Cannot RDP using OSX. RpcOverHttpEndpointException: 2, Your connection was denied because of a Resource Access Policy (TS_RAP). Please contact your server administrator

remote-desktop

After spending many hours trying to resolve a Mac OSX system remoting to a 2012 R2 RDS/TS Server, we have found the fix.

When remoting in you may get the following error:
Cannot RDP using OSX. RpcOverHttpEndpointException: 2, Your connection was denied because of a Resource Access Policy (TS_RAP). Please contact your server administrator

This error is with Microsoft Remote Desktop on a Mac with version 8.0.28 that had been upgraded from 8.0.26.

Interestingly we didn’t have the problem on a fresh client that had 8.0.28 installed fresh and not upgraded from an earlier version.

Navigate and delete or move the following folder: (NOTE: doing so will delete all your preconfigs saved currently)

/Users/username/Library/Containers/com.microsoft.rdc.mac/

Then the next time that you load the client, you get a completely fresh client version, including first run prompts etc. You will need to re-create the profile and gateway however.

After doing that, we no longer get the ‘login failed’ popup.

It seems that something in the version upgrade doesn’t correctly upgrade the settings files, causing the issue. But a fresh setup works.

We haven’t yet found out exactly which file causes the issue however we have tested and can confirm this fix allows the system to connect and work.

 

Credit: Tony “tbigby” Bigby

How to setup SMTP server to send email using Microsoft Office 365 Connector with Exchange Online

This article is for clients that have moved to the Microsoft Office 365 platform that needs to be able to SMTP from devices. Example of this is multi-function scanner/copier/printer device and using the scan-to-email capability.

The most common solution that is suggested by Microsoft and others is to use an internal Exchange Server to relay the mail or use an IIS server with SMTP service enabled to relay the mail. However because the client is going CLOUD, they would be decommissioning old servers. To install SMTP servers in the business is just another added cost.

The other option is to use the ISP SMTP server that the office is connected to.

The solution is described here will work with or without TLS encrypted connections and also supports either port 25 or port 587 and does not require any type of authentication.
In fact, no user accounts or additional licenses are required to make this work. This is good because many older devices/applications only support clear text across port 25.

The first step is to create a connector on the Exchange Server to allow for the connection by an unauthenticated user. This sounds like it is an open relay but we are going to take steps to allow this connection ONLY from known IP Addresses that should be allowed to use the connector. All other attempts will be denied as an unauthorized relay attempt.

Creating the Exchange Connector:

  • Log into the Microsoft Online Portal as a user that has Global Administrator access
  • Click on the Admin menu and then on Exchange to open the Exchange Admin Center.
  • Click on the Mail Flow category and click the Connectors sub menu.
  • Add an Inbound Connector
    • Give the connector a descriptive name
    • Set the Connector Type to On-premises
    • Set Connection Security to Opportunistic TLS
    • Set Domain Restrictions to Restrict domains by IP addresses
    • Add a single Sender domain and use an * wildcard character here to allow all.
    • Add the public IP addresses that you will allow to relay
    • Save the Connector
  • Enable the connector if it is not already.

The SMTP Server you use in your sending application/device is a little different but easy to locate. There are many ways to get this info, I am going to show you only one.

Finding the SMTP Server:

  • Go back to the O365 portal and click the Admin menu and click on Office 365
  • Click on the Domains category
  • Select your primary domain (or the domain you wish to use) and then click Manage DNS
  • Find the MX record and copy the Point To Address for that record.
    • The format will be in this format: -.mail.protection.outlook.com or I have also seen -.mail.eo.outlook.com. If your domain was “XXYYZZ.COM” then your MX record would look like this: XXYYZZ-COM.mail.protection.outlook.com as an example.

That value will be what you use as the SMTP Server when you define your outbound mail settings in the application/device you want to send relay email.

One additional setting you may want to enable on the Exchange Online Server which will prevent all of your relay email from going directly to the Junk Folder. This process will create a mail filtering rule which will bypass the filters altogether.

Creating Bypass Rule:

  • Go back to the Exchange Admin Console.
  • Click on the Mail Flow category and then the Rules sub menu.
  • Add a new Rule of type “Bypass Spam Filtering…”
    • Give the rule a good descriptive Name.
    • Set Apply this rule if… to “The sender is…” and add the email addresse(s) you will be using for sending relay email. Keep in mind this can be anything you want butit must match exactly, else this rule will not work.
    • Set Do the following… to “Set the spam confidence level (SCL to…” and then set the action to Bypass spam filtering.
    • The remaining options can be left as default.
    • Save the rule.
  • If you have multiple rules, you may want to adjust the order of this rule so it fires properly. I would suggest that you make it the first rule while you test things and then adjust all of your rules to accomdate the order in which you ultimately want to process the rules. Mail Flow in general is complex and I am not giving much detail in this walk through on how best to manipulate these features.

