Wildcard certificate for Exchange 2010
Hi
I have single exchange 2010 installed. I have installed single domain name on exchange certificate , it expire next month March 2014. I have a plan to buy new Wildcard certificate for the exchange. I access OWA by ns1.xyz.com/owa without any
problem but in my local network my outlook giving certificate error because of single domain name on certificate.
My question is what name should be on wildcard CSR? Just put the " *.xyz.com " or somting else ? That will work in my local area as well OWA and Outlook anywhere ?
Hi,
According to your description, your internal URLs have the different host name with the external ones.
If you don’t want to change the URLs, we need add the following host names in the certificate:
All the host names in the external and internal URLs including autodiscoverserviceinternalurl;
Autodiscover.smtpaddresssuffix
In this case, SAN certificate is more suitable for your environment than wildcard certificate.
If I misunderstand your meaning, please feel free to let me know.
Thanks,
Angela Shi
TechNet Community Support
Similar Messages
-
Wildcard certificate for Exchange 2013
Hello!
I have a testing network with Exchange 2013SP1 and Windows Server 2012R2 domain controller with CA installed.
For testing purposes I issued a wildcard certificate for my Exch2013 from my local CA using Web server template and installed it on the Exchange server.
Now when I open, for example, ecp or owa page I'm getting the error stating my certificate is wrong:
Q1) Is Windows CA capable of issuing a wildcard certificates?
Q2) If Q1=yes then what can be the cause of the problem?
Thank you in advance,
MichaelHi Michael,
Please click Certificate error in IE to view the details about the error. If the error is related to untrusted certificate, please open Internet Explorer, click Settings > Internet Option > Content option > Certificate. In the
Certificates dialog box, click the Trusted Root Certification Authorities
tab and check if your certificate is in the list.
If the certificate is not in the list, we can install the certificate in Trusted root certificate store by the following KB:
http://support2.microsoft.com/kb/2006728
If the error certificate is related to mismatch issue, please confirm if this certificate is assigned with IIS service. If not, please enable it with IIS service and restart IIS service to have a try. To double check about the Exchange certificate, we can
run the following command to check it:
Get-ExchangeCertificate | FL
Regards,
Winnie Liang
TechNet Community Support -
Unable to install rollup4 for Exchange 2010 SP3
Hi,
I'm unable to install KB2905616 on my multi-role Exchange 2010 SP3 server. The setup wizard gets stuck at "the setup wizard is generating native images for .NET assemblies........"
I know that this process will take some time to complete but I have waited 10 hours.
I've tried to reboot the server and restart the setup.
Exchange is functioning perfectly otherwise.
Any help would be greatly appreciated :)
/Søren EmigHi,
I recommend you check if the anti-virus has been disabled before you start the upgrade process.
If you didn't ,the update could fail or take an extended amount of time.
Also, disable all other third-party apps/plugins that might be installed (like backup agents).
In addition,the following articles for your reference:
Install the Latest Update Rollup for Exchange 2010
When you install an update rollup package, Exchange tries to connect to the certificate revocation list (CRL) Web site. Exchange examines the CRL list to verify the code signing certificate. (To download and view the CRL list, see
CodeSignPCA.crl.) If Exchange can't connect to the CRL Web site, the following symptoms may occur:
The installation takes a long time to complete.
You receive the following message during the installation: Creating native images for .Net assemblies
When Exchange isn't connected to the Internet, each CRL request must complete before the installation can continue.
To work around this issue and to reduce installation times, turn off the
Check for publisher’s certificate revocation option on the server that is being upgraded. Use the following steps:
Start Internet Explorer.
On the Tools menu, click Internet Options.
Click the Advanced tab, and then locate the Security section.
Clear the Check for publisher’s certificate revocation check box, and then click
OK.
After the update rollup installation is complete, select the Check for publisher’s certificate revocation option.
Generating NGEN images takes longer than expected
Hope this helps!
Thanks.
Niko Cheng
TechNet Community Support -
How to set default website for exchange 2010
I'm unable to launch the Exchange Management Console, and then I read that it's necessary to set the default web site in a particular way, in order for Exchange 2010 Management Console to work:
http://social.technet.microsoft.com/Forums/en/exchange2010/thread/4d396628-3867-4c95-9541-e0eb021e0135
However, after setting up Sharepoint, I see that it has modified the default website, and I'd like to ask for specific settings on how the default web site bindings should look (for exchange). Could someone please advise what I need to do to correct it?
I'm having trouble interpreting what Mike Crowley recommends in the linked post above, in terms of actual steps to the site binding information (which won't mess up what exists).
