February 12th, 2010 by shiraj

To verify that the CA certificate is published correctly in Active Directory, run the following command

c:\>certutil -viewstore “ldap:///CN=RootCA,CN=Certification Authorities,CN=Public Key Services,CN=Services,CN=Configuration,DC=officer,DC=enrout,DC=com?cACertificate?base?objectClass=certificationAuthority”

http://msexchangeteam.com/archive/2008/06/20/449053.aspx

rpcping -t ncacn_http -s yourexchange -o RpcProxy=mail.yourdomain.co.uk -P “Administrator,YourDomain,*” -I “Administrator,YourDomain,*” -H 1 -F 3 -a connect -u 10 -v 3 -e 6004
RpcPing –t ncacn_http –s yourexchange -o RpcProxy=mail.yourdomain.co.uk -P “Administrator,yourdomain,password” -I “Administrator,Wilks-headyourdomainpassword” -H 1 –F 3 –a connect –u 10 –v 3 –B msstd:mail.yourdomain.co.uk
C:\Users\Administrator.yourdomain>rpcping -t ncacn_http -s exchange -o RpcProxy=mail.yourdomain.co.uk -P “Administrator,yourdomain,*” -I “Administrator,yourdomain,*” -H 1 -F 3 -a connect -u 10 -v 3 -e 6004
[PS] C:\Windows\System32>

[PS] C:\Windows\System32>Set-OABVirtualDirectory -identity “Exchange\OAB (Default Web Site)” -externalurl https://mail.yourdomain.co.uk/OAB -RequireSSL:$true

[PS] C:\Windows\System32>

[PS] C:\Windows\System32>Set-WebServicesVirtualDirectory -identity “EXCHANGE\EWS (Default Web Site)” -externalurl https://mail.yourdomain.co.uk/EWS/Exchange.asmx -BasicAuthentication:$True

OutlookAnywhere work internally but don’t work from Externally, this could be problem with IPv6 and DNS. On testing of Outlook connection internally directory services are using TCP/IP and rest using HTTPS. by applying the fix below resolved the problem.

[PS] C:\Windows\System32>

I fixed the problem by editing the host file in c:\windows\system32\drivers\etc on the 2008 server hosting Exchange:

127.0.0.1           localhost
#::1                 localhost
10.0.x.x             yourexchange
10.0.x.x             yourexchange.internal.FQDN
Notice the hash mark in front of the IPV6 address for the local host and added two entries, the netbios name and the FQDN of the exchange server and its internal IP addresss.
- In IIS changed the Autodiscover folder authentication to Windows Authentication
- Tested the Autodiscover using Test-OutlookWebservices.
[PS] C:\Windows\System32>Test-OutlookWebServices -Identity Administrator | format-list

- changed OAB settings in Exchange to point to external url.

OutlookAnywhere work internally but don’t work from Externally, this could be problem with IPv6 and DNS. On testing of Outlook connection internally directory services are using TCP/IP and rest using HTTPS. by applying the fix below resolved the problem.
[PS] C:\Windows\System32>
I fixed the problem by editing the host file in c:\windows\system32\drivers\etc on the 2008 server hosting Exchange:
127.0.0.1           localhost#::1                 localhost10.0.x.x             ummexc0110.0.x.x             ummexc01.ummnorva.local

Notice the hash mark in front of the IPV6 address for the local host and added two entries, the netbios name and the FQDN of the exchange server and its internal IP addresss.

February 5th, 2010 by shiraj

Exchange 2003 with iPhone
Things to remember:
Exchange is SP2 is minimum requirement and install all latest patch is recommended.

Microsoft Exchange 2003 has Service Pack 2 Installed
I would also install .Net framework 3.5 or above as well, as we are dealing with IIS and website.

Test IIS (Internet Information Server) components for proper connectivity (check event log for OMA error)
Open your browser and type:  http://your-exchange-server-external–dns-name/oma
(Outlook Mobile Access) if you are using https then use that https instead of http.
Open your browser and type:  http://your-exchange-server-external–dns-name/exchange
(Outlook Webmail Access) if you are using https then use that https instead of http.

