Exchange 2007 Self sign SSL certificate installation and Configuration step by step

step By step Command

#New-ExchangeCertificate -domainname webmail.redtapeindia.com,autodiscover.redtapeindia.com,redtapeindia.com,mail1.redtapeindia.com,mail.redtapeindia.com,mail -Friendlyname webmail.redtapeindia.com -generaterequest:$true -keysize 2048 -path c:\certrequest.txt -privatekeyexportable:$true -subjectname "c=IN, o=RedTape India, cn=webmail.redtapeindia.com, s=Delhi, l=New Delhi, ou=IT"  #

create CSR

Go to server //https://localhost/certsrv

paste CSR and Download certificate

Import-Exchangecertificate -path c:\Certificates\server01SAN.cer |Enable-Exchangecertificate -services IMAP,POP,UM,IIS,SMTP -thumbprint 8428594#####################3A9D

SSL error show  on Client System

Hi,

I added two shared mailed Box to my Outlook 2010 Desktop. However theoptions for this mail boxes are not available.

Is there anyone who had this issue and can help me.

Thanks in advance.

Hello,

We use Exchange Online for our email host, and every hour two of our machines ask for their password. After entering the password it works as normal for about another hour. The machines use Windows 7. I have tried to create a new profile, deleting the account and adding it back in, and using a different pst file. It is the same account having the issue on two machines, of the 4 or so we have using that account and no other accounts or machines are having the issue.

Thank you

Hi everyone,

I have an issue with an exchange server a user has 66k items in her mailbox (stupid amount, no archiving) and everything went wrong. Recreated the account, issue fixed mail gone. 

Connected the old mailbox to a new account and outlook will get stuck on retrieving the mailbox settings at 30% it also tells me it's trying to receive the settings from exchange mail server as a pop up. 

OWA gives me a http 500 error but this works perfectly for other users and so does outlook.

My question to you is how can i get the emails out? i have tried the export mail request however i get a replication service error. this also works for another user. the user tells me the information is "vital" so i need to get it onto a PST and add it to their computer as an Archive. 

Getting desperate now as i want this over with, i have also tried a mailbox integrity check however it comes back clean, anything you think will work fire away an ill give it a go.

Thanks in advance!

Jon

We've had the ability for users to change their own photo disabled since we first implemented Exchange 2013.  I have it disabled on all OWA virtual directories as well as turned off in the "Default Role Assignment Policy".  It's worked fine for years.  We upgraded to CU12 a few months ago, now I was just notified that users are changing their own photo again.

I've gone through and enabled the option on each OWA Virtual directory and disabled it again and performed an IIS reset and I'm still able to change my photo.  We don't use OWA web app policies butnow that's the only way that I can disable this option.

So to recap, "SetPhotoEnabled" is set to False on all OWA Virtual Directories.  In the "Default Role Assignment Policy", "MyContactInformation" is unchecked.  Users can still change their Photo.

Once I assign an OWA Web App Policy, users then are unable to change their Photo.

hi all , 

i have outlook 2013 and exchange 2013 single node and when  trying to update the Offline address book nothing is happen and it hang showing ( offline address book connecting to Microsoft exchange ) and nothing happen 

appreciate your help people .

Hey guys. Recently I enabled In Place archiving for the majority of my users, but it was more of a pre-staging step and not intended to replace auto archiving to PST until we upgrade our storage solution and have more space to increase the quotas on our users mailboxes.

Well apparently one feature, which I have found to be very poorly documented, is that Outlook 2010 will disable the Auto Archive tool if a user mailbox has in place archiving enabled at the Exchange level. At this point, disabling the archives is not an option. Is there a way to return the Auto Archive function in Outlook without disabling the Archive mailboxes?

Thanks all.

 vertical scroll bar stays stuck at bottom- can't scroll up to newest email messages. Seems to fix itself when i go to task maanger and back to screen

thanks for any help

daniaL7UP7

In environment have two mailbox server of Exchange 2013.

Recently for a particular user in owa automatically mail from inbox moves to deleted items . There is no rules in OWA and Server. 

No other client application is using right now.

Please help me out to sort out this issue.

