Archive for the ‘CAS’ Category

JAMIE MCKILLOP

UPDATE: Version 2.1 is available. For details, click here.

The Exchange tracking logs provide a wealth of information about mail flow through your organization. Unfortunately, the tools that ship with Exchange aren’t very good at leveraging this information in a useful way. You can use the message tracking tool that ships with EMC to search for specific logs but beyond viewing the raw log data, there isn’t much information available. Fortunately, Microsoft has provided us with powershell and powershell can be used in all sorts of interesting ways to gather, aggregate and present data in useful summaries and reports.

One of the great things about powershell and the IT community is that there are plenty of people who have built powershell scripts to solve problems, automate or streamline tasks, and gather and present data. Most people are more than happy to share their scripts with anyone who would like…

View original post 1,095 more words

The following content originates from COMODO support forum.

In all cases, a domain name, whether intended for internal or external use, containing a gTLD or ccTLD listed on IANA which is unregistered, or otherwise not controlled by the applicant will be rejected. This includes, but is not limited to the use of .INT as an internal domain name.

The following are acceptable for internal use SSL certificates.

1) The following IP blocks are defined as private and non-routable over the internet, thus OK to be issued for internal use:
10.0.0.0 – 10.255.255.255
172.16.0.0 – 172.31.255.255
192.168.0.0 – 192.168.255.255
See: RFC1918

2) Any single server name containing no dots. For example:
server1
mymailserver
printspool

3) The following internal use TLD’s referenced in RFC2606 , and comments to the same:
.test
.example
.invalid
.localhost
.local
.lan
.priv
.localdomain

Any other unreserved TLD domain names included on a certificate request will be reviewed on a case by case basis, but in all likelihood will be rejected.

Please Note:
(a) As of July 1, 2012 (Effective Date), the use of Certificates containing Reserved IP Address or Internal Server Name has been deprecated by the CA / Browser Forum and the practice will be eliminated by October 2016. Also as of the Effective Date, Comodo WILL NOT issue a certificate with an Expiry Date later than 1 November 2015 with a subjectAlternativeName (SAN) extension or Subject commonName (CN) field containing a Reserved IP Address or Internal Server Name. Effective 1 October 2016, Comodo WILL REVOKE all unexpired Certificates whose subjectAlternativeName extension or Subject commonName field contains a Reserved IP Address or Internal Server Name.

(b) If you are using an internal top level domain (TLD) which is not currently a valid TLD), such as those above, or others which we may allow at our discretion for your internal use in this certificate request, please be advised that should such TLD become recognized by IANA/ICANN as a valid TLD this certificate will be revoked without further notice. Prior to the certificate being reinstated you will need to demonstrate domain ownership/control.

Today I was confronted with a new issue by a customer.
He wants that expired passwords can be changed from OWA.

To do this, you need to add a registry value to each CAS server

  • Run regedit.exe
  • Open the Key
    HKLM\SYSTEM\CurrentControlSet\Services\MSExchange OWA
  • Right click the MSExchange OWA key and click New > DWord (32-bit)
  • The DWORD value name is ChangeExpiredPasswordEnabled and set the value to 1
  • Do a IISRESET on the CAS servers

More detailed in this EHLO Blog article.

Cheers,

Chris

This script generates a HTML report of all ActiveSync devices ordered by username.

Get-ActiveSyncDevicesHTML

Cheers,

Chris

In the past I’ve often seen misconfigured NTFS rights cause OAB download fails in Outlook 2007 and 2010.

In a standard installation of Exchange 2010 the OAB’s physical directory points to:

C:\Program Files\Microsoft\Exchange Server\V14\ClientAccess\OAB\GUID-XXXXX-YYYYYY-ZZZZZ

You’ve to controll if the “Authenticated Users” group has permissions to read on your OAB directory (-> right click  GUID-XXXXX-YYYYYY-ZZZZZ -> security) and if this right is inherited.

Cheers,

Chris

ActiveSync device management through the Exchange Management Console is limited and slow. To quickly get the device access state and set access parameters simple use some PowerShell commands.
First get user’s DeviceId:

Get-ActiveSyncDevice -Mailbox user@domain.com | Fl DeviceId

To allow a specific device:

Set-CASMailbox –Identity user@domain.com –ActiveSyncAllowedDeviceIDs “DeviceID1”, “DeviceID2”

To deny a secific device:

Set-CASMailbox -Identity user@domain.com -ActiveSyncBlockedDeviceIDs “DeviceID1”, “DeviceID2”

Cheers,

Chris