Configure iPhone to your Exchange Server

There only FOUR components that are typically necessary for a proper exchange – iPhone setup

1. Email Address
2. Exchange User Id
3. Exchange Password
4. Server Address (Also known as Outlook Web Address)

 

If you have error on OMA try the instruction below

Method 2

Important Method 2 should be used only in an environment that has no Exchange Server 2003 front-end server. The registry changes should be made only on the server on which the mailboxes are located.

Create a secondary virtual directory for Exchange that does not require SSL, and then add a registry value to point to the new virtual directory.

Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:

322756  (http://support.microsoft.com/kb/322756/ ) How to back up and restore the registry in Windows
Note These steps affect both Outlook Mobile Access connections and Exchange ActiveSync connections. After you follow these steps, both Outlook Mobile Access and Exchange ActiveSync connections use the new virtual directory that you create.

Disable the forms-based authentication for the Exchange virtual directory

To create a secondary virtual directory for Exchange that is based on steps 1 through 7 of the following procedure, make sure that forms-based authentication is disabled for the Exchange virtual directory before you make the copy. Before you follow these steps, disable forms-based authentication in Exchange System Manager. Then restart Internet Information Services (IIS). To do this, follow these steps:

1. Open Exchange Manager.
2. Expand Administrative Groups, expand the first administrative group, and then expand Servers.
3. Expand the server container for the Exchange Server 2003 server that you will be configuring, expand Protocols, and then expand HTTP.
4. Under the HTTP container, right-click the Exchange Virtual Server container, and then click Properties.
5. Click the Settings tab, clear the Enable Forms Based Authentication check box, and then click OK.
6. Close Exchange Manager.
7. Click Start, click Run, type IISRESET/NOFORCE, and then press ENTER to restart Internet Information Services (IIS).

Create a secondary virtual directory for Exchange server

You must use Internet IIS Manager to create this virtual directory for Exchange ActiveSync and Outlook Mobile Access to work. If you are using Windows Server 2003, follow these steps:

1. Start Internet Information Services (IIS) Manager.
2. Locate the Exchange virtual directory. The default location is as follows:

Web Sites\Default Web Site\Exchange

1. Right-click the Exchange virtual directory, click All Tasks, and then click Save Configuration to a File.
2. In the File name box, type a name. For example, type ExchangeVDir. Click OK.
3. Right-click the root of this Web site. Typically, this is Default Web Site. Click New, and then click Virtual Directory (from file).
4. In the Import Configuration dialog box, click Browse, locate the file that you created in step 4, click Open, and then click Read File.
5. Under Select a configuration to import , click Exchange, and then click OK.

   A dialog box will appear that states that the “virtual directory already exists.”

6. Select the Create a new virtual directory option. In the Alias box, type a name for the new virtual directory that you want Exchange ActiveSync and Outlook Mobile Access to use. For example, type exchange-oma. Click OK.
7. Right-click the new virtual directory. In this example, click exchange-oma. Click Properties.

10.  Click the Directory Security tab.

11.  Under Authentication and access control, click Edit.

12.  Make sure that only the following authentication methods are enabled, and then click OK:

• Integrated Windows authentication
• Basic authentication

13.  On the Directory Security tab, under IP address and domain name restrictions, click Edit.

14.  Click the option for Denied access, click Add, click Single computer and type the IP address of the server that you are configuring, and then click OK twice.

15.  Under Secure communications, click Edit. Make sure that Require secure channel (SSL) is not enabled, and then click OK.

16.  Click OK, and then close the IIS Manager.

17.  Click Start, click Run, type regedit, and then click OK.

18.  Locate the following registry subkey:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MasSync\Parameters

19.  Right-click Parameters, click to New, and then click String Value.

20.  Type ExchangeVDir, and then press ENTER. Right-click ExchangeVDir, and then click Modify.

NoteExchangeVDir is case-sensitive. If you do not type ExchangeVDir exactly as it appears in this article, ActiveSync does not find the key when it locates the exchange-oma folder.

21.  In the Value data box, type the name of the new virtual directory that you created in step 8. For example, type /exchange-oma. Click OK.

22.  Quit Registry Editor.

23.  Restart the IIS Admin service. To do this, follow these steps:

1. Click Start, click Run, type services.msc, and then click OK.
2. In the list of services, right-click IIS Admin service, and then click Restart.

