Wednesday 1 October 2008

Can't migrate accounts using Transporter Suite for Internet Mail









I was testing this in my lab, and of course used the default Administrator account. I kept getting the error of :

Warning:An item has failed property validation and will be ignored.
IdentifierName: Subject of message in inbox
Error details:Required property is empty.
Property:TargetServer..

I had created the correct impersonalisation permissions on the Client Access Servers and also added the following line into the EWS web.config file to allow mail to be imported over 3mb:

httpRuntime maxRequestLength="100000" / (in <>)

However I was still getting this error.

I then remembered reading an article on TechNet about the Administrator account not being able to log on via IMAP4 or POP3, as it is hard coded to be blocked by default.

I then created a 'migration' account user in AD, and gave that using Exchange Administrator permissions and the relevant impersonalisation permissions, and was able to succesfully migrate Internet email into Exchange using both POP3 and IMAP4.

You can download the Microsoft Transport Suite of tools here:

http://www.microsoft.com/Downloads/details.aspx?familyid=35FC4205-792B-4306-8E4B-0DE9CCE72172&displaylang=en


Oliver Moazzezi

MVP - Exchange Server

Monday 1 September 2008

Virtualisation Support for Exchange 2007 SP1 is here

Microsoft have recently announced that they will now support Exchange 2007 SP1 running on a virtualised Hyper-V Windows 2008 platform.

There has been a new article published that gives you the information about best practices for running Exchange 2007 SP1 on Hyper-V.

If your thinking of giving this a go read this first has some very good information about planning for doing this in a production environment.

http://technet.microsoft.com/en-us/library/cc794548.aspx

You must use Exchange 2007 SP1 on a Windows 2008 operating system to be supported

Note the Unified Messaging role will not be supported in a virtualised environment.

It's not just Hyper-V that will be supported which is a big surprise other vendors are being supported to see: http://windowsservercatalog.com/svvp.aspx?svvppage=svvp.htm

This is something that a lot of Exchange admins have been waiting to happen for a long time and a constant question i see banded around the Microsoft support forums so it's good to see Microsoft giving people the flexibility to use virtualisation with Exchange 2007 SP1.

Wayne Hollomby

Monday 18 August 2008

Recovering an Exchange 2007 Server








So i'm recovering this Exchange Server in the Test Lab, and one thing that really bugs me is the fact that when using the /recoverserver switch (more info here: http://technet.microsoft.com/en-us/library/bb332343(EXCHG.80).aspx), Exchange is installed to the default location (%program files%\microsoft\exchange server).

I find this rather annoying as the install path is recorded on the Exchange Server object in the Configuration Container partition of AD.

When recovering a server however you can specify an alternate install directory. After /recoverserver use /t or /targetdir and specify the install directory.

Example: setup /m:recoverserver /t:"D:\Install\Exchange"


Oliver Moazzezi

MVP - Exchange Server

Wednesday 25 June 2008

HMC 4.5 Released

Microsoft have just released there latest and greatest version of Hosted Messaging and Collaboration Solution the new version has some really good added features that will please hosters there is support for OCS 2007 as one of the major components to be added but also some added features for Exchange 2007 SP1 being supported like resource mailboxes and web based offline address books to give you option of moving away from having these sitting on the public folders servers if all of your users are running Outlook 2007.

Download and information above this release can be found on the new service provider website from Microsoft at http://technet.microsoft.com/en-us/serviceproviders/default.aspx

You will also be glad to here there is a migration kit on it's way to enable you to move from HMC 4.0 to 4.5 and directly from HMC 3.5 to 4.5 i will post more information about this when it becomes available.

Wayne Hollomby

Tuesday 3 June 2008

msExchMailboxFolderSet and HMC4.0 + HMC3.5 co-existence








If you are deploying HMC4.0 in co-existance with HMC3.5, and not a Greenfield install, then read on.

In co-existance when moving all POP, SMTP, IMAP and OWA urls(inc. Outlook Anyhwere/ RPC over HTTPs access) over to Exchange 2007 Hub Transport and Client Access Servers, be aware there is a bug if you have used OWA segmentation using the msExchMailboxFolderSet attribute.

More on Exchange 2003 OWA segmentation here:


http://support.microsoft.com/default.aspx/kb/833340

The issue is if you use the value '4294967295' (FFFFFFFF) to set 'All Features' for Premium/Gold/'your full access mailbox type here'.


'FFFFFFFF' is read as -1, and Exchange refuses to allow POP3 and IMAP connectivity on the mailbox. Further the Exchange Management Console also flags the 'msExchangeMailboxFolderSet' as corrupt when selecting a user under 'Recipient Configuration \ Mailbox'.

Setting the value to '131071', as mentioned in the article, fixes the issue. (edit: there was an issue with this kb which has now been fixed, so additional notation on 131071 and 1310071 removed).
The way to fix this is to set the attribute to (null), or 131071 as mentioned in KB833340.


Other values that actually do restrict OWA use appear to not be affected.

This will also effect any ordinary enviroment that is in transition from Exchange 2003 to 2007 and is using the msExchMailboxFolderSet attribute in this way.



Oliver Moazzezi

MVP - Exchange Server



Wednesday 21 May 2008

Microsoft to withdraw per incident support for Hosted Exchange (you need a proper support contract!!)

If you're a provider of Hosted Exchange/HMC, should should read this: http://blogs.msdn.com/gavingee/archive/2008/05/16/important-changes-to-support-for-hosting-solutions.aspx

If you've got an HMC platform then you need to have the appropriate Service Provider Support Contract in place from end-June. Microsoft are withdrawing the per-incident credit-card support for HMC, often used by smaller Hosting providers to gain support from Microsoft for inidents and issues.

