Category Archives: Microsoft

Outlook 2007 Errors when setting Full Access Permissions incorrectly

Leave a reply

Outlook 2007 LogoLast week I was at a customer site where Outlook 2007 clients started to behave strange when connected to a Microsoft Exchange 2010 SP2 environment. The symptoms included –but were not limited to- the following:

  • Task list did not display
  • Not able to search in mailbox
  • Duplicatie results when searching the mailbox
  • No reminders
  • Synchronization Problems
  • Error: “There was a problem reading one or more of your reminders. Some reminders
  • may not appear. Cannot locate recurrence info for this appointment.”
  • When clicking the folder list in Outlook 2007, the mailbox was visible twice.

It seems this issue has to do with incorrect permissions on the users mailbox. Exchange uses the NT AUTHORITY\SELF permission to give users permission to their own mailbox. However, in this environment the mailbox owner user was also added to the list, which made for duplicate permissions and accompanying errors.

Continue reading

Lync 2010 Mobility Error: Can’t verify the certificate from the server. Please contact your support team

Leave a reply

iPad Can't Verify Certificate

With the Lync 2010 mobility add-on out in the wild for quite some time now I see an issue that comes looking round the corner in almost every deployment. It’s called internal wifi clients.

This article explains the certificate error that can appear if your environment is incorrectly configured. Use this article by Lync MVP Jeff Schertz if you haven’t configured your Lync environment for mobility yet.

Introduction

While external desktop clients need both the Lync 2010 Edge server and a Forefront server in the DMZ, the lync 2010 mobility add-on is designed to work via the reverse proxy only (Forefront TMG is used in this article). While this seems logical for external clients, internal clients should use the forefront server as well to reach the mobility website. So if you have iPhone or iPad clients on the internal wifi network, some adjustments have to be made to your lync deployment.

This article uses a simple setup to explain the issue, however the same problem can exist if your setup has split up the Lync roles across multiple servers. This article uses an infrastructure with the following features:

  • Simple Lync environment with 1 internal server, 1 edge server and 1 forefront server.
  • Split brain DNS configured.

Internal mobile clients connect to a lync environment as follows:

Lync Mobility Overview

Image Source: Technet

  • The internal employee logs on using the Lync 2010 mobile client (i.e. Lync for iOS)
  • The client looks for the lyncdiscoverinternal.company.com DNS record. In most deployments, split brain DNS is configured, so your public DNS zone is also configured on the internal DNS environment.
  • The lyncdiscoverinternal record points to your forefront server, which in turn redirects you to the internal site on your lync server (on port 443).
  • Here, it downloads a file with information about the autodiscover configuration, which tells the client where to find the external Lync site.
  • You are now redirected to the external site on the Lync server (on port 4443).

Forefront Setup Continue reading

Exchange 2013 – Howto Configure Offline Outlook Web App (OWA)

Leave a reply

As you may have read, Exchange 2013 features an option to let your users use Outlook Web App (OWA) when they are not connected to the network. Yes, like in disconnected from any network. This article focuses on the configuration of offline OWA and what the client experience looks like.

The Client Experience

With Exchange 2013 configured for OWA out of the box, without any configuration on the Exchange end, every user has the possibility to set up his or her Outlook Web App for offline use. This is achieved by the following process:

  • Logon to OWA using the normal procedure
  • Click the gear icon in the upper-right corner and select “Use Mail Offline”

offline1

  • OWA will ask whether you’re the only user using this computer, since your mail will be saved on this computer. Continue reading

Howto Configure Exchange 2013 Client Access

7 Replies

This article covers the configuration of the Exchange 2013 client access role. I’d like to keep internal and external URL’s the same for the sake of simplicity, plus an added advantage is that you can use a single certificate on the in and outside.

The hostname for the front-end server in the examples below is “MX01″. Replace this value to correspond with the Exchange 2013 front-end server in your environment. The public namespace in the examples below is called “techdom.nl”. Adjust the public namespace to resemble the one you use in your environment.

Configuring Internal DNS

To make the external namespace available on the internal LAN, fire up a remote desktop connection to your AD / DNS server and start the DNS management console.

  • Create a new Forward Lookup zone by right-clicking “Forward Lookup Zone” and choose “New Zone..”
  • Choose next, select Primary zone and choose to store the zone in Active Directory.
  • Choose next, and select the option “To all DNS Servers running on domain controllers in this domain” and click next. This option will replicate the newly created zone to all DNS servers within the domain.
  • Configure the zone name. In this example I will use “techdom.nl”
  • Leave the dynamic update type as “Allow only secure dynamic updates” and click next
  • Right-click the newly created zone and create a new record by choosing “New Host (A or AAAA))…”

DNS1

  • Configure the name “webmail” and add the IP address of your Exchange 2013 front End server.
  • Enable “Create associated pointer (PTR) record and click “Add Host” Continue reading

Exchange 2010 – How to use Calendar Repair to fix missing or corrupted calendar items

Leave a reply

Note: While calendar repair was introduced with Exchange 2010, it has been greatly improved in Exchange 2010 SP1 and SP2. This article was written on an Exchange environment with SP2 installed.

