Comments for Cohesive Logic http://cohesivelogic.com The Microsoft Infrastructure Experts Fri, 27 Apr 2012 07:12:12 +0000 hourly 1 http://wordpress.org/?v=3.3.2 Comment on Exchange 2010 & Single Name SSL Certificates by Animesh http://cohesivelogic.com/2011/01/exchange-2010-single-name-ssl-certificates/comment-page-1/#comment-538 Animesh Fri, 27 Apr 2012 07:12:12 +0000 http://cohesivelogic.com/?p=501#comment-538 I am setting up this kind of environment right now. Since we are required to use SRV record as a necessary arrangement, Outlook users will receive a pop-up about the redirection through SRV record. It looks like this ================================================== Allow this website to configure user@domain server settings? http:// Your account was redirected to this website for settings. You should only allow settings from sources you know and trust. ================================================== All Outlook version that can use Autodiscover, are affected by this customized configuration. To mitigate the pop-up issue with the end users, one needs to deploy a group policy with the necessary registry changes for all users. Outlook 2011 for MAC users can't be governed by the group policy and therefore, will continue to see this pop-up and will have to manually configure it to not show-up again. For group-policy issue, Terry Lau has made a wonderful blog, which I'll be using too. http://terrytlslau.tls1.cc/2011/10/how-to-suppress-autodiscover-redirect.html I am setting up this kind of environment right now. Since we are required to use SRV record as a necessary arrangement, Outlook users will receive a pop-up about the redirection through SRV record. It looks like this

==================================================
Allow this website to configure user@domain server settings?

http://

Your account was redirected to this website for settings.
You should only allow settings from sources you know and trust.
==================================================

All Outlook version that can use Autodiscover, are affected by this customized configuration. To mitigate the pop-up issue with the end users, one needs to deploy a group policy with the necessary registry changes for all users. Outlook 2011 for MAC users can’t be governed by the group policy and therefore, will continue to see this pop-up and will have to manually configure it to not show-up again.

For group-policy issue, Terry Lau has made a wonderful blog, which I’ll be using too.

http://terrytlslau.tls1.cc/2011/10/how-to-suppress-autodiscover-redirect.html

]]> Comment on Checking Exchange 2010 Database Health with PowerShell by Jimmy Wang http://cohesivelogic.com/2010/08/checking-exchange-2010-database-health-with-powershell/comment-page-1/#comment-473 Jimmy Wang Fri, 02 Mar 2012 14:19:32 +0000 http://cohesivelogic.com/?p=252#comment-473 do you also have script to run to check diskspace drive warning ? do you also have script to run to check diskspace drive warning ?

]]> Comment on Checking Exchange 2010 Database Health with PowerShell by Jimmy Wang http://cohesivelogic.com/2010/08/checking-exchange-2010-database-health-with-powershell/comment-page-1/#comment-472 Jimmy Wang Fri, 02 Mar 2012 14:18:12 +0000 http://cohesivelogic.com/?p=252#comment-472 this script works perfectly and would like to know how can i output the file ? this script works perfectly and would like to know how can i output the file ?

]]> Comment on Compliance Transport Rules by Rene http://cohesivelogic.com/2011/02/compliance-transport-rules/comment-page-1/#comment-471 Rene Mon, 27 Feb 2012 23:20:23 +0000 http://cohesivelogic.com/2011/02/compliance-transport-rules/#comment-471 Thanks for the info on this. I changed the order to (-|\s|.) and it blocked hypens, spaces and nospaces. Hope that helps anyone else looking at is. Rene Thanks for the info on this.

I changed the order to (-|\s|.) and it blocked hypens, spaces and nospaces.

Hope that helps anyone else looking at is.

Rene

]]> Comment on Exchange 2010 & Single Name SSL Certificates by Scott Fortier http://cohesivelogic.com/2011/01/exchange-2010-single-name-ssl-certificates/comment-page-1/#comment-461 Scott Fortier Fri, 11 Nov 2011 19:02:57 +0000 http://cohesivelogic.com/?p=501#comment-461 Jeremy, Thank you very much for this right up. This was exactly the solution I needed. I had been stuck for a while installing a new Exchange 2010 server into a domain with a lot of Windows, Linux, and Netware servers that had a non standard domain name ending in .loc ( from the Windows NT days ). Since the domain name was not a standard .local, .priv. etc, we were unable to obtain a SSL certificate for it. Now everything on this new exchange server worked perfectly except whenever a local Outlook 2010 client would attempt to connect, it would receive the annoying certificate warning from the self signed cert. Since local and external clients can access this server via it's public IP, this article solved the problem I had been questioning people about for more than a week in a matter of minutes. Thanks, Scott Jeremy,

Thank you very much for this right up. This was exactly the solution I needed. I had been stuck for a while installing a new Exchange 2010 server into a domain with a lot of Windows, Linux, and Netware servers that had a non standard domain name ending in .loc ( from the Windows NT days ). Since the domain name was not a standard .local, .priv. etc, we were unable to obtain a SSL certificate for it. Now everything on this new exchange server worked perfectly except whenever a local Outlook 2010 client would attempt to connect, it would receive the annoying certificate warning from the self signed cert. Since local and external clients can access this server via it’s public IP, this article solved the problem I had been questioning people about for more than a week in a matter of minutes.

