdAuthentication : False
AdfsAuthentication : False
OAuthAuthentication : False
ExternalAuthenticationMethods : {Fba}
Url :
SetPhotoURL :
Exchange2003Url :
FailbackUrl :
InternalUrl :
ExternalUrl :
Identity : HKAD\Exchweb (Default Web Site)
InternalAuthenticationMethods : {Basic, Ntlm, WindowsIntegrated}
BasicAuthentication : True
WindowsAuthentication : False
DigestAuthentication : False
FormsAuthentication : False
LiveIdAuthentication : False
AdfsAuthentication : False
OAuthAuthentication : False
ExternalAuthenticationMethods : {Fba}
Url :
SetPhotoURL :
Exchange2003Url :
FailbackUrl :
InternalUrl :
ExternalUrl :
Identity : HKAD\Exadmin (Default Web Site)
InternalAuthenticationMethods : {Basic, Ntlm, WindowsIntegrated}
BasicAuthentication : True
WindowsAuthentication : False
DigestAuthentication : False
FormsAuthentication : False
LiveIdAuthentication : False
AdfsAuthentication : False
OAuthAuthentication : False
ExternalAuthenticationMethods : {Fba}
Url :
SetPhotoURL :
Exchange2003Url :
FailbackUrl :
InternalUrl :
ExternalUrl :
Identity : HKEX\owa (Default Web Site)
InternalAuthenticationMethods : {Basic, Fba}
BasicAuthentication : True
WindowsAuthentication : False
DigestAuthentication : False
FormsAuthentication : True
LiveIdAuthentication : False
AdfsAuthentication : False
OAuthAuthentication : False
ExternalAuthenticationMethods : {Fba}
Url : {}
SetPhotoURL :
Exchange2003Url :
FailbackUrl :
InternalUrl :
https://hkex.ksi.com.hk/owa
ExternalUrl :
Identity : HKEX\Exchange (Default Web Site)
InternalAuthenticationMethods : {Basic, Ntlm, WindowsIntegrated}
BasicAuthentication : True
WindowsAuthentication : False
DigestAuthentication : False
FormsAuthentication : False
LiveIdAuthentication : False
AdfsAuthentication : False
OAuthAuthentication : False
ExternalAuthenticationMethods : {Fba}
Url :
SetPhotoURL :
Exchange2003Url :
FailbackUrl :
InternalUrl :
ExternalUrl :
Identity : HKEX\Exadmin (Default Web Site)
InternalAuthenticationMethods : {Basic, Ntlm, WindowsIntegrated}
BasicAuthentication : True
WindowsAuthentication : False
DigestAuthentication : False
FormsAuthentication : False
LiveIdAuthentication : False
AdfsAuthentication : False
OAuthAuthentication : False
ExternalAuthenticationMethods : {Fba}
Url :
SetPhotoURL :
Exchange2003Url :
FailbackUrl :
InternalUrl :
ExternalUrl :
Identity : HKEX\Public (Default Web Site)
InternalAuthenticationMethods : {Basic, Ntlm, WindowsIntegrated}
BasicAuthentication : True
WindowsAuthentication : False
DigestAuthentication : False
FormsAuthentication : False
LiveIdAuthentication : False
AdfsAuthentication : False
OAuthAuthentication : False
ExternalAuthenticationMethods : {Fba}
Url :
SetPhotoURL :
Exchange2003Url :
FailbackUrl :
InternalUrl :
ExternalUrl :
Identity : HKEX\Exchweb (Default Web Site)
InternalAuthenticationMethods : {Basic, Ntlm, WindowsIntegrated}
BasicAuthentication : True
WindowsAuthentication : False
DigestAuthentication : False
FormsAuthentication : False
LiveIdAuthentication : False
AdfsAuthentication : False
OAuthAuthentication : False
ExternalAuthenticationMethods : {Fba}
Url :
SetPhotoURL :
Exchange2003Url :
FailbackUrl :
InternalUrl :
ExternalUrl :
Identity : HKCAS2\owa (Default Web Site)
InternalAuthenticationMethods : {Basic, Fba}
BasicAuthentication : True
WindowsAuthentication : False
DigestAuthentication : False
FormsAuthentication : True
LiveIdAuthentication : False
AdfsAuthentication : False
OAuthAuthentication : False
ExternalAuthenticationMethods : {Fba}
Url : {}
SetPhotoURL :
Exchange2003Url :
FailbackUrl :
InternalUrl :
https://hkcas2.ksi.com.hk/owa
ExternalUrl :
https://owa.ksi.com.hk/owa
Identity : HKCAS1\owa (Default Web Site)
InternalAuthenticationMethods : {Basic, Fba}
BasicAuthentication : True
WindowsAuthentication : False
DigestAuthentication : False
FormsAuthentication : True
LiveIdAuthentication : False
AdfsAuthentication : False
OAuthAuthentication : False
ExternalAuthenticationMethods : {Fba}
Url : {}
SetPhotoURL :
Exchange2003Url :
FailbackUrl :
InternalUrl :
https://hkcas1.ksi.com.hk/owa
ExternalUrl :
https://owa.ksi.com.hk/owa -
Exchange 2013 / 2013 Coexistence - OWA rendering on 2010 CAS for 2013 Mailbox
So I'm running Exchange 2013 CU2v2 alongside Exchange 2010 SP3 (both on top of 2008 R2 SP1) and I'm having a bit of a weird thing happen when migrating test users from Exchange 2010 to 2013.
