So you have setup your Exchange 2007 server and now wonder whether it works correctly.
The DNS changes are in place, the SSL certificate works, but how do you test it?
Or your server isn't working correct and you want to test it from an external host - but how can you do that quickly and easily?
A new tool from the Microsoft Exchange team, currently in prototype/development may well be something to help you. https://www.testexchangeconnectivity.com/ can currently test Autodiscover, Outlook Anywhere (which should work for Exchange 2003 and Exchange 2007), ActiveSync and inbound SMTP.
Inbound SMTP can obviously be used to test any server.
For the tests that require accounts, I would suggest configuring a test account which can be disposed of later, although Microsoft do state (on the "Is this secure" link) "
Passwords gathered using this tool are not stored by the server. Passwords are encrypted in memory inside of the user's browser using a key only known to this server. When passwords are transmitted to the server, they are encrypted using the server key and only transmitted to the server over a Secure Sockets Layer (SSL) connection. As always however, it is recommend that you use a disposable test account for any testing done over the Internet."
The tool runs over SSL (using the same type of certificates available from http://CertificatesForExchange.com) so you should be able to use it from the Exchange server itself.
It does require the relevant ports to be open and information in the public DNS records, so no use for test environments that are not exposed to the internet and anything that is exposed will have to be secure. However for the final test before going live it is ideal.
https://www.testexchangeconnectivity.com/
This is another post in my serious of articles on why you shouldn't use certain features in Exchange, even though they are there. As with the other articles, the article does NOT tell you how to enable the feature in question.
The other articles in this series to date are:
For this article I am going to outline why logos in an email signatures are a bad idea. This also applies to stationery as well.
Why would you use a logo?
Almost certainly the desire to use a logo in the signature will come from either upper management or marketing. They are proud of the logo and want to see it everywhere, and see email as an extension of the marketing exercise. Often it will come after a name change, merger or new look launched. However I also call it a "boredom idea" as it is usually suggested when someone is looking for idea during a meeting on how to improve the company visibility (or some such nonsense) and cannot think of anything original.
Why you shouldn't use a logo
Trying to argue against the use of a logo in email, particularly if the request has come from a senior figure in the company can be an uphill battle. However the reasons for it are sound.
-
Makes the message larger, therefore increase the size of your Exchange store and the recipient's store.
Every recipient will get a copy of the logo, on every message. If your logo is 10k, then every message you send is at least 10k, even if it has "hello" on it, and nothing else. You send ten messages to a client, that is 100k. 10 messages a day every day (which is not unusual) then that is 700k a week, which quickly builds up.
-
It can increase the likelihood of your message being flagged as spam, or as least suspicious.
Everyone will have been plagued by the image spam. Therefore if your email contains an image embedded in the message, then it could get flagged.
If you are looking to have the image stored remotely to avoid that and the increase in size, then that will not help either. The image could be flagged as a web bug and get the message flagged as spam.
-
You cannot control how the message will be displayed at the other end, or what the recipient is using.
If you are downloading the logo from a web page, then you are presuming that the recipient has access to the internet when the message is viewed. They may not.
The recipient could be using a PDA or collecting email over a low bandwidth connection. They will not appreciate the additional bulk of your message and the logo just to have someone say "Thanks".
Once you start moving away from plain text formatting you also have the problem of display at the other end. You cannot guarantee how it will look at the end, even whether the image will remain embedded in the message or appear as an attachment. Different clients will use different ways to render the message format - ask any web developers about the problems they have with getting a web site to look the same in the various browsers in use.
Finally, to use a logo that means you have to use one of the rich formatted messages - HTML or rich text. Plain text is out of the question.
If you force the use of the logo at the server using a third party tool then any recipient of email sent using plain text may well find that the message format will be changed.
-
Do large companies send emails with logos?
The final point to put across is how many large companies do you see using a logo? The answer will be none. Where a logo is used it will be something the sender themselves has done, not something that is being done centrally. It is only ever small companies that do these sorts of things - and most managers do not want to be seen as a "small company".
Logos in signatures is something that you should try and avoid where possible for the health of the server, and to try and ensure that your email is not blocked or be unwelcome by the recipients.
I have blogged in the past about the Windows Mobile emulator, as I have found it an excellent tool when testing new solutions, looking at problems and generally getting to grips with the mobile side of Exchange. It also means that I can leave my own PDA alone rather than using it for testing.
