As an Exchange Admin, you might be looking after 1 server or several hundred.
Sometime after a reboot you might notice that some of the services don’t start. It is a daunting task to go manually start them all 1 at a time.
A simple way is to run the following command from an elevated PowerShell Window:
Some services like the Transport and Unified Messaging Services take a bit longer to start but the window will echo the starting of all services.
To find out your user and group base DN, you can run a query from any member server on your Windows domain.
To find the User Base DN:
– Open a Windows command prompt.
– Type the command: dsquery user -name <known username>
(Example: If I were searching for all users named John, I could enter the username as John* to get a list of all users who’s name is John)
– The result will look like: “CN=John.Smith,CN=Users,DC=MyDomain,DC=com”
– In Blue Coat Reporter’s LDAP/Directory settings, when asked for a User Base DN, you would enter: CN=Users,DC=MyDomain,DC=com
To find the Group Base DN:
– Open a Windows command prompt
– Type the command: dsquery group -name <known group name>.
(Example: If I were searching for a group called Users, I could enter the group name as Users* to get a list of all groups who’s name contains “Users”)
– The result will look like: “CN=Users,CN=Builtin,DC=MyDomain,DC=com”
– In Blue Coat Reporter’s LDAP/Directory settings, when asked for a User Base DN, you would enter: CN=Users,CN=Builtin,DC=MyDomain,DC=com.
Go to the webpage of the exchange management page (https://exchangeserver/ecp)
Go to the Mail flow > Receive Connectors > + for add a new connector.
Enter a name for the connector. If you want to relay outside your organization than you need to select Frontend Transport role instead of the Hub Transport role.
Leave the setting below unchanged.
Remove the IP address which are shown in the picture below.
You get an error that the field is required. (click on the + to add a new range)
Enter a single IP address or a local LAN address which is allowed to email via the exchange server.
The remote network settings will show the list like below.
When clicked on finished. You have to edit the relay connector and go to security tab.
Select the option “Anonymous users”.
Click on Save..
Now you have to open a powershell CLI of exchange on the exchange server ( with administrative rights ).
Get-ReceiveConnector “Receive Connector Name” | Add-ADPermission -User “NT AUTHORITY\ANONYMOUS LOGON” -ExtendedRights “Ms-Exch-SMTP-Accept-Any-Recipient”
You have to remove the current move request and resubmit:
Remove-MoveRequest -Identity userID
New-MoveRequest -Identity “userID” -TargetDatabase “Mailbox Database 0422167200” -BatchName “userID” -BadItemLimit “200”
1. Open Command prompt as Administrator
2. Launch Diskshadow
A.Add volume d:
B.(optional, add one line for each additional drive to include) Add volume X:
C.Begin Backup
D.Create
E.End Backup
3. At this step you should notice the following events in the application log indicating that the backup was indeed successful and logs will now be deleted.
Here’s some screenshots from the process:
Command prompt
Event Log
http://www.gfi.com/blog/101-free-admin-tools/
To enable SSL redirection to the OWA virtual directory, follow these steps:
The Exchange 2007 self signs a certificate when the server role is first added for all the Exchange services that run in unison with IIS (smtp & owa etc). The certificate expires after one year from the date the server was first installed or the date the certificate was assigned manually.
First, check the status of the certificate by opening the Exchange Management Shell and executing the command ‘Get-ExchangeCertificate |FL’ – this displays all information about the currently assigned certificates and the status of each certificate.
It is common that they may be more than one certificate listed in the display – if that is the case, find the certificate that shows an expired date in the field ‘NotAfter‘ – as this defines when each certificate becomes invalid/expired. An expired certificate may cause problems such as connectivity to web services, SMTP transport and Outlook prompting certificate security warnings.
Use the following steps to generate a new certificate and enable it to run IIS services:
1. Type ‘Get-ExchangeCertificate |FL’ – This only lists details of certificates that are assigned to Exchange Services. Then note down the Thumbprint of the expired certificate.
2. Then type ‘Get-ExchangeCertificate –Thumbprint “9E6DD4B4EA2865CA9E6C34B42329A9AC994EBF63” | New-ExchangeCertificate’ . This generates a new certificate, and you will then be prompted to confirm if you want to overwrite the expired certificate and use the new one for the SMTP service.
3. If you run the cmdlet in step 1 you will notice the new certificate is not used to secure IIS services anymore. Make a note of the new thumbprint and run the following command typing the new thumbprint between the quotation marks: ‘Enable-ExchangeCertificate – Thumbprint “7A843B04EA2865CA9E6C34B42329AEE4456F9013” –Services IIS’
4. Be sure to verify all the services are working correctly after renewing and enabling the certificate – test Outlook clients by closing and opening Outlook to esnure there are no security certificate warnings.
6. Finally, Remove the old certificate by typing the following cmdlet into the management shell: Remove-ExchangeCertificate –Thumbprint “9E6DD4B4EA2865CA9E6C34B42329A9AC994EBF63″.
If you experience issues in Internet Explorer 10 logging in and accessing emails with Outlook Web Access try the following:
Run Outlook Web Access in Internet Explorer compatibility view and see if it helps.