We've got one and it's very very useful - not only have the global hosting support team undertaken a review of our platform so that they understand us better, we also get a named TAM (Technical Account Manager; Paul you are a hero!) with pro-active support and training from MS too.

BTW, Gavin's blog is a useful source of SaaS & Hosting news with a focus on the UK. Gavin works in the UK Hosting team for Microsoft (a useful contact for you all)

Tuesday 20 May 2008

Update Rollup 2 for Exchange Server 2007 SP1 Released

Microsoft have released another rollup fix for Exchange 2007 SP1 to follow on from rollup 1 a few months ago.

You can download it from http://www.microsoft.com/downloads/details.aspx?FamilyId=99DA32E0-D9E3-4156-AABF-8369BF96E3E7&displaylang=en

This update has all the fixes that were in Rollup 1 included so you can now just install rollup 2 and you will get all the latest updates.

A description of the fixes included in rollup 2 can be found at http://www.microsoft.com/downloads/details.aspx?FamilyId=99DA32E0-D9E3-4156-AABF-8369BF96E3E7&displaylang=en

Tuesday 6 May 2008

Now you can all get Xobni for your inbox

Well done to the team at Xobni - after 7 months of invite-only beta testing, it's now available for publicly for anyone to download.

You can get it here http://www.xobni.com/?friend=72198
Have a look at the video on their site if you still need convincing... it's good stuff.

Thursday 1 May 2008

Mail enabled Contacts in a Hosted Enviroment and the Offline Address Book.









Contacts in a Hosted Exchange environment can be tricky to implement succesfully, with 1) the way Exchange searches object attributes to create an Offline Address Book and 2) Active Directory not allowing 2 objects to have the same proxy address (which in all fairness is actually a great necessary check in the GUI to have – although this can be bypassed with LDAP manipulation! (ADSI too) – Note: having two objects with an identical proxyaddress will break delivery to that address and is considered attribute corruption of Active Directory).

So how does the Exchange 2003 System Attendant (using oabgen.dll) determine objects to be included for OAB generation? - It looks to see if the object has two attributes: a ‘proxyaddress’ and ‘mail’ attribute. It will further check to ensure the primary (SMTP in uppercase) ‘proxyaddress’ matches the mail attribute address.

So how does an Exchange Hoster get around 2 companies having the same contact of
john@doe.com for example?

First let me explain the TargetAddress and ProxyAddress attributes on a mail enabled AD contact.

The TargetAddress is their actual email address, for example :
bill@microsoft.com
The ProxyAddress is what RUS (if you use it – HMC disables all but Enterprise RUS (enabled for System Attendant operation)) stamps on the objects email addresses tab. RUS can of course be told to bypass objects by unchecking ‘Automatically update email addresses based on recipient policy’. You will find the primary proxyaddress will be the address of the contact, matching the targetaddress, and depending on RUS and Recipient Policy configuration it could well be stamped with further proxyaddresses.

So,
john@doe.com – how can two customers have this contact in an HMC/Hosted Exchange environment?

The short answer is they can, but it cannot show up in the OAL. This is due to the Offline Address Book generation specifying proxyaddress attributes I mentioned earlier, rather than also considering targetaddress attributes.

99% of hosters won’t have this problem – and contacts will be generated with a proxy address (something HMC supports by default). However when you run into this problem it does cause customer grief.

One way of bypassing it is to give a bogus proxyaddress, for instance ‘HostedCompanyName.joe@bloggs.com’, where HostedCompanyName is the name of the Hosted Exchange customer.

This does work, but introduces other issues when a user outside the Org performs a ‘Reply All’. Take a look.

Here’s the properties of the contact from the GAL:




























Here’s the contact from the AD, I have pulled the info from ADSIEdit:

You can see the highlighted proxyaddress and targetaddress attributes clearly:



















When you send a message outside of the Org, and include the contact, if anyone that is also outside the Org does a 'Reply All', they will only see the incorrect proxyaddress and not the correct SMTP address of the contact, which is the targetaddress:



















This of course will result in an NDR


The fix? Remove the proxy attribute altogether, removing the contact from OAB generation, or have the primary proxy address match the target address (standard Exchange2003/2007 behaviour) – but something that will cause mail flow issues when you get a customer with the same contact.


Oliver Moazzezi

MVP - Exchange Server

Tuesday 29 April 2008

SharePoint as an application platform!

I've previously talked about the potential of Exchange and CRM as application development platforms and how the support of a provisioning platform opens these up for ISV application development.

What I haven't mentioned is the powerful and unifying platform of SharePoint;
  • Sharepoint use a Windows platform running SQL Server and IIS6.
  • SharePoint is a .NET application and provides a powerful platform for building .NET applications & solutions
  • SharePoint is widely deployed and adopted by information workers providing a familiar interface
  • Close integration with Microsoft Office applications
These are a number of features that Sharepoint does pretty well now, these being;
  • SharePoint & WSS are pretty well known for their collaboration features - document libraries are probably the most widely used feature of SharePoint. With WSS3, the search functions improved to support this properly too
  • Support for forms & InfoPath in SharePoint (MOSS) and business process automation, including workflows, which don’t require MOSS.
  • Of course, SharePoint provides an intranet/extranet solutions with a Portal into other sites, and the personal/social elements of My Site
  • The core functionality of document management is OK and supports basic requirements for compliance and information security. Note: there is no formal compliance support in Sharepoint. Beyond this the reporting and auditing features do not stand up and there is no support for HSM.
  • The business intelligence (BI) features have improved greatly with the use of Excel Services, KPIs, and the Business Data Connector (BDC). Excel Services is pretty cool and renders Excel worksheets including charts and pivot tables, in SharePoint sites.

