dinsdag 23 augustus 2016

Fastest way to create and fill (multiple) relay allowed receive connectors

Had to create 6 new receive connectors on separate servers, with the email relay allowed ip addresses from an old Exchange 2010 connector.

So first export the old: (See this previous post of mine)
Get-ReceiveConnector "sr-XXXXX\smtp relay" | fl remoteipranges | 
out-file "d:\temp\smtp relay sr-XXXX.txt"

Then edit this file so that every ip address is on a single line without spaces, like so:
1.1.1.1
2.2.2.2
3.3.3.3
etc.

Now create the new send connectors, and note that on a multi role Exchange server you can't choose "Hubtransport" as connector type. If you do you'll get an error stating that there's already a connector with those exact same settings.

New-ReceiveConnector -Name "SMTP-Relay-SR-XXXXX" -Server sr-XXXXX -Usage Custom 
-Bindings 1.1.1.1:25 -RemoteIPRanges 2.2.2.2 -MaxMessageSize 30MB -TransportRole 
frontendtransport -Enabled $False
Notice the "RemoteIPRanges" value, it has to have a value so remember to edit that out after importing the old ip address range from the old connector.
Also note the "-Enabled $False" value, if the security settings are in place and the ip address import went successful and the DNS entry for the connector is in place then enable it.

Then download the "BulkImportRemoteIPonRecConn.ps1" script from Andy Grogan to import the IP addresses. The script still works on Exchange 2013, not sure on 2016.

Then run the script:

[PS] C:\_Scripts\_TEST\BulkImportRemoteIpReceiveConnector>
.\BulkImportRemoteIPonRecConn.ps1
Bulk Import of Remote IP Addresses for Exchange Receive Connectors
Version 0.1
www.telnetport25.com

 Detected Receive Connectors:

 0 . Servername\Client Servername
1 . Servername\Client Servername
2 . Servername\Default Servername
3 . Servername\Default Servername
4 . Servername\Default Servername
5 . Servername\Client Proxy Servername
6 . Servername\Default Frontend Servername
7 . Servername\Outbound Proxy Frontend Servername
8 . Servername\Client Frontend Servername
9 . Servername\XXXXX_inbound
10 . Servername\Default Servername
11 . Servername\Client Proxy Servername
12 . Servername\Client Frontend Servername
13 . Servername\XXXXX_inbound
14 . Servername\Default Servername
15 . Servername\Client Proxy Servername
16 . Servername\Default Frontend Servername
17 . Servername\Client Frontend Servername
18 . Servername\XXXXX_inbound
19 . Servername\Default Servername
20 . Servername\Client Proxy Servername
21 . Servername\Default Frontend Servername
22 . Servername\Outbound Proxy Frontend Servername
23 . Servername\Client Frontend Servername
24 . Servername\XXXXX_inbound
25 . Servername\Default Servername
26 . Servername\Client Proxy Servername
27 . Servername\Default Frontend Servername
28 . Servername\Outbound Proxy Frontend Servername
29 . Servername\Client Frontend Servername
30 . Servername\XXXXX_inbound
31 . Servername\Default Servername
32 . Servername\Client Proxy Servername
33 . Servername\Default Frontend Servername
34 . Servername\Outbound Proxy Frontend Servername
35 . Servername\Client Frontend Servername
36 . Servername\XXXXX_inbound
37 . Servername\Outbound Proxy Frontend Servername
38 . Servername\Default Frontend Servername
39 . Servername\Outbound Proxy Frontend Servername
40 . Servername\SMTP relay
41 . Servername\SMTP relay
42 . Servername\SMTP-Relay-Servername
43 . Servername\SMTP-Relay-Servername
44 . Servername\SMTP-Relay-Servername
45 . Servername\SMTP-Relay-Servername
46 . Servername\SMTP-Relay-Servername
47 . Servername\SMTP-Relay-Servername

