Quantcast
Channel: Exchange Server 2013 - Mail Flow and Secure Messaging forum
Viewing all 3660 articles
Browse latest View live

Help! Event ID 12014 - Microsoft Exchange 2013 could not find a certificate!?!?!?

September 18, 2014, 1:13 pm
$
0
0
Hello,

I have this error on all my Exchange 2013 SP1 mailbox servers:

"Microsoft Exchange could not find a certificate that contains the domain name "Chicago CAS FQDN" in the personal store on the local computer (looking at this error on LA MBX01). Therefore, it is unable to support the STARTTLS SMTP verb for the connector "OUTBOUNDTOIRONPORT" with a FQDN parameter of "Chicago CAS FQDN". If the connector's FQDN is not specified, the computer's FQDN is used. Verify the connector configuration and the installed certificates to make sure that there is a certficate with a domain name for that FQDN. If this certificate exists, run Enable-ExchangeCertificate - Services SMTP to make sure that the Microsoft Exchange Transport service has access to the certificate key."

I have 6 Exchange 2013 SP1 servers - all with CU6 (build 995.29).
I have intersite DAG across two sites - LA & Chicago. 

SITES
LA:
LA CAS - Windows 2012 
LA MBX01 - Windows 2012
LA MBX02 - Windows 2012

Chicago:
CH CAS - Windows 2012 R2
CH MBX01 - Windows 2012
CH MBX02 - Windows 2012

1 DAG:
Members - LA MBX01, LA MBX02, CH MBX01, CH MBX02.

The certificate installed on both LA and Chicago CAS is an external certificate from DigiCert. All mail routing goes out via IronPort located in Chicago site. The SEND connector "OUTBOUNDTOIRONPORT" has the Chicago IronPort appliance is smarthost. All of the mailbox servers (DAG members) are added as SOURCE SERVERS in the connector. At some point, I'll be configuring a new SEND connector and enable SCOPED SEND Connectors. We also have another IronPort ready in LA site. 

So, this error is confusing to me because the external certificate from DigiCert has SMTP services tied to it and outbound email is flowing from MBX servers to Chicago IronPort and out. As I understand, mailbox servers do not require external certificates only CAS because all connectivity is proxied through CAS servers. 

What do I need to do to get rid of that error? Thanks!
Search

RBL Blocklist Providers and Spam filtering - Best practices

September 19, 2014, 3:01 am
$
0
0

Good day all

I am very new to the Microsoft forums so please point me in the right direction if this question does not fall under this category.

I have been assigned to administer an Exchange 2010 server, there is no edge transport server, running version 14.01.0438.000, with Microsoft outlook as the clients software.

This Exchange environment has been implemented at the beginning of this year. We have had numerous complaints about spam received on a daily basis. Our network has all the necessary firewalls and antivirus in place. A Gateprotect Firewall, Avast endpoint for the servers and Avast email server security running on the Exchange 2010 server. I have configured the RBL blocklist providers in the content filtering and checked the logs to see if they are playing their roles. I have seen a major decrease in spam when the Avast email server security application was installed but there is still spam slipping through the cracks. The types of spam that i see everyday varies.

Examples:

  • Emails about dating, weight loss,viagra, business investments etc. 
  • Emails received that's addressed to an unknown person outside of the organization.
  • Emails received by many users in the organization that was not addressed to them but the send to address is a legitimate account within our organization.

On the Exchange server i have enabled the anti spam content filtering along with all the other filters in the organizational tree, hub transport, anti-spam tab. I set the SCL ratings - Delete = 9, reject = 7 and quarantine = 5 (created a junk mail account). Is this correct?

There are two RBL blocklist providers in the IP blocklist providers properties, zen.spamhaus.org and bl.spamcop.net. I was told not to add more blocklist providers as they will slow down the Exchange server.Is this true?Can i add in additional IP addresses and ranges to the IP blocklists in the Server configuration tree, hub transport and anti-spam tab?

The Avast Email Server Security has limited options. I have enabled the "delete spam" option and there is only a blacklist and whitelist to add in email addresses and domain names.

The Gateprotect Firewall also has limited features for fighting spam, only blacklists and whitelists. The support guys has recommended some work arounds but i am not that advanced in configuring firewalls at that level.

When tracking the IP address of spam emails that has the same heading and the same text in the body but their email addresses are different and their IP addresses are completely different,how do i block those types of spam?

With email addresses that has been "spoofed", i read up that in order to block that from occurring i would need to add in SPF records in the Control panel for our domain.What needs to be done there?

Please assist me with understanding the ways of fighting spam and what more i can do to improve the system.

Thank you in advance. 

Exchange server 2013 mail send and received problem

September 19, 2014, 3:17 am
$
0
0

Hi Support,

I have Install Exchange server 2013 and create mail box and local send received locally but days back i have not able to mail send and received. what setting are required for user mail send and received locally. and how to create mx and txt record for my domain.

