If you get this error (NS_ERROR_NET_INADEQUATE_SECURITY) when visting HTTPS site on Firefox, that means the web server has something wrong with SSL certificate (old ciphers, lower TLS version).

Here is how to fix your Firefox to access that page:

1. Open Firefox and type about:config in the address bar
2. Click on I accept the risk button
3. Type http2 in search box
4. Find network.http.spdy.enabled.http2 and double click to make it false (to disable http2).

That’s all. You may need to close Firefox and reopen it.

Hope it helped you. 🙂

 

If you ever search a mailbox or distribution group in Exchange using this command:

 

    $vAlias = “Sales”

    Get-DistributionGroup -Filter { Alias -eq $vAlias }

Aaaannnddd, It doesn’t work. But This works:

 

    Get-DistributionGroup -Filter { Alias -eq “Sales” }

 

Man, that’s frustrating. But there is a solution. Set the filter query like this:

    $vAlias = “Sales”

    Get-DistributionGroup -Filter “Alias -eq ‘$vAlias'”

Tadaaaa! It is freaking works now.

Say your conference room mailboxes are not processing meeting requests from Office 365 or from partner organization, and you want to process those meeting requests too, you come to right place.

Two ways you can accomplish that:

 

One of Two: On the Exchange Connector that receives emails from Office 365 or from different mail servers, Enable Externally secured (for example, with IPsec) in Security Tab of the connector properties.

 

Two of the Two: If you don’t like the above idea, you can enable ProcessExternalMeetingMessages setting on your conference room calendar processing settings. Whip out an Exchange Shell, the type this for every conference room.

 

Set-CalendarProcessing -Identity <Conference Room Name or Email Address> -ProcessExternalMeetingMessages:$true

In my case, I see Exchange 2016 OWA or ECP site will not open in Firefox or Chrome or Edge browsers. In Firefox I was getting this error:

NS_ERROR_NET_INADEQUATE_SECURITY

 

The solution for Firefox:

Open Firefox, type about:config in address bar. Search for http2, find and disable Network.http.spdy.enabled.http2. Close and reopen Firefox.

 

Solution, If you have access to the server:

Download and run IIS Crypto tool on the Windows Server. Click on “Best Practices” button, which chooses the protocols and chiphers as below. Reboot your server.

 

You set the distribution group to receive emails only from specific senders in the delivery management section of the DL properties. Now an email from external source sent to this DL and it fails with the NDR with the following error message:

#550 5.7.1 RESOLVER.RST.NotAuthorized; not authorized ##

Error message says it can not resolve the external email address. The solution is very simple.

Create an Exchange mail contact for the external email address that sends emails to the distribution group.

And, add the Exchange contact to the allowed senders list in delivery management section. That’s all.

Are you seeing this error on Firefox (which is common for intranet websites)?

There is two reasons for this warning. 

1. You may have meddled with OCSP settings. Firefox checks Certificate validity by checking “Certificate Revocation List” (CRL) using OCSP. Firefox couldn’t get the CRL info, thus this error.

2. Your internal Certificate Authority (CA) doesn’t have OCSP installed and/or Firefox doesn’t have Root and Sub-ordinate CA Certificate in the store (Freaking Firefox has it’s own Certificate Store).

For the first issue (OCSP), you can reset the settings and fix the issue.

1. In a new tab, type or paste about:config in the address bar and press Enter/Return. Click the button promising to be careful or accepting the risk.
2. In the search box above the list, type or paste ocsp and pause while the list is filtered
3. If the security.OCSP.require preference is bolded and “modified” or “user set” to true, double-click it to restore the default value of false
4. Close Firefox and reopen it. Try browsing the same website.

For the second issue (no CA certificate in Firefox Cert Store), you need to add the Internal CA certificates to the store.

1. Get the Certificate Authority (CA) certificate chain in P7B format. e.g., CAChain.p7b
2. Open Firefox
3. Open the Firefox menu from the far right side of the Firefox toolbar
4. Select “Options” from menu
5. Select “Privacy & Security”
6. Scroll to the bottom of the page and click on “View Certificates”
7. Click “Import…”
8. select the certificate to add click Open and navigate to the directory you know contains the p7b certificate chain file, select the file and click “Open”
9. Scroll down within the Certificate Manager window that is open and verify the certificate you imported is listed.
10. click “Ok” and now you can navigate to the page you want to browse.

If this fixed it for you, leave me a reply.

From the NDR message if you find the IMCEAEX address, you CAN convert this to X500 address & ADD it as another email address to the correct mailbox or distribution group. I have wrote an small PowerShell Script to convert IMCEAEX address to X500 address quickly.

Here is the script. Copy this script and paste into notepad. Save it as Convert-X500Address.ps1. Run the script with the parameter of IMCEAEX address.

E.g., Convert-X500Address  -IMCEAEXString “IMCEAEX-_O=EXCH_OU=EXCHANGE+20ADMINISTRATIVE+20GROUP+20+28FHSDHJF23GHYED+29_CN=RECIPIENTS_CN=Don+2Doe@contoso.com”

---

<#
Convert-X500Address.ps1

Convert IMCEAEX string from NDR message to X500 Address format. This
Script simply displays the X500 string. Copy it and make a new
X.500 Email address to the Exchange object.

Parameter: Pass the IMCEAEX string from NDR message in double quotes

Written By: Anand, the Awesome, Venkatachalapathy

#>
param($IMCEAEXString)

((((((($IMCEAEXString.Replace(“IMCEAEX-“,””)).Replace(“_”,”/”)).Replace(“+20″,” “)).Replace(“+28”,”(“)).Replace(“+29″,”)”)).Replace(“+2E”,”.”).Replace(“+2C”,”,”)).Replace(“+5F”,”_”))

#* * * End of the Script * * *

---

Enjoy!