Category Archives: Microsoft

Microsoft

Forefront Protection 2010 for Exchange Server 2010 | Antispam / Test

First of all why do you need Forefront Protection for Exchange Server ?

Microsoft Forefront Protection 2010 for Exchange Server (FPE) provides fast and effective protection against malware and spam by including multiple scanning engines from industry-leading security partners in a single solution. FPE provides customers with an easy-to-use administration console that includes customizable configuration settings, filtering options, monitoring features and reports, antispam protection, and integration with the Forefront Online Protection for Exchange (FOPE) product. If you have installed FPE on multiple Exchange servers, such as in an enterprise, you can manage them with the Microsoft Forefront Protection Server Management Console (FPSMC). Additionally, you can use Windows PowerShell, a command-line shell and task-based scripting technology that enables the automation of system administration tasks, to administer FPE.

Installing FPE on a Mailbox / Hub Transport Exchange Server

  • During installation you’ll be asked whether or not to enable Antispam, the default will be to not enable it.  That’s what we want, we’ll leave that task to the Edge server.
  • FPE on an internal machine will provide Antivirus and Antimalware protection.  You’ll also be able to run on-demand scans of individual mailboxes if you so choose.

Installing FPE on an Edge Transport Exchange Server

  • This time the default will be to enable Antispam, which is exactly what we want.
  • Edge servers don’t have direct access to any mailboxes, so you can’t run scans on selected objects from here.

Update FPE Spam Definitions and Engines

  • Spam/Virus/Malware definitions should come through Windows update automatically.  Just be sure they’ll install automatically.
  • To update your FPE Engines, browse to your Policy Management -> Global Settings -> Engine Options and choose Update All Engines Now from the options pane.

Send Test Emails

  • To test if Antispam is functioning properly head on over to Gtube.net.  Send a Gtube test from an external domain and you should receive an automatic reply that the mail is undeliverable:#550 5.7.1 Message rejected due to content restrictions ##
  • To test Antivirus/Antimalware, use EICAR.org.  Send the EICAR signature as an attachment from an external domain and you should receive the email, but the attachment will be quarantined.

Solved | A connection couldn’t be made to Exchange server named ‘Exchange_2010′….

This error is quite common in the GUI of Exchange 2010. The first thing you need to do… is:
DO NOT PANIC !

1. Go to Start services.msc

2. Browse for the Microsoft Exchange Service Host / right click on it Restart ( if already started ) or Start ( if it was stopped )

ENJOY.

And if you encounter any problems feel free to comment contact me.

SOLVED | Exchange 2010 | Connecting to remote server failied with the following error message: The WinRM client received an HTTP server error status (500)

One quite common error I faced during the Exchange 2010 era is the WinRM HTTP Error:

If i use the management tools GUI i get an error message saying:
“Connecting to remote server failied with the following error message: The WinRM client received an HTTP server error status (500), but the remove service did not include any other informaition about the cause of the failure. For more information, see the about_Remote_Troubleshooting Help topic. It was running the command ‘Discover-ExchangeServer -UseWIA $true -SuppressError $true’.”

Using the Exchange Management Shell is get a similar error:
Connecting to remote server failied with the following error message: The WinRM client received an HTTP server error status (500), but the remove service did not include any other informaition about the cause of the failure. For more information, see the about_Remote_Troubleshooting Help topic.
+ CategoryInfo : OpenError: (System.Manageme….RemoteRunspace:RemoteRunspace) [], PSRemotingTransportException
+ FullyQualifiedErrorId: PSSessionOpenFailed”

FIRST THING YOU MUST DO: DO NOT PANIC !
DO NOT REBOOT THE SERVER !!!
I WILL EXPLAIN HOW TO SOLVE THIS IN A FEW EASY STEPS:

1. When you open the EMC ( Exchange Management Console ), you will get an error similar to this: 

2. Go to START Administrative Tools / Server Manager / Features Add Features / And check WinRM IIS Extensions / NEXT NEXT CLOSE:
!!! IF YOU ALREADY HAVE THIS ROLE INSTALLED, JUST REINSTALL IT ! 

