Category: Computers and Internet

Exchange 2013: Get-MoveRequest batch status returns nothing


I have added batch migrations (with an csv file) in Exchange 2013 web console. Then I wanted to see the migration (mailbox move) status in Exchange Shell.

Get-MoveRequest –BatchName “CorrectBatchName”

That returned nothing. I was baffled. I found the answer when I ran the following command. BatchName property has the correct batch name format.

Get-MoveRequest | FL

Answer: Since I submitted the migration batch in web console, it submitted to the migration service. Correct command is,

Get-MoveRequest –BatchName “MigrationService:Your Batch Name”

To see the statistics info, use this command.

Get-MoveRequest -BatchName “MigrationService:Your Batch Name”   | Get-MoveRequestStatistics

Advertisements

How to check PowerShell version?


You can check installed PowerShell version in three ways. Check out the commands below:

PS C:\> $PSVersionTable
Name                           Value
—-                           —–
PSVersion                      5.0.10130.0
WSManStackVersion              3.0
SerializationVersion           1.1.0.1
CLRVersion                     4.0.30319.42000
BuildVersion                   10.0.10130.0
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0…}
PSRemotingProtocolVersion      2.3

PS C:\> $Host.Version
Major  Minor  Build  Revision
—–  —–  —–  ——–
5      0      10130  0

PS C:\> (Get-Host).Version
Major  Minor  Build  Revision
—–  —–  —–  ——–
5      0      10130  0

Exchange: How to get Mailbox size in Exchange Shell?


Get-MailboxStatistics cmdlet gives TotalItemSize which is the mailbox size. But the TotalItemSize doesn’t contain the mailbox size in numbers, it’s a PowerShell deserialized object.

This command displays the mailbox size from the value property:

(Get-MailboxStatistics -Identity username).TotalItemSize.Value

Example output: 10.43 GB (11,202,063,583 bytes)

But how to make it usable in creating reporting or other purpose. Convert that value to a string, split at ‘(‘ and take the first item in the split array.  Here is the command that gives you usable mailbox size.

(Get-MailboxStatistics -Identity username).TotalItemSize.Value.ToString().Split(“(“)[0]

Example output: 10.43 GB

If you want in all in bytes, use this cmdlet:

(Get-MailboxStatistics -Identity username).TotalItemSize.Value.ToString().Split(“(“)[1].Split(” “)[0].Replace(“,”,””)

Example output: 11202063583

Hope it is helpful for you.

Internet Explorer (IE) – “Continue to this website” option is missing


With the new update (KB2661254), Microsoft is started blocking the websites with certificate key length is 1024 or less. With this IE will never let you connect to site at all. All you get is “Click here to close this webpage”.

Image

Fortunately Microsoft explained how to override this security feature in the same KB article (https://support.microsoft.com/en-us/kb/2661254).

Solution:

  1. Open Command Prompt with Administrative Privileges (right click CMD.exe and select “Run as administrator”)
  2. Type certutil -setreg chain\minRSAPubKeyBitLength 512
  3. Log off and log back in

Here is the resolution by editing the registry key from the KB article:

Allow key lengths of less than 1024 bits by using registry settings
Microsoft does not recommend customers use certificates less than 1024 bits long. Customers may however need a temporary workaround while a longer term solution is developed to replace RSA certificates with a key length of less than 1024 bits length. In these cases, Microsoft is providing the customers the ability to change the way the update functions. Customers configuring these settings are accepting the risk that an attacker may be able to break their certificates and use them to spoof content, perform phishing attacks, or perform Man-in-the-Middle attacks.

Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:
322756 How to back up and restore the registry in Windows
On Windows 8 or Windows Server 2012-based computers that have the update applied, the following registry path and settings can be used to control detection and blocking of RSA certificates with less than 1024 bit key lengths.

HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 0\CertDLLCreateCertificateChainEngine\Config

There are four main values that control how keys under 1024 bits blocking works. These are as follows: •MinRsaPubKeyBitLength
•EnableWeakSignatureFlags
•WeakSignatureLogDir
•WeakRsaPubKeyTime
Each of these values and what they control are discussed in the following sections.

For operating systems starting with Windows Vista and Windows Server 2008, you can use certutil commands to change these registry settings. On Windows XP, Windows Server 2003, and Windows Server 2003 R2, you cannot use certutil commands to change these registry settings. However, you can use Registry Editor, reg command, or reg file.
MinRsaPubKeyBitLength
MinRsaPubKeyBitLength is a DWORD value that defines the minimum allowed RSA key length. By default, this value is not present, and the minimum allowed RSA key length is 1024. You can use certutil to set this value to 512 by running the following command:

certutil -setreg chain\minRSAPubKeyBitLength 512

NoteAll certutil commands shown in this article require local Administrator privileges because they are changing the registry. You can ignore the message that reads “The CertSvc service may have to be restarted for changes to take effect.” That is not required for these commands because they do not affect the certificate service (CertSvc).

