Exchange 2013 : Default virtual directories settings & Virtual Directories Configuration using GUI and Powershell

Configure Virtual Directories in Exchange 2013

Login to the Exchange Admin Center.

• Step 1 -> Click on Servers.
• Step 2 -> Click on Virtual Directories
• Step 3 -> Click the drop down menu and select your first server, leave the select type as “All”

 

In the next section we are going to setup/configure the following:

• Autodiscover
• ECP
• EWS
• ActiveSync
• OAB
• OWA
• PowerShell

Autodiscover

Double Click Autodiscover (Default Web Site) or click on the name and then click the Pencil.

• Click on the Authentication Tab.
• Select your Authentication Type.
• Click Save.

ECP

Double Click ECP (Default Web Site) or click on the name and then click the Pencil.

• On the General tab configure you Internal and External URL (this is the name you specified on your certificate)
• Click on the Authentication Tab and set your preferred method.
• Click Save.

EWS

Double Click EWS (Default Web Site) or click on the name and then click the Pencil.

• On the General tab configure you Internal and External URL (this is the name you specified on your certificate)
• Click on the Authentication Tab and set your preferred method.
• Click Save.

Microsoft-Server-ActiveSync

Double Click Microsoft-Server-ActiveSync (Default Web Site) or click on the name and then click the Pencil.

• On the General tab configure you Internal and External URL.
• Click on the Authentication Tab and set your preferred method.
• Click Save.

OAB

Double Click OAB (Default Web Site) or click on the name and then click the Pencil.   

• Configure you Internal and External URL.
• Click Save.

OWA

Double Click OWA (Default Web Site) or click on the name and then click the Pencil.

• On the General tab configure your Internal and External URL.

• On the Authentication Tab select your method.

• On the features tab, enable the features you want users to have access to/see.

• On the file access tab make your selections.
• Click Save.

PowerShell

Double Click Powershell (Default Web Site) or click on the name and then click the Pencil.

• On the General tab configure you Internal and External URL.
• Click on the Authentication Tab and set your preferred method.
• Click Save

 

 

Setup Exchange Virtual Directories using PowerShell

 

Setup Exchange Virtual Directories using PowerShell

OWA

 

Set-OwaVirtualDirectory 

Set-OWAVirtualDirectory –Identity "OWA (default web site)" -ExternalURL "https://mail.myousufali.com/OWA" 

Set-OWAVirtualDirectory –Identity "OWA (default web site)" -InternalURL "https://mail.myousufali.com/OWA"

 

OAB

 

Set-OABVirtualDirectory 

Set-OABVirtualDirectory –Identity "OAB (default web site)" -ExternalURL "https://mail.myousufali.com/OAB" 

Set-OABVirtualDirectory –Identity "OAB (default web site)" -InternalURL "https://mail.myousufali.com/OAB"

 

ECP

 

Set-ECPVirtualDirectory 

Set-ECPVirtualDirectory –Identity "ECP (default web site)" -ExternalURL "https://mail.myousufali.com/ECP" 

Set-ECPVirtualDirectory –Identity "ECP (default web site)" -InternalURL "https://mail.myousufali.com/ECP"

 

EWS

 

Set-WebServicesVirtualDirectory 

Set-WebServicesVirtualDirectory –Identity "EWS (default web site)" -ExternalUrl "https://mail.myousufali.com/ews/exchange.asmx" 

Set-WebServicesVirtualDirectory –Identity "EWS (default web site)" -InternalUrl "https://mail.myousufali.com/ews/exchange.asmx" 

ActiveSync

 

Set-ActiveSyncVirtualDirectory 

Set-ActiveSyncVirtualDirectory –Identity "Microsoft-Server-ActiveSync (default web site)" -ExternalURL "https://mail.myousufali.com/Microsoft-Server-ActiveSync" 

Set-ActiveSyncVirtualDirectory –Identity "Microsoft-Server-ActiveSync (default web site)" -InternalURL https://mail.myousufali.com/Microsoft-Server-ActiveSync 

 

 

Autodiscover

 

Set-AutodiscoverVirtualDirectory 

Not enabled as default. Please note that autodiscover must be set as an A-record in your DNS. Also note that you do not provide an url for this. 