We are going to be developing some concept services that use the features of SharePoint, Exchange and CRM. If you're interested in this, or developing your own applications, see http://www.saas.co.uk/

thanks, Dan

Friday 18 April 2008

Hosted Exchange for the world








Large Hosted Exchange providers can get bitten by scheduled maintenance – it will always be in everyones contract, but what happens when a certain percentage of your customers are outside your timezone? – worse still, substantially.

To expand your Hosted mailboxes you have to reach further than your own country – and a lot of Hosted Exchange providers can say they host mailboxes for companies across both the Americas, Europe and the Middle East/Asias.















Intelligence has to be added to your provisioning portal – otherwise your Hong Kong users from Company A could be put on the same Exchange Server (not necessarily the same Mailstore or even Storage Group) as the rest of Company A’s users from Europe. And what’s worse? The rest of the users on the Exchange Server are based in Europe. How is the scheduled maintenance justified to the Hong Kong contigent when it's happening during their working day?

So how does scheduled maintenance come into effect here?

Working out of hours to GMT isn’t going to cut it for the users in Hong Kong as their day is still in full swing – this is where careful planning and design is required. The ideal answer is to carve up the World Map into set zones, so whether a single company is from Dubai, or a single company has offices in Dubai, Europe and the USA you do not affect their respective core working hours. This requires a lot of Dev work - as although HMC supports provisioning to multiple stores for a customer, it doesn’t have the intelligence of splitting users between ‘time zone Exchange Server farms’ based on their location for example. This is where in-house or outsourced Dev work is required.

Suffice to say our current Exchange 2003 solution doesn’t have this feature – we support the provisioning to multiple databases – even across multiple Exchange Servers – however there is not the intelligence that is required for a Hosted Exchange supplier to rule all time zones and keep customers that have offices in some or all, happy.

This might have to be a phase 2 or 3 step in most Hosters plans, but it is a much needed step to successfully achieve 100,000 mailboxes and beyond.


Oliver Moazzezi

MVP - Exchange Server

Exporting email addresses from Active Directory








This seems to be a hot topic all the time in the newsgroups so....

Run this at the cmd prompt on one of your Windows 2000 and above servers.

ldifde -f C:\youremailexport.txt -l proxyaddresses

Replace C:\youremailexport.txt with whatever drive letter and text file name you want.

Here's a great kb explaining ldifde http://support.microsoft.com/kb/237677

Have fun!


Oliver Moazzezi

MVP - Exchange Server






Wednesday 9 April 2008

Exchange as an application platform

I’m really happy to announce that Cobweb will be launching another major service later this year – Hosted Microsoft Dynamics CRM 4.0
We’ve made the purchase and scheduled the deployment, thus making our commitment to this.
This is made possible with the deployment of Parallels Automation (aka SWsoft PEM) into our hosted platform. Parallels Automation is key to the development of this platform, giving us an online shop and a suitable billing system for hosted per-user/per-month service subscriptions. Deploying CRM and connecting this to Exchange 2007 is really exciting for me. It’s going to finally unlock the power of the platform that we’ve build and developed. Our platform is about so much more than just an Exchange mailbox - it's an application platform.

The news was released today at the Microsoft Hosting Summit in Seattle – Mark and I are there at the moment, and it’s raised a few surprised eye brows that we'll be quick to market with this. We will be one of the first in Europe to be doing this in a way that connects this to Hosted Exchange. Parallels are pushing out some PR in the industry around this too - http://www.hostreview.com/news/press/080408SWsoft.html which is nice to see.

CRM4.0 is an in-demand service at the moment so exciting times lie ahead.

Tuesday 8 April 2008

Windows 2008 Core Configurator Tool !

I came across this very cool tool to help configure a Windows 2008 Core server without needing to lookup all the CLI commands :-)

http://blogs.microsoft.co.il/files/folders/guyt/entry68860.aspx

Wayne Hollomby

Mutual authentication and URL Branding with an Outlook Anywhere / RPC over HTTPs connection







With Exchange 2007 not ‘officially’ supporting Forms Based Authentication nor Outlook Anywhere on more than one site (whether that’s the Default Site or not), it has become slightly more difficult to create URL branding for customers that require this within a Hosted environment. With Exchange 2003 you could create multiple sites and FBA was supported in all – Microsofts stance with Exchange 2007 is that if you need FBA on more than one site per CAS then you use ISA Server to support this. And another issue, although the use of ISA allows multiple sites with FBA enabled (albeit offloaded on the ISA server/s) still only one site is supported for the use of Outlook Anywhere (read: RPC over HTTPs). Again with Exchange 2003 it was simply a case of copying the RPC Virtual Directory to your other sites.

The advent of SAN (Subject Alternative Name) certificates have greatly helped our design of a Hosted Exchange 2007 infrastructure here at Cobweb. This has allowed us to implement cost effective Client Access Server design and support URL branding for the customers that require it – whilst minimising costs (dedicated CAS servers for every branding OWA URL we support or indeed take on with new business). For example an Exchange Hoster that wants to stay within a supported solution by Microsoft, that had say, 10 dedicated OWA URL’s would at a minimum have to deploy 10 CAS servers – and that doesn’t even take into account HA. To achieve that (at the most basic level without taking the numbers of users hitting each URL) you would need 20.

