Showing posts from 2007

Upgrading a Single Copy Cluster to Exchange 2007 SP1

Upgrading the Exchange 2007 single copy cluster requires a bit changed steps than in previous Exchange Server's releases. You still have to work on a passive node tough :)))I suggest that you run Microsoft Update on all nodes prior to Exchange SP1 install. The most important part is .NET Framework 2.0 SP1 update, since Exchange is .NET Framework application!The change from previous versions is that there is no GUI for updating the cluster. You have to do the upgrade from command prompt.Let's presume that our nodes are named NODE1 and NODE2. Steps are as follows:On NODE2Move all cluster groups to NODE1 if they are not already active on NODE1 Put Windows Firewall/Internet Connection Sharing (ICS) service to manual and then START IT, since Setup will add Windows Firewall exceptions for Exchange services Stop any services that have open handles to performance counters (Performance Logs and Alerts and any Microsoft Operations Manager agents), since performance counters are changed …

Exchange 2007 Service Pack 1 is out

Finally, long expected Service Pack 1 for Exchange 2007 is out. You can download it here:64-bit version32-bit versionRelease notes can be found here. To find out what's new in Exchange 2007 Service Pack 1 read the following article from the TechNet

Exporting Client Access role (CAS) settings

A few days ago MS Exchange team published a script that helps you export CAS role settings. Usage of the script:.\exportcasconfig -cloneConfigData:"C:\CASConfigData.xml" -Key:"A9ABA4D2C21C4bc58B303EA47BBE3608" (32 byte string used for password encryption/decryption)-Key parameter is optional and is used in case there are any passwords that need to be encrypted.Script will export:Web.config filesRegistry settingsCertificatesCertain IIS settings not available from the Exchange Management Shell, such as Require SSL, Web Site Bindings, Certificate Mappings, HTTP Redirects, etc.The script can be downloaded from here.Related article:

Upgrading Dynamic Distribution Groups

Dynamic distribution groups These are distribution groups for which membership is based on specific recipient filters rather than a defined set of recipients. Dynamic distribution groups were called query-based distribution groups in Exchange 2003.Source: Microsoft Exchange TechNet libraryIf you created query-based Distribution Group in Exchange 2003 it was filtered by using LDAP query language. Exchange 2007 is using OPATH as query language which is simpler to use than LDAP. During transition from Exchange 2003 to Exchange 2007, now called dynamic distribution groups, are not automatically converted to OPATH query-language. Query-based distribution groups work but if you want to see members from Exchange Management Shell or do something else with the group within Exchange 2007, you simply can't or the use is limited.So, you need to convert LDAP query language to OPATH. When creating new Dynamic Distribution Group in Exchange 2007, there are some conditions (filters) you can choos…

MCITP - Enterprise Messaging Administrator- CHARTER MEMBER

Yesterday I got my MCITP Enterprise Messaging Administrator certificate and was surprised to see that I am CHARTER member! First 5.000 pros in the world who pass the exams become Charter members.I didn't know I was that fast :))))))

Microsoft Exchange 2007 Rollup 5 is out

On 26th of October 2007 Microsoft released Update Rollup 5 for Exchange 2007. There are 11 issues fixed in this update:The recipient information in an e-mail message incorrectly contains the character string "%40" in the address instead of the at sign (@) in Exchange Server 2007 Non-English characters in the meeting description field are replaced by question marks when an Exchange Server 2007 user opens a meeting invitation that was sent by a Lotus Notes user You receive a NDR message after you send an e-mail message that contains a .zip file attachment by using an Exchange 2007 Edge server The Conversation view is broken when the public folder is replicated between Exchange 2007 servers An e-mail message recipient cannot use a Web-based e-mail client to access an attachment when the message is sent by using Exchange 2007 The last instance of a recurring meeting request is missing when a mailbox is migrated from Lotus Notes to Exchange 2007 The Exchange Management Console cr…

Standby Continuous Replication (Part I)

One of the most interesting features of Exchange Service Pack 1 (in the time of writing still in Beta) is probably Standby Continuous Replication (SCR). In RTM version of Exchange Server 2007 Microsoft introduced Local Continuous Replication and Cluster Continuous Replication which are variations of SQL Server's Log shipping feature.