Currently it says:
Type port ip address binding information
net.tcp
808:*
net.pipe
net.msmq localhost
msmq.formatname localhost
http 80 127.0.0.1
https 443 *
http 80 *
https 443 127.0.0.1
It seems the line for http on port 80 is *, which I guess is equivalent to 'all unassigned'. Is the previous http port 80 binding to 127.0.0.1 causing the problem?
But I'm also supposed to set a Powershell VDir in IIS. Can someone provide steps for that?Regarding SharePoint on Exchange:
It was not allowed earlier, as documented here:
http://office.microsoft.com/en-us/sharepoint-portal-server-it/coexistence-and-interoperability-guide-for-sharepoint-products-and-technologies-HA001160777.aspx & here:
http://support.microsoft.com/kb/825505 but there doesn't seem to be anything more recent than this. I would work under the assumption it is not supported outside of
SBS 2011 (which I am not very familiar
with).
Mike Crowley
Check out My Blog! -
How to do the hard recovery for exchange 2010 (No Restore.env generated)
enrollment:Windows server 2008 R2, exchange 2010.
I want to test the fundamentally of eseutil /cc
so I backup the exchange database by Using the Windows backup, then I restore the database, and no Restore.env be found.But I found I can run the
eseutil /r.
what's happened?
1,why No Restore.env generated for exchange 2010 in Windows server 2008 r2?
2,why I can do the soft recovery after the restoring the database?
3, how to do the hard recovery for this situation(No Restore.env )?
Please click the Mark as Answer button if a post solves your problem!Hi Eric,
From your description, I would like to clarify the following things:
1. Before performing the restore process, we need to dismount the Exchange databases that we want to restore. If the database is still mounted, the restore process will fail. If the restore process doesn't succeed, Restore.env won't be generated.
2. It is because the log files are healthy, you can run Eseutil/r and perform soft recovery.
3. In your case, you can continue to perform the soft recovery.
For more information about hard recovery and soft recovery, here are some helpful threads for your reference.
Exchange Server Soft and Hard Recovery
http://technet.microsoft.com/en-us/library/aa996168(v=exchg.65).aspx
Exchange Database Recovery – Using eseutil commands (Note: It isn't from Microsoft, please pay attention to refer to it.)
http://msexchangeguru.com/2009/07/12/exchange-database-recovery-using-eseutil-commands/
Hope it helps.
If there any problems, please feel free to let me know.
Best regards,
Amy
Amy Wang
TechNet Community Support
" If the restore process doesn't succeed, Restore.env won't be generated. "
thank you for you reply.The restore process succeed,otherwise I can't do the soft recovery after the restoring the database,but can't see the restore.env
Please click the Mark as Answer button if a post solves your problem! -
Outlook 2007 Clients Cannot Access Free/Busy Calendar info. for Exchange 2010 Mailbox
Hi:
I have Outlook 2007 clients that cannot access Free/Busy Calendar info. for Exchange 2010 mailboxes. They receive error like "...you do not have appropriate permissions..."
If those same users logon to a machine running Outlook 2010 then they can view the free/busy info. of the other user's mailbox, so I believe the permissions are set correctly on the mailbox to allow the viewing.
Any insights are greatly appreciated!
Thank you!
Bob Herman IT TropolisHi Herman,
As you said, it seems users have proper permissions on mailbox.
Please make sure users has Reviewer permission on Outlook 2007.
Please try to run Outlook 2007 under safe mode or re-create profile.
Also try to turn Outlook 2007 to Exchange Online mode from Cached mode.
Thanks
Mavis Huang
TechNet Community Support -
Configuration for LDAP IP Address and Port for Exchange 2010
Let's say Exchange 2010 is installed on a computer that is joined to a domain. However, I would like to redirect LDAP authentication to another IP address and another port like how sharepoint implement it below
http://sharepoint.stackexchange.com/questions/33540/ldap-authentication-connection-string
Is it possible to do the equivalent for Exchange 2010?
Note: I would like to do this without installing any Edge Transport server or Microsoft Forefront TMGThe question I would need to ask is "Why would you need to do this?" I ask because Exchange requires an Active Directory account for authentication. That account may have permissions from some other directory (as in a linked mailbox),
but the account is used to find it. For SharePoint, you can authenticate to other directories directly. -
Mails blocked in queue the moment forefront for exchange 2010 started
Hi,
We have newly installed Forfront protection 2010 for Exchange 2010 installed in our exchange 2010 Edge Server.
Mails got struck in the Queue immediatly after the forefront installations.
Mailflow works properly one we unhook the forefront from Exchange.
need to enable the forefront. Got struck in these. How to proceed up further.