When you’re the administrator in an Exchange environment where calendars and ActiveSync are day to day business, then you’re probably familiar with the following issues:

  • corrupt calendar items
  • disappearing calendar items
  • wrong meeting times
  • calendar items losing their owner
  • calendar items being available in outlook but don’t seem to sync to mobile devices like iPhone / iPad devices or vice versa.
  • Accepted meeting requests on a mobile device don’t seem to be accepted in Outlook or vice versa.

Exchange 2010 has a great feature on board that can check this calendar madness for you, and eventually fix it. All you have to do is enable calendar repair in your environment.

Calendar repair works with a period of time that’s called the “work cycle”. In this period of time, the mailbox server has to be sure a mailbox is checked once. So if you’d configure a work cycle of 7 days, the mailbox server has to be sure all mailboxes are checked once in this period of time. Besides this, the “work cycle checkpoint” specifies when the queue for the calendar repair attendant is refreshed.

The last thing to configure is the IntervalEndWindow, which specifies the amount of days into the future that calendar items have to be checked. If this EndWindow would be set to 30, the calendar repair attendant would check all calendar items in a mailbox from now to 30 days into the future, counting from the time that the process runs.

Please note that the calendar repair assistent will take the current load of the exchange server into account; making sure calendar repair will never disrupt the systems primary task: servicing clients.

Configuring the Calendar Repair Assistent

Configure the Calendar Repair Assistent with the following cmdlet:

Continue reading

Howto Install Exchange 2013 Using Powershell on Windows Server 2012

Leave a reply

Exchange 2013 LogoExchange 2013 has been released to manufacturing several weeks ago. This article describes howto install the new Exchange and it’s prerequisites for a multi-role installation on Windows Server 2012. A multi-role installation for Exchange 2013 refers to having both the Mailbox and Client Access on a single server since these are the only roles available.

Role Seperation

Remember Exchange 2003 where we had just 2 roles? A front-end and a back-end? With the all-new Exchange 2013 the different roles available in Exchange 2007 and 2010 are gone and instead, we now have Mailbox and a Client Access Role at our disposal; which in turn host various services:

Mailbox Role

  • Transport Service
  • Client Access Service
  • Unified Messaging Service
  • Mailbox Service

Client Access Role

  •  Front End Transport Service
  • Client Access Front End Service

Setting Up the Prequisites

  • Fire up a remote desktop (or powershell) connection to your Exchange server and open the Powershell console.
  • Install the necessary Windows features with the following command:
Install-WindowsFeature AS-HTTP-Activation, Desktop-Experience, NET-Framework-45-Features, RPC-over-HTTP-proxy, RSAT-Clustering, RSAT-Clustering-CmdInterface, Web-Mgmt-Console, WAS-Process-Model, Web-Asp-Net45, Web-Basic-Auth, Web-Client-Auth, Web-Digest-Auth, Web-Dir-Browsing, Web-Dyn-Compression, Web-Http-Errors, Web-Http-Logging, Web-Http-Redirect, Web-Http-Tracing, Web-ISAPI-Ext, Web-ISAPI-Filter, Web-Lgcy-Mgmt-Console, Web-Metabase, Web-Mgmt-Console, Web-Mgmt-Service, Web-Net-Ext45, Web-Request-Monitor, Web-Server, Web-Stat-Compression, Web-Static-Content, Web-Windows-Auth, Web-WMI, Windows-Identity-Foundation
  • After installation, you’ll get a succesfull exit code saying you need to restart your server to complete the setup:

SuccesfullRoleInstall

  • When your server is back from the reboot, download and install the following prerequisite software in this order: Continue reading

Howto Upgrade Forefront Unified Access Gateway (UAG) to SP3

2 Replies

As most of Microsoft’s products are provided with an easy procedure to install a service pack to introduce new features and fix bugs, unfortunately Forefront UAG is not among them. When Forefront UAG is updated using the procedure outlined at http://technet.microsoft.com/library/jj590870 you will loose your configuration. While the article mentions you should backup your configuration, it doesn’t say you will loose your configuration if you don’t backup.

The the steps below to retain your configuration throughout the upgrade process.

1. Download the following files:

2. Save your backup as follows:

  • Login to your Forefront UAG server using Remote Desktop
  • Start the Forefront UAG Management Console
  • Choose File, Export and save your configuration to a location of your liking as an XML file.

Please note: While Forefront UAG creates a backup of your configuration everytime you activate the configuration, this file cannot be used when you upgrade to SP3. You have to have a backup in the form of an XML file!

