tag:blogger.com,1999:blog-6168833768696927622024-03-13T14:41:18.463+03:00Khurram's BlogBlogs about my Technical experience and Activities
(I am also maintaining my blog on wordpress <a href="http://khurramullah.wordpress.com">http://khurramullah.wordpress.com</a>)Khurram Ullah Khanhttp://www.blogger.com/profile/01586006283272265927noreply@blogger.comBlogger110125tag:blogger.com,1999:blog-616883376869692762.post-56315667927939177032013-01-28T16:08:00.001+03:002013-01-28T16:08:56.362+03:00Lync Audio/Video Disabled in batch<p>If you want to disable Audio/Video for batch and only want to allow basic Lync features then following will be the command for this; <p>Import-Csv C:\<b>LyncBatch.csv</b>| ForEach-Object{$varUserId=$_.userid;set-CsUser -Identity $varUserid -AudioVideoDisabled $True} <p>In order to run this command, there should be a CSV file present in C:\ drive named as lyncbatch.csv. This file should have aliases of all the users accounts needs to disable Audio/video in following format(List should always start with <strong>userid</strong>) ; <p>userid <p>JDoe <p>MTaylor <p>BLee <p> <p>After running this command the user can do chat and web conferencing but there will be no Audio/Video/Enterprise voice service available for user.</p> Khurram Ullah Khanhttp://www.blogger.com/profile/01586006283272265927noreply@blogger.com0tag:blogger.com,1999:blog-616883376869692762.post-29838731297327754752013-01-28T15:10:00.001+03:002013-01-28T15:10:58.347+03:00Batch Command for enabling Lync Users<p>Following is a very useful command for enabling Lync users in batches;</p> <p>Import-Csv C:\<b>LyncBatch.csv</b> | ForEach-Object{$varUserId=$_.userid; Enable-CsUser -Identity $varUserid -RegistrarPool lspool01.contoso.com –SipAddressType EmailAddress -SipDomain contoso.com}</p> <p>In order to run this command, there should be a CSV file present in C:\ drive named as lyncbatch.csv. This file should have aliases of all the users accounts needs to migrate in following format(List should always start with <strong>userid</strong>) ;</p> <p>userid</p> <p>JDoe</p> <p>MTaylor</p> <p>BLee</p> Khurram Ullah Khanhttp://www.blogger.com/profile/01586006283272265927noreply@blogger.com0tag:blogger.com,1999:blog-616883376869692762.post-78709238790570494872012-07-15T17:22:00.000+03:002012-07-15T17:24:48.496+03:00Windows Live Audio/video Federation with Lyncwas aware that we can federate with windows live for instant messaging integration but was not sure about Audio/Video. After some research i found following blog post which is confirming this type of federation;<br />
<br />
<a href="http://www.confusedamused.com/notebook/lync-to-windows-live-av-federation/">http://www.confusedamused.com/notebook/lync-to-windows-live-av-federation/</a><br />
<br />
Please be aware that in order to federate with windows live you have to change Lync encryption settings<br />Khurram Ullah Khanhttp://www.blogger.com/profile/01586006283272265927noreply@blogger.com0tag:blogger.com,1999:blog-616883376869692762.post-18005938717558629322012-07-10T15:28:00.000+03:002012-07-15T17:22:29.942+03:00Lync 2010 Mobility in Split-brain DNS setupAfter reading Mobility guide from Microsoft, it is not very clear that how users will connect to Lync auto discover service externally and internally in split brain DNS Setup and it requires reading again and again and troubleshooting again and again to find out the correct setup, in summary following should be the DNS configuration in split-brain DNs setup (Note: Split-brain DNS refers to the DNS setup where your DNS zone is split between your Internal Network and your external network for example Contoso.com zone is also present in internal AD forest DNS servers and also published outside publish DNS servers);<br />
<br />
1. Lync Auto discover URL should be in external and internal DNS servers pointing to Lync external web services URL.<br />
<br />
2. Lync Auto discover internal URL should be present in your internal DNS server pointing to Lync internal web services URL.<br />
<br />
3. There should be a entry for Lync external web services URL in your internal DNS servers pointing to lync external web services IP for “Hair-pining” Lync mobile traffic to Reverse proxy servers.<br />
<br />
4. Reverse proxy Rule for lync auto discover service should have lync discover internal URL added for mobile clients connecting from internal network through lync external web service public IP.<br />Khurram Ullah Khanhttp://www.blogger.com/profile/01586006283272265927noreply@blogger.com0tag:blogger.com,1999:blog-616883376869692762.post-77603140643196184552012-07-10T15:14:00.000+03:002012-07-10T15:14:06.019+03:00Lync 2010 BloggingI have recently implemented Lync services in our organization and came across lots of problems mainly due to the guides which Microsoft has published is not clear and have lots of questions unanswered. The only way to do a correct configuration is to to a trial and error and then check if the problem is solved or not or engage Microsoft professional services.<br />
<br />
I will be blogging on some of the issues I have faced and resolved for the benefits of other implementers.<br />Khurram Ullah Khanhttp://www.blogger.com/profile/01586006283272265927noreply@blogger.com0tag:blogger.com,1999:blog-616883376869692762.post-83403172767295981892010-11-10T18:41:00.001+03:002010-11-10T18:41:14.550+03:00Exchange 2007 unable to mount database<p>Recently we had a power failure which caused an improper shutdown to our exchange servers. After recovered from power failure we restarted all servers and fixed some cluster issues but there is one database which is showing failed in cluster manager. I had tried to mount the database but it was not successful and showing that there are some log files missing due to which database cannot mount.</p> <p>For checking what log files are missing I ran following commands against the database which was not mounting. For running this command we have to go to the log drive of the database first and then run this command.</p> <p>eseutil /mh</p> <p>The output of this command is showing that the database is in dirty shutdown state and also showing that what log files are missing. I have checked these log files and luckily I have all log files present in the log drives folder.</p> <p>Now recovery is easy, I have just renamed the check point file to any other name and try to mount it again and this time it mounts successfully without any issues and new checkpoint file is created.</p> Khurram Ullah Khanhttp://www.blogger.com/profile/01586006283272265927noreply@blogger.com1tag:blogger.com,1999:blog-616883376869692762.post-55980997291058546132010-11-10T17:27:00.001+03:002010-11-10T17:27:34.275+03:00MOSS "trial period for this product has expired"<p>Recently I faced an strange issue related to MOSS. One of my content admin is complaining that he is unable to add any link or page in his site anymore. whenever he is trying to create any page he is getting this error</p> <p>"trial period for this product has expired"</p> <p>Our MOSS farm has correct license and we haven't upgraded MOSS from trial version. After thorough analysis and research, I found that there is a bug in MOSS SP2 which reinitializes the license file and turns MOSS normal license to 180 days trial  license.