Skip to main content

Posts

Featured Post

Microsoft Teams not showing Calendar if user has on-prem mailbox and no Exchange Online license

If you have a problem with Microsoft Teams not showing Calendar for users that have on-prem mailbox then you missed some of the steps in making a hybrid. To be honest, sometimes it is not very easy and clear what exactly you have to do.
In my setup I am running Exchange 2019 on Windows 2019 server.
1. First step is to run Microsoft Office Hybrid Configuration Wizard
This step is necessary even if you ran AD Connect and selected Exchange Hybrid. Go through the Wizard and when you finish, it will tell you you need to configure OATH manually as it is not part of the Wizard (in year 2020)
2. Follow all the steps on
https://docs.microsoft.com/en-us/exchange/configure-oauth-authentication-between-exchange-and-exchange-online-organizations-exchange-2013-help
For me step 8. was not necessary as I am running Exchange 2019.
After successful implementation of OATH connection Calendar will be immediately available to Teams users.
Test connection with:
ON-PREM Exchange
Test-OAuthConnectivity -Service…
Post a Comment
Read more
Recent posts

Netscaler vs Exchange 2019 "time out during ssl handshake stage

If you are using Citrix Netscaler as load balancer in front of Exchange 2019 server you must know this:

Microsoft Exchange 2019 is secured by default and allows only TLS 1.2. Therefore default schannel settings are as follows (using IISCrypto tool from Nartac Software):



While Citrix Netscaler offers following Cipher Suites:

TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_RSA_WITH_AES_256_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_DSS_WITH_AES_256_CBC_SHA
TLS_DHE_DSS_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_DES_CBC_SHA
TLS_RSA_EXPORT_WITH_DES40_CBC_SHA
TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5
TLS_DHE_DSS_WITH_DES_CBC_SHA
TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA
TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
TLS_DHE_RSA_WITH_DES_CBC_SHA
TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
TLS_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5
TLS_DH_anon_WITH_DES_CBC_SHA
TLS_DH_anon_WITH_AES_128_CBC_SHA
TLS_DH_anon_WITH_AES_256_CBC_SHA
TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA

Now, you will find that you also need to change following regi…
Post a Comment
Read more

Add DNS record to enable DKIM in O365

When you try to enable DKIM in O365 you get yellow warrning line saying you need to provide two DNS records.

What you need to do is copy those two names from that yellow line and create CNAME record in external DNS:

Hostname:selector1._domainkey (THIS IS ALWAYS THE SAME FOR EVERY TENANT)
Points to address or value: **selector1-**._domainkey.YourTenantName.onmicrosoft.com (You paste first of the copied values here)
TTL: 3600

Hostname:selector2._domainkey (THIS IS ALWAYS THE SAME FOR EVERY TENANT)
Points to address or value: **selector2-**._domainkey.YourTenantName.onmicrosoft.com (You paste second of the copied values here)
TTL: 3600

In Windows DNS you would do:



Which later looks like:



Read more

Exchange Admin Center language

Depending on your computer language settings, Exchange Admin Center can take those and open in a language you actually don't want to use.
You'll Google that this can be changed if administrator/ admin user has mailbox by openening OWA settings and changing Regional parameters.

But usually Admin user does not have mailbox or you don't want her/him to have it. You will search again and find that you can add mkt=en-US (as an example) to the URL of the Exchange Admin Center (https://yourexchangehostname/ecp?ExchClientVer=15&mkt=en-US)

Third option you have is opening Internet Explorer settings (I am using Windows 2016)


Click languagesClick Set Language Preferences

Add language you want to use by clicking Add language
Use Move up or Move Down options to put desired language on topClose Internet ExplorerOpen it again and login again to Exchange Admin Center

Post a Comment
Read more

ERR_SPDY_INADEQUATE_TRANSPORT_SECURITY in Chrome on Windows Server 2016 / Exchange 2016

You installed Exchange 2016 on top of Windows 2016 and when you try to access ECP or OWA with newest Google Chrome you get an error ERR_SPDY_INADEQUATE_TRANSPORT_SECURITY.

All works well in Internet Explorer. The reason behind this are obsolete (security) protocols used by default. One option is to change settings in Windows registry, but my suggestion is to download a free copy of CryptoIIS from Nartac Software, run it on the server and press Best practices button then Apply. After restarting the server there will be no ERR_SPDY_INADEQUATE_TRANSPORT_SECURITY error and your server will be a little bit more secured :)


Post a Comment
Read more

Batch Add Microsoft Exchange 2016 exclusions to Windows Defender on Windows 2016

When you install Microsoft Exchange 2016 on Windows 2016 server it is suggested to add some exclusions to Windows Defender. Since the list is quite large, use PowerShell to add exclusions. Exclusion list can be found at https://technet.microsoft.com/en-us/library/bb332342(v=exchg.160).aspx

SECURITY PRECAUTION - Don't just blindly copy below commands and exclusions but check them. If anyone manipulated the below list on this site without my knowledge you will end adding exclusions you don't want to have.

Run PowerShell on Windows 2016 Exchange 2016 server as administrator.Add Folder Exclusions
Set-MpPreference -ExclusionPath $env:SystemRoot"\Cluster",$env:ExchangeInstallPath"ClientAccess\OAB",$env:ExchangeInstallPath"FIP-FS",$env:ExchangeInstallPath"GroupMetrics",$env:ExchangeInstallPath"Logging",$env:ExchangeInstallPath"Mailbox",$env:ExchangeInstallPath"TransportRoles\Data\Adam",$env:ExchangeInstallPath"…
Post a Comment
Read more