miércoles, 11 de mayo de 2011

SSL services in exchange 2007

On exchange 2007 there are many client protocols as 2003 as well, when import a cert on the CAS or HUB server, we are able to co consolidate or associate those with all services (pop3, imap4,smtp,owa).

For a clients outlook express and SMTP we must take care with the configuration, by default there is a receive connector for a clients:





On the client:





We are using an internal PKI and in order to request a new SMTP certificate using the Exchange Management Shell use the following cmdlet:

New-ExchangeCertificate –GenerateRequest –Path c:\cert.req –SubjectName “cn=relay.apatricio.local” –FriendlyName “Internal Relay Certificate” –PrivateKeyExportable:$True

Now, let’s request the certificate created using the Certification Authority webpage:

  1. Logged on Exchange Server open the http:///certsrv, where is your server which hosts the Certification Authority.
  2. Click on Request a Certificate link.
  3. Click on advanced certificate request.
  4. Click on the second link which is Submit a certificate request by using a base-64-encoded CMC or PKCS #10 file, or submit a renewal request by using a base-64-encoded PKCS #7 file.
  5. Open the file C:\cert.req which was created by New-ExchangeCertificate cmdlet and copy the content.
  6. Paste the content of that file into the Base-64-encoded certificate request field in the webpage.
  7. On the same page, select Web Server in the Certificate Template field and then click the Submit button.
  8. On the new page, click on the Download Certificate link and save it in the C:\ root of the Exchange Server.

Let’s import the new certificate, to do that use this cmdlet:

Import-ExchangeCertificate –Path:C:\certnew.cer

Note:
The file name and path is just an example, you have to use the file name and path that you have used in the previous step.

Time to enable the new imported certificate to be used by the SMTP service using the Exchange Management Shell. To enable it we just need to copy the Thumbprint that was shown when we imported the request in the previous step and use this cmdlet:

Enable-ExchangeCertificate –Thumbprint -Services SMTP

You will be prompted to change the default SMTP certificate, just type in N and hit enter.

Use get-excgangecertificates | fl PS to see the current services attached on the cert:

More information:

http://technet.microsoft.com/en-us/library/aa997231%28EXCHG.80%29.aspx

For enable logging:



Publicado por en No hay comentarios:

martes, 10 de mayo de 2011

Information Store and Log sequence numbers

Event 514 on our exchange server means that the logs sequence is consume and when is completed, all Exchange databases will dismounted.

Information Store (6768) XXX: Log sequence numbers for this instance have almost been completely consumed. The current log generation is 933000 (0x000E3C88) which is approaching the maximum log generation of 1048559 (0x000FFFEF), there are 115559 (0x0001C367) log generations.

So the maximum log generation is 1048559 (0x000FFFEF) and remains 115559 logs to consume, so ig we find on the APP eventvwr the event number 214, we can estimate how many logs our Exchange use by day and we can estimate how many days we have until to have this problem.

Exchange 2007 supports 2 billion log files (2147483628) which is 7fffffec in hexadecimal.

Notice that if you miss the ESE 514 warning your databases will dismount and generate the following events:

Event ID: 1159
Event Type: Error
Event Source: MSExchangeIS
Event Category: General
Description: Database error 0xfffffdf9 occurred in function JTAB_BASE::EcEscrowUpdate while accessing the database "First Storage Group\Mailbox Store (SERVER)".

Event ID: 9518
Event Type: Error
Event Source: MSExchangeIS
Event Category: General
Description: Error 0xfffffddc starting Storage Group Path_of_Storage_Group on the Microsoft Exchange Information Store. Storage Group - Initialization of Jet failed.

More info.
http://support.microsoft.com/kb/830408

Solution:

One of the common solution is dismount all database that are part of storage group, move out all logs and CHK file, mount all databases, CHK file and transaction logs will create starting in 0.

1--


2--


3--


4--


After that, all incremental backup are unusable, so run a full backup after this procedure.
Publicado por en 1 comentario:
Suscribirse a: Comentarios (Atom)