Category Archives: Exchange Server HowTo

How to ?

Critical problem with Litigation Hold detected in OWA – Exchange Server 2013 and Exchange Online (Office 365)

P5_400x225_Exchange-Online-Plan-1
Recently, a very important critical problem has been detected in the behaviour of litigation hold in Exchange Server 2013 and Exchange Online.

When a mailbox is enabled for litigation and holds a delegate of the mailbox is able to use OWA to permanently delete folders (and their items) from the mailbox, without them being preserved correctly by the litigation hold.

The issue impacts Exchange Online and all supported versions of Exchange Server 2013 on-premises. The bug does not exist when mailboxes are accessed via Outlook or other clients, only when accessed via OWA

Microsoft has released KB2996477 which also describes the issue:

This problem occurs when a user uses OWA to delete or move a folder from a delegated mailbox that is on hold to another mailbox if that mailbox is also open in OWA but is not on hold. The items are preserved according to the hold settings of the delegate’s own mailbox, not the settings of the delegated mailbox. The delegate can move or delete individual items inside a folder, and the items are preserved as expected.

Non-delegated scenarios, in which one user is the sole owner of a mailbox, are not affected by this issue. This problem also does not occur in the Outlook client.

There are 2 known solutions:

1. Put a hold on all users who are participating in delegated scenarios.

2. Disable OWA for users who have delegated access to their mailbox.

First, it’s worth verifying whether any mailboxes in your organization are enabled for litigation hold.

[PS] C:\>Get-Mailbox | where LitigationHoldEnabled

Name                      Alias                ServerName       ProhibitSendQuota
----                      -----                ----------       -----------------
Aurel Proorocu            aurel.proorocu       exch2013         Unlimited
IT Support                it.support           exch2013         Unlimited

If disabling OWA is a practical solution for your organization this can easily be performed, for example:

[PS] C:\>Get-Mailbox | where LitigationHoldEnabled | Set-CASMailbox -OWAEnabled:$false

Of course, if the mailboxes are under investigation it may not be wise to tip off the mailbox owner by disabling OWA. In that case enabling litigation hold for the other users with access to the mailbox would be the better approach.

Sharepoint sends mail that goes in spam folder | Outlook 2010 / 2013 | Exchange 2010

exchange

A few days ago I received a request from a reader of my blog:

I am a SharePoint Developer and not familiar with exchange server.  I will really appreciate if you can please help me on this:

Issue is that we are sending an email from our custom application in SharePoint to “ALLUsers” group which contains all the employees of the organization. This email is send via SharePoint using SPUtility.SendEmail method. Now, not all the times but some times emails goes to Junk E-mail folder. 
 
We have discussed this with IT and they said they have already added the IP address of our SharePoint Server into “whitelist”. After much discussion, they have send us following code to add it in our email:
 
objMessage.Configuration.Fields.Item(“http://schemas.microsoft.com/cdo/configuration/smtpauthenticate“) = cdoBasic objMessage.Configuration.Fields.Item(“http://schemas.microsoft.com/cdo/configuration/sendusername“) = “abc@dom.com” objMessage.Configuration.Fields.Item(“http://schemas.microsoft.com/cdo/configuration/sendpassword“) = “password_of_abc@dom.com
 
I am not sure that this will work. Also, what else we can do? we are running “Exchange Server 2010 SP2 with Rollup #5”
Solution:

#1. If the Exchange Server spam filter also filters the local relay then:

Probably they only white-listed the ip but that doesn’t make Exchange to also skip the anti-spam policy.
We are talking about a e-mail addresses that is on a server and when you try to send emails to addresses from the same server they go into junk.

To do that, they have to give this command in power-shell:

set-mailbox nameof.mailbox -AntispamBypassEnabled $true

get-mailbox nameof.mailbox | fl *spam*,*SCL*
AntispamBypassEnabled  : True
*replace nameofmailbox with the name of the account configured

#2 If the Exchange Server does not filter local relay for spam: 

You are sending a internal e-mail from a address to a list and it goes to spam but the exchange does not filter local relay.
Then you need to add a safe senders list via a GPO for everyone for Outlook. Because the problem is Outlook has it’s own mechanism for anti-spam.
( For testing before you do that: add this address to safe senders on one computer with Outlook and then send the mass message and see if it still goes to spam –> it should not ).
Tutorial how to make a GPO for this can be found here.

If you have problems / questions / ideas please you can comment here or contact me

Enjoy !

