Opening a calender from another user using OWA is not a very hard proces, when you have enough permissions you can easily open the other users calender. But what if you would like to do this via OWA?  This depends on the Exchange version you are using, let’s start with Exchange 2003:

http://ex01.company.om/exchange/johan/calender

In Exchange 2003 you can do this by specifying the url which is used to open but add the following part to the url username/calender. In this case we will open the calender of johan.

For both Exchange 2007 and 2010 you will need to use another method. This is because both the OWA from 2007 and 2010 are using web-parts to build the OWA. In Exchange 2007 and 2010 you will have the option to open another users mailbox followed by the calender, backside from using this is that you will need full mailbox access, this is not what you want in all scenario’s. To open a calender directly use the following syntax:

https://owa.company.com/owa/johan@domain.com/?cmd=contents&module=calendar

Almost the same as 2003 only the last part has changed to username@domain.com/?cmd=contents&module=calender. Besides this way there are a few other options which you can use in Exchange 2007 and 2010 to display the calendar, below an overview:

https://owa.domain.com/owa/johan@domain.com/?cmd=contents&f=calendar&view=dialy

The above command will open the calender folder by using the f parameter which makes it possibly to open a specific folder in a mailbox. Using the view parameter we will specify how we want to display the calender, when you don’t specify this it will be opened using the dialy view standard. The command above will do exactly the same, open the calender using the dialy view.

https://owa.domain.com/owa/johan@domain.com/?cmd=contents&f=calendar&view=weekly

This command will open the calender using the weekly view.

https://owa.domain.com/owa/johan@domain.com/?cmd=contents&f=calendar&view=monthly

And as last option this command will open the calender view using the monthly view. At least you may think this was the last one there is one other possibility:

https://owa.domain.com/owa/johan@domain.com/?cmd=content&f=calendar&view=daily&d=10&m=26&y=2010

This will open the calendar using the dialy view and will open it on the 26th of October 2010.

Gepost in Exchange ~ Geen Reactie

Microsoft has released security updates for Exchange 2000 SP3, Exchange 2003 SP2, Exchange 2007 SP1/SP2 and Exchange 2010. For both Exchange 2007 and 2010 this security fix is  included in a rollup. For Exchange 2007 SP1 this is the 10th rollup, for Exchange 2007 the 4th and for Exchange 2010 the 3rd.

The update applies a fix to the Windows SMTP service because of a vulnerability which was recently found. This made it possible to perform a DOS attack on the Windows SMTP service.

Below you will find the links to the patches and a link to the security bulletin which has been published about this  vulnerability.

Exchange 2000 SP3: open
Exchange 2003 SP2: open
Exchange 2007 SP1: open
Exchange 2007 SP2: open
Exchange 2010: open
Microsoft Security Bulletin MS10-024: open

Gepost in Exchange ~ Geen Reactie

Sometimes you may have the discussion if it is supported to place these files on fileserver so they can be accessed via a LAN/WAN connection. The answer for this is no, it isn’t officially supported by Microsoft. But when you will try it in your environment it will work, so what are the reasons it isn’t supported?

The PST, OST and PAB files will be accessed by a method called file-access-driven. With this method special file access commands will be offered by the OS to read and write files. For writing files to local disks this is an excellent method but when writing to a fileserver via a LAN/WAN another method is used. This method is called network-access-driven and uses specific command from the OS to send/receive data from/to other systems which are connected to the network.

But what does Outlook when a PST is located on the network? Outlook will first try to use the file-access driven commands to read/write to the file. Because the file is not on the local disk but on the network, the OS will send the network-access-driven commands to the server where the file is located.

This will cause a lot of time  for the process to be completed because of all the extra steps.

Besides the performance issues you might  get there are some other things which you should keep in mind:

• files can get corrupted caused by network issues
• writing- can take 4 times longer then read actions

If you want to get more information after reading this have a look at the sides below:

Ask the Performance team: Network stored PST files …. don’t do it! open
Configuring Outlook for Roaming Users open

Gepost in Exchange ~ Geen Reactie

Since Exchange 2007 it’s possible to use your OCS and Exchange together. First you had only the option to use your OCS environment with the Exchange UM server which let you use the voicemail, subscriber access and auto attendant features from Exchange in OCS

The latest addition to this is a limited OCS client integrated in OWA. This gives you the ability to send IM messages via OWA and gives you the option to see precense information.