Problem with reciving external mail

September 19, 2014, 7:16 am
$
0
0

Hello all,

I'm currently busy for the last couple of day to get our mail server working.

it's running on server 2012 standard r2 wih exchange 2013

the problem i'm having is that the external mail is not coming into the mailboxes i've made. internal mails are send and delivered and also sending mails to an external address is working fine.

yesterday evening i received some mail but today when i got back it didn't work anymore and i don't know where to look or how to get it to work again.

i hope you guys can help me out

greets
Rudy

Can't receive mail from external domains (hotmail, gmail, etc)

January 9, 2014, 4:55 am
$
0
0

Hi,

I have a new problem

I can't receive external email. The receive connector that i have is the following:

Default Frontend NAME.NL

TlS, Basic verification, Basic after TLS, Intergrated, Exchange verification. groups: Exchange-server, exchange-user and anon

This should be enough to receive external mail right? If I test it with gmail or hotmail I get the message: Mail delayed

cas server for second webmail URL

September 19, 2014, 5:33 am
$
0
0

Hi ,

In Exchange 2010 ,I have a plan to implement additonal cas sever for secondary webmail url (webmail2) for OWA access while primary URL (webmail1) not reachable.Can we  use this link (webmail2) for  secondary outlook anywhere URL when primary outlook anywhere url is not reachable?

Do i move RPCclientaccessserver to secondary cas server  when  both cas server in the same AD site?

There is currently no route to the mailbox database after DAG server failure

September 20, 2014, 7:02 am
$
0
0
This is an environment with Exchange 2007 and Exchange 2013.  Email is currently flowing through 2007 but all mailboxes reside in 2013.  There is a DAG setup in 2013.  We were performing HA testing and noticed when we brought down the Exchange 2013 DAG member holding the primary active manager mail flow stopped between 2007 and 2013.  Email just stayed in the queue and finally went to a queue with the error in the title.  To resolve we had to bring the server back online and restart the hub transport service on 2007 box.  Any ideas why this is happening?  Thanks.

filters for retentions policies in OWA

September 21, 2014, 9:42 am
$
0
0

I created new retention policy 'Move messages older then 180 days'

my Retention Policy works good but I need setup some filters

filter for some email boxes

filtered emails should stay in Inbox folder and does not move into archive folder

how I can do it ?

thanks

Search

IP getting listed in blocklist again and again. Mail bounched back.

September 21, 2014, 10:42 pm
$
0
0

I have exchange server 2010. whenever some particular hosts send emails on particular email IDs, their mail are bounced back with this error:

mx1.aliyun-inc.com rejected your message to the following e-mail addresses:

 

Michael Lau /sorter machine (michael@ahhongshi.net.cn)

 

mx1.aliyun-inc.com gave this error: Reject by behaviour spam at DATA State(Connection IP address:111.93.52.26)ANTISPAM_BAT[01201311R2166S321, r46d02014]: unexpected sending

 

A problem occurred during the delivery of this message to this e-mail address. Try sending this message again. If the problem continues, please contact your helpdesk.

 

merry (merry@ahhongshi.net.cn)

 

mx1.aliyun-inc.com gave this error: Reject by behaviour spam at DATA State(Connection IP address:111.93.52.26)ANTISPAM_BAT[01201311R2166S321, r46d02014]: unexpected sending

 

A problem occurred during the delivery of this message to this e-mail address. Try sending this message again. If the problem continues, please contact your helpdesk.

 

 

 

 

 

 

 

Diagnostic information for administrators:

 

Generating server: MAILSERVER.century.local

 

michael@ahhongshi.net.cn mx1.aliyun-inc.com #554 Reject by behaviour spam at DATA State(Connection IP address:111.93.52.26)ANTISPAM_BAT[01201311R2166S321, r46d02014]: unexpected sending ##

 

merry@ahhongshi.net.cn mx1.aliyun-inc.com #554 Reject by behaviour spam at DATA State(Connection IP address:111.93.52.26)ANTISPAM_BAT[01201311R2166S321, r46d02014]: unexpected sending ##

 

Original message headers:

 

