Friday, March 14, 2014

Troubleshooting Proxy settings from command prompt on MS Exchange server

Please use FQDN not just the domain name in the command.
netsh winhttp set proxy proxy-server="http=<Myproxyserver>:8080;https=<Myproxyserver>:8080" bypass-list= "CASSERVER.DOMAIN.COM"

Please change the relevant field in the above command

We might also need to run this line too:

netsh winhttp set proxy proxy-server="http=;https=" bypass-list="172.*;*;*.local".

and the same can be achieved from Internet Explorer > Tools > Internet Options > Lan settings > Proxy server settings but some times it is good to have settings from Command Prompt

There is a problem with the Proxy servers certificate The name on the security certificate is invalid or does not match the name of the target site "error 10"

Outlook 2007 
Exchange server 2010 Sp3 CU2

Issue : Outlook users are getting message when starting outlook  "There is a problem with the Proxy servers certificate The name on the security certificate is invalid or does not match the name of the target site "error 10""

There is a problem with the Proxy servers certificate The name on the security certificate is invalid or does not match the name of the target site "error 10"

Resolution : From the services console, Check the "MS Exchange RPC Client Access", if it is stopped, Set it to Start

2. Repair Outlook Profile or create a new Profile for Outlook

3. Check the EXPR value from shell
Get-OutlookProvider | FL

to set the value if you found Empty, then value using set-outlookprovider  

What and why we run the Set-OutlookProvider

The OutlookProvider is the simple "RPC over HTTP" and so what it means that "RPC over HTTP" protocol allows Outlook Mapi clients to connect Exchange server using HTTP or most of the time when Internal users are connected from home or from Outside LAN connected through Internet so another words MAPI packets are encapsulated into HTTP  and the cmdlet Set-OutlookProvider allows modifying related settings. As we can see in the table below, the parameters Server and CertPrincName only apply to Outlook EXPR provider - Outlook Anywhere clients. By default both values are set to $null.

the syntex for Outlook Provider is 

Set-outlookProvider EXPR -CertPrincipalName msstd:* -Server

where msstd stands for Microsoft Standard Format and in code and it is only there to increase security by telling Outlook to only connect to the server is the "Subject Name" and "Principal Name" mentioned in the Certificate and if you have wildcard certificate, autodiscover will not set msstd value automatically for you and you need to set the value by running the command 

Set-Outlookprovider EXPR -CertPrincipalName msstd:*

how to find value for OutlookProvider MSSTD and "CertPrincipalName" 
If the setup was working then you can go to the Outlook > Tools > Settings > Email > properties of the Email > More settings > Connection  > "Exchange Proxy Settings" 

"Use this URL to connect to my proxy server for Exchange"  value goes into "Server"

and  Under "Connect using SSL only" option "Only connect to Proxy servers that have this Principal Name in their Certificate" value goes to "CertPrincipalName" and value should

So considering the same example for few options
Set-outlookProvider EXPR -CertPrincipalName -Server

set connection to the server without looking at the Certificate value
Set-outlookProvider EXPR -CertPrincipalName $null -Server will 

On Fast networks, connect using HTTP then connect using TCP/IP (always HTTP)
set-OutlookProvider EXPR -OutlookProviderFlags:ServerExclusiveConnect

On Slow Networks, Connect using HTTP first, User TCP/IP first then HTTP (default):
Set-OutlookProvider EXPR -OutlookProviderFlags:None

Wednesday, January 22, 2014

6 interview questions you need to ask

1. "If you stayed with your current company, what would be your next move?"

2. "What makes you stand out from others?"

3. Tell me your greatest accomplishment.

4. "Give me an example of a time when you took the time to share a co-worker's achievement with others."

5. "How many hours a week do you need to work to get your job done?"

6. "Do you take enough time to make a decision?"


New High Availability Features in Exchange 2010 SP1

New High Availability Features in Exchange 2010 SP1

* Continuous replication - block mode
In the RTM version of Exchange 2010 and in all versions of Exchange 2007, continuous replication operates by shipping copies of the log files generated by the active database copy to the passive database copies. Beginning with SP1, this form of continuous replication is known as continuous replication - file mode. SP1 also introduces a new form of continuous replication known as continuous replication - block mode

* Active mailbox database redistribution
This feature is present in two forms. The first form is a script that can be periodically run by administrators to balance the distribution of active database copies across a database availability group (DAG). The second form we hope to implement is the addition of copy distribution awareness to Active Manager's best copy selection (BCS) process.

* Improved Outlook cross-site connection behavior and experience

* Enhanced datacenter activation coordination support  :  In the RTM version, DAC mode is limited to DAGs with at least three members that have at least 

two or more members in the primary datacenter.

In SP1, DAC mode has been extended to support two-member DAGs that have each member in a separate datacenter. 

* New and enhanced management and monitoring scripts
CheckDatabaseRedundancy.ps1 (new) 
StartDagServerMaintenance.ps1 and StopDagServerMaintenance.ps1 (new)
CollectOverMetrics.ps1 (enhanced)
CollectReplicationMetrics.ps1 (enhanced)

* Improvements in failover performance

Manually move the Primary Active manager in DAG

Under any circumstances, if you have to move the Primary Active Manager to another server of a DAG then from Exchange management shell use the following command

cluster.exe “DAG Name” /MoveTo:NewDAG


The SMTP BDAT command is an alternative to the DATA command, which can be used when a remote SMTP server presents the CHUNKING verb. CHUNKING is an ESMTP functionality. Microsoft Exchange servers implement this feature by default, as do other SMTP servers.

If BDAT is used to transfer emails between two SMTP servers for which the FortiGate unit is performing antivirus session scanning, delivery problems and/or performance problems may occur caused by retransmission attempts.

The problem occurs when multiple email messages are transfered within the same TCP session using multiple BDAT commands. The transfer of a single email per session, with the use of only one BDAT command does not pose a problem.