3.  Close Reopen EMC and it will work like a charm ( NO REBOOT REQUIRED ):

ENJOY.

And if you encounter any problems feel free to comment contact me.

How to Configure Storage Quotas in Exchange 2010 ?

In exchange 2010 the quotas can be either set for the entire ExchangeDB, or per mailbox.
Atention ! If you set a quota on the DB, and then you set a quota on the mailbox, the mailbox setting will override the DB setting.

A. How to set a storage QUOTE for a Exchange Database, using EMC ( Exchange Management Console ):

1. Open the EMC, then expand the Organization Configuration / Mailbox, then go to Database Management tab. After that, right click on the database you want to change the quote to, and selectProperties.

2. In the properties window, go to Limits Tab, and change the Issue warning / Prohibit send / Prohibit send and receive according to your needs. Then click OK, and you`re done.

B. How to set a storage QUOTE for a specific user, using EMC (Exchange Management Console):

1. Open the EMC, then expand the Recipient Configuration / Mailbox, and then click on the desired mailbox you want to change the quote to, and then either right click / Properties or click on propertiesfrom the right menu.

2. In the Properties window go to Mailbox Settings tab, click on Storage Quotas and thenProperties:

3. In the storage quotas window deselect the Use mailbox database defaults, and then set your desired values for Issue Warning / Prohibit send at / Prohibit send and receive at. Then click OK OK. And you`re all set up.

ENJOY.

And if you encounter any problems feel free to comment contact me.

Solved | An error caused a change in the current set of domain controllers – Exchange 2010

One of our administrators was facing some weird errors in the EMC and came to me for support. He showed me the errors bellow, and i knew them because this is quite common in Exchange 2010.
In our case this issue was caused by a recent demotion of a Domain Controller, and however the configuration of Exchange 2010 was updated the errors occurred.

Errors:

An error caused a change in the current set of domain controllers. It was running the command ‘Get-Mailbox – Identity ” -ReadFromDomainController’.
An error caused a change in the current set of domain controllers. It was running the command ‘Get-Recipient -PropertySet ConsoleLargeSet -ResultSize ’1000′ -SortBy DisplayName -RecipientType ‘DynamicDistributionGroup’,’UserMailbox’,’MailContact’,’MailUser’,’MailUniversalDistributionGroup’,’
MailUniversalSecurityGroup’,’MailNonUniversalGroup”.


Solution:

1. Close the EMC
2. Go to c:\users\<the user with problem>\appdata\roaming\microsoft\mmc\ and delete or rename the file Exchange Management Console.
3. After this restart the EMC ( no reboot of the server is necessary ).



ENJOY.

And if you encounter any problems feel free to comment contact me.

 

Export-Mailbox and Import-Mailbox commands not recognized | Powershell | Exchange 2010

This is one topic that i faced when Exchange 2010 was released…

So for the Export-Mailbox and Import-Mailbox commands to work, you have to enable them:

1. Open EMS ( Exchange Management Shell ), and check if you have the Exchange Server Admin Tasks installed by running this command:

Get-PSSnapin

2. In most of the cases you will not find it in the list so you have to run the next command:

Get-PSSnapin -registered

3. Now you have to install Admin Tasks for the Exchange Server, by running the command:

Add-PSSnapin Microsoft.Exchange.Management.PowerShell.E2010

4. After you ran those commands, you can enjoy the Export-Mailbox / Import-Mailbox:

ENJOY.

And if you encounter any problems feel free to comment contact me.

How to add a Second Domain with E-mail Address Policy on Exchange 2010

One of the administrators came with an request from one of the managers… to add a new domain on the exchange server so he can have configured on his outlook the account: manager@newdomain.com.