 Please select the Receive Connector that you wish to work with.: 47

 Adding IP Address : 1.1.1.57  to  Servername\SMTP-Relay-Servername
Adding IP Address : 1.1.1.58  to  Servername\SMTP-Relay-Servername
Adding IP Address : 1.1.1.59  to  Servername\SMTP-Relay-Servername
Adding IP Address : 1.1.1.14  to  Servername\SMTP-Relay-Servername
Adding IP Address : 1.1.1.36  to  Servername\SMTP-Relay-Servername
Adding IP Address : 1.1.1.18  to  Servername\SMTP-Relay-Servername
Adding IP Address : 1.1.1.19  to  Servername\SMTP-Relay-Servername
Adding IP Address : 1.1.1.23  to  Servername\SMTP-Relay-Servername
Adding IP Address : 1.1.1.26  to  Servername\SMTP-Relay-Servername
Adding IP Address : 1.1.1.28  to  Servername\SMTP-Relay-Servername
Adding IP Address : 1.1.1.100  to  Servername\SMTP-Relay-Servername
Adding IP Address : 1.1.1.101  to  Servername\SMTP-Relay-Servername
Adding IP Address : 1.1.1.102  to  Servername\SMTP-Relay-Servername
Adding IP Address : 1.1.1.103  to  Servername\SMTP-Relay-Servername

Adding IP Address : 1.1.1.104  to  Servername\SMTP-Relay-Servername
...
...
...
Script Completed.
[PS] C:\_Scripts\_TEST\BulkImportRemoteIpReceiveConnector>

After the script completes set the security so Anonymous user access is granted. You have to do this at two places, one in PowerShell:
Get-ReceiveConnector "Servername\smtp-relay-Servername" | 
Add-ADPermission -User 'NT AUTHORITY\Anonymous Logon' 
-ExtendedRights MS-Exch-SMTP-Accept-Any-Recipient
And one in the EAC on (all) the newly created receive connectors



















Your connectors are done.

vrijdag 12 augustus 2016

Change Office 2016 activation serial number

Used my activation serial one to many times, but now i need to change my invalid activation serial number in Office 2016.
This used to be quite easy by going to program and features and upon selecting Office 2013 and choosing change you could then enter a new serial number. But not anymore, why change everything with a new release?

Now in an elevated command prompt, type this:

cscript "C:\Program Files (x86)\Microsoft Office\Office16\ospp.vbs" /inpkey:XXXX-YYYYY-VVVVV-DDDDD-AAAAA

And now your Office 2016 wants to activate again over the internet, and if the serial is valid you're good to go.

dinsdag 28 juni 2016

Exchange 2013 CU12 failed to install error 1619

This has got to be the dumbest thing I've ever come across when dealing with Microsoft products.
When installing CU12 for Exchange 2013 last night, the setup failed and was presented with this error:

Configuring Microsoft Exchange Server

Language Files COMPLETED

Restoring Services COMPLETED

Language Configuration COMPLETED

Mailbox role: Transport service COMPLETED

Client Access role: Front End Transport service COMPLETED

Mailbox role: Client Access service COMPLETED

Mailbox role: Unified Messaging service COMPLETED

Mailbox role: Mailbox service FAILED

The following error was generated when "$error.Clear();

Install-MsiPackage `

-PackagePath ([System.IO.Path]::Combine($RoleLanguagePacksPath, "Setup\ServerRoles\UnifiedMessaging\MSSpeech

_SR_TELE.ca-ES.msi")) `

-PropertyValues ("ARPSYSTEMCOMPONENT=1 ALLUSERS=1") `

-LogFile ([System.IO.Path]::Combine($RoleSetupLoggingPath, "InstallSpeech-ca-ES.msilog"))

" was run: "Microsoft.Exchange.Configuration.Tasks.TaskException: Couldn't open package 'C:\Program Files\Microsoft\Exchange Server\V15\bin\Setup\ServerRoles\UnifiedMessaging\MSSpeech_SR_TELE.ca-ES.msi'. This installation package could not be opened. Verify that the package exists and that you can access it, or contact the application vendor to verify that this is a valid Windows Installer package. Error code is 1619. ---> System.ComponentModel.Win32Exception: This installation package could not be opened. Verify that the package exists and that you can access it, or contact the application vendor to verify that this is a valid Windows Installer package
--- End of inner exception stack trace ---

at Microsoft.Exchange.Configuration.Tasks.Task.WriteError(Exception exception, ErrorCategory category, Object target,Boolean reThrow, String helpUrl)at Microsoft.Exchange.Configuration.Tasks.Task.WriteError(Exception exception, ErrorCategory category, Object target)at Microsoft.Exchange.Management.Deployment.InstallMsi.InternalBeginProcessing()at Microsoft.Exchange.Configuration.Tasks.Task.<BeginProcessing>b__5()at Microsoft.Exchange.Configuration.Tasks.Task.InvokeRetryableFunc(String funcName, Action func, Boolean terminatePipelineIfFailed)".

