Exchange Server 2007 / 2003 (tips and tricks) sprinkled with SMS and AD stuff...: Exchange Server 2007

David's profileExchange Server 2007 / 2...BlogLists

Tools

Help

Blog

Summary

Listed by:

<< First < Previous Next > Last >>

October 16

100 things you may not know about Exchange server: #99

For the past few months, I've been getting requests from customers about their emails getting bounced from various SMTP servers out on the Internet. Looking at their servers, most of them were issuing outbound SMTP sessions by using the local server FQDN, and not the server name used in MX/SPF records. I instructed a couple of customers t change the FQDN in the properties of the Send Connector, but remembered that another setting had to be change. You also need to change the permissions assigned to the Anonymous Logon by using the following EMS command, if your Mailbox and HT servers are on the same box: Get-SendConnector "NameOfSendConnector" | Remove-ADPermission -User "NT AUTHORITY\ANONYMOUS LOGON" -ExtendedRights "Ms-Exch-Send-Headers-Routing"

August 19

Exchange Server: The virtualization story

Microsoft has finally released its definitive story about virtualizing Exchange and the support policies. http://technet.microsoft.com/en-us/library/cc794548.aspx

Here are the highlights and lowlights:

1. Exchange Server 2007 on Hyper-v is now fully supported, as long as:

You are running Exchange 2007 SP1 on Windows Server 2008 OS. :)
You do not install UM :)
You only use Fixed Disks :(
You do not run any management/AV/AS software on Hyper-V host. :(

2. Exchange Server 2007 is supported on 3rd Party virtualization software, as long as:

Product has been validated by MS as part of this program: http://www.windowsservercatalog.com/svvp/ :)
At this point, this does not seem to include VMWare (or at least I don't see it in the list of supported vendors) :(

3. Exchange HA is supported. (as long as its not combined with Hyper-V HA)

4. Clustering is supported. (as long as you're not using clutered virtualized servers.)

5. Exchange Server 2003 is supported in a virtualization environment, as long as:

Its running Exchange 2003 SP2 or higher.
Its running on Virtual Server 2005 R2 or higher
Exchange 2003 is NOT clustered
VM Additions are installed on the guests.

This is a better story than what we've had up to now, albeit not a complete support policy yet. The obviously lack of support for VMWare, IMO, is going to be an issue. Though there is basic support for all 3rd party virtualization products. http://support.microsoft.com/kb/897615/en-us

February 11

Windows Server 2008 cannot perform streaming backups of Exchange Server 2007 Databases

Updated on March 4th, 2008

You may not have heard about this yet, but more and more people have been asking me about this. The "Windows Server Backup" feature running on Windows Server 2008 cannot backup your databases/stores on Exchange 2007. What were refer to as streaming backups, is no longer supported with the built-in backup tool (still possible with 3rd party). So what do we use to backup the DBs? Well, you have a few options. First, of course, you have 3rd party products, the same you may currently be using to backup Exchange 2003 servers, are available in versions supported by Windows 2008/Exchange 2007. Second, if you want to stay on the MS side of things, you will want to use System Center Data Protection Manager (SCDPM) to perform VSS-based backups of your Exchange 2007 servers. (SC DPM cannot take streaming backups)

Now what will happen in Cougar (SBS 2008)? I haven't had a chance to check it out yet, but this may be prohibitive to small businesses who look for simple backup solutions. My guess (and this only a guess) is that they will leverage SC Essentials with a minimal version of SCDPM. Well... at least that's what I would do...

I also want to point out though that I've recently been told that you can restore, on Windows2008, Exchange Offline DB backups done in Windows Server 2003 (no online backups supported). I've actually tried this out (other than the SCDPM) and the options for Exchange are simply not there.

More guidance on this from Microsoft will be arriving soon.

December 14

Learning path for Exchange Server 2007

I was recently asked by Microsoft to create a Learning Plan for Exchange Server 2007. These Learning Plans were promoted as part of a marketing initiative that took place at IT Forum in Barcelona this year. Basically, its a list of resources, in a relevant order, that you can use to become knowledgeable on Exchange Server 2007.

http://learning.microsoft.com/manager/LearningPlanV2.aspx?resourceId=%7Bb72c7c8c-1299-426b-890f-56e3c938e52e%7D&clang=en-US&program=MSDNChallenge

November 21

Get ready for Exchange Server 2007 SP1

Any day now... Exchange Server 2007 SP1 will drop. Initially, Microsoft has said that this service pack will be released in conjunction with Windows Server 2008. Well, Windows has slipped, but the Exchange team has stuck to their guns and SP1 will be released this quarter. Typically, this doesn't happen too close to x-mas, which means any day now!!!

