Monday, September 28, 2015

Configuring Client Access Web Directory URL Settings on Multiple Access Servers

Hi folks,

Just wanted to share with you a quick and easy way to configure virtual directories URL settings for each of client access protocols in Exchange 2013 or 2016.

This is usually one of the first steps of configuring CAS layers on Exchange servers. And because there's a lot of typing there's always a risk to make a mistake when typing the URL of each virtual directory. To avoid an error PowerShell magic scripting comes to our help.

As the first step we need to properly configure virtual directories as described here. After this we need to check that all the URLs are configured without a mistake. If this is a true then we are ready to put together a script which can be easily applied for the rest of CAS virtual directories in your environment.

You can achieve it by creating a variable for each of the virtual directories and then use InternalUrl and ExternalUrl attribute values to configure the InternalURL and ExternalURL of the virtual directories on the remaining servers. You can this way configure from 1 to the unlimited number of the servers.

$OWA = Get-OwaVirtualDirectory -Server SERVER1
Set-OwaVirtualDirectory -Identity "SERVER2\OWA (Default Web Site)" -InternalUrl $OWA.InternalUrl -ExternalUrl $OWA.ExternalUrl

$ECP = Get-EcpVirtualDirectory -Identity "SERVER1\ECP (Default Web Site)"
Set-EcpVirtualDirectory -Identity "SERVER2\ECP (Default Web Site)" -InternalURL $EC.InternalUrl -ExternalUrl $ECP.ExternalUrl

$OAB = Get-OABVirtualDirectory -Identity "SERVER1\OAB (Default Web Site)"
Set-OABVirtualDirectory -Identity "SERVER2\OAB (Default Web Site)" -InternalUrl $OAB.InternalUrl -ExternalUrl $OAB.ExternalUrl –RequireSSL:$true

$EWS = Get-WebServicesVirtualDirectory -Identity "SERVER1\EWS (Default Web Site)"
Set-WebServicesVirtualDirectory -Identity "SERVER2\EWS (Default Web Site)" -InternalUrl $EWS.InternalUrl -ExternalUrl $EWS.ExternalUrl

$OA=Get-OutlookAnywhere -Identity "SERVER1\Rpc (Default Web Site)"

Set-OutlookAnywhere -Identity "<Server Name>\Rpc (Default Web Site)" -InternalHostname $OA.InternalHostname  -ExternalHostname $OA.ExternalHostname

I hope that it helps you as it helped me.


Monday, September 21, 2015

Configuring Receive Connectors for Application Authentication

Hi folks,

I have recently had an adventure with Exchange 2013 which I want to share with you. I have installed a new Exchange 2013 server into my environment.

The bad surprise awaited me when configuring an application server to send email via Exchange server. Application was configured to issue STARTTLS command. Server was configured with the appropriate certificate (which in addition to the load balanced host name should be containing SMTP server's host name. However when attempting to send a test email i got error: 535 5.7.3 Authentication unsuccessful.

It was especially surprising, especially because I could login using clients like OWA. The answer actually was in PermissionGroups of the front-end receive connector which by default doesn't include  the "Exchange Users" group.

To make my application authenticating against Exchange servers I had to configure default front-end connector to include "Exchange users" group into permissions group. If you are running  Exchange 2010 you do it on the receive connector or you can do the same on the back end connector on the mailbox server (which is actually a default setting on Exchange 2013).

Set-ReceiveConnector "Default Frontend ServerName" -PermissionGroups ExchangeUsers,ExchangeServers,ExchangeLegacyServers

As a result i have got so desired 235 2.7.0 Authentication successful response and email was successfully submitted and sent to its recipients.