Monday, January 23, 2012

Export the IP Relay List on SMTP Virtual server Exchange 2010

Everything seems to be much easy and less afford in PowerShell compared to all days. most of the information is needed can be gathered with simple PS instead of using complicated scripts here is how we would accomplish getting IP Addresses list on our relay list Exchange 2010.

We will use  Get-ReceiveConnector cmdlet.

Get-ReceiveConnector | Select-Object -Property 'Identity','RemoteIPRanges' |FL

You can plug this into PowerGUI or run it from EMS as shown below

image

image

 

Working with PowerGUI will teach you real fast how to use PowerShell , here is the video to get you started.

Respectfully,
Oz Casey, Dedeal ( MVP north America)
MCITP (EMA), MCITP (SA)
MCSE 2003, M+, S+, MCDST
Security+, Project +, Server +
http://smtp25.blogspot.com/ (Blog)
http://telnet25.wordpress.com/ (Blog)

Thursday, January 12, 2012

Customizing EMS for Exchange 2010

If you have not customize the EMS in your environment for your profile you may want to make quick adjustments as below to make the EMS work more efficient for yourself. if you have the PS profile the notepad will open it for you as shown below.

image

if you do not have it, you can do quick test

Test-Path $profile

image

If you do not have it you get it “false”

image

and to create one

New-Item -path $profile -type file –force

This will force to create folder called “PowerShell” under my documents directory

image

Now short and sweat modifying profile PS1 is typing below PS

notepad.exe $PROFILE

ScreenShot009

Okay you can copy and paste the information below…

And below I have created folder called on my C drive Admin and subfolder Script and told my profile to connect there anytime it starts. The rest you can play with and adjust based on your preferences.

$Shell = $Host.UI.RawUI
$Shell.WindowTitle=”E15 PowerWay”
$Shell.BackgroundColor=”Black”
$Shell.ForegroundColor=”White”
$size = $Shell.WindowSize
$size.width=125
$size.height=50
$Shell.WindowSize = $size
$size.width=110
$size.height=300
Set-Location C:\admin\Scripts

Now have configured your PS profile based on your needs and ready to play with some of simple scripts which will help you administration of your environment..

References

Best,

Respectfully,
Oz Casey, Dedeal ( MVP north America)
MCITP (EMA), MCITP (SA)
MCSE 2003, M+, S+, MCDST
Security+, Project +, Server +
http://smtp25.blogspot.com/ (Blog)
http://telnet25.wordpress.com/ (Blog)

Thursday, January 5, 2012

Exchange 2010 CAS ARRAY , SIMPLE DNS ROUND ROBIN

 

How does round robin work with Exchange 2010 CAS Array deployment was a question I come a cross and wanted to clarify few things.

image

Now Lets say you have 4 CAS servers names

CAS01.Telnet25.org 10.10.10.101
CAS02.Telnet25.org 10.10.10.103
CAS03.Telnet25.org 10.10.10.103
CAS04.Telnet25.org 10.10.10.104

Lets say you set your CAS Array and modified RPCClientAccessServer attribute to be

outlook.Telnet25.org and all your databases tagged with same attribute.

Now each time your MAPI client want to connect to their respected mailboxes, they will want to locate this name , which is outlook.Telnet25.org, then your workstation will do DNS query to configured DNS servers on its TCP/IP properties and will ask , hey get me the IP address for outlook.Telnet25.org, I want to connect to my mailbox, the DNS server will go to its database and see there are 4 host records for outlook.Telnet25.org and will provide you the first one first now you get the IP address for outlook.Telnet25.org=10.10.10.101 which is CAS01 and CAS01 will let you connect to you your respected database and you start seeing your mails within outlook.

Now imagine 3 other users will do same and each time they go to DNS DNS will perform round robin and hand out IP address for outlook.Telnet25.org in fair order. So at the end of the day if you have 100 MAPI users your CAS load will be something like this

image

Now all you have done is, to leverage the CAS load , if any of your servers goes down let’s see what happens ?

If CAS01 goes down , now 75 Users will get ***(Disconnected)*** , You opened DNS console in your DC and delete the A record outlook.Telnet25.org=10.10.10.101=CAS Server IP, until the Client DNS catch expires, the client will keep trying to establish connection to its cached DNS information thus outlook continue to go bananas.

