Hello,

To renew my public certificate on the exchange CAS 2013 I used the ECP.

1. Generate a .req file via ECP using the renew option.

2. Sent the .req file to our CA provider.

3. Uploaded the certificate via ECP but.. no option to bind services and the still see the Pending request status.

I looked in command shell and i see the certificate with the command dir cert:\LocalMachine\My | fl

when I use the command enable-ExchangeCertificate -thumbprint XXXXXXXEDDD248B1A3EB40AF0FF549A -services "IIS,
IMAP,POP,SMTP"

I get the error:

A special Rpc error occurs on server EXCH01: The certificate with thumbprint XXXXXXXEDDD248B1A3EB40AF0FF549A
as not found.
    + CategoryInfo          : ObjectNotFound: (:) [Enable-ExchangeCertificate], InvalidOperationException
    + FullyQualifiedErrorId : [Server=EXCH01,RequestId=0f4d0049-407b-4b41-80ef-0b06d3b756fc,TimeStamp=5-12-2013 14:56:
   53] C0A3D0CB,Microsoft.Exchange.Management.SystemConfigurationTasks.EnableExchangeCertificate
    + PSComputerName        : excas01.xxxxx.corp

I think that there could be two options to this fault:

1. the .req file was somehow incorrectly used for the renew.

2. I dont know....

My question is what happens if i just delete the certificate i was trying to renew and just import the certificate I got from the CA?

Will users be affected ie they need to reinstall the certificate in outlook, phone, etc..

I only have 4 days before my certificate expires so please be quick!

thanks,

Rob

Hi All,

My environment facing a kind of weird issue, I would say.

My environment is undergoing a migration from Groupwise 6.5.7 to Exchange 2013.

mail flow from GroupWise is forwarded (flat forwarding enable) to Exchange 2013. Been noticing there are blank emails being forwarded to Exchange.

By turning on the pipe line tracing in Mailbox server, I can see there are the blank email info.

Inside the pipe line tracing email folder, there is Original, Routing & SMTP log.

Wanted to know how this 3 log files is created to further troubleshoot the blank email problem. Anyone have the idea how it works? Some of the log doesn't have Original, or Routing as example.

Thanks and Regards,

Low

Hi there,

I have strange issue with delivering e-mails from Microsoft account team to my Exchange 2010 users.

That is single Exchange 2010 server scenario with Microsoft antispam features installed.

There is one setting that is affecting behavior of that: Sender-ID filtering. If it is configured as reject messages, the authentication e-mails are rejected with error:5505.7.1Missing purported responsible address,MissingPRA,No valid PRA

I was doing some research around the Sender-ID filter and found this:https://technet.microsoft.com/en-us/library/aa997242(v=exchg.141).aspx pointing to this:

http://www.ietf.org/rfc/rfc4407.txt

(see chapter 2, points 5 and 6)

And Im thinking that the From: header is too long for the filter having 133 characters...

From: =?windows-1250?Q?T=FDm,=20kter=FD=20se=20star=E1=20o=20=FA=E8ty=20Microsoft?= <account-security-noreply@account.microsoft.com>

See https://tools.ietf.org/html/rfc2822 chapter 2.1.1

And if from header is not read properly, there is no other chance to define PRA.

Im attaching the header with some privacy related edits (*)

And also connection to my previos post:

https://social.technet.microsoft.com/Forums/cs-CZ/63366c5f-5028-4b86-8cd9-815b2474083e/authentication-email-from-onedrive-is-not-delivered-to-exchange-2010?forum=exchangesvrsecuremessaging

