Tag: Exchange

Finding SMTP Relay Senders

~ Ariel ~ Leave a comment

To start with check to see if practical365.com is still live, this site has a more comprehensive look at what we are doing here.

Here is the sort version of what you need to do.
#Show current settings for connectors listening on port 25

Get-ReceiveConnector |where {$_.Bindings -like "*:25"} |ft Identity,ProtocolLoggingLevel

#Set logging to verbose for all of those connectors, make sure you aren't low on free space. It shoudn't take up much but make sure

Get-ReceiveConnector |where {$_.Bindings -like "*:25"} |ft Identity,ProtocolLoggingLevel |Set-ReceiveConnector -ProtocolLoggingLevel verbose

#Wait a day or whatever interval you think is sufficient to get a connection from all the lines of business apps

#Install Log Parser 2.2 on your hub transport servers
https://www.microsoft.com/en-us/download/details.aspx?id=24659

#Browse to your log dir, on my server I had to elevate permissions before it would let me navigate to the dir

#Open CMD and browse to the log dir
cd "D:\Program Files\Microsoft\Exchange Server\V14\TransportRoles\Logs\ProtocolLog\SmtpReceive"

#Run the following cmd
"C:\Program Files (x86)\Log Parser 2.2\logparser.exe" "SELECT EXTRACT_PREFIX(remote-endpoint,0,':') as IP,REVERSEDNS(EXTRACT_PREFIX(remote-endpoint,0,':')) as Name,Count(*) as Hits from *.log WHERE data LIKE '%EHLO%' GROUP BY IP ORDER BY Hits DESC" -i:CSV -nSkipLines:4 -rtp:-1

#It should return a table like this

After performing these steps on all of the hub transport servers that are relay targets you would want to update these devices to send though your new relay. Once they are all updated you can clear the logs and re-run this process to make sure it all worked.

Exchange: ActiveSync for Admins

~ Ariel ~ Leave a comment

While having an admin account for your primary mailbox isn’t a great idea for a lot of good reasons, it is sometimes helpful to have for testing.

If you happened to get your admin account by copying the default admin account in AD or maybe you copied another admin you may notice that you mailbox doesn’t work on your phone. I’ve seen people freak out during maintenance windows “testing” with their admin account and finding that mobile access isn’t working. There are two things that you can do to fix this.

  1. Stop coming up with the test during the maintenance window. I have had good experience putting them in the change request so that everyone is on the same page for how success is measured. This also means that if the change doesn’t work it was because X failed not because YOU failed. Perception can go for a lot and change windows can have a lot of moving parts.
  2. The issue with the mailbox/account is probably that inheritance is not enabled on the account. This is not enabled by default for the admin account. Follow the steps below to enable it.

Enable inheritance on a user account

  1. Open Active Directory Users and Computer
  2. Enable Advanced Features in the View menu
    • SNAG-0000.png
  3. Open the properties of the affected admin account
    • Select the Security tab and click the advanced button
    • SNAG-0001.png
  4. Now we get to see the magic button!!! Click enable
    • SNAG-0002.png
  5. You may get a warning if there are going to be a lot of additional ACLs applied. Not to worry its only our admin account 🙂 you didn’t tie it to anything else did you?
    • SNAG-0003.png
  6. Click apply or OK to save everything and close out
  7. For this I forced an AD sync to make sure that my change went out to all the servers, is was successful
    • SNAG-0004.png
  8. Success!!!
    • It took a few minutes for my phone to update but it works now
    • img_0381