POWERSHELL   Powershell – Could not create SSL/TLS secure channel



I use Powershell to send monitoring results to the Icinga API (passive checks). For example, to check if the Exchange backups were processed correctly, I run a Exchange powershell and then the results are sent using “Invoke-WebRequest” command.

Since I disabled obsolete and insecure TLSv1 and TLSv1.1 protocols in the Exchange server, the script was not working anymore returning error:… Read more

   Exchange – Bulk import of distribution group members from csv



A short but useful post:

Suppose you need to import hundreds of members to a distribution group.
The list is in a CSV file:

Name,Email
user1,user1@domain1.com
user2,user2@domain2.com
user3,user3@domain3.com
user4,user4@domain4.com
user5,user5@domain5.com
user6,user6@domain6.com
user7,user7@domain7.com
user8,user8@domain8.com
user9,user9@domain9.com
user10,user10@domain10.com
user11,user11@domain11.com
user12,user12@domain12.com
user13,user13@domain13.com
user14,user14@domain14.com
user15,user15@domain15.com
user16,user16@domain16.com
user17,user17@domain17.com
user18,user18@domain18.com
...

To bulk import all the users, a simple command like this is enough:… Read more

   Exchange – Update to fix escalation privilege vulnerability



Due to the vulnerability that allows privilege escalation I wrote about in this post, Microsoft has released a cumulative update for all supported versions of Exchange Server (Exchange 2010, 2013, 2016 and 2019).

Read more

EXCHANGE   Exchange – New vulnerability that allows privilege escalation



A new vulnerability that affects Exchange on-premise servers has been discovered recently (https://dirkjanm.io/abusing-exchange-one-api-call-away-from-domain-admin/). By making use of the high privileges Exchange servers have by default, the attacker would be able to escalate from any user with a mailbox to Domain Admin access.

According to Dirk-jan Mollema (see upper link), the vulnerability has been tested against …

  • Exchange 2013
Read more

EXCHANGE   Exchange – Message queue file mail.que large size



Symptom: Large mail.que file size

Last week my Icinga started alerting about low free space in my Exchange server disk.
After using a software to scan for file sizes I realized there was a too big mail.que file.
Exchange - Message queue file mail.que large size

This is the file in which exchange manages its queues before finally delivering emails. It is usually located in <Exchange_Installation_Path>/TransportRoles/data/Queue

Solution:

Read more

EXCHANGE   Exchange – Cannot remove exchange certificate



Some days ago I tried to cleanup old certificates from my Exchange servers, but I received the following error:

Exchange - Cannot remove exchange certificate

[PS] C:\> Remove-ExchangeCertificate -Thumbprint D09EDD6D5F18C175254AB97046AAAAAAAAAAAAA

Confirm
Are you sure you want to perform this action?
Remove certificate with thumbprint DD09EDD6D5F18C175254AB97046AAAAAAAAAAAAA from the computer's certificate store?
[Y] Yes  [A] Yes to All  [N] No  [L] No to All  [?] Help (default is 
Read more

EXCHANGE   Exchange 2013 – Cumulative Update 21 released



In June 2018 Microsoft released Cumulative Update 21 (build 15.00.1395.004) which is the last planned quarterly update for Exchange 2013 (https://blogs.technet.microsoft.com/rmilne/2018/06/19/exchange-2013-cu21-released/)

I was not sure about updating my Exchange 2013 directly from CU12 to CU21. It is supposed to be supported by Microsoft. Maybe I could install an intermediate CU before but, anyway, I decided to move on.Read more

Windows   Windows – .NET Framework 4.7.1 install stuck / hangs



I needed to install .NET 4.7.1 to allow updating Exchange 2013 to CU 21.
This is the installer I downloaded and tried to install: https://www.microsoft.com/en-us/download/details.aspx?id=56116

But the installation never ends. It remains stuck without progressing in the “Installation progress” bar. Tested both with offline and online installation:
Windows - .NET Framework 4.7.1 install stuck hangs

To install .NET Framework 4.7.1 download the msu package from the following link:… Read more

EXCHANGE   Exchange – Setting automatic completion time for Mailbox Move Request



When performing mailbox migrations using the New-MoveRequest, the movement is performed online while the user is using the mailbox without suffering outage until the end.
Only when completing the movement there are some seconds during which the user mailbox is not online.

Thats the reason to use the parameter “SuspendWhenReadyToComplete“. It moves almost all the mailbox except the … Read more

EXCHANGE   Exchange – Mailbox folders permissions to other users



A user asked me the way to grant permissions to other users to access to some of his mailbox folders. And for certain folder only read-only permissions.

Let’s suppose “testuser1” wants to allow accessing some folders to “testuser2”.

Permission configuration (Outlook)

First of all, “testuser2” must have “Reviewer” (read-only) permissions on the mailbox root
Exchange – Mailbox folders permissions to other users 1

Exchange – Mailbox folders permissions to other users 2

Then, configure the permission … Read more