How to renew a self signed certificate in Exchange Server 2007
When a new Exchange Server 2007 role is installed on a computer the server automatically generates a self signed certificate to be used with services like transport (SMTP), POP, IIS (OWA and Exchange Web Services) and IMAP. This certificate expires right after the completion of one year from the date server was installed or the certificate was reassigned manually. To check the status of the certificate using Exchange Management Shell. Executing the cmdlet Get-ExchangeCertificate |FL displays all relevant information about all the certificates assigned, enabled and being used or not used by Exchange Services.
You may see more than one certificate listed on your exchange server(s) and that may be simply because you or someone else from your team have already tried working with certificates on the server.
If you see the above picture, you will notice that the certificate I have on my server is valid till 24th March 2010. NotAfter holds the value in mm/dd/yyyy h:mm:ss format. NotAfter – means this certificate will not be valid after the time stamp listed in this field. On the other hand the value NotBefore – means that this certificate will not be valid before the time stamp mentioned.
So once you cross the date listed in field NotAfter the certificate becomes invalid and indeed may open up doors to many other troubles like connectivity to web services, SMTP transport, POP and IMAP retrieval, etc. To renew the certificate you can simply run a cmdlet and get a new self signed certificate. But, this is just not as simple as simply running a cmdlet and get a new certificate, there is a procedure to do it. Check the following steps:
1. Run Get-ExchangeCertificate |FL – This will list details of all certificates that you have assigned to Exchange Services. Please understand, this cmdlet does not retrieve any information about any other certificate from local certificate store which is not used by Exchange. Once you get the output printed on the screen; note down the Thumbprint of certificate into a notepad.
2. Run Get-ExchangeCertificate –Thumbprint “58C846DEEA2865CA9E6DD4B42329A9AC994EBF63” | New-ExchangeCertificate . This renews the certificate. You will notice the moment you press enter on keyboard you may be prompted to confirm if you want to use the same certificate for SMTP service.
3. Check if the certificate is renewed. This can be simply examined by looking at the changes in thumbprint of the certificate after running the cmdlet mentioned in step 2. You can see the changed thumbprint in below picture.
4. Looking correctly to the above picture you will also notice that the certificate is not being used to secure IIS based services anymore though the NotAfter and NotBefore dates have changed. To enable this renewed certificate for IIS as well run Enable-ExchangeCertificate – Thumbprint “E0BB201793DC74D0F94F3275E6AA53BA75907565” –Services IIS
5. Verify all the services are working correctly after renewing and enabling the certificate.
6. Remove old certificate by running Remove-ExchangeCertificate –Thumbprint “58C846DEEA2865CA9E6DD4B42329A9AC994EBF63”
A bit more research later and I found that Vista SP2 has a similar Service Pack Cleanup Tool in the same C:WindowsSystem32 directory called COMPCLN.exe. You can start the program by using the following instructions:
Click Start > Run
Type in CMD and press [enter]
At the command prompt, type COMPCLN and press [enter]
Press Y when prompted to continue
(the application will now start cleaning up the old files)
The size of the WinSXS folder (and potentially others?) should now have been reduced. On my computer, I found that the WinSXS folder was only reduced by 1 GB, but others have seen 3-4 GB reductions.
Do this after the setup below, Blue, yellow, Red then touch top right corner, screen should change to purple.
Set up an ad hoc Wi-Fi network on your computer (network name and password requirement are not important).
Connect to the Wi-Fi network you just created on your iPhone through the Settings/Wi-Fi menu.
Tap on the blue arrow to the right of the selected Wi-Fi network, click Static in the IP Address menu and enter the following IP address and chuckle at its geek quotient: 13.37.13.37
Next, enter 255.255.255.0 in the Subnet Mask field.
Back out of the Settings menu to ensure these settings are saved (though hitting the Home button right away shouldn’t change them).
Go to your Mac or PC and change the network settings to use the SOCKS Proxy and enter 13.37.13.37 as the Socks Proxy Server address and 1337 as the port. On our Mac laptop, this is what the resulting screen looks like: I will upload a screen shot.
Be sure to apply/save these settings.
