Skip to content

Archive

Category: Exchange

I renewed a SSL certificate on my Exchange Servers and needed to update it on my NetScaler.
 
To import the SSL certificate to NetScaler you need to export and convert the certificate. This is common usage for using a “Windows Certificate” on a Linux system or in a Java certificate store.
 
The steps to accomplish this:

  • Export the certificate from Exchange to a .pfx-file.
  • Extract the Certificate and Private Key from the .pfx-file. Windows does not support doing this natively, you need to have OpenSSL installed.
  • Import the Certificate and the Private Key file to NetScaler (or another appliance).

 
 
 

Export the certificate from Exchange 2010 Management Console
 

Go to Server Configuration and select the certificate you want to export.
 
 
crtexport2
Enter filename and a password.
 
 
 
 

Export the certificate from Exchange admin center (Exchange 2013)
 

Go to Servers and select Certificates
 
 

Mark the certificate and klick the (more) icon and select Export Exchange certificate.
 
 

Enter UNC Path and Password.

 
 
 
 

Convert the exported certificate
For this step you need to install OpenSSL: https://www.openssl.org/community/binaries.html

Read more about the PKCS#12 file utility: http://www.openssl.org/docs/manmaster/apps/pkcs12.html

 
 
 
 

Import the certificate to NetScaler
crtexport8
Go to Traffic Management > SSL > SSL Certificates and click Update.
 
 
crtexport9
Use the dropdown on the “Browse” button to select Local file rather than first uploading the file to the NetScaler.

 
 
 
 

I was getting the following error in the logs on an Exchange 2010 server(SP3 with RU5).

There is a limit of attachments in a single message that the content indexer will process. If the indexer encounters more than 32 attachments, the event 9875 is thrown.

The errormessage also has information about the affected Database, Folder ID, Message ID and Document ID.

For now, the only useful information is the database name which holds the problematic message, rest of the values are hex numbers. We can assume there are a bunch of users and messages in a database, therefor we need to find the correct mailbox and item.

 

..this is where ExFolders come in handy.

Download ExFolders, import the regfile and copy the .exe-file to C:\Program Files\Microsoft\Exchange Server\V14\Bin\. You must run ExFolders.exe from that folder.


Launch ExFolders and select “Mailboxes” and “Database”. If you want to run against a preferred GC, make that selection, otherwise select the database.
 

 

exfolders3
Choose “Selected folder and subfolders” and set an output file (example: c:\folderids.txt).
Unmark all other properties and select the FolderID “ptagFID: 0x67480014“.

This will export ALL folder ID:s in every mailbox in the selected database. Note: You need full access permissions to be able to traverse the folders.

 

Search the exported file for the FolderID that matches the one in the errormessage. Now you know in which mailbox, and folder, the message is in.

In my case the FolderID matched with the “Recoverable Items”-folder in a mailbox.

 


Launch ExFolders, select the folder and “Export Item Properties”.

 

Add MessageID property, ptagMID:0x674A0014, in the field click “Add property to list” and OK

You have now exported all MessageIDs in that folder and one of them should match with the MessageID in the errormessage.

 

Depending on where the message is and what kind of action you choose to take, you can use powershell, outlook or mfcmapi to remove the message.

 

OWA / ActiveSync logs

To configure IIS logging for Exchange, start “Internet Information Services (IIS) Manager” (Server Manager or Administrative tools) and select Logs. You can turn on logging on specific directories only, i.e. OWA or Active Sync. Before doing any changes on the logging for the directories, you need to have the logging enabled on the Site level. After making the changes, you can turn off the logging on the Site again.

The IIS Logging does not purge logs, you need to create your own script and use scheduled tasks. There is an option for “Log File Rollover”, but you can not limit the total amount of data or logs. A good idea is to keep the IIS logs on a separate volume in-case the disks fill up.

There are a few options for you to get ActiveSync statistics from an Exchange 2010.

First some Powershell and then Log Parser if you don’t want to dig into the IIS-Logs yourself 😉

 

Get-ActivesyncDevice: Retrieve list of devices that have ActiveSync partnerships.

 

Get-ActiveSyncDeviceStatistics : Returns statistics about each device.

 

Export-ActiveSyncLogs : Analyzes IIS-Logs and creates reports in CSV-format.

Export-ActiveSyncLogs will generate six CSV files: “Users.csv”, “Servers.csv”, “Hourly.csv”, “StatusCodes.csv”, “PolicyCompliance.csv” and “UserAgents.csv”.

The IIS-Logs also hold username and IP-adress for the mobile device. Useful to know when the firewall guys come running down the corridor with the IP-adress for a misbehaving sync 🙂

If you have several CAS servers, you need to process the IIS-logs from each one of them.

 


 

LogParser 2.2 : http://www.microsoft.com/en-us/download/details.aspx?id=24659

LogParser Studio: http://blogs.technet.com/b/exchange/archive/2012/03/07/introducing-log-parser-studio.aspx

 

LogParserStudio

LogParserStudioQ1

 

LogParser Studio is also able to export the query as a Powershell script.

 

 

Exchange 2010 installation (and prerequisites)

There is a good article at the Microsoft web: http://technet.microsoft.com/en-us/library/bb691354(EXCHG.140).aspx

* Install Windows Server 2008 R2 and join the machine to your domain (with all the configuration that comes with it ).

 

* Install Windows Server 2008 R2 Prerequisites For Exchange 2010:
( Check the link above for your preferred configuration, below is for a machine that will host the MBX role )

 

* Set the TCP .net sharing service startup to automatic :

 

* Install Microsoft Office Filterpack (for HUB and MBX Servers)
The filters allow the Microsoft Search(Exchange) to index the content of items in common Office formats.
Office 2007 filter pack: http://www.microsoft.com/en-us/download/details.aspx?id=20109
Office 2010 filter pack SP2: http://www.microsoft.com/en-us/download/details.aspx?id=39668

 

* Register the filterpacks
http://technet.microsoft.com/en-us/library/ee732397.aspx

 

* Install Latest Exchange 2010 Servicepack and Update Rollup
Servicepack 3: http://www.microsoft.com/en-us/download/details.aspx?id=36768
Servicepack 3 Update rollup 5: http://www.microsoft.com/en-us/download/details.aspx?id=42001
 

 

Move mailbox


Move Arbitration Mailboxes

 

Install Exchange 2010 Management tools on Windows Server 2008R2

Manual installation:
Install the following prerequisite components:
.Net Framework 3.5 (Net-Framework-Core)
IIS6 Management Console (Web-Lgcy-Mgmt-Console)
IIS6 Metabase Compability (Web-Metabase)

Launch Exchange (sp3) setup CD and select Custom Exchange Server Installation.

 

…and same with Powershell: