|
marketingman posted:There's an Exchange tool which allows you to apply permissions down a tree. It's called.... ummm.... PFDAV Admin? http://www.microsoft.com/downloads/en/details.aspx?FamilyID=635BE792-D8AD-49E3-ADA4-E2422C0AB424&displaylang=en PFDAVAdmin is a lifesaver. Doesn't work on 2010 though. Instead, use ExFolders (which is basically PFDAVAdmin, updated to work properly). http://blogs.technet.com/b/exchange/archive/2009/12/04/3408943.aspx It can do all the fancy ACL work you need on Public Folders.
|
#
¿
May 11, 2011 01:52
|
|
|
|
| # ¿ May 5, 2024 16:57 |
|
|
Pvt. Public posted:I've been raging about this poo poo backup method since they foisted it upon me. I didn't even want to have to deal with Exchange, but I lost that fight too. Because our president wanted to be able to see everyone's calendar. Yes, really. Goddamnit. Just to give you some heads-up tips for Backup Exec: Make sure to update Backup Exec on the media server to the latest version allowed by your licensing. Install the service packs and hotfixes via LiveUpdate. Then, install the BE Agent on Exchange. Make sure circular logging is turned OFF on the Exchange server - you want granular backups and truncation of transaction logs on Exchange. Make sure you don't have overlapping backups from the Windows Server backup and Backup Exec or VSS will poo poo itself. BE can be ornery when backing up Exchange, but with some TLC is works pretty well.
|
|
#
¿
Apr 3, 2012 13:17
|
|
|
Mierdaan posted:Double-postin' because the Exchange 2013 Preview docs are worth reading. "As a result of these architectural changes, there have been some changes to client connectivity. First, RPC is no longer a supported direct access protocol. This means that all Outlook connectivity must take place using RPC over HTTPS (also known as Outlook Anywhere). At first glance, this may seem like a limitation, but it actually has some added benefits. The most obvious benefit is that there is no need to have the RPC client access service on the Client Access server. This results in the reduction of two namespaces that would normally be required for a site-resilient solution. In addition, there is no longer any requirement to provide affinity for the RPC client access service. Second, Outlook clients no longer connect to a server FQDN as they have done in all previous versions of Exchange. Outlook uses AutoDiscover to create a new connection point comprised of mailbox GUID, @ symbol, and UPN suffix. This simple change results in a near elimination of the unwelcome message of “Your administrator has made a change to your mailbox. Please restart.” Only Outlook 2007 and higher versions are supported with Exchange 2013 Preview." oh snap!
|
|
#
¿
Jul 20, 2012 03:11
|
|
|
Trastion posted:We do not really care if they both have the same domain as long as we can change it to something generic like the asdf123.com one. We just don't want company 2's email to have company 1's domain showing up because that will make people ask questions. If they both are asdf123.com no one should ever put the 2 together. I am just not sure where it is getting the domain name part from in the header so i can change that. Check the send/receive connectors on your Exchange server. They should have an FQDN listed which is what you're probably seeing in the message headers. You could also relay mail out through the Barracuda which will use it's specified hostname in the headers, I'm pretty sure a model 300 or above will do this (maybe even a 100 or 200).
|
|
#
¿
Aug 1, 2012 05:20
|
|
|
Does anyone know if there is a good way to implement DKIM signing on Exchange 2007/2010? There's 2 commercial third party plugins that seem kind of sketchy and pricey. Is there no open source or free plugin? Do I really have to use another MTA in front of the Exchange server to get this functionality? Not a huge deal, setting up a proper SPF record seems to go a long way toward having the major providers (gmail/yahoo/hotmail) accept your mail, especially if your org sometimes sends out some newsletters/bulk mails.
|
|
#
¿
Sep 19, 2012 01:56
|
|
|
I've got Exchange 2010 SP1 running in /hosted (multi-tenant) mode. Is it possible to set up a journal rule to journal all mail to/from one of my organizations to a journal mailbox INSIDE that same organization?
|
|
#
¿
Oct 17, 2012 01:21
|
|
|
Prent posted:Nope. Microsoft says it won't work... and it doesn't! Hmm..do you have a link or anything from Microsoft on this? Not that I don't believe you..just curious what they have to say exactly. edit: nm, think I found it: http://social.technet.microsoft.com/wiki/contents/articles/journaling-and-hosted-mode.aspx Morganus_Starr fucked around with this message at 22:48 on Oct 17, 2012 |
|
#
¿
Oct 17, 2012 22:42
|
|
|
This brings me to another question then - what would be the best way to securely send journal reports from one Exchange 2010 organization to an outside Exchange 2010 organization (both of which I control)? Since I can't journal to inside my own organization in /hosted mode. Or if anyone has any recommendations for standards compliant message archiving let me know. Ideally something I can just securely and directly journal out to using a journal rule, instead of having to install something heavyweight and on premises that'd be awesome.
