Tech for Techs

- Create connector
- Assign only anonymous permissions
- Bind IP

You must run this command after creating the connector

Get-ReceiveConnector "Anonymous Relay" | Add-ADPermission -User "NT AUTHORITY\ANONYMOUS LOGON" -ExtendedRights "Ms-Exch-SMTP-Accept-Any-Recipient"

PROBLEM:
When trying to connect to a remote workstation through Remote Web Access, nothing happens when clicking connect.

SOLUTION:
Review the following steps to re-enable access:

• Ensure that the remote computer has remote access enabled and that the firewall settings are correct
• Ensure that you are connecting using Internet Explorer 10, or if using IE11, ensure that the server has the latest updates (these address connection issues with IE11)
• ActiveX needs to be enabled and scripts allowed (on the computer you're connecting from). You can reset Internet Explorer, and click 'Always Allow' when prompted after clicking Connect.
• Add your Remote Web Access portal address to your list of trusted sites

If, after clicking connect, you have been prompted to allow ActiveX controls, but then nothing else happens, and you are able to connect after restarting your server, the issue is more than likely due to your Remote Web Access not starting due to excessive memory usage on your server. To correct the issue you can set the Remote Web Access to ignore available memory:

Using Notepad open the Web Configuration file on the server located at:
C:\ProgramFiles\Windows Small Business Server\Bin\WebApp\RemoteAccess

Locate the command line (near the bottom of the file):
<serviceHostingEnvironment aspNetCompatibilityEnabled="true"/>

Insert the following code into the above command line:
minFreeMemoryPercentageToActivateService="0"

So the completed line should be (all on one line):
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" minFreeMemoryPercentageToActivateService="0" />

This should allow your Remote Web Access to connect regardless of the available memory on the server.

Required Software:

• Internet Explorer 10 (or older)
• Latest Java update

Internet Explorer Configuration:

• Internet Options > Security > Trusted Sites
• Set 'Security level for this zone' to 'Low'
• Add https://mytools.gatewayedi.com to 'Sites'
• Internet Options > Programs > Manage add-ons > Toolbars And Extensions
• Confirm that Java in enabled

Java Configuration:

• Start > Java > Configure Java > Security > Edit Site List (Java 7 Update 51 and newer)*
• Add https://mytools.gatewayedi.com

*If you have to use an older version of Java, change the security level from 'High(recommended)' to 'Medium' however this change can leave your system vulnerable.

---

Common Errors:

When trying to manage claims you are prompted that you do not have Java and to update.

• Confirm that you have the latest version of Java installed and enabled
• Confirm that you are not using Internet Explorer 11, if so, remove, restart, and install IE10 if required.
• Check that https://mytools.gatewayedi.com is listed as a trusted site and trusted site security is set to low

"Missing required permissions manifest attribute in main jar" error when trying to send claims

• Ensure you have the latest version of Java installed and that it's enabled in Internet Explorer
• Edit the security settings for Java by adding https://mytools.gatewayedi.com to the site list or setting Java security to medium through 'Configure Java' located in the Windows Start menu.

PROBLEM:
VMware vCenter Converter - Error: Unable to locate the required Sysprep files 2003
VMware vCenter Converter - Warning: Unable to update boot.ini

SOLUTION:
1.) Go to:
http://www.microsoft.com/downloads/details.aspx?FamilyID=93f20bb1-97aa-4356-8b43-9584b7e72556&displaylang=en

2.) Download the WindowsServer2003-KB926028-v2-x86-ENU.exe
3.) Run exe with option "/x" behind it.
4.) Extract or UnPack it to:
"C:\ProgramData\Application Data\VMware\VMware vCenter Converter Standalone\sysprep"

5.) go to:
"C:\ProgramData\Application Data\VMware\VMware vCenter Converter Standalone\sysprep\SP2QFE"

6.) Extract or UnPack the "deploy.cab" into the following directory:
C:\ProgramData\Application Data\VMware\VMware vCenter Converter Standalone\sysprep

PROBLEM:
Disable Internet Explorer 11 Auto Install (IE 11, IE11).
Disable Internet Explorer 11 installation in Group Policy (GPO).

SOLUTION:
1.) Download the IE 11 Blocker Toolkit.
http://www.microsoft.com/en-us/download/details.aspx?id=40722

2.) Open the .exe and save the files.

