Check Whether the Exchange Server is an Open SMTP Relay using a Telnet Test
A Telnet test involves establishing a Telnet session from a computer that is not located on the local network to the external (public) IP address of the Exchange server. You need to carry out the test from a machine at home, or from another office. Doing the test from a machine on your own network will produce useless results.
- Start a command prompt.
Either click start, run and type CMD
or Choose Command Prompt from Start, Programs, Accessories, Command Prompt
- Type “telnet” (minus quotes) and press enter.
- At the Telnet prompt, type
(minus quotes) and press enter. This lets you see what is going on.
- Still in the telnet prompt, enter the following command and then press enter
open external-ip 25
where external-ip is your external IP address eg:
open 111.222.333.444 25
- You should get a response back similar to the following:
220 mail.server.domain Microsoft ESMTP MAIL Service, Version: 6.0.2790.0 Ready at
- Type the following command in to the telnet windows:
and press enter (note “testdomain.com” can be anything that isn’t a domain that the Exchange server is responsible for.
- After pressing OK you should get a response back
- Type the following command in to the telnet window:
and press enter (again where address@testdomain is an email address that is not on the Exchange server. Note the lack of space between from and the first part of the address).
- After pressing OK you should get a response back:
250 2.1.0 firstname.lastname@example.org….Sender OK
- Type the following command in to the telnet window:
and then press enter (where email@example.com is not either an address you use internally or the address you entered earlier as the from. Once again note the lack of space between to and the first part of the e-mail address).
- After pressing enter you will get one of two responses.
If you get
550 5.7.1 Unable to relay for firstname.lastname@example.org
then you are relay secure.
However if you get
250 2.1.5 email@example.com
Then you are an open relay.
Open gpedit.msc and browse to the location /Computer Configuration/Administrative Templates/System/Internet Communication Management/Internet Communication Settings and double click “turn off access to all windows update features” and set it to disabled.
Open regedit and back up the key
Remove reg key from regedit
and delete WindowsUpdate as it may contain your administrator settings for windows update which includes a WSUS server address, this entry prevents your windows update from contacting windows update directly.
Windows Server Time Sync Configuration
The following steps can be used to configure DCs the default Windows time service hierarchy in an AD forest. The procedure will also remove any errors in the Event Viewer, if any existed.
Do not use if you are using a third party stratum service and refer to the vendor’s documentation for further instructions
Check and Document the Current Time Configuration on the PDC Emulator
Download BGInfo from HERE
Extract and Open bginfo. On the Right side of the configuration window, you can edit the content to customize the fields to appear on your system wallpaper. Once edited, click file -> Save as -> Type the name as .bgi and select location C:\BGInfo folder BGInfo folder should
Windows Registry Editor Version 5.00
No longer need to login every time I boot up my test server
Cisco Devices are not effected as they are running OpenSSL version 0.9.8 on the newest 9.01 IOS Software. Most Cisco Firewalls have Older IOS versions and therefore have older versions of OpenSSL.
The heartbleed bug was introduced in OpenSSL 1.0.1 and is present in
The bug is not present in 1.0.1g, nor is it present in the 1.0.0 branch nor the 0.9.8 branch of OpenSSL.
Microsoft Remote Desktop Services / RDS website Errors from a Windows 8 machine or a pc with Internet Explorer 10 or 11. You get the below Error
Browser Not Supported - This Web browser is not supported by RD Web Access. RD Web Access requires Internet Explorer 6.0 or later. You can download the latest version of Internet Explorer from the Windows Update Web site
This is caused by Microsoft not releasing an update to 2008 to allow it to be accessed in the later browsers. In order to get it to work we can implement a workaround that forces machines with newer browsers to access the site as IE9 compatability view.
When creating a new Receive Connector on Exchange Server 2007 SP3 (Update Rollup 2) the creation failed with a non-retriabele error and a “the requested attribute does not exist” error:
Active Directory operation failed on GL-SRV.test.local. This error is not retriable. Additional information: The parameter is incorrect.
Active directory response: 00000057: LdapErr: DSID-0C090C26, comment: Error in attribute conversion operation, data 0, v1772
The requested attribute does not exist.
Exchange Management Shell command attempted:
new-ReceiveConnector -Name ‘mail.gltest.com’ -Usage ‘Internet’ -Bindings ‘0.0.0.0:25’ -Fqdn ‘mail.gltest.com’ -Server ‘GL-SRV’
Elapsed Time: 00:00:00
According to this article on the Microsoft Exchange Team site more people are facing this issue (scroll through the comments). It looks like something specific to UR1 and UR2 for Exchange Server 2007 SP3:http://blogs.technet.com/b/exchange/archive/2010/09/09/3410985.aspx
Microsoft is aware of this issue and it is currently being investigated. It looks like the schema upgrade during SP3 is not performed properly sometimes, resulting in an incorrect schema for Service Pack 3. Unfortunately the setup application of SP3 continues, resulting in these kind of errors.
You can solve it by running the Exchange 2007 SP3 schema upgrade again:
After this creation of a new Receive Connector is successful.