Category: IAmMEC
-
Changing AD FS 3.0 Certificates
I am quite adept at configuring certificates and changing them around, but this one took me completely by surprise as it has a bunch of oddities to consider. First the errors: Web Application Proxy (WAP) reported 0x80075213. In the event log the following: The federation server proxy could not establish a trust with the Federation…
-
Getting Exchange Message Sizing Raw Data
On the internet there are a number of resources for collecting the raw data needed to size Exchange Server deployments. These include: http://blogs.technet.com/b/neiljohn/archive/2011/08/09/user-profile-analysis-for-exchange-server-2010.aspx (Neil Johnson – User Profile Analysis for Exchange Server 2010 ) http://gallery.technet.microsoft.com/scriptcenter/bb94b422-eb9e-4c53-a454-f7da6ddfb5d6 (“mjolinor” – the primary source of the script used here) This blog outlines my process for collecting the data needed…
-
Enabling Microsoft Rights Management in SharePoint Online
This article is the fifth in a series of posts looking at Microsoft’s new Rights Management product set. In an earlier previous post we looked at turning on the feature in Office 365 and in this post we will look at protecting documents in SharePoint. This means your cloud users and will have their data…
-
Using Microsoft Rights Management from Microsoft Office
This article is the second last in a series of posts looking at Microsoft’s new Rights Management product set. In an earlier previous post we looked at turning on the feature in Office 365 and in this post we will look at protecting documents and emails in Microsoft Office 2010 or later. This means your…
-
Configuring Exchange On-Premises to Use Azure Rights Management
This article is the fifth in a series of posts looking at Microsoft’s new Rights Management product set. In an earlier previous post we looked at turning on the feature in Office 365 and in this post we will look at enabling on-premises Exchange Servers to use this cloud based RMS server. This means your…
-
Is Your SenderID/SPF or DKIM Record Correctly Configured
With Microsoft having just announced that DKIM is coming to Office 365 soon (release notes here) and SenderID is already available, I thought this is a good time to write a blog on the use of DMARC to show if your records are correct. DMARC is a protocol that allows you to see the effect…
-
Updating Exchange 2013 Anti-Malware Agent From A Non-Internet Connected Server
In Forefront Protection for Exchange (now discontinued) for Exchange 2010 it was possible to run the script at http://support.microsoft.com/kb/2292741 to download the signatures and scan engines when the server did not have a direct connection to the download site at forefrontdl.microsoft.com. To achieve the same with Exchange 2013 and the built-in anti-malware transport agent you…
-
Exchange DLP Rules in Exchange Management Shell
This one took a while to work out, so noting it down here! If you want to create a transport rule for a DLP policy that has one data classification (i.e. data type to look for such as ‘Credit Card Number’) then that is easy in PowerShell and an example would be as below. New-TransportRule…
-
An “Inexpensive” Exchange Lab In Azure
This blog post centres around two scripts that can be used to quickly provision an Exchange Server lab in Azure and then to remove it again. The reason why the blog post is titled “inexpensive” is that Azure charges compute hours even if the virtual machines are shut down. Therefore to make my Exchange lab…
-
Highly Available Office 365 to On-Premises Mail Routing
This article looks at how to configure mail flow from Office 365 (via Exchange Online Protection – EOP) to your On Premises organization to ensure that it is highly available and work in disaster recovery scenarios with no impact. It is based on exactly the same principle to that which I blogged about in 2012:…
-
Enabling and Configuring AADRM in Exchange Online
This article is the fourth in a series of posts looking at Microsoft’s new Rights Management product set. In the previous post we looked at turning on the feature in Office 365 and in this post we will look at how to manage the service in the cloud. In this series of articles we will…
-
Configuring Trend OfficeScan for Exchange Server
There are lots of articles on configuring Trend OfficeScan on an Exchange Server. They should all be based on the definitive article at http://technet.microsoft.com/en-us/library/bb332342(v=exchg.141).aspx which covers the exclusions needed, but one thing I found typically missing from the configuration. If you use mount points to map the Exchange database disks to the server, then you…
-
Managing Azure Active Directory Rights Management
This article is the third in a series of posts looking at Microsoft’s new Rights Management product set. In the previous post we looked at turning on the feature in Office 365 and in this post we will look at how to manage the service in the cloud. In this series of articles we will…
-
Rebuilding Search Catalogs on Exchange Server 2013
In Exchange 2010 there was a PowerShell script for rebuilding the search catalog. This is depreciated in Exchange 2013. TechNet contains instructions on copying the catalog from a working server in the DAG – but what about if the database is not a member of a DAG or all the catalog’s in the DAG are…
-
What is X-Forefront-Antispam-Report-Untrusted?
When a message arrives in Exchange Online Protection (EOP) with an existing X-Forefront-Antispam-Report header, it is renamed to X-Forefront-Antispam-Report-Untrusted. If the message is then detected as spam and stored in the optional quarantine, upon release it will go back into EOP. Upon entering EOP the previously set X-Forefront-Antispam-Report header is renamed to X-Forefront-Antispam-Report-Untrusted.
-
Secret NSA Listening Ports in Exchange Server 2013? Of Course Not…
But what do those extra ports in Exchange Server 2013 that are listening actually do. If you bring up a command prompt on an Exchange Server 2013 machine and run netstat –ano | find “:25”. You will get back a list of IP addresses that are listening on any port starting 25. The last number…
-
Ensuring Email Delivery Security with Exchange 2013
To force Exchange 2013 to guarantee the secure delivery of a message can be done a few different ways. In this version of the product and in previous versions it was possible to create a send connector for a given domain and enable Mutual TLS on the connector. Then all messages to the domain(s) that…
-
Removing Edge Subscription When Exchange 2013 Installed
Exchange 2013 does not have an Edge role (at the time of writing – Aug 2013). It is possible to use Exchange 2010 SP3 and install the Edge role should you need one. There is a problem though when it comes to removing the Edge Subscription between an organization that contains Exchange 2013 servers and…
-
Create Shadow Redundancy Cross Forest in Exchange 2010
Send connector cross forest shadow redundancy New-SendConnector ToTailspin -AddressSpaces SMTP:tailspin.com -SmartHosts mail.tailspin.com -ProtocolLoggingLevel verbose -DNSRoutingEnabled $False -SmartHostAuthMechanism ExternalAuthoritativeGet-SendConnector ToTailspin | Add-ADPermission -user “MS Exchange\Externally Secured Servers” -ExtendedRights ms-Exch-SMTP-Send-XShadow Receive connector cross forest shadow redundancy New-ReceiveConnector FromFabrikam -RemoteIPRanges 192.168.100.1 -Bindings 0.0.0.0:25 -ProtocolLoggingLevel verbose -Banner “220 Tailspin XShadow SMTP Server” -AuthMechanism ExternalAuthoritative Get-ReceiveConnector FromFabrikam | Add-ADPermission…
-
Formatting Get-ExchangeDiagnosticInfo
For the last blog post for today, this one looks at formatting the output of Get-ExchangeDiagnosticInfo as the XML that this cmdlet returns can be quite long. For example if you want to see if your server is in backpressure then you need to view the output of the ResourceMonitor component, but as this contains…
-
Changing ADFS 2.0 Endpoint URL for Office 365
If you are configuring single sign-on for Office 365 then you will need a server running Active Directory Federation Services 2.0 (ADFS 2.0). When you install this you are asked for a URL that acts as an endpoint for the ADFS service, which if you are publishing that endpoint through a firewall such as TMG…