Exchange 2013 Site Resilience - Basic questions for setup in two seperate AD Sites, same domain

Similar Messages

• Exchange 2013 sp1 smtp NTLM auth for child domain users

  i have exchange organization with exchange 2007 sp 3 & exchange 2013 sp1.
  there are  all users in Exchange 2013 server (mail flow is through Exchange 2013 server)
  i have single forest, 2 site (site1, site2), root domain root.local and 1 child domain ch.root.local
  DC  for child domain is located in site2 (dc.ch.root.local)
  multirole exchange 2013 server is installed in root domain.
  i am traing to configure smtp receive connector with NTLM auth and have one problem.
  when user in child domain try send email through this receive connector i see in log
  <,AUTH NTLM,
  >,334 <authentication response>,
  *,SMTPSubmit SMTPAcceptAnyRecipient BypassAntiSpam AcceptRoutingHeaders,Set Session Permissions
  *,CH\user1,authenticated
  *,,Setting up client proxy session failed with error: 535 5.7.3 Unable to proxy authenticated session because either the backend does not support it or failed to resolve the user
  *,,"Setting up client proxy session failed with error: 451 4.4.0 Primary target IP address responded with: ""535 5.7.3 Unable to proxy authenticated session because either
  the backend does not support it or failed to resolve the user."" Attempted failover to alternate host, but that did not succeed. Either there are no alternate hosts, or delivery failed to all alternate hosts. The last endpoint attempted was 192.168.1.15:465"
  but authentication is succesfull for users from root domain.
  why do it can be?
  Thanks.

  thanks for link
  at smtp receive logs (Hub transport role) i've found the  next:
  Client Proxy EXMAIL2013,08D134DAF6CE1C51,49,192.168.1.15:465,
  *,NT AUTHORITY\SYSTEM,authenticated
  >,235 <authentication response>,
  <,XPROXY SID=08D130D354F520D1 IP=192.168.1.21 PORT=57085 DOMAIN=[192.168.1.21] CAPABILITIES=0 SECID=Uy0xxx...
  *,,Error while looking up SamAccountName chuser: The user name or password is incorrect.\r\n
  *,None,Set Session Permissions
  >,250 XProxy accepted but user identity could not be obtained,

• Mind answering some basic questions for a few bright HS students?

  I am a HS computer science teacher who seeks a professional mentor regarding JDBC. While I have successfully
  - installed a MySQL database,
  created, queried, updated the database,
  - read the Java Tutorial and:
  used Connect/J and written a main method to manipulate a
  database
  created very simple applets to query or update a database with
  their run methods.
  I have basic questions about how pieces fit together in web application development and how one can best take advantage of OOP when dealing with a database. My motivation are a few very bright post-AP students who have an excellent grasp of OOP and data structures; they are curious to see how Java is used in web applications.
  The sample code I have found on the Web has all been small main method examples. I would like to see and discuss a truly OOD application with JDBC, and to discuss how the pieces fit together.
  So, aware of our ignorance and of how dangerous a little knowledge can be, and not expecting to go live with an application anytime soon, we seek a very high level understanding of current professional practice (like: "Where does tomcat fit in here?") as well as some direction while we get our hands dirty. (I hope that makes sense.)
  If you have time to correspond with us via e-mail, answer some very basic questions, and perhaps take a look at some code as we work through it, we would love to hear from you off-line ([email protected]). We would also appreciate knowing where to look for a good OOD sample application. Thanks.

  Complete this tutorial and you will have a much better understanding.
  http://java.sun.com/javaee/5/docs/firstcup/doc/toc.html
  Also here is the tutorial for j2ee ( a little detailed but useful):
  http://java.sun.com/javaee/5/docs/tutorial/doc/