Microsoft have now made available emulator images for Windows Mobile 6.1. While these are primarily designed for developers, they will run standalone with the Windows Mobile emulator.
For those of you using Exchange 2007 this release also gives you the opportunity to test out the new policies that were introduced with Exchange 2007 SP1 which bring the functionality of Windows Mobile closer to that of Blackberry , with control over the devices and the features that are enabled. (More information on those polices here: http://blogs.msdn.com/jasonlan/archive/2007/12/04/exchange-activesync-policies-summary.aspx)
Network Support
I tried to get these images to work on my Vista machine, using the now withdrawn network driver. However the network driver would not install on to the machine. Instead I had to download and install Virtual PC on to my machine (something that I was hoping to avoid).
On my Windows XP machine the network driver would install fine and worked well with these images.
Download Links
You need to download both parts, although if you already have the emulator installed then these new images will work with it fine.
Windows Mobile Emulator 3.0:
http://www.microsoft.com/downloads/details.aspx?familyid=A6F6ADAF-12E3-4B2F-A394-356E2C2FB114
Windows Mobile 6.1 Emulator Images Download:
http://www.microsoft.com/downloads/details.aspx?FamilyID=3d6f581e-c093-4b15-ab0c-a2ce5bffdb47
Windows Mobile 6.0 Emulator Images Download:
http://www.microsoft.com/downloads/details.aspx?familyid=38C46AA8-1DD7-426F-A913-4F370A65A582
Last year I wrote about how I was caught out with detecting Vista in login scripts (http://www.sembee.co.uk/archive/2007/01/06/31.aspx).
Following the release of Service Pack 1 for Windows Vista, I was caught out again as the version number has changed. In my login scripts I use the output of the command "ver" to detect the operating system.
With Windows Vista RTM it was 6.0.6000. With Windows Vista SP1 it is 6.0.6001. Therefore any login scripts that detect Vista need to be updated to include both version types.
This is easily done and should not mean too much additional code.
If you have used the method in my examples and put the script commands in to sections, you simply need to add a line to the detect the later version:
findstr "6000" %systemdrive%\ver.txt
if not errorlevel 1 goto vista
findstr "6001" %systemdrive%\ver.txt
if not errorlevel 1 goto vista
:vista
rem vista commands here
By grouping them together the same commands can be used for both RTM and SP1 versions of Vista, unless you need to use different commands for the different versions.
One of the worst experiences for an Exchange administrator is to come in one morning and find that either email is being blocked, the queues are long or the users are getting NDRs saying that the server is blacklisted.
This seems to result in confusion amongst administrators who then go looking for advice only to get conflicting answers on what the problem might be.
I am going to try and clear up some of that confusion which should help Exchange administrators find the source of the problem.
There are two main issues that Exchange administrators seem to see and fail to understand.
- There are a large numbers of messages in the queues.
- The IP address of the server has been blacklisted.
In both of these occasions many administrators seem to think that a client machine on their network has been compromised and is sending email through the Exchange server.
This is not the case.
To abuse an Exchange server in this way, a BOT writer would need to
- get the BOT inside the network
- infect the machine
- realise that it is on a corporate network where there is an Exchange server
- find the Exchange server
- send the message.
The above, is not going to happen - at least not at the moment. Too much like hard work. The first two are the most difficult - if the network security has been configured correctly and the users trained to recognise potential suspect emails or web sites.
Then sending the message requires either a MAPI interface or SMTP to be configured on the Exchange server to allow users to relay through the server. While this is default, if you do not have any users who need to relay through the server (Outlook, OWA and Windows Mobile/Blackberry BES users do not need to) then you should disable it.
Then for a successful infection and abuse, the above is also presuming that the user is an administrator and the network admin will not notice the infection!
What the BOT writer is really looking to do is infect clueless home users who are not keeping their machines patched, not using security software and are running as a local admin. Much higher chance of success there involving simpler techniques.
Therefore with the target in mind, the BOT will usually have its own SMTP engine and will be sending out email directly to the internet.
So what has happened?
If you have been blacklisted but the queues are clear, then a client machine has probably been compromised. This is often the case when you have a single IP address on the Internet which is shared among all machines on your LAN.
However to further complicate things - if you are using a smart host - such as your ISPs SMTP server - then your queues could be clear but the server is still being abused. However in that scenario it is likely that your server would not be blacklisted on public lists, but your ISP may have noticed and not be very happy with you. If messages are not being delivered to the smart host then phone your ISP and ask - or they may phone you. Often ISPs will block first and ask questions later.