In this tutorial I will explain how you can install this new feature.

open

Gepost in Tutorials ~ Geen Reactie

Microsoft has released OCS 2007 R2 Web Service provider a while ago, with this piece of software you will make a limited OCS client available via OWA. In this tutorial I will explain how you can get the OCS client working together with the OWA from Exchange 2010. You can download the software using the link below:

• Download OCS 2007 R2 Web Service Provider
• Hotfix 968802 (UcmaRedist)

Before installing the software make sure you have a certificate installed which is trusted by the OCS server. When you’ve downloaded the requested files you can start installing them. The file CWAOWASSPMain contains four seperate files and the patch file consists of one MSP file, the files need to be installed in the following order:

• vcredist_x64
• UcmaRedist.msi
• UcmaRedist.msp
• CWAOWASSP

When the files are installed it’s time to build the configuration. First we need to gather some information about the certificate being used by the IIS service, you can do this by running the following command in Powershell get-exchangecertificate |fl. You will get an overview of all installed certificates on the CAS server search for the one that is used for IIS, this one can be recognized by checking the entries after the services label. From this certificate we need the values of two fields:

• Issuer
• SerialNumber

Now we copied the values it’s time to make the modifications to the OWA configurationfile, you can find it in the following directory c:\Program Files\Microsoft\Exchange\v14\ClientAccess\Owa. Here you will find web.config , which contains the configuration for Outlook Web Access. Before modifying it create a backup of the file, this will let you quickly restore to the original configuration in case OWA doesn’t work anymore after the modifications. Then open the web.config using a text editor such as Notepad and search for the line containing the following word IMPoolName this is the firstline of the section which needs to be changed. Once found change the following lines:

• IMPoolName: fill in the name of the OCS pool
• IMCertificateIssues: use the value just copied from issuer, example: CN=company-DC01-CA, DC=Company, DC=Local
• IMCertificateSerialNumber: use the value justr copied from serialnumber, example: 61580B7D00000000000E

Once done save the file. Next step is to add the OCS client to the OWA, this can be done by using the Set-OwaVirtualDirectory –InstantMessagingType. On the internet you will find several stories about the value that needs to be entered after the InstantMessagingType parameter. The Technet documentation will tell you to use the OCS parameter but in some cases this won’t work according to several forum posts i found. If this is the case try 1 as the value for the parameter and check if it works. Although I don’t think the parameter is the issue since I’ve tried it in a working environment and Exchange gave the message that nothing had changed. To activate OCS in OWA you will need to run the command below to set the InstanteMessagingType parameter:

set-owavirtualdirectory -InstantMessagingType 1

or

get-owavirtualdirectory -server servernaam |set-owavirtualdirectory -InstantMessagingType 1

The Exchange side is completed, now it’s time for the OCS side. For this you will need to open the OCS administration tool and get the Front End properties of the pool. Here you will find the authorized hosts tab. Here you will need to add the following items:

• FQDN of OWA

When the fqdn has been added restart the Front End service to make the modifications active. Once the service is started again you will see the OCS client once logged in using OWA.

As you can see you can set your own status and see the status of other users. Besides this the left menu has been extended with a contactlist which corresponds with your contactlist in the MOC client.

Gepost in ~ Geen Reactie

Last months you may receive spam which looks like to be sent from an account from your own domain. When you investigate the issue you will discover that this it not the case. But why does Exchange doesn’t do something with this kind of spam. I found the answer on Exchangepedia blog. Each mail which is received from the internet will be accepted with the anonymous user, when removing this user from the connector you won’t be able to receive mail from the internet. This account has some rights which are needed, one of these rights is the Ms-Exch-Accept-Authoritative-Domain-Sender which ensure that every session which contains a message from an authoritative domain will not be checked.

To prevent this you will need to remove some rights from the connector by using the following command:

Get-ReceiveConnector “Internet” | Get-ADPermission -user “NT AUTHORITY\Anonymous Logon” | where {$_.ExtendedRights -like “ms-exch-smtp-accept-authoritative-domain-sender”} | Remove-ADPermission

Please keep in mind that this also will have some consequences for other applications/devices which will use this connector using the anonymous user. For this application/devices you will need to create a separate connector.

Gepost in Exchange 2007 ~ Geen Reactie

Microsoft Exchange couldn’t start transport agents. The Microsoft Exchange Transport service will be stopped. This is one of the errors you may get when you’ve got a corrupted transport agent. This can cause that the transport service won’t start anymore as you can see in the example, which causes that the mail traffic will stall.

There are two solutions for this issue

- remove the transport agent
- disable the transport agent

The first method maybe is the best method because you have a corrupted agent on your system which you don’t want. To remove the agent execute the following Powershell command:

Uninstall-TransportAgent “Name of the Agent”

If you would like to do some more research you may decide to temporarily disable the agent, this can be done by using the following Powershell command:

Disable-TransportAgent -Identity “Name of the Agent”

When you solved the issue you can enable the agent by using this command:

Enable-TransportAgent -Identity “Name of the Agent”

If you would like to have more information then have a look at the site below:

Technet: Transport Agent Cmdlets open

Gepost in Exchange ~ Geen Reactie

As Exchange 2010 is general available it may be nice to see the current effectiveness of Single Instance Storage on your current databases. It’s always nice to know what will happen if you will not be using Single Instance Storage anymore, in Exchange 2010 this is the case.

You can measure this by using the counters which will be added during the installation of Exchange, you will find them in the Performance Monitor under the objects:

• MsExchangeIS mailbox
• MsExchangeIS public

When the object is selected you will find the counter called Single Instance Ratio. Add it to perfmon en keep an eye on the statistics or save the results to a log file which can be investigated later.

