There have been many times in the past when I have started a project for a new customer and discovered that they are not using SSL for their email servers.  Usually after a brief discussion they agree to implement SSL in the new system we are installing for them.

Occasionally they agree but insist on doing it in a less than ideal manner.  And sometimes, although rarely, they decline our advice and continue without SSL.

What is SSL?

SSL stands for Secure Socket Layer and is an encryption protocol that secures communications between two parties over insecure networks such as the internet.  Although still commonly referred to as SSL its new name is actually TLS (Transport Layer Security) which more accurately describes its role of securing communications at the Transport layer of the OSI model (eg, the TCP protocol).

In an SSL/TLS secured communication the two parties (e.g. a web server and a web browser) agree on how to secure the connection they are establishing. Continue reading The Importance of SSL for Exchange Servers

Administration of Outlook will on occasion involve correcting behavior related to the Name Service Provider Interface (NSPI) used for communications between Outlook and Exchange Server. The NSPI is used to communicate with the Global Catalog and resolve domain names and domain lookups. The protocol is known as emsabp32 and is comparable to Lightweight Directory Access Protocol (LDAP).

During the course of operations you may sometimes get an alert indicating that the Name Service Provider Interface (NSPI) Proxy is able to communicate with the global catalog but it doesn’t support the NSPI service.

This error message can occur when running the Microsoft Exchange Server 2007 Management Pack for Operations Manager. This pack is used to monitor the Windows Application log on systems that are running Exchange Server 2007. If it detects that certain events or a particular event has occurred, such as Event ID 9176 as shown in the log below, then it will generate the previous alert.  Such an event or events will look like this:

Product Name       Exchange
Product Version    8.0 (Exchange Server 2007)
Event ID              9176
Event Source        MSExchangeSA
MOM Rule
Path          Microsoft Exchange Server/Exchange 2007/Mailbox/System Attendant
MOM Rule Name   “Name Service Provider Interface (NSPI) Proxy can contact the global catalog, but it does not support the NSPI service.”

In addition you may also get a Description field such as: “NSPI Proxy can contact Global Catalog fully qualified domain name (FQDN) of server but it does not support the NSPI service. After a Domain Controller is promoted to a Global Catalog, the Global Catalog must be rebooted to support MAPI Clients. Reboot fully qualified domain name of server as soon as possible.”

Continue reading Global Catalog Server Errors and Outlook

Will Exchange support boost Apple's corp cred?

Despite the crowing by fans of Apple computers that  their lovely machines are gaining traction in the corporate realm, resistance to OS X boxes by CIOs appears to still be strong, even with the much trumpeted support of Microsoft Exchange in the latest edition of the Mac operating system, Snow Leopard.

The logic behind the expectation that Exchange support will be a deal maker for corporate IT departments stems from the infectious behavior Apple products have had in the past on markets. The iPod’s popularity, for example, had a halo effect that enticed consumers to move to Apple computers. More to the point, when Exchange support was built-in to the iPhone, it began to win nods from more corporate users.

But there are indications that, at least initially, the halo effect may not be as strong this time around. One of those indicators is a recent “jury poll” taken by TechRepublic, a Web site targeted at IT professionals. In that poll, a “jury” of CIOs voted 12-0 against adding new Macs to their existing computer mix. All the executives voted “no” to the question, “Does the release of Snow Leopard make your IT department more likely to adopt more Mac OS X machines?

Continue reading Mac resistance still strong despite Exchange support

So far in this series of posts I have discussed the basic concepts of Exchange Server 2007 high availability, how to use Local Continuous Replication to protect mailbox databases on a single server, and how to cluster Exchange mailbox servers with Single Copy Clusters and Cluster Continuous Replication.  In this final post in the series I will discuss Exchange Server 2007 Standby Continuous Replication.

What is Standby Continuous Replication?

Standby Continuous Replication (SCR) for Exchange Server 2007 is a feature that was introduced with Service Pack 1.  SCR occurs between two servers – a source server and a target server.  The source server holds the active storage group and mailbox database, while the target server holds a replica of that storage group and mailbox database.