</p> <p>For fixing this issue, you can go to MOSS central admin->operations->Convert license type->Enter product key and add the key again or apply the hotfix mentioned in the below KB article. </p> <p><a title="http://support.microsoft.com/kb/971620" href="http://support.microsoft.com/kb/971620">http://support.microsoft.com/kb/971620</a></p> Khurram Ullah Khanhttp://www.blogger.com/profile/01586006283272265927noreply@blogger.com0tag:blogger.com,1999:blog-616883376869692762.post-39175854733258651252010-10-19T18:33:00.001+03:002010-10-19T18:33:37.084+03:00Renewing Edge Synchronization<p>If you have added any domain on HUB server and you are not able to see this domain on Edge server then might be your synchronization between your hub and edge servers are not working. To test this you can run following command;</p> <p>Test-EdgeSynchronization</p> <p>If the connection result is showing failed then you need to do edge subscription again for this edge server. Following are the steps for this</p> <p>1. On the edge server which is not synchronizing run following command;</p> <p>New-EdgeSubscription -filename "C:\temp\edgesub.xml"</p> <p>now copy this .xml file to hub server and run following command</p> <p>New-EdgeSubscription -filename "C:\temp\edgesub.xml" –site London</p> <p>Please note the site parameter is required to bind this edge server to a specific AD site.</p> <p>Now run following command</p> <p>Start-EdgeSynchronization</p> <p>You will notice that now the edge server is synchronizing data with HUB server.</p> <p>For verification you can run test command again and this time it should show you the success message </p> <p>Test-EdgeSynchronization</p> Khurram Ullah Khanhttp://www.blogger.com/profile/01586006283272265927noreply@blogger.com0tag:blogger.com,1999:blog-616883376869692762.post-37086600828226669842010-10-18T14:56:00.001+03:002010-10-18T14:56:47.705+03:00Enabling SCR on WAN<p>SCR is an Exchange 2007 DR solution available from Exchange 2007 SP1 onwards.  You can enable SCR on LAN and also on high latency networks. SCR also gives you benefit to recover from a Datacenter failover scenario. Since last month i was working to enable SCR between our DCs connected via MPLS. After a thorough analysis and lots of try and error i have compiled following results;</p> <p><strong>SCR Enabling Steps:</strong></p> <p>1. Seeding of .Edb File.</p> <p>2. Enable Replication.</p> <p>3. Monitor Replication</p> <p> </p> <p><strong>Step 1: Seeding:</strong></p> <p>Seeding is a prerequisite for enabling SCR, we can enable seeding by automatic way and manual way, because i have to seed .edb file on MPLS which is a high latency network i have to go for manual procedure. Following steps i have followed for manual seeding.</p> <p>1. Take a snapshot of storage group on which i want to enable SCR (we are using snapshot based backup solution) you can also take the normal backup of the storage group. This will also truncate all the committed logs and we have less log files to copy from source to destination after enabling replication. </p> <p>2. Run  below Command </p> <p>Enable-StorageGroupCopy -Identity StorageGroup1 -StandbyMachine London1 -ReplayLagTime 0.1:0:0 –SeedingPostponed</p> <p>The above command will enable SCR on storage group “StorageGroup1”. Standby machine (destination server) used is London and the replay lag time i have mentioned is 1 minute. seeding postponed is used because i don't want to enable seeding automatically i want to copy .edb file manually to destination server. </p> <p>After running the above command, log files for this storage group will not truncate unless until we enable replication. This means that the drive space of log files folder should also be carefully planned because if the latency is high and the .edb file is taking days to copy then the log file drive space might going to be fill which will affect the production environment.</p> <p>3. Take a snapshot on the storage group again or take a normal storage group backup again.</p> <p>4. Ask the backup team to provide the .edb file from the last snapshot.</p> <p>5. Use TeraCopy to copy .edb file from source to destination server. make sure the drive letters for log and data drive are same on standby server because it is one of the prerequisites of SCR.</p> <p><strong>2. Enabling Replication:</strong></p> <p>Replication will copy all logs files from source to destination. Replication is an ongoing process and whenever a log file is created on source it has to be shipped to destination for making both source and destination mailbox databases in same state.</p> <p>Following is the command for enabling replication</p> <p>Resume-StorageGroupCopy -Identity StorageGroup1 -StandbyMachine London1</p> <p>after running the above command you will see that the log files started to copy from source to destination server. Standby server will replay these log files after 50 logs files has been copied. The first log file after you enable SCR should be present on destination otherwise replication will fail.</p> <p><strong>3. Monitoring Replication:</strong></p> <p>It is very important to check the status of storage group copy. The below command will show us the health of SCR and how many files in copy queue and replay queue.</p> <p>get-storagegroupcopystatus StorageGroup1 -standbymachine London1</p> <p>If you are seeing failed  in the summarycopystatus field then there is a possibility that the database you have seeded and the logs files copied are not at the same state (LSN number mismatch) or might be you don't have the first log file available to replay on the destination.</p> <p>If you are seeing large number of files in copy queue length then bandwidth might be the possible cause.</p> <p>You can also run following command on standby server for checking replication status;</p> <p>Test-ReplicationHealth</p> Khurram Ullah Khanhttp://www.blogger.com/profile/01586006283272265927noreply@blogger.com0tag:blogger.com,1999:blog-616883376869692762.post-64619890440658995742010-06-08T22:41:00.001+03:002010-06-08T22:41:39.222+03:00Moving LCS databases to Different SQL server<p>LCS use 2 databases for its configuration and user data</p> <ol> <li>RTC</li> <li>RTCConfig</li> </ol> <p>If you want to move these databases to different SQL server then you need to follow below sequence</p> <ol> <li>Stop Live communication Server Service.</li> <li>Take backup of the above mentioned databases.</li> <li>Restore to them to new SQL server.</li> <li>Make sure you have all 4 LCS domain groups (mentioned below) added to new SQL server and have all the required permissions given (Compare permission with the existing SQL server). <br /><strong><u>LCS Domain Groups:</u></strong> <br />RTCABSDomainServices <br />RTCDomainServerAdmins <br />RTCDomainUserAdmins <br />RTCHSDomainServices</li> <li>Run Following Command for setting new SQL server information;   <br />LcsCmd.exe /forest /action:UpdatePoolBackend /poolname:[PoolName] /poolbe:[SQLSeverName]</li> <li>Start LCS service again.</li> <li>Open LCS MMC.</li> <li>Make sure all services are running fine.