Posts by Mark Pace

How to setup SMTP server to send email using Microsoft Office 365 Connector with Exchange Online

Posted on by Mark Pace

This article is for clients that have moved to the Microsoft Office 365 platform that needs to be able to SMTP from devices. Example of this is multi-function scanner/copier/printer device and using the scan-to-email capability.

The most common solution that is suggested by Microsoft and others is to use an internal Exchange Server to relay the mail or use an IIS server with SMTP service enabled to relay the mail. However because the client is going CLOUD, they would be decommissioning old servers. To install SMTP servers in the business is just another added cost.

The other option is to use the ISP SMTP server that the office is connected to.

The solution is described here will work with or without TLS encrypted connections and also supports either port 25 or port 587 and does not require any type of authentication.
In fact, no user accounts or additional licenses are required to make this work. This is good because many older devices/applications only support clear text across port 25.

The first step is to create a connector on the Exchange Server to allow for the connection by an unauthenticated user. This sounds like it is an open relay but we are going to take steps to allow this connection ONLY from known IP Addresses that should be allowed to use the connector. All other attempts will be denied as an unauthorized relay attempt.

Creating the Exchange Connector:

  • Log into the Microsoft Online Portal as a user that has Global Administrator access
  • Click on the Admin menu and then on Exchange to open the Exchange Admin Center.
  • Click on the Mail Flow category and click the Connectors sub menu.
  • Add an Inbound Connector
    • Give the connector a descriptive name
    • Set the Connector Type to On-premises
    • Set Connection Security to Opportunistic TLS
    • Set Domain Restrictions to Restrict domains by IP addresses
    • Add a single Sender domain and use an * wildcard character here to allow all.
    • Add the public IP addresses that you will allow to relay
    • Save the Connector
  • Enable the connector if it is not already.

The SMTP Server you use in your sending application/device is a little different but easy to locate. There are many ways to get this info, I am going to show you only one.

Finding the SMTP Server:

  • Go back to the O365 portal and click the Admin menu and click on Office 365
  • Click on the Domains category
  • Select your primary domain (or the domain you wish to use) and then click Manage DNS
  • Find the MX record and copy the Point To Address for that record.
    • The format will be in this format: -.mail.protection.outlook.com or I have also seen -.mail.eo.outlook.com. If your domain was “XXYYZZ.COM” then your MX record would look like this: XXYYZZ-COM.mail.protection.outlook.com as an example.

That value will be what you use as the SMTP Server when you define your outbound mail settings in the application/device you want to send relay email.

One additional setting you may want to enable on the Exchange Online Server which will prevent all of your relay email from going directly to the Junk Folder. This process will create a mail filtering rule which will bypass the filters altogether.

Creating Bypass Rule:

  • Go back to the Exchange Admin Console.
  • Click on the Mail Flow category and then the Rules sub menu.
  • Add a new Rule of type “Bypass Spam Filtering…”
    • Give the rule a good descriptive Name.
    • Set Apply this rule if… to “The sender is…” and add the email addresse(s) you will be using for sending relay email. Keep in mind this can be anything you want butit must match exactly, else this rule will not work.
    • Set Do the following… to “Set the spam confidence level (SCL to…” and then set the action to Bypass spam filtering.
    • The remaining options can be left as default.
    • Save the rule.
  • If you have multiple rules, you may want to adjust the order of this rule so it fires properly. I would suggest that you make it the first rule while you test things and then adjust all of your rules to accomdate the order in which you ultimately want to process the rules. Mail Flow in general is complex and I am not giving much detail in this walk through on how best to manipulate these features.

The final step of this process is to put it all together and make it work. Modify your SMTP settings for the Application/Device as follows:

  • SMTP Server: Set this to the MX data that we gathered from the above step “-.mail.protection.outlook.com”.
  • SMTP Port: 25 or 587
  • SMTP TLS: Enabled or Disabled (Enabled is recommended if it is an option)
  • SMTP Username: This can be anything you want as it is not used at all. Leave it blank if you can. If you do need to populate this info, use the email address of the FROM address you set in the Spam bypass filter above.
  • SMTP Password: This can be anything you want as it is not used at all. Leave it blank if you can.
  • SMTP TO: Set this email address of the recipient of the email message. Be aware, this does not have to be a user within the domain defined by the MX record or the SMTP Server above.
  • SMTP FROM: Use the email address you specified in the Bypass Spam Filtering rule. This MUST match exactly.