Finding the Source - Compromised workstation
A quick and dirty method to find the compromised machine is to simply stop Exchange from sending any messages by freezing the outbound traffic, and then block port 25 on the firewall and wait. A compromised machine will quickly show on the logs when it cannot connect. You can then go and find the machine and deal with it.
Having up to date Antivirus is not enough. Once the BOT is on the machine, it is no longer your machine. The only way to ensure that it is clean is to wipe the machine. BOTs are very good at hanging around and they will update themselves regularly.
There is a complication on this as well - if you have been foolish enough to browse from the Exchange server then the server itself may have a BOT and be sending out messages. However those messages would still not show in the queues. If you don't browse from the Exchange server then that shouldn't be the cause of your problems.
Finding the Source - Large Number Of Messages in the Queues
If you have a large number of messages in the queues, then those will be coming from outside your network. That does not mean you are an open relay, there are other ways that the spammer can abuse your server.
The two most common are authenticated relaying and the NDR attack.
I have discussed these in more detail in my spam cleanup article on amset.info - http://www.amset.info/exchange/spam-cleanup.asp .
However in short, authenticated relay is where the spammer has attacked your SMTP port trying to break a password - usually the administrator account. Once broken, the account is used to relay email. Authenticated relaying is enabled by default.
An NDR attack is where messages are sent to your server to non-existent users on purpose. Either as a directory harvest attack (to see what users are valid) or to get your server to bounce the messages to the "sender". The sender is spoofed and is the actual target.
Exchange 2000 is unable to defend itself against these kinds of attack without third party support. Exchange 2003 and higher has features built in to deal with this kind of threat, however if you have Exchange 2003 on Windows 2000 then you should not use them as Windows 2000 is unable to defend itself against a directory harvest.
So what do you do?
When you first notice there is a problem, you need to verify whether it is the result of an attack or compromised machine, or the result of a configuration error or change. Do not presume one or the other.
Once you know which it is then you can look further.
If you are dealing with an ongoing problem then pull the plug on the internet connection. That will stop messages going out and if the spammer is abusing your server will stop the messages from piling up. This will give you some breathing space to clean up and see what is going on.
If your IP address has been blacklisted, then use your ISPs SMTP server to send email through.
Ideally you should have at least two IP addresses so that the Exchange server can have its own address. If a workstation is then abused it does not result in your email IP address getting blacklisted.
Remember, any SMTP server is a target for a spammer. They don't want to use their own resources, they want to use those that belong to someone else so that they can hide.
Once again the UK IT Pro User Groups are getting together to have a community day at Microsoft in Reading. This time it will be spread over two days - 8th and 9th of April 2008.
I presented at one last year alongside Nathan Winters, but this time I have my own session. I will be presenting a session on behalf of the Microsoft Messaging & Mobility User Group (MMMUG - http://www.mmmug.co.uk/) on the first day on the subject of Client Access to Exchange 2007. This will include unified messaging with Outlook Voice Access, OWA, Windows Mobile and Outlook 2007. Particularly emphasis on what is new on Exchange 2007 SP1.
The idea is to show you the different ways that you can access your email, then look at the control the Exchange administrator has over those interfaces. This will be a hands on session, rather than something that is just a serious of Powerpoint slides.
As well as my own session I will be there all day sitting in the other sessions, the product group Q&A and the end Q&A at the end of the first day.
The event is free of charge, but you do need to register in advance. Full details of the agenda for the two days, the speakers and their sessions, plus registration details can be found on the web site: http://www.ukusergroups.co.uk/
This is another post in my series of articles on why you shouldn't use certain features in Exchange, even though they are there. As with the other articles, the article does NOT tell you how to enable the feature in question.
The other articles in this series are:
- why you shouldn't use the POP3 connector: http://www.sembee.co.uk/archive/2006/09/25/28.aspx
- home grown versus commercial SSL certificates: http://www.sembee.co.uk/archive/2006/03/05/9.aspx
For this article I am going to outline some of the reasons why you shouldn't enable the POP3 server on the Exchange server. This is different from the POP3 connector, which is used by Small Business Server to pull in email from an ISP. This is POP3 used to collect email from Exchange.
Why is POP3 enabled?
POP3 is not enabled by default and there are a number of reasons why it is enabled.
