Tag: Outlook

Exchange 2010 Autodiscovery Issues

Two weeks ago a build my first production Exchange 2010 cluster. The Exchange 2010 web services are causing a lot of issues to people, and my self not any more.

Well, let us first list the directories that are used in the Exchange web service:

EWS is used for OOF, Scheduling assistance and free+busy Lookup.
OAB provides offline address book download services for client.
Autodiscover is used to provide users with autodiscover service.
EAS provides ActiveSync services to Windows Mobile based devices.
OWA provides outlook web access for users.
ECP provides Exchange control panel feature for Exchange 2010 users only.

Issues that might be resolved using the troubleshooting steps here:

You cannot set the OOF using outlook client, you receive the server not available error.
You cannot view free/busy information for other users.
You cannot use scheduling assistance, also you might receive not free/busy information data retrieved.
You cannot download Offline Address book errors.
You cannot use autodiscover externally.
Certificate mismatch error in autodiscover, users prompted to trust certificate in outlook 2007/2010.

First let us start by settings the right virtual directory configuration required for Exchange 2010 to work correctly:
Configure External and Internal URLs for OWS, ref: http://technet.microsoft.com/en-us/library/bb310763.aspx

You have to configure the internal URL to be the server name. In case you have multiple cas/hub servers configured in a NLB then can use the nlb cluster name for the internal url. 
External URL will be the URL used by users to access webmail e.g. https://webmail.wardvissers.nl/owa 

Configure the autodiscover internal URL, ref: http://technet.microsoft.com/en-us/library/bb201695.aspx

You will use the powershell cmdlet : Set-ClientAccessServer –Identity <CAS Server Name> -AutoDiscoverServiceInternalUri: <Internal URL>, this FQDN must match the URL included in the certificate. If you have NLB cluster then you put the internal name here like nlbek10.wardvissers.local

If you cannot use autodiscover.wardvissers.nl internally (you have a domain name of domain.local and you must use it), you will get a certificate miss match error, you will have to include the internal name in the SAN certificate if you purchase an external SAN certificate. 

You cannot set autodiscover external URL since outlook will try to access https://autodiscover.wardvissers.nl/autodiscover/autodiscover.xml, this behavior is by design and cannot be changed.

Best Practice: Use SAN Certificates

Depending on how you configure the service names in your Exchange deployment, your Exchange server may require a certificate that can represent multiple domain names. Although a wildcard certificate, such as one for *.wardvissers.nl, can resolve this problem, many customers are uncomfortable with the security implications of maintaining a certificate that can be used for any sub-domain. A more secure alternative is to list each of the required domains as SANs in the certificate. By default, this approach is used when certificate requests are generated by Exchange.

Best Practice: Use the Exchange Certificate Wizard to Request Certificates

There are many services in Exchange that use certificates. A common error when requesting certificates is to make the request without including the correct set of service names. The certificate request wizard in the Exchange Management Console will help you include the correct list of names in the certificate request. The wizard lets you specify which services the certificate has to work with and, based on the services selected, includes the names that you must have in the certificate so that it can be used with those services. Run the certificate wizard when you’ve deployed your initial set of Exchange 2010 servers and determined which host names to use for the different services for your deployment.

Which Names you must include when you use a third party SAN certificate, ref http://technet.microsoft.com/en-us/library/dd351044.aspx:
External:
webmail.wardvissers.nl
autodiscover.wardvissers.nl
legacy.wardvissers.nl (If you migrating from 2003 to 2010)
Internal:
autodiscover.wardvissers.local
legacy.wardvissers.local
nlbek10.wardvissers.local(Internal NLB CAS/HUB Cluster)
casarray.wardvissers.local(I use this address for the casarray. It has the same ip as the nlbek10)

How to Install & Configure Immidio Flex Profiles Advanced Edition

Install Immidio Flex Profiles Advanced Edition with setup.exe. There is one thing you must no.

The Management console is there in to flavors x86 and x64.

