Archive for the ‘Microsoft Products’ Category

On a network I administer some of the end users wanted the session timeout in OWA to be longer so they don’t have to keep logging in after being idle for a while. This is an Exchange 2007 environment. This setting is stored in the registry on the Exchange server with the Client Access Server (CAS) role installed. There is two ways to modify this setting. One of course is to go into the registry and add the key for this value and set this value to the amount of time you want the session timeout to be.  The second way to set the session timeout is a by running a PowerShell command.

NOTE: The session timeout is set in seconds for example 1800 seconds = 30 minutes.

Read the rest of this entry »

So you host a bunch of internal SharePoint sites, Websites and other internal web applications. You want to secure them with SSL but you cannot afford a certificate from a third party certificate authority right now.  I am going to walk you through installing a new CA, request a certificate, approve a certificate and then install a certificate.

CA Install:

Go to start and click on “Server Manager”

Select ”Roles”

Click on “Add Roles”

Select “Certificate Services” and click next

I typically choose “Certification Authority” and “Certification Authority Web Enrollment” and click next

NOTE: I choose the web enrollment so I can request certificates and download them from the web browser.

Read the rest of this entry »

Intro

Spam, or more accurately Unsolicited Commercial Email, is still on the rise, with some estimates measuring it at 90% of all email traffic. It’s a nuisance for users, a storage nightmare for admins, and often a vector for phishing attacks and malware. Using a defense in depth approach, this article provides steps an email administrator can take to protect their network from spam.

Step one-user training

Users should be educated on how their actions can lead to or reduce the amount of spam destined for their inbox. Using corporate email for personal use, subscribing to mailing lists, registering their email address for promotions and giveaways, and forwarding chain mails are all vectors that can lead to spam. Consider disabling html support to prevent downloads that can confirm an address is valid, as well as to reduce the risk of email based malware.

Step two-web content

Spammers frequently scan websites looking for embedded email addresses in contact information. Raise awareness with your web developers and establish a policy that all email addresses in web pages should be masked using JavaScript or other encoding that allows a person to click or read the address, but makes it more difficult for a spider to harvest it. Use contact forms when possible instead of displaying email addresses.

Step three-tighten up your SMTP gateway

Disabling the verify command (VRFY) on your SMTP gateway makes it that much harder for spammers to check for valid email addresses. If supported, implement a delay before your server responds to a request with its banner. Legitimate email servers will wait for the 220 response before trying to send email, while many programs/scripts used by spammers will not. Your server can then drop email from this misbehaving sender. If your SMTP gateway supports Quit detection, configure it to drop email that it receives from a host that don’t close the session properly. Legitimate email servers end a session with the QUIT command, but many programs/scripts used by spammers don’t.

Read the rest of this entry »

In this post I will cover how to setup and configure a Windows 2008 server as a VPN server. There are several different steps and configurations that need to be done. There are 4 parts to this setup that I will walk through.

Part #1 Installing NPAS and RRAS:

Open Server Manager and open roles

Click on add roles and add the Network Policy and Access Services role (NPAS)

Click next on the informational screen

On the role services screen choose Routing and Remote Access Services (RRAS) and click next

On the next screen click install

When it is done it will give you a screen telling you if it installed successfully or failed

If it was successful click close and choose to restart when it prompts you

Read the rest of this entry »

May of 2009 I posted a blog on how to Setup Exchange 07 using a Dynamic IP (click here to read it). In this article I suggested a paid email relay service. At the time I was not able find a free email relay but now I have found a free email relay service. This service is www.mxguarddog.com.

It is not only email relay but a SPAM filter as well. I stumbled upon this looking for a free SPAM filter service for one of my clients. The nice thing about this relay service is they will forward to a different port. So the relay will accept mail on port 25 and relay it to your email server on whatever port you choose. This is helpful for anyone that has an ISP that blocks incoming traffic on port 25.

