Quantcast
Channel: Exchange Server 2013 - Mail Flow and Secure Messaging forum
Viewing all 2249 articles
Browse latest View live

Is my best bet a hosted SmartHost

January 8, 2015, 9:45 am
$
0
0

My ISP blocks port 25. I'm having a hell of a time getting my internal exchange server to deliver mail on a different port. I have configured my send connector for port 587 (among others for testing) but mail sent to the Internet (gmail / yahoo / other) simply will not deliver. I see the connection establish on my TMG firewall on the alternate port, but the messages just stay in the exchange queue with the error: Remote Server at gmail.com (2a00:1450:4013:c01::1a) returned '441 4.4.1 Error encountered while communicating with primary target IP address: "Failed to connect. Winsock error code: 10051, Win32 error code: 10051." Attempted failover to alternate host, but that did not succeed. 

I don't understand why I can't get mail to deliver? Maybe it's my DNS, although it seems to be working fine. I have a split-DNS, no other systems have issues. I'm also seeing the connection resolve on my TMG logs. Is mail in fact actually being delivered on port 587 and maybe gmail / yahoo isn't allowing it through? I'd like to configure this on my end, but more than likely would be solved with a SmartHost provided by my registrar.

-SK

Search

Exchange 2013 S/MIME with Server 2008 R2

January 9, 2015, 7:04 am
$
0
0

So I am trying to configure S/MIME on my 2013 Exchange server, but the process in which I need to export the rootca is vague and only applies to Server 2012/Windows 8 because of the export-certificate command.  

http://technet.microsoft.com/en-us/library/hh848628.aspx

My domain consists of a single DC/CA and member server that hosts Exchange.  Both servers are on Server 2008 R2, and I have installed PowerShell v4.0 on my DC to try an export the certificate but it continues to fail with:

export-certificate : The term 'export-certificate' is not recognized as the name of a cmdlet, function, script file,
or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and
try again.

The examples given to set up the export are equally vague:

PS C:\>$cert= (Get-ChildItem -Path cert:\CurrentUser\My\EEDEF61D4FF6EDBAAD538BB08CCAADDC3EE28FF) <--What path is this referencing??
If anybody has experience doing this I would greatly appreciate some guidance.
Mike

DLP feature vs Enterprise CAL

January 8, 2015, 4:02 pm
$
0
0

Hi,

I am trying to test the DLP feature.

My install: Exchange 2013 SP1, Enterprise Server License.

Client: Outlook 2013 Pro ( can work with EX13 for DLP)

Standard CAL license.

I tried to create a DPL test rule. It doesn't work.

It said that I need Enterprise CAL ( ECAL). I don't see where I can "Install" the Enterprise CAL. I want to test this feature before spending $10K on the Enterprise CAL. Can someone shed a light. ALL googling come up with the different between SCAL and ECAL. 

I ran this comment and it shows that all users are using SCAL: Get-ExchangeServerAccessLicenseUser –LicenseName “Exchange Server 2013 Standard CAL”


Exchange 2010 & 2013 coexistence mail flow between servers

January 5, 2015, 2:48 pm
$
0
0

Hi Everyone,

I have an exchange 2010 server which I am trying to move away from. I have installed 2013 and it seems to be working well. I have successfully moved a mailbox over to 2013 without any issues.

The problem i have at the moment is that a user who has their mailbox on the 2010 server can send to the user on the 2013 server. However the 2013 user cannot reply.

Any ideas?

Delivery Report Error '[{LRT=};{LED=};{FQDN=};{IP=}]'

January 12, 2015, 3:14 pm
$
0
0

Hello,

I have a newly installed Exchange 2013 working just dandy, except that it cannot relay mail for two particular domains. 

Problem domain # 1 gives me an NDR:

primary target IP address: "Failed to connect. Winsock error code: 10061,
Win32 error code: 10061." Attempted failover to alternate host, but that
did not succeed. Either there are no alternate hosts, or delivery failed to all
alternate hosts. The last endpoint attempted was 72.52.10.14:25'

Problem domain # 2 gives me a useless NDR:

Remote Server returned '550 4.4.7 QUEUE.Expired; message expired'<u5:p></u5:p>

Tracking messages to both domains I get a common error:

Eastern Time (US & Canada) and generated the error '[{LRT=};{LED=};{FQDN=};{IP=}]'.

Here's what I have done so far:

I can telnet to both problem domains on port 25 and get a 220
DNS resolves both mail server FQDN's to the correct IP
Using NSLOOKUP I can see MX records for both domains
I have verified EDNS using OARC's site

Currently I am stumped. Any suggestions or help would be greatly appreciated.

