AD User with a forwarding address.

October 10, 2018, 12:35 am

≫ Next: Malware detected on all Exchange 2013 mailbox servers

≪ Previous: MSExchange Mailbox Replication 1008

Hi there,

I have an Exchange 2013 server and I want to create AD users with forwarding addresses.

I want the AD user to have an email address, say test@example.com and I want emails sent to that email to be forwarded to test@subdomain1.example.com
We do not want users to see that the address of the user is test@subdomain1.example.com

Is that possible?

I have tried to create AD users and put the forwarding address in the forwardingAddress attribute but it is not working.

If it is not possible with an AD user, is it possible with a Contact?

If yes, which AD attributes need to have which value?

↧

Malware detected on all Exchange 2013 mailbox servers

October 11, 2018, 1:34 am

≫ Next: Exchange Server 2010 MailBox Server Roll doesn't run

≪ Previous: AD User with a forwarding address.

Since yesterday I've had multiple detections of the malware below - only on Exchange 2013 mailbox database servers. Two CAS servers are not showing anything, nor are any other AD-joined servers (so I don'tthink this is something spreading across the network).

I think these detections may be happenning because somehow a mail message with something bad in it has got past the mail filtering system and into a mailbox. I'm not sure why that would be popping up outside the mailstore DB as discrete files on the C drive. I'm wondering if it's because of some kind of background Exchange optimisation process? As far as I know, no mailbox moves or exports were running at any of the times when this stuff was detected - I've seen references to similar experiences from other people in various forums online, but without any definitive answers.

Antimalware is System Center Endpoint Detection on Server 2012 R2.

Can anyone explain the processes that might be going inside Exchange that would cause stuff to be pulled out of a mailbox and onto the C drive? I need to rule out if these servers are actively being attacked over the network by something.

I have put the (licenced) business version of MalwareBytes onto one of the servers in addition to SCEP and it detected nothing. A full scan from SCEP also detected nothing.

Further, if this is some item with nasty attachments sat in a mailbox, how can I identify and remove it? Can that be found in a log somewhere, or are there commercial products that can scan the contents of the mailstores (as opposed to scanning stuff as it passes into and out of Exchange).

Thanks for any help.

Here's the detail:

Trojan:Win32/Skeeyah.A!rfnSevereTrojan

Detected in:

