Who’s Hacking My Exchange OWA? Check with Log Parser 2.2

I am one of the few on the planet that still hosts my own servers in house. Sorry, but I don’t really see the benefit of moving everything to the cloud when keeping it in house allows me the control and flexibility I want. I especially like having an Exchange OWA server in house.

With that said, hosting your own systems can be troublesome as well. Maintaining the hardware, infrastructure and security are items that would get farmed out in a cloud environment. This post focuses on the security end, or rather attempting to track hack attempts.

In January, I sent up a trigger to alert me every time a user is locked out. -> Know instantly when a user is locked out <- Its a good read if you’re interested. This trigger reads the event logs, looks for the lockout event and sends the info to me via email. A great help in being proactive with my users. It also alerts me to hack attempts. Too many incorrect login attempts on OWA would trigger a lockout event. During a recent weekend, I was receiving lockout emails every 30 minutes. So who was doing this? What did they want?

How to check Exchange OWA IIS logs

Continue reading “Who’s Hacking My Exchange OWA? Check with Log Parser 2.2”

Exchange 2016 – ECP ERROR 500 – OWA Working Fine!

As an IT professional for over 20 years I have run into a lot of strange errors in my time. I also have an extensive home “production” lab so I can stay up to date on changes in tech and its fun! Recently I installed Exchange 2016 in a Hyper-V virtual machine. It was a simple migration from 2013. I was in the process of decommissioning an older Hyper-V host. Some of my guest vm’s were migrated while others were built from scratch.

I had  completed my migration and Exchange, OWA, & ECP were working just fine. About a month later I tried to access the ECP and was greeted with a 500 Error!

Tracking Down The Error

Continue reading “Exchange 2016 – ECP ERROR 500 – OWA Working Fine!”

Exchange 2016 – EVENT ID 15021- Blank ECP / OWA & Error connecting to Outlook

If you have been following my blog, I recently migrated my Exchange 2010 server to a new 2016 server. There have been a few hiccups along the way however for the most part  the experience has been good and user disruption minimal, until I encountered Event ID 15021.

ExchangeLast night during a maintenance window I applied my Microsoft updates and rebooted the server. Shortly after reboot I attempted to open Outlook and it failed with a server unavailable error. OWA and ECP both showed BLANK white screens. I began to panic a little because this is probably the IT guys worst nightmare! Working in the industry for over 20 years I put my panic aside and began my standard troubleshooting procedure.

STEP 1 – Event logs are your friend

Continue reading “Exchange 2016 – EVENT ID 15021- Blank ECP / OWA & Error connecting to Outlook”

My Experience Migrating to Exchange 2016

If you have ever taken the time to read my blog you would probably know by now that I am the IT director for a mid sized accounting firm in NJ. One project on my docket this year is to migrate from Exchange 2010 to Exchange 2016. This post is just going to be a basic log of what I encountered during my install. If you take the time to read this maybe you can find a useful tip to aid in your migration woes.

Having a small shop and wearing a lot of hats here in the office tends to create a slew of challenges. Most of the time I have a ton of projects brewing so focusing on one can be difficult at times. My migration to a new Exchange 2016 server will be gradual taking about 2 to 3 weeks to complete. During the initial setup I like to let certain steps “stew” overnight to make sure there are no disruptions. I also like to be sure I have a contingency plan to undo any unforeseen issues.

Is your directory active enough?

Continue reading “My Experience Migrating to Exchange 2016”