Go back to your iPhone and open the Handy Light app and tap the flashlight colors at the bottom in the following sequence: blue, yellow, red. Then tap the top right corner of the screen and the color should change to purple. Your iPhone is now capable of sharing its internet connection with the computer you set up.
Leave the app open and go to your computer and start browsing. As the video describes, we found that it took a few seconds for the connection to kick in but then it worked like a charm. Though many variables affect network speed tests, a quick test using Speedtest.net yielded 3.92 Mb/s down and 0.38 Mb/s up while tethered to our iPhone 4 through Handy Light.
If you are encountering problem where Outlook constantly asks you for your password even though you check the “Remember my password” box every single time, then you are in luck because this tip shows how to fix the problem.
This fix should theoretically help with Windows Mail as well, but I haven’t been able to verify that yet.
Before you do anything else, close Outlook. You should also note that we’ll be modifying system generated files here, so proceed with caution or not at all.
Open up windows explorer window and then paste the following text into the address bar, which should bring you to a folder with a single folder inside with a really long name.
%userprofile%\AppData\Roaming\Microsoft\Protect
just rename that folder to something else (I suggest appending -old)
Now re-open Outlook, and then type in your password hopefully for the last time, making sure to check the box to remember it. You should now see that the original folder was re-created again.
At this point Outlook should remember your passwords, but you can close Outlook and reopen it to make sure. If you encounter problems with this, you can remove the new folder and then rename the -old folder back to the original name to put everything back the way it was.
Check registry for:
“HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User
Shell Folders\AppData” If the key is missing, you have to add a new registry key. Leave the Local AppData Key unaltered. You have to create a new Expandable String Value called “AppData” with the data value “%userprofile%\Application Data”. This solved the problem for me.
—
You can create a site to site VPN as last option if you are using on a Main office and Branch Office.
Taken from my LVM management notes. I had first used this when I imaged an 80GB drive to a 120GB drive and wanted to make use of the 40GB of free space.
1. fdisk /dev/sda then press p
Code:
Disk /dev/sda: 40.0 GB, 40020664320 bytes
255 heads, 63 sectors/track, 4865 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Device Boot Start End Blocks Id System
/dev/sda1 * 1 13 104391 83 Linux
/dev/sda2 14 1188 9438187+ 8e Linux LVM
2. Press d then 2 to remove the partition
3. Press n then primary pstart cylinder 14 last cylinder 4865 to add the newly re-sized partition. WARNING: Make sure the old and new partition start at the same cylinder position, not doing so will destroy your data.
4. Press t partition 2 Hex code 8e
5. Press p
Code:
Disk /dev/sda: 40.0 GB, 40020664320 bytes
255 heads, 63 sectors/track, 4865 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Device Boot Start End Blocks Id System
/dev/sda1 * 1 13 104391 83 Linux
/dev/sda2 14 4865 38973690 8e Linux LVM
6. Finally press w write table to disk and exit and reboot
7. Use vgdisplay, pvdisplay, or lvdisplay to show the current and later ending size of your LV
8. Run pvresize /dev/sda2 to expand the PV on /dev/sda2 after enlarging the partition with fdisk
9. You could also extend the volume group across disks and partitions: pvcreate /dev/hdb1; vgextend videovg /dev/hdb1; vgdisplay videovg. With this method use fdisk to create a new partition instead of recreating the original one. This is certainly safer since there is less risk to your existing data and it makes it easier to break up volume groups in the future.
