0 votes

Hello,
We are running Adaxes v. 2013.1. We have created a custom command that does the following:
Modify mailbox settings for the User: enable Exchange ActiveSync, enable Outlook Mobile Access, enable User Initiated Synchronization, enable Up-to-date Notifications

It throws the following error in the event log:

Failed to create a remote PowerShell session on the following Exchange servers:
<Mail Server Name>: Connecting to remote server failed with the following error message : The server certificate on the destination computer (<MAILSERVER>.<DOMAIN>:443) has the following errors: 
The SSL certificate could not be checked for revocation. The server used to check for revocation might be unreachable. For more information, see the about_Remote_Troubleshooting Help topic.

When looking at this topic in the Microsoft Knowledge base, it is recommended that we skip the revocation check:
http://support.microsoft.com/kb/2792168

Is there any way to change how Adaxes authenticates with a mail server running running that PS command?

by (70 points)

1 Answer

0 votes
by (216k points)
selected by
Best answer

Hello,

Currently, you cannot change the way how Adaxes authenticates on Exchange servers. In our next release, we will change the way how Adaxes connects to Exchange Servers, and the certificate revocation check will be skipped by default.

Until the fix is available, you can perform the necessary Exchange management operations with the help of PowerShell scripts. If you need assistance with the scripts, we can help you.

Alternatively, if you need this functionality urgently, we can make a custom build for you that will fix the issue.

0

Thank you.

I do have a question about running the remote PS script. I have successfully tested the below script in PS

$cred = Get-Credential
$sessionOption = New-PSSessionOption -SkipRevocationCheck -SkipCACheck
Enter-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http://<mailserver>.<domain>/PowerShell/ -Authentication Kerberos -Credential $cred -SessionOption $sessionOption
Set-CASMailbox <user ID> -ActiveSyncEnabled $true
Exit-PSSession

In Adaxes, I would replace <user ID> with %userPrincipalName%
However, how do I supply a username and password using the Adaxes service account without revealing it in the PS script? Also, the Adaxes server and the mail server are on separate domains.

0

Hello,

In Adaxes 2013.1, the ExecuteScriptContext class has been extended with the RunAs property that allows to get the credentials of the user account under which the script is executed. In scripts, you can access this property via the built-in $Context variable.

So, what we can suggest is that you specify the credentials necessary for connecting to the Exchange Server in the Run As section of the Run a program or PowerShell script action that is used to launch the script. Then, you can access the credentials in the script using the $Context.RunAs property. To create a Custom Command that launches your script and uses the credentials stored in the RunAs property to connect to your Exchange Server:

  1. Create a new Custom Command.

  2. On the 2nd step of the Create Custom Command wizard, select the User object type.

  3. On the 3rd step, add the Run a program or PowerShell script action.

  4. In the Run as section, switch the radio button to This account and click Specify.

  5. In the dialog box that appears, provide the credentials that will be used to connect to your Exchange Server and click OK.

  6. Now, you need to supply a script that will be executed by the action. For this purpose, paste the following script in the Script field.

    It is the same version as in your previous post, but takes credentials to connect to the Exchange server from the $Context.RunAs property. Also, we replaced Enter-PSSession/Exit-PSSession with Import-PSSession/Remove-PSSession, as the cmdlets used by you won't work in scripts executed by Business Rules, Custom Commands, and Scheduled Tasks.

     $password = ConvertTo-SecureString $Context.RunAs.Password -AsPlainText -Force
     $cred = New-Object -TypeName System.Management.Automation.PSCredential($Context.RunAs.UserName, $password)
    
     $sessionOption = New-PSSessionOption -SkipRevocationCheck -SkipCACheck
     $session = New-PSSession -connectionURI "http://<mailserver>.<domain>/PowerShell/" -ConfigurationName Microsoft.Exchange -Authentication Kerberos -Credential $cred -SessionOption $sessionOption
    
     Import-PSSession $session
    
     Set-CASMailbox %userPrincipalName% -ActiveSyncEnabled $true
    
     Remove-PSSession -Session $session
    
  7. Finish creation of the Custom Command.

0

Hi,
I just wanted to say that this worked perfectly. Thank you!!

0

Hello,

Adaxes 2013.2 is finally available. In the new version, Adaxes does not check server SSL certificates for revocation when connecting to Exchange servers, and you can use Adaxes built-in functionality for Exchange management. You can download Adaxes 2013.2 here.

Upgrade Instructions.

For a complete list of new features and improvements, see What's New.

Related questions

0 votes
1 answer

hello, We are doing poc for Adaxes software. Our need: Adaxes as front end to manage multiple isolated domains with no trust e.g. Domain A, Domain B. We deployed ... domain B always gives error "User or password is not correct". Is this toplogy supported

asked Jul 11 by VBahubali (40 points)
0 votes
1 answer

Pretty easy to replicate. On the Adaxes server, you can use Powershell to send to that SMTP server so we know it's not a firewall issue: $myCredential = Get- ... packet capture shows the Adaxes server doesn't issue either an EHLO or a STARTTLS command.

asked Jun 28 by ngb (290 points)
0 votes
1 answer

Hi, we have replaced our local Exchange server with installation of Exchange Management Tools (EMT) installed directly on Adaxes server. And my question is: How can I force ... this is how 'Set External Senders' option looks in Adaxes config Thanks in advance

asked Apr 1, 2023 by KIT (960 points)
0 votes
1 answer

We want to get rid off our exchange server and replace it with just Exchange Management Tools (EMT). More details at https://learn.microsoft.com/en-gb/Exchange/ ... account to new "Recipient Management EMT" group to preserve its permissions. Anything else?

asked Mar 30, 2023 by KIT (960 points)
0 votes
1 answer

We have Exchange 2010 OnPrem and Office 365 Exchange Online in a full Hybrid environment. Using AD Active Sync. We have now moved all of our mailboxes to Exchange ... manage the OnPrem Exchange AD Attributes after the last Exchange 2010 server is removed?

asked Jun 1, 2020 by StevePogue (20 points)
3,588 questions
3,277 answers
8,303 comments
548,089 users