That should be all there is to make this work. Of course, the client side configuration will be different on every application/device you try to set up this way but I can say that I have made this work with a number of different MFP devices as well as Routers that send notifications. I have also made this work with Mozilla Thunderbird which is a good simple testing application. If you can make things work using Thunderbird, you should be able to translate the settings to any application/device and make it work as well.

WARNINGS:

  • The first thing you want to check for is to see if you can even use port 25 or not.
  • Not all applications/devices support anything but port 25. If you have one of these AND you have a port 25 port block ISP, you may need to take some fancier steps within the router to make this work. I have found that not all providers will turn off port 25 blocks and if they do, it is very common for the block to get turned back on randomly.
  • Microsoft frowns heavily on bulk email and will block your ability to send any email outbound if you use this to abuse their mail platform. Microsoft uses the phase” Reasonable Limits” when describing how many emails they will allow you to send using this technique so be reasonable… If the mail is being sent internally, you really should not have much issue but if you send a lot of email externally, then you might run into some limits problems.

 

 

Source : https://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/A_15699-SMB-Office-365-Exchange-Online-SMTP-Relay.html

Skype wont logout or showing online when you believe you are offline on other devices

Posted on by Mark Pace

Do people say you are online with Skype when in fact you are offline?
After some research, I have found some commands that will Log you out of all places and also Show you where you are logged in.

  1. Sign out on all devices. (that you know of)
  2. Log in on one device (PC in my case).
  3. Open a chat windows and type /showplaces to see if I’m still logged in on other devices\sessions.
  4. /remotelogout to close all sessions (I had none, but I did this anyway).
  5. Set Skype to not log in automatically (auto sign-in) on any device.

The final step of disabling the auto sign-in into Skype did the trick.  I signed off and wasn’t showing online anymore.

I did verify that my Skype account is not linked with my Microsoft account before starting this process.  I know some steps are redundant but better to be prudent with the current state of Skype.

I was able to recreate the ‘always-on’ issue when I re-enabled the auto sign-in on my PC.  As soon as I disabled it and signed out I was once again showing offline.

Enjoy

Mark Pace

Microsoft urges customers to uninstall ‘Blue Screen of Death’ update

Posted on by Mark Pace

One of last week’s security updates has bricked an unknown number of PCs

Microsoft on Friday quietly recommended that customers uninstall one of last week’s security updates after users reported that it crippled their computers with the infamous “Blue Screen of Death” (BSOD).

The update, identified as MS14-045 in Microsoft’s numbering, was one of nine released on “Patch Tuesday,” Aug. 12, was designed to fix three separate flaws, including one related to a font vulnerability and another in the Windows kernel, the heart of the operating system.

Within hours of its release, however, users reported that MS14-045 had generated a Stop 0x50 error on some systems, mostly on Windows 7 PCs running the 64-bit version of the OS.

“Installation went smoothly. After rebooting everything worked fine. But when I shut down my notebook and switched it on a little later it came up with a blue screen with a Stop 0x50 in Win32k.sys. I could not even boot into safe mode as Windows failed to start no matter which mode chose,” wrote a user identified as “xformer” to start a now-long thread on Microsoft’s support discussion forum.

As of Sunday, the thread contained nearly 380 messages and had been viewed almost 50,000 times. The latter is a large number even for Microsoft’s support forum, and hints at the scope of the problem.

Others on that same discussion thread pointed to different updates issued the same day that caused identical problems, including one meant to support the Russian ruble symbol.

Some customers were able to regain control of their PCs by using System Restore to return the machine to a previous date, but only after they’d booted the computer using original install media.

In the updated MS14-045 and other supporting documents, Microsoft said it had removed the patches from its Download Center. As of Saturday, however, the flawed update was still being pushed by Windows Update, Microsoft’s service for delivering patches to PCs.

“Microsoft is investigating behavior associated with the installation of this update, and will update this bulletin when more information becomes available,” the company said in the revised MS14-045’s Update FAQ. “Microsoft recommends that customers uninstall this update. As an added precaution, Microsoft has removed the download links to the 2982791 security update.”

Microsoft’s advice, however, may not be of any help to those already afflicted. It told users, for example, to boot using Safe Mode, which many on the support thread said didn’t work.