C:\Windows\Temp\OICE_386F84D7-B003-432B-9DCE-727112BB940F.0\FLT83AE.tmp1
C:\Windows\Temp\OICE_DA89E288-4D74-4F8C-908D-F0A33516684D.0\FLT9C5C.tmp1
C:\Windows\Temp\OICE_DA89E288-4D74-4F8C-908D-F0A33516684D.0\FLTA92E.tmp1
C:\Windows\Temp\OICE_956671F3-3EB5-4819-AB2C-B5D0B4ABF691.0\FLTBDF6.tmp1
C:\Windows\Temp\OICE_956671F3-3EB5-4819-AB2C-B5D0B4ABF691.0\FLTB6A2.tmp1
C:\Program Files\Microsoft\Exchange Server\V15\TransportRoles\data\Temp\UnifiedContent\1d9ccefc-e1ff-4f2d-9ff6-ba633871fa2a->Files/Graph1/YNKZJ2~1.EXE1
C:\Program Files\Microsoft\Exchange Server\V15\TransportRoles\data\Temp\UnifiedContent\1d9ccefc-e1ff-4f2d-9ff6-ba633871fa2a->Files/Graph1/71912-pcs2r8z8e45tex8850ajzny103irbdko6f_ykxa5jxkfkcuc608onw4xefsfnv_x.exe1
C:\Program Files\Microsoft\Exchange Server\V15\TransportRoles\data\Temp\UnifiedContent\1d9ccefc-e1ff-4f2d-9ff6-ba633871fa2a->Files/Graph1/3207-id_N287_wp_enc_x32_2018-09-13_21-37.exe1
C:\Program Files\Microsoft\Exchange Server\V15\TransportRoles\data\Temp\UnifiedContent\1d9ccefc-e1ff-4f2d-9ff6-ba633871fa2a->Files/Graph1/1GEJJB~1.EXE1
C:\Program Files\Microsoft\Exchange Server\V15\TransportRoles\data\Temp\UnifiedContent\1d9ccefc-e1ff-4f2d-9ff6-ba633871fa2a1
C:\Windows\Temp\OICE_F1ABB43B-924F-460C-864C-D7E960EC16BF.0\FLTEEFA.tmp1
C:\Windows\Temp\OICE_7EDB0BA0-88B2-4EB0-BB39-748E3B7AB6E3.0\FLTFAE1.tmp1
C:\Windows\Temp\OICE_7EDB0BA0-88B2-4EB0-BB39-748E3B7AB6E3.0\FLTEFC4.tmp1
C:\Windows\Temp\OICE_7EDB0BA0-88B2-4EB0-BB39-748E3B7AB6E3.0\FLT4A9.tmp1
C:\Windows\Temp\OICE_727D89F6-5CE5-43D5-89DC-58ED5D39902B.0\FLTCABB.tmp1
C:\Windows\Temp\OICE_727D89F6-5CE5-43D5-89DC-58ED5D39902B.0\FLTC1F0.tmp1
C:\Windows\Temp\OICE_629813AC-0B76-42D3-AC13-2B4CB16FC5D6.0\FLT866E.tmp1
C:\Windows\Temp\OICE_629813AC-0B76-42D3-AC13-2B4CB16FC5D6.0\FLT8360.tmp1
C:\Windows\Temp\OICE_DA89E288-4D74-4F8C-908D-F0A33516684D.0\FLTEC15.tmp1
C:\Windows\Temp\OICE_DA89E288-4D74-4F8C-908D-F0A33516684D.0\FLTF108.tmp1

Trojan:Win32/MereTam.ASevereTrojan

Detected in:

C:\Windows\Temp\OICE_629813AC-0B76-42D3-AC13-2B4CB16FC5D6.0\FLT8AC7.tmp1
C:\Windows\Temp\OICE_727D89F6-5CE5-43D5-89DC-58ED5D39902B.0\FLTD08A.tmp1
C:\Windows\Temp\OICE_7EDB0BA0-88B2-4EB0-BB39-748E3B7AB6E3.0\FLT44A.tmp1
C:\Program Files\Microsoft\Exchange Server\V15\TransportRoles\data\Temp\UnifiedContent\1d9ccefc-e1ff-4f2d-9ff6-ba633871fa2a1
C:\Program Files\Microsoft\Exchange Server\V15\TransportRoles\data\Temp\UnifiedContent\1d9ccefc-e1ff-4f2d-9ff6-ba633871fa2a->Files/Graph1/40917-44783m8uh77g8l8_nkubyhu5vfxxbh878xo6hlttkppzf28tsdu5kwppk_11c1jl.exe1
C:\Program Files\Microsoft\Exchange Server\V15\TransportRoles\data\Temp\UnifiedContent\1d9ccefc-e1ff-4f2d-9ff6-ba633871fa2a->Files/Graph1/eoHzaMC.exe1
C:\Windows\Temp\OICE_DA89E288-4D74-4F8C-908D-F0A33516684D.0\FLTB017.tmp1
C:\Windows\Temp\OICE_956671F3-3EB5-4819-AB2C-B5D0B4ABF691.0\FLTC397.tmp1
C:\Windows\Temp\OICE_DA89E288-4D74-4F8C-908D-F0A33516684D.0\FLTF4C4.tmp1

