Author Archives: Sathish Veerapandian

Steps to configure cross-forest availability between two exchange forests in Exchange 2013

Exchange2013 November 10, 2014 Comments: 7

In this article lets have a look at steps to configure cross-forest availability between two exchange forests

By using the Add-AvailabilityAddressSpace commandlet which has been introduced from Exchange 2013 we would be able to share the exchange free busy data between 2 forests.

We need to have a trust relationship between the source forest and target forest to execute this command. Only then the below command will be successful.

If a trust relationship exists between the two forests, run the following commands.

In our example lets think of sharing the freebusy information between domain Exchangequery.com and toybox.com.

In Order to share the free busy info between these 2 forests we need to perform the below steps

In the source forest perform the following tasks : (ExchangeQuery.com)

Add-AvailabilityAddressSpace -ForestName toybox.com -AccessMethod PerUserFB -UseServiceAccount $true

The above command adds the target domain’s address space  in source domain to share the free busy information in a secured way.

Below types of access methods can be used.

PerUserFB – used to access the FB data in All Exchange Servers group.
OrgWideFB – used to access the FB data in specific group in the target forest.
InternalProxy – used to proxy the request in the latest version of exchange in the site.

The type of access method  can be selected according to our requirement.

Now we need to run the below command in the target domain ( Toybox.com)

Get-Exchangeserver | Add-AdPermission -AccessRights ExtendedRight -ExtendedRights “ms-exch-epi-token-serialization” -User “ExchangeQuery.com\Exchange Servers”

The above command will add required permission for source domain on the target domain Exchange Servers to  access the free busy information.

In a trust relationship scenario, run this command in the target forest toybox to export the SCP from the target forest to the source forest :

 
Export-AutodiscoverConfig –DomainController “LocalForestDomainController” -TargetForestDomainController “(toybox.com)” -TargetForestCredential (Get-Credential) -MultipleExchangeDeployments $true

Type (Toybox\Administrator) password  when prompted.

Now we need to perform the same tasks in the target forest  toybox.com  to share the exchangequery.com address space for sharing the freebusy data.

In the target forest perform the following tasks : (Toybox.com)

Add-AvailabilityAddressSpace -ForestName exchangequery.com – AccessMethod PerUserFB -UseServiceAccount $true

Run the below command in the Source domain ( ExchangeQuery.com)

Get-ClientAccessServer | Add-AdPermission -AccessRights ExtendedRight -ExtendedRights “ms-exch-epi-token-serialization” -User “Toybox.com\Exchange Servers”

 

Now  run this command in the forest Exchangequery.com to export the SCP from the target forest to the source forest:

 
Export-AutodiscoverConfig –DomainController “LocalForestDomainController” -TargetForestDomainController “exchangequery.com” -TargetForestCredential (Get-Credential) -MultipleExchangeDeployments $true

Type Exchangequery.com\Administrator password when prompted.

Imp Note : This command Add-AvailabilityAddressSpace is available and applicable only for Exchange 2013 servers and Office 365.

The required trust relationship, contacts and address space  between the 2 different organizations must be already created and replicated between them.Only then free busy information will be working.

Reference – http://technet.microsoft.com/en-us/library/bb124122(v=exchg.150).aspx

http://social.technet.microsoft.com/wiki/contents/articles/28332.steps-to-configure-cross-forest-availability-between-two-exchange-forests-in-exchange-2013.aspx

Thanks 

Sathish Veerapandian

MVP – Exchange Server

SysTools Export Notes ( Lotus Notes NSF file to PST Converter )

Lotus Notes November 7, 2014 Leave a comment

Recently there are more number of organizations that are moving from lotus notes to Exchange on-premise 2010/2013 or office 365.

After a successful migration we might run into few requirements for export to PST of Notes mail data ( NSF) local archives to PST files in-order to open them with Outlook.

Basically “Archive databases” in Lotus Notes are like “Personal Folders” PST’s in Outlook (local files).
Because they aren’t located in the Domino Server but in the Lotus Notes client folder in each PC. So these files won’t be migrated to Exchange server mailboxes during the period of migration.

We might come across a scenario where we need to move or view files that are already stored in lotus notes archives and find a way to view them or convert them to pst files. There are few numbers of tools which will help us to get this job done.