HowTo Whitelist a domain or email address in Microsoft Exchange 2010

exchange-2010-logo-e1344444075384

First of all, what is a whitelist ?
A whitelist is a list of known safe email senders.  Whitelists can be made up of IP addresses, domain names, or email addresses.  In most cases businesses will choose to whitelist domain names of highly trusted customers or suppliers, or email addresses that are the source of critical emails.

Whitelist features are not available via Exchange Management Console (the GUI), so this will have to be completed via the Exchange Powershell Open powershell via the exchange menu item and run one of the following scripts, based on your requirement:

To check whats currently whitelisted (Bypassed Recipients):

Get-ContentFilterConfig

To whitelist a single email address:

$list = (Get-ContentFilterConfig).BypassedSenders

$list.add("new.mail@address.com")

Set-ContentFilterConfig -BypassedSenders $list

To whitelist an entire domain:

$list = (Get-ContentFilterConfig).BypassedSenderDomains

$list.add("domain.com")

Set-ContentFilterConfig -BypassedSenderDomains $list

ENJOY.

And if you encounter any problems feel free to comment contact me.

How to check if standard or enterprise Exchange 2010 is installed?

This thing can be done by using the GUI or by using Powershell.

A. Using GUI

1.Open EMC / Expand untill you get to Server Configuration ( and click on it ) / On the right panel will appear the server configuration:

2. Click on View / Add/Remove Columns

3. In the window that appears click on Edition and the Add / then OK:

4. After that the column with the edition will appear:

B. Using Powershell

1. Open Microsoft Exchange Management Powershell
2. Run the following command:

get-exchangeserver


ENJOY.

And if you encounter any problems feel free to comment contact me.

Forefront Protection 2010 for Exchange Server 2010 | Antispam / Test

First of all why do you need Forefront Protection for Exchange Server ?

Microsoft Forefront Protection 2010 for Exchange Server (FPE) provides fast and effective protection against malware and spam by including multiple scanning engines from industry-leading security partners in a single solution. FPE provides customers with an easy-to-use administration console that includes customizable configuration settings, filtering options, monitoring features and reports, antispam protection, and integration with the Forefront Online Protection for Exchange (FOPE) product. If you have installed FPE on multiple Exchange servers, such as in an enterprise, you can manage them with the Microsoft Forefront Protection Server Management Console (FPSMC). Additionally, you can use Windows PowerShell, a command-line shell and task-based scripting technology that enables the automation of system administration tasks, to administer FPE.

Installing FPE on a Mailbox / Hub Transport Exchange Server

  • During installation you’ll be asked whether or not to enable Antispam, the default will be to not enable it.  That’s what we want, we’ll leave that task to the Edge server.
  • FPE on an internal machine will provide Antivirus and Antimalware protection.  You’ll also be able to run on-demand scans of individual mailboxes if you so choose.

Installing FPE on an Edge Transport Exchange Server

  • This time the default will be to enable Antispam, which is exactly what we want.
  • Edge servers don’t have direct access to any mailboxes, so you can’t run scans on selected objects from here.

Update FPE Spam Definitions and Engines

  • Spam/Virus/Malware definitions should come through Windows update automatically.  Just be sure they’ll install automatically.
  • To update your FPE Engines, browse to your Policy Management -> Global Settings -> Engine Options and choose Update All Engines Now from the options pane.

Send Test Emails

  • To test if Antispam is functioning properly head on over to Gtube.net.  Send a Gtube test from an external domain and you should receive an automatic reply that the mail is undeliverable:#550 5.7.1 Message rejected due to content restrictions ##
  • To test Antivirus/Antimalware, use EICAR.org.  Send the EICAR signature as an attachment from an external domain and you should receive the email, but the attachment will be quarantined.

Solved | A connection couldn’t be made to Exchange server named ‘Exchange_2010′….

This error is quite common in the GUI of Exchange 2010. The first thing you need to do… is:
DO NOT PANIC !

1. Go to Start services.msc

2. Browse for the Microsoft Exchange Service Host / right click on it Restart ( if already started ) or Start ( if it was stopped )

ENJOY.

And if you encounter any problems feel free to comment contact me.

SOLVED | Exchange 2010 | Connecting to remote server failied with the following error message: The WinRM client received an HTTP server error status (500)

One quite common error I faced during the Exchange 2010 era is the WinRM HTTP Error:

If i use the management tools GUI i get an error message saying:
“Connecting to remote server failied with the following error message: The WinRM client received an HTTP server error status (500), but the remove service did not include any other informaition about the cause of the failure. For more information, see the about_Remote_Troubleshooting Help topic. It was running the command ‘Discover-ExchangeServer -UseWIA $true -SuppressError $true’.”