The Immidio Flex Profiles Advanced Edition.msi that you need later works both fine on x86 and x64 machines.

clip_image001clip_image002

clip_image003clip_image004

clip_image005clip_image006

clip_image007clip_image008

Start Immidio FlexProfile Kit
clip_image010
clip_image011
Best Practice is that the ini are placed on a domain controller because If one domain controller fails you have no problems with your flex profile kit.
clip_image013
Import the ini files that you will find in the package
I have al ready some ini files (Word 2007, Outlook 2007, Excel 2007) that i used with a older version of flex profile kit.
clip_image015

Create on a File Server an application install folder. I named it Immidio Flex profiles
Copy the Immidio Flex Profiles Advanced Edition.msi to that folder and the following script.

flexprofilesinstall.cmd

REM Voor Immidio FlexProfiles.
IF EXIST "C:\Program Files\Immidio\Flex Profiles\flexengine.exe" GOTO END
msiexec.exe /i "\\ward-dc01\install\Immidio Flexprofiles\Immidio Flex Profiles Advanced Edition.msi" /qb! LICENSEFILE="\\ward-dc01\Install\Immidio Flexprofiles\wardvissers.lic" /l* c:\InstallFlex.log

:END

Create A New GPO on the computers where you want to install Immidio Flexprofile kit. I named Install Immidio Flexprofiles. Asssign the  flexprofilesinstall.cmd als a startup script. Set the maximum wait time on 3600.
image 

Afther that i created a new policy for my domain users witch a named Immidio FlexProfiles Users

Add the Immidio Flex Profiles.adm to the new created GPO Immidio FlexProfiles Users
clip_image018 
I did some settings where to find the ini files and where to save the settings.
image

Now you have a working roaming profile based on Immidio Flexprofiles. It’s a great tool a im loving it.

It’s works great when you migrate from XP to Windows 7

Enable the Change Password feature with Outlook Web Access on a Windows 2003 Exchange 2007 Server

First Step create the IISADMPWD virtual directory, do the following:

  1. Click Start, point to Programs, point to Administrative Tools, and then click Internet Services Manager.  
  2. Right-click the default Web site, point to New, and then click Virtual Directory. image
  3. In the Virtual Directory Creation wizard, type IISADMPWD in the Alias box, and then click Next.
    image 
  4. In the Directory box, type c:\windows\system32\inetsrv\iisadmpwd or the location where your hard disk is your default hard disk, and then click Next.
    image
  5. Verify that only the Read and Run script check boxes are selected, such as the ASP check box, click Next, and then click Finish.
    image  image
  6. Verify that the IISADMPWD virtual directory has only basic authentication is set
    image
  7. If you use Windows 2003/IIS 6.0, verify that the application pool is set to MSExchangeOWAAppPool
    image 
  8. Register the IISpwchg.dll file in the Iisadmpwd directory:
    Click Start, and then click Run.
    In the Open box, type the following, and then press ENTER:
    regsvr32 c:\windows\system32\inetsrv\iisadmpwd\iispwchg.dll
  9. Configure the PasswordChangeFlags property in the metabase to make sure that the Password Change functionality is enabled:
    Click Start, and then click Run.
    In the Open box, type cmd, and then press ENTER.
    Locate the C:\Inetpub\Adminscripts directory.
    Type the following command, and then press ENTER:
    cscript.exe adsutil.vbs set w3svc/passwordchangeflags 1

    0: This is the default value. This value indicates that you must use a Secure Sockets Layer (SSL) connection when you change the password.
    1: This value permits password changes on non-secure ports. This value is useful if SSL is not enabled.
    2: This value disables the Password Change functionality.
    4: This value disables the advance notification of password expiration.

  10. Do not forget to enable Active Server Pages.
    image 
    Source http://support.microsoft.com/kb/297121

Exchange 2007 SP3 is released

What’s New in SP3 for Exchange 2007


Windows Server 2008 R2 Support

Exchange Server 2007 SP3 supports all Exchange 2007 roles on the Windows Server 2008 R2 operating system.

Windows 7 Support

Exchange 2007 SP3 supports the installation of the Exchange 2007 management tools on a computer that is running Windows 7. Additionally, Exchange 2007 SP3 provides support for the installation of the Exchange 2007 Management Tools together with the Exchange Server 2010 Management Tools on the same Windows 7-based computer.

Improved Password Reset Functionality

Exchange 2007 SP3 introduces password reset functionality for Internet Information Services (IIS) 7.

