Jump to content


  • Content Count

  • Joined

  • Last visited

About i-away

  • Rank
    IT Pro
  • Birthday 06/03/1981

Profile Information

  • Gender
  • Location
  1. i-away

    How Autodiscover Works

    One of the improvements in Exchange 2019 is that that the client configuration became more easier. This is caused because of several improvements in Autodiscover. The clients that connect via EWS usually are connected to the EWS Endpoint using Autodiscover. It is known that Autodiscover provides also information for other protocol connections also and it support also multiforest configurations. When Exchange server is installed a virtual directory called Autodiscover is created. After the appropriate URL are configured and stored in Active Directory the Client Access services that run on the Mailbox server provide authentication services and proxy services for both internal and external client connection.That results that Outlook clients can then connect to Exchange using only the user name and password. Autodiscover and Active Directory As said previously the creation of the Autodiscover virtual directory allows Outlook to automatically discover the necessary Exchange mailbox settings saving the users from having to write down and remember server names, ports, protocols, databases, etc. The user can simply provide a username and password and the rest is carried by Outlook. During the virtual directory creation an SCP object is also created in Active Directory. That SCP object stores the authoritative URLs for the Autodiscover service and provides them to domain-joined computers. The SCP object points to the Exchange server and provides additional Autodiscover information to clients trying to connect to Exchange. The SCP object locates the Autodiscover server or endpoint that’s appropriate for the user trying to connect. It provides an easy way for domain-joined mail clients to look up Autodiscover servers. There are two types of SCP objects for the Autodiscover service that Exchange publishes. SCP pointers and SCP URLs. SCP pointers contain information that points to specific LDAP servers that are then used to locate Autodiscover SCP objects in the user’s Active Directory domain. SCP URLs contain Autodiscover URLs for Autodiscover endpoints. The Autodiscover service URL will be either of the values below: https://yourdomain/autodiscover/autodiscover.xml https://autodiscover.yourdomain/autodiscover/autodiscover.xml The URL used will depend on whether the Autodiscover service is configured on a separate site or not. Autodiscover in DNS Exchange Server 2019 reduces the number of required namespaces since it does not require RPC Client Access namespaces. The Client Access services now proxy connection requests to whatever Mailbox server is hosting the active Mailbox database for the mailbox being connected to. A new feature in Exchange 2019 is the ability of a a Mailbox server to proxy a session to another mailbox server in a different Active Directory site thus eliminating the need for failback namespaces in DAG activation situations. Outlook and Autodiscover If Autodiscover is properly configured, Outlook clients can authenticate to Active Directory with just a user’s credentials. It will automatically search for the Autodiscover SCP objects for the domain. Once it finds the Autodiscover service, the Outlook client will connect to the Client Access services on the first Mailbox server it finds. Outlook will then collect profile information in XML format. This information is required to connect to the mailbox. Autodiscover can use one of four methods to configure an Outlook client: Connect to https://yourdomain/AutoDiscover/AutoDiscover.xml Connect to: https://autodiscover.yourdomain/AutoDiscover/AutoDiscover.xml Autodiscover redirect URL: http://autodiscover.yourdomain/autodiscover/autodiscover.xml Search for DNS SRV record The first two methods above are typical for smaller organizations with a single SMTP namespace. The second two are typical in multiple-SMTP namespace scenarios. Outlook uses the Autodiscover service to locate a new connection point. Autodiscover returns the following information to the Outlook client: User display name Internal and external connection settings Mailbox server hosting the active copy of the user’s mailbox URLs for various Outlook features (OAB, OWA, etc.) Outlook Anywhere server settings If the Exchange information for a user changes, the Outlook client will use the Autodiscover service to automatically reconfigure the user’s profile. This commonly occurs when a mailbox is moved. When this happens, Outlook contacts the Autodiscover service and automatically updates the user’s profile with the new mailbox location so that it can connect. Autodiscover and certificates When Exchange is installed, the installation process creates a self-signed certificate that’s signed by the Exchange server itself. This certificate is automatically installed on the server. However it is recommended that you use public certificate from a trusted third party. You can use the Microsoft Remote Connectivity Analyzer tool to confirm that the Autodiscover service in Exchange 2019 is accessible and functioning as expected. To test Autodiscover with the tool, launch the tool and select the Outlook Connectivity test. The tool will then attempt to connect to Exchange, using Autodiscover. If it fails, there is likely an issue with the external URLs configured in Exchange. Reading the results provided by the tool should reveal clues regarding why connectivity failed.
