I had a customer come to me with the need to renew their Exchange SSL certificate. Since they needed to add additional SAN names to the request, they had created a new certificate request instead of clicking renew on the current certificate. The process was followed through getting the certificate from the 3rd party vendor and then it came time to complete the pending certificate request.
The customer had created a couple of certificate requests because the fist one did not contain the correct subject alternative names and so they cleaned up the pending requests…they cleaned up the one that was needed as well! This means that importing the request to Exchange will fail because the private key is no longer available to Exchange.
One option could have been to do another certificate request and not delete it this time but they asked if there was any way to use their current certificate and fix their issue.
I went back to an article for IIS 6.0 on TechNet pertaining to this same issue only in IIS and thought I would give it a shot. I had used it years ago but not with Exchange. This actually worked perfectly with a few additional steps so I wanted to document in case anyone else found themselves in this odd situation.
- Initial Exchange certificate request which will be the file with a .cer extension
- command line access on a windows server. this can be on the exchange server.
Repairing your certificate
- At the command prompt, navigate to c:\windows\system32
- type certutil -addstore my c:\….\certnew.cer – thisis the parth to your .cer file
- Open up the .cer file and navigate to the details tab. Find the certificate thumbprint and copy it
- return to the command prompt and type: certutil -repairstore my “”
- Your certificate will now be in the personal store of the computer you are on.
- Open an mmc.msc console and add the certificates snap-in (chose local computer)
- navigate to the personal store and find your certificate
- right-click on the certificate and go to properties
- Enter a friendly name for the certificate and click OK.
- Finally, Export the certificate as .pfx with the private key and provide a password
Importing certificate into Exchange 2013
- Navigate to the ECP webpage
- go to Servers -> certificates
- click on the ellipsis … and “Import Exchange Certificate”
- Enter the path to the .pfx file and enter the password
- Select the servers to import the certificate into
- Finish out the import process
At this point you are able to move services to this new certificate and are ready to rock and roll!
The wait is over!
Microsoft has recently released an updated version of Exchange User Monitor, of which you can download (along with the documentation) here, that is supported with Exchange 2013 and Exchange 2016.
The documentation comes complete with install instructions, what the tool is used for and how to collect, retrieve, display and export data. ExMon can be installed on any Exchange 2013 server hosting the Mailbox Role, or any Windows 7 and higher client OS.
Below are some of the uses for ExMon taken from the user documentation:
Using ExMon, administrators can view the following:
- Show the RPC data based on the user
- Show the RPC data based on the RPC Operation
- Show the RPC data based on the specific application
- Show the RPC data based on the Admin Client Type
- Show the RPC data in the Raw form
- Show the RPC data in the Admin Raw form
- Show the RPC data in the Task by client Type
- Show the RPC data in the Task raw
Within each view, the user can drill down to get additional information on:
- Microsoft Office Outlook® versions and mode
- Client monitoring data Resource use, such as:
- CPU usage
- Server-side processor latency
- Network bytes
- RPC Operations, components and Action
Please find the official release HERE and related TechNet documentation HERE to start getting immersed in the latest platform from Microsoft.
The Exchange Team has released the first preview of Exchange 2016 to the public after its introduction at the Ignite 2015 conference in Chicago. Please view the write-up HERE where you can find more information and download the bits.
In the past, my current employer had purchased some smaller companies to broaden its array of products. These companies had been left pretty much as stand-alone infrastructures with minimal integration (Forest Trusts) to the parent company’s infrastructure. This included separate Exchange organizations, one with Archiving and one without. Upon my arrival, one of the larger companies was just at the tail end of being migrated into the parent company’s domain as far as user accounts and Exchange mailboxes were concerned. This left an Exchange 2003 and Symantec Enterprise Vault environment for me to complete the migration.
Having run into a scenario where sensitive information was sent to the wrong people, I had to come up with a fast solution to retract the messages so that as few people as possible had access to the message . Yes the sender could have tried to recall the message through Outlook but that doesn’t ensure that you can get every message back; only ones that have a status of unread. Also this contributes to more messages that need to be cleaned up in the event the message wasn’t successfully removed. Below are two commands to quickly remove messages to a temp mailbox in case you need to verify before deleting permanently. Continue reading
I have monitored various Exchange versions with SCOM previously with 2003 and 2007 and I am just now getting around to setting up Exchange 2010 monitoring in SCOM 2012. This is meant to be a gathering spot for all of the information I needed from various websites so that I can give credit to those who have figured out different pieces and also to give you a one-stop shop for the information. I will not go into overrides in this post. My setup consists of one Management Server, one Web Server/Data Warehouse, one Reporting Server, and the Database Server is SQL 2008 R2 clustered. Continue reading