Recently had a client delay receiving emails

A check of SMTP logs showed

4.7.0 SMTP; 403 4.7.0 TLS handshake failed

To investigate : 

Open Exchange Management Console

Go to Server Configuration and check Exchange Certificates check if there are any expired with SMTP next to them

Renew Self Signed Certificates  :

  1. type Get-ExchangeCertificate to list the installed certificates

  2. Match the certificate to the expired certificate (using subject the name and services) from the Console then copy the associated thumbprint

  3. Type Get-ExchangeCertificate –Thumbprint INSERTTHUMBPRINTHERE | New-ExchangeCertificate

Renew Third Party Cert

  1. Go through the process of Renewal with your Third Party SSL Authority

To disable Receiving email via TLS

Go to Hub Transport under Server Configuration, then Untick Transport Layer Security (TLS) for each Receiver Connector

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

When trying to add your email account to Outlook 2016 you get the follow error

an encrypted connection to your mail server is not available

365 is obviously  encrypted which means there must be something wrong with Autodiscover

  1. Check Autodiscover

Should be a CNAME to autodiscover.outlook.com. ( Put full stop on the end )

2. Make sure you have finished setting up the domain in 365 or it won’t listen for the domain

Test Autodiscover via : https://testconnectivity.microsoft.com/

Try logging in to powershell on your 365 Tenant and disabling OAuth2 (2fa ) 

Set-OrganizationConfig -OAuth2ClientProfileEnabled:$true
VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

When adding an Exchange account to a Send and Recieve Group you could get Sync Errors occuring

published calendar 0x80004005

To check which Published Calendar the error was talking about , go into  Account settings and go to the following tab below

You can remove these if you don’t need/want them

Image result for published calendar

 

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

For some reason I couldn’t delete credentials from Veeam due to them being used on a Shared Folder that did not existing in a backup repository or Tape to Folder. In the end I had to use SQL remove this.

  1. Verify the record to be deleted by running the following query against the configuration database (VeeamBackup by default);

    SELECT * FROM [backup.model.mrulist]
  2. Run the following query, changing <share path> to match the record to be deleted.

    DELETE FROM [backup.model.mrulist] WHERE url = ‘<share path>’
VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

If a website a being blocked from being viewed due to Fortinet web filter with the Category 

“newly observed domain” 

This is due to URLs whose domain name is not rated and were observed for the first time in the past 30 minutes. 

You can wait 30 minutes or you can use the Web Ratings Overrides below to change the category from newly observed domain to an accepted Category like Business and Finance

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 2 votes)

A windows update to Windows 10 has stopped the Camera on a x360 HP laptop working on Windows Hello ( Camera Login ) however the camera works for everything else

HP has released a driver update which fixes this problem , which you can download from below

ftp://ftp.hp.com/pub/softpaq/sp77501-78000/sp77657.exe

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

Recently had a Citrix server start to pulse on Disk Space useage in Monitoring where it would use 25 Gig’s in an hour then clear which brought up waves on the disk usage monitoring. The good news was that it was happening every hour so easily trackable in realtime.

I used performance monitor to check what the top process was that was writing to disk which was System … which did not help

Then I checked the folder, that System process was writing to the most, which picked up to be this single file : 

C:\Windows\System32\LogFiles\UserProfileManager\%domain.local%#%servername%_pm_config

Checking this file and it was 20 Gigabytes which would be the largest Config File I have ever seen!

I restart the Citrix Profile Management Service which dropped the File back down to 378kb and stopped the excessive disk writes/useage!

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

2010

Create a Group Policy to Delete these keys

[-HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\DisabledItems]
[-HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Resiliency\DisabledItems]
[-HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DisabledItems]

 

2013

The above does not work for 2013 and this key needs to disable mssphtb.dll ( Windows search for Outlook 2010 ) 

You will need to find your Outlook Add In name for the below ( I have used WorksiteEmailManagement.Connect )

If you install the plugin it should be listed in 

HKEY_CURRENT_USER\Software\Microsoft\Office\Outlook\Addins

Add the following Registry Key which adds the same behaviour as if the user had chosen “Always enable this add-in” from the dialog shown above:
Warning: These steps involve modifying the Windows Registry. Exclaimer strongly recommend backing up the Windows Registry before making any changes to it.

  1. Launch Windows Registry Editor
  2. Navigate to the following path in the tree on the left: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Resiliency\DoNotDisableAddinList
  3. Using the pane on the right, right-click and from the menu select New, DWORD (32-bit) Value
  4. Enter the name as WorkSiteEmailManagement.Connect
  5. Double-click the entry to edit it
  6. Set the value to 1
  7. Close Windows Registry Editor

 

Add the following Registry Key which adds the same behaviour as if the user had chosen “Always enable this add-in” from the dialog shown above:
Warning: These steps involve modifying the Windows Registry. Exclaimer strongly recommend backing up the Windows Registry before making any changes to it.

  1. Launch Windows Registry Editor
  2. Navigate to the following path in the tree on the left: HKEY_CURRENT_USER\Software\Microsoft\Office\Outlook\Addins\WorkSiteEmailManagement.Connect
  3. Using the pane on the right, right-click and from the menu select New, DWORD (32-bit) Value
  4. Enter the name as LoadBehavior
  5. Double-click the entry to edit it
  6. Set the value to 3
  7. Close Windows Registry Editor
VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

Recently I tried to delete a stuck file in Explorer which produced the error 

Could not find this item , This item is no longer located in xxxxxx

I tried to user Command prompt, file unlocked and reboot the server to see if System had locked the file all unsucessfully.

In the end I have to use command prompt to rename the Parent Folder of the file

ren “Parent Folder Name” “Test”

This cleared and removed the file if not you should be able to delete this in Comand prompt and explorer , I was then able to rename this folder back or delete the folder if needed.

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

In Office 365 when trying to Release selected message and allow Sender in the Exchange Administration portal is shows the following error

“You don’t have permission to open this page. If you’re a new user or were recently assigned credentials, please wait 15 minutes and try again”

It does allow you to just release messages. The issue is the user needs to be a Member of Hygiene Management and Organization Management Roles in 365  ( Under Permissions and Admin Roles ) 

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)