This is where SAN Certs come into their own. All branded OWA URLs can be appended to the certificate along with other Exchange services/protocols (autodiscover, POP3, IMAP4 etc). This helps a Hoster significantly as well as give benefits to normal in-house deployments.

There is one ‘gotcha’ however when using a SAN Cert for multiple OWA URLs for Outlook Anywhere access, if you enable mutual authentication for the session, you can’t connect on any of the Subject Alternative Names. This is due the client explicitly looking for a principle name in the certificate (which is matched to the Subject field of the cert):





















Mutual Authentication isn’t necessary as all client machines connecting to us are deemed non domain joined (they could very well be in their own domain however) and these clients machines are unlikely to have any certificates published to them from their own Certificate Authorities.

Once this checkbox was removed, Outlook Anywhere worked for any of the branded OWA URLs held in the Subject Alternative Name field of the certificate.

Here is the Subject Alternative Name field of a cert:


















Interestingly, the first OS to support Subject Alternative Names was Windows 98.

For Microsoft reference on creating Exchange Certificates and support for SAN certs with Exchange 2007 using the New-ExchangeCertificate PowerShell command see:

‘Certificate Use in Exchange Server 2007’ http://technet.microsoft.com/en-us/library/bb851505(EXCHG.80).aspx

‘Exchange 2007 lessons learned - generating a certificate with a 3rd party CA ‘ http://msexchangeteam.com/archive/2007/02/19/435472.aspx

‘Unified Communications Certificate Partners for Exchange 2007 and for Communications Server 2007 ‘ http://support.microsoft.com/kb/929395




Oliver Moazzezi

MVP - Exchange Server






Wednesday 26 March 2008

Microsoft Exchange Server 2007 SP1 Update Rollup

Earlier this month Microsoft released the first Exchange Server 2007 SP1 Rollup, which contains at least 32 post-SP1 updates and fixes! (Good to see these issues being fixed)

The KB article is here http://support.microsoft.com/?kbid=945684 with the download links etc. although it's available on Windows Update too

Note: you should only apply this rollup to Exchange 2007 environments with SP1 already installed. if you don't have SP1 then... you need it

Wednesday 19 March 2008

Permissions for PST Import/Export via cmdlets

Importing and exporting mailboxes to/from PST files is a big deal for a lot of Exchange administrators. So it wasn't surprising when a great cry arose from the masses upon discovery that not only was this feature missing from Exchange 2007 RTM, but Microsoft had also stated they wouldn't support ExMerge running against a 2007 server. Your only option was to perform these tasks using an Outlook client, which is of course tedious and far too slow when dealing with more than, say, 1 mailbox. What was an overburdened Exchange admin to do?

Well if you're like this overburdened Exchange admin you waited for Service Pack 1 and the new cmdlets for handling PST import/export that came with it. Salvation!

But alas, these new cmdlets came with one big caveat that put a huge crimp in the way our company does migrations today. That crimp was the permissions requirements. Straight from the pages of Microsoft documentation:

"The user running the task must be an Exchange Organization Administrator or an Exchange Server Administrator on the server where the mailbox to export or import lives."

Argh! This was a huge pain for my company because the group of people that does ExMerge migrations all day every day were not actually Exchange administrators. They were Exchange view-only admins, and were simply granted Send As and Receive As permissions to the mailboxes they were migrating. I wasn't too keen on granting these people Exchange Server Admin so they could run amok. After all, the old way worked great with ExMerge, but now Microsoft was requiring administrator level permissions to perform the same function.

Or were they? Well, some testing revealed that Microsoft isn't quite correct about the requirements to run their import and export mailbox cmdlets. Administer Information Store, Send As, and Receive As were granted to our migration group on the Exchange 2007 Mailbox server databases, and what do you know... they can run the cmdlets just fine. Crisis averted!

On a final note, ExMerge works just fine against Exchange 2007 as long as the Mailbox server has a Public Folder database, but since it isn't supported our company has decided it's not worth the (infinitessimally small, I'm sure) risk of damaging a database and being told "you're on your own" by the boys in Redmond.

Thursday 13 March 2008

GAL lookups in Entourage

If you have a Mac and a mailbox on an Exchange Server you'll probably use Entourage to access it. You loose out on some features that are present in Outlook, but generally you can live without them.

Entourage uses LDAP to get directory information, but in most organisation this isn't going to be available over the internet. It is possible to deploy a secure LDAP server, but not many organisations and hosters make these over the internet.

Another solution is to extend Entourage using a script that connects to OWA and performs the lookup that way. Scripts are simple install and this one is easy to use whether you are creating an email or inviting people to a meeting.

To get the solution check out this site, http://www.entourage.mvps.org/exchange/exchangelookups.html.

Daniel Noakes

Adding a Windows 2008 Core Server to a Domain


To join a 2008 core server to a domain run the following command:





netdom join W2K8DC04 /domain:home.local /userd:yourusernamehere /passwordd:yourpasswordhere

Note: the account must have the correct priviledges to add a machine to the domain, also passwordd isn't a typo - and because this is the command prompt your password isn't hashed *******so make sure no one is looking over your shoulder ;-)

Update: you can just enter a single * and it will then prompt for a password that is hashed.

Once the server has rebooted you can verify this by running:

netdom verify w2k8dc04













Oliver Moazzezi

MVP - Exchange Server



Wednesday 12 March 2008

Entourage 2008 reliabilty improvements

Microsoft released an update to Office 2008 for Mac yesterday, http://support.microsoft.com/kb/948057. There are a number of Entourage 2008 reliability improvements including contact and calendar synchronisation with Exchange server. This has been a problem for a lot of users, as contacts were not synchronising between Entourage 2008 and Exchange.

