You set the distribution group to receive emails only from specific senders in the delivery management section of the DL properties. Now an email from external source sent to this DL and it fails with the NDR with the following error message:

#550 5.7.1 RESOLVER.RST.NotAuthorized; not authorized ##

Error message says it can not resolve the external email address. The solution is very simple.

Create an Exchange mail contact for the external email address that sends emails to the distribution group.

And, add the Exchange contact to the allowed senders list in delivery management section. That’s all.

Are you seeing this error on Firefox (which is common for intranet websites)?

There is two reasons for this warning. 

1. You may have meddled with OCSP settings. Firefox checks Certificate validity by checking “Certificate Revocation List” (CRL) using OCSP. Firefox couldn’t get the CRL info, thus this error.

2. Your internal Certificate Authority (CA) doesn’t have OCSP installed and/or Firefox doesn’t have Root and Sub-ordinate CA Certificate in the store (Freaking Firefox has it’s own Certificate Store).

For the first issue (OCSP), you can reset the settings and fix the issue.

1. In a new tab, type or paste about:config in the address bar and press Enter/Return. Click the button promising to be careful or accepting the risk.
2. In the search box above the list, type or paste ocsp and pause while the list is filtered
3. If the security.OCSP.require preference is bolded and “modified” or “user set” to true, double-click it to restore the default value of false
4. Close Firefox and reopen it. Try browsing the same website.

For the second issue (no CA certificate in Firefox Cert Store), you need to add the Internal CA certificates to the store.

1. Get the Certificate Authority (CA) certificate chain in P7B format. e.g., CAChain.p7b
2. Open Firefox
3. Open the Firefox menu from the far right side of the Firefox toolbar
4. Select “Options” from menu
5. Select “Privacy & Security”
6. Scroll to the bottom of the page and click on “View Certificates”
7. Click “Import…”
8. select the certificate to add click Open and navigate to the directory you know contains the p7b certificate chain file, select the file and click “Open”
9. Scroll down within the Certificate Manager window that is open and verify the certificate you imported is listed.
10. click “Ok” and now you can navigate to the page you want to browse.

If this fixed it for you, leave me a reply.

From the NDR message if you find the IMCEAEX address, you CAN convert this to X500 address & ADD it as another email address to the correct mailbox or distribution group. I have wrote an small PowerShell Script to convert IMCEAEX address to X500 address quickly.

Here is the script. Copy this script and paste into notepad. Save it as Convert-X500Address.ps1. Run the script with the parameter of IMCEAEX address.

E.g., Convert-X500Address  -IMCEAEXString “IMCEAEX-_O=EXCH_OU=EXCHANGE+20ADMINISTRATIVE+20GROUP+20+28FHSDHJF23GHYED+29_CN=RECIPIENTS_CN=Don+2Doe@contoso.com”

---

<#
Convert-X500Address.ps1

Convert IMCEAEX string from NDR message to X500 Address format. This
Script simply displays the X500 string. Copy it and make a new
X.500 Email address to the Exchange object.

Parameter: Pass the IMCEAEX string from NDR message in double quotes

Written By: Anand, the Awesome, Venkatachalapathy

#>
param($IMCEAEXString)

((((((($IMCEAEXString.Replace(“IMCEAEX-“,””)).Replace(“_”,”/”)).Replace(“+20″,” “)).Replace(“+28”,”(“)).Replace(“+29″,”)”)).Replace(“+2E”,”.”).Replace(“+2C”,”,”)).Replace(“+5F”,”_”))

#* * * End of the Script * * *

---

Enjoy!

If you try Connect-Mailbox command to link the mailbox to the user account, sadly you will get this error on Soft-Deleted mailbox:

Error:
Mailbox “501e70da-059f-44f5-9811-77cefdfa14fd” doesn’t exist on database “EXCHDBxx”

I know what you thinking. Me too. Why doesn’t mailbox exist on the database?   I freaking checked the mailbox is in the database. It’s right there!!.

Migrated or moved mailboxes were goes to soft-deleted mode in the database. Since it was soft-deleted mailbox, we CANNOT connect back to a user account to restore the mailbox.  BUT we can restore the mailbox contents to another mailbox (may be temporary test mailbox). Here is how you do it.

Open PowerShell and connect to your Exchange server, Or open Exchange Admin Shell on the Exchange server.

Step 1: Create a new mailbox restore request. We are telling Exchange to Restore the Source mailbox from Source database to Target folder named “RestoreMailboxContents” on a  specified Target mailbox.

New-MailboxRestoreRequest –SourceStoreMailbox <Soft-Deleted Mailbox name or GUID> –SourceDatabase <Database Name> 
-TargetMailbox <Temporary mailbox name> -AllowLegacyDNMismatch -TargetRootFolder “RestoredMailboxContents”

e.g.,

New-MailboxRestoreRequest -SourceStoreMailbox “John Freaking Doe” -SourceDatabase EXCHDB09 -TargetMailbox “MyTemp Mailbox” -AllowLegacyDNMismatch -TargetRootFolder “RestoredMailboxContents”

Step 2: Start the mailbox restore request to actually restore the mailbox to the target mailbox. 