</li> </ol> Khurram Ullah Khanhttp://www.blogger.com/profile/01586006283272265927noreply@blogger.com0tag:blogger.com,1999:blog-616883376869692762.post-70098415461928737212010-04-11T18:00:00.001+03:002010-04-11T18:00:11.023+03:00Exchange 2010 Unified Communication webcast<p>During some searching i found an excellent webcast on Exchange 2010 unified communication features. Following is the link;</p> <p><a title="https://msevents.microsoft.com/CUI/WebCastEventDetails.aspx?culture=en-US&EventID=1032442908&CountryCode=US" href="https://msevents.microsoft.com/CUI/WebCastEventDetails.aspx?culture=en-US&EventID=1032442908&CountryCode=US">https://msevents.microsoft.com/CUI/WebCastEventDetails.aspx?culture=en-US&EventID=1032442908&CountryCode=US</a></p> Khurram Ullah Khanhttp://www.blogger.com/profile/01586006283272265927noreply@blogger.com0tag:blogger.com,1999:blog-616883376869692762.post-64674334516894772542010-04-09T16:20:00.001+03:002010-04-09T16:20:12.436+03:00SharePoint website not opening on same server<p>I faced a strange issue recently, i have deployed SharePoint 2003 servers for one project and one of the requirements was to open SharePoint site from same server. when i was trying to open site from the same server i was getting authentication prompts and the site was not opening. I have even added the URL entry in the local host file but the issue remains same. After googling i found one Microsoft KB on the same issue which stated that  “This issue occurs if you install Microsoft Windows XP Service Pack 2 (SP2) or Microsoft Windows Server 2003 Service Pack 1 (SP1). Windows XP SP2 and Windows Server 2003 SP1 include a loopback check security feature that is designed to help prevent reflection attacks on your computer. Therefore, authentication fails if the FQDN or the custom host header that you use does not match the local computer name.”</p> <p>In order to fix this we need to disable loopback check on all web server which are facing this behavior. I have applied this fix on my both front-end servers and after restarting both front-end servers the issue solved and i can now open website on same server. Following is the fix i followed.</p> <li>Click <strong>Start</strong>, click <strong>Run</strong>, type regedit, and then click <strong>OK</strong>. </li> <li>In Registry Editor, locate and then click the following registry key: <p><strong>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa</strong></p> </li> <li>Right-click <strong>Lsa</strong>, point to <strong>New</strong>, and then click <strong>DWORD Value</strong>. </li> <li>Type DisableLoopbackCheck, and then press ENTER. </li> <li>Right-click <strong>DisableLoopbackCheck</strong>, and then click <strong>Modify</strong>. </li> <li>In the <strong>Value data</strong> box, type 1, and then click <strong>OK</strong>. </li> <li>Quit Registry Editor, and then restart your computer <p> </p> <p>Following is the KB for this issue;</p> <p><a title="http://support.microsoft.com/kb/896861" href="http://support.microsoft.com/kb/896861">http://support.microsoft.com/kb/896861</a></p> <p></p> </li> Khurram Ullah Khanhttp://www.blogger.com/profile/01586006283272265927noreply@blogger.com0tag:blogger.com,1999:blog-616883376869692762.post-61990217259220096232010-04-07T17:38:00.001+03:002010-04-07T17:39:45.683+03:00Command for shrinking Log files<p>Below command will shrink SQL log files and also release unused physical space on drives.</p> <p><strong>Use DatabaseName</strong></p> <p><strong>Backup log databasename with no_log</strong></p> <p><strong>DBCC SHRINKFILE (logfilename)</strong></p> Khurram Ullah Khanhttp://www.blogger.com/profile/01586006283272265927noreply@blogger.com0tag:blogger.com,1999:blog-616883376869692762.post-56217734680677711352010-04-07T17:02:00.001+03:002010-04-07T17:02:24.903+03:00WSS search and SQL 2005 indexing issue<p>Recently we have migrated our SharePoint 2003 from one AD forest to another forest, apart of this change we have also upgraded our backend DB from  SQL 2000 to SQL 2005.  Recently i faced a very critical issue, one of the heavily used site is not showing search result and the search is timing out. In order to investigate this issue i have identified the query in the SQL profiler and ran it directly on the SQL management studio. It took around 10 minutes to show results in new DB Server (SQL 2005)  but the same query is returning result in 1 sec in the old DB server (SQL 2000) i ran the query again with the Query execution plan against both servers and compared it, i have seen the cost for referencing Clustered index is very high in new DB server as compared to old DB server.  After some researching i have planned to update DB statistics by using following command;</p> <p>update statistics tablename</p> <p>SharePoint create its own indexes which we cannot alter and it uses the hard coded name for indexes such as ix_databasename. As per my analysis after moving DBs from SQL 2000 to SQL 2005 the databases statistics were not updated and indexes were not using optimal path for searching for data that why it is showing results after long delays.</p> Khurram Ullah Khanhttp://www.blogger.com/profile/01586006283272265927noreply@blogger.com0tag:blogger.com,1999:blog-616883376869692762.post-49155914324442652982010-04-07T15:54:00.001+03:002010-04-07T15:54:27.986+03:00Exchange 2007 unable to view deleted mailbox<p>In exchange 2007 if you delete any mailbox or any AD user, the mailbox will be there for 30 days in disconnected mailbox view and you can reconnect it again within 30 days if you want to restore the mailbox to its original state. After 30 days the mailbox will be permanently deleted and you can then only restore it from the backup.</p> <p>Recently i faced a strange issue, one of the mailbox user was deleted by mistake and i am unable to see this user in disconnected mailbox view. The mailbox was deleted 2 days back which is under 30 days threshold but still the mailbox was not visible. After done some research and some help from one of my friend i figured out that i have to run following command in order to make this mailbox visible in disconnected mailbox view</p> <p>Clean-mailboxdatabase –identity Databasename</p> <p>As per Microsoft, </p> <p><em>“use the <strong>Clean-MailboxDatabase</strong> cmdlet to scan the Active Directory directory service for disconnected mailboxes that are not yet marked as disconnected in the Microsoft Exchange store and update the status of those mailboxes in the Exchange store. This cmdlet is not able to update the Exchange store unless the Microsoft Exchange Information Store service is running and the database is mounted.</em></p> <p><em>A connected mailbox has two parts: the mailbox object in the Exchange store, and the user object with Exchange properties in Active Directory. A disconnected mailbox is the mailbox object in the Exchange store, but it is not connected to a user object in Active Directory</em></p> <p><em>Under normal circumstances, it is not necessary to run <strong>Clean-MailboxDatabase</strong> because a mailbox is marked as disconnected immediately after the <strong>Disable-Mailbox</strong> or <strong>Remove-Mailbox</strong> command completes. If you used the <strong>Disable-Mailbox</strong> cmdlet or the <strong>Remove-Mailbox</strong> cmdlet while the Exchange Information Store service was stopped, or if a mailbox was disabled by an external means other than the <strong>Disable-Mailbox</strong> cmdlet or <strong>Remove-Mailbox</strong> cmdlet, you may want to use the <strong>Clean-MailboxDatabase</strong> cmdlet to scan for disconnected mailboxes.”