You can revert to blocking keys that have a length of less than1024 bits by removing the value. To do this, run the following certutil command:

certutil -delreg chain\MinRsaPubKeyBitLength
EnableWeakSignatureFlags
The EnableWeakSignatureFlags DWORD value has three potential values: 2, 4, 6, and 8. These settings change the behavior of how the keys under 1024 bits detection and blocking works. The settings are described in the following table:

Decimal value Description
2 When enabled, the root certificate (during chain building) is allowed to have an RSA certificate with a key length of less than 1024 bits. Blocking of RSA certificates lower in the chain (if they have less than 1024 bit keys) is still in effect. The flag enabled when this value is set is as CERT_CHAIN_ENABLE_WEAK_RSA_ROOT_FLAG.
4 Enables logging, but still enforces blocking of RSA certificates with keys less than 1024 bits. When it is enabled, the WeakSignatureLogDir is required. All keys with less than 1024 bit length encountered are copied to the physical WeakSignatureLogDir folder. The flag enabled when this value is set as CERT_CHAIN_ENABLE_WEAK_LOGGING_FLAG.
6 When it is enabled, the root certificate is allowed to have an RSA certificate with a key less than 1024 bits and the WeakSignatureLogDir is required. All keys below the root certificate that have keys of less than 1024 bits are blocked and logged to the folder that is specified as the WeakSignatureLogDir.
8 Enables logging and does not enforce blocking of keys that have a length of less than 1024 bits. When it is enabled, the WeakSignatureLogDir is required. All keys encountered that have a length of less than 1024 bits are copied to the physical WeakSignatureLogDir folder. The flag enabled when this value is set is as CERT_CHAIN_ENABLE_ONLY_WEAK_LOGGING_FLAG.

Examples
To enable an RSA root certificate that has a key length of less than 1024 bits, use the following certutil command:

certutil -setreg chain\EnableWeakSignatureFlags 2

To enable logging while still blocking certificates that use a key length of less than 1024 bits, use the following certutil command:

certutil -setreg chain\EnableWeakSignatureFlags 4

To enable logging of only RSA certificates below the root certificate that have a key length of less than 1024 bits, use the following certutil command:

certutil -setreg chain\EnableWeakSignatureFlags 6

To enable logging only and not blocking key lengths of less than 1024 bits, use the following certutil command:

certutil -setreg chain\EnableWeakSignatureFlags 8

Outlook 2013: Something unexpected went wrong with this URL–Class not registered


 

If you get this error when you click on links in Outlook emails, you would be wondering what’s this error is all about.

image

There is nothing to it. Internet Explorer (or your favorite browser) is not correctly set as default browser for the HTTP/HTTPS links.

Solution: Make IE (or Firefox or Chrome) as default browser on your computer at Control Panel / Default Programs console. This error will go away after you set your favorite browser as default.

Try making Firefox or Chrome as default browser using built-in methods in the browser.  For example, in Firefox the settings are at Options as below.

image

PowerShell 3.0: How to get Office 365 Service Health alerts in email? (from RSS feed)


Microsoft has awesome Office 365 Admin app on iPhone, Android and Windows phones. But I came across some old school IT guys wants to see Office 365 cloud service alerts in emails. So I wrote a PowerShell script with Invoke-RestMethod cmdlet. Feel free to reuse this script to your needs.

Before you start using this script, you need two things. Office 365 Service Health RSS URI for your organization and a SMTP server to send emails out.

To get the Office 365 Service Health RSS URI:

1. You need to log in to Office 365 with administrator account.
2. Expand and Go to Service Health/Service Health Page.
3. click on RSS icon on top right (see picture below).

 

O365ServiceHealth O365ServiceHealth1

 

4. Copy the whole RSS address URI from the Address bar, and keep it in a notepad

 

O365ServiceHealthURI

Now here is my script. Copy and paste the RSS URI into the script to replace Value for the variable $URI. Change the From/To/SMTP server address in the script. Save the script and schedule it to run every day (or hour, etc.,).

Your download this script from here: Office365Monitor.ps1

<#
Function: Send-Email
Parameters: FromAddress,ToAddress, Subject, Body,
Attachment (array of files)
Purpose: Send email to specified email address
with given subject, body and attachments

Written by: Anand, the awesome, Venkatachalapathy
#>
Function Send-Email()
{
Param (
$fromaddress = “donotreply@company.com”,
$toaddress = “AwesomeAnand@company.com”,

$Subject = “Action Required”,
$body,
$HTMLBody = $false,
$attachment = @(),
$smtpserver = “screeming-smtp.company.com”
)

$message = new-object System.Net.Mail.MailMessage
$message.From = $fromaddress

if ($toaddress.Length -gt 0)
{ $message.To.Add($toaddress) }

$message.IsBodyHtml = $HTMLBody
$message.Subject = $Subject

$attachment.foreach( {
$attach = new-object Net.Mail.Attachment($_)
$message.Attachments.Add($attach)
} )

$message.body = $body
$smtp = new-object Net.Mail.SmtpClient($smtpserver)
$smtp.Send($message)
}
# End of Send-Email Funcation

<#
* * * * The Script Starts here * * * *
Script: Office365Monitor.ps1
Purpose: Get Office 365 Service health alerts in
email (from RSS feed)

Usage: Find out your RSS alert URI by
1. logging in to your Office 365 portal
as administrator,
2. go to “Service Health”section,
3. click on RSS icon on top right,
4. Copy and paste the address (URI) to
this script below for value for $URL variable

Don’t forget to change the from/to/smtp server
addresses in this script.

Written by: Anand, the Awesome, Venkatachalapathy
Written Date: Jan 2015
#>

#URI from Office 365 service health RSS section
$URI = “http://rss.servicehealth.microsoftonline.com/feed/en-US/..”

#Get the REST representation resource from Office 365 RSS URI
$O365Status = Invoke-RestMethod -Uri $URI

$Alerts = “”

#Collect all degraded service information
foreach($Status in $O365Status)
{

if ($Status.Description -like ‘*degradation*’)
{

$Alerts += $Status.pubDate + “`n” + $Status.title + “`n” + `
$Status.description + “`n” + $Status.link + “`n`n”

}
}

#send email
if ( $ExchAlerts.Length -gt 10)
{
Send-Email -fromaddress “Office365ServiceMonitor@company.com” `
-toaddress “awesomeanand@gmail.com” `
-Subject “Office 365 Service is degraded” `
-body $Alerts -HTMLBody:$true `
-smtpserver “ScreemingSMTP.company.com”
}

<#
* * * * The Script Ends Here * * * *
#>