Why should you care about this Service Pack? Well sure, you get SCR, support for Windows 2008, better mobile device policies, improved management from the EMC... but really, we know that the favorite new features will be the new Zune and XBOX 360 OWA themes :)

October 15

Troubleshooting CAS Autodiscover problems

So i've posted about client connection issues before. It seems that most admins encounter configuration issues all the time, regarding RPC over HTTP, Exchange ActiveSync and AutoDiscover. This article is really dedicated to a problem I often see with Autodiscovery.

First, some basics. If you are having trouble getting Autodiscover working, there is a lot file on the client machine that holds all Autodiscovery information. You will find it at: %userprofile%\Local Settings\Temp\2\olkdisc.log

If you look in this log file and find failed URL errors, chances are you have an erroneous URI (that's right not URL, URI) in the SCP (Service Connection Point) that is stored in AD or that your certificate is badly configured. So lets troubleshoot both problems:

1. Reset your SCP in AD: I get this question often, how do you set the URL (actually URI) that is used from the Internet to access your Exchange server. Well you need to publish that information in AD through the SCP (there's actually other connection methods, but that discussion is for another day :)).

To reset your SCP with the accurate URI, use the following EMS command:

Set-ClientAccessServer -identity "EXCHANGECASSERVERNAME" -AutodiscoverServiceExternalURI HTTPS://EXTERNALFQDN/autodiscover/autodiscover.xml -DomainController "DC NAME"

Force replication betwen all DC's in your domain, restart Outlook and if you had a bad URI, you're golden now!

2. If you have a cert problem, ensure that the following are correct: Certificate is not expired, Certificate is trusted on the client computer and that the name in the certificate matches your external URI.

Good luck with your CAS deployments!!!

June 21

Tasks that CANNOT be performed from the Exchange Management Console

I’ve been getting this question a lot! “What tasks CANNOT be performed from the Exchange Management Console?”

The following is the answer to this question. I’ve done a “best effort” to compile a complete list of these tasks. Feel free to comment here if you feel I should add information to this post or if there is incorrect information.

Tasks that MUST be performed from the Exchange Management Shell

Mailbox, Recipient and Public Folder Settings

·         Get a list of all mailboxes, organized by size and number of items – Get-MailboxStatistics
·         Perform bulk management of multiple attributes for mailbox recipients – Get-mailbox | Set-Mailbox
·         Bypass antispam filtering for a specific recipient(s) Set-Mailbox -AntispamBypassEnabled $true
·         Get information about public folder sizes – Get-PublicFolderStatisics
·         Upgrade address lists and email address policies from LDAP syntax (after a migration from 2003) to OPATH syntax – Set-EmailAddressList
·         Give permission to a user’s mailbox (to another user) – Add-MailboxPermission
·         Give permission to an entire database, to a user – Add-ADPermission
·         All Public Folder management, for example:

o   Create Public Folders (Can be done from Outlook)
o   Mail Enable Public Folders
o   Enable Public Folder replication
o   Suspend/Resume Public Folder replication
o   Modify Public Folder Replication
o   Set/Modify Public Folder Quota
o   Modify Public Folder Referrals

·         Extract specific content from a mailbox and copy it to an alternate location – Export-Mailbox
·         Configure a resource mailbox to automatically accept all meeting requests – Set-MailboxCalendarSettings
·         Create (and modify) a new Global Address List – New-GlobalAddressList