</em></p> Khurram Ullah Khanhttp://www.blogger.com/profile/01586006283272265927noreply@blogger.com1tag:blogger.com,1999:blog-616883376869692762.post-57316665803142486412010-03-30T16:10:00.001+03:002010-03-30T16:10:42.965+03:00SQL 2005 services not starting<p>When you have SQL server running in clustering and you changed any startup parameters, it is possible that SQL services will not run due to any incorrect parameter  settings. As per Microsoft this is because the cluster service obtains an incorrect protocol setting from a cluster checkpoint when you start the SQL Server service.</p> <p>In order to fix this issue you have to first remove the last check point by running this command (after making SQL server resource offline)</p> <p><b>cluster res "SQL Server (Instancename)" /removecheck: "Software\Microsoft\Microsoft SQL Server\<var>MSSQL.x</var>\MSSQLSERVER</b></p> <p>and then fix the startup parameters for all nodes and then run following commands</p> <p><b>cluster res "SQL Server (Instancename)" /addcheck: "Software\Microsoft\Microsoft SQL Server\<var>MSSQL.x</var>\MSSQLSERVER"</b></p> <p>Following is the Microsoft KB for more details.</p> <p><a title="http://support.microsoft.com/kb/912397" href="http://support.microsoft.com/kb/912397">http://support.microsoft.com/kb/912397</a></p> Khurram Ullah Khanhttp://www.blogger.com/profile/01586006283272265927noreply@blogger.com1tag:blogger.com,1999:blog-616883376869692762.post-39222052705311161152009-07-17T01:11:00.001+03:002009-07-17T01:12:45.705+03:00Exchange 2007- Mapi session exceeded the maximum of 32 objects of type "session"<p>Two days back i faced a strange issue from one of the user that he is not able to open his outlook. Although he can open his OWA but whenever he open his outlook he is getting following error </p> <p>“Unable to open your default e-mail folders. You must connect to your Microsoft Exchange Server computer with the current profile before you can synchronize your folders with the offline folder file”</p> <p>After further investigation i found that there is an event logged in the application events of the mailbox server for the same user</p> <p>Event Type:      Error <br />Event Source:      MSExchangeIS <br />Event Category:      General <br />Event ID:      9646 <br />Date:            XXXXX <br />Time:           XXXXX <br />User:            N/A <br />Computer:      XXXXX <br />Description: <br />Mapi session "/o=firstorganisation=XXXX/cn=Recipients/cn=<strong>username</strong>" exceeded the maximum of 32 objects of type "session".</p> <p>After researching i found following KB on the same issue</p> <p><a title="http://support.microsoft.com/kb/842022" href="http://support.microsoft.com/kb/842022">http://support.microsoft.com/kb/842022</a></p> <p>As per this KB this issue may occur if the following conditions are true: </p> <ul> <li>You have installed Microsoft Exchange Server 2003 Service Pack 1 (SP1) on the Exchange Server computer. </li> <li>A program that is running on a client computer opens many MAPI sessions to the Exchange Server computer. The number of MAPI sessions is larger than the permitted limit. </li> <li>You are using Microsoft Office Outlook 2007, and you add a large additional mailbox to your profile. For example, this issue may occur if the additional mailbox contains more than one thousand folders. </li> </ul> <p>I am unable to found any of the above condition in my case. Also fixes mentioned in this article is not relevant to my case except the last registry change which i don't want to apply for one user. </p> <p>Then i decided to view the connections on the mailbox server. I downloaded TCP view utility from sysinternals (one of the best sites for troubleshooting tools). After running TCP view i have seen lots of connections coming to mailbox server but the user name which i was searching was not visible in the list of connections, then i ran following command on exchange management shell for finding out the source IP of the user having problem </p> <p>Get-logonstatistics username | FT ClientIPAddress</p> <p>After viewing the IP Address i searched the IP address in the TCP View and was able to found lots of connections coming from the same IP, i killed these sessions by using Kill option in TCP view and then again tried to open the outlook and the issue gone !!!!  I have also informed the user to have a look on his PC for checking if there is any third party software or any other MAPI program which is causing this issue for having a permanent fix for this.</p> Khurram Ullah Khanhttp://www.blogger.com/profile/01586006283272265927noreply@blogger.com4tag:blogger.com,1999:blog-616883376869692762.post-76609157322641922632009-07-10T16:26:00.001+03:002009-07-10T16:26:36.712+03:00Storage in Exchange 2010: Webcast<p>Join the new webcast on exchange 2010 storage technology planned to be delivered on July 13 2009. Following is the registration link</p> <p><a title="http://msevents.microsoft.com/CUI/WebCastEventDetails.aspx?EventID=1032418920&EventCategory=4&culture=en-US&CountryCode=US" href="http://msevents.microsoft.com/CUI/WebCastEventDetails.aspx?EventID=1032418920&EventCategory=4&culture=en-US&CountryCode=US">http://msevents.microsoft.com/CUI/WebCastEventDetails.aspx?EventID=1032418920&EventCategory=4&culture=en-US&CountryCode=US</a></p> Khurram Ullah Khanhttp://www.blogger.com/profile/01586006283272265927noreply@blogger.com0tag:blogger.com,1999:blog-616883376869692762.post-11628177385529625452009-07-10T16:04:00.001+03:002009-07-10T16:04:44.745+03:00Exchange 2010 updates for Windows Mobile<p>During some researching i found an interesting video on Exchange 2010 mobile features and thought worth to blog. As per this video introduction</p> <p> </p> <blockquote> <p>Adam Glick shows us the newest Exchange 2010 features for Windows Mobile 6.1/6.5 and explains the goals the team had for the client mobile experience. On his WM 6.5 device, he walks us through conversation view, ignore/move conversation, voice mail preview, voice to text, and get free/busy. Additionally, he tells us about the new allow/block/quarantine phone list and reporting built in to Exchange 2010.</p> </blockquote> <p> </p> <p>Check out this video on following link</p> <p><a title="http://edge.technet.com/Media/Exchange-2010-updates-for-Windows-Mobile/" href="http://edge.technet.com/Media/Exchange-2010-updates-for-Windows-Mobile/">http://edge.technet.com/Media/Exchange-2010-updates-for-Windows-Mobile/</a></p> Khurram Ullah Khanhttp://www.blogger.com/profile/01586006283272265927noreply@blogger.com0tag:blogger.com,1999:blog-616883376869692762.post-46910794218319966842009-07-06T02:02:00.001+03:002009-07-06T02:02:01.121+03:00Publishing Exchange 2007 OWA via ISA 2006 Reverse Proxy<p>The best way to publish OWA is to publish via ISA reverse proxy deployment. In this blog i will discuss the process for publishing OWA via ISA reverse proxy. The process will be like this;</p> <p>1. Generate CSR for Exchange 2007 CAS server(s).