Wednesday 26 March 2008

Microsoft Exchange Server 2007 SP1 Update Rollup

Earlier this month Microsoft released the first Exchange Server 2007 SP1 Rollup, which contains at least 32 post-SP1 updates and fixes! (Good to see these issues being fixed)

The KB article is here with the download links etc. although it's available on Windows Update too

Note: you should only apply this rollup to Exchange 2007 environments with SP1 already installed. if you don't have SP1 then... you need it

Wednesday 19 March 2008

Permissions for PST Import/Export via cmdlets

Importing and exporting mailboxes to/from PST files is a big deal for a lot of Exchange administrators. So it wasn't surprising when a great cry arose from the masses upon discovery that not only was this feature missing from Exchange 2007 RTM, but Microsoft had also stated they wouldn't support ExMerge running against a 2007 server. Your only option was to perform these tasks using an Outlook client, which is of course tedious and far too slow when dealing with more than, say, 1 mailbox. What was an overburdened Exchange admin to do?

Well if you're like this overburdened Exchange admin you waited for Service Pack 1 and the new cmdlets for handling PST import/export that came with it. Salvation!

But alas, these new cmdlets came with one big caveat that put a huge crimp in the way our company does migrations today. That crimp was the permissions requirements. Straight from the pages of Microsoft documentation:

"The user running the task must be an Exchange Organization Administrator or an Exchange Server Administrator on the server where the mailbox to export or import lives."

Argh! This was a huge pain for my company because the group of people that does ExMerge migrations all day every day were not actually Exchange administrators. They were Exchange view-only admins, and were simply granted Send As and Receive As permissions to the mailboxes they were migrating. I wasn't too keen on granting these people Exchange Server Admin so they could run amok. After all, the old way worked great with ExMerge, but now Microsoft was requiring administrator level permissions to perform the same function.

Or were they? Well, some testing revealed that Microsoft isn't quite correct about the requirements to run their import and export mailbox cmdlets. Administer Information Store, Send As, and Receive As were granted to our migration group on the Exchange 2007 Mailbox server databases, and what do you know... they can run the cmdlets just fine. Crisis averted!

On a final note, ExMerge works just fine against Exchange 2007 as long as the Mailbox server has a Public Folder database, but since it isn't supported our company has decided it's not worth the (infinitessimally small, I'm sure) risk of damaging a database and being told "you're on your own" by the boys in Redmond.

Thursday 13 March 2008

GAL lookups in Entourage

If you have a Mac and a mailbox on an Exchange Server you'll probably use Entourage to access it. You loose out on some features that are present in Outlook, but generally you can live without them.

Entourage uses LDAP to get directory information, but in most organisation this isn't going to be available over the internet. It is possible to deploy a secure LDAP server, but not many organisations and hosters make these over the internet.

Another solution is to extend Entourage using a script that connects to OWA and performs the lookup that way. Scripts are simple install and this one is easy to use whether you are creating an email or inviting people to a meeting.

To get the solution check out this site,

Daniel Noakes

Adding a Windows 2008 Core Server to a Domain

To join a 2008 core server to a domain run the following command:

netdom join W2K8DC04 /domain:home.local /userd:yourusernamehere /passwordd:yourpasswordhere

Note: the account must have the correct priviledges to add a machine to the domain, also passwordd isn't a typo - and because this is the command prompt your password isn't hashed *******so make sure no one is looking over your shoulder ;-)

Update: you can just enter a single * and it will then prompt for a password that is hashed.

Once the server has rebooted you can verify this by running:

netdom verify w2k8dc04

Oliver Moazzezi

MVP - Exchange Server

Wednesday 12 March 2008

Entourage 2008 reliabilty improvements

Microsoft released an update to Office 2008 for Mac yesterday, There are a number of Entourage 2008 reliability improvements including contact and calendar synchronisation with Exchange server. This has been a problem for a lot of users, as contacts were not synchronising between Entourage 2008 and Exchange.

If have Entourage 2008 users you should think about installing the update.


Hosted versus In-House

We recently came across an article that weighs up the pros and cons of each. I specifically wanted to address the questions for the Hosted Exchange provider.

The article is here:

The questions it poses are below; i've answered each one if taking the Hosted Exchange Solution provided by Cobweb.

1. Does the hosting environment allow multiple hosting clients to have contacts with the same e-mail address? (This question can be restated as: how does the hosting software deal with SMTP address collisions?)

The answer is yes _and_ no. Active Directory cannot support two objects with an identical proxyaddress, and unfortunately the OAL is built based on objects having this attribute. The solution is to remove the proxyaddress, giving the contact just it's targetaddress attribute. This allows the exact same contact to exist in multiple customers OU's, but will remove the contact from the OAL. We have been working with Microsoft on this issue, and a resolution to this is promised in the next version of Active Directory/Exchange.

2. Does the hosting environment allow you to share SMTP address space, either as a master or as a slave environment, with a hosted SMTP domain? (This question can be restated as: can you do a step-wise migration, or do you have to migrate all mailboxes at once?)

