Microsoft Exchange and Active Directory Blog
Outlook Anywhere (RPC over HTTPS) can only be switched on or off on the Exchange servers. Unfortunately, it is not so easy to configure which users are allowed to use Outlook Anywhere. Although access to Active Directory groups can be restricted using Forefront TMG, every client is configured for Outlook Anywhere using Autodiscover. However, this has ... Read more
My small Sophos UTM filters HTTP traffic (Web Filter) and scans it for viruses and malware, which works quite reliably, unless the websites are encrypted (HTTPS). By default, the UTM cannot scan encrypted traffic and therefore cannot filter out viruses/malware. However, this can be easily changed. In the ... Read more
The Windows CA is also able to issue Extended Validation certificates so that the smart green bar is displayed in Internet Explorer. The whole thing is even surprisingly simple: To issue an Extended Validation (EV) certificate, a new template can be created or an existing one can be modified, I create a new template and duplicate the template ... Read more
A small recommendation in passing: With the Z-Zire tool, accounts for Active Directory, Exchange. Lync and Office 365 automatically according to a configurable template. So if you don't always want to use several consoles to create users, you can take a look at the tool. The tool is freeware, all you need is a ... Read more
The following situation arose at a customer: The inclusion of clients in the Active Directory was not possible at one location. It took some time to analyze the error. To make matters worse, there were other DNS problems that first had to be resolved. The Active Directory was to be extended by one location. The new location ... Read more
If the following warning is displayed in the EventLog of an Exchange 2010 server, it can be resolved as follows: Source: MSExchange ADAccess Event ID: 2937 Process exchange_report.exe () (PID=16736). Object [CN=mavertrieb,OU=Verteiler,OU=Gruppen,OU=XX,DC=XX,DC=XX,DC=en]. Property [ArbitrationMailbox] is set to value [xx.xx.en/Deleted Objects/SystemMailbox{1f05a927-983e-446d-b84e-9cb6ca4173ce} DEL:c09a4fd5-11a6-4867-8d71-a75259987664] and points to the "Deleted Objects" container in Active Directory. This property must be set as soon as possible. Read more
The following error can occur if the IPv6 protocol is deactivated on an Exchange 2010 server: Process MSEXCHANGEADTOPOLOGYSERVICE.EXE (PID=2864). Error during topology detection. Error: 0x80040a02 (DSC_E_NO_SUITABLE_CDC) Various Exchange services are then not started or are stuck with the status "Starting". In my case, the solution was to reactivate IPv6.
I have often seen that the revocation list distribution points of a Server 2008 R2 certificate authority were configured incorrectly or not at all. I will therefore describe here how to restore the distribution points of an Active Directory integrated certification authority under Windows Server 2008 R2. The distribution points are configured under the "Extensions" tab in the properties of the certification authority. Here are the standard distribution points and ... Read more
Microsoft has published a document which describes the Exchange schema extensions to the Active Directory. The Word document (packaged in an MSI file) can be downloaded here. The document also shows that Exchange Server 2010 Service Pack 2 makes changes to the schema. The document contains the schema changes for Exchange Server 2003, 2007 and 2010. http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=5401
In this HowTo I describe how to install an internal certification authority and how to have a SAN certificate issued for Exchange. This HowTo is not intended for a productive environment. The implementation of a certification authority must be planned carefully. In my test environment I have installed 2 Windows Server 2008 R2 Enterprise, 1 DC + CA ... Read more