TrojanDownloader:O97M/Dornoe.A!amsSevereTrojan Downloader

C:\Windows\Temp\OICE_629813AC-0B76-42D3-AC13-2B4CB16FC5D6.0\FLT8AB6.tmp1
C:\Windows\Temp\OICE_727D89F6-5CE5-43D5-89DC-58ED5D39902B.0\FLTD02C.tmp1
C:\Windows\Temp\OICE_7EDB0BA0-88B2-4EB0-BB39-748E3B7AB6E3.0\FLT3CC.tmp1
C:\Program Files\Microsoft\Exchange Server\V15\TransportRoles\data\Temp\UnifiedContent\1d9ccefc-e1ff-4f2d-9ff6-ba633871fa2a1
C:\Program Files\Microsoft\Exchange Server\V15\TransportRoles\data\Temp\UnifiedContent\1d9ccefc-e1ff-4f2d-9ff6-ba633871fa2a->Files/Graph1/Customer Invoice.msg->(Ole Stream 2)1
C:\Program Files\Microsoft\Exchange Server\V15\TransportRoles\data\Temp\UnifiedContent\1d9ccefc-e1ff-4f2d-9ff6-ba633871fa2a->Files/Graph1/Invoice_No_T4847.doc1
C:\Windows\Temp\OICE_DA89E288-4D74-4F8C-908D-F0A33516684D.0\FLTAFA9.tmp1
C:\Windows\Temp\OICE_956671F3-3EB5-4819-AB2C-B5D0B4ABF691.0\FLTC367.tmp1
C:\Windows\Temp\OICE_DA89E288-4D74-4F8C-908D-F0A33516684D.0\FLTF4A4.tmp1

↧

Exchange Server 2010 MailBox Server Roll doesn't run

October 11, 2018, 6:39 am

≫ Next: Exchange delivers old (non-existent) cert

≪ Previous: Malware detected on all Exchange 2013 mailbox servers

Hey Guys

I got an Issue with our Exchange 2010 Server. Some of our users say that they're not able to send E-Mails. With my test mailbox I was able to send out messages fine. But I checked for the health of our server and saw this message, that my mailbox server roll doesn't run (I entered "Get-ExchangeServer | Test-ServiceHealth | ft Role,RequiredServicesRunning

Unfortunately all Services seems to be running when I check in "services.msc" all Exchange Services are running.

Do you know what I could do to resolve this issue?

Thanks for your Help.

Cheers

Gabe

↧

Exchange delivers old (non-existent) cert

October 5, 2018, 3:39 am

≫ Next: Active Sync Mobile Email Cert Error

≪ Previous: Exchange Server 2010 MailBox Server Roll doesn't run

I encountered a strange problem when renewing a certificate that was about to expire:

As usual, the CSR was created, the Cert imported from Comodo, services enabled (all via ECP), the key exported, the Cert imported from the second DAG member, checked to see if OWA was delivering the new one - and the old Cert deleted on both DAG member servers.

Which I haven't checked:

What it looks like for Outlook clients on PC and Mac and here it comes:

You still get the old (expired) certificate that no longer exists on both servers:

- local certificate store

- List in /ecp => Certificates

- Get-ExchangeCertificate -Server xxx | Format-List

- IIS Management Console

In all these places I see only the new one with the right bindings and OWA / ECP do deliver this one. Why do Outlook-Clients getting that old one?

What am I missing?
(Of course rebooted both DAG members and clients, too. Just in case there is a cache somewhere...)

Thank you - F.One

↧

Active Sync Mobile Email Cert Error

October 12, 2018, 1:25 am

≫ Next: Export all mailboxes to pst

≪ Previous: Exchange delivers old (non-existent) cert

Hello,

I have an exchange 2013 server which has a valid cert, Both Outlook and OWA working fine but mobiles fail to connect.

Mobile devices report

Certificate Not Trusted

Expiry date is 08/2020 and is from GeoTrust issues 2018.

↧

Export all mailboxes to pst

January 15, 2014, 6:33 pm

≫ Next: ESE Error ID 467

≪ Previous: Active Sync Mobile Email Cert Error

i need to export all mailboxes to psts for a project and i need to have each users exported pst mailbox named with their email address.

i have get-mailbox - database "server\storage group\mailbox database" | export-mailbox -PSTfolderpath c:\?

what is the best way to finish this off so each mailbox is exported with their email address?