I just came across this tool SysTools Export Notes for nsf to pst converter and would like to share the product experience.

I found this tool useful and NSF file to PST converter can be used in following scenarios : –

1) If we are doing migration project for a small business with less number of users , with a tight budget for IT tools then we can choose this option SysTools Export Notes.

2) If we are looking out for a solution to migrate the nsf archive databases alone to pst files then this tool might be a good option .

3) If the migration from the notes to exchange has been already completed and if we have few nsf archive databases in users PC which needs to be converted into PST files for accessing them through outlook.

Now let’s have a look into the functionality of this product

The product can be downloaded from the below link

http://www.systoolsgroup.com/export-notes.html

 

Prerequisites – 

This product can be downloaded and installed on the client PC which has the archive databases .

The supported operating systems are Windows 7 & Windows 8.

We need to have Notes Client and Outlook Client installed on the PC to convert this nsf to pst operation.

Lotus Notes Client should not be connected to the Lotus Domino Server.

Apart from the above i’m not able to find any prerequisites for this software.

 

The installation is pretty much straight forward and just navigate next , next and finish.

101

Accept the license agreement

 

102

 

Next screen prompts for installation folder, quick launch  and finally finish.

103

It opens up a window as below. Now Enter the Lotus Notes Path

104

 

After that it opens up the wizard as below. Now click on export as shown below

 

105

 

Now choose the nsf archive file that needs to be converted as PST file.Also we have an option to choose Migrate notes contacts as well into PST file.

106

 

Now it brings up the next screen as below.

There is an option to choose categories which has mails,contacts,calendars,tasks and journals.

We can see the Email Filters option by which we can choose only emails to be filtered and exported on a particular interval.

There is Advance Settings option as well which has few options as HTML formatting and removing encryption.

Also there is an option for calendar filters to export entries on a particular date

107

 

Once you click on export it asks for the location of the PST file to be saved.Once entered the location it shows the below screen with Current Status and Final report .

 

108

The export time from nsf to pst depends upon the items and the size of the nsf file and it may vay accordingly

Cost Factor : –

Systools nsf to pst converter have licensing structure  cost as one time payment 250 USD. There is also a free version of this product which has all the options similar to the full-version except for the factor it is limited to 16 items per folder.

Conclusion : –

Overall Systools nsf to pst converter product is much user friendly and latest version  has much effective cool new features which can be used for nsf to pst migration and suits well for migrating nsf to pst after migration from notes to Exchange on-premise or office 365.

Thanks 

Sathish Veerapandian

MVP – Exchange Server

Quick Bites – Troubleshooting POP and IMAP connectivity issues in Exchange 2013

Exchange2013, POP3/IMAP November 7, 2014 Comments: 5

In this article lets have a look at troubleshooting POP and IMAP connectivity issues in Exchange 2013.

First lets have a basic requirements  to check what are the features and things that needs to be enabled in-order for these services to work.

 
What ports should be used by the clients for each configuration : –

Port 25 for SMTP with or without TLS, anonymous authentication; (Outgoing)
Port 587 for SMTP with TLS; (Outgoing)
Port 143 for IMAP  without TLS (Incoming);
Port 993 for IMAP with SSL/TLS (Incoming)
Port 110 for POP3  without TLS (Incoming);
Port 995 for POP3 with SSL/TLS (Incoming);

Ensure that all the required ports are open in your firewall accoding to the configuration you have ( with or without TLS). Probably we can do a telnet from externally and see if we get a proper banner.

For POP – Telnet domainname 110
FOr IMAP – Telnet domainname 143

For TLS to work do we need to install any certificates on the servers : –

You should create certificate including your CAS server FQDN and Mailbox FQDN as the SAN name. It should not be self-signed certificate. You should get it from an internal CA or a public CA. Then assign the services SMTP, POP3, IMAP and IIS to this certificate only then it will work.

Do we need to configure anything on the server for POP and IMAP Authentication : –

For Authentication type for POP and IMAP Services, we can choose to use plaintextlogin or securelogin. You can refer to http://technet.microsoft.com/library/aa997188(v=exchg.141).aspx. It defines how the application provide the username and password to do authentication.