Received: from MAILSERVER.century.local ([fe80::bc93:5f89:3a50:2815]) by  mailserver.century.local ([fe80::bc93:5f89:3a50:2815%10]) with mapi id  14.02.0247.003; Fri, 19 Sep 2014 10:17:50 +0530 From: Century Imports <imports@centuryinfrapower.com> To: Century Imports <imports@centuryinfrapower.com>, "Michael Lau  /sorter  machine" <michael@ahhongshi.net.cn>, merry <merry@ahhongshi.net.cn> Subject: SCAN COPY OF ORIGINAL DOCUMENTS REQUIRED Thread-Topic: SCAN COPY OF ORIGINAL DOCUMENTS REQUIRED Thread-Index: AQHP0LnsQf73yLm8GEm8+MVx4PzHcJwCJV4AgAKkACCAAYNbMIABm3eg Date: Fri, 19 Sep 2014 04:47:50 +0000 Message-ID: <B255D6F31C28164A9FDEDB612D3CFE92791F6DF4@mailserver.century.local> References: <B255D6F31C28164A9FDEDB612D3CFE926063C834@mailserver.century.local>,          <2014072809101581254714@ahhongshi.net.cn>,         <201408191712037811106@ahhongshi.net.cn>,          <201408221511192855241@ahhongshi.net.cn>,         <B255D6F31C28164A9FDEDB612D3CFE9270993E27@mailserver.century.local>,         <201408221545055356231@ahhongshi.net.cn>,          <B255D6F31C28164A9FDEDB612D3CFE9270993E46@mailserver.century.local>,         <201408221648356130215@ahhongshi.net.cn>,          <201408281721027183179@ahhongshi.net.cn>,         <201409011603127033940@ahhongshi.net.cn>,          <B255D6F31C28164A9FDEDB612D3CFE9271DE0E8C@mailserver.century.local>,         <2014090311483693708629@ahhongshi.net.cn>,          <B255D6F31C28164A9FDEDB612D3CFE9276F3FDE4@mailserver.century.local> <2014091515454764000832@ahhongshi.net.cn>   Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: yes X-MS-TNEF-Correlator: x-originating-ip: [192.168.0.125] Content-Type: multipart/related;         boundary="_008_B255D6F31C28164A9FDEDB612D3CFE92791F6DF4mailservercentu_";         type="multipart/alternative" MIME-Version: 1.0

 

I am using port 25 for sending email. I have also configured a block rule on firewall which blocks port 25 for all hosts except servers. I also scanned all hosts by AV but no virus found. what to do now. Open SMTP relay is also disabled on server.. Please help

prdeepkumawat

Route mails from a receive connector to a smart host.

September 22, 2014, 12:46 am
$
0
0

Hi All,


I have CAS and mailbox Exchange 2013 SP1 servers.

Is it possible to route all relayed mails from an external client  to a receive connecter in the (newly created) mailbox server to another smart host?

Regards,

Vinu


SSL Certificates - how to...?

September 22, 2014, 3:06 am
$
0
0

Hey Guys,

I need some help in SSL management in Exchange 2013. I have 2 CAS servers and 2 Mailboxes servers installed with wildcard certificate for clients. When I am looking into Servers -> Certificates in ECP I see several certificates assigned to SMTP service. Why there is several certificates assigned to same service? How can I check which one is valid? How to clear it up? Several certificates assigned to same service is confusing me a little bit... And I have no idea how to clean it up without breaking anything :)

Too much SPAM!

September 4, 2014, 11:55 am
$
0
0
We have Exchange 2013 SP1 CU6 on 2 servers, 1 Mailbox/hub, and 1 Edge Transport. Recently the level of SPAM that's getting through the edge has gone through the room. Where I used to get 2 or 3 a day, now I'm getting around 40. I've checked the logs and the SPAM filters seem to be blocking junk, also the RBL's are blocking a ton of mail, yet some messages that are obvious junk are still getting through with a 2 or below SCL. We have not enabled whitelisting, and the filters are up to date. Any suggestions?

Mike Pietrorazio

How to send email to a SMTP server over a secure channel using STARTTLS setting of a send connector (Exchange and SMTP server are in the same domain)

September 22, 2014, 10:36 am
$
0
0

I’m trying to send email using exchange send connector STARTTLS setting to the SMTP server. I have read multiple documents on configuring TLS for send connector, but they talks about outbound connections to internet facing servers. My Exchange 2013 and SMTP server is in the same domain (let’s say A.com) and I’m creating dummy domains on my SMTP server (e.g. user1@dummy1.local, user2@dummy2.local ) and their respective send connectors on the exchange server end. In the smart host section added the IP address of the SMTP server and in the scoping section added the SMTP domain address (e.g. dummy1.local ). In the FQDN field, added the FQDN of the exchange server 2013 which certificate is enabled with SMTP service.

Could you tell me a step by step procedure, where I’m going wrong or any extra settings needs to added?

Presently, it is giving me an error that 530 5.5.1 TLS encrypted connection is required.

Note: I’ve created the Microsoft CA certificates for the SMTP and exchange servers and imported them in the personal certificate container. In which, the exchange certificate is created with FQDN name of the server and enabled for the SMTP service.

I’m using OPENSSL certificate for making the SMTP server TLS enabled. (let me know, if I need to import the OPENSSL certificate anywhere on the exchange end)?

Thanks!