Some administrators enable it because that is all they know, and they want to use Outlook Express for email. This is familiar to them and their users.
Others enable it for remote access, because either they don't know about or cannot use RPC over HTTPS (aka Outlook Anywhere (Exchange 2007) or Outlook over the Internet (SBS)) http://www.amset.info/exchange/rpc-http.asp
It may also be enabled to allow other non Microsoft clients to access email.
However in most cases it is a request from a user, who may or may not be completely up front about why they want to use POP3. POP3 can be used/abused in so many ways that it is one of the reasons why the Exchange server admin should really think twice before enabling it.
Therefore the first thing an Exchange Server admin should do when they are asked to enable the feature is ask the question why. If the asker then goes coy, you know it may not be in the business' best interest to enable it.
Why Shouldn't You Enable the POP3 Server
There are any number of reasons why the POP3 server should not be enabled. These are the most common reasons why not:
- Username and Password Sent in the Clear.
In the default configuration, POP3 sends the username and password across in the clear. That is a security risk. If you really do need to enable it, look at using SSL to secure it.
- Risk of content loss.
POP3 is designed to REMOVE the content from the server and store it locally. It is too easy for a user to download the content and remove it from their mailbox. While there is a setting to leave the email on the server, it cannot be controlled server side, so you are reliant on the user setting the client in the correct way.
As the data is being stored locally, it cannot be backed up easily, therefore if the user loses their machine, it is stolen or suffers a hardware failure, then the email is lost as well.
I have also seen it abused, as a way to get content out of the network - sales people in particular want the feature so they can store a copy of everything at home. A significant number of sales people are not loyal to their employer at all, and would prefer that their clients do everything through them, ideally on a personal email address.
- Loss of control of access.
Once POP3 is enabled, it can be used by any number of things, PDAs, phones, Blackberry etc. The IT department may or may not know about those, and be unaware of them in the event that they cause a problem.
- Storage and Regulatory Compliance Concerns.
If you operate in an environment where you have to store email or be aware of the content of the messages, then that is a big argument not to enable POP3.
If the client is configured for POP3 and email is sent from that client, then there is no way it can get back in the store unless it is imported. If the user is sending email with something obscure, then that isn't going to happen.
The user could also be sending email out through another SMTP server, even sending email with their personal email address as the reply to address (again sales type people are notorious for doing this - then claiming it was an "accident").
- Feature Loss
You also lose the GAL, calendaring and everything else that Exchange offers. If the email is being extracted then OWA becomes close to useless, no sync to Windows Mobile devices over the air.
If your must enable the POP3 Server
As with many things in the Microsoft world, everything is enabled until you turn it off. POP3 access is no exception. If you enable the server then all users will be able to use POP3. Even if you don't publish the information about how to configure it, if OWA is used and the port is open, the users will soon work it out - the information is all over the internet.
Therefore if you must enable it then you should secure it.
- Use admodify.net to disable the feature in bulk for Exchange 2003 users, Exchange Management Shell for Exchange 2007 users. Then enable it for the users who need it only.
- Use SSL and only open the POP3S port (995). That will slow down a causal user.
- If you can, use IMAP instead. That leaves the content on the server. It isn't perfect as there is still the chance that email is sent out via another SMTP server, but it is better than POP3.
Conclusion
Make sure that management are aware that it is being enabled and are aware of the risks that are involved. If they say no (which is ideal) then you can simply turn down future requests with that same message.
My personal opinion is that POP3 has no place in a corporate email environment and there is no need to enable it at all.
If you need to provide access to mobile devices, then purchase suitable devices that use either Windows Mobile or Blackberry.
If you need to provide access to non-Microsoft clients, use IMAP.
If you need to provide remote access for Outlook, then use RPC over HTTPS.
Would your company like to use Exchange 2007, but are finding the costs too high, you don't have the internal skill set or just want to outsource it?
However have you found that hosted Exchange is too limiting for your company needs or you want a more personal approach to the management of your server?
If so, then we may have the answer.
I have recently been talking to a few clients who would like Exchange 2007, but for various reasons cannot justify their own server. They have also expressed a desire for it to be managed by someone they can get to know, rather than a request going in to a helpdesk queue and being completed by an unknown person.
Therefore what we have talked about is a number of companies getting together to share an Exchange server and the management costs. This server would have a limited number of users, and would be managed by myself. My company would acquire the hardware, arrange hosting at a data centre, setup the server and then manage it.