After migrating a user from a database on the 2010 server to a database on the 2013 server, when you access OWA (through a url pointing at the 2013 server), it still appears to render on the 2010 CAS (and functions normally). If you click ? > About it
shows properly that the mailbox server is the 2013 server, but the host address and client access server are still the old 2010 server. It seems that after a few hours it fixes itself. ECP, however, renders properly on the 2013 server immediately after migration.
The migration completes successfully with no errors, and outlook connects fine after migration, hitting the 2013 CAS.
I thought maybe this had to do with the Exchange Information Systems Cache, as in 2010 this was occasionally an issue:
http://www.terminal.com/blog/bid/70313/Moving-Mailboxes-During-an-Exchange-Migration
but the mailbox will still render on the 2010 CAS even after restarting the ExchangeIS service.
I should also note that this behavior DID NOT occur with Exchange 2013 CU1 alongside 2010, and only started happening after upgrading to CU2v2.
Does anyone have any thoughts as to why this is happening and what I can do to make it transition quickly to render OWA against the new mailbox? Thanks!Exact same symptoms here;
Single site, 1 Exchange 2013 CU3 on 2012 Server, 1 Exchange 2010 SP3 as source for migration;
Exchange 2013 configured as external access 'cas' owa etc. and proxy to 2010.
Accessing an 2010 mailbox thu 2013 works correctly (OWA, ECP, ActiveSync, Outlook Anywhere etc.)
Created new mailbox on 2010, migrated to 2013 and this mailbox is accessed/proxied thru OWA 2010. Strangely this mailbox is hosted on the proxying 2013 server now but still gets proxied. ECP for this user does instantly connect to the correct 2013 server.
The 2010 OWA connecting to 2013 mailbox server: help | about:
Host address: https://ex2010.corp.local/owa
Version: 14.3.174.1
Proxy host address: https://ex2013/owa
Proxy version: 15.0.775.0
Proxy server name: ex2013
S/MIME control: not installed
Exchange Client Access server name: ex2010.corp.local
Exchange Client Access server .NET Framework version: 2.0.50727.5472
Client Access server version: 14.3.123.0
Client Access server platform: 64bit
Mailbox server name: ex2013.corp.local
Mailbox server Microsoft Exchange version: 15.0.775.0
Other Microsoft Exchange server roles currently installed on the Client Access server: Mailbox, Hub Transport
Authentication type associated with this Outlook Web App session: Basic
Authentication type for Exchange Client Access server to Client Access server proxy session: Negotiate
Public logon: Yes
So to me is that the 2013 server is still proxying to 2010 and the 2010 CAS is accessing the mailbox on 2013 ;).
This even when the mailbox is moved on the 2013 server itself!!
How strange is this?!
Regards,
Arian van der Pijl
Hello! -
LYNC 2013, Exchange 2013 / OWA presence not updating from calendar entries
Have a test environment of LYNC 2013 and EXCHANGE 2013.
No software clients - pure OWA access.
IM works within OWA and I can manually set availability which is seen correctly by other users. What does not happen is any calendar entries - they do not update the presence status (ie. does not go to busy when in a meeting ).
I did install Lync client 2013 and that did work ( and updated OWA ) - but I want a pure web environment without the need for additional software based clients.
Can this work? If so is there anything that can be checked to see where the issue is?
Thanks in advance.Hi,
Maybe it's my misunderstanding. Did you mean you don’t want additional software based clients (including Lync client 2013)?
If you don’t install a Lync client on user workstations, you cannot see presence of Lync users from OWA.
What’s more, for Lync side, if you do not install Lync client software the only way to use Lync is Lync Web App (a browser-based meeting client). Lync Web App only support to join Lync Meetings. However, Lync meeting cannot schedule by Lync Web App and OWA.
