Exchange Server

Screenshot1

Hot To Enable TLS 1.2 in Windows Server 2008 or 2016

Hot To Enable TLS 1.2 in Windows Server 2008 or 2016 We previously had a post that handled this solutions called: How to Enable TLS 1.2 on Windows 2008 R2 This post is an update to how the enable and Mange TLS 1.2 on Windows Servers. The reason for the update is because we now use a free tool when we are managing our servers. But first some background.  What you need to know about TLS 1.2 According to…https://docs.microsoft.com/en-us/windows/desktop/SecAuthN/protocols-in-tls-ssl–schannel-ssp- TLS 1.2 client and server are enabled by default. But… https://social.technet.microsoft.com/Forums/en-US/cb1a695b-a15c-4fa7-94f0-1aaa20c1279d/enabling-tls-12-on-windows-server-2012-amp-2016?forum=winserversecurity …says Turns out it is, but not enabled for SCHANNEL service Hence you MUST follow… https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/operations/manage-ssl-protocols-in-ad-fs#enable-and-disable-tls-12 Please articulate this! Say… You can enable and disable SSL 2.0 and 3.0 and TLS versions 1.0, 1.1, and 1.2 using Manage SSL Protocols in AD FS. On Windows Server 2016, to use TLS 1.2, you must explicity enable it by following instructions at… Read More »Hot To Enable TLS 1.2 in Windows Server 2008 or 2016

Screen Shot 2020 09 14 at 18.39.49 1

How To Fix – SPF Too many included lookups Failure

The Solution to the 10 DNS Query Limit with SPF records. How To Fix – SPF Too many included lookups Failure. The problem you may have is something like this. You use a tool like our two favourite tools here: 1. MXToolbox SPF Checker 2. DMARCLY SPF Tool And they return the error that you have: Too many included lookups (16) Or The SPF record exceeds the 10 DNS query limit, which results in deteriorated email deliverability. Use DMARCLY’s Safe SPF feature to fix this issue. This error is generated by your SPF record referring more than 10 times to look up a DNS record while resolving your SPF record. You can look around the web a bit more for why this limit is in place, but you need to know that if you SPF record fails with these types of messages when testing, that the entire SPF record is… Read More »How To Fix – SPF Too many included lookups Failure

DKIM on Exchange

Setting up DKIM for Exchange Server for DMARC

Setting up DKIM for Exchange Server Out of the box Exchange Server does not support DKIM signing. And it doesn’t look like Microsoft has any intention of adding this feature any time soon. So for now the best way to implement DKIM signing is via third party a plugin. What is DKIM? DKIM (DomainKeys Identified Mail) is an email security standard designed to make sure messages weren’t altered in transit between the sending and recipient servers. It uses public-key cryptography to sign email with a private key as it leaves a sending server. Recipient servers can then use a public key published to a domain’s DNS to verify the source of the message, and that the body of the message hasn’t changed during transit. Once the hash made with the private key is verified with the public key by the recipient server, the message passes DKIM and is considered authentic.… Read More »Setting up DKIM for Exchange Server for DMARC

Outlook 365 Keeps Prompting for Password After August 2017

Outlook 365 Keeps Prompting for Password After August 2017 In August 2017 Microsoft released another version of Outlook for Office 365 for PC that caused a major problem for people connecting to Exchange 2016 servers. This problems is all to do with the AutoDiscovery setup that Outlook uses. Microsoft appear to have set outlook to use their Office 365 servers as an initial point of setup configuration regardless of how you have configured AutoDiscovery. The bottom line is that outlook keeps trying to authenticate agains office365 and not your own server. While this is a known issue, as of January 2018 it has not been fixed in the next version of Outlook. The Fix There are two fixes, and either one should work. We suggest Fix 1 Fix 1 First one involves setting a registry entry on the computer experiencing the issue. To fix this issue, create a text file and… Read More »Outlook 365 Keeps Prompting for Password After August 2017

Exchange Server MAPI Speed

How to Fix Outlook Slow and Unresponsive with MAPI over HTTP to Exchange 2016

Outlook Slow and Unresponsive wiht MAPI over HTTP to Exchange 2016 Server In our case the versions in question were found to be: Outlook 2013 connecting to Exchange 2016 with MAPI over HTTP enabled. Reported Problems The user reported that outlook was slow to open email, and unresponsive with searching in outlook. The CTRL right click on the Outlook connection icon (bottom right) showed the connection was made with HTTP The Problem It is reported that MAPI over HTTP which is a newer connection method of laterExchange servers and potential better and more reliable for devices connecting has some unreliabilities in some instances with earlier version of Outlook. Our testing shows that later outlook versions and the Mac versions of outlook have no troubles at all. The Solution IN Exchange 2016 it is possible to disable MAPI for a users mailbox. The issue this may have is that they could… Read More »How to Fix Outlook Slow and Unresponsive with MAPI over HTTP to Exchange 2016

Enabling TLS 1.2 1

How to Enable TLS 1.2 on Windows 2008 R2

Problem How to enable TLS 1.2 on Windows Server 2008 R2?   Note: We have an update to this post that has a new and better solution. We now suggest you read: How to Enable TLS 1.2 in Windows Server 2008 or Windows Server 2016 Resolution QuoVadis recommends enabling and using the TLS 1.2 protocol on your server.  TLS 1.2 has improvements over previous versions of the TLS and SSL protocol which will improve your level of security.  By default, Windows Server 2008 R2 does not have this feature enabled.  This KB article will describe the process to enable this.   Start the registry editor by clicking on Start and Run. Type in “regedit” into the Run field (without quotations). Highlight Computer at the top of the registry tree.  Backup the registry first by clicking on File and then on Export.  Select a file location to save the registry file. Note:  You will be editing the registry.  This could have detrimental effects on… Read More »How to Enable TLS 1.2 on Windows 2008 R2