To enable the password reset feature

  1. Log on to the Exchange server that is running the CAS role by using an account that has local administrator rights.

  2. Start Registry Editor, and then locate the following registry subkey:

    HLKM\SYSTEM\CurrentControlSet\Services\MSExchange OWA

  3. Create the following DWORD value if it does not already exist:

    Value name: ChangeExpiredPasswordEnabledValue type: REG_DWORDValue data: 1

  4. Exit Registry Editor.

 Updated Search Functionality

Exchange 2007 SP3 includes updates to the Exchange Search (MSSearch) component. MSSearch provides support for creating full text indexes for Exchange stores. Exchange 2007 SP3 updates the MSSearch binary files to MSSearch 3.1.

Schema Changes

Exchange 2007 SP3 includes Active Directory schema changes for certain Unified Messaging (UM) mailbox attributes. For more information, see Active Directory Schema Changes (SP3).

Support for Right-to-Left Disclaimer Text

Exchange 2007 SP3 includes support for Right-to-Left text in e-mail message disclaimers in a right-to-left language, such as Arabic. In earlier versions of Exchange, when you use a transport rule to create a disclaimer in a right-to-left language on an Exchange 2007 Hub Transport server, the text appears incorrectly when you view it from Outlook 2007.

Exchange 2007 SP3 adds functionality to the transport rule setting to fully support right-to-left text in disclaimers.

Download here SP3 for Exchange 2007

Checking Microsoft Office 2010 KMS Activation Status

Before you start you must al ready have a kms server.
On the KMS server you need to install the Office 2010 KMS Host License Pack on the KMS Server.
Launch Microsoft Outlook 2010
Click to the File tab. Click Help.

Office is not activated
clip_image002
Determining Which Activation Method Office is Using – KMS or MAK

Click the start menu and enter cmd /k cscript “%programfiles%\Microsoft Office\Office14\ospp.vbs” /dstatus in the search box.

If running 32 bit Office 2010 on 64 bit Windows, %programfiles% above should be replaced with %programfiles(x86)%.

Not Activated

clip_image004

Checking if a DNS Domain is Configured for KMS Auto-Discovery

To check if a DNS domain is configured for KMS auto-discovery, check that a SRV record exists.

nslookup -type=srv _vlmcs._tcp.wardvissers.nl

If a SRV record exists for the domain, the DNS server will detail the SRV record. 



C:\>nslookup -type=srv _vlmcs._tcp


Server:  ward-dc02.wardvissers.local


Address:  192.168.150.6


Non-authoritative answer:


_vlmcs._tcp.wardvissers.local SRV service location:


          priority       = 0


          weight         = 0


          port           = 1688


          svr hostname   = ward-dc2.wardvissers.local


If no SRV record exists for the domain, the DNS server will return an error 


Verifying that a Windows Computer can Communicate with the KMS Activation Server 


KMS activation requires that the machine to be activated has TCP port 1688 open for outbound communication to the activation server.


Verifying that outbound TCP port 1688 is open to the KMS server 


    

  1. Download and install the utility portqry.exe from Microsoft. It is a command line utility from Microsoft that reports the port status of a remote host.

  2. From a command prompt, run the command: 
    3. 



portqry.exe -n ward-dc02.wardvissers.local -p tcp -e 1688


The command will return “TCP port 1688 (unknown service): LISTENING” if the computer is able to communicate with the KMS server.


clip_image006


If the command returns “TCP port 1688 (unknown service): FILTERED” then the computer is unable to communicate with the KMS server 


Manually Specifying the KMS Activation Server


1. Type cmd in the search bar to locate the command window.. 
2. At the command prompt, type cd\Program Files\Microsoft Office\Office14. 


If running 32 bit Office 2010 on 64 bit Windows, Program Files above should be replaced with Program Files (x86). 
Run the command cscript ospp.vbs /sethst:ward-dc02.wardvissers.local to manually specify the KMS activation server. 
clip_image007


Run the command cscript ospp.vbs /act to activate Office with the KMS server. 


clip_image007[1]


Launch Microsoft Outlook 2010 agein
Click to the File tab. Click Help. 


