Posts Tagged ‘Exchange 2010’

Microsoft Forefront Protection 2010 for Exchange Bypass Spam Filter for Recipient

June 7th, 2012

If you need to bypass filtering for a recipient, the following will allow you to do it.

To add e-mail addresses to the Recipient Exception List

-In the FPE Administrator Console Policy Management view, in the tree view, expand Antispam, and then click Configure.
-In the Actions pane, select Configure Content Allow Lists.
-In the Configure Content Allow Lists dialog box, perform the following steps:
-Select Allowed Recipients in the menu bar.
-In the E-mail Address box, enter the e-mail address that you want to add. You must add each e-mail address individually.
-Click Apply to save your changes and enter additional e-mail addresses or click Apply and Close to save your entry and return to the Antispam – Configure pane. The e-mail address is added to the Recipient Exceptions List.
-Click Save at the top of the pane to save your configuration.

The address is added to the Recipient Exception list. You can repeat this step in order to add more addresses.

Forefront allow spam to email address
Forefront bypass spam filter for user
Forefront bypass spam filter for recipient

Posted in Uncategorized | Comments (0)

Netbackup 7.1 GRT Exchange 2010 Restore

November 17th, 2011

After implementing granular restore (GRT) for Exchange 2010 on netbackup, I had the opportunity to test restoring of all items in someones inbox.  Below are all of the things that needed to be done in order for this to work for me.  A couple of important things that need to be understood in order to do a GRT Restore.

My Config:
Server 2008
1 -CAS Server
3-Mailbox/Database Servers (stand alone, no dags)
1-Hub Transport
1-Edge Transport

Important Concepts:

*Read the manual:
The restore is done to the CAS server not the mailbox/database server.  So in netbackup when you select the source client, you choose the mailbox server.  In the destination client you need to choose your CAS server.
*In order to accomplish the above, you will need to have the netbackup client installed on your CAS server.  You will also need the netbackup services  (client service, and legacy client service) running under the same credentials as the services are running under on your database/mailbox server.  Below is the relevant information from the netbackup exchange server administrator’s guide on setting up the service account.
*The CAS server needs to be able to see the backups, so on the CAS server if you cannot browse the backups for your mailbox server, you will need to change the configuration on the master server so that the CAS server can see these backups.
*Network File Services is required on the CAS Server in order to coordinate the restore.
*For GRT restores that are individual folders or items you DO NOT need to dismount your database, it will happily do this online.  If you try to restore an entire mailbox, you will need to dismount.


How to configure Netbackup and your Exchange Infrastructure to restore GRT items.

1 – Install NFS on CAS Server.

This is done through the server manager using the add role.   Click add roles, choose file services, on the next screen choose Services for Network File System. This will add the necessary information.  For security reasons, you can disable the Server for NFS service.  You must leave the Client for NFS service enabled.

2 – Install Client on CAS Server

Make sure that you install the client at the same patch level and version as the master server and the mailbox server.

Once it is installed you will need to change the service logon account.  (See below if you have not set this up yet, you should have though if you are successfully doing a GRT backup: Configuring the NetBackup service account (Exchange 2010))

3- Enable Impersonation

This step is extremely important.  The service account needs to be able to proxy every account otherwise it cannot connect to the mailbox.  So this command is allowing your service account to impersonate a user in order to restore the messages.

From the Exchange Management Shell:
New-ManagementRole -Name EWSImpersonationRole -Parent ApplicationImpersonation

New-ManagementRoleAssignment -Role EWSImpersonationRole -User {Your Service Account} EWSImpersonationRoleAssignment 

3 – Add policy for CAS Server.

On your netbackup master server, you will want to create a policy for your CAS server in order for netbackup to know that your CAS server exists.  You can just create a blank policy without a schedule.

4 – Distributed Application Restore Mapping

This is another important one as it ties your CAS server to your database/mailbox server.  In the Master Servers Host Properties, you need to go to the Distributed Application Restore Mapping property and add entries for each of your mailbox/database servers cross referenced to your CAS server.  The application host is your mailbox/db server, the component host is your CAS Server.  You should create this with the FQDN as well as the NetBIOS names.

5 – Enable Browsing

To make sure that the CAS Server can access the backups, there are two things to check.  In the Master Server’s Host Properties, choose Client Attributes and make sure that in the Global Client Attributes that Allow is checked for both. Otherwise you will need to add the CAS server and enable both in the browse and restore ability section.

If it works for your environment, you should also add the following on the master server.  Create the altnames directory in the following folder (or the equivalent folder based on your install path of netbackup): C:\Program Files\Veritas\NetBackup\db\

create a file called No.Restrictions (empty file without extension)
This allows all clients to browse all backups. Use at your own risk.  If you have a managed infrastructure with multiple individuals doing backups/restores with permissions based on what servers they have access to, you might want to research this one a little more.