However to make it worthwhile on costs, time and other investment, we need a few more mailboxes. Ideally we are looking for around 200 mailboxes, we currently have expressions of interest for around 75 mailboxes.
The monthly cost that is currently being looked at is £15 per mailbox per month, with a £100 per client per month management fee and maybe a setup fee. Numbers are not exact as it depends on how many mailboxes we get. If we get 400 or more, then multiple servers could be used, which will bring down the expense as the cost of the domain controllers and additional network hardware will be shared between more users.
We would also need to have a 12 month commitment to the service so that financing etc of the software and hardware can be arranged with some idea of the income flow.
At this time it is planned that each mailbox would have 2gb of space, plus there would be public folder space as well.
If you are interested, then please let me know through the company email address of contact @ amset.co.uk with the number of mailboxes you may be looking to host and whether you would be interested in Blackberry support, and the number of devices. We must ask that you do not contact us if you are outside of the UK, unless you have a UK billing address and the majority of the users will be located in the UK.
Please note this isn't going to happen overnight, once the legal stuff has been dealt with, the hardware needs to be acquired and setup, so it could be early April or later (at the time of writing) before we are ready to go.
Support for the migration from your existing solution should be included - although it depends on what you are currently using.
I appreciate that much of the detail is not exact, at the moment we need to find out how many others could be interested before proceeding any further.
I have written a brief FAQ below which should answer some common questions, although if you do have any queries, please contact me on the above address and I will attempt to answer them and also update this page.
AT THE TIME OF WRITING THIS IS NOT A SOLUTION YOU CAN BUY FROM US TODAY.
PLEASE NOTE THAT FOR LEGAL AND INSURANCE REASONS THIS SERVICE WOULD ONLY BE AVAILABLE TO UK BASED COMPANIES.
FAQ
Q: Isn't this Hosted Exchange?
A: It is a form of hosted Exchange, and we will be using the Microsoft Hosting licensing system to license the software. However the idea is to offer a service that is more flexible than those offered by Hosted Exchange providers because there is no control panel. Furthermore you know who is managing the server, that they built it and are aware of how it is working. I see it as taking the best bits of Hosted Exchange and having your own server, and putting them together.
Q: What don't we get that we would get with Hosted Exchange/Our Own Server.
A: You don't actually loose a great deal.
From a hosted Exchange point of view, you will not get a control panel or access to any kind of administration interface. Anything you want done from an admin point of view will need to be asked for and I will make the change for you - just as it would if you had your own server - you would ask your network admin or support company.
Things missing from having your own server will include your choice of antivirus and antispam, as we will need to use a solution for all users as it protects the server. You also don't have access to the admin console yourself.
Q: Will we see the other clients in the GAL etc?
A: No. Address list segregation will be used to make it appear to be your own server. While this isn't a traditional hosted Exchange environment, I will be using the techniques from Microsoft on setting up a hosted Environment to provide a secure deployment for all users.
Q: Will it be secure?
A: Yes, this will be a deployment done to best practises. Commercial trusted SSL certificates will be used, behind firewalls with the relevant ports open. It will be just as good as a deployment in your own office.
Q: Will we have access to all features? OWA, Windows Mobile support?
A: Yes. Everything Exchange offers will be there, except for Unified Messaging - see below.
Q: Blackberry?
A: Maybe. There are other issues with Blackberry, such as support for Exchange 2007 SP1 and paying for the licenses of both the server and the CALs. If you are likely to be a user of Blackberry, then please indicate that along with how many devices.
Q: What about Unified Messaging?
A: To begin with there will be no Unified Messaging support.
However I am already looking at how UM could be used with remote server for another client. This could be possible if you already have VOIP technology in use or by hosting the media gateway at your own site. That may mean having a different type of Internet connection in to your own office, and maybe increased bandwidth costs for everyone involved.
There are also security concerns to be addressed, so use of UM may be possible long term, but not at the start.
Q: Contract, SLA etc.
A: Can't answer questions on those bits yet, as that needs to be worked out if we went ahead with this project. There will be some kind of contract and SLA, however those details would need to be resolved once the project starts. That would also include support details, how to make requests, track requests etc. The operational details are a long way away.
Q: What about if you are not available?
A: Finding someone who back up me, in case I am not available to look after the server for whatever reason. Whoever I choose to use will be of high quality - I have very high standards and you will know who it is.
Q: Backups?
