|
From memory, you can set the permissions on an Exchange public calendar so that users can only edit/delete items they have created themselves. So this should be possible out of the box.
|
#
¿
May 5, 2011 22:11
|
|
|
|
| # ¿ Apr 25, 2024 10:17 |
|
|
We have had a strange certificate-related problem occur seemingly out of nowhere. Approximately 10% of our machines cannot access any of the HTTPS based Exchange Client Access services (OWA, availability, autodiscover etc). They receive a odd certificate error. However this isn't a run-of-the mill chain or hostname error, and viewing the certificate properties doesn't show any problems. Event ID 11 (CAPI2) is logged in the client event log with the error "The certificate is not valid for the requested usage." Bizarrely, the remaining 90% of our machines (all Windows 7 or Server 2008 R2 Terminal Services) are all fine. They don't get any errors. I'm trying to determine if some sort of update has caused this issue but any advice is appreciated.
|
|
#
¿
Mar 12, 2014 21:12
|
|
|
Yep, it was the Entrust root CA as a few people have correctly guessed. I figured it out, and then approx 15 minutes later an email dropped into my inbox from Entrust with a new intermediate certificate. The thing that really caught me out was that I did not realize that the root CA update process for Windows is not dependent on Windows Update. It basically can trigger whenever any user uses HTTPS (?) I knew that the affected machines had not received any updates so I could not figure out how their behavior had changed.
|
|
#
¿
Mar 13, 2014 22:13
|
|
|
Syano posted:We have just been blowing away the local stores. Seems to work. Cause I have read that entrust post about 14 times now and I am not quite sure what exactly they are saying to do Grab the new intermediate cert from https://support.comodo.com/index.php?_m=downloads&_a=viewdownload&downloaditemid=94 and load into the local computer certificate store on your Exchange CAS boxes. This should fix the issue. Make sure that any upstream (probably non-Windows) devices have the 2048-bit root CA installed. We had to manually add it to a PGP appliance that acts as a smarthost so that it could still connect to it via TLS'd SMTP.
|
|
#
¿
Mar 13, 2014 22:18
|
|
|
Syano posted:We went through and updated our mail servers along with all our RDP servers this morning by installing the new certificate. Still have a lot of clients with the same issue. Any clues? Could some of the clients have the old intermediate certificate installed locally? That would probably take precedence over the certificate chain on the Exchange server.
|
|
#
¿
Mar 16, 2014 12:42
|
|
|
|
| # ¿ Apr 25, 2024 10:17 |
|
|
Swink posted:Any of you use Mimecast for mail archiving? I need to archive all mail for 7 years and I'm getting sick of storing it locally. Yes, I am. I think I would recommend it.
|
|
#
¿
Apr 23, 2015 16:54
|
|