Office is activated 


clip_image001

	


	
	






	
	

		
Exchange 2010 SP1 Beta
	


	

		
Exchange Server 2010 Service Pack 1 Beta is available now. It incorporates a number of feature updates including: archiving and discovery enhancements, a faster Outlook Web App (OWA), upgraded mobility features, and several improvements in the management UI. In short it helps you achieve new levels of reliability and performance by delivering features that help to simplify your administration, protect your communications, and delight your customers by meeting their demands for greater business mobility.


Microsoft Download Center Link is here and direct downloadable exe file link is available below.


File Name: Exchange2010-SP1-Beta-x64.exe    
Version: 14.01.0180.002    
Date Published: 6/5/2010    
Language: English    
Download Size: 532.5 MB

	


	
	






	
	

		
Configuring NLB for Exchange 2010 for CAS Load Balancing
	


	

		
Exchange’s dependence on the Client Access Server (CAS) role has increased dramatically in Exchange 2010.  This is because, in Exchange 2010, on-network Outlook MAPI connectivity now connects to a mailbox through the CAS role via the RPC Client Access Service.  As a result, high availability of the CAS role is crucial since any failure of CAS could affect Outlook client connectivity.  For smaller implementations or those where the limitations of native Windows Network Load Balancing (NLB) are not a major problem 


You need two or more Exchange 2010 servers (each with two NICs) with the CAS role installed have been deployed, you are ready to start configuring NLB to provide high availability and load balancing.  First, you must allocate a dedicated private IP address and create an associated A record in DNS for the NLB cluster.  


This IP address and name are what clients will connect to and against which the ClientAccessArray will be created.  In this blog post, I will use 192.168.150.95 and casarray.hyper-v.local    
To simplify the management of your NLB cluster members, I recommend that you name each NIC’s network connection so that it is easy to understand what function the NIC serves.  For example, as depicted below, I have named the connections “LAN” (used for communication with clients and servers on the network) and “NLB” (used for internal NLB heartbeat).  This process should be repeated on all NLB cluster members.


IP configuration:    
Server 1:     
LAN:     
IP: 192.168.150.90     
Subnetmask: 255.255.255.0     
Gateway: 192.168.150.254     
DNS: 192.168.150.1


Server 2:    
LAN:     
IP: 192.168.150.91     
Subnetmask: 255.255.255.0     
Gateway: 192.168.150.254     
DNS: 192.168.150.1     
clip_image002     






 






Configuring NLB – First Member


On each NLB cluster member, NLB must be installed.  With Windows 2008 R2, this can be completed simply by running the command “ServerManagerCmd -i NLB” via a command prompt.  Once NLB has been installed, launch the Network Load Balancing Manager to continue the configuration process.


clip_image003[1]


To create your new cluster, you can right-click Network Load Balancing Clusters or simply click Cluster, New.  In the New Cluster wizard, enter the name of the first server in the NLB cluster (for example, CHEK10-01) and click Connect.  This will display the available NICs on the server, at which point the NLB NIC should be chosen before clicking Next.


clip_image005


Since this is the first member of the NLB cluster, you can leave the all of the Host Parameters at their default values, as depicted below.  Please note that the Priority value should be configured as 1 for the first member.


clip_image007


Next we must configure the IP address and subnet mask of the NLB cluster, which is the IP address for which we created a DNS A record at the very beginning of this process.  In this example, this would be 192.168.150.95 and 255.255.255.0, respectively.


clip_image009


For the Cluster Parameters, we want to enter the FQDN of the DNS A record we created at the very beginning of this process (casarray.hyper-v.local).  In addition, Unicast should be selected as the desired clustered operation mode.


clip_image011


I lieve the Port Rules how they are and end with Finish    
clip_image013


Let the NLB cluster converge with its first member and you should eventually see the cluster report success.


clip_image015[1]


Now you can proceed with adding your second cluster member.


Configuring NLB – Second/Subsequent Member


After the configuration of the NLB cluster itself and the first NLB cluster member has been completed, you are ready to add additional members.  Provided that NLB has been installed, you can simply right-click on your NLB cluster in the Network Load Balancing Manager and click Add Host To Cluster.


