Last night, I put in IMAP over SSL for the first time. It was surprisingly easy.
More or less, it went like this:
Open up port 993 on the firewall to your Exchange server.
Make sure the IMAP service is set to automatic.
Then go to the Properties of the IMAP virtual server:
ESM -> Servername -> Protocols -> IMAP4 -> Default IMAP Virtual Server
Go to the Access tab
Hit Certificate -> Assign existing certificate -> and then you choose your SSL certificate (same one you have for OWA)
Then you need to turn off regular IMAP by requiring secured connections. Go to the properties of the Default IMAP Virtual Server and click on the Access tab. Click on Communication. Check the box for Require Secure Channel.
And really that was it. Then I was able to connect to IMAP over SSL. Of course client configurations are necessary, but that's relatively easy.
Thursday, November 29, 2007
Installing a Turbo SSL Certificate from Godaddy on an SBS box
This is from my own notes (combined with Godaddy's) on how to install a Godaddy Turbo SSL Certificate on a Windows SBS box.
buy certificate from godaddy.com web site
log in to godaddy site
click on My Account
Under My Products, click on "Manage SSL Certificates"
Click "Set up Certificate"
Select certificate you purchased
Click "activate account"
if you've created a cert before with this account, log in, if not, create a new SSL account with a more secure 8 character password and the same username
click "request certificate"
Select certiticate again and click "request certificate"
Create your CSR request for IIS using these instructions:
# Go to Internet Information Services (IIS) Manager on your Exchange server
# Go to Servername -> Web sites -> Default web site . . . and Right mouse-click to select Properties.
# Click the "Directory Security" tab.
# Click the "Server Certificate." button (located in the "Secure communications" area)
# Click "Next" in the Welcome to the "Web Server Certificate Wizard" window.
# Remove the existing certificate
# Click the "Server Certificate." button (located in the "Secure communications" area)
# Click "Next" in the Welcome to the "Web Server Certificate Wizard" window.
# Select "Create a new certificate"; then click "Next."
# Select "Prepare the request now, but send it later" and click "Next."
# In the "Name and Security Settings" window, fill in the name field for the new certificate; then select the bit length (1,024 or higher). Click Next.
# For organization unit, you can put in "na" without quotes
# Verify the information in the request and click "Next."
# On the "Completing the Web Server" screen, click "Finish."
# Open the generated CSR file; then, using a plain-text editor, such as Windows Notepad, copy and paste the CSR into the online enrollment form.
godaddy will send an email to the administrative contact for the domain and if approved, the certificate will be sent via email.
then when you have the email with the link to the certificate, follow these instructions:
Installing SSL Certificate and the Intermediate Certificate Bundle (gd_iis_intermediates.p7b)
Before you install your issued SSL certificate you must download and install our intermediate certificate bundle (gd_iis_intermediates.p7b)on your Web server. You may also download the bundle from the repository.
Once you have downloaded and saved the certificate bundle, please follow the instructions below to install it.
Installing Intermediate Certificate Bundle (gd_iis_intermediates.p7b):
1. Select Run from the start menu; then type mmc to start the Microsoft Management Console (MMC).
2. In the Management Console, select File; then "Add/Remove Snap In."
3. In the Add/Remove Snap-In dialog, select Add.
4. In the Add Standalone Snap-in dialog, choose Certificates; then click the Add button.
5. Choose Computer Account; then click Next and Finish.
6. Close the Add Standalone Snap-in dialog and click OK on the Add/Remove Snap-in dialog to return to the main MMC window.
7. If necessary, click the + icon to expand the Certificates folder so that the Intermediate Certification Authorities folder is visible.
8. Right-click on Intermediate Certification Authorities and choose All Tasks; then click Import.
9. Follow the wizard prompts to complete the installation procedure.
10. Click Browse to locate the certificate file (gd_iis_intermediates.p7b).
11. Choose Place all certificates in the following store; then use the Browse function to locate Intermediate Certification Authorities. Click Next.
12. Click Finish.
Installing SSL Certificate
1. Select the Internet Information Service console within the Administrative Tools menu.
2. Select the Web site (host) for which the certificate was made.
3. Right mouse-click and select Properties.
4. Select the Directory Security tab.
5. Select the Server Certificate option.
6. The Welcome to the Web Server Certificate Wizard windows opens. Click OK.
7. Select Process the pending request and install the certificate. Click Next.
8. Enter the location for the certificate file at the Process a Pending Request window. The file extension may be .txt or .crt instead of .cer (search for files of type all files).
