Changing a UCC/SAN Certificate and Re-Issuing from GoDaddy

Scenario

When initially setting up the Unified Communications Certificate (UCC) certificate for Exchange, autodiscover.domain.com was not added as a Subject Alternative Name (SAN).

You need to enable autodiscover in Exchange 2010 for external devices (iOS, laptop Outlook etc.) without a security warning.

Solution

The certificate needs to be updated with autodiscover.domain.com as a SAN.

These instructions pertain to a GoDaddy certificate – other providers will likely be different.

An A record had already been created in the domain’s DNS zone pointing autodiscover.domain.com to the public IP address of the router.

As it turns out, GoDaddy offer the opportunity to drop and replace SANs from their UCC certificates at will – with domain ownership validation required if any are added, of course.

Here are the steps:

[Read more…]

Issuing a certificate to Exchange 2010 using an Internal Certificate Authority (CA)

Scenario

You’ve installed Active Directory Certificate Services and need to issue a certificate to Exchange 2010.

[Read more…]

Migrate from Exchange 2007 to Exchange 2010

Scenario

You’ve just installed Exchange 2010 and now you want to migrate from Exchange 2007 to Exchange 2010.

Here’s the steps I took.

[Read more…]

Move the Database Path in Exchange 2010

Scenario

You have installed Exchange 2010 but have realised that you need more space for the database files.

You need to move these database files to another drive.

[Read more…]

Installing Exchange 2010

Scenario

You want to install Exchange 2010 on a Win2008 R2 server.

Here’s how:

[Read more…]

BlackBerry Users cannot send or receive emails after Exchange reboot

Scenario

You have restarted your Exchange server after applying some updates, and now your BlackBerry users are complaining that emails are not coming through. Even though emails they send from their BlackBerrys seem to send fine, the recipients are not receiving them either.

Solution

Restart the BlackBerry Enterprise Services (BES) server or individual services.

What happens after rebooting an Exchange server is that BES loses the MAPI connections, and cannot reconnect when the Exchange server comes back online.

Read more here to automate this process: http://blog.mohsinabbas.com/2011/02/16/bes-services-to-restart-automatically-after-exchange-reboot/

How to find out the Service Pack and Update Rollup versions in Exchange 2007 2010

To find out the version and build number of Exchange 2007/2010, you can do one of the following:

  1. Run the Get-ExchangeServer | fl name,edition,admindisplayversion cmdlet in the Exchange Management Shell (EMS):
  2. Navigate to Server Configuration in the Exchange Management Console (EMC):

This will give you the major version and service pack version numbers – in my case it major version 8 (aka Exchange 2007) and Service Pack 3.

To find out the Update Rollup version, navigate to Control Panel > Programs > View Installed updates on your Exchange Server:

Exchange 2007 Error: Microsoft.Exchange.Data.Storage.StoragePermanentException

I got the following error whilst trying to log into a user’s mailbox via Outlook Web Access:

Request
 Url: https://mail.domain.local:443/owa/lang.owa
 User host address: 123.123.123.123
Exception
 Exception type: Microsoft.Exchange.Data.Storage.StoragePermanentException
 Exception message: There was a problem accessing Active Directory.
Call stack
Microsoft.Exchange.Data.Storage.ExchangePrincipal.Save()
 Microsoft.Exchange.Clients.Owa.Core.RequestDispatcher.DispatchLanguagePostLocally(OwaContext owaContext, OwaIdentity logonIdentity, CultureInfo culture, String timeZoneKeyName, Boolean isOptimized)
 Microsoft.Exchange.Clients.Owa.Core.RequestDispatcher.DispatchLanguagePostRequest(OwaContext owaContext)
 Microsoft.Exchange.Clients.Owa.Core.RequestDispatcher.PrepareRequestWithoutSession(OwaContext owaContext, UserContextCookie userContextCookie)
 Microsoft.Exchange.Clients.Owa.Core.RequestDispatcher.InternalDispatchRequest(OwaContext owaContext)
 Microsoft.Exchange.Clients.Owa.Core.RequestDispatcher.DispatchRequest(OwaContext owaContext)
 System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
 System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
Inner Exception
 Exception type: Microsoft.Exchange.Data.Directory.InvalidADObjectOperationException
 Exception message: Property Languages cannot be set on this object because it requires the object to have version 0.1 (8.0.535.0) or later. Current version of the object is 0.0 (6.5.6500.0).
Call stack
Microsoft.Exchange.Data.Directory.PropertyBag.set_Item(PropertyDefinition key, Object value)
 Microsoft.Exchange.Data.Directory.ADObject.set_Item(PropertyDefinition propertyDefinition, Object value)
 Microsoft.Exchange.Data.Directory.ADObject.StampCachedCaculatedProperties(Boolean retireCachedValue)
 Microsoft.Exchange.Data.Directory.ADObject.ValidateWrite(List`1 errors)
 Microsoft.Exchange.Data.Directory.Recipient.ADRecipient.ValidateWrite(List`1 errors)
 Microsoft.Exchange.Data.Directory.Recipient.ADUser.ValidateWrite(List`1 errors)
 Microsoft.Exchange.Data.Directory.ADSession.Save(ADObject instanceToSave, IEnumerable`1 properties)
 Microsoft.Exchange.Data.Storage.ExchangePrincipal.Save()

Turns out a mailbox attribute version was wrong:

Exchange Server 2007 and Exchange Server 2010 both use the msExchVersion attribute to determine the version of Exchange Server with which user objects are associated. If the version value is less than 0.1, Exchange Server 2007 or Exchange Server 2010 considers the user object as Read-only.

Find out the attribute version by running:
Get-Mailbox [username] | format-list ExchangeVersion

And fix by running:
Set-Mailbox [username] -ApplyMandatoryProperties

Find out more here: http://support.microsoft.com/kb/941146

Disable POP and IMAP for all users in Exchange 2007 2010

Although the POP and IMAP services are disabled by default in Exchange 2007, every mailbox will have the features enabled. This means everyone will be able to use POP and IMAP if you enable the services. What if you only want a few users to use them?

Use this PowerShell cmdlet to disable POP and IMAP for all users in Exchange 2007/2010:

Get-CASMailbox | Set-CASMailbox -PopEnabled $false -ImapEnabled $false

You can then enable the POP and IMAP features for specific users via the GUI or by using this cmdlet:

Set-CASMailbox -Identity adam.rush -PopEnabled $true -ImapEnabled $true