Enter the name of the second NLB cluster member, for example CHEK10-02, and click Connect.  Be sure to choose the NLB LAN NIC and click Next.


clip_image017


On the Host Parameters screen, ensure that the Priority is set to 2 (or as appropriate, depending on how many cluster members you have) and click Next.


clip_image019


Confirm that your port rules are accurate and, if they are, click Finish to add your second NLB cluster member.


clip_image021


Let the NLB cluster converge with the new member and, eventually, it should report success.


clip_image023


At this point, you have an NLB cluster with two members!


Next configure CASARRAY.

	


	
	






	
	

		
Outlook 2007 Autodiscovery Warning when using SRV record for Autodiscover
	


	

		
Sometimes when you open Outlook 2007 using a autodiscover srv record for Exchange 2007 you wil get de following error:


autodiscover_warning_message 


Solution 1:


1. Close Outlook 2007    
2. Start Registry Editor     
3. In Windows 7, click Start –> RUN      
4. type regedit in de box and then click OK     
5. Collapse this imageExpand this image     
6. HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Outlook\AutoDiscover      
7. Click the Edit menu, point to New, and then click String Value.     
8. Type RedirectServers, and then press ENTER     
9. Right-click RedirectServers, and then click Modify.     
10. In the Value data box, type a semicolon delimited list of the HTTPS servers to which AutoDiscover can be redirected without prompting for confirmation from the user, and then click OK.     
For example, you want to allow for the following list of servers:     
  – https://wardvissers.nl     
  – https://wardvissers.local     
11.Type the following in the Value data box: wardvissers.local;wardvissers.nl     
12. On the File menu, click Exit to exit Registry Editor     


Solution 2:    
Setting the registry key with group policy preferences.     
clip_image002

	


	
	






	
	

		
Exchange Server 2010 SP1 is coming
	


	

		
Exchange Team announced that SP1 for Exchange 2010 is coming with a lot new features


I highlighted the things with I like from the coming update. It’s a whole list but i thing with this update is Exchange 2010 SP1 the best version ever!!! 😀


A list of al new things in Exchange 2010 SP1:


Archiving:
Personal Archive to a different mailbox database from their primary mailbox 😀

– You can import historical e-mail data from .PST files, directly into Exchange

– delegate access to a user’s Personal Archive

– SP1 updates the Exchange Management Console with new tools to create Retention Policy Tags

– support access to a user’s Personal Archive with Outlook 2007 Coming with A update


Outlook Web App

– Delete, mark as read, and categorize operations running asynchronously, these actions feel instantaneous to the user

– Attaching a very large file, will not block the rest of the OWA experience

– Sharing calendars to anonymous viewers via the web if you enable this.

– OWA themes back

– Reading pane can be placed on the bottom or the right side


Mobile:

– Support for send-as

– Support for notifying the user if their device has been placed on block or quarantine by their admin

– Full implementation of conversation view

– To sync only unique parts of messages.

– Setting up mobile device to access mail via POP/IMAP/SMTP, information is available in OWA. 


New Management UI

– Create/configure Retention Tags + Retention Policies in EMC

– Configure Transport Rules in ECP

– Configure Journal Rules in ECP

– Configure MailTips in ECP

– Provision and configure the Personal Archive in ECP

– Configure Litigation Hold in ECP & EMC

– Configure Allow/Block/Quarantine mobile device policies in ECP

– RBAC role management in ECP

– Configure Database Availability Group (DAG) IP Addresses and Alternate Witness Server in EMC

– Recursive public folder settings management (including permissions) in EMC


Read the whole article at HERE.

	


	
	






	
	

		
Exchange 2007 The exchange server address list service failed to respond. After Upgrading Domain Controllers to 2008 R2
	


	

		
I want to creat a new mailbox for a new user. But i get the following error: The exchange server address list service failed to respond.   
image 


Solution:   
Go to Organization Configuration in EMC. Right click it in EMC and select Modify Configuration Domain Controller. Point it to your DC hosting the PDC


image  


After that restart the Microsoft Exchange System Attendant services on the mailbox server.   


The Microsoft Exchange System Attendant Service does the following thing:


Forwards directory lookups to a global catalog server for legacy Outlook clients, generates e-mail addresses and offline address books, updates free/busy information for legacy clients, and maintains permissions and group memberships for the server. If this service is disabled, any services that explicitly depend on it will fail to start.

	


	
	




	
		

	



	


	





Translate »