Set-ClientAccessServer -Identity ex2013 -AutoDiscoverServiceInternalURI https://mail.myousufali.com/Autodiscover/Autodiscover.xml  

Set-AutodiscoverVirtualDirectory -Identity 'Autodiscover (Default Web Site)' -WindowsAuthentication $false -BasicAuthentication $false -DigestAuthentication $true

 

MAPI/HTTP

MAPI over HTTP

 

Not enabled as default. Requires Exchange 2013 SP1. Clients must be Outlook 2013 or newer. Fallback is OutlookAnywhere for older clients.

 

Set-MapiVirtualDirectory -Identity "mapi (Default Web Site)" -InternalUrl "https://mail.myousufali.com/mapi" -IISAuthenticationMethods NTLM,Negotiate

 

After setting up the Virtual Directory you need to enable it:

Set-OrganizationConfig -MapiHttpEnabled $true 

 

Exchange 2013 : Default virtual directories settings

On Exchange server, configuring virtual directory might be pain sometime. A simple misconfiguration of Virtual directory might be the worst nightmare and create login loop, because I had this few days back. While configuring additional CAS server  after few changes done on the Virtual directory, my OWA/ECP page start to go on loop whenever I tried to get login. I was on dark what mistake I had made. So, I tried to list down what might the issue that is causing on looping of my OWA/ECP page. While listing down, I have found two things.

1. SSL Certificate.
2. Issue with configuration of Virtual Directory.

SSL Certificate can also be the reason behind this kind of issue. So, you need to make sure you do have correct SSL assigned with IMAP, POP, IIS and SMTP. Also 2nd thing is that SSL certificate is across all of your Exchange server. If the issue is with SSL Certificate, you are lucky and can be resolve easily. But with virtual directory it is not so.

Above you can find how to configure Virtual Directory. But as going on, I came for the conclusion with that might not be enough if OWA/ECP login loop issue arises. Hence, here I have made an Table with the specific configuration required while configuring the OWA/ECP Virtual Directory.

On the IIS Manager expand to the default web site and check if the configuration you have made are as of the below Table are not.

Table: Chart of Virtual Directory configuration.

Similarly, only configuration of Default website is not going to solve this issue. Hence you need more Knowledge on configuration of Exchange Back End site too, else you will keep on going loop. Below is the detail configuration you can have on Exchange Back End.

Table: Exchange Back End Virtual Directory Configuration.

Virtual directory	IIS Default Authentication methods	IIS SSL settings	HTTP Redirect
Exchange Back End		• Not Required	Yes
Autodiscover	• Anonymous authentication • Windows authentication	• SSL required • Ignore client certificates	No
ecp	• Anonymous authentication • Windows authentication	• SSL required • Ignore client certificates	No
EWS	• Anonymous authentication • Windows authentication	• SSL required • Ignore client certificates	No
Exchange*		• SSL required • Ignore client certificates	No
Exchweb*		• SSL required • Ignore client certificates	No
mapi*	• Anonymous authentication	• SSL required • Ignore client certificates	No
Microsoft-Server-ActiveSync	• Basic authentication	• SSL required • Ignore client certificates	No
OAB	• Windows authentication	• SSL required • Ignore client certificates	No
owa	• Anonymous authentication • Windows authentication	• SSL required • Ignore client certificates	No
owa\Calender	• Anonymous authentication	• Ignore client certificates	No
PowerShell	• Windows authentication	• SSL required • Accept client certificates	No
Public*		• SSL required • Ignore client certificates	No
PushNotifications	• Anonymous authentication • Windows authentication	• SSL required • Ignore client certificates	No
Rpc	• Windows authentication	• Ignore client certificates	No
RpcWithCert	• Windows authentication	• Ignore client certificates	No

I hope this will help you solving the Exchange OWA/ECP login loop issue. 

How to Disable SSL 2.0 and SSL 3.0 on Exchange 2013 running on a Windows 2012

Resolution:

Open the registry and edit the values. If you don’t find the entries create the entries.

 

To disable SSL 2.0

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Client]
"DisabledByDefault"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server]
"Enabled"=dword:00000000

To disable SSL 3.0

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Client]
"DisabledByDefault"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server]
"Enabled"=dword:00000000

 

To disable Ciphers:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 128/128]
"Enabled"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 40/128]
"Enabled"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 56/128]
"Enabled"=dword:00000000

Alternate way to do this save above registry information keys as .reg files then execute on the system.