If have Entourage 2008 users you should think about installing the update.

Daniel

Hosted versus In-House


We recently came across an article that weighs up the pros and cons of each. I specifically wanted to address the questions for the Hosted Exchange provider.

The article is here:

http://theessentialexchange.com/blogs/michael/archive/2007/12/17/moving-from-in-house-exchange-to-hosted-exchange.aspx

The questions it poses are below; i've answered each one if taking the Hosted Exchange Solution provided by Cobweb.


1. Does the hosting environment allow multiple hosting clients to have contacts with the same e-mail address? (This question can be restated as: how does the hosting software deal with SMTP address collisions?)

The answer is yes _and_ no. Active Directory cannot support two objects with an identical proxyaddress, and unfortunately the OAL is built based on objects having this attribute. The solution is to remove the proxyaddress, giving the contact just it's targetaddress attribute. This allows the exact same contact to exist in multiple customers OU's, but will remove the contact from the OAL. We have been working with Microsoft on this issue, and a resolution to this is promised in the next version of Active Directory/Exchange.


2. Does the hosting environment allow you to share SMTP address space, either as a master or as a slave environment, with a hosted SMTP domain? (This question can be restated as: can you do a step-wise migration, or do you have to migrate all mailboxes at once?)

Yes we have supported this for around two years. We can share SMTP address space and either pass mail over VPN tunnels or over the Internet using SMTP over TLS. We also provide SMTP over the Internet for customers that are not concerned about potential internal mail being sent in clear text across the Internet. In all cases we suggest TLS/VPN solutions, which we manage with the customer and help setup.


3. Does the hosting environment support Deleted Item Retention? For how long? Does their deployment environment set the DumpsterAlwaysOn registry key for Outlook? (This question can be restated as: what happens when someone deletes something they didn't mean to!)


We support DIR for 14 days (two weeks), we also keep deleted mailboxes for 31 (effectively 1 calendar month), of course all mailboxes deleted after this time are still recoverable from our backups.


4. Does the hosting environment support Deleted Mailbox Retention? For how long? (Restatement: can I easily restore the mailbox if my company administrator deletes a mailbox by mistake?)


Answered above.


5. Does the hosting company do backups? How often and how long do they retain them? Can they do single mailbox recovery? (Restatement: if the hosting company has a "disaster" can they recover my mailboxes? Also, if the timeframe for Deleted Mailbox Retention has expired, can I recover the company president's mailbox from last month?)


Again partially answered above, we keep monthly backups for 7 years (yes 7 years). We can restore a mailbox to any given day in the past 4 week window - after that we keep one full backup per month.



6. Does the hosting environment support journaling? What are the data-retention options for the journal mailbox? Can I have an external interface to a journal solution?


Cobweb supports Journaling, we can Journal your mailboxes and send them to an external solution of your choosing (we have no control of this data - you ensure this provider can do the job), or we can Journal your mail ourselves. we use Zantaz EAS and support envelope journaling. We have default plans of 1, 2, 5 and 7 years. We can also provide custom retention policies. This is searchable using a built in Zantaz EAS plugin, which retrieves the archived mail from your own personal document store over SSL.



7. Does the hosting environment support catchall mailboxes? (This is simple a feature that some companies use. Others don't.)


We don't support this, we could but I can honestly say i've never had any customers require this



8. Does the hosting environment have a decent anti-spam solution? (More than the Outlook Junk Mail Filter!) Does the anti-spam solution support individual mailbox quarantines? If there is a false-positive, how can you get your file/message delivered?


We use MessageLabs as standard for all Hosted Exchange mailboxes. We also use Antigen for virus detection on the actual Exchange Servers themselves - supporting 4 AV engines.



9. Does the hosting environment allow you to truly white-label their services? (Restatement: can you have a custom OWA URL? Can you have a custom RPC/HTTP URL? When you connect to an SMTP virtual server, does it say YOUR domain name?)


Yes you sure can, although there is of course an extra cost associated with this.



10. Does the hosting environment allow you to have custom OWA themes? Does it support OWA segmentation


We support OWA segmentation, we base this around our own custom mailbox plans. We can support custom OWA themes but so far we have not had any customers require this.



11. Does the hosting environment support SPF and/or Sender-ID incoming? Does it require it outgoing? Can you decide or are you limited to their default?


MessageLabs support SPF, we don't use Sender-ID within the Exchange Org, we help customers setup their own SPF records.



12. Does the hosting environment support SSL for OWA? TLS for SMTP? Form-based authentication for OWA? Two-factor authentication for OWA and for Outlook?


SSL for OWA with FBA - Yes
SMTP over TLS - Yes
IMAPS - Yes
POP3S - Yes
RPC over HTTPS - Yes


We currently do not provide two factor authentication processes.



13. Does the hosting environment allow you to specify on a per-user basis who gets EAS (ActiveSync)? Blackberry services? Goodlink services?


Yes, which user gets what is entirely customisable via the customers Portal Administrators.



14. Does the hosting environment allow you to create custom address lists?


Currently no, this is something I want to bring into our Exchange 2007 offering. Support for 3 to 5 custom address lists is what I want to achieve.



15. Does the hosting environment allow you to force an Offline Address Book (OAB) update?


Yes, this is done simply by modifying a user in our Portal, we then automatically set instructions to rebuild your OAL.



16. How is disk space aggregated? Is each mailbox billed separately? Is the company/domain aggregated together? Can different mailboxes have different default allocations? Can you manage the limits? Can you get disk space reports? Can you create/manage a "Mailbox Manager" policy for your domain?