A: There will be some kind of backup solution, exactly what I do not know at this time. Certainly Exchange options will be used where possible, and then some additional backup will be used to protect the data in the event of server failure.
Q: It is more expensive than x service provider.
A: That maybe so. However this is highly customised solution with support from a named individual. This is not a "pile it high sell it cheap" solution based on price. This is a quality solution. I would compare it to buying a car, such as a 1978 used Mini to a brand new Mini. Same name, both cars, but very different in what you would expect.
Q: So what do we get that we wouldn't if we had our own server?
A: The first thing is less worry. Someone else worries about the server, the data, whether it is working correctly, bandwidth and use.
Next, you have peace of mind that it is managed by an experienced Exchange consultant, which is not something you may well expect to have if you had your own server. No need to worry about someone who doesn't know what they are doing playing around the with the server.
The server will be located in a data centre, so it will be protected and available to you where ever you are. If you have a high number of users out of the office, it may well be a better performing solution than hosting your own server.
There could also be opportunities to enhance the solution buy purchasing additional software products on a per server basis. While the cost may not be economical for 20 users, for 200 it becomes something viable.
If you have used Exchange 2007 for anything more than 2 minutes, you will quickly notice that the performance of the Exchange Management Console (EMC) is very poor - no matter how much memory or processing power you have on your server.
While moving content on the blog, I was reminded of a post where I linked to an announcement about the Exchange 2003 management tools being made available for 32 bit OS. (http://www.sembee.co.uk/archive/2007/01/25/39.aspx). This reminded me that I had a virtual machine with the management tools installed. Having just updated my main Exchange 2007 server to SP1, I decided to update that virtual machine as well with the 32 bit service pack. Imagine my surprise when I started the tools to find that they started much quicker than on my server. Checking other Exchange 2007 servers (include a quad processor with 8gb of RAM) I found that it still loaded quicker on this low spec virtual machine.
The Exchange Management Shell also seems to load quicker on a Windows XP machine. However that does mean you have to specify the Exchange server that you are using when you run any PowerShell commands for Exchange. If you are on a single server site then the quickest way I have found to do this is to start the commands with "get-<server role> |" then the rest of the command as normal. For example "get-mailboxserver | get-mailboxstatistics"
Replace mailboxserver with the role that you are working on.
To install the tools on to a Windows XP machine, download the 32 bit version of Exchange 2007 Service Pack 1.
You will also need to install the base IIS components (not SMTP though) and some additional downloads including MMC 3.0, PowerShell 1.0 and net framework 2.0 if you haven't already installed it.
After installing the net framework, run Microsoft Update to ensure that you have the required updates. If you don't, then the Exchange 2007 setup will prompt you to install the update before you can install the management tools.
When it comes to the actual installation, carry out a custom install and choose the Management Tools only.
If your Exchange server has plenty of resources, and you have the licenses to do so, then rather than installing the Management Tools on to your own workstation, you could use a Windows XP virtual machine which is stored on the Exchange server. This is particularly useful if you are using the best practises for permissions have separate Administration and User accounts. If you usually access your Exchange server using RDP, then enable remote desktop on the virtual machine Windows XP installation and then connect to it directly. As it is stored on the server, it will always be available to you.
Links to Downloads Required
Exchange 2007 SP1: http://www.microsoft.com/downloads/details.aspx?FamilyId=44C66AD6-F185-4A1D-A9AB-473C1188954C&displaylang=en
MMC 3.0: http://support.microsoft.com/default.aspx?kbid=907265
PowerShell 1.0: http://support.microsoft.com/default.aspx?kbid=926139
.net Framework 2.0: http://www.microsoft.com/downloads/details.aspx?familyid=0856eacb-4362-4b0d-8edd-aab15c5e04f5&displaylang=en
I have started the long process of reviewing every page in the Exchange and Outlook sections of my technical site amset.info for Exchange 2007 compatibility. While for some articles this is quite easy, as the principles remain the same, others require a completely new article - such as the Mobile Access setup guide (original: http://www.amset.info/exchange/mobile-setup.asp)
and the spam cleanup guide (http://www.amset.info/exchange/spam-cleanup.asp)
The articles that have been reviewed and updated are here http://www.amset.info/exchange/exchange-2007.asp and I will keep that list up to date until all articles are updated. It will then contain a list of Exchange 2007 specific articles.
The compatibility table on every page is being updated as I review the articles. If I haven't touched the page then the table says "Maybe" for Exchange 2007 compatibility.
