SSLChainSaver v2 – Save root certificate (and chain), the super easy way.

Well , not much to say here, read the awesome tool.

you need to distribute your SSL root chain , which some times more then one certificate ,and make sure your mobile likes this ..

you can use this tool to save the whole ssl chain , and verify if the chain is indeed presented by the web site correctly , this might some an issue too, because sometimes the server does not hold the whole chain but just the main ROOT CA public key..this helps very easy to troubleshoot it. and distribute your files easly.

http://blogs.msdn.com/windowsmobile/archive/2008/05/18/sslchainsaver-v2-released.aspx

  • The tool can detect a common name mismatch on the cert but it doesn’t parse the “SubjectAltNames” extension. If your certificates are using SubjectAltNames, the tool will report a name mismatch but the certs will really work fine.

i dont find that super problematic thu 🙂 i just wanna save it.

Memory & Exchange x64 bit Technology

Well, as far as deployments , it’s seems that “most” implementations are rather normally okay, there’s times when memory issues did rise and troubleshooting this might be a real pain..

Mostly, i’d deal with a mail server that has no less then 16gb and is an all-in-one configuration, running 64bit Server 2003 sp2 with extra special care for all drivers , updates , prerequisites & page file configurations.

Usually, even if they run All roles + an Anti Virus product , while carefully setting backup & maintenance times, things go smooth.

Yet, there are times when the server is having issues, while troubleshooting is necessary of course, i’d rather go with the future spirit & just think my way up to Server 2008 .
Check out the Blog from mike in the Exchange Team blog it has some great links and more deep explanations..

server 2008 manages this issues out of box and the applications are far more compatible, easier life for all of us. really.

uh and yea i’m running vista sp1.

Troubleshooting messages stuck in ‘Messages awaiting directory lookup’ queue

Hi,

So i’ve got to troubleshoot this issue in a very complex multi-domain & multiple exchange organizations & servers..

Internal Messages from Server A in ExchangeORG A , were failing in the categorizer while being processed to be sent to Server B in ExchangeORG B.

Following kb884996 , resolution 2 was valid in my situation, Allow inheritable permissions from parent to propagate to this object check box on Server A object, was missing a Tick..

I set this via ADSIEDIT , noticed of course that the “Exchange Domain Servers” ACE entries , from the other domain were added,  and allowed for replication.

After verifying that the ACE’s were propegated & fully replicated, I did a quick restart to MTA, Routing & SMTP services on both servers , and operation was succesfully restored.

Just for extra , this could be also issues with Event Sink that might have been registered and inproperly removed / integrated.. using the smtpreg.vbs , “cscript smtpreg.vbs /enum > Output.txt” i was able to verify that no 3rd party Event Sink were installed or any of Exchange Event Sinks were disabled…

More Links on the Subject:

Troubleshooting messages stuck in ‘Messages awaiting directory lookup’ queue
http://msexchangeteam.com/archive/2006/06/23/428114.aspx

How to troubleshoot messages that remain in the “Messages awaiting directory lookup” queue in Exchange Server 2003 and in Exchange 2000 Server
http://support.microsoft.com/kb/251746

Directory service server detection and DSAccess usage
http://support.microsoft.com/kb/250570

SeSecurityPrivilege issues while running setup for Exchange 2007

So, yet another implamentation of exchange, this time i’ve encounted the following error while installing the CAS role on the server.

Setup exited with the following error:

The process does not possess the ‘SeSecurityPrivilege‘ privilege which is required for this operation.

Searching the privilege showed that “Exchange Servers” & more accurate in our situation , the “Domain Administrators were not configured in the “Manage auditing and security log” , because the Default Domain Policy & Default Domain Controllers Policy GPO’s was re-created and the default ones were left with the link set to off.

Easy to monitor those privileges with whoami.exe from the support tools, i love it that the server 2008 installs them all as dependencies !

Once we’ve added the DomainAdministrators , DomainExchange Servers to the policy , setup ran okay 🙂

Export-mailbox fails with error

while testing yet another ex2k7 implantation , i’ve encountered an error while trying to export mailboxs to pst with the Export-mailbox cmdlet.

I’ve verified full mailbox access permissions and 2007 32bit tools on xp sp2 with outlook 2007.

yet, still failed with the following error:

Export-Mailbox : Error was found for user01 (user01@mydomain.com)

because: Error occurred in the step: Approving object. An unknown error has occurred., error code: -2147221241

With some filtering of search results i’ve find a suggestion to run the cmd fixmapi in cmd.. if your not femiliar with this utility (like i was) , this util exists in your %systemroot%system32 , along with the mapi32.dll files .. besides that 3 notes for you:

  1. FixMAPI does not replace the current mapi32.dll file if the file is marked as read-only.
  2. FixMAPI does not replace the current mapi32.dll if Microsoft Exchange Server is installed on the computer.
  3. When FixMAPI makes a backup copy of the current copy of mapi32.dll on the computer, it assigns the backup copy a name different from “mapi32.dll”. It then directs subsequent calls intended for that assembly to the backup copy.

oh yea, closeing all applications and running fixmapi in cmd , just like that fixed the issue.

Ilan.