Whilst I cannot answer any billing questions, I can state mailbox size is highly configurable. Bought two mailboxes with the default of 200mb each for you and your secretary? Don't need that space for her? No problem, take space off her mailbox and assign it to yourself or your public folders.



17. What are the hard limits on mailboxes sizes?


We don't have any, we do warn (due to current limitations in certain administration tools and tasks) against going over 2GB.



18. Does the hosting environment run a gateway anti-virus solution? An information store anti-virus solution? A file-based anti-virus solution? If there is a false-positive, how can you get your file/message delivered?


MessageLabs for the gateway, Antigen on the servers. Customers get their own Spam Manager Portal to login and check any spam messages that have been quarantined.



19. Does the hosting environment support "Send As" permissions and "Send On Behalf Of" permissions? Can you manage this yourself?


We do support this yes, our existing Portal does not support this feature, our new Exchange 2007 Portal will support this.



20. Does the hosting environment support LDAP access to your address books?


No, however watch this space.



21. Do you have access to SMTP log files? Do you have access to message tracking log files?


SMTP protocol logging is turned on and off by Cobweb as/when there is any possible issue. In regards to access to Message Tracking, the answer is no. However this is something I want to incorporate into our Portal.



22. What is the maximum incoming message size? The maximum outgoing message size? Can you adjust it?


20MB, customers cannot adjust this currently no.



23. What is the maximum number of message recipients? Can you adjust it?


500, this is not configurable.



24. Does the hosting environment support public folders? How many? How big? Can you mail-enable public folders?


We support Public Folders yes. We also support mail enabling them.



25. Does the hosting environment support an interface to SharePoint services?


We current offer Sharepoint 2.0. We are launcing our new Sharepoint 3.0 service sometime over the Summer.



26. Does the hosting environment allow for external SMTP relays by IP address? What about by authorized users?


We support this yes.


27. Does the hosting environment allow for POP-3 or IMAP users to access Exchange mailboxes?


This is configurable by the customer within the Portal.



28. Does the hosting company offer a network Service Level Agreement (SLA)? Does the hosting company offer an Exchange SLA? Does the SLA have any teeth?


Check http://www.cobweb.com for our SLA, I believe currently it is 99.9%, which we meet.


Oliver



Oliver Moazzezi

MVP - Exchange Server


Tuesday 11 March 2008

Playing with Windows Server 2008 Core


I have been playing around Windows 2008. Specifically with the Core version of the product, in regards to designing a solution to fully support Entourage clients in a Hosted Exchange enviroment.

There were a few hurdles to first overcome however..


First is assigning a static IP to your Core installation.

I first had to run the following command to list the network adapters (NICs) installed on the server:

netsh interface ipv4 show interfaces














I then had to specify which adapter I wanted to change the IP for, using the Idx variable.

The command to change the IP to static was:

netsh interface ipv4 set address name="2" source=static address=192.168.20.107 mask=255.255.255.0 gateway=192.168.20.1


(obviously disregard my network settings)














Once this was done and I logged back onto the server (although I noted my server wasn't pinging - icmp responses - more on that later) and a simply ipconfig showed the changes had been made:














I then had to manually assign DNS servers, the command for this was:


netsh interface ipv4 add dnsserver name="2" address=192.168.20.100 index=1


for primary and then:

netsh interface ipv4 add dnsserver name="2" address=192.168.20.101 index=2

For secondary .

Note: specifying the Idx '2' again and the index=1 or 2 or more, specifying it's another DNS server.

I was then in a position to rename the machine, you are assigned a random computer name during the installation.

This was performed using:

netdom renamecomputer W47C1k34FRG1 /NewName:W2K8DC03














Once the machine had rebooted (shutdown /r) using the command hostname showed the name had changed succesfully.














More to come later on joining the machine to the domain and making it a Domain Controller, as well as my ICMP issue.



Oliver Moazzezi

MVP - Exchange Server






64bit Domain Controllers


What's the benefit you may ask, well plenty if configured correctly!

Here at Cobweb we've just finished our deployment of 64bit DC's. The project was started as we realised if we kept our existing 32bit Domain Controllers we would actually have to double the number to support both our existing Exchange 2003 infrastructure and the soon to be deployed Exchange 2007 service we are launching. Supporting 40,000 mailboxes (approx: at this time) takes a lot of Directory work and the last thing we wanted to do was rack and deploy another farm of Active Directory servers - especially when Rack Consolidation is proving to be so important now with power restrictions DataCentres are starting to enforce.

Ultimately we were left with only one option, upgrade to 64bit.


The general rule of thumb for 32bit GCs is to have 1 processor core for every 4 Exchange processors cores. Note I mention core - not actual processor. Having a 64bit GC extends this support to 1 core for every 8 Exchange cores - as long as the server has enough RAM to support loading the entire of the directory (NTDS.dit file) into RAM.

Thus upgrading to 64bit Directory servers allowed us to keep the same physical number of servers, without having to worry about rackspace or power considerations - and indeed cooling - and has given us the support for both Exchange 2003 and Exchange 2007 into our infrastructure.


Oliver Moazzezi

MVP - Exchange Server


When do I work & email?

I've installed Xobni now and already I've found it really useful for showing linked conversations and it's a good replacement for the Outlook To-Do bar.
The ranking and time of day graph looks good, but I'm not sure it's really that useful yet - I suppose it does show me when interactions occur with my contacts and when's a good time of day for them -




clearly this person works best in the evening and late evening! (you know who you are!)