Hi all,

I am facing strange issue with my Exchange server 2013 configure on Server 2012 R2. Recently I have purchased the Public certificate from the geotrust and assigned it to my Exchange server. After that i have been facing this issue.

Turn on TLS 1.0, TLS 1.1, and TLS 1.2 in Advanced settings and try connecting to https://  again. If this error persists, it is possible that this site uses an unsupported protocol or cipher suite such as RC4 (link for the details), which is not considered secure. Please contact your site administrator.

Before, I have installed the Public SSL it was good, but now when i installed Public SSL. it is showing this error. and another strange thing is, outside the intranet; There is no issue on same page. but when i get into intranet, it shows same issue.

need help to sort out this issue. Thanks

I have been using eM client to connect to an exchange server with no problems for months. The reason I chose eM Client was because it was free (ha) and it could sync my email, calendar and contacts using Exchange Web Services (EWS).

But then I decided to make the plunge and get myself an Office account so I could use Outlook. The problem is I just can't connect. I have to use a address in eM client that ends with ews/exchange.asmx to connect, but for there is no option to that in outlook.

Thanks for any help.

Mike

(Also, in case I am in the wrong place, I was referred here after I posted @ answers.microsoft.com)

I am trying to get Enterprise Vault to work with EXchange 2013 OWA Office Apps but the application give an error that it fails to initialize and according to Veritas this is due to a problem with Exchange OAuth but I am unable to figure out what/how to fix. The thumprints for the certificate match the results from get-authconfig but test-oauthconnectivity fails. Below is output.

[PS] C:\Windows\system32>Get-AuthConfig

RunspaceId                    : ed2c6285-9393-438c-b162-f05437a6a17c
CurrentCertificateThumbprint  : E6C514B643B05142E7CF02D0F999DB6B435F18CC
PreviousCertificateThumbprint :
NextCertificateThumbprint     :
NextCertificateEffectiveDate  :
ServiceName                   : 00000002-0000-0ff1-ce00-000000000000
Realm                         :
Name                          : Auth Configuration
AdminDisplayName              :
ExchangeVersion               : 0.20 (15.0.0.0)
DistinguishedName             : CN=Auth Configuration,CN=P,CN=Microsoft
                                Exchange,CN=Services,CN=Configuration,DC=p,DC=local
Identity                      : Auth Configuration
Guid                          : cc886f3f-26d0-4118-966f-36f5814a305c
ObjectCategory                : p.local/Configuration/Schema/ms-Exch-Auth-Auth-Config
ObjectClass                   : {top, container, msExchContainer, msExchAuthAuthConfig}
WhenChanged                   : 7/13/2016 4:14:57 PM
WhenCreated                   : 3/4/2016 3:39:40 PM
WhenChangedUTC                : 7/13/2016 11:14:57 PM
WhenCreatedUTC                : 3/4/2016 11:39:40 PM
OrganizationId                :
Id                            : Auth Configuration
OriginatingServer             : 90DC2.p.local
IsValid                       : True
ObjectState                   : Unchanged

[PS] C:\Windows\system32>Get-ExchangeCertificate -Thumbprint E6C514B643B05142E7CF02D0F999DB6B435F18CC | fl

AccessRules        :
CertificateDomains : {}
HasPrivateKey      : True
IsSelfSigned       : True
Issuer             : CN=Microsoft Exchange Server Auth Certificate
NotAfter           : 2/6/2021 3:55:33 PM
NotBefore          : 3/4/2016 3:55:33 PM
PublicKeySize      : 2048
RootCAType         : None
SerialNumber       : 364B76E2A1FC2EA14AA6F2F7850EA0A8
Services           : SMTP
Status             : Valid
Subject            : CN=Microsoft Exchange Server Auth Certificate
Thumbprint         : E6C514B643B05142E7CF02D0F999DB6B435F18CC

[PS] C:\Windows\system32>Test-OAuthConnectivity -Service EWS -TargetUri https://mail.p.com/ews/ -Mailbox "cm" -Verbose | fl

