Tag Archives: Exchange 2010

Change SMTP Header Information

Every message that is sent (over the Internet) has header information. This header contains all kinds of information regarding the message, where it comes from, sent to, time, message identifier etc. All mail servers use this information to process the messages.

But when you take a closer look you’ll see information in the header of a message about your internal network. For example, I’ve sent a message from my Hub Transport Server, throught my Edge Transport Server to an external recipient and this is what I seen in the header information: Continue reading Change SMTP Header Information

Configure Domain Controller in Exchange 2010

10 years ago it was a best practice to use an ’empty root’ Active Directory model. Lately I see this model quite often in Exchange 2003 environment that need to be upgraded to Exchange 2010.

A customer has an empty root AD with 2 domain controllers in this empty root. Outlook’s autodiscover sometimes returns one of these domain controllers, but in this specific scenario these domain controllers are behind a firewall. Therefore they cannot be used for authentication purposes by (desktop) clients.

Exchange has a service (MSExchange ADAccess) that uses the topology discover to retrieve a list of available domain controllers. You can check the properties of the Exchange Server in the Exchange Management Console or you can check the eventlog for Event ID 2080.

Log Name: Application

Source: MSExchange ADAccess

Date: 15-11-2010 12:46:57

Event ID: 2080

Task Category: Topology

Level: Information

Keywords: Classic

User: N/A

Computer: cashub01.infra.root.local

Description:

Process MSEXCHANGEADTOPOLOGYSERVICE.EXE (PID=1576). Exchange Active Directory Provider has discovered the following servers with the following characteristics:

(Server name | Roles | Enabled | Reachability | Synchronized | GC capable | PDC | SACL right | Critical Data | Netlogon | OS Version)

In-site:

AD001.root.local CD- 1 6 6 0 0 1 1 6 1

AD005.infra.root.local CD- 1 6 6 0 0 1 1 6 1

AD013.infra.root.local CDG 1 7 7 1 0 1 1 7 1

AD014.infra.root.local CDG 1 7 7 1 0 1 1 7 1

AD002.root.local CDG 1 7 7 1 0 1 1 7 1

AD004.infra.root.local CDG 1 7 7 1 0 1 1 7 1

AD006.infra.root.local CDG 1 7 7 1 0 1 1 7 1

AD003.infra.root.local CD- 1 6 6 0 0 1 1 6 1

Out-of-site:

To exclude a particular domain controller the Set-ExchangeServer cmdlet can be used in the Exchange Management Shell. In this example the AD001 domain controller is excluded for Exchange Server CASHUB01:

Set-ExchangeServer Identity “CASHUB01” –StaticExcludedDomainControllers AD001.root.local

Is is also possible to create a list of domain controllers and global catalog servers that are allowed by the Exchange Server:

Set-ExchangeServer Identity “CASHUB01” –StaticDomainControllers AD005.infra.root.local,AD003.infra.root.local

Set-ExchangeServer Identity “CASHUB01” –StaticGlobalCatalogs AD013.infra.root.local,AD014.infra.root.local

After configuring the Exchange Server you’ll see the results in the event log:

Log Name: Application

Source: MSExchange ADAccess

Date: 15-11-2010 22:05:18

Event ID: 2080

Task Category: Topology

Level: Information

Keywords: Classic

User: N/A

Computer: cashub01.infra.root.local

Description:

Process MSEXCHANGEADTOPOLOGYSERVICE.EXE (PID=1576). Exchange Active Directory Provider has discovered the following servers with the following characteristics:

(Server name | Roles | Enabled | Reachability | Synchronized | GC capable | PDC | SACL right | Critical Data | Netlogon | OS Version)

In-site:

AD001.root.local CD- 0 0 0 0 0 0 0 0 0

AD005.infra.root.local CD- 1 6 6 0 0 1 1 6 1

AD013.infra.root.local CDG 1 7 7 1 0 1 1 7 1

AD014.infra.root.local CDG 1 7 7 1 0 1 1 7 1

AD002.root.local CDG 0 0 0 1 0 0 0 0 0

AD004.infra.root.local CDG 1 7 7 1 0 1 1 7 1

AD006.infra.root.local CDG 1 7 7 1 0 1 1 7 1

AD003.infra.root.local CD- 1 6 6 0 0 1 1 6 1

Out-of-site:

The certificate is invalid for Exchange Server usage

When you have an Internet facing Exchange 2010 Client Access Server you most likely will have a 3rd party certificate installed on this CAS Server. Every time the certificate is requested it is checked for validity, and this is checked against a webserver of the Certificate Authority.

When you have Threat Management Gateway (TMG) 2010 Server in front of the CAS Server all HTTP(S) traffic is routed via the TMG Server. The TMG Server is the default gateway on the network interface and in Internet Explorer you have to configure the TMG server as the HTTP proxy.

Continue reading The certificate is invalid for Exchange Server usage