SBS 2011 Devices or Users cannot relay even after setting anonymous to the connector in Exchange Management

After spending hours trying to rectify our send connector to allow our accounting program to send invoices out, we stumble across an article from Mark Berry at https://www.mcbsys.com.

We had run the Fix My Network Wizard in SBS 2011 and after that Exchange 2010 would not accept email from non authenticated users even if the anonymous was selected.

Can’t Anonymously Send External Email

Once I had made those changes, the accounting system wouldn’t send email external, only internally to our domain/network.

When the application tried to send an email to a recipient outside the network, it failed with a 5.7.1 error:

sterling-it-mail-relay

 

 

 

 

The Persits knowledge base has a helpful article identifying the problem:  it means that “the SMTP server you are using is configured to reject messages sent to outside email addresses and originating from unauthorized IP addresses or users.”

So it’s a separate setting to be able to send mail outside the organization?

Yup, and for some reason it can only be enabled from the Exchange Management Shell, not from the Console. Once I found and executed the command at the bottom of this Petri article, sending mail to external recipients worked as well:

Get-ReceiveConnector "Default SBS" | Add-ADPermission -User "NT AUTHORITY\ANONYMOUS LOGON" -ExtendedRights "ms-Exch-SMTP-Accept-Any-Recipient"

Never in a million years would I have figured that one out. Thanks Mr. Petri! (no, thank you Mark Berry for reposting in a clean easy format)

NOTE:  If you need to re-run the Internet connection wizard, it will overwrite most of the above settings, and my mail wasn’t going out. So either don’t run that wizard, or make a note of your Exchange Hub Transport settings first.

SBS 2011 Can’t connect to the remote computer because no certificate was configured – Remote workplace certificate error

Problem:
When connecting to Windows SBS 2011 Remote Web Access, the following error appears when trying to connect to a remote computer.

RWA-Cant-Connect

 

 

 

 

 

 

Your computer can’t connect to the remote computer because no certificate was configured to use at the
Remote Desktop Gateway server. Contact your network administrator for assistance.

Solution:
You need to repair the Remote Desktop Gateway (RD Gateway) service in the the RD Gateway Manager management console.

By default, SBS 2011 does not have the RD Gateway Manager management console enabled, The following command will properly install the RD Gateway Manager management console:

dism /online /Enable-Feature:Gateway-UI

Run this command from an elevated command prompt.

Then follow these steps

  1. Open the Remote Desktop Gateway Manager from Administrative Tools > Remote Desktop Services.
  2. Right-click your server name and choose properties.
  3. Select the SSL Certificate tab.
  4. Click the Import Certificate… button.
  5. Choose your trusted certificate and click Import.
  6. Click Ok.

RDCM-SSL-Certificate

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

note: you may need to assign a different certificate, then reassign the desired certificate to force RD Gateway Manager to take effect

See Also:
How to Install Your Existing Certificate into SBS Essentials

 

SOURCE: Thanks to stevehardie.com – This is used for reference and internal use.