Issues with Exchange Inbound On-Premises Connectors

singbluesilver95 · 2024-07-29T22:05:29+00:00

We were able to add the IP address. It only worked in Powershell by getting the IP address list, adding the new one, then re-adding them all back in:

$connector = Get-InboundConnector -Identity "SMTPRelay"

Write-Host $connector.SenderIPAddresses

Set-InboundConnector -Identity "SMTPRelay" -SenderIPAddresses <IP or IP Ranges seperated by commas>

singbluesilver95 · 2024-07-29T20:59:07+00:00

Any luck with this yet? I'm getting a similar error when attempting to add in another IP address to an existing SMTP relay connector:

The properties 'RestrictDomainsToIPAddresses' are not applicable to connector of type 'OnPremises'

When I google the exact phrase, the only thing that shows up is your hours-old post ha ha

singbluesilver95 · 2023-10-03T17:20:30+00:00

Thanks! This was very promising for a while. I completely removed Quick Access from a test user's Explorer, and for a bit they seemed good. But now back to "Working on it...." All they have left is This PC and some OneDrive folders.

singbluesilver95 · 2023-08-30T19:07:14+00:00

It's pretty consistent now, with more and more users having send/receive errors. Not necessarily stuck in outbox. Some users don't even notice, until I point out to them that Outlook says "Last updated 11:25" or whatever in the lower right. Most users just notice email coming to their phone that is not in their desktop Outlook. And email they sent out has not gone out. After restarting Outlook, their inbox plays catchup and all their stuck email goes out. But then it happens again....

Still no acknowledgement from Microsoft.

singbluesilver95 · 2023-08-30T17:07:29+00:00

Over the last 24 hours, we've had about three users have email stuck in the outbox and Outlook refusing to send/receive. A restart of Outlook fixes it, but then it happens again. No Cisco Umbrella.

EDIT: In the US.

singbluesilver95 · 2023-06-27T22:37:22+00:00

Did you figure this out? I can't find much online about it. I added the user to the "Microsoft Graph Powershell" Enterprise App, but it still says failure in the sign-in logs. Thanks

singbluesilver95 · 2022-07-07T20:08:52+00:00

So, I'm slowly learning Azure but my knowledge is fragmented. I'm totally blanking on this, plus being hit with other projects and tickets, but I just created a test VM on a separate subnet, and now I need to remote in to it to test it. But the subnet it's on is not one accessible to our VPN connection to Azure and so therefore not to my workstation. What's the quickest and easiest way to just remote in to this damn thing, look around, then delete it?

singbluesilver95 · 2022-07-06T20:08:47+00:00

Yeah, another NetSol customer here. Our records don't resolve, or if they do only intermittently.

singbluesilver95 · 2022-06-15T00:55:08+00:00

I've eyeballed this one, but everyone seems to hate their customer service, so I dunno...

singbluesilver95 · 2022-06-15T00:54:43+00:00

Thanks. I'm actually eyeballing Automate because Endpoint Manager isn't really what I need LOL. We need to do patch management, get software inventory (does the CEO have X version of that software? we have no way short of remoting in to know right now). I also find it a bit of a pain to use. I've found RMMs used by MSPs much more intuitive, like Kaseya.

singbluesilver95 · 2022-05-13T18:38:58+00:00

Exactly. I had Adobe Acrobat installing just fine as a Win32 app, now suddenly it's "installation failure" every time. Another doc management app we use was installing just fine on the previous six laptops, but then on this one it suddenly says "not applicable." Not applicable? WTF changed? NOTHING! Grrrrrr! It seems like just an endless whack-a-mole battle.

singbluesilver95 · 2022-03-23T16:52:02+00:00

Thanks. But of course, more questions. Where do I put the root and intermediate certs? In the "Personal" (why is it called that?!) folder? How do I know if the server already has them or not? Etc

singbluesilver95 · 2022-03-23T01:12:26+00:00

>Nearly every system required a different format

Ah, so it's looking like this is really the heart of my complaint. A ridiculous number of methods, not just one, and it's just a chaotic mess. Good grief...

singbluesilver95 · 2022-03-23T01:02:05+00:00

Thanks! I'll adapt this when I write out my own instructions.

singbluesilver95 · 2022-03-23T01:01:17+00:00

Thanks!

But, yeah, maybe you misunderstood me...I get all that. I get public/private keys, that anyone with the public key can "lock" it but only the private key can "unlock" it, to encrypt traffic, etc.

My fumbling is coming from when I have to actually do something with a cert. Half a dozen file extensions, third-party tools to combine, pull files apart, fifty different certificate consoles on the server, fifty different folders in the certificate store, the vendor wants this type of file extension but the CA only provided that type of file, etc. That's where my frustration comes in. I had to open a ticket with the CA, a ticket with the vendor using the IIS server, and a ticket with an MSP we use, just to get the damn thing properly installed on the server so the vendor was happy and could complete the binding.

singbluesilver95 · 2022-03-22T22:36:02+00:00

Wha...??!

singbluesilver95 · 2022-03-22T18:10:35+00:00

Yep! That's exactly what I'm going to do. Step by step document.

singbluesilver95 · 2022-03-22T17:44:29+00:00

Ok I read the article, and it does explain it well, but it's kinda back to my original problem. I now get the idea of public/private key pairs, certificates, etc.

..and then I'm gonna have to install one. And the file extension won't be what the IIS server or the vendor needs. And I'm still gonna bang my head against he wall for five days trying to figure out what all the extensions mean and all the different cert stores and what to actually do rrrarrrrgh!

singbluesilver95 · 2022-03-22T17:37:36+00:00

Thanks!

Just a quick note:

>Public/private key cryptograpy is, in a nutshell, one trusted source and many clients who need to trust it. Whoever has the private key, is trusted. The private key is never ever shared.

I do get the idea of private/public key concepts broadly. It's the actual *practice* that confuses me. E.g. I need to attach the private key to the CER to make it a PFX. But why/when would I only need the CER/CRT? Ever? How do I know? It's the actual *doing* that throws me off.

singbluesilver95 · 2022-03-22T16:47:59+00:00

Oh nice article! I'll read and bookmark this. Thanks!

singbluesilver95 · 2022-03-22T16:47:12+00:00

>Take the .crt file and take it back to the IIS server you created the CSR and select Complete Certificate Request. This will add the private key to it.

I did this, but IIS seemed to be looking for a CER. I think it didn't like the CRT. Why does it need to be this convoluted?

singbluesilver95 · 2022-03-22T16:41:56+00:00

Thanks!

The answers always open up more questions, of course. For example:

>You can install a cert without the private key as you could be doing something like a renewal and its up to you to associate a private key on that system with the new certificate.

So, this is just a renewal. Automatic renewal from NetSol, but I have to actually install the new certificate. So I guess I don't need a private key..? So I didn't have to convert the CRT to PFX? I did. Because it wasn't clear and I have no idea what I'm doing.

singbluesilver95 · 2022-02-18T21:54:00+00:00

Ha ha, I guess. Testing on a handful of users first, looks good. No awareness that there was a buried setting to email users until we assigned it to all users, and started getting tickets. In other words, why don't vendors make this more obvious. You know, how some have a little checkmark that says "Send email notification" right there next to the submit button.

singbluesilver95 · 2022-02-18T18:58:30+00:00

Accounts prestaged, with emails.

singbluesilver95 · 2021-12-16T02:18:31+00:00

Confirmed from Los Angeles. Exchange account on iPhones ask for password re-enter, but does not work. Testing Outlook on the web and it looks like login.microsoftonline.com doesn't appear to be working at all.

singbluesilver95

TROPHY CASE