Thanks,
PradeepHi,
Please compare your configuration with the following blog or video. These might help.
http://araihan.wordpress.com/2010/03/15/forefront-protection-2010-how-to-install-and-configure-forefront-protection-2010-for-exchange-server-2010step-by-step/
http://www.youtube.com/watch?v=b2BgTmeXwUs
(Note: Microsoft provides third-party contact information to help you find technical support. This contact
information may change without notice. Microsoft does not guarantee the accuracy of this third-party contact information.)
Best Regards,
Joyce
We
are trying to better understand customer views on social support experience, so your participation in this
interview project would be greatly appreciated if you have time.
Thanks for helping make community forums a great place. -
Forefront for exchange 2010 - how long?
Hi there.
Read this article: http://blogs.technet.com/b/server-cloud/archive/2012/09/12/important-changes-to-forefront-product-roadmaps.aspx
I would have additional question.
Our company is MS Gold Partner and we need to renew our yearly license every year around AUGUST.
We are thinking about changing our SPAM filter external gateway with exchange edge, but as we can see from that article, you Will be unable to renew it license after December 2015.
I know that Microsoft offers online Forefront protection but that is not option in our case because of data sensitivity.We need an answer how long we Will be able to get updates regarding forefront for exchange 2010 and be licensed ok?
I guess after 2015 december Forefront Exchange 2010 Will no longer recieve spam updates thru Windows update, right?
And also engines Will not be updated after that date?
Is this the correct view and understanding?
with best regards
bostjancHi Bostjanc,
>>how long we Will be able to get updates regarding forefront for exchange 2010 and be licensed ok?
I think you must have seen the information below in that blog.
For current customers, Microsoft will continue to support the subscription through Dec.31, 2015. If customer subcriptions expire before Dec.31, 2015, and annot be renewed because the product is no longer offered, these products will continue to be supported
through that date in order to provided with customers sufficient time to move to alternative solutions.
You could also check the following blog.
License extension for End-of-Life Antigen/Forefront products
Note: Microsoft provides third-party contact information
to help you find technical support. This contact information may change without notice. Microsoft does not guarantee the accuracy of this third-party contact information.
If the information above still cannot resolve your questions, please contact Microsoft to get definitive answers.
Best Regards,
Joyce
We
are trying to better understand customer views on social support experience, so your participation in this
interview project would be greatly appreciated if you have time.
Thanks for helping make community forums a great place. -
Forefront protection for exchange 2010 - updates?
Installed Exchange EDGE server with Forefront Protection for Exchange 2010.
Installed hotfix update rollup 4 for forefront (I think it's the latest because I haven't found any newer).
We have basically left everything on default in forefront, and if we take a look on dashboard in gui we see this error message:
not all the antimalware engines selected in the forefront adminstration console for scanning have been enabled for updates.
where should we take a look whats not being updated. Please a little help.
with best regards,
bostjancHi.
Meanwhile I have also found information that it has been retired
https://social.technet.microsoft.com/Forums/forefront/en-US/400fa485-edc9-499f-8294-c196496437d8/not-all-of-the-antimalware-engines-enabled-for-updates-successfully-updated-at-the-last-attempt?forum=FSENext
bostjanc -
Disater Recovery for exchange 2010 plan in Cloud computing
Hi
We are using exchange 2010 for our messaging solutions. Please find below our current setup.
mainsite: MBX Server --- 1no --> Hyper V host
Hub&Cas ----- 1No --> Hyper V Host
Edge ---- 1NO --> Physical
DR site : MBX,Hub&CAS -- 1No --> Physical
Edge --- 1no --> physical
we enabled the DAG for our Mail box server and its replicating through a point to point link between our main site with DR site.
Now we are interested to enable our DR (disaster recovery) in MS cloud. Please let me know the process to go further .
how will the DAG or DB replicate to DR Site in cloud?. how its works?
much appreciated if any body have this setup .
Best Regards
Jagadeesan.S
O
JagsHello,
Kindly find the 3 types of plan for Exchange 2010 DR site. You can check all 3 plans and select as per your requirement.
1. Rebuild an Entire Database Availability Group plan
http://technet.microsoft.com/en-us/library/gg513521.aspx
2. Site Resiliency in Exchange 2010
http://www.msexchange.org/articles-tutorials/exchange-server-2010/management-administration/planning-deploying-testing-exchange-2010-site-resilient-solution-sized-medium-organization-part1.html
3. Exchange 2010 Cross Site DAG Disaster Recovery: Data Center/AD Site failure Part 1
http://msexchangeguru.com/2012/10/25/exchange-2010-dag-dr/
Deepak Kotian. MCP, MCTS, MCITP Exchange 2010 Ent. Administrator -
Transport Rule MessageSizeOver for exchange 2010
Hi
I have an exchange 2010 SP3 RU 3 environment with edge transport server implemented. I want to Have Transport rules to limit message size going outside/coming inside on edge transport.
