Quantcast
Channel: Exchange Server 2013 - Mail Flow and Secure Messaging forum
Viewing all 4249 articles
Browse latest View live

Exchange 2010 Mailflow between the DAG members

September 25, 2015, 5:05 am
$
0
0

Hi guys,

We have a very strange problem in our environment.

First let me explain our setup which have been working successfully for more that four years until last Sunday.

We have two servers running Exchange 2010 Enterprise. Both server are running The Hubtransport role, the CAS role and the mailbox role.

The servers are members of a DAG solution and both servers normally have active databases.

Last week we configured a new Certificate from GoDaddy. At first everything worked fine but I had trouble applying the certificate on one of the servers to the Hub transport role.

Last Sunday we noticed mails send from server a towards users hosted on Server B got stuck in the Queue.

After a lot of trouble shooting I created a ticket at MS. They helped me but it didn't went as smooth as we wanted.

I was really hoping they would tell me I just made a mistake which was easy to fix..

Unfortunately Microsoft told me yesterday they couldn't help me anymore and that I needed to perform an Inplace Updgrade which should fix the problem with the old Certificate.

This reminds me I forgot to mention something :), since I couldn't apply the new certificate to the transport role the old one was still used. Result TLS handshake mismatch..

 

After the disappointing message from Microsoft we worked during the evening to get stuff sorted out. I mean if people tell you, you can't fix stuff, you are kind of forced to proof them wrong...

If you have the same feeling this is your chance :) Any help is appreciated!!

 

Status at the moment:

We got rid of the old certificate; although MS told us this wasn't possible we still sorted it out.

Since our certificate from GoDaddy couldn’t hold the FQDN anymore we entered this in a Self Signed Cert. and assigned this to the SMTP service.

Right now queues are still pilling up the error message we get:

451 4.4.0 Primary target IP Address Responded with: "421 4.4.2 Connection Dropped due to SocketError."

I tried every single thing which I could found on the WWW to sort it out, I mean everything!

Mail sent from Server A still isn't delivered to people on Server B and the other way arround

I checked if there was a issue with the internal DNS, if there were problems to setup a SMTP session on port 25 between the two servers.

No problems to be found. Both Servers are showing StartTLS.

 

So basically I got stuck. if anyone of you guys had this at a certain moment and sorted it out, please share it with me.

Like mentioned your help is appreciated!

 

 


Search

Exchange 2013 Outlook Anywhere Autodiscovery Not able to set up Profiles (Exchange Server is Unavailable)

September 25, 2015, 4:49 am
$
0
0

Hi,

I have a 3 node Exchange 2013 (CU9) with a CAS Server and 2 node (MBX Servers) DAG which has been working fine for well over 8 months but during some Office 365 Preparation work, I noticed that Outlook clients (INTERNALLY only) were continually prompting for credentials (that were subsequently not accepted), to log onto their Exchange mailboxes.

By setting the IISAuthenticationMethods set to "Basic, Ntlm, Negotiate" (see below settings), I was able to get the EXISTING INTERNAL outlook clients to connect (they just ignore the credentials request) 

ExternalClientAuthenticationMethod : Basic
InternalClientAuthenticationMethod : Ntlm
ExternalClientsRequireSsl          : True
InternalClientsRequireSsl          : True
IISAuthenticationMethods           : {Basic, Ntlm, Negotiate}

but I can still NOT set up new profiles. Autodiscovery should obviously find the CAS server and return the mailbox GUID but it resolves to the Mailbox Node Server instead and then refuses to connect.

I have a different internal to external Domain so have used an autodiscover SRV setting on my internal DNS that points to the external name on my SSL certificate (eg mail.domain.com) and this all used to work so a bit stumped as to what to troubleshoot.

