Archive for the ‘Software’ Category

Horror of MS Exchange 2010 installation

MS Exchange | Posted by p_lider August 23rd, 2010

Before you install MS Exchange 2007 or 2010 make sure, that IPV6 protocol is either fully enabled in all interfaces or fully disabled. Failed to do so will render your server to be almost inaccessible just after MS Exchange installation (the network provider services will not start or at least will start after very, very long delay). This is probably caused due to a bug (or mistake in design) in  MS Exchange networking services.

To make the bad thing worse, the MS Exchange 2010 installer do not install all the required Windows Server 2008 roles and features making the installation of MS Exchange even more complicated. Follow the following article to install all the necessary roles for your server to work properly: http://technet.microsoft.com/en-us/library/bb691354.aspx

Moreover, if you see “Topology” errors in Event Log after the Exchange server installation you have to add “Audit security log” right for user “Enterprise Exchange Servers” in a domain-wide Group Policy Object.

Anyone can tell me why Microsoft is doing this? Can’t the installer do everything which is needed for the product to work? Akhh…

No Comments »

Changing IIS web server certificates without any downtime

IIS | Posted by p_lider August 23rd, 2010

Once, during my work, I have been asked to replace unsigned certificates with the signed ones for our Exchange email servers, so people using OWA will no longer see a “Certificate error” message. I made a little search and found cheap certificates on the web. So I started to look for a way to do a certificate request and replace current certificates with the new, signed ones. Unfortunately, I did not find any official way from Microsoft to do this in IIS 6.0 server causing no downtime to the web servers. The problem was as follows:

If I choose (in IIS Manager) to create a new Certificate request for the web site hosting MS Exchange OWA application then the website will be inaccessible (because the IIS in its glory will discard the previously used certificate and wait until the current request will be properly completed with the response from CA) till the day I will obtain the response from the CA. Such long downtime was of course not acceptable. Fortunately, I found a way to work around this limitation:

  1. I created a new, blank web site using IIS manager.
  2. Then I created the new certificate request for this blank website (however, which was VERY IMPORTANT, while creating this request I filled the CN attribute with the address of the web site hosting OWA application, NOT the address of the blank web site).
  3. I sent the request to CA and wait for their response.
  4. Once I got the response I completed the certificate request on the blank page which made the certificate to be fully installed in the certificate store for the IIS.
  5. At the end I just went back to the right web site (the one which was hosting OWA) and replaced the current certificate with the one, which was installed for the blank web site.

 That did the trick and the web site did not suffer any downtime. Of course, this trick will work for any web site in IIS, not only the ones hosting OWA application.

1 Comment »