↧

ESE Error ID 467

October 15, 2018, 2:05 pm

≫ Next: PST Files > 50GB from Mailbox Export

≪ Previous: Export all mailboxes to pst

Hello All On my Skype for Business I am getting the error:

Fabric (40940) (00000000-0000-0000-0000-000000002000:130796374628356681): Database C:\ProgramData\Windows Fabric\FRANK-SKYPE.domain_name\Fabric\work\CM\P_00000000-0000-0000-0000-000000002000\R_130796374628356681\CM.edb: Index OperationLSNIndex of table LocalStoreData is corrupted (0).

I have been looking this up but have been having some issues

Troubleshooting:

* I ran the eseutil /mh and found the cm.edb file is in a state of Dirty Shutdown

* Ran eseutil /r in the current directory and got error "Recovery has indicated that there might be a lossy option. Run recovery with the /a argument.

AND

Operation terminted with error -528 (JET_errMissingLogFile)

The files in the current folder are as follows:

2,113,536 CM.edb
10/15/2018 03:45 PM 8,640 cm.INTEG.RAW
10/15/2018 03:45 PM 16,384 CM.jfm
10/15/2018 03:41 PM 8,192 edb.chk
10/15/2018 03:41 PM 5,242,880 edb.log
10/11/2018 08:23 PM 5,242,880 edb00000121.log
06/24/2015 11:37 AM 5,242,880 edbres00001.jrs
06/24/2015 11:37 AM 5,242,880 edbres00002.jrs
10/08/2018 05:08 AM 5,242,880 edbtmp.log

I tried these commands with the /r switch:

eseutil /r E00

essutil /r E01

eseutil /r E02

eseutil /r E03

Got the same error everytime. Can anyone help?

↧

PST Files > 50GB from Mailbox Export

July 16, 2014, 6:44 am

≫ Next: Exchange - Need a daily report of those who were added and removed as a Full Delegate to a mailbox

≪ Previous: ESE Error ID 467

Hi There,

I've archived some mail to PST but the PST file is 75GB.

I don't want to try and open it in Outlook as I'm concerned that due to the 50GB file limit the file may become corrupt in the process.

Is there a way to split this file into two halves safely? or a no-risk way of opening it in Outlook 2013 and moving half the data into another PST?

↧

Exchange - Need a daily report of those who were added and removed as a Full Delegate to a mailbox

October 16, 2018, 9:25 am

≫ Next: Impersonator allowing delegate?

≪ Previous: PST Files > 50GB from Mailbox Export

I need a report that will show me who and when a full delegate was added and removed from a mailbox.

Thanks for any suggestions

↧

Impersonator allowing delegate?

October 16, 2018, 10:54 am

≫ Next: .NET Framework 4.7.2 on Exchange 2013 CU 21

≪ Previous: Exchange - Need a daily report of those who were added and removed as a Full Delegate to a mailbox

I'm away from the office right now and cannot test myself right now.....

Can someone accessing a mailbox through impersonation, add a delegate?

Tom, thanks!!

↧

.NET Framework 4.7.2 on Exchange 2013 CU 21

October 16, 2018, 4:47 am

≫ Next: Excessive amount of Tombstone Entries - 40017 & 40013

≪ Previous: Impersonator allowing delegate?

Please confirm if Microsoft .NET Framework 4.7.2 is supported with Exchange 2013 CU 21. There is no official statement that which .net framework versions are supported with Exchange 2013 CU21?