RunspaceId  : ed2c6285-9393-438c-b162-f05437a6a17c
Task        : Checking EWS API Call Under Oauth
Detail      : The configuration was last successfully loaded at 1/1/0001 12:00:00 AM UTC. This was 1060067476 minutes
              ago.
              The token cache is being cleared because "use cached token" was set to false.
              Exchange Outbound Oauth Log:
              Client request ID: 65782ffb-5444-4517-8dac-dc34effde9a1
              Information:[OAuthCredentials:Authenticate] entering
              Information:[OAuthCredentials:Authenticate] challenge from
              'https://mail.p.com/ews/Exchange.asmx' received: Bearer
              client_id="00000002-0000-0ff1-ce00-000000000000", trusted_issuers="",Basic
              realm="mail.p.com",Negotiate,NTLM
              Information:[OAuthCredentials:GetToken] client-id: '00000002-0000-0ff1-ce00-000000000000', realm: '',
              trusted_issuer: ''
              Information:[OAuthCredentials:GetToken] start building a token for the user domain 'p.com'
              Information:[OAuthTokenBuilder:GetAppToken] start building the apptoken
              Error:[OAuthTokenBuilder:GetAppToken] unable to continue building token, given that both trusted_issuer
              and realm from the challenge are empty
              Error:The challenge value returned from 'mail.p.com' is not valid.

              Exchange Response Details:
              HTTP response message:
              Exception:
              System.Net.WebException: The request was aborted: The request was canceled. --->
              Microsoft.Exchange.Security.OAuth.OAuthTokenRequestFailedException: The challenge value returned from
              'mail.p.com' is not valid.
                 at Microsoft.Exchange.Security.OAuth.OAuthTokenBuilder.GetAppToken(String applicationId, String
              destinationHost, String realmFromChallenge, IssuerMetadata[] trustedIssuersFromChallenge, String
              userDomain)
                 at Microsoft.Exchange.Security.OAuth.OAuthTokenBuilder.GetAppWithUserToken(String applicationId,
              String destinationHost, String realmFromChallenge, IssuerMetadata[] trustedIssuersFromChallenge, String
              userDomain, ClaimProvider claimProvider)
                 at Microsoft.Exchange.Security.OAuth.OAuthCredentials.GetToken(WebRequest webRequest,
              HttpAuthenticationChallenge challengeObject)
                 at Microsoft.Exchange.Security.OAuth.OAuthCredentials.Authenticate(String challengeString, WebRequest
              webRequest, Boolean preAuthenticate)
                 at Microsoft.Exchange.Security.OAuth.OAuthCredentials.OAuthAuthenticationModule.Authenticate(String
              challenge, WebRequest request, ICredentials credentials)
                 at System.Net.AuthenticationManager.Authenticate(String challenge, WebRequest request, ICredentials
              credentials)
                 at System.Net.AuthenticationState.AttemptAuthenticate(HttpWebRequest httpWebRequest, ICredentials
              authInfo)
                 at System.Net.HttpWebRequest.CheckResubmitForAuth()
                 at System.Net.HttpWebRequest.CheckResubmit(Exception& e, Boolean& disableUpload)
                 at System.Net.HttpWebRequest.DoSubmitRequestProcessing(Exception& exception)
                 at System.Net.HttpWebRequest.ProcessResponse()
                 at System.Net.HttpWebRequest.SetResponse(CoreResponseData coreResponseData)
                 --- End of inner exception stack trace ---
                 at System.Net.HttpWebRequest.GetResponse()
                 at Microsoft.Exchange.Monitoring.TestOAuthConnectivityHelper.SendExchangeOAuthRequest(ADUser user,
              String orgDomain, Uri targetUri, String& diagnosticMessage, Boolean appOnly, Boolean useCachedToken,
              Boolean reloadConfig)

ResultType  : Error
Identity    : Microsoft.Exchange.Security.OAuth.ValidationResultNodeId
IsValid     : True
ObjectState : New

The trace from IE when trying to open the app shows the below and their KB does list this as an oauth error on the exchange side.