Transport Settings

·         Set a maximum message size for incoming or outgoing messages (org) – Set-TransportConfig
·         Disable Xexch50 for outbound ESMTP connections – Set-TransportConfig
·         Set a maximum message size for incoming or outgoing messages (conn) – Set-ReceiveConnector
·         Add the Antispam tab to the Exchange Management Console – Set-TransportServer –AntispamAgentsEnabled $true
·         Set advanced SMTP connection settings such as Tarpit, connection timeouts, inactivity timeouts etc... – Set-ReceiveConnector
·         Install or uninstall antispam agents on a Hub Transport server – (un)install-AntispamAgents
·         Modify the properties of the Content Filtering agent to filter messages originating from authenticated servers INSIDE the organization – Set-ContentFilterConfig (useful if another server relays the message but does not perform filtering)
·         Add an exception to the Content Filtering agent to NOT perform any filtering for a specified SMTP Domain or Sender – Set-ContentFilterConfig –BypassSenderDomains / BypassSenders
·         Update the safe senders aggregation list - Update-SafeList
·         Modify properties for the transport dumpster (Enable/disable – Max Size) – Set-TransportServer
·         Override AD Site link costs with Exchange Specific costs – Set-ADSiteLink
·         Design Exchange Hub Sites for message routing – Set-ADSite
·         Force a manual start to the Edge Synchronization between the HT and the ET servers – Start-EdgeSynchronization

Client Access Settings

· Set connection time-outs for POP3/IMAP4 servers – Set-IMAPSettings / Set-POPSettings

Following settings should be used with a Get-CASMailbox and piped to the Set-CASMailbox to be applied globally.

·         Prevent previous versions of Outlook from connecting to Exchange – Set-CASMailbox –MAPIBlockOutlookVersions
·         Enable/disable POP3 or IMAP4 for a user – Set-CASMailbox
·         Disable selected features of OWA (Calendaring, Change Password button etc...) – Set-CASMailbox

Other

·         Reseed a LCR or CCR (Maybe SCR ?) database copy – Update-StorageGroupCopy
·         Specify a message class for Managed Content Settings (For message classes NOT available in the EMC, such as IPM.XYZ) - New-ManagedContentSettings
·         Create a customized quota message to mailbox recipients – New-SystemMessage
·         Create a customized Delivery Status Notification message – New-SystemMessage
·         Enable/disable, modify the properties of Message Tracking – Set-MailboxServer
·         Specify the number of ‘unreplicated logs’ that a CCR node will allow, and still mount a database a failover – Set-MailboxServer –AutoDatabaseMountDial
·         Allow a database to be overwritten by a restore operation – Set-MailboxDatabase –AllowFileRestore
·         Configure domain controllers that should NOT be used by your Exchange server – Set-ExchangeServer –StaticExcludedDomainControllers
       Modify the email address visible by external recipients, for internal users – New-AddressRewriteEntry

June 20

Confusion about Antispam agents on Hub Transport servers

A recent discussion has prompted me to write this and clarify some of the cmdlets and features relating to Antispam agents on Hub Transport servers; so here are the facts around it:

To install antispam agents on a Hub Transport server: From EMS, Install-AntiSpamAgents.PS1
To enable the Antispam Tab in the Exchange Management Console: Set-TransportServer -AntiSpamAgentsEnabled $True (Automatically run as part of the script mentioned above)
To view the list of INSTALLED Transport Agents: Get-TransportAgent (Note: If you disable an agent from the EMC, it will still show under this task as ENABLED)
To view the status of a specific Transport Agent, for example Content Filtering agent: Get-ContentFilterConfig | FL (Note: If you disable the agent from the EMC, it will show under this task as DISABLED)
To disable a specific Transport Agent, for example Content Filtering agent: Set-ContentFilterConfig -Enabled $False

Confused yet?

Basically, when you disable an agent from the list of agents in the EMC, and run a Get-TransportAgent, it shows as enabled. That is because you are disabling the filtering feature of the agent from the EMC and not the actual agent running on the messages. The whole thing is really not documented anywhere and may lead to confusion from some admins. Even more confusing, if you run the Set-TransportServer -Antispamagentsenabled $True cmd, the tab will show up in the EMC, but the agents will actually NOT be installed.

May 22

SMTP over SSL from Outlook Express only over 25

I had an issue on a brand new implementation of Exchange 2007 last month, I resolved it in a funny and never really understood the underlying reason for the problem. Basically, I tried to connect Outlook Express clients through IMAP4 and SMTP. You may know that Exchage 2007 creates two defaut Receive Connectors, one of which is meant for SMTP relaying from POP3/IMAP4 clients. I enabled certificate encryption on the Receive Connector, but couldn't get the clients to redirect over the default port, 587. Whatever I tried, the client would get an error. I could get the client to connect over SMTP (no ssl). I ended up fixing the issue by recreating a new Receive Connector and forcing the clients to go to SMTP over SSL on port 25.

