Exchange 2010 and your own PKI infrastructure

When it comes to Exchange Server 2007 or Exchange Server 2010 it is a best practice to use a real world SSL certificate for the Client Access Server. In Microsoft knowledge base article 929395 (http://support.microsoft.com/kb/929395) four vendors are listed as supported vendors for SSL certificates. Of course there are more, and their certificates work fine, but you can also use an internal Windows Server 2008 Certificate Services environment. Especially when you have only domain joined clients this shouldn’t be a problem…

Client Access Server and Certificates

When installing the Exchange Server 2010 Client Access Server, a self-signed certificate, containing just the server name, is generated and installed on the server, and can be used for testing purposes after installing the server. For testing purposes this self-signed certificate also contains the local FQDN in the “Subject Alternative Names” field for testing with Outlook Anywhere. It is naturally a best practice not to use this self-signed certificate in a production environment, but rather to use a third party certificate on the Client Access Server.

Continue reading Exchange 2010 and your own PKI infrastructure

Exchange 2010 SP1 Hosting & Control Panel

In an earlier article I explained a bit about the hosting features that are available in Exchange Server 2010 SP1. This hoster edition (I’ll abbreviate this to HEX2010SP1) is primarily targeted towards hosting companies, you need for example an SPLA license agreement to resell this.

Note: if you need really to address this functionality inside an enterprise organization, then you have to stick with Exchange 2007. Or you have to wait for Exchange 2010 SP2 which will likely contain this functionality in a form of Address Book Policies.

Continue reading Exchange 2010 SP1 Hosting & Control Panel

New-ReceiveConnector fails

When creating a new Receive Connector on Exchange Server 2007 SP3 (Update Rollup 2) the creation failed with a non-retriabele error and a “the requested attribute does not exist” error:

Active Directory operation failed on DC02.labs.local. This error is not retriable. Additional information: The parameter is incorrect.
Active directory response: 00000057: LdapErr: DSID-0C090C3E, comment: Error in attribute conversion operation, data 0, v1db1
The requested attribute does not exist.
Exchange Management Shell command attempted:
new-ReceiveConnector -Name ‘Relay X2007SP3′ -Usage ‘Custom’ -Bindings ‘10.0.0.217:25′ -RemoteIPRanges ‘10.0.0.213-255.255.255.255′ -Server ‘X2007SP3′

According to this article on the Microsoft Exchange Team site more people are facing this issue (scroll through the comments). It looks like something specific to UR1 and UR2 for Exchange Server 2007 SP3: http://msexchangeteam.com/archive/2010/09/09/456198.aspx

Microsoft is aware of this issue and it is currently being investigated. It looks like the schema upgrade during SP3 is not performed properly sometimes, resulting in an incorrect schema for Service Pack 3. Unfortunately the setup application of SP3 continues, resulting in these kind of errors.

That being said, you can solve it by running the Exchange 2007 SP3 schema upgrade again:

Setup.com /PrepareSchema

After this creation of a new Receive Connector is successful.

When this issue is fully investigated by Microsoft and a solution is available an official Microsoft knowledgebase article will be available as well.

Change SMTP Header Information

Every message that is sent (over the Internet) has header information. This header contains all kinds of information regarding the message, where it comes from, sent to, time, message identifier etc. All mail servers use this information to process the messages.

But when you take a closer look you’ll see information in the header of a message about your internal network. For example, I’ve sent a message from my Hub Transport Server, throught my Edge Transport Server to an external recipient and this is what I seen in the header information: Continue reading Change SMTP Header Information

Custom Address List for Equipment Mailboxes

In Exchange 2010 there are multiple default address lists available, like All Users, All Groups, All Contacts, and there’s an All Rooms Address list for all Room Resource Mailboxes:

clip_image002[4]

When opening the All Rooms address list, you can see it uses a custom filter to get all the room mailboxes from the Exchange organization: Continue reading Custom Address List for Equipment Mailboxes

Follow

Get every new post delivered to your Inbox.

Join 26 other followers