1

Office 365 Autodiscover Lookup Process–Revisited

Posted on by Rhoderick Milne [MSFT]

Previously we looked at the Office 2010 client and how it used Autodiscover to detect Exchange Online (EXO) mailbox settings.  Outlook 2010 is no longer supported, so it is worth updating these notes for a current build of Outlook.

As with the previous post, this is intended as a point in time reference as I personally find it handy as an ongoing reference.  In the updated example below a fully patc… Read the rest “Office 365 Autodiscover Lookup Process–Revisited”

0

Change Certificate Friendly Name To Unique Value

Posted on by Rhoderick Milne [MSFT]

Imagine that you have two certificates installed, but for whatever reason the same friendly name was used for both of them.  You can certainly identity each of them by comparing the valid from/valid to dates or the thumbprint.  That adds just a little extra overhead that you may not want to deal with.

As an alternative, you can modify the friendly name  to a more suitable value.  This allows you to… Read the rest “Change Certificate Friendly Name To Unique Value”

2

IIS SMTP Virtual Server Component No Longer Supported

Posted on by Rhoderick Milne [MSFT]
IIS SMTP Component Not Supported

Please consider this a quick PSA (Public Service Announcement) as it is still common that I run into environments with the IIS SMTP service still running and processing mail.

While the component has had a long and interesting life, it is now unsupported as it is tied to the support lifecycle of Windows Server 2003.

For more details and information please see:

How to: Install and Configure SMTP VirtuaRead the rest “IIS SMTP Virtual Server Component No Longer Supported”

10

Sign-In Error 5000811 — Unable to verify token signature. The signing key Identifier Does Not Match Any Valid Registered Keys

Posted on by Rhoderick Milne [MSFT]

The error message "Sorry, that didn’t work. Please go back to office.com and try again” is probably one of the most vague that I've seen.  It's up there with "please contact your administrator", which is fine unless you are the administrator...

The below is a repro of a case where all users were unable to sign into Office 365.  They would receive the aforementioned "Sorry, that didn't work" message… Read the rest “Sign-In Error 5000811 — Unable to verify token signature. The signing key Identifier Does Not Match Any Valid Registered Keys”

0

Ghost In The (Power)Shell

Posted on by Rhoderick Milne [MSFT]
Exchange PowerShell Output - Not What Was Expected

After taking an existing Exchange PowerShell script, and running on a newer version of Exchange, the output was not as expected.    This is a pretty simple script that just iterates through all of the Exchange virtual directories and writes the output to the screen.  Yes it uses Write-Host and some consider that to be evil.  Others say "Friends do not let Friends use Write-Host".  Oh well. This is… Read the rest “Ghost In The (Power)Shell”

0

Why Is The Exchange Security Update Not Installed?

Posted on by Rhoderick Milne [MSFT]

The issue of "Why is the Exchange Security Update not installed?" has popped up frequently over the last few months due to the number of security releases for on-premises Exchange.

Due to Hafnium, security teams have increased the monitoring of Exchange to make sure that it is fully patched.  In some of these cases, the Exchange and server admins think that they are all good as they run Windows Upd… Read the rest “Why Is The Exchange Security Update Not Installed?”

0

Does Manually Running Azure AD Connect Change Schedule?

Posted on by Rhoderick Milne [MSFT]

Despite the current versions of Azure AD Connect running the main synchronisation task every 30 minutes, there are still times when we want to force the task.  As a result of this, a question was floated if that changed the existing schedule.  If the next scheduled instance is in 10 minutes, and we run a manual task right now does that mean that another task will execute in 10 minutes?

TL;DR

In shor… Read the rest “Does Manually Running Azure AD Connect Change Schedule?”

10

AD FS Web Application Proxy Re-Establish Proxy Trust

Posted on by Rhoderick Milne [MSFT]
WAP Re-Establish Trust

In the Tailspintoys environment the AD FS Proxy was offline for month.  It was unable to contact the AD FS server on the internal network, and this allowed the short lived authentication certificate to expire.  At this point the AD FS Proxy was "dead to me" as far as the AD FS server was concerned.  The internal AD FS server was OK, the issue was just with the proxy.

Bummer....

How do we fix this?  … Read the rest “AD FS Web Application Proxy Re-Establish Proxy Trust”

7

Unable To Renew Exchange Certificate – Friendly Name Is Too Long

Posted on by Rhoderick Milne [MSFT]

Your Exchange certificate is about to expire, so you initiate a standard process to renew it.  It's only a 5 minute job as that's how long it took last time, right?

Well, no.  All is fine until you try to renew the existing certificate.  The easiest way to initiate the renewal is by using the Renew option in the Exchange Admin Center.

The current certificate is the one selected in the below screensho… Read the rest “Unable To Renew Exchange Certificate – Friendly Name Is Too Long”

0

Generating New Exchange Self Signed Certificate Using PowerShell’s Pipeline

Posted on by Rhoderick Milne [MSFT]
Exchange Pipe SHA1 to New-ExchangeCertificate

Exchange server 2007 onwards will generate a self signed certificate as part of the installation process and bind that to multiple services.  Those certificates have a 5 year validity, and the process to generate a replacement is pretty straight forward using New-ExchangeCertificate cmdlet.

One spin on this, was that some customers would do a pipe Get-ExchangeCertificate to New-ExchangeCertificate … Read the rest “Generating New Exchange Self Signed Certificate Using PowerShell’s Pipeline”