Not every PC that installed MS14-045 or the other suspect patches reported problems. Several IT administrators posted messages on Patchmanagement.org, a mailing list dedicated to the subject, that said they had successfully updated hundreds of client systems and servers.

Last week’s patch problem was not Microsoft’s first by any means.

In April 2013, Microsoft urged Windows 7 users to uninstall an update that had generated BSOD screens. And last August and September Microsoft had such a run of problems with updates for its Office suite that experts called it a “worrisome” sign of declining update quality.

In October 2013, Microsoft yanked a Windows 8.1 RT update from the Windows Store after some tablet owners reported their devices had been crippled.

Apple : Using Disk Utility to verify or repair disks

Posted on by Mark Pace 
THIS HAS BEEN COPIED FROM APPLE WEBSITE FOR SOME OF OUR CLIENTS TO FIND IT EASIER
Source : https://support.apple.com/kb/ht1782

Learn about using Disk Utility to verify or repair disks.

Disk Utility can verify your computer’s startup disk (volume) without starting up from another volume. This feature is called “Live Verification.” If Disk Utility discovers any issues that require a repair, you will need to start up from your Mac OS X Install DVD and use Disk Utility on that disc to make repairs (You can’t repair your startup volume while your computer is started from it.).

Important things to remember

  • Live Verification only works on Mac OS X Extended (Journaled)-formatted (HFS+J) volumes. If you try to verify a non-journaled disk, Disk Utility will display this message: “ERROR: could not freeze volume (Operation not supported).”
  • During a Live Verification, the Disk Utility progress indicator may stop advancing, open applications may act slow or become unresponsive, the progress pointer (it looks like a spinning pinwheel) may appear, or your computer could appear to stop responding (“freeze”).
  • Once you start a Live Verification, you may not be able to cancel it, depending on how far along it has progressed.
  • You may experience some issues if you try to verify or repair any unmountable, non-startup disk.
  • If you see any “Incorrect size for file temp” alerts, you can safely ignore them.

Issues may occur if you try to verify or repair unmountable disks

Disk Utility may stop responding without displaying an error message, or stall your computer for several seconds, when trying to verify or repair some non-startup volumes that can’t be unmounted.

If you try to verify a volume that is not your startup disk but for some reason Disk Utility can’t unmount the volume (for example, the disk may have open files), the verification will appear to start but then stop without displaying any alert message. If you look in the Console (/Applications/Utilities/), you will see an entry like this:

Verifying volume “Storage”
The disk “Storage” could not be unmounted
Could not unmount disk for verification, attempting live verify

If you try to repair a disk that cannot be unmounted, the repair will appear to start, but then stop as Disk Utility displays this message: “Repairing disk failed with error. Could not unmount disk.”

If you look in the Console (/Applications/Utilities/), you will see an entry like this:

Verify and Repair disk “Storage”
The disk “Storage” could not be unmounted
Could not unmount disk for verification
Repairing disk failed with error. Could not unmount disk

In some rare situations, your computer might not respond for several seconds.

If you cannot determine which files are open on the disk that you want to verify or repair, restart your computer and then mount the disk again, or start up from your Mac OS X Install DVD or CD to repair.

“Incorrect size for file temp” alerts can be safely ignored

You may notice some “Incorrect size for file tempnumber” alerts when you attempt to verify or repair a volume using Disk Utility or fsck_hfs with the “-l” option. You can safely ignore these alerts for any “tempnumber” files.

For example, you might see something like this:

Verifying volume “Macintosh HD”
Checking HFS Plus volume.
Checking Extents Overflow file.
Checking Catalog file.
Incorrect size for file temp420595
(It should be 0 instead of 84538)
Incorrect size for file temp468627
(It should be 0 instead of 16464)
Checking multi-linked files.
Checking Catalog hierarchy.
Checking volume bitmap.
Checking volume information.
The volume Macintosh HD needs to be repaired.
Error: The underlying task reported failure on exit
1 HFS volume checked
Volume needs repair

If this happens, use fsck in single user mode, or start up your computer from a different volume before verifying or repairing.

Advanced: This issue can happen because the on-disk size for truncated open-unlinked files doesn’t get updated before you start a live verification. The presence of these files doesn’t cause an issue because their in-memory size is correct. These files are deleted as soon as they are closed. If your computer does not shut down normally, they will be deleted during the next startup.

