- Logon to the correct back end server
- Open IIS manager (Start > Run > Inetmgr)
- Browse to the "Exchange Back End" website
- Click Bindings
- Mark the "https" binding (normally on port 444) and click Edit...
- Verify (or change to) the correct certificate
- Click OK
- Click Close
- Restart IIS on the server (IISRESET /noforce)
Thursday, July 10, 2014
Solve Exchange 2013 OWA and ECP page blank after login
Tuesday, March 18, 2014
How to Create Certificates with a Longer Validity Period
1. In CA Server(Server name DC1), Add C:\Windows\CAPolicy.inf with following content, where [DC1] is NETBIOS name of CA server, and 10 is period of the certificate
certutil -getreg ca\ValidityPeriod
certutil -getreg ca\ValidityPeriodUnits
3. In Command Prompt,set the period, type following to change the period, where 10 is the periof of the certificate
certutil -setreg ca\ValidityPeriodUnits 10
4. Restart Active Directory Certificate Services
5. After you do that restart the Active Directory Certificate Services service. Now you’re ready for the next step, which is to create a new template that you can use to issue SSL certs that are good for 10 years. Start by opening up a new MMC window (Start…Run…mmc.exe) and then add 3 snap-ins: Certification Authority (for the local computer), Certificates (for the current user), and Certificates (for the local machine). Once those are added, expand the Certification Authority, right-click on the Certificate Templates node and select Manage:
6. That opens up the Certificate Templates console. Now, to simplify things you can just copy the existing Web SSL template. Scroll down the list of certificate templates until you find the named Web Server, right-click on it and select Duplicate Template. A dialog will pop up where you can set all the attributes that you want certificates based on this template to have. Here are the minimum changes you should make:
7. You should be back on the original MMC window you opened, so click on Certificate Templates again and this time select New…Certificate Template to Issue:
That will bring up a dialog that lists the certificate templates, and you can select the certificate template you just created. Most of the hard work is done at this point.
[Version]2. In Command Prompt, check the period, type following to check the certificate
Signature=”$Windows NT$”
[DC1]
RenewalValidityPeriod=Years
RenewalValidityPeriodUnits=10
certutil -getreg ca\ValidityPeriod
certutil -getreg ca\ValidityPeriodUnits
3. In Command Prompt,set the period, type following to change the period, where 10 is the periof of the certificate
certutil -setreg ca\ValidityPeriodUnits 10
4. Restart Active Directory Certificate Services
5. After you do that restart the Active Directory Certificate Services service. Now you’re ready for the next step, which is to create a new template that you can use to issue SSL certs that are good for 10 years. Start by opening up a new MMC window (Start…Run…mmc.exe) and then add 3 snap-ins: Certification Authority (for the local computer), Certificates (for the current user), and Certificates (for the local machine). Once those are added, expand the Certification Authority, right-click on the Certificate Templates node and select Manage:
6. That opens up the Certificate Templates console. Now, to simplify things you can just copy the existing Web SSL template. Scroll down the list of certificate templates until you find the named Web Server, right-click on it and select Duplicate Template. A dialog will pop up where you can set all the attributes that you want certificates based on this template to have. Here are the minimum changes you should make:
-
General tab: change the display name to something useful. In my case I called my SharePoint Hybrid Long Term SSL. Change the Validity Period to 10 years.
- Request Handling tab: check the option to Allow private key to be exported.
7. You should be back on the original MMC window you opened, so click on Certificate Templates again and this time select New…Certificate Template to Issue:
That will bring up a dialog that lists the certificate templates, and you can select the certificate template you just created. Most of the hard work is done at this point.
Saturday, March 8, 2014
Enable Hyper-V on Hyper-V server
1. Enable-WindowsOptionalFeature –Online -FeatureName Microsoft-Hyper-V –All -NoRestart
2. Install-WindowsFeature RSAT-Hyper-V-Tools -IncludeAllSubFeature
2. Install-WindowsFeature RSAT-Hyper-V-Tools -IncludeAllSubFeature
Monday, February 24, 2014
create mailbox in exchange 2010 for sub domain user
In root domain controller, insert Exchange 2010 installation CD to d drive then type d:\setup /preparedomain:xxx.yyy.zzz (your sub-domain)
The Name on the security certificate is invalid or does not match the name of the site
In the CAS role of Exchange Server, Open Exchange Management Shell, input the following:
- Set-ClientAccessServer -Identity "servername" –AutodiscoverServiceInternalURI https://owa.exmple.com/autodiscover/autodiscover.xml
- Set-WebServicesVirtualDirectory -Identity "servername\EWS (Default Web Site)" –InternalUrl https://nlb.nwtraders.msft/EWS/Exchange.asmx
- Set-OABVirtualDirectory -Identity “servername\OAB (Default Web Site)” -InternalURL https://owa.exmple.com/OAB
- Enable-OutlookAnywhere -Server servername -ExternalHostname “owa.example.com” -ClientAuthenticationMethod “NTLM”
- Set-ActiveSyncVirtualDirectory -Identity “servername\Microsoft-Server-ActiveSync (Default Web Site)” -InternalURL https://owa.exmple.com/Microsoft-Server-Activesync
Subscribe to:
Posts (Atom)
-
Connect to the ESXi host with SSH Stop the USB arbitrator service. This service is used to passthrough USB device from an ESX/ESXi host to...
-
If you see an error like SMTP -> ERROR: Failed to connect to server: Permission denied (13) , you may be running into SELinux preventing...
-
Exchange Server 2013 Unable to access OWA or ECP. - "Something went wrong" or "500 unexpected error"Open the ADSI editor on the primary domain controller Go to CN=Configuration --> CN=Services --> CN=Microsoft Exchange --> CN=...