• Basic questions for a self-taught re: HDV for SD HDV (yes again)

  ok - like many others posting on this topic, I am apologising for going over what seems to be one of the most covered topics out there, that still isn't clear!
  I am trying to teach myself DVD SP4 in the same way I did with FCP5 (trial, error and lots of forum searching). I am by no means a pro on FCP - but have certainly got enough understanding of it to have cobbled together 7 23 minutes episodes to broadcast! I have gone thought the DVD SP4 Manual and forums and lots of it just makes my brain ache - what mostly lets down my understanding are formats/compression/codecs.
  So - my main questions (for now....)
  -In DVD SP I couldn't import my QT movie into my assets list as it was an "incompatible format" - is this because it was HDV to a SD DVD Project? Doesn't the process of DVD SP encoding it as Mpeg 2 make is SD anyway?
  -I read a post from someone in a similar situation, who advised exporting a HDV sequence as Uncompressed 8 Bit, and bringing that to DVD SP. So am doing that now (6 hours or so for a 23" sequence) and am hoping it gives a great looking picture, but I have seen from its preview icon that its a 720 x 576 frame - why is it not exporting in 16:9? or will it squeeze that down to normal once it's in DVD SP?
  Really appreciate any understand you can help me with.
  cheers
  Hugh

  Hughey wrote:
  Going back to my original questions - could the problem be a HD file in an SD project?
  No. If you followed the workflow process from the above post you would have a SD mv2 file. The file should be playable in Quicktime and it should be 16:9.
  EDIT: Yes. Reading back on your OP this question ->
  In DVD SP I couldn't import my QT movie into my assets list as it was an "incompatible format" - is >this because it was HDV to a SD DVD Project? Doesn't the process of DVD SP encoding it as Mpeg 2 >make is SD anyway?
  I believe that importing a HDV file into a SD project would give you that error but if you follow the above steps and import the mv2, AC3 files you should not get that error.
  The reason you got three files is because that is how the preset group is made up. To be completely truthful I duplicated that preset, deleted the AIFF part and renamed the group. I now use that as my default settings when I bring any asset into Compressor.
  As far as bring video assets (quicktime SD/HD, or other) into DVDSP in general you can do this but, what is happing is that in the background DVDSP is going through the steps from my above post and creating the mv2, AIFF, AC3 files for you (based on your preference setting in DVDSP) and then replacing the video files you brought in with the compressed files.
  Can you play the mv2 file in quicktime? If not then something else must be going wrong.

• Getting old site off the 'net without appropriate files. (to start over with same domain name)

  As a complete novice, I'm not even sure how to start this question...but, I have tried everything and I think I have "lost" my website in terms of bringing in back into DW and changing/updating it.  My backup files on my computer have disappeared and the appropriate files through my cPanel to bring it back to in order make changes aren't there.  The website still functions, but it is outdated for my business needs.
  So, at this point, my question is this; how can I gain control over the domain and start over from scratch.  I don't want what is out there anymore, but without control through the above mentioned devices, is it even possible to build a new website and get the old one off the 'net as it is and still keep the original www.name.com?
  I'm clueless at this point.  Thanks.

  Chazmonk wrote:
  So, at this point, I don't know what is really going on.  My main goal was to get my existing website off the net and put something updated on with the same domain name.  I was successful with what JTANNA suggested, but I don't know what I'm doing with a mirrored site in terms of what my needs are.  I am not against changing the domain name and just leaving this one out there, though I did put a great deal of time into building it.  I would take some further help if anyone has more suggestions, but I'm about ready to move one.
  Thanks for trying to help.
  You will need to sort out the FTP issues because when you have edited your site, you will need to upload it and so FTP details will be required.
  Your first port-of-call to sort this out is to contact your host who can reset the password for you so that you can start all over again.  The alternative, is to give your password/login details to Murray (PRIVATELY) so that he can try from his machine.  When this is done, you can always change the password for your own security.
  hth

• Exchange 2013 - powershell - create search folder for items larger than 24mb

  Hi all,
  is it possible to use PowerShell and create search folder in spesific mailbox that contains items larger than 25mb?
  Thanks!
  Please mark as helpful if you find my contribution useful or as an answer if it does answer your question. That will encourage me - and others - to take time out to help you. Thank you! Off2work

