Exchange 2007/2010 certificates and new Go Daddy

I found recently a situation where the Godaddy cert chain wasn’t installed and some phone clients had issues, the following is a proven request\import process to install the cert and chain.

 So I gave this process to a friend and found out that I should either rename or subtitle this post, “Getting SBS 2008 to recognige your 2048 bit certificate” – great side effect!

1. First make your cert request in powershell, it should look something like this:
   • New-ExchangeCertificate -GenerateRequest -SubjectName “C=US, O=Company, CN=mail.domain.com” -domainname mail.domain.com,autodiscover.domain.com,hostname,hostname.domain.local -FriendlyName mail.domain.com -privatekeyexportable:$true -path c:\cert_myserver.txt
   • IMPORTANT: don’t do any new cert requests or run any wizards until the cert is imported
2. Send the cert request to Godaddy as a UCC certificate
3. Import the Certificate to complete the request
   • Import-ExchangeCertificate –Path “C:\CertificateFile.cer” | Enable-ExchangeCertificate -Services pop, smtp, iis, imap
4. Export the certificate
   1. Start –> Run –> MMC –> Add Snap-in –> certificates –> Local computer
   2. Right click certificate –> all tasks –> export
      1. Include the certificate chain and private key
      2. Enter a password
5. Re-Import certificate including chain (this imports the chain certs also)
   1. Right click in a blank area of the certificate MMC –> all tasks –> import
   2. Select the certificate you exported –> import –> include the certificate chain.

 

And yes there are other was to get to the same result, this is just a simple easy to explain way

Re-create Exchange 2007 OWA Virtual Directories..

Have you had issues with OWA where you needed to re-create the directories? or maybe you made customizations and now it doesn’t work and you want to just get back to the default config?

Here are some scripts to get re-install the OWA virtual directories, they have been tested in lab environments

As with everything use at your own risk and always make a backup first!
YOU are responsible for your server\data.

ONLY do this if you have 1 CAS server and have not customized the OWA directories.

Save this as rebuildOWA.ps1 and run from powershell

************************Start of script**********************************************

$server = hostname

Get-OwaVirtualDirectory -server $server | Remove-OwaVirtualDirectory

New-OwaVirtualDirectory -name “owa” -OwaVersion Exchange2007 -WebSiteName “Default Web Site”

New-OwaVirtualDirectory “exchange” -OwaVersion Exchange2003or2000 -VirtualDirectoryType Mailboxes -WebSiteName “Default Web Site”

New-OwaVirtualDirectory “public” -OwaVersion Exchange2003or2000 -VirtualDirectoryType PublicFolders -WebSiteName “Default Web Site”

New-OwaVirtualDirectory “exchweb” -OwaVersion Exchange2003or2000 -VirtualDirectoryType Exchweb -WebSiteName “Default Web Site”

new-owavirtualdirectory “Exadmin” -owaversion:Exchange2003or2000 -virtualDirectoryType Exadmin -WebSiteName “Default Web Site”

Get-AutodiscoverVirtualDirectory | Remove-AutodiscoverVirtualDirectory

 New-AutodiscoverVirtualDirectory -WebsiteName “Default Web Site” -BasicAuthentication $true -WindowsAuthentication $true

IISRESET

************************End of script********************************************

Here is one for SBS 2008

Save this as rebuildSBSOWA.ps1 and run from powershell

************************Start of script**********************************************

$LocalServerName = hostname

$ActiveSyncMailboxName = “Windows SBS Mobile Mailbox Policy” + ” ” + $LocalServerName

$OABVDir = $LocalServerName + “\OAB (SBS Web Applications)”

$OAB = Get-OfflineAddressBook | Select-Object -Property Name

$strDomainDNS = [System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain().Name

$DomainAdmins = $strDomainDNS + “\Domain Admins”

$OrgName = Get-OrganizationConfig | Select-Object -Property DistinguishedName

$DefaultExchangeCertificate = “CN=” + $LocalServerName

Get-ExchangeCertificate | Where { $_.Subject -eq “$DefaultExchangeCertificate” } | ForEach { Remove-ExchangeCertificate -Thumbprint $_.Thumbprint }

Get-OwaVirtualDirectory -server $LocalServerName | Remove-OwaVirtualDirectory

New-OWAVirtualDirectory -WebsiteName “SBS Web Applications” -OwaVersion “Exchange2007” -ExternalAuthenticationMethods Fba

Set-OWAVirtualDirectory -InternalUrl “https://sites/owa/” -ClientAuthCleanupLevel “Low” -LogonFormat “UserName” -DefaultDomain $strDomainDNS -Identity “Owa (SBS Web Applications)”

New-OWAVirtualDirectory -WebsiteName “SBS Web Applications” -OwaVersion “Exchange2003or2000” -VirtualDirectoryType “Exadmin” -ExternalAuthenticationMethods Fba