24.  If you want to reuse Forms-based Authentication on the Exchange server, follow these steps to re-enable Forms-based Authentication on the /Exchange virtual directory in Exchange System Manager.

1. Open Exchange Manager.
   1. Expand Administrative Groups, expand the first administrative group, and then expand Servers.
   2. Expand the server container for the Exchange Server 2003 server that you will be configuring, expand Protocols, and then expand HTTP.
   3. Under the HTTP container, right-click the Exchange Virtual Server container, and then click Properties.
   4. Click the Settings tab, click to select the Enable Forms Based Authentication check box, and then click OK.
   5. Close Exchange Manager.
   6. Click Start, click Run, type IISRESET/NOFORCE, and then press ENTER to restart Internet Information Services (IIS).

Note If the server is Microsoft Windows Small Business Server 2003 (SBS), the name of the Exchange OMA virtual directory must be exchange-oma.

The integrated setup of Microsoft Windows Small Business Server 2003 creates the exchange-oma virtual directory in IIS. Additionally, it points the ExchangeVDir registry key to /exchange-oma during the initial installation. Other SBS wizards, such as the Configure E-mail and Internet Connection Wizard (CEICW) also expect the virtual directory name in IIS to be exchange-oma.

February 2nd, 2010 by shiraj

There are some nasty, nasty SNMP vulnerabilities that have recently been revealed. Many different products are affected. See the CERT Advisory Here. This inspired us to upgrade our Cisco. To upgrade the IOS on your Cisco router, you have a couple of options. You can either upgrade via TFTP, or you can use the console. We used a 1600 router, so the procedure below is quite specific. Your mileage may vary.

To use TFTP, you need to download and install TFTP. Here is one source for TFTP. This version also works fine on XP.

First of all, before you touch anything, you should list your configuration using the command:

show config

Print your config to paper, just in case. Your config should stay during the IOS upgrade, but you never know what could happen. You may want to make sure you have console access to the router, as well as the ability to connect to it via the ethernet port. You can temporarily change the address on the ethernet port if you wish by entering:

conf term

At the (config)# prompt select the interface:

int eth0

then

ip address x.x.x.x y.y.y.y

where x is the ip address and y is the subnet mask. Use the earlier show config command so you can set it back when you are done. You could also enter a secondary address instead. Whatever you like.

You can find out what the name of your current flash image is by:

show flash

The next thing you should do is copy your current image (flashimage) up to the TFTP server:

copy flash:flashimage tftp://ipaddress/flashimage

You should see an entry like this in the log of your tftp server:

Receiving 'flashimage' file from x.x.x.x in binary mode

Copy your current image twice if you wish, to different file names, just to be safe. Browse Cisco to be very sure you have the right image. If you load the wrong image of IOS, your router won’t work. Pay attention to the amount of RAM your system has, and how much the upgraded IOS needs. IOS 12.2 needs more RAM than 12.0, and Cisco isn’t lying about this. When you are happy you have the right image:

delete flashimage
copy tftp://ipaddress/flashimage flash:flashimage

You will be asked if you want to erase the current image. Say yes. When it is done loading, change your eth0 IP if needed, and remove any old boot references:

conf term
no boot system flash oldflashimagename
boot system flash flashimage
exit

Now copy your config:

copy running-config startup-config

Reload, and you are set:

reload

Now, when you reboot all should come up ok. If it doesn’t, you will have to use the console port and xmodem to load an image that does work, and this is painful. Here is how to do it.

Pretty much, you just hit ctrl-break (At least with the version of HyperTerminal we used) when the router boots to get into rommon. Minicom or other terminal programs may have different sequences. Try ctrl-c, esc, etc. After you successfully enter rommon, you just:

rommon> xmodem -cf fileimagename

then, from your terminal program, send the file using xmodem. On our 1600, we had to do this at 9600 baud. We couldn’t figure out how to change our router to transfer faster than 9600, although we did see some references to how to do it. At 9600 baud, it takes about 50 minutes to reload IOS. After you are done uploading the image, remove the old boot references and copy config to start as above. If all else fails, you could go back to the flash image that you copied via TFTP.