The Exchange Server setup operation didn't complete. More details can be found in ExchangeSetup.log located in the

<SystemDrive>:\ExchangeSetupLogs folder.

PS D:\Install\CU12>

I started the install with extracting the setup files to D:\Install\CU12, then ran the following command:
.\setup /mode:upgrade /iacceptexchangeserverlicenseterms
Looking in the exchangesetuplog file i saw that setup was looking for the missing file in this folder:
C:\Program Files\Microsoft\Exchange Server\V15\bin\Setup\ServerRoles\UnifiedMessaging\

Strange, because thats not where i extracted the setup files.
So copied the setup folder from the extracted folder:D:\Install\CU12toC:\Program Files\Microsoft\Exchange Server\V15\bin\ To make sure the setup folder with install files where there, then started the install again from the D:\Install\CU12 folder and the everything went fine and without a glitch, i even think that it was a little bit faster. But maybe that's just wishful thinking because it was at 01:30 in the night....

According to this post from Peter de Tender I'm not the first to witness this, and sure as hell won't be the last.

woensdag 22 juni 2016

Installing Cumulative Updates for Exchange 2013 in production environments in combination with TrendMicro ScanMail:

1. Put the server in maintenance mode with the script on D:\Scripts\Start-ExchangeServerMaintenanceMode v1.8.ps1

- In an elevated PowerShell console : Start-ExchangeServerMaintenanceMode.ps1 -Server Servername -TargetServerFQDN servername.domain.lan
(-Server is the server that will be put in maintenance mode, -TargetServerFQDN is the server where all connections, queues etc. will be move to)

2. Stop the TrendMicro Services in the following order:

- ScanMail for Microsoft Exchange System Watcher
- ScanMail for Microsoft Exchange Remote Configuration Server
- ScanMail for Microsoft Exchange Master Service

3. Change the Startup type for the Trendmicro Services to “Disabled”

4. Check the status for the Exchange components in the Exchange PowerShell console:
- Get-ServerComponentState –Identity Servername

5. Reboot server

6. Stop the TrendMicro Service in the Task Manager under the tab "services" in the following order:
- ScanMail_RemoteConfig
- ScanMail_SystemWatcher
- Scanmail_Master

7. In an elevated PowerShell console;
- Go to the folder where the extracted CU files are, in that folder type:
- .\setup /mode:upgrade /iacceptexchangeserverlicenseterms (Attention -  make sure .\ is in front of setup)

8. After successful installation of the CU reboot the server

9. Change the startup type for the TrendMicro services “Automatic” (Except ScanMail EUQ Monitor)

10. Reboot the server

11. Stop Maintenance mode with the script on D:\Scripts\Stop-ExchangeServerMaintenanceMode v1.8.ps1

- In an elevated PowerShell console : Stop-ExchangeServerMaintenanceMode.ps1 -Server Servername

12. Check the status for the Exchange components in the Exchange PowerShell console:
- Get-ServerComponentState –Identity Servername

13. Now the server is active and will be accepting connections and the database copies will be updated

dinsdag 21 juni 2016

Exchange 2013 Default IIS Settings

These are the default IIS settings for the Front End Website and the Exchange Back End Website, taken from a fresh installed Exchange 2013 CU12 server:

