Changing passwords in Exchange 2007 is improved by SP3.

In a move that’s bound to make Exchange 2007 shops happy, Microsoft has released Service Pack 3 (SP3) for the application, which makes it compatible with Windows Server 2008 R2. The development is good news for organizations who may have moved to Server 2008 R2, but are balking at embracing Exchange 2010 because they’re not ready to make the infrastructure changes needed to accommodate the new software.

“We heard you loud and clear that this is enormously important to our Exchange 2007 customers, so we worked quickly to deliver SP3 in order to meet this requirement,” Microsoft General Manager for Exchange Customer Experience Kevin Allison wrote in a Microsoft blog announcing the release of SP3.

Here are six new features incorporated into Exchange 2007 by the service pack.

Continue reading Six new features added to Exchange 2007 by SP3

While Service Pack 1 for Exchange Server 2010 captured most of the buzz at Microsoft’s TechEd 2010 conference earlier this month, for many IT departments the news of most interest to them was the Redmond software maker’s announcement about another service pack, one for Exchange Server 2007.

Microsoft told its faithful at the conference that Service Pack 3 for Exchange Server 2007 would be ready at the end of this month. The service pack is needed to make Exchange 2007 compatible with Windows Server 2008 R2.

Windows Server 2008 R2, the server variant of Windows 7 and Microsoft’s only 64-bit only operating system, reached retail shelves in October 2009. When the server software was released to manufacturers in July of that year, however, Microsoft declared the operating system would not be supporting Exchange 2007. That Draconian decision produced ululations from many in the company’s user base, some who believed Microsoft was leveraging Server 2008 to coerce companies to move to its latest mail management application Exchange 2010.

The official word from Microsoft as to why it was choking off Exchange 2007 from Server 2008 was lack of resources. It asserted that it was pulling out all the stops on bringing online Exchange 2010, and it didn’t want to dissipate those efforts on a legacy technology like Exchange 2007. While Server 2008 R2 would support Exchange 2007’s domain controllers, the company said at the time, the mail application itself won’t be supported on the server software. Anyone who wants to upgrade to Server 2008 R2, it added, will have to bite the bullet and move to Exchange 2010.

The announcement to abandon Exchange 2007 users who wanted to upgrade to Server 2008 R2 didn’t surprise pundits, but that didn’t dampen the uproar that ensued. For an IT administrator, stepping up to a new operating system like Server 2008 R2 is challenging enough, but to add to that burden another major upgrade, one to  another email program, was not going to win Microsoft any happy points with info tech stalwarts.

Continue reading Microsoft set to deliver on Exchange 2007 promise

In Exchange Server the term “Out of Office” refers to the ability of mailbox users to configure a message to be sent automatically as a reply to new messages that informs the sender that they are not available.  Sometimes this is also referred to as a “vacation message”.

In earlier versions of Exchange Server there were two settings for Out of Office – on or off.  However starting with Exchange Server 2007 and continuing with Exchange Server 2010 there are more options available to mailbox users for Out of Office.

Internal vs External

Unlike previous version of Exchange a mailbox user on Exchange Server 2007 or 2010 who is using Outlook 2007 or above can configure two distinct Out of Office messages.  One message is sent to internal senders, and the other is sent to external senders.

The reasoning for this makes a lot of sense – the information that is included in an internal message might be more personal or sensitive than that which can be included in an external message.  Or alternatively, the mailbox user may wish to have only an internal Out of Office reply and send no external message at all. Continue reading Exchange Server 2010 Out of Office

Exchange Server 2010 ships with eight very useful Powershell scripts that can be used for managing Public Folders.  The scripts perform tasks relating to Public Folder replicas and permissions that are otherwise not easily manageable through the management console or shell.

Each of the scripts is developed for making recursive changes to public folders.  This means that when you target the script at a particular folder, or the root of the public folder tree, it applies the action to all subfolders of that folder.

These scripts only apply to servers running Exchange 2007 or Exchange 2010, you can not specify a server running older versions of Exchange Server.

Managing Public Folder Replicas

These public folder replica scripts are used to manage which servers hold replica data for the public folders.  When a script does not specify a server to run against it will default to the nearest convenient server for the public folder being targeted.

AddReplicaToPFRecursive.ps1 – this script adds a server to the replica list for a public folder and its subfolders.

For example, to add EXCH02 as a replica for all public folders on server EXCH01 starting at the root folder of \\ you would run this command.