John Philipson

Exchange 2013 issues - (new send email Stuck in Drafts not send)

March 4, 2013, 2:02 am
$
0
0
Exchange 2013 issues - (new send email Stuck in Drafts folder not send)

DLP not working

January 29, 2013, 9:16 am
$
0
0

Hello there

I am testing various features(especially those that I don't see anybody else posting step by step for...unless you count taking printscreen from contoso:) and saying its yours...)

anyway

very simple setup

Ex1

EX2

in dag, certificates and all that working fine.

have two clients running windows 8 and office 2013 and also using owa

two test users(test1 and test2)

configured dlp rule from template of us PII and set it to enforce

I send email from test1 to test2 with ssn(678-45-5678)

and nothing

so I check rule and see its supposed to give you a mail tip but allow sending

how does that mechanism work? im guessing same as mail tips in 2010 so oab/metrics>>get to client at some interval and ONLY THEN ill see this mail tip telling the client ....whatever....

is that correct?


Email encryption like the new 365 hosted Excahnge feature

September 28, 2015, 9:07 am
$
0
0

Forgive my lack of keeping up!

Does anyone know if the new email encryption feature in hosted Exchange (365) can be deployed in house?  The one that allows a one time password, etc?

Thanks!

Bret

Submission queue increasing EXC2013 Mailbox. After IISRESET it started flowing again

June 12, 2015, 12:57 pm
$
0
0

Hi everyone!

I have a huge exchange 2013 environment with about 10k mailboxes. The CAS feature is segregated. Some of the servers (with the same hardware configuration) have started to keep messages in submission queue and it just let it go after an IISRESET. I noticed before the procedure that the CPU was in the top of use mainly by the IIS process. 

I don't have anti-virus installed on it. But we have a lot of transport rules. About 200. 

I didn't find out nothing special on EV. Just some times back-pressure. But why after the IISRESET the queue starts flowing again?

All releases are CU7.

Regards


Daniel S Orlando MCSE - Messaging

IMAP Search with UTF-8

May 25, 2015, 9:37 pm
$
0
0

Hi,

Does Exchange 2013 support UTF-8 charset for IMAP Search?

Cheers,

Saaj

Users can't send to local alias using Outlook, but can send to it using OWA

September 29, 2015, 6:39 am
$
0
0

I've added an e-mail address to a mailbox on our exchange 2013 server. If users are on OWA, they can send to this alias with no issues. If the user is using Outlook 2010 or 2013 they get a bounce message saying the e-mail address couldn't be found. Both the sending user and the alias are in our domain, on the same Exchange server. 

I've updated the GAL and the OAB. I've also made sure to delete the auto fill entry in Outlook, then type the full address. Any thoughts or help is greatly appreciated.

Thanks,

Travis

Search

RBL not working on Exchange 2013 Edge Transport

July 27, 2014, 5:31 am
$
0
0

Single multi-role server with a couple of mailboxes, recently added an Edge Transport server. After configuring the Edge Subscribtion I added sen.spamhaus.org as a RBL Provider:

Add-IPBlockListProvider -Name Spamhaus -LookupDomain zen.spamhaus.org

This is not working. A lot of spam is still entering Exchange and the http://www.crynwr.com/spam/ test failed.

Both servers run Exchange 2013 CU5.

Did my post help? Please use "Vote As Helpful", "Mark as answer" or "Propose as answer". Thank you!

Remote Server returned '550 5.7.1 Not authorized

September 29, 2015, 5:21 am
$
0
0

We are in the middle of a Migration from Exchange 2003 to 2010 to 2013.

2003 is no more. After moving 3 mailboxes to the 2013 Servers, we are not able to send mails with them.

We have 3 Locations (1 Root and 2 subdomains)

Domain a.de (root)

Subdomain b.a.de

Subdomain c.a.de

a.de is able to send to the subdomains, but b and c are not.

If a user in c trys to send an internal mail to a or b, the mail Returns with:

Remote Server returned '550 5.7.1 Not authorized

The same happens from b to c or a

We are working with Microsoft Support on that. We have been told to execute "Setup /preparealldomains" in all Domains.