</p> <p>I have discussed CSR generation in my previous blogs (<a title="http://khurramullah.wordpress.com/2009/07/01/exchange-2007-certificate-request-generator/" href="http://khurramullah.wordpress.com/2009/07/01/exchange-2007-certificate-request-generator/">http://khurramullah.wordpress.com/2009/07/01/exchange-2007-certificate-request-generator/</a> and <a title="http://khurramullah.wordpress.com/2009/07/01/command-for-generating-csr-for-exchange-servers/" href="http://khurramullah.wordpress.com/2009/07/01/command-for-generating-csr-for-exchange-servers/">http://khurramullah.wordpress.com/2009/07/01/command-for-generating-csr-for-exchange-servers/</a>) if you have more than one CAS servers then you have to repeat the steps for all of them. </p> <p>Make sure you have included all Subject Alternative  Names (SANs) in your certificate requests such as for webmail, auto discover services etc.</p> <p>2. Submit this request to online Certificate Authorities such as VeriSign, Thwate or Entrust for purchasing UCC (Unified communication certificate). (Exchange 2007 only supports UCC type certificates, UCC=multiple SANs).</p> <p>3. Now we have to import these certificates to Exchange CAS servers.( I have discussed these steps in my previous blog <a title="http://khurramullah.wordpress.com/2009/07/01/importing-certificates-to-exchange-servers/" href="http://khurramullah.wordpress.com/2009/07/01/importing-certificates-to-exchange-servers/">http://khurramullah.wordpress.com/2009/07/01/importing-certificates-to-exchange-servers/</a>)</p> <p>4. Now we have to deploy this certificate to ISA servers. In order to do this you have to first Export certificate from CAS server in .PFX format and then imports it to the ISA servers. Following is the process for doing this;</p> <ol> <li> <div align="left">Open Certificate MMC Snap in on the CAS server for local computer.</div> </li> <li> <div align="left">Go to personal container and locate the certificate which you want to Deploy on ISA Server.</div> </li> <li> <div align="left">Export this certificate with private key in .PFX format.</div> </li> <li> <div align="left">Copy this certificate on ISA Server.</div> </li> <li> <div align="left">Open Certificate MMC Snap in on the ISA server for local computer.</div> </li> <li> <div align="left">Import the copied certificate. </div> </li> <li> <div align="left">Repeat steps 4 to 7 if you have more than one ISA Servers.</div> </li> </ol> <p>5. Forms-based authentication can be configured on the Client Access server when not using ISA Server to publish Exchange Web client access. When ISA Server is being used to publish Exchange Web client access, forms-based authentication should only be configured on the ISA Server computer following are the steps for validating this;</p> <ol> <li>Start the Exchange Management Console. </li> <li>In the Exchange Management Console, expand <b>Server Configuration</b>, and then click <b>Client Access</b>. </li> <li>Select a Client Access server and then select <b>owa (Default Web Site)</b> on the <b>Outlook Web Access</b> page.<a href="http://lh6.ggpht.com/_anKS3MH61EM/SlEwTKiMxiI/AAAAAAAAAbs/nxVOCn1sgII/s1600-h/OWA5%5B4%5D.jpg"><img style="border-right-width: 0px; display: inline; border-top-width: 0px; border-bottom-width: 0px; border-left-width: 0px" title="OWA5" border="0" alt="OWA5" src="http://lh4.ggpht.com/_anKS3MH61EM/SlEwUZxxC2I/AAAAAAAAAbw/pRDZtRnPpY4/OWA5_thumb%5B2%5D.jpg?imgmax=800" width="509" height="223" /></a> </li> <li>In the action pane, click <b>Properties</b> under <b>owa (Default Web Site)</b>. </li> <li>Select the <b>Authentication</b> page, and confirm that the following are selected: <b>Use one or more of the following standard authentication methods</b> and <b>Integrated +</b> <b>Basic authentication (password is sent in clear text)</b>.<a href="http://lh6.ggpht.com/_anKS3MH61EM/SlEwVkD6V2I/AAAAAAAAAb0/S4E-W8QLZzc/s1600-h/clip_image0015.gif"><img style="border-right-width: 0px; display: inline; border-top-width: 0px; border-bottom-width: 0px; border-left-width: 0px" title="clip_image001" border="0" alt="clip_image001" src="http://lh5.ggpht.com/_anKS3MH61EM/SlEwW57QH3I/AAAAAAAAAb4/R_la4Bea1Mc/clip_image001_thumb2.gif?imgmax=800" width="368" height="420" /></a> </li> <li>Click <b>OK</b>. </li> <li>Review the <b>Microsoft Exchange Warning</b> dialog box and click <b>OK</b>. <a href="http://lh3.ggpht.com/_anKS3MH61EM/SlEwYJbRqRI/AAAAAAAAAb8/QZaDDvI1JxU/s1600-h/clip_image00163.gif"><img style="border-right-width: 0px; display: inline; border-top-width: 0px; border-bottom-width: 0px; border-left-width: 0px" title="clip_image001[6]" border="0" alt="clip_image001[6]" src="http://lh6.ggpht.com/_anKS3MH61EM/SlEwZYKHXOI/AAAAAAAAAcA/n2uZo8rxg2M/clip_image0016_thumb1.gif?imgmax=800" width="393" height="286" /></a> </li> <li>Restart IIS by running following command: "<b>iisreset /noforce</b>". </li> <li>Perform this procedure for every Exchange Client Access server. </li> </ol> <p>6. On the CAS server please make sure that “Forms based authentication” is not configured on the Exchange Client Access Activesync folder. By default it is configured for basic authentication.This folder is configured to Basic authentication by default.</p> <p>7. On the enabling page for Outlook Anywhere, we will use Basic authentication (default).</p> <p><a href="http://lh5.ggpht.com/_anKS3MH61EM/SlEwaVROgTI/AAAAAAAAAcE/8k5UPbJRVEg/s1600-h/OWA1%5B8%5D.jpg"><img style="border-right-width: 0px; display: inline; border-top-width: 0px; border-bottom-width: 0px; border-left-width: 0px" title="OWA1" border="0" alt="OWA1" src="http://lh6.ggpht.com/_anKS3MH61EM/SlEwbqy6xGI/AAAAAAAAAcI/s2RVZCJ1vEE/OWA1_thumb%5B4%5D.jpg?imgmax=800" width="267" height="285" /></a> </p> <p>Note: The external host name used here should match the common name or FQDN used in the server certificate installed on the ISA Server computer</p> <p>8. Now we need to publish a Rule for OWA on ISA but before doing this we need to configure web Listener for OWA which will be responsible for  listening OWA requests, following are the steps for configuring web listener for OWA</p> <ol> <li>In the console tree of ISA Server Management, click <b>Firewall Policy</b>: </li> <li>For ISA Server 2006 Standard Edition, expand <b>Microsoft Internet Security and Acceleration Server 2006</b>, expand <b>Server_Name,</b> and then click <b>Firewall Policy.