  Ok this should be possible.
  I just tested a basic idea of what you want to do on Exchange 2010 SP3. IF you need me to test on 2013 let me know.
  Add the account you want to run the powershell search as to the "Discovery Management" role in AS or ECP.
  This gives you access to the "search-mailbox" command. Using this you should be able to build a search that moves mail to a different folder.
  http://technet.microsoft.com/en-gb/library/dd298173(v=exchg.150).aspx
  Thanks,
  Edit: something like this would help but the target mailbox would be there own I guess
  Search-Mailbox -SearchQuery “Size:>25MB” -TargetMailbox SomeMailbox -TargetFolder Export -LogOnly -LogLevel Full
  Ok so I have found a issue where the command does not allow the source mailbox to be the same as a target mailbox. I dont know if this will help you then unless you go through a long process of moving the mail out then back but thats very long.
  You could create a rule for this but it would have to be run manually with specific settings so I guess that might not work as user training can be difficult. 
  You could write a VBA macro for this and then apply it to all you machines.
  Or there is a 3rd party tool that could help you called
  Auto-Mate
  Sorry I could not be more helpful.
  Good luck

• Does MS Exchange 2013 have extended encryption options for Protected Health Information (PHI) ?

  Our agency currently uses MS Exchange Server 2007 on-site and we recently migrated over to Office 365 Pro Plus. Our current encryption is TLS for internal e-mails, and for external, we use Sophos with 'encrypt' in '[]" . With the intent to migrate our
  exchange server to be at version 2013 on-site, we were hoping to have the following: 
  internal and external email containing Protected Health Information (PHI) be encrypted to a FIPS 140-2 standard, minimum 128 bit, possibly 256 bit. Also, other counties and government agencies have solutions that will automatically encrypt emails with any
  string of over 5 digits, formatted like an SSN (xxx-xx-xxxx), or with trigger words “ePHI”, “PHI”, “Secure”, or “confidential”.
  Is this possible with 2013 or are we in the realm of exploring 3rd party solutions to obtain this level of security/encryption ?

  Hi domerdel,
  Thank you for your question.
  To help protect sensitive information, organizations create messaging policies that provide guidelines about how to handle this information. In Microsoft Exchange Server 2013, we could use
  transport protection rules
  to implement these messaging policies by inspecting message content, encrypting sensitive email content, and using rights management to control access to the content.
  We could refer to the following link:
  https://technet.microsoft.com/en-us/library/dd298166(v=exchg.150).aspx
  If there are any questions regarding this issue, please be free to let me know. 
  Best Regard,
  Jim
  Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected]
  Jim Xu
  TechNet Community Support

• Basic question for HTML DB

  Hi ,
  I am a very new user to HTML DB . i had requested for a workspace from htmldb page. I tried developing some basic pages . My application nuber is 920 .
  If I have to make the URL accessible to other users ..what do I need to do .
  Presently the URL is http://htmldb.oraclecorp.com/pls/htmldb/f?p=960:1:7293424715472730277
  how to have this in my machine ? Should I have HTML DB installed and apache installed in my machine ..
  Please clarify .
  Thanks,
  Madhu

  Hello,
  You need to change the authentication scheme to 'No Authentication (using DAD)
  '. You can set this up by creating a new authetication scheme in the
  Workspace xxx> Builder - Application xxx>Shared Components>Security>Authentication Schemes>Gallery
  Tab.
  Once you apply this new auth.. scheme. Then you and your users should be able to open URL directly to the 'http://htmldb.oraclecorp.com/pls/htmldb/f?p=960:1'
  To get HTMLDB on your machine you need the following:
  1. Oracle 9i or 10g RDMS software
  2. 10g RDMBS Companion CD
  3. Configure a Oracle database that has XDB schema.
  The 10g Companion CD contains the Oracle Apache and HTMLDB engine software. So you don't need separate Apache install.
  The Oracle DB, Oracle Apache and HTMLDB engine can all installed on one PC.
  If you are using 9i RDBMS , make sure you patch it up to 9.2.0.4 or higher (i think).
  Hope this helps.
  Regards,
  Philip

• Basic Questions for Getting Started

  I want to make a DVD with a menu that will link to video files that will not be compressed at DVD SD size 720 x 480 (I think that is the right size for DVD?) Instead, I need to make the window size of the videos smaller so I can fit as many as possible on a single-layer disc.
  1. Will there be any issues with linking to video files that are not full screen, whether it is played in a computer DVD or a home one?
  2. What is the best format for bringing video in from FCP for doing this? I am guessing that since DVD SP compresses as MPG-2, I should bring the video in a non-compressed format so it does not get double compressed.
  3. Does anyone have any recommendations for a smaller window size that displays well on screen? 400 by something???
  Thanks for any help in advance!!!

