-
🛡 Antivirus on Exchange Servers: When “Configured According to Best Practices” Still Isn’t Enough
Antivirus software is mandatory on Exchange servers, but misconfiguration goes far beyond missing folder exclusions. This article explains how antivirus process-level integration can silently affect IIS and Exchange services, why issues may look unrelated to antivirus at first glance, and how Microsoft-provided diagnostic scripts help identify configuration problems.
-
📅 A Second Calendar Took Over: Why New Events Land There and How We Fixed It
A real-world Exchange support case where a second calendar suddenly became the default one. All existing meetings stayed in the old calendar, while new events were created in the new one. We walk through why Exchange can’t tell you who caused it, why third-party mobile apps are often involved, and how to restore the correct…
-
🔐 Why You Cannot “Switch Exchange to LDAPS (636)” — and Why You Don’t Need To
Why Exchange cannot use LDAPS (636) — and why it doesn’t need to. Auditors often require “LDAPS everywhere,” but Exchange relies on LDAP over SASL (Kerberos/NTLM), which already provides encryption and integrity via signing/sealing on ports 389/3268. No plaintext data is ever transmitted. This post explains the architectural reasons, shows packet captures, and provides a…
-
📨 SMTPUTF8 in Mixed Exchange Environments (2019 ⇄ 2016): Why Your Go (gomail) App Fails — and How to Fix It
Mixed Exchange 2019↔2016 can break SMTP submissions from Go/gomail when FE 2019 advertises SMTPUTF8 and the session is proxied to BE 2016 that doesn’t support it. The fix: disable SMTPUTF8 on the 2019 connector, adjust the client, or finish migrating to 2019.
-
🔍 Granting Cross-Forest Mailbox Access: Linked Mailbox or Full Access?
Two forests, one mailbox. Should you just assign Full Access or go with a Linked Mailbox? Here’s the difference, a real-world error we hit, and why linked mailboxes often win for long-term stability.
-
🧩 When a Security Policy Breaks Exchange Installation: WinRM Troubles Uncovered
At first glance, the Exchange 2019 setup seemed smooth – clean OS, a well-planned migration scenario. But the installation hit a snag when WinRM refused to cooperate. What went wrong? This post dives into a surprising root cause tied to an old security policy and shows how understanding hidden production settings can save hours of…
-
🛡️Default FrontEnd Connector in Exchange: Open Door or Necessary Entry Point?
Did you know that your Exchange server might be allowing anyone to send anonymous emails to internal users by default? In this post, I explore the security implications of the Default FrontEnd receive connector, why it matters in hybrid environments, and how attackers might exploit it. Based on findings from real Risk Assessment Programs, I…
-
📅Cross-Forest Free/Busy with Meeting Rooms: Making It Work in Exchange
Free/Busy lookups between forests are tricky enough — and meeting rooms make them even more so. In this post, I walk through a scenario where calendar sharing works fine for users, but room mailboxes stay silent. If you’re dealing with a cross-forest Exchange setup and struggling with room availability, this guide will help pinpoint where…
-
🌐Federation Trust in Exchange: When Trust Breaks Down
Federation Trust is the backbone of cross-organization sharing in Exchange – but what if it breaks? In this post, I cover a real-world case where the trust silently failed, impacting Free/Busy lookups and external sharing.
-
🧩Recreating Exchange Virtual Directories: When Reset is the Fix
Virtual directories in Exchange can get messy – corrupted configs, wrong URLs, failed authentication… In this post, I show how and when recreating them solves persistent issues with Outlook, OWA, ECP, and more. Whether you’re troubleshooting client access or just want a clean slate, here’s a practical guide to doing it safely.
EWS Free Area 