To enable more disaster-recovery situations/possibilities Microsoft introduced Standby Continuous Replication in its Service Pack 1 for Exchange Server 2007.Characteristics that are distinguishing SRC from LCR and CCR (from Exchange Server SP1 Help):SCR supports multiple targets per storage group. LCR and CCR support only one replication target per storage group (the passive copy). SCR includes a built-in delay for replay activity, and allows enables an administrator to specify an additional delay. This is useful in a variety of scenarios. For example, in the event of logical corruption of an active database, the built-in and additional admin-configure…

Adding additional e-mail address to Exchange 2007 public folder

If you want to add additional e-mail address to your public folder in Exchange 2007 Service Pack 1 (BETA!!!!) you open Exchange Management Console, select Toolbox and open Public Folders Management Console. On Public Folders - SERVERNAME right-click and choose Connect to Server... --> Browse and Select the server from the list. Under Default Public Folders choose the public folder you want to add additional e-mail address to and in the right-click menu choose Properties --> E-mail Addresses.

To add additional e-mail addresses to Public Folder in Exchange Management Shell (pre-SP1 and SP1) use following commands:
First, always check what is already in...Get-MailPublicFolder -Identity "YOURPUBLICFOLDERNAME" | FL

You need to disable Email Address Policy for this Public Folder (like uncheck - Automatically update e-mail addresses based on e-mail address policy)Set-MailPublicFolder -Identity "YOURPUBLICFOLDERNAME" -EmailAddressPolicyEnabled:$FALSEThen add additional …

Change SMTP port 25 in Exchange 2007, 2010

For some reason you might want to change default SMTP port number 25 Exchange 2007 is using. Exchange 2007 uses RECEIVE AND SEND connectors, one for receiving mails and other for sending mails (obviously ;)
So you need to change ports on those connectors. I will not say those two, because you might be using more than two.
You change Receive connector port by opening the connector properties in Exchange Management Console --> Hub Transport --> RECEIVECONNECTORNAME --> Properties --> Network --> Local IP Addresses (Edit Receive Connector Binding)
Just to clarify what "Local IP Addresses" and "Remote Servers" are (from Exchange 2007 help), because I find it little bit confusing: Use these local IP Addresses to receive mail Use this list to specify the IP addresses and port numbers on which this Receive connector listens for incoming mail. Receive mail from remote servers which have these IP addresses Use this list to specify the remote IP address range fr…

How can you bypass sender or sender's domain in Exchange 2007 Content filter anti-spam agent

You can bypass Content Filter agent for sender or senders that you know are ok. You do that by entering sender's e-mail address into the allowed list. Set-ContentFilterConfig -BypassedSenders

If you want to bypass Content Filter agent for whole domain name then you use -BypassedSenderDomains within set-ContentFilterConfig command.Set-ContentFilterConfig -BypassedSenderDomains,

Warning: The name of the security certificate is invalid or does not match the name of the site

If you use commercial SSL certificate for your organization's Outlook Web Access (OWA) you will have to manually change the certificate OWA uses since by default OWA uses self-signed certificate.When you do that you need to enable new certificate for Exchange 2007 services. You do that by using Enable-ExchangeCertificate cmdlet in Exchange Management Shell. First:Get-ExchangeCertificate | fl Subject, Thumbprint, Services... to get the thumbprint of the certificate you want to enable for IIS and you previously imported into IIS. Then:Enable-ExchangeCertificate -Thumbprint (COPYTHECORRECTTHUMBPRINTFROMPREVIOUSCOMMAND) -Services IISNow that your certificate is in place and enabled for IIS services you need to change Internal URL's to use new FQDN you are using in your certificate. If you don't do that you will get "The name of the security certificate is invalid or does not match the name of the site" warning when you start Outlook 2007. Let's presume your CAS s…

Trobleshooting Errors with event log information

Microsoft released Events and Errors Message Center where you can find help for EventIDs, Event messages, ... etc. It is the online tool for troubleshooting purposes. ...offers detailed explanations, recommendations, and additional resources that apply to event IDs.Events and Errors Message Center can be found on KB article:;en-us;939422&sd=rss&spid=1773

How to record everything you do inside Exchange Management Shell

Let's presume you are working for the company that offers IT services to other companies. One of the things you can do with Exchange 2007 is you can record everything you do in Exchange Management Shell not just for your own records but also in case you need to prove what you did on Exchange server if there is a need for that. We all know how hard sometimes cutomers can be ;)So, to start recording everything you do in Exchange Management Shell you use following command:Start-Transcript C:\SOMEFOLDER\WhatYouDid.txt -AppendAs you can see, we start the transaction recording by creating WhatYouDid.txt file in one of the folders on C: drive. After that we can start executing commands inside Exchange Management Shell. To finnish recording we just simply executeStop-TranscriptYou can than browse to and open WhatYouDid.txt file. Sample output of the file:**********************
Windows PowerShell Transcript Start
Start time: 20070722225904
Username  : DOMENA\Administrator
Machine      : HUB1 …

How to add mailbox permissions in Exchange Management Shell

One of the first things people ask me after the transition to Exchange 2007 is "How can I add some permissions to the user's mailbox?" There are a lot of documents on Microsoft's TechNet for Exchange 2007 but sometimes it makes you confused trying to find simple commands in all those documents.
So here is the command you use to add mailbox permissions:Add-MailboxPermission -Identity "Some User" -User DusanK -Accessright Fullaccess -InheritanceType allTo this point everything is more or less clear but people find it hard to find more parameters for -Accessright, which is actually the most important part of the command. Here they are:FullAccess SendAs ExternalAccount DeleteItem ReadPermission ChangePermission ChangeOwnerReference article:

Error "<#5.5.2 smtp;554 5.5.2 Invalid data in message> #SMTP#" when you send attachment in your mail

Some users were receiving error <#5.5.2 smtp;554 5.5.2 Invalid data in message> #SMTP# when they sent message with attachment. The problem is when attached document name is longer than 50 characters. Some Firewalls have header size restriction and that limit blocks this messages to be sent. To correct this, change header limit on affected Firewall or shorten the name of the document you are sending (which is probably not good permanent solution).******
Update #1: Default header size limit in Exchange 2007 is 64K.Update #2: It might be the SMTP version problem. Mail is rejected with CONTENT-DISPOSITION error (overly long message header field for CONTENT-DISPOSITION) but not for all SMTP servers (same mail sent through different SMTP servers). If you send mail with attachment that has name longer than 50 characters from Exchange 2007 directly through DNS you may encounter this error, but if you send same mail from Exchange 2007 through smart host (other than Exchange) mail is d…

Administering offline address book in Outlook 2003 and Outlook 2007

There is a good article regarding Offline Address Book (OAB) on Microsoft's support site.From article's summary:Microsoft Office Outlook 2007 and Microsoft Office Outlook 2003 have many new features and enhancements that are related to the offline address book. By default, Outlook uses a cached mode configuration. Because cached mode generates an offline address book, understanding how to configure the offline address book so that it works efficiently in your Microsoft Exchange organization is important.Article can be found here.

Update rollup 2 for Exchange 2007 is now available

Microsoft released new update rollup for Exchange Server 2007 on 5th of May. This update is cummulative update and includes Update rollup 1. Update can be downloaded from Microsoft Update (not Windows Update), which includes Exchange patches or downlload it from KB935490.Check known issues section of KB article before applying this update.

Outlook Web Access (OWA) implementation in mixed Exchange 2007 and Exchange 2000/2003 environment

Microsoft documentation about transition to Exchange 2007 suggests that you should install HUB Transport and Client Access (CAS) roles first and than mailbox server role. Exchange 2007 installation order in transition should look like this:Client Access server roleHub Transport server roleMailbox server roleUnified Messaging server roleExchange 2007 CAS role enables users to gain access to their mailboxes through web browser (OWA), ActiveSync or Outlook Anywhere (fromerly known as RPC over HTTPS). It is actually "replacement" for Exchange Front-End server known from previous versions.Microsoft suggests that you should replace Front-end servers with Exchange 2007 CAS (I think it would be best to say redirect users to new Exchange CAS. Redirection process can be done on FW or just as a change in DNS, but this depends on your network configuration) prior mailbox move from Exchange 2000/2003 to Exchange 2007 mailbox server.Since new Exchange 2007 OWA is using /owa(https://whatev…

Ports that need to be open on Firewall for Edge Transport servers

Ports that need to be open on firewall for Edge Server subscription with Hub Server to function properly:For Inbound traffic:
SMTP - TCP port 25 (from Internet)
SMTP - TCP port 25 (from Edge server to Hub server on internal network)
For Outbound traffic:
SMTP - TCP/UDP port 25 (from Edge to Internet)
SMTP - TCP/UDP port 25 (from Hub to Edge server)
LDAP for EdgeSync - TCP port 50389 (from Hub to Edge server) Secure LDAP for EdgeSync - TCP port 50636 (from Hub to Edge server)Since Edge server needs to communicate with Hub server it is important that it can resolve Hub transport servers by FQDN and Hub transport servers must be able to resolve Edge servers by its FQDNs.To accomplish this you need to either open 53 (DNS) port and configure internal network adapter to use internal DNS but as a security precaution I would suggest to enter DNS records for Edge servers on local DNS manually and to fill hosts file on Edge servers with FQDNs for Hub transport servers.

Active Directory Application Mode (ADAM)

In order to install Exchange 2007 Edge server role you need to install Active Directory Application Mode (ADAM) on your computer if you do not have Windows 2003 R2 installed. You can download ADAM from this link.ADAM is part of Windows 2003 R2 and you can find it in Control Panel --> Add/remove Windows ComponentsYou do not need to create an ADAM instance by yourself for Exchange 2007 Edge server. ADAM instance will be created after you create Edge Subscription on Hub server.

Default Policy does not update all mailboxes according to the policy

If you use as e-mail address policy criteria and you find out that not all your Users get updated with the policy but instead Alias is used, you need to check whether all user objects in Active Directory contain First Name and Last Name properties. The best way to check this in Exchange 2007 Exchange Management Console is to edit User properties under
Recipient Configuration --> Mailbox --> select mailbox and click PropertiesCheck User Information...

Default Recipient Policy update error shows legacy MS and CCMAIL address policies

After the transition to Exchange 2007 you might find that the update of objects in Active Directory fails when you try to run Update of Default Recipient Policy. You get an error stating the there are legacy Exchange address policies (CCMAIL and MS) in Default Policy and update is not actually run. If you edit Default Policy in Exchange Management Console you see that there are none of MS and CCMAIL entries in your policy.

To resolve this issue you need to edit your policy in Active Directory using ADSIEdit tool and delete disabledGatewayProxy entries of MS and CCMAIL
Add ADSIEdit snap-in to MMC console (Support Tools must be installed in order to be able to add ADSIEdit)Connect to Configuration Naming ContextBrowse to Services --> Microsoft Exchange --> YOURORGANIZATON --> Recipient PoliciesOn the right click Properties of Default PolicyClick Show only objects with entriesFind disabledGatewayProxyEdit its contentRemove:MS:ORGANIZATIONNAME/ORGANIZATIONNAMECCMAIL: at ORGANIZATIO…

OAB download problems in Outlook 2003 on Exchange 2007

After you install Exchange 2007 in your organization wether it is "clean or transition" install of it, you could get OAB synchronization error 0X8004010F in Outlook 2003.To solve this issue you have to go to:
Server Configuration --> Mailbox
In Database Management window select Malbox Database or whatever name you use
Select Properties
Go to Client Settings
Under Offline Address Book select you Default OAB

Related links:

How to remove Active Directory Connectors before installing Exchange 2007

"Microsoft® Exchange Server 2007 setup cannot continue because one or more Active Directory Connectors have been found..."This is the error you get when Exchange 2007 setup tries to run /PrepareLegacyExchangePermissions command and founds out that you have one or more Active Directory Connectors (ADC) installed in your organization. You should remove all Active Directory Connectors from organization prior to installing Exchange 2007. I suggest that you first run Exchange Best Practices Analyzer with Exchange 2007 Prerequisites Check before you start with Exchange 2007 installation.To remove Active Directory Connector componentsTo disable the ADC service on the server that is running the ADC service, right-click My Computer on the desktop, and then click Manage Expand the Services and Applications node, and then click the Services node. In the right pane, right-click Microsoft Active Directory Connector and then click Properties. Change the Startup Type to Disabled. The next …

Changing the Transport Agent Priority in Exchange 2007

The default Transport Agent priorities on Hub server with anti-spam agents and ForeFront security for Exchange installed look like this:

If you need to change the priority of transport agents in Exchange 2007 you can use following syntax in Exchange Management Shell:
Set-TransportAgent -Identity AgentIdentity -priority Y
So basically if you need SCL stamped on the message before Transport Rule processes message, you can put Content Filter Agent on top of the filters by typing:Set-TransportAgent -Identity "Content Filter Agent" -priority 1

Update Rollup 1 for Exchange 2007 is out

Microsoft released Update Rollup 1 for Exchange 2007 which includes fixes for:The Microsoft Exchange Information Store service stops unexpectedly when the Exchange Server 2007-based server replicates the Public folder The DoSnapshotSet method may stop responding in the Exchange store, and a backup application stops responding on an Exchange 2007 server Update can be downloaded hereThis update is NOT Exchange Service Pack 1 which is now in beta and will be out in the second half of the year.For more information about Update Rollup 1 click here

What is SafeList Aggregation in Exchange 2007 or How to help you administer Safe senders list in Exchange 2007 to fight false-positives?

"safelist aggregation refers to a set of anti-spam functionality that is shared across Microsoft Office Outlook and Exchange" - MicrosoftSo let's see what this functionality really is. Presume your Exchange architecture is using Hub Transport and no Edge Transport Exchange server role. You enabled Anti-spam functionality on your Hub Transport server and you created quarantine mailbox for collecting spam mails.To help you reduce instances of false-positives you can enable the SafeList Aggregation which uses Outlook's Safe senders and safe recipients, Safe Domain and External Contacts collections for Exchange's ALLOWED senders list.First, you need to send this data to Active Directory from where it can be read by Anti-spam agent on Exchange 2007 Hub or Edge Transport Exchange role.This can be done by running the Exchange Management Shell cmdlet Update-SafeList on a user's mailbox.Syntax: Update-SafeList -Identity <MailboxIdParameter>Let's say you want…