 
Below things can  also be checked for Troubleshooting POP and IMAP issues : –
We Can run Test-PopConnectivity and see the results
We Can run Test-imapconnectivity and see the results
Use the remote connectivity analyser for IMAP and POP and see the results

Run the below commands to see the POP and IMAP settings
Get-POPSettings -Server CASservername
Get-IMAPSettings -Server CASservername

Restart your POP3 service and see the results
Check if your POP3 service have valid certificate assigned
Run Get-ExchangeCertificate and see if the certificates are assigned for POP and IMAP services.

Check your ports config and ensure they are correct
Port 110 for POP3  without TLS;
Port 995 for POP3 with SSL;

If you have configured POP and IMAP with either SSL or TLS then a valid certificate should be configured for the same to respond to SSL or TLS(depends upon what type you choose)

Check the incoming and outgoing mail server in Outlook settings

We can enable the trace log and open the log in the location.

Please refer to http://technet.microsoft.com/en-us/library/aa997690(v=exchg.141).aspx to set the location and enable the log.

Thanks 

Sathish Veerapandian

MVP – Exchange Server

Convert bulk mailbox users to mail enabled users after staged Exchange Migration to Office 365 from Exchange 2007

Office 365 November 5, 2014 Leave a comment

The most important step that we need to do after a Exchange Migration from On-premise Exchange server to office 365 is to convert all the on premise Exchange mailboxes to Mail Enabled users.

What happens if we decommission on-premise servers without converting them to MEU’s

All the messaging related user information on the Cloud will be lost. Meaning which Dir-sync wont be able to find an associated target address for the users and users wont be able to connect to the cloud mailboxes which will result to an incomplete off-boarding to office 365.
Dir-sync wont be able to connect to the cloud mailbox and the user account in the DC.
Dir-sync wont be able to identify the target proxy address if we don’t have a MEU’s for the same and wont be able to locate the remote routing address.
Initially these values were stamped and provided on the on-premise mailboxes but now since we have moved all the mailboxes now we need to disable all the on-premise mailboxes, create a associated MEU’s for the same and then decommission the on-premise servers

There are scripts to help you convert mailboxes to MEUs which will make our job very easy.

•ExportO365UserInfo.ps1    Collects information from your cloud mailboxes and saves it to a CSV file. The Exchange2007MBtoMEU.ps1 script uses the information in the CSV file to bulk-create the MEUs.

•Exchange2007MBtoMEU.ps1   Conerts on-premises  mailboxes to MEUs

Please follow the below link to download these scripts

http://community.office365.com/en-us/w/exchange/845.convert-exchange-2007-mailboxes-to-mail-enabled-users-after-a-staged-exchange-migration.aspx

 

If you want to change this value to single user you can use the below steps

First run the below command to get these values

$user = Get-ADUser username -IncludeAllProperties mail,department,ProxyAddresses

Then disable the on-premise mailbox

Get-Mailbox -identity $user | Disable-Mailbox -Confirm:$false

Now enable MEU for the single user

Enable-Mailuser -identity  username -PrimarySmtpAddress “give the value”  -externalemailaddress “give the value

Set the associated  proxy address for the single user

$user.ProxyAddresses = “set the proxy address value”

 

Imp Note : This article applies only for Exchange 2007 on premise and still if  you  bring any 2010/2013 into coexistence in onprem then  don’t need to follow since it  will convert the mail-enabled users to a MailUser after the remote move completes automatically.

Thanks

Sathish Veerapandian

MVP – Exchange Server

Update – Exchange Server meetings in Russian time zones as well as names of time zones may be incorrect after October 26, 2014

Exchange2010, Exchange2013, General Information October 28, 2014 Leave a comment

After October 26, 2014, Exchange Server some users who are in Russian time zones may see meeting times incorrect Time Zone-display names may be outdated in OWA.

Microsoft released an update (KB 2998527) for Windows on September 23, 2014 to address this change and it should be installed on the end user PC’s and Servers since exchange and outlook relies on windows for the time zone information.

How to obtain this update

The following files are available for download from the Microsoft Download Center.