Miguel Fra | Falcon IT Services, Miami, FL
SharePoint Site | Joomla Site | Knowledgebase

 

Questions about Auditors' recommendations

January 5, 2015, 9:11 am
$
0
0

Hi all -

       We're running exchange 2010, which users access via outlook, OWA, and smartphones/tablets. Our security auditors made the following recommendations for the "webmail" (CAS/Hub) servers:

1. Set SSL 3.0 to require TLS

2. Set SSL 2.0 to require TLS

3. Disable the "options method" in IIS

     Aside from the fact that I don't know how to do this, I'm a little concerned about making changes to SSL. By doing so, am I going to break any devices? I'm worried about smartphones not connecting, and users who open OWA on an XP machine.

Appreciate any advice/experiences.

Mike

SMTP Address Should Change after deliver mail to Public Network

January 12, 2015, 10:17 pm
$
0
0

Hi,

Below is the scenario. 

In my Exchange Organisations we have Two Accepted Domain abc.com and xyz.com

User 1 have both SMTP Domain abc.com is a primary address and xyz.com is a secondary address.

User1 wants

if he sending a mail to external domain @yahoo.com then his SMTP Address Should show xyz.com.

Is it possible. .?

If yes then how?

Regards,

Ravinder kr. 

Exchange 2010 to 2007 Migration

January 6, 2015, 9:16 am
$
0
0

Hi all,

Due to a geographical move, I am in the process of migrating a number of users from Exchange 2010 to Exchange 2007.

the move was done as an exchange org admin from the Exchange 2010 Server GUI (not Exchange Management Shell)

When i did the move, it seems to have worked, but the move request Status was : Completed with Warnings.

 the details tab shows;

Warning: Failed to reset the target mailbox after the move.
Error details: Not connected.

the detailed log shows this at the end;

06/01/2015 15:41:21 [XXXXX] Failed to reset the target mailbox after the move. Attempt 6/6.
Error details: NotConnectedPermanentException Not connected.
   at Microsoft.Exchange.MailboxReplicationService.LocalMailbox.VerifyMailboxExists()
   at Microsoft.Exchange.MailboxReplicationService.LocalMailbox.Microsoft.Exchange.MailboxReplicationService.IMailbox.SetInTransitStatus(InTransitStatus status, Boolean& onlineMoveSupported)
   at Microsoft.Exchange.MailboxReplicationService.MailboxWrapper.<>c__DisplayClass20.<Microsoft.Exchange.MailboxReplicationService.IMailbox.SetInTransitStatus>b__1f()
   at Microsoft.Exchange.MailboxReplicationService.ExecutionContext.Execute(GenericCallDelegate operation)
   at Microsoft.Exchange.MailboxReplicationService.MailboxWrapper.Microsoft.Exchange.MailboxReplicationService.IMailbox.SetInTransitStatus(InTransitStatus status, Boolean& onlineMoveSupported)
   at Microsoft.Exchange.MailboxReplicationService.MoveBaseJob.SetDestinationInTransitStatus(MailboxMover mbxCtx)
   at Microsoft.Exchange.MailboxReplicationService.MoveBaseJob.<>c__DisplayClass65.<PostMoveCleanupTargetMailbox>b__63()
   at Microsoft.Exchange.MailboxReplicationService.CommonUtils.CatchKnownExceptions(GenericCallDelegate del, FailureDelegate failureDelegate)
06/01/2015 15:41:22 [XXXXX] Request is complete.

Before i continue with the user migration i need to know why i am getting these errors and what it means. what type of issues could it cause in the future.

there is a technet article (below) that comments on moves from 2010 to 2007.

http://technet.microsoft.com/en-us/library/dd638124(v=exchg.141).aspx

 

I am not using single item recovery, however i did NOT purge the recoverable items folder.

any help would be appreciated.

thanks

Search

Exch 2013 - Someone Relaying Email Through Server

January 5, 2015, 6:17 am
$
0
0
Exch 2013 - Someone Relaying Email Through Server, there are thousands are emails in Queu. Please help me urgently

Modifying Connectors for Receiving Internet Mail - Anonymous setting?