Does this make any sense? The execution fails in b and c as there is a third subdomain d.a.de which cannot be reached from the sites b and c. (no ip Routing to b and c but a, no Exchange site planned in d)

(hope that i haven´t  convused too much....)

How to secure anonymous relay in exchange 2013? can we have an alternative for this?

September 20, 2015, 10:13 pm
$
0
0

Hi,

We use exchange 2013 CU5,

In our environemnt there are certain application which uses anonymous relay. For this we created a dedicated "Application Relay" connector and added our HLB (KEMP 2200) IP in this connector. In HLB we have option to allow IPs of APPLICATION SERVERS to allow for relaying.

The above is the method we folow usually

Now

1. Our security team is insisting that this anonymous method should not be used as oer policy

2. How we can modify or above setup in a secured way?

3. Current settings for "Default Frontend " shows Anonymos selected.....is this correct?

Manju Gowda


Issue sending to group with nested groups restricted to authenticated users

September 30, 2015, 8:24 am
$
0
0

Post upgrade from exchange 2010 we had a group that we would use and publish externally: groupA- the members of this distribution list were groupb groupc and groupd - groupA does not require that all senders are authenticated, (or in delivery managment senders inside and outside of my oranization is selected)   and in exchange 2010 received emails from outside the company and they were received by the members of groupb/c/d. Since migrating to exchange 2013, when sending to group A we are getting NDR from groups b/c/d saying senders must be authenticated. 

my workaround is to setup groups b/c/d to receive email from all senders, but im a bit loathe to expose all of my nested distribution lists to the outside world when this wasnt an issue in exch2010.

would anyone have any ideas on where to look on this? finding this particular query very difficult to search. 


Exchange Proxy Setting in Outlook - SSL option

September 30, 2015, 3:30 pm
$
0
0

I am having an issue with my Outlook clients using Outlook Anywhere from outside the office. I had to renew my SSL cert and change to FQDN on my serves. All internal Outlook clients, Outlook Web App, Autodiscovery, and Active-sync devices are fine with the new name changes but now I notice that 'Connect using SSL only' is not checked anymore in Outlook's Exchange Proxy Setting. I can turn it on and than Outlook will work until I shut it down and than I have to add it back again so I know the servers and removing it.

I am not sure off hand how to add it back in. Since I don't allow HTTP to the Exchange server from outside world. Any help would be great.

Exchange server 2013 mailflow stopped due to passive DAG member server

October 1, 2015, 9:55 am
$
0
0

Dear All,

Today i faced a very strange issue,our mailflow stopped suddenly ,although i got the issue resolved 

but it was strange what happened,i want to know what exactly happened.

we have 3 mailbox server 2 at primary site and 1 at DR

all server have 4 partitionas as below

1) C drive : OS installed

2) D drive: database folder for edb files

3) L drive : logs files

4)E drive: exchange application.

ex01 was active server in DAG with database mounted to it,ex02 passive server both at primary site,our email flow stopped 

After lot of troubleshooting i found on the passive server i.e. Ex02 the E drive where exchange application was installed was running out of space there was only 3 GB free space out of 150 GB,i thought may be ex01 is having some issue,so planned to move all database to ex02,before  doing that i thought of making free space in E drive of passive server i.e ex02,i manged to delete some log file from folder exchangeserver/logging/diagnostics/daily performance and deletd the logs and was able to make 10 GB free space,but to my surprise mail flow started working as soon i cleared space from there,before even mounting the database to the passive server as per my plan before the mailflow started working

my question is what does a passive server of DAG has to do with this??

Regards

Abubakar

Abubakar Mirasa Dubai,UAE Dubai, Microsoft Specalist


Mails are not coming from a specific domain.

September 10, 2015, 9:53 pm
$
0
0

Thanks In Advance...