You can also download from here.

Before executing take the complete registry backup.  You need to restart the server.

Using the http://ssllabs.com/ web site to perform a test against you site. You should see overall Rating A.

 

Exchange 2013 SP1 Architecture Poster

Zoom the poster on Zoomit by Rhoderick Milne.

You can also directly download the Exchange 2013 SP1 poster from the Microsoft Download Center.

Could not Complete the Operation when forwarding email

Could not complete the operation. One or more parameter values are not valid.

Error resolution for the above problem.

1. When forwarding the message in To, Cc or Bcc address list automatically appears when you type the single letter, simply hover the mouse over it and press DEL key. This will remove it from the cache.

2. To clear out all of your cache in a single shot.

Open Outlook 2010, select the Options from File menu then click on Mail and scroll to search for Empty Auto-Complete List  button and click.

Exchange Server 2013 Architecture Poster PDF Download

Downloadable PDF version of the Exchange Server 2013 Architecture Poster.

This poster highlights the significantly updated and modernized architecture in Exchange 2013, and highlights the new technologies in Exchange 2013, such as Managed Availability, the new storage and high availability features, and integration with SharePoint and Lync.  In addition, it illustrates the new transport architecture in Exchange 2013.

We welcome your feedback on the poster.  If you have any, please feel free to send it to eapf@microsoft.com.

Scott Schnoll

All other Microsoft Posters you can download here.

Service ‘MSExchange Transport’ failed to reach status ‘Running’

Service ‘MSExchange Transport’ failed to reach status ‘Running’ on this server.

While installing Exchange Server 2010 SP2 on Windows 2008 R2  in a LAB environment got the error during installing the HUB Transport role.

Resolution:

1. Open ADUC (Active Directory Users and Computers)
2. Navigate to the Built-in Container, select the Administrators group, goto the properties
3. Click members tab to check  “Exchange Trusted Subsystem” is added, if not, add it.
4. Check whether IPv6 is ennable in NIC properties, also disable IPv6 through registry editor.
5. Open the registry editor using regedit.exe
6. Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters
7. In the details pane, click New, and then click DWORD (32-bit) Value.
8. Type DisabledComponents, and then press ENTER.
9. Double-click DisabledComponents, and then type ffffffff in Hexadecimal or 4294967295 in Decimal.
10. Reboot the server, rerun the Exchange setup.

A New Exchange Has Arrived

Resources for IT Pros

Exchange Server 2013 for IT Pros  
Exchange 2013 System Requirements  
Exchange Server 2013 Documentation  
Licensing change FAQ  

Administration

Exchange Administration Center  

 

Install / Configuration

Installing Exchange 2013 Preview  

 

Resources for Developers

Exchange 2013 – Resources for Developers

 

Technet Forums

Exchange Server 2013 Preview

There was an error opening the windows firewall with Advanced Security snap-in. Error Code: 0x6D9

Troubleshooting Windows Firewall Service (MPSSVC).

Resolution:

In Windows Vista and later, the firewall service is “Windows Firewall” (MPSSVC); it combines both Firewall and IPsec functionality.

The first thing to check is that the Base Filtering engine (BFE) is running. There are a number of services dependent on the BFE service (including the Windows Firewall) that may also fail to start:

• IPsec Policy Agent (PolicyAgent)
• Windows Firewall
• IKE and AuthIP IPsec Keying Modules
• Internet Connection Sharing (ICS)
• Routing and Remote Access

In my experience most of the issues starting these services are related to permissions.

Typical errors seen in relation to starting this service are:

• Event ID: 7024 – The Windows Firewall service terminated with service-specific error 5 (0x5)
• Windows could not start the Base Filtering Engine service on Local Computer. Error 5: Access is denied.
• Windows could not start the IPsec Policy Agent service on Local Computer. Error 1068: The dependency service or group failed to start.
• Windows could not start the Network Location Awareness on Local Computer. For more information, review the System Event Log. If this is a non-Microsoft service, contact the service vendor, and refer to service-specific error code -1073741288.
• The Windows Firewall service terminated with service-specific error 87 (0x57)
• Error 0x80004015: The class is configured to run as a security id different from the caller.
• The Windows Firewall service terminated with service-specific error 6801 (0x1A91).
• “net start mpssvc” in cmd.exe returns the system error 1297.