</b> </li> <li>For ISA Server 2006 Enterprise Edition, expand <b>Microsoft Internet Security and Acceleration Server 2006</b>, expand <b>Arrays</b>, expand <b>Array_Name</b>, and then click <b>Firewall Policy</b>. </li> <li>On the Toolbox tab, click <b>Network Objects</b>, click New, and then select <b>Web Listener</b>. Use the wizard to create the Web listener as outlined in the following table </li> </ol> <p></p> <p></p> <p></p> <p></p> <p></p> <table border="1" cellspacing="0" cellpadding="0"><tbody> <tr> <td valign="top"> <p><b>Page</b></p> </td> <td valign="top" width="161"> <p><b>Field or property</b></p> </td> <td valign="top" width="250"> <p><b>Setting</b></p> </td> </tr> <tr> <td valign="top"> <p>Welcome</p> </td> <td valign="top" width="161"> <p>Web listener name</p> </td> <td valign="top" width="250"> <p>Type a name for the Web listener. For example, type <b>Exchange Web Listener</b>. </p> </td> </tr> <tr> <td valign="top"> <p>Client Connection Security</p> </td> <td valign="top" width="161"> <p>Select what type of connections this Web listener will establish with clients</p> </td> <td valign="top" width="250"> <p>Select <b>Require SSL secured connections with clients</b>. </p> </td> </tr> <tr> <td valign="top"> <p>Web Listener IP Addresses</p> </td> <td valign="top" width="161"> <p>Listen for incoming Web requests on these networks</p> <p>ISA Server will compress content</p> </td> <td valign="top" width="250"> <p>Select the <b><u>External</u></b><u> and <b>Internal</b></u><b> </b>networks. </p> <p>Check box should be selected (default).</p> <p>Click <b>Select IP Addresses</b></p> </td> </tr> <tr> <td valign="top"> <p>External Network Listener IP Selection</p> </td> <td valign="top" width="161"> <p>Listen for requests on</p> <p>Available IP Addresses</p> </td> <td valign="top" width="250"> <p>Select <b>Specified IP addresses on the ISA Server computer in the selected network</b>. </p> <p>Select the correct IP address and click <b>Add</b>.</p> <p><a href="http://lh4.ggpht.com/_anKS3MH61EM/SlEwcpYwPLI/AAAAAAAAAcM/DBHrfOOaft0/s1600-h/clip_image00282.jpg"><img style="border-right-width: 0px; display: inline; border-top-width: 0px; border-bottom-width: 0px; border-left-width: 0px" title="clip_image001" border="0" alt="clip_image001" src="http://lh6.ggpht.com/_anKS3MH61EM/SlEweKIwG-I/AAAAAAAAAcQ/RMEDnwiShmU/clip_image001%5B7%5D.jpg?imgmax=800" width="325" height="200" /></a></p> <p><a href="http://lh6.ggpht.com/_anKS3MH61EM/SlEwe9FZP9I/AAAAAAAAAcU/X-Q1HQkMmkE/s1600-h/clip_image0033.gif"><b><img style="border-right-width: 0px; display: inline; border-top-width: 0px; border-bottom-width: 0px; border-left-width: 0px" title="clip_image002" border="0" alt="clip_image002" src="http://lh3.ggpht.com/_anKS3MH61EM/SlEwfnqnBWI/AAAAAAAAAcY/77NXQYxjWHQ/clip_image002%5B3%5D.gif?imgmax=800" width="10" height="10" /></b></a><b>  Notes</b></p> <p>For ISA Server Enterprise Edition with an NLB-enabled array, you should select a virtual IP address.</p> </td> </tr> <tr> <td valign="top"> <p>Listener SSL Certificates</p> </td> <td valign="top" width="161"> <p>Select a certificate for each IP address, or specify a single certificate for this Web listener</p> </td> <td valign="top" width="250"> <p>Select <b>Assign a certificate for each IP address</b>. </p> <p>Select the IP address you just selected and click <b>Select Certificate</b>.</p> <p>Choose the certificate corresponding to the url mapped to this IP in the public DNS/NAT configuration</p> <p>Example:</p> <p>External 192.168.1.101 for abcmail; .102 for xyzmail and .103 for autodiscover</p> <p>Internal: 192.168.12.101 for abcmail; .102 for xyzmail (autodiscover is resolved differently in intranet)</p> <p><a href="http://lh4.ggpht.com/_anKS3MH61EM/SlEwg85DrNI/AAAAAAAAAcc/EuoJYFY31Rc/s1600-h/OWA2%5B2%5D.jpg"><img style="border-right-width: 0px; display: inline; border-top-width: 0px; border-bottom-width: 0px; border-left-width: 0px" title="clip_image003" border="0" alt="clip_image003" src="http://lh4.ggpht.com/_anKS3MH61EM/SlEwiAuOsBI/AAAAAAAAAcg/8aGOgnuFKqY/clip_image003%5B3%5D.jpg?imgmax=800" width="244" height="170" /></a></p> </td> </tr> <tr> <td valign="top"> <p>Authentication Settings</p> </td> <td valign="top" width="161"> <p>Select how clients will provide credentials to ISA Server</p> <p>Select how ISA Server will validate client credentials</p> </td> <td valign="top" width="250"> <p>Select <b>HTML Form Authentication</b> for forms-based authentication and select the appropriate method that ISA Server will use to validate the client's credentials. </p> <p><a href="http://lh3.ggpht.com/_anKS3MH61EM/SlEwje8ULyI/AAAAAAAAAck/Qb7wwxSQhY8/s1600-h/clip_image0073.jpg"><img style="border-right-width: 0px; display: inline; border-top-width: 0px; border-bottom-width: 0px; border-left-width: 0px" title="clip_image004" border="0" alt="clip_image004" src="http://lh4.ggpht.com/_anKS3MH61EM/SlEwkgrQXgI/AAAAAAAAAco/cK2LfTE2r_E/clip_image004%5B3%5D.jpg?imgmax=800" width="244" height="160" /></a></p> </td> </tr> <tr> <td valign="top"> <p>Single Sign On Settings</p> </td> <td valign="top" width="161"> <p>Enable SSO for Web sites published with this Web listener</p> <p>SSO domain name</p> </td> <td valign="top" width="250"> <p>Leave the default setting to enable SSO. </p> <p>To enable SSO between two published sites, such as abcmail.Contoso.com and autodiscover.Constoso.com, type <b>.Contoso.com</b> (with the dot)</p> <p><a href="http://lh4.ggpht.com/_anKS3MH61EM/SlEwljSUkxI/AAAAAAAAAcs/RV0YwQz88mg/s1600-h/OWA3%5B2%5D.jpg"><img style="border-right-width: 0px; display: inline; border-top-width: 0px; border-bottom-width: 0px; border-left-width: 0px" title="clip_image005[1]" border="0" alt="clip_image005[1]" src="http://lh5.ggpht.com/_anKS3MH61EM/SlEwm9G0IxI/AAAAAAAAAcw/OY0RAfIVexg/clip_image005%5B1%5D%5B2%5D.jpg?imgmax=800" width="244" height="129" /></a></p> </td> </tr> <tr> <td valign="top"> <p>Completing the New Web Listener Wizard</p> </td> <td valign="top" width="161"> <p>Completing the New Web Listener Wizard</p> </td> <td valign="top" width="250"> <p>Review the selected settings and click <b>Back</b> to make changes or <b>Finish</b> to complete the wizard. </p> </td> </tr> </tbody></table> <p> </p> <p>9.  Now after creating web Listener we need to publish a rule for OWA, following are the steps for this process;</p> <ol> <li>In the console tree of ISA Server Management, click <b>Firewall Policy</b>: </li> <li>For ISA Server 2006 Enterprise Edition, expand <b>Microsoft Internet Security and Acceleration Server 2006</b>, expand <b>Arrays</b>, expand <b>Array_Name</b>, and then click <b>Firewall Policy</b>. </li> <li>On the <b>Tasks</b> tab, click <b>Exchange Web Client Access Publishing rule</b>.<a href="http://lh4.ggpht.com/_anKS3MH61EM/SlEwnzTzMzI/AAAAAAAAAc0/ghh4rNMm9mM/s1600-h/image%5B3%5D.png"><img style="border-right-width: 0px; display: inline; border-top-width: 0px; border-bottom-width: 0px; border-left-width: 0px" title="image" border="0" alt="image" src="http://lh3.ggpht.com/_anKS3MH61EM/SlEwpLe5kbI/AAAAAAAAAc4/JC0DoFpt5pk/image_thumb%5B1%5D.png?imgmax=800" width="339" height="163" /></a> </li> <li>Use the wizard to create the rule as outlined in the following tables. For a single Web server, use the table in <b>New Exchange Publishing Rule wizard for a single Web site</b>. If you are using a server farm, use the table in <b>New Exchange Publishing Rule wizard for a server farm</b>. <table border="1" cellspacing="0" cellpadding="0"><tbody> <tr> <td valign="top"> <p><b>Page</b></p> </td> <td valign="top"> <p><b>Field or property</b></p> </td> <td valign="top"> <p><b>Setting</b></p> </td> </tr> <tr> <td valign="top"> <p>Welcome</p> </td> <td valign="top"> <p>Exchange Publishing rule name</p> </td> <td valign="top"> <p>Type a name for the rule. For example Constoso OWA Publishing Rule</p> </td> </tr> <tr> <td valign="top"> <p>Select