Received: from BAYIDSTOOL3E005 ([65.54.190.61]) by BAY004-OMC1S28.hotmail.com over TLS secured channel with Microsoft SMTPSVC(7.5.7601.22751);
	 Wed, 21 Jan 2015 03:50:31 -0800
Message-ID: <BAYIDSTOOL3E00520F196D99DA94912C1D28A480@CEZ.ICE>
X-Message-Routing: sKFde7CS5BHygFZaC4gFZWeHmOM+Rjf1iOmv8meDbQqeD+9kHFgbAflrz5UYy6v/Ov/vRliTx0hzi7ScTgwYCoH5DCu2Fahk9R9SdBH5Nsa5oB9Sz/gjNEAPF3tI/C3nFECX7BGzTiSSOg8TKAUbuCEwYGg==
Return-Path: account-security-noreply@account.microsoft.com
Date: Wed, 21 Jan 2015 03:50:31 -0800
From: =?windows-1250?Q?T=FDm,=20kter=FD=20se=20star=E1=20o=20=FA=E8ty=20Microsoft?= <account-security-noreply@account.microsoft.com>
Subject: =?windows-1250?Q?Bezpe=E8nostn=ED=20k=F3d=20=FA=E8tu=20Microsoft?=
To: <t*****f@jv*******ms.cz>
X-Priority: 3
X-MSAMetaData: Cn0c88Cz0sGsI0Nfm6RO9sA/7VbWGUJeVNx9a4NXy37JI18dwFph0xDWcW8LScCF+MW2Lz28gPZz9dv7HW6EgfszNl0B6YfvjoqD5EXhCIrXhZTYSSbIB1Ix/LTVnuXoQieHLbzlKEn/wPNttCFyHop5rh2n8Sm26X38Eqj+/+Nh4VXFdEZ2I+gyInEElCSMfg==
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="------=_Next_Part_0490624281.535"
X-OriginalArrivalTime: 21 Jan 2015 11:50:31.0736 (UTC) FILETIME=[757B2B80:01D03570]

Dear All,

Back in Exchange 2007 we used to prevent spam from own domain by modifying permissions on the Receive Connector, as show on this link.

http://exchangepedia.com/2008/09/how-to-prevent-annoying-spam-from-your-own-domain.html

When I modify the same permissions on Exchange 2013 Default Front Receive Connector, the spam is still allowed threw.

Is there a different aproche to achieve the same result in Exchange 2013?

Thank you

Bujar

Hello,

Here is the scoop . . . I can send messages to accounts that reside on my Exchange servers and to external accounts I am not hosting.  If I try to send messages to accounts that reside on the Linux/Postfix server, the messages sit in the Exchange message queue.  An example of one of the messages "stuck" is:

Identity: Server0\Submission\660
Subject: TEST @ 1937
Internet Message ID: <E3336DF928658B45AD4B60C756612AD53D5452@GEMWIN0000>
From Address: exchange@domain.com
Status: Retry
Size (KB): 5
Message Source Name: SMTP:Default Server0
Source IP: 192.168.217.10
SCL: 0
Date Received: 5/19/2013 9:11:09 PM
Expiration Time: 5/21/2013 9:11:09 PM
Last Error: A local loop was detected.
Queue ID: Server0\Submission
Recipients:  postfix@domain.com

Here are my send connector settings:

Address Space - SMTP, *, 1

Network - Use domain name system (DNS) "MX" records to route mail automatically & Use the External DNS Lookup settings on the transport server

Source Servers - The private IP addresses of my two Exchange servers.

Any ideas?

Thank you for your time,

Don

I have a server running sbs2011 all has been splendid for the past few years. Email came and went with no issues. Recently I purchased a new domain and wanted to get email for that delivered to my exchange server. I added the domain as an accepted domain and created an email address policy for the new accepted domain. 

The problem I am having is now I cannot get emails from external domains to the original email address....

Ex. xxx@mydomain.com was working fine and dandy.   xxx@newmydomain.com was added in EMC as accepted domain and Email policy. and the mail account was added to the xxx@mydomain.com user account

With xxx@newdomain.com i wanted to be able to use the new address when replying to emails so i tried adding in a pop3 account to outlook and then removed the pop3 data file so it gave me an option on which account to send from when sending an email in outlook. 

Everything seemed to work for an hour and then my original xxx@mydomain.com stopped getting emails. I can get internal emails from other users but not to this 1 account. other users can send and receive emails from external domains and this account can send to any domain. It is just this 1 account that cannot receive email.