I cannot sent e-mails on the new installation exchange server 2013

September 22, 2014, 8:16 pm
$
0
0
I tried everything sent connector , DNS configuration. Internally works fine and I can receive e-mail , but when I'm sending e-mails out of the domain they all stuck on queue with code 451.4.4.0. 

451.4.4.0 Primary target IP address responded with "421.4.2.1. Unable to connect." Attempted failover to alternate host, but that did not succeed. Either there are no alternate hosts or delivery failed to all alternate hosts."

September 20, 2014, 1:23 am
$
0
0

Recently, I'm receiving some bounce email from my recipient saying "

Delivery has failed to these recipients or groups:

 email@address of my recipient
The server has tried to deliver this message, without success, and has stopped trying. Please try sending this message again. If the problem continues, contact your helpdesk.

this only happens in some of my recipient. So We check our exchange server if what's happening there, by checking, there was an error "451.4.4.0 Primary target IP address responded with "421.4.2.1. Unable to connect." Attempted failover to alternate host, but that did not succeed. Either there are no alternate hosts or delivery failed to all alternate hosts."

What does it mean. What shall I do. please help. Thanks.

Search

Unable to telnet to localhost after CU5

September 18, 2014, 3:51 am
$
0
0

Hi

We upgraded E2013 to CU5 on Sat 13 - On Thu 18 at 9:12 all 4 CAS servers stopped processing mail

error from smarthost:

421 4.3.2 The maximum number of concurrent connections has exceeded a limit, closing transmission channel

unable to telnet locally: telnet localhost 25 

421 4.3.2 Service not available

netstat -an | find "25" shows port is listening

Test-SmtpConnectivity shows success

Any ideas appreciated

shapi

On Premise SharePoint 2010 Sever Accepting Emails from Office365

September 23, 2014, 7:18 am
$
0
0

Microsoft Support,

I have an on-premise SharePoint 2010 server and I am having an issue accepting incomming emails from Office365.  I am able to send emails from the SharePoint 2010 server and the outbound connector is working fine, I am having an issue with the inbound connector.  Please provide me with the steps needed for my on-premise SharePoint 2010 server to accept incomming emails from the Office365 system (Exchange Online).

Thanks,

A.W.

Exchange server 2013 send and received issue

September 20, 2014, 4:39 am
$
0
0

Hi Support,

I have install Exchange Server 2013 with server 2012 ( my domain not resisted but mail send & received in local for practice then live ) but few days back some changes in dns and ecp and mail stop sending and receiving. how to verify my exchange server 2013 working fine. Please give the step check perpoes.     

Cannot send email from Powershell on Mailbox Role

September 25, 2014, 5:57 pm
$
0
0

Hi,

I am trying to send an email from Powershell on Mailbox role of Exchange server. I have installed Symantec Mail Security on Mailbox Role.

When I try to send email using Powershell, I got the following error.

PS C:\a> Send-MailMessage -to admin@domain.com -Subject "Alert Closed.. Service is restarted on Computer" -fromAdmin@domain.com -Body "The service was found stopped on Computer it was started automatically and it is now running normally." -bodyasHTML -priority High -SmtpServer smtp.domain.com
Send-MailMessage : Service not available, closing transmission channel. The server response was: 4.3.2 Service not active
At line:1 char:1
+ Send-MailMessage -to admin@domain.com -Subject "Alert Closed.. Service is ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (System.Net.Mail.SmtpClient:SmtpClient) [Send-MailMessage], SmtpException
    + FullyQualifiedErrorId : SmtpException,Microsoft.PowerShell.Commands.SendMailMessage

This command is working fine on every server except exchange server (CAS, Mailbox). Firewall is off on the servers.

Any help will be highly appreciated.

Regards,

Anees


Mail flow to Edge Transport from a different AD site

September 25, 2014, 7:39 pm
$
0
0

Trying to define a solution for *outbound* load balancing from Exchange 2013 organisation between Edge Transport servers.

Setup:

1 Edge Transport server in SiteA

1 Edge Transport server ins SiteB

Both subscribed to the AD site in SiteA and are therefore on the same send connector (to allow automatic load balancing and failover)

Situation:

Lets say all MBX/CA servers in SiteA go offline.  Can an MBX/CA server in SiteB send email directly to the Edge Transport that is subscribed to the AD site in SiteA, or does there need to be an MBX/CA server available in SiteA to hop through?

I'm hoping for an answer to be backed up clearly by a TechNet article or authoritative source as I can't really work with guesses.

Thanks.

Let’s say I have an Edge Transport subscribed to ADSiteA.  All MBX/HT servers in ADSiteA go down.  Can a MB/HT server in ADSiteB send an email directly to an Edge Transport subscribed to ADSiteA, or does it need to hop through an MBX/HT in the subscribed site?

David

Viewing all 3660 articles
Browse latest View live
Search