Notify AD User About Password Expiry via email

I had a customer whereby their users are highly mobile, the issue he had is those mobile users often got their account locked due to password expiry policy, and he had to remotely unlock their AD account on weekends and late night, so he ask me for a solution regarding this.

We can resolve the issue by combining PowerShell script with Task Scheduler to automate the task. Here is how to do it:

1. Download "Password Expiry Email Notification" Powershell script which created by MVP Robert Pearman here. 
2. Open the downloaded file via Notepad, modify the smtpServer,from, expireindays field base on your needs and environment configuration.

   

   
   

   Save it to the desired folder after you have done it.

   Launch a Task Scheduler and select "Create a basic task",give it a proper name and description. Click "Next".

   On the Trigger field, select "Daily", click "Next".

   Determine the start date and time, for example every 9am daily, insert "1" in recur every _ field. Click "Next"

   On the Action field, select "Start a program", click "Next"

   Insert "powershell -file "C:\scripts\Password Change Notification.ps1", click "Next"

   Click Yes on the following dialogue box.

   Click "finish" and "OK" to exit the task scheduler.

By doing so, the script will be executed daily 9am and it will send the notification to users that password is going to expire within the defined variable.

Slow DNS Query (Event 5501:The DNS server encountered a bad packet from *.*.*.* Packet processing leads beyond packet length. The event data contains the DNS packet.)

I received complaint from one of my customer stating that there were slow DNS query with the new domain controller Windows Server 2012 deployed recently. Upon checking the event viewer I found that event ID 5501 was log:

The DNS server encountered a bad packet from *.*.*.* Packet processing leads beyond packet length. The event data contains the DNS packet.


Resolution:

Open CMD (run as administrator), type below command and hit enter:

dnscmd /config /enableednsprobes 0

After restating the DNS service, the DNS query works like a champ.

Exchange 2010 - Deleted Mailbox Not Appearing in EMC Disconnected Mailbox

I was working on one issue that my customer had, the disconnected mailbox does not appear immediately in the EMC when he accidentally disconnect one of the user's mailbox.

 The reason behind is the online maintenance wasn't complete and below is the powershell command that will show the disconnected mailbox on  the EMC.

Get-Mailboxdatabase | Clean-Mailboxdatabase

By running the command it will clean all the databases in the entire organization,  the disconnected mailbox should display in the EMC now.

Windows Server 2012 Hyper-V - Disk Error Read Only

I was working on one project that ran into a small issue, when I try to save a VM into the SAN, "Disk Error Read Only" appears. I resolve this issue by running:

1. open "CMD"
2. type "diskpart"
3. list disk (determine the correct disk that having the issue)
4. select disk 1 (for example disk 1 is the one that causing the issue)
5. attributes disk (list the attributes of disk 1)
6. attributes disk clear randomly (set the randomly attribute to no)
7. attributes disk (display the new result after step no.6)
8. exit

Modifying Exchange SCP due to SAN limitation

One of my customer's Exchange server private SSL is expiring soon and they plan to go for SSL certificate from public certification authority.Due to budget issue, they only plan to purchase 1 certificate with 2 SAN which is webmail.contoso.com and autodiscover.contoso.com.

Since the internal domain name(contoso.internal) is different with public domain(contoso.com), they asked me is it possible to consolidate both into one(contoso.com) without causing any service interruption to users, for example certificate warning when they open Outlook client.

To achieve the goal, all we need to do is to modify Exchange SCP(service connection point), to point the internal autodiscover URL to autodiscover.contoso.com.

Set-ClientAccessServer -Idendity CAS_Server_Name -AutodiscoverServiceInternalUri "https://autodiscover.contoso.com/autodiscover/autodiscover.xml"

Set-WebServicesVirtualDirectory -Idendity "CAS_Server_Name\EWS (Default Web Site)" -InternalUrl "https://webmail.contoso.com/EWS/exchange.asmx"

Set-OABVirtualDirectory -Idendity "CAS_Server_Name\OAB (Default Web Site)" -InternalUrl "https://webmail.contoso.com/oab"

By modifying the SCP and virtual directories internal URL pointing to the public domain name instead of internal domain name, we can achieve the goals of spending minimum amount of money on public SSL.

How to disable iPhone auto rotation

I love my iPhone 5, but sometimes I found annoying when I lay on my bed to read emails, sending text messages and etc because iPhone will auto rotate to landscape mode.

Until recently, I only realized there is a way to disabled the auto rotation:

 Double click home button, swipe to left, there is a button to to turn auto-rotation on or off (see below figure)

Exchange 2010 Unable to Relay Email : Error 451 4.4.0 DNS Query Failed

I'm working on a support request today, my customer found that they cannot send email to certain domain.

Upon opening the queue viewer in EMC, I found that there are Error 451 4.4.0 DNS Query Failed appear on the domain that my user tried to send to.

I've try using telnet command to send email to that domain but without success, the moment when I hit enter on the RCPT TO: someone@domain.com, Error 451 4.4.0 DNS Query Failed appears.

When I performed a nslookup and MX lookup on the target domain, it can be resolved successfully via local  AD DNS server.

Looking into the error and since my customer's messaging infrastructure design is to send emails directly to internet without routing to any smart host, I decided to use the well known Google DNS 8.8.8.8 on Exchange server to route email instead of the AD DNS. When I hit "retry" on the mail queue, the email was transferred immediately.

Below is the steps on how to configure it.

1. Open Exchange Management Console (EMS)
2. On Server Configuration -> Your HUB server -> right-click Properties
3. Click the "External DNS Lookups" tab.
3. Tick "Use These DNS Servers" , click "Add" and insert 8.8.8.8 (Google DNS)
4. Click "OK"
5. Go to Organization Configuration -> Send Connector -> right-click Properties
6. Click the "Network" tab.
7. Tick "Use the External DNS Lookup settings on the transport server"
8. Open "Queue Viewer" on "Tools"
9. Find the targer domain queue, right-click retry

The email is being transferred by now after applying the settings.

Exchange 2010 The Certificate Status could not be determined because the revocation check failed

I helped my customer to renew SSL certificate for Exchange yesterday but I ran into some issue.

My customer’s environment is having a proxy server to handle internet connection for all users. In the Exchange server I already specified Exchange server name in the bypass list but when I import the certificate into CAS, an error The Certificate Status could not be determined because the revocation check failed will display in EMC.

I downloaded the Digicert Certificate Utility for Windows here to test the proxy settings, certificate revocation status and it passes all the test, but unfortunately whenever I re-import the certificate it will display the previous error.

Finally I decided to import the certificate using Powershell.

First I import the certificate without assigning services with below command:

Import-ExchangeCertificate -FileData ([Byte[]]$(Get-Content -Path c:\certificate.pfx -Encoding byte -ReadCount 0)) -Password:(Get-Credential).password

Then I assign services (POP, IMAP, IIS ,SMTP) to the certificate with below command:

Enable-ExchangeCertificate -Thumbprint certificate_thumb_print  -Services POP,IMAP,SMTP,IIS

The command executed successfully, and when I browse to the OWA page it is showing that it has the valid certificate now, however in the EMC it is still showing the revocation check failed error.

I’m suspect there are something needed to configure on the proxy server, however this is a workaround for myself to get Exchange services published with the valid SSL certificate.