New-OWAVirtualDirectory -WebsiteName “SBS Web Applications” -OwaVersion “Exchange2003or2000” -VirtualDirectoryType “Mailboxes” -ExternalAuthenticationMethods Fba

New-OWAVirtualDirectory -WebsiteName “SBS Web Applications” -OwaVersion “Exchange2003or2000” -VirtualDirectoryType “Exchweb” -ExternalAuthenticationMethods Fba

New-OWAVirtualDirectory -WebsiteName “SBS Web Applications” -OwaVersion “Exchange2003or2000” -VirtualDirectoryType “PublicFolders” -ExternalAuthenticationMethods Fba

iisreset /noforce

cd $env:windir\system32\inetsrv

.\appcmd.exe unlock config “-section:system.webserver/security/authentication/windowsauthentication”

.\appcmd.exe set site “Default Web Site” /Bindings:http/*:80:

.\appcmd.exe start site “Default Web Site”

.\appcmd.exe start site “SBS Web Applications”

************************End of script********************************************

Installing Exchange 2007 SP2 on SBS 2008

1. Make sure your system is healthy and ready.Tank has a great checklist 
2. MOST IMPORTANT make a backup (its easy in 2008 you don’t have an excuse!)
3. install using the following tool http://www.microsoft.com/downloads/details.aspx?FamilyID=ffd2fe61-9278-489e-9b96-3816394c9cb6&displayLang=en

POP3 Connector Mail Download limit

If you have SBS and are getting the following errors.

Source: Windows Small Business Server 2008
Event ID: 210
Task Category: Windows SBS POP3 Connector
Description:
One or more messages (1) were left in the “” account on the POP3 server
“” because they are larger than the maximum acceptable
message size

You can increase the message size limit but I would strongly suggest you make sure you have the horsepower to do this or you WILL have performance issues trying to transfer large mail.

That being said, from the Exchange Powershell run the following

This command will display the current size

Get-ReceiveConnector | select identity, maxmessagesize

This will set the size to 50mb and the timout to 9 min.

Get-ReceiveConnector | Set-ReceiveConnector -MaxMessageSize 50mb -ConnectionInactivityTimeout 00:09:00

Then restart transport…

This will set all receive to 50 mb, use with caution!

How to Fully Re-Install Exchange On SBS 2008

(Note: this will remove from your environment so you will have to re-create\attach mailboxes)

Recently I had a situation where I needed to fully remove and re-install Exchange on SBS2008, here is the process I was able to develop using technet, a couple blogs and trial an error

Prep For uninstall

Run Exchange Management Shell as administrator

Answer A or Y to all PS Prompts

1. Remove all mailboxes
   • Get-mailbox | disable-mailbox
2. Remove-receive Connectors
   • Get-recieveconnector | remove-recieveconnector
   • Get-sendconnector | remove-sendconnector
3. Remove Public Folder and oab
   • Get-offlineaddressbook | remove-offlineaddressbook
   • Adsiedit.msc – > Connect to : Configuration ->
   • Configuration -> Configuration -> Services -> Microsoft Exchange -> First Org.. -> administrative Groups -> Exchange Admin Group.. -> Servers -> Servername -> Information Store -> Second Information Store -> Right Click and delete “Public Folder Databas
     

Uninstall

1. Start -> control -> programs and features -> Microsoft Exchange -> uninstall -> uncheck all roles ->
   
2. Rename Databases Folders
   1. From Powershell > move c:\program files\Microsoft\Exchange Server\mailbox” c:\program files\Microsoft\Exchange Server\mailbox.old”

Re-Install Exchange

1. Download Exchange2007 SP1 (E2K7SP1EN64.exe)  http://www.microsoft.com/downloads/details.aspx?FamilyID=44c66ad6-f185-4a1d-a9ab-473c1188954c&displaylang=en
2. Create a registry value to use with Windows SBS 2008 Disc 2 (Component Technologies for Server Repair) and Microsoft Exchange Server 2007 by doing the following:
   1. Open Registry Editor.
   2. On the User Account Control page, click Continue.
   3. Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\461C2B4266EDEF444B864AD6D9E5B613\SourceList\Media.
   4. Create a new string value named MediaPackage: Right-click Media, click New, click String Value, in Name type MediaPackage, and then press ENTER.
   5. Double-click MediaPackage, in Edit String, in Value data, type \CMPNENTS\Exchange12\, and then click OK.
   6. Close Registry Editor.
3. Run the Setup from the extracted Directory, Rt click Setup and Run As Administrator
4. Click Step 4: Install Microsoft Exchange Server 2007 Sp1
5. Next -> Select Mailbox\CAS\HUB
    
6. Enter Org Name (Default is “First Organization”)
    
7. Next
   

SBS Roles Reinstall Script

1. Run Windows PowerShell commands by doing the following:
   1. Copy and paste the following cmdlets into a text file: (Run Notepad as administrator)

