Archive

Archive for April, 2010

Script: Set-Exchange2010RedirectSSL.ps1 – Redirecting the Root Web Site to /owa and Forcing SSL in Exchange 2010

April 28, 2010 47 comments

Exchange2010LogoA common practice is to redirect the default website to the OWA site in IIS. This allows for a shorter URL for users to remember, and catches those who don’t append “/owa “. It’s a simple enough task for an administrator to do, but I wanted to script it so that I could include it in other Exchange 2010 build scripts to help streamline the process.

Another common practice is to force SSL on specific virtual directories to help enhance security of client access to Exchange. This can take a few extra minutes, but can easily be scripted as well, so I combined both into a simple script. Some of the initial code came from colleague and Exchange Ranger Mark Smith, but I converted it to PowerShell, and added some checks and balances.

Run the script after installing Exchange, and pass it the destination to forward to. An example would be

.\Set-Exchange2010RedirectSSL.ps1 -url "https://mail.ehloworld.com/owa"

This will redirect the root site to the URL listed. If you don’t specify the ForceSSL option, it will automatically secure the recommended virtual directories. To override that, set it to $false, such as

.\Set-Exchange2010RedirectSSL.ps1 -url "https://mail.ehloworld.com/owa" -ForceSSL $false

The script starts by verifying the web-http-redirect feature is installed. If not, it will install it. Then, the script will backup the current IIS config, apply the changes, then do an IISRESET for them to take effect.

If you’re not sure of how to run it, there is built in help. Just run

Get-Help .\Set-Exchange2010RedirectSSL.ps1

UPDATE: I forgot to mention that the script also assigns permissions to the web.config file for the Offline Address Book to resolve a problem where downloading of the OAB would stop in the middle after configuring HTTP redirection. Microsoft Exchange PFE Bhargav Shukla has pointed out that this was mentioned in fellow MVP Henrik Walther’s post OAB issues after simplifying the OWA 2010 URL? As mentioned earlier, I got initial code from someone else, and didn’t realize that Henrik had already posted about it. So rather than go into details on the issue, please visit Henrik’s excellent post if you’d like more info. Thanks to both Henrik and Bhargav.

Installation

Execution Policy: Third-party PowerShell scripts may require that the PowerShell Execution Policy be set to either AllSigned, RemoteSigned, or Unrestricted. The default is Restricted, which prevents scripts – even code signed scripts – from running. For more information about setting your Execution Policy, see Using the Set-ExecutionPolicy Cmdlet.

Download

v1.5 – 04-29-2014 – Set-Exchange2010RedirectSSL.v1.5.zip

v1.4 – 01-27-2014 - Set-Exchange2010RedirectSSLv1.4.zip

v1.3 – 01-30-2012 - Set-Exchange2010RedirectSSL.v1.3.zip

v1.2 – 10-19-2011 - Set-Exchange2010RedirectSSL.v1.2.zip

v1.0 – 04-26-2010 - Set-Exchange2010RedirectSSL.zip

Changelog

See the changelog for this script which details all versions and their features

Changelog: Set-Exchange2010RedirectSSL.ps1

April 26, 2010 Leave a comment

This is the changelog page for Set-Exchange2010RedirectSSL.ps1. You will find a complete list of released versions, their dates, and the features and issues addressed in each. Please refer to the script’s main page for more information including download links, installation details, and more.

v1.5 – 04-29-2014

  1. comment help cleanup per best practices
  2. param block cleanup per best practices
  3. removed some PowerShell v3 code so that the script will continue to work in v2

v1.4 – 01-27-2014

  1. Updated Set-ModuleStatus function
  2. minor code cleanup per best practices

v1.3 – 01-30-2012

  1. resolved issue with read&execute rights not being assigned to Authenticated Users on web.config file.

v1.2 – 10-19-2011

  1. adjusted what folders needed to be excluded from redirection
  2. bug fixed that would not exclude some folders if -forcessl $false was used.

v1.0 – 04-26-2010

  1. initial version

Update Rollup 10 (UR10) for Exchange Server 2007 SP1 Released

April 13, 2010 Leave a comment

Microsoft has released the following update rollup for Exchange Server 2007:

  • Update Rollup 10 for Exchange Server 2007 SP1 (981407)

If you’re running Exchange Server 2007 SP1, you need to apply Update Rollup 10 for Exchange 2007 SP1 to address the issues listed below. If you’re running Exchange Server 2007 SP2 or later, this update does not apply to you.

Remember, you only need to download the latest update for the version of Exchange that you’re running.

Here is a list of the fixes included in update rollup 10:

  1. 981832 MS10-024: Vulnerabilities in Microsoft Exchange and Windows SMTP Service could allow denial of service

Download the rollup here.

Installation Notes:

If you haven’t installed Exchange Server yet, you can use the info at Quicker Exchange installs complete with service packs and rollups to save you some time.

Microsoft Update can’t detect rollups for Exchange 2010 servers that are members of a Database Availability Group (DAG). See the post Installing Exchange 2010 Rollups on DAG Servers for info, and a script, for installing update rollups.

Update Rollups should be applied to Internet facing Client Access Servers before being installed on non-Internet facing Client Access Servers.

If you’re installing the update rollup on Exchange servers that don’t have Internet access, see “Installing Exchange 2007 & 2010 rollups on servers that don’t have Internet access” for some additional steps.

 

Update Rollup 3 (UR3) for Exchange Server 2010 Released

April 13, 2010 Leave a comment

Microsoft has released the following update rollup for Exchange Server 2010:

  • Update Rollup 3 for Exchange Server 2010 (981401)

If you’re running Exchange Server 2010, you need to apply Update Rollup 3 for Exchange 2010 to address the issues listed below.