My MX record is correct with the domain provider and Like I said I can get and send email on other accounts in the domain. 

Any help would be appreciated!!! Thanks in advance

Mike

Hi,

I have a problem that is proving very difficult to solve, and I'm hoping someone on here might know a bit more about this.

I am trying to configure MS Exchange Online to route all emails through Amazon SES as a relay server, however the problem is that SES seems to want you to pass it SMTP username and password credentials to authenticate with, and I don't think Exchange Online allows for this?

I have checked all the options in Outbound Connector section and there doesn't seem to be any place where I can choose SMTP authentication.  On Exchange 2013 and on-premise 365 Exchange solution I believe you can do this, but with pure Exchange Online I'm not sure...

Does anyone know whether this is possible, and if not why Microsoft doesn't allow it / if they might be intending to enable this in the near future?

Thanks a lot in advance!

Tom

Hi Everyone, 

Here is a quick question that I want to ask?

During configuration of the Exchange Server 2013, as I was troubleshooting the exchange server's mail flow, I have used the following cmdlet to change the Transportservice InternalDNSServers

set-transportservice -InternalDNSServers 192.168.x.x 

Now, i know that the default value for this is null, and would like to revert to back to it. How does one do it as it won't accept $false or {null}. Any help would be greatly appreciated. 

Thank you so much! 

PS The IP address i pointed to is our local DNS server.

I'm having a problem with a new Exchange 2013 CU7 server on Windows Server 2012 R2.  Having intermittent 451 4.7.1 Temporary server error. Please try again later PRX2 on receiving mail on connectors configured with port 25.  I keep thinking I have solved the issue.  If I think I fix it in the morning, it works all afternoon.  The next day I'm getting the error again.  It is driving me and my client nuts!

The Exchange server has the DNS servers for the internal DC's set in EAC for both internal and external lookups.

The DC's have DNS set to forward to external DNS servers.  I 'm having no issues with DNS resolution anywhere in the environment.

The Exchange server is able to resolve internal and external DNS.

One thing of note and I'm not sure if this is normal, if I ping the DC's i get back IPv6 address, never an IP4.  I have even set the servers in a host file.

Thankfully I have a filtered mail service that will spool mail if it cannot connect to the mail server and retires at set intervals.  So I have not lost any emails.

There is no filtering or AV scanning happening on the server or Exchange level.

Nothing in the event logs of note related to this issue.

At the moment it is working, but I'm sure it's going to stop again soon.

So far I have been unable to track down the cause of this problem.

The problem that is happening is the Exchange queues are building on the Exchange servers.  I have 2 Exchange 2013 SP1 servers that are clustered together using DAGs, and Windows Clustering.  I'm not really sure when the problem started, or if any changes had been made to the environment.

I have a client who is using Google Apps as a Smart host, but in the Hub->Send protocol logs I keep receiving this error over and over:

"Failed to connect. Winsock error code: 10051, Win32 error code: 10051, Error Message: A socket operation was attempted to an unreachable network [2607:f8b0:400e:c01::1c]:25"

From what I can tell the problem is that it is resolving the Smart host (smtp-relay.gmail.com) to it's IPv6 address rather than it's IPv4 address which is generating a socket error.

On the Exchange server itself if I do a nslookup or a ping it always resolves to the IPv4 address, but for some reason the queue keeps trying IPv6.  At one point I unchecked IPv6 on the network cards (yes I know this is a bad thing, but I was testing) and I still had the exact same problem.  I have not gone as far as trying to disable IPv6 in the registry yet.

On the send connector itself I have tried both the "Use the external DNS lookup settings" and using the Internal DNS.  On the server itself in ECP I configured the external DNS to 8.8.8.8 and 8.8.4.4.  But I still have the exact same issue.

The one lone send connector is setup to "Route mail through smart hosts" with smtp-relay.gmail.com as the Smart host and using "None" as the authentication. The scoping is set as SMTP * 1

I monitored the Firewall (Watchguard) and verified that SMTP traffic is flowing out using the IPv4 addresses, so the Firewall isn't blocking IPv4 SMTP traffic, but there is a chance that it is blocking IPv6 addresses.  But then again I don't have any external IPv6 addresses that I could NAT to externally anyways.