      $LocalServerName = hostname$ActiveSyncMailboxName = “Windows SBS Mobile Mailbox Policy” + ” ” + $LocalServerName $OABVDir = $LocalServerName + “\OAB (SBS Web Applications)” $OAB = Get-OfflineAddressBook | Select-Object -Property Name $strDomainDNS = [System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain().Name $DomainAdmins = $strDomainDNS + “\Domain Admins” $OrgName = Get-OrganizationConfig | Select-Object -Property DistinguishedName $DefaultExchangeCertificate = “CN=” + $LocalServerName Get-ExchangeCertificate | Where { $_.Subject -eq “$DefaultExchangeCertificate” } | ForEach { Remove-ExchangeCertificate -Thumbprint $_.Thumbprint } Set-ForeignConnector “Windows SBS Company Web Connector $LocalServerName” -SourceTransportServers $LocalServerName REG ADD HKLM\SYSTEM\CurrentControlSet\Services\MSExchangeIS\ParametersSystem /v “Disable MAPI Clients” /t REG_SZ /d 0.0.0-5.3164.0 Get-MailboxDatabase | Set-MailboxDatabase -OfflineAddressBook $OAB.Name -DeletedItemRetention “30.00:00:00” Get-StorageGroup | Set-StorageGroup -CircularLoggingEnabled 1 Remove-OWAVirtualDirectory -Identity “Owa (Default Web Site)” -Confirm:$false Remove-OWAVirtualDirectory -Identity “Exadmin (Default Web Site)” -Confirm:$false Remove-OWAVirtualDirectory -Identity “Exchange (Default Web Site)” -Confirm:$false Remove-OWAVirtualDirectory -Identity “Exchweb (Default Web Site)” -Confirm:$false Remove-OWAVirtualDirectory -Identity “Public (Default Web Site)” -Confirm:$false Remove-WebServicesVirtualDirectory -Identity “EWS (Default Web Site)” -Confirm:$false Remove-ActiveSyncVirtualDirectory -Identity “Microsoft-Server-ActiveSync (Default Web Site)” -Confirm:$false Remove-OabVirtualDirectory -Identity “OAB (Default Web Site)” -Force:$true -Confirm:$false Remove-UMVirtualDirectory -Identity “UnifiedMessaging (Default Web Site)” -Confirm:$false Remove-AutodiscoverVirtualDirectory -Identity “Autodiscover (Default Web Site)” -Confirm:$false Remove-OWAVirtualDirectory -Identity “Exadmin (SBS Web Applications)” -Confirm:$false Remove-OWAVirtualDirectory -Identity “Exchange (SBS Web Applications)” -Confirm:$false Remove-OWAVirtualDirectory -Identity “Public (SBS Web Applications)” -Confirm:$false New-OWAVirtualDirectory -WebsiteName “SBS Web Applications” -OwaVersion “Exchange2007” -ExternalAuthenticationMethods Fba Set-OWAVirtualDirectory -InternalUrl “https://sites/owa/” -ClientAuthCleanupLevel “Low” -LogonFormat “UserName” -DefaultDomain $strDomainDNS -Identity “Owa (SBS Web Applications)” New-OWAVirtualDirectory -WebsiteName “SBS Web Applications” -OwaVersion “Exchange2003or2000” -VirtualDirectoryType “Exadmin” -ExternalAuthenticationMethods Fba New-OWAVirtualDirectory -WebsiteName “SBS Web Applications” -OwaVersion “Exchange2003or2000” -VirtualDirectoryType “Mailboxes” -ExternalAuthenticationMethods Fba New-OWAVirtualDirectory -WebsiteName “SBS Web Applications” -OwaVersion “Exchange2003or2000” -VirtualDirectoryType “Exchweb” -ExternalAuthenticationMethods Fba New-OWAVirtualDirectory -WebsiteName “SBS Web Applications” -OwaVersion “Exchange2003or2000” -VirtualDirectoryType “PublicFolders” -ExternalAuthenticationMethods Fba New-WebServicesVirtualDirectory -WebsiteName “SBS Web Applications” -InternalUrl “https://Sites/EWS/Exchange.asmx” -basicauthentication 1 -windowsauthentication 1 New-ActiveSyncVirtualDirectory -WebsiteName “SBS Web Applications” -InternalUrl “https://Sites/Microsoft-Server-ActiveSync” -ExternalAuthenticationMethods Basic -InternalAuthenticationMethods Basic New-OabVirtualDirectory -WebsiteName “SBS Web Applications” -InternalUrl “https://Sites/OAB” Set-OabVirtualDirectory -PollInterval “30” -Identity “oab (sbs web applications)” New-UMVirtualDirectory -WebsiteName “SBS Web Applications” -InternalUrl “https://Sites/UnifiedMessaging/Service.asmx” New-AutodiscoverVirtualDirectory -WebsiteName “SBS Web Applications” -InternalUrl “https://Sites/Autodiscover/Autodiscover.xml” -BasicAuthentication 1 -WindowsAuthentication 1 Set-ClientAccessServer -Identity $LocalServerName -AutoDiscoverServiceInternalUri “https://sites/Autodiscover/Autodiscover.xml” Set-OfflineAddressBook $OAB.Name -VirtualDirectories $OABVDir -Versions Version2,Version3,Version4 -PublicFolderDistributionEnabled:$True iisreset /noforce cd $env:windir\system32\inetsrv .\appcmd.exe unlock config “-section:system.webserver/security/authentication/windowsauthentication” .\appcmd.exe set config “SBS Web Applications/ews” “-section:windowsAuthentication” “-useKernelMode:False” /commit:apphost .\appcmd.exe set config “SBS Web Applications/AutoDiscover” “-section:windowsAuthentication” “-useKernelMode:False” /commit:apphost .\appcmd.exe set config “SBS Web Applications/oab” “-section:windowsAuthentication” “-useKernelMode:False” /commit:apphost .\appcmd.exe set site “Default Web Site” /Bindings:http/*:80: .\appcmd.exe start site “Default Web Site” .\appcmd.exe start site “SBS Web Applications”

