Category Archives: MS Exchange server 2010

Get e-mail alert for failed logon attempt on Outlook Web Access (OWA)

4 Replies

Just for fun I tried to establish a mechanism that will allow me to get information for failed logon attempt on Outlook Web Access (OWA).

If you open event viewer on your CAS server (where OWA is located) you can find out that failed requests are logged with Event ID 4625.
003

001
In general information you can find interesting things like – username which was used and IPv4 or IPv6 address from where the attempt was made.
002
All you need to do is to Attach task to this event
004
As all other actions are deprecated you should use the option to Start a program – here we will run a Powershell script to do the job.
005
We need to create a PS1 (powershell script) with content:

$EventMessage = get-winevent -FilterHashtable @{Logname=’Security’;ID=4625} -MaxEvents 1 | fl TimeCreated, Message
$eventmessagetstring = $EventMessage | Out-String
$EventMessageAccountNameText3array = $EventMessagetstring | Select-String -Pattern “Account Name:\s+\S+” -AllMatches | Select -ExpandProperty matches | Select -ExpandProperty value
$EventMessageAccountNameText3 = $EventMessageAccountNameText3array[-1]
$EventMessageAccountNameText = $EventMessagetstring | Select-String -Pattern “Failure Reason:\s+\S+\s+\S+\s+\S+\s+\S+\s+\S+\s+\S+” -AllMatches | Select -ExpandProperty matches | Select -ExpandProperty value
$EventMessageAccountNameText2 = $EventMessagetstring | Select-String -Pattern “Source Network Address:\s+\S+” -AllMatches | Select -ExpandProperty matches | Select -ExpandProperty value

$EmailTo = “admin@domain.com”
$EmailFrom = “alert@domain.com”
$Subject = “OWA attack from $EventMessageAccountNameText2”
$Body = “Owa attack from: `n $EventMessageAccountNameText2 `n $EventMessageAccountNameText3 `n $EventMessageAccountNameText”
$SMTPServer = “IPOfYourSMTPServer”
$SMTPMessage = New-Object System.Net.Mail.MailMessage($EmailFrom,$EmailTo,$Subject,$Body)
$SMTPClient = New-Object Net.Mail.SmtpClient($SmtpServer, 25)
$SMTPClient.Send($SMTPMessage)

So in task properties we should choose:
007
In Add arguments (optional) field we should add:

-ExecutionPolicy ByPass -File X:\PathToScript\OwaAttack.ps1

So if everything is correct – next time someone fail to enter correct password or an attack on OWA is performed you will get an e-mail like this:

006

Getting ASP.NET – C# running a System center Orchestartor 2012 Runbook and survive :)

Leave a reply

I wanted to create ASP.NET webpage with three simple fields name, surname and mobile and I wanted Orchestrator behind to create Exchange 2010 mailbox on my Exchange server…
My friends helped me out by giving me suggestions and help – I want to share this knowledge with you now…

What we have:
Exchange 2010 server on one server
SC 2012 – Orchestrator – on different server – with Exchange 2010 console instaled + SP2 applied

My friend Saso created a ps1 script that creates user in Exchange 2010 (with address book policy, active sync policy…) that I use on Exchange 2010 server by inserting a line of comma separated values name,surname,password.

I wanted this script to be run from Orchestrator server – so first thing you need to do if you want to run PS script against Exchange 2010 server you need to install Exchange 2010 console on Orchestartor! Hey! You need to install also SP2 if you want full functionality of Exchange Powershell Snapin!

You can not run Exchange Snapin and powershell scripts directly – Jure has more info how you can do it in Orchestrator

When this thing worked (I forgot SP2 for Exchange 2010 on Orchestrator and I lost 2 hours to figure it out! 🙂 ) I have started to write code for my website where I want to trigger my runbook with parameters…

I have fist set input parameters in my Runbook…

After that I have folowed this article to create costum class file (search for part Creating the custom interface).

So I created scorch.sc (name it however you want in a previous step) and imported it in my Visual Studio evironment…

You need to place it:

You should comment this line to get it work in your project…

and finaly you can go to your project and start coding…

1. Put the URL of your Orch web service
2. Enter credentials
3. Define the name of your runbook
4. runbookpars [X] – X is ID of the input parameter in rubook

and finaly you should be able to run your script…

I find System center Orchestator 2012 as fantastic product that can realy help you automate your IT processes…

So guys let’s automate! 🙂

Help:
http://msdn.microsoft.com/en-us/library/hh921685.aspx – thanks to Damien
http://blogs.technet.com/b/neilp/archive/2012/02/14/sql-cluster-with-custom-front-end.aspx
http://www.purgar.net/category/orchestrator/ – thanks to Jure
voodoo C# help – thanks to Miha

SBS 2011 – Import PST in Exhange 2011

6 Replies

To enable import and export of mailboxes on SBS 2011 you need to:

Go to Windows SBS console and create a security group – that shuld be universal (by default) for example: Mailbox management

Add administrator / admin account to the group

Then you need to enable “import / export” feature on members of this group. To do that you need to open Exchange Management Shell (Powershell with Exchange 2010 modules) as administrator and write:

New-ManagementRoleAssignment -Name “Import Export Mailbox Admins” -SecurityGroup “Mailbox management” -Role “Mailbox Import Export”

After that you can folow my article to import or export mailboxes

Happy migration :) Exchange 2003 to Exchange 2010 SP1

Leave a reply

We have setup a completely new environment with Exchange 2010 SP1… Old Exchange 2003 had around 100 mailboxes with quota from 300 MB – 1GB. I used Exmerge to export all mailboxes from Exchange 2003 (using ExMerge to extract PSTs from Exchange 2003 database) and sucessfuly used new Powershell cmdlets to import them to users in Exchange 2010…

You first need to add permissions to a group in which you put administrator to be able to use import / export features. You can read about that in this article.

Useful comdlets are:

Importing pst to existing mailbox:

New-MailboxImportRequest -FilePath \oldservershareuser1.pst -Mailbox user1

To check status of your import type:

Get-MailboxImportRequest | Get-MailboxImportRequestStatistics

If import fails you can try with option:

New-MailboxImportRequest -FilePath \oldservershareuser1.pst -Mailbox user1 -BadItemLimit 10

What it does? Saso (tnx man!) explained to me, that it might happen when you have used some antivirus solution that has “corrupted” some e-mails… So try with BadItemLimit 10 probably we are talking about one or two e-mails with problems.

If you want to remove old importrequest you can use:

Remove-MailboxImportRequest -Identity usernameMailboxImport or MailboxImport1 or 2…If you want to look at just a signle mailbox import progress you can use modified cmdlet:

Get-MailboxImportRequest -Identity usernamemailboximport | Get-MailboxImportRequestStatistics

At the end you will have alot of Completed malilboximport’s… If you want to cleane up your exchange you can run:

Get-MailboxImportRequest -Status Completed | Remove-MailboxImportRequest

Happy importing! 🙂