  2. Hello to all!! Today Exchange Product Group announced a long-expected addition on Office 365. The ability to migrate G-Suite calendars and contacts to Office 365 with nothing more than Office 365 native tools. Currently there is a 2GB migration limit per day. This is a great step forward but there are many more things to come. Migration currently does not support Mail: Vacation Settings or Automatic reply settings as well as Filters or Rules Meeting Rooms: Room bookings Calendar: Shared calendars, cloud attachments, Google Hangout links and event colors Contacts: A maximum of three email addresses per contact are migrated over Contacts: Gmail tags, contact URLs and custom tags are not migrated over You can read more information here Happy Migrations!!!
  3. Today Exchange Team announced the new and updated site for the Exchange Deployment Assistant – https://assistants.microsoft.com! . This is a expected move since all the assistants are moved under assistants.microsoft.com site, following the Microsoft move to docs.microsoft.com . The new assistant focus solely on on-premises deployments. For online and hybrid scenarios, there are two different resources offering guidance: the EDA, and the Office 365 mail migration advisors. When you go to the new site, you’ll see two options: The first option, On-premises Exchange deployments, will go to the Deployment Assistant and all the on-premises deployment options we all know and love today with Exchange 2019 scenarios coming soon! The second option, Migrate Exchange to Office 365 will lead you to the Office 365 mail migration advisors. The Office 365 mail migration advisors offer the best solutions for helping you migrate your organization to Office 365 including staged and cut-over migrations and all flavors of hybrid migrations. The existing Deployment Assistant will remain available until the end of April 2019. Happy advising!!!!
  4. Today Exchange Team announce the quarterly servicing updates, cumulative and update rollups, for all supported versions of Exchange Server. There are some important changes. What changes in Exchange Web Services Push Notifications The update to EWS Push Notifications is considered a critical security update and customers should deploy the update as soon as they understand and accept any potential impact. The change in Push Notification authentication is a permanent change to the product and necessary to protect the security of an Exchange Server. As outlined in KB4490060 the fundamental change is the authentication between EWS clients and Exchange server. This only affects Push notificationsan and leaves Pull and Streaming Notifications unaffected and its applicable to all EWS clients. Also a computer reset of Exchange server credentials is required in Active Directory as a best practice. Decreasing Exchange Rights in the Active Directory The Team has also made a change in the Active Directory rights granted to Exchange Servers reducing the items that exchange is able to write security descriptors as outlined in KB4490059. Removing Legacy Auth protocols from Exchange Servers In Exchange Server 2019 Cumulative Update 1, there is a new cmdlet that restrict legacy authentication protocols on a per protocol and user by user basis. This change came from Office365 which already has the same functionality implemented. Downloads The KB articles are the following: Exchange Server 2019 Cumulative Update 1 (KB4471391) Exchange Server 2016 Cumulative Update 12 (KB4471392) Exchange Server 2013 Cumulative Update 22 (KB4345836) Exchange Server 2010 Service Pack 3 Update Rollup 26 (KB4487052) Happy Patching!!!!
  5. A Security Researcher named Dirk-jan Mollema has recently discovered a vulnerability that affects Exchange and described a way that this vulnerability can be exploited to allow an attacker to obtain escalated privileges. The attack relies on two key components to be successful. Firstly by using a man-in-the-middle attack method against an Exchange Server to perform an NTLM relay attack ( an attacker intercepting the authentication process). This in itself isn’t actually an real Exchange vulnerability and its caused by the NTLM over HTTP authentication method that Exchange Server uses. The second component of this vulnerability relates to the ability of an attacker to force Exchange to attempt to authenticate as the computer account. To do this, the attacker has the ability to use Exchange Web Services in order to force Exchange Server to make a new outbound HTTP call that uses NTLM to attempt to authenticate against an arbitrary URL using the EWS Push Subscription feature. Microsoft is actively working on a hotfix and is not recommending performing any actions until a hotfix is released. Stay tuned for Updated info!