Even if you lower the DNS TTL record for outlook.telnet25.org.

image

You can do the math if this is a good configuration or not, or you could purchase HLB and point outlook.Telnet25.org to HLB ( Hardware load balancer) IP and let HLB to handle the MAPI load and deal with situations like above without making your clients get disconnected. You can look it up on the net to see what HLB solutions available, some of them are very reasonable to be honest.

Best,

Respectfully,
Oz Casey, Dedeal ( MVP north America)
MCITP (EMA), MCITP (SA)
MCSE 2003, M+, S+, MCDST
Security+, Project +, Server +
http://smtp25.blogspot.com/ (Blog)
http://telnet25.wordpress.com/ (Blog)

Sunday, January 1, 2012

The Autodiscover service, How it is being configured & The name of the security certificate is invalid or does not match the name of the site…

I recently run into issue where AutodiscoverVirtualDirectory internalUrl was set to specific URL in a good fate by trying to configure & troubleshoot Autodiscover service.
Everything you need to know is here in this white paper……..
Now not to be confused the , if you run below cmdlet you will see the default is empty and there is no need to mess with these URL’s as they do not apply , configuring Autodiscover Service.
Get-AutodiscoverVirtualDirectory | fl *url*
image
For whatever reason you have if you want to fill these in this is what you would do
  • Set-AutodiscoverVirtualDirectory  -InternalUrl
  • Note just change the –InternalURL to –ExternalUrl to set the external one.
Set-AutodiscoverVirtualDirectory -Identity 'autodiscover (default Web site)' -internalUrl 'https://autodiscover.SMTP25.gov/autodiscover/autodiscover.xml'
Okay what ever reason you did have and set these and did understand these are not the correct URL , here how you can set them back to normal $Null
Set-AutodiscoverVirtualDirectory -Identity 'autodiscover (default Web site)' -internalUrl ($null)
*Note change the –IntenalUrl to –ExternalUrl
image
What you want to configure is this one
Get-ClientAccessServer |fl identity,autodiscoverserviceinternaluri
* Note as you can see the second server mail2 is showing up on the availability services URL which will cause problems if the certificate installed on the CAS server wont have this common name. Some people does not want to expose internal names to outside by publishing within the Certificate some people wont care. IMO this does not create any security risk at all but many places I worked with use common name in the certificate. This is why ( Split DNS scenarios) you  would set two A record in DNS and point to each CAS server ( assuming you have two) so that you would not see certificate name mismatch error.
image
Okay now hot to set the Autodiscover Service, I recommend reading the white paper first and getting good understanding how it works.
In a very common scenario this would be sample configuration……
  • You are running in split DNS model ( split DNS means , your internal name space matches your external name space) in my Lab I do have split DNS and my internal name space is telnet25.org my external DNS name space is also telnet25.org
  • You do have valid certificate , in this certificate you do have your common name, in my example I used mail.telnet25.org, and this is included into your certificate.
  • You have installed the certificate correctly on your CAS server or servers
  • You Set CAS array and did configure DNS to perform round robin , you most likely configured something like this RpcClientAccessServer=outlook.mycompany.com
  • You read and understood how SCP works
image
Okay here are the samples showing how to configure the basic
Modify the Autodiscover URL in the Service Connection Point
Set-ClientAccessServer -Identity CAS01 -AutodiscoverServiceInternalUri https://webmail.smtp25.org/autodiscover/autodiscover.xml
*Note make sure fallowing is configured based on your scenario
***

Modify the InternalUrl attribute of the EWS
Set-WebServicesVirtualDirectory -Identity "CAS01\EWS (Default Web Site)" –InternalUrl
https://webmail.smtp25.org/ews/exchange.asmx
***
Modify the InternalUrl attribute for Web-based Offline Address Book distribution
Set-OABVirtualDirectory -Identity "CAS01\oab (Default Web Site)" -InternalUrl https://webmail.smtp25.org/oab
Respectfully,
Oz Casey, Dedeal
( MVP north America)
MCITP (EMA), MCITP (SA)
MCSE 2003, M+, S+, MCDST
Security+, Project +, Server +
http://smtp25.blogspot.com/ (Blog )http://telnet25.spaces.live.com/ (Blog)http://telnet25.wordpress.com/ (Blog)