Author Archive

How to renew an Exchange 2007 Self Signed Certificate.

February 15th, 2011 1 comment

By default Exchange 2007 creates a self signed certificate that is valid for 1 year when it is installed. This certificate is used with exchange services like SMTP, POP3, IMAP, IIS and UM.

Please note that the self signed certificate is not the recommended way to communicate with the server from external sources.

Due to the fact that the certificates expire after 1 year, you will find yourself in a position to have to renew it after 1 year from the date of installation.

The renewal of the self signed certificate is very simple and can be done with just a few steps and would need to be done on the server with the Client Access Service and Hub Transport roll installed. We will be using the Exchange Management Shell.

1. The first step is to get the thumbprint for the certificate that is enabled for the POP, SMTP, IMAP and IIS services. The thumb print looks something like this C5DD5B60949267AD624618D8492C4C5281FDD10F. To get the thumbprint, you need to run the following command.

Get-ExchangeCertificate -domain “servername.domain.extension” | fl

2. Once you have the thumbprint, you can then run a command to get a new certificate with a new expiration date. This command will not make the certificate private key exportable.

Get-ExchangeCertificate -thumbprint “C5DD5B60949267AD624618D8492C4C5281FDD10F” | New-ExchangeCertificate

If you need to make a certificate with an exportable private key, then run the command as follows.

Get-ExchangeCertificate -thumbprint “C5DD5B60949267AD624618D8492C4C5281FDD10F” | New-ExchangeCertificate -PrivateKeyExportable $true

If the existing certificate is being used as the default SMTP certificate, you will get prompted to overwrite the existing default SMTP certificates. Here you can type “Y” and then press ENTER. This will now generate a new certificate and enable it. “The default SMTP certificate is used to encrypt SMTP sessions between transport servers in your organization.”

To the output will give you the new certificate thumbprint which we will use in steps 3 and 4.

3. To check that the default services (POP, SMTP and IMAP) are mapped to the new certificate, you can use the following command replacing NEW KEY with the key that is given for the new certificate.

Get-ExchangeCertificate -thumbprint “New KEY” | fl

4. We now also need to map the IIS service to the new thumbprint.

Enable-ExchangeCertificate -thumbprint “NEW KEY” -services IIS

5. You can now test your services to ensure that they are working, and the best way to do this is to access OWA from inside the network and also test Outlook over HTTPS.

Once you are happy you can remove the old certificate using the following command replacing OLD KEY with the key obtained from step 1.

Remove-ExchangeCertificate -thumbprint “OLD KEY”

And that is it. You now have a new self signed certificate that is valid.

Microsoft SQL on Windows Server 2008 and Firewall Settings

February 3rd, 2011 No comments

When installing SQL on windows Server 2008, the firewall is not automatically setup to allow access to the default SQL ports which are as follows:

SQL Server Ports
  1. Default instance port TCP 1433
  2. Dedicated Admin Connection port TCP 1434
  3. SQL Server Service Broker port TCP 4022
  4. Transact-SQL Debugger/RPC port TCP 135
Analysis Service Ports
  1. SSAS Default Instance port TCP 2383
  2. SQL Server Browser Service port TCP 2382
Miscellaneous Ports
  1. HTTP port TCP 80
  2. SSL port TCP 443
  3. SQL Server Browser Service‘s Port TCP 1434
  4. You also need to Allowing multicast broadcast response on UDP

Instead of adding each of these rules one by one you can create a batch file and run it in a cmd prompt.

Read more…

How to copy folders and keep NTFS and Share Permissions

February 3rd, 2011 2 comments

I have a client that has created a template folder structure for their client files that has the required permissions set up on them.

What the client wants to do is copy this template structure to a new folder whenever they get another client and keep the folder security that they have applied to their template folder structure.

And here is how it can be done.

Read more…

How to resolve “Windows Small Business Server (Windows SBS) Update Services is not running because it automatically turns off if you customize Windows Server Update Services (WSUS)” on SBS 2008

February 1st, 2011 5 comments

This issue occurs if someone had gone into the “Windows Server Update Service” under administrator Tools in the Start Menu and makes changes to some of the settings.

The error will look like this.

SBS WSUS Error Read more…

Remote Desktop suddenly stops accepting connections

February 1st, 2011 No comments

I came across a problem at one of my clients today where remote desktop stopped working on a Windows 2003 Server. (Although this also affects Windows 2000 Server)

I have searched the internet for causes, and the most likely reason is due to an update that is installed.

Further investigation led to a solution in Microsoft KB555382.

Read more…