Yes we have supported this for around two years. We can share SMTP address space and either pass mail over VPN tunnels or over the Internet using SMTP over TLS. We also provide SMTP over the Internet for customers that are not concerned about potential internal mail being sent in clear text across the Internet. In all cases we suggest TLS/VPN solutions, which we manage with the customer and help setup.

3. Does the hosting environment support Deleted Item Retention? For how long? Does their deployment environment set the DumpsterAlwaysOn registry key for Outlook? (This question can be restated as: what happens when someone deletes something they didn't mean to!)

We support DIR for 14 days (two weeks), we also keep deleted mailboxes for 31 (effectively 1 calendar month), of course all mailboxes deleted after this time are still recoverable from our backups.

4. Does the hosting environment support Deleted Mailbox Retention? For how long? (Restatement: can I easily restore the mailbox if my company administrator deletes a mailbox by mistake?)

Answered above.

5. Does the hosting company do backups? How often and how long do they retain them? Can they do single mailbox recovery? (Restatement: if the hosting company has a "disaster" can they recover my mailboxes? Also, if the timeframe for Deleted Mailbox Retention has expired, can I recover the company president's mailbox from last month?)

Again partially answered above, we keep monthly backups for 7 years (yes 7 years). We can restore a mailbox to any given day in the past 4 week window - after that we keep one full backup per month.

6. Does the hosting environment support journaling? What are the data-retention options for the journal mailbox? Can I have an external interface to a journal solution?

Cobweb supports Journaling, we can Journal your mailboxes and send them to an external solution of your choosing (we have no control of this data - you ensure this provider can do the job), or we can Journal your mail ourselves. we use Zantaz EAS and support envelope journaling. We have default plans of 1, 2, 5 and 7 years. We can also provide custom retention policies. This is searchable using a built in Zantaz EAS plugin, which retrieves the archived mail from your own personal document store over SSL.

7. Does the hosting environment support catchall mailboxes? (This is simple a feature that some companies use. Others don't.)

We don't support this, we could but I can honestly say i've never had any customers require this

8. Does the hosting environment have a decent anti-spam solution? (More than the Outlook Junk Mail Filter!) Does the anti-spam solution support individual mailbox quarantines? If there is a false-positive, how can you get your file/message delivered?

We use MessageLabs as standard for all Hosted Exchange mailboxes. We also use Antigen for virus detection on the actual Exchange Servers themselves - supporting 4 AV engines.

9. Does the hosting environment allow you to truly white-label their services? (Restatement: can you have a custom OWA URL? Can you have a custom RPC/HTTP URL? When you connect to an SMTP virtual server, does it say YOUR domain name?)

Yes you sure can, although there is of course an extra cost associated with this.

10. Does the hosting environment allow you to have custom OWA themes? Does it support OWA segmentation

We support OWA segmentation, we base this around our own custom mailbox plans. We can support custom OWA themes but so far we have not had any customers require this.

11. Does the hosting environment support SPF and/or Sender-ID incoming? Does it require it outgoing? Can you decide or are you limited to their default?

MessageLabs support SPF, we don't use Sender-ID within the Exchange Org, we help customers setup their own SPF records.

12. Does the hosting environment support SSL for OWA? TLS for SMTP? Form-based authentication for OWA? Two-factor authentication for OWA and for Outlook?

SSL for OWA with FBA - Yes
SMTP over TLS - Yes
POP3S - Yes
RPC over HTTPS - Yes

We currently do not provide two factor authentication processes.

13. Does the hosting environment allow you to specify on a per-user basis who gets EAS (ActiveSync)? Blackberry services? Goodlink services?

Yes, which user gets what is entirely customisable via the customers Portal Administrators.

14. Does the hosting environment allow you to create custom address lists?

Currently no, this is something I want to bring into our Exchange 2007 offering. Support for 3 to 5 custom address lists is what I want to achieve.

15. Does the hosting environment allow you to force an Offline Address Book (OAB) update?

Yes, this is done simply by modifying a user in our Portal, we then automatically set instructions to rebuild your OAL.

16. How is disk space aggregated? Is each mailbox billed separately? Is the company/domain aggregated together? Can different mailboxes have different default allocations? Can you manage the limits? Can you get disk space reports? Can you create/manage a "Mailbox Manager" policy for your domain?

Whilst I cannot answer any billing questions, I can state mailbox size is highly configurable. Bought two mailboxes with the default of 200mb each for you and your secretary? Don't need that space for her? No problem, take space off her mailbox and assign it to yourself or your public folders.

17. What are the hard limits on mailboxes sizes?

We don't have any, we do warn (due to current limitations in certain administration tools and tasks) against going over 2GB.

18. Does the hosting environment run a gateway anti-virus solution? An information store anti-virus solution? A file-based anti-virus solution? If there is a false-positive, how can you get your file/message delivered?

MessageLabs for the gateway, Antigen on the servers. Customers get their own Spam Manager Portal to login and check any spam messages that have been quarantined.

19. Does the hosting environment support "Send As" permissions and "Send On Behalf Of" permissions? Can you manage this yourself?

We do support this yes, our existing Portal does not support this feature, our new Exchange 2007 Portal will support this.