3.) Add to your group policy template:

Now go to group policy management and create a new policy and edit it or edit an existing policy.
Go to Computer configuration>polices, right click on "Administrative Templates" and click add/remove templates
click "Add..." and go to the folder you put the files and choose the "IE11_Blocker.adm"

4.) Block or Unblock IE 11.

Open Administrative Templates>Classic Administrative Templates> Windows Components>Windows Update>Automatic Updates blocker v3

Then select "Do not allow delivery of internet explorer 10 through automatic updates" edit the policy settings to either enable (to block) or disable (to allow).

PROBLEM:
Emails with attachments are not delivered to exchange 2010, or 2007 server.

SOLUTION:
The problem is possible due to the time out setting on the receive connector in exchange.

Use the Set-ReceiveConnector cmdlet to change an existing Receive connector.

EXAMPLE:
This example makes the following configuration changes to the Receive connector Internet Receive Connector:

1.) Sets the Banner to 220 mail.example.com OK.
2.) Configures the Receive connector to time out connections after 15 minutes.

Set-ReceiveConnector -Identity "Internet Receive Connector" -Banner "220 mail.example.com OK" -ConnectionTimeout 00:15:00

REFERENCES:
http://technet.microsoft.com/en-us/library/bb125140.aspx
http://technet.microsoft.com/en-us/library/bb124740(v=exchg.150).aspx

Enable / Disable Junk Email Rule for User

Set-MailboxJunkEmailConfiguration "<User>" -Enabled <$true | $false>

-example-

Set-MailboxJunkEmailConfiguration "John Doe" -Enabled $false




Add / Block Trusted Senders or Domains

Set-MailboxJunkEmailConfiguration "<User>" -<TrustedSendersAndDomains | BlockedSendersAndDomains> @{Add="<address or domain>","<address or domain>",...}

-example-

Set-MailboxJunkEmailConfiguration "John Doe" -TrustedSendersAndDomains @{Add="example@contoso.com","anysite.com"}

You can omit the @{Add=""} parameter and just list the addresses and domains to be trusted or blocked. This will overwrite any pre-existing trusted/blocked list and replace it with the newly created specifications.




Review Junk Email Rules for a Specific User

Get-MailboxJunkEmailConfiguration "<User>"

-example-

Get-MailboxJunkEmailConfiguration "JohnDoe@contoso.com"




Review Junk Email Rules for All Users

Get-MailboxJunkEmailConfiguration -Identity * | Where {$_.Enabled -eq $true}




Ref: http://technet.microsoft.com/en-us/library/dd979780%28v=exchg.150%29.aspx
Ref: http://technet.microsoft.com/en-us/library/dd979784%28v=exchg.150%29.aspx

The Content Filter filters all messages that come through all Receive connector on the exchange server. Only non-authenticated sources are filtered. Exceptions configured within the content filter will take precedence over any other user or group safe list, blocked senders, or other policies.


ENABLE / DISABLE CONTENT FILTERING

Set-ContentFilterConfig -Enable <$true | $false>

-example-

Set-ContentFilterConfig -Enable $true




ENABLE /DISABLE CONTENT FILTERING FOR EXTERNAL MESSAGES

Set-ContentFilterConfig -ExternalMailEnable <$true | $false>

-example-

Set-ContentFilterConfig -ExternalMailEnable $true




ENABLE / DISABLE CONTENT FILTERING FOR INTERNAL MESSAGES

Set-ContentFilterConfig -InternalMailEnable <$true | $false>

-example-

Set-ContentFilterConfig -InternalMailEnable $true




CONFIGURE RECIPIENT AND SENDER EXCEPTIONS

Recipient Exceptions

Set-ContentFilterConfig -BypassedRecipients example@contoso.com,example2@contoso.com

-or, to add without overwriting previous filter configurations-

Set-ContentFilterConfig -BypassedRecipients @{Add="example@contoso.com","example2@contoso.com"}



Sender Exceptions - Specific Senders

Set-ContentFilterConfig -BypassedSenders example@contoso.com,example2@contoso.com

-or, to add without overwriting previous filter configurations-

Set-ContentFilterConfig -BypassedSenders @{Add="example@contoso.com","example2@contoso.com"}



Sender Exceptions - Domains

Set-ContentFilterConfig -BypassedSenderDomains contoso.com,contoso2.com

-or, to add without overwriting previous filter configurations-

Set-ContentFilterConfig -BypassedSenderDomains @{Add="contoso.com","contoso2.com"}