  6. One of the audit tasks that you may need to do while your operation on exchange server is how to find out by whom and when an Exchange Object was Created, Modified, or deleted mainly for troubleshooting purposes. You can easily do that using exchange management shell: Search-AdminAuditLog -ObjectIds “ObjectName” –StartDate (date) –EndDate (date) Note: The ObjectIds parameter accepts a variety of objects, such as mailbox aliases, Send connector names, and so on. If you want to specify more than one object ID, separate each ID with a comma for a more fine-grained report. Happy Searching!!!
  7. Microsoft Exchange Team has released the official Exchange 2019 preferred architecture (PA) document. The document is updated with the new features of Exchange 2019 including the brand-new MetaCache Database (MCDB) feature and the increase in physical cores and memory limits. As always the document is a must for every admin that wishes to proceed to Exchange 2019 . You can donwload the document here. Happy Reading!!!
  8. Hello to all. Recently i stumbled in client request asking if there is a way to centrally configure Signatures for the employees without the need of a 3rd party tool. Fortunately there is an easy way in Office 365 to do this. Here is how : 1) First of All you need to create a Transport Rule in EAC and choose to Build a Custom Rule 2) Then you need to define the disclaimer text to be included in the rule. The trick here that you can use HTML Tags therefore have fields that will be replace accordingly for the user account details. 3) Your Done!!! Note: Although it may seem easy there are some tricky points: 1) You need time to manually write the Rule with the HTML tags and have the correct fileds in the users configured 2) The most important problem is the Format support. The resulting signature will look weird on some devices and the image will increase the size of the mail. If you dont have problem with that you just have found and easy way to centrally manage your signatures across the organization. Happy signing!!!
  9. A common issue when migrating to a new exchange version is the exhaustion of the log space resulting migration failures. Of course you can not simply go and delete those files because this will lead to more problems than the original one. One migitation to this problem is to run a full backup in order to clear the files and release the space.The other way is to enable circular logging which can be done before you start the migration in order to prevent the problem from happening in the first place. The migration procedure uses the Migration arbitration mailbox to store migration information and causes the transaction logs that fill up the disk. You can find the name of the used arbitration mailbox and its database by the following powershell command: “Get-Mailbox -Arbitration | ft Name,Database” You can move those mailboxes to another Database and enable there the circular logging with the following command: “Set-MailboxDatabase “DatabaseName” -CircularLoggingEnabled $true” Happy disk space free migrations!!!!!
  10. Just now Exchange Product Group announced the availability of the long-awaited Exchange 2019!!!!. There are several new and exciting features in this release and its the first time that Microsoft recommends install into Server Core!!!. Here are some of the new features: 1) Exchange Server can use up to 48 processor cores and 256GB of RAM. 2) Dual storage read/write capabilities to Exchange Server 2019 using Solid State Drive (SSD) technology to provide a super-fast cache of key data for improving end user experience 3) Windows 2019 Core support and recommended method of installation For a full release announcement you can visit this link
  11. Junior IT δεν τα λες και πολύ καλα... 1) Τα outlook θα kάνουμε query το SCP από το Active Directory που αντιστοιχεί στο AutoDiscoverServiceInternalURI του Exchange και θα παει να συνδεθει σε αυτή την διευθυνση ζητωντας ρυθμισεις για το εκάστοτε προφιλ του χρήστη. 2) Δεν χρειαζεται να κανει καινουργιο προφιλ στο Outlook εφόσον το mail domain του δεν θα αλλαξει. Αντιθέτως αλλαζοντας το SCP θα γλυτωσει και το sync. 3) To resolve του domain του όπως και των υπολοιπων domain κανονικα αν είναι στημενο σωστα θα πρεπει ειτε να γινεται απευθειας από τον τοπικο DNS του Active Directory είτε να είναι αποθηκευμένο στην cache του από τα requests αλλων χρηστών. 1) Δεν μπορει να συμβει τοσο ευκολα αυτό που λες με τα passwords καθως αυτο προϋποθέτει είτε AADCοnnect είτε να βαλει χειροκίνητα ο admin τα ιδια passwords σε Office365 και On-premise. 2) Όσο για την registry και το Outlook δεν χρειαζεται να γινει αυτο από την στιγμη που θα αλλαξει σωστα το SCP και θα γινουν σωστες ρυθμισεις στους εσωτερικους DNS manval70 Αυτο που σου ειπε ο φιλος σου είναι εν μερει σωστο όχι η ολοκληρη λύση του προβλήματος. Εκτός από το SCP θα πρέπει να αλλάξεις και τους εσωτερικους DNS ετσι ώστε το νέο autodiscover να δειχνει στο Office365. Οσον αφορα τα Outlook και τα pst είναι καθαρα δικια σου επιλογή αν θα κανεις ή όχι καινουργιο προφίλ, όπως και θα ανεβάσεις ή όχι τα pst.
  12. Καλησπέρα, Για τέτοια migration υπάρχουν μόνο 2 αξιόπιστα software που χρησιμοποιούν όλες οι εταιρείες που το κάνουν. Επίσης υπάρχει η δυνατότητα να το κάνουν οι συγκεκριμένες εταιρείες των software προφανώς με κάποια χρεώση. Οι πλατφόρμες όσο και οι διαδικασία είναι μια απλά στις πλατφόρμες των software αλλάζει λίγο το Look 'n' feel . Για να μη θεωρηθει διαφήμιση αν θες στείλε μου μήνυμα να σου πω τα software.
  13. <p>Σήμερα έγινε διαθέσιμη μια ενημερωμένη έκδοση για το Management Pack του System Center Operations Manager του Exchange Servεr 2013. Η ενημέρωση αυτή προσφέρει πολλές και νέες δυνατότητες ανάλυσης και διάγνωσης της κατάστασης και της απόδοσης του Exchange Server καθώς και μια πληθώρα νέων γραφημάτων.</p> <p>Το καινούργιο Management Pack μπορείτε να το κατεβάσετε από <a href="//www.microsoft.com/en-us/download/details.aspx?id=39039">εδώ</a></p><br />Filed under: <a href='http://andritsos.wordpress.com/category/uncategorized/'>Uncategorized</a> <a rel="nofollow" href="http://feeds.wordpress.com/1.0/gocomments/andritsos.wordpress.com/141/"><img alt="" border="0" src="http://feeds.wordpress.com/1.0/comments/andritsos.wordpress.com/141/" /></a> <a rel="nofollow" href="http://feeds.wordpress.com/1.0/godelicious/andritsos.wordpress.com/141/"><img alt="" border="0" src="http://feeds.wordpress.com/1.0/delicious/andritsos.wordpress.com/141/" /></a> <a rel="nofollow" href="http://feeds.wordpress.com/1.0/gofacebook/andritsos.wordpress.com/141/"><img alt="" border="0" src="http://feeds.wordpress.com/1.0/facebook/andritsos.wordpress.com/141/" /></a> <a rel="nofollow" href="http://feeds.wordpress.com/1.0/gotwitter/andritsos.wordpress.com/141/"><img alt="" border="0" src="http://feeds.wordpress.com/1.0/twitter/andritsos.wordpress.com/141/" /></a> <a rel="nofollow" href="http://feeds.wordpress.com/1.0/gostumble/andritsos.wordpress.com/141/"><img alt="" border="0" src="http://feeds.wordpress.com/1.0/stumble/andritsos.wordpress.com/141/" /></a> <a rel="nofollow" href="http://feeds.wordpress.com/1.0/godigg/andritsos.wordpress.com/141/"><img alt="" border="0" src="http://feeds.wordpress.com/1.0/digg/andritsos.wordpress.com/141/" /></a> <a rel="nofollow" href="http://feeds.wordpress.com/1.0/goreddit/andritsos.wordpress.com/141/"><img alt="" border="0" src="http://feeds.wordpress.com/1.0/reddit/andritsos.wordpress.com/141/" /></a> <img alt="" border="0" src="http://pixel.wp.com/b.gif?host=andritsos.wordpress.com&blog=20061395&post=141&subd=andritsos&ref=&feed=1" width="1" height="1" /> <a href="http://andritsos.wordpress.com/2014/11/12/exchange-2013-management-pack-update/"class='bbc_url' rel='nofollow external'>Source</a>
  14. Μόλις έγινε διαθέσιμο το Exchange Server 2007 Service Pack 3 Update Rollup 14. Περιλαμβάνει αρκετές διορθώσεις και βελτιώσεις σε κάποια προσφάτως παρατηρημένα προβλήματα. Μπορείτε να το κατεβάσετε απο εδώ Filed under: Uncategorized Source
  15. Μόλις έγινε διαθέσιμο το Exchange Server 2010 Service Pack 3 Update Rollup 7. Περιλαμβάνει αρκετές διορθώσεις και βελτιώσεις σε κάποια προσφάτως παρατηρημένα προβλήματα. Μπορείτε να το κατεβάσετε απο εδώ Ενδεικτικά κάποιες βελτιώσεις – διορθώσεις: 2983261 “HTTP 400 – Bad Request” error when you open a shared mailbox in Outlook Web App in an Exchange Server 2010 environment 2982873 Outlook Web App logon times out in an Exchange Server 2010 environment 2980300 Event 4999 is logged when the World Wide Web publishing service crashes after you install Exchange Server 2010 SP3 2979253 Email messages that contain invalid control characters cannot be retrieved by an EWS-based application 2978645 S/MIME option disappears when you use Outlook Web App in Internet Explorer 11 in an Exchange Server 2010 environment 2977410 Email attachments are not visible in Outlook or other MAPI clients in an Exchange Server 2010 environment 2976887 eDiscovery search fails if an on-premises Exchange Server 2010 mailbox has an Exchange Online archive mailbox 2976322 Assistant stops processing new requests when Events in Queue value exceeds 500 in Exchange Server 2010 2975988 S/MIME certificates with EKU Any Purpose ( are not included in OAB in Exchange Server 2010 2966923 Domain controller is overloaded after you change Active Directory configurations in Exchange Server 2010 This update also includes new daylight saving time (DST) updates for Exchange Server 2010 SP3. For more information about DST, go to the following Microsoft website: Daylight saving time Help and Support Center Filed under: Exchange, Exchange 2010, News Source
  • Create New...