Configuring the NetBackup service account (Exchange 2010)

1 In Active Directory Users and Computers, select the Users directory.

2 Right-click on the Administrator account, click Copy, and create an account for NetBackup. Create a user account that has a mailbox with a unique name. A unique name is one that does not already exist within the Exchange Organization. This name cannot be contained as a set of characters in an existing name. For example: EXCH1 is entered as the unique mailbox name, and other mailbox names such asEXCH1BACKUPorBACKUPEXCH1exist. The backup or restore of individual mailboxes or both fail.

3 Double-click on the account you created.

4 In the Properties dialog box, click the Members Of tab.

5 ClickAddand add this account to the following groups ■Domain Admins group ■ Administrators ■ Domain Users ■ Organization Management

6 Configure the NetBackup Client Service log on account. See “Symantec NetBackup for Microsoft Exchange Server Administrator’s Guide: Configuring the log on account for the NetBackup Client Service” on page 57.


Sites that I found much of this information on:


Errors that you might encounter if the above is not configured correctly:

-file read failed status code 13
-RBAC exchange grt
-“RBAC authorization returns Access Denied for user  Reason: No role assignments associated with the specified user were found on Domain Controller ” (For this error make sure that you complete step 3 above)
-Windows(R) Lightweight Directory Access Protocol (LDAP) failed a request to connect to Active Directory Domain Services(R) for Windows user (This error will show up in your event log, research shows that you can safely ignore this)
– rai error = 6 (I fixed this error with #3)
-restore unable to create object
– bpbrm unable to create object
-error 29 – GRE EXITING WITH STATUS = 29
-Error bpbrm() client restore EXIT STATUS 13: file read failed
-FTL – tar file write error (0)
-ms-exchange-server policy restore error 2810

Tags: , ,
Posted in Uncategorized | Comments (1)

Postmaster and Recieving NDR/DSN

October 17th, 2011

After setting up your exchange infrastructure there are a few housekeeping items that can be done to help monitor and keep track of mail flow.

To set the postmaster address which is a requirement for all SMTP domains according to RFC 2821.  This  needs to be done on each of your Transport Servers (Hub & Edge):

Set-TransportConfig -ExternalPostmasterAddress

For internal non deliverables do the following on the hub transport:

Set-OrganizationConfig –MicrosoftExchangeRecipientReplyRecipient <String (email address, CN, name, or any other validating field.>

Define which DSNs to send to the monitoring address. This needs to be done on each of the transport (hub and edge) Servers.

Set-TransportConfig –GenerateCopyOfDSNFor “5.1.4”, “5.2.0”,”5.2.4″, “5.4.4”, “5.4.6”, “5.4.8”,”5.1.1″

Tags: ,
Posted in Uncategorized | Comments (0)

Single Item Recovery cmdlets Exchange 2010

October 7th, 2011

To view single item recovery status:

get-mailbox -identity {identity} | fl singleitemrecovery*

To view -RetainDeletedItemsFor status

get-mailbox -identity {identity} | fl RetainDeletedItemsFor*

To set single item recovery for a specific mailbox with 90 day retention:
Set-Mailbox -identity {identity} -SingleItemRecoveryEnabled $true -RetainDeletedItemsFor 90

To set single item recovery for all users in a database and retain for 90 Days:

Get-Mailbox -Database {your mailbox database} -ResultSize Unlimited | Set-Mailbox -SingleItemRecoveryEnabled $true -RetainDeletedItemsFor 90

To set single item recovery for newly created mailboxes (two weeks in this case) and retain for 90 days:

Get-Mailbox -Database {your mailbox database}  -ResultSize Unlimited | Where { $_.WhenCreated -gt (get-date).adddays(-14) } | Set-Mailbox -SingleItemRecoveryEnabled $true -RetainDeletedItemsFor 90

Tags: ,
Posted in Uncategorized | Comments (0)

Exchange 2010 Queue – 421 4.2.2 Connection dropped due to SocketError

October 5th, 2011


Exchange 2010 messages stuck in queue with 421 4.2.2 Connection dropped due to SocketError
Keywords: Exchange 2010


Server 2008, Exchange 2010 with all current rollups, Cisco ASA Firewall


Messages would sit in the Exchange 2010 Queue with 421 4.2.2 Connection dropped due to SocketError . Many messages would eventually deliver, but only after sending delay messages to the originator. This would only impact certain messages not all messages to a certain domain. It also affected inbound as well as outbound messages. So there were a number of complaints that users were not receiving messages from certain users.


After doing a lot of research, the common thread that I found was that everyone experiencing this issue had Cisco ASA firewalls and disabling the ESMTP Service resolved most of the issues. I spoke with my network admin and had the service disabled. Instantaneously my queues shrunk to near nothing resolving all of these issues. Reports of people not getting email also stopped. I do not have specifics on how to disable the service, but you should be able to find the information out there.

Tags: , ,
Posted in Uncategorized | Comments (0)