The final step of this process is to put it all together and make it work. Modify your SMTP settings for the Application/Device as follows:

  • SMTP Server: Set this to the MX data that we gathered from the above step “-.mail.protection.outlook.com”.
  • SMTP Port: 25 or 587
  • SMTP TLS: Enabled or Disabled (Enabled is recommended if it is an option)
  • SMTP Username: This can be anything you want as it is not used at all. Leave it blank if you can. If you do need to populate this info, use the email address of the FROM address you set in the Spam bypass filter above.
  • SMTP Password: This can be anything you want as it is not used at all. Leave it blank if you can.
  • SMTP TO: Set this email address of the recipient of the email message. Be aware, this does not have to be a user within the domain defined by the MX record or the SMTP Server above.
  • SMTP FROM: Use the email address you specified in the Bypass Spam Filtering rule. This MUST match exactly.

That should be all there is to make this work. Of course, the client side configuration will be different on every application/device you try to set up this way but I can say that I have made this work with a number of different MFP devices as well as Routers that send notifications. I have also made this work with Mozilla Thunderbird which is a good simple testing application. If you can make things work using Thunderbird, you should be able to translate the settings to any application/device and make it work as well.

WARNINGS:

  • The first thing you want to check for is to see if you can even use port 25 or not.
  • Not all applications/devices support anything but port 25. If you have one of these AND you have a port 25 port block ISP, you may need to take some fancier steps within the router to make this work. I have found that not all providers will turn off port 25 blocks and if they do, it is very common for the block to get turned back on randomly.
  • Microsoft frowns heavily on bulk email and will block your ability to send any email outbound if you use this to abuse their mail platform. Microsoft uses the phase” Reasonable Limits” when describing how many emails they will allow you to send using this technique so be reasonable… If the mail is being sent internally, you really should not have much issue but if you send a lot of email externally, then you might run into some limits problems.

 

 

Source : https://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/A_15699-SMB-Office-365-Exchange-Online-SMTP-Relay.html

Microsoft Remote Desktop on Apple mac OSX and Windows 2012 – How to fix & get updated software

Watch out – the old OS X Microsoft Remote Desktop (version 2.1.1) that comes with Mac Microsoft Office 2011 no longer works with Windows 2012 R2 (it does work with plain old Windows 2012). For me it fails with the following error message:

Remote Desktop Connection cannot verify the identity of the computer that you want to connect to.

A (regular) Windows 2012 Remote Desktop client doesn’t have this problem.

(Brief aside – Microsoft have a little note that says the 2.1.1 client is not supported on OS X v10.7 or later. Who knew and why did it make me report all those crashes?)

The good news is that the new OS X Microsoft Remote Desktop 8.0.24091 (Mac App store only though – grr) does work with Windows 2012 R2 . Why this information isn’t listed on the What’s New in 2012 R2 Remote Services page I don’t know…

Another alternative is a product called CoRD – Home Page of CoRD

How to manually connect Outlook to Office 365 Hosted Exchange

Hooking Outlook to Office 365 or Hosted Exchange is a little different to a local server.

In this article we will explain step by step, how to manually connect Microsoft Outlook to Office 365.

Part 1

Before we begin we need to gather a bit of information.

3. Under Microsoft Office Outlook Connectivity Tests click on Outlook Autodiscover.
4. Fill in the information: Email address and Microsoft Account are your Office 365 Username.
5. Password, is your Office 365 password.
6. Check “I understand the terms and conditions…” and continue.
7. When the test is done hit Expand All.
8. On your keyboard press Ctrl+F and type “Server” within the Find tool. Copy this information within “<Server>” and “</Server>” as you will need it later.

exchange-setup-office365-part1

Note: It is highly recommended that you change your Office 365 password after using the above website.
Note: If you are doing this for multiple Users, please be reminded that their mailbox may not be within the same Server as your other Users. It is recommended that you use this tool each time you wish to find your Users Server.

Part 2

Now on your computer.

1. Next click on Start.
2. Click on Control Panel.
3. Navigate over to Mail.
4. Select Show Profiles.
5. And click New.
6. Enter a new Profile Name.
7. Within Add Account : Select Manual Setup of Addition Server Types.
8. Select Microsoft Exchange Server Or Compatible Service.
9. Within “Server:” Paste your Server Name from Part 1. Step 8.
10. Within “UserName:” type your Office 365 Account Username (User@mydomain.com).

exchange-setup-office365-part2

11. Click More Settings.
12. Under the Security Tab, uncheck “Encrypt Data between Microsoft Outlook and Microsoft Exchange“.
13. From the “Logon Network Security” drop down box select Anonymous Authentication.
14. Click on the Connections Tab.
15. Check Connect to Microsoft Exchange Using HTTP.
16. Click on Exchange Proxy Settings….
17. On the right of “Https://” type outlook.office365.com
18. Check “Only connect to proxy servers that have this principal name in their certificate:” and type msstd:outlook.com
19. Check “On Fast Networks, connect using HTTP first, then connect using TCP/IP
20. Under Proxy Authentication click the drop down box and select Basic Authentication.

exchange-setup-office365-part3

21. Hit Okay twice and continue with your setup.