Today, I was catching up on my Exchange Team Blog reading and I came across an article that describes the exact issue I ran into. Basically, this is an Outlook Express problem and is fixed in Vista Windows Mail. There may be future fix to Outlook Express to get this to work.

Reason 3268 for moving to Windows Vista ;)

March 19

Using the Set-emailaddresspolicy after your migration to Exchange 2007

The syntax used in address lists and recipient policies in Exchange Server 2003 is not compatible with the administration tools in Exchange Server 2007. Therefore, immediately following the transition of your administrative tasks to the 2007 servers, you should upgrade the lists and policies. If you don't, you will not be able to modify the Address Lists (used to view recipients in Outlook) or the E-mail Address Policy (used to define the incoming SMTP domains in your Exchange organization.)

To upgrade your Recipient Policy to a E-mail Address Policy syntax:

Set-emailaddresspolicy -includedrecipients allrecipients (when prompted for the name of the list, enter "Default Policy" if you are using a default naming convention.)

To upgrade your Address Lists to an Exchange Server 2007 syntax:

Set-AddressList -includedrecipients mailboxusers (This is for the All Users list, that included mailbox users; for other lists, enter the appropriate value, such as MailUsers, MailContacts, Resources or MailGroups) (Of course, when prompted, put in the correct list name.)

March 16

Managing multiple SMTP domains during coexistence between Exchange 2003 and 2007

As many of you start to Transition your Exchange environments from 2003 to 2007, you'll find out that most transition mean coexistence. Coexistence means issues... An issue you'll have to deal with is how certain settings are replicated betwen Exchange versions and others are not. For example, when you install your first Exchange 2007 server, Exchange 2003 Recipient Policies are regenerated in 2007 in the form of Accepted Domains and E-mail Address Policies; no problem there. However, if you create additional Recipient Policies, the associated Accepted Domain is NOT created. If you happen to decomission your 2003 servers, without noticing this, e-mail messages destined to those domains will be rejected. Solution: Create the new Accepted Domains manually. Voila.

February 20

Top 5 routing concepts that have changed in 2007 (In brief)

Many people have been asking many questions about all the changes in Exchange Server 2007. One concept that's been catching everyone asleep, is the new message routing features, paths and services. So here's your "In brief" review of the new routing concepts:

1. No more Routing Groups / Site Connectors used for internal Exchange messaging: Partially true, since you still maintain a routing group for coexistence with Exchange 2000/2003. So what's used instead? AD Sites and AD Site Links (with costs)

2. Exchange-specific routing costs: To tie in quickly the previous point, if you want to modify message routing costs and do not want to affect your AD replication paths, you can apply Exchange-specific costs. (Hint: Use the EMS for those)

3. Direct delivery of messages across sites: An Exchange server will try to establish a direct connection to a destination/target server in a destination site. If there are multiple sites in the routing path, the Exchange server (HT) will communicate directly with the final hop in the routing path. If that server is unavailable and all destination servers in the site are unavailable, it will back-off to the closest point of failure and queue it on that server (site).

4. Send Connectors and Receive Connectors: The concepts of "Sending" and "Receiving" are now clearly divided into Send and Receive Connectors. They're actually the new implementation of SMTP VS, without some of their limitations. Some Send Connectors are created "Dynamically) and cannot be modified (HT), some Send Connectors are created during the installation and allow for sending mail to the Internet (ET).

5. MexRuntime Agents: All antispam and filtering components run as agents. These agents can run on both HT and ET servers (except for a couple that are only available on ET. (Hint: To install most agents on an HT, run the install-antispamagents.ps1 script)

Of course, other things have changed, but lets start herefor now...

January 11

More on the 64 Bit version of Exchange 12...

Or Exchange Server 2007 as it will probably be known...

As an MCT (Trainer), one of the things I was very worried about is the 64Bit only version of Exchange 12. Since we run a lot custom courses and MS courses on Exchange, we would have to put in 64Bit processors as a requirement for our courses, driving costs up. After understanding a bit more of the driving factors for this 64Bit decision, I fully support it now and look forward to the new features and performance gains. But I was still concerned about not being able to run it on 32Bit hardware...

Quote from Terry Myerson (Exchange Team): "We will release a 32-bit version of E12 for feature evaluation, training, and demonstrations—but we are not planning to support this release in production"

I'm pretty sure this means it will be available post-beta. This is good news!!!