I have not tried to disable the Smart host yet to see if mail will flow to the Internet without issue because all of my SPF records are pointing to Google.

I am unsure at this point what to try next.  I have been debating about hard coding an IP address in the LMHosts for smtp-realy.gmail.com to see if that resolves the problem, but that would not be a permanent fix.

Any help would be greatly appreciated.

Hi together,

after restoring a public (calendar) Folder invitations from this public calendar are sent by the Administrator and not from the People that created the Invitation. This is different to the normal way.

Normally a user creates an Invitation and the invited People get mail from the user.

after deletion and restore this is always the domain Administrator.

The public folders owner has no influence in this.

I have absolutely no idea where to start searching...

Greetings/Grüße Gernot

So I have a very interesting scenario....We plan to move to MS Exchange 2013 from a open source email called Firstclass.....we have one domain (we'll call it contoso.com for this example), we had a previous domain setup of contoso-school.org as well......our current email system and acceptable addresses are both of those domain addresses....they are local DNS domains to us.....so for our Exchange we want these addresses to be acceptable in Exchange as well....but we also are going to add a new domain name to Exchange which would be main email address....which would be contososchool.com....however the domain is owned by 3rd party that runs our website with domain name....so was not going to add to our DNS.

I have exchange setup and working as far as being able to send receive external emails and also have our current Firstclass email system able to send email to exchange users....but I cannot get exchange to email the firstclass account....anytime I try, it just immediately shows up under my exchange account (there servers are all apart of the contoso.com domain).....I tried without having the other domain names added in as Acceptable domains but it still does the same thing....I think because the Exchange server is part of the same domain as other email system its causing this...

Has anyone dealt with this type of situation...I hope I explained it ok

Thanks

I have two Exchange 2013 CU5 Standard servers in a DAG.  Both servers have both the CAS and Mailboxes roles installed.  The servers are running Server 2012 Standard.  The DAG uses a file share witness server.  The witness server and one Exchange server, which is usually the active server, are on the same subnet in our primary data centre. The second Exchange server is on a different subnet in our backup data centre across town.

The domain that these servers are in is part of a forest with another domain. That domain is, physically, in another jurisdiction.  The domains share a namespace. All users in both domains have username at name.com as their e-mail address. 

The other domain has two Exchange 2013 servers in a DAG.  It also has one Exchange 2007 server, that is being phased out. All messages that my domain users send to external recipients pass though the Exchange servers in my domain, a firewall for my domain, an Internet connection, a firewall in the other domain, the Exchange servers in the other domain, the firewall for the other domain, and then out to the external recipients.  The reverse path is followed for inbound mail from external senders. 

All ActiveSync traffic for my users passes through the Exchange servers and a proxy server in the other domain. I have a self-signed SAN certificate on the Exchange servers in my domain. That certificate is also deployed on all of the mobile devices that my users have.

I have been asked to see if I can set things up so that a test user can send and receive e-mail with their mobile device, and have that traffic go from my Exchange servers, through the firewall for my domain, and out to external recipients. Due to a lack of test systems, I have been asked to develop this on my production servers, without disrupting the existing mail flow. Is that possible?  What would need to be done to accomplish this? If the test is possible, and successful, my Exchange servers, and all other relevant systems, would be changed so that all mail traffic from my domain no longer goes through the other domain.

I am in the process of migrating from Exchange 2007 to Exchange 2013. I have two Exchange 2013 servers in a DAG.  I need to create the customised receive connectors that exist on the Exchange 2007 server on the Exchange 2013 servers. When I create new receive connectors for our DAG members, do I specify the IP address of both servers in the network adapter bindings field, do I specify the load balancing IP address, or do I need to create an instance of the receive connector on each server, and bind the connector to the IP address of each respective server? Similarly, what do I need to specify for the fully qualified domain name (FQDN) the connector will provide in response to HELO or EHLO? 