What to look for (specific details will be shared in a future blog post):

• Verify Log On permissions
• Verify registry permissions
• Verify privilege permissions
• Verify Service Dependencies
• Reset the default security permissions
• Verify that the TxR folder exists : %systemroot%\system32\config\TxR
• Verify the following registry keys by comparing them to a default Windows installation:
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BFE
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MpsSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ShareAccess

Windows OneCare

Lastly, I am including information about one issue that may be seen with the Windows OneCare Firewall Service. The following messages may be seen:

The Windows OneCare Firewall Service Could not Start

Urgent – Turn on Firewall

You will see this error in the Windows OneCare interface, with a red status action item asking you to enable the firewall. The action listed does not enable the firewall, however.

This issue is also very specific because the firewall settings in Windows OneCare are grayed out and cannot be modified.

To resolve this issue:

Use the steps below to ensure that the PATH environment variable contains the following path:

%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\WBEM

1. Click Start / Control Panel and open the System Icon.
2. In System, click the Advanced tab and then Environment Variables.
3. Ensure that in the lower box “System variables” that PATH exists. If Path does not exist click NEW and type in PATH as the variable name and enter the above path in the variable value.
4. If PATH already exists, highlight it and click Edit.
5. Under variable name, click at the end of the line to append the above mentioned path to the end of the current path. NOTE: BE SURE TO SEPERATE THE OLD PATH AND THE NEW PATH WITH A SEMI-COLON ( ; ).
6. Click OK to close the windows and restart the computer.

If this does not resolve the issue, try the following step:

1. Click Start / Run and type Regsvr32 %SystemRoot%\System32\wbem\wmidcprv.dll and click OK.
2. Restart the computer and test the firewall again.

If this does not resolve the issue, or if the problem does not match the description, please follow the steps in KB article 910659.

Article taken from technet blogs.

http://blogs.technet.com/b/networking/archive/2011/06/08/the-windows-firewall-service-fails-to-start-introduction.aspx

EMC Initialization failed – 2

Previous EMC Initialization failed -1  here.

 I opened Exchange 2010 Managment Console and an error appeared which you can see below.

Resolution:

Procedure which has to follow listed below :

1. make sure IIS WinRM extension is installed

2. open powershell and run command : WinRM Quickconfig

3. Open IIS go to Powershell virtual directory and check that SSL in disabled and authentification is set only to Anonymous

4. Open Windows powershell modules

5. run Remove-PowershellVirtualDirectory command

6. run New-PowershellVirtuallirectory command

7. IISreset

EMC Initialization failed – 1

I will discuss different Exchange Management Console Initialization failed Errors.

In this first part series, I will discuss the resolution for duplicate SIDs error message that are shown below. This message is genereated after exchange 2010 service pack installation.

 

 

 

Resolution:

 

Download and extract PSGetSid tool and check the SIDs for both DC and Exchange 2010.

http://technet.microsoft.com/en-us/sysinternals/bb897417

 

 

 If it is fresh installation.

 During the VM provisioning process  DC and Exchange server had the same server SIDs. I forcibly removed the Exchange server, cleaned up AD to remove all traces of Exchange and re-installed Exchange.

 

 The EMC Initialization Error caused by duplicated SIDs

Resolution #2 :

 The way I recovered my Exchange-VM:

•  Stop Exchange-Services
•  Copy the entire Database-Folder to a temporary location (or use the virtual data-disk for the new VM)
•  Shutdown Exchange-VM
•  Install new VM or import a template and change the SID with sysprep.
•  Remove old server account from AD
•  Rename the new VM with the old name and join the domain
•  Add the server account to the AD-group “Microsoft Exchange System Objects/Exchange Install Domain Servers” (to avoid  MSEXCHANGEADTOPOLOGY-server startup error)
•  Copy the Exchange-database to the same driver/folder
•  Run “Setup /m:RecoverServer /InstallWindowsComponents” from Exchange 2010 SP1 Folder