So, when do I use Outlook most? Xobni Analytics can show you this, and much more besides;







Wednesday 5 March 2008

Drowning in Email? Get Email Happiness...

Apparently, Microsoft are looking to spend a cool few $$ on a start-up called Xobni. This is a neat plug-in for Outlook that replaces the To-Do bar to totally improve the user experience and change the way you use Outlook. http://www.xobni.com/ is worth a look, check the video out too.


There’s some analysis of your mailbox which creates a new contact profiles from the content of emails only, and then creates relationships between your contacts. The searching is improved also. I like the email analytics which shows the volume of email and time of day profile of messages to/from a contact profile. I know a few people who’d hit this off the scale ;-)

Thursday 28 February 2008

Exchange 2007 Server roles - a summary

Here's a simple summary of Exchange 2007 server roles, taken from http://msexchangeteam.com/archive/2006/09/12/428880.aspx

- Mailbox (MB): responsible for hosting mailbox and public folder data.

- Client Access (CA): provides mailbox server protocol access (but not MAPI). Similar to Exchange 2003 FrontEnd server, it enables user to use OWA, POP3/IMAP4 and mobile device (ActiveSync) to access their mailbox.

- Hub Transport (HT): handles mail routing to the next hop: another Hub Transport server, Edge server or mailbox server. Unlike Exchange 2003 Bridgehead that needs Exchange admin defined routing groups, Exchange 2007 Hub Transport role uses AD site info to determine the mail flow.

- Edge Transport (ET): The last hop of outgoing mail and first hop of incoming mail, acting as a "smart host" and usually deployed in a perimeter network (DMZ), Edge Transport provides mail quarantine and SMTP service to enhance security. One advantage of this role is that is does not require Active Directory access, so it can function with limited access to the corporate network for increased security.

- Unified Message (UM): enables end users to access their mailbox, address book, and calendar using telephone and voice. IP-PBX or VoIP gateway needs to be installed and configured to facilitate much of the functionality of this server role.

Monday 25 February 2008

Get the best from Outlook 2007 and Exchange 2007 - Part 2

Here's part 2 of my Top-10 tips for Outlook and Exchange 2007. If you have some others of your own please share them!

6. Quickly Add a Contact from an E-mail
This is a neat trick to keep your list of Contacts current and complete. When the message is open right-click on the person’s name in the From field and select Add to Contacts.
Take a look at that menu – you can also see someone’s Free/Busy status if it’s visible to you!

7. Get Organised and colour co-ordinated
This is new for Outlook 2007 - Colour Categories. You are able to easily personalise and add categories to any type of information – messages, calendar items, contacts and tasks.
It’s simple;
Right-click – Categorize
You can add and modify colour categories to give you a simple visual way to easily organise your data and search for information. I have categories for “Business Development”, “Management Team”, “Planning”, “Personal” etc.


8. Feed Outlook with RSS
With Outlook 2007, you can read and manage RSS feeds and blogs from within your mailbox. It’s the right place to do this and you no longer have to leave Outlook to quickly browse the latest news and sports, industry news or favourite blog posts. Of course, you just don’t get the same online experience without a bit of Flash or a few ads.

9. Use OWA on an Exchange 2007-SP1 server
Outlook Web Access is a quick and simple, yet sophisticated interface to your mailbox. OWA has improved significantly in Exchange 2007-SP1 with functionality on a par with Outlook 2003. You how have the ability to set different Out Of Office messages for internal and external recipients, both with a reminder to turn it off, or an expiry time; your folders automatically update when new mail arrives, no need to refresh all the time now; reminders are displayed in a drop-down, and not a pop-up that often got blocked; Auto-complete works when adding email addresses to a new mail; Calendaring is very good now with smart scheduling; the list goes on.

10. Make sure you use “Outlook Anywhere” (aka “Cached Exchange Mode”)
You work in a local copy of your mailbox (it also allows you to work on email offline) and Outlook connects to Exchange in the background and doesn't hang if there is a break in communication with the Exchange environment. 60% of connections to Exchange use a cached mailbox. For users of laptops, mobile workers, or if you’re on a slower or less reliable network connection, it's a necessity.
In Exchange 2007, Outlook Anywhere performance is much improved over the Cached-Exchange-Mode in Exchange 2003.

Thursday 21 February 2008

Get the best from Outlook 2007 and Exchange 2007 - Part 1

Here’s the first part of my Top-10 list of how to get the best from Microsoft Outlook 2007 and Exchange 2007.

If you spend a lot of time working within Microsoft Outlook (and who doesn't!?) these tips can really boost your efficiency. As easy as they are, they are often overlooked and underused. There are usually additional short-cuts and alternative menus for all the tips below.

1. Flag for Follow-Up – use this to set Reminders on Messages
To set a reminder, which is visible in your Inbox and reminds you to act on or reply to any message, right-click on the message, select Follow Up, and choose your Due By time and date. You can chose a reminder for Today, Tomorrow, This Week etc.
When you click OK, the message will be flagged for you to remember to respond to, and the date and time will be automatically kept track of. To clear the flag, right click on the message and choose Clear Flag.

2. Use the To-Do Bar to manage your daily priorities and information
Check your priorities for the day by looking at the To-Do Bar. It shows your flagged messages (follow-ups) and Outlook Tasks in a simple list which you can manage and customise to suit you.
Cunningly, the To-Do Bar also connects tasks you may set in other Office 2007 applications including OneNote and Windows SharePoint Services.
Check your Calendar too because this is integrated with the To-Do Bar and show items due for action for each day. This allows you to easily schedule and block out time to work on items.

