Bugra Postaci's Blog

All my posts are provided "AS IS" with no warranties, and confer no rights.

  • Home
  • About
  • Privacy
Posts Comments
  • Sharepoint
    • Sharepoint 2010
    • SharePoint 2013
    • Sharepoint Tips & Tricks
    • SharePoint 2016
    • Sharepoint Tools
  • ASP.NET
  • C#
    • Tips & Tricks
  • Uncategorized

Outgoing emails are not working in SPS2016 after Security Update May 2017

22/06/2017 Leave a comment

This article has inform you previously there may be some concequences after May 2017 Security Update for SharePoint in some special configurations.

There is a security update May 9,2017 for SharePoint Server 2016
You can find details in following KB
https://support.microsoft.com/en-us/help/3191880/description-of-the-security-update-for-sharepoint-server-2016-may-9-20

  • SharePoint outbound email messages incorrectly try to authenticate to SMTP servers that support Generic Security Service Application Program Interface (GSSAPI), Kerberos, or NTLM authentication. This may prevent email messages from being sent. After you install this update, SharePoint sends email messages anonymously without authentication.

 

Well it is confusing, as you may know, out of the box mail configuration for SharePoint always anonymous. Thats correct.
But in some special configuration applied by customers to force SharePoint processes (w3wp or owstimer) to authenticate with their identities to Exchange server;  If aspnet:AllowAnonymousImpersonation settings was disabled for Authenticated users (well it doesn’t work for anonymous users at all) it may work.

<appSettings>
<add key=”aspnet:AllowAnonymousImpersonation” value=”false” />
</appSettings>

More details explained for this.
https://support.microsoft.com/en-us/help/2686411/sharepoint-impersonates-the-iusr-account-and-is-denied-access-to-resources
Security Warning : Well the suggested action for this settings , this should be enabled. Otherwise anonymous request will have higher rights with Application Pool Identities does.

The problem of this kind of authentication is incorrect ,not expected  for SharePoint and Microsoft considered this is a Security Issue. As Microsoft said by design it has to be anonymous. With that Security fix will prevent this. SharePoint will be always use anonymous authentication through SMTP servers.

For customers who interested force authentication , well there’s no way to disable the anonymous-only behavior but we have valid workaround for that:

  1. If you are using Exchange, you can set up a separate receive connector configured as externally secured, and restricted to the IP addresses of the SharePoint server(s) in their environment.  This will allow SharePoint to send e-mails anonymously through this receive connector, but the connector will treat the e-mails as if you were authenticated.  All other SMTP clients will continue using the regular receive connectors and any authentication policies associated with those receive connectors.
  2. Set up a smarthost SMTP relay that will accept e-mails anonymously from the SharePoint server(s), and then relay them to the company’s SMTP infrastructure using authentication.
Advertisements

Filed under Sharepoint, Uncategorized Tagged with AllowAnonymousImpersonation, SMTP

Single Label Domain names (SLD) and SharePoint

21/06/2017 Leave a comment

Not a good idea. Not supported at all , for SharePoint.

https://technet.microsoft.com/en-us/library/cc262485.aspx

Filed under Sharepoint, Uncategorized

Any CPU or x64 or x86

20/06/2017 Leave a comment

How to learn processor achitecture of an assembly ?

Powershell:

[reflection.assemblyname]::GetAssemblyName("${pwd}\Microsoft.SharePoint.dll") | fl

https://msdn.microsoft.com/tr-tr/library/system.reflection.processorarchitecture(v=vs.110).aspx

Amd64

A 64-bit AMD processor only.

Arm

An ARM processor.

IA64

A 64-bit Intel processor only.

MSIL

Neutral with respect to processor and bits-per-word. (AnyCPU)

None

An unknown or unspecified combination of processor and bits-per-word.

X86

A 32-bit Intel processor, either native or in the Windows on Windows environment on a 64-bit platform (WOW64).

Or Corflags.exe
https://docs.microsoft.com/en-us/dotnet/framework/tools/corflags-exe-corflags-conversion-tool

CPU Architecture           PE      32BITREQ   32BITPREF
 ------------------------   -----   --------   ---------
 x86 (32-bit)               PE32           1           0
 x64 (64-bit)               PE32+          0           0
 Any CPU                    PE32           0           0
 Any CPU 32-Bit Preferred   PE32           0           1

More Information:
What does Any CPU really means ?
http://blogs.microsoft.co.il/sasha/2012/04/04/what-anycpu-really-means-as-of-net-45-and-visual-studio-11/

 

Filed under Debugging Tagged with AnyCPU, Corflags, ProcessorAchitecture, x64, x86