EVOMA (ERROR) 16:02:54.215: logAndReportFailure: EWSFindAssociatedItem.onEwsRequestComplete ID[ERROR_EWS_ERRORRESULTSTATUS] Err[Failed to send a request to the Exchange Server]  [Result status:failed]
EVOMA (ERROR) 16:02:54.219: initializationFailed(): Failed to send a request to the Exchange Server

Hello, 

We are running Exchange 2013 and we've added Azure Multi-Factor Authentication (MFA) on Outlook for OWA authentication only. While testing, we were able to install MFA on two CAS servers and enabled the OWA setting when installed. We added the URL (OWA website) needed to use MFA. All was working great so far, but we decided to remove MFA and it broke our OWA site connection. We weren't able to use webmail.OurDomain.com as it wouldn't come up. The uninstall refused connection to our OWA site and active sync. The only way into the OWA site was from the CAS server using https://localhost/owa

We managed to get everything back to normal when we re-install MFA back onto the CAS server. I cant understand why that is? Any Ideas?

Side Note: We already use MFA for our VPN solution. When we installed MFA on the CAS server, we joined them to the same group. This way, we didn't have to re-add any users or reconfigure any data. The CAS severs get added as a child MFA server, NOT a master server. 

Hi Dear Members,

Greeting to meet you here.

I'm coming across a problem on Outlook, maybe Exchange server authentication.

**Environment**

1. Outlook 2013.

2. Exchange 2013 account, for example Mavis2013@test.com

3. O365 account, for example Mavis365@test.com

**Situation**

1. Logon PC with Mavis2013 account.

2. I successfully configured Mavis2013 on Outlook 2013.

3. When I add Mavis365 on Outlook 2013 in the same profile, prompt credential again and again. Error is cannot connect Exchange Server, please keep online. Double check the account is not locked, it's normal, activated, and password not expired. No bad password caches in credential management.

4. Change Mavis365 authentication method to HTLM, Anonymous, Kerberos, Negotiate, all of them has the same issue.

5. Create a new profile for Mavis365 on the same PC which logged in with Mavis2013 account, failed.

6. Logon PC with Mavis365 account.

7. I can configure Mavis365 account on Outlook 2013 normally. Everything goes well.

8. I checked that the by default Authentication method on Outlook is Anonymous.

9. This issue impact more than 5 PCs which I tested.

Would you like to give me some tips on this case related to Exchange 2013?

I'll report this case on Exchange Online and Outlook forums too.

BR,

Mavis Huang

Hi all

My environment is currently Exchange 2013 CU 12.

I have a group in which I want to add this contact...

But cannot add it because the search when adding members to the group does not find it.

In Outlook it works correctly.

Do you know if there is any problem with the OWA or how to solve it? Or am i doing something wrong?

Thanks!

-----

SomoIT.net

Hello everyone.

this post is provided as is, with no warranties/guarantees

Windows 10, Outlook 2016, Office365 hosted exchange.

I have an exchange mailbox for my own account and also have access to an exchange shared mailbox. The shared mailbox is occasionally the recipient (via CC) of items I send out, for record keeping purposes. This is usually in reply to something received, either directly to me or to both mailboxes. 

I have conversation view enabled in my inbox. Occasionally, and with no discernible pattern, the conversation will favour the copy of my reply that is stored in the shared mailbox over the one in my sent items. This is no issue for the content of the message, but if I apply a category to the conversation, it applies it to the item in the shared folder (which does not have my customised categories) and does not apply it to the item in my sent items.

For example:

person@companyABC.com sends an email to me@mycompany.com, and CC's in shared_mailbox@mycompany.com.

I reply from me@mycompany.com, and CC in shared_mailbox@mycompany.com.

My conversation view in my inbox shows the email as received, and shows the reply, but indicates that the version it is showing is in shared_mailbox/folder instead of the version in my Sent Items.

I apply a customised category to the conversation.

The item in my inbox has the category applied.

The item in shared_mailbox/folder now has an category applied that is not relevant for that mailbox.

The reply in my sent items does not have a category applied.

As this does not happen every time, it is difficult to determine why Outlook sometimes preferences the shared mailbox item. 

Is there any way to force Outlook to always preference items in the conversation that exist in the "primary" mailbox over the copy that may exist in another mailbox?