9. When the correct certificate file is selected, click Next.
10. Verify the Certificate Summary to make sure all information is accurate. Click Next.
11. Select Finish.
NOTE: If the Go Daddy root certificate is currently installed on your machine you will need to disable it from the Trusted Root Certification Authorities folder. Please follow the instructions below to do this:
1. Select Run from the start menu; then type mmc to start the Microsoft Management Console (MMC).
2. In the Management Console, select File; then "Add/Remove Snap In."
3. In the Add/Remove Snap-In dialog, select Add.
4. In the Add Standalone Snap-in dialog, choose Certificates; then click the Add button.
5. Choose Computer Account; then click Next and Finish.
6. Close the Add Standalone Snap-in dialog and click OK on the Add/Remove Snap-in dialog to return to the main MMC window.
7. If necessary, click the + icon to expand the Certificates folder so that the Trusted Root Certification Authorities folder is visible..
8. Expand the Trusted Root Certification Authorities folder.
9. Double-click the Certificates folder to show a list of all certificates.
10. Find the Go Daddy Class 2 Certification Authority certificate.
11. Right-click on the certificate and select Properties.
12. Select the radio button next to Disable all purposes for this certificate.
13. Click OK.
NOTE: Do not disable the Go Daddy Secure Certification Authority certificate located in the Intermediate Certification Authorities folder. Doing so will break the server, causing it to stop sending the correct certificate chain to the browser.
buy certificate from godaddy.com web site
log in to godaddy site
click on My Account
Under My Products, click on "Manage SSL Certificates"
Click "Set up Certificate"
Select certificate you purchased
Click "activate account"
if you've created a cert before with this account, log in, if not, create a new SSL account with a more secure 8 character password and the same username
click "request certificate"
Select certiticate again and click "request certificate"
Create your CSR request for IIS using these instructions:
# Go to Internet Information Services (IIS) Manager on your Exchange server
# Go to Servername -> Web sites -> Default web site . . . and Right mouse-click to select Properties.
# Click the "Directory Security" tab.
# Click the "Server Certificate." button (located in the "Secure communications" area)
# Click "Next" in the Welcome to the "Web Server Certificate Wizard" window.
# Remove the existing certificate
# Click the "Server Certificate." button (located in the "Secure communications" area)
# Click "Next" in the Welcome to the "Web Server Certificate Wizard" window.
# Select "Create a new certificate"; then click "Next."
# Select "Prepare the request now, but send it later" and click "Next."
# In the "Name and Security Settings" window, fill in the name field for the new certificate; then select the bit length (1,024 or higher). Click Next.
# For organization unit, you can put in "na" without quotes
# Verify the information in the request and click "Next."
# On the "Completing the Web Server" screen, click "Finish."
# Open the generated CSR file; then, using a plain-text editor, such as Windows Notepad, copy and paste the CSR into the online enrollment form.
godaddy will send an email to the administrative contact for the domain and if approved, the certificate will be sent via email.
then when you have the email with the link to the certificate, follow these instructions:
Installing SSL Certificate and the Intermediate Certificate Bundle (gd_iis_intermediates.p7b)
Before you install your issued SSL certificate you must download and install our intermediate certificate bundle (gd_iis_intermediates.p7b)on your Web server. You may also download the bundle from the repository.
Once you have downloaded and saved the certificate bundle, please follow the instructions below to install it.
Installing Intermediate Certificate Bundle (gd_iis_intermediates.p7b):
1. Select Run from the start menu; then type mmc to start the Microsoft Management Console (MMC).
2. In the Management Console, select File; then "Add/Remove Snap In."
3. In the Add/Remove Snap-In dialog, select Add.
4. In the Add Standalone Snap-in dialog, choose Certificates; then click the Add button.
5. Choose Computer Account; then click Next and Finish.
6. Close the Add Standalone Snap-in dialog and click OK on the Add/Remove Snap-in dialog to return to the main MMC window.
7. If necessary, click the + icon to expand the Certificates folder so that the Intermediate Certification Authorities folder is visible.
8. Right-click on Intermediate Certification Authorities and choose All Tasks; then click Import.
9. Follow the wizard prompts to complete the installation procedure.
10. Click Browse to locate the certificate file (gd_iis_intermediates.p7b).
11. Choose Place all certificates in the following store; then use the Browse function to locate Intermediate Certification Authorities. Click Next.
12. Click Finish.
Installing SSL Certificate
1. Select the Internet Information Service console within the Administrative Tools menu.
2. Select the Web site (host) for which the certificate was made.
3. Right mouse-click and select Properties.
4. Select the Directory Security tab.
5. Select the Server Certificate option.
6. The Welcome to the Web Server Certificate Wizard windows opens. Click OK.
7. Select Process the pending request and install the certificate. Click Next.
8. Enter the location for the certificate file at the Process a Pending Request window. The file extension may be .txt or .crt instead of .cer (search for files of type all files).
