Microsoft Exchange 2010 – Migration Mail Flow Issue

I recently experienced an issue when sending e-mails from an Exchange 2003 mailbox to an Exchange 2010 mailbox during a 2003 to 2010 migration. Messages could be successfully sent from Exchange 2010 mailboxes to Exchange 2003 mailboxes but not the other way around, the messages would simply queue on the Exchange 2003 server. After a period of investigation it appeared this issue was occuring due to a smart host not being set against the SMTP connector in the Exchange System Manager on the Exchange 2003 server. To resolve the issue a smart host was configured on the SMTP connector via ESM to be the customers internet service providers upstream mail relay. The steps taken to resolve this issue are detailed below:

1. Connect to your Microsoft Exchange 2003 server and open the Exchange System Manager.

2. In the Exchange System Manager expand Servers -> Server Name -> Connectors.

3. Right click your SMTP connector and select properties.

4. On the general tab check the “Forward all mail through this connector to the following smart hosts” radio button and enter your internet service providers upstream mail relay, for example

5. Test mail flow between the Exchange 2003 and Exchange 2010 environments.

That’s it, hopefully your migration mail flow issues will now be resolved.

Remote Desktop Services – RemoteApp Certificate Issue

I was recently involved in a Remote Desktop Services deployment for three hundred users. After configured Remote Desktop Services and publishing a RemoteApp, which had been digitally signed with a Go Daddy certificate and deployed via an MSI, I was prompted with a “Do you trust the publisher of this RemoteApp program” warning as shown in the below screenshot.

Obviously this was going to be an inconvenience for users, so to resolve this issue I performed the following actions.

1. Create a new Group Policy object via the Group Policy Management Console.

2. Edit the GPO and navigate to the following location, User Configuration\Policies\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Connection Client.

3. Within the Remote Desktop Connection Client folder double click the “Specify SHA1 thumbprints of certificates representing trusted .rdp publishers” group policy object and check the enabled radio button.

4. Now open the SSL certificate you are using for RemoteApp signing, click the Details tab and then scroll down the details pane until you see the “Thumbprint” item. Click the thumbprint entry and you should now see a large alphanumeric string, copy this string and paste the contents into the “Comma separated list of SHA1 trusted certificate thumbprints” box in the GPO we were editing in step 3.

5. Now that you have pasted the thumprint string into the GPO, remove all space and capitalise all lower case letters of the string. For example, if your thumprint looks like this, “95 1f 22 02 c3 6e a6 b0 64 0c db 8e b5 4a bb 98 0c bd ed af” once you have pasted it into the GPO, you need to modify it to read like this, “951F2202C36EA6B0640CBD8EB54ABB980CBDEDAF”.

6. Close down the GPO editor and then link the created GPO to a users organisational unit where the RemoteApp users reside. Log a RemoteApp user off and back on again and test the RemoteApp program, you should now hopefully see that the certificate warning is suppressed and the application loads straight away.

That’s it, your all done.