10. Use vgdisplay to find the Free PE / Size
Code:
--- Volume group ---
VG Name SystemVG
System ID
Format lvm2
Metadata Areas 1
Metadata Sequence No 7
VG Access read/write
VG Status resizable
MAX LV 0
Cur LV 2
Open LV 2
Max PV 0
Cur PV 1
Act PV 1
VG Size 37.17 GB
PE Size 4.00 MB
Total PE 9515
Alloc PE / Size 2176 / 8.50 GB
Free PE / Size 7339 / 28.67 GB
VG UUID Bl4LEQ-R70i-3Qse-9z1p-BRcK-ibd7-2aelYx
11. Use lvdisplay to display current logical volumes
Code:
--- Logical volume ---
LV Name /dev/SystemVG/RootLV
VG Name SystemVG
LV UUID dxB6Fs-6sQr-AaLg-1zQ6-Q1f9-AN6V-cbSovF
LV Write Access read/write
LV Status available
# open 1
LV Size 8.00 GB
Current LE 2048
Segments 1
Allocation inherit
Read ahead sectors 0
Block device 253:0
--- Logical volume ---
LV Name /dev/SystemVG/SwapLV
VG Name SystemVG
LV UUID vSRWGx-zy8N-FrXK-3HP5-7pwW-F6SQ-IRJNeA
LV Write Access read/write
LV Status available
# open 2
LV Size 512.00 MB
Current LE 128
Segments 1
Allocation inherit
Read ahead sectors 0
Block device 253:1
12. lvextend -l +7339/dev/SystemVG/RootLV (you can use the following to reduce again lvreduce -l –7339 /dev/SystemVG/RootLV)
13. lvdisplay /dev/SystemVG/RootLV to see the result
Code:
--- Logical volume ---
LV Name /dev/SystemVG/RootLV
VG Name SystemVG
LV UUID dxB6Fs-6sQr-AaLg-1zQ6-Q1f9-AN6V-cbSovF
LV Write Access read/write
LV Status available
# open 1
LV Size 36.67 GB
Current LE 9387
Segments 2
Allocation inherit
Read ahead sectors 0
Block device 253:0
14. ext2online /dev/SystemVG/RootLV while the filesystem is mounted or to be safe use resize2fs /dev/SystemVG/RootLV while the filesystem is unmounted. Note:resize2fs may require running e2fsck -f /dev/SystemVG/RootLV first.
Press Ctrl-Shift-Enter keyboard shortcut to run command prompt as Administrator. Allow elevation request.
Type netsh winsock reset in the Command Prompt shell, and then press the Enter key.
Restart the computer.
What netsh winsock reset command does are it resets Winsock Catalog to a clean state or default configuration. It removes all Winsock LSP (Layered Service Providers) previously installed, including the potential malfunctioned LSP that causes loss of network packets transmission failure. So all previously-installed LSPs must be reinstalled. This command does not affect Winsock Name Space Provider entries.
Reinstall and Reset TCP/IP (Internet Protocol) in Windows Vista, 2003 and XP
reinstall and reset the TCP/IP stack (Internet Protocol) to its original state as same as when the operating system was installed in Windows XP and Windows 2003, simply use the following command in command prompt shell. A log file name must be specified where actions taken by netsh will be recorded on newly created or appended if already existed file..
netsh int ip reset [ log_file_name ]
Example:
netsh int ip reset resetlog.txt
For Windows Vista, things work a little different due to introduction of UAC (Guide: Disable UAC). Use this guide to perform a reinstalling of TCP/IP protocol in Vista:
Press Ctrl-Shift-Enter keyboard shortcut to run Command Prompt as Administrator. Allow elevation request.
Type netsh int ip reset in the Command Prompt shell, and then press the Enter key.
Restart the computer.
The command will remove all user configured settings on TCP/IP stack and return it to original default state by rewriting pertinent registry keys that are used by the Internet Protocol (TCP/IP) stack to achieve the same result as the removal and the reinstallation of the protocol. The registry keys affected are:
The location of the NK2 AutoCompelete file created by Outlook might be different from one computer to another, depending on the operating system and the version of Outlook.
Here’s the rules for finding the location of your NK2 file:
For Outlook 2003/2007 with Windows 2000, Windows XP, or Windows Server 2003:
The location of the nk2 file is C:\Documents and Settings\[User Profile]\Application Data\Microsoft\Outlook
The name of the NK2 file is identical to the Outlook profile name, with .nk2 extension.
For Outlook 2003/2007 with Windows Vista, Windows 7, or Windows server 2008:
The location of the nk2 file is C:\Users\[User Profile]\AppData\Roaming\Microsoft\Outlook
The name of the NK2 file is identical to the Outlook profile name, with .nk2 extension.
For Outlook 2010 with Windows Vista, Windows 7, or Windows server 2008:
The nk2 file is located in C:\Users\[User Profile]\AppData\Local\Microsoft\Outlook\RoamCache
The name of the NK2 file is in the following format: Stream_Autocomplete_X_AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA.dat The X is the file index (usually 0) and AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA is a random 16-byte key in hexadecimal format.
