Shadow00Caster's questions

I have a pretty straight forward setup: IIS 8 on Windows Server 2012 R2 2x ARR servers with NLB 3x Web content servers in a web farm

ARR servers have IIS shared configuration and IIS web content servers have shared configuration. I am able to sucessfully browse to a domain pointed to my ARR NLB IP over HTTP and hit my web servers in the web farm.

My problem is when I add certificates to the CCS share, they show up with a red X and the error "the specified private key password is not correct.". I have no key password specified in the CCS feature settings, and I generated a CSR and key without encryption to issue these test certificates from a valid CA.

The CSR and key's are all generated through a custom internal SSL utility which is just using OpenSSL. I ran the certificate and key through some validation tools on sslshopper.com and they verified to match and the key was able to be read as it was not encrypted.

I generated the PKCS#12 (.pfx) file using OpenSSL with my un-encrypted key and certificate issued from my CA. I am able to import the generated PFX into my cert store on my local machine, view it, and export it all without issue. Once strange thing I noticed is that when I exported the cert with key from my personal cert store on my machine and added it to the CCS, the error was that the file system could not find the file specified, even though it's displaying the cert with an error which is located in the share.

Any assistance would be greatly appreciated.

I have an issue with a fresh Exchange 2013 install on a 2K8r2 box that is fully updated as well as Exchange 2013 updated to CU3.

When attempting to access /owa or /ecp in Chrome, I get "This webpage has a redirect loop" ("Error code: ERR_TOO_MANY_REDIRECTS"). IE just breaks the connection and Firefox gives a similar error to Chrome. This happens on HTTPS and HTTP, locally using FQDN and IP as well as remotely using FQDN and IP. I have reset the OWA and ECP virtual directories and still have the same problem. I have made sure there are no HTTP Redirects enabled on the sites or virtual sites.

Any feedback would be greatly appreciated.

I have a plethora of laptops that are joined to an AD domain. I have an enterprise wireless system setup, the users of these laptops will be using an OPEN unsecured SSID which will ultimately have a captive portal that uses Radius->AD auth and firewall rules to allow access pre-captive portal auth to the proper ip's/ports of DC's etc for auth etc.

I already have other laptops/users connecting to another SSID with 802.11x and SSO, all works perfectly pre-logon etc.

My problem is with this open network, for some reason I cannot get the machines to auth to AD. The laptops connect to the wireless network, I confirm this on the controller and can ping the laptop at startup. I sharked the wires on the 2 DC's that these machines auth to, I can see a DNS SOA update from a laptop im testing with and can ping that test laptop from both DC's. When I try to logon, "There are currently no logon servers available to service the logon request." The shark shows no incoming connections to either DC even though the laptop is connected and pingable.

Any help is greatly appreciated.

In my organization, we have multiple distribution groups set up. One of these consists of a company wide group to which every internal user belongs to. This is a moderated internal group so messages sent to this, as well as other, groups have to be approved before they are delivered.

The whole reason this became a moderated group was that the group is intended for prevalent company information, not for Joe Moron to send out a company wide e-mail telling everyone about his new bed spread.

Despite the lack of general technical understanding that most users in my org have, some figure out that they can just select all from the GAL or one of the other "all company" address lists that are in Exchange and send to the individual users as opposed to the group.

I am wondering if there is any way to enforce the use of a distribution group inside the org with Exchange 2010. Perhaps some kind of filter or rule in Exchange somewhere that checks if the message is being delivered to every mailbox and it was not sent to a distribution group, or by checking for the number of recipient mailboxes and/or all mailboxes are @domain.com; I am not sure but I figured I would see if anyone has any recommendations.

Modifications to Outlook and/or local workstations are NOT out of the question, it would just have to be something I can accomplish through group policy.

Running Win 2K8 SP2 | Exchange 2010 SP1 | XP/Vista/7 | Outlook 2K7/2010/2011(Mac)

Error:
The following error was generated when "$error.Clear(); if ($RoleProductPlatform -ieq "amd64") { $comClassFile = join-path $RoleInstallPath "bin\Monitoring\x86\DiagnosticCmdletController.dll"; $regSvr32WOW = join-path (join-path $env:SystemRoot sysWOW64) regsvr32.exe; start-SetupProcess -Name:"$regSvr32WOW" -Args:"/s /u `"$comClassFile`"" -Timeout:120000; }" was run: "Process execution failed with exit code 5.".