3. Permanently Delete Messages
When you delete something, hold down the Shift-key as you click Delete and it’s permanently deleted. You’ll be asked if you want to permanently delete the message, just to make sure, as it doesn’t go into the Deleted Items folder!
You can multi select a number of messages, or all folder contents, and it works the same way.

4. Quickly Undelete a Message
Ctrl-Z will bring it back. Works across all Microsoft Office applications too.

5. Catch those misspellings and common typos
You can easily have Outlook check your spelling in all outgoing messages – very handy if you’re a speedy & error-prone typist. In the Tools menu, click on Options and the Spelling tab, then select Always check spelling before sending.

Monday 4 February 2008

New whitepaper for SP1 and HMC4.0

If you're a Hosting provider and/or running HMC, there's a new white paper for Exchange 2007 SP1 and how SP1 features relate to HMC4.0
In particular, it addresses key features in anywhere access (inc. OWA and ActiveSync), built-in protection (in.c SCR) , and improvements to performance and scalability.

You can download the whitepaper here

Wednesday 30 January 2008

WM6 & Gmail play nicely

Getting your personal email on your Windows Mobile can be just as useful as business email. That is of course if your corporate security policy allows it.

For ages now I have had my Gmail account setup as IMAP on my Touch Dual, but I wasn't getting mail. So I gave in and used the Gmail app. Well good news, looks like Gmail and Windows Mobile are now playing nicely together.

To get the settings go here, http://mail.google.com/support/bin/answer.py?answer=78886.

Tuesday 22 January 2008

A view of the future from Exchange Labs

Back in October Microsoft quietly announced Exchange Labs (see here) This initiative has the aim of helping the build & testing of the next version of Exchange in a high-scale services environment - selected US universities.

For me, there are some interesting developments hidden in here... some highlights;
  • Windows Live ID authentication, that can be used with Messenger, Spaces, and all of the other Windows Live services - single authentication, across many many services (not just email)
  • 5 GB of mailbox quotas - this is a sign of things to come. Given that Exchange 2007 is best upto 1-2GB max.does this mean a new storage engine for Exchange finally? Will this be SQL2008 based?
  • Ability to integrate on-premises Exchange deployment for faculty and staff, with hosted Exchange Labs for students - this is probably due to directory and authentication changes, but this means that companies with global offices or dispersed/mobile workforces can now choose to combine Exchange systems as the require - on-premise and hosted-service

There are also some administration features appearing too, including self-service DL management inside OWA, similar to the Window Mobile features available in OWA today. Some of that detail is here

Monday 21 January 2008

Web Ready document viewing (and some other SP1 improvements)

One of the best improvements for Exchange 2007 is the change to the user experience when using Outlook Web Access. You need SP1 to benefit from all the changes, my favourites include Web Ready Document Viewing for the Office 2007 file formats, but you also get the ability to configure server side rules, access to the Deleted Items recovery, S/MIME support, and, in SP1 the return of Public Folder access.

Web Ready document viewing is simple - "Open as Web Page" renders documents in your browser as HTML without the need to download the document, or have Microsoft Office installed. There is support for Word Excel and PowerPoint in both 2003 & 2007 formats.
Sometimes OWA is a whole lot easier to use than Outlook. With Microsoft adding many new features with every release, maybe the days of Outlook on the desktop are numbered?

Thursday 10 January 2008

Microsoft Exchange 2007

For most businesses today, e-mail is the mission-critical communications tool that allows their people to produce the best results. This greater reliance on e-mail has increased the number of messages sent and received, the variety of work getting done, and even the speed of business itself. Amid this change, employee expectations have also evolved. Today, employees look for rich, efficient access—to e-mail, calendars, attachments, contacts, and more—no matter where they are or what type of device they are using.
For IT professionals, delivering a messaging system that addresses these needs must be balanced against other requirements such as security and cost. Enterprise security requirements have become more complex as the demand and use for e-mail has increased. Today, IT departments must contend with e-mail security threats that are wide ranging: continually evolving spam and viruses, noncompliance risks, the vulnerability of e-mail to interception and tampering, in addition to the potential harmful effects of natural and man-made disasters.
While security is clearly a priority, IT is ever cognizant of the need to manage cost. Time, money, and resource constraints are a fact of life as IT is made accountable to do more with less. As a result, IT professionals look for a messaging system that addresses both enterprise and employee needs while also being cost-effective to deploy and manage.
Microsoft Exchange Server 2007 has been designed specifically to meet these challenges and address the needs of the different groups who have a stake in the messaging system. The new capabilities of Microsoft Exchange Server 2007 deliver the advanced protection your company demands, the anywhere access your people want, and the operational efficiency you, in IT, need.

Who are we and why are we creating this site?

Hello and welcome to our Exchange 2007 site. We're a team of Exchange experts with knowledge to share, problems to fix and we're gaining Exchange experiences everyday. Between us, we run platforms for ~40,000 Exchange 2003/2007 mailboxes, we've experience with Exchange that spans many years, goes back to v4.0 and includes JDP/TAP involvement in several major version releases.

We'll include relevant and interesting news & posts from some of our favorite Exchange sites such as the Exchange Team blog (microsoft) and msexchange.org.

Please give us your feedback!!! We're interested in hearing from you whoever you are - sysAdmin or Exchange Admin, end user or power user, Windows-Mobile user or BlackBerry addict , MD, CTO or Operations Manager, customers of Hosted Exchange services and even ....Microsoft!
One of our team is a UK-based Exchange MVP - Talk to us and we'll promise to tell you all we know.

This is my Profile