For Outlook 2010 with Windows XP:
The nk2 file is located in C:\Documents and Settings\[User Profile]\Local Settings\Application Data\Microsoft\Outlook\RoamCache
The name of the NK2 file is in the following format: Stream_Autocomplete_X_AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA.dat The X is the file index (usually 0) and AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA is a random 16-byte key in hexadecimal format.
When you use the NK2Edit utility, you don’t have to worry about locating the NK2 filename, because NK2Edit automatically open the default NK2 file for you.
This config assumes that you are using ports 0/8 and 0/9 for trust and untrust. Plus you need to define 2 HA ports as well to connect the firewalls heartbeat and session information I used ports 0/0 and 0/1.
SSG1
set interface “ethernet0/0” zone “HA”
set interface “ethernet0/1” zone “HA”
set nsrp cluster id 1
set nsrp cluster name Cluster
set nsrp rto-mirror sync
set nsrp vsd-group master-always-exist
set nsrp vsd-group id 0 priority 100
set nsrp arp 20
set nsrp secondary-path ethernet0/8
set nsrp monitor interface ethernet0/8
set nsrp monitor interface ethernet0/9
SSG2
set interface “ethernet0/0” zone “HA”
set interface “ethernet0/1” zone “HA”
set nsrp cluster id 1
set nsrp cluster name Cluster
set nsrp rto-mirror sync
set nsrp vsd-group master-always-exist
set nsrp vsd-group id 0 priority 150
set nsrp arp 20
set nsrp secondary-path ethernet0/8
set nsrp monitor interface ethernet0/8
set nsrp monitor interface ethernet0/9
If you have backup firewall that not in sync for few days or was switched off then to sync logon to firewall and type
exec nsrp sync global-config save
Reboot the backup firewall to bring the config to sync, you should see message as below.
Cluster:SSG140(B)-> exec nsrp sync global-config save
Cluster:SSG140(B)-> load peer system config to save
Save global configuration successfully.
Continue to save local configurations ... Save local configuration successfully.
done.
Please reset your box to let cluster configuration take effect!
Under certain conditions, the failure of NSRP monitored objects can cause both devices in a cluster to become inoperable. A CLI command is available to ensure one device is still elected as master and can forward traffic.
set nsrp vsd-group master-always-exist
also check the link for more info
http://kb.juniper.net/InfoCenter/index?page=content&id=KB11331
You may receive an “Outlook blocked access to the following potentially unsafe attachments” message in Outlook
Advanced troubleshooting
If you do not use Outlook with an Exchange server or if the Exchange server administrator lets users change the Outlook attachment security behavior, use method 1: “Customize attachment security behavior.”
If you use Outlook with an Exchange server and the Exchange Server administrator has disallowed changes to the Outlook attachment security behavior, use method 2: “Configure Outlook in an Exchange environment.”
Method 1: Customize attachment security behavior
Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:
322756 How to back up and restore the registry in Windows
Important Before you can customize the attachment security behavior in Outlook 2000 SR1 and Microsoft Outlook 2000 SR1a, you must first apply either Microsoft Office 2000 Service Pack 2 or Microsoft Office 2000 Service Pack 3.
Follow these steps to modify the registry and change Outlook’s attachment security behavior.
Exit Outlook if it is running.
Click Start, and then click Run. Copy and paste (or type) the following command in the Open box, and then press ENTER:
regedit
Verify that the following registry key for your version of Outlook exists. Microsoft Office Outlook 2010
If the registry key does not exist, follow these steps to create it:
Locate, and then click the following registry key:
HKEY_CURRENT_USERSoftwareMicrosoft
Under Edit, click New, and then click Key.
Type Office, and then press ENTER.
Under Edit, click New, and then click Key.
For Outlook 2010, type 14.0, and then press ENTER.
For Outlook 2007, type 12.0, and then press ENTER.
For Outlook 2003, type 11.0, and then press ENTER.
For Outlook 2002, type 10.0, and then press ENTER.
For Outlook 2000, type 9.0, and then press ENTER.
Under Edit, click New, and then click Key.