There isn't any mention of Exchange 2013 CU21 or .Net Framerwork 4.7.2 on below article, This article should have provided clear guidance.

https://docs.microsoft.com/en-us/exchange/exchange-server-supportability-matrix-exchange-2013-help#microsoft-net-framework

↧

Excessive amount of Tombstone Entries - 40017 & 40013

October 17, 2018, 2:34 am

≫ Next: Search-Mailbox date range no results

≪ Previous: .NET Framework 4.7.2 on Exchange 2013 CU 21

Our exchange server (2013 CU17 (we are in the process of deploying updated cumulative updates)) is reporting in with, in the period of 2 days, 92 tombstone cleanup actions.

Would this be normal with a very large amount of mailboxes or how do I go about running tombstone cleanups on shorter periods so that it is not doing emergency tombstone cleanups during the course of the day? I noticed that it does this when it reaches 100,000 items so I am assuming this would be the default limit.

I tried to find an answer to how to possibly change this but have not had much luck (my Google may be weak).

40017

The urgent tombstone table cleanup task has finished executing.

Database: Mailbox Database (1c404d60-ceaf-48c3-ad65-028aad2aa067)
Message tombstones deleted: 66242
Subobject tombstones deleted: 35568
Total size of deleted entries: 0 bytes
Remaining number of entries (estimated): 7326
Total size of remaining entries (estimated): 0 bytes
Elapsed time: 214.1364505 seconds
Pass completed: True
Subobjects in-use: 81
Mailboxes quarantined: 0
Mailboxes locked: 1
Mailboxes missing: 0

40013

The tombstone table has reached an excessive number of entries and/or total size. A maintenance task has been dispatched to perform urgent cleanup.

Database: Mailbox Database (1c404d60-ceaf-48c3-ad65-028aad2aa067)
Number of entries (estimated): 100011
Total size of entries (estimated): 0 bytes

↧

Search-Mailbox date range no results

April 6, 2018, 7:18 am

≫ Next: Impact of decommissioning Exchange on Dynamic Distribution Lists?

≪ Previous: Excessive amount of Tombstone Entries - 40017 & 40013

I am trying to delete messages from a single mailbox that are between a given date range. Below is the command.

Search-Mailbox -identity MailArchive -searchquery {(Received:> 10/01/2017 and Received:< 11/30/2017)} -DeleteContent -Force

I have also tried:

Search-Mailbox -identity MailArchive -searchquery {(Received:> 10/01/2017 00:00:00 and Received:< 11/30/2017 23:59:59)} -DeleteContent -Force

Both commands runs successfully (as in no errors) but shows ResultItemsCount = 0.

If I map myself to that mailbox I can see plenty of messages with a date range that falls within scope.

The mapped mailbox is online and not in exchange cached mode. I have recycled outlook and remapped the mailbox many times.

Why is this command not delete these messages?

This command should delete well over 200,000 emails from this mailbox.

Exchange 2010 SP3 Update Rollup 16

↧

Impact of decommissioning Exchange on Dynamic Distribution Lists?

October 4, 2018, 5:38 pm

≫ Next: SPF

≪ Previous: Search-Mailbox date range no results

If Exchange is decommissioned, what would be the impact on dynamic dl's - will these cease to exist/function?

What would happen to the LdapRecipientFilter, QueryBaseDN, RecipientContainer & ObjectClass properties?

Thanks

↧

SPF

October 17, 2018, 5:20 am

≫ Next: Uninstalled .Net Framework 4.5 and rebooted the server , got crashed and not getting desktop (Blank screen with cmd prompt )

≪ Previous: Impact of decommissioning Exchange on Dynamic Distribution Lists?

HI,

I have to create SPF record to cover both hostname and domain. My email gateway that sends out email is mail1.maildomain.com and domain that sends email is maildomain.com Public IP for both is 4.4.4.4

Do I create 2 separate records?

↧

Uninstalled .Net Framework 4.5 and rebooted the server , got crashed and not getting desktop (Blank screen with cmd prompt )

April 20, 2016, 6:03 am

≫ Next: Modifying Dynamic Distribution Group

≪ Previous: SPF

Due to 1 issue uninstalled .Net Framework 4.5 and rebooted the Exchange server 2013 after that facing issue of getting blank screen with cmd prompt only. Even in safe mode getting the same error. Tried system repair and sfc /scannow [No error in Sfc /scannow]. Please help me how to resolve this issue.

