Although allowing unfettered relaying of e-mail through your Exchange 2007 server should be avoided, there are situations in which allowing relaying is desirable.
For example, suppose you have an HVAC system that reports to operations when a building’s air handling system strays outside preset parameters. These systems typically handle their reporting via e-mail and don’t authenticate with your SMTP server. The system simply needs your SMTP server in order to correctly route the message. In Exchange 2007, relay is made available through the use of a custom SMTP receive connector. I should note that, by default, Exchange 2007 does support relaying of mail for systems that authenticate. Today’s tip focuses on relaying from an unauthenticated system.
Before you get started, you should add another IP address to the network adapter on your Exchange server. An SMTP receive connector is akin to a SMTP virtual server from Exchange 2003 and requires a unique IP address/SMTP port combination. It’s easier to tell a third-party system to use a different IP address for relay than it is to provide it with a different port to use for SMTP. I’ve assigned the IP address 192.168.1.10 to my system.
Step by step guide to allowing relay
To allow individual systems to relay mail through your Exchange 2007 system, perform the following steps:
1. Start the Exchange Management Console.
2. Browse to Microsoft Exchange > Server Configuration > Hub Transport.
3. Select the Hub Transport server through which you would like to allow another system to relay mail.
4. From the Actions pane, choose New Receive Connector (Figure A).
5. On the first page of the New SMTP Receive Connector wizard, type a name for the connector and choose the connector’s intended use. In this case, choose Custom
Type a name and choose a use for this connector.
6. Choose Next.
7. On the Local Network Settings page, click the Add button
8. On the Local Network settings page, click the Add button and, in the Add Receive Connector Binding window, type in the new IP address that you gave to the network adapter. Leave the SMTP port at 25.
9. Choose OK.
10. Under Local IP address(es), select All Available and click the red X to delete this selection.
Decide which IP address and port combination to use for the new connector.
11. Choose Next.
12. On the Remote Network Settings window, indicate which systems or range of IP addresses should be allowed to relay through this connector. In the example shown the host system with IP address 192.168.1.200 and any system with an IP address in the range 192.168.1.0 to 192.168.1.254 will be allowed to relay through this connector.
Indicate the systems with rights to relay through this connector.
13. Choose Next.
14. On the summary screen, click the New button to create the connector.
15. Open the properties page of the new connector. To do so, right click the new connector and choose Properties.
16. From the connector’s Properties page, choose the Permission Groups tab (Figure E).
17. Select the checkbox next to “Exchange Servers”.
Select Exchange Servers. You must do this before you continue.
18. From the connector’s Properties page, choose the Authentication tab.
19. Select the checkbox next to “Externally Secured (for example, with IPsec)”.
Select External Secured to tell Exchange that the third party device somehow manages it own permissions.
20. Choose OK.
At this point, you should be able to relay from the third party system.
Wednesday, December 1, 2010
Saturday, September 11, 2010
Blackberry Server Compatibility Matrix -- Exchange Service Packs !!
Remember always check the matrix BEFORE applying any of the Exchange Service Packs or else you may find yourself doing some emergency Blackberry Server upgrades at the same time!
See link for latest matrix:
http://na.blackberry.com/eng/support/software/server_compatibility.jsp#tab_tab_compatibility
See link for latest matrix:
http://na.blackberry.com/eng/support/software/server_compatibility.jsp#tab_tab_compatibility
Tuesday, June 1, 2010
Uninstall Exchange 2007 SP1 Mailbox role from Server 2008 R2
If you are getting error:
"An error occurred. The error code was 3221685466. The message was The service is already registered.." while trying to uninstall Exchange 2007 SP1 Mailbox role from Server 2008 R2
Try changing registry key value from "Uninstall" to "Install" located at
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Exchange\v8.0\Mailbox\
after that try uninstalling again.
Your mileage may vary -- so far it's worked 5 out of 6 tries for us.
"An error occurred. The error code was 3221685466. The message was The service is already registered.." while trying to uninstall Exchange 2007 SP1 Mailbox role from Server 2008 R2
Try changing registry key value from "Uninstall" to "Install" located at
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Exchange\v8.0\Mailbox\
after that try uninstalling again.
Your mileage may vary -- so far it's worked 5 out of 6 tries for us.
Monday, April 26, 2010
Exchange 2007 - Problem loading a certificate to be used for STARTTLS Purpose
Great reference point on resolving this "annoying" error message.