CONFIGURE ALLOWED AND BLOCKED PHRASES

Allowed Phrase

Add-ContentFilterPhrase -Influence GoodWord -Phrase "<phrase>"

-example-

Add-ContentFilterPhrase -Influence GoodWord -Phrase "Quarantine Digest"



Blocked Phrase

Add-ContentFilterPhrase -Influence BadWord -Phrase "<phrase>"

-example-

Add-ContentFilterPhrase -Influence BadWord -Phrase "Send Money Now"



Remove Blocked Phrases

Remove-ContentFilterPhrase -Phrase "<phrase>"

-example-

Remove-ContentFilterPhrase -Phrase "Quarantine Digest"




CONFIGURE SCL THRESHOLDS

Enable / Disable SCL Delete and Set Delete Threshold

Set-ContentFilterConfig -SCLDeleteEnabled <$true | $false> -SCLDeleteThreshold <# value>

-example-

Set-ContentFilterConfig -SCLDeleteEnabled $true -SCLDeleteThreshold 9



Enable / Disable SCL Reject and Set Reject Threshold

Set-ContentFilterConfig -SCLRejectEnabled <$true | $false> -SCLRejectThreshold <# value>

-example-

Set-ContentFilterConfig -SCLRejectEnabled $true -SCLRejectThreshold 8



Enable / Disable SCL Quarantine and Set Quarantine Threshold

Set-ContentFilterConfig -SCLQuarantineEnabled <$true | $false> -SCLQuarantineThreshold <# value>

-example-

Set-ContentFilterConfig -SCLQuarantineEnabled $true -SCLQuarantineThreshold 5




CONFIGURE REJECTION RESPONSE

The rejection response can not exceed 240 characters.

Set-ContentFilterConfig -RejectResponse "<Custom Text>"

-example-

Set-ContentFilterConfig -RejectResponse "Your message was rejected."




ENABLE / DISABLE OUTLOOK EMAIL POSTMARKING

Set-ContentFilterConfig -OutlookEmailPostmarkValidationEnabled <$true | $false>





Ref: http://technet.microsoft.com/en-us/library/aa995953.aspx

Block messages from a specific e-mail address:

Set-SenderFilterConfig -BlockedSenders example@contoso.com,example2@contoso.com




Block messages from a specific domain:

Set-SenderFilterConfig -BlockedDomains contoso.com




Block messages from a specific domain and all subdomains:

Set-SenderFilterConfig -BlockedDomainsAndSubdomains contoso.com




Add a sender or domain to a previously created blocked list:

The examples above replace the current list of blocked senders. If you have previously configured your list and would like to add a sender or domain you can use the following commands to avoid having to retype your entire list.

$Configuration = Get-SenderFilterConfig
$Configuration.BlockedSenders += "example@contoso.com"
$Configuration.BlockedDomains += "contoso.com"
Set-SenderFilterConfig -BlockedSenders $Configuration.BlockedSenders -BlockedDomains $Configuration.BlockedDomains




Block messages that don't specify a sender:

Set-SenderFilterConfig -BlankSenderBlockingEnabled $true

Unfortunately the Exchange toolbox will not allow searching to or from fields with wildcard values, only with specific email addresses (or a list of addresses). However, using Exchange Management Shell, you can search the Exchange logs using wildcard values which is useful if you're trying to review all messages to/from a particular domain.

Open Exchange Management Shell

• Start > All Programs > Microsoft Exchange Server 20**
• Open Exchange Management Shell as an administrator (otherwise you may not be able to create your required log file)

Search for any messages sent TO any address at example.com

Get-MessageTrackingLog -ResultSize Unlimited -Start "5/1/2011" -End "5/12/2011" | where{$_.recipients -like "*@example.com"} | select-object Timestamp,SourceContext,Source,EventId,MessageSubject,Sender,{$_.Recipients} | export-csv C:\ExchangeLogResults.txt


Search for any messages sent FROM any address at example.com

Get-MessageTrackingLog -ResultSize Unlimited -Start "5/1/2011" -End "5/12/2011" | where{$_.sender -like "*@example.com"} | select-object Timestamp,SourceContext,Source,EventId,MessageSubject,Sender,{$_.Recipients} | export-csv C:\ExchangeLogResults.txt



*** This applies to Exchange 2003, 2007, & 2010 ***