Gepost in Exchange ~ Geen Reactie

As you may already know Exchange does a discovery to find the domain controllers  in the AD. When you have a look at the application event log you will see events with the source MsExchange ADAccess and Event id 2080. This event will be seen every 15 minutes, this because the check is performed every 15 minutes.

The event can contain the following info:

Event Type: Information
Event Source: MSExchangeDSAccess
Event Category: Topology
Event ID: 2080
Computer: Ex01
Description:
Process MAD.EXE (PID=1808). DSAccess has discovered the following servers with the following characteristics:
(Server name | Roles | Reachability | Synchronized | GC capable | PDC | SACL right | Critical Data | Netlogon | OS Version)
In-site:
dc01.domain.com  CDG 7 7 1 0 0 1 7 1
dc02.domain.com  CDG 7 7 1 0 1 1 7 1

Out-of-site:

For more information, click http://search.support.microsoft.com/search/?adv=1.

Nice all those shortnames and numbers but what do they mean:

• servername, the first column contains the servername of the domain controller
• roles, which roles does the domain controller fullfill: C the domain controller will be used as a configuration domain controller, D a domain controller and G a domain controller which is also a global catalog server. When seeing a – this means that the role is not fullfilled by the domain controller
• reachability, each 15 minutes a connection is made to the server. When the server fullfills the role of global catalog server it tries to connect on port 3268,  when this succeeds the value 0×1 will de displayed. When a connection can be made to port 389 the server knows it is a domain controller and will display the value 0×2. When the server is also a configuration domain controller again a connection is made to port 389. If this succeeds it will get the value 0×4. When a server fullfills multiple roles all values will be added up, for example when a server fullfills 3 roles: 0×1+0×2+0×4=0×7.
• synchronized, when the isSynchronizedflag is set on the rootDSE of the domain controller this value will be set to true. The values in the column are used in the same way the are used in the collumn reachability.
• GC capable, is the domain controller also a Global Catalog Server
• PDC, is the domain controller also the PDC for the domein
• SACL right, are the rights correct for DSAccess to read the SACL
• Critical Data, this will tell you if DSAccess found the Exchange Server in the configuration partition of the domain controller.
• Netlogon Check, can a connection be made to the netlogon server of the domain controller
• OS version, when this value is 1 it will tell you the domain controller has a OS which is Windows 2003 Service Pack 3 minimal.

It may happen that you don’t want to use a specific domain controller. But how can you configure this ?

You can do this with the command: set-exchangeserver -identity exchange.domain.com -StaticExcludedDomainControllers dc.domain.com

When you would like to specify the configuration domain controller, domain controller(s) and global catalog server(s) yourself use the following command: set-exchangeserver -identity exhange.domain.com -StaticConfigDomainController dc01.domain.com -StaticDomainController dc01.domain.com,dc02.domain.com -StaticGlobalCatalogs dc01.domain.com

Technet set-exchangeserver open

Gepost in Exchange ~ Geen Reactie

DNS records and Exchange, it’s not really hard but it’s very important to configure them correctly. Incorrect DNS records and especially pointer records can cause issues with mail delivery.

Which records are needed to send and receive mail with Exchange:

A-record, this record ensures that a namecan be translated to an ip-address, for example mail.domain.com
PTR-record, this record is used for reverse lookup. By performing a query for the IP-address and then check if this leads to the FQDN of the mailserver a cross check is done if the mailserver is really who he claims to be.
MX-record, you can have multiple records of this type. Each entry is a mailserver where mail can be delivered to. Each rule has a priority, depending on the priority the message will be delivered to a mailserver. For example: if you have 2 records one with a priority of 10 and another with a priority of 99. The sending mailserver will first try to deliver the mail to the server with the priority of 10 if that one doesn’t react it will deliver the mail to the mailserver with priority 99.
SPF-record, this type of record is optional. This record contains all FQDN’s/ip-addresses of servers who may send mail with your domain as sending domain. This can be used by the receiving mailserver to check if the mailserver who sends the e-mail if allowed to send mail from that specific domain.

Besides the DNS-records for sending and receiving DNS records are also used for autodiscover:

A-record, this record ensures just like the A-record for sending and receiving that the name will be translated to an ip-address, in the case of autodiscover this needs to be the following syntax: autodiscover.domain.com
SRV-record, this record can beused instead of the A-record to let Outlook 2007 users use the autodiscover service. This record contains external FQDN of the CAS-serve which the user usages to connect to Exchange. If you want to use this type of record ensure that any other A or CNAME record used for autodfiscover is removed.

For this kind of stuff there are enough tools, below a short overview of tools I use often:

EmailTalk, site with several tools: ptr, mx or spf record check  open
MXtoolbox, site with several tools: mx record check, RBL check and test your mailserver from outside open
Microsoft SPF Record Wizard, site which helps to create a SPF record open

Gepost in Exchange ~ 5 Reacties