SITCLOUD Datacentre Migration for all Hosted Services

Posted on by Mark Pace

Due to client and services growth, our provider of SITCLOUD has made the decision to migrate a large portion of its services to a bigger data centre, this will increase our data centre footprint but it will also provide us better flexibility and improved data centre services.

For a virtual view of the new data centre please click on the below link, for those interested in seeing the data centre that can be arranged post migration;

https://www.youtube.com/watch?v=ZtwMsjnjJds

 

A very careful migration strategy has been formulated so as to reduce the requirement for outages, however outages are required and will be used to relocate these services but also further enhance the functionality with software updates and network upgrades.

 

The following System Maintenance periods will occur.

 

Microsoft Exchange will be unaffected for outage 1 and 2

Outage Period 1  – 13/08/2014

Services Affected:

VPS and Terminal Server Hosting in our datacentre

Microsoft CRM Hosting

Microsoft Lync Hosting

Microsoft SharePoint Hosting

Active Directory Authentication

Virtual Desktop Hosting

We anticipate an approximate outage of 10-15 Minutes for each service during this day in preparation if any preparation is required and server needs a restart. Networking will also be changing at this time to cater for the new datacentre.

We will be doing this one customer and service at a time.

 

Outage Period 2 – 16-17/08/2014

Services Affected:

Legacy VPS and Server Hosting

You will be migrated to our new infrastructure and will be individually contacted in preparation for the datacentre move.

 

Outage Period 3 – TBA we anticipate 13th to the 14th September for this move.

All Systems will have interruptions for 2-6 Hours. Some systems will have minimal outage however we may encounter issues along with this complex move but will do our best to avoid them.

Public IP Addresses will be changed on ALL Systems and you will be notified of the exact crossover times and details well before this happens, these clients will be contacted direct and will be provided a scope of works outlining the services effected and the outage window.

If you have any questions or concerns please contact us and we will be happy to answer any questions you may have.

VSS Warnings in the Application Event Log of SBS 2011 Standard – Event ID 8230

Posted on by Mark Pace

Collapse imageSYMPTOMS

On Small Business Server 2011 Standard, you may see warnings in the application event log similar to the following:

Log Name:      Application
Source:        VSS
Date:          4/11/2011 9:48:48 AM
Event ID:      8230
Task Category: None
Level:         Warning
Keywords:      Classic
User:          N/A
Computer:      CONTOSOSERVER.contoso.local
Description:
Volume Shadow Copy Service error: Failed resolving account spsearch with status 1376. Check connection to domain controller and VssAccessControl registry key.

The warnings may also reference the spfarm account.

Collapse imageCAUSE

SBS 2011 Standard Edition installs Sharepoint 2010 Foundation in SharePoint farm mode. The accounts SPfarm and SPsearch are used as service accounts for some of the Sharepoint services. In order to be able to utilize the VSS writers, the accounts must be granted access to VSS. The accounts are added by SBS to the vssaccesscontrol registry key but the VSS service fails to locate the accounts. As Microsoft knowledge base article 2483007 suggests you can ignore the warnings. The warnings don’t affect the operation of VSS. If you wish to remove the warnings, you can use the steps in the resolution section.

Collapse imageRESOLUTION

You can use the following steps to workaround the issue.

1. In Active Directory Users and Computers, create a Domain Local Security Group named VSSRegistryGroup

2. Add SPFARM and SPSEARCH accounts to the VSSRegistryGroup Group

3. Run regedit

Important This article contains information about how to modify the registry. Make sure that you back up the registry before you modify it. Make sure that you know how to restore the registry if a problem occurs. For more information about how to back up, restore, and modify the registry, click the following article number to view the article in the Microsoft Knowledge Base:

322756 How to back up and restore the registry in Windows

4. Go to hklm\system\currentcontrolset\services\vss\vssaccesscontrol

5. Add Dword value of DOMAIN\vssregistrygroup where domain is the netbios domainname (example: CONTOSO\vssregistrygroup Note: The Domain name must be in all caps) set the value to 1

6. Remove values for domain\spsearch and domain\spfarm

7. Go to hklm\system\currentcontrolset\services\vss\diag

8. Right click on diag and go permissions, click advanced and add VSSRegistrygroup group with Full Control.

9.  Remove spsearch and spfarm accounts from the list of permissions

10. Reboot the server