Process execution failed with exit code 5.

Operating system is Windows 2008 running Exchange 2010 with Hub Transport Role. I have already uninstalled and re-installed the update roll ups (currently on 4 and only 4 is installed). I have uninstalled the Microsoft Full Text Indexing Engine.

This server has been replaced and is not live, but it does exist in a production environment with live exchange servers, it is just not utilized.

Any help is appreciated.

Background: 5 ESXi servers running in DRS, ~20TB storage. Loads of virtual servers including DC's/child DC's/member servs all 2K8 and Exchange 2010 servers.

Majority deployed from a template (not joined to domain), renamed and then joined to domain.

I'm pretty sure 90% of my machines have the same SID, at the very least I know my 3 Exchange 2010 servers have same SID (1 CAS/HUB, 2 MBX in DAG).

I know I can change the SID of my machines using NewSID, my question is can I do this to a machine already joined to the domain, let alone an Exchange 2010 server.

Any insight is helpful, thanks!

A bit of backstory... network exploded, rebuilt. This AD has survived people not knowing what they are doing, Exchange 2007 (installed and removed a few times), Exchange 2010 (current in use and re-did from a crash once).

My Outlook Anywhere (RPC over HTTP) is not working, the XML response is below and as far as I can tell it's providing all the right information yet testexchangeconnectivity.com still says "The EXCH provider section is missing from the Autodiscover response."

I've gone through AD with a fine tooth comb and I believe everything is ok (everything is correct in Exchange service under configuration in ADSIEDIT), though I may not be looking in the right places.

My internal and external url are the same. Any tips on where to look or any input is greatly appreciated!

<?xml version="1.0"?>
<Autodiscover xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">
  <Response xmlns="http://schemas.microsoft.com/exchange/autodiscover/outlook/responseschema/2006a">
    <User>
      <DisplayName>User Name</DisplayName>
      <LegacyDN>/o=Org/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=User Name</LegacyDN>
      <DeploymentId>1f6566b1-18f9-43ae-a2f4-495916449c3f</DeploymentId>
    </User>
    <Account>
      <AccountType>email</AccountType>
      <Action>settings</Action>
      <Protocol>
        <Type>EXCH</Type>
        <MdbDN>/o=Org/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/cn=TRITON/cn=Microsoft Private MDB</MdbDN>
        <ASUrl>https://mail.domain.com/EWS/exchange.asmx</ASUrl>
        <OOFUrl>https://mail.domain.com/EWS/exchange.asmx</OOFUrl>
        <OABUrl>http://mail.domain.com/OAB/484c877c-a2ca-4ec7-b6eb-69c51c199245/</OABUrl>
        <UMUrl>https://mail.domain.com/EWS/UM2007Legacy.asmx</UMUrl>
        <Port>0</Port>
        <DirectoryPort>0</DirectoryPort>
        <ReferralPort>0</ReferralPort>
        <CertPrincipalName>msstd:*.domain.com</CertPrincipalName>
        <PublicFolderServer>ScuttleTwo.domain.com</PublicFolderServer>
        <AD>Dewey.students.domain.com</AD>
        <EwsUrl>https://mail.domain.com/EWS/exchange.asmx</EwsUrl>
        <EcpUrl>https://mail.domain.com/ecp</EcpUrl>
        <EcpUrl-um>?p=customize/voicemail.aspx&amp;exsvurl=1</EcpUrl-um>
        <EcpUrl-aggr>?p=personalsettings/EmailSubscriptions.slab&amp;exsvurl=1</EcpUrl-aggr>
        <EcpUrl-mt>PersonalSettings/DeliveryReport.aspx?exsvurl=1&amp;IsOWA=&lt;IsOWA&gt;&amp;MsgID=&lt;MsgID&gt;&amp;Mbx=&lt;Mbx&gt;</EcpUrl-mt>
        <EcpUrl-sms>?p=sms/textmessaging.slab&amp;exsvurl=1</EcpUrl-sms>
      </Protocol>
      <Protocol>
        <Type>EXPR</Type>
        <Server>mail.domain.com</Server>
        <ASUrl>https://mail.domain.com/EWS/exchange.asmx</ASUrl>
        <OOFUrl>https://mail.domain.com/EWS/exchange.asmx</OOFUrl>
        <OABUrl>https://mail.domain.com/OAB/484c877c-a2ca-4ec7-b6eb-69c51c199245/</OABUrl>
        <UMUrl>https://mail.domain.com/EWS/UM2007Legacy.asmx</UMUrl>
        <Port>0</Port>
        <DirectoryPort>0</DirectoryPort>
        <ReferralPort>0</ReferralPort>
        <SSL>On</SSL>
        <AuthPackage>Basic</AuthPackage>
        <CertPrincipalName>msstd:*.domain.com</CertPrincipalName>
        <EwsUrl>https://mail.domain.com/EWS/exchange.asmx</EwsUrl>
        <EcpUrl>https://mail.domain.com/ecp</EcpUrl>
        <EcpUrl-um>?p=customize/voicemail.aspx&amp;exsvurl=1</EcpUrl-um>
        <EcpUrl-aggr>?p=personalsettings/EmailSubscriptions.slab&amp;exsvurl=1</EcpUrl-aggr>
        <EcpUrl-mt>PersonalSettings/DeliveryReport.aspx?exsvurl=1&amp;IsOWA=&lt;IsOWA&gt;&amp;MsgID=&lt;MsgID&gt;&amp;Mbx=&lt;Mbx&gt;</EcpUrl-mt>
        <EcpUrl-sms>?p=sms/textmessaging.slab&amp;exsvurl=1</EcpUrl-sms>
      </Protocol>
      <Protocol>
        <Type>WEB</Type>
        <Port>0</Port>
        <DirectoryPort>0</DirectoryPort>
        <ReferralPort>0</ReferralPort>
        <Internal>
          <OWAUrl AuthenticationMethod="Basic, Fba">https://mail.domain.com/owa/</OWAUrl>
          <Protocol>
            <Type>EXCH</Type>
            <ASUrl>https://mail.domain.com/EWS/exchange.asmx</ASUrl>
          </Protocol>
        </Internal>
        <External>
          <OWAUrl AuthenticationMethod="Fba">https://mail.domain.com/owa/</OWAUrl>
          <Protocol>
            <Type>EXPR</Type>
            <ASUrl>https://mail.domain.com/EWS/exchange.asmx</ASUrl>
          </Protocol>
        </External>
      </Protocol>
    </Account>
  </Response>
</Autodiscover>