Ok, so now we have to do this scenario:
New domain: aurelpro.com
We need to make the address: manager@aurelpro.com

1. Buy the new domain name. In our example we will use the 1and1 website to buy www.aurelpro.com

2. After the domain is active, we have to set the MX Records ( In our case the 1and1 admin panel ):

3. Then open Exchange 2010 Management Console, and go to Organization Configuration / Hub Transport and then to the Accepted Domains tab and right click on the white section and select New Accepted Domain:

4. The New Accepted Domain Wizard will appear. Here we set the:
Name ( to help you identify the domain in the list )
Accepted domain ( The domain name, in our case: aurelpro.com )
Authoritative Domain ( if you want to deliver the e-mails to this domain, used in our example )
When ready press NEW:

5. In the next screen review the changes and press FINISH:

6. The next step is to create an e-mail address policy, so that every user from the IT Department ( in our case scenario ) will have an @aurelpro.com e-mail address.
*If you want to manually add a new e-mail address go directly to STEP 13 !

So we go to the EMC ( Exchange Management Console ) / Organization Configuration / Hub transport/ E-mail Address Policies Tab / right click on the white zone and select New E-mail Address Policy:

7. The wizard will appear, and here we select:
Name ( the name of the new policy, so we can identify it in the list )
Recipient Container ( the OU that will use the policy, in our case: the whole aurelp.com domain )
All recipient types ( you can select specific users type, depending of you scenario )
After completing click NEXT:

8. On the next step we select the conditions for our policy. In our case it will be for the Recipients in a Department ( IT ). Select the conditions that fits your case and click NEXT:
*The department has to be filled for the users AD objects for the condition to work !


9. In the next step we have to enter the e-mail addresses. Click on the ADD button and then select thetype you want ( in our case First name.last name -> aurel.proorocu@aurelpro.com ), and specify theFQDN for the e-mail address ( in our case: aurelpro.com ). Then click OK and NEXT:

10. Now we have to set the Schedule. We will run this policy Immediately, but you can custom it to fit your scenario. Then click NEXT:

11. In the final step we review the configuration. Review it and click NEW:

12. After the Completed status appear we can click FINISH, and enjoy your new policy for the new domain:

13. Skip this step and 14 if you made the policy ! If you want to manually create a new SMTP address,open EMC ( Exchange Management Console ) and go to Recipient Configuration / Mailbox Right clickon the user you want to add the new address to / select Proprieties:

14. Then go to the E-mail Addresses tab and click on ADD. Now insert the new alias for the user ( in our case aurel.proorocu@aurepro.com ). Then click OK OK:

15. The final step is to test that the new domain e-mail server works. Go to www.mxtoolbox.com / MX lookup and enter the command: “mx:aurelpro.com” ( *replace aurelpro.com with your domain ) and click on Lookup.
If the e-mail servers appear then the MX records work and you can proceed in sending one incoming and one outgoing e-mail from the new domain addresses. If that also succeds then you can enjoy your new domain e-mail addresses !



ENJOY.

And if you encounter any problems feel free to comment contact me.

How to Send As and Send on Behalf Of in OWA 2010

If you need to configure Send As or Send on Behalf in Exchange 2010 read this post:https://www.aurelp.com/?p=369

 

If you already have the permissions follow this tutorial to make the configuration in OWA 2010:

1. In the first step we will enable the BCC and From fields, that are by default hidden in Owa 2010.
Open OWA 2010 in your browser, log in, and after that go to Options Settings Mail, and scroll down to Message Format and select: Always show BCC and Always show From:

2. Make a new e-mail, and if you can see From field ( if not repeat step 1 ) click on it and select
“Other e-mail address…” and select the account you have the Send-As or Send on Behalf of permission:

3. Send the e-mail. If it succeeds then your mail would look like this ( in the Sent items folder ):
( In our scenario Test send a mail on behalf of Aurel Proorocu )

4. If you get the error: ‘You don`t have the permissions required to send messages from this mailbox’ , you should check if you selected the account you have rights, and if it`s ok you should see if you really have permissions over that mailbox ( check this post regarding Exchange 2010 howto: https://www.aurelp.com/?p=369 )


ENJOY.