I recently found a solution with -messagesizeover switch for new-trasportrule command in exchange 2013. Unfortunately its unavailable in exchange 2010.
I am wondering if there is a workaround or update for exchange 2010 to add this functionality.
Thanks in advance
FarhadHi,
On Exchange 2010, there is no MessageSizeOver parameter when you create a transport rule. But you can limit the sending and receiving message size of the whole Exchange organization using the following cmdlet.
Set-TransportConfig -MaxReceiveSize xxx -MaxSendSize xxx
If you want to limit the sending and receiving messages size for a specific mailbox, you can use the cmdlet below.
Set-Mailbox xxx –MaxSendSize xxx –MaxReceiveSize xxx
Hope it helps.
Best regards,
Amy Wang
TechNet Community Support -
Uninstall Forefront for Exchange 2010
I have acquired another spam filter appliance that will used instead of Forefront for Exchange 2010.
How do I uninstall Forefront for Exchange 2010 without any issues while still using Exchange 2010.
Basically the email will go through the email appliance filter then to Exchange. I want to deactivate or uninstall Forefront for Exchange with impacting my email services. Is it as simple as just uninstalling it?Hi,
About uninstalling Forefront for Exchange 2010, you could check the following article.
If spam filtering was enabled, the configurations in the corresponding antispam settings in Microsoft Exchange that were leveraged by FPE will be retained by their Exchange antispam counterparts after FPE is uninstalled. These settings include: Connection
Filtering, Sender ID Filtering, Sender Filtering, and Reciepient Filtering. To change these configuration settings you will need to modify them through the Exchange management console.
Uninstalling Forefront Protection 2010 for Exchange Server
Best Regards,
Joyce
We
are trying to better understand customer views on social support experience, so your participation in this
interview project would be greatly appreciated if you have time.
Thanks for helping make community forums a great place. -
How to test if Spam protection with Forefront for Exchange 2010 works
Hi there.
Installed forefront for exchange 2010 on Exchange Edge server.
We have tested virus protection with creating EICAR, but the question is, is there a way to check if SPAM Works fine, and how to?
with best regards
bostjancHi bostjanc,
Since this is an issue on the Forefront side, I suggest ask Forefront Forum for help so that you can get more professional suggestions. For your convenience:
https://social.technet.microsoft.com/Forums/forefront/en-US/home?forum=FOPE
However, based on my knowledge, use the EICAR antivirus test file is the only built-in method to check whether the Anti-Spam configured correctly.
You can try to send some test spams to your Exchange server for testing, even if this is a stupid method : )
Thanks
Mavis Huang
TechNet Community Support -
Support Forefront Protection 2010 for Exchange 2010 SP3
Hi
I have a simple question: Is there a full support of FPE 2010 (Version 11.0.727.0) for Exchange 2010 SP3 (and Rollup Updates)?
ThomasHi,
It seems that FPE 2010 for exchange 2010 SP3 is supported and you need to install the Rollup 4. For more detailed information, please refer to the link below:
Hotfix Rollup 4 for Microsoft Forefront Protection for Exchange
Updates for Microsoft Forefront and Related Technologies
Hope this helps!
Susie
Maybe you are looking for
-
ITunes can't find my external hard drive music
Hello, our computer crashed recently and I have restored Windows Vista and iTunes. All of our music is stored on an external hard drive (drive I). There is a main "iTunes music" folder, and then there are a ton of folders in there that are named by m
-
HTTPService is not working.
I have an application in which I send an HTTP request using HttpService.send. It works fine when I run it using FlexBuilder but when I simply open the main.html file in web browser(directly) it stops working. In this case no Http Request is sent and
-
Error in Receiver JDBC communication channel
Hi friends, I am getting an error in communication channel while inserting xml data into ORACLE database. Error is like "Message processing failed. Cause: com.sap.aii.af.ra.ms.api.RecoverableException: Error processing request in sax parser: Error wh
-
Dear All, I have created for example 20 UDFS in marketing document. Out of this i have set 10 UDFs for Sales order to user A. Can i copy the same setting to User B for sales order. Since manually loging in to respective user and setting UDF consumes
-
Digital ı/o problem in mseries 6229 daq card
In our lab, we have a 6229 M series daq card. We want to send digital output , ( three square waves and their direction values for driving 3 dc motors. We will change pulses or frequencies during application). we tried to send the signals from single