Update for Windows Server 2012 R2 (KB2998527)
http://www.microsoft.com/downloads/details.aspx?FamilyId=1bf7a4a0-3bc1-41cc-a374-b4ce39468c32

Update for Windows Server 2012 (KB2998527)
http://www.microsoft.com/downloads/details.aspx?FamilyId=4f9e0be3-8b1e-4a55-a901-397a4b63953b

Update for Windows 8.1 for x64-based systems (KB2998527)
http://www.microsoft.com/downloads/details.aspx?FamilyId=ab371992-26ff-41dc-9c4f-d5ada0f40f5c

Update for Windows 8.1 for x32-based systems (KB2998527)
http://www.microsoft.com/downloads/details.aspx?FamilyId=349e7859-5815-45f3-8f4a-8054a3db804d

Update for Windows 8 for x64-based systems (KB2998527)
http://www.microsoft.com/downloads/details.aspx?FamilyId=3691d9fd-6a0a-47cd-b809-82ad81a71082

Update for Windows 8 for x32-based systems (KB2998527)
http://www.microsoft.com/downloads/details.aspx?FamilyId=2f8d1b1f-ec76-4a3c-9d48-a85bfc0394b4

Update for Windows Server 2008 R2 for x64-based systems (KB2998527)
http://www.microsoft.com/downloads/details.aspx?FamilyId=388ab764-8dd4-4ec9-ab03-d7005c553d9c

Update for Windows Server 2008 R2 for Itanium-based systems (KB2998527)
http://www.microsoft.com/downloads/details.aspx?FamilyId=de6ccda2-8ddc-4368-bf20-57e54d3b1d18

Update for Windows 7 for x64-based systems (KB2998527)
http://www.microsoft.com/downloads/details.aspx?FamilyId=c3aaf9fd-9bcb-45d6-9573-370a750ed200

Update for Windows 7 for x32-based systems (KB2998527)
http://www.microsoft.com/downloads/details.aspx?FamilyId=1f09acc5-8791-4d63-ae59-8a9b8d4f0ef3

Update for Windows Embedded Standard 7 for x64-based systems (KB2998527)
http://www.microsoft.com/downloads/details.aspx?FamilyId=3f1ec6b5-8d72-45e9-9c14-26afeb8a92fb

Update for Windows Embedded Standard 7 for x32-based systems (KB2998527)
http://www.microsoft.com/downloads/details.aspx?FamilyId=afe9f877-1554-465c-a89b-0be103ab5468

Update for Windows Server 2008 for x64-based systems (KB2998527)
http://www.microsoft.com/downloads/details.aspx?FamilyId=04ff80b6-4581-4f2c-8133-f344d26d5d35

Update for Windows Server 2008 for x32-based systems (KB2998527)
http://www.microsoft.com/downloads/details.aspx?FamilyId=dede4525-57c1-4cb2-b454-0b617f35e357

Update for Windows Server 2008 for Itanium-based systems (KB2998527)
http://www.microsoft.com/downloads/details.aspx?FamilyId=27a6e895-869b-4011-ae11-ada1c25e26e2

Update for Windows Vista for x64-based systems (KB2998527)
http://www.microsoft.com/downloads/details.aspx?FamilyId=ef48921e-d478-46d3-9b6f-8620a53fa4e8

Update for Windows Vista for x32-based systems (KB2998527)
http://www.microsoft.com/downloads/details.aspx?FamilyId=1707623b-ae1c-4250-ad55-011ec063c279

Update for Windows Server 2003 for x64-based systems (KB2998527)
http://www.microsoft.com/downloads/details.aspx?FamilyId=8573abcf-47a0-4a24-88fc-d8adde177781

Update for Windows Server 2003 for x32-based systems (KB2998527)
http://www.microsoft.com/downloads/details.aspx?FamilyId=1f44929a-fc1b-4b41-b179-c48e4a2b1975

Update for Windows Server 2003 for Itanium-based systems (KB2998527)
http://www.microsoft.com/downloads/details.aspx?FamilyId=de452734-bb99-4d05-873e-0f12988f61d6

 

Things that we can troubleshoot for the affected reported user even if any issues reported from end users after the above update is applied

1) Restart the affected user’s PC and see the results.

