Category: certificates

  • Outlook AutoDetect And Broken AutoDiscover

    Outlook AutoDetect And Broken AutoDiscover

    Those in the Exchange Server space for a number of years know all about AutoDiscover and the many ways it can be configured and misconfigured – if even configured at all. Often misconfiguration is to do with certificates or it is not configured at all because it involves certificates and I thought I was aware…

  • Test Connectivity Website and TLS 1.2

    An excellent resource for Microsoft Exchange Server and Exchange Online administrators and consultants is the Remote Test Connectivity website at http://exrca.com or https://testconnectivity.microsoft.com/. Here I am going to document an error that indicated that the Exchange Server (in this case) was not working, but we could see that the phone was connecting fine to the…

  • Azure Information Protection and SSL Inspection

    I came across this issue the other day, so thought I would add it to my blog. We were trying to get Azure Information Protection operating in a client, and all we could see when checking the download of the templates in File > Info inside an Office application was the following: The sequence of…

  • SSL and Exchange Server

    In October 2014 or thereabouts it became known that the SSL protocol (specifically SSL v3) was broken and decryption of the encrypted data was possible. This blog post sets out the steps to protect your Exchange Server organization regardless of whether you have one server or many, or whether or not you use a load…

  • Speaking at TechEd Europe 2014

    I’m please to announce that Microsoft have asked me to speak on “Everything You Need To Know About SMTP Transport for Office 365” at TechEd Europe 2014 in Barcelona. Its going to be a busy few weeks as I go from there to the MVP Summit in Redmond, WA straight from that event. My session…

  • Changing AD FS 3.0 Certificates

    I am quite adept at configuring certificates and changing them around, but this one took me completely by surprise as it has a bunch of oddities to consider. First the errors: Web Application Proxy (WAP) reported 0x80075213. In the event log the following: The federation server proxy could not establish a trust with the Federation…

  • The New Rights Management Service

    This blog is the start of a series of articles I will write over the next few months on how to ensure that your data is encrypted and secured to only the people you want to access it, and only for the level of rights you want to give them. The technology that we will…

  • Domain Secure and Edge Servers

    I was asked a question recently on the Microsoft Certified Master course for Exchange 2010 and was told that the answer was not clearly written up on the internet. So I thought I would write this blog post. The question was based on the idea that Domain Secure worked from a Hub Transport server in…

  • Installing and Configuring AD RMS and Exchange Server

    Earlier this week at the Microsoft Exchange Conference (MEC 2012) I led a session titled Configuring Rights Management Server for Office 365 and Exchange On-Premises [E14.314]. This blog shows three videos covering installation, configuration and integration of RMS with Exchange 2010 and Office 365. For Exchange 2013, the steps are mostly identical. Installing AD RMS…

  • OWA and Moving Mailboxes to Office 365

    Lets imagine a scenario where you are using an on-premises Exchange Server and users’ use Outlook Web App, and then you move some mailboxes to the Office 365 cloud with Hybrid Coexistence enabled. The user might not know their mailbox has been moved and so yesterday they went to https://mail.company.com/owa, but today they need to visit…

  • Publishing ADFS Through ISA or TMG Server

    To enable single sign-on in Office 365 and a variety of other applications you need to provide a federated authentication system. Microsoft’s free server software for this is currently Active Directory Federation Server 2.0 (ADFS), which is downloaded from Microsoft’s website. ADFS is installed on a server within your organisation, and a trust (utilising trusted…

  • Changing ADFS 2.0 Endpoint URL for Office 365

    If you are configuring single sign-on for Office 365 then you will need a server running Active Directory Federation Services 2.0 (ADFS 2.0). When you install this you are asked for a URL that acts as an endpoint for the ADFS service, which if you are publishing that endpoint through a firewall such as TMG…

  • GoDaddy SSL Certificate Approval with TXT Records

    I had a bit of an issue with Go Daddy yesterday in that they took 5 days to approve a Subject Alternative Name change to a certificate, and as the usual route of adding a file to a website was unavailable to me I decided to prove ownership of the domain by the addition of…

  • Enterprise Certificate Services and Terminal Services Gateway – Certificate Issuing for Internet Usage

    To issue a certificate for the Windows 2008 Terminal Services gateway using your own intalled Enterprise Certificate Authority, out of the box you need to create a certificate request file, request the certificate from the Enterprise CA, install the issued certificate and map the certificate to the TS Gateway. This can help you if you…

  • Error Code: 500 Internal Server Error. The network logon failed. (1790)

    This is an error visible in the web browser when connecting to a HTTPS web site behind an ISA Server. The problem is that the firewall access rule for this web site in ISA Server is forwarding the requests to an internal server on a port that it is not listening on. For example you…

  • Creating Subject Alternative Name Certificates with Microsoft Certificate Server

    A new feature in digital certificates is the Subject Alternative Name property. This allows you to have a certificate for more than one URI (i.e. www.c7solutions.com and www.c7solutions.co.uk) in the same certificate. It also means that in web servers such as IIS you can bind this certificate to the site and use up only one…

  • Connecting a Windows SmartPhone to Exchange Server Protected with a Private Certification Authority Digital Certificate

    Having recently obtained my first Windows Mobile powered SmartPhone, I needed to connect to my Exchange Server over the internet using ActiveSync. For those of you unfamiliar with Windows Mobile SmartPhones, they let you connect, using the phones internet connection (typically over a GPRS network), to your Exchange 2003 Servers to download your email at…