Troubleshooting CRL issues in a Exchange 2010 Lab

imageHere is the story, I was building a Lab so I could test Domain secure  connections between exchange 2010 Orgs. I issued a cert to both servers from a CA in domain 1, and imported CA root cert to the trusted roots of both servers. Then when I tried to activate services or use MTLS on my connectors I got the following error.

The Certificate Status Could not be determined Because the revocation check failed

Here are the steps I took (with a some help) and got my servers talking and CRL checking working.

  1. Verify that a CRL URL is published
    • Re-issue cert if needed
  2. Verify that the CRL URL can be accessed
  3. Clear the URL cache
    • certutil -urlcache crl delete
    • certutil -urlcache ocsp delete
  4. Check validity of the URLS in the cert
    • certutil -verify -urlfetch C:\foobar2.cer
  5. Clear and Force re-sync of cache
    • certutil -setreg chain\chaincacheresyncfiletime @now
  6. Clear and Force re-sync of cache and don’t use cache for 3 days
    • certutil -setreg chain\chaincacheresyncfiletime @now+3
  7. Installed and configured the 2008 Online Responder on my CA
  8. netsh winhttp set proxy proxy-server="http=myproxy:8080;https=sproxy:8080" bypass-list= "*"



Note: I finally I found that I had an issue with my TMG server when routing across it (even though it was supposed to not be filtered)
I moved my VM to the same networks (i.e. Both on 192.168.10.x) and then I was able to get it working…

Still need to figure out why TMG was breaking it, Conversely I did get it working with ISA 2006 without issue, I will update this post when I figure out the issue with TMG.

Configure Send email to Sharepoint on SBS 2011–Preview


Note this works for the public beta and is subject to change

This assumes that your domain is and WSF is the domain specific to Sharepoint, everything that is RED is a value you need to set

· Configure Address Space in Exchange

New-AcceptedDomain –Domainname –domaintype ExternalRelay –name

· Configure Foreign Connector with drop folder

  • Mkdir “C:\Drop Directory\WSF”
  • New-ForeignConnector -Name "WSF Connector" -AddressSpaces "" -SourceTransportServers "Hub01","Hub02"
  • Set-TransportServer Hub01 -RootDropDirectoryPath "C:\Drop Directory"
  • Set-ForeignConnector "WSF Connector" -DropDirectory "WSF"

· Configure WSF to use drop folder

  • Start –> All Programs –> MS SP 2010 Prod –> SP 2010 Central Admin
  • System Settings –> Configure incoming e-mail Settings
  • Enable Sites on this server to receive e-mail = yes
  • E-Mail server display address =
  • E-mail Drop Folder = “C:\Drop Directory\WSF”

· Mail enable a WSF document library

  • Browse to site ex: http://companyweb
  • Click on the Document Library you want to mail enable Ex: Shared Documents
  • Click Library in the Ribbon
  • Click Library Settings
  • Under Communications click “Incoming e-mail settings”
  • Click allow this document library to receive e-email
  • Fill out the Email address Field Ex: “”

· Create contact for WSF document library

  • New-mailcontact –ExternalEmailaddress “” –name Docs –alias Docs –Firstname WSFFirst –Lastname WSFLast

OWA 2007 Search only displays the first 100 results.

The default limit is 100 items in an Exchange 2007 OWA search, if you try to search for something that has more than 100 results it will only display the first 100.



Change the default search limit in OWA 2007

You can change this by modifying the the web.config

The default location is: C:\Program Files\Microsoft\Exchange Server\ClientAccess\Owa\ web.config

Look for the following entry and adjust.

      <add key="MaximumIdentityArraySize" value="100" />


And adjust the values to whatever you want, but keep in mind that could have a performance impact on the CAS if there is high use of large queries

Getting Mailbox sizes

Remember the days when you could open ESM click on the mail store and see all the mailbox sizes? then you could sort them with a click and  know which users to go have a discussion with about mail usage? Where did that go in Exchange 2010\2007?

You can use powershell to gather all that info and export it to a CSV

Get-MailboxStatistics | sort-object totalitemsize -Descending  | select-object displayname, itemcount, totalitemsize | Export-Csv -path c:\mboxStats.csv

Or if you want the GUI back

Glen Scales Developed a very cool powershell script that gives you a GUI for mailbox sizes

Exchange 2010

Exchange 2007

My only gripe is that he thought of it first Smile

Great script man!

Cant upgrade an Address Policy after removing your 2003 exchange server.

When you try to update your address policy according to documentation  on your 2010 or 2007 Exchange:

Set-EmailAddressPolicy “Default Policy” –IncludedRecipients AllRecipients

You get the following error:
Set-EmailAddressPolicy : The recipient policy “Default Policy” with mailbox man
ager settings cannot be managed by the current version of Exchange Management C
onsole. Please use a management console with the same version as the object.
At line:1 char:23
+ Set-EmailAddressPolicy  <<<< “Default Policy” -IncludedRecipients AllRecipien

  1. Remove Mailbox manager from 2003
  2. Manually change the attrib of the Policy
    1. Start –> Run –> Adsiedit
    2. Right Click ADSI Edit –> Connect to –> Configuration
    3. image
    4. Expand Configuration Container [] –> CN=Configuration… –> CN=Services –>  CN=Microsoft Exchange –> CN=Your_Exchange_Org_Name Expand Recipient Policies
    5. image
      default policy -> properties
      MsExchPolicyOptionList value
    6. image
    7. Click Edit –> Edit
    8. image
    9. remove the MailBox Manager Policy hex Value
      • FC 1C 49 26 50 9E 57 48 86 1B 0C B8 DF 22 B5 D7 = Address List pol
      • EC 13 68 3B 89 CE BA 42 94 42 D8 7D 4A A3 0D BC = MailBox Manager Policy