  1. Will there be any issues with linking to video
  files that are not full screen, whether it is played
  in a computer DVD or a home one?
  I can only suggest that you try it and see, or ask on the Final Cut Pro discussion forum and someone there will know.
  2. What is the best format for bringing video in from
  FCP for doing this? I am guessing that since DVD SP
  compresses as MPG-2, I should bring the video in a
  non-compressed format so it does not get double
  compressed.
  Yes. You should bring it into DVD SP as a QT file (.mov) which you export from Final Cut, presumably using the option "using QT Compression" which I think gives options for size. However, I have never had luck when using the QT compression option. There may be other utilities which can reduce the size of a QT movie.
  I suppose that you know to use Compressor to make a more efficient compression than the one built in to DVD SP, and to use APack (or whatever it is called in DVD SP 4) to compress sound - that saves a lot of disc space.

• Basic questions for RS232/422/485 & Modbus

  Hello,
  i have to write some libraries for four types above.
  But, i only have a normal windows-computer with a normal serial-connection.
  Do i see it correct that can then only make "RS232" with this and that 422 amd 485 are then "special" serial-cards?
  So for me it seems that 232/422/485 are three different hardware-types.
  And only Modbus is a software-protocol that can be created with labview.
  Is this correct?
  Thanks for help
  Solved!
  Go to Solution.

  RS232/422/485 are hardware specific.  Many RS422 UART cards out there will also handle RS485.  Luckily, most of these cards just show up as a COM port, so the software is the same for all 3.
  According to Wikipedia, most Modbus devices use RS485 as the hardware layer.  I will admit that I have no exprience with Modbus, so I'm not going to offer any advice on it.
  There are only two ways to tell somebody thanks: Kudos and Marked Solutions
  Unofficial Forum Rules and Guidelines

• Morning all. Hope you can help. Basic question for a newbie.

  Is there anyway I can check if a form is in QUERY_ONLY mode??
  Basically I have a button and I want it to do different things depending on if the form is query only or not.
  Really hope you can help me...
  thanks alot...
  Ben

  Whoa. After looking at that I'm still confused.
  We have a form on our system that can be called in 2 different ways. Calling the form normally and calling it in Query only mode depending on the user roles.
  The form we are calling can then call about 10 other forms. However we want it so that one particular form can't be accessed in query only mode but can be accessed in normal mode.
  I'm thinking about just setting a global when calling the main form depending on if it's in query only mode or not. Then checking the global when trying to call to subsequant form, if the global is set to "QUERY_ONLY" then give an error message telling the user is not allowed to view the form or running the form it the global is set to "NORMAL". But didn't know if there was a better way to do it or not.

• Basic question for TACACS

  Hi All,
  I have some issues with TACACS authentication. Do the ACL created for SNMP affect the tacacs authentication if a permit statement is not given for the tacacs server ip.
  Regards,
  Piyush