9. When the correct certificate file is selected, click Next.
10. Verify the Certificate Summary to make sure all information is accurate. Click Next.
11. Select Finish.
NOTE: If the Go Daddy root certificate is currently installed on your machine you will need to disable it from the Trusted Root Certification Authorities folder. Please follow the instructions below to do this:
1. Select Run from the start menu; then type mmc to start the Microsoft Management Console (MMC).
2. In the Management Console, select File; then "Add/Remove Snap In."
3. In the Add/Remove Snap-In dialog, select Add.
4. In the Add Standalone Snap-in dialog, choose Certificates; then click the Add button.
5. Choose Computer Account; then click Next and Finish.
6. Close the Add Standalone Snap-in dialog and click OK on the Add/Remove Snap-in dialog to return to the main MMC window.
7. If necessary, click the + icon to expand the Certificates folder so that the Trusted Root Certification Authorities folder is visible..
8. Expand the Trusted Root Certification Authorities folder.
9. Double-click the Certificates folder to show a list of all certificates.
10. Find the Go Daddy Class 2 Certification Authority certificate.
11. Right-click on the certificate and select Properties.
12. Select the radio button next to Disable all purposes for this certificate.
13. Click OK.
NOTE: Do not disable the Go Daddy Secure Certification Authority certificate located in the Intermediate Certification Authorities folder. Doing so will break the server, causing it to stop sending the correct certificate chain to the browser.
Monday, November 26, 2007
Control F5 to refresh and reload
Interesting tidbit I learned today about clearing the cache on a page. You can press Control F5 and it will reload a page an all its component parts:
http://blog.httpwatch.com/2007/10/19/using-ctrlf5-in-ie-7/
http://blog.httpwatch.com/2007/10/19/using-ctrlf5-in-ie-7/
Wednesday, November 21, 2007
Revision data removed error in Word 2002 and Word 2003
It had been a while since I came across this error, but I just did, and I had to dig deep to remember the very simple solution.
Sometimes when a document is passed between Word 2002 and Word 2003 and track changes are used, you get this weird "revision - data removed" error. And then you can't open the document in Word 2002. But you can this weird window when opening the document in Word 2003.
I don't know what the user does necessarily to cause this (because I have lots of users exchanging documents between Word 02 and Word 03 with track changes) - but when you see it, the simple fix is to select all and past the entire document into a new blank document. And then resave it. Whatever code that is causing the problem is eliminated.
Sometimes when a document is passed between Word 2002 and Word 2003 and track changes are used, you get this weird "revision - data removed" error. And then you can't open the document in Word 2002. But you can this weird window when opening the document in Word 2003.
I don't know what the user does necessarily to cause this (because I have lots of users exchanging documents between Word 02 and Word 03 with track changes) - but when you see it, the simple fix is to select all and past the entire document into a new blank document. And then resave it. Whatever code that is causing the problem is eliminated.
Saturday, November 17, 2007
Making the Intelligent Message Filter (IMF) download updates.
- Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Exchange
- Add a key of “ContentFilterState” and give it a DWORD value of 1.
Thursday, November 15, 2007
Outlook 2007 crashing because of Acrobat add-in
I had an issue with Outlook checking its data file each time it opened, so I researched it and found it was Outlook not closing properly. Anyway, lots of opinions pointed to the PDFMOutlook add-in from Adobe Acrobat. I tried to disable the add-in from:
Tools | Trust-Center | Add-ins
but it gave me an error, so I went here and changed the LoadBehavior from 3 to 0 from the PDFMOutlook add-in:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins
Tools | Trust-Center | Add-ins
but it gave me an error, so I went here and changed the LoadBehavior from 3 to 0 from the PDFMOutlook add-in:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins
disable autotune on vista for better network performance
I have found network performance awful with Vista. To make matters worse, it tells you the transfer speed while it's copying data on your network. How in the hell I am getting 500 KB/s transfer speed on a 100 Mb/s wired network?
I read that you can run this command:
netsh int tcp set global autotuninglevel=disable
and it will disable autotune which is the cuplrit here. As with most things, I found a great description at Daniel Petri's site:
netsh int tcp set global autotuninglevel=disable
update - Vista does copy files slowly, but after this I noted that it was copying over the wireless and not the wired connection. I'll never understand why, but some computers have the wireless connection prioritized above a wired connection. My next blog post will be about how to switch those settings.
I read that you can run this command:
netsh int tcp set global autotuninglevel=disable
and it will disable autotune which is the cuplrit here. As with most things, I found a great description at Daniel Petri's site:
netsh int tcp set global autotuninglevel=disable
update - Vista does copy files slowly, but after this I noted that it was copying over the wireless and not the wired connection. I'll never understand why, but some computers have the wireless connection prioritized above a wired connection. My next blog post will be about how to switch those settings.
Subscribe to:
Posts (Atom)