Wednesday, March 19, 2008

Outlook 2007 clients complain about certificate on Exchange 2007

When you replace your built-in certificate on Microsoft Exchange Server 2007 (CAS role), your Outlook 2007 clients will produce a certificate warning message.

This is because the certificate doesn't match the name in the Exchange Server's CAS config...

The following Microsoft article describes this issue in detail and the steps to resolve it: http://support.microsoft.com/kb/940726

or

You can type them in as follows:

Set-ClientAccessServer -Identity CAS_Server_Name -AutodiscoverServiceInternalUri https://mail.contoso.com/autodiscover/autodiscover.xml

Set-WebServicesVirtualDirectory -Identity "CAS_Server_Name\EWS (Default Web Site)" -InternalUrl https://mail.contoso.com/ews/exchange.asmx

Set-OABVirtualDirectory -Identity "CAS_Server_name\oab (Default Web Site)" -InternalUrl https://mail.contoso.com/oab

Set-UMVirtualDirectory -Identity "CAS_Server_Name\unifiedmessaging (Default Web Site)" -InternalUrl https://mail.contoso.com/unifiedmessaging/service.asmx


Cheers!

Sunday, March 9, 2008

Windows Server 2008 GPO settings on 2003/XP

Greetings,

I was testing out the new feature of mapping drive letters and setting environment variables with Windows Server 2008 GPO's and found the following items are required for this to work on Windows Server 2003 and XP systems:

Windows Server 2003 Client Side Extensions for Windows Server 2003: http://www.microsoft.com/downloads/details.aspx?familyid=BFE775F9-5C34-44D0-8A94-44E47DB35ADD&displaylang=en

Windows XP Client Side Extensions for Windows XP: http://www.microsoft.com/downloads/details.aspx?FamilyID=e60b5c8f-d7dc-4b27-a261-247ce3f6c4f8&displaylang=en

NOTE: These updates can be integrated in to Windows source files by specifying the executable name with a /integrate: switch. You can also silently install the package using the /quiet mode setup switch.

...and here is a brilliant post on more detail: http://www.windowsecurity.com/articles/Group-Policy-related-changes-Windows-Server-2008-Part1.html

Cheers!

p.s. I wish they made an MSI :(

Your first Windows Server 2008 domain controller

Well now that we have the RTM release of Windows Server 2008 in all its glory, its time to sit down and figure out the quirks...

After the setup of standard edition completed I wanted to make the system a domain controller.
First off, be sure to set a static IP for your IPv4 protocol. Once you're done this you will see a notification that some adaptors are still using DHCP. But wait, I set a static IP already?? You can safely ignore this message and continue since IPv6 is now enabled by default and is configured to obtain an address automatically!

Install the Active Directory Domain Services role through Server Manager. Once complete, expand the Roles section of Server Manager and select Active Directory Domain Services. You will notice a link indicating you need to make the server a Domain Controller by running dcpromo.exe. But first....

Load the ISO or Windows Server 2008 CD on an existing Windows Server 2003 system. Open a command prompt and type the following two commands one after the other:


\sources\adprep\adprep.exe /forstPrep

\sources\adprep\adprep.exe /domainPrep

The first command will take some time to run as it updates the AD Schema so you can add your Windows Server 2008 DC.

Next, Begin your DCPROMO.EXE process on the Windows Server 2008 system. During the
process you may see the following message:

A delegation for this DNS server cannot be created because the authoritative parent zone cannot be found or it does not run Windows DNS server. If you are integrating with an existing DNS infrastructure, you should manually create a delegation to this DNS server in the parent zone to ensure reliable name resolution from outside the domain corp.contoso.com. Otherwise, no action is required.



Now I've had my domain set up for quite some time and I feel I completely understand DNS and how it works. The above warning message doesn't make much sense to me so if any of you know, please post away! The rest of the setup should complete without issue and presto! You now have a Win2k8 DC!

Cheers!