Important Notice For All Office 365 Hybrid Environments

Just saw this important blog issue from Microsoft.

On April the 15th Microsoft is renewing the TLS Certificate used by Office 365.

This means that hybrid mail flow may be broken for users who do not take appropriate action.

This fix is quite simple. All on-prem servers used for hybrid  need to be updated to Exchange 2013 CU9 or later and the Exchange hybrid wizard needs to be run again.

You can find the latest version of the hybrid wizard over here

You can find the full Microsoft blog regarding this issue over here

Exchange 2010 can be installed on WIndows 8.1 – REALLY

OK, so this just happened to me and this post is not to be intended as a guide or even a recommendation!

A customer called me with a serious issue that mails were not being sent to people outside of his organisation. upon connecting to his EMC I received a message that one server was running in trial mode with 119 days left. So that means that it had just been installed the previous day. It turned out that the so-called trial server was actually a helpdesk PC running windows 8.1. The tech (who was also a domain admin – wich he of course shouldn’t have been) wanted to install the Exchange management console.

Now Exchange should not even install on windows 8 but in this case (guessing 8.1) exchange did not recognise that this was a workstation OS and offered the option of installing all components. The tech who was not familiar just clicked next and installed a full blow all in one copy of exchange 2010 on his PC. This ofcourse led to mail flow issues. Uninstalling the exchange fixed everything but I couldn’t believe my eyes when I saw exchange 2010 installed on  windows 8.1.

So my advice to you is
1. Beware
2. Don’t give a helpdesk tech domain admin privileges.

Exchange 2013 CU6 and Exchange 2010 SP3 update rollup 7 released

Exchange 2013 CU6 has been released for download.

The main new feature is improved Public Folder scalability. You can read about the new PF improvments over here

The following issues have also been addressed:

 

Also released was update rollup 7 for Exchange 2010 Sp3

Exchange 2013 CU3 Released

Microsoft Just released CU3 for Exchange 2013. The next update should be SP1 and this will be equivalent to CU4.

CU3 includes the following enhanchments:

  • Usability improvements when adding members to new and existing groups in the Exchange Administration Console
  • Online RMS available for use by non-cloud based Exchange deployments
  • Improved admin audit log experience
  • Windows 8.1/IE11 no longer require the use of OWA Light

As always the CU is a full installation and can also be used to perform a fresh install of Exchange server.
You can grab the download from here

Please note, CU3 does not add support for windows 2012R2, that will come with SP1.

Exchange 2013 SP1 Announed For Early 2014

The Exchange Team Blog just announced that SP1 for Exchange 2013 will be released early 2014.
The release will add:

  • Windows Server 2012 R2 Support First answering one the most common questions since the release of Windows Server 2012 R2. SP1 will add Windows Server 2012 R2 as a supported operating system for Exchange Server 2013 with SP1. Let your planning begin.
  • S/MIME support for OWA Support for S/MIME in OWA will be brought back in SP1. With SP1 customers will have S/MIME support across  Outlook, Exchange ActiveSync clients, and OWA.
  • Edge Transport Server Role The Edge Transport server role for Exchange Server 2013 will be available with SP1.
  • Fixes and Improvements Of course, SP1 will include fixes and improvements in areas you’ve helped us identity. SP1 is the first service pack issued in the new Exchange Server cumulative update release model – thus SP1 is essentially CU4. The installation of SP1 will follow the same process as the prior Exchange 2013 CU releases. SP1 will include all fixes included in previously released cumulative updates for Exchange 2013.

It does however seem that CU3 will be launched before SP1. However SP1 will be the first version to support Windows 2012R2.

How to Configure Static RPC Ports Exchange 2010

I recently had a customer decide to place a firewall between his servers and users. After installing the Firewall he noticed that hundreds of different ports were being used to for communications between his users and Exchange server. He asked me why this was and I explained to him that Exchange communication is performed using dynamic RPC ports. Now to harden his firewall he wanted to narrow this down to a single (or a handful) of ports. So this is what you have to do to configure Static RPC ports on your Exchange 2010 Server.

By default the RPC Client Access service on an Exchange 2010 Client Access server uses the TCP End Point Mapper port (TCP/135) and the dynamic RPC port range (6005-59530) for outgoing connections, every time an Outlook clients establish a connection to Exchange.

1. To set a static port for the RPC Client Access service on an Exchange 2010 Client Access server, you need to open the registry on the respective server and navigate to:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\MSExchangeRPC

Here, you need to create a new key named ParametersSystem, and under this key create a REG_DWORD named TCP/IP Port. The Value for the DWORD should be the port number you want to use.

Once you’ve configured the port, you need to restart the Microsoft Exchange RPC Client Access service.

2. By default the Exchange Address Book service on an Exchange 2010 Client Access server uses the TCP End Point Mapper (TCP/135) and the dynamic RPC port range (6005-59530) for outgoing connections, every time an Outlook client establishes a connection to Exchange.

To set a static RPC port for the Exchange Address Book Service, create a new REG_SZ registry key named “RpcTcpPort” under:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\MSExchangeAB\Parameters

Once you’ve configured the port, you need to restart the Microsoft Exchange Address Book service.

3. By default public folder connections uses the TCP End Point Mapper (TCP/135) and the dynamic RPC port range (49152-65535) for outgoing connections, every time an Outlook client establish a connection to Exchange.

To set a static port for public folder connections, follow the same steps as those required for configuring static ports for the RPC CA service. Just bear in mind you need to perform them on the Exchange 2010 servers that stores public folder databases. This is because public folder connections from an Outlook client occur against the RPC Client Access service on the Mailbox server role.

Once you’ve configured the port, it’s required to restart the Microsoft Exchange RPC Client Access service on the Mailbox server.

4. In order to verify that the static ports configured are used, the netstat.exe tool can be used:

Netstat -an -p tcp

Hope this helps you, If your ever in the same situation.

Windows XP Prompting for credentials on Exchange 2013

OK, so you’ve just installed Exchange 2013. Everything is working fine untill you find that windows XP clients with both outlook 2007 & 2010 are prompting you for passwords.

Both versions of outlook are fully supported as is windows XP & windows 7 clients are working fine so what gives?

The answer as it turns out is quite simple. The Exchange Certificate common name must match the exchange server name. Even if the Exchange server name is listed in the SAN (subject alternative names) windows XP will prompt for credentials. SO you can either make sure that when you create the SAN certificate that the Exchange name is the common name or run the following command:
Set-OutlookProvider EXPR -CertPrincipalName:”msstd:mail.company.com”
After running the command issue “iisreset”.
Hope this helps anyone with the same issue.

Take note here: If you have windows xp clients that are connecting both internally and externally using Outlook anywhere your going to have to set up split DNS and use the same namespace for both internal & external clients or set up a Proxy (Microsoft TMG or UAG) and issue seperate certificates with seperate common names.