2) login to owa for the affected user and see the time zone whether it is set to UTC+4 as below

d

 

3) If it is set to different time zone then correct the value to UTC + 4 as above

Check the affected user date and time settings in his PC and it should reflect as UTC + 3 as below which is Russian Time Zone

Untitled1

4) Also run the below command to check to ensure that the affected user Time Zone is in Russian Standard Time

Get-MailboxRegionalConfiguration “affecteduserid”

 

img111

 

5) If you notice the user TimeZone is set to a different region then run the below command to change the user to Russian Standard Time

Set-MailboxRegionalConfiguration “affecteduserid” -TimeZone “russian standard time”

References – https://support.microsoft.com/kb/2998527?wa=wsignin1.0

Thanks 

Sathish Veerapandian

Update – ExPerfWiz 1.4 has been released

Exchange 2010/2013 Monitoring/Operational Scripts, Monitoring Tools October 27, 2014 1 Comment

ExPerfWiz 1.4 has been released on October 25th 2014

Following are the recent updates in the Experfwiz 1.4

Fixed Circular Logging bug in Windows 2008+
Added ability to convert BLG to CSV for 3rd party application analysis (does not need to be run from EMS, just Powershell 2.0+)
Updated maxsize for Exchange 2013 to default to 1024MB
Fixed filepath bug on Windows 2003
Added/Removed various counters
Fixed location of webhelp
Updated -help syntax

ExPerfWiz is a script developed by Microsoft to to collect the performance data together on Servers running Exchange 2007,2010 and 2013.

In the earlier version we have the option of running -nofull switch by which it will collect only the role based counters.The current version runs in full mode meaning which it collects all the performance counters related for Exchange troubleshooting purposes.

Below is the example to run the perfmon for a duration of 4 hours

Set duration to 4 hours, change interval to collect data every 5 seconds and set Data location to d:\Logs

.\experfwiz.ps1 -duration 04:00:00 -interval 5 -filepath D:\Logs

experf

If it finds previous data of Perfwiz logs it prompts for an option to delete the old entries, Stops the data collector sets, creates a new data collector sets and then it starts collecting the data.

Note: This script will take the local server name and will run locally on the serve  if no  remote server parameter  is specified.

More Examples can be found at – http://experfwiz.codeplex.com/

Source of Information  – https://social.technet.microsoft.com/Forums/exchange/en-US/f8aa3e90-d49f-479f-b00b-c8444afefa65/experfwiz-14-has-been-released?forum=exchangesvrgeneral

Thanks 
Sathish Veerapandian

MVP – Exchange Server 

Ports and protocols Requirement for Exchange and Lync Server Deployment

Exchange2010, Exchange2013, port October 25, 2014 Comments: 3

Very often we might get confused in a new deployment project if we are running into multiple issues and tasks. The most confusing part that we will often run into is the port requirements for internal,external as well as related services.I have consolidated and prepared a document for the port requirements for a new deployment of on-premise  Lync and Exchange servers.

Lets have a look at the Lync server requirements first –

Following ports for the respective protocol and direction  should be opened, for hassle free and full featured Lync enabled User to function perfectly fine.

Port                   Protocol            Direction               Usage

5060/5061          TCP/UDP               Bidirectional          For SIP

1434                  UDP                      Bidirectional          For SQL servers

443                    STUN/TCP            Outgoing              Audio, video, application sharing sessions

444                    HTTPS/TCP          Bidirectional          Lync Front End server

443                    PSOM/TLS            Outgoing              Data sharing sessions

3478                  STUN/UDP            Outgoing              Audio, video sessions, Desktop Sharing

5223                  TCP                     Outgoing              Lync Mobile pushes notifications

50000 – 59999    RTP/UDP              Outgoing              Audio, video sessions

5067                  TCP/TLS              Bidirectional          Incoming SIP requests for Mediation servers.

57501-65535     TCP/UDP              Bidirectional           VideoConferencing

8057,8058         TCP/TLS              Bidirectional          Front End Service

 
For remote access to work for IM and Presence, it is mandatory that SIP traffic is allowed to flow bi-directionally. Hence, Port needs to be allowed as follows:

• Port 443 and 5061 from Internet to Access Edge External IP (bi-directional)
• Port 5061 from Edge Internal IP to Internal Network (bi-directional)

Edge server should be accessible from the Internet over port 443, 3478 and 5061.
Reverse Proxy require Port 443 to be opened.
For a Mobile Access user who is outside the corporate network, the request hits the Reverse Proxy and is then sent to the Front End pool or Director.No user level authentication is done on the reverse proxy.
Its always recommend to implement a Director Server Role for additional security.The Director is both offloading the authentication and providing an extra layer of security against DoS attacks.
Director must be in the same subnet where the Front End Servers reside which will be in the Private network. It should not be in the perimeter or DMZ.