|
|
#
¿
Oct 18, 2012 00:52
|
|
|
Is there any way to securely journal from one tenant organization in one Exchange organization, to a completely separate Exchange org (with a regular on-premise install) ? Both Exchange 2010. Since mailbox journaling inter-org or intra-org doesn't work with /hosted, (see here http://social.technet.microsoft.com/wiki/contents/articles/journaling-and-hosted-mode.aspx) I'm trying to get some guidance on how to set up and secure proper journaling. That is, I've got the journal rule created piping mail items to my mailbox across a WAN, but I'm wondering how best to secure this setup. MS has an article here on protecting journaling accounts: http://technet.microsoft.com/en-us/library/bb331960(v=exchg.141).aspx Relevant points: Configure Transport Layer Security (TLS) between the two systems. Require authentication on the receiving system. Accept only e-mail messages from the SMTP address of the Exchange contact. So it seems like I need to lock down the mail contact that my journal rule is pointing to, and I also need to prevent the journal mailbox on the receiving end from accepting mail from anyone other than the "Exchange Recipient" that is generating the journal e-mails. Finally, securing the journal reports in transport would be preferred as well. Basically this is what my boss suggested to archive off some mail without dishing out money for an appliance or a cloud vendor - I think it's..not a very good idea but - anyone sent up anything like this? Particulary interested in the TLS or Require auth methods. I've been digging around some TechNet articles but if anyone can point me in the right direction that'd be groovy.
|
|
#
¿
Dec 11, 2012 01:34
|
|
|
Mierdaan posted:
Hahah wow...that is just bad. Can you replicate it?
|
|
#
¿
Dec 15, 2012 03:10
|
|
how can running get-help for a nonexistant cmdlet peg a w3wp process at 100% CPU utilization indefinitely on a brand new Exchange 2010 mailbox role server? That makes me very sad.
|
Does anyone have any good links or guidance on performance metrics to monitor for Exchange 2010? I've got PRTG set up doing a bunch of monitoring in our environment, and I can poll all kinds of metrics from WMI, whether DB related, RPC requests/latencies, etc.. Aside from the big 4 (cpu, disk, mem, network) are there any specific metrics that you guys monitor? I mean I can throw a bunch of sensors on various Exchange servers but I'm wondering if anyone has some real world experience on what they monitor, thresholds to look for, etc. I do understand this will vary greatly depending on the environment.
|
|
#
¿
Jan 3, 2013 00:56
|
|
|
Lord Dudeguy posted:It's not the send connector. It's the receive. Sending is fine. Anything going on with your firewall? I had an issue where a Watchguard firewall had the intrusion prevention (IPS) enabled on the SMTP 25 firewall rule and it worked fine for the longest time then started breaking port 25 connections randomly, likely an updated IPS definition that hosed poo poo. Anyway, might be worth ruling the firewall out just to be safe as well, if you can't find any Exchange transport related errors.
|
|
#
¿
Nov 12, 2013 01:18
|
|
|
Nirsoft has a bunch of other really awesome free tools too. BlueScreenView has clued me in MANY times of the underlying cause of a BSOD (e.g. bad video/network/sound driver .dll causing the fault).
|
|
#
¿
Feb 11, 2016 00:32
|
|
|
|
| # ¿ May 5, 2024 16:57 |
|
|
Thanks Ants posted:When the email starts to arrive again, does it happen on all the affected clients at the same time? Like one minute they all just start being able to receive email again, or is there no relationship like that. Pray it isn't something as insane as this: https://www.reddit.com/r/networking/comments/20ew5s/bad_ethernet_cable_causes_only_outlook_to_fail_why/ Hell at this point, I'd almost try to rule out your entire connection / network / firewall etc. completely just for grins - tether an affected system to a 4G hotspot for connectivity (use your cell phone, pick up a cheap Cradlepoint router etc.), see if the issue still occurs. Beyond that, I know I'd start running some packet captures on baseline working systems, then compare with packet captures on these systems exhibiting issues. Depending on your firewall you could run some packet captures on the firewall with a capture filter of the IP address of one of the affected systems. It's tough to say if you are diving down the rabbit hole of digging TOO deep in the network, versus looking at this as an OS/application specific issue, but might still be worth a shot.
|
|
#
¿
Jul 12, 2017 03:21
|
|