Alert : Exchange 2007 - Problem loading a certificate to be used for STARTTLS Purpose.
Generally this condition occurs if one or both of the following conditions is true:
1. The fully qualified domain name (FQDN) that is specified in the Warning event has been defined on a Receive connector or Send connector on a Microsoft Exchange Server 2007 transport server, and no certificate is installed on the same computer that contains the FQDN in the Subject or Subject Alternative Name fields.
2. A third-party or custom certificate has been installed on the server and it contains a matching FQDN. However, the certificate is not enabled for the SMTP service Others Exchange
Knowledge Base Details
Possible Cause :
As per Microsoft: "This Warning event indicates that there is a problem loading a certificate to be used for STARTTLS purposes. Generally, this problem occurs if one or both of the following conditions is true:
- The fully qualified domain name (FQDN) that is specified in the Warning event has been defined on a Receive connector or Send connector on a Microsoft Exchange Server 2007 transport server, and no certificate is installed on the same computer that contains the FQDN in the Subject or Subject Alternative Name fields.
- A third-party or custom certificate has been installed on the server and it contains a matching FQDN. However, the certificate is not enabled for the SMTP service".
User Acton :
1. Open "Exchange Management Shell".
2. Write "get-ExchangeCertificate" and press on "Enter" button.
3. Write down the Thumbprint of the certificate that reflect the required FQDN name of the server.
4. Review the current certificate that use by the Exchange server and
each certificate function.
5. Write "Enable-ExchangeCertificate -Thumbprint 2afd26617915932ad096c48eb3b847fc7457662 -Services "SMTP"
and press on 'Enter" button.
The value of -Thumbprint obtained in stage 3.
6. Restart the Exchange server.
For Creating a Certificate or Certificate Request for TLS check the below article
http://technet.microsoft.com/en-us/library/aa998840.aspx
Alert : Exchange 2007 - Problem loading a certificate to be used for STARTTLS Purpose.
Generally this condition occurs if one or both of the following conditions is true:
1. The fully qualified domain name (FQDN) that is specified in the Warning event has been defined on a Receive connector or Send connector on a Microsoft Exchange Server 2007 transport server, and no certificate is installed on the same computer that contains the FQDN in the Subject or Subject Alternative Name fields.
2. A third-party or custom certificate has been installed on the server and it contains a matching FQDN. However, the certificate is not enabled for the SMTP service Others Exchange
Knowledge Base Details
Possible Cause :
As per Microsoft: "This Warning event indicates that there is a problem loading a certificate to be used for STARTTLS purposes. Generally, this problem occurs if one or both of the following conditions is true:
- The fully qualified domain name (FQDN) that is specified in the Warning event has been defined on a Receive connector or Send connector on a Microsoft Exchange Server 2007 transport server, and no certificate is installed on the same computer that contains the FQDN in the Subject or Subject Alternative Name fields.
- A third-party or custom certificate has been installed on the server and it contains a matching FQDN. However, the certificate is not enabled for the SMTP service".
User Acton :
1. Open "Exchange Management Shell".
2. Write "get-ExchangeCertificate" and press on "Enter" button.
3. Write down the Thumbprint of the certificate that reflect the required FQDN name of the server.
4. Review the current certificate that use by the Exchange server and
each certificate function.
5. Write "Enable-ExchangeCertificate -Thumbprint 2afd26617915932ad096c48eb3b847fc7457662 -Services "SMTP"
and press on 'Enter" button.
The value of -Thumbprint obtained in stage 3.
6. Restart the Exchange server.
For Creating a Certificate or Certificate Request for TLS check the below article
http://technet.microsoft.com/en-us/library/aa998840.aspx
Exchange 2007 - The STARTTLS certificate will soon expire
Sometimes too much security can add to your to do list.... It's good to keep on top of this as TLS security does indeed serve a purpose.
The certificate that is used for Transport Layer Security (TLS) on this computer will expire soon. Critical Non-Impact Alerts Exchange 2007
Knowledge Base Details
Run "Get-ExchangeCertificate |fl" and look for the relevant Thumbprint referred to in the event id 12017 / 12018.
The default self-signed cert has to be renewed. A 12017 warning that contains the number of hours you have left to do this precedes this event.