Using the Exchange Management Shell is get a similar error:
Connecting to remote server failied with the following error message: The WinRM client received an HTTP server error status (500), but the remove service did not include any other informaition about the cause of the failure. For more information, see the about_Remote_Troubleshooting Help topic.
+ CategoryInfo : OpenError: (System.Manageme….RemoteRunspace:RemoteRunspace) [], PSRemotingTransportException
+ FullyQualifiedErrorId: PSSessionOpenFailed”

FIRST THING YOU MUST DO: DO NOT PANIC !
DO NOT REBOOT THE SERVER !!!
I WILL EXPLAIN HOW TO SOLVE THIS IN A FEW EASY STEPS:

1. When you open the EMC ( Exchange Management Console ), you will get an error similar to this: 

2. Go to START Administrative Tools / Server Manager / Features Add Features / And check WinRM IIS Extensions / NEXT NEXT CLOSE:
!!! IF YOU ALREADY HAVE THIS ROLE INSTALLED, JUST REINSTALL IT ! 

3.  Close Reopen EMC and it will work like a charm ( NO REBOOT REQUIRED ):

ENJOY.

And if you encounter any problems feel free to comment contact me.

How to Configure Storage Quotas in Exchange 2010 ?

In exchange 2010 the quotas can be either set for the entire ExchangeDB, or per mailbox.
Atention ! If you set a quota on the DB, and then you set a quota on the mailbox, the mailbox setting will override the DB setting.

A. How to set a storage QUOTE for a Exchange Database, using EMC ( Exchange Management Console ):

1. Open the EMC, then expand the Organization Configuration / Mailbox, then go to Database Management tab. After that, right click on the database you want to change the quote to, and selectProperties.

2. In the properties window, go to Limits Tab, and change the Issue warning / Prohibit send / Prohibit send and receive according to your needs. Then click OK, and you`re done.

B. How to set a storage QUOTE for a specific user, using EMC (Exchange Management Console):

1. Open the EMC, then expand the Recipient Configuration / Mailbox, and then click on the desired mailbox you want to change the quote to, and then either right click / Properties or click on propertiesfrom the right menu.

2. In the Properties window go to Mailbox Settings tab, click on Storage Quotas and thenProperties:

3. In the storage quotas window deselect the Use mailbox database defaults, and then set your desired values for Issue Warning / Prohibit send at / Prohibit send and receive at. Then click OK OK. And you`re all set up.

ENJOY.

And if you encounter any problems feel free to comment contact me.

Solved | An error caused a change in the current set of domain controllers – Exchange 2010

One of our administrators was facing some weird errors in the EMC and came to me for support. He showed me the errors bellow, and i knew them because this is quite common in Exchange 2010.
In our case this issue was caused by a recent demotion of a Domain Controller, and however the configuration of Exchange 2010 was updated the errors occurred.

Errors:

An error caused a change in the current set of domain controllers. It was running the command ‘Get-Mailbox – Identity ” -ReadFromDomainController’.
An error caused a change in the current set of domain controllers. It was running the command ‘Get-Recipient -PropertySet ConsoleLargeSet -ResultSize ’1000′ -SortBy DisplayName -RecipientType ‘DynamicDistributionGroup’,’UserMailbox’,’MailContact’,’MailUser’,’MailUniversalDistributionGroup’,’
MailUniversalSecurityGroup’,’MailNonUniversalGroup”.


Solution:

1. Close the EMC
2. Go to c:\users\<the user with problem>\appdata\roaming\microsoft\mmc\ and delete or rename the file Exchange Management Console.
3. After this restart the EMC ( no reboot of the server is necessary ).



ENJOY.

And if you encounter any problems feel free to comment contact me.

 

Export-Mailbox and Import-Mailbox commands not recognized | Powershell | Exchange 2010

This is one topic that i faced when Exchange 2010 was released…

So for the Export-Mailbox and Import-Mailbox commands to work, you have to enable them:

1. Open EMS ( Exchange Management Shell ), and check if you have the Exchange Server Admin Tasks installed by running this command:

Get-PSSnapin

2. 
In most of the cases you will not find it in the list so you have to run the next command:

Get-PSSnapin -registered

3. Now you have to install Admin Tasks for the Exchange Server, by running the command:

Add-PSSnapin Microsoft.Exchange.Management.PowerShell.E2010

4. After you ran those commands, you can enjoy the Export-Mailbox / Import-Mailbox:

ENJOY.

And if you encounter any problems feel free to comment contact me.