↧

Modifying Dynamic Distribution Group

October 2, 2018, 9:47 am

≫ Next: Unknown files in exchange client access servers

≪ Previous: Uninstalled .Net Framework 4.5 and rebooted the server , got crashed and not getting desktop (Blank screen with cmd prompt )

I am new to using Dynamic Distribution Groups and took over administration of an Exchange 2013 environment where they are in use. The previous administrator had a ddg setup that had a recipient filter as follows:

((((((((((((((RecipientType -eq 'UserMailbox') -and (CustomAttribute9 -ne 'Terminated'))) -and (CustomAttribute2 -ne 'NYCDA'))) -and (CustomAttribute4 -ne '494'))) -and (CustomAttribute4 -ne '497'))) -and (CustomAttribute4 -ne '495'))) -and (((((((((((((((((((((((((((((((((((((((CustomAttribute15 -eq 'ACAONSDN') -or (CustomAttribute15 -eq 'ACDADADV'))) -or (CustomAttribute15 -eq 'ACONSTDN'))) -or (CustomAttribute15 -eq 'ACSRONDN'))) -or (CustomAttribute15 -eq 'EXPEDCCR'))) -or (CustomAttribute15 -eq 'ACDASOCD'))) -or (CustomAttribute15 -eq 'ACDCDEAN'))) -or (CustomAttribute15 -eq 'TELERDIR'))) -or (CustomAttribute15 -eq 'ACDNUSSC'))) -or (CustomAttribute15 -eq 'ACDADOF'))) -or (CustomAttribute15 -eq 'TELECDIR'))) -or (CustomAttribute15 -eq 'ACDASDCL'))) -or (CustomAttribute15 -eq 'ACDAVPAS'))) -or (CustomAttribute15 -eq 'ACDADNCA'))) -or (CustomAttribute15 -eq 'ACDVPAS'))) -or (CustomAttribute15 -eq 'ACDADADT'))) -or (CustomAttribute15 -eq 'ACDNSNUR'))) -or (CustomAttribute15 -eq 'ACDVPCUR'))) -or (CustomAttribute15 -eq 'ACDGLDN'))) -or (CustomAttribute15 -eq 'MGRLRNDV'))))) -and (-not(Name -like 'SystemMailbox{*')) -and (-not(Name -like 'CAS_{*')) -and (-not(RecipientTypeDetailsValue -eq 'MailboxPlan')) -and (-not(RecipientTypeDetailsValue -eq 'DiscoveryMailbox')) -and (-not(RecipientTypeDetailsValue -eq 'PublicFolderMailbox')) -and (-not(RecipientTypeDetailsValue -eq 'ArbitrationMailbox')) -and (-not(RecipientTypeDetailsValue -eq 'AuditLogMailbox')))

I need to update just the recipient filter with a new job code "-or (CustomAttribute15 -eq 'ACDGADN')", but I'm finding I'm having real trouble with the parenthesis. When I try to update the recipient filter, I just get >> as the result.