Services</p> </td> <td valign="top"> <p>Exchange version</p> <p>Web client mail services</p> </td> <td valign="top"> <p>Select <b>Exchange Server 2007</b>. </p> <p>Select the desired access method – begin with OWA, then Outlook Anywhere (<u>Select to publish additional folders</u>) and finally choose ActiveSync </p> <p><a href="http://lh4.ggpht.com/_anKS3MH61EM/SlEwqbzJJKI/AAAAAAAAAc8/YfIlUdNXJ0Y/s1600-h/clip_image002%5B9%5D%5B2%5D.jpg"><img style="border-right-width: 0px; display: inline; border-top-width: 0px; border-bottom-width: 0px; border-left-width: 0px" title="clip_image001[8]" border="0" alt="clip_image001[8]" src="http://lh3.ggpht.com/_anKS3MH61EM/SlEwrlCbMOI/AAAAAAAAAdA/5iBI7GkAXf4/clip_image001%5B8%5D%5B2%5D.jpg?imgmax=800" width="244" height="202" /></a></p> </td> </tr> <tr> <td valign="top"> <p>Publishing Type</p> </td> <td valign="top"> <p>Select if this rule will publish a single Web site or external load balancer, a Web server farm, or multiple Web sites</p> </td> <td valign="top"> <p>Select <b>Publish a single Web site or load balancer</b>. </p> <p><a href="http://lh4.ggpht.com/_anKS3MH61EM/SlEwsRBReKI/AAAAAAAAAdE/3075uQrHZGE/s1600-h/clip_image004%5B12%5D%5B2%5D.jpg"><img style="border-right-width: 0px; display: inline; border-top-width: 0px; border-bottom-width: 0px; border-left-width: 0px" title="clip_image002[11]" border="0" alt="clip_image002[11]" src="http://lh4.ggpht.com/_anKS3MH61EM/SlEwtlfUFTI/AAAAAAAAAdI/c_jcachvQ8Y/clip_image002%5B11%5D%5B2%5D.jpg?imgmax=800" width="244" height="137" /></a></p> </td> </tr> <tr> <td valign="top"> <p>Server Connection Security</p> </td> <td valign="top"> <p>Choose the type of connections ISA Server will establish with the published Web server or server farm</p> </td> <td valign="top"> <p>Select <b>Use SSL to connect to the published Web server or server farm</b>. </p> <p><a href="http://lh5.ggpht.com/_anKS3MH61EM/SlEwuQ7WoSI/AAAAAAAAAdM/xkvRY3MeA90/s1600-h/clip_image005%5B6%5D%5B2%5D.gif"><b><img style="border-right-width: 0px; display: inline; border-top-width: 0px; border-bottom-width: 0px; border-left-width: 0px" title="clip_image003[1]" border="0" alt="clip_image003[1]" src="http://lh5.ggpht.com/_anKS3MH61EM/SlEwvkLdLhI/AAAAAAAAAdQ/3B0iMFfuQAI/clip_image003%5B1%5D%5B2%5D.gif?imgmax=800" width="10" height="10" /></b></a><b>  Note</b></p> <p>A server certificate must be installed on the published Exchange Client Access server, and the root CA certificate of the CA that issued the server certificate on the Exchange Client Access server must be installed on the ISA Server computer.</p> </td> </tr> <tr> <td valign="top"> <p>Internal Publishing Details</p> </td> <td valign="top"> <p>Internal site name</p> </td> <td valign="top"> <p>Type <b>abc.contoso.com</b> or whatever you like </p> <p><a href="http://lh3.ggpht.com/_anKS3MH61EM/SlEwwQbUaMI/AAAAAAAAAdU/8h-NKdGlXHY/s1600-h/clip_image006%5B6%5D%5B2%5D.gif"><b><img style="border-right-width: 0px; display: inline; border-top-width: 0px; border-bottom-width: 0px; border-left-width: 0px" title="clip_image004" border="0" alt="clip_image004" src="http://lh4.ggpht.com/_anKS3MH61EM/SlEwxBkKl3I/AAAAAAAAAdY/F9iTi6qVVZg/clip_image004%5B3%5D.gif?imgmax=800" width="10" height="10" /></b></a><b>  Important</b></p> <p>The internal site name must match the name of the server certificate that is installed on the internal Exchange Client Access server. </p> </td> </tr> <tr> <td valign="top"> <p>Public Name Details</p> </td> <td valign="top"> <p>Accept requests for</p> <p>Public name</p> </td> <td valign="top"> <p><b>This domain name (type below)</b></p> <p>Type the domain name that you want ISA Server to accept the connection for. For example, type <b>abc.contoso.com</b>. This must match the FQDN of the certificate selected when creating the Web listener. </p> <p><a href="http://lh5.ggpht.com/_anKS3MH61EM/SlEwyBOHofI/AAAAAAAAAdc/AUoqCidG2Cs/s1600-h/clip_image007%5B3%5D%5B2%5D.jpg"><img style="border-right-width: 0px; display: inline; border-top-width: 0px; border-bottom-width: 0px; border-left-width: 0px" title="clip_image005[3]" border="0" alt="clip_image005[3]" src="http://lh5.ggpht.com/_anKS3MH61EM/SlEwzaH2VII/AAAAAAAAAdg/_bcl1OGW8ro/clip_image005%5B3%5D%5B2%5D.jpg?imgmax=800" width="244" height="103" /></a></p> </td> </tr> <tr> <td valign="top"> <p>Select Web Listener</p> </td> <td valign="top"> <p>Web listener</p> </td> <td valign="top"> <p>Select the Web listener you created previously, <b>Exchange Web Listener</b></p> </td> </tr> <tr> <td valign="top"> <p>Authentication Delegation</p> </td> <td valign="top"> <p>Select the method used by ISA Server to authenticate to the published Web server</p> </td> <td valign="top"> <p>For Outlook Web Access, select <b>Basic Authentication</b>. </p> <p>For Exchange ActiveSync, select <b>Basic Authentication</b></p> <p>For Outlook Anywhere, select<b> Basic Authentication</b></p> <p><a href="http://lh4.ggpht.com/_anKS3MH61EM/SlEw0RL9wfI/AAAAAAAAAdk/poka4lyFnMY/s1600-h/clip_image009%5B3%5D%5B2%5D.jpg"><img style="border-right-width: 0px; display: inline; border-top-width: 0px; border-bottom-width: 0px; border-left-width: 0px" title="clip_image006[6]" border="0" alt="clip_image006[6]" src="http://lh3.ggpht.com/_anKS3MH61EM/SlEw1enEH2I/AAAAAAAAAdo/1gBTO6Qxgrw/clip_image006%5B6%5D%5B2%5D.jpg?imgmax=800" width="244" height="99" /></a></p> </td> </tr> <tr> <td valign="top"> <p>User Sets</p> </td> <td valign="top"> <p>This rule applies to requests from the following user sets</p> </td> <td valign="top"> <p>Select the user set approved to access this rule. Replace the default <b>All Authenticated user</b>s with <b>All Users</b></p> <p><a href="http://lh4.ggpht.com/_anKS3MH61EM/SlEw2VqJuKI/AAAAAAAAAds/YCHDImIAhZQ/s1600-h/clip_image011%5B4%5D%5B2%5D.jpg"><img style="border-right-width: 0px; display: inline; border-top-width: 0px; border-bottom-width: 0px; border-left-width: 0px" title="clip_image007[5]" border="0" alt="clip_image007[5]" src="http://lh5.ggpht.com/_anKS3MH61EM/SlEw3RM-8aI/AAAAAAAAAdw/joUzIkIf1LU/clip_image007%5B5%5D%5B2%5D.jpg?imgmax=800" width="244" height="106" /></a></p> <p>Pass the warning </p> <p><a href="http://lh4.ggpht.com/_anKS3MH61EM/SlEw4ftdN0I/AAAAAAAAAd0/uztXV2bIWb8/s1600-h/clip_image013%5B4%5D%5B2%5D.jpg"><img style="border-right-width: 0px; display: inline; border-top-width: 0px; border-bottom-width: 0px; border-left-width: 0px" title="clip_image008[4]" border="0" alt="clip_image008[4]" src="http://lh6.ggpht.com/_anKS3MH61EM/SlEw5vea3jI/AAAAAAAAAd4/DEi7lBcV25U/clip_image008%5B4%5D%5B2%5D.jpg?imgmax=800" width="244" height="69" /></a></p> </td> </tr> <tr> <td valign="top"> <p>Completing the New Exchange Publishing Rule Wizard</p> </td> <td valign="top"> <p>Completing the New Exchange Publishing Wizard. </p> </td> <td valign="top"> <p>Review the selected settings, click <b>Back</b> to make changes or <b>Finish</b> to complete the wizard.</p> </td> </tr> </tbody></table> <p>Note: When publishing Outlook Web Access, after you click Finish, review the Remaining Exchange Publishing Tasks dialog box, and then click OK.