Tuesday, June 17, 2014

Lync 2013 Client Security Update – June 2014

Microsoft released new updates for Lync, this security update resolves a resolves a vulnerability in Microsoft Lync that could allow information disclosure if a user opens a specially crafted Lync meeting request.


The update also includes some bugfixes:

2968239 “An error occurred” error when a Lync 2013 user joins a Lync Online meeting that is created by a non-federated user
2968243 Lync 2013 crashes when you annotate in a shared whiteboard or present a PPT after recording
2968248 Lync 2013 video quality is low when you scale up the size of the video window in UI suppression mode
2968251 Update adds an upload notification when you upload PPT in a meeting in Lync 2013
2962990 Escape special characters when creating a contact or group in UCS mode in the packet that is sent to the server
2962980 Lync 2013 prompts you for Exchange credential in an Exchange deployed environment
2962982 Caller’s display name is not in the toast notification when you receive a call in Lync 2013
2962986 Lync 2013 takes a long time to sign in after it is disconnected from a front-end server
2962989 Lync 2013 freezes during signing in when you have a long-time meeting scheduled in your Outlook calendar

Monday, June 9, 2014

Find all inactive mailboxes in Exchange 2010 or 2013 environment

How to find all inactive mailboxes in Exchange 2010 or 2013 environment?
OR
How to get the list of all mailboxes which are not accessed in last X days?
You can get the list of all the mailboxes which are not accessed in last 90 days by using below cmdlet on the screen.

Get-Mailbox -ResultSize Unlimited | Get-MailboxStatistics | Where{$_.Lastlogontime -lt (Get-Date).AddDays(-90)} | Select DisplayName, LastLoggedOnUserAccount, LastLogonTime

Change the days from 90 to 180, 365 or whatever you want in AddDays(-90).
You can export the result to csv file by adding pipe to Export-CSV

Get-Mailbox -ResultSize Unlimited | Get-MailboxStatistics | Where{$_.Lastlogontime -lt (Get-Date).AddDays(-30)} | Select DisplayName, LastLoggedOnUserAccount, LastLogonTime | Export-csv C:\Temp\InactiveUsers.csv

Now question is, how to get the list of all mailboxes which are not accessed at all? Use below cmdlet to get the list.

Get-Mailbox -ResultSize Unlimited | Get-MailboxStatistics | Where{$_.Lastlogontime -eq $Null} | Select DisplayName, LastLogonTime | Export-csv C:\Temp\InactiveUsers.csv

But using above cmdlet you may find that list includes all the mailboxes which are created recently and new users/employees of your company might be joining the firm in future date. In that case we can add a column to find out when the mailbox is actually created so you would be able to filter those mailboxes.

Get-Mailbox -ResultSize Unlimited | Get-MailboxStatistics | Where{$_.Lastlogontime -eq $Null} | Select DisplayName, LastLogonTime, @{Name=”WhenMailboxCreated”;Expression={(Get-Mailbox $_).WhenMailboxCreated}} | Export-csv C:\Temp\InactiveUsers.csv 

Find who has Full Mailbox access and/or Send As permission on various mailboxes


Here is the cmdlet to find who has Full Mailbox access on one more more mailboxes in your environment and export the result to a CSV file.

Here is the cmdlet to find who has Send As permission on one or more mailboxes in your environment and export the result to a CSV file.

Get-Mailbox -ResultSize Unlimited | Get-ADPermission | Where {$_.user -notlike “NT AUTHORITY\SELF” -and $_.IsInherited -eq $false -and $_.ExtendedRights -like “Send-As”} | Select Identity,User,@{Name=’Access Rights’;Expression={[String]$_.ExtendedRights}} | Export-Csv MailboxAccess.csv -NoTypeInformation


Now main question how to find Full Mailbox Access and Send As permission both together, you can run both of above cmdlets with minor modification in a one liner to get this accomplished.