20. Does the hosting environment support LDAP access to your address books?

No, however watch this space.

21. Do you have access to SMTP log files? Do you have access to message tracking log files?

SMTP protocol logging is turned on and off by Cobweb as/when there is any possible issue. In regards to access to Message Tracking, the answer is no. However this is something I want to incorporate into our Portal.

22. What is the maximum incoming message size? The maximum outgoing message size? Can you adjust it?

20MB, customers cannot adjust this currently no.

23. What is the maximum number of message recipients? Can you adjust it?

500, this is not configurable.

24. Does the hosting environment support public folders? How many? How big? Can you mail-enable public folders?

We support Public Folders yes. We also support mail enabling them.

25. Does the hosting environment support an interface to SharePoint services?

We current offer Sharepoint 2.0. We are launcing our new Sharepoint 3.0 service sometime over the Summer.

26. Does the hosting environment allow for external SMTP relays by IP address? What about by authorized users?

We support this yes.

27. Does the hosting environment allow for POP-3 or IMAP users to access Exchange mailboxes?

This is configurable by the customer within the Portal.

28. Does the hosting company offer a network Service Level Agreement (SLA)? Does the hosting company offer an Exchange SLA? Does the SLA have any teeth?

Check for our SLA, I believe currently it is 99.9%, which we meet.


Oliver Moazzezi

MVP - Exchange Server

Tuesday 11 March 2008

Playing with Windows Server 2008 Core

I have been playing around Windows 2008. Specifically with the Core version of the product, in regards to designing a solution to fully support Entourage clients in a Hosted Exchange enviroment.

There were a few hurdles to first overcome however..

First is assigning a static IP to your Core installation.

I first had to run the following command to list the network adapters (NICs) installed on the server:

netsh interface ipv4 show interfaces

I then had to specify which adapter I wanted to change the IP for, using the Idx variable.

The command to change the IP to static was:

netsh interface ipv4 set address name="2" source=static address= mask= gateway=

(obviously disregard my network settings)

Once this was done and I logged back onto the server (although I noted my server wasn't pinging - icmp responses - more on that later) and a simply ipconfig showed the changes had been made:

I then had to manually assign DNS servers, the command for this was:

netsh interface ipv4 add dnsserver name="2" address= index=1

for primary and then:

netsh interface ipv4 add dnsserver name="2" address= index=2

For secondary .

Note: specifying the Idx '2' again and the index=1 or 2 or more, specifying it's another DNS server.

I was then in a position to rename the machine, you are assigned a random computer name during the installation.

This was performed using:

netdom renamecomputer W47C1k34FRG1 /NewName:W2K8DC03

Once the machine had rebooted (shutdown /r) using the command hostname showed the name had changed succesfully.

More to come later on joining the machine to the domain and making it a Domain Controller, as well as my ICMP issue.

Oliver Moazzezi

MVP - Exchange Server

64bit Domain Controllers

What's the benefit you may ask, well plenty if configured correctly!

Here at Cobweb we've just finished our deployment of 64bit DC's. The project was started as we realised if we kept our existing 32bit Domain Controllers we would actually have to double the number to support both our existing Exchange 2003 infrastructure and the soon to be deployed Exchange 2007 service we are launching. Supporting 40,000 mailboxes (approx: at this time) takes a lot of Directory work and the last thing we wanted to do was rack and deploy another farm of Active Directory servers - especially when Rack Consolidation is proving to be so important now with power restrictions DataCentres are starting to enforce.

Ultimately we were left with only one option, upgrade to 64bit.

The general rule of thumb for 32bit GCs is to have 1 processor core for every 4 Exchange processors cores. Note I mention core - not actual processor. Having a 64bit GC extends this support to 1 core for every 8 Exchange cores - as long as the server has enough RAM to support loading the entire of the directory (NTDS.dit file) into RAM.

Thus upgrading to 64bit Directory servers allowed us to keep the same physical number of servers, without having to worry about rackspace or power considerations - and indeed cooling - and has given us the support for both Exchange 2003 and Exchange 2007 into our infrastructure.

Oliver Moazzezi

MVP - Exchange Server

When do I work & email?

I've installed Xobni now and already I've found it really useful for showing linked conversations and it's a good replacement for the Outlook To-Do bar.
The ranking and time of day graph looks good, but I'm not sure it's really that useful yet - I suppose it does show me when interactions occur with my contacts and when's a good time of day for them -

clearly this person works best in the evening and late evening! (you know who you are!)

So, when do I use Outlook most? Xobni Analytics can show you this, and much more besides;

Wednesday 5 March 2008

Drowning in Email? Get Email Happiness...

Apparently, Microsoft are looking to spend a cool few $$ on a start-up called Xobni. This is a neat plug-in for Outlook that replaces the To-Do bar to totally improve the user experience and change the way you use Outlook. is worth a look, check the video out too.

There’s some analysis of your mailbox which creates a new contact profiles from the content of emails only, and then creates relationships between your contacts. The searching is improved also. I like the email analytics which shows the volume of email and time of day profile of messages to/from a contact profile. I know a few people who’d hit this off the scale ;-)