   2. Name the text file sbsAllrolereinstall.ps1, and then save it in C:\windows\system32.
   3. Open Exchange Powershell: Click Start, click All Programs, click Microsoft Exchange Server 2007, right-click Exchange Management Shell, and then click Run as administrator.
   4. On the User Account Control page, click Continue.
   5. In Exchange Management Shell, type .\sbsAllrolereinstall.ps1, and then press ENTER.
   6. Type Y to confirm the action, and then press ENTER.
   7. Close Exchange Management Shell.
2. Update the settings in the Internet Information Services (IIS) Manager by doing the following:
   1. Click Start, click Administrative Tools, and then click Internet Information Services (IIS) Manager.
   2. On the User Account Control page, click Continue.
   3. Expand the name of your Windows SBS 2008 server, and then expand Sites.
   4. Click Default Web Site, and then click Start.
   5. Expand SBS Web Applications, and then click OAB.
   6. In OAB Home, double-click SSL Settings.
   7. Select Require SSL and Require 128-bit SSL, and then click Apply.
3. To send e-mail messages to the Internet, run the Fix My Network Wizard by doing the following:
   1. Open the Windows SBS Console.
   2. On the navigation bar, click Network, and then click Connectivity.
   3. In the task pane, click Fix my network.
   4. Follow the instructions in the wizard. You can click each potential problem that the wizard lists to get more information about the problem. To recreate the default Send and Receive connectors to re-establish mail flow, select Exchange SMTP connectors are invalid.
4. Rerun the Internet Address Management Wizard to associate the new virtual directories with the correct external URL.
5. If your server uses a trusted certificate, you must also run the Add Trusted Certificate Wizard.
6. You may end up with the exchange saying its not license you can register Exchange on SBS with this tool.
   Activate Exchange
   http://rahman.eu/ActivateExchange.exe

Info gathered from

Rahman® Reviews

http://duitwithsbs.wordpress.com/2009/04/28/sbs-2008-how-to-repair-exchange-2007/
http://technet.microsoft.com/en-us/library/dd728006(WS.10).aspx
List of SBS Recovery options.
http://technet.microsoft.com/en-us/library/dd430085%28WS.10%29.aspx

1.  

SBS 2008 and RU3 and Outlook Repeat Login Prompt

UPDATE Exchange RU9 is supposed to fix this

On Small Business Server 2008 we have see that if you install RU3 you may start getting repeatedly prompted for log in credentials when opening outlook.

I believe that is because of some additional NTLM security that is put in place which I believe is included with RU3 based on this blurb in the update documentation

“After you install this update, the authentication mode that is set for the Web site at http://companyweb changes from the NTLM authentication to the Kerberos authentication. The reason this change occurs is because we recommend that you use the Kerberos authentication instead of the NTLM authentication.”

The solution I found so far was

1. Remove RU3 for now.
2. re-apply the Windows Authentication on the EWS, OAB, and Autodiscover virtual directories
   1. Open Internet information Services (IIS) Manager
   2. Expand the Server -> Sites -> SBS Web Applications
   3. Click on autodiscover -> authentication ->
      
   4. windows Authentication -> Disable -> enable
      
   5. Repeat for OAB and EWS virtual directories
3. restart the server

Note: It may be necessary to add the root exchange URL to the “intranet sites” for on the clients

Tools -> Internet options -> security tab -> Local Intranet -> Sites -> advanced -> add -> https://remote.domain.com