#Unlock diag user and set password

NETAPP::> security login unlock -username diag

NETAPP::> security login password -username diag

Go into Privileged Mode

NETAPP::> set -privilege advanced

Change to Diag User

NETAPP::> set diag

NETAPP::> systemshell local

 

Once here you can telnet like normal

NETAPP%>telnet mail.domain.com 25

to Break out 

CTRL C and CTRL D 

Relock Diag Account

NETAPP::> security login unlock -username diag

GD Star Rating
loading...
GD Star Rating
loading...
  1. Add new WAN interface, enable for Ping and HTTPS
  2. Add a new Static Route with the gateway of ISP with interface of above
  3. Make sure the distance is the same as the existing WAN interface( without the same distance it won’t appear in the routing table )
  4. Try and ping ISP Gateway from CLI
  5. Test Inbound access to https (on right port ) 
  6. Add Policies for new Interface Inbound and Outbound
  7. Make sure the priority is lower than the existing WAN connection for testing, when ready to match existing priority
GD Star Rating
loading...
GD Star Rating
loading...

Sender -> Forward Server -> Reciepient

Exchange 2010 uses a Resent-From header that is added to the message while it is being forwarded externally by the forward server ( this address is the email account used to forward the email )  so emails to the Reciepient server, are checked for SPF check using the Resent-From address and IPs. Which Pass!

With 2016 or Office 365 this Resent-From header is not there and the external contact server does the SPF check using the original sender’s domain and forward server IP address and it hard fails spf.

Workaround: Message Header ReWrite

Use Mimecast to Rewrite the Envelop from Address to the Resent-From Address instead

Configuring Address Alteration Definitions and Policies (mimecast.com)

 

SRS Should be doing this as well

Sender Rewriting Scheme (SRS) in Office 365 – Office 365 | Microsoft Docs

GD Star Rating
loading...
GD Star Rating
loading...

You can send emails via Mimecast instead of 365 , so you don’t need a licensed 365 user.

Login and enable SMTP Email submissions for that user

Use the users Cloud password and email address for Auth

$creds = get-credential

Send-MailMessage -From [email protected] -To [email protected] -Subject "Test Email" -Body "Test SMTP Service from Powershell on Port 587" -SmtpServer au-smtp-outbound-1.mimecast.com -Credential $creds -UseSsl -Port 587

 

If you see

Send-MailMessage : Unable to read data from the transport connection: net_io_connectionclosed

You need to create an Authentication profile with 2fa disabled , and apply it to that user via Application Settings

 

GD Star Rating
loading...
GD Star Rating
loading...

Sending an email to the address stated on your Teams channel, does not come through

You check with SMTP server and it says delivered correctly

Reading a few articles online showed this was an SPF issue , however you can’t prove this , and 365 Support at the moment is very bad so its better trying a few other things. So if teams\sharepoint doesn’t like you using a smarthost , then you can use a Mail Connector in 365 , so separate the domains for teams to use the MX directly per below 

 

This solved the issue

GD Star Rating
loading...
GD Star Rating
loading...

Use below XML File

Make sure the ODT cache is copied to local PC before installing , does not seem to work on UNC patchs

 

Use Elevated Token

 

<Configuration ID="b34f7df2-db1f-476b-ac0d-a9b0142ec695">
  <Add OfficeClientEdition="32" Channel="Current" SourcePath="C:\Program Files\BatchPatch\deployment\ODT" AllowCdnFallback="TRUE">
    <Product ID="O365ProPlusRetail">
      <Language ID="MatchOS" />
      <ExcludeApp ID="Groove" />
      <ExcludeApp ID="Lync" />
      <ExcludeApp ID="Bing" />
    </Product>
  </Add>
  <Property Name="SharedComputerLicensing" Value="0" />
  <Property Name="SCLCacheOverride" Value="0" />
  <Property Name="AUTOACTIVATE" Value="0" />
  <Property Name="FORCEAPPSHUTDOWN" Value="TRUE" />
  <Property Name="DeviceBasedLicensing" Value="0" />
<Property Name="ForceAppShutdown" Value="TRUE" />
<Property Name="PinIconsToTaskbar" Value="TRUE" />

  <Updates Enabled="TRUE" />
  <RemoveMSI>
    <IgnoreProduct ID="InfoPath" />
    <IgnoreProduct ID="InfoPathR" />
    <IgnoreProduct ID="PrjPro" />
    <IgnoreProduct ID="PrjStd" />
    <IgnoreProduct ID="SharePointDesigner" />
    <IgnoreProduct ID="VisPro" />
    <IgnoreProduct ID="VisStd" />
  </RemoveMSI>
  <AppSettings>
    <Setup Name="Company" Value="Yarra Capital" />
  </AppSettings>
  <Display Level="None" AcceptEULA="TRUE" />
</Configuration>

 

 

GD Star Rating
loading...
GD Star Rating
loading...

When trying to edit settings of an Office 365 group you see the follow error

“You cannot manage the General settings for this group in admin on behalf of mode. Please edit them as a client administrator.”

It means you can’t use delegated access . you will need to login to 365 as a Global admin to change

GD Star Rating
loading...
GD Star Rating
loading...

We change a rule so clients from the LAN would access items on the DMZ via the public IP instead of Private ( using DMZ ) 

DMZ <-> LAN to WAN <-> DMZ

1 ) Per this guide , make sure the Virtual IP rule has Any for extintf

https://kb.fortinet.com/kb/documentLink.do?externalID=FD33976

2) You will need to make sure there are rules from LAN -> DMZ that reference the VIP as a source for NAT  —-  ( ANY -> ANY ) on LAN -> DMZ won’t work

 

 

GD Star Rating
loading...
GD Star Rating
loading...