 
Below will be the Flow of mobile application requests for Mobility Service :

All the External user Lync log in requests through mobile devices –> will go through the reverse proxy server –> and it will go to the edge server –> and hit the front end pool.
The Microsoft Lync Server gets user information from Auto-discover Service and then it returns all the Web Services URLs for the user’s home pool, including the Mobility Service URLs.

Below are the list of additional features that require external access through a reverse proxy for users accessing them externally.We need to think of validating them once the deployment is completed.

1) Enabling external users to download meeting content for any meetings.
2) Enabling external users to expand distribution groups.
3) Enabling remote users to download files from the Address Book service.
4) Accessing the Microsoft Lync Web App client.
5) Accessing the Dial-in Conferencing Settings webpage.
6) Accessing the Location Information service.
7) Enabling external devices to connect to Device Update web service and obtain updates.

Now we will look into the port requirement for Exchange servers as well.

Port Requirements for Exchange On-premise Servers (Applies to Exchange2 2010 and 2013):

Port                   Protocol            Direction               Usage

25                     SMTP                  Bidirectional            For Sending and receiving emails

50636                 TCP                   Bidirectional            From Hub to Edge and Vice Versa

135                    TCP/RPC             Outgoing                HUB to Mailbox via MAPI

80/443               HTTP/HTTPS       Bidirectional            Autodiscover

993                     TCP                   Incoming                IMAP

995/110               TCP                   Incoming                POP3(Any one of the port depends upon config)

5075-5077           TCP                   Incoming                CAS to OCS Communications

5061                   TCP                   Outgoing                 CAS to OCS Communications

 

For OWA and Outlook Anywhere port 443 should be opened in firewall.
For IMAP port 993 should be opened in Firewall.Port 25 should be opened on Firewall for both internal and external internet mail flow traffic.

I think most of the port requirement for Lync and Exchange deployment have been added above. Feel free to comment or correct me if anything needs to be added or corrected.

Also Refer – http://social.technet.microsoft.com/wiki/contents/articles/28141.ports-and-protocols-requirement-for-exchange-and-lync-server-deployment.aspx

References:

http://technet.microsoft.com/en-us/library/gg398833.aspx

http://technet.microsoft.com/en-us/library/bb331973.aspx

http://support.microsoft.com/kb/2409256#VerifyNetworkRequirements

http://support.microsoft.com/kb/2423848

http://technet.microsoft.com/en-us/library/gg425727

Thanks 
Sathish Veerapandian

MVP – Exchange Server

PortQueryUI – GUI tool that can be used for troubleshooting port connectivity issues

Monitoring Tools October 19, 2014 Leave a comment

At times we might run into scenarios where user unable to do  access any Exchange ,Lync,Mobility or any related External User Access functionalities. This might happen in multiple scenarios like in a new deployment, a firewall upgrade, a switch replacement or a network change etc.,

Microsoft has this Graphical User Interface of tool called PortQueryUI which can be used to troubleshoot these kind of scenarios with port connectivity issues.

Below explained is the functionality of this tool PortQueryUI.

Download the tool from the below link –

http://download.microsoft.com/download/3/f/4/3f4c6a54-65f0-4164-bdec-a3411ba24d3a/PortQryUI.exe

Accept the license agreement and proceed. Now we will be directed to unzip the files and choose a location to unzip.

 

PortQuery

Now we can open portquery UI application. There is no need to install this app and it opens up the GUI interface as shown below.

Its better to run this tool from the affected machine/server where we are experiencing the issues and then specify the destination IP of the server where we are experiencing the connectivity issues.

We could see there are 2 types of query.

