Tuesday, April 23, 2013

Internal Names will no longer be Trusted within the Certificates after November 1, 2015

If you are using internal non routable FQDN names such as Server1.smtp25.local, server2.smto25.local, etc.  with in your certificate they are set to be “ not trusted” after November 1 2015.  It means you have to abandon them from your certificate. If you have these none routable internal FQDN;s within your current certificate you may wish to look into how to get them out before November1, 2015.

See more

Subject Alternative Name
DNS Name=email.Smtp25.org
DNS Name=Server1.Smtp25.local ---------> Set to be expired
DNS Name=Server2.Smtp25.local---------> Set to be expired

image

 

After November1, 2015 Certificates for Internal Names Will No Longer Be Trusted

In November 2011, the CA/Browser Forum (CA/B) adopted Baseline Requirements for the Issuance and Management of Publicly-Trusted Certificates that took effect on July 1, 2012. These requirements state:

“As of the Effective Date of these Requirements, prior to the issuance of a Certificate with a Subject Alternative Name (SAN) extension or Subject Common Name field containing a Reserved IP Address or Internal Server Name, the CA shall notify the Applicant that the use of such Certificates has been deprecated by the CA / Browser Forum and that the practice will be eliminated by October 2016. Also as of the Effective Date, the CA shall not issue a certificate with an Expiry Date later than 1 November 2015 with a SAN or Subject Common Name field containing a Reserved IP Address or Internal Server Name. As from 1 October 2016, CAs shall revoke all unexpired Certificates.”

https://www.cabforum.org/

Respectfully,
Oz Casey, Dedeal ( MVP north America)
MCITP (EMA), MCITP (SA)
MCSE 2003, M+, S+, MCDST
Security+, Project +, Server +
http://smtp25.blogspot.com/ (Blog)
http://telnet25.wordpress.com/ (Blog)

Tuesday, April 16, 2013

Unable to uninstall E13 or remove database with Exchange 2013‎, This mailbox database contains one or more mailboxes …

If you are unable to remove such database or in the process of trying to remove the Exchange 2013 server and receiving fallowing errors take a quick look how to deal with “Arbitration mailboxes?

See the steps listed below.

Remove-MailboxDatabase : This mailbox database contains one or more mailboxes, mailbox plans, archive mailboxes, public folder

mailboxes or arbitration mailboxes. To get a list of all mailboxes in this database, run the command Get-Mailbox -Database <Database

ID>. To get a list of all mailbox plans in this database, run the command Get-MailboxPlan.

image

image

to see  the Arbitration mailboxes ,

Get-Mailbox -Arbitration

image

Get-MailboxDatabase

image

Get-Mailbox -Arbitration |ft Name, Servername

image

Copy and paste the name of the A_MB into fallowing PS and confirm the deletion until you get rid of all

Disable-Mailbox “SystemMailbox{bb558c35-97f1-4cb9-8ff7-d53741dc928c}” -Arbitration -DisableLastArbitrationMailboxAllowed

image

image

image

image

Finally,

Get-MailboxDatabase | Remove-MailboxDatabase

image

Remove an Arbitration Mailbox

http://technet.microsoft.com/en-us/library/dd298110(v=exchg.150).aspx

Respectfully,
Oz Casey, Dedeal ( MVP north America)
MCITP (EMA), MCITP (SA)
MCSE 2003, M+, S+, MCDST
Security+, Project +, Server +
http://smtp25.blogspot.com/ (Blog)
http://telnet25.wordpress.com/ (Blog)

Thursday, April 11, 2013

Install CU1 Exchange 2013

Here is the link and list of stuff you need to know before kicking off CU1 on Exchange 2013 servers. Nothing is major at first look,  the order to install updates has changed, since the business logic moved into MBX role this time we start from MBX role and go to CAS server,  if CAS is sitting on separate server in your environment.

I think most of deployments in E13 will be all in one and separation will less or not make much sense when rolling the dices.

  • Upgrade your Exchange 2013 server roles in the required order. First, upgrade Mailbox servers and then upgrade Client Access servers.
  • After you install a cumulative update, you must restart the computer so that changes can be made to the registry and operating system.

http://technet.microsoft.com/en-us/library/jj983803(v=exchg.150).aspx

Open CMD with administrator privileges on the E13 MBX server

clip_image001[4]

run the fallowing command from CU1 binaries directory, the install will take time.

E:\Cu1>setup.exe /M:upgrade /IAcceptExchangeServerLicenseTerms

clip_image001[6]

clip_image002[4]

clip_image003[4]

clip_image004[4]

clip_image005[4]

image

image

CU1

http://technet.microsoft.com/en-us/library/jj983803(v=exchg.150).aspx

Respectfully,
Oz Casey, Dedeal ( MVP north America)
MCITP (EMA), MCITP (SA)
MCSE 2003, M+, S+, MCDST
Security+, Project +, Server +
http://smtp25.blogspot.com/ (Blog)
http://telnet25.wordpress.com/ (Blog)

Monday, April 1, 2013

Connecting Remote PowerShell Office 365

 

If you are managing Office 365 Exchange hosted mail systems and wish to connect to PS from your PC here are simple steps to get the work done. The remote PowerShell will provide you real easy way to manage your SMTP organization.

In this Example:

Office 365 SMTP domain we will connect too is @messagetalk.onmicrosoft.com and I am going to use my User name which has administrator privileges, odedeal@l@messagetalk.onmicrosoft.com

From administrator PS

  • Open PS with Administrator privileges
$LiveCred = Get-Credential

image

  • Run fallowing command ( don’t make any changes ) copy and paste into PS window.

$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell/ -Credential $LiveCred -Authentication Basic -AllowRedirection

image

  • Next run this PS
Import-PSSession $Session
image

image

Now we are connected we can see our mailboxes etc.

image

If we look from GUI we have same users , we can use GUI to manage these users now as well as PS from our management PC

image

Once we are done we can close the PS session with fallowing PS command

Remove-PSSession $Session

image

 

Respectfully,
Oz Casey, Dedeal ( MVP north America)
MCITP (EMA), MCITP (SA)
MCSE 2003, M+, S+, MCDST
Security+, Project +, Server +
http://smtp25.blogspot.com/ (Blog)
http://telnet25.wordpress.com/ (Blog)