The way MX Guard Dog keeps this service free is by exchanging licenses for links on websites. They give you licenses depending on the amount of traffic the website you put the link on gets. For example I signed up for the service when I found it and put a link on my blog. They gave me 40 licenses for this. It’s a pretty sweet deal.

You can access window network shares through Outlook Web Access (OWA).

You need to allow the servers you want users to access first or you will see an error. The error is:  “For security reasons, Outlook Web Access is configured to prevent access to this type of document or folder. For more information, contact technical support for your organization.”

• How to add server shares in Exchange:

Open Exchange Management Console and expand Server Configuration –> select Client Access Server.  Then right click on the OWA directory –> Select Properties.

  Read the rest of this entry »

PROBLEM:

• When installing Isa 2006 on Server 2003 R2 the install fails on ADAM install. The error is: “setup failed to install ADAM”. This error pops up towards the end of the ISA install. This occurs if you have a server 2003 R2 with SP2 installed.

SOLUTIONS:

• Work Around 1 - Copy the contents of the ISA 2006 disc on the local hard drive. Put the Server 2003 R2 disc in the ROM drive and launch the ISA 2006 install from the contents on the local hard drive. The install should complete with no errors this time.
• Work Around 2 - Install Windows 2003 Server R2 with SP1 then install ISA 2006 then install SP2. Doing the installs in this order should avoid this ADAM error.

For more info on ISA 2006 setup visit: ISA Server TechCenter how-to articles

I ran into an issue with my recently deployed ISA firewall. It was blocking
any STMP incoming traffic. This made it so my Exchange users could send 
email just fine but could not receive any incoming email. I checked the 
Event Viewer and saw this:

Event Type:        Warning
Event Source:    Microsoft Firewall
Event Category:                None
Event ID:              14090
User:                     N/A
Description:
The server publishing rule Exchange POP3 SMTP Server, which maps 
192.168.5.32:25:TCP to 183.9.124.120:25 for the protocol SMTP Server, was 
unable to bind a socket for the server. The server publishing rule cannot 
be applied.   

To resolve this I had to make a simple change to my Exchange SMTP rule in ISA. First go into the ISA management console. Find your SMTP rule for incoming traffic. Right click on it.

Select properties. Then go to the “To” tab. Be sure to select “Requests appear to come from the ISA Server computer”

Click ok and then apply the changes to ISA. This should fix the issue and you will not see the warning in event viewer anymore.

I recently had the task of backing up Exchange 2007 using DPM 2007. I added the DPM agent to the Exchange server just fine. When I modified the protection group to add my storage groups I got an error saying I needed the eseutil.exe and ese.dll on the DPM server. I got these off my Exchange server and copied them to the DPM bin folder (C:\program files\Microsoft DPM\DPM\bin\). This took care of that error. You can also create a hard link to eseutil.exe and ese.dll. For more on this see: Exchange Server Database Utilities  & DPM07. 

After I got past that error I then ran into other errors on my Exchange protection members in DPM.

• “DPM has detected a discontinuity in the log chain“

and

• “Error 30216: DPM has detected a discontinuity in the log chain for Storage group First Storage Group on SERVERNAME.fqdn since the last synchronization.
  Error details: Unspecified error (0×80004005)

To resolve this I turned circular logging off on my Exchange storage groups and restarted the Exchange Information Store service. I then performed a consistency check on each of my storage group protection members and all errors went away.

• For further help backing up Exchange with DPM 2007 visit: Troubleshooting Exchange Server Protection Issues
• Here a blog on restoring Exchange using DPM: DPM 2007: Recovering Exchange data

At a client’s site they had Small Business Server 2008. For some reason Exchange 2007 was no longer working after they ran some windows updates on SBS 2008 and did a reboot. The information store service would no longer start. I checked event logs and saw this “Source: MSExchange ADAccess Event ID: 2114“. After doing some research I found out that if you disable IPv6 it will cause this error. Sure enough they had disabled IPv6.

I re-enabled IPv6 and the information store service would start again and all was good. Exchange 2007 requires IPv6 be enabled even if you are not using it. You can read more on this here: Don’t forget IPv6