Waiting for my Exchange 2007 Migration Guide? - Sorry, you will have to keep waiting.
If you are waiting for an Exchange 2007 of my migration guide (Exchange 2003 version here: http://www.amset.info/exchange/migration.asp) then you will have to wait a big longer. I have done a few migrations now, but keep changing my mind on the best way to do it. At the moment the "guide" consists of notes in Microsoft One Note, which increases in size with every subsequent migration.
However, if you are migrating off Exchange 2003/2000 to Exchange 2007, then the current guide will help a great deal. The principles still apply, you still need to replicate public and system folders and the order of work are still valid. The Exchange 2007 version, when I get round to writing my notes will almost certainly be based on that just with additional notes for Exchange 2007. I was also waiting for Exchange 2007 as Service Pack 1 introduced GUI for public folder management which makes the migration process much easier and now wish to do a few migrations using that version to hammer down the best way to do it.
Last year I was playing around with Google Custom Search, to try and improve the search functionality on amset.info.
While I was experimenting, I built custom search engines for the knowledgebase's of Microsoft, Symantec, McAfee, Palm, Apple, Adobe and a few others.
Rather than waste the work I had done, I put them in to some rough web code I use for basic web sites, registered a domain name and put it on its own virtual server on the same server that hosts amset.info and this site.
The link initially appeared in one place only, on this site. You will find it in the side bar. I have subsequently added it to my profile on Experts Exchange. It will most likely appear linked to from amset.info when I eventually get round to a design refresh for that site.
It will now appear in a third place, here: http://www.kbsearch.info/
If you look at the site you will see that it isn't the prettiest of code. It was built on some standard asp that I use if I need to throw together something very quickly. I use most of the asp as place holders for a real design to be done at a later date.
I did some basic meta tags, put in the Google Adsense code and left it at that.
Came as a bit of a surprise then to look at the logs for the web site a few weeks later to find that not only has Google indexed it, but it was for a time also at the top of the results (at least on Google UK) for a certain keyword - Symantec KB. It now seems to vary between 1 and 3.
If you believe some of the hype around the Search Engine Optimisation community (SEO) what has happened should not have happened. I should have had lots of links to the site, monitored my keyword density, done the research, crafted my meta tags, used the keywords in the title etc. I also shouldn't have the site name in the title.
I did none of the above. I have probably got lucky with what I did use, but it was just luck. I am not aware of any inbound links (except from here) and the pages are not optimised in any way.
I am not saying that SEO is a waste of time and money, just that it in this scenario it was not required to get the site in to the search engines in a good position.
For the third year in a row, I am expert of the year at Experts Exchange. I also answered the most questions during the year - 5798 - which is an average of just over 16 questions a day.
I also picked up most points from assists.
http://www.experts-exchange.com/expertAwards2008.jsp
In other Experts Exchange news, I have decided to take a break from it for a while, so that I can concentrate on my business. You will still see me posting on other sites, but the traffic through EE is so high that it was taking up too much of my time to keep on top of it. I haven't posted in a new question on that site since Jan 1st, but I am still getting questions that I worked on before coming through, and have earned 250,000 points without even trying.
As you are probably aware, Exchange 2007 Service Pack 1 was released at the end of November. However, even though this was in beta for quite some time, a few little things did slip past the quality control.
Below is a screenshot from Exchange 2007 Service Pack 1 as originally released. The bug exists in both the 64 bit and the 32 bit trial. Exchange Management Console, Organisation Configuration, Hub Transport. Click on the tab Remote Domains. Right click on the Default and choose Properties. The tab should be labbed "Message Format" - not "Format of original message sent as attachment to journal report:"
Not the only mistake on this window, further down, "Display sender's name on messages" has a formatting error as well.
>Neither error appear to affect functionlity, but makes a different bug to report to Microsoft!
Having installed Exchange 2007 SP1 on to a couple of systems in my home lab, a couple of things have caught me out, which I thought may be beneficial to share.
Remove language packs from UM
The first was that you need to remove any additional language packs from the server. I had the UK English pack installed. This is the TechNet article on how to remove a language pack.
http://technet.microsoft.com/en-us/library/bb124004.aspx
However I found that the command listed in that article didn't work. Instead I used a command prompt in the root of my local copy of the DVD (I copied the files off the original DVD to the machine so that they were always available) and then ran the following command:
Setup.com /RemoveUmLanguagePack:EN-GB
The language pack then removed for me successfully.