</p> </li> <li>In the path tab (properties of the OWA rule), add the path “/” in order to be able to access OWA without typing /owa at the end of the url </li> </ol> <p> </p> <ol> <p></p> </ol> Khurram Ullah Khanhttp://www.blogger.com/profile/01586006283272265927noreply@blogger.com2tag:blogger.com,1999:blog-616883376869692762.post-85706102036929138582009-07-04T03:33:00.001+03:002009-07-04T03:33:38.666+03:00Microsoft Antigen for Exchange<p>If you wan to try Microsoft Antigen for Exchange before purchasing it then here is your link</p> <p><a title="http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=866b63bf-6207-4197-9c5d-511b7212e40c" href="http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=866b63bf-6207-4197-9c5d-511b7212e40c">http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=866b63bf-6207-4197-9c5d-511b7212e40c</a></p> <p>You can download this trial version and test it for free.</p> Khurram Ullah Khanhttp://www.blogger.com/profile/01586006283272265927noreply@blogger.com2tag:blogger.com,1999:blog-616883376869692762.post-65689052127778493232009-07-04T03:20:00.001+03:002009-07-04T03:20:13.644+03:00TechNet for Exchange 2010<p>If you have installed exchange 2010 and wants help on some features or stuck in some issue and wants to fix it, then don't worry there is a separate TechNet website dedicated for this purpose and contains plethora of information on exchange 2010, check it out</p> <p><a title="http://technet.microsoft.com/en-us/exchange/2010/default.aspx" href="http://technet.microsoft.com/en-us/exchange/2010/default.aspx">http://technet.microsoft.com/en-us/exchange/2010/default.aspx</a></p> Khurram Ullah Khanhttp://www.blogger.com/profile/01586006283272265927noreply@blogger.com0tag:blogger.com,1999:blog-616883376869692762.post-52816030941128539842009-07-04T03:14:00.001+03:002009-07-04T03:14:13.799+03:00Exchange 2010 Beta for Download<p>Wants to try Exchange 2010 ? why wait, now Microsoft has published exchange 2010 beta on their website for downloading and using for 360 days, Following is the link;</p> <p><a title="http://technet.microsoft.com/en-us/evalcenter/dd185495.aspx" href="http://technet.microsoft.com/en-us/evalcenter/dd185495.aspx">http://technet.microsoft.com/en-us/evalcenter/dd185495.aspx</a></p> <p>Note: Exchange 2010 Beta can only run on 64 bit machines.</p> Khurram Ullah Khanhttp://www.blogger.com/profile/01586006283272265927noreply@blogger.com0tag:blogger.com,1999:blog-616883376869692762.post-57221801646293949952009-07-04T03:04:00.001+03:002009-07-04T03:04:40.080+03:00Exchange 2010 Virtual Lab<p>Good news for all of those who wants to see and experience what is exchange 2010 look like. Below is the link of one of the virtual labs in exchange 2010 series</p> <p><strong>Exchange Server 2010 (Beta) Setup and Deployment Virtual Lab</strong></p> <p><a title="http://msevents.microsoft.com/CUI/WebCastEventDetails.aspx?EventID=1032419057&EventCategory=3&culture=en-US&CountryCode=US" href="http://msevents.microsoft.com/CUI/WebCastEventDetails.aspx?EventID=1032419057&EventCategory=3&culture=en-US&CountryCode=US">http://msevents.microsoft.com/CUI/WebCastEventDetails.aspx?EventID=1032419057&EventCategory=3&culture=en-US&CountryCode=US</a></p> Khurram Ullah Khanhttp://www.blogger.com/profile/01586006283272265927noreply@blogger.com0tag:blogger.com,1999:blog-616883376869692762.post-39335083755526119222009-07-01T01:53:00.001+03:002009-07-01T02:21:04.904+03:00Importing Certificates to Exchange 2007 servers<p>In my previous blogs (<a title="http://khurramullah.wordpress.com/2009/07/01/command-for-generating-csr-for-exchange-servers/" href="http://khurramullah.wordpress.com/2009/07/01/command-for-generating-csr-for-exchange-servers/">http://khurramullah.wordpress.com/2009/07/01/command-for-generating-csr-for-exchange-servers/</a> and <a title="http://khurramullah.wordpress.com/2009/07/01/exchange-2007-certificate-request-generator/" href="http://khurramullah.wordpress.com/2009/07/01/exchange-2007-certificate-request-generator/">http://khurramullah.wordpress.com/2009/07/01/exchange-2007-certificate-request-generator/</a>) i have discussed how we can generate CSR for different exchange roles. Here i will discuss how we can import certificates to different exchange roles. Following is the command for importing certificates;</p> <p>Import-ExchangeCertificate -Path “c:\path\generated SAN certif_name.cer” –friendlyname “<Certificate Friendly Name>”</p> <p>After running this command successfully you should be seeing the thumbprint of the new certificate. Copy the full thumbprint value because you will required this in the next commands.</p> <p>Now you have to enable your certificate for specific services for example for SMTP and Web services. </p> <p>For enabling CAS server certificates run this command:</p> <p>Get-exchangecertificate <Thumbprint>| enable-exchangecertificate -services "IIS”</p> <p> </p> <p>For enabling Edge server certificates run this command</p> <p>Get-exchangecertificate <Thumbprint>| enable-exchangecertificate -services "SMTP”</p> <p>After running above command run Get-exchangecertificate again for verifying if services are enabled or not.</p> <p>You can also combine the above 2 commands like this;</p> <p>Import-ExchangeCertificate -Path “c:\path\generated SAN certif_name.cer” –friendlyname “<Certificate Friendly Name>” | enable-exchangecertificate -services "IIS”</p> <p>Following are the possible values for services parameter;</p> <ul> <li><code>IMAP</code> </li> <li><code>POP</code> </li> <li><code>UM</code> </li> <li><code>IIS</code> </li> <li><code>SMTP</code> </li> <li><code>None</code> </li> </ul> <p>Do not import exchange certificate by normal certificate importing methods (import from certificate MMC Snap in) otherwise certificate will not going to work. Also make sure you have Trusted root CA and Intermediate CA certificates installed in their relevant stores otherwise certificate will have issues.</p> <p>In case you want to import or apply the same certificate to another Edge or CAS server then you need to perform following addition steps;</p> <p>1. Open Certificate MMC Snap in on the server for local computer.</p> <p>2. Go to personal container and locate the certificate which you had just imported.</p> <p>3. Export this certificate with private key.</p> <p>5. Copy this certificate on the server where you want to configure this certificate.</p> <p>6. Run following command on the second server which you want to configure from the same certificate;</p> <p>Import-ExchangeCertificate -Path c:\path\<certificate file>.pfx –Password:(Get-Credential).password</p> <p>The Get-Credential cmdlet in the above command pops up a standard username\password dialog box. This is little bit confusing because we don't need a username to get to the keys, just put whatever you want for the username, but put the password that you used when you ran the Export certificate wizard the Certificate Manager snap-in in MMC. </p> <p>7. Run command Get-ExchangeCertificate to get the thumbprint of this certificate.</p> <p>8. Run command EnableCertificate –thumbprint <copy the thumbprint> -services “IIS”</p> <p>9. After running above command run Get-exchangecertificate again for verifying if services are enabled or not.</p> Khurram Ullah Khanhttp://www.blogger.com/profile/01586006283272265927noreply@blogger.com0