Wednesday, December 9, 2015

Edge transport doesn't talk to 2013 but works just fine with 2010

I could not get my Exchange 2010 Edge Transport to talk to my new Exchange 2013 server.  The Edge Transport continued to function just fine with Exchange 2010.  All the mail from my new 2013 box that was supposed to be going through the Edge Transport was just sitting in the mail queue.  I could see MSExchange EdgeSync 1032 errors in the logs.  I was also getting MSexchangeTransport 12023 errors in the event logs.  These two issues are related but I didn't know it last week when I found out that I was queuing mail.  I had to make a workaround to get mail flowing.  It wasn't until today that I fixed one and that lead me to a useful error of MSExchange EdgeSync 1033 that gave a certificate error.

I had to run
Enable-ExchangeCertificate -Thumbprint <thumbprint> -Services SMTP
to clear MSexchangeTransport 12023 error.  Using the ECP to set the "already set" SMTP flag did not work and no error or information was shown.  Running that command from EMS asked if I wanted to replace the default SMTP certificate. I answered yes and it told me there was an Edge Transport problem and to resubscribe.  Below is a partial screenshot.






I did the resubscription and all is good now.  Now I just have to tear down my workaround. 

Tuesday, December 1, 2015

Site to Zone Assignment list and IEHarden

I am going to apologize for knowingly posting something incomplete on here.  Was at work late working on this issue and I'm in zombie mode today.

If your Site to Zone Assignment list via GPO seems not to be working, and especially if it is working for some users and not other users it could be a registry setting.  If a user profile is made before changing the IE Enhanced Security Mode it will inherit the registry setting.  Then you change the setting for users via Server Manger -> "Configure IE ESC" new profiles are created without the registry setting.

I connected via remote registry and under the user section for my user sid I went to
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
and found the value IEHarden set to 1.  If I set it to 0 and restarted IE it would do what I needed it to and expected it to.

I used this to solve my problems with the error of "an add-on for this website failed to run" and wouldn't start Java for a particular set of allowed sites.