January 7, 2015, 7:29 pm
$
0
0

I have a mail reflector for my domain to deliver mail on an alternate port, other than 25 because my ISP blocks port 25. I have the following default receive connectors:

Default Client Font End Transport (FrontEnd Transport) - TLS, Basic, Integrated, Exchange users, port 587
Default Client Proxy (Hub Transport) - TLS, Basic, Offer Basic after TLS, Integrated, Exchange Server Auth, Exchange Servers, Exchange users, port 465
Default Front End Transport (FrontEnd Transport) - TLS, Basic, Offer Basic after TLS, Integrated, Exchange server auth, Exchange Servers, Legacy Exchange Servers, Anonymous Users, port 25
Default Hub Transport (Hub transport) - TLS, Basic, Offer Basic after TLS, Integrated, Exchange Server Auth, Exchange Servers, Legacy, Exchange Users, port 2525
Default Outbound Proxy Frontend Transport (Frontend transport) TLS, Enable domain security, Basic, Offer basic after TLS, integrated, Exchange server auth, exchange servers, anonymous, port 717

Issue: When I initially had mail forwarded to port 2525, I received a mail delivery system message: host mail.skincdc.com[69.250.204.88] said: 530 5.7.1 .Client was not authenticated (in reply to MAIL FROM command).

I modified the “Default Hub Transport” connector to allow Anonymous Users in addition to what I already had selected in the security settings. Voila, email is delivered to my exchange server from external domains.

I wasn’t sure if adding Anonymous Users to this connector would pose any issues. In order to try an alternate port, I changed my registrar to port 2626 and created a new receive connector Hub Transport, with only Anonymous Users and port 2626. I saw the initial connection in my TMG firewall logs, but mail never made it to my exchange server, and I wasn’t receiving the above error message right away as before. Disabling this new rule and modifying the firewall back to port 2525, email immediately was delivered. So can I just leave my Default Hub Transport receive connector as is with the security settings and Anonymous set? Thanks.

Next….getting email to send out on a different port than 25 to external domains. Still having issues with this one.

-SK



Message time is days before message tracking logs show it was received.

January 12, 2015, 7:46 am
$
0
0

Environment: Exchange 2013 CU7

I have a user who is reporting that she sent a message on 1/6/2015 to an internal Exchange recipient from her Outlook client.  I have seen the message from the mailboxes and it shows the correct date.  However, they said the message didn't arrive in the recipient mailbox until 1/9/2015.  I ran a get-message tracking log and it shows the server received it and delivered to mailbox on 1/9/2015.

Does anyone have any ideas on why the message would show 1/6 but the server didn't get it until 1/9?  

Thanks,

Jeff

inbound emails from internet stuck in smtp database queue

January 6, 2015, 10:27 am
$
0
0

I have 4 exchange servers

2 MBX and 2 CAS.

I am forwarding the smtp request from firewall to cas02 and using cas01 as stand by.

Email are working fine except some time when we look at the email queue emails get queued n smtp database. And it take very long time to route to user mailbox.

My mailbox in the DAG.

When I checked in the Active Directory DNS MX record pointing to cas01 and cas02


Connection refused on port 25

January 4, 2015, 12:23 am
$
0
0

Hello everyone!

I have a server that is running MS Windows Server 2012R2 and MS Exchange 2013 only CAS role. During last couple of weeks I have my server failed to receive a messages from outside.

When I'm trying to telnet on ipv6 port 25, I get normal answer
220 ex2013cas01.example.net Microsoft ESMTP MAIL Service ready at Sun, 4 Jan 2015 00:05:52 +0300‏

But if I telnet on ipv4 port 25, I get connection refused message.

To get SMTP works again I need to restart MSExchangeFrontEndTransport service. Even after an update to CU7 problem is still exist.

Is there any way to solve that?

Exchange Server FQDN

January 12, 2015, 7:21 am
$
0
0

Hello Dear,

suppose,  I have an exchange server for local use  mail.example.com. now I want to internet access this mail server but I want to this FQDN follwing mail.example.com.bd or mail.example-bd.com , can it possible ?

Exchange 2013 not receiving internal and external emails ..

January 9, 2015, 5:34 am
$
0
0

I have a coexistence of exchange 2007 and exchange 2013 ..2013 mailboxes where able to receive and send mails (internal and external) but suddenly the mail flow has stopped. 

Mail flow status

2013 to 2007 = OK

2013 to internet = OK

2013 to 2013 = OK

2007 to 2013 = FAIL

Internet to 2013 = FAIL 

incoming internet mails return the NDR below

Diagnostic information for administrators:
Generating server: mydomain.com
test08@mydomain.com
Remote Server returned '< #4.4.7 smtp;400 4.4.7 Message delayed>'

What could be a possible reason for this? 

Cheers guys ..

