Granikos Technology Blog

In 2014 Microsoft released some hotfixes for cover issues with .NET Framework 4.5 and Exchange Server 2013 on Windows Server 2008R2 and Windows Server 2012. The .NET Framework 4.5.1 for Windows Server 2012R2 already contains the mentioned fixes. So no additional fixes are required on Windows Server 2012R2 

After installing .Net Framework 4.5.2 on Windows Server 2008R2 or Windows Server 2012 it is not required to configure the DisableRetStructPinning.

The hotfixes and the included tuning of the store work process do ot have any impact on the sizing guide for Exchange Server 2013.


Do you need assistance with your Exchange Server setup? You have questions about your Exchange Server infrastructure and going hybrid? Contact us at or visit our website

Weiterlesen »

You can use PowerShell to manage your local certificate store.

The default PowerShell Get-ChildItem cmdlet allows for accessing the local certificate store. But you should start your PowerShell shell windows as an administrator, as access might be restricted by GPO settings.


List all certificate folder on the local machine

Get-ChildItem -Path Cert:\LocalMachine

Name : TrustedPublisher
Name : ClientAuthIssuer
Name : Remote Desktop
Name : Root
Name : TrustedDevices
Name : SPC
Name : CA
Name : AuthRoot
Name : WebHosting
Name : TrustedPeople
Name : My
Name : SmartCardRoot
Name : Trust
Name : Disallowed


List all available certificates for the computer

Get-ChildItem -Path Cert:\LocalMachine\My

    Directory: Microsoft.PowerShell.Security\Certificate::LocalMachine\My

Thumbprint                                Subject
----------                                -------
EC225A0183DC64D864C8BEA1477822858FCEC767  CN=WMSvc-EXSRV02
E2BC29B1445FD267E5A2823591A5221D67D0D94F  CN=Microsoft Exchange Server Auth Certificate
D8EE794A39A8E04BE32A1E8BED93A3C46D15E0EF  CN=EXSRV02
60246A87C12BEB365E7B4044C926587590A3D7B6, O=mcmemail, C=DE
5F103D6C61BF57D86DB4AAA05597B0D1E8155884, CN=EXSRV02, CN=, CN=localhost, O=Trend Micro.


Retrieve certificate details

The example shows a self-signed certificate of a Trend Micro ScanMail for Exchange setup.

$cert = Get-ChildItem -Path Cert:\LocalMachine\My\5F103D6C61BF57D86DB4AAA05597B0D1E8155884
$cert | fl

Subject      :, CN=EXSRV02, CN=, CN=localhost, O=Trend Micro ScanMail for Microsoft
Issuer       :, CN=EXSRV02, CN=, CN=localhost, O=Trend Micro ScanMail for Microsoft
Thumbprint   : 5F103D6C61BF57D86DB4AAA05597B0D1E8155884
FriendlyName :
NotBefore    : 17.11.2014 00:00:00
NotAfter     : 16.11.2017 00:00:00
Extensions   : {System.Security.Cryptography.Oid, System.Security.Cryptography.Oid}


A certificate issued by an Enterprise CA looks like this

$cert = Get-ChildItem -Path Cert:\LocalMachine\My\60246A87C12BEB365E7B4044C926587590A3D7B6
$cert | fl

Subject      :, O=mcmemail, C=DE
Issuer       : CN=mcmemail-DC01-CA, DC=mcmemail, DC=de
Thumbprint   : 60246A87C12BEB365E7B4044C926587590A3D7B6
FriendlyName : mcmemail Exchange Server 2013 Certificate
NotBefore    : 28.08.2014 15:14:04
NotAfter     : 28.08.2015 15:24:04
Extensions   : {System.Security.Cryptography.Oid, System.Security.Cryptography.Oid, System.Security.Cryptography.Oid,


Export a single certificate

$cert | Export-Certificate -FilePath C:\tmp\cert1.p7b -Type p7b

    Directory: C:\tmp

Mode                LastWriteTime     Length Name
----                -------------     ------ ----
-a---        23.12.2014     11:56       1380 cert1.p7b


Export multiple certificates as serialized certificates

$certarray = @()
$certarray += $cert
$cert = Get-ChildItem -Path Cert:\LocalMachine\My\D8EE794A39A8E04BE32A1E8BED93A3C46D15E0EF
$certarray += $cert

Directory: Microsoft.PowerShell.Security\Certificate::LocalMachine\My

Thumbprint                                Subject
----------                                -------
60246A87C12BEB365E7B4044C926587590A3D7B6, O=mcmemail, C=DE
D8EE794A39A8E04BE32A1E8BED93A3C46D15E0EF  CN=EXSRV02

$certarray | Export-Certificate -FilePath c:\tmp\certs.sst -Type SST

    Directory: C:\tmp

Mode                LastWriteTime     Length Name
----                -------------     ------ ----
-a---        23.12.2014     11:58       3056 certs.sst 


Enjoy working with certificates.


Do you plan to upgrade to Exchange Server 2013? Do you wonder what the benefits of Office 365 are? Contact us at

Weiterlesen »

The Community Script blog post has been updated, as a new script has been added to the Technet Gallery.

Updated blog post:


Weiterlesen »
On November 27, 2014

Uninstalling Exchange Server 2013 will fail, if the PowerShell MachinePolicy or UserPolicy is set by GPO.

You will receive an error message referencing Microsoft KB article 981474, which refers primarily to Exchange Server 2010.

Screenshot Exchange Server 2013 Uninstall

The following PowerShell command removes the GPO setting.

Set-ItemProperty -Path HKLM:\SOFTWARE\Policies\Microsoft\Windows\PowerShell -Name ExecutionPolicy -Value ""


After setting the ExecutionPolicy attribute to an empty string, Exchange Server 2013 can be uninstalled successfully.



Weiterlesen »

Kemp Authorized PartnerGranikos GmbH & Co. KG, Germany, has been awarded the Kemp Authorized Partner status. The awarded status proves the technical experise of our staff for setup, configuration and optimization of Kemp Load Balancer Suite.

We have been working with Kemp Technologies Load Balancers in various projects for Exchange Server, Lync Server and Commerce Web Sites.

The successful Kemp Load Balancers are #1 in price/performance in the market. The various variants provide reliable load balancing capabilities for SMB as well as for the enterprise. Besides physical and virtualized Load Balancers Kemp offers Bare Metal variants and versions for Windows Azure.

If you need Kemp Load Balancer consulting for your IT project visit our website or contact us at:

Weiterlesen »