Forum
Merhaba
Hakan bey çalıtığım şirkette exchane server da 3 adet domain [email protected] [email protected] [email protected] gibi ve exchange üzerinde şuan geçerli bir sertifika yoktur bu 3 farklı domain için sertifika nasıl alabilirim alsam da sertifika ile ilgili herhangi bir sorun çıkartırmı . Son sorum 20 kişinin mail adresini tek bir mail adresine yönlendirmek istiyorum departmanın güvenliği için yardımlarınız için Şimdi den TEŞŞEKÜR EDERİM
Merhaba
Öncelikle Hakan bey değilim ancak yardımcı olmak isterim.
Eğer default ayarlar ile oynamadıysanız, sertifika zaten şirket içindeki kullanıcılar için geçerlidir.
Ofis dışından Exchange server a (OWA, Outlook Anywhere) olarak bağlanmaları durumunda sertifika kullanabilirsiniz. Eğer firewall olarak ISA Server kullanıyorsanız yine SSL kullanarak sertifikayı publish ederek daha güvenli hale getirebilirsiniz.
Öncelikle ne için kullanacağınıza bağlı.
Buğra bey
Teşşekürler yardımınız için Exchange server şirket içi ve şirket dışı aktif olarak kullanılmakta dışarıdan mail server a bağlanıldığı zaman sertifika hatası veriyor ve clientler hiç bir şekilde şiflrelerini değiştiremiyorlar en buyuk sıkıntı bu ve exchange server aynı çatı altında üç ayrı firmaya hizmet veriyor. bu yüzden 3 ayrı domain adı barındırıyor owa bağlantısı kurulurken örnek olarak https://cicek.com/owa https://papatya.com/owa https://firma.com/owa yazar şirketteki kullanıcı kendi şirket domain adını yazarak bağlanıyor
Cevap beklediğim konu Nasıl bir sertifika almalıyım ve herhangi bir sorun yaşanırmı ?
Merhaba
OWA üzerinden şifre değiştirmeyi enable yapmalısınız alttaki yönergeleri izleyin lütfen. Takıldıgınız bir yeri olursa cevaplarım
Warning If you edit the metabase incorrectly, you can cause
serious problems that may require that you reinstall any product that
uses the metabase. Microsoft cannot guarantee that problems that result
if you incorrectly edit the metabase can be solved. Edit the metabase
at your own risk.
Note Always back up the metabase before you edit it.
After you apply this hotfix, follow these steps
to configure the Password Change functionality:
- 1.
Apply the hotfix to update the files on the computer that is running
IIS or install service pack 1 for Windows 2003. The hotfix will
automatically register the module and you can proceed to step 3. If
Service Pack 1 has been installed without the hotfix, you must manually
register the module. - Register the IISpwchg.dll file in the Iisadmpwd directory:
- Click Start, and then click
Run. - In the Open box, type the following,
and then press ENTER:regsvr32
c:\windows\system32\inetsrv\iisadmpwd\iispwchg.dll
- Click Start, and then click
- Configure the PasswordChangeFlags property in the metabase to make sure that the Password Change
functionality is enabled:- Click Start, and then click
Run. - In the Open box, type
cmd, and then press ENTER. - Locate the C:\Inetpub\Adminscripts
directory. - Type the following command, and then press ENTER:
cscript.exe adsutil.vbs set
w3svc/passwordchangeflags ValueNote In this sample command, Value is a
placeholder for the value that you want to set for the PasswordChangeFlags property.
- Click Start, and then click
- The following list includes the possible values for the PasswordChangeFlags property. You can use a combination of these values.
- 0: This is the default value. This
value indicates that you must use a Secure Sockets Layer (SSL) connection when
you change the password. - 1: This value permits password changes on non-secure ports. This
value is useful if SSL is not enabled. - 2: This value disables the Password Change
functionality. - 4: This value disables the advance notification of password
expiration.
- 0: This is the default value. This
- Make sure that the virtual directory for the Iisadmpwd
directory is correctly created and that it points to the correct location. The
correct location is System32\Inetsrv\Iisadmpwd.To create a virtual directory for the Iisadmpwd directory, follow these steps:
- Click Start, click Programs, click Administrative Tools, and then click Internet Information Services (IIS) Manager.
- In Internet Information Services (IIS) Manager, right-click the Web site where you want the Iisadmpwd folder, click New, and then click Virtual Directory.
- When
the Virtual Directory Creation Wizard starts, follow the instructions
to create the virtual directory with the alias that is named
"IISADMPWD." Make sure that the path points to the
Windows\System32\Inetsrv\Iisadmpwd directory. Make sure that both
"Read" permissions and "Run Scripts (such as ASP)" permissions are
selected.
- Make sure that the Iisadmpwd virtual directory runs in the
same application pool as the Web site that uses the Password Change
functionality. For example, if the Password Change functionality is used in
your Microsoft Outlook Web Access (OWA) Web site, the Iisadmpwd virtual
directory must run inside the Exchange application pool where the OWA site
resides.Note We recommend that the authentication for IISADMPWD is the same as
the application that is using this functionality. Anonymous Authentication is
not required to be enabled on this virtual directory. - Verify that the following metabase entries are set
correctly.Note
If the metabase is manually changed by using an XML Editor to edit any
of these metabase entries and values, the XML editor will automatically
insert the tag for a double-quote character. This will result in two
double-quote characters in the metabase. To work around this, either
edit the Metabase.xml file in a non-XML editor (Notepad.exe, for
example) or use the XML tag for the double-quote character. The XML tag
for the double-quote character is ". After you edit the
Metabase.xml file, review the changes to verify that " does
not appear as a opening tag and a closing tag in the changes. The
"" and "" syntax causes a failure.Collapse this tableMetabase entry and value Description AuthChangeURL = "/iisadmpwd/achg.asp" This page
does the actual password change work.AuthExpiredURL = "/iisadmpwd/aexp.asp" This page
displays the password change form for a user whose password has expired. Make
sure that you type the account name in the "domain\username" format.AuthExpiredUnsecureURL="/iisadmpwd/aexp3.asp" This
page displays the password change form when SSL is not used.AuthNotifyPwdExpURL = "/iisadmpwd/anot.asp" This
page appears when a user's password expires earlier than the number of days
that are specified in the PasswordExpirePreNotifyDays entry.AuthNotifyPwdExpUnsecureURL =
"/iisadmpwd/anot3.asp"This page appears if a user's password expires
earlier than the number of days that are specified in the
PasswordExpirePreNotifyDays entry when SSL is not used.PasswordExpirePreNotifyDays This metabase entry
specifies the number of days that remain before the client's password expires.
This metabase entry also indicates when a password pre-notification message is
sent. - By default, these metabase entries are located at the
W3SVC level in the metabase. You can use the Adsutil.vbs script to configure
these metabase entries. The Adsutil.vbs script is located in the
Inetpub\Adminscripts directory on your system. To use the Adsutil.vbs script to
configure these metabase entries, follow these steps:- At a command prompt, locate the C:\Inetpub\Adminscripts
directory. - Type the following command, and then press ENTER:
cscript.exe adsutil.vbs set
w3svc/MetabaseEntry ValueFor example, type the following:
cscript.exe adsutil.vbs set
w3svc/PasswordExpirePreNotifyDays 4
- At a command prompt, locate the C:\Inetpub\Adminscripts