5

Implementing Exchange DownloadDomain Security

Implement Exchange DownloadDomain

In the field, I’m seeing multiple customers that are struggling to implement the DownloadDomain feature. It does require a little prep work and it is not as simple as just running a single command in Exchange to flip the setting on.

In order to mitigate and issue with OWA, it is necessary to create an additional CAS namespace that will be used for downloading attachments from OWA.  This will requir… Read the rest “Implementing Exchange DownloadDomain Security”

0

Exchange 2016 CU23 Released

Exchange 2016 CU23 Released

Exchange 2016 CU23 has been released to the Microsoft download centre!  Exchange 2016 has a different servicing strategy than Exchange 2007/2010 and utilises Cumulative Updates (CUs) rather than the Rollup Updates (RU/UR) which were used previously.    CUs are a complete installation of Exchange 2016 and can be used to install a fresh server or to update a previously installed one. Exchange 2013 h… Read the rest “Exchange 2016 CU23 Released”

0

Microsoft Teams Source IP Address Used Connecting to On-Premises Exchange

Teams IP Addresses Connecting to Exchange On-Premises

Planning to deploy Office 365 and integrate with your on-premises Exchange infrastructure?  Great!  While running the Exchange Hybrid Configuration Wizard (HCW) will be one of the highlights it should be a boring and uneventful portion of the project.  That will be true if all of the required planning, remediation and preparation was done.  If not you’ll be finding out about those issues pretty so… Read the rest “Microsoft Teams Source IP Address Used Connecting to On-Premises Exchange”

0

ASA OOPS – What Happens When It Is Overlooked

When deploying or migrating Microsoft Exchange Server, one critical yet often overlooked component is the Alternate Service Account (ASA). The ASA is used by Exchange to support Kerberos authentication for services such as Outlook Anywhere and MAPI over HTTP, providing a secure and efficient alternative to NTLM. Without a properly configured ASA, Exchange falls back to NTLM.  NTLM is an older prot… Read the rest “ASA OOPS – What Happens When It Is Overlooked”

0

Change Certificate Friendly Name To Unique Value

Imagine that you have two certificates installed, but for whatever reason the same friendly name was used for both of them.  You can certainly identity each of them by comparing the valid from/valid to dates or the thumbprint.  That adds just a little extra overhead that you may not want to deal with.

As an alternative, you can modify the friendly name  to a more suitable value.  This allows you to… Read the rest “Change Certificate Friendly Name To Unique Value”

0

Ghost In The (Power)Shell

Exchange PowerShell Output - Not What Was Expected

After taking an existing Exchange PowerShell script, and running on a newer version of Exchange, the output was not as expected.    This is a pretty simple script that just iterates through all of the Exchange virtual directories and writes the output to the screen.  Yes it uses Write-Host and some consider that to be evil.  Others say "Friends do not let Friends use Write-Host".  Oh well. This is… Read the rest “Ghost In The (Power)Shell”

0

Why Is The Exchange Security Update Not Installed?

The issue of "Why is the Exchange Security Update not installed?" has popped up frequently over the last few months due to the number of security releases for on-premises Exchange.

Due to Hafnium, security teams have increased the monitoring of Exchange to make sure that it is fully patched.  In some of these cases, the Exchange and server admins think that they are all good as they run Windows Upd… Read the rest “Why Is The Exchange Security Update Not Installed?”

7

Unable To Renew Exchange Certificate – Friendly Name Is Too Long

Your Exchange certificate is about to expire, so you initiate a standard process to renew it.  It's only a 5 minute job as that's how long it took last time, right?

Well, no.  All is fine until you try to renew the existing certificate.  The easiest way to initiate the renewal is by using the Renew option in the Exchange Admin Center.

The current certificate is the one selected in the below screensho… Read the rest “Unable To Renew Exchange Certificate – Friendly Name Is Too Long”

0

Generating New Exchange Self Signed Certificate Using PowerShell’s Pipeline

Exchange Pipe SHA1 to New-ExchangeCertificate

Exchange server 2007 onwards will generate a self signed certificate as part of the installation process and bind that to multiple services.  Those certificates have a 5 year validity, and the process to generate a replacement is pretty straight forward using New-ExchangeCertificate cmdlet.

One spin on this, was that some customers would do a pipe Get-ExchangeCertificate to New-ExchangeCertificate … Read the rest “Generating New Exchange Self Signed Certificate Using PowerShell’s Pipeline”

2

Exchange 2016 CU22 and Exchange 2019 CU11 Setup Changes

With the release of this month's Exchange updates, there are changes to not only the installation prerequisites but also the installation parameters.

These changes break down into two main areas.  What you must ensure is installed prior to installing this or a subsequent CU, and secondly that the command line options have been updated along with the corresponding GUI.

To summarise:

  • IIS URL rewrite mo
Read the rest “Exchange 2016 CU22 and Exchange 2019 CU11 Setup Changes”