Occasionally, Exchange Server 2010 admins may encounter the following error when attempting to import a certificate or complete a certificate request:
The certificate status could not be determined because the revocation check failed
This error is thrown when your Exchange server is unable to connect outward to the appropriate certificate authority’s certificate revocation list (CRL.) Microsoft’s KB article talks about mislaid proxy settings, but it can really be caused by almost any misconfiguration of network settings that keeps the server off the Internet. If you’re not using a proxy, check these common culprits using IPCONFIG /ALL:
- DNS Client Settings
- Default Gateway
- Subnet Mask
In general, if the server can get on the Internet it can get to the CRL. If you are still getting this error and can’t get on the Internet after checking the proxy and these additional settings, make sure your environment’s firewall is allowing traffic outbound from the Exchange Server to the outside world.
Microsoft Security Response Center is warning of a flaw in Windows 7-x64 and Windows Server 2008 R2-x64 that could permit remote code execution. Although the bug affects users of the “Aero” theme on either platform, since “Aero” is off by default in Windows 2008 Server R2, this is primarily a threat for Windows 7-x64, where it is enabled by default.
Microsoft’s disclosure indicates they believe that the probability of exploit is low, but recommend that:
In the meantime, customers may choose to disable Windows Aero as a workaround to protect against potential threats. With Aero disabled, the path by which cdd.dll can be exploited is bypassed.
For more info, you can enjoy Slashdot’s coverage and PC Pro’s report as well.
One of the most awaited (and misunderstood) features added to Exchange Server 2010 is the disaster-recovery/high-availability feature known as the Database Availability Group (DAG.) Microsoft touts it as a perfected “2.0″ of the heretofore painful database replication process known as Continuous Cluster Replication (CCR,) which came into our lives in Exchange 2007. While the DAG does create a much simpler implementation path for administrators, there are some important design considerations that have the potential to create deep, painful “catches and gotchas.” Continue reading Reliable Exchange 2010 DAG: Part 1, Active Directory Health
eWeek has taken on a topic near and dear to the SMB network administrator’s heart: How to improve network security on a budget.
Times are tough. The economy is down. Spending is controlled. And your budget is cut. Specifically, your security budget has been hacked to pieces because ROI for security is a pretty tough sell. As management continues to decrease funding for IT and information security initiatives, IT professionals need to focus spending dollars where they will get the most for their money.
The reality is, in today’s economy, information security professionals must do more with less funding, less training and, more often than not, not enough internal staff to support the organization’s business requirements. So, as IT budgets continue to shrink, how can you secure your network? Here are five tips on how to improve your security program by doing more with less.
Service Pack 1 of Microsoft’s flagship collaboration product, Exchange Server 2010, will be available to beta-testers this June, and the general public later this summer. Based on the quick release of Exchange Server 2010 Rollup Pack 1 and Rollup Pack 2, it is not surprising that Microsoft will roll-out this service pack less than a year after its original RTM.
From the Exchange Team Blog:
SP1 will include fixes and tweaks in areas you’ve helped us identify, including a roll-up of the roll-ups we’ve released to date. I also wanted to flag some of the feature enhancements we’re excited to bring to you with SP1 including: archiving and discovery enhancements, Outlook Web App (OWA) improvements, mobile user and management improvements, and some highly sought after additional UI for management tasks
Although a comprehensive list of changes hasn’t been released, making admins lives simpler, there a number of GUI updates, both to the Exchange Management Console (EMC) and Exchange Control Panel (ECP.)
Continue reading Exchange 2010 SP1 Beta this June