Monday, May 26, 2008

When you run the get-ExchangeAdministrator cmdlet, you receive the following message: The account is not a member of Exchange View Only Administrators


 

Well, this problem does not occur when you install the Mailbox role, the Client Access role, or the Hub Transport role. It's just when you add a passive node to a CMS… what happen in the background is the computer account for the passive node take full control over the CMS object in active directory.


 

Symptom:

The nature of the problem is visible when you go to organization configuration in the EMC and a yellow line comes up in the top and stating that a certain computer account (which is the secondly added node to the cluster-passive-) is not member of exchange view only administrator, of when you open EMS (powershell) and type Get-ExchangeAdministrator you will find the same warning indication there..


 

Resolution:

  1. Open the AdsiEdit.msc tool that is included in Windows Support Tools.
  2. Connect to the domain.
  3. Locate the following object:
  4. CN=Clustered Mailbox server,CN=Servers,CN= Exchange Administrative Group (code),CN= Administrative Groups,CN=OrganizationName,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Domain,DC=com
  5. Right-click this object, and then click Properties, go to security tab
  6. Find the computer account for the passive node
  7. Remove all permissions for that node except read permission
  8. Click advanced and add the following permission for the passive node account (Apply to: This Object Only)
    1. Write property msExchEdgeSyncCred
    2. Write property msExchServerSite
  9. In the advanced window add the following permissions for the passive node account ( Apply to: This object and all child objects)
    1. List Contents
    2. In the properties tab, check all properties that's start with (Read)


 

Get-ExchangeAdministrator


 

And viola, no more, it's done J


 

Friday, May 23, 2008

Remove the Internal IP Addresses From Message Headers

Once upon a time in Qatar, I was wondering if I can remove the internal IP addresses from the messages headers, as I saw it at that time as a security breach to expose the internal IP addresses to the external world maybe a way to help penetrators doing their job :)

I went through this article at Microsoft Technet, and it's recommended to read this article, fabulous!

To get the internal names and IPs in a message through outlook, right click the message in the left pane and choose properties, and you will find all internal data, and in OWA for Exchange 2007, It's included in the Exchange 2007 only OWA, a button called Message Details that will do the job fine on web access

the command will stripe the internal IPs and hostnames from the message sent from your internal network, what it does in the background is it remove the anonymous permission from the ms-Exch-Send-Headers-Routing attribute from the receive connector by this command:

Get-SendConnector "Connector Name" | Remove-ADPermission -AccessRight ExtendedRight -ExtendedRights "ms-Exch-Send-Headers-Routing" -user "NT AUTHORITY\Anonymous Logon

Reference:
http://technet.microsoft.com/en-us/aa998662.aspx

Saturday, May 17, 2008

Have an annoying virus in your MB DB? send it for Microsoft for analysis :)


Pretty nifty, just send email to this email address submit_virus@fss.microsoft.com


To prepare an archive file that contains the files that you want to submit, follow the steps in the "How to prepare files for submission" section. Attach the archive file to the e-mail message. When you submit the file, make sure that you include the following data.

Your name, e-mail address, and telephone numberMicrosoft will send all responses to the e-mail address that you use to submit the files. When you submit the archive file, Microsoft processes the file and then sends a determination of the files that is based on the current Microsoft malicious software definitions. If it is necessary, adjust your incoming mail filters to make sure that you receive this message.

Sample typeIf the submission includes files that you believe were incorrectly determined to be malicious software, add the words "False Positive" to the e-mail Subject line. Otherwise, the files will be assumed to be malicious software.

Support case number (optional)A support case number is not required to submit files for analysis. However, if a support case is already open for this submission, you can include this case number on the message Subject line.

Other information to include

The names of any scan engines that you are using.

Forefront Security products that you are using. For example, these might include Forefront Security for Exchange Server or Forefront Security for SharePoint.

Platform information. For example, this might be Windows Vista, Windows Server 2003, Windows 2000, or another version of Windows.


Description of the virus activity.


How to prepare files for submission:

1.In Windows Explorer, open the folder that contains the suspected malicious software files.
2.Right-click a blank area in the window, point to New, and then click Compressed (zipped) Folder.
3.Type malware.zip to name the new archive file, and then press ENTER.
4.Drop the suspected malicious software files into the archive file as you would drop them into a typical Windows folder.
5.Double-click the archive file.
6.On the File menu, click Add a Password.
7.In the Password box, type infected.
8.In the Confirm Password box, retype infected, and then click OK.

Mail flow doesn't work if Exchange 2007 Installed on Server 2008 with certain routers


Windows vista and windows Server 2008 have the TCP autotuning setting enabled by default, so if the router is small or outdated maybe it doesn't support that feature, so we have to disable the feature on Server 2008 to make that work, but beware that this will decrease the server performance

Symptom:
Mail flow doesn't work if Exchange 2007 Installed on Server 2008 with certain small routers


Cause:
That's if the router doesn't support TCP autotuning settings in Windows Server 2008.

Resolution:
open RUN==CMD== and type this command

netsh interface tcp set global autotuninglevel=disabled

this will disable the feature and we back in business

here is more info about parameters for that command from MS sites:


The following autotuning settings are available if a router supports TcpWindowScaling:

Disabled: Fix the receive window at its default value.

Highly Restricted: Allow the receive window to grow beyond its default value, but do so very conservatively.

Restricted: Allow the receive window to grow beyond its default value, but limit such growth in some scenarios.

Normal: Allow the receive window to grow to accommodate most scenarios.

Experimental: Allow the receive window to grow to accommodate extreme scenarios.