If you know the Mailbox Request identity/name, then run this on the Exchange Admin Shell.

Get-MailboxRestoreRequest -Identity “MailboxRestoreRequestName” | Resume-MailboxRestoreRequest

Otherwise run this:

Get-MailboxRestoreRequest | Resume-MailboxRestoreRequest

Step 3: Wait for the restore to complete. Run “Get-MailboxRestoreRequest” to check status of the progress.

Step 4:  Once the Restore process is completed, Delete the Restore request from the system by running this:

Get-MailboxRestoreRequest | Remove-MailboxRestoreRequest

Now open the target mailbox in Outlook (or OWA) to find your restored mailbox contents under “RestoredMailboxContents” folder. Yay!

Did it help. Leave me a comment.

Windows 10 Hyper-V has NAT (Network Address Translation) network feature, but it needs to setup using PowerShell now.  I will show you step by step instructions how to do it. NAT Switch provides Internet access to the VM without creating External Switch (linking the switch to physical wired or wireless adaptor).

Before we start, here are the requirements to prepare it ahead of time.

1.  IP Network to be used in Guests. You need to find a subnet that is not being using in your Office network. If you are setting up on your Home, you can choose any subnet that is not used in your home. E.g., 192.168.200.0/24

2. Guest VMs are needed to assign IP address/subnet/gateway manually from the subnet you choose on requirement 1 above. Or you may need to setup in DHCP server in one of the Guest VMs for automatic IP assignment. If you only have one or two guest VMs, you may set the IP address manually on NICs.

Now the step by step instruction.

Step 1: Open PowerShell with Administrative privileges.

Search PowerShell in Start menu search, right click on PowerShell and choose More ==> Run As Administrator.

Step 2: Create Hyper-V internal only switch.

Run this command on the PowerShell.

New-VMSwitch –SwitchName “NAT-Switch” –SwitchType Internal –Verbose

Step 3: Find the Interface Index number

Type this cmdlet and note down the interface index (ifIndex) for NAT-Switch adaptor.

Get-NetAdapter

Step 4: Create NAT Gateway

Run this cmdlet. Replace

• IP Address (gateway) with your own (should be from the network subnet you chose in the requirements section above)
• PrefixLength is the subnet mask number for the subnet you chose
• Interface index you noted down on previous step.

New-NetIPAddress –IPAddress 192.168.200.1 -PrefixLength 24 -InterfaceIndex 16 –Verbose

Step 4: Create NAT Network

Run this cmdlet and replace InternelIPInterfaceAddressPrefix with your chosen network.

New-NetNat –Name NATNetwork –InternalIPInterfaceAddressPrefix 192.168.200.0/24 –Verbose

Step 5: Connect your VM to the NAT-Switch

You may manually assign the Guest NIC to the “NAT-Switch” which we created in Step-2.  Or you may run this cmdlet to assign NIC from all Guest VMs to the “NAT-Switch”

Get-VM | Get-VMNetworkAdapter | Connect-VMNetworkAdapter –SwitchName “NAT-Switch”

Step 6: Assign IP Address to the NICs in Guests

Open NIC properties in your Guest VMs, Assign IPv4 addresses from the network subject you setup in Step-4.  Or run DHCP server from one of your Guests to dish IP address automatically.

E.g.,

Guest VM 1:

IP Address: 192.168.200.11
Subnet: 255.255.255.0
Gateway: 192.168.200.1
DNS: 4.2.2.2 and 8.8.8.8 (or your own DNS server from the office network).

Guest VM 2:

IP Address: 192.168.200.12
Subnet: 255.255.255.0
Gateway: 192.168.200.1
DNS: 4.2.2.2 and 8.8.8.8 (or your own DNS server from the office network).

That’s all. By  now you guests should have access to External networks and Internet.

Hope this helped you. Leave me a reply below.

If you ditched an account that had a fingerprint setup in Windows Hello, Windows 10 won’t let you add the same fingerprint for another account, obliviously.  Or you are trying to use second account with same fingerprint. So you will get this error message:

The question is how do we delete the registered fingerprint(s ) with different unused account. It is easy as 20 second task. Here is how you do it.

1. Open Services console (Windows key + R and type Services.msc). Stop the service called  Windows BioMetric Service (WbioSrvc)

2. Open folder location in file explorer: C:\Windows\System32\WinBioDatabase\. On this location, there will GUID.dat files. Find the one with date you recognized you register the fingerprint. If not, just delete all DAT files.

3. Start the service Windows BioMetric Service again.

There was no reboot required on my case. Try registering your fingerprint now. Enjoy.

I believe Outlook windows seems to hang at times due to difference between hardware or software graphics acceleration setting. By default Hardware graphics acceleration is enabled.

If your Outlook goes blank or unreponsive or hangs, try disabling the hardware graphics acceleration. To do it, go to Outlook advanced settings (File ==> Settings ==>Advanced), uncheck the box for Disable hardware graphics acceleration.