Run the following Exchange PowerShell commands to resolve this issue:
1. get-exchangecertificate | fl
2. new-exchangecertificate -confirm -DomainName servername servername.domain.name -Keysize 2048 -Services SMTP
3. enable-exchangecertificate -Thumbprint LONGHEXNUMBER -Services:None
The first command gives you the list of your certificates. Find the matching thumbprint (long hex number) to see the one that is expiring. Use the parameters shown in that certificate to fill in the fields for your second command. Then, once successful use the third command to disable the expiring certificate from all services.
The certificate that is used for Transport Layer Security (TLS) on this computer will expire soon. Critical Non-Impact Alerts Exchange 2007
Knowledge Base Details
Run "Get-ExchangeCertificate |fl" and look for the relevant Thumbprint referred to in the event id 12017 / 12018.
The default self-signed cert has to be renewed. A 12017 warning that contains the number of hours you have left to do this precedes this event.
Run the following Exchange PowerShell commands to resolve this issue:
1. get-exchangecertificate | fl
2. new-exchangecertificate -confirm -DomainName servername servername.domain.name -Keysize 2048 -Services SMTP
3. enable-exchangecertificate -Thumbprint LONGHEXNUMBER -Services:None
The first command gives you the list of your certificates. Find the matching thumbprint (long hex number) to see the one that is expiring. Use the parameters shown in that certificate to fill in the fields for your second command. Then, once successful use the third command to disable the expiring certificate from all services.
Friday, April 23, 2010
Microsoft releases Office 2010, SharePoint 2010 to TechNet, MSDN
If you have an MSDN or TechNet subscription, Office 2010 is now available for download. In addition, Microsoft has made SharePoint 2010 and the Office Web Apps 2010 package (which requires a SharePoint Server) available for subscribers of both services.
Anyone considering an Office 2010 deployment should be testing both the 32-bit and 64-bit versions. But if you’re planning to use the software in production environments for normal business use, I strongly recommend installing the 32-bit version, even on 64-bit Windows installations? There’s no real advantage to using 64-bit code unless you expect to work with very large Excel files, and there are potentially substantial compatibility headaches caused by add-ins that aren’t 64-bit aware.
http://blogs.zdnet.com/Bott/?p=2025
Anyone considering an Office 2010 deployment should be testing both the 32-bit and 64-bit versions. But if you’re planning to use the software in production environments for normal business use, I strongly recommend installing the 32-bit version, even on 64-bit Windows installations? There’s no real advantage to using 64-bit code unless you expect to work with very large Excel files, and there are potentially substantial compatibility headaches caused by add-ins that aren’t 64-bit aware.
http://blogs.zdnet.com/Bott/?p=2025
Sunday, March 28, 2010
Microsoft hohm beta -- Going Green
Hohm is a free web service that helps you understand your home energy use and how to be more energy-efficient. Check out how much money you could save, then sign up to get your personalized energy report and savings tips today!
http://www.microsoft-hohm.com/
Provides some very helpful.. simple ideas to save a Kwh.
http://www.microsoft-hohm.com/
Provides some very helpful.. simple ideas to save a Kwh.
Saturday, January 2, 2010
Move DCHP from Windows 2003 to 2008
As we migrate clients from Windows 2003 to 2008 we encounter multiple situations where instead of reinventing the wheel we can leverage some nifty tools and processes... this is such an instance as we migrated a client from 2003 to 2008.
Migrate DHCP role and information from Windows 2003 to 2008:
Create a dhcp.txt file on the the 2003 server by running the following command: " netsh dhcp server export C:\dhcp.txt all "
On the 2008 server run the following command: " netsh dhcp server import c:\dhcp.txt all "
For an export and import of DHCP database for 2008 choose "netshell dhcpbackup" and "netshell dhcp restore" command (http://technet.microsoft.com/en-us/l.../cc772372.aspx)
Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights.
Migrate DHCP role and information from Windows 2003 to 2008:
Create a dhcp.txt file on the the 2003 server by running the following command: " netsh dhcp server export C:\dhcp.txt all "
On the 2008 server run the following command: " netsh dhcp server import c:\dhcp.txt all "
For an export and import of DHCP database for 2008 choose "netshell dhcpbackup" and "netshell dhcp restore" command (http://technet.microsoft.com/en-us/l.../cc772372.aspx)
Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights.
Subscribe to:
Posts (Atom)