AddReplicaToPFRecursive.ps1 –Server EXCH01
 –TopPublicFolder \\ –ServerToAdd EXCH02

RemoveReplicaFromPFRecursive.ps1 – this script will remove a server from the list of replicas for a folder and its subfolders.  A server must have all of its public folder replicas removed before it can be decommissioned.

For example, to remove EXCH02 as a replica for all public folders on EXCH01 starting at the root folder you would run this command.

RemoveReplicaFromPFRecursive.ps1 –Server EXCH01
 –TopPublicFolder \\ –ServerToRemove EXCH02

ReplaceReplicaOnPFRecursive.ps1 – this script replaces a server in the replica list of the public folders with another server.  This is useful when public folders are already replicated to more than one server, and one of those servers is being replaced. Continue reading 8 Useful Public Folder Management Scripts in Exchange Server 2010

Microsoft released some security patches last month without revealing them to the public. Some of the fixes affected software in mission critical Exchange mail servers.

The patches were hidden in one of Microsoft’s periodic updates issued April 13, namely “Microsoft Security Bulletin MS10-024 – Important: Vulnerabilities in Microsoft Exchange and Windows SMTP Service Could Allow Denial of Service (981832).”

“This security update resolves one publicly disclosed vulnerability and one privately reported vulnerability in Microsoft Exchange and Windows SMTP Service,” Microsoft said in the security bulletin’s executive summary.

“The more severe of these vulnerabilities could allow denial of service if an attacker sent a specially crafted DNS response to a computer running the SMTP service,” it continued. “By default, the SMTP component is not installed on Windows Server 2003, Windows Server 2003 x64 Edition, or Windows XP Professional x64 Edition.

It added: “This security update is rated Important for all supported editions of Microsoft Windows 2000, Windows XP, and Windows Server 2003; 32-bit and x64-based editions of Windows Server 2008; Windows Server 2008 R2 for x64-based Systems; and Microsoft Exchange Server 2003. This security update is rated Moderate for Microsoft Exchange Server 2000.”

Continue reading Microsoft releases stealth patches for Exchange

Email is one of the most heavily used communications method which makes your Exchange servers critical to your business.

The health and performance of your Exchange servers should be a top priority, and this means that you must monitor the server performance as part of your routine so that problems can be discovered early and resolved before they begin to make a serious impact.

Here are 5 performance counters to monitor on your Exchange servers today.

1. % Processor Time

This counter shows the amount of time that the CPU is processing a task.  This counter should typically be below 75%, although it may run higher during heavy workloads such as backups.  If the processor time is consistently high you will want to look into which processes are utilizing the CPU the most.

2. Processor Queue Length

When instructions are sent to the CPU they go into a queue to be scheduled for execution.  This counter shows the length of that queue, and should ideally be no higher than 5 for each processor in the server.

When this counter is above the ideal threshold along with a high % Processor Time it indicates that the server workload is too high for the CPU resources available.

3. Memory Available MBytes

This counter shows the amount of memory that is not in use and is available for new tasks or processes, and should be at least 100Mb at all times. Continue reading 5 Performance Counters to Monitor on Your Exchange Servers

Email is not just for people.  It is also used by other services, applications and devices for a multitude of communication scenarios.

Some examples of this are applications that send email reports to users, such as enterprise backup software; devices that offer email capabilities, such as scan-to-email; and applications that receive and parse email messages, such as job ticketing systems.

With these types of requirements it is very common for an Exchange Server environment to host a lot of non-user mailboxes.  In larger environments this can present some challenges.  Each mailbox requires a corresponding user account, which presents some security risks.

And if not tracked and managed properly the number of mailboxes can grow and result in mailboxes that no one knows about or understands the actual purpose for.  This type of mismanagement will crop up at key times such as when migrating to a new Exchange Server, which makes planning and risk management difficult for the project team.

With all of that in mind here are some tips for maintaining a well managed Exchange Server environment for service and application mailboxes.

Only Use a Mailbox When Necessary

This may seem an obvious statement, but a mailbox is usually only required to receive email, not to send it.  For devices and applications that simply need to send out messages over SMTP there is usually no need to create them a dedicated mailbox.

For Meeting Rooms and Equipment Use Those Mailbox Types

Exchange Server 2007 and 2010 come with a dedicated mailbox type for room and equipment facilities.  Using the correct mailbox type ensures that the room or equipment is shown correctly in address lists and calendar appointments.