Thanks,
Scott

]]> Comment on Exchange 2010 & Single Name SSL Certificates by Brian Ipsen http://cohesivelogic.com/2011/01/exchange-2010-single-name-ssl-certificates/comment-page-1/#comment-454 Brian Ipsen Sat, 29 Oct 2011 21:07:28 +0000 http://cohesivelogic.com/?p=501#comment-454 I am actually trying to implement this - as an upgrade from 2007 to 2010, and I had everything working before the upgrade. Now - in my test environment - I have tried this, but the internal outlook client pops up with a certificate warning on autodiscover.domain.com - even though the URL's have been set to the name of the certificate. So I wonder if outlook somehow automatically tries to https connect to autodiscover.xxxxx.yyy - where xxxxx.yyy is the domain part of the users email address... I am actually trying to implement this – as an upgrade from 2007 to 2010, and I had everything working before the upgrade. Now – in my test environment – I have tried this, but the internal outlook client pops up with a certificate warning on autodiscover.domain.com – even though the URL’s have been set to the name of the certificate. So I wonder if outlook somehow automatically
tries to https connect to autodiscover.xxxxx.yyy – where xxxxx.yyy is the domain part of the users email address…

]]> Comment on Exchange 2010 & Single Name SSL Certificates by Exchange Certificates http://cohesivelogic.com/2011/01/exchange-2010-single-name-ssl-certificates/comment-page-1/#comment-450 Exchange Certificates Fri, 30 Sep 2011 09:33:47 +0000 http://cohesivelogic.com/?p=501#comment-450 [...] you will also need to change the autodiscovery URLs to all use the name covered by the SSL cert. Exchange 2010 & Single Name SSL Certificates | Cohesive Logic - The Microsoft Infrastructure Exp... Reply With Quote   [...] [...] you will also need to change the autodiscovery URLs to all use the name covered by the SSL cert. Exchange 2010 & Single Name SSL Certificates | Cohesive Logic – The Microsoft Infrastructure Exp… Reply With Quote   [...]

]]> Comment on How To: Create PTR Entries for a Classless Reverse DNS Zone on Windows 2008 by What’s wrong with my reverse lookup zone? - Admins Goodies http://cohesivelogic.com/2009/11/how-to-create-ptr-entries-for-a-classless-reverse-dns-zone-on-windows-2008/comment-page-1/#comment-435 What’s wrong with my reverse lookup zone? - Admins Goodies Sun, 14 Aug 2011 10:07:52 +0000 http://cohesivelogic.com/?p=140#comment-435 [...] http://cohesivelogic.com/2009/11/how-to-create-ptr-entries-for-a-classless-reverse-dns-zone-on-windo... [...] [...] http://cohesivelogic.com/2009/11/how-to-create-ptr-entries-for-a-classless-reverse-dns-zone-on-windo… [...]

]]> Comment on Windows Phone 7 SSL by Good-Bye Android | MCB Systems http://cohesivelogic.com/2011/01/windows-phone-7-ssl/comment-page-1/#comment-298 Good-Bye Android | MCB Systems Fri, 11 Feb 2011 22:18:18 +0000 http://cohesivelogic.com/2011/01/windows-phone-7-ssl/#comment-298 [...] native RDP client (even my Windows Mobile 2003 phone had that). It doesn’t support StartSSL, but this article says I should be able to add the certificate. It also is late on delivering its first update, but [...] [...] native RDP client (even my Windows Mobile 2003 phone had that). It doesn’t support StartSSL, but this article says I should be able to add the certificate. It also is late on delivering its first update, but [...]

]]> Comment on Exchange 2010 & Single Name SSL Certificates by Jeremy Phillips http://cohesivelogic.com/2011/01/exchange-2010-single-name-ssl-certificates/comment-page-1/#comment-239 Jeremy Phillips Wed, 05 Jan 2011 07:04:38 +0000 http://cohesivelogic.com/?p=501#comment-239 Hey Devin, thanks for replying. In answer to your questions: 1) I actually didn't insist on mail.domain.com... As I stated it's an example FQDN. While you could use autodiscover.domain.com I'm not sure many people would want to use that for OWA. While I agree with not using a CNAME I can't think of any downsides to using an SRV record myself, perhaps you could elucidate what's wrong with it? 2) I wrote this up for someone who has 4 mailboxes and uses their Exchange environment as a learning environment more than anything else. Not everyone wants to spend $90/year on SAN certs for extremely small environments. Hey Devin, thanks for replying. In answer to your questions:

1) I actually didn’t insist on mail.domain.com… As I stated it’s an example FQDN. While you could use autodiscover.domain.com I’m not sure many people would want to use that for OWA. While I agree with not using a CNAME I can’t think of any downsides to using an SRV record myself, perhaps you could elucidate what’s wrong with it?
2) I wrote this up for someone who has 4 mailboxes and uses their Exchange environment as a learning environment more than anything else. Not everyone wants to spend $90/year on SAN certs for extremely small environments.

]]>