I want to be able to use the Exchange 2010 OWA with mailboxes on an Exchange 2007 server.

I want to maintain my mailboxes on the 2007 server and maintain my 2007 HUB/CAS role. My setup is all Windows 2008 x64 servers, 3 Exchange 2007 servers (2 mailbox servers (CCR Active/Passive clustering) and 1 HUB/CAS server).

My goal is to maintain the current environment and have all the mailboxes on 2007, maintain the 2007 HUB/CAS for mail flow and for mobile phone access (2010 is still buggy with some mobile platforms) and have a NEW Exchange 2010 CAS server that only acts as a web portal for mail (the 2010 OWA blows away the 2007 OWA as you are not required to use IE to get real features). This will run on a separate internal server and use a separate hostname from the inside and outside.

Right now I have everything running, the 2007 servers and the 2010 with ONLY the CAS role installed. My problem right now is when I access the 2010 OWA and log in, it opens up the mailbox using the 2007 version of OWA.

So with all that said, is what I am trying to do possible?

I did find It is possible to use the Exchange 2010 web client with an Exchange 2007 mail server? as a relevant post but with no real help except a link I have already read over in my few hours of research into this.

Any help is appreciated.

I am installing Microsoft Exchange 2007 x64 in a two node environment using Microsoft Windows 2008 Enterprise x64. The Failover Cluster is all setup properly and following best practices for setting up the windows clustering for use with Exchange 2007. All the validation tests pass on the cluster and all of that portion is working fine.

The problem is when I go to install the first Exchange node as an Active mailbox in configuration for a two node CCR. It gets all the way through the first 3 steps (Copy Exchange Files, Management Tools, Mailbox Role) and then fails on the 4th step 'Clustered Mailbox Server' with the following error: Error: The clustered mailbox server's group 'XXXX' was not found, and should already exist.

Firewalls are all disabled, DNS is all setup properly, the environment has 3 domain controllers all 2k8 ent x64, all replication works. The name I pick for the CCR cluster (XXX) does not exist in AD or in DNS. I have attempted this install from both of the two Exchange nodes and multiple times .. tried with different names.

I have been banging my head against the wall for days working on this and would appreciate any feedback on the issue.