Default Web Site (Front End)
Virtual directory
Default IIS Authentication methods
SSL settings
Default authentication methods
Exchange Admin Center (EAC)
AuthenticationMethods
Exchange Management Shell (EMS)
Sites \ Default Web Site
As shown in Internet Information Services (IIS) Manager
 Available through EAC
 Internal
 External
Autodiscover
• Anonymous authentication
• Basic authentication
• Windows authentication
 • SSL required
• Integrated Windows authentication
• Basic authentication
Basic, Ntlm, WindowsIntegrated, WSSecurity, OAuth
Basic, Ntlm, WindowsIntegrated, WSSecurity, OAuth
ECP (Exchange Control Panel)
• Anonymous authentication
• Basic authentication
 • SSL required
• Use-forms-based authentication
 Basic, Fba
 Fba
EWS (Exchange Web Services)
• Anonymous authentication
• Basic authentication
 • SSL required
• Integrated Windows authentication
Ntlm, WindowsIntegrated, WSSecurity, OAuth
Ntlm, WindowsIntegrated, WSSecurity, OAuth
Mapi
 • Windows authentication
 • SSL required
 Not available in EAC
Ntlm, OAuth, Negotiate
Not configured
Microsoft-Server-Active-Sync
• Basic authentication
 • SSL required
• Basic authentication
• Ignore client certificate
Not set *
All methods can be used.
Not set *
All methods can be used.
OAB (Offline Address Book)
• Windows authentication
None available
WindowsIntegrated, OAuth
WindowsIntegrated, OAuth
OWA (Outlook Web App)
• Basic authentication
• SSL required
 • Use-forms-based authentication
• Domain\user name
 Basic, Fba
 Basic, Fba
OWA\Calendar
• Anonymous authentication
• Ignore client certificates
None available
OWA\Integrated
• Windows authentication
• SSL required
• Ignore client certificates
None available
OWA\oma (Outlook Mobile Access)
• Basic authentication
• Ignore client certificates
None available
PowerShell
• Windows authentication
• Not Required
 None set
 {}
 {}
* The InternalAuthenticationMethods/ExternalAuthenticationMethods  parameter specifies the authentication methods supported by the server that contains the virtual directory when access is requested from inside the network firewall. If this parameter isn’t set, all authentication methods can be used.
Aside from the above listed Virtual Directories, which you can find in the EAC, you also have the following directories to manage through IIS or EMS:
Virtual directory
Authentication method
SSL settings
Management method
Default Website
• Anonymous authentication
• SSL required
IIS Management Console*
This virtual directory can’t be configured by the user*
aspnet_client
• Anonymous authentication
• SSL required
IIS management console
Rpc
• Basic authentication
• Windows authentication
• SSL required
Exchange Management Shell (EMS)
* Indicates difference between multirole and Mailbox role server. You can’t configure this if the server only has the Mailbox role

Exchange Back End Website
Virtual directory
IIS Default Authentication methods
IIS SSL settings
Exchange Back End
• Anonymous authentication
• SSL required
• Ignore client certificates
Autodiscover
• Anonymous authentication
• Windows authentication
• SSL required
• Ignore client certificates
 ecp
• Anonymous authentication
• Windows authentication
• SSL required
• Ignore client certificates
 EWS
• Anonymous authentication
• Windows authentication
• SSL required
• Ignore client certificates
 Exchange
• SSL required
• Ignore client certificates
 Exchweb
• SSL required
• Ignore client certificates
 mapi
• Anonymous authentication
• SSL required
• Ignore client certificates
 Microsoft-Server-ActiveSync
• Basic authentication
• SSL required
• Ignore client certificates
 OAB
• Windows authentication
• SSL required
• Ignore client certificates
owa
• Anonymous authentication
• Windows authentication
• SSL required
• Ignore client certificates
owa\Calender
• Anonymous authentication
• Ignore client certificates
PopImap
• Anonymous authentication
• SSL required
• Ignore client certificates
 PowerShell
• Windows authentication
 • SSL required
• Accept client certificates
PowerShell-Proxy

• SSL required
• Ignore client certificates
Public
• SSL required
• Ignore client certificates
 PushNotifications
• Anonymous authentication
• Windows authentication
• SSL required
• Ignore client certificates
Quarantine
• Anonymous authentication
• SSL required
• Ignore client certificates
ReportingWebService
• Anonymous authentication
• SSL required
• Ignore client certificates
Reports
• Anonymous authentication
• SSL required
• Ignore client certificates
 Rpc
• Windows authentication
• Ignore client certificates
RpcProxy
• Anonymous authentication
• SSL required
• Ignore client certificates
 RpcWithCert
• Windows authentication
• Ignore client certificates
Sync

• SSL required
• Ignore client certificates
Ucc
• Anonymous authentication
• SSL required
• Ignore client certificates