RSS Register

  • RSS - Posts
  • RSS - Comments

Search

Inside my brain

.Net Tools 2010 2013 Access Denied AD ASP.NET Authentication Backup C# configuration Content Content-type CU Cumulative Database Delete deployment enum Error Excel Feature GAC GC HttpHandler IE8 IIS LDAP list Lock() Log meeting Moss 2007 Moss2007 mysite Ninject NTLM Performance PowerShell problem Profile RBS Redirection request Search security server Service Service Pack session Settings Sharepoint Sharepoint 2007 Sharepoint 2010 Sharepoint2010 SharePoint 2013 Site SP1 SP2 SPS2010 SPS2013 SQL stsadm Support Supportability Sync Syncronization TimerJob tools ULS UPA Update user Web Webpart Workflow

Categories

  • .Net Tools (6)
  • ASP.NET (34)
  • C# (32)
  • Coolite (1)
  • Debugging (1)
  • Design Patterns (1)
  • IIS (4)
  • Microsoft Support (1)
  • Powershell (2)
  • Sharepoint (101)
  • Sharepoint 2010 (89)
  • SharePoint 2013 (54)
  • SharePoint 2016 (9)
  • SharePoint Online (5)
  • Sharepoint Tips & Tricks (20)
  • Sharepoint Tools (7)
  • System (2)
  • T-SQL (5)
  • Tips & Tricks (10)
  • Uncategorized (30)
  • Visual Studio IDE (4)

Top Posts

  • Loading this assembly would produce a different grant set from other instances. (Exception from HRESULT: 0x80131401)
  • Using Distribution Groups in SharePoint for securing SharePoint securables is not possible.
  • Microsoft.Workflow.Client.AuthenticationException "Authentication Failed"
  • The SPListItem being updated was not retrieved with all taxonomy fields
  • how to delete sharepoint timer job using powershell
  • Cleaning orphan database from SharePoint Farm
  • Sharepoint 2010 How to give "Replicate Directory Changes" permission to User Profile Sync Account
  • Object size in memory c#
  • c# LDAP create new active directory user
  • c# LDAP check user is locked or not

My Recents

  • SharePoint IRM – Azure RMS not installed issue
  • Be aware, another “May” the update be with you !
  • Working with Microsoft Support; Explaining terms that Microsoft Agents using.
  • Field experiance on SharePoint Onprem Apps configurations for SharePoint 2016
  • Decommisioning Microsoft Sync Framework 1.0 SP1 runtime

Archives

  • June 2019 (1)
  • May 2019 (1)
  • April 2019 (2)
  • March 2019 (2)
  • January 2019 (1)
  • July 2018 (1)
  • June 2018 (1)
  • May 2018 (1)
  • January 2018 (1)
  • December 2017 (1)
  • November 2017 (1)
  • July 2017 (1)
  • June 2017 (3)
  • May 2017 (1)
  • February 2017 (2)
  • May 2016 (1)
  • March 2016 (1)
  • February 2016 (1)
  • December 2015 (1)
  • November 2015 (1)
  • October 2015 (2)
  • August 2015 (3)
  • July 2015 (1)
  • June 2015 (4)
  • May 2015 (2)
  • April 2015 (1)
  • March 2015 (1)
  • February 2015 (3)
  • January 2015 (1)
  • December 2014 (3)
  • October 2014 (3)
  • August 2014 (6)
  • July 2014 (2)
  • May 2014 (5)
  • April 2014 (5)
  • March 2014 (2)
  • February 2014 (17)
  • December 2013 (2)
  • November 2013 (3)
  • October 2013 (5)
  • August 2013 (1)
  • July 2013 (3)
  • June 2013 (4)
  • May 2013 (2)
  • April 2013 (1)
  • March 2013 (3)
  • February 2013 (3)
  • January 2013 (4)
  • December 2012 (1)
  • November 2012 (4)
  • October 2012 (3)
  • September 2012 (2)
  • August 2012 (3)
  • July 2012 (5)
  • June 2012 (2)
  • May 2012 (3)
  • April 2012 (9)
  • March 2012 (7)
  • February 2012 (10)
  • January 2012 (8)
  • December 2011 (8)
  • November 2011 (2)
  • October 2011 (11)
  • September 2011 (10)
  • August 2011 (5)
  • July 2011 (7)
  • June 2011 (13)
  • May 2011 (2)
  • April 2011 (11)
  • March 2011 (1)
  • February 2011 (1)
  • January 2011 (6)
  • December 2010 (4)
  • November 2010 (4)
  • October 2010 (14)
  • September 2010 (5)
  • August 2010 (3)
  • April 2010 (9)
  • March 2010 (7)
  • February 2010 (10)
  • January 2010 (42)
  • December 2009 (3)
  • November 2009 (9)
Advertisements

Blog at WordPress.com.

Privacy & Cookies: This site uses cookies. By continuing to use this website, you agree to their use.
To find out more, including how to control cookies, see here: Cookie Policy