1) Query Predefined Service – Which has few predefined services like, SQL,Web Service ,Exchange etc., .When we choose any predefined service it queries all the required ports and provides us the output of the result.

portquery3

2) Manually input Query ports – Which can be used to query any specific ports on UDP ,TCP or both as shown below.

portquery2

Also we have an option called predefined services  in the help tab which helps us to see the list of ports that it queries for any specific service that we choose.

portquery4

 

Below is an example for set of predefined services that it queries for Exchange.

portquery6

 

It has an option to save the query result as shown below. Also it allows the end user to customize config.xml or provide a config input file for list of query that defines their own services. The config file should follow the same format as config.xml since it accepts only xml inputs.

PortQuery5

 

This tool can be used to query open ports during any kind of troubleshooting scenarios.

Also published in – http://social.technet.microsoft.com/wiki/contents/articles/27661.portqueryui-gui-tool-that-can-be-used-for-troubleshooting-port-connectivity-issues.aspx

References – http://windowsitpro.com/windows/gui-tool-displays-status-tcp-and-udp-ports

Thanks 

Sathish Veerapandian

MVP – Exchange Server

Steps to Delete circulated Suspicious emails with Search-Mailbox

Antispam, Exchange2010, Exchange2013 October 16, 2014 Comments: 6

In this article we will have a look at steps to identify the spam emails circulated in an environment. When a user suspects any spam email and informs the IT Team  first and the foremost thing that would come to an Admin is that whether the emails have been circulated to everyone or not.

There are multiple scenarios where the spam messages can be circulated in an environment.

  • From single spam source  email address to single recipient.
  • From Single spam email address to multiple recipients.
  • From multiple spam email address to multiple recipients with different subject line.

Its always better to make a search in the whole organization to make sure the emails are not circulated to all the users.

The easiest way to identify the spam emails is to run a search command with the subject line so that all the affected mailbox can be identified.

Now we will have a look at the steps to perform this action with search-mailbox command.

First we need to add the user who is going to perform this task to Discovery Management group
This should be done in order to use the search-mailbox command. If we do not add this then the user won’t be able to run search command.

Create a new role group as below. We need this in order to export/Import the contents from the source mailbox and copy it to the target mailbox.
Run the below commands to create the role group if we don’t have already . If we have the import/export rolegroup already then just add the user who is going to perform this action into that rolegroup.
To Create –  New-RoleGroup “Mailbox Import-Export Management” -Roles “Mailbox Import Export”
To Add user – Add-RoleGroupMember “Mailbox Import-Export Management” -Member Administrator

newsearch5

Even if single user suspects a virus message it is better to search in the whole organization to make sure the emails are not circulated to others.Now run the below command to search the virus email throughout the organization. In our example we are going to identify an infected email with the subject “Virus Infected”

get-mailbox -ResultSize unlimited -IgnoreDefaultScope | search-mailbox -SearchQuery ‘Subject:”virus infected”’ -LogOnly -TargetMailbox administrator -TargetFolder filter -LogLevel Full

NewSearch1

Once we run the command we could see the searching would be started as shown in the above screenshot. The search results may take some time depending upon the environment and number of mailboxes we have.

Upon a successful completion of search we can see the logs and the emails in the zip file attached as shown in the screenshot.

newsearch2

Now we need to run the below command to search the infected emails and delete all of them in the whole organization

get-mailbox -ResultSize unlimited -IgnoreDefaultScope | search-mailbox -SearchQuery ‘Subject:”virus infected”’ -TargetMailbox administrator -TargetFolder filter -deletecontent -LogLevel Full

newsearch4

Once it identifies the affected emails it would ask us for confirmation as shown above before deleting the suspected emails as shown in the screenshot above.

Apart from the above as an additional part of security check we can also run a message tracking with the subject in the whole organization to see to whom all the infected emails have been circulated and ensure all the emails have been deleted.

Run the below command to perform a Message Tracking with subject in the whole organization. In our case we are using the subject “Virus Infected” .

Get-ExchangeServer | where {$_.isHubTransportServer -eq $true -or $_.isMailboxServer -eq $true} | Get-MessageTrackingLog -Messagesubject “Virus Infected” | Select-Object Timestamp,ServerHostname,ClientHostname,Source,EventId,Recipients | Sort-Object -Property Timestamp

newsearch6

Imp Note Note:

Hi Please add your account to Discovery Management role group for the search-mailbox command to work.