And if you encounter any problems feel free to comment contact me.

 

Delegate user access to mailbox with Add-ADPermission | Using Exchange Shell

The first step is to check the actual permissions of the user.

1. Open EMS ( Exchange Management Shell ) and insert the command:
Get-Mailboxdatabase | get-ADPermission -User aurel.proorocu
*Replace aurel.proorocu with the user you want to check

This will show if the user doesn’t have rights:

This will show if the user have rights:

2. Run one of the following cmdlets:

Get-Mailboxdatabase | Add-ADPermission -User aurel.proorocu -AccessRights ExtendedRight -ExtendedRights receive-as, send-as
*Replace aurel.proorocu with the user you want to grant access to

Get-Mailboxdatabase | Add-ADPermission -User aurel.proorocu -AccessRights ExtendedRight -ExtendedRights ms-exch-store-admin, receive-as, send-as
*Replace aurel.proorocu with the user you want to grant access to


ENJOY.

And if you encounter any problems feel free to comment contact me.

How to Send on behalf / Send as in Exchange 2010

Send on behalf and Send as are quite similar.

Send on behalf will permit a user to send e-mails as another user, but it will show that it was send by administrator@aurelp.com on behalf of aurel.proorocu@aurelp.com ( the case in this example ).

Send as will give a user ( administrator@aurelp.com ) the permission to send mail as another user ( aurel.proorocu@aurelp.com ). In this case the recipient will see only aurel@aurelp.com in the from field. He will never know that X send that e-mail

A. Send on Behalf
There are 3 ways to accomplish this ( using Outlook Delegates / using Exchange Management Shell / using Exchange Management Console )

a. Using Outlook Delegates

1. Open Outlook 2010, go to File Tab / Info / click on Account Settings / select Delegate Access from the drop down menu:

2. On the delegates window, click ADD :

3. Select the user you want to delegate access to, and click OK:

4. At the next step you delegate the permissions to the user. To give the user Send on behalf rights, you ahve to select Editor or Author in the Tasks section.
If you need to give other special rights select them, and then click OK:
upload18

5. At the final step select if you want to receive a copy of meeting requests and responses. Then click OK:

b. Using Exchange Management Console

1. Open EMC ( Exchange Management Console ), then expand Microsoft Exchange Recipient Configuration / Mailbox. Then right click on the user that you want to grand access to and selectProprieties:


2. Then go to Mail Flow Settings tab / Click on Delivery Options / And in the Delivery Options window click on ADD and select the user you want to give rights to send on behalf. Then click OK OK :

c. Using Exchange Management Shell

1. Open EMS ( Exchange Management Shell ) and insert the following command:

Set-Mailbox aurel.proorocu -GrantSendOnBehalfTo Administrator

*replace aurel.proorocu with the user that will share his mailbox
**replace administrator with the user that will send on behalf

B. Send As
As we know from Exchange 2007 there are 2 ways to accomplish this ( using Exchange Management Shell / using Exchange Management Console ):

a. Using Exchange Management Console

1. Open EMC ( Exchange Management Console ), then expand Microsoft Exchange Recipient Configuration / Mailbox. Then right click on the user that you want to grand access to, and click Manage Send As Permission:

2. Click ADD and select the user you want to grant Send As Permission, then click Manage:

b. Using Exchange Management Shell

1. Open EMS ( Exchange Management Shell ) and insert the following command:

Add-ADPermission -Identity “Administrator” -User aurel.proorocu -AccessRights ExtendedRight -ExtendedRights “send as”

*replace administrator with the identity of the user that will share his mailbox
**replace aurel.proorocu with the user that will send AS

ENJOY.

And if you encounter any problems feel free to comment contact me.