..forever is just a minute away*

Search

connect to mailbox from outside

January 15, 2015, 4:47 am
$
0
0

hi

i have exchange 2013 .(Hub transport in inside network and edge transport in DMZ)

from inside network my users can send and receive email with OWA .

sometime we need to access our email account from internet .

i research and understand i cannot put CAS in DMZ.

now how i can access to my mailbox from internet

edge transport not send or receive email

January 14, 2015, 12:51 pm
$
0
0

hi

i have exchange 2013 and it worked fine.now i want to add edge transport.

after i install edge transport i cannot send or receive email

i create xml file on edge transport then import it on hub transport and run start-

EdgeSynchronization command 
RunspaceId     : d2192d3a-009b-4fc8-ba3e-a70da064dfc1
Result         : Success
Type           : Recipients
Name           : EdgeTP
FailureDetails :
StartUTC       : 1/14/2015 8:23:27 PM
EndUTC         : 1/14/2015 8:23:27 PM
Added          : 0
Deleted        : 0
Updated        : 10
Scanned        : 21
TargetScanned  : 0

RunspaceId     : d2192d3a-009b-4fc8-ba3e-a70da064dfc1
Result         : Success
Type           : Configuration
Name           : EdgeTP
FailureDetails :
StartUTC       : 1/14/2015 8:23:27 PM
EndUTC         : 1/14/2015 8:23:28 PM
Added          : 0
Deleted        : 0
Updated        : 2
Scanned        : 21
TargetScanned  : 0

Exchange and Verizon.net emails

December 23, 2014, 5:25 am
$
0
0

We can send email to Verizon.net from our domain teamwd.com. We can receive email from verizon.net email account but we can not send email from teamwd.com on there SBS 2011 Excahnge server. The client did get a new IP address due to getting a faster dsl connection. Not sure why we can not send a email to verizon.net. I asked verizon to add a ptr record on the connection but it did not help. Any help would be much appreciated.


Renew certificate via ECP op exchange 2013 CAS server fails to enable-ExchangeCertificate

December 6, 2013, 4:12 am
$
0
0

Hello,

To renew my public certificate on the exchange CAS 2013 I used the ECP.

1. Generate a .req file via ECP using the renew option.

2. Sent the .req file to our CA provider.

3. Uploaded the certificate via ECP but.. no option to bind services and the still see the Pending request status.

I looked in command shell and i see the certificate with the command dir cert:\LocalMachine\My | fl

when I use the command enable-ExchangeCertificate -thumbprint XXXXXXXEDDD248B1A3EB40AF0FF549A -services "IIS,
IMAP,POP,SMTP"

I get the error:

A special Rpc error occurs on server EXCH01: The certificate with thumbprint XXXXXXXEDDD248B1A3EB40AF0FF549A
as not found.
    + CategoryInfo          : ObjectNotFound: (:) [Enable-ExchangeCertificate], InvalidOperationException
    + FullyQualifiedErrorId : [Server=EXCH01,RequestId=0f4d0049-407b-4b41-80ef-0b06d3b756fc,TimeStamp=5-12-2013 14:56:
   53] C0A3D0CB,Microsoft.Exchange.Management.SystemConfigurationTasks.EnableExchangeCertificate
    + PSComputerName        : excas01.xxxxx.corp

I think that there could be two options to this fault:

1. the .req file was somehow incorrectly used for the renew.

2. I dont know....

My question is what happens if i just delete the certificate i was trying to renew and just import the certificate I got from the CA?

Will users be affected ie they need to reinstall the certificate in outlook, phone, etc..

I only have 4 days before my certificate expires so please be quick!

thanks,

Rob

Last Error: A local loop was detected. Exchange 2010 - Linux Postfix

May 19, 2013, 6:57 pm
$
0
0

Hello,

Here is the scoop . . . I can send messages to accounts that reside on my Exchange servers and to external accounts I am not hosting.  If I try to send messages to accounts that reside on the Linux/Postfix server, the messages sit in the Exchange message queue.  An example of one of the messages "stuck" is:

Identity: Server0\Submission\660
Subject: TEST @ 1937
Internet Message ID: <E3336DF928658B45AD4B60C756612AD53D5452@GEMWIN0000>
From Address: exchange@domain.com
Status: Retry
Size (KB): 5
Message Source Name: SMTP:Default Server0
Source IP: 192.168.217.10
SCL: 0
Date Received: 5/19/2013 9:11:09 PM
Expiration Time: 5/21/2013 9:11:09 PM
Last Error: A local loop was detected.
Queue ID: Server0\Submission
Recipients:  postfix@domain.com

Here are my send connector settings:

Address Space - SMTP, *, 1

Network - Use domain name system (DNS) "MX" records to route mail automatically & Use the External DNS Lookup settings on the transport server

Source Servers - The private IP addresses of my two Exchange servers.

Any ideas?

Thank you for your time,

Don

Viewing all 2249 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>