Posts Tagged ‘exchange’

Symptoms – staff unable to login to Outlook for Desktop 

Error found in event log on patched Domain controller

The Netlogon service denied a vulnerable Netlogon secure channel connection from a machine account.  

Workaround

Deploy GPO to allow insecure connections (this should be done only until machines are patched)

 

Refer to https://support.microsoft.com/en-au/help/4557222/how-to-manage-the-changes-in-netlogon-secure-channel-connections-assoc

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

Do they use Auto-Mapped mailboxes?

 Had this issue with a number of staff here directly after migration from 2010 to 2016

Fix:

$mailboxes = Get-MailboxPermission -Identity * -User <username> | Select -ExpandProperty Identity

Foreach($mailbox in $mailboxes){Remove-MailboxPermission -Identity $mailbox -user <username> -AccessRights fullaccess -Confirm:$False}

Foreach($mailbox in $mailboxes){Add-MailboxPermission -Identity $mailbox -User <username> -AccessRights fullaccess -AutoMapping $false -Confirm:$False}

Wait a few mins then see if the user can open Outlook.

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

 

Check the user is connecting to Exchange via MAPI , I had a few setups where users were set to Active Sync instead

In this case, the solution was to run both commands on the exchange server:

Set-AutodiscoverVirtualDirectory “SERVER\Autodiscover (Default Web Site)” -WSSecurityAuthentication $True

Set-WebServicesVirtualDirectory -identity “EWS (default web site)” -WSSecurityAuthentication $true

This two command solved my problem

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

Recently had a customer on Small Business Server think someone might be logging into the server as him. To check logs in IIS for a user : 

1 )Download and install Log Parser 2.2

2 ) Copy the logs from the default Location 

C:\inetpub\logs\LogFiles\W3SVC1 

to C:\Temp\Logs\

3) Save the following as query.sql in C:\Temp\Logs\

SELECT cs-username, date, time, c-ip, cs-uri-stem, cs(User-Agent) FROM C:\Temp\Logs\*
WHERE cs-method LIKE ‘%get%’ and cs-uri-stem LIKE ‘%owa%’

Run : 

Logparser.exe file:C:\Temp\Logs\query.sql -i:IISW3C -o:CSV

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

Can be done via IMAP Settings below

 

Settings for IMAP Configuration:

  EMAIL ADDRESS: sharedmailbox@domain.com (shared mailbox)

  IMAP SERVER: outlook.office365.com Port 993 with SSL
  SMTP SERVER: smtp.office365.com Port 587 with TLS

  USERNAME: user@domain.com\sharedmailboxalias  (user\shared mailbox alias)
  PASSWORD: UserPassword (user’s password)

SMTP LOGIN IS DIFFERENT (!)

  USERNAME: user@domain.com (users email)
  PASSWORD: UserPassword (user’s password)

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

Recently had a client delay receiving emails

A check of SMTP logs showed

4.7.0 SMTP; 403 4.7.0 TLS handshake failed

To investigate : 

Open Exchange Management Console

Go to Server Configuration and check Exchange Certificates check if there are any expired with SMTP next to them

Renew Self Signed Certificates  :

  1. type Get-ExchangeCertificate to list the installed certificates

  2. Match the certificate to the expired certificate (using subject the name and services) from the Console then copy the associated thumbprint

  3. Type Get-ExchangeCertificate –Thumbprint INSERTTHUMBPRINTHERE | New-ExchangeCertificate

Renew Third Party Cert

  1. Go through the process of Renewal with your Third Party SSL Authority

To disable Receiving email via TLS

Go to Hub Transport under Server Configuration, then Untick Transport Layer Security (TLS) for each Receiver Connector

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

There are three ways to forward mail from one user to another in Exchange

  1. Exchange Forwarding Most Common – Done by Administrator
  2. Inbox Rule – Done by User
  3. Hub Transport Rule – Done by Administrator

1 and 3 can be checked easily and there will be references of when this is done and not done usually in tickets , however users can enable Inbox rules by themselves then contact your later to disable the forward.

Here is how to check for forwarding or redirecting rules on mailbox in 365

 foreach ($i in (Get-Mailbox -identity %USERNAME%))
{ Get-InboxRule -Mailbox $i.DistinguishedName | where {$_.ForwardTo} | fl MailboxOwnerID,Name,ForwardTo }
  foreach ($i in (Get-Mailbox -identity %USERNAME%))
{ Get-InboxRule -Mailbox $i.DistinguishedName | where {$_.ReDirectTo} | fl MailboxOwnerID,Name,RedirectTo}

To Disable
Disable-InboxRule -Identity "%NAME OF RULE%" -Mailbox "%USERNAME"
 
VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

Backup Exec VSS Error

back-up-exec[1]According to the Error logs of Backup Exec it is a VSS error.

Indeed there is VSS error for the Exchange VSS Writer, when I ran the command “VSSADMIN LIST WRITERS”.

I restarted the VSS service and started another backup which resolved the problem.

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

The name of the security certificate is invalid or does not match the name of the siteRecently we moved exchange certificates to a certificate with no local SAN’s inside to be in compliance . This involves creating and A record for your external domain name internally , then changing all internet and external paths to the full qualified external domain name. Digicert has a great guide to do this : https://www.digicert.com/ssl-support/redirect-internal-exchange-san-names.htm

After this is done, you can reissue the certificate with the local SAN’s removed using a new CSR ( .req file ) generated from Exchange and apply to all client access servers. 

This was done , however a few ( not all )  users in our organisation where getting the prompt above linking to autodiscover.domain.local . Checking on the effected users , it seems their Outlook were referencing old Exchange accounts that didn’t exist anymore in exchange. Removing these old accounts from outlook and restarting fixed this. Reprofiling will also fix this!

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)