Add-RoleGroupMember -Identity “Discovery Management” -Member Administrator

Above method can be used to identify and delete any circulated spam email in our organization.

Thanks

Sathish Veerapandian

MVP – Exchange Server

AdminAuditlogging in Exchange 2013

Admin Audit Logging, Exchange2013 October 11, 2014 Leave a comment

By using Admin-audit logging options enabled we would be able to keep a track of the organizational,user level changes that has been made in an environment.This gives us more information if in case we need to track any major change that has been done and if we need to find which person has done that.

By default Admin Audit logging is enabled in a new installation of Exchange 2013. By using this in an organization we can make an entry of list of admin audit log enabled command-lets so that administrators whoever perform any task which is included in this list will be captured in the logs. By this we would be able to have a close security control  over the messaging environment. Also we can make some exclusions for few commands in the admin audit logging by which those commands wont be captured on the logs.

There are few default set of cmdlets that will be logged once logging is enabled  which will include all cmdlets except the Get, Search and Test cmdlets. Which means that  Get, Search and Test cmdlets won’t be capture in the audit logs.This can be modified by the AdminAuditLogCmdlets. Each of the cmdlets to be monitored,excluded  can be specified individually.

Now let’s have a look at enabling and modifying  the admin audit logging properties

Run the below command to check the audit logging properties

Get-AdminAuditLogConfig

Aud

 

If you notice the parameters which i have highlighted in red-box are only the main things which we need to concentrate.

As we can see the AdminAuditlogCmdlets has value * which means it will log all the entries of commandlets except search and Get .Also we can see the excludedcmdlets value is set to null so there is no exclusions set by default.

I can enable logging only for few important org level commands by setting a value in AdminAuditlogCmdlets

Let’s say if i want to exclude only few commandlets which are necessary for the admins for daily operations i can include them in the excludedcmdlets

I’m giving an example in this scenario. The below example creates and tracks logs only for any changes that have been made in Accepted Domain, Mailbox Database and Send Connectors.
Set-AdminAuditLogConfig -AdminAuditLogCmdlets *”New-AcceptedDomain,Set-Sendconnector,Dismount-Database”

Note: In-order to add multiple values  you need to specify the command-lets in quotation and multiple comma values as shown in the screenshot

actual

Now we can see only the below values in the loggingcmdlets

actual1

Below value will exclude the logging for Set-mailbox, Disable-Mailbox and Enable-Mailbox in our example.

Set-AdminAuditLogConfig  -AdminAuditLogexcludedCmdlets *”Set-Mailbox,Disable-Mailbox,Enable-Mailbox”

AUD3

Now we can see only the below values in the excluded loggingcmdlets

AUD4

We have enabled adminaudit logging now. Now all the changes that we are doing for the AdminAdminAuditlog commandlets be stored.

Where does these logs gets stored?

From Exchange 2010 SP1 the audit mailbox gets created automatically when we enable audit logging.Its more secure.It will create adminaudit logs folder in the audit mailbox and stores these logs.Also even admins do not have access to this Audit Mailbox and its more secure.This audit mailbox account gets disabled by default.Even if any admins finds a way to access this audit mailbox it logs traces of that and there is no way to access this without any history of traces.

Below are the examples of searching few admin audit logs

Below command will help in finding admins who recently dismounted database made any changes in sendconnector configuration

Search-Adminauditlog -Cmdlets dismount-database | ft rundate,caller,objectmodified

Search-Adminauditlog -Cmdlets set-sendconnector | ft rundate,caller,objectmodified

If in case of scenarios during any outage and if you would like to bypass these logs we can use write-adminauditlog command to make an entry . So that this entry would be made in your name and can be excluded. Below is an example

Write-AdminAuditLog -Comment "Ran Dismount-Database and Mount-Database"

Over all it is very useful in monitoring the organizational changes.
If we possibly run this command once in a month then we would be able to monitor 
the organizational,server level changes done by admins.

Thanks
Sathish Veerapandian
MVP - Exchange Server