Test Layout

Microsoft has a couple of free online training events coming up in July: What's New in Windows Server 2012 R2 Jumpstart (July 10/11) What's New in System Center 2012 R2 Jumpstart (July 15) After these events are over, Microsoft typically makes them available as online videos. I expect that the above links will be updated.

While testing mail flow before an Exchange 2007 to Exchange 2013 migration is received the following error from an Exchange 2013 server to an Exchange 2007 server: 454 4.7.0 Temporary authentication failure Further investigation in the SMTP receive protocol log showed this error: Inbound ExchangeAuth negotiation failed because of UnexpetectedExchagneAuthBlob Luckily based on some quick searches I was able to identify time synchronization as the source of the issue. Active Directory authentication starts to fail when time synchronization is not within 5 minutes. In this case the time difference was 6 minutes. In the short term, I change the time on one server and verified that mail flow started to work properly. Long run I need to identify why time what not properly synchronized and fix it.

I'm just performing a migration from Exchange 2007 to Exchange 2013. After installing Exchange 2013 and configuring the certificates, my next step was to verify mail flow between the two systems. Mail flow from Exchange 2007 to Exchange 2013 was fine. However, mail flow from Exchange 2013 to Exchange 2007 was failing. In the Queue Viewer on the Exchange 2013 server I could see the following message: 451 4.4.0 Primary target IP address responded with: "451 5.7.3 Cannot achieve Exchange Server authentication." Attempted failover to alternate host, but that did not succeed. Either there are no alternate hosts, or delivery failed to all alternate hosts. This message indicates that Exchange Server authentication is failing before the message is sent. This can happen because of the following reasons: A firewall between the servers strips out extended SMTP verbs that are required for Exchange Server authentication. Specifically the following SMTP verbs must be allowed: X-ANONYMO

In most cases, you should have anti-spam filtering for Exchange 2010 that is provided by software other than Exchange 2010. Exchange 2010 has some basic anti-spam filtering features but they are not as nice or easy to work with as online filtering services (such as ForeFront Online for Exchange) or on-premises services (such as Barracuda devices or Symantec Mail security). Note: SBS2011 enables the built-in anti-spam filtering capabilities of Exchange 2010 by default. If you select to use the spam filtering in Exchange 2010 (or do so by accident) it's pretty awkward to view the logs. The only interface provided by Exchange 2010 is the Get-Agent log cmdlet. This cmdlet only gives parameters to display by start date and end date. You'll need to filter down the output of Get-AgentLog to see only what you want. To make life easier for you, here are the list of properties supplied for each message that you can filter based-on: RunspaceId - Not useful Timestamp - But you'd use t

On June 3rd, Microsoft released a new version of DirSync (Windows Azure Directory Sync Tool) that can synchronize on-premises password up to Office 365. With the addition of this functionality, you can have users log on to Office 365 without the requirement to configure Active Directory Federation Services (AD FS). Let me give a fairly long explanation as to why this is a good thing. First, how did it look with AD FS. O365 Authentication with AD FS A traditional configuration of O365 with single sign-on allows users to authenticate to O365 by using their corporate username and password. To enable this process, two components needed to be in place: DirSync. This component replicates information from the on-premises AD to O365. This allows on-premises user accounts to be automatically created in the cloud. AD FS. This component is a service that provides authentication for external services that use the on-premises AD as a source for user accounts.  For example, when you authenticate to