[PS] C:\Windows\system32>Set-DynamicDistributionGroup -identity [ddg name] -recipientfilter (RecipientType -eq 'Us
erMailbox') -and (CustomAttribute9 -ne 'Terminated') -and (CustomAttribute2 -ne 'NYCDA') -and (CustomAttribute4 -ne '494
') -and (CustomAttribute4 -ne '497') -and (CustomAttribute4 -ne '495') -and (CustomAttribute15 -eq 'ACAONSDN') -or (Cust
omAttribute15 -eq 'ACDADADV') -or (CustomAttribute15 -eq 'ACONSTDN') -or (CustomAttribute15 -eq 'ACSRONDN') -or (CustomAttribute15 -eq 'EXPEDCCR') -or (CustomAttribute15 -eq 'ACDASOCD') -or (CustomAttribute15 -eq 'ACDCDEAN') -or (CustomAttribute15 -eq 'TELERDIR') -or (CustomAttribute15 -eq 'ACDNUSSC') -or (CustomAttribute15 -eq 'ACDADOF') -or (CustomAttribute15 -eq 'TELECDIR') -or (CustomAttribute15 -eq 'ACDASDCL') -or (CustomAttribute15 -eq ACDAVPAS') -or (CustomAttribute15-eq 'ACDADNCA') -or (CustomAttribute15 -eq 'ACDVPAS') -or (CustomAttribute15 -eq 'ACDADADT') -or (CustomAttribute15 -eq 'ACDGADN') -or (CustomAttribute15 -eq 'ACDNSNUR') -or (CustomAttribute15 -eq 'ACDVPCUR') -or (CustomAttribute15 -eq 'ACDGADN') -or (CustomAttribute15 -eq 'ACDGLDN') -or (CustomAttribute15 -eq 'MGRLRNDV')

I wasn't finding any information about the specific use of brackets or parentheses when building these recipient filters, can someone point me in the right direction?

Thank you!

Tanya

↧

Unknown files in exchange client access servers

October 18, 2018, 6:13 am

≫ Next: Need help in script

≪ Previous: Modifying Dynamic Distribution Group

We found the following unknown files in our exchange client access servers.

Could you please advice me is it required file or shall we remove it?

This location below file C:\Program Files\Microsoft\Exchange Server\V15\FrontEnd\HttpProxy\owa

global.asax

This location below file C:\Program Files\Microsoft\Exchange Server\V15\FrontEnd\HttpProxy\owa\auth\Current\themes\resources

1. SegoeUI-Regular.aspx

2. SegoeUI-Regular.eot

3. SegoeUI-Regular

4. SegoeUI-Regular

5. SegoeUI-SemiBold.eot

6. SegoeUI-SemiBold

7.SegoeUI-SemiLight

8. SegoeUI-SemiLight

This location C:\Program Files\Microsoft\Exchange Server\V15\FrontEnd\HttpProxy\ews

global.asax

Please comment your feedback

Thanks in advance

Regards

Ashraf

↧

Need help in script

October 18, 2018, 9:02 am

≫ Next: Renewing Self-signed SHA1 cert with SHA256?

≪ Previous: Unknown files in exchange client access servers

Hi,

Anyone can help me in getting the output of the below commands in html in an email report:

$computers = "XXX","abc","new2","nmm"
$days = (Get-Date) - (New-TimeSpan -Day 30)
Foreach ($computer in $computers) {
If(Test-Connection -ComputerName $computer -Quiet){
Get-WinEvent -FilterHashtable @{logname='Application'; id="17001","17002"; StartTime=$days} -EA SilentlyContinue -cn $computer | select @{label='TimeCreated';expression={$_.TimeCreated.ToString("yyyy-M-d HH:mm:ss")}},MachineName,@{n='Message';e={$_.Message -replace '\s+', " "}}}}

Ankit Singh

↧

Renewing Self-signed SHA1 cert with SHA256?

October 18, 2018, 4:51 am

≫ Next: Exchange external TLS connections warning?

≪ Previous: Need help in script

Hi,

Exchange 2013 server with Self-signed cert will expire in a month.

This was originally issued 4 years ago as a SHA1 cert.

Exchange is now above CU13 so supports SHA256 certs.

If we click the 'renew' option in the EAC will it renew this as SAH1 again or automatically re-issue as SHA256.

We need to remove SHA1 for compliance.

Many Thanks.

MCSE NT4, MCSE 2003, MCITP Enterprise Admin 2008, MCITP Exchange 2010, MCITP Sharepoint 2010, Various MCTS, ITIL v4, CCA, and a bunch of other stuff... :)

↧