Remember, you only need to download the latest update for the version of Exchange that you’re running.

Here is a list of the fixes included in update rollup 3:

  1. 981832 MS10-024: Vulnerabilities in Microsoft Exchange and Windows SMTP Service could allow denial of service
  2. 981664 RPC clients or MAPI on the Middle Tier clients may not receive responses from the mailbox server role on an Exchange 2010 server

Download the rollup here.

Installation Notes:

If you haven’t installed Exchange Server yet, you can use the info at Quicker Exchange installs complete with service packs and rollups to save you some time.

Microsoft Update can’t detect rollups for Exchange 2010 servers that are members of a Database Availability Group (DAG). See the post Installing Exchange 2010 Rollups on DAG Servers for info, and a script, for installing update rollups.

Update Rollups should be applied to Internet facing Client Access Servers before being installed on non-Internet facing Client Access Servers.

If you’re installing the update rollup on Exchange servers that don’t have Internet access, see “Installing Exchange 2007 & 2010 rollups on servers that don’t have Internet access” for some additional steps.

Also, the installer and Add/Remove Programs text is only in English – even when being installed on non-English systems.

Update Rollup 4 (UR4) for Exchange Server 2007 SP2 Released

April 10, 2010 Leave a comment

Microsoft has released the following update rollup for Exchange Server 2007:

  • Update Rollup 4 for Exchange Server 2007 SP2 (981383)

If you’re running Exchange Server 2007, you need to apply Update Rollup 4 for Exchange 2007 to address the issues listed below.

Remember, you only need to download the latest update for the version of Exchange that you’re running.

Here is a list of the fixes included in update rollup 4:

  1. 981832 MS10-024: Vulnerabilities in Microsoft Exchange and Windows SMTP Service could allow denial of service
  2. 981706 Exchange 2007 SP2 Update Rollup 1 or Exchange 2007 SP2 Update Rollup 2 does not install on a Spanish version of Exchange Server 2007 SP2
  3. 980639 A user can only set the time zone to Bucharest in OWA after you update Exchange Server 2007 Service Pack 1 to Exchange Server 2007 Service Pack 2

Download the rollup here.

Installation Notes:

If you haven’t installed Exchange Server yet, you can use the info at Quicker Exchange installs complete with service packs and rollups to save you some time.

Microsoft Update can’t detect rollups for Exchange 2010 servers that are members of a Database Availability Group (DAG). See the post Installing Exchange 2010 Rollups on DAG Servers for info, and a script, for installing update rollups.

Update Rollups should be applied to Internet facing Client Access Servers before being installed on non-Internet facing Client Access Servers.

If you’re installing the update rollup on Exchange servers that don’t have Internet access, see “Installing Exchange 2007 & 2010 rollups on servers that don’t have Internet access” for some additional steps.

 

Microsoft Announces Features and Timeline for Exchange Server 2010 Service Pack 1

The Exchange Product Group has finally released to the public some information regarding the upcoming service pack for Exchange 2010. A coming beta will allow admins to test in their own labs.

Among the cool features are:

Import PST Files

  1. Import historical e-mail data from PST files directly into Exchange 2010

Archive

  1. locate the Personal Archive on a different mailbox database than primary mailbox
  2. Delegate access to a user’s Personal Archive
  3. Support access to a user’s Personal Archive in Outlook 2007

Search

  1. Multi-Mailbox Search (aka Discovery): Search preview to obtain an estimate of number of items in search result-set with keyword statistics— before messages are copied to the discovery mailbox
  2. Multi-Mailbox Search: Search result de-duplication— only copies one instance of a message to the discovery mailbox, reduces amount of messages you need to review following the search
  3. Multi-Mailbox Search: Annotation of reviewed items

OWA

  1. OWA: Pre-fetch message content
  2. OWA: Delete, mark-as-read, and categorize operations run asynchronously
  3. OWA: Long-running operations such as attaching a very large file will not block the rest of the OWA experience
  4. OWA: Number of other UI improvements
  5. OWA: Web-Ready Document Viewing of IRM-protected documents in Safari on a Mac, and FireFox and Internet Explorer on Windows
  6. OWA: OWA themes are back!
  7. OWA: Reading pane can be placed on the bottom or on the right

Calendar Sharing

  1. Users can share calendars with anonymous viewers via the web (provided the admin enables the capability)

Mobility

  1. Mobility: Tether-free IRM support in EAS
  2. Mobility: Support for Send-As
  3. Mobility: Notifying users if their device is placed on block or quarantine
  4. Mobility: Full implementation of conversation view

Management UI: Exchange 2010 SP1 brings plenty of new management UI in both EMC and ECP, including:

  1. Create/configure Retention Tags + Retention Policies in EMC
  2. Configure Transport Rules in ECP
  3. Configure Journal Rules in ECP
  4. Configure MailTips in ECP
  5. Provision and configure Personal Archive in ECP
  6. Configure Litigation Hold in ECP
  7. Configure Allow/Block/Quarantie mobile device policies in ECP
  8. RBAC role management in ECP
  9. Configure DAG IP Addresses and Alternate Witness Server in EMC
  10. Recursive public folder settings management (including permissions) in EMC

For more information, including a video, see the Product Groups blog post “Yes Virginia, there is an Exchange Server 2010 SP1“, as well as Bharat Suneja’s blog post “Announced: Exchange 2010 SP1, Beta in June“.