For more information about these mailbox types check out this three part series on managing Exchange resource mailboxes.

Secure the Mailboxes

When you do create mailboxes for non-user access always set a very strong password, and disable the user object in Active Directory.  When you use the special Room and Equipment mailbox types the account is automatically disabled for you. Continue reading How to Manage Service and Application Mailboxes in Exchange

We are conducting our lives and our businesses in an increasingly mobile world.  We need access to our critical business information from multiple locations and using multiple devices.

These needs often clash with the requirement to keep our data secure.  Exchange Servers are kept behind corporate firewalls which restrict who can access them and how they can connect to their mailboxes.

Secure mobile access to mailboxes on Exchange Servers is typically achieved through one or more of these methods:

• Virtual Private Network (VPN)
• Outlook Anywhere
• Outlook Web App (OWA)
• ActiveSync

Virtual Private Networks

A VPN is a secure communications tunnel established between two endpoints.  These endpoints can be two devices such as routers or firewalls, or can be between a client device such as a laptop and a firewall.

Mobile workers use VPNs to establish LAN-like network access to their corporate network.  This usually means that once connected to the VPN they have access to the same network resources they would be able to access when connected to the LAN from within the business premises.  In more security conscious environments this access is sometimes limited to just the few resources they need, but in a practical sense operates just as if they were on the LAN.

Using VPNs for access to Exchange Server makes sense when there are other needs for VPN access as well, such as access to application servers, file servers, or intranet sites.  Rather than each resource having its own independent access method, the VPN provides an “all in one” access solution.

However sometimes VPNs are not practical.  It is not uncommon for a mobile worker to find they are unable to establish a VPN tunnel because of restrictions on the foreign network they are currently working on.  This is mostly the case for IPSEC and PPTP VPN tunnels.  SSL VPN tunnels usually have no such problems because the SSL/HTTPS port is usually permitted out through firewalls.

Outlook Anywhere

Outlook Anywhere was formerly known as RPC-over-HTTPS, which accurately describes how it works.

The Outlook connection to a mailbox server over RPC is tunnelled through an SSL/HTTPS connection so that it can traverse firewalls, as well as to secure the communications over untrusted networks. Continue reading 4 Ways to Access Exchange Server Mailboxes through Firewalls

The concept of message size limits in email systems dates back to the earliest years when email first became available.  In those days network speeds and server processing power were both much smaller than today’s modern computer networks.  Large emails could saturate the available bandwidth on network connections or overload a server to the point it would crash.

The concept carried forward into modern environments as email became an often overused method of transferring files between parties.  It was not unusual for Exchange Server environments to have multiple configurations in place that queued large email delivery for outside of business hours so that regular daytime email traffic was not slowed down.

Current versions of Exchange Server (2007 and 2010) removed that particular capability, in a nod towards modern networks having bandwidth and server resources far in excess of even just 5 years ago.

So does this mean the concept of message size limits is no longer important?  I helped a customer this week with a problem that demonstrates it is still very important.

The customer’s Exchange server had experienced a crash of the Transport services, which could not start and stay running for longer than a few moments before they would stop again.  The servers logs told me that the Transport services were exceeding their maximum threshold for resource utilisation and were then being stopped as a result.

On closer inspection I noticed that the Exchange servers had no message size limits configured on them.  There was one limit of 200mb specified on the hardware appliance that accepted incoming internet email, but otherwise no limits configured on internal or outgoing email. Continue reading Are Message Size Limits Still Important in Exchange Server?

There have been many times in the past when I have started a project for a new customer and discovered that they are not using SSL for their email servers.  Usually after a brief discussion they agree to implement SSL in the new system we are installing for them.

Occasionally they agree but insist on doing it in a less than ideal manner.  And sometimes, although rarely, they decline our advice and continue without SSL.

What is SSL?

SSL stands for Secure Socket Layer and is an encryption protocol that secures communications between two parties over insecure networks such as the internet.  Although still commonly referred to as SSL its new name is actually TLS (Transport Layer Security) which more accurately describes its role of securing communications at the Transport layer of the OSI model (eg, the TCP protocol).

In an SSL/TLS secured communication the two parties (e.g. a web server and a web browser) agree on how to secure the connection they are establishing. Continue reading The Importance of SSL for Exchange Servers