Also, I have multi-function copier/scanner/printers that users use for scan to e-mail purposes. On these devices, I need to specify the SMTP server by FQDN or IP address. What do I specify when I have two Exchange servers in a DAG, and either one of them may be the active server because the other is unavailable due to system maintenance or an unplanned outage?

We have the following co-existence setup:

Edge 2013 sitting on the DMZ.

1 CAS 2013

1 MBX 2013

1 CAS/HUB 2010

1 MBX 2010

After creating a new edge subscription on the edge server and successfully completing it on the 2013 mbx server, when I run get-exchangeserver on the edgeserver I get only the 2010 CAS and the 2013 MBX. 2010 MBX and 2013 CAS are missing.

All mailflow is working fine, yet if I shutdown the 2010 CAS, incoming mail flow stops, because for the edge server the 2010 CAS is the nexthopdomain, it doesn't find it and gives a 4.4.1 error in the SMTP receive protocol logs.

I have tried re-creating the subscription several times, I tried forcefullsync, it syncs fine yet it does not discover all the servers.

The firewall on the edge is disabled and in the internal servers as well, just to be sure that there is no communication error.

When the edge server receives an email from the internet it sends it to the 2010 CAS/HUB server and then to the 2013 MBX server.

Also the documentation from technet states the following for Edge and messages arriving from external senders.

• Mailbox server and Client Access server installed on different computers   In this configuration, the Client Access server is bypassed for inbound mail flow. Mail flows from the Transport service on the Edge Transport server to the Transport service on the Mailbox server.

So in my config, the CAS should be bypassed, but yet that's not happening. The "proxy to a CAS server" option on the connectors is not enabled.

I believe all the above would be resolved, If I could make the Edge server discover all of the servers in the org.

Ideas?

I know this is an Exchange 2013 forum but i can;t seem to locate the 2010 forum.

We recently migrated over to exchange 2010 from 2003 and everything went well until emails were delayed when being delivered to outlook clients. Sometimes up to 15 mins.  OWA and ActiveSync clients receive their emails instantly.  I know the delay takes this long because i see it arrive in my phone and then i wait for it to arrive into outlook.  i even disabled Cached mode and we still experience delay issues.

Exchange is a single multi role install VM with ScanMail Trend Micro.

Am i missing something here?

We Have Exchange 2010 sp3 and i need to only user in my active directory can send from my SMTP to internet Because i have spam send from my SMTP .

Hey team,

I would like to know if there is a way I can setup a transport rule that will tag the subject line of a message if the following conditions are met:

1) The Sender contains a from address in the From: field of the messages itself (which is almost always the case)

2) The message also contains Reply-To and the Reply to is different than the From Address?

I don't know if my question makes any sense or not, but I am trying to tag the subject if theFrom: and Reply-To: are different addresses to help cut down on forged emails where a user receives and email that is from a valid domain name and then gets a different reply-to address when hitting reply in outlook.

Thanks,

Robert

Robert

Hi All

I have a customer with Exchange Server 2013 Standard SP1. I have recently migrated them from Exchange 2010.
Single Server for All roles. VM has Trend Micro office scan agent installed. Server resource is adequate, Separate drive holds logs, exchange database.

The only Error / warnings I can find from Event logs are below
1) Event ID - 6002, Ping of Mailbox database timed out after 00.00.00 minutes
2) Event ID- 6027, MS Filtering failed to contact primary update path
3) Event ID- 16028, A lot of this event.

I have done a bit of searching and reading and seems like all the above could be ignored,

However my main concern is, I have noticed over the last couple of week that once a week Exchange Transport Service stops and fails to restart itself causing mail flow until staff tells me none is receiving email then I manually start the service.

Has someone ran it to something similar or can offer a solution? Perhaps a script that runs and checks transport service and if service failure detected then wait 1 minute to force restart it?

Thank you in advance.  

MCITP, MCSA, MCSE,VCP - Consultant, Solution Design, Implementation