Get-Mailbox -ResultSize Unlimited | %{Get-MailboxPermission $_.Name | Where {$_.user -notlike “NT AUTHORITY\SELF” -and $_.IsInherited -eq $false} | Select Identity,User,@{Name=’Access Rights’;Expression={[string]::join(‘, ‘, $_.AccessRights)}} | Export-Csv MailboxAccess.csv -NoTypeInformation -Append; Get-ADPermission $_.Name | Where {$_.user -notlike “NT AUTHORITY\SELF” -and $_.IsInherited -eq $false -and $_.ExtendedRights -like “Send-As”} | Select Identity,User,@{Name=’Access Rights’;Expression={[String]$_.ExtendedRights}} | Export-Csv MailboxAccess.csv -NoTypeInformation -Append }

Get the list of DAG databases that are not mounted on the preferred database copy in the DAG.

How to get the list of DAG databases that are not mounted on the preferred database copy in the DAG.

Get-MailboxDatabase | sort name | Where-Object { $_.Server.Name -ne $_.ActivationPreference[0].Key.Name} | FT @{Name=”Database”;expression={$_.name}}, @{Name=”Mounted On”;expression={$_.Server}}, @{Name=”Should Be Mounted On”;expression={$_.ActivationPreference[0].Key.Name}}


Result:
Database                Mounted On                Should Be Mounted On
——–                      ———-                      ——————–
Database-01           Server02                     Server01
Database-03           Server02                     Server01
Database-05           Server02                     Server01
Database-07           Server02                     Server01
Database-09           Server02                     Server01
Database-11           Server02                     Server01

Sunday, June 8, 2014

SMTP Traffic time out in Relay Application Server

Issue Executive Summary:
Recently, in my client suddenly complaining some of the emails are getting fails which are relaying through the multiple application, as client is using email relay application which are sending more than 7,000 emails in single time to inbound and outbound.
I have worked with application team but did not find any clue, again ball game started issue with application or Exchange servers.
I started to do some research, what is the exact issue, why email getting fail.
First of all i have collected all the errors, most of indicating "time out, and below the error which received in application:

System.Net.Mail.SmtpException: The operation has timed out.at System.Net.Mail.SmtpClient.Send(MailMessage message)


Resolution :

Based on error messages i have started to work in receive connector end, when i checked on receive connector the MaxAcknowledgementDelay attribute of each connector is default value is 30 seconds. In our case we have created custom receive connector which is accepting relay emails from application and IP address is already added in source of receive connector. 
I checked the setting of receive connector which is below

MaxInboundConnection                    : 5000
MaxInboundConnectionPerSource           : 20
MaxInboundConnectionPercentagePerSource : 2
TarpitInterval                          : 00:00:05
MaxAcknowledgementDelay                 : 00:00:30
MessageRateLimit                        : unlimited
MessageRateSource                       : IPAddress

 I made changes on MaxAcknowledgementDelay attribute of receive connector to resolve the issue, now setting is below:

MaxInboundConnection                    : 5000
MaxInboundConnectionPerSource           : 100
MaxInboundConnectionPercentagePerSource : 20
TarpitInterval                          : 00:00:00
MaxAcknowledgementDelay                 : 00:00:00
MessageRateLimit                        : unlimited
MessageRateSource                       : None

You can use below my friends PowerShell command to change the setting:

Set-ReceiveConnector “HUB server\EMail Relay” -MaxAcknowledgementDelay 0 -TarpitInterval 0 -MessageRateSource None


I will suggest you to first put some lower value and verify whether SMTP throughput still having issue, if it does, then disable the feature completely.
When you are disabling this feature in receive connector, it means you will not get the benefits from shadow redundancy which feature provided by Microsoft and always recommended to use storage hardware redundancy for transport servers for which delayes acknowledgements are disabled.

Now, time to take decision how your management take it forward.

References: http://technet.microsoft.com/en-us/library/hh529935%28v=exchg.141%29