Type Outlook, and then press ENTER.
Under Edit, click New, and then click Key.
Type Security, and then press ENTER.
Under Edit, click New, and then click String Value.
Copy and paste (or type) the following name for the new value:
Level1Remove
Press ENTER.
Right-click the new string value name, and then click Modify.
Type the file name extension of the file type that you want to open in Outlook. For example:
.exe
To specify multiple file types, use the following format:
.exe;.com
Click OK.
Exit Registry Editor.
Restart your computer.
When you start Outlook, you can open the file types that you specified in the registry.
Note We recommend that you enable only the file types that you have to have. If you rarely receive a particular file type, we recommend that you give Outlook temporary access to the file type that is in question. Then, reconfigure Outlook to block the file type by undoing the changes to the registry. For more information about how you can configure Outlook to block attachment file name extensions that Outlook does not block by default, click the following article number to view the article in the Microsoft Knowledge Base:
837388 How to configure Outlook to block additional attachment file name extensions
Method 2: Configure Outlook in an Exchange environment
If you run Outlook in an Exchange environment, the Exchange server administrator can change the default attachment security behavior. For more information about how to configure Outlook in an Exchange environment, click the following article numbers to view the articles in the Microsoft Knowledge Base:
290499 Administrator information about e-mail security features
263297 Administrator information about the Outlook E-mail Security update: June 7, 2000
Attachments are divided into three groups based on their file name extension or file type. Outlook handles each group in a specific way.
Level 1 (Unsafe)
The unsafe category represents any file name extension that may have script or code associated with it. You cannot open any attachment that has an unsafe file name extension. For a list of the unsafe file name extensions, visit the following Microsoft Web site:
The following list describes how Outlook behaves when you receive or send an unsafe file attachment:
You cannot save, delete, open, print, or otherwise work with unsafe files. A message at the top of the e-mail message indicates that Outlook has blocked access to the unsafe attachment. The attachment is inaccessible from Outlook. However, the attachment is not actually removed from the e-mail message.
If you forward an e-mail message that has an unsafe attachment, the attachment is not included in the forwarded e-mail message.
If you send an e-mail message that contains an unsafe attachment, you receive a warning message that states that other Outlook recipients may be unable to access the attachment that you are trying to send. You can safely ignore the warning message and send the e-mail message, or you can decide not to send the e-mail message.
In Outlook 2003, if you save or close an e-mail message that contains an unsafe attachment, you receive a warning message that states that you will be unable to open the attachment. You can override the warning message and save the e-mail message.
You cannot use the Insert Object command to open objects that are inserted in Microsoft Outlook Rich Text e-mail messages. You see a visual representation of the object. However, you cannot open or enable the object in the e-mail message.
You cannot open unsafe files that are stored in an Outlook or an Exchange folder. Although these files are not attached to an Outlook item, they are still considered unsafe. When you try to open the unsafe file, you receive the following error message:
Can’t open the item. Outlook blocked access to this potentially unsafe item.
Level 2
Level 2 files are not unsafe. However, they do require more security than other attachments. When you receive a Level 2 attachment, Outlook prompts you to save the attachment to a disk. You cannot open the attachment in the e-mail message. By default, file name extensions are not associated with this group. However, if you use Outlook with an Exchange server and your mail is delivered to an Exchange mailbox, the Exchange server administrator can add file name extensions to the Level 2 list.
Other Attachments
When you try to open an attachment that has a file name extension other than those in the Level 1 or the Level 2 list, Outlook prompts you to either open the file directly or save it to a disk. You can turn off future prompts for that file name extension if you clear the Always ask before opening this type of file check box.
Note If a program associates itself with a new file name extension, Outlook treats that file name extension as safe until you add the file name extension to the list of Level 1 or Level 2 file name extensions.
For example, if you install a program on your computer that uses files that have a .xyz file name extension, when you open an attachment that has a .xyz file name extension, the program opens and runs the attachment. By default, the .xyz file name extension does not appear on the Level 1 or the Level 2 list. Therefore, Outlook treats it as a safe file name extension. If you want Outlook to treat attachments that have the .xyz file name extension as unsafe, you must add the .xyz file name extension to the list of Level 1 file name extensions.
Back to the top