Need help to identify a Critical Issue in Live Environment. 

We have Setup a Email server for out organization domain.com which is working properlly and the mail flow is also works fine with other domain. Since last week we observe that one of our client company based in UK complain that they are unable to send mails to our domain. 

We start investigating and found that some mails are coming properly and some are don't even hit out Trend Micro Mail Gateway server. After 6 Hrs client get the NDR over return receipt. 

Our Enviorment :-

Domain :- Domain.com

MX:- 11.12.124.15 & 200.225.112.23 (mail.domain.com) Preference 10

11.12.1247.16 & 200.225.112.24 (Gateway.domain.com) Preference 20

11.12.124.17 & 200.225.112.25 (relay.apeejaygroup.com) Preference 30

Mail Gateway Appliance :- Trend Micro InterScan Messaging Security Gateway 9.0

Client Environment:-

Domain :- clientdomain.com

MX :- brightmail by Symantec Messagelabs Cloud. 

=========================================

When Client sent a mail it don't even hit any of our mail gateway server. But the user gets the Non Delivery Message. In from Brightmail NDR following error message is showing.

Delivery attempt failure - transient Attempted delivery 71/31-01753-DD55DE55 to11.12.124.15 on Mon Sep 7 09:36:23 2015Error Message: "451 4.4.2 [internal] send HELO/EHLO failed" Providing this log to the recipient, hopefully they would be able to explain this answer when we try to connect to their Server11.12.124.15

=======================

Need help to identify that where is the issue and how to fix this so that we can start communication between our client over mail smoothly. 

Regards, Koustov Choudhury

Search

how to block internal user to sending the email to gmail,Hotmail in exchange server 2013

October 2, 2015, 10:58 am
$
0
0
how to block internal user to sending the email to Gmail,Hotmail in exchange server 2013

Abp

4.7.0 SMTP; 403 4.7.0 TLS handshake failed.

October 9, 2015, 12:47 am
$
0
0

Our sister company won't able to send emails to our domain and they receive this error TLS handshake failed.

Is it my server or their exchange server problem?

Exchange2013 DLP

October 12, 2015, 3:46 am
$
0
0

Hi,

Is there any way to set up policy tips while sending any mail to outside the organization in exchange2013 without adding any sensitive information.

Exchange2013 DLP policy tips work only when sending mails with any sensitive data,but we require any mail which is going outside should pop up policy tips and user should receive the override option.

Also having the help  whether Exchange2013 policy tips will work on active sync account in mobile or need any other application to achieve this.

microsoft outlook has accepted this meeting on behalf of

August 5, 2014, 8:25 am
$
0
0

Having the same problem as these threads below:

http://community.office365.com/en-us/f/158/t/230472.aspx

http://community.office365.com/en-us/f/158/t/255913.aspx

Can't pinpoint what might have caused this to start, could be when I installed CU5 recently?

Any thoughts?

Thanks!

Update - I migrated these mailboxes from one forest to another using the Cross-Forest Mailbox Migration tool in Exchange 2013.  The messages began once the Cross-Forest Migration completed.  All the permissions migrated and worked correctly, it just looks like it is causing a problem somewhere else.

Is it possible to use multiple layers of anti-spam filtering Exchange 2013?

October 12, 2015, 12:51 pm
$
0
0

Hello.

I have an on-premise Exchange 2013 (all roles on the one server) used in conjunction with McAfee's cloud based email protection (anti-spam and anti-malware) product. All mail goes to McAfee in the cloud and then is cleaned and delivered on premise.

My question is, would there be any harm in also enabling the anti-spam features on the Exchange server itself?

The reason we are considering this is because we would like to utilize some of the Sender Filtering available on Exchange anti-spam, which is not an option on McAfee.

Specifically the ability to filter SMTP FROM values.

Any feedback or help would be very appreciated.

Thank-you

Fred Weymouth

Viewing all 4249 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>