  The initial config that i did was working fine for authentication:
  aaa new-model
  aaa group server tacacs+ tacgroup
  server 172.30.xx.xx
  server 172.30.yy.yy
  aaa authentication login default group tacgroup enable
  aaa authentication enable default group tacgroup enable
  aaa authorization console
  aaa authorization exec default group tacgroup if-authenticated
  ip tacacs source-interface Vlan34
  snmp-server community xxxxxxxxxx
  tacacs-server host 172.30.xx.xx
  tacacs-server host 172.30.yy.yy
  tacacs-server directed-request
  tacacs-server key 7 060506324F41
  line con 0
  session-timeout 5
  exec-timeout 5 0
  password 7 11481D0029021E0201
  transport output telnet ssh
  line vty 0 4
  session-timeout 5
  exec-timeout 5 0
  password 7 13441317351C11242E
  transport input telnet ssh
  transport output telnet ssh
  line vty 5 15
  transport input lat pad mop udptn telnet rlogin ssh nasi acercon
  But after adding :
  logging 172.17.30.75
  access-list 10 permit 10.70.0.202
  access-list 16 permit 172.17.30.190
  access-list 16 permit 172.17.30.139
  access-list 16 permit 172.17.30.141
  access-list 16 permit 172.17.30.140
  access-list 16 permit 10.0.30.32
  access-list 16 permit 10.0.160.14
  access-list 16 permit 10.0.160.15
  access-list 16 permit 10.0.160.12
  access-list 16 permit 10.0.160.18
  access-list 16 permit 10.0.160.20
  access-list 16 permit 172.17.30.75
  snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
  snmp-server enable traps tty
  snmp-server enable traps bgp state-changes all
  snmp-server enable traps config-copy
  snmp-server enable traps config
  snmp-server enable traps hsrp
  snmp-server enable traps syslog
  snmp-server enable traps cpu threshold
  snmp-server enable traps envmon fan shutdown supply temperature status
  snmp-server host 172.17.30.75 xxxxxxxxxx
  After adding this i lost connection of my devices 1 by one. It gives % Authentication fail on trying to telnet or on console.
  Do i need to add ACS SE ip in this ACL.
  Regards,
  Piyush

• Basic Questions for Airport Express...

  The apartment I am moving into provides Internet services, but you must provide your own wireless router if you would like wireless internet. The apartment is relatively small, and there will be a total of three people in the apartment (I can imagine that only three laptops, two iPhones, and one iPad will be connected to the wireless network at one time).
  I would like to buy a reburbished AirPort Express Base Station with 802.11n and AirTunes (the 2008 version), but can it be used to create a standalone network? Could I just plug it into the wall, connect it to an Ethernet cable, then set up a wireless network from my laptop and be good to go?
  If so, how is the signal strenth? Would it be able to provide fast service to all devices connected in the apartment (the unit is 1188 sq. units in size)? Also, would I be able to connected my non-wireless printer to the Airport Express to print wireless from my laptop?
  Thanks so much.

  Could I just plug it into the wall, connect it to an Ethernet cable, then set up a wireless network from my laptop and be good to go?
  Yes
  If so, how is the signal strenth?
  It all depends on the number of obstructions that the signal must pass through to reach a wireless device. A typical wall absorbs 15-20% of the signal, so you would never want the signal to have to pass through more than 3 walls to reach a connected device.
  Any other wireless networks in the area (there will be plenty in an apartment complex) can also interfere with the wireless signal. No way to know whether this may or may not be an issue until you try.
  Also, would I be able to connected my non-wireless printer to the Airport Express to print wireless from my laptop?
  Yes, assuming that the printer is compatible with the AirPort Express. Most are, but Apple does not provide a compatibility list. You will need to check with the printer manufacturer on that, or simply try it.
  Even if the manufacturer says it "should work", you wont' really know until you try.

• If my 14-day grace period has long passed, is there any way to exchange my Black/Graphite iPhone 6 for a White iPhone 6 of the same capacity?

  Is there a way to exchange an iPhone 6 for one of a different color? If so, what is the fee for that?

      djslank,
  We want you to be happy with all aspects of your phone. If you are beyond the 14 day exchange period, you do have the option to trade in your device and use the trade in value towards the purchase of the phone color you prefer. Click for trade in values www.trade-in.vzw.com. When looking at the purchase price of the phone you would prefer, since you will not have an upgrade available, you will want to view the full retail cost.
  SandyS_VZW
  Follow us on Twitter @VZWSupport

• Firmware question for Color LaserJet: Two computers on my network, Win XP and Win 7. Does it matter?

  I don't understand firmware, but I know I needed to update my CP2025dn printer's firmware.  I used my older computer to do this.  If I had used my newer computer with Windows 7, would this affect my printing from either computer?  Thanks.

  I have tried to install my HP color laserjet 2605 dn on my windows 7 operating system and I get an administrator error