Dec 28 2010

Renewing TLS Certificate on a Hub Transport Server

I received an event today advising me that the local TLS certificate has expired and needs to be renewed. Here is the event info.

TLS Cert Expired Event

We need to renew this Certificate otherwise mailflow in Exchange 2007 will stop working. To do this open Exchange Management Shell and type the following:
Get-ExchangeCertificate | fl
You will be presented with all the certs installed on the server. You need to now find the cert that has expired. An example of an expired cert is:
AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System
                     .Security.AccessControl.CryptoKeyAccessRule, System.Securi
                     ty.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {XXXX01, XXXX01.domainname.local}
HasPrivateKey      : True
IsSelfSigned       : True
Issuer             : CN=SERVER01
NotAfter           : 2010/12/28 09:33:12 AM
NotBefore          : 2009/12/28 09:33:12 AM
PublicKeySize      : 2048
RootCAType         : Unknown
SerialNumber       : 8E1600C9A48960A64F515084A643CF4D
Services           : SMTP
Status             : Invalid
Subject            : CN=SERVER01
Thumbprint         : 459CA3A8D2CE3A300839D6254ACD4A5642F25185
The easiest way to renew the above certificate is to export the first cmdlet we ran to a text file and then copying the cert. To do that do the following:
  • Get-ExchangeCertificate | fl >c:cert.txt
  • Now open the cert.txt document that you created with the above command and copy the Thumbprint of the expired cert.
  • Then run Get-ExchangeCertificate -Thumbprint c6289cd8465c99ab249c60f8893jan7d889a4afc | New-ExchangeCertificate where the thumbprint number should be the one you copied from cert.txt. (Just delete the above thumbprint and paste your thumb print in it’s place)
  • Choose yes to overwrite the old certificate. (Before you click yes make sure the thumbprint is the same as the one in cert.txt as you do not want to overwrite a different cert)
  • Run Get-ExchangeCertificate | fl and check the dates and status to see if the new cert was created successfully.

I used the following URL to assist me with renewing the Cert. There are more info on the article regarding 3rd Party Certs etc.


Dec 22 2010

How to send mail using Telnet (This is to test SMTP mail sending issues)

Open a Command Prompt and type the following to test sending mail using SMTP:
(This is used to test that SMTP is working and that port 25 is open.)

 

telnet mail.domain.ext 25
HELO
MAIL FROM: mail@domain.ext        (this  e-mail address should be the address from the domain that you are testing from)
RCPT TO: mail@otherdomain.ext
DATA
Subject:-type subject here- then press enter twice (these are needed to conform to RFC 882)
To tell the mail server that you have completed the message enter a single “.” on a line on it’s own.


Dec 22 2010

How to setup Autodiscovery on Exchange 2007

This is how to setup Autodiscover for Exchange 2007 after the trusted certs have been setup:

Create an AutoDiscover DNS Record on you DC

– Open t DNS Manager.
– Expand Forward Lookup Zones then expand domain.xx
– Right-click domain.xx and select New Host(A)
– Type autodiscover and the IP Address of the Exchange 2007 server, then click on add.
– Click OK then click Done.

Configure Exchange 2007 Server

– On the Exchange server open Exchange Management Shell
– Type the following:  Set-OutlookProvider –id exch –ssl:$true and press Enter.
– Then type the following: Set-OutlookProvider –id exch –server:servername and then press Enter.