Here is a link about Lync Web App may help you:
http://office.microsoft.com/en-in/lync-help/what-is-lync-web-app-HA103699740.aspx
If you want to create Lync Meetings but don’t have Microsoft Outlook you can use Lync Web Scheduler (a web-based program)
More details:
http://office.microsoft.com/en-in/lync-help/lync-web-scheduler-HA103466460.aspx?CTT=5&origin=HA103699740
Best Regards,
Eason Huang
Eason Huang
TechNet Community Support -
Email's staying in 'Drafts' folder in OWA (Exchange 2013)
Hi Guys,
I have am setting up a new Exchange 2013 Server. The server is hosting both Mailbox and Transport Roles. When I try and send emails from OWA they are placed in the 'Drafts' folder and never leave the server.
I have tried to run a SMTP Test using Telnet but I can't get it to accept requests from my computer I keep getting the following error.
EHLO
250-EAMPLE.SERVER.COM Hello [172.16.200.132]
250-SIZE 37748736
250-PIPELINING
250-DSN
250-ENHANCEDSTATUSCODES
250-STARTTLS
250-X-ANONYMOUSTLS
250-AUTH
250-X-EXPS GSSAPI NTLM
250-8BITMIME
250-BINARYMIME
250-CHUNKING
250 XRDST
MAIL FROM: [email protected]
250 2.1.0 Sender OK
RCPT TO: [email protected]
550 5.7.1 Unable to relay
I have changed the email addresses to protect our email servers from spam. Does anyone have any suggestions I have included a screen capture of my Receive connectors as I have a feeling this issue might be linked to they way they are configured.
TPark IT TechnicianHi,
Did you install CAS role in your company?
Please check if all the Exchange services on the server have started via Test-Servicehealth. Especially Exchange Transport service and Mailbox transport service.
In addition, I recommend you refer to the following article to check if the receive connector was configured correctly:
How to Configure a Relay Connector in Exchange Server 2013
This article demonstrates how to meet the following two requirements in Exchange Server 2013
Internal SMTP relay – the ability to make an SMTP connection to an Exchange 2013 server and send email to recipients that are internal to the organization
(for example, a “scan to email” feature on a multi-function print device)
External SMTP relay – the ability to make an SMTP connection to an Exchange 2013 server and send email to recipients that are outside the organization (for example, applications or hardware that sends automated reports or alerts to external
vendors or consultants)
Hope this helps!
Thanks.
Niko Cheng
TechNet Community Support -
Exchange 2013 owa integration with ADFS and cooexistance with exchange 2007
Team,
I have successfully integrated adfs 3.0 and Exchange 2013 owa and ecp. However, we have a coexistence environment with exchange 2007. When you access owa, which then redirects you to adfs, sign-in, and then get redirected back to owa. If your
mailbox is still within exchange 2007, you get a blank login page. If you mailbox is in exchange 2013 then you successfully get the owa page for 2013. The problem is that all exchange 2007 mailbox users get blank pages at login. So I have determined
that exchange 2013 cas is not doing the service location lookup on the mailbox to determine if a redirect to the legacy owa address is needed. Is there a configuration setting that I might be missing? Or does the integration with adfs and owa not support
the much needed mailbox lookup for a coexistance environment? A side note: if we enable FBA with owa, both login scenarios work just fine (legacy and new 2013). The legacy namespace has been created, and applied to the exchange 2007 urls.Hi,
Try using AD FS claims-based authentication with Outlook Web App and EAC
http://technet.microsoft.com/en-us/library/dn635116(v=exchg.150).aspx
Thanks,
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
[email protected]
Simon Wu
TechNet Community Support
Maybe you are looking for
-
finder has problems showing folders& files on external drives on mac mini with 10.7.2 this is affecting 2 external usb drives both mac formatted - ownership ignored i click on the drive and see nothing a refresh of the finder window will make the fil
-
Can't restore my back up from time machine
hi every one. i need your help . i have had format my Mac book pro via time machine then by mistake i have lost all data of my i phone . when i tried to restore back up of i tunes it didn't appear last back up.therefore, i can't restore back up any
-
Hi, I have the 16gb 3G model of the iPhone. I don't know if it has to do with the 2.2 update. However after I did the update my iPhone won't find any Wi-Fi networks, even manually searching for them. I Now my Mac laptop finds my Wi-Fi fine, so it's n
-
TD340 Thinkserver Raid 500 Upgrade with Raid 5 key not detected
Hello, I have just purchased the TD340 and the Thinkserver Raid 500 Upgrade and Upgrade key. I am trying to set this up but it is not being seen by the bios and/or the thinkserver easysetup cd. Any help would be GREATLY appreciated!!!!
-
Good day, I created a database(query) like 2 weeks back on microsoft sql server 2012.Now I want to continue working, but I cannot edit it. I can see the query which is saved under object explorer->Databases but I cannot seem to make it appear in the