Exchange storage group and mailbox database information is replicated between the source and target server using asynchronous log shipping.  I described asynchronous log shipping in part one of this series on the fundamental concepts of Exchange Server 2007 high availability.  The same log shipping occurs in Local Continuous Replication and Cluster Continuous Replication.

SCR does not work like a cluster with automated fail over, rather it is much like LCR in that manual intervention is required in the event that the SCR source server experiences a failure.

Continue reading Exchange Server 2007 High Availability Part 5 – Standby Continuous Replication

It’s almost midnight when you’re woken from your peaceful slumber by a phone call from the boss. He’s calling from the pub in an inebriated state and is close to panic. “I’sh loshted my mobile and need it wiped … *hick* … immediately,” he slurs. Fortunately, with Exchange 2007 and Outlook Web Access (OWA), this is easy enough to do – without needing to make a visit to the office in the small hours of the morning.

Simply start up your computer and then (from Microsoft):

1. Open Outlook Web Access.
2. Log on to the device owner’s mailbox.
3. Click Options.
4. In the Navigation pane, select Mobile Devices.
5. Select the ID of the device that you want to wipe and remove from the list.
6. Click Wipe all data from device.
7. Click OK.
8. Click Remove Device from List.
9. Curse your boss, turn off your phone and go back to bed (okay, so this one isn’t actually part of Microsoft’s instructions but it is nonethless a step that you’ll probably wish to perform in order to ensure that the boss cannot disturb you again to tell you that he’s found the device and the remote wipe should be cancelled).

Step #8 is non-essential, but there’s really no point in not doing it as the device will otherwise continue to be wiped even after it has been found (which is bound to happen when he sobers up).

Note that it’s also possible to perform remote wipes with ES/SBS 2003, but do so you’ll need to have previously installed the Microsoft Exchange Server ActiveSync Web Administration Tool.

The world of hosted Exchange is about to get a lot bigger. This week in Hannover, Germany, Microsoft announced further developments on its “Software-plus-Services” initiative. The Business Productivity Online Suite will be available for trial runs for businesses of all sizes. Microsoft will also release Microsoft Office Communications Online, and the Business Productivity Online Deskless Worker Suite.

Microsoft’s Exchange Online and SharePoint Online were first announced last September for larger enterprises; they will now be available for any size business. Hosted Exchange of course isn’t anything new, and there have always been Microsoft hosting partners. The new service will be available both direct and through resellers, but there is some concern on the part of some hosting partners that Microsoft will cannibalize their business. The question is, whether you should use a hosted email service at all. As we’ve seen time and time again, the lowest common denominator of hosted email, the free services available such as Hotmail, have no place in the enterprise; and they definitely have no place in government agencies, where regulations demand accountability and archiving.

On-premises email does have numerous advantages in terms of security and control, but for smaller and SOHO businesses, the price advantage of the Software-plus-Services option may be the deciding factor. Microsoft Online Services is listing for $10 per user for Exchange Online, and $7.25 per user for SharePoint Online. For the most part though, the hosted solution can’t be seen as a replacement for an on-premises email server at the enterprise level, where the IT department can maintain control, and enjoy access to superior archiving facilities and third-party security controls. Microsoft’s press release for example, describes the “Deskless Worker Suite” as a solution for “occasional users;” many enterprises that deploy a hosted Exchange solution do so in conjuntion with an on-premise system as well.

Migrating from one email system to Exchange is not an easy task but with proper planning it can be done.  No matter what system you had used previously, the following are some of the aspects that many have to deal with and make a decision about.  The first is the cost.  IT managers have to ask themselves about what the cost will  be for licensing, hardware, etc.  It is one of the most difficult decisions to make.  Many IT directors believe that implementing a new system will take most of their budget.  Before making such decision, look at your current environment.  Since this is almost like implementing a new email system, this is an opportunity to include an archiving plan in the early stages. Developing an archiving plan considers having key players and departments involved.  With senior management included, get buy in from human resources and legal to provide their procedures for handling legal inquiries for email files and document attachments.

Continue reading How to plan your migration to Exchange 2007