Reboot Pending Prompt
If you had installed something that asked for a reboot and had not rebooted then the service pack will not install. You will have to reboot and then try again. Fortunately the service pack itself does not seem to ask for a reboot.
You do not have to remove the rollups
If you have been keeping the server up to date and have the rollups installed, then you may recall that if you downloaded them manually you had to remove the previous rollups before installing the new ones. With the service pack you do not have to do that. This service pack effectively removes the installation files and then replaces them. The download is the complete Exchange 2007 installation set. After the installation of the service pack is complete the rollups have gone from the add/remove programs list.
Receive Connector Configuration
This last one caught me out and seems to be catching many others.
If you have modified the receive connector FQDN away from the default then it will stop the installation of the service pack. However this is NOT picked up during the initial check of the server at the beginning, but midway through. The service pack install stops and you are left with a server that is not running 100%. If you do forget to change it then the service pack will pick up from where it has started.
The receive connector should be set to either the server's FQDN, Netbios name or blank.
So for a server called EXCH-Server this would be exch-server.domain.local, exch-server or blank.
Why would you change this? When you telnet to the server it is the receive connector that is answering the call and you may want to change it so that the public name of the server is answered instead.
Updated to include link to SP1 release notes.
The eagerly awaited service pack 1 for Exchange 2007 has been released.
In a change from service packs for earlier versions of Exchange, you can install Exchange 2007 fresh from this download - therefore the download files are quite big.
Available in both 64 bit and 32 bit, although remember that 32 bit is not supported for production use. Evaluation only.
From the download page:
Overview
Microsoft Exchange Server 2007 Service Pack 1 (SP1) has been designed specifically to help meet the challenges of any business and the needs of all the different groups with a stake in the messaging system. Exchange Server 2007 SP1 is a mission-critical communications tool that enables employees to be more productive and access their information anywhere and anytime while providing a messaging system that enables rich, efficient access to e-mail, calendar items, voice mail, and contacts. For the administrator, Exchange Server 2007 SP1 provides advanced protection options against e-mail security threats, such as spam and viruses, as well as the tools to help manage internal compliance and high availability needs.
In Exchange Server 2007 SP1, several new features and improvements will extend the Anywhere Access capabilities of Exchange Server 2007 to help make employees more productive on whatever device they’re using, provide additional Operational Efficiency tools for administrators seeking a streamlined management and deployment experience, and enable advanced Built-in Protection for more robust high availability and compliance scenarios.
Improvements in Exchange Server 2007 SP1 include:
Anywhere Access
- Integrated Exchange Unified Messaging functionality with Microsoft Office Communicator 2007 and Microsoft Office Communications Server 2007.
- Outlook Web Access additions, including public folder access, S/MIME support, personal distribution lists, and mailbox rules editor.
- Webready document viewer supports Microsoft Office 2007 documents in addition to Microsoft Office 2003 documents.
- Extended language support in Outlook Web Access with Arabic and Korean spell checking.
Operational Efficiency
- Support for Windows Server 2008 deployments, including benefits in flexible clustering, native virtualization, advanced networking, and simplified management.
- Additional tools in the Exchange Management Console, including public folder management and configuration options for clustering and POP/IMAP access.
- Improvements to the Exchange Management Shell syntax and import-export PST in the move-mailbox command.
- Wider variety of web services for application development, including public folder access, delegate management, and folder level permissions.
Built-in Protection
- Addition of Standby Continuous Replication (SCR) for site resilient high availability deployments.
- Extended Exchange ActiveSync policies for mobile policy enforcement.
- Information rights management pre-licensing by the Hub Transport role.
- Secure Real Time Protocol (SRTP) support in the Unified Messaging role.
- Support for IPv6 when using Windows Server 2008.
This is the link to download it. However you need to register, using a Microsoft Live ID:
http://www.microsoft.com/downloads/details.aspx?FamilyId=44C66AD6-F185-4A1D-A9AB-473C1188954C&displaylang=en
UPDATE:
At the time of writing, the link to the release notes takes you to the RTM release notes, not the SP1 release notes. To see the SP1 release notes (gives you something to read while it downloads) go here: http://www.microsoft.com/downloads/details.aspx?FamilyId=5770BD59-376E-42EC-B940-BE6225CD97FF&displaylang=en
More Posts
Next page »