3. Install the updates in the following order:

Continue reading

Exchange 2010 SP1 Archiving Part 6: The View from the Outlook 2010 Client

Leave a reply

In this last article on Exchange 2010 SP1 Archiving I will guide you through the client side of the process: Outlook 2010 and Outlook Web App. What are the possibilities for a user and how are the things that we configure in Exchange presented to the user?

For this example I’ve made a Retention Policy with the following Retention Tags applied to it:

Policy

  • A Company Wide Policy using Default Policy Tags with a “Move to Archive” action and a retention time of 1 day.
  • A Default Folder tag, set on the sent items folder which marks items as being past the retention limit after 1 day.
  • Two Personal Tags made available for users.

Doing the math – What is Applied?

I’ve created a test user that has several folders in his mailbox: Continue reading

Exchange 2010 SP1 Archiving Part 5: Implementing Personal Tags

Leave a reply

In the previous articles on archiving I’ve talked about setting retention policies on mailbox folders. In this fifth part of the series, personal tags will be implemented, which gives the user control over the retention time applied to items in their mailbox.

How does this work?

In Outlook and Outlook Web App users will receive the possibility to apply configured personal tags to items. These tags control the actual retention time and action applied to the item. Personal tags can be attached to items that are already under control of previously configured company-wide tags and can be attached to user-created folders or subfolders and individual items, but not to default folders like “Inbox”, “Sent Items” etc.

When an administrator sets a company-wide retention policy on a folder and besides this gives the user the ability to place personal tags on folders or items the personal tags can be used to make sure a particular item or -for example- subfolder never gets archived, or has a different action applied to it.

As an Exchange administrator, you should configure the following subset of elements to implement retention tags:

  1. Create Retention Tags
  2. Create Retention Policies
  3. Link Retention Tags to Retention Policies, and Link the Policy to users.

0. Set up your Exchange environment.

Part 1 in this series on Exchange 2010 SP1 archiving talks about setting up our Exchange environment to make it ready for archiving. It is a prerequisite to follow part 1 first.

1. Create Retention Tags

Personal Retention Tags that will be made available to your users, who can “attach” them to items (like mail messages, calendar items etc), but also to folders. Create the retention tags as follows:

1a. Using the Exchange Management Console (EMC):

a1

  • Start the Exchange Management Console
  • Navigate to Organization Configuration, Retention Policy Tags and Select “New Retention Policy Tag”. Continue reading

Finalizing the Exchange 2010 Edge Transport Configuration

Leave a reply

In a previous post I talked about installing and configuring an Exchange 2010 Edge Transport server in your environment. In this article I want to talk about finalizing that environment to make sure everything is configured, anti-spam and antivirus is installed and the server is ready for production. In this article I’ll discuss:

  • How to configure Exchange 2010 Edge Anti-spam engines
  • How to configure Exchange 2010 Edge Anti-virus
  • Where to configure Send and Receive Connectors?
  • How to configure your public DNS records to use the Exchange 2010 Edge server
  • Checking mailflow
  • How to patch the Exchange 2010 Edge Transport

How to configure Exchange 2010 Edge Anti-spam engines

The Exchange 2010 Edge Transport server comes packed with various anti-spam filters that can help you keep spam out of your organization. The following filters are available:

  • Content Filtering – Filters mail based on keywords that you can set.
  • IP Allow List – Filters mail based on IP addresses that are allowed to deliver mail to your server.
  • IP Allow List Providers – Filters mail based on IP addresses that are allowed to deliver mail to your server. An IP Allow List provider is a server on the internet that manages the IP Allow list for you. Examples of IP Allow List providers can be found here.
  • IP Block List – Filters mail based on IP addresses that are denied to deliver mail to your server.
  • IP Block List Providers - Filters mail based on IP addresses that are denied to deliver mail to your server. An IP Block List provider is a server on the internet that manages the IP Block list for you. Examples of IP Block List providers can be found here.
  • Recipient Filtering – Filters mail based on recipients that can be configured. There’s also an option available to filter mail that is send to recipients that do not exist in your organization. This way, the edge server checks his local AD LDS database for presence of the recipient.
  • Sender Filtering – Filters mail based on sender addresses that can be configured. The sender can be an individual address, a domain or complete namespace.
  • Sender ID – Filters mail based on Sender ID. The Sender ID protects the maildomain against spoofing. More technical information on Sender ID can be found here.
  • Sender Reputation – Enables the option to add remote domains that are configured as an open relay to the IP Block List.

Actions that can be taken when mail has to be filtered can be configured per filter. Actions that are available are sending the filtered mail to a central mailbox, tagging the mail subject or deleting the mail. The filters can be configured as follows:

  1. Login to your Edge Server and start the Exchange Management Console
  2. Navigate